Running as a Daemon

Routinator can run as a service that periodically fetches RPKI data, verifies it and makes the resulting data set available through the built-in HTTP server and via the RTR protocol.

If you have installed Routinator through our software package repository, the RTR and HTTP servers are only available on localhost for security reasons. You will have to explicitly change this setting in the configuration file to make the services available to other machines.

When you have installed Routinator using Cargo, no servers are enbled by default at all. You can start the Routinator service using the server subcommand and specifying to start the HTTP server with the --http option and the RTR server with the --rtr option. You can of course also start both.


Routinator will not reread the trust anchor locators after it has started the service. Thus, if you add or change a TAL you must restart Routinator or send it a SIGUSR1.

If you’re running Routinator on the IPv4 address and you want to start the HTTP server on port 8323 and the RTR server on port 3323, run:

routinator server --http --rtr

Make sure IPv6 addresses are in square brackets, e.g.:

routinator server --rtr [2001:0DB8::13]:3323 --rtr

Both servers will only start serving data once the first validation run has completed.

By default Routinator will stay attached to your terminal and log to standard error. You can provide the --detach option to run it in the background instead, in which case logging information is written to syslog. To learn more about what kind of information is returned and how to influence what is logged and where, refer to the Logging section.


On Linux systems there is an overlap between IPv4 and IPv6. You can’t bind to all interfaces on both address families on the same port. For example, this command will result in a ‘address already in use’ error:

routinator server --rtr --rtr [::]:3323

Instead, to listen to both IPv4 and IPv6 you can simply enter:

routinator server --rtr [::]:3323