Web application that allows browsing and inspection of RPKI objects
There is a publicly available instance of MIRO running at http://rpki-browser.realmv6.org/
If you wish to deploy MIRO yourself, download the latest release (miro-x.x.tar.bz2) and follow these instruction:
The release contains the file 'miro.war'. This needs to be deployed with a servlet container such as tomcat.
In case of tomcat (using a local tomcat, not system wide):
tar -xzf apache-tomcat.tar.gz
mv MIRO/miro.war apache-tomcat/webapps
./apache-tomcat/bin/startup.sh
MIRO should show up at localhost:8080/miro/
In order for MIRO to work, you need to copy the directory MIRO found in the release archive to /var/data.
IMPORTANT: The user who is running the servlet container needs to have read/write access to /var/data/MIRO
The default directory for trust anchor locators is /var/data/MIRO/Browser/tals/.
The .tal files are grouped in sub-directories (RIPE, ARIN, APNIC, LACNIC, AFRINIC).
If you wish to add your own trust anchor locators, make a new sub-directory and place your .tals in there: /var/data/MIRO/Browser/tals//.tal
Trust anchor locators should be grouped by the repository the trust anchor resides in. For example all 5 of APNICs trust anchors are grouped together. This is done to make prefetching easier.
Some repositories have a flat structure, and thus the normal recursive fetching process takes a long time (using rsync). To shorten the process prefetching aims to download as much of the repository in advance. In MIRO/Browser/prefetching you can see the URIs set to being prefetched for every TAL grouping.
If you are adding new TALs that point to repositories that are flat, it would be a good idea to make a file /var/data/MIRO/Browser/prefetching/<your TAL group> that contains URIs to prefetch.
In order to trigger an update, a connection coming from the loopback interface needs to be made to the update port (default 9234). One way to do this (python2):
sock = socket.socket()
try:
sock.connect(("localhost",9234))
sock.close()
except socket_error as e:
print(e)To setup regular updates, use a cronjob.
The last downloaded resource certificate trees as well as ROAs are saved at /var/data/MIRO/Browser/exports
In the conf file /var/data/MIRO/Browser/miro.browser.conf you can change the update port (default 9234)
The MIRO API allows you to filter for specific groups of objects and link to them or download them in JSON format.
Download or view RPKI objects
Context path: /browser
| Parameter | Value |
|---|---|
| trustAnchor | Trust anchor names, as seen in the dropdown menu of the RPKI Browser (e.g ARIN, RIPE, AFRINIC). This parameter needs to be present. |
| validationStatus | "passed", "error", or "warning" or any comma seperated combination of those 3 strings |
| filetype | "roa", "cer", or "all" |
| attributeKey | Can be "filename", "location", "subject", "issuer", "serial_nr", "resource". See also the graphical filter widget in MIRO. |
| attributeValue | Corresponding value to 'attributeKey'. Example: attributeKey=resource&attributeValue=102.45.0.0/16 |
| dl | If this is present, the request will be answered with a json file of the specified objects. If it is not present, the request will be answered with the preset RPKI Browser GUI. |
Download the complete RIPE certificate tree:
http://rpki-browser.realmv6.org/browser?trustAnchor=RIPE&dl=true
Download all ROAs in the LACNIC certificate tree with resource 'AS11562':
Download or view basic statistics about the RPKI
Context path: /stats
| Parameter | Value |
|---|---|
| trustAnchor | Trust anchor names, as seen in the tabs of the Statistics widget in MIRO (e.g ARIN, RIPE, AFRINIC). This parameter needs to be present. |
| dl | If this is present, the request will be answered with a json file containing the specified stats. If it is not present, the request will be answered with the preset Statistics GUI. |
Download statistics about the ARIN certificate tree:
http://rpki-browser.realmv6.org/stats?trustAnchor=ARIN&dl=true