-
-
Save aalmenar/86cc694b25758f00d497fff15bd29961 to your computer and use it in GitHub Desktop.
check_roa.sh: A script that checks valid ROAs for a list of IP blocks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This script checks if there are valid ROAs for a list of IP blocks | |
# Checks from two sources - rpki validator and bgpmon | |
iplist="iplist.txt" | |
notvalid=0 | |
# Replace with your own validator | |
rpki_validator="http://localcert.ripe.net:8088" | |
if [ ! -f $iplist ] ; then | |
echo "ERROR: $iplist not found." | |
exit 2 | |
fi | |
# Checking rpki validator | |
# Expected to see valid for all prefixes (i.e. announced by the ASN) | |
echo "=== Results from rpki-validator ==" | |
while IFS=',' read -r i j rest <&3; do | |
{ | |
out=$(curl -s $rpki_validator/api/v1/validity/$j/$i) | |
state=$(echo $out | jq -r '.[].validity.state') | |
echo $i $j $state | |
if [ "$state" != "Valid" ]; then | |
notvalid=1; | |
fi | |
} 3<&- | |
done 3< "$iplist" | |
# Checking IP block with bgpmon | |
# Will show invalid if detected as originating from other ASN | |
echo "=== Results from bgpmon ===" | |
for i in `cat $iplist | cut -d "," -f1` | |
do | |
status=`whois -h whois.bgpmon.net $i | grep -e "RPKI status" | cut -d":" -f2` | |
echo $i $status | |
if [ "$status" != "ROA validation successful" ]; then | |
notvalid=1; | |
fi | |
done | |
if [ $notvalid == 0 ]; then | |
echo "OK: ROA validation successful." | |
exit 0 | |
else | |
echo "WARN: Some ROAs are not valid." | |
exit 2 | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment