The parser process now uses parallel threads for object validation. The new -p option can be used to adjust the number of threads.

Support for Canonical Cache Representation has been added. CCR is a new DER-encoded data interchange format to support audit trail keeping, validated payload dissemination, and analytics pipelines, see draft-spaghetti-sidrops-rpki-ccr.

Certificate parsing and validation has been completely reworked. In particular, a more stringent set of compliance checks based on RFC 6487, RFC 8209, and RFC 8608 is imposed on end entity certificates.

Filemode is now able to detect most file types without recourse to the file name extension.

Experimental support for P-256 Trust Anchor keys was added.

Marshalling and unmarshalling of privsep messages was improved.

In verbose mode, warnings are emitted about uncompressed HTTP/RRDP transfers larger than one megabyte. Publication server operators are strongly encouraged to offer gzip compressed HTTP content-encoding, see draft-ietf-sidrops-publication-server-bcp, section 6.3.

As announced in the release notes for rpki-client 9.5, rpki-client 9.6 emits all key identifiers (AKI and SKI) encoded in JSON as bare hex strings without colons.

Fixed numerous minor issues flagged by the Coverity static analyzer.

Support for the OpenSSL 1.1 branch now requires at least OpenSSL 1.1.1w. This support will be removed in the course of 2026.