diff --git a/Cargo.lock b/Cargo.lock
index dd9f7f5..e220233 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -636,7 +636,7 @@ dependencies = [
 [[package]]
 name = "rpki"
 version = "0.2.0"
-source = "git+https://github.com/NLnetLabs/rpki-rs.git#5b7a3f582381cf0574551f357d6c807ad9469c46"
+source = "git+https://github.com/NLnetLabs/rpki-rs.git#25e20a14e37d431f2a5f9bf5d8a9436a063fe442"
 dependencies = [
  "base64 0.9.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "bcder 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
diff --git a/Changelog.md b/Changelog.md
index 156fa52..2b6b644 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -24,12 +24,19 @@ Bug Fixes
 * The default output format was accidentally changed to `none`. It is
   `csv` again.
 
+Performance Improvements
+
+* Caching of CRL serial numbers for CAs with large manifests leads to
+  about half the validation time for the current repository. [(#34)]
+
+
 Dependencies
 
 [(#21)]: https://github.com/NLnetLabs/routinator/pull/21
 [(#23)]: https://github.com/NLnetLabs/routinator/pull/23
 [(#27)]: https://github.com/NLnetLabs/routinator/pull/27
 [(#32)]: https://github.com/NLnetLabs/routinator/pull/32
+[(#34)]: https://github.com/NLnetLabs/routinator/pull/34
 
 
 ## 0.1.2 ‘And I Cry If I Want To’
diff --git a/doc/routinator.1 b/doc/routinator.1
index f7d7bd1..ac6966d 100644
--- a/doc/routinator.1
+++ b/doc/routinator.1
@@ -196,9 +196,6 @@ to stderr.
 .BR \-h , " \-\-help"
 Print some help information.
 .TP
-.B \-\-strict
-Parse RPKI data in strict mode.
-.TP
 .BR \-V , " \-\-version
 Print version information.
 
diff --git a/src/repository.rs b/src/repository.rs
index 71c11b1..61b4aca 100644
--- a/src/repository.rs
+++ b/src/repository.rs
@@ -28,6 +28,15 @@ use super::config::Config;
 use super::origins::RouteOrigins;
 
 
+//------------ Configuration -------------------------------------------------
+
+/// The minimum number of manifest entries that triggers CRL serial caching.
+///
+/// The value has been determined exprimentally with the RPKI repository at
+/// a certain state so may or may not be a good one, really.
+const CRL_CACHE_LIMIT: usize = 50;
+
+
 //------------ Repository ----------------------------------------------------
 
 /// A reference to the local copy of the RPKI repository.
@@ -461,6 +470,13 @@ impl Repository {
                     continue
                 }
             };
+            if manifest.len() > CRL_CACHE_LIMIT {
+                debug!(
+                    "Manifest with {} entries: enabling serial caching",
+                    manifest.len()
+                );
+                store.enable_serial_caching();
+            }
             if let Err(_) = self.check_crl(cert, issuer, store) {
                 info!("{}: certificate has been revoked", uri);
                 continue