[Created by: generate-chains.py] Certificate chain where the root certificate restricts the extended key usage to clientAuth. Certificate: Data: Version: 3 (0x2) Serial Number: 77:30:29:4c:98:1d:55:e4:df:5e:92:14:f6:68:26:ef:11:01:dd:15 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Intermediate Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Target Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c0:64:a7:01:b2:83:6c:47:bc:2d:30:01:f9:43: 8c:fc:cc:6b:7c:a4:c7:1c:78:fa:a8:8c:be:1e:9a: 72:d0:34:1a:56:80:67:67:76:48:8a:9f:c5:3a:68: 9e:53:c2:35:ce:69:7e:4f:d5:c4:fb:0b:91:3c:af: 00:26:f4:bf:77:ca:cd:ec:87:f9:6e:05:9b:0c:93: 1b:f2:6e:c8:10:32:4e:7b:51:1c:22:77:4c:b8:a3: bd:d6:dc:95:29:9b:4b:b5:d9:ce:ae:91:d8:05:c5: c5:bf:4a:9c:b7:94:db:d5:a5:e6:b1:44:e1:02:4a: 1a:dc:21:e5:e6:a6:ba:54:2e:2c:3f:40:f5:fd:5c: 79:dd:55:6d:9e:e2:ab:db:3c:67:b4:84:db:ba:86: fd:a0:b5:d8:8b:d0:b8:bc:8b:77:e9:32:31:51:68: ee:18:17:09:e2:f1:27:79:ca:3c:72:a8:f3:96:25: 31:24:3a:05:53:d4:89:0a:48:7a:9c:2d:6d:6a:84: 97:df:34:c9:22:7f:d5:05:f2:2c:91:e9:c4:7f:ab: d0:ae:76:22:64:ae:be:e2:7f:97:08:ec:86:8a:92: bf:57:f0:22:f7:91:ff:86:17:62:92:e3:80:8b:19: 84:14:60:19:00:91:d6:fe:51:96:77:5b:22:0d:32: 50:07 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: E8:27:22:F1:C3:94:E3:48:C4:4C:45:0D:D6:4E:1C:6E:CF:9D:1B:1B X509v3 Authority Key Identifier: keyid:8F:7C:F8:3A:27:33:C2:AB:96:9E:BD:0F:68:E0:C9:58:BB:0B:7C:F2 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Intermediate.crl X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption 9b:da:f1:df:bb:7b:45:32:49:30:c9:75:1b:ca:cf:64:0c:3a: e4:b3:68:73:da:46:87:7b:0f:ad:23:16:43:f6:9c:b3:e4:c1: 6f:ad:32:3b:68:ce:47:c4:cd:70:a4:5d:c3:91:34:1e:ba:c4: 73:e5:25:b4:4c:85:05:32:5b:fe:b4:98:88:f7:c9:aa:96:6d: b1:ce:cc:3c:51:6c:ab:ec:c7:20:10:47:dc:6f:13:a6:4c:db: 11:02:1f:98:ae:76:9d:75:28:56:f9:26:73:ef:fb:f9:51:d3: 9a:65:21:70:27:f7:47:05:5c:f3:8c:38:6e:f9:58:c7:d3:f2: 3e:8b:3c:3b:ed:b3:ba:0c:ac:c0:43:0a:c0:34:54:f9:9c:4e: 44:76:1e:f5:a6:b6:7b:a7:dd:1b:22:0d:fa:ff:67:1c:d9:1c: 66:9c:4c:30:88:4c:dc:d6:fb:ad:01:ed:5b:3d:aa:98:b7:27: e6:68:94:33:2e:32:3d:56:33:88:8b:66:2c:91:3b:20:c1:10: 43:e3:89:1c:ee:8a:ea:b0:66:45:6a:1f:23:ab:e1:d3:2c:a8: 48:3a:6b:9d:f0:cd:52:b3:90:1b:a7:46:07:61:59:d9:aa:12: 94:81:67:43:53:3a:6b:00:4e:e8:f3:3f:af:a3:6d:78:00:08: 3a:4a:9f:a9 -----BEGIN CERTIFICATE----- MIIDoDCCAoigAwIBAgIUdzApTJgdVeTfXpIU9mgm7xEB3RUwDQYJKoZIhvcNAQEL BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAwGSnAbKDbEe8LTAB+UOM/MxrfKTHHHj6qIy+Hppy0DQa VoBnZ3ZIip/FOmieU8I1zml+T9XE+wuRPK8AJvS/d8rN7If5bgWbDJMb8m7IEDJO e1EcIndMuKO91tyVKZtLtdnOrpHYBcXFv0qct5Tb1aXmsUThAkoa3CHl5qa6VC4s P0D1/Vx53VVtnuKr2zxntITbuob9oLXYi9C4vIt36TIxUWjuGBcJ4vEneco8cqjz liUxJDoFU9SJCkh6nC1taoSX3zTJIn/VBfIskenEf6vQrnYiZK6+4n+XCOyGipK/ V/Ai95H/hhdikuOAixmEFGAZAJHW/lGWd1siDTJQBwIDAQABo4HpMIHmMB0GA1Ud DgQWBBToJyLxw5TjSMRMRQ3WThxuz50bGzAfBgNVHSMEGDAWgBSPfPg6JzPCq5ae vQ9o4MlYuwt88jA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD ggEBAJva8d+7e0UySTDJdRvKz2QMOuSzaHPaRod7D60jFkP2nLPkwW+tMjtozkfE zXCkXcORNB66xHPlJbRMhQUyW/60mIj3yaqWbbHOzDxRbKvsxyAQR9xvE6ZM2xEC H5iudp11KFb5JnPv+/lR05plIXAn90cFXPOMOG75WMfT8j6LPDvts7oMrMBDCsA0 VPmcTkR2HvWmtnun3RsiDfr/ZxzZHGacTDCITNzW+60B7Vs9qpi3J+ZolDMuMj1W M4iLZiyROyDBEEPjiRzuiuqwZkVqHyOr4dMsqEg6a53wzVKzkBunRgdhWdmqEpSB Z0NTOmsATujzP6+jbXgACDpKn6k= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 08:cf:d3:d1:65:21:cc:44:8a:0a:5d:79:88:07:16:54:c3:1f:d8:66 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Intermediate Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a8:e7:5f:fa:d0:9d:f1:e1:e4:87:7f:62:7e:1c: 89:02:66:64:9e:d5:a0:81:f3:65:68:d7:8d:02:37: 99:da:e8:85:00:51:b4:69:e9:57:29:09:51:c2:78: c8:ee:bb:87:62:4a:a8:46:c3:d4:06:e5:f0:c2:33: 68:13:f7:55:c5:44:42:14:1e:d7:65:a4:a1:b6:67: 38:e0:c2:72:65:ee:ad:f5:94:34:93:4f:e9:d8:a5: 93:98:05:34:e5:f6:0f:3b:71:84:39:71:9b:b6:10: 47:37:ef:87:d2:98:29:a4:f1:18:e7:f4:3b:52:af: 34:b1:39:34:9a:49:b4:7a:ed:21:2c:60:b2:01:e8: cb:b6:ad:f8:00:95:85:a9:87:91:90:05:54:0b:2e: 9d:4c:79:c4:c8:6d:72:ab:23:5b:d0:2b:90:3c:5b: 53:ed:da:56:39:38:37:45:43:17:3d:81:d5:49:97: 23:88:83:9f:bf:86:8d:52:af:3d:86:45:f1:1e:e8: dd:8f:4f:fe:da:b5:35:cb:e0:02:ba:8e:6b:61:4a: f2:c6:5d:d7:02:95:71:23:9e:7b:99:96:cf:ac:df: 20:2a:2d:fe:0c:42:72:c6:b8:c3:81:81:3e:a0:8d: 62:41:17:14:f5:24:67:f1:6c:af:c6:0c:94:09:fb: 56:07 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 8F:7C:F8:3A:27:33:C2:AB:96:9E:BD:0F:68:E0:C9:58:BB:0B:7C:F2 X509v3 Authority Key Identifier: keyid:91:69:0D:94:34:B5:BA:AF:F1:DD:99:22:88:15:2B:83:B1:37:B2:54 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption 31:06:ca:84:8d:bf:6c:6b:4f:31:e5:81:f1:ee:62:80:ef:83: 63:8d:56:00:c0:b7:cd:fd:37:8b:99:ea:a1:01:43:99:19:b9: 8b:5e:9e:f4:55:73:9b:1a:2f:33:97:ac:e3:6a:ae:4b:c4:e9: e2:04:33:29:a8:55:08:af:4e:cc:2a:83:a4:12:af:11:54:62: d2:19:ad:6b:6d:54:ac:f6:9c:15:77:0b:d4:68:78:5b:2b:04: 0e:82:9a:98:ac:8f:bc:47:de:29:d2:95:6b:ed:8d:29:a2:60: d8:86:fc:a1:92:18:85:2d:4f:56:27:d2:de:20:87:f7:35:dd: 9d:a1:26:cb:ed:fe:e8:b6:87:b6:8a:eb:7c:bd:04:d5:be:2a: 96:cd:95:f6:16:9b:29:e1:62:0c:a8:ca:6c:fb:70:08:3c:10: 56:bf:e5:c4:57:19:42:87:5f:ef:fb:77:b9:10:62:1e:5f:e7: 35:58:80:30:92:ef:69:ef:2d:dc:f8:30:58:97:28:8d:64:18: f2:c8:f3:ce:ce:3f:8a:aa:a0:e8:27:95:b9:58:55:88:32:9c: 27:56:71:54:c1:6e:0a:94:2d:0a:e6:70:7e:42:56:6a:b0:eb: ad:8c:cd:93:6e:20:00:6e:81:8a:18:1b:30:0e:c2:27:f3:74: 67:98:3a:58 -----BEGIN CERTIFICATE----- MIIDgDCCAmigAwIBAgIUCM/T0WUhzESKCl15iAcWVMMf2GYwDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAKjnX/rQnfHh5Id/Yn4ciQJmZJ7VoIHzZWjXjQI3mdrohQBR tGnpVykJUcJ4yO67h2JKqEbD1Abl8MIzaBP3VcVEQhQe12WkobZnOODCcmXurfWU NJNP6dilk5gFNOX2DztxhDlxm7YQRzfvh9KYKaTxGOf0O1KvNLE5NJpJtHrtISxg sgHoy7at+ACVhamHkZAFVAsunUx5xMhtcqsjW9ArkDxbU+3aVjk4N0VDFz2B1UmX I4iDn7+GjVKvPYZF8R7o3Y9P/tq1NcvgArqOa2FK8sZd1wKVcSOee5mWz6zfICot /gxCcsa4w4GBPqCNYkEXFPUkZ/Fsr8YMlAn7VgcCAwEAAaOByzCByDAdBgNVHQ4E FgQUj3z4OiczwquWnr0PaODJWLsLfPIwHwYDVR0jBBgwFoAUkWkNlDS1uq/x3Zki iBUrg7E3slQwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ MA0GCSqGSIb3DQEBCwUAA4IBAQAxBsqEjb9sa08x5YHx7mKA74NjjVYAwLfN/TeL meqhAUOZGbmLXp70VXObGi8zl6zjaq5LxOniBDMpqFUIr07MKoOkEq8RVGLSGa1r bVSs9pwVdwvUaHhbKwQOgpqYrI+8R94p0pVr7Y0pomDYhvyhkhiFLU9WJ9LeIIf3 Nd2doSbL7f7otoe2iut8vQTVviqWzZX2Fpsp4WIMqMps+3AIPBBWv+XEVxlCh1/v +3e5EGIeX+c1WIAwku9p7y3c+DBYlyiNZBjyyPPOzj+KqqDoJ5W5WFWIMpwnVnFU wW4KlC0K5nB+QlZqsOutjM2TbiAAboGKGBswDsIn83RnmDpY -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 08:cf:d3:d1:65:21:cc:44:8a:0a:5d:79:88:07:16:54:c3:1f:d8:65 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:af:9d:d7:d1:a5:91:6e:5d:17:d4:89:85:95:b8: cf:e3:e3:fb:94:dd:cc:c0:99:59:24:ac:c0:4d:cc: 4b:37:88:38:3c:a1:60:06:96:8d:1b:6b:e7:2b:b8: 71:9e:54:4b:cd:c4:4d:93:b6:3b:3f:7a:a2:c6:3b: ea:9f:36:8d:e5:b0:0f:9e:27:58:7c:f8:fb:6f:e8: ae:0c:bb:69:02:60:21:d1:bd:dc:e1:33:23:8d:c5: 5f:dc:ff:33:71:95:98:77:07:69:c0:71:2a:bf:62: eb:b6:e5:cc:2e:3a:98:1c:7b:a4:a7:cb:ba:e5:ab: 22:32:fb:d5:03:1a:03:b7:d1:9f:d9:56:69:ae:b1: 51:e7:8d:06:ca:2a:f9:25:43:af:92:a1:f7:40:60: 85:5a:33:67:2a:62:ad:6e:4a:9a:02:1b:c4:e3:89: 38:d3:06:eb:a3:8c:ce:a8:c8:49:5a:4e:08:b2:7e: 00:16:92:60:4b:ff:77:2d:53:e7:2c:f3:2c:51:b3: 16:87:67:28:43:10:d3:6c:d6:c2:96:97:a3:c8:8e: 0b:ae:f1:56:13:bb:1b:ca:7f:2d:59:cc:37:fc:47: 9d:f7:c9:0a:66:19:87:3d:13:66:50:0b:52:0d:13: 33:6c:0b:fc:fb:88:cf:34:7b:9f:6f:6e:7e:36:ac: ec:39 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 91:69:0D:94:34:B5:BA:AF:F1:DD:99:22:88:15:2B:83:B1:37:B2:54 X509v3 Authority Key Identifier: keyid:91:69:0D:94:34:B5:BA:AF:F1:DD:99:22:88:15:2B:83:B1:37:B2:54 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Extended Key Usage: TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption 41:b1:b7:39:9a:c9:11:6c:57:42:5d:fa:b6:0f:4d:97:e8:37: 82:fb:f7:b0:ff:db:1c:78:73:17:f3:cf:9f:15:b0:c8:6d:16: 6f:a6:0b:5f:ea:f8:58:73:ad:37:74:f9:f4:8e:6e:db:6b:21: 98:10:80:0c:2d:b5:de:d2:73:74:02:67:8b:0b:eb:40:92:f5: da:66:a4:dd:84:ce:db:49:47:71:bd:24:b2:5c:b7:03:2f:52: 9f:65:f2:9e:ab:13:09:76:a4:c8:94:3a:30:b1:5f:43:9a:af: 86:c9:e8:e2:37:24:be:b4:d1:ab:34:45:df:3f:77:ff:cd:71: 5d:de:7b:33:6e:60:04:45:d2:31:3e:3d:3f:5a:2e:bc:2e:00: a2:67:3c:70:8e:90:b1:b5:d2:f7:1e:1b:23:2a:d6:0a:4e:26: 98:35:e0:3b:2d:82:94:ce:b6:a3:1f:5f:67:e2:96:af:c6:89: ed:28:47:9b:48:47:58:dc:fc:6a:7f:49:2b:6f:0e:6b:40:40: 68:ec:53:fb:ef:16:55:1c:1d:77:1a:49:8f:13:0a:c6:06:16: 09:0d:08:e4:12:ff:cb:a2:0e:42:18:fc:a8:5a:04:e3:72:09: 2b:01:5f:1f:63:b8:aa:51:dd:ae:b6:13:f1:24:2c:b6:1c:87: 95:70:db:97 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIUCM/T0WUhzESKCl15iAcWVMMf2GUwDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCvndfRpZFuXRfUiYWVuM/j4/uU3czAmVkkrMBNzEs3iDg8oWAGlo0ba+cr uHGeVEvNxE2Ttjs/eqLGO+qfNo3lsA+eJ1h8+Ptv6K4Mu2kCYCHRvdzhMyONxV/c /zNxlZh3B2nAcSq/Yuu25cwuOpgce6Sny7rlqyIy+9UDGgO30Z/ZVmmusVHnjQbK KvklQ6+SofdAYIVaM2cqYq1uSpoCG8TjiTjTBuujjM6oyElaTgiyfgAWkmBL/3ct U+cs8yxRsxaHZyhDENNs1sKWl6PIjguu8VYTuxvKfy1ZzDf8R533yQpmGYc9E2ZQ C1INEzNsC/z7iM80e59vbn42rOw5AgMBAAGjgeAwgd0wHQYDVR0OBBYEFJFpDZQ0 tbqv8d2ZIogVK4OxN7JUMB8GA1UdIwQYMBaAFJFpDZQ0tbqv8d2ZIogVK4OxN7JU MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSUE DDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAQbG3OZrJEWxXQl36tg9N l+g3gvv3sP/bHHhzF/PPnxWwyG0Wb6YLX+r4WHOtN3T59I5u22shmBCADC213tJz dAJniwvrQJL12mak3YTO20lHcb0ksly3Ay9Sn2XynqsTCXakyJQ6MLFfQ5qvhsno 4jckvrTRqzRF3z93/81xXd57M25gBEXSMT49P1ouvC4Aomc8cI6QsbXS9x4bIyrW Ck4mmDXgOy2ClM62ox9fZ+KWr8aJ7ShHm0hHWNz8an9JK28Oa0BAaOxT++8WVRwd dxpJjxMKxgYWCQ0I5BL/y6IOQhj8qFoE43IJKwFfH2O4qlHdrrYT8SQsthyHlXDb lw== -----END CERTIFICATE-----