OpenBSD Developers first public release of a portable edition of the package with the implementation of the RPKI mechanism (Resource
Public Key Infrastructure) for RP (), used to authorize the source of BGP announcements. allows you to determine whether a BGP announcement comes from the owner of the network or not, for which, using a public key infrastructure for autonomous systems and IP addresses, a chain of trust is built, which is built from IANA to regional registrars (RIRs), providers (LIRs) and end users of addresses . The code is published under the BSD license.
Program makes it possible to send a request to the RPKI repository and generate a VRP (Validated ROA Payload) object confirming the route source (ROA, Route Origin Authorization) in the format of routing packet settings ΠΈ , as well as in CSV or JSON formats for use in other routing stacks. To access the repository, use the utility , which retrieves all X.509 certificates, manifests, and CRLs. Then
rpki-client checks each certificate associated with the ROA, constructing and verifying the entire chain of trust, while simultaneously evaluating CRLs for possible certificate revocation.
Source: opennet.ru