On Sat, Sep 03, 2022 at 01:08:35PM +, Job Snijders wrote:
> RPKI Trust Anchors (self-signed root certificates) MAY NOT contain
> 'inherit' elements in their RFC 3779 resource extensions according to
> RFC 6490 section 2.2.
>
> We could check way earlier on in the validation process whether
RPKI Trust Anchors (self-signed root certificates) MAY NOT contain
'inherit' elements in their RFC 3779 resource extensions according to
RFC 6490 section 2.2.
We could check way earlier on in the validation process whether the TA
certificate conforms to this constraint. The below changeset moves
