Routinator has a large number of configuration options, but in most cases running it with the defaults will work just fine. You can specify options as command line arguments, but you can also use a configuration file.

Routinator uses the TOML format for specifying options in the configuration file. Its entries are named similarly to the command line options. A complete sample configuration file showing all the default values can be found in the repository.

Routinator can run as a daemon but you can also use it interactively from the command line. However, there are several considerations with regards to how you’ve installed and how you intend to use Routinator, which we’ll cover below.

Routinator Installed From a Package

As explained in the Initialisation section, the installation script will run as the user routinator and refer to the configuration file /etc/routinator/routinator.conf which contains the following pre-configured options:

repository-dir = "/var/lib/routinator/rpki-cache"
tal-dir = "/var/lib/routinator/tals"
rtr-listen = [""]
http-listen = [""]

For security reasons the HTTP and RTR server will only listen on localhost, so you will have to change these values to make them accessible to other devices on your network.

The service script that starts Routinator uses the --config option to explicitly refer to this configuration file, so any desired changes should be made here. If you would like to know what default settings Routinator runs with in addition to the settings in the config file, you can check with the config subcommand:

routinator --config /etc/routinator/routinator.conf config

This output will also provide you with the correct syntax in case you want to make changes.


Once you have started Routinator with sudo systemctl enable --now routinator you should not invoke interactive validation runs from the command line using routinator vrps. If there is specific information you would like to have from Routinator, you should retrieve it via the user interface or one of the HTTP endpoints.

Routinator Built with Cargo

If you have built Routinator using Cargo, you have made your own decisions with regards to the user that it runs as and the privileges it has. There is no default configuration file, as it is your choice if you want to use one.

If you run Routinator without referring to a configuration file it will check if there is a $HOME/.routinator.conf file and if it exists, use it. If no configuration file is available, the default values are used.

You can view the default settings Routinator runs with using:

routinator config

It will return the list of defaults in the same notation that is used by the configuration file, which will be largely similar to this and can serve as a starting point for making your own:

allow-dubious-hosts = false
dirty = false
disable-rrdp = false
disable-rsync = false
exceptions = []
expire = 7200
history-size = 10
http-listen = []
log = "default"
log-level = "WARN"
max-object-size = 20000000
refresh = 600
repository-dir = "/Users/routinator/.rpki-cache/repository"
retry = 600
rrdp-fallback-time = 3600
rrdp-proxies = []
rrdp-root-certs = []
rsync-command = "rsync"
rsync-timeout = 300
rtr-client-metrics = false
rtr-listen = []
rtr-tcp-keepalive = 60
stale = "reject"
strict = false
syslog-facility = "daemon"
systemd-listen = false
tal-dir = "/Users/routinator/.rpki-cache/tals"
unknown-objects = "warn"
unsafe-vrps = "warn"
validation-threads = 4