rpki/scripts/payload_replay/README.md

# Payload Replay Scripts

本目录提供基于本地 payload archive 的手工 replay 入口。

## `run_apnic_replay.sh`

默认使用：

- `tests/fixtures/tal/apnic-rfc7730-https.tal`
- `tests/fixtures/ta/apnic-ta.cer`
- `target/live/payload_replay/payload-archive`
- `target/live/payload_replay/locks.json`

运行：

```bash
./scripts/payload_replay/run_apnic_replay.sh
```

产物默认输出到：

- `target/live/payload_replay_runs/`

包含：

- replay DB 目录
- `report.json`
- `run.log`
- `meta.json`
- `summary.md`

## 环境变量

可覆盖：

- `TAL_PATH`
- `TA_PATH`
- `PAYLOAD_REPLAY_ARCHIVE`
- `PAYLOAD_REPLAY_LOCKS`
- `VALIDATION_TIME`
- `MAX_DEPTH`
- `MAX_INSTANCES`
- `OUT_DIR`
- `RUN_NAME`
- `DB_DIR`
- `REPORT_JSON`
- `RUN_LOG`
- `META_JSON`
- `SUMMARY_MD`

## 说明

- 该脚本依赖 `rpki` CLI 已支持：
  - `--payload-replay-archive`
  - `--payload-replay-locks`
- replay 模式必须搭配离线 TAL/TA 输入，不会去访问真实 RRDP / rsync 网络源。

## `report_to_routinator_csv.py`

把 `rpki` 生成的 `report.json` 转成 Routinator 风格的 VRP CSV：

```bash
python3 scripts/payload_replay/report_to_routinator_csv.py \
  --report target/live/payload_replay_runs/<run>_report.json \
  --out target/live/payload_replay_runs/<run>_vrps.csv \
  --trust-anchor apnic
```

输出列为：

- `ASN`
- `IP Prefix`
- `Max Length`
- `Trust Anchor`

## `compare_with_routinator_record.sh`

把 ours 生成的 VRP CSV 与 Routinator 的 `record.csv` 做对比：

```bash
./scripts/payload_replay/compare_with_routinator_record.sh \
  target/live/payload_replay_runs/<run>_vrps.csv \
  target/live/payload_replay/record.csv
```

会产出：

- compare summary Markdown
- `only_in_ours.csv`
- `only_in_record.csv`

## `run_apnic_replay.sh` 现有额外产物

脚本现在除了 `report/meta/summary`，还会额外生成：

- `vrps.csv`
- 若 `ROUTINATOR_RECORD_CSV` 存在，则生成：
  - compare summary
  - `only_in_ours.csv`
  - `only_in_record.csv`