deadsimple BSD Security Advisories and Announcements

rpki-client 6.8p1 released

rpki-client 6.8p1 has just been released and will be available in the
rpki-client directory of any OpenBSD mirror soon.

rpki-client is a FREE, easy-to-use implementation of the Resource
Public Key Infrastructure (RPKI) for Relying Parties (RP) to
facilitate validation of the Route Origin of a BGP announcement. The
program queries the RPKI repository system and outputs Validated ROA
Payloads in the configuration format of OpenBGPD, BIRD, and also as
CSV or JSON objects for consumption by other routing stacks.

See RFC 6811 for a description of how BGP Prefix Origin Validation
secures the Internet's global routing system.

rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, and Sebastian Benoit as part of the OpenBSD
Project and gets released as a base component of OpenBSD every six
months, and follows the OpenBSD release numbering scheme.

This is the second release based on OpenBSD 6.8. It includes the following
changes to the previous release:

* incorporate OpenBSD 6.8 errata 006 of November 10, 2020:
  rpki-client incorrectly checks the manifest validity interval.

In the portable version,

* Add compat code for the LibreSSL ASN1_time_parse() and ASN1_time_tm_cmp()
  functions. Those are needed to properly check the validity of MFT files.
* Add openssl/asn1.h to the noinst_HEADERS else make distcheck fails

rpki-client is known to compile and run on at least the following
Linux distributions: Alpine 3.12, Debian 9, Debian 10, Fedora 31,
Fedora 32, Fedora 33, RHEL/CentOS 7, RHEL/CentOS 8.
It is our hope that packagers take interest and help adapt
OpenBGPD-portable to more distributions.

The mirrors where rpki-client can be found are on

Reporting Bugs:

General bugs may be reported to

Portable bugs may be filed at

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release