[Created by: generate-chains.py] A certificate tree with two self-signed root certificates(oldroot, newroot), and a third root certificate (newrootrollover) which has the same key as newroot but is signed by oldroot, all with the same subject and issuer. There are two intermediates with the same key, subject and issuer (oldintermediate signed by oldroot, and newintermediate signed by newroot). The target certificate is signed by the intermediate key. In graphical form: oldroot-------->newrootrollover newroot | | | v v v oldintermediate newintermediate | | +------------+-------------+ | v target Several chains are output: key-rollover-oldchain.pem: target<-oldintermediate<-oldroot key-rollover-rolloverchain.pem: target<-newintermediate<-newrootrollover<-oldroot key-rollover-longrolloverchain.pem: target<-newintermediate<-newroot<-newrootrollover<-oldroot key-rollover-newchain.pem: target<-newintermediate<-newroot All of these chains should verify successfully. Certificate: Data: Version: 3 (0x2) Serial Number: 60:cf:3c:af:c2:01:a7:ee:48:ed:83:9c:13:19:f0:c1:ff:af:13:68 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Intermediate Validity Not Before: Jan 1 12:00:00 2015 GMT Not After : Jan 1 12:00:00 2016 GMT Subject: CN=Target Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ef:77:94:e8:68:c5:7e:1d:9b:ae:10:cd:d5:bb: 96:27:0c:05:17:f4:ec:bc:da:7d:28:e5:b7:e5:8f: da:d8:ae:7a:2a:d2:e3:15:9b:12:62:79:02:61:3d: 3f:8b:64:4e:fb:7d:e1:59:bd:2f:83:ad:d3:b8:e5: 45:33:c4:13:5f:79:ef:8a:3e:c0:39:20:81:e2:98: b9:e6:c9:60:b6:8e:b4:bf:b4:2b:55:ae:b1:7c:21: d3:fe:ec:f0:56:31:fe:0a:19:c4:2c:54:a4:97:aa: 84:a2:83:f8:5a:9a:f3:11:b8:ad:3b:14:3a:68:5a: 72:24:49:6f:6f:5a:02:39:91:07:09:cb:18:57:13: 1e:a4:54:03:31:5c:b6:e9:7d:78:2d:e8:ba:2f:70: 17:0a:03:11:aa:90:c7:5e:f0:1b:7f:56:39:f5:e0: 1f:1e:33:8d:23:30:e6:7a:ba:5e:ca:46:33:13:04: 5c:65:b0:be:53:7f:ab:a7:9f:8d:fb:bd:46:e5:87: 44:31:55:e5:9f:97:7e:a3:ec:69:a8:d7:8b:47:ae: 48:ae:74:50:5e:57:55:31:ca:36:ec:43:a1:dd:61: b2:18:12:6a:29:0b:63:24:d5:71:4d:da:e7:0f:0d: e3:2c:aa:76:6b:f9:2c:93:c2:fa:f9:40:2c:1b:34: 65:53 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: FA:2D:AF:E0:5F:8E:8E:18:7A:FB:AF:FE:D9:C9:A3:62:AA:B8:2A:18 X509v3 Authority Key Identifier: keyid:CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Intermediate.crl X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption 01:db:ae:1e:db:9c:37:2a:1c:f6:44:c8:55:cb:39:9d:88:f5: 72:27:94:80:ec:51:ce:86:c3:64:b9:7f:f6:c2:83:38:9c:66: 27:44:94:31:28:bc:ed:37:dc:bd:7c:84:d5:c6:44:74:ef:81: 54:01:78:55:d0:59:60:99:bc:ab:bb:6a:45:0b:50:f9:de:d4: 3e:ce:ed:1a:26:8f:8b:6c:2d:3a:b2:e8:4b:17:c4:b8:d6:41: 4e:fa:8c:af:70:44:6f:30:71:f5:92:62:7e:db:19:f2:67:18: e9:17:a6:98:b7:9e:7e:df:69:0c:d9:ad:65:b8:0b:5c:1d:c0: a9:4c:e4:1b:2c:56:57:36:3b:8f:50:26:a6:7e:95:4b:06:d6: 67:1d:0e:b4:58:a7:c1:c2:37:ca:87:3a:86:e7:07:df:3c:55: 13:18:e8:5b:8d:08:d2:30:04:1b:de:3f:f3:eb:21:6f:99:e2: 5c:52:6f:37:1f:d9:93:45:e5:81:9d:4b:db:0c:6f:55:fd:e4: 6d:98:ac:88:7b:1a:48:b8:e8:24:ed:a6:cf:e9:f6:e2:a9:71: 60:cd:d7:90:0e:c3:92:b3:57:ec:da:2f:48:84:47:c8:91:c4: 50:1e:f0:c4:91:99:8b:4f:f1:35:65:c1:ab:a2:4a:12:1b:cf: bd:68:1c:bf -----BEGIN CERTIFICATE----- MIIDoDCCAoigAwIBAgIUYM88r8IBp+5I7YOcExnwwf+vE2gwDQYJKoZIhvcNAQEL BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE2 MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA73eU6GjFfh2brhDN1buWJwwFF/TsvNp9KOW35Y/a2K56 KtLjFZsSYnkCYT0/i2RO+33hWb0vg63TuOVFM8QTX3nvij7AOSCB4pi55slgto60 v7QrVa6xfCHT/uzwVjH+ChnELFSkl6qEooP4WprzEbitOxQ6aFpyJElvb1oCOZEH CcsYVxMepFQDMVy26X14Lei6L3AXCgMRqpDHXvAbf1Y59eAfHjONIzDmerpeykYz EwRcZbC+U3+rp5+N+71G5YdEMVXln5d+o+xpqNeLR65IrnRQXldVMco27EOh3WGy GBJqKQtjJNVxTdrnDw3jLKp2a/ksk8L6+UAsGzRlUwIDAQABo4HpMIHmMB0GA1Ud DgQWBBT6La/gX46OGHr7r/7ZyaNiqrgqGDAfBgNVHSMEGDAWgBTMcmDwjYzLqWz/ CVfzav4pRiQmWzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD ggEBAAHbrh7bnDcqHPZEyFXLOZ2I9XInlIDsUc6Gw2S5f/bCgzicZidElDEovO03 3L18hNXGRHTvgVQBeFXQWWCZvKu7akULUPne1D7O7Romj4tsLTqy6EsXxLjWQU76 jK9wRG8wcfWSYn7bGfJnGOkXppi3nn7faQzZrWW4C1wdwKlM5BssVlc2O49QJqZ+ lUsG1mcdDrRYp8HCN8qHOobnB988VRMY6FuNCNIwBBveP/PrIW+Z4lxSbzcf2ZNF 5YGdS9sMb1X95G2YrIh7Gki46CTtps/p9uKpcWDN15AOw5KzV+zaL0iER8iRxFAe 8MSRmYtP8TVlwauiShIbz71oHL8= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:95 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Jan 2 12:00:00 2015 GMT Not After : Jan 1 12:00:00 2016 GMT Subject: CN=Intermediate Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:9d:2b:d3:86:6e:f6:af:a0:b2:08:23:93:2a:c0: 1c:02:49:c6:ef:a9:64:39:4e:80:6a:36:56:e5:a5: 93:0e:45:12:ad:05:41:9a:5d:cc:ed:af:2e:7b:b6: cf:bd:14:79:8f:a5:59:16:02:fe:23:5c:2b:e4:90: d2:67:7c:bb:74:cb:37:20:40:c4:62:fa:e0:23:f1: a4:89:70:fe:54:ea:ea:3b:d7:1a:7a:9b:0d:a1:74: 44:89:c9:58:3d:d6:99:42:6b:e5:da:f5:f1:0c:33: 26:11:e1:d4:2b:33:d7:2e:be:b9:42:5d:e7:b2:ce: 52:37:51:30:17:80:a7:77:e0:ca:55:ac:42:12:23: 17:d6:42:5a:6d:55:1f:f8:f1:13:7b:73:7d:b6:ff: b7:67:72:d8:55:af:8e:60:71:cd:b8:a4:72:9f:84: d8:6f:a6:62:1a:0f:79:de:3e:27:a5:08:bc:90:20: f6:a3:b2:64:21:92:3e:1c:8c:35:f5:38:16:96:18: f1:5c:de:fd:89:b6:4d:ca:00:0a:59:91:84:9a:28: ea:1c:8f:0d:14:aa:4b:e5:56:66:9e:40:36:35:ff: dc:72:f3:ea:e3:7f:b4:73:64:66:ff:81:16:b9:93: 8e:61:30:7f:15:2e:1d:6c:23:90:76:56:b2:60:11: 91:19 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B X509v3 Authority Key Identifier: keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption 58:20:51:07:c1:79:72:0f:8d:3b:34:8d:af:79:8a:f4:65:dd: f6:62:8c:28:b1:e3:91:7a:c1:e0:75:11:6e:f4:cf:90:04:39: 8f:08:19:c9:d5:3b:61:4a:30:5c:f1:dd:93:1d:b0:05:d0:2b: f4:a0:ce:4a:8d:10:f9:ce:47:92:a1:84:8a:5d:42:62:e4:81: 4d:8d:2a:49:cf:41:b7:1f:b8:ef:62:68:80:64:52:b5:b4:e8: 9c:33:10:85:f6:2d:18:0c:a1:cd:a7:6d:2a:b6:73:a8:3d:4c: 64:c3:3a:33:11:8b:6b:0c:68:86:ab:28:c8:e2:21:a0:26:78: ed:15:f6:14:3c:d0:19:ea:d2:88:3b:ed:de:c8:99:4b:74:ff: aa:d3:80:1b:5d:f0:f4:08:33:28:33:e9:0a:e8:07:0c:c4:ab: f6:8c:3d:08:5a:4b:91:84:45:56:85:a0:92:59:e8:b4:e8:c6: 92:0d:db:1a:fe:dc:4f:ac:b6:5c:7e:6f:e5:56:14:85:f4:74: 33:f8:1e:eb:33:d0:0b:74:a6:ef:4e:3b:e7:77:c4:92:26:4e: 5d:e2:cd:6e:dc:f7:25:ee:92:b9:b0:48:5d:46:e5:a9:50:a8: bb:68:57:cb:f8:7f:07:f7:b2:54:97:f9:6e:54:1c:53:09:ce: c0:6b:f1:f1 -----BEGIN CERTIFICATE----- MIIDgDCCAmigAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZUwDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xNjAxMDExMjAw MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAJ0r04Zu9q+gsggjkyrAHAJJxu+pZDlOgGo2VuWlkw5FEq0F QZpdzO2vLnu2z70UeY+lWRYC/iNcK+SQ0md8u3TLNyBAxGL64CPxpIlw/lTq6jvX GnqbDaF0RInJWD3WmUJr5dr18QwzJhHh1Csz1y6+uUJd57LOUjdRMBeAp3fgylWs QhIjF9ZCWm1VH/jxE3tzfbb/t2dy2FWvjmBxzbikcp+E2G+mYhoPed4+J6UIvJAg 9qOyZCGSPhyMNfU4FpYY8Vze/Ym2TcoAClmRhJoo6hyPDRSqS+VWZp5ANjX/3HLz 6uN/tHNkZv+BFrmTjmEwfxUuHWwjkHZWsmARkRkCAwEAAaOByzCByDAdBgNVHQ4E FgQUzHJg8I2My6ls/wlX82r+KUYkJlswHwYDVR0jBBgwFoAUAWtJHyGPgN3Ul8Co uyp+3PPa/eEwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ MA0GCSqGSIb3DQEBCwUAA4IBAQBYIFEHwXlyD407NI2veYr0Zd32YowoseOResHg dRFu9M+QBDmPCBnJ1TthSjBc8d2THbAF0Cv0oM5KjRD5zkeSoYSKXUJi5IFNjSpJ z0G3H7jvYmiAZFK1tOicMxCF9i0YDKHNp20qtnOoPUxkwzozEYtrDGiGqyjI4iGg JnjtFfYUPNAZ6tKIO+3eyJlLdP+q04AbXfD0CDMoM+kK6AcMxKv2jD0IWkuRhEVW haCSWei06MaSDdsa/txPrLZcfm/lVhSF9HQz+B7rM9ALdKbvTjvnd8SSJk5d4s1u 3Pcl7pK5sEhdRuWpUKi7aFfL+H8H97JUl/luVBxTCc7Aa/Hx -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:94 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Jan 2 12:00:00 2015 GMT Not After : Jan 1 12:00:00 2016 GMT Subject: CN=Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c7:04:19:c8:b2:fc:28:77:e5:99:8e:f0:05:8b: 0d:5b:e5:38:f1:8e:d1:07:d2:f6:d8:6b:bd:c8:c3: 2c:f3:05:e9:1f:4c:b6:c1:39:d4:0f:03:2f:62:ba: e7:c4:7e:9c:7c:1c:be:df:6b:f2:34:b2:45:ec:b9: 76:a5:3a:25:1c:a1:b7:78:76:0c:e8:3d:76:d1:46: bd:20:e1:ef:1c:80:22:12:b5:8a:de:78:4f:ed:05: 25:5d:b4:83:4c:9e:b2:ee:64:b5:df:d9:d1:b7:5f: 3c:e9:8a:e1:e1:49:bd:d6:7c:fe:4a:38:f1:94:9a: b5:cc:cf:85:aa:bd:bb:2d:93:b9:a9:2b:c1:f9:82: c0:ba:68:a5:90:4f:e1:d4:30:6f:99:c4:d9:6c:e8: 6a:0c:71:a8:ff:c4:7f:b5:9a:e6:07:a0:ed:f4:3c: 3a:4b:a3:88:b1:41:cf:f1:b8:ea:f8:b7:43:b0:9f: 88:05:eb:cd:ab:27:f5:ed:62:55:05:3d:62:59:b4: 1c:07:ca:c4:49:3d:07:80:93:13:ff:0f:31:4f:34: 41:9e:5b:a9:0a:79:fa:13:91:da:7c:35:c4:7b:56: 9c:a1:89:05:7d:6e:12:e5:e4:83:be:9a:5e:14:cd: fc:27:58:ae:f5:26:83:36:a4:04:61:a7:4a:01:2f: 1a:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 X509v3 Authority Key Identifier: keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption 2c:4d:7f:fd:1c:4e:6a:f0:7b:d1:a6:d2:92:35:0a:bb:00:96: f6:87:a2:8f:c8:20:51:fe:34:1b:e2:72:e0:52:ce:33:14:b8: 9a:fb:2d:71:5d:cb:77:1e:47:cb:00:f3:e8:12:54:1a:d4:02: e7:ee:4b:21:d2:b0:7e:df:a3:47:f2:0a:15:fe:b8:e6:7f:85: 97:eb:2f:8d:1d:9d:0d:ba:34:ce:10:a9:a8:36:b8:ea:95:83: 28:10:4b:09:2f:c6:7d:b4:9c:d7:20:cc:af:9f:99:36:67:a9: 09:27:99:98:e5:10:6e:1b:ad:a1:46:0f:2f:82:98:98:28:30: 72:33:1f:7a:24:fd:61:17:5d:23:a3:ca:70:76:a4:95:b8:7c: 84:d7:f8:68:bd:23:27:34:0b:0f:65:c0:74:2f:28:94:46:73: e3:7c:1a:f6:11:36:13:9b:16:5a:92:84:85:6d:59:88:85:82: b5:43:22:fd:f5:9f:2d:82:27:cb:40:a4:b9:6c:50:7d:31:af: 3f:cf:83:57:72:e5:d4:6b:5e:9d:97:d1:bf:a5:0a:0d:00:88: 3d:25:b4:5c:a5:62:00:69:22:4e:ef:07:39:cf:74:33:7e:bb: 03:07:57:49:38:d7:5c:3c:43:bf:cd:fe:af:1a:75:24:4d:a5: f9:63:2c:bf -----BEGIN CERTIFICATE----- MIIDeDCCAmCgAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZQwDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xNjAxMDExMjAw MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDHBBnIsvwod+WZjvAFiw1b5TjxjtEH0vbYa73IwyzzBekfTLbBOdQPAy9i uufEfpx8HL7fa/I0skXsuXalOiUcobd4dgzoPXbRRr0g4e8cgCIStYreeE/tBSVd tINMnrLuZLXf2dG3XzzpiuHhSb3WfP5KOPGUmrXMz4Wqvbstk7mpK8H5gsC6aKWQ T+HUMG+ZxNls6GoMcaj/xH+1muYHoO30PDpLo4ixQc/xuOr4t0Own4gF682rJ/Xt YlUFPWJZtBwHysRJPQeAkxP/DzFPNEGeW6kKefoTkdp8NcR7VpyhiQV9bhLl5IO+ ml4UzfwnWK71JoM2pARhp0oBLxpPAgMBAAGjgcswgcgwHQYDVR0OBBYEFAFrSR8h j4Dd1JfAqLsqftzz2v3hMB8GA1UdIwQYMBaAFAFrSR8hj4Dd1JfAqLsqftzz2v3h MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG 9w0BAQsFAAOCAQEALE1//RxOavB70abSkjUKuwCW9oeij8ggUf40G+Jy4FLOMxS4 mvstcV3Ldx5HywDz6BJUGtQC5+5LIdKwft+jR/IKFf645n+Fl+svjR2dDbo0zhCp qDa46pWDKBBLCS/GfbSc1yDMr5+ZNmepCSeZmOUQbhutoUYPL4KYmCgwcjMfeiT9 YRddI6PKcHaklbh8hNf4aL0jJzQLD2XAdC8olEZz43wa9hE2E5sWWpKEhW1ZiIWC tUMi/fWfLYIny0CkuWxQfTGvP8+DV3Ll1GtenZfRv6UKDQCIPSW0XKViAGkiTu8H Oc90M367AwdXSTjXXDxDv83+rxp1JE2l+WMsvw== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:96 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Jan 2 12:00:00 2015 GMT Not After : Jan 1 12:00:00 2016 GMT Subject: CN=Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c7:04:19:c8:b2:fc:28:77:e5:99:8e:f0:05:8b: 0d:5b:e5:38:f1:8e:d1:07:d2:f6:d8:6b:bd:c8:c3: 2c:f3:05:e9:1f:4c:b6:c1:39:d4:0f:03:2f:62:ba: e7:c4:7e:9c:7c:1c:be:df:6b:f2:34:b2:45:ec:b9: 76:a5:3a:25:1c:a1:b7:78:76:0c:e8:3d:76:d1:46: bd:20:e1:ef:1c:80:22:12:b5:8a:de:78:4f:ed:05: 25:5d:b4:83:4c:9e:b2:ee:64:b5:df:d9:d1:b7:5f: 3c:e9:8a:e1:e1:49:bd:d6:7c:fe:4a:38:f1:94:9a: b5:cc:cf:85:aa:bd:bb:2d:93:b9:a9:2b:c1:f9:82: c0:ba:68:a5:90:4f:e1:d4:30:6f:99:c4:d9:6c:e8: 6a:0c:71:a8:ff:c4:7f:b5:9a:e6:07:a0:ed:f4:3c: 3a:4b:a3:88:b1:41:cf:f1:b8:ea:f8:b7:43:b0:9f: 88:05:eb:cd:ab:27:f5:ed:62:55:05:3d:62:59:b4: 1c:07:ca:c4:49:3d:07:80:93:13:ff:0f:31:4f:34: 41:9e:5b:a9:0a:79:fa:13:91:da:7c:35:c4:7b:56: 9c:a1:89:05:7d:6e:12:e5:e4:83:be:9a:5e:14:cd: fc:27:58:ae:f5:26:83:36:a4:04:61:a7:4a:01:2f: 1a:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 X509v3 Authority Key Identifier: keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption 92:e9:36:26:51:cb:1d:31:0c:a0:5e:86:32:26:b1:0a:2f:2a: e7:a5:65:0d:6e:56:e2:6d:1e:41:52:23:03:38:63:72:20:10: b8:0f:42:28:9a:53:6e:ea:3c:88:a4:b6:89:67:50:34:2b:84: 15:a3:ee:e2:a6:88:74:80:c0:8d:f0:af:84:10:94:2f:50:6f: b8:7f:55:a6:a2:18:d5:0e:98:1d:2e:62:29:15:eb:07:eb:01: a8:33:f2:11:08:d3:b1:09:2a:2a:05:81:ec:7c:29:10:bd:6f: 07:55:05:77:21:e1:84:25:b3:65:b2:be:e6:db:7b:3f:e2:46: a6:03:75:07:d0:ec:b4:00:e8:46:bf:16:2d:b0:87:0e:06:84: 7c:54:3b:a1:8c:0e:fa:d3:d1:d2:5d:40:c1:24:b9:00:31:b7: bc:9a:3a:e9:68:5a:bc:20:7e:5a:5e:8b:a7:28:e2:a6:5c:9b: ff:0f:c6:ae:39:04:1d:73:77:8f:e3:28:03:7e:c5:92:50:9a: dc:15:67:b6:42:be:7f:b1:a6:5f:25:3c:61:6c:68:a0:b5:d0: d9:d5:bd:45:29:06:bc:ab:ee:16:6f:63:55:6b:eb:d1:9c:a5: a7:47:70:4b:43:3a:2a:b2:a1:b5:3a:a2:fe:57:78:db:16:66: 9f:4c:3e:55 -----BEGIN CERTIFICATE----- MIIDeDCCAmCgAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZYwDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xNjAxMDExMjAw MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDHBBnIsvwod+WZjvAFiw1b5TjxjtEH0vbYa73IwyzzBekfTLbBOdQPAy9i uufEfpx8HL7fa/I0skXsuXalOiUcobd4dgzoPXbRRr0g4e8cgCIStYreeE/tBSVd tINMnrLuZLXf2dG3XzzpiuHhSb3WfP5KOPGUmrXMz4Wqvbstk7mpK8H5gsC6aKWQ T+HUMG+ZxNls6GoMcaj/xH+1muYHoO30PDpLo4ixQc/xuOr4t0Own4gF682rJ/Xt YlUFPWJZtBwHysRJPQeAkxP/DzFPNEGeW6kKefoTkdp8NcR7VpyhiQV9bhLl5IO+ ml4UzfwnWK71JoM2pARhp0oBLxpPAgMBAAGjgcswgcgwHQYDVR0OBBYEFAFrSR8h j4Dd1JfAqLsqftzz2v3hMB8GA1UdIwQYMBaAFNJFZGiGjgfyr78L891/YR1La0rN MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG 9w0BAQsFAAOCAQEAkuk2JlHLHTEMoF6GMiaxCi8q56VlDW5W4m0eQVIjAzhjciAQ uA9CKJpTbuo8iKS2iWdQNCuEFaPu4qaIdIDAjfCvhBCUL1BvuH9VpqIY1Q6YHS5i KRXrB+sBqDPyEQjTsQkqKgWB7HwpEL1vB1UFdyHhhCWzZbK+5tt7P+JGpgN1B9Ds tADoRr8WLbCHDgaEfFQ7oYwO+tPR0l1AwSS5ADG3vJo66WhavCB+Wl6Lpyjiplyb /w/GrjkEHXN3j+MoA37FklCa3BVntkK+f7GmXyU8YWxooLXQ2dW9RSkGvKvuFm9j VWvr0Zylp0dwS0M6KrKhtTqi/ld42xZmn0w+VQ== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:92 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Jan 1 12:00:00 2015 GMT Not After : Jan 1 12:00:00 2016 GMT Subject: CN=Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ef:5f:3f:57:00:ad:2d:82:81:56:19:c0:da:98: 72:8b:7f:4b:4f:37:f2:d9:0e:b3:3c:7b:73:d3:8a: ad:5a:94:9c:37:0b:bc:68:4b:40:ac:a9:d1:1f:1b: 35:6a:74:50:6b:91:c2:30:e5:a6:88:87:90:f4:dc: 8d:09:49:6a:3e:f0:fe:cf:bb:b3:3b:33:c1:2a:2e: b9:fb:9b:6a:db:2a:a6:9f:87:46:6a:b0:7d:87:c6: 63:27:cd:58:e7:55:7d:c5:6c:d8:ac:c7:10:fb:6e: 68:40:9d:69:bf:8f:a0:9c:36:d8:7a:dc:fb:14:48: f4:96:5d:c2:0e:8f:e9:2f:1d:08:13:04:a0:1d:03: 78:b8:a6:97:15:13:0f:91:4e:9e:18:00:96:9f:94: e6:ad:02:2e:c7:60:c8:ed:50:54:02:2e:b2:6b:6e: d5:78:7f:7a:74:20:20:f6:9c:fa:98:17:b3:8f:fd: 92:01:3d:ff:e6:56:fa:45:28:41:b1:3c:ba:4a:ef: bc:ff:4c:1e:d3:96:bc:5d:a6:06:7d:27:d8:66:13: e0:40:74:83:8c:f4:89:c9:8d:8a:13:b7:98:88:32: 6c:51:6c:15:92:1c:1b:e7:f7:08:a6:35:81:b4:24: be:45:10:1f:ff:c9:e4:4d:35:b7:4d:3c:ae:54:d2: ee:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD X509v3 Authority Key Identifier: keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption c3:93:57:64:ef:a6:14:46:fd:70:31:57:e2:2d:d1:84:90:c6: 24:77:6a:9d:e4:a7:39:fc:ae:f6:22:f8:ae:04:d9:8b:9c:e7: c1:52:b4:1a:39:85:62:30:25:49:40:86:87:48:5f:fb:f8:4e: 19:fe:68:1f:07:17:e2:a7:09:86:f1:49:58:6e:3e:04:49:01: 87:2a:92:c1:38:45:4a:fa:e9:36:f5:30:77:01:2a:03:2b:ae: 9c:bd:bc:a4:61:43:4c:a4:90:97:f6:d8:40:8b:20:c2:7e:cf: ed:83:08:b8:c5:68:4f:a4:69:83:16:c5:b5:e5:9a:a3:4d:f2: 4f:f4:51:3a:19:3f:8b:83:3e:04:c3:bf:7a:bf:cf:37:86:0f: a1:79:a7:bf:c9:9c:7b:52:b9:84:ca:97:51:89:f2:25:bd:15: 4f:61:d5:bd:f0:86:e9:14:b3:77:92:11:d5:b9:7a:58:6c:b3: 96:16:9b:ac:db:e1:97:f7:5e:f9:58:e7:b3:4b:35:05:e6:aa: a4:ca:a5:1a:48:b0:28:84:81:7f:32:07:39:cd:31:32:b5:c8: da:0c:07:c2:1a:01:26:41:76:26:68:36:50:2c:34:5c:3f:b7: 05:4a:50:d3:37:ec:8c:d1:84:3c:25:f0:d9:ef:5e:0d:b9:b1: f9:d9:d6:3a -----BEGIN CERTIFICATE----- MIIDeDCCAmCgAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZIwDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDvXz9XAK0tgoFWGcDamHKLf0tPN/LZDrM8e3PTiq1alJw3C7xoS0CsqdEf GzVqdFBrkcIw5aaIh5D03I0JSWo+8P7Pu7M7M8EqLrn7m2rbKqafh0ZqsH2HxmMn zVjnVX3FbNisxxD7bmhAnWm/j6CcNth63PsUSPSWXcIOj+kvHQgTBKAdA3i4ppcV Ew+RTp4YAJaflOatAi7HYMjtUFQCLrJrbtV4f3p0ICD2nPqYF7OP/ZIBPf/mVvpF KEGxPLpK77z/TB7TlrxdpgZ9J9hmE+BAdIOM9InJjYoTt5iIMmxRbBWSHBvn9wim NYG0JL5FEB//yeRNNbdNPK5U0u5vAgMBAAGjgcswgcgwHQYDVR0OBBYEFNJFZGiG jgfyr78L891/YR1La0rNMB8GA1UdIwQYMBaAFNJFZGiGjgfyr78L891/YR1La0rN MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG 9w0BAQsFAAOCAQEAw5NXZO+mFEb9cDFX4i3RhJDGJHdqneSnOfyu9iL4rgTZi5zn wVK0GjmFYjAlSUCGh0hf+/hOGf5oHwcX4qcJhvFJWG4+BEkBhyqSwThFSvrpNvUw dwEqAyuunL28pGFDTKSQl/bYQIsgwn7P7YMIuMVoT6RpgxbFteWao03yT/RROhk/ i4M+BMO/er/PN4YPoXmnv8mce1K5hMqXUYnyJb0VT2HVvfCG6RSzd5IR1bl6WGyz lhabrNvhl/de+Vjns0s1BeaqpMqlGkiwKISBfzIHOc0xMrXI2gwHwhoBJkF2Jmg2 UCw0XD+3BUpQ0zfsjNGEPCXw2e9eDbmx+dnWOg== -----END CERTIFICATE-----