diff --git a/changelog.md b/changelog.md
--- a/changelog.md
+++ b/changelog.md
@@ -1,3 +1,11 @@
+### 0.7.0.0
+
+* [174](https://github.com/tweag/webauthn/pull/174) Correctly verify packed
+  attestation when the AAGUID extension of the certitificate is missing. This is
+  a backwards-incompatible change for packed attestation responses that
+  previously failed due to the missing AAGUID extension. These responses now
+  succeed.
+
 ### 0.6.0.1
 
 * [#167](https://github.com/tweag/webauthn/pull/167) Fix missing file from sdist for testing
diff --git a/root-certs/tpm/Nuvoton/NPCTxxxECC521RootCA.crt b/root-certs/tpm/Nuvoton/NPCTxxxECC521RootCA.crt
new file mode 100644
Binary files /dev/null and b/root-certs/tpm/Nuvoton/NPCTxxxECC521RootCA.crt differ
diff --git a/root-certs/tpm/STMicro/STSAFE ECC Root CA 02.crt b/root-certs/tpm/STMicro/STSAFE ECC Root CA 02.crt
new file mode 100644
Binary files /dev/null and b/root-certs/tpm/STMicro/STSAFE ECC Root CA 02.crt differ
diff --git a/root-certs/tpm/STMicro/STSAFE RSA Root CA 02.crt b/root-certs/tpm/STMicro/STSAFE RSA Root CA 02.crt
new file mode 100644
Binary files /dev/null and b/root-certs/tpm/STMicro/STSAFE RSA Root CA 02.crt differ
diff --git a/src/Crypto/WebAuthn/AttestationStatementFormat/Packed.hs b/src/Crypto/WebAuthn/AttestationStatementFormat/Packed.hs
--- a/src/Crypto/WebAuthn/AttestationStatementFormat/Packed.hs
+++ b/src/Crypto/WebAuthn/AttestationStatementFormat/Packed.hs
@@ -46,7 +46,8 @@
 data Statement = Statement
   { alg :: Cose.CoseSignAlg,
     sig :: BS.ByteString,
-    x5c :: Maybe (NE.NonEmpty X509.SignedCertificate, IdFidoGenCeAAGUID)
+    -- The AAGUID extension is optional
+    x5c :: Maybe (NE.NonEmpty X509.SignedCertificate, Maybe IdFidoGenCeAAGUID)
   }
   deriving (Eq, Show)
 
@@ -112,9 +113,9 @@
 
               let cert = X509.getCertificate signedCert
               aaguidExt <- case X509.extensionGetE (X509.certExtensions cert) of
-                Just (Right ext) -> pure ext
+                Just (Right ext) -> pure $ Just ext
                 Just (Left err) -> Left $ "Failed to decode certificate aaguid extension: " <> Text.pack err
-                Nothing -> Left "Certificate aaguid extension is missing"
+                Nothing -> pure Nothing
               pure $ Just (x5c, aaguidExt)
           Just _ -> Left $ "CBOR map didn't have expected value types (alg: int, sig: bytes, [optional] x5c: non-empty list): " <> Text.pack (show xs)
         pure $ Statement {..}
@@ -159,7 +160,7 @@
           pure $ M.SomeAttestationType M.AttestationTypeSelf
 
         -- Basic, AttCA
-        Just (x5c@(certCred :| _), IdFidoGenCeAAGUID certAAGUID) -> do
+        Just (x5c@(certCred :| _), mbAAGUID) -> do
           let cert = X509.getCertificate certCred
               pubKey = X509.certPubKey cert
           -- Verify that sig is a valid signature over the concatenation of authenticatorData and clientDataHash using
@@ -181,8 +182,11 @@
 
           -- If attestnCert contains an extension with OID 1.3.6.1.4.1.45724.1.1.4 (id-fido-gen-ce-aaguid) verify that
           -- the value of this extension matches the aaguid in authenticatorData.
-          let aaguid = M.acdAaguid credData
-          unless (certAAGUID == aaguid) . failure $ CertificateAAGUIDMismatch certAAGUID aaguid
+          case mbAAGUID of
+            Just (IdFidoGenCeAAGUID certAAGUID) -> do
+              let aaguid = M.acdAaguid credData
+              unless (certAAGUID == aaguid) . failure $ CertificateAAGUIDMismatch certAAGUID aaguid
+            Nothing -> pure ()
 
           pure $
             M.SomeAttestationType $
diff --git a/tests/Main.hs b/tests/Main.hs
--- a/tests/Main.hs
+++ b/tests/Main.hs
@@ -239,6 +239,20 @@
         True
         registry
         predeterminedDateTime
+    it "the response without a aaguid extension works" $
+      registerTestFromFile
+        "tests/responses/attestation/without-aaguid.json"
+        "https://mercury.com/"
+        "mercury.com"
+        -- Uses "Dynamic Softtoken CA", which is an unknown software CA. And
+        -- thus not verifiable by this library, which, by default, requires
+        -- hardware attestation.
+        False
+        registry
+        HG.DateTime
+          { dtDate = HG.Date {dateYear = 2023, dateMonth = HG.July, dateDay = 18},
+            dtTime = HG.TimeOfDay {todHour = HG.Hours 21, todMin = HG.Minutes 7, todSec = HG.Seconds 6, todNSec = HG.NanoSeconds 0}
+          }
   describe "AndroidKey register" $ do
     it "tests whether the fixed android key register has a valid attestation" $
       registerTestFromFile
diff --git a/tests/responses/attestation/without-aaguid.json b/tests/responses/attestation/without-aaguid.json
new file mode 100644
--- /dev/null
+++ b/tests/responses/attestation/without-aaguid.json
@@ -0,0 +1,12 @@
+{
+  "extensions": {},
+  "id": "vfEtvnc1AQrSir7_YemYlkW8V0lU7TDph0adJ1idgb8",
+  "clientExtensionResults": {},
+  "rawId": "vfEtvnc1AQrSir7_YemYlkW8V0lU7TDph0adJ1idgb8",
+  "response": {
+    "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgF-sybDid3qXIYj9CH3FPewnSh3cCtcPnJfy91TTVdlQCIBxlKf6S9WmZU4BvH30zWiGRFcue3Al9cRym1hM8tEFEY3g1Y4FZAj4wggI6MIIB4aADAgECAgECMAoGCCqGSM49BAMCMF4xCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANRTEQxIjAgBgNVBAoMGVdlYmF1dGhuIEF1dGhlbnRpY2F0b3IgUlMxHTAbBgNVBAMMFER5bmFtaWMgU29mdHRva2VuIENBMB4XDTIzMDcxNzIxMDcwNloXDTIzMDcxODIxMDcwNlowgZAxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANRTEQxIjAgBgNVBAoMGVdlYmF1dGhuIEF1dGhlbnRpY2F0b3IgUlMxKzApBgNVBAMMIkR5bmFtaWMgU29mdHRva2VuIExlYWYgQ2VydGlmaWNhdGUxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASVfWwCBPKro-N8qPmdTvHeL_0pklJiKU9t1ZUQf0JAsWTF_IiLqaK5iOCXDJ5IJfWaPRjFR0FXoRr--UGDMmsno10wWzAJBgNVHRMEAjAAMA4GA1UdDwEB_wQEAwIF4DAdBgNVHQ4EFgQU4ya71rpbUK4i_13TAUnXjTRmdFYwHwYDVR0jBBgwFoAU2jmj7l5rSw0yVb_vlWAYkK_YBwkwCgYIKoZIzj0EAwIDRwAwRAIgHkDSfA66vhTgSZffiMpP3G93qWLDcx6dCqZwHXhFIkYCIH7oDCPWl35DJkVWOPf1dUAlcrakMmHKthk78UG998dEaGF1dGhEYXRhWKSjN24DOxAOYYfBLybx16MskvRz-_qsWChC-u57I1w_AEUAAAAAD7m8vKDUQEK7sFWbwWMeKAAgvfEtvnc1AQrSir7_YemYlkW8V0lU7TDph0adJ1idgb-lAQIDJiABIVggqVKqgQBYpSqao2HzPgFsYdrjoIH2JADpwP14cnMYtPgiWCC3ELxU2Q9YVPiD3GobKUMVYHNevzDcBWvp41f2yTSoCw",
+    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicUM2ejZ5TllydnM2Tlc0WkRTamNXdyIsIm9yaWdpbiI6Imh0dHBzOi8vbWVyY3VyeS5jb20vIiwidG9rZW5CaW5kaW5nIjpudWxsfQ",
+    "transports": null
+  },
+  "type": "public-key"
+}
diff --git a/webauthn.cabal b/webauthn.cabal
--- a/webauthn.cabal
+++ b/webauthn.cabal
@@ -1,6 +1,6 @@
 cabal-version: 2.4
 name: webauthn
-version: 0.6.0.1
+version: 0.7.0.0
 license: Apache-2.0
 license-file: LICENSE
 copyright:
