Skip to main content

A simple utility to perform business logic tests on a collection of RPKI-based VRPs.

Project description

[![Build Status](]( [![Requirements Status](]( [![Coverage Status](](

RPKI VRP Checker

The rpki-vrp-checker utility takes a set of VRPs (in JSON format) and applies a number of tests to the VRP set to assess whether the set conforms to the Network Operator’s expectations.


  • Canary checking (assert whether expected ROAs are part of the VRP set)


` $ pip3 install rpki-vrp-checker $ rpki-vrp-checker -i ./export.json -c canaries.yaml -b blessed-vrp-set.json $ `


There are various types of human error, operational failures, or attack scenarios related to RPKI pipeline operations imaginable. This utility is intended to be a verification tool between an internal ROA administration and the RPKI data as published on the Internet.

Comparing “ROAs that are expected to exist” with Validated ROA Payloads as observed from RPKI data can help in cases such as:

  • Resource holder has ARIN IP prefixes, and ARIN CA has [encoding issues](

  • Compromise of RIR systems (sudden appareance of ROAs covering an operator’s resources under the wrong Trust Anchor)

  • Fat fingering during ROA creation process (too many or too little ROAs were actually created compared to the internal administration)

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

rpki-vrp-checker-0.0.2.tar.gz (3.1 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page