Matthias Wählisch

Call for Input: RPKI Browser

Matthias Wählisch
Contributors: Andreas Reuter
1 You have liked this article 0 times.

The RPKI Browser is a graphical user interface to the objects of the distributed RPKI repository. The development is at very early stage. In this article, we ask for external input in terms of use cases, features etc.


An RPKI repository consists of multiple objects, such as certificates, revocation lists, and Route Origin Authorisations (ROAs). There are several command line tools available to inspect these objects. However, there is only limited work that provides an intuitive graphical interface. The RPKI Browser implements a graphical interface to analyse the content of RPKI objects and their dependencies. The RPKI Browser is open source, and currently at a very early stage. To shape the development of this tool with the requirements of potential users in mind, we would like to ask for input from the operator community.

In this note, we briefly explain the current state of the RPKI Browser to kick off the discussion for use cases, features etc. Please, let us know what you expect from an RPKI Object Browser. Either leave your comments below or send an email to .

The RPKI Browser is available at . We will publish the source code on Github as soon as a more mature version is ready.

RPKI Browser - Basic Functions

The RPKI Browser periodically fetches all RPKI data from a set of predefined trust anchors. At the moment, data from all five RIRs is hourly collected.

The current GUI consists mainly of two parts, the menu and the content view.


In the menu (shown below), you can select the repository that you want to inspect, and you can configure filters. Please note that filtering for AS numbers requires the prefix "AS" (e.g., AS3320).

Example of an AS Filter

Content View

The column at the left hand side shows the RPKI object tree. Showing all possible objects would overload the view. We decided to include only certificates and ROAs. The root of the tree is the selected trust anchor.The colour of a node indicates the cryptographic validation state of the object, i.e., green = passed, yellow = warning, red = error.

The column at the right hand side shows the content of the selected object as well as related objects. For a certificate the corresponding manifest and certificate revocation list (CRL) are presented; for a ROA, the corresponding end-entity (EE) certificate is shown.

Screenshots (click on the images to get a larger view)

Certificate Content ROA Content EE Certificate Content of Selected ROA



We highly encourage you to participate in the development process of the RPKI Browser, even at early stage. The current set of functions is very limited and serves more as an illustration of the basic idea. Let us know your use cases and requirements for such a tool! Which features (e.g., additional views, download of object data) would you like to see implemented? Send an email to or leave your comments below.

1 You have liked this article 0 times.

You may also like

View more

About the author

Matthias Wählisch Based in Berlin, Germany

Matthias is a professor and holds the Chair of Distributed and Networked Systems at the Faculty of Computer Science at TU Dresden. His research and teaching focus on efficient, reliable, and secure Internet communication. This includes the design and evaluation of networking protocols and architectures, as well as Internet measurements and analysis. His efforts are driven by the hope of improving Internet communication based on sound research. He is actively involved in the IETF since 2005, co-founded some successful open source projects such as RIOT ( and RTRlib (, and is a member of the Board of Advisors of BCIX.

Comments 0