Re: Geoip database update

[Job Snijders via NANOG <nanog () nanog org>]

On Sat, Dec 17, 2022 at 04:58:18PM -0800, Randy Bush wrote:
>     https://www.rfc-archive.org/getrfc?rfc=9092
>
> and note that massimo has a collio toolset
>
>     https://github.com/massimocandela/geofeed-finder

Rpki-client (version 8.2 and higher) supports authenticating signed
Geofeed data against the RPKI:

First figure out the location of the Geofeed data (the above mentioned
'geofeed-finder' utility will do a better job searching at scale!):

$ whois -h whois.ripe.net 2001:67c:208c::/48 | egrep 'inet6num|Geofeed '
inet6num:       2001:67c:208c::/48
remarks:        Geofeed https://sobornost.net/geofeed.csv

Then validate the embedded signature:

$ sudo apt install rpki-client && sudo systemctl start rpki-client
$ wget https://sobornost.net/geofeed.csv
$ rpki-client -j -f geofeed.csv
{
        "file": "geofeed.csv",
        "hash_id": "VOXBRdQpiyALlLRdo3OkLbLIY4PexRlci/0EM9Fc21U=",
        "type": "geofeed",
        "ski": "D4:05:34:DB:56:A6:4D:A2:ED:4D:EF:AD:A9:C1:31:DA:19:56:DC:A7",
        "cert_issuer": "/CN=caa805dbac364749b9b115590ab6ef0f970cdbd8",
        "cert_serial": "06",
        "aki": "CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8",
        "aia": "rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer",
        "valid_until": 1700930092,
        "records": [
                { "prefix": "2001:67c:208c::/48", "location": "NL,NL-NH,Amsterdam,"}
        ],
        "validation": "OK"
}

Kind regards,

Job