rpki-client is available for many operating systems and architectures:


No need to install rpki-client, the utility is available as part of the base installation.

Documentation is available here:

Uncomment the root user’s rpki-client crontab entry to run rpki-client every hour.

$ doas crontab -l | grep rpki-client
~   *   *   *   *   -ns rpki-client -v && bgpctl reload

The crontab arguments -ns make it so that rpki-client is only emailed to the cron user when there is a problem and prevent multiple concurrent executions.

Validated output is stored in /var/db/rpki-client

CentOS / Fedora

Rpki-client is available through EPEL.

Install epel-release RPM:

$ sudo yum install epel-release

Install rpki-client

$ sudo yum install rpki-client

TALs are stored in /etc/pki/tals/

Debian / Ubuntu

Rpki-client is available as part of the Debian Bullseye (and newer) and Ubuntu 20.10 (and newer) official package repositories.

Install rpki-client:

$ sudo apt install rpki-client

And then configure rpki-client to generate its output in the the JSON format needed by GoRTR or RTRTR:

echo 'OPTIONS=-j' > /etc/default/rpki-client

You may manually start the service unit to immediately generate the data instead of waiting for the next timer run:

$ sudo systemctl start rpki-client &

The validated output will appear in /var/lib/rpki-client/.

TALs are stored in /etc/tals/


The FreeBSD packages for rpki-client are part of the official ports collection.

# pkg install rpki-client

Generic build

You can find generic source tarballs builds at:

Download the latest tarball and unpack it.

To run the configure script

$ ./configure

Make the binary

$ make

Extra TALs

By default, rpki-client will have Trust Anchor Locators (TALs) installed for AFRINIC, APNIC, LACNIC, RIPE NCC, but not ARIN.

You can download the ARIN TAL in RFC 7730 format at

Copy the TAL into the default TAL directory.