Man page - krillta(1)

Packages contas this manual

Package: krillta
apt-get install krillta

Manuals in package:

krillta(1)

Documentations in package:

krillta

Manual

KRILLTA(1)

Krill

KRILLTA(1)

NAME

krillta - Krill Trust Anchor

SYNOPSIS

krillta SUBCOMMAND [options]

DESCRIPTION

The krillta tool is used for managing a Krill based RPKI Trust Anchor.

SUBCOMMANDS

proxy

Manage the Trust Anchor Proxy

init

Initialise the proxy

id

Get the proxy ID certificate details

repo

Manage the repository for proxy

request

Get RFC 8183 publisher request

contact

Show the configured repository for the proxy

configure

Configure (add) the repository for the proxy

OPTIONS

-r <RESPONSE>, --response=<RESPONSE>

Path to the Publisher Response XML file

signer

Manage interactions with the associated signer

init

Initialise signer association

OPTIONS

-i <INFO>, --info=<INFO>

Path to the the Trust Anchor Signer info file (as 'signer show')

update

Update signer association

OPTIONS

-i <INFO>, --info=<INFO>

Path to the the Trust Anchor Signer info file (as 'signer show')

make-request

Make a NEW request for the signer (fails if a request exists)

show-request

Show existing request for the signer (fails if there is no request)

process-response

Process a response from the signer. Fails it not for the open request

OPTIONS

-r <RESPONSE>, --response=<RESPONSE>

Path to the the Trust Anchor Signer info file (as 'signer show')

children

Manage children under the TA proxy

add

Add a child

OPTIONS

-i <INFO>, --info=<INFO>

Path to the child info JSON (from krillc show)

-a <ASN>, --asn=<ASN>

The ASN resources for the child

-4 <IPV4>, --ipv4=<IPV4>

The IPv4 resources for the child

-6 <IPV6>, --ipv6=<IPV6>

The IPv6 resources for the child

response

Get parent response for child

OPTIONS

--child=<CHILD>

Name of the child CA

OPTIONS

-s <SERVER>, --server=<SERVER> [env: KRILL_CLI_SERVER]

The full URI to the Krill server

-t <TOKEN>, --token=<TOKEN> [env: KRILL_CLI_TOKEN]

The secret token for the Krill server

-f <FORMAT>, --format=<FORMAT> [env: KRILL_CLI_FORMAT]

Report format

--api=<API>

Only show the API call and exit

signer

Manage the Trust Anchor Signer

init

Initialise the signer

OPTIONS

-i <PROXY_ID>, --proxy-id=<PROXY_ID>

Path to the proxy ID JSON file

-r <PROXY_REPOSITORY_CONTACT>, --proxy-repository-contact=<PROXY_REPOSITORY_CONTACT>

Path to the proxy repository contact JSON file

--tal-rsync=<TAL_RSYNC>

The rsync URI used for TA certificate on TAL and AIA

--tal-https=<TAL_HTTPS>

The HTTPS URI used for the TAL

--private-key-pem=<PRIVATE_KEY_PEM>

Import an existing private key in PEM format

--initial-manifest-number=<INITIAL_MANIFEST_NUMBER>

Set the initial manifest number

reissue

Reissue the TA certificate

OPTIONS

-i <PROXY_ID>, --proxy-id=<PROXY_ID>

Path to the proxy ID JSON file

-r <PROXY_REPOSITORY_CONTACT>, --proxy-repository-contact=<PROXY_REPOSITORY_CONTACT>

Path to the proxy repository contact JSON file

--tal-rsync=<TAL_RSYNC>

The rsync URI used for TA certificate on TAL and AIA

--tal-https=<TAL_HTTPS>

The HTTPS URI used for the TAL

show

Show the signer info

process

Process a proxy request

OPTIONS

-r <REQUEST>, --request=<REQUEST>

Path to TA proxy request JSON file

--ta-mft-number-override=<TA_MFT_NUMBER_OVERRIDE>

Override the next manifest number

last

Show last response

exchanges

Show full history of proxy signer exchanges

OPTIONS

-c <CONFIG>, --config=<CONFIG>

Path to config file

-f <FORMAT>, --format=<FORMAT> [env: KRILL_CLI_FORMAT]

Report format

Author

NLnet Labs

Copyright

2018–2026, NLnet Labs

March 3, 2026

0.16.0