All scripts
isp
Advanced
3–7 min
T-ISP-033 · RPKI Origin Validation Auditor
Audit eBGP-learned prefixes against RPKI validation state (valid / invalid / not-found) and flag invalids that are still installed or propagated, plus ROA coverage gaps for the operator's own space.
Cisco IOS-XR
Juniper Junos
Arista EOS
You're viewing a preview
The full script, parameters, and execution console are available with a free account.
Already have access? Sign in →
Capabilities
- Per-neighbor validation rollup
- Invalid-but-installed detection
- ROA coverage gap report
- Max-length violation flags
- Allow-list exceptions
- JSON audit report
Required inputs
Parameters the script accepts. Defaults shown; some are vendor- or context-gated.
| Parameter | Type | Default | Notes |
|---|---|---|---|
Address family (ipv4|ipv6) afi | string | ipv4 | — |
Exit non-zero on installed invalids fail_on_invalid | bool | true | — |
Sample inventory schema
Authoritative shape of the device/policy data this script consumes.
No bundled inventory sample. The script accepts standard device lists (CSV/YAML) with hostname, mgmt IP, vendor, and credentials.
Expected output
Reference terminal output the script should produce — used as a stylistic and structural target.
terminal
2026-06-15 18:10:00 INFO Loaded validation table: 9842 prefixes 2026-06-15 18:10:01 WARN 203.0.113.0/24 INVALID still installed via AS64500 2026-06-15 18:10:01 WARN 198.51.100.0/24 NOT-FOUND (no covering ROA) 2026-06-15 18:10:01 INFO Report written to rpki-audit.json (1 invalid, 1 gap)