2 files changed, 9 insertions, 4 deletions

diff --git a/rpkid/rpki/rootd.py b/rpkid/rpki/rootd.py
index b289c3e8..1fccc4c3 100644
--- a/rpkid/rpki/rootd.py
+++ b/rpkid/rpki/rootd.py
@@ -39,7 +39,7 @@ PERFORMANCE OF THIS SOFTWARE.
 import os, time, getopt, sys
 import rpki.resource_set, rpki.up_down, rpki.left_right, rpki.x509
 import rpki.http, rpki.config, rpki.exceptions, rpki.relaxng
-import rpki.sundial, rpki.log
+import rpki.sundial, rpki.log, rpki.oids
 
 rootd = None
 
@@ -200,7 +200,8 @@ class main(object):
       keypair     = self.rpki_root_key,
       subject_key = manifest_keypair.get_RSApublic(),
       serial      = serial + 1,
-      sia         = None,
+      sia         = ((rpki.oids.name2oid["id-ad-signedObject"],
+                      ("uri", self.rpki_base_uri + self.rpki_root_manifest)),),
       aia         = self.rpki_root_cert_uri,
       crldp       = crldp,
       resources   = manifest_resources,
diff --git a/rpkid/rpki/rpkid.py b/rpkid/rpki/rpkid.py
index 75624a3c..edfdf044 100644
--- a/rpkid/rpki/rpkid.py
+++ b/rpkid/rpki/rpkid.py
@@ -926,7 +926,7 @@ class ca_detail_obj(rpki.sql.sql_persistent):
     self.sql_store()
     return self
 
-  def issue_ee(self, ca, resources, subject_key, sia = None):
+  def issue_ee(self, ca, resources, subject_key, sia):
     """
     Issue a new EE certificate.
     """
@@ -949,7 +949,11 @@ class ca_detail_obj(rpki.sql.sql_persistent):
     """
 
     resources = rpki.resource_set.resource_bag.from_inheritance()
-    self.latest_manifest_cert = self.issue_ee(self.ca, resources, self.manifest_public_key)
+    self.latest_manifest_cert = self.issue_ee(
+      ca          = self.ca,
+      resources   = resources,
+      subject_key = self.manifest_public_key,
+      sia         = ((rpki.oids.name2oid["id-ad-signedObject"], ("uri", self.manifest_uri)),))
 
   def issue(self, ca, child, subject_key, sia, resources, publisher, child_cert = None):
     """