Geoip database update

Job Snijders job at
Sun Dec 18 03:57:02 UTC 2022

On Sat, Dec 17, 2022 at 04:58:18PM -0800, Randy Bush wrote:
> and note that massimo has a collio toolset

Rpki-client (version 8.2 and higher) supports authenticating signed
Geofeed data against the RPKI:

First figure out the location of the Geofeed data (the above mentioned
'geofeed-finder' utility will do a better job searching at scale!):

$ whois -h 2001:67c:208c::/48 | egrep 'inet6num|Geofeed '
inet6num:       2001:67c:208c::/48
remarks:        Geofeed

Then validate the embedded signature:

$ sudo apt install rpki-client && sudo systemctl start rpki-client
$ wget
$ rpki-client -j -f geofeed.csv
        "file": "geofeed.csv",
        "hash_id": "VOXBRdQpiyALlLRdo3OkLbLIY4PexRlci/0EM9Fc21U=",
        "type": "geofeed",
        "ski": "D4:05:34:DB:56:A6:4D:A2:ED:4D:EF:AD:A9:C1:31:DA:19:56:DC:A7",
        "cert_issuer": "/CN=caa805dbac364749b9b115590ab6ef0f970cdbd8",
        "cert_serial": "06",
        "aki": "CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8",
        "aia": "rsync://",
        "valid_until": 1700930092,
        "records": [
                { "prefix": "2001:67c:208c::/48", "location": "NL,NL-NH,Amsterdam,"}
        "validation": "OK"

Kind regards,


More information about the NANOG mailing list