This is the same test as rsa-pkcs1-sha256.pem except the SPKI has been tampered with. Rather than using an rsaEncryption OID for the key's algorithm, it uses id-ea-rsa (2.5.8.1.1). $ openssl asn1parse -i < [PUBLIC KEY] 0:d=0 hl=3 l= 154 cons: SEQUENCE 3:d=1 hl=2 l= 8 cons: SEQUENCE 5:d=2 hl=2 l= 4 prim: OBJECT :rsa 11:d=2 hl=2 l= 0 prim: NULL 13:d=1 hl=3 l= 141 prim: BIT STRING -----BEGIN PUBLIC KEY----- MIGaMAgGBFUIAQEFAAOBjQAwgYkCgYEAqkfgdjI9YqzadSZ2Ns0CEEUD8+8m7OplIx094X+QD8m ooNrunwT04asbLIINGL4qiI/+9IVSvyV3Kj9c4EeQIbANGoJ8AI3wf6MOBB/txxGFedqqcTffKV MQvtZdoYFbZ/MQkvyRsoyvunb/pWcN4sSaF9kY1bXSeP3J99fBIYUCAwEAAQ== -----END PUBLIC KEY----- $ openssl asn1parse -i < [ALGORITHM] 0:d=0 hl=2 l= 13 cons: SEQUENCE 2:d=1 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 13:d=1 hl=2 l= 0 prim: NULL -----BEGIN ALGORITHM----- MA0GCSqGSIb3DQEBCwUA -----END ALGORITHM----- -----BEGIN DATA----- MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1 UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp 1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA 0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/ cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w== -----END DATA----- $ openssl asn1parse -i < [SIGNATURE] 0:d=0 hl=3 l= 129 prim: BIT STRING -----BEGIN SIGNATURE----- A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6 +Gqf3saGdr8/LnvFAdNQvkalQt -----END SIGNATURE-----