Running as a Daemon

Routinator can run as a service that periodically fetches RPKI data, verifies it and makes the resulting data set available through the built-in HTTP and RPKI-to-Router (RTR) servers.

If you have installed Routinator through our software package repository, the HTTP and RTR servers are enabled by default via the pre-installed configuration file. However, they are only available on localhost for security reasons. You will have to explicitly change these options to make the services available to other network devices.

If you have built Routinator using Cargo, no servers are enabled by default at all. From the command line you can start Routinator as a daemon using the server subcommand. Use the --http command line option or the http-listen configuration file option to start the HTTP server. To enable the RTR server, use the --rtr command line option or the rtr-listen option in the configuration file. Of course you also start both.

HTTPS and secure transports for RTR are supported as well. Please read the HTTP Service and RTR Service sections for details.


Both servers will only start serving data once the first validation run has completed. Routinator will not reread the trust anchor locators after it has started the service. Thus, if you add or change a TAL you must restart Routinator or send it a SIGUSR1.

Using as an example IPv4 address, enter the following command to start Routinator with the HTTP server listening on port 8323 and the RTR server on port 3323:

routinator server --http --rtr

Make sure IPv6 addresses are in square brackets, e.g.:

routinator server --rtr [2001:0DB8::13]:3323 --rtr

By default Routinator will stay attached to your terminal and log to standard error. You can provide the --detach option to run it in the background instead, in which case logging information is written to syslog. To learn more about what kind of information is returned and how to influence what is logged and where, refer to the Logging section.


On Linux systems there is an overlap between IPv4 and IPv6. You can’t bind to all interfaces on both address families, i.e. and [::], as it will result in a ‘address already in use’ error. Instead, to listen to both IPv4 and IPv6 you can simply enter:

routinator server --rtr [::]:3323