RPKI-ROUTER-MIB DEFINITIONS ::= BEGIN

IMPORTS

    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
    Integer32, Unsigned32, mib-2, Gauge32, Counter32
            FROM SNMPv2-SMI                          -- RFC 2578

    InetAddressType, InetAddress, InetPortNumber,
    InetAddressPrefixLength, InetAutonomousSystemNumber
            FROM INET-ADDRESS-MIB                    -- RFC 4001

    TEXTUAL-CONVENTION, TimeStamp
            FROM SNMPv2-TC                           -- RFC 2579

    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
            FROM SNMPv2-CONF                         -- RFC 2580

    LongUtf8String FROM SYSAPPL-MIB                  -- RFC 2287

    ;

rpkiRtrMIB  MODULE-IDENTITY
    LAST-UPDATED "201305010000Z"
    ORGANIZATION "IETF Secure Inter-Domain Routing (SIDR)
                  Working Group
                 "
    CONTACT-INFO "Working Group Email: sidr@ietf.org

                  Randy Bush
                  Internet Initiative Japan
                  5147 Crystal Springs
                  Bainbridge Island, WA  98110
                  USA
                  Email: randy@psg.com

                  Bert Wijnen
                  RIPE NCC
                  Schagen 33
                  3461 GL Linschoten
                  Netherlands
                  Email: bertietf@bwijnen.net

                  Keyur Patel
                  Cisco Systems
                  170 W. Tasman Drive
                  San Jose, CA  95134
                  USA



                  Email: keyupate@cisco.com

                  Michael Baer
                  SPARTA
                  P.O. Box 72682
                  Davis, CA  95617
                  USA
                  Email: baerm@tislabs.com
                 "

    DESCRIPTION  "This MIB module contains management objects to
                  support monitoring of the Resource Public Key
                  Infrastructure (RPKI) protocol on routers.

                  Copyright (c) 2013 IETF Trust and the persons
                  identified as authors of the code.  All rights
                  reserved.

                  Redistribution and use in source and binary
                  forms, with or without modification, is
                  permitted pursuant to, and subject to the
                  license terms contained in, the Simplified BSD
                  License set forth in Section 4.c of the IETF
                  Trust's Legal Provisions Relating to IETF
                  Documents
                  (http://trustee.ietf.org/license-info).

                  This version of this MIB module is part of
                  RFC 6945; see the RFC itself for full legal
                  notices."

    REVISION     "201305010000Z"
    DESCRIPTION  "Initial version, published as RFC 6945."
    ::= { mib-2 218 }

rpkiRtrNotifications  OBJECT IDENTIFIER ::= { rpkiRtrMIB 0 }
rpkiRtrObjects        OBJECT IDENTIFIER ::= { rpkiRtrMIB 1 }
rpkiRtrConformance    OBJECT IDENTIFIER ::= { rpkiRtrMIB 2 }

-- ==============================================================
-- Textual Conventions used in this MIB module
-- ==============================================================

RpkiRtrConnectionType ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION "The connection type used between a router (as a
                 client) and a cache server.




                 The following types have been defined in RFC 6810:
                   ssh(1)    - Section 7.1; see also RFC 4252.
                   tls(2)    - Section 7.2; see also RFC 5246.
                   tcpMD5(3) - Section 7.3; see also RFC 2385.
                   tcpAO(4)  - Section 7.4; see also RFC 5925.
                   tcp(5)    - Section 7.
                   ipsec(6)  - Section 7; see also RFC 4301.
                   other(7)  - none of the above."

    REFERENCE   "The RPKI-Router Protocol, RFC 6810, Section 7"
    SYNTAX       INTEGER {
                        ssh(1),
                        tls(2),
                        tcpMD5(3),
                        tcpAO(4),
                        tcp(5),
                        ipsec(6),
                        other(7)
                 }

-- ==============================================================
-- Scalar objects
-- ==============================================================
rpkiRtrDiscontinuityTimer OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "This timer represents the timestamp (value
                 of sysUpTime) at which time any of the
                 Counter32 objects in this MIB module
                 encountered a discontinuity.

                 For objects that use rpkiRtrDiscontinuityTimer to
                 indicate discontinuity, only values received since
                 the time indicated by rpkiRtrDiscontinuityTimer are
                 comparable to each other.  A manager should take the
                 possibility of rollover into account when
                 calculating difference values.

                 In principle, that should only happen if the
                 SNMP agent or the instrumentation for this
                 MIB module starts or restarts."
    ::= { rpkiRtrObjects 1 }

-- ==============================================================
-- RPKI-Router Cache Server Connection Table
-- ==============================================================




rpkiRtrCacheServerTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF RpkiRtrCacheServerTableEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "This table lists the RPKI cache servers
                 known to this router/system."
    ::= { rpkiRtrObjects 2 }

rpkiRtrCacheServerTableEntry OBJECT-TYPE
    SYNTAX       RpkiRtrCacheServerTableEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "An entry in the rpkiRtrCacheServerTable.
                 It holds management attributes associated
                 with one connection to a RPKI cache server.

                 Implementers should be aware that if the
                 rpkiRtrCacheServerRemoteAddress object exceeds 114
                 octets, the index values will exceed the 128
                 sub-identifier limit and cannot be accessed using
                 SNMPv1, SNMPv2c, or SNMPv3."

    INDEX        { rpkiRtrCacheServerRemoteAddressType,
                   rpkiRtrCacheServerRemoteAddress,
                   rpkiRtrCacheServerRemotePort
                 }
    ::= { rpkiRtrCacheServerTable 1 }

RpkiRtrCacheServerTableEntry ::= SEQUENCE {
    rpkiRtrCacheServerRemoteAddressType    InetAddressType,
    rpkiRtrCacheServerRemoteAddress        InetAddress,
    rpkiRtrCacheServerRemotePort           InetPortNumber,
    rpkiRtrCacheServerLocalAddressType     InetAddressType,
    rpkiRtrCacheServerLocalAddress         InetAddress,
    rpkiRtrCacheServerLocalPort            InetPortNumber,
    rpkiRtrCacheServerPreference           Unsigned32,
    rpkiRtrCacheServerConnectionType       RpkiRtrConnectionType,
    rpkiRtrCacheServerConnectionStatus     INTEGER,
    rpkiRtrCacheServerDescription          LongUtf8String,
    rpkiRtrCacheServerMsgsReceived         Counter32,
    rpkiRtrCacheServerMsgsSent             Counter32,
    rpkiRtrCacheServerV4ActiveRecords      Gauge32,
    rpkiRtrCacheServerV4Announcements      Counter32,
    rpkiRtrCacheServerV4Withdrawals        Counter32,
    rpkiRtrCacheServerV6ActiveRecords      Gauge32,
    rpkiRtrCacheServerV6Announcements      Counter32,
    rpkiRtrCacheServerV6Withdrawals        Counter32,
    rpkiRtrCacheServerLatestSerial         Unsigned32,



    rpkiRtrCacheServerSessionID            Unsigned32,
    rpkiRtrCacheServerRefreshTimer         Unsigned32,
    rpkiRtrCacheServerTimeToRefresh        Integer32,
    rpkiRtrCacheServerId                   Unsigned32
}

rpkiRtrCacheServerRemoteAddressType OBJECT-TYPE
    SYNTAX       InetAddressType
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "The network address type of the connection
                 to this RPKI cache server.

                 Note: Only IPv4, IPv6, and DNS support are required
                 for read-only compliance with RFC 6945."
    ::= { rpkiRtrCacheServerTableEntry 1 }

rpkiRtrCacheServerRemoteAddress OBJECT-TYPE
    SYNTAX       InetAddress
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "The remote network address for this connection
                 to this RPKI cache server.

                 The format of the address is defined by the
                 value of the corresponding instance of
                 rpkiRtrCacheServerRemoteAddressType.

                 This object matches the address type used within
                 the local router configuration.  If the address is
                 of type dns (fqdn), then the router will resolve it
                 at the time it connects to the cache server."
    ::= { rpkiRtrCacheServerTableEntry 2 }

rpkiRtrCacheServerRemotePort OBJECT-TYPE
    SYNTAX       InetPortNumber (1..65535)
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "The remote port number for this connection
                 to this RPKI cache server."
    ::= { rpkiRtrCacheServerTableEntry 3 }

rpkiRtrCacheServerLocalAddressType OBJECT-TYPE
    SYNTAX       InetAddressType
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The network address type of the connection
                 to this RPKI cache server.



                 Note: Only IPv4, IPv6, and DNS support are required
                 for read-only compliance with RFC 6945."
    ::= { rpkiRtrCacheServerTableEntry 4 }

rpkiRtrCacheServerLocalAddress OBJECT-TYPE
    SYNTAX       InetAddress
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The local network address for this connection
                 to this RPKI cache server.

                 The format of the address is defined by the
                 value of the corresponding instance of
                 rpkiRtrCacheServerLocalAddressType.

                 This object matches the address type used within
                 the local router configuration.  If the address is
                 of type dns (fqdn), then the router will resolve it
                 at the time it connects to the cache server."
    ::= { rpkiRtrCacheServerTableEntry 5 }

rpkiRtrCacheServerLocalPort OBJECT-TYPE
    SYNTAX       InetPortNumber (1..65535)
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The local port number for this connection
                 to this RPKI cache server."
    ::= { rpkiRtrCacheServerTableEntry 6 }

rpkiRtrCacheServerPreference OBJECT-TYPE
    SYNTAX       Unsigned32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The routers' preference for this RPKI cache server.

                 A lower value means more preferred.  If two entries
                 have the same preference, then the order is
                 arbitrary.

                 In two cases, the maximum value for an Unsigned32
                 object should be returned for this object:
                 - If no order is specified in the RPKI-Router
                   configuration.
                 - If a preference value is configured that is
                   larger than the max value for an Unsigned32
                   object."

    REFERENCE    "The RPKI-Router Protocol, RFC 6810, Section 8."



    DEFVAL       { 4294967295 }
    ::= { rpkiRtrCacheServerTableEntry 7 }

rpkiRtrCacheServerConnectionType OBJECT-TYPE
    SYNTAX       RpkiRtrConnectionType
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The connection type or transport security suite
                 in use for this RPKI cache server."
    ::= { rpkiRtrCacheServerTableEntry 8 }

rpkiRtrCacheServerConnectionStatus OBJECT-TYPE
    SYNTAX       INTEGER { up(1), down(2) }
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The connection status for this entry
                 (connection to this RPKI cache server)."
    ::= { rpkiRtrCacheServerTableEntry 9 }

rpkiRtrCacheServerDescription OBJECT-TYPE
    SYNTAX       LongUtf8String
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "Free form description/information for this
                 connection to this RPKI cache server."
    ::= { rpkiRtrCacheServerTableEntry 10 }

rpkiRtrCacheServerMsgsReceived OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "Number of messages received from this
                 RPKI cache server via this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerTableEntry 11 }

rpkiRtrCacheServerMsgsSent OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "Number of messages sent to this
                 RPKI cache server via this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerTableEntry 12 }



rpkiRtrCacheServerV4ActiveRecords OBJECT-TYPE
    SYNTAX       Gauge32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "Number of active IPv4 records received from
                 this RPKI cache server via this connection."
    ::= { rpkiRtrCacheServerTableEntry 13 }

rpkiRtrCacheServerV4Announcements OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The number of IPv4 records announced by the
                 RPKI cache server via this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerTableEntry 14 }

rpkiRtrCacheServerV4Withdrawals OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of IPv4 records withdrawn by the
                 RPKI cache server via this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerTableEntry 15 }

rpkiRtrCacheServerV6ActiveRecords OBJECT-TYPE
    SYNTAX       Gauge32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "Number of active IPv6 records received from
                 this RPKI cache server via this connection."
    ::= { rpkiRtrCacheServerTableEntry 16 }

rpkiRtrCacheServerV6Announcements OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The number of IPv6 records announced by the
                 RPKI cache server via this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerTableEntry 17 }



rpkiRtrCacheServerV6Withdrawals OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The number of IPv6 records withdrawn by the
                 RPKI cache server via this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerTableEntry 18 }

rpkiRtrCacheServerLatestSerial OBJECT-TYPE
    SYNTAX       Unsigned32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The latest serial number of data received from
                 this RPKI server on this connection.

                 Note: this value wraps back to zero when it
                 reaches its maximum value."
    REFERENCE   "RFC 1982 and RFC 6810, Section 2"
    ::= { rpkiRtrCacheServerTableEntry 19 }

rpkiRtrCacheServerSessionID OBJECT-TYPE
    SYNTAX      Unsigned32 (0..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The Session ID associated with the RPKI cache
                 server at the other end of this connection."
    REFERENCE   "RFC 6810, Section 2"
    ::= { rpkiRtrCacheServerTableEntry 20 }

rpkiRtrCacheServerRefreshTimer OBJECT-TYPE
    SYNTAX       Unsigned32 (60..7200)
    UNITS       "seconds"
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The number of seconds configured for the refresh
                 timer for this connection to this RPKI cache
                 server."
    REFERENCE   "RFC 6810, Sections 6.1 and 8"
    ::= { rpkiRtrCacheServerTableEntry 21 }

rpkiRtrCacheServerTimeToRefresh OBJECT-TYPE
    SYNTAX       Integer32
    UNITS       "seconds"
    MAX-ACCESS   read-only
    STATUS       current



    DESCRIPTION "The number of seconds remaining before a new
                 refresh is performed via a Serial Query to
                 this cache server over this connection.

                 A negative value means that the refresh time has
                 passed this many seconds and the refresh has not
                 yet been completed.  It will stop decrementing at
                 the maximum negative value.

                 Upon a completed refresh (i.e., a successful
                 and complete response to a Serial Query) the
                 value of this attribute will be reinitialized
                 with the value of the corresponding
                 rpkiRtrCacheServerRefreshTimer attribute."
    REFERENCE   "RFC 6810, Section 8"
    ::= { rpkiRtrCacheServerTableEntry 22 }

rpkiRtrCacheServerId OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The unique ID for this connection.

                 An implementation must make sure this ID is unique
                 within this table.  It is this ID that can be used
                 to find entries in the rpkiRtrPrefixOriginTable
                 that were created by announcements received on
                 this connection from this cache server."
    REFERENCE   "RFC 6810, Section 4"
    ::= { rpkiRtrCacheServerTableEntry 23 }

-- ==============================================================
-- Errors Table
-- ==============================================================

rpkiRtrCacheServerErrorsTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF RpkiRtrCacheServerErrorsTableEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "This table provides statistics on errors per
                 RPKI peer connection.  These can be used for
                 debugging."
    ::= { rpkiRtrObjects 3 }

rpkiRtrCacheServerErrorsTableEntry OBJECT-TYPE
    SYNTAX       RpkiRtrCacheServerErrorsTableEntry
    MAX-ACCESS   not-accessible
    STATUS       current



    DESCRIPTION "An entry in the rpkiCacheServerErrorTable.  It
                 holds management objects associated with errors
                 codes that were received on the specified
                 connection to a specific cache server."
    REFERENCE   "RFC 6810, Section 10"
    AUGMENTS    { rpkiRtrCacheServerTableEntry }
    ::= { rpkiRtrCacheServerErrorsTable 1 }

RpkiRtrCacheServerErrorsTableEntry ::= SEQUENCE {
    rpkiRtrCacheServerErrorsCorruptData        Counter32,
    rpkiRtrCacheServerErrorsInternalError      Counter32,
    rpkiRtrCacheServerErrorsNoData             Counter32,
    rpkiRtrCacheServerErrorsInvalidRequest     Counter32,
    rpkiRtrCacheServerErrorsUnsupportedVersion Counter32,
    rpkiRtrCacheServerErrorsUnsupportedPdu     Counter32,
    rpkiRtrCacheServerErrorsWithdrawalUnknown  Counter32,
    rpkiRtrCacheServerErrorsDuplicateAnnounce  Counter32
    }

rpkiRtrCacheServerErrorsCorruptData OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The number of 'Corrupt Data' errors received
                 from the RPKI cache server at the other end
                 of this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerErrorsTableEntry 1 }

rpkiRtrCacheServerErrorsInternalError OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The number of 'Internal Error' errors received
                 from the RPKI cache server at the other end
                 of this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerErrorsTableEntry 2 }

rpkiRtrCacheServerErrorsNoData OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The number of 'No Data Available' errors received



                 from the RPKI cache server at the other end
                 of this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerErrorsTableEntry 3 }

rpkiRtrCacheServerErrorsInvalidRequest OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The number of 'Invalid Request' errors received
                 from the RPKI cache server at the other end
                 of this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerErrorsTableEntry 4 }

rpkiRtrCacheServerErrorsUnsupportedVersion OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The number of 'Unsupported Protocol Version'
                 errors received from the RPKI cache server at
                 the other end of this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerErrorsTableEntry 5 }

rpkiRtrCacheServerErrorsUnsupportedPdu OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The number of 'Unsupported PDU Type' errors
                 received from the RPKI cache server at the
                 other end of this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerErrorsTableEntry 6 }

rpkiRtrCacheServerErrorsWithdrawalUnknown OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The number of 'Withdrawal of Unknown Record'



                 errors received from the RPKI cache server at
                 the other end of this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerErrorsTableEntry 7 }

rpkiRtrCacheServerErrorsDuplicateAnnounce OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The number of 'Duplicate Announcement Received'
                 errors received from the RPKI cache server at
                 the other end of this connection.

                 Discontinuities are indicated by the value
                 of rpkiRtrDiscontinuityTimer."
    ::= { rpkiRtrCacheServerErrorsTableEntry 8 }

-- ==============================================================
-- The rpkiRtrPrefixOriginTable
-- ==============================================================

rpkiRtrPrefixOriginTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF RpkiRtrPrefixOriginTableEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "This table lists the prefixes that were
                 announced by RPKI cache servers to this system.
                 That is the prefixes and their Origin Autonomous
                 System Number (ASN) as received by announcements
                 via the RPKI-Router Protocol."
    ::= { rpkiRtrObjects 4 }

rpkiRtrPrefixOriginTableEntry OBJECT-TYPE
    SYNTAX       RpkiRtrPrefixOriginTableEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "An entry in the rpkiRtrPrefixOriginTable.  This
                 represents one announced prefix.  If a cache server
                 is removed from the local configuration, any table
                 rows associated with that server (indicated by
                 rpkiRtrPrefixOriginCacheServerId) are also removed
                 from this table.

                 Implementers should be aware that if the
                 rpkiRtrPrefixOriginAddress object exceeds 111
                 octets, the index values will exceed the 128



                 sub-identifier limit and cannot be accessed using
                 SNMPv1, SNMPv2c, or SNMPv3."

    INDEX       { rpkiRtrPrefixOriginAddressType,
                  rpkiRtrPrefixOriginAddress,
                  rpkiRtrPrefixOriginMinLength,
                  rpkiRtrPrefixOriginMaxLength,
                  rpkiRtrPrefixOriginASN,
                  rpkiRtrPrefixOriginCacheServerId
                }
    ::= { rpkiRtrPrefixOriginTable 1 }

RpkiRtrPrefixOriginTableEntry ::= SEQUENCE {
    rpkiRtrPrefixOriginAddressType    InetAddressType,
    rpkiRtrPrefixOriginAddress        InetAddress,
    rpkiRtrPrefixOriginMinLength      InetAddressPrefixLength,
    rpkiRtrPrefixOriginMaxLength      InetAddressPrefixLength,
    rpkiRtrPrefixOriginASN            InetAutonomousSystemNumber,
    rpkiRtrPrefixOriginCacheServerId  Unsigned32
}

rpkiRtrPrefixOriginAddressType OBJECT-TYPE
    SYNTAX       InetAddressType
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "The network address type for this prefix.

                 Note: Only IPv4 and IPv6 support are required
                 for read-only compliance with RFC 6945."
    ::= { rpkiRtrPrefixOriginTableEntry 1 }

rpkiRtrPrefixOriginAddress OBJECT-TYPE
    SYNTAX       InetAddress
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "The network address for this prefix.

                 The format of the address is defined by the
                 value of the corresponding instance of
                 rpkiRtrPrefixOriginAddressType."
    ::= { rpkiRtrPrefixOriginTableEntry 2 }

rpkiRtrPrefixOriginMinLength OBJECT-TYPE
    SYNTAX       InetAddressPrefixLength
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "The minimum prefix length allowed for this prefix."
    ::= { rpkiRtrPrefixOriginTableEntry 3 }



rpkiRtrPrefixOriginMaxLength OBJECT-TYPE
    SYNTAX       InetAddressPrefixLength
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "The maximum prefix length allowed for this prefix.

                 Note, this value must be greater or equal to the
                 value of rpkiRtrPrefixOriginMinLength."
    ::= { rpkiRtrPrefixOriginTableEntry 4 }

rpkiRtrPrefixOriginASN OBJECT-TYPE
    SYNTAX       InetAutonomousSystemNumber (0..4294967295)
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "The ASN that is authorized to announce the
                 prefix or sub-prefixes covered by this entry."
    ::= { rpkiRtrPrefixOriginTableEntry 5 }

rpkiRtrPrefixOriginCacheServerId OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The unique ID of the connection to the cache
                 server from which this announcement was received.
                 That connection is identified/found by a matching
                 value in attribute rpkiRtrCacheServerId."
    ::= { rpkiRtrPrefixOriginTableEntry 6 }

-- ==============================================================
-- Notifications
-- ==============================================================

rpkiRtrCacheServerConnectionStateChange NOTIFICATION-TYPE
    OBJECTS     { rpkiRtrCacheServerConnectionStatus,
                  rpkiRtrCacheServerLatestSerial,
                  rpkiRtrCacheServerSessionID
                }
    STATUS      current
    DESCRIPTION "This notification signals a change in the status
                 of an rpkiRtrCacheServerConnection.

                 The management agent MUST throttle the generation of
                 consecutive rpkiRtrCacheServerConnectionStateChange
                 notifications such that there is at least a 5 second
                 gap between them.

                 If more than one notification has occurred locally
                 during that time, the most recent notification is



                 sent at the end of the 5 second gap and the others
                 are discarded."
    ::= { rpkiRtrNotifications 1 }

rpkiRtrCacheServerConnectionToGoStale NOTIFICATION-TYPE
    OBJECTS     { rpkiRtrCacheServerV4ActiveRecords,
                  rpkiRtrCacheServerV6ActiveRecords,
                  rpkiRtrCacheServerLatestSerial,
                  rpkiRtrCacheServerSessionID,
                  rpkiRtrCacheServerRefreshTimer,
                  rpkiRtrCacheServerTimeToRefresh
                }
    STATUS      current
    DESCRIPTION "This notification signals that an RPKI cache
                 server connection is about to go stale.
                 It is suggested that this notification is
                 generated when the value of the
                 rpkiRtrCacheServerTimeToRefresh attribute
                 goes below 60 seconds.

                 The SNMP agent MUST throttle the generation of
                 consecutive rpkiRtrCacheServerConnectionToGoStale
                 notifications such that there is at least a
                 5 second gap between them.
                "
    ::= { rpkiRtrNotifications 2 }

-- ==============================================================
-- Module Compliance information
-- ==============================================================

rpkiRtrCompliances OBJECT IDENTIFIER ::=
                                        {rpkiRtrConformance 1}
rpkiRtrGroups      OBJECT IDENTIFIER ::=
                                        {rpkiRtrConformance 2}

rpkiRtrRFC6945ReadOnlyCompliance MODULE-COMPLIANCE
    STATUS       current
    DESCRIPTION
        "The compliance statement for the rpkiRtrMIB module.  There
        are only read-only objects in this MIB module, so the
        'ReadOnly' in the name of this compliance statement is there
        only for clarity and truth in advertising.

        There are a number of INDEX objects that cannot be
        represented in the form of OBJECT clauses in SMIv2, but for
        which there are compliance requirements.  Those requirements
        and similar requirements for related objects are expressed



        below, in pseudo-OBJECT clause form, in this description:

        -- OBJECT rpkiRtrCacheServerRemoteAddressType
        -- SYNTAX InetAddressType { ipv4(1), ipv6(2), dns(16) }
        -- DESCRIPTION
        --   The MIB requires support for the IPv4, IPv6, and DNS
        --   InetAddressTypes for this object.

        -- OBJECT rpkiRtrCacheServerLocalAddressType
        -- SYNTAX InetAddressType { ipv4(1), ipv6(2), dns(16) }
        -- DESCRIPTION
        --   The MIB requires support for the IPv4, IPv6, and DNS
        --   InetAddressTypes for this object.

        -- OBJECT rpkiRtrPrefixOriginAddressType
        -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
        -- DESCRIPTION
        --   The MIB requires support for the IPv4, and IPv6
        --   InetAddressTypes for this object.
        "

    MODULE      -- This module
    MANDATORY-GROUPS { rpkiRtrCacheServerGroup,
                       rpkiRtrPrefixOriginGroup,
                       rpkiRtrNotificationsGroup
                     }

    GROUP       rpkiRtrCacheServerErrorsGroup
    DESCRIPTION "Implementation of this group is optional and
                 would be useful for debugging."

    ::= { rpkiRtrCompliances 1 }

rpkiRtrCacheServerGroup OBJECT-GROUP
    OBJECTS     {
                  rpkiRtrDiscontinuityTimer,
                  rpkiRtrCacheServerLocalAddressType,
                  rpkiRtrCacheServerLocalAddress,
                  rpkiRtrCacheServerLocalPort,
                  rpkiRtrCacheServerPreference,
                  rpkiRtrCacheServerConnectionType,
                  rpkiRtrCacheServerConnectionStatus,
                  rpkiRtrCacheServerDescription,
                  rpkiRtrCacheServerMsgsReceived,
                  rpkiRtrCacheServerMsgsSent,
                  rpkiRtrCacheServerV4ActiveRecords,
                  rpkiRtrCacheServerV4Announcements,
                  rpkiRtrCacheServerV4Withdrawals,



                  rpkiRtrCacheServerV6ActiveRecords,
                  rpkiRtrCacheServerV6Announcements,
                  rpkiRtrCacheServerV6Withdrawals,
                  rpkiRtrCacheServerLatestSerial,
                  rpkiRtrCacheServerSessionID,
                  rpkiRtrCacheServerRefreshTimer,
                  rpkiRtrCacheServerTimeToRefresh,
                  rpkiRtrCacheServerId
                }
    STATUS      current
    DESCRIPTION "The collection of objects to monitor the RPKI peer
                 connections."
    ::= { rpkiRtrGroups 1 }

rpkiRtrCacheServerErrorsGroup OBJECT-GROUP
    OBJECTS     {
                  rpkiRtrCacheServerErrorsCorruptData,
                  rpkiRtrCacheServerErrorsInternalError,
                  rpkiRtrCacheServerErrorsNoData,
                  rpkiRtrCacheServerErrorsInvalidRequest,
                  rpkiRtrCacheServerErrorsUnsupportedVersion,
                  rpkiRtrCacheServerErrorsUnsupportedPdu,
                  rpkiRtrCacheServerErrorsWithdrawalUnknown,
                  rpkiRtrCacheServerErrorsDuplicateAnnounce
                }
    STATUS      current
    DESCRIPTION "The collection of objects that may help in
                 debugging the communication between RPKI
                 clients and cache servers."
    ::= { rpkiRtrGroups 2 }

rpkiRtrPrefixOriginGroup OBJECT-GROUP
    OBJECTS     {
                  rpkiRtrPrefixOriginCacheServerId
                }
    STATUS      current
    DESCRIPTION "The collection of objects that represent
                 the prefix(es) and their validated Origin
                 ASes."
    ::= { rpkiRtrGroups 3 }











rpkiRtrNotificationsGroup NOTIFICATION-GROUP
    NOTIFICATIONS { rpkiRtrCacheServerConnectionStateChange,
                    rpkiRtrCacheServerConnectionToGoStale
                  }
    STATUS      current
    DESCRIPTION "The set of notifications to alert an NMS of change
                 in connections to RPKI cache servers."
    ::= { rpkiRtrGroups 4 }

END
