JDR logo

Note: JDR will be retired on March 1, 2024. Read the announcement for details.

JDR is a hosted tool available at jdr.nlnetlabs.nl.

JDR helps you explore, inspect and troubleshoot anything RPKI. It interprets certificates and signed objects in the RPKI and annotates everything that could somehow cause trouble. You can search for Autonomous System Numbers, IP prefixes and browse RPKI repositories to analyse them.

Introduction

Working with RPKI can be quite a complex endeavour. Implementing Relying Party (RP) or Certificate Authority (CA) software requires knowledge and understanding of a significant number of RFCs. The end-user, deploying and running such software, normally is spared this deep-dive into the land of standards. That is, as long as everything works as expected.

Once things do not work as expected, finding the cause can be challenging, as there are so many (moving) parts involved. The RPKI is a distributed repository with possible delegations, containing objects created with different pieces of software, transported via one of several ways, to be interpreted by yet again a plethora of libraries and software. And while most software will try to offer concise logging to the user in case of any unexpected situation or error, the focus of these softwares is often not the troubleshooting part.

JDR NLnet Labs query

Troubleshooting and Analysis

JDR interprets certificates and signed objects in the RPKI, but instead of producing a set of Verified ROA Payloads (VRPs) to be fed to a router, it annotates everything that could somehow cause trouble. It will go out of its way to try to decode and parse objects: even if a file is clearly violating the standards and should be rejected by RP software, JDR will try to process it and present as much troubleshooting information to the end-user afterwards.

JDR NLnet Labs analysis