NLnetLabs / routinator

An RPKI Validator and RTR server written in Rust
https://nlnetlabs.nl/projects/routing/routinator/
BSD 3-Clause "New" or "Revised" License
470 stars 71 forks source link

Output with all certificates #638

Closed bjpbakker closed 3 years ago

bjpbakker commented 3 years ago

As part of replacing the RIPE Validator-3, for our RPKI adoption statistics we need access to the full set of certificates and the resources they cover. Even when the certificate is not used to sign any ROAs.

The output in RIPE Validator-3 is in CSV format. An example record is:

"Subject","Resources"
"CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922","AS3333, AS12654, AS25152, AS196615, AS197000, AS201965, 84.205.64.0/19, 93.175.144.0/20, 193.0.0.0-193.0.23.255, 2001:67c:e0::/48, 2001:67c:2e8::/48, 2001:67c:2d7c::/48, 2001:7fb::/32, 2001:7fd::/32"

Would you be open to adding a similar output to Routinator? The format may differ as long as we can derive the same data from it.

partim commented 3 years ago

Do you see any use for this feature outside of your specific environment? We don’t currently collect this information and I’m not sure it makes sense to pay the price both in code complexity and in memory consumption for one single user (at least the former would still be there if we’d use a feature – it would actually be worse in this case).

How comfortable are you with developing in Rust? Routinator has been designed to also be available as a library crate and your use case seems a fairly good one for that. I think it wouldn’t be too difficult to implement – I’d be happy to help.

bjpbakker commented 3 years ago

That's probably a good idea. I see that such output does not directly relate to the validator, it's just that the information is available in it.

I'll check out using Routinator as a library, am comfortable building something in Rust. And will contact you when needed. Thanks :)