# Local Repository Tree Replay Package

This package replays already prepared local RPKI repository trees with
Routinator and rpki-client.

It is intentionally independent from CIR:

- it does not read `.cir`;
- it does not read `repo-bytes.db`;
- it does not call `cir_materialize`;
- it does not generate a local repository tree.

The caller must prepare the local repository/cache tree before running these
scripts.

## Contents

```text
local-repo-replay-package/
  scripts/
    run_routinator_from_local_tree.sh
    run_rpki_client_from_local_tree.sh
    run_dual_local_tree_replay.sh
    prepare_tals.py
    cir-rsync-wrapper
    cir-local-link-sync.py
    normalize_rp_outputs.py
    compare_normalized_sets.py
    summarize_replay.py
  docs/
    input_tree_requirements.md
    offline_replay_limits.md
    output_files.md
  examples/
    routinator_example.sh
    rpki_client_example.sh
    dual_compare_example.sh
  env.example
```

## Routinator replay

```bash
./scripts/run_routinator_from_local_tree.sh \
  --routinator-bin /opt/routinator/target/release/routinator \
  --mirror-root /data/replay/mirror \
  --tal-dir /data/replay/tals \
  --out-dir /data/replay/out/routinator \
  --enable-aspa
```

The script uses `--disable-rrdp`, `--rsync-command ./scripts/cir-rsync-wrapper`,
and the local mirror root to satisfy rsync fetches from the local filesystem.
The wrapper name is historical; in this package it is only a generic
`rsync://` to local-path mapper.

If `--validation-time` is needed for Routinator, set `FAKETIME_LIB` to a working
libfaketime shared library. Otherwise Routinator validates at wall-clock time.

On Ubuntu, install and use faketime like this:

```bash
sudo apt-get install -y libfaketime
export FAKETIME_LIB=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
./scripts/run_routinator_from_local_tree.sh \
  --routinator-bin /opt/routinator/target/release/routinator \
  --mirror-root /data/replay/mirror \
  --tal-dir /data/replay/tals \
  --out-dir /data/replay/out/routinator \
  --validation-time 2026-05-14T06:48:00Z \
  --enable-aspa
```

Without `FAKETIME_LIB`, old local trees can produce empty or smaller output
because Routinator validates manifests and CRLs against current wall-clock time.

## rpki-client replay

```bash
./scripts/run_rpki_client_from_local_tree.sh \
  --rpki-client-bin /opt/rpki-client/src/rpki-client \
  --mirror-root /data/replay/mirror \
  --tal-dir /data/replay/tals \
  --out-dir /data/replay/out/rpki-client \
  --parser-workers 4
```

The script uses `rpki-client -R -e ./scripts/cir-rsync-wrapper` so RRDP is
disabled and rsync fetches are served from the local mirror. `--cache-dir` is an
optional working cache directory used by rpki-client during this local replay.

## Dual replay

```bash
./scripts/run_dual_local_tree_replay.sh \
  --routinator-bin /opt/routinator/target/release/routinator \
  --routinator-mirror-root /data/replay/mirror \
  --rpki-client-bin /opt/rpki-client/src/rpki-client \
  --rpki-client-mirror-root /data/replay/mirror \
  --tal-dir /data/replay/tals \
  --out-dir /data/replay/out/dual
```

If `--validation-time` is passed to dual replay, remember to export
`FAKETIME_LIB` first so Routinator and rpki-client use the same logical
validation time.

## Outputs

Each run writes normalized output:

- `vrps.normalized.txt`
- `vaps.normalized.txt`
- `summary.json`
- raw RP output and logs
- `process-time.txt`

See `docs/output_files.md`.