[Created by: ./generate-chains.py] Certificate chain with inhibitPolicyMapping:1 on the root, and an intermediate that uses policy mappings. Should pass, since policy mapping will be allowed on the intermediate. Certificate: Data: Version: 3 (0x2) Serial Number: 71:75:aa:66:71:9f:a2:e4:f4:08:1c:39:12:b5:7f:3f:26:78:b9:b5 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Intermediate Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Target Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:f3:c0:35:f0:bc:ce:63:f2:31:e5:ab:19:0b:db: 9b:39:de:84:ac:f6:91:cd:04:b2:7f:77:c3:66:af: 79:d4:63:5e:79:c6:12:9b:38:6c:9b:00:94:b3:c2: f0:3e:21:d8:41:ba:3c:27:46:b3:35:0f:79:cc:ea: 7d:5e:01:da:55:4a:8d:19:09:fd:70:51:1a:68:f8: 64:ad:a5:a7:f9:bc:49:7f:49:55:17:c5:5b:7a:f8: bb:78:56:66:16:86:6f:ec:aa:0f:d2:4d:60:57:22: 45:45:d0:3e:03:f3:29:a1:33:5f:b8:bf:0f:d8:ce: ab:39:37:dc:73:a1:f4:4d:b9:77:71:8d:70:29:69: 56:07:8e:b1:c4:9f:a8:8f:8c:53:c6:18:4c:7d:91: b6:9d:13:c6:29:db:27:ec:b9:3e:94:ba:5b:78:c4: d3:e3:0f:a6:b1:f8:8b:db:09:e9:9d:fa:f1:90:23: 75:fa:f5:76:26:f0:18:c2:a3:12:de:57:e3:72:2e: 5e:2d:e3:55:2e:34:b6:5c:3f:fd:27:ac:48:61:44: 0e:50:27:85:7e:28:fb:74:a8:72:1a:d2:e2:bc:bc: 89:c3:6f:17:43:b4:1c:68:2f:41:12:37:51:5c:bc: 65:36:97:dc:6f:3e:23:14:07:e1:b4:be:e0:df:d9: 49:81 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 9E:36:84:92:68:F5:BC:1A:E1:90:AE:C5:29:A6:8E:0E:B7:BC:23:23 X509v3 Authority Key Identifier: 6E:12:E7:F3:47:71:41:A0:FC:BD:3C:54:9B:CF:55:B3:41:4E:D0:9F Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Intermediate.crl X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Certificate Policies: critical Policy: 1.2.3.5 Signature Algorithm: sha256WithRSAEncryption Signature Value: 97:1b:a5:b9:8b:bd:71:67:64:1c:50:59:2e:b3:ae:d6:1c:2a: b4:0c:f2:c2:65:41:90:f7:34:f0:d3:5a:f0:a7:21:f7:9a:5e: 51:e2:ae:78:5c:ec:99:51:9c:72:47:9f:03:f4:59:ad:a2:86: 98:8a:4f:15:c8:27:f7:81:3a:e8:1f:ff:d6:f3:7e:84:20:27: ac:54:48:4d:f6:ff:d9:3e:b0:6e:bf:bf:d1:5f:fe:7b:94:c9: e6:3e:36:7a:91:97:02:dc:f1:d0:92:05:29:64:ec:eb:f2:9d: 69:33:41:b5:c2:01:cb:0a:7e:44:92:58:c4:d2:b8:96:8c:47: 96:e1:b3:d3:ac:94:66:0e:2e:ff:86:ef:1b:a7:05:5e:27:4e: 31:99:d5:65:48:79:c0:fb:22:64:63:c0:cc:11:e0:6c:c2:ba: 1b:58:b5:b1:c3:f8:f4:b8:8b:c6:a1:17:9e:57:cd:d4:ff:f8: d4:30:5a:ce:df:d1:07:43:99:40:1d:c4:6f:78:d1:46:74:12: f3:d9:32:f0:94:2d:f4:ab:34:1b:1d:7f:20:d1:85:f9:bd:cd: 0f:4c:31:58:25:63:24:33:28:dd:dc:81:94:5d:bc:99:b1:81: 8c:26:15:ae:b6:2c:cc:31:b2:b4:68:e7:73:1d:d1:07:cd:c0: 18:bc:65:c8 -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIUcXWqZnGfouT0CBw5ErV/PyZ4ubUwDQYJKoZIhvcNAQEL BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA88A18LzOY/Ix5asZC9ubOd6ErPaRzQSyf3fDZq951GNe ecYSmzhsmwCUs8LwPiHYQbo8J0azNQ95zOp9XgHaVUqNGQn9cFEaaPhkraWn+bxJ f0lVF8Vbevi7eFZmFoZv7KoP0k1gVyJFRdA+A/MpoTNfuL8P2M6rOTfcc6H0Tbl3 cY1wKWlWB46xxJ+oj4xTxhhMfZG2nRPGKdsn7Lk+lLpbeMTT4w+msfiL2wnpnfrx kCN1+vV2JvAYwqMS3lfjci5eLeNVLjS2XD/9J6xIYUQOUCeFfij7dKhyGtLivLyJ w28XQ7QcaC9BEjdRXLxlNpfcbz4jFAfhtL7g39lJgQIDAQABo4H+MIH7MB0GA1Ud DgQWBBSeNoSSaPW8GuGQrsUppo4Ot7wjIzAfBgNVHSMEGDAWgBRuEufzR3FBoPy9 PFSbz1WzQU7QnzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF BgMqAwUwDQYJKoZIhvcNAQELBQADggEBAJcbpbmLvXFnZBxQWS6zrtYcKrQM8sJl QZD3NPDTWvCnIfeaXlHirnhc7JlRnHJHnwP0Wa2ihpiKTxXIJ/eBOugf/9bzfoQg J6xUSE32/9k+sG6/v9Ff/nuUyeY+NnqRlwLc8dCSBSlk7OvynWkzQbXCAcsKfkSS WMTSuJaMR5bhs9OslGYOLv+G7xunBV4nTjGZ1WVIecD7ImRjwMwR4GzCuhtYtbHD +PS4i8ahF55XzdT/+NQwWs7f0QdDmUAdxG940UZ0EvPZMvCULfSrNBsdfyDRhfm9 zQ9MMVglYyQzKN3cgZRdvJmxgYwmFa62LMwxsrRo53Md0QfNwBi8Zcg= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 1a:3b:ce:d1:26:69:e6:02:a2:2d:6a:b7:12:bc:51:e8:a3:d6:ee:5f Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Intermediate Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:99:47:50:56:9f:bd:ac:ff:54:c8:d8:92:80:a1: 82:ff:be:01:07:69:e9:a2:e0:25:84:4c:c5:04:6b: d3:82:c0:1b:d0:70:26:79:34:c5:07:4f:25:00:29: 62:d1:41:3c:ed:49:3b:11:d9:20:4d:f3:3c:0b:21: be:46:4d:06:02:ab:fb:b1:89:cd:aa:f3:f3:2e:92: 51:d5:13:1d:2c:78:dd:81:db:d0:60:5b:e9:09:03: f4:f4:33:e2:f8:16:3d:bf:53:8b:5b:57:02:8c:4b: 1c:2b:51:76:df:a5:7b:e2:47:07:ed:70:df:c3:02: 61:9b:46:e1:1b:3d:d1:de:e2:9b:e4:77:5b:fc:8a: 73:94:48:89:82:2b:4f:b1:3b:90:de:42:6c:b1:d7: ee:bc:df:74:e4:a5:99:8c:81:7a:e9:ee:5d:60:53: 68:77:e5:b8:27:a8:18:7b:f6:9b:93:39:3f:8f:d9: bf:50:65:65:5c:e8:52:fe:c3:63:34:b5:4b:ee:c7: 6a:5b:aa:36:4c:8d:05:e0:50:5d:af:e1:63:42:7b: f7:82:24:f6:57:b6:5e:65:54:ed:02:0f:46:a3:08: 3b:28:fa:ca:69:c3:f4:7e:9d:25:3a:12:4e:65:6b: a7:04:43:7b:a6:d2:5f:e2:7f:bb:d4:70:ba:c8:a9: b4:97 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 6E:12:E7:F3:47:71:41:A0:FC:BD:3C:54:9B:CF:55:B3:41:4E:D0:9F X509v3 Authority Key Identifier: D7:A0:BF:D3:FD:2D:4F:A8:47:79:67:9F:0C:35:2D:C3:BE:49:E2:FD Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Policy Constraints: critical Require Explicit Policy:0 X509v3 Certificate Policies: critical Policy: 1.2.3.4 X509v3 Policy Mappings: critical 1.2.3.4:1.2.3.5 Signature Algorithm: sha256WithRSAEncryption Signature Value: 07:9b:f8:51:e0:5e:9c:5b:f7:64:f4:cd:c2:aa:8d:d0:83:fc: ab:6a:8b:8f:8b:31:8c:79:05:ab:18:0c:31:5a:c4:22:31:3f: 07:54:16:ad:2f:d8:12:5a:24:25:1f:88:8f:f0:2c:4e:2b:6d: d4:60:4f:95:15:fb:6a:6c:1e:40:40:4f:b1:59:bf:2c:2f:97: c7:89:33:52:68:d0:93:7d:06:a2:9a:d7:1e:44:ab:19:44:29: 6d:02:63:a8:c2:0e:29:35:eb:11:04:57:cd:06:e9:0a:00:c2: f1:a9:9d:4a:f8:09:d4:44:a7:32:89:5f:42:8c:cf:bc:5f:52: c7:af:a6:92:8f:9c:c6:af:42:29:c7:de:db:e6:b5:40:ca:44: 9d:7b:43:32:f2:e4:3f:e3:33:a0:c0:13:cb:15:bc:84:27:9a: ef:92:b7:7d:e5:c9:5a:39:c9:b1:58:90:4e:da:1f:3b:98:7a: de:d5:c6:3d:60:73:9f:1e:9a:4d:3d:d6:7c:8a:b9:4e:2e:17: e6:69:9e:a1:80:a0:b9:b9:97:cd:0f:d4:78:88:28:f6:09:a9: 45:b5:11:af:53:6d:84:4b:9c:09:42:eb:aa:7e:65:2a:be:8b: 31:66:f3:68:10:fc:e4:71:84:3d:09:c7:f3:7b:61:fb:8d:f7: b3:70:99:97 -----BEGIN CERTIFICATE----- MIIDwjCCAqqgAwIBAgIUGjvO0SZp5gKiLWq3ErxR6KPW7l8wDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAJlHUFafvaz/VMjYkoChgv++AQdp6aLgJYRMxQRr04LAG9Bw Jnk0xQdPJQApYtFBPO1JOxHZIE3zPAshvkZNBgKr+7GJzarz8y6SUdUTHSx43YHb 0GBb6QkD9PQz4vgWPb9Ti1tXAoxLHCtRdt+le+JHB+1w38MCYZtG4Rs90d7im+R3 W/yKc5RIiYIrT7E7kN5CbLHX7rzfdOSlmYyBeunuXWBTaHfluCeoGHv2m5M5P4/Z v1BlZVzoUv7DYzS1S+7HaluqNkyNBeBQXa/hY0J794Ik9le2XmVU7QIPRqMIOyj6 ymnD9H6dJToSTmVrpwRDe6bSX+J/u9RwusiptJcCAwEAAaOCAQwwggEIMB0GA1Ud DgQWBBRuEufzR3FBoPy9PFSbz1WzQU7QnzAfBgNVHSMEGDAWgBTXoL/T/S1PqEd5 Z58MNS3Dvkni/TA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91 cmwtZm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJs LWZvci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB Af8wDwYDVR0kAQH/BAUwA4ABADATBgNVHSABAf8ECTAHMAUGAyoDBDAYBgNVHSEB Af8EDjAMMAoGAyoDBAYDKgMFMA0GCSqGSIb3DQEBCwUAA4IBAQAHm/hR4F6cW/dk 9M3Cqo3Qg/yraouPizGMeQWrGAwxWsQiMT8HVBatL9gSWiQlH4iP8CxOK23UYE+V FftqbB5AQE+xWb8sL5fHiTNSaNCTfQaimtceRKsZRCltAmOowg4pNesRBFfNBukK AMLxqZ1K+AnURKcyiV9CjM+8X1LHr6aSj5zGr0Ipx97b5rVAykSde0My8uQ/4zOg wBPLFbyEJ5rvkrd95claOcmxWJBO2h87mHre1cY9YHOfHppNPdZ8irlOLhfmaZ6h gKC5uZfND9R4iCj2CalFtRGvU22ES5wJQuuqfmUqvosxZvNoEPzkcYQ9Ccfze2H7 jfezcJmX -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 1a:3b:ce:d1:26:69:e6:02:a2:2d:6a:b7:12:bc:51:e8:a3:d6:ee:5e Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Root Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a0:cd:53:80:33:bf:64:5d:06:66:6f:65:b5:97: de:4e:5c:0d:48:e1:63:b4:dc:72:9f:5a:70:43:ab: 75:e0:74:03:06:c8:bf:87:6b:cf:a0:29:8d:45:c3: 5a:eb:a0:57:63:0f:d2:4f:18:5c:cc:c0:41:17:37: 31:7a:0c:0b:dd:f5:fa:c2:88:16:42:25:73:d5:fb: 09:5f:43:f7:46:1c:2c:68:0a:b1:2b:1b:f6:71:f6: bf:d3:c7:ff:66:f7:9d:be:a7:d8:ef:bb:ad:32:89: 4e:5d:8d:9e:1d:cc:6b:a6:93:a4:3f:4f:e4:bd:a3: c0:55:20:91:56:2f:a6:0b:2b:13:ce:fb:f4:24:86: 5b:82:5a:35:9a:d5:98:10:d1:66:cc:88:dc:c4:6d: 1d:d4:35:55:5b:00:5c:6a:10:07:77:59:b4:7a:9b: a2:7a:c8:16:1c:b2:c4:bb:56:1c:cc:6a:01:28:4d: 0a:fc:fa:dc:5d:a4:c0:c3:7d:d0:c5:8f:16:13:8b: 59:dd:fb:c8:b3:11:8f:9f:9b:44:c7:48:8d:14:67: f3:8a:68:a9:8e:aa:bf:c6:51:e9:dc:28:c4:d3:dd: 9f:b1:e7:ab:d6:fe:f3:bb:6b:53:76:d1:ba:66:64: 62:6a:6e:cf:2b:2b:cf:d6:c5:30:78:a0:ac:d1:4e: 84:a5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: D7:A0:BF:D3:FD:2D:4F:A8:47:79:67:9F:0C:35:2D:C3:BE:49:E2:FD X509v3 Authority Key Identifier: D7:A0:BF:D3:FD:2D:4F:A8:47:79:67:9F:0C:35:2D:C3:BE:49:E2:FD Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Policy Constraints: critical Inhibit Policy Mapping:1 Signature Algorithm: sha256WithRSAEncryption Signature Value: 0f:1a:40:a5:f3:25:67:a6:7a:05:2e:d4:96:d4:45:51:62:db: 39:77:4c:76:90:c7:e5:73:14:00:ab:3d:00:d9:ad:e8:da:80: 94:7f:81:e6:aa:86:3c:6d:84:fc:19:de:1c:0e:4f:93:c3:88: 0b:7f:f9:56:81:ac:c8:92:2e:5c:48:a2:bf:69:a0:d0:f4:42: f6:54:5f:f5:c5:4f:dd:52:84:f9:a2:df:d7:dc:4d:78:7e:3b: 2d:be:e6:f2:b4:53:ca:b3:28:69:a4:ab:57:e9:2f:47:19:27: a7:8e:17:ef:90:f1:e0:42:74:0b:16:37:d6:47:5e:d5:9c:a1: a5:d7:63:6b:9b:2f:e1:e1:34:41:c3:19:71:ef:08:61:6c:a7: 29:0a:cb:c6:0f:72:f4:c9:31:59:52:b6:cd:0c:c4:8d:5f:e4: 3f:0a:89:47:5a:fd:11:89:34:8d:b0:67:d8:07:d9:a6:d3:be: db:c4:ed:96:6f:25:35:bb:42:45:1c:70:65:82:f9:bd:88:6b: 8d:de:1b:84:e7:d6:80:aa:92:af:88:f0:f2:42:e7:20:5f:46: b6:80:c8:49:49:ee:cc:a6:13:c3:86:26:7b:50:c5:f4:7b:41: d3:ea:37:f4:11:46:66:09:d0:57:4e:33:e4:44:e0:f6:58:5d: f7:5c:6c:d1 -----BEGIN CERTIFICATE----- MIIDiTCCAnGgAwIBAgIUGjvO0SZp5gKiLWq3ErxR6KPW7l4wDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCgzVOAM79kXQZmb2W1l95OXA1I4WO03HKfWnBDq3XgdAMGyL+Ha8+gKY1F w1rroFdjD9JPGFzMwEEXNzF6DAvd9frCiBZCJXPV+wlfQ/dGHCxoCrErG/Zx9r/T x/9m952+p9jvu60yiU5djZ4dzGumk6Q/T+S9o8BVIJFWL6YLKxPO+/QkhluCWjWa 1ZgQ0WbMiNzEbR3UNVVbAFxqEAd3WbR6m6J6yBYcssS7VhzMagEoTQr8+txdpMDD fdDFjxYTi1nd+8izEY+fm0THSI0UZ/OKaKmOqr/GUencKMTT3Z+x56vW/vO7a1N2 0bpmZGJqbs8rK8/WxTB4oKzRToSlAgMBAAGjgdwwgdkwHQYDVR0OBBYEFNegv9P9 LU+oR3lnnww1LcO+SeL9MB8GA1UdIwQYMBaAFNegv9P9LU+oR3lnnww1LcO+SeL9 MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQB Af8EBTADgQEBMA0GCSqGSIb3DQEBCwUAA4IBAQAPGkCl8yVnpnoFLtSW1EVRYts5 d0x2kMflcxQAqz0A2a3o2oCUf4HmqoY8bYT8Gd4cDk+Tw4gLf/lWgazIki5cSKK/ aaDQ9EL2VF/1xU/dUoT5ot/X3E14fjstvubytFPKsyhppKtX6S9HGSenjhfvkPHg QnQLFjfWR17VnKGl12Nrmy/h4TRBwxlx7whhbKcpCsvGD3L0yTFZUrbNDMSNX+Q/ ColHWv0RiTSNsGfYB9mm077bxO2WbyU1u0JFHHBlgvm9iGuN3huE59aAqpKviPDy QucgX0a2gMhJSe7MphPDhiZ7UMX0e0HT6jf0EUZmCdBXTjPkROD2WF33XGzR -----END CERTIFICATE-----