[Created by: ./generate-chains.py] Certificate chain with policies and requireExplicitPolicy, including policies on the root. Certificate: Data: Version: 3 (0x2) Serial Number: 57:12:ad:91:9d:43:e6:f6:6c:6e:ad:3b:72:4b:dc:54:82:9a:87:ab Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Intermediate Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Target Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b8:56:11:e6:4f:80:6b:56:9a:4c:11:bf:0c:6a: 42:ec:59:97:8a:29:4b:55:89:7b:28:f1:80:4e:9f: fe:01:9b:72:d2:35:96:89:54:ad:db:9e:ae:23:da: da:9e:1e:5f:7b:4d:a3:f9:c2:93:bd:cb:6a:8a:97: 92:41:62:bd:f5:16:c0:4d:c4:59:98:7c:52:32:62: 45:52:70:4e:48:f7:ac:b7:0e:4c:51:89:04:c3:d6: ce:12:c7:be:8f:a1:fd:d0:4d:81:86:a5:c2:11:84: 23:1f:de:76:84:d9:70:fb:d7:ad:5b:54:f7:09:fe: ac:8b:de:4d:cf:a7:d9:dd:23:90:76:3a:de:c3:8b: 5e:b4:3d:6e:2d:87:64:da:0f:a4:f5:34:81:ee:c3: 9a:61:43:56:66:1f:c5:bf:f6:e5:a1:ed:80:49:48: 92:f1:15:b8:f4:07:5c:9d:92:6d:87:19:ca:5c:c8: 55:48:09:ce:f2:e0:af:1e:8b:d5:30:4f:92:b7:a7: 02:84:76:b3:85:81:17:f1:0e:9b:a4:a3:ca:07:3a: d8:a2:f5:15:40:07:5f:a7:97:27:ca:1d:2c:b8:ff: c4:0b:43:c1:9e:18:91:fd:01:e7:20:a5:11:b2:db: 71:c2:c9:60:f8:bc:d3:a8:f3:0b:fb:1f:eb:6a:94: d2:fb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 15:C7:83:51:99:8A:EC:AA:F1:4A:2C:1C:04:C0:37:BD:64:8A:43:47 X509v3 Authority Key Identifier: CB:C6:A8:3A:83:0E:5B:41:0C:3E:C3:20:48:BF:37:69:DB:5A:DC:87 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Intermediate.crl X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Certificate Policies: critical Policy: 1.2.3.4 Signature Algorithm: sha256WithRSAEncryption Signature Value: 49:7a:a9:e0:0c:94:e5:f4:5f:63:a4:13:3d:95:d6:01:3b:7a: 55:89:ca:74:25:5e:82:1e:ac:73:d7:b9:a2:a6:b6:cd:c5:05: 47:47:fc:2e:a0:c9:5c:4c:f5:c4:b5:cb:82:cd:71:86:35:41: 3e:43:6f:f6:6f:b9:b3:dc:b5:a8:bd:4b:1c:10:4a:0e:2b:d1: 30:b5:71:6c:9b:26:92:10:78:7f:dd:7d:06:10:d7:76:64:eb: b7:2e:90:25:9f:f9:f3:7d:d6:92:ad:cf:19:8c:63:c8:3f:8b: e7:13:36:cf:48:b5:04:bf:95:14:f2:db:65:a3:60:56:94:16: 10:ac:a4:6a:4b:b2:1f:1a:93:c2:0d:d8:1d:4a:a8:cb:31:84: f1:d6:42:33:3d:52:8a:b2:97:aa:be:1d:3f:28:47:f0:f3:b0: aa:10:f2:1a:d2:5d:8f:8a:51:9c:14:c0:1f:ba:55:3d:a8:b5: e2:e4:c6:01:18:17:12:5a:c6:9d:c9:34:b4:7a:43:eb:97:04: 93:6f:e5:10:60:b5:af:cf:68:22:ac:02:cb:86:62:e0:5f:80: 7c:a2:61:4f:14:78:68:86:7b:c1:1c:04:65:2d:36:99:15:08: f7:dc:69:3d:12:6d:70:c0:0b:06:78:c8:74:84:62:d8:41:85: 9d:a3:2d:61 -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIUVxKtkZ1D5vZsbq07ckvcVIKah6swDQYJKoZIhvcNAQEL BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAuFYR5k+Aa1aaTBG/DGpC7FmXiilLVYl7KPGATp/+AZty 0jWWiVSt256uI9ranh5fe02j+cKTvctqipeSQWK99RbATcRZmHxSMmJFUnBOSPes tw5MUYkEw9bOEse+j6H90E2BhqXCEYQjH952hNlw+9etW1T3Cf6si95Nz6fZ3SOQ djrew4tetD1uLYdk2g+k9TSB7sOaYUNWZh/Fv/bloe2ASUiS8RW49AdcnZJthxnK XMhVSAnO8uCvHovVME+St6cChHazhYEX8Q6bpKPKBzrYovUVQAdfp5cnyh0suP/E C0PBnhiR/QHnIKURsttxwslg+LzTqPML+x/rapTS+wIDAQABo4H+MIH7MB0GA1Ud DgQWBBQVx4NRmYrsqvFKLBwEwDe9ZIpDRzAfBgNVHSMEGDAWgBTLxqg6gw5bQQw+ wyBIvzdp21rchzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF BgMqAwQwDQYJKoZIhvcNAQELBQADggEBAEl6qeAMlOX0X2OkEz2V1gE7elWJynQl XoIerHPXuaKmts3FBUdH/C6gyVxM9cS1y4LNcYY1QT5Db/ZvubPctai9SxwQSg4r 0TC1cWybJpIQeH/dfQYQ13Zk67cukCWf+fN91pKtzxmMY8g/i+cTNs9ItQS/lRTy 22WjYFaUFhCspGpLsh8ak8IN2B1KqMsxhPHWQjM9Uoqyl6q+HT8oR/DzsKoQ8hrS XY+KUZwUwB+6VT2oteLkxgEYFxJaxp3JNLR6Q+uXBJNv5RBgta/PaCKsAsuGYuBf gHyiYU8UeGiGe8EcBGUtNpkVCPfcaT0SbXDACwZ4yHSEYthBhZ2jLWE= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 38:1b:a6:db:3e:59:79:2d:95:4e:a3:37:67:03:a7:c6:1f:54:ba:b8 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Intermediate Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b9:0c:ea:12:ab:57:9d:4a:f2:58:74:68:94:60: 14:1e:5f:ff:fc:9d:62:f6:0d:34:6e:e9:2f:ca:d5: 53:29:e6:a3:2f:c0:6b:6e:62:82:b1:5f:26:3d:2d: 98:99:93:7d:6f:f5:1c:cf:54:d3:c4:4b:81:cb:b3: a5:98:57:bd:fe:7f:19:76:af:99:ef:cc:62:cf:c0: 1c:df:5e:f9:b6:94:49:33:6f:db:ba:bf:5b:e2:20: 87:9d:3f:7e:c2:e7:94:76:3d:8b:7f:a0:49:f1:2d: 30:77:7b:8b:2c:b6:ec:cd:1e:5e:bf:e5:1b:86:dd: d8:c1:e1:0d:b4:57:f0:aa:0a:58:d4:c3:4d:5b:cb: bf:0e:f9:c7:23:61:f8:a3:0e:ab:2d:0f:87:1a:4f: 1d:0b:e6:39:0a:0a:35:be:f3:f9:55:f7:87:cd:f7: 7a:d7:18:7d:b7:0c:1f:6a:7a:67:52:55:6d:b8:ed: 87:28:a9:fe:eb:c3:c8:a8:66:bc:33:93:db:9e:20: 44:6b:31:36:b8:15:1b:cf:37:c2:be:9d:45:7c:3d: d2:13:36:a0:1d:d7:74:52:67:a3:b7:3b:4a:54:01: c5:6e:72:71:9d:47:39:44:58:27:08:a2:54:15:b5: 27:df:7b:3f:c9:f1:cb:23:be:cf:bd:8e:37:be:f2: 8d:8f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: CB:C6:A8:3A:83:0E:5B:41:0C:3E:C3:20:48:BF:37:69:DB:5A:DC:87 X509v3 Authority Key Identifier: 04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: critical Policy: 1.2.3.4 X509v3 Policy Constraints: critical Require Explicit Policy:0 Signature Algorithm: sha256WithRSAEncryption Signature Value: 16:bd:d6:f6:5c:2e:12:33:ce:21:f8:12:59:4a:82:20:2d:05: 88:4f:42:86:53:dc:7f:96:56:ac:cc:e8:23:77:c6:3c:de:ce: 08:2c:f1:ed:26:c7:1f:7d:88:5c:7a:5c:b3:f0:f6:e0:51:41: 0b:3e:7e:c5:09:6e:5c:1e:89:60:08:32:58:4b:c0:c0:9e:be: e1:1e:43:7d:66:78:5b:fe:f8:38:8d:83:8a:4a:2d:4a:9d:1e: ba:1b:71:98:ae:9d:cc:4d:1f:13:a2:7a:11:c7:e8:29:2b:c1: ee:3c:95:eb:5b:97:93:e5:4a:22:c7:04:31:9f:f0:61:f3:bb: b5:e3:b1:8e:97:c3:c3:50:5a:6d:89:59:9a:a2:19:5a:cc:e8: 2a:01:4c:e2:56:4e:69:5a:61:ce:d6:05:11:4a:66:49:f9:a7: c5:c2:fd:5f:30:19:0f:e3:79:21:e6:58:fc:a5:10:b5:30:be: ac:b7:81:31:ce:4e:bd:3a:68:ff:06:1c:ee:1c:b0:dd:fd:13: 47:9e:bb:ef:0b:f5:c8:ed:38:2f:06:32:99:54:d4:0f:dd:45: e6:ac:04:6b:cc:e1:b7:88:16:ad:bb:09:d0:71:ad:e4:55:b3: f9:3d:dc:41:72:bc:93:33:1f:3c:8e:d3:d9:6f:e3:17:5e:a8: a5:c8:89:5a -----BEGIN CERTIFICATE----- MIIDpjCCAo6gAwIBAgIUOBum2z5ZeS2VTqM3ZwOnxh9UurgwDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBALkM6hKrV51K8lh0aJRgFB5f//ydYvYNNG7pL8rVUynmoy/A a25igrFfJj0tmJmTfW/1HM9U08RLgcuzpZhXvf5/GXavme/MYs/AHN9e+baUSTNv 27q/W+Igh50/fsLnlHY9i3+gSfEtMHd7iyy27M0eXr/lG4bd2MHhDbRX8KoKWNTD TVvLvw75xyNh+KMOqy0PhxpPHQvmOQoKNb7z+VX3h833etcYfbcMH2p6Z1JVbbjt hyip/uvDyKhmvDOT254gRGsxNrgVG883wr6dRXw90hM2oB3XdFJno7c7SlQBxW5y cZ1HOURYJwiiVBW1J997P8nxyyO+z72ON77yjY8CAwEAAaOB8TCB7jAdBgNVHQ4E FgQUy8aoOoMOW0EMPsMgSL83adta3IcwHwYDVR0jBBgwFoAUBMzuhRcsN0zS0wha lGbuWv+oeTQwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ MBMGA1UdIAEB/wQJMAcwBQYDKgMEMA8GA1UdJAEB/wQFMAOAAQAwDQYJKoZIhvcN AQELBQADggEBABa91vZcLhIzziH4EllKgiAtBYhPQoZT3H+WVqzM6CN3xjzezggs 8e0mxx99iFx6XLPw9uBRQQs+fsUJblweiWAIMlhLwMCevuEeQ31meFv++DiNg4pK LUqdHrobcZiuncxNHxOiehHH6Ckrwe48letbl5PlSiLHBDGf8GHzu7XjsY6Xw8NQ Wm2JWZqiGVrM6CoBTOJWTmlaYc7WBRFKZkn5p8XC/V8wGQ/jeSHmWPylELUwvqy3 gTHOTr06aP8GHO4csN39E0eeu+8L9cjtOC8GMplU1A/dReasBGvM4beIFq27CdBx reRVs/k93EFyvJMzHzyO09lv4xdeqKXIiVo= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 38:1b:a6:db:3e:59:79:2d:95:4e:a3:37:67:03:a7:c6:1f:54:ba:b7 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Root Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a8:ae:84:aa:34:ef:4a:a7:14:8c:a4:e3:d7:7d: ef:7e:3a:25:72:c0:9c:be:13:87:cd:a0:ae:fc:96: cb:f7:80:6d:4f:d0:2b:c6:5e:b2:9a:0a:b6:af:ae: 0a:92:93:99:f1:44:d1:ea:bd:01:54:11:4e:04:5f: 00:16:85:81:26:4d:47:44:6b:e2:b7:92:e5:c8:41: a5:7a:5f:23:c5:4e:7f:db:12:f4:8d:a2:2f:5c:83: 64:b3:6a:fc:f1:36:53:0e:c2:90:88:18:f5:c3:d8: 3d:e7:a6:7f:a0:c7:66:f1:24:aa:80:52:0a:50:96: c3:14:ae:48:ba:ee:ee:34:9f:7e:99:d4:ee:00:c1: 41:d8:6c:93:ab:2d:11:65:2b:17:cd:6b:f6:80:f2: 66:5b:27:89:7f:92:1c:a6:d0:e1:f4:33:11:b6:7f: a9:f6:4b:46:eb:2d:3c:8d:7f:7a:fd:cf:dd:43:64: b0:14:b8:58:05:dc:f7:59:de:1f:c2:af:d6:89:4e: 0e:98:68:21:30:3a:8b:23:00:6c:29:0f:91:fe:99: d3:ac:fa:76:be:f7:f3:2c:87:e8:44:1b:1f:59:fe: 81:db:70:88:2d:e3:84:65:e8:33:49:03:c3:f0:a1: 39:a5:85:df:58:8d:6d:70:0f:8c:3d:20:fe:f0:ba: 22:19 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34 X509v3 Authority Key Identifier: 04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: critical Policy: 1.2.3.4 X509v3 Policy Constraints: critical Require Explicit Policy:0, Inhibit Policy Mapping:0 X509v3 Inhibit Any Policy: critical 0 Signature Algorithm: sha256WithRSAEncryption Signature Value: 3e:d6:8d:77:e8:e1:83:0b:88:1b:aa:ca:56:aa:c7:4d:58:a2: 8b:24:c6:66:21:ba:95:21:c2:a9:0c:54:09:01:b8:d6:46:e2: 5c:2f:52:5e:f4:b5:a4:2d:5b:2d:10:5e:70:16:7f:0c:a0:93: ec:25:d0:19:00:33:39:2d:48:1c:23:18:8e:51:ca:95:0a:c7: 72:30:87:13:0f:a6:5b:6d:5c:3f:06:b6:09:f2:64:50:38:b6: 9c:fd:34:3e:9a:18:bd:f6:ca:78:13:7d:5f:06:26:c6:ea:fe: 17:9b:37:6d:94:65:47:37:63:94:16:49:be:a7:02:c5:70:63: 62:1c:40:e4:6c:90:09:b5:88:1a:d2:40:48:9e:e4:a8:32:93: fb:db:f2:69:23:45:ca:97:b7:97:e6:f4:ff:15:b1:fd:06:30: 87:48:e9:34:5b:33:0f:7b:fd:78:6a:a9:94:35:ed:bd:9d:ca: b0:c3:79:57:d6:a1:b1:99:35:a3:d3:e1:de:13:d9:72:d1:76: 4d:a0:c0:ae:89:70:3d:31:0c:27:74:49:f5:34:f2:3e:2d:98: 9d:d3:15:81:75:14:3f:90:a8:96:82:9b:90:39:9e:bc:c5:cf: c9:c9:04:ec:f2:20:27:8d:39:85:3b:9e:27:5c:d3:9b:40:3d: 4e:83:87:ab -----BEGIN CERTIFICATE----- MIIDsjCCApqgAwIBAgIUOBum2z5ZeS2VTqM3ZwOnxh9UurcwDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCoroSqNO9KpxSMpOPXfe9+OiVywJy+E4fNoK78lsv3gG1P0CvGXrKaCrav rgqSk5nxRNHqvQFUEU4EXwAWhYEmTUdEa+K3kuXIQaV6XyPFTn/bEvSNoi9cg2Sz avzxNlMOwpCIGPXD2D3npn+gx2bxJKqAUgpQlsMUrki67u40n36Z1O4AwUHYbJOr LRFlKxfNa/aA8mZbJ4l/khym0OH0MxG2f6n2S0brLTyNf3r9z91DZLAUuFgF3PdZ 3h/Cr9aJTg6YaCEwOosjAGwpD5H+mdOs+na+9/Msh+hEGx9Z/oHbcIgt44Rl6DNJ A8PwoTmlhd9YjW1wD4w9IP7wuiIZAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQUBMzu hRcsN0zS0whalGbuWv+oeTQwHwYDVR0jBBgwFoAUBMzuhRcsN0zS0whalGbuWv+o eTQwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1h aWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3Js L1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBMGA1Ud IAEB/wQJMAcwBQYDKgMEMBIGA1UdJAEB/wQIMAaAAQCBAQAwDQYDVR02AQH/BAMC AQAwDQYJKoZIhvcNAQELBQADggEBAD7WjXfo4YMLiBuqylaqx01YooskxmYhupUh wqkMVAkBuNZG4lwvUl70taQtWy0QXnAWfwygk+wl0BkAMzktSBwjGI5RypUKx3Iw hxMPplttXD8GtgnyZFA4tpz9ND6aGL32yngTfV8GJsbq/hebN22UZUc3Y5QWSb6n AsVwY2IcQORskAm1iBrSQEie5Kgyk/vb8mkjRcqXt5fm9P8Vsf0GMIdI6TRbMw97 /XhqqZQ17b2dyrDDeVfWobGZNaPT4d4T2XLRdk2gwK6JcD0xDCd0SfU08j4tmJ3T FYF1FD+QqJaCm5A5nrzFz8nJBOzyICeNOYU7nidc05tAPU6Dh6s= -----END CERTIFICATE-----