Skip to main content

RIPE NCC's Implementation of Resource Public Key Infrastructure (RPKI) Certificate Tree Validation

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc:, The IESG <>,,, Chris Morrow <>,,,
Subject: Document Action: 'RPKI Certificate Tree Validation by the RIPE NCC RPKI Validator' to Informational RFC (draft-ietf-sidrops-rpki-tree-validation-03.txt)

The IESG has approved the following document:
- 'RPKI Certificate Tree Validation by the RIPE NCC RPKI Validator'
  (draft-ietf-sidrops-rpki-tree-validation-03.txt) as Informational RFC

This document is the product of the SIDR Operations Working Group.

The IESG contact persons are Warren Kumari and Ignas Bagdonas.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

   This document describes the approach to validate the content of the
   RPKI certificate tree, as it is implemented in the RIPE NCC RPKI
   Validator.  This approach is independent of a particular object
   retrieval mechanism.  This allows it to be used with repositories
   available over the rsync protocol, the RPKI Repository Delta
   Protocol, and repositories that use a mix of both.

  This document describes how the RIPE NCC RPKI Validator version 2.23
  has been implemented.  Source code to this software can be found at
  [github].  The purpose of this document is to provide transparency to
  users of (and contributors to) this software tool, as well as serve
  to be subjected to scrutiny by the SIDR Operations Working Group.  It
  is not intended as a document that describes a standard or best
 practices on how validation should be done in general.

Working Group Summary

   No particularly difficult notes from the WG, this document
   describes the operations of a particular piece of infrastructure,
   it's not changing live things.

Document Quality

   "Are there existing implementations of the protocol? "
    Yup, that's the whole purpose of this document :-). It 
    is an Informational specification, "published for the
   general information of the Internet community, and 
   does not represent an Internet community consensus
   or recommendation. The Informational designation is 
   intended to provide for the timely publication of a very
  broad range of responsible informational documents
  from many sources, subject only to editorial
  considerations and to verification that there has been
  adequate coordination with the standards process".

  There are 3 outdated references, which can be handled by
  the RFC Editor:
     draft-ietf-sidr-delta-protocol -> RFC 8182
     draft-ietf-sidr-rpki-validation-reconsidered -> RFC 8360 
     RFC 6485, obsoleted by RFC 7935


   Chris Morrow is DS
   Warren Kumari is RAD (that *never* gets old!)

RFC Editor Note