rpki-client 7.6 has just been released and will be available in the rpki-client directory of any OpenBSD mirror soon. rpki-client is a FREE, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of a BGP announcement. The program queries the global RPKI repository system and outputs validated ROA payloads in the configuration format of OpenBGPD, BIRD, and also as CSV or JSON objects for consumption by other routing stacks. See RFC 6811 for a description of how BGP Prefix Origin Validation secures the Internet's global routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit as part of the OpenBSD Project. This release includes the following changes to the previous release: - Enforce the correct namespace of rrdp files. - Fail certificate verification if a certificate contains unknown critical extensions. - Improve cleanup of rrdp directory contents. - Introduce a validated cache which holds all the files that have successfully been verified by rpki-client. - Add a new option '-f ' to validate a signed object in a file against the RPKI cache. rpki-client works on all operating systems with a libcrypto library based on OpenSSL 1.1 or LibreSSL 3.3, and a libtls library compatible with LibreSSL 3.3 or later. rpki-client is known to compile and run on at least the following operating systems: Alpine, CentOS, Debian, Fedora, FreeBSD, Red Hat, Rocky, Ubuntu, macOS, and of course OpenBSD! It is our hope that packagers take interest and help adapt rpki-client-portable to more distributions. The mirrors where rpki-client can be found are on https://www.rpki-client.org/portable.html Reporting Bugs: =============== General bugs may be reported to tech@openbsd.org Portable bugs may be filed at https://github.com/rpki-client/rpki-client-portable We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible. Assistance to coordinate security issues is available via security@openbsd.org.