1[Created by: generate-chains.py] 2 3Certificate chain where the intermediate has a policies extension (not 4marked as critical) which contains an unknown policy qualifer (1.2.3.4). 5 6Certificate: 7 Data: 8 Version: 3 (0x2) 9 Serial Number: 10 31:6a:f9:bd:60:f3:6d:85:80:16:84:85:c0:6e:f2:0e:9a:01:52:0b 11 Signature Algorithm: sha256WithRSAEncryption 12 Issuer: CN=Intermediate 13 Validity 14 Not Before: Oct 5 12:00:00 2021 GMT 15 Not After : Oct 5 12:00:00 2022 GMT 16 Subject: CN=Target 17 Subject Public Key Info: 18 Public Key Algorithm: rsaEncryption 19 RSA Public-Key: (2048 bit) 20 Modulus: 21 00:be:d9:c3:94:6a:c2:d7:1b:b4:33:1a:29:0d:ca: 22 48:e2:f1:94:93:27:36:71:c1:a2:dc:67:0e:5d:67: 23 b0:a9:08:9c:67:08:ba:d9:74:5f:01:62:5d:7f:2a: 24 bb:32:ed:0c:af:c8:5a:b5:02:24:45:6f:90:4c:83: 25 ab:0e:30:19:c2:df:bc:d5:25:99:b0:f3:5e:e1:27: 26 5b:06:2f:ca:3e:d6:49:fb:87:8d:d3:fd:b9:b9:27: 27 80:be:b5:88:72:3b:1b:20:3f:04:69:04:89:66:ee: 28 20:f7:c2:90:c1:27:aa:29:fa:88:ff:2f:10:3b:81: 29 cf:d0:b9:e9:a7:84:dc:f1:a7:d0:49:e0:6e:17:b2: 30 ba:09:ed:be:9c:a3:f2:66:37:dd:20:98:43:31:bd: 31 02:d1:55:63:88:f6:55:13:20:b7:b9:0b:c9:c9:fb: 32 a3:5b:0f:90:56:e8:8a:dc:a5:7a:92:bc:46:5d:82: 33 a4:e1:42:2c:7c:76:65:63:87:f4:e0:5a:cf:15:22: 34 13:49:1d:aa:0d:ea:25:08:7c:63:19:39:2f:1d:15: 35 2e:7c:9a:e7:d5:03:21:76:6c:22:1a:be:12:8b:72: 36 c5:cb:0f:41:ef:0f:d3:be:78:1d:12:e0:c2:29:eb: 37 d7:36:28:54:ad:8d:ce:c8:79:2f:4f:13:c1:2b:3b: 38 e4:ff 39 Exponent: 65537 (0x10001) 40 X509v3 extensions: 41 X509v3 Subject Key Identifier: 42 FE:3D:1B:76:A0:3D:EE:69:00:5B:D4:61:90:68:18:E3:29:EC:66:A3 43 X509v3 Authority Key Identifier: 44 keyid:49:F0:C4:09:BE:16:68:CF:0A:C1:E0:EF:8F:A6:34:1F:94:63:6F:E6 45 46 Authority Information Access: 47 CA Issuers - URI:http://url-for-aia/Intermediate.cer 48 49 X509v3 CRL Distribution Points: 50 51 Full Name: 52 URI:http://url-for-crl/Intermediate.crl 53 54 X509v3 Key Usage: critical 55 Digital Signature, Key Encipherment 56 X509v3 Extended Key Usage: 57 TLS Web Server Authentication, TLS Web Client Authentication 58 Signature Algorithm: sha256WithRSAEncryption 59 cd:09:85:57:ee:4d:de:bf:78:64:b7:93:a6:41:f5:00:d0:b6: 60 99:be:21:2d:55:f6:07:84:26:25:32:9e:82:b6:07:90:3e:b5: 61 b2:a2:1a:c1:8a:ed:59:18:be:75:ca:90:ae:df:ad:aa:fc:70: 62 af:7b:31:ff:cb:20:0a:4d:27:a2:77:90:53:e1:5f:ba:4c:c0: 63 25:79:a4:78:b2:7a:52:62:02:d1:09:ee:78:1f:14:65:a7:f4: 64 ec:aa:49:bb:fd:a2:e5:97:b2:6d:fe:d8:50:81:38:74:5a:e4: 65 3e:37:eb:41:58:7c:88:35:78:05:3c:76:82:c4:4d:09:f5:50: 66 b3:66:ca:8f:38:14:d9:c3:19:8a:8e:dd:08:c2:23:45:92:5f: 67 17:35:57:b9:02:90:6c:2e:e5:c4:7c:c4:56:ad:1f:7c:20:46: 68 20:df:f4:4b:01:d2:3a:1a:d1:82:26:e7:8c:49:d9:15:49:65: 69 13:db:91:2b:90:75:62:57:a0:ee:45:29:96:d2:86:55:2e:f1: 70 4d:04:3c:90:c5:cf:f7:43:7d:f3:d8:74:cf:0f:d7:d9:b9:3c: 71 07:93:d0:1c:da:cd:ae:18:ce:c3:59:c0:8f:9d:a1:30:9d:b0: 72 7a:21:3d:44:9e:0c:c9:8d:97:99:44:51:89:b0:77:0a:16:b1: 73 a3:cd:bf:7f 74-----BEGIN CERTIFICATE----- 75MIIDoDCCAoigAwIBAgIUMWr5vWDzbYWAFoSFwG7yDpoBUgswDQYJKoZIhvcNAQEL 76BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy 77MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF 78AAOCAQ8AMIIBCgKCAQEAvtnDlGrC1xu0MxopDcpI4vGUkyc2ccGi3GcOXWewqQic 79Zwi62XRfAWJdfyq7Mu0Mr8hatQIkRW+QTIOrDjAZwt+81SWZsPNe4SdbBi/KPtZJ 80+4eN0/25uSeAvrWIcjsbID8EaQSJZu4g98KQwSeqKfqI/y8QO4HP0Lnpp4Tc8afQ 81SeBuF7K6Ce2+nKPyZjfdIJhDMb0C0VVjiPZVEyC3uQvJyfujWw+QVuiK3KV6krxG 82XYKk4UIsfHZlY4f04FrPFSITSR2qDeolCHxjGTkvHRUufJrn1QMhdmwiGr4Si3LF 83yw9B7w/TvngdEuDCKevXNihUrY3OyHkvTxPBKzvk/wIDAQABo4HpMIHmMB0GA1Ud 84DgQWBBT+PRt2oD3uaQBb1GGQaBjjKexmozAfBgNVHSMEGDAWgBRJ8MQJvhZozwrB 854O+PpjQflGNv5jA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 86cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 87dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF 88oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD 89ggEBAM0JhVfuTd6/eGS3k6ZB9QDQtpm+IS1V9geEJiUynoK2B5A+tbKiGsGK7VkY 90vnXKkK7frar8cK97Mf/LIApNJ6J3kFPhX7pMwCV5pHiyelJiAtEJ7ngfFGWn9Oyq 91Sbv9ouWXsm3+2FCBOHRa5D4360FYfIg1eAU8doLETQn1ULNmyo84FNnDGYqO3QjC 92I0WSXxc1V7kCkGwu5cR8xFatH3wgRiDf9EsB0joa0YIm54xJ2RVJZRPbkSuQdWJX 93oO5FKZbShlUu8U0EPJDFz/dDffPYdM8P19m5PAeT0Bzaza4YzsNZwI+doTCdsHoh 94PUSeDMmNl5lEUYmwdwoWsaPNv38= 95-----END CERTIFICATE----- 96 97Certificate: 98 Data: 99 Version: 3 (0x2) 100 Serial Number: 101 1a:97:5a:9c:80:bc:38:51:fe:e9:06:6c:9c:24:16:bd:7b:49:b2:42 102 Signature Algorithm: sha256WithRSAEncryption 103 Issuer: CN=Root 104 Validity 105 Not Before: Oct 5 12:00:00 2021 GMT 106 Not After : Oct 5 12:00:00 2022 GMT 107 Subject: CN=Intermediate 108 Subject Public Key Info: 109 Public Key Algorithm: rsaEncryption 110 RSA Public-Key: (2048 bit) 111 Modulus: 112 00:d9:74:6c:03:22:ab:05:1b:af:d1:34:43:ac:2a: 113 a3:bd:5d:dc:13:39:5f:df:ff:f4:bd:3c:bd:56:1e: 114 b5:e9:b2:19:1d:49:ff:9c:5a:31:9c:20:74:87:27: 115 81:22:50:a3:c2:90:da:48:da:c2:cd:4a:4d:dd:ec: 116 75:d7:61:5b:32:57:1e:1d:63:82:54:69:49:f1:ff: 117 3e:a5:67:46:b2:77:73:61:ce:30:9c:d5:f7:36:1f: 118 83:0e:12:f8:37:48:a9:36:e6:38:61:13:5a:1d:a7: 119 70:17:d2:0d:81:87:f0:cf:02:3c:13:56:fc:e9:79: 120 96:c0:6d:8a:5d:a7:ad:e7:c5:3f:09:28:aa:e9:a8: 121 6b:23:a3:78:fe:34:11:ba:d0:12:59:cf:b3:8a:68: 122 df:96:2f:44:b0:b9:72:54:cf:ba:1b:2c:8c:56:a4: 123 9d:db:b8:55:72:42:04:13:77:cc:75:04:3d:e9:b1: 124 fa:a4:19:1b:3d:6f:0a:c2:7a:48:37:8b:35:c6:e1: 125 cc:c6:50:b5:45:c0:f2:30:ca:ff:df:75:af:4b:c3: 126 c7:63:11:da:fb:54:bf:53:57:a0:ce:75:18:53:8e: 127 c7:49:c3:4a:79:88:a4:1d:34:a4:e0:d2:f4:63:ca: 128 5a:02:89:c3:94:a3:38:32:f6:3b:e1:06:e4:02:e4: 129 d0:25 130 Exponent: 65537 (0x10001) 131 X509v3 extensions: 132 X509v3 Subject Key Identifier: 133 49:F0:C4:09:BE:16:68:CF:0A:C1:E0:EF:8F:A6:34:1F:94:63:6F:E6 134 X509v3 Authority Key Identifier: 135 keyid:27:0D:D0:55:88:5D:DE:1C:37:96:A0:62:14:C2:19:3C:C6:A4:1F:D1 136 137 Authority Information Access: 138 CA Issuers - URI:http://url-for-aia/Root.cer 139 140 X509v3 CRL Distribution Points: 141 142 Full Name: 143 URI:http://url-for-crl/Root.crl 144 145 X509v3 Key Usage: critical 146 Certificate Sign, CRL Sign 147 X509v3 Basic Constraints: critical 148 CA:TRUE 149 X509v3 Certificate Policies: 150 Policy: 1.2.3 151 Unknown Qualifier: 1.2.3.4 152 153 Signature Algorithm: sha256WithRSAEncryption 154 08:cc:26:16:ce:4f:8d:4c:1c:de:1b:3e:9b:04:f9:a9:73:a1: 155 3b:c8:36:df:48:ac:09:26:82:fa:61:11:8f:56:c8:db:5e:2c: 156 e4:3a:16:18:bf:59:5f:04:43:5f:6d:ba:c2:2e:94:af:34:a6: 157 7e:c5:fa:87:18:dc:fa:a5:dc:a5:a6:ea:39:5e:63:c5:7f:99: 158 2f:ce:89:ea:bc:d7:03:05:9f:81:48:f2:7a:53:98:13:8c:75: 159 44:e3:18:16:ba:07:1f:e6:24:4a:3b:bf:b1:6c:83:bd:35:66: 160 84:a3:c1:ec:04:ff:53:b7:20:85:00:f6:65:aa:e5:ff:13:0e: 161 34:9e:b0:c8:ee:34:21:ea:0f:1c:65:f1:ed:fb:b9:03:75:d5: 162 d4:7e:51:1b:23:60:79:cd:f5:9d:14:58:38:2f:e9:22:75:70: 163 d6:33:41:94:a6:87:29:61:e0:92:59:2b:f1:e5:46:2c:3c:4f: 164 a8:51:0b:a8:77:0f:39:66:75:a6:0a:10:14:f6:41:28:0b:91: 165 5b:17:c9:c1:86:f6:08:0c:ef:ad:66:30:0b:b3:87:2c:b1:2b: 166 15:cd:76:da:00:f0:1c:1a:db:fc:1a:7d:3b:86:b4:21:c0:9a: 167 13:c2:e3:b6:b8:13:64:21:fc:73:37:a5:d6:92:d7:42:ea:f3: 168 d9:cc:f4:9c 169-----BEGIN CERTIFICATE----- 170MIIDnjCCAoagAwIBAgIUGpdanIC8OFH+6QZsnCQWvXtJskIwDQYJKoZIhvcNAQEL 171BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw 172MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD 173ggEPADCCAQoCggEBANl0bAMiqwUbr9E0Q6wqo71d3BM5X9//9L08vVYetemyGR1J 174/5xaMZwgdIcngSJQo8KQ2kjaws1KTd3sdddhWzJXHh1jglRpSfH/PqVnRrJ3c2HO 175MJzV9zYfgw4S+DdIqTbmOGETWh2ncBfSDYGH8M8CPBNW/Ol5lsBtil2nrefFPwko 176qumoayOjeP40EbrQElnPs4po35YvRLC5clTPuhssjFakndu4VXJCBBN3zHUEPemx 177+qQZGz1vCsJ6SDeLNcbhzMZQtUXA8jDK/991r0vDx2MR2vtUv1NXoM51GFOOx0nD 178SnmIpB00pODS9GPKWgKJw5SjODL2O+EG5ALk0CUCAwEAAaOB6TCB5jAdBgNVHQ4E 179FgQUSfDECb4WaM8KweDvj6Y0H5Rjb+YwHwYDVR0jBBgwFoAUJw3QVYhd3hw3lqBi 180FMIZPMakH9EwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs 181LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m 182b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ 183MBwGA1UdIAQVMBMwEQYCKgMwCzAJBgMqAwQMAmhpMA0GCSqGSIb3DQEBCwUAA4IB 184AQAIzCYWzk+NTBzeGz6bBPmpc6E7yDbfSKwJJoL6YRGPVsjbXizkOhYYv1lfBENf 185bbrCLpSvNKZ+xfqHGNz6pdylpuo5XmPFf5kvzonqvNcDBZ+BSPJ6U5gTjHVE4xgW 186ugcf5iRKO7+xbIO9NWaEo8HsBP9TtyCFAPZlquX/Ew40nrDI7jQh6g8cZfHt+7kD 187ddXUflEbI2B5zfWdFFg4L+kidXDWM0GUpocpYeCSWSvx5UYsPE+oUQuodw85ZnWm 188ChAU9kEoC5FbF8nBhvYIDO+tZjALs4cssSsVzXbaAPAcGtv8Gn07hrQhwJoTwuO2 189uBNkIfxzN6XWktdC6vPZzPSc 190-----END CERTIFICATE----- 191 192Certificate: 193 Data: 194 Version: 3 (0x2) 195 Serial Number: 196 1a:97:5a:9c:80:bc:38:51:fe:e9:06:6c:9c:24:16:bd:7b:49:b2:41 197 Signature Algorithm: sha256WithRSAEncryption 198 Issuer: CN=Root 199 Validity 200 Not Before: Oct 5 12:00:00 2021 GMT 201 Not After : Oct 5 12:00:00 2022 GMT 202 Subject: CN=Root 203 Subject Public Key Info: 204 Public Key Algorithm: rsaEncryption 205 RSA Public-Key: (2048 bit) 206 Modulus: 207 00:a0:f9:c1:fa:93:42:7b:bf:e5:1e:21:e2:f5:cd: 208 db:f7:61:04:6e:ea:06:4c:fc:d5:2e:9f:5e:6e:97: 209 b2:d4:c3:f1:4c:18:01:5e:3e:85:e2:c0:73:ce:56: 210 fb:cc:4c:4e:f0:37:b5:e0:c6:31:5c:c0:06:5a:90: 211 24:d8:5d:88:ab:e3:53:2b:12:90:0b:16:c6:db:19: 212 74:e7:29:63:53:d9:5b:f3:e7:80:8c:5e:86:ff:e8: 213 e3:72:6b:09:6c:64:6b:92:34:f2:9c:bd:f4:b7:c1: 214 31:6f:74:00:31:3a:45:70:9f:5d:a5:d3:9c:91:7f: 215 fb:87:95:ef:07:f3:8d:8e:c9:a5:cb:ed:cc:2d:23: 216 bf:e4:98:93:88:8d:be:bc:50:02:2c:3a:0d:52:53: 217 7e:9a:20:04:da:52:db:a4:e5:72:bc:d6:40:40:7f: 218 51:86:29:d7:f5:f7:db:85:b3:a0:7d:7a:c5:04:3e: 219 e9:73:ca:65:3c:13:91:46:a1:b4:fb:6b:8b:a0:5e: 220 7c:c9:9d:3c:5e:c5:f6:2a:99:df:2e:13:1e:7d:d8: 221 db:30:02:52:d7:94:16:93:b8:20:5d:77:4d:26:6e: 222 9c:c8:5e:0a:56:ad:ba:d9:26:c0:80:dd:66:aa:09: 223 09:18:41:fa:f2:5c:7f:ae:10:45:25:ba:cc:0d:5d: 224 d8:3b 225 Exponent: 65537 (0x10001) 226 X509v3 extensions: 227 X509v3 Subject Key Identifier: 228 27:0D:D0:55:88:5D:DE:1C:37:96:A0:62:14:C2:19:3C:C6:A4:1F:D1 229 X509v3 Authority Key Identifier: 230 keyid:27:0D:D0:55:88:5D:DE:1C:37:96:A0:62:14:C2:19:3C:C6:A4:1F:D1 231 232 Authority Information Access: 233 CA Issuers - URI:http://url-for-aia/Root.cer 234 235 X509v3 CRL Distribution Points: 236 237 Full Name: 238 URI:http://url-for-crl/Root.crl 239 240 X509v3 Key Usage: critical 241 Certificate Sign, CRL Sign 242 X509v3 Basic Constraints: critical 243 CA:TRUE 244 Signature Algorithm: sha256WithRSAEncryption 245 55:3d:3d:02:2c:1e:b3:e2:47:78:ae:81:b1:b2:f5:a4:a0:37: 246 30:32:52:5e:c6:b4:d0:c2:6d:22:19:53:94:7c:e5:89:28:84: 247 ff:ad:fe:8e:af:c4:3a:a1:91:6d:0f:48:15:66:83:98:65:7c: 248 6c:69:f4:c4:ea:ab:29:9a:d0:a7:6e:a9:c7:67:9b:26:bc:94: 249 e9:df:4a:79:02:48:65:28:b4:59:0b:57:93:66:55:b5:87:9b: 250 de:40:48:2e:3c:24:e1:63:08:05:66:f9:8d:95:9c:95:1a:46: 251 0d:60:5f:9a:c3:53:10:ee:18:36:b5:b8:90:74:89:8b:0d:fb: 252 a2:d5:ee:4c:b8:02:bc:f7:4e:3f:9c:d5:17:bd:4f:37:33:39: 253 b4:ba:34:db:bf:53:37:d6:da:43:94:59:1e:ea:30:04:99:30: 254 7d:c0:5f:04:3b:97:0e:ad:d9:3c:e4:10:6b:82:fd:12:9d:2c: 255 f0:89:a5:22:3c:9e:7d:fb:d7:cc:10:8e:af:c2:6d:22:e0:5e: 256 76:56:e1:de:cd:01:85:96:12:4c:f0:8d:f2:4b:b5:bd:2e:51: 257 d8:9c:13:02:0c:0b:ff:47:c2:61:d3:8e:eb:55:af:b7:10:ff: 258 fa:d7:80:ba:a4:99:d9:10:8c:89:3c:ac:ec:46:d7:c5:62:e3: 259 a7:ed:d4:de 260-----BEGIN CERTIFICATE----- 261MIIDeDCCAmCgAwIBAgIUGpdanIC8OFH+6QZsnCQWvXtJskEwDQYJKoZIhvcNAQEL 262BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw 263MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 264AoIBAQCg+cH6k0J7v+UeIeL1zdv3YQRu6gZM/NUun15ul7LUw/FMGAFePoXiwHPO 265VvvMTE7wN7XgxjFcwAZakCTYXYir41MrEpALFsbbGXTnKWNT2Vvz54CMXob/6ONy 266awlsZGuSNPKcvfS3wTFvdAAxOkVwn12l05yRf/uHle8H842OyaXL7cwtI7/kmJOI 267jb68UAIsOg1SU36aIATaUtuk5XK81kBAf1GGKdf199uFs6B9esUEPulzymU8E5FG 268obT7a4ugXnzJnTxexfYqmd8uEx592NswAlLXlBaTuCBdd00mbpzIXgpWrbrZJsCA 2693WaqCQkYQfryXH+uEEUluswNXdg7AgMBAAGjgcswgcgwHQYDVR0OBBYEFCcN0FWI 270Xd4cN5agYhTCGTzGpB/RMB8GA1UdIwQYMBaAFCcN0FWIXd4cN5agYhTCGTzGpB/R 271MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh 272L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S 273b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG 2749w0BAQsFAAOCAQEAVT09Aiwes+JHeK6BsbL1pKA3MDJSXsa00MJtIhlTlHzliSiE 275/63+jq/EOqGRbQ9IFWaDmGV8bGn0xOqrKZrQp26px2ebJryU6d9KeQJIZSi0WQtX 276k2ZVtYeb3kBILjwk4WMIBWb5jZWclRpGDWBfmsNTEO4YNrW4kHSJiw37otXuTLgC 277vPdOP5zVF71PNzM5tLo0279TN9baQ5RZHuowBJkwfcBfBDuXDq3ZPOQQa4L9Ep0s 2788ImlIjyeffvXzBCOr8JtIuBedlbh3s0BhZYSTPCN8ku1vS5R2JwTAgwL/0fCYdOO 27961WvtxD/+teAuqSZ2RCMiTys7EbXxWLjp+3U3g== 280-----END CERTIFICATE----- 281