rpki-client 9.6

• The parser process now uses parallel threads for object validation. The new -p option can be used to adjust the number of threads.
• Support for Canonical Cache Representation has been added. CCR is a new DER-encoded data interchange format to support audit trail keeping, validated payload dissemination, and analytics pipelines, see draft-spaghetti-sidrops-rpki-ccr.
• Certificate parsing and validation has been completely reworked. In particular, a more stringent set of compliance checks based on RFC 6487, RFC 8209, and RFC 8608 is imposed on end entity certificates.
• Filemode is now able to detect most file types without recourse to the file name extension.
• Experimental support for P-256 Trust Anchor keys was added.
• Marshalling and unmarshalling of privsep messages was improved.
• In verbose mode, warnings are emitted about uncompressed HTTP/RRDP transfers larger than one megabyte. Publication server operators are strongly encouraged to offer gzip compressed HTTP content-encoding, see draft-ietf-sidrops-publication-server-bcp, section 6.3.
• As announced in the release notes for rpki-client 9.5, rpki-client 9.6 emits all key identifiers (AKI and SKI) encoded in JSON as bare hex strings without colons.
• Fixed numerous minor issues flagged by the Coverity static analyzer.
• Support for the OpenSSL 1.1 branch now requires at least OpenSSL 1.1.1w. This support will be removed in the course of 2026.