Nibbles & Bits

Announcing the Release of rpki-client

by | July 30, 2019

rpki-client (8)

We’re pleased to announce that a project we helped fund has now been released! Jointly sponsored by 6connect, NetNod, IIS.SE, and SUNET, the rpki-client project has culminated in the development of usable software, on schedule with just a few months of wall time.

The importance of RPKI, or Resource Public Key Infrastructure, is well established and has been gaining more attention as of late. Designed to secure the Internet’s routing infrastructure – specifically the Border Gateway Protocol (BGP) – RPKI allows us to connect Internet number resource information like IP addresses to a trust anchor. Using RPKI, the legitimate holders of number resources can then control the operation of Internet routing protocols in order to thwart route hijacking or router misconfigurations.

“Because of 6connect’s enthusiastic support for rpki-client, the internet has now gained a healthy ecosystem of RPKI validators. Large scale robust RPKI based Origin Validation contributes to a more secure and reliable internet, I am grateful for 6connect’s sponsorship!”

Job Snijders, OpenBSD Project
What’s interesting is that the push to implement RPKI has gathered momentum over the past year or so. As discussed at the NANOG 76 conference earlier this month, technical efforts in the field have proliferated recently, with global players like AT&T now dropping invalid routes, Cloudflare developing new validation software, and NTT using RPKI data to generate filters. The American Registry for Internet Numbers (ARIN) is also currently undertaking efforts to increase RPKI usage.

However, until now, only two RPKI validators have been in general usage among network operators: NLNetLab’s Routinator 3000 and RIPE NCC’s RPKI Validator. For optimum security, freedom of choice, and increased diversity in the RPKI ecosystem, it’s crucial to have more implementations available!

Here at 6connect, we’re delighted to have had the opportunity to help advance Internet routing security by jointly funding this important project. Rpki-client is an implementation that covers the client side of RPKI, which is responsible for downloading and validating route origin statements. The project’s principal author, Kristaps Dzonsons, has truly taken to heart the design focus of simplicity and security; rpki-client implements RPKI components that are necessary for validating route statements while at the same time omitting superfluities.

And best of all, being released under a liberal open-source license, rpki-client is freely available to anyone who wants to use it! The portable version of the rpki-client source code, which can run on *BSD and Linux distributions, is available on Github here: (Please see the project page for more information about the project’s architecture, algorithm, and portability.)

The OpenBSD project has also imported a copy of the source code into its main development tree, where it will remain for some time with the typical back-and-forth between the portable version and the OpenBSD-specific one. The hope is that the code can be polished up to a high enough quality to be included as a tool in the 6.6 release of the OpenBSD operating system in November 2019.

But the future holds many more developments. Currently, the software can: 1) download all RPKI repositories; 2) validate the RPKI tree; and 3) output RPKI VRPs in OpenBGPD format – which is a wonderful beginning.

We’re looking forward to seeing continued progress in the months to come! A few of the upcoming developments will likely include the ability to use LibreSSL in addition to OpenSSL, more outputs such as JSON, porting to other operating systems, and support for RRDP.

This project represents a huge win for the Internet community, and we’re proud to have been a part of getting it off the ground. Congratulations to everyone who put in the hard work needed to make this vision a reality!

View on Github

“We decided to move our rather complex IP address and DHCP management process to ProVision and it has worked out great for us!! The team at 6connect were very flexible and went above and beyond to accommodate our requirements and helped to make the migration as smooth and hitch free as possible. Kudos to the team @ 6connect!”

Premkumar Subramaniam
Head of R&D

“We are excited to be partnering with 6connect to leverage their technology and talent. We particularly admire their long-standing IPv6 contributions and their ability to service and support customers in this area, some who are the largest service provider in the world. The 6connect executive leadership team and technical team are great to work with and we look forward to many partnered projects to help customers address their Cloud, IoT and Security needs with IPv6. Automation, workflow and orchestration are critical to the success of most of these projects and 6connect is well positioned to help our mutual customers in those areas.”

Ed Horley
Co-Founder & CEO

“Enterprises can struggle managing purposefully segmented DDI architectures with any agility. Our partnership with 6connect empowers customers with complex infrastructures to move faster to service the business while consolidating visibility and control over their estate.”

Andrew Wertkin
Chief Strategy Officer,

“6connect’s approach to automation addresses quite a few challenges with physical and virtual networks – how to improve the agility of your current network infrastructure without sacrificing reliability and adoption of future network technologies.”

Pär Lange
Investment Director

“A customer is looking for an integrated solution from a single vendor for both IPAM and DNS. Through the 6connect reseller program, Secure64 is able to offer the most secure DNS solutions married to a unique combination of IPAM and resource provisioning that customers want. It’s a marriage made in heaven.”

Mark Beckett
VP of Marketing

“A huge benefit of working with the 6connect team is that they devoted a lot of resources to get our products integrated so we had the turnkey solution that we could take to market. It was very easy to work with their team to get product integrated and successfully launched.”

Mark Beckett
VP of Marketing

You have IPv6!

You’re on IPv4.

Explore ProVision Suite

Resource Controller



DHCP Controller

Peering Controller


Talk to one of our Engineers