rpki-client is an implementation of RPKI (Resource Public Key Infrastructure), specified by RFC 6480. It implements the client side of RPKI, which is responsible for downloading, validating and converting ROAs (Route Origin Authorisations) into VRPs (Validated ROA Payloads). The client's output (VRPs) can be used to perform BGP Origin Validation (RFC 6811).
The design focus of rpki-client is simplicity and security. To wit, it implements RPKI components necessary for validating route statements and omits superfluities (such as, for example, which X509 certificate sections must be labelled "Critical").
Please login to add feedback.