[Created by: ./generate-chains.py] Certificate chain with policyMappings on the root, and the intermediate and leaf using the issuerDomainPolicy value. Should fail if anchor constraints are enforced. Certificate: Data: Version: 3 (0x2) Serial Number: 43:8d:c6:ba:e1:ee:9d:3c:c5:aa:c8:68:1b:96:52:a2:da:44:1b:8e Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Intermediate Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Target Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:db:97:56:01:97:18:c9:86:bf:4a:dd:a5:fc:05: 77:5c:f7:39:cf:23:b0:08:5e:a2:44:e0:ec:6e:38: 42:0c:9a:63:ee:ab:fb:09:fe:fa:30:4f:c9:5c:60: a3:8e:a5:18:ae:44:3d:46:2d:ee:9b:5e:e0:dc:95: 7c:2a:2e:08:0d:a5:7f:bf:9b:d3:bc:00:22:47:d8: b8:94:5b:fc:d9:4b:c9:d3:50:53:83:07:74:f5:25: c3:6f:9a:e8:11:0f:09:6d:d3:23:14:d4:30:95:1d: 68:9d:7d:f0:d4:d6:dc:56:b3:19:38:ea:02:96:eb: 4e:e1:84:6e:2e:39:4d:85:5d:15:48:11:66:77:a8: e5:2b:ca:38:80:db:46:d5:7c:23:88:82:63:9c:4f: a6:dc:85:6a:03:14:2e:56:8a:13:54:37:29:04:53: d9:10:9d:d0:8e:37:7e:25:b4:bb:85:2b:d4:24:7d: 22:c5:23:ba:69:7b:3e:8c:ec:f4:9c:7c:b8:1a:16: a4:50:d7:ab:ca:df:83:64:a8:bc:c8:97:29:5e:45: 2f:91:0c:4e:e9:ad:c4:f3:7c:1e:d8:8a:f0:73:ef: f4:86:49:47:33:b5:dc:ab:0d:cd:57:b6:a2:e6:d8: 1c:b5:8b:b7:44:0f:27:cc:ba:1b:96:ff:29:61:11: 8e:b1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 5C:62:AD:13:BB:EE:2B:9C:B6:F3:04:CE:B5:AA:79:05:E6:CC:C6:6E X509v3 Authority Key Identifier: ED:76:C8:FD:F0:C5:92:46:E5:C4:2B:DB:6C:41:5E:AE:37:24:81:BC Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Intermediate.crl X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Certificate Policies: critical Policy: 1.2.3.4 Signature Algorithm: sha256WithRSAEncryption Signature Value: 35:e6:a8:77:3e:c3:cb:9b:b9:01:52:6a:e6:5c:85:e7:b6:4a: cf:14:22:d6:93:94:0c:dd:68:c1:5f:c4:77:a3:86:0a:ab:c1: 31:58:3e:7a:b6:69:66:51:ef:df:98:3b:91:87:b0:a7:b3:48: 5a:fb:fb:8f:31:f2:25:ec:ee:ab:64:2d:80:c6:75:04:2c:22: 99:54:a1:96:2f:bf:68:8c:69:9b:52:5a:98:9b:70:e8:0a:9a: e6:4d:15:eb:77:1c:8c:27:01:c4:f8:17:64:64:da:71:4c:35: c2:16:b4:05:4a:ac:21:74:db:9a:ad:8a:6a:47:6c:74:6c:65: d7:63:12:75:42:62:47:48:5c:24:96:82:11:8d:65:e5:c4:fd: d3:12:40:b4:47:c9:78:f5:21:b4:48:56:29:b5:4b:29:19:32: 49:38:e5:8f:0f:f6:46:a1:ca:1f:5a:15:ac:4d:32:89:f6:5b: 95:87:ae:a4:eb:0a:70:a5:a2:e1:05:46:c7:26:f0:29:bb:71: 0b:b2:cf:25:8f:85:b1:7d:74:59:db:6e:38:bc:31:52:03:4a: 53:53:5a:2b:a5:e1:0d:d1:c7:36:a5:35:cf:60:a8:ff:3b:b6: c3:92:4a:cb:da:f1:9c:7b:d4:d0:d1:7e:e9:13:e6:64:d8:3c: 0c:11:3e:85 -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIUQ43GuuHunTzFqshoG5ZSotpEG44wDQYJKoZIhvcNAQEL BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA25dWAZcYyYa/St2l/AV3XPc5zyOwCF6iRODsbjhCDJpj 7qv7Cf76ME/JXGCjjqUYrkQ9Ri3um17g3JV8Ki4IDaV/v5vTvAAiR9i4lFv82UvJ 01BTgwd09SXDb5roEQ8JbdMjFNQwlR1onX3w1NbcVrMZOOoClutO4YRuLjlNhV0V SBFmd6jlK8o4gNtG1XwjiIJjnE+m3IVqAxQuVooTVDcpBFPZEJ3Qjjd+JbS7hSvU JH0ixSO6aXs+jOz0nHy4GhakUNeryt+DZKi8yJcpXkUvkQxO6a3E83we2Irwc+/0 hklHM7Xcqw3NV7ai5tgctYu3RA8nzLoblv8pYRGOsQIDAQABo4H+MIH7MB0GA1Ud DgQWBBRcYq0Tu+4rnLbzBM61qnkF5szGbjAfBgNVHSMEGDAWgBTtdsj98MWSRuXE K9tsQV6uNySBvDA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF BgMqAwQwDQYJKoZIhvcNAQELBQADggEBADXmqHc+w8ubuQFSauZchee2Ss8UItaT lAzdaMFfxHejhgqrwTFYPnq2aWZR79+YO5GHsKezSFr7+48x8iXs7qtkLYDGdQQs IplUoZYvv2iMaZtSWpibcOgKmuZNFet3HIwnAcT4F2Rk2nFMNcIWtAVKrCF025qt impHbHRsZddjEnVCYkdIXCSWghGNZeXE/dMSQLRHyXj1IbRIVim1SykZMkk45Y8P 9kahyh9aFaxNMon2W5WHrqTrCnClouEFRscm8Cm7cQuyzyWPhbF9dFnbbji8MVID SlNTWiul4Q3RxzalNc9gqP87tsOSSsva8Zx71NDRfukT5mTYPAwRPoU= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 69:87:c1:3d:86:c3:7e:b1:e4:e3:9b:5f:80:b9:2a:e9:8b:94:77:c2 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Intermediate Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e7:f7:6f:4f:81:c9:16:07:ba:09:61:e2:27:36: 95:50:ef:f4:37:8a:45:bc:b6:72:58:86:f4:c7:3c: d1:8c:30:24:27:d5:8f:ff:ec:67:bd:a5:e6:30:99: b1:c7:de:87:c4:dc:4d:45:34:ab:98:91:f8:3c:3b: ba:e3:cc:8b:14:c2:ca:53:94:1c:e5:05:bf:0e:82: dd:73:10:a2:e1:46:77:1e:0b:d4:8f:db:b7:ec:e8: 69:62:23:c7:21:58:b9:ad:30:ff:53:6c:2b:f0:4c: a7:e7:a6:a3:e9:c1:23:cd:75:d4:f5:9e:27:d6:32: 5d:72:2f:9a:50:d8:c4:f6:01:53:a8:15:2d:81:c4: ae:f2:b5:0b:cb:c3:63:07:c4:cd:02:4e:d4:c3:6d: 1e:d3:91:14:f4:ed:c2:7a:cd:c8:49:fb:80:a7:9a: d3:59:7e:1e:48:3e:4f:d3:9d:91:9b:64:b6:fc:d6: 48:f5:a6:41:df:2c:1f:6f:4a:af:e7:de:84:73:6e: 22:fd:c1:40:e4:2d:93:d4:45:52:d5:94:f5:d0:78: 9c:c9:d4:78:57:6c:a7:15:53:ba:e8:a9:17:11:63: 74:6d:e4:84:ee:fa:0a:c8:15:e3:6e:f2:37:f0:a5: 6d:b7:3c:f4:c1:8a:22:71:f7:30:00:e1:5c:3f:12: fd:c3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: ED:76:C8:FD:F0:C5:92:46:E5:C4:2B:DB:6C:41:5E:AE:37:24:81:BC X509v3 Authority Key Identifier: F7:32:8F:7B:33:2B:D5:77:63:3F:73:22:C1:8C:E2:74:01:42:79:72 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Policy Constraints: critical Require Explicit Policy:0 X509v3 Certificate Policies: critical Policy: 1.2.3.4 Signature Algorithm: sha256WithRSAEncryption Signature Value: 8f:94:cc:66:f4:06:e6:8b:4b:78:52:c1:a6:1d:ee:b2:d8:58: c5:bd:0b:aa:ab:3a:b3:34:d6:5d:6e:0d:a1:eb:80:05:c7:f1: 07:39:37:31:f4:50:61:41:10:f8:ce:df:63:f8:fc:0c:01:5b: ba:64:3f:73:82:4d:40:2d:cc:de:57:e0:29:bf:5b:7e:93:c3: 73:7e:21:24:6a:21:17:36:45:99:41:68:9c:93:8c:a4:a8:3e: d5:7f:b2:fd:03:14:ab:21:f5:fa:90:d1:bc:3d:25:bd:66:52: 3c:c0:15:5f:86:c0:3d:1c:24:61:7b:70:b0:c1:be:54:65:93: 63:e4:85:68:c9:f5:e4:f7:eb:d1:41:4c:ed:f0:47:f6:e9:e5: 82:0f:57:72:57:ad:38:9d:11:4c:e3:3b:bb:b8:13:a4:49:3b: cf:fb:9f:1b:85:c5:fd:d2:54:36:9f:f5:fc:ae:15:2e:a4:84: b8:c5:70:2f:04:58:8c:a8:79:de:1c:b7:48:20:7b:76:53:c3: ad:cc:c1:cd:6a:0d:33:e4:e9:ce:35:e2:93:68:f4:b5:c4:61: 17:2e:77:cf:a7:e5:bc:54:41:dd:28:d1:d4:f1:9e:a0:b0:e9: 55:58:33:1e:2e:09:38:6e:0a:1a:53:93:1d:c0:92:e5:74:89: 3a:4b:24:2d -----BEGIN CERTIFICATE----- MIIDpjCCAo6gAwIBAgIUaYfBPYbDfrHk45tfgLkq6YuUd8IwDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAOf3b0+ByRYHuglh4ic2lVDv9DeKRby2cliG9Mc80YwwJCfV j//sZ72l5jCZscfeh8TcTUU0q5iR+Dw7uuPMixTCylOUHOUFvw6C3XMQouFGdx4L 1I/bt+zoaWIjxyFYua0w/1NsK/BMp+emo+nBI8111PWeJ9YyXXIvmlDYxPYBU6gV LYHErvK1C8vDYwfEzQJO1MNtHtORFPTtwnrNyEn7gKea01l+Hkg+T9OdkZtktvzW SPWmQd8sH29Kr+fehHNuIv3BQOQtk9RFUtWU9dB4nMnUeFdspxVTuuipFxFjdG3k hO76CsgV427yN/Clbbc89MGKInH3MADhXD8S/cMCAwEAAaOB8TCB7jAdBgNVHQ4E FgQU7XbI/fDFkkblxCvbbEFerjckgbwwHwYDVR0jBBgwFoAU9zKPezMr1XdjP3Mi wYzidAFCeXIwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ MA8GA1UdJAEB/wQFMAOAAQAwEwYDVR0gAQH/BAkwBzAFBgMqAwQwDQYJKoZIhvcN AQELBQADggEBAI+UzGb0BuaLS3hSwaYd7rLYWMW9C6qrOrM01l1uDaHrgAXH8Qc5 NzH0UGFBEPjO32P4/AwBW7pkP3OCTUAtzN5X4Cm/W36Tw3N+ISRqIRc2RZlBaJyT jKSoPtV/sv0DFKsh9fqQ0bw9Jb1mUjzAFV+GwD0cJGF7cLDBvlRlk2PkhWjJ9eT3 69FBTO3wR/bp5YIPV3JXrTidEUzjO7u4E6RJO8/7nxuFxf3SVDaf9fyuFS6khLjF cC8EWIyoed4ct0gge3ZTw63Mwc1qDTPk6c414pNo9LXEYRcud8+n5bxUQd0o0dTx nqCw6VVYMx4uCThuChpTkx3AkuV0iTpLJC0= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 69:87:c1:3d:86:c3:7e:b1:e4:e3:9b:5f:80:b9:2a:e9:8b:94:77:c1 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Root Validity Not Before: Oct 5 12:00:00 2021 GMT Not After : Oct 5 12:00:00 2022 GMT Subject: CN=Root Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:be:26:b8:0a:44:14:7c:69:58:4e:7f:22:bd:b7: d9:02:d6:4b:3f:ec:66:b1:e3:d0:cb:5b:51:26:92: 7b:91:fb:1d:40:6d:94:ef:5b:52:8c:92:83:22:9d: f0:23:a7:3a:1e:f3:77:03:3f:fb:ad:7b:2a:7f:dd: fe:31:fe:55:6d:c2:9d:00:1c:8c:a2:db:5d:ad:94: 2e:c6:14:7f:fd:95:ec:77:55:97:5d:11:0d:6f:fd: 40:c7:eb:a1:aa:02:b9:ac:3f:ea:67:d3:26:97:a3: 2f:66:48:3d:4f:2e:db:4a:64:b9:41:d9:f3:ff:fc: b8:a9:b2:b3:8a:88:85:e5:3a:b5:ff:25:d4:52:fd: fd:c9:f5:f6:10:16:d4:52:ef:0e:2a:4e:24:e0:92: 00:23:f0:3c:69:c4:1f:78:ee:6f:d8:35:c8:fe:03: 09:ae:d8:67:7e:4f:d8:c8:ea:28:2c:d0:14:d7:d0: b2:b6:46:ec:2d:6c:ff:71:c2:27:1e:f8:60:6a:06: dd:04:09:1d:25:76:e5:e9:16:97:cb:58:01:7a:90: 9a:9d:23:18:15:b1:be:7e:e0:e4:23:2a:5c:85:30: d7:54:92:0f:ba:83:91:cf:4d:26:96:40:9b:bc:3c: f2:8d:39:9a:b2:7b:3c:21:b2:d7:6e:ce:49:76:8c: d7:e3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: F7:32:8F:7B:33:2B:D5:77:63:3F:73:22:C1:8C:E2:74:01:42:79:72 X509v3 Authority Key Identifier: F7:32:8F:7B:33:2B:D5:77:63:3F:73:22:C1:8C:E2:74:01:42:79:72 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer X509v3 CRL Distribution Points: Full Name: URI:http://url-for-crl/Root.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: critical Policy: 1.2.3.4 X509v3 Policy Mappings: critical 1.2.3.4:1.2.3.6 Signature Algorithm: sha256WithRSAEncryption Signature Value: 1c:0e:7b:a4:14:4d:3b:fa:44:6b:42:77:20:47:ae:d3:33:f5: e2:2e:07:a8:ff:67:ff:85:b9:eb:7a:01:67:43:83:56:7f:43: 51:ad:fa:9b:35:ca:a3:fa:12:1b:03:1e:e3:dc:e9:a1:8f:ee: 8d:a0:00:ae:81:4c:23:85:ca:45:f1:46:37:f6:21:5c:b0:3e: 2f:90:9c:e1:58:cd:42:a5:d2:c9:ef:40:d3:fe:b6:cb:7e:4b: df:bd:f1:8f:b6:6f:76:4d:a2:7f:04:fc:64:21:77:53:e9:04: 1d:d4:0d:36:8e:69:6f:27:44:ad:f4:2a:32:ef:f0:85:86:be: 5d:4b:c0:53:7c:59:54:6f:31:28:0c:20:5f:61:f6:5b:e6:67: d0:ac:1b:e3:fe:e1:4a:94:fc:ad:f9:1f:dd:dc:1b:18:bd:11: b0:29:b9:b6:41:41:48:77:81:a9:68:3c:c6:c7:55:ec:1f:b1: 6a:03:03:ca:19:2b:31:ec:e7:bc:0a:9e:0c:25:19:ea:c8:9d: 7f:2e:e6:47:61:44:92:e3:63:c9:e2:49:aa:64:82:e4:49:80: d0:b8:27:d6:da:8e:83:9b:44:ab:1a:b3:2c:9a:53:1a:82:b2: 10:1c:66:4c:3d:9c:ef:b6:fc:6b:4a:61:60:51:27:a2:8c:24: 0e:5f:83:ca -----BEGIN CERTIFICATE----- MIIDpzCCAo+gAwIBAgIUaYfBPYbDfrHk45tfgLkq6YuUd8EwDQYJKoZIhvcNAQEL BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC+JrgKRBR8aVhOfyK9t9kC1ks/7Gax49DLW1EmknuR+x1AbZTvW1KMkoMi nfAjpzoe83cDP/uteyp/3f4x/lVtwp0AHIyi212tlC7GFH/9lex3VZddEQ1v/UDH 66GqArmsP+pn0yaXoy9mSD1PLttKZLlB2fP//LipsrOKiIXlOrX/JdRS/f3J9fYQ FtRS7w4qTiTgkgAj8DxpxB947m/YNcj+Awmu2Gd+T9jI6igs0BTX0LK2RuwtbP9x wice+GBqBt0ECR0lduXpFpfLWAF6kJqdIxgVsb5+4OQjKlyFMNdUkg+6g5HPTSaW QJu8PPKNOZqyezwhstduzkl2jNfjAgMBAAGjgfowgfcwHQYDVR0OBBYEFPcyj3sz K9V3Yz9zIsGM4nQBQnlyMB8GA1UdIwQYMBaAFPcyj3szK9V3Yz9zIsGM4nQBQnly MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSAB Af8ECTAHMAUGAyoDBDAYBgNVHSEBAf8EDjAMMAoGAyoDBAYDKgMGMA0GCSqGSIb3 DQEBCwUAA4IBAQAcDnukFE07+kRrQncgR67TM/XiLgeo/2f/hbnregFnQ4NWf0NR rfqbNcqj+hIbAx7j3Omhj+6NoACugUwjhcpF8UY39iFcsD4vkJzhWM1CpdLJ70DT /rbLfkvfvfGPtm92TaJ/BPxkIXdT6QQd1A02jmlvJ0St9Coy7/CFhr5dS8BTfFlU bzEoDCBfYfZb5mfQrBvj/uFKlPyt+R/d3BsYvRGwKbm2QUFId4GpaDzGx1XsH7Fq AwPKGSsx7Oe8Cp4MJRnqyJ1/LuZHYUSS42PJ4kmqZILkSYDQuCfW2o6Dm0SrGrMs mlMagrIQHGZMPZzvtvxrSmFgUSeijCQOX4PK -----END CERTIFICATE-----