Created
May 17, 2022 22:59
-
-
Save MatthaeusHarris/46db8e2314ef12391c9823785ccb55e9 to your computer and use it in GitHub Desktop.
Generate and sign an ARIN RPKI ROA locally
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ### Configuration details | |
| # Your ARIN-issued certificate here: | |
| CERT=ARIN-UL-348-2022-05-17.cer | |
| # Your private key here | |
| PRIVKEY=uberduck_rpki.pem | |
| # The name of this RPKI ROA | |
| NAME=Uberduck | |
| # Your ASN | |
| ASN=400679 | |
| # List of advertised IP ranges, in the form x.x.x.x/y/z or x:x::/y/z where x is the ip address, y is the netmask of your allocation, and z is the smallest subnet you will advertise | |
| ADVERTISED=("2602:fb82::/36/48" "2602:fb82::/48/48) | |
| ### End of configuration details | |
| TIMESTAMP=$(date +%s) | |
| VALIDFROM=$(openssl x509 -in $CERT -noout -dates -inform der | grep notBefore | awk -F = '{print $2}' | xargs -I {} date +'%m-%d-%Y' -d "{}") | |
| VALIDTO=$(openssl x509 -in $CERT -noout -dates -inform der | grep notAfter | awk -F = '{print $2}' | xargs -I {} date +'%m-%d-%Y' -d "{}") | |
| ROA="1|$TIMESTAMP|$NAME|$ASN|$VALIDFROM|$VALIDTO|" | |
| for r in ${ADVERTISED[@]}; do | |
| IP_RANGE=$(echo $r | sed -e "s/\//\|/g") | |
| ROA="${ROA}$IP_RANGE|" | |
| done | |
| SIG=$(echo -n $ROA | openssl dgst -sha256 -sign $PRIVKEY -keyform PEM | openssl enc -base64) | |
| echo "-----BEGIN ROA REQUEST-----" | |
| echo "$ROA" | |
| echo "-----END ROA REQUEST-----" | |
| echo "-----BEGIN SIGNATURE-----" | |
| echo "$SIG" | |
| echo "-----END SIGNATURE-----" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment