The Relying Party Security Technology for Internet Routing (RPSTIR, pronounced “rip-stir”) helps network operators detect and reject accidental, false route origin advertisements, thus reducing the likelihood of inadvertent Internet address space hijacking. Using the global Resource Public Key Infrastructure (RPKI), RPSTIR securely generates a list of authorized prefix-origin AS pairs. Routers retrieve this list via the RPKI-RTR protocol and use it to detect false origin announcements due to errors by network operators, e.g., the Pakistan Telecom hijack of YouTube address space. In addition to enabling operators to utilize RPKI data, RPSTIR also provides fine-grained diagnostic tools for those who publish RPKI data. This effort by Raytheon BBN was supported by the U.S. Department of Homeland Security’s (DHS) Directorate for Science and Technology.
+ Fine-grained ASN.1-level diagnostics for debugging RPKI repositories
+ Both RPSL and diagnostic output
+ Top-down and bottom-up certification path discovery
+ Flexible database architecture (based on MySQL)
+ Efficient parallel download of RPKI objects
+ Local Trust Anchor functionality for mitigation of CA errors
+ RTR server implementation