deadsimple BSD Security Advisories and Announcements

rpki-client 6.7p1 released

rpki-client 6.7p1 has just been released and will be available in the
rpki-client directory of any OpenBSD mirror soon.

rpki-client is a FREE, easy-to-use implementation of the Resource
Public Key Infrastructure (RPKI) for Relying Parties (RP) to
facilitate validation of the Route Origin of a BGP announcement. The
program queries the RPKI repository system and outputs Validated ROA
Payloads in the configuration format of OpenBGPD, BIRD, and also as
CSV or JSON objects for consumption by other routing stacks.

See RFC 6811 for a description of how BGP Prefix Origin Validation
secures the Internet's global routing system.

rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, and Sebastian Benoit as part of the OpenBSD
Project and gets released as a base component of OpenBSD every six
months, and follows the OpenBSD release numbering scheme.

This is the second release based on OpenBSD 6.7. It includes the follwoing
changes to the previous release:

* Include OpenBSD 6.7 errata 015:
In rpki-client, incorrect use of EVP_PKEY_cmp allows an authentication bypass.

The mirrors where rpki-client can be found are on

Reporting Bugs:

General bugs may be reported to

Portable bugs may be filed at

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release