On Thu, Jan 07, 2021 at 04:11:47PM +, Job Snijders wrote:
> On Fri, Jan 08, 2021 at 03:43:18PM +0100, Claudio Jeker wrote:
> > rpki-client is currently very strict about the ip ranges and as ranges in
> > certificates. If a child certificate has a uncovered range in its list it
> > is
On Fri, Jan 08, 2021 at 03:43:18PM +0100, Claudio Jeker wrote:
> rpki-client is currently very strict about the ip ranges and as ranges in
> certificates. If a child certificate has a uncovered range in its list it
> is considered invalid and is removed from the pool (with it all the ROA
> entries
rpki-client is currently very strict about the ip ranges and as ranges in
certificates. If a child certificate has a uncovered range in its list it
is considered invalid and is removed from the pool (with it all the ROA
entries as well).
Now rfc8360 relaxes this a bit and mentions that a ROA for