Pull from trunk.

svn path=/branches/tk671/; revision=5691

2 files changed, 5 insertions, 3 deletions

diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c
index 3cdd2190..5e90df89 100644
--- a/rcynic/rcynic.c
+++ b/rcynic/rcynic.c
@@ -3850,7 +3850,8 @@ static int check_x509(rcynic_ctx_t *rc,
 
   if (x->rfc3779_addr) {
     ex_count--;
-    if ((loc = X509_get_ext_by_NID(x, NID_sbgp_ipAddrBlock, -1)) < 0 ||
+    if (routercert ||
+	(loc = X509_get_ext_by_NID(x, NID_sbgp_ipAddrBlock, -1)) < 0 ||
 	!X509_EXTENSION_get_critical(X509_get_ext(x, loc)) ||
 	!v3_addr_is_canonical(x->rfc3779_addr) ||
 	sk_IPAddressFamily_num(x->rfc3779_addr) == 0) {
@@ -3877,7 +3878,8 @@ static int check_x509(rcynic_ctx_t *rc,
 	!X509_EXTENSION_get_critical(X509_get_ext(x, loc)) ||
 	!v3_asid_is_canonical(x->rfc3779_asid) ||
 	x->rfc3779_asid->asnum == NULL ||
-	x->rfc3779_asid->rdi != NULL) {
+	x->rfc3779_asid->rdi != NULL ||
+	(routercert && x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)) {
       log_validation_status(rc, uri, bad_asidentifiers, generation);
       goto done;
     }
diff --git a/utils/print_rpki_manifest/print_rpki_manifest.c b/utils/print_rpki_manifest/print_rpki_manifest.c
index 4bdea2b6..ac26c801 100644
--- a/utils/print_rpki_manifest/print_rpki_manifest.c
+++ b/utils/print_rpki_manifest/print_rpki_manifest.c
@@ -182,7 +182,7 @@ static int usage (const char *jane, const int code)
   FILE *out = code ? stderr : stdout;
   int i;
 
-  fprintf(out, "usage: %s [options] ROA [ROA...]\n", jane);
+  fprintf(out, "usage: %s [options] manifest [manifest...]\n", jane);
   fprintf(out, "options:\n");
   for (i = 0; longopts[i].name != NULL; i++)
     fprintf(out, "  -%c  --%s\n", longopts[i].val, longopts[i].name);