Man page - krillta(1)
Packages contains this manual
Manual
KRILLTA
NAMESYNOPSIS
DESCRIPTION
SUBCOMMANDS
SEE ALSO
Author
Copyright
NAME
krillta - Krill Trust Anchor
SYNOPSIS
krillta SUBCOMMAND [ options ]
DESCRIPTION
The krillta tool is used for managing a Krill based RPKI Trust Anchor.
SUBCOMMANDS
|
proxy |
Manage the Trust Anchor Proxy
|
init |
Initialise the proxy
|
id |
Get the proxy ID certificate details
|
repo |
Manage the repository for proxy
request
Get RFC 8183
publisher request
contact
Show the
configured repository for the proxy
configure
Configure (add) the repository for the proxy
OPTIONS
-r <RESPONSE>, --response=<RESPONSE>
Path to the Publisher Response XML file
|
signer |
Manage interactions with the associated signer
|
init |
Initialise signer association
OPTIONS
-i <INFO>, --info=<INFO>
Path to the the Trust Anchor Signer info file (as 'signer show')
|
update |
Update signer association
OPTIONS
-i <INFO>, --info=<INFO>
Path to the the Trust Anchor Signer info file (as 'signer show')
make-request
Make a NEW
request for the signer (fails if a request exists)
show-request
Show existing
request for the signer (fails if there is no request)
process-response
Process a response from the signer. Fails it not for the open request
OPTIONS
-r <RESPONSE>, --response=<RESPONSE>
Path to the the Trust Anchor Signer info file (as 'signer show')
children
Manage children under the TA proxy
|
add |
Add a child
OPTIONS
-i <INFO>, --info=<INFO>
Path to the
child info JSON (from krillc show)
-a <ASN>, --asn=<ASN>
The ASN
resources for the child
-4 <IPV4>, --ipv4=<IPV4>
The IPv4
resources for the child
-6 <IPV6>, --ipv6=<IPV6>
The IPv6 resources for the child
response
Get parent response for child
OPTIONS
--child=<CHILD>
Name of the child CA
OPTIONS
-s <SERVER>, --server=<SERVER> [env: KRILL_CLI_SERVER]
The full URI to
the Krill server
-t <TOKEN>, --token=<TOKEN> [env:
KRILL_CLI_TOKEN]
The secret
token for the Krill server
-f <FORMAT>, --format=<FORMAT> [env:
KRILL_CLI_FORMAT]
Report format
--api=<API>
Only show the API call and exit
|
signer |
Manage the Trust Anchor Signer
|
init |
Initialise the signer
OPTIONS
-i <PROXY_ID>, --proxy-id=<PROXY_ID>
Path to the
proxy ID JSON file
-r <PROXY_REPOSITORY_CONTACT>,
--proxy-repository-contact=<PROXY_REPOSITORY_CONTACT>
Path to the
proxy repository contact JSON file
--tal-rsync=<TAL_RSYNC>
The rsync URI
used for TA certificate on TAL and AIA
--tal-https=<TAL_HTTPS>
The HTTPS URI
used for the TAL
--private-key-pem=<PRIVATE_KEY_PEM>
Import an
existing private key in PEM format
--initial-manifest-number=<INITIAL_MANIFEST_NUMBER>
Set the initial manifest number
reissue
Reissue the TA certificate
OPTIONS
-i <PROXY_ID>, --proxy-id=<PROXY_ID>
Path to the
proxy ID JSON file
-r <PROXY_REPOSITORY_CONTACT>,
--proxy-repository-contact=<PROXY_REPOSITORY_CONTACT>
Path to the
proxy repository contact JSON file
--tal-rsync=<TAL_RSYNC>
The rsync URI
used for TA certificate on TAL and AIA
--tal-https=<TAL_HTTPS>
The HTTPS URI used for the TAL
|
show |
Show the signer
info
process
Process a proxy request
OPTIONS
-r <REQUEST>, --request=<REQUEST>
Path to TA
proxy request JSON file
--ta-mft-number-override=<TA_MFT_NUMBER_OVERRIDE>
Override the next manifest number
|
last |
Show last
response
exchanges
Show full history of proxy signer exchanges
OPTIONS
-c <CONFIG>, --config=<CONFIG>
Path to config
file
-f <FORMAT>, --format=<FORMAT> [env:
KRILL_CLI_FORMAT]
Report format
SEE ALSO
krill (1), krill.conf (5), krillc (1), krillup (1)
Author
NLnet Labs
Copyright
2018–2026, NLnet Labs