deadsimple BSD Security Advisories and Announcements

rpki-client 7.2 released

rpki-client 7.2 has just been released and will be available in the
rpki-client directory of any OpenBSD mirror soon.

rpki-client is a FREE, easy-to-use implementation of the Resource
Public Key Infrastructure (RPKI) for Relying Parties (RP) to
facilitate validation of the Route Origin of a BGP announcement. The
program queries the RPKI repository system and outputs Validated ROA
Payloads in the configuration format of OpenBGPD, BIRD, and also as
CSV or JSON objects for consumption by other routing stacks.

See RFC 6811 for a description of how BGP Prefix Origin Validation
secures the Internet's global routing system.

rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD Project.

This release includes the following changes to the previous release:

 * Use RRDP as default protocol for syncronizing the RPKI repository
   data, with rsync used as secondary.
 * At startup, warn if the filesystem containing the cache directory
   is probably too small. 500 MB is the suggested minimum size.
 * Handle running out of disk space more gracefully, including cleanup
   of temporary and old files before exiting.
 * Improve the HTTP/1.1 request headers being sent.
 * Improved validation checks for ROA and MFT objects.

rpki-client is known to compile and run on at least the following
operating systems: Alpine 3.12, CentOS/RHEL/Rocky 7, 8, Debian 9 and
10, Fedora 32, 33 and 34, Ubuntu 20.04 LTS, FreeBSD 12 and 13, macOS,
and of course OpenBSD.

It is our hope that packagers take interest and help adapt
rpki-client-portable to more distributions.

The mirrors where rpki-client can be found are on

Reporting Bugs:

General bugs may be reported to

Portable bugs may be filed at

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release