1[Created by: generate_policies_tests.py] 2 3Cast certificate chain with the following policies: 4 5 Root: policies={} 6 Intermediate: policies={audioOnly} 7 Leaf: policies={foo} 8 9Certificate: 10 Data: 11 Version: 3 (0x2) 12 Serial Number: 4 (0x4) 13 Signature Algorithm: sha256WithRSAEncryption 14 Issuer: CN=Intermediate 15 Validity 16 Not Before: Jan 1 12:00:00 2015 GMT 17 Not After : Jan 1 12:00:00 2018 GMT 18 Subject: CN=Leaf 19 Subject Public Key Info: 20 Public Key Algorithm: rsaEncryption 21 Public-Key: (2048 bit) 22 Modulus: 23 00:b4:ac:61:51:0e:40:b5:27:19:06:0b:a9:13:d8: 24 ec:a4:ab:ae:df:94:33:27:7e:e3:2b:0f:4b:b0:2c: 25 6a:41:38:b4:0b:aa:29:31:9c:1d:17:42:32:e0:81: 26 bb:a3:ea:52:c0:43:f3:f1:2c:3a:5d:22:9c:e6:e9: 27 cc:96:3b:69:4f:63:e0:29:57:47:4c:94:02:64:39: 28 52:38:2a:5e:f4:93:12:e1:85:16:87:e8:b4:15:80: 29 02:ba:af:61:2e:e6:14:2a:39:81:67:27:c4:c7:fc: 30 4b:f9:e6:f7:b1:84:eb:bd:b6:b0:df:01:11:49:94: 31 39:8b:b3:2e:0b:c9:46:de:b9:63:ba:d2:d1:60:21: 32 d0:d2:e2:4a:5f:7c:df:3c:99:6f:c9:e8:a5:9f:be: 33 d3:76:89:dd:99:f1:fe:6e:53:bd:b2:19:f1:9f:dc: 34 68:84:7f:a6:1c:81:4d:c7:7e:b1:ba:bf:d8:05:46: 35 9a:43:c4:ef:08:08:80:40:49:32:ef:f8:84:0e:da: 36 67:bf:7b:4b:14:69:f7:e7:c6:16:40:c5:75:21:a1: 37 19:48:6e:81:88:2a:70:b0:23:87:da:43:ab:b5:f3: 38 45:2b:c1:31:44:31:2d:94:a5:f6:e4:97:16:54:aa: 39 76:e4:bc:4f:f9:14:59:83:61:7e:ed:4e:6a:c6:3b: 40 c8:0b 41 Exponent: 65537 (0x10001) 42 X509v3 extensions: 43 X509v3 Subject Key Identifier: 44 5B:20:CE:3D:64:B6:89:52:42:76:50:2E:B6:50:8C:8C:88:BD:44:6A 45 X509v3 Authority Key Identifier: 46 keyid:D7:30:75:D1:B9:8A:C0:67:E9:D7:FB:C4:45:99:2F:AF:B4:E0:DF:2A 47 48 Authority Information Access: 49 CA Issuers - URI:http://url-for-aia/Intermediate.cer 50 51 X509v3 CRL Distribution Points: 52 53 Full Name: 54 URI:http://url-for-crl/Intermediate.crl 55 56 X509v3 Key Usage: critical 57 Digital Signature, Key Encipherment 58 X509v3 Extended Key Usage: 59 TLS Web Client Authentication 60 X509v3 Certificate Policies: 61 Policy: 1.2.840.113554.4.1.72585.2 62 63 Signature Algorithm: sha256WithRSAEncryption 64 23:67:1e:34:11:31:20:b8:a4:6c:36:ae:71:5a:23:6d:73:72: 65 4e:5b:65:b9:8b:4a:bb:6c:c1:ba:87:24:3a:98:42:59:a3:c3: 66 75:bf:1d:b4:c7:c4:c8:b9:87:a0:d8:6d:98:14:34:c6:2a:8b: 67 b4:e2:3a:4a:10:b7:fd:52:8e:33:7a:8b:1d:b7:28:f4:99:12: 68 93:65:f9:1a:66:42:6f:da:19:f9:33:a6:72:9e:f9:15:c6:61: 69 28:05:92:04:1e:9f:d9:e8:a6:81:11:32:82:38:db:61:68:24: 70 7f:f8:5b:db:55:78:7c:d8:65:2b:c5:4c:78:31:f6:0e:bc:73: 71 0c:33:81:47:10:bb:fe:49:66:2a:2c:2c:4c:40:23:06:97:26: 72 b5:d1:b9:a3:9f:0c:7d:e9:1b:6a:f9:61:fd:29:bc:6d:85:68: 73 92:8f:f6:94:25:c7:85:3a:d1:ee:28:45:06:11:af:a0:0c:7d: 74 a9:da:02:ff:bf:d7:d2:96:7c:6e:34:bf:35:2d:85:64:79:2c: 75 23:59:c9:e1:fe:0e:56:91:47:a8:22:d1:10:2d:d4:44:38:44: 76 ca:58:59:04:d6:81:60:7f:bc:08:a5:f3:3f:f8:8e:fa:c1:40: 77 2e:40:8b:5a:15:84:17:a0:92:59:55:97:83:fe:9b:32:95:94: 78 a8:51:99:42 79-----BEGIN CERTIFICATE----- 80MIIDnDCCAoSgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl 81cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTgwMTAxMTIwMDAwWjAPMQ0wCwYD 82VQQDDARMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKxhUQ5A 83tScZBgupE9jspKuu35QzJ37jKw9LsCxqQTi0C6opMZwdF0Iy4IG7o+pSwEPz8Sw6 84XSKc5unMljtpT2PgKVdHTJQCZDlSOCpe9JMS4YUWh+i0FYACuq9hLuYUKjmBZyfE 85x/xL+eb3sYTrvbaw3wERSZQ5i7MuC8lG3rljutLRYCHQ0uJKX3zfPJlvyeiln77T 86dondmfH+blO9shnxn9xohH+mHIFNx36xur/YBUaaQ8TvCAiAQEky7/iEDtpnv3tL 87FGn358YWQMV1IaEZSG6BiCpwsCOH2kOrtfNFK8ExRDEtlKX25JcWVKp25LxP+RRZ 88g2F+7U5qxjvICwIDAQABo4H6MIH3MB0GA1UdDgQWBBRbIM49ZLaJUkJ2UC62UIyM 89iL1EajAfBgNVHSMEGDAWgBTXMHXRuYrAZ+nX+8RFmS+vtODfKjA/BggrBgEFBQcB 90AQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1lZGlh 91dGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly91cmwtZm9yLWNybC9JbnRl 92cm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD 93AjAZBgNVHSAEEjAQMA4GDCqGSIb3EgQBhLcJAjANBgkqhkiG9w0BAQsFAAOCAQEA 94I2ceNBExILikbDaucVojbXNyTltluYtKu2zBuockOphCWaPDdb8dtMfEyLmHoNht 95mBQ0xiqLtOI6ShC3/VKOM3qLHbco9JkSk2X5GmZCb9oZ+TOmcp75FcZhKAWSBB6f 962eimgREygjjbYWgkf/hb21V4fNhlK8VMeDH2DrxzDDOBRxC7/klmKiwsTEAjBpcm 97tdG5o58Mfekbavlh/Sm8bYVoko/2lCXHhTrR7ihFBhGvoAx9qdoC/7/X0pZ8bjS/ 98NS2FZHksI1nJ4f4OVpFHqCLREC3URDhEylhZBNaBYH+8CKXzP/iO+sFALkCLWhWE 99F6CSWVWXg/6bMpWUqFGZQg== 100-----END CERTIFICATE----- 101 102Certificate: 103 Data: 104 Version: 3 (0x2) 105 Serial Number: 8 (0x8) 106 Signature Algorithm: sha256WithRSAEncryption 107 Issuer: CN=Root 108 Validity 109 Not Before: Jan 1 12:00:00 2015 GMT 110 Not After : Jan 1 12:00:00 2018 GMT 111 Subject: CN=Intermediate 112 Subject Public Key Info: 113 Public Key Algorithm: rsaEncryption 114 Public-Key: (2048 bit) 115 Modulus: 116 00:a9:b2:82:36:54:a8:98:d5:fd:3d:04:24:22:7a: 117 96:60:e6:b9:00:f2:b5:30:fe:2a:e7:01:d7:18:08: 118 14:af:09:2c:2b:fc:09:1c:c5:8f:dc:80:68:0e:e4: 119 33:6b:6a:e0:9a:e5:5d:7f:72:71:b6:bf:9a:c2:42: 120 72:2f:02:64:a6:b1:31:9c:3b:f8:f6:f1:5f:58:c6: 121 15:e7:09:d5:d7:ca:85:48:24:e9:ba:4b:77:dd:55: 122 52:38:b7:98:6f:98:ac:6b:cb:aa:6b:31:9a:7e:8d: 123 72:35:ff:d2:13:47:60:39:b6:c9:97:1b:6d:e6:95: 124 33:c5:df:74:d3:37:7e:5d:92:11:6b:ad:74:0a:5f: 125 2c:62:56:d2:f2:2e:9f:02:47:66:e4:9c:e9:67:ed: 126 92:9e:5f:6c:2e:87:ea:ad:c8:b0:d2:72:be:19:7c: 127 a8:bb:10:e7:76:5c:74:8c:42:9c:c0:91:58:e9:ba: 128 b7:6a:71:4a:6f:c0:3c:5d:42:e7:e6:8d:53:57:d5: 129 06:5d:80:da:f5:97:f3:a7:32:71:49:99:c0:ef:a2: 130 77:3f:c0:42:a4:6e:1f:ca:41:f5:37:a0:a9:e8:f9: 131 f8:b0:16:5e:a3:98:e7:87:9d:31:c8:c3:c1:0c:34: 132 8b:e9:0e:9b:30:b7:fc:2a:d0:ff:7d:c8:bc:b5:d6: 133 7d:6f 134 Exponent: 65537 (0x10001) 135 X509v3 extensions: 136 X509v3 Subject Key Identifier: 137 D7:30:75:D1:B9:8A:C0:67:E9:D7:FB:C4:45:99:2F:AF:B4:E0:DF:2A 138 X509v3 Authority Key Identifier: 139 keyid:97:9F:F1:88:19:93:DC:19:55:06:EB:83:28:9D:18:F0:1E:50:99:EB 140 141 Authority Information Access: 142 CA Issuers - URI:http://url-for-aia/Root.cer 143 144 X509v3 CRL Distribution Points: 145 146 Full Name: 147 URI:http://url-for-crl/Root.crl 148 149 X509v3 Key Usage: critical 150 Certificate Sign, CRL Sign 151 X509v3 Basic Constraints: critical 152 CA:TRUE 153 X509v3 Certificate Policies: 154 Policy: 1.3.6.1.4.1.11129.2.5.2 155 156 Signature Algorithm: sha256WithRSAEncryption 157 93:84:5b:28:41:82:e9:d3:62:fb:5b:6b:2f:03:53:bf:2e:c2: 158 e1:65:15:5b:6d:fc:56:16:d0:d8:c5:45:b6:ce:c8:e3:76:d5: 159 35:00:02:ab:b9:e1:23:ca:7d:0d:80:d6:e4:dc:70:50:56:4f: 160 6f:a8:80:c5:45:40:0b:3e:6d:88:02:bc:37:e1:b2:f6:ec:d0: 161 88:27:49:f6:98:2e:03:35:98:13:04:4e:25:c9:0e:65:70:f7: 162 7a:da:1c:32:cb:40:3f:8b:54:75:b2:c8:63:45:45:fe:01:af: 163 d9:04:8b:58:18:55:ac:78:3a:20:04:7a:1e:bb:43:49:0b:cd: 164 ac:09:08:0a:c2:96:6f:4f:a0:4e:d5:48:f8:40:e7:f5:46:11: 165 58:f0:1c:ff:91:db:e9:e8:58:ad:45:dd:ed:06:ed:63:51:93: 166 4d:40:fc:7e:d8:d3:e3:dc:36:20:63:9f:f0:fd:05:8a:b0:7d: 167 2d:8a:99:93:fa:73:4e:b5:24:45:e8:bf:0f:a8:e0:ee:c7:18: 168 2e:b6:b3:ed:52:ba:d1:94:0d:9f:8d:c7:66:a7:91:5d:bd:dc: 169 ca:ff:bb:99:31:1e:78:08:b4:4d:03:2e:af:a6:f1:87:f0:80: 170 e7:81:47:db:be:31:2c:ee:ef:ca:16:b1:15:9e:43:0d:10:ef: 171 8c:22:be:fc 172-----BEGIN CERTIFICATE----- 173MIIDhjCCAm6gAwIBAgIBCDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 174MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 175ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbKCNlSo 176mNX9PQQkInqWYOa5APK1MP4q5wHXGAgUrwksK/wJHMWP3IBoDuQza2rgmuVdf3Jx 177tr+awkJyLwJkprExnDv49vFfWMYV5wnV18qFSCTpukt33VVSOLeYb5isa8uqazGa 178fo1yNf/SE0dgObbJlxtt5pUzxd900zd+XZIRa610Cl8sYlbS8i6fAkdm5JzpZ+2S 179nl9sLofqrciw0nK+GXyouxDndlx0jEKcwJFY6bq3anFKb8A8XULn5o1TV9UGXYDa 1809ZfzpzJxSZnA76J3P8BCpG4fykH1N6Cp6Pn4sBZeo5jnh50xyMPBDDSL6Q6bMLf8 181KtD/fci8tdZ9bwIDAQABo4HkMIHhMB0GA1UdDgQWBBTXMHXRuYrAZ+nX+8RFmS+v 182tODfKjAfBgNVHSMEGDAWgBSXn/GIGZPcGVUG64MonRjwHlCZ6zA3BggrBgEFBQcB 183AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs 184BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD 185VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAwDjAMBgorBgEE 186AdZ5AgUCMA0GCSqGSIb3DQEBCwUAA4IBAQCThFsoQYLp02L7W2svA1O/LsLhZRVb 187bfxWFtDYxUW2zsjjdtU1AAKrueEjyn0NgNbk3HBQVk9vqIDFRUALPm2IArw34bL2 1887NCIJ0n2mC4DNZgTBE4lyQ5lcPd62hwyy0A/i1R1sshjRUX+Aa/ZBItYGFWseDog 189BHoeu0NJC82sCQgKwpZvT6BO1Uj4QOf1RhFY8Bz/kdvp6FitRd3tBu1jUZNNQPx+ 1902NPj3DYgY5/w/QWKsH0tipmT+nNOtSRF6L8PqODuxxgutrPtUrrRlA2fjcdmp5Fd 191vdzK/7uZMR54CLRNAy6vpvGH8IDngUfbvjEs7u/KFrEVnkMNEO+MIr78 192-----END CERTIFICATE----- 193 194Certificate: 195 Data: 196 Version: 3 (0x2) 197 Serial Number: 7 (0x7) 198 Signature Algorithm: sha256WithRSAEncryption 199 Issuer: CN=Root 200 Validity 201 Not Before: Jan 1 12:00:00 2015 GMT 202 Not After : Jan 1 12:00:00 2018 GMT 203 Subject: CN=Root 204 Subject Public Key Info: 205 Public Key Algorithm: rsaEncryption 206 Public-Key: (2048 bit) 207 Modulus: 208 00:9b:9c:73:93:62:04:5c:af:94:ef:7f:74:ac:8d: 209 96:d4:50:8a:1f:08:eb:3a:2c:08:6e:53:2a:79:b7: 210 ee:03:31:43:0d:66:d2:af:ee:59:6c:bc:06:42:22: 211 cd:39:49:62:13:51:dd:94:fd:7f:03:d4:55:0f:e3: 212 82:dd:f5:3f:2f:4b:01:38:e2:d2:31:e3:da:d9:b0: 213 8e:c4:39:62:8a:dd:5a:68:0e:5c:65:80:e5:74:e7: 214 a3:5a:b7:23:eb:9c:26:6b:82:50:4e:49:f2:2a:15: 215 41:0c:f8:03:7a:33:92:b6:e1:d0:de:1c:c4:08:74: 216 4d:dc:e3:82:ab:0b:4e:ef:32:c7:bb:b3:45:30:3b: 217 d9:1e:6f:eb:6c:9a:c7:e4:9d:be:07:09:eb:43:20: 218 a7:b0:68:99:21:45:80:d3:90:71:ea:87:53:e1:20: 219 99:ef:84:38:f5:71:0a:42:a3:30:b2:d8:6f:ab:87: 220 ac:9a:7c:01:b6:8a:3c:c1:c1:62:25:77:7e:51:f1: 221 4f:88:92:b1:3d:16:fb:ba:3e:f9:d4:58:dd:6d:c0: 222 18:a2:9e:f9:82:3f:7f:e9:de:f0:2d:a1:2a:b2:5e: 223 38:15:73:15:80:ad:63:13:6b:96:4a:8e:cf:6c:f2: 224 44:7b:7e:52:c6:53:1d:bc:b3:f5:1e:dd:ec:b7:19: 225 a0:eb 226 Exponent: 65537 (0x10001) 227 X509v3 extensions: 228 X509v3 Subject Key Identifier: 229 97:9F:F1:88:19:93:DC:19:55:06:EB:83:28:9D:18:F0:1E:50:99:EB 230 X509v3 Authority Key Identifier: 231 keyid:97:9F:F1:88:19:93:DC:19:55:06:EB:83:28:9D:18:F0:1E:50:99:EB 232 233 Authority Information Access: 234 CA Issuers - URI:http://url-for-aia/Root.cer 235 236 X509v3 CRL Distribution Points: 237 238 Full Name: 239 URI:http://url-for-crl/Root.crl 240 241 X509v3 Key Usage: critical 242 Certificate Sign, CRL Sign 243 X509v3 Basic Constraints: critical 244 CA:TRUE 245 Signature Algorithm: sha256WithRSAEncryption 246 24:16:e4:a2:3a:5f:d6:97:f2:b9:26:a9:03:97:85:12:bb:02: 247 22:b5:82:30:14:58:a4:c1:45:37:64:a4:8e:05:e0:cf:33:d7: 248 d7:74:f7:ca:ea:e9:19:c8:15:d9:b0:d4:25:d5:45:a8:bb:ff: 249 7e:e6:9a:d2:9f:d2:a8:7d:ac:04:e7:ab:ed:76:0c:f1:e1:ee: 250 13:03:6b:71:13:c3:e9:2e:28:aa:b2:4b:0e:7b:ec:b4:d9:bb: 251 47:94:3a:25:b8:df:43:26:4b:b5:ba:7a:2f:3f:33:3f:f0:7f: 252 8f:86:50:5a:95:1a:ed:84:f2:cf:84:f3:2b:e6:a6:bf:92:b3: 253 80:5e:bc:7a:f0:f3:b4:00:2f:ea:2b:22:b4:2a:ea:b5:bb:b2: 254 68:69:76:65:94:da:89:44:36:fa:83:81:00:af:d6:9b:e5:ec: 255 77:1d:db:3a:91:17:2c:ba:4f:2e:0b:4a:d5:bb:c5:79:7d:1c: 256 35:9b:fc:34:88:5d:a6:f7:bc:79:30:f2:05:27:3b:6f:ca:f8: 257 18:90:15:91:12:9a:d6:56:ac:93:83:1e:28:7f:2b:25:dc:2b: 258 d1:2c:96:8b:60:53:a5:40:21:89:71:15:fe:2d:4c:74:2e:5c: 259 c9:4d:f0:3e:83:c6:54:71:86:a5:9b:6c:37:4b:1a:fe:f7:e7: 260 46:02:0f:f5 261-----BEGIN CERTIFICATE----- 262MIIDZTCCAk2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 263MB4XDTE1MDEwMTEyMDAwMFoXDTE4MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v 264dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJucc5NiBFyvlO9/dKyN 265ltRQih8I6zosCG5TKnm37gMxQw1m0q/uWWy8BkIizTlJYhNR3ZT9fwPUVQ/jgt31 266Py9LATji0jHj2tmwjsQ5YordWmgOXGWA5XTno1q3I+ucJmuCUE5J8ioVQQz4A3oz 267krbh0N4cxAh0TdzjgqsLTu8yx7uzRTA72R5v62yax+SdvgcJ60Mgp7BomSFFgNOQ 268ceqHU+Egme+EOPVxCkKjMLLYb6uHrJp8AbaKPMHBYiV3flHxT4iSsT0W+7o++dRY 2693W3AGKKe+YI/f+ne8C2hKrJeOBVzFYCtYxNrlkqOz2zyRHt+UsZTHbyz9R7d7LcZ 270oOsCAwEAAaOByzCByDAdBgNVHQ4EFgQUl5/xiBmT3BlVBuuDKJ0Y8B5QmeswHwYD 271VR0jBBgwFoAUl5/xiBmT3BlVBuuDKJ0Y8B5QmeswNwYIKwYBBQUHAQEEKzApMCcG 272CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw 273IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE 274AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAkFuSiOl/W 275l/K5JqkDl4USuwIitYIwFFikwUU3ZKSOBeDPM9fXdPfK6ukZyBXZsNQl1UWou/9+ 2765prSn9KofawE56vtdgzx4e4TA2txE8PpLiiqsksOe+y02btHlDoluN9DJku1unov 277PzM/8H+PhlBalRrthPLPhPMr5qa/krOAXrx68PO0AC/qKyK0Kuq1u7JoaXZllNqJ 278RDb6g4EAr9ab5ex3Hds6kRcsuk8uC0rVu8V5fRw1m/w0iF2m97x5MPIFJztvyvgY 279kBWREprWVqyTgx4ofysl3CvRLJaLYFOlQCGJcRX+LUx0LlzJTfA+g8ZUcYalm2w3 280Sxr+9+dGAg/1 281-----END CERTIFICATE----- 282