• caglararli@hotmail.com
  • 05386281520

How to manually test for invalid Route Origin Authorisation (ROA) and Route announcement validity?

Çağlar Arlı      -    2 Views

How to manually test for invalid Route Origin Authorisation (ROA) and Route announcement validity?

Internet.nl checks a domain for some security settings among which:

Route Origin Authorisation existence and Route announcement validity for both the webserver and nameserver IP addresses.

They write:

All IP addresses of your web server and associated name servers have a route announcement that is matched by the published route authorisation (RPKI). As a result, visitors with enabled route validation are better protected against various unintentional or malicious route configuration errors, that can lead to the unreachability of your servers or the interception of Internet traffic to your servers.

For some domains I noticed an invalid: RPKI Route Origin Authorization or RPKI Origin Validation state.

Outside of internet.nl I have not found a method or tool for testing this myself. Is there a method or command line tool where I can easily test this myself for a given IP?

See an example report here (in the bottom): https://internet.nl/site/security.stackexchange.com/3089062/