Geoip database update
Job Snijders
job at fastly.com
Sun Dec 18 03:57:02 UTC 2022
On Sat, Dec 17, 2022 at 04:58:18PM -0800, Randy Bush wrote:
> https://www.rfc-archive.org/getrfc?rfc=9092
>
> and note that massimo has a collio toolset
>
> https://github.com/massimocandela/geofeed-finder
Rpki-client (version 8.2 and higher) supports authenticating signed
Geofeed data against the RPKI:
First figure out the location of the Geofeed data (the above mentioned
'geofeed-finder' utility will do a better job searching at scale!):
$ whois -h whois.ripe.net 2001:67c:208c::/48 | egrep 'inet6num|Geofeed '
inet6num: 2001:67c:208c::/48
remarks: Geofeed https://sobornost.net/geofeed.csv
Then validate the embedded signature:
$ sudo apt install rpki-client && sudo systemctl start rpki-client
$ wget https://sobornost.net/geofeed.csv
$ rpki-client -j -f geofeed.csv
{
"file": "geofeed.csv",
"hash_id": "VOXBRdQpiyALlLRdo3OkLbLIY4PexRlci/0EM9Fc21U=",
"type": "geofeed",
"ski": "D4:05:34:DB:56:A6:4D:A2:ED:4D:EF:AD:A9:C1:31:DA:19:56:DC:A7",
"cert_issuer": "/CN=caa805dbac364749b9b115590ab6ef0f970cdbd8",
"cert_serial": "06",
"aki": "CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8",
"aia": "rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer",
"valid_until": 1700930092,
"records": [
{ "prefix": "2001:67c:208c::/48", "location": "NL,NL-NH,Amsterdam,"}
],
"validation": "OK"
}
Kind regards,
Job
More information about the NANOG
mailing list