Very far.

I'm not sure how to put it quantitatively, but my impression from listening to experts give technical presentations is that the breaking-rsa-type algorithms are a decade or two away.

This is very soon from a security perspective, as all you need is to store current data and break it in the future. But it is not soon enough to use for benchmarking current systems.