Validate IP prefixes against an RTR (RPKI-to-Router) server.
cargo install --path .docker pull ghcr.io/nxthdr/rtr-validator:mainrtr-validator --server <SERVER> --prefix <PREFIX> [OPTIONS]Native:
# Check if a prefix has any ROAs
rtr-validator -s "rtr.nxthdr.dev:3323" -p "1.1.1.0/24"
# Validate with specific ASN
rtr-validator -s "rtr.nxthdr.dev:3323" -p "1.1.1.0/24" -a 13335
# Enable debug output to see connection details
rtr-validator -s "rtr.nxthdr.dev:3323" -p "1.1.1.0/24" --debug
# IPv6 example
rtr-validator -s "rtr.nxthdr.dev:3323" -p "2606:4700:4700::/48" -a 13335Docker:
# Check if a prefix has any ROAs
docker run --rm ghcr.io/nxthdr/rtr-validator:main -s "rtr.nxthdr.dev:3323" -p "1.1.1.0/24"
# Validate with specific ASN
docker run --rm ghcr.io/nxthdr/rtr-validator:main -s "rtr.nxthdr.dev:3323" -p "1.1.1.0/24" -a 13335Normal mode (clean output):
✅ FOUND - 1 matching ROA(s):
- AS13335 (max length: 24)
Debug mode (detailed output):
Connecting to RTR server at [2a06:de00:50:cafe:100::e]:3323...
Connected! Fetching ROAs until End of Data marker...
End of Data received - initial sync complete
Total ROAs received: 784793
Validation results for prefix: 1.1.1.0/24
✅ FOUND - 1 matching ROA(s):
- AS13335 (max length: 24)
The tool connects to the RTR server and downloads all ROAs until the RTR protocol's End of Data (EOD) marker is received. This ensures complete data synchronization before performing validation. The EOD marker is detected via the Timing parameters sent in the End-of-Data PDU.
-s, --server- RTR server address (hostname:port or [ipv6]:port)-p, --prefix- IP prefix to validate (IPv4 or IPv6)-a, --asn- ASN to check (optional)-d, --debug- Enable debug output showing connection and sync details