1[Created by: ./generate-chains.py] 2 3Certificate chain of length 3 with requireExplicitPolicy=2 on the root, 4meaning an explicit policy should be required and the chain should fail to 5verify if the root constraints are enforced. 6 7Certificate: 8 Data: 9 Version: 3 (0x2) 10 Serial Number: 11 43:bb:74:45:42:77:6d:81:39:a3:bb:aa:95:6e:18:9c:71:0d:ce:c5 12 Signature Algorithm: sha256WithRSAEncryption 13 Issuer: CN=Intermediate 14 Validity 15 Not Before: Oct 5 12:00:00 2021 GMT 16 Not After : Oct 5 12:00:00 2022 GMT 17 Subject: CN=Target 18 Subject Public Key Info: 19 Public Key Algorithm: rsaEncryption 20 Public-Key: (2048 bit) 21 Modulus: 22 00:c6:80:6c:45:ac:2b:3b:b4:5a:5f:54:06:e7:64: 23 4b:a6:50:35:bf:f7:1d:be:87:40:a6:49:97:8c:d5: 24 d1:35:43:74:fc:d1:af:b5:ae:8e:c8:eb:d2:ee:bc: 25 37:da:08:03:6e:bf:4e:e0:25:7e:91:a8:a4:07:2d: 26 cf:c1:fb:55:72:52:9a:e7:00:87:62:3f:7c:21:1c: 27 31:65:56:ad:fe:73:df:94:d5:0f:25:a4:ca:a5:a9: 28 b4:04:0a:fd:e6:e1:60:9f:9c:85:85:11:65:1c:f1: 29 38:a5:45:e5:7e:b2:89:8d:09:88:55:3f:29:81:89: 30 66:20:f9:c1:7d:8e:2d:27:cf:1e:88:73:70:0f:f2: 31 69:cc:a5:1c:3b:76:18:5a:4d:7a:20:27:c2:7c:68: 32 91:12:23:1f:9f:e8:44:2c:0a:12:73:e6:c7:32:ec: 33 d0:bf:6d:9c:c8:da:4f:ec:92:40:7e:ff:75:eb:1e: 34 cd:89:b7:61:91:e8:a2:26:45:80:0e:40:4a:d4:cb: 35 a6:bc:c7:ae:1d:eb:d9:f7:6a:89:27:ab:64:69:fa: 36 3d:f2:5e:28:49:b1:2f:f5:6a:1b:d7:56:1d:88:ab: 37 5a:c6:42:9d:5b:2a:32:35:92:a2:29:92:05:c2:93: 38 33:4e:8f:aa:5a:68:db:c5:27:15:19:18:90:2c:c9: 39 a3:03 40 Exponent: 65537 (0x10001) 41 X509v3 extensions: 42 X509v3 Subject Key Identifier: 43 A7:95:1E:F9:32:14:D0:49:71:DD:EC:B6:B5:00:5E:2B:7C:BA:F9:3A 44 X509v3 Authority Key Identifier: 45 DF:E8:20:E0:84:F1:3D:41:05:B5:77:47:0F:B9:19:C3:AF:43:69:A7 46 Authority Information Access: 47 CA Issuers - URI:http://url-for-aia/Intermediate.cer 48 X509v3 CRL Distribution Points: 49 Full Name: 50 URI:http://url-for-crl/Intermediate.crl 51 X509v3 Key Usage: critical 52 Digital Signature, Key Encipherment 53 X509v3 Extended Key Usage: 54 TLS Web Server Authentication, TLS Web Client Authentication 55 Signature Algorithm: sha256WithRSAEncryption 56 Signature Value: 57 7f:7f:af:87:3f:0f:a4:bf:b7:1a:d3:83:c6:cb:d7:94:07:2c: 58 47:8d:4a:50:71:70:65:87:70:8b:43:76:af:64:76:23:d1:f3: 59 ff:63:a7:21:20:12:50:f9:ec:c4:a7:15:49:8e:4b:c3:de:a0: 60 e0:55:05:7b:b8:e5:9c:48:44:ea:94:07:ca:cb:75:7e:17:92: 61 5a:da:06:ff:09:3d:15:99:ce:bd:19:ec:85:36:a2:fc:fe:56: 62 00:9e:6d:02:66:8a:fa:cc:e0:34:17:34:d6:af:1e:54:c6:20: 63 09:cd:f0:a8:72:8d:7b:e5:5a:3b:c0:74:98:c5:e5:37:92:78: 64 ef:a5:15:8c:5c:b5:5a:2a:ed:5c:d1:73:e0:fb:60:b5:37:ff: 65 b6:be:9e:a3:92:d5:5a:9b:9c:f1:14:b5:82:e9:5f:56:8f:57: 66 4f:e0:c1:14:8d:1a:f7:10:2d:2f:cf:20:3b:10:8d:c3:f5:76: 67 3b:cf:66:f7:6d:52:ca:ae:1f:5b:79:43:0e:62:95:db:e9:70: 68 e3:d8:54:b1:d7:e6:68:77:55:79:7b:b3:83:79:f9:f4:a8:f7: 69 5f:e2:bc:4f:44:39:ac:1e:03:8d:0f:57:e9:74:0b:fe:d4:26: 70 f1:03:7f:1e:7d:3d:64:b7:e9:58:26:d5:37:52:c5:0f:7b:0f: 71 97:cf:0a:3a 72-----BEGIN CERTIFICATE----- 73MIIDoDCCAoigAwIBAgIUQ7t0RUJ3bYE5o7uqlW4YnHENzsUwDQYJKoZIhvcNAQEL 74BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy 75MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF 76AAOCAQ8AMIIBCgKCAQEAxoBsRawrO7RaX1QG52RLplA1v/cdvodApkmXjNXRNUN0 77/NGvta6OyOvS7rw32ggDbr9O4CV+kaikBy3PwftVclKa5wCHYj98IRwxZVat/nPf 78lNUPJaTKpam0BAr95uFgn5yFhRFlHPE4pUXlfrKJjQmIVT8pgYlmIPnBfY4tJ88e 79iHNwD/JpzKUcO3YYWk16ICfCfGiREiMfn+hELAoSc+bHMuzQv22cyNpP7JJAfv91 806x7NibdhkeiiJkWADkBK1MumvMeuHevZ92qJJ6tkafo98l4oSbEv9Wob11YdiKta 81xkKdWyoyNZKiKZIFwpMzTo+qWmjbxScVGRiQLMmjAwIDAQABo4HpMIHmMB0GA1Ud 82DgQWBBSnlR75MhTQSXHd7La1AF4rfLr5OjAfBgNVHSMEGDAWgBTf6CDghPE9QQW1 83d0cPuRnDr0NppzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 84cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 85dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF 86oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD 87ggEBAH9/r4c/D6S/txrTg8bL15QHLEeNSlBxcGWHcItDdq9kdiPR8/9jpyEgElD5 887MSnFUmOS8PeoOBVBXu45ZxIROqUB8rLdX4XklraBv8JPRWZzr0Z7IU2ovz+VgCe 89bQJmivrM4DQXNNavHlTGIAnN8KhyjXvlWjvAdJjF5TeSeO+lFYxctVoq7VzRc+D7 90YLU3/7a+nqOS1VqbnPEUtYLpX1aPV0/gwRSNGvcQLS/PIDsQjcP1djvPZvdtUsqu 91H1t5Qw5ildvpcOPYVLHX5mh3VXl7s4N5+fSo91/ivE9EOaweA40PV+l0C/7UJvED 92fx59PWS36Vgm1TdSxQ97D5fPCjo= 93-----END CERTIFICATE----- 94 95Certificate: 96 Data: 97 Version: 3 (0x2) 98 Serial Number: 99 50:cb:04:8e:6f:ac:67:3d:21:40:7b:93:19:8c:33:4c:dc:00:04:1d 100 Signature Algorithm: sha256WithRSAEncryption 101 Issuer: CN=Root 102 Validity 103 Not Before: Oct 5 12:00:00 2021 GMT 104 Not After : Oct 5 12:00:00 2022 GMT 105 Subject: CN=Intermediate 106 Subject Public Key Info: 107 Public Key Algorithm: rsaEncryption 108 Public-Key: (2048 bit) 109 Modulus: 110 00:c1:f1:4f:24:39:36:7a:84:f1:90:2a:ca:28:d7: 111 46:34:ab:2c:c2:bc:44:69:d2:ee:9c:30:c2:cb:65: 112 90:d9:b4:93:ca:ea:9b:aa:a8:6c:1a:38:67:3a:59: 113 87:82:75:b8:57:55:d8:33:76:d1:1f:5d:57:0a:00: 114 d2:02:aa:97:b3:e0:58:97:68:97:ec:0d:26:15:32: 115 70:da:db:c9:3b:24:3e:dd:3d:72:2a:b6:57:51:6c: 116 f6:9a:aa:75:fd:0b:88:84:65:93:d2:1c:27:d3:27: 117 56:a3:ca:64:5e:44:05:09:5f:83:61:18:d8:69:8b: 118 33:8e:72:1b:1f:74:09:aa:4c:90:29:a1:28:c4:78: 119 80:9c:c5:ef:d5:12:be:22:47:f3:9a:02:38:ba:0a: 120 08:f2:94:7e:65:03:5c:28:7c:09:70:13:0e:6a:a2: 121 37:8b:53:94:78:f5:32:04:59:aa:fc:7f:b7:d6:34: 122 96:9d:4e:01:84:7f:89:99:84:0a:51:14:99:ba:ac: 123 0a:2b:0f:02:e5:4d:f4:db:03:a0:1c:f5:78:b2:76: 124 be:53:02:86:85:ed:3a:ae:42:ad:0f:85:6d:03:ba: 125 cd:a2:16:2b:76:a1:2d:77:91:d6:05:2f:5e:d5:f7: 126 b6:af:e9:86:fc:6f:ca:11:62:15:93:f8:e8:d9:e5: 127 66:fb 128 Exponent: 65537 (0x10001) 129 X509v3 extensions: 130 X509v3 Subject Key Identifier: 131 DF:E8:20:E0:84:F1:3D:41:05:B5:77:47:0F:B9:19:C3:AF:43:69:A7 132 X509v3 Authority Key Identifier: 133 E3:18:38:0F:81:36:AC:9B:8C:05:B1:1C:11:85:A0:86:55:A8:8F:B4 134 Authority Information Access: 135 CA Issuers - URI:http://url-for-aia/Root.cer 136 X509v3 CRL Distribution Points: 137 Full Name: 138 URI:http://url-for-crl/Root.crl 139 X509v3 Key Usage: critical 140 Certificate Sign, CRL Sign 141 X509v3 Basic Constraints: critical 142 CA:TRUE 143 Signature Algorithm: sha256WithRSAEncryption 144 Signature Value: 145 a6:be:bb:fc:11:76:e2:44:c3:35:04:4c:ad:28:b6:25:de:40: 146 2b:e7:1c:f9:39:58:71:93:c0:be:13:45:c1:e0:0a:e8:fd:f5: 147 34:b4:24:9c:81:ec:bb:6c:c6:7b:18:92:d7:de:42:e3:d9:90: 148 4c:9a:3a:f5:e0:00:09:4b:10:c5:ca:32:50:cb:77:1b:f5:d7: 149 11:60:5b:86:d6:c0:22:03:42:6f:13:c4:14:e1:ce:49:b4:2f: 150 c5:3b:cc:f5:5b:d4:a7:62:bc:63:67:4a:45:68:a1:27:02:a6: 151 10:ee:7e:64:1a:d6:b5:d9:6e:c8:da:42:cc:6d:df:33:8d:b2: 152 48:71:ab:70:12:55:f2:53:0a:2a:2c:53:e6:14:27:fb:0c:05: 153 0b:35:95:7d:0c:1d:b0:7e:fc:c3:39:af:05:1a:f9:c5:52:cc: 154 a7:5c:27:cd:5a:ea:76:f6:07:8d:2b:32:68:5b:62:3c:cd:88: 155 e9:2c:a7:f7:63:18:7e:c0:4e:d6:a5:8e:9a:10:54:4c:13:ef: 156 7a:5f:39:c0:30:fd:8f:44:67:0e:06:88:43:31:6d:40:95:78: 157 d5:00:b3:93:e3:78:d8:97:f0:51:16:24:34:3c:67:6a:b9:c2: 158 60:da:cb:c5:c0:09:75:39:3a:96:a7:06:99:c8:47:4e:c8:2e: 159 b6:9b:a4:80 160-----BEGIN CERTIFICATE----- 161MIIDgDCCAmigAwIBAgIUUMsEjm+sZz0hQHuTGYwzTNwABB0wDQYJKoZIhvcNAQEL 162BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw 163MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD 164ggEPADCCAQoCggEBAMHxTyQ5NnqE8ZAqyijXRjSrLMK8RGnS7pwwwstlkNm0k8rq 165m6qobBo4ZzpZh4J1uFdV2DN20R9dVwoA0gKql7PgWJdol+wNJhUycNrbyTskPt09 166ciq2V1Fs9pqqdf0LiIRlk9IcJ9MnVqPKZF5EBQlfg2EY2GmLM45yGx90CapMkCmh 167KMR4gJzF79USviJH85oCOLoKCPKUfmUDXCh8CXATDmqiN4tTlHj1MgRZqvx/t9Y0 168lp1OAYR/iZmEClEUmbqsCisPAuVN9NsDoBz1eLJ2vlMChoXtOq5CrQ+FbQO6zaIW 169K3ahLXeR1gUvXtX3tq/phvxvyhFiFZP46NnlZvsCAwEAAaOByzCByDAdBgNVHQ4E 170FgQU3+gg4ITxPUEFtXdHD7kZw69DaacwHwYDVR0jBBgwFoAU4xg4D4E2rJuMBbEc 171EYWghlWoj7QwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs 172LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m 173b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ 174MA0GCSqGSIb3DQEBCwUAA4IBAQCmvrv8EXbiRMM1BEytKLYl3kAr5xz5OVhxk8C+ 175E0XB4Aro/fU0tCScgey7bMZ7GJLX3kLj2ZBMmjr14AAJSxDFyjJQy3cb9dcRYFuG 1761sAiA0JvE8QU4c5JtC/FO8z1W9SnYrxjZ0pFaKEnAqYQ7n5kGta12W7I2kLMbd8z 177jbJIcatwElXyUwoqLFPmFCf7DAULNZV9DB2wfvzDOa8FGvnFUsynXCfNWup29geN 178KzJoW2I8zYjpLKf3Yxh+wE7WpY6aEFRME+96XznAMP2PRGcOBohDMW1AlXjVALOT 17943jYl/BRFiQ0PGdqucJg2svFwAl1OTqWpwaZyEdOyC62m6SA 180-----END CERTIFICATE----- 181 182Certificate: 183 Data: 184 Version: 3 (0x2) 185 Serial Number: 186 50:cb:04:8e:6f:ac:67:3d:21:40:7b:93:19:8c:33:4c:dc:00:04:1c 187 Signature Algorithm: sha256WithRSAEncryption 188 Issuer: CN=Root 189 Validity 190 Not Before: Oct 5 12:00:00 2021 GMT 191 Not After : Oct 5 12:00:00 2022 GMT 192 Subject: CN=Root 193 Subject Public Key Info: 194 Public Key Algorithm: rsaEncryption 195 Public-Key: (2048 bit) 196 Modulus: 197 00:c5:cc:1c:e5:9a:d9:de:85:c0:83:0b:b9:35:56: 198 b6:65:47:94:ff:b7:ed:00:aa:ca:dd:80:6d:a6:a7: 199 75:0a:61:57:4e:54:40:25:66:07:33:a7:62:68:ce: 200 40:0a:65:8a:d5:37:70:b7:b6:75:94:3e:33:e9:66: 201 27:b7:94:48:94:09:58:91:03:a9:6f:d6:21:72:ce: 202 97:97:95:8c:71:56:2e:96:03:e6:c0:b7:7d:f6:98: 203 d0:d0:73:1a:49:dc:55:a4:34:7d:38:62:27:ad:8b: 204 e4:7a:eb:54:38:3e:93:aa:7a:e6:fc:29:fe:de:1c: 205 93:bc:4f:d9:de:5a:da:c3:35:a4:0a:e4:8e:82:1d: 206 99:7d:75:c4:f4:b1:77:60:5c:c0:c8:b9:7c:cb:65: 207 85:54:18:54:63:fd:66:bd:56:62:1b:d0:d7:33:37: 208 db:b1:92:96:ad:5c:a6:dd:51:e4:82:18:cd:bd:c4: 209 3d:6a:f3:af:5e:de:da:5e:5f:e6:d2:f2:66:ee:de: 210 0c:6a:e5:72:58:0d:f1:21:1a:86:62:80:a1:e7:c3: 211 e3:eb:19:56:ef:88:a8:a8:c5:37:c6:98:48:f2:7d: 212 ea:b4:4a:e7:3e:9f:8b:14:6f:55:26:55:c9:ff:71: 213 bd:60:4a:82:d3:9c:20:10:76:ba:8c:75:c9:64:ad: 214 14:a9 215 Exponent: 65537 (0x10001) 216 X509v3 extensions: 217 X509v3 Subject Key Identifier: 218 E3:18:38:0F:81:36:AC:9B:8C:05:B1:1C:11:85:A0:86:55:A8:8F:B4 219 X509v3 Authority Key Identifier: 220 E3:18:38:0F:81:36:AC:9B:8C:05:B1:1C:11:85:A0:86:55:A8:8F:B4 221 Authority Information Access: 222 CA Issuers - URI:http://url-for-aia/Root.cer 223 X509v3 CRL Distribution Points: 224 Full Name: 225 URI:http://url-for-crl/Root.crl 226 X509v3 Key Usage: critical 227 Certificate Sign, CRL Sign 228 X509v3 Basic Constraints: critical 229 CA:TRUE 230 X509v3 Policy Constraints: critical 231 Require Explicit Policy:2 232 Signature Algorithm: sha256WithRSAEncryption 233 Signature Value: 234 3a:2b:a5:f1:fe:ef:97:5b:90:2a:7c:af:77:fc:b7:e0:3e:6b: 235 f1:02:a1:a3:f9:e0:87:34:43:8b:52:6e:35:c0:1d:19:44:95: 236 ad:31:d5:35:85:85:3c:03:2c:98:61:61:3e:64:eb:ac:b3:d5: 237 6c:85:f4:1c:02:a2:13:4d:42:f9:9c:99:c0:bf:7d:ce:30:fc: 238 7c:e7:40:21:70:96:13:a9:c3:c2:90:d1:80:60:ea:25:6b:cb: 239 30:95:46:1b:63:d3:6f:66:8b:f7:16:c1:da:42:de:3e:df:47: 240 90:24:4d:07:3e:a8:73:38:48:cb:8b:fb:be:de:c3:ae:fd:ed: 241 ff:b1:99:dc:5c:fa:ef:51:7c:05:66:b6:2c:84:c6:7f:4e:10: 242 17:7c:54:ac:a8:4d:b1:92:80:1f:c9:9b:95:84:9d:c2:97:b3: 243 88:c2:ba:21:2c:60:f8:f2:23:8f:a5:b8:e1:5f:08:c3:c1:b7: 244 86:1f:3f:08:77:df:01:31:80:b7:1e:01:ba:47:fd:25:91:5e: 245 aa:25:67:bd:cc:e1:4f:ee:74:1a:48:e4:b8:ec:e7:14:79:64: 246 16:b7:74:9b:c6:30:a9:0f:d7:5e:43:15:c7:b3:32:cc:f5:df: 247 04:cc:cb:b3:8e:90:ff:ca:d8:c4:ee:d9:9f:fc:ac:59:97:31: 248 4e:bb:57:3c 249-----BEGIN CERTIFICATE----- 250MIIDiTCCAnGgAwIBAgIUUMsEjm+sZz0hQHuTGYwzTNwABBwwDQYJKoZIhvcNAQEL 251BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw 252MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 253AoIBAQDFzBzlmtnehcCDC7k1VrZlR5T/t+0AqsrdgG2mp3UKYVdOVEAlZgczp2Jo 254zkAKZYrVN3C3tnWUPjPpZie3lEiUCViRA6lv1iFyzpeXlYxxVi6WA+bAt332mNDQ 255cxpJ3FWkNH04Yieti+R661Q4PpOqeub8Kf7eHJO8T9neWtrDNaQK5I6CHZl9dcT0 256sXdgXMDIuXzLZYVUGFRj/Wa9VmIb0NczN9uxkpatXKbdUeSCGM29xD1q869e3tpe 257X+bS8mbu3gxq5XJYDfEhGoZigKHnw+PrGVbviKioxTfGmEjyfeq0Suc+n4sUb1Um 258Vcn/cb1gSoLTnCAQdrqMdclkrRSpAgMBAAGjgdwwgdkwHQYDVR0OBBYEFOMYOA+B 259NqybjAWxHBGFoIZVqI+0MB8GA1UdIwQYMBaAFOMYOA+BNqybjAWxHBGFoIZVqI+0 260MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh 261L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S 262b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQB 263Af8EBTADgAECMA0GCSqGSIb3DQEBCwUAA4IBAQA6K6Xx/u+XW5AqfK93/LfgPmvx 264AqGj+eCHNEOLUm41wB0ZRJWtMdU1hYU8AyyYYWE+ZOuss9VshfQcAqITTUL5nJnA 265v33OMPx850AhcJYTqcPCkNGAYOola8swlUYbY9NvZov3FsHaQt4+30eQJE0HPqhz 266OEjLi/u+3sOu/e3/sZncXPrvUXwFZrYshMZ/ThAXfFSsqE2xkoAfyZuVhJ3Cl7OI 267wrohLGD48iOPpbjhXwjDwbeGHz8Id98BMYC3HgG6R/0lkV6qJWe9zOFP7nQaSOS4 2687OcUeWQWt3SbxjCpD9deQxXHszLM9d8EzMuzjpD/ytjE7tmf/KxZlzFOu1c8 269-----END CERTIFICATE----- 270