The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisations (ROAs) and finally outputs Validated ROA Payloads (VRPs) in the configuration format of OpenBGPD, BIRD, and also as CSV or JSON objects for consumption by other routing stacks.
6.7p130 Jul 2020 22:54
Incorrect use of "EVP_PKEY_cmp" allowed an authentication bypass.
6.7p019 May 2020 00:38
* Document the suggested interval for running rpki-client in man page.
* Always initialize cachedir and outputdir.
* Print statistics as comments at the top of the output files which can take comments, including the date and time when the files were produced, and runtime statistics when producing them.
* Improve log messages to clarify what's happening.
* Fix a bug where rpki-client would not properly wait for exiting rsync processes, causing rpki-client to hang.