Incorrect introduction point auth key location
Quoting from rend-spec-v3:
"auth-key" NL certificate NL [Exactly once per introduction point] The certificate is a proposal 220 certificate wrapped in "-----BEGIN ED25519 CERT-----" cross-certifying the introduction point authentication key using the descriptor signing key. The introduction point authentication key is included in the mandatory signing-key extension. The certificate type must be [09].
This is wrong because the introduction point authentication key is actually located in the CERTIFIED_KEY portion of the certificate and not in the extension.
Edited by AArani