1.4 KiB
Offline Replay Limits
Routinator
The Routinator script disables RRDP and uses an rsync command wrapper to map rsync URLs to local paths. It still runs Routinator's normal validation logic.
If the local mirror does not contain required objects, validation can fail or produce fewer outputs.
rpki-client
The rpki-client script uses -R to disable RRDP and -e to point rsync at the
local mapper. rpki-client still builds its normal working cache, but every
rsync source is rewritten to the local mirror.
If the mirror was incomplete or produced by a different TAL set, replay results may differ from the original run.
Validation time
rpki-client supports -P <posix-seconds>. Routinator does not expose the same
simple command-line evaluation-time option in the tested version; if FAKETIME_LIB
is configured, the script can run Routinator under faketime. Without
FAKETIME_LIB, --validation-time is intentionally ignored for Routinator and
current wall-clock validation can reject stale manifests or CRLs.
Ubuntu example:
sudo apt-get install -y libfaketime
export FAKETIME_LIB=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
The script sets TZ=UTC and converts RFC3339 validation time to libfaketime
absolute UTC format, for example 2026-05-14T06:48:00Z becomes
@2026-05-14 06:48:00. Setting TZ=UTC is required because libfaketime parses
absolute timestamps in the process timezone.