1[Created by: ./generate-chains.py] 2 3Certificate chain of length 3 with requireExplicitPolicy=3 on the root, 4meaning an explicit policy should not be required and the chain should verify 5successfully regardless of if the root constraints are enforced. 6 7Certificate: 8 Data: 9 Version: 3 (0x2) 10 Serial Number: 11 03:5b:49:46:e8:31:a6:8f:13:4f:5b:90:90:91:c8:28:8e:e0:5a:d8 12 Signature Algorithm: sha256WithRSAEncryption 13 Issuer: CN=Intermediate 14 Validity 15 Not Before: Oct 5 12:00:00 2021 GMT 16 Not After : Oct 5 12:00:00 2022 GMT 17 Subject: CN=Target 18 Subject Public Key Info: 19 Public Key Algorithm: rsaEncryption 20 Public-Key: (2048 bit) 21 Modulus: 22 00:b8:56:11:e6:4f:80:6b:56:9a:4c:11:bf:0c:6a: 23 42:ec:59:97:8a:29:4b:55:89:7b:28:f1:80:4e:9f: 24 fe:01:9b:72:d2:35:96:89:54:ad:db:9e:ae:23:da: 25 da:9e:1e:5f:7b:4d:a3:f9:c2:93:bd:cb:6a:8a:97: 26 92:41:62:bd:f5:16:c0:4d:c4:59:98:7c:52:32:62: 27 45:52:70:4e:48:f7:ac:b7:0e:4c:51:89:04:c3:d6: 28 ce:12:c7:be:8f:a1:fd:d0:4d:81:86:a5:c2:11:84: 29 23:1f:de:76:84:d9:70:fb:d7:ad:5b:54:f7:09:fe: 30 ac:8b:de:4d:cf:a7:d9:dd:23:90:76:3a:de:c3:8b: 31 5e:b4:3d:6e:2d:87:64:da:0f:a4:f5:34:81:ee:c3: 32 9a:61:43:56:66:1f:c5:bf:f6:e5:a1:ed:80:49:48: 33 92:f1:15:b8:f4:07:5c:9d:92:6d:87:19:ca:5c:c8: 34 55:48:09:ce:f2:e0:af:1e:8b:d5:30:4f:92:b7:a7: 35 02:84:76:b3:85:81:17:f1:0e:9b:a4:a3:ca:07:3a: 36 d8:a2:f5:15:40:07:5f:a7:97:27:ca:1d:2c:b8:ff: 37 c4:0b:43:c1:9e:18:91:fd:01:e7:20:a5:11:b2:db: 38 71:c2:c9:60:f8:bc:d3:a8:f3:0b:fb:1f:eb:6a:94: 39 d2:fb 40 Exponent: 65537 (0x10001) 41 X509v3 extensions: 42 X509v3 Subject Key Identifier: 43 15:C7:83:51:99:8A:EC:AA:F1:4A:2C:1C:04:C0:37:BD:64:8A:43:47 44 X509v3 Authority Key Identifier: 45 CB:C6:A8:3A:83:0E:5B:41:0C:3E:C3:20:48:BF:37:69:DB:5A:DC:87 46 Authority Information Access: 47 CA Issuers - URI:http://url-for-aia/Intermediate.cer 48 X509v3 CRL Distribution Points: 49 Full Name: 50 URI:http://url-for-crl/Intermediate.crl 51 X509v3 Key Usage: critical 52 Digital Signature, Key Encipherment 53 X509v3 Extended Key Usage: 54 TLS Web Server Authentication, TLS Web Client Authentication 55 Signature Algorithm: sha256WithRSAEncryption 56 Signature Value: 57 3a:ae:fd:b2:ff:a8:4e:1f:f8:82:90:3d:d3:9e:db:9b:d8:2e: 58 af:72:cf:7e:f8:19:07:96:a6:64:00:e8:c2:96:38:48:d3:7d: 59 0a:ee:ff:bb:e7:81:9e:84:4a:a3:b1:8b:4b:92:6c:54:b7:74: 60 24:64:0b:4a:50:bf:dd:03:68:58:bf:7c:3d:e3:cc:e6:c8:29: 61 5b:ab:ac:9d:9e:41:35:8f:83:18:fd:2d:82:34:4c:44:f6:25: 62 aa:42:50:b4:bc:4b:b2:9f:f5:39:9c:ab:90:02:ec:35:a1:f5: 63 36:98:8e:fa:e3:ed:37:9e:59:62:b6:6e:61:8e:8a:fa:5c:22: 64 ec:ec:7b:c2:15:82:f8:35:29:e3:b4:d7:24:7e:6b:68:76:a8: 65 c1:44:c1:33:0c:aa:3f:78:46:84:86:df:a6:e7:33:f6:93:83: 66 ea:23:30:24:5a:ec:ff:3f:08:ab:28:fb:38:a5:e6:dc:65:c6: 67 0a:d5:5d:fe:cd:3b:82:be:d4:d8:ac:4b:e8:27:ed:7f:9b:7e: 68 36:0a:1e:a5:79:f4:48:5d:ee:8f:22:de:b2:9f:14:cd:27:5a: 69 d2:ad:3f:99:a4:8b:58:79:f3:b7:a3:97:65:b9:ea:50:3d:ee: 70 1d:c0:a0:7a:ff:0c:bf:8a:98:f5:bd:87:97:8c:15:1b:9d:9f: 71 69:b5:dc:7a 72-----BEGIN CERTIFICATE----- 73MIIDoDCCAoigAwIBAgIUA1tJRugxpo8TT1uQkJHIKI7gWtgwDQYJKoZIhvcNAQEL 74BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy 75MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF 76AAOCAQ8AMIIBCgKCAQEAuFYR5k+Aa1aaTBG/DGpC7FmXiilLVYl7KPGATp/+AZty 770jWWiVSt256uI9ranh5fe02j+cKTvctqipeSQWK99RbATcRZmHxSMmJFUnBOSPes 78tw5MUYkEw9bOEse+j6H90E2BhqXCEYQjH952hNlw+9etW1T3Cf6si95Nz6fZ3SOQ 79djrew4tetD1uLYdk2g+k9TSB7sOaYUNWZh/Fv/bloe2ASUiS8RW49AdcnZJthxnK 80XMhVSAnO8uCvHovVME+St6cChHazhYEX8Q6bpKPKBzrYovUVQAdfp5cnyh0suP/E 81C0PBnhiR/QHnIKURsttxwslg+LzTqPML+x/rapTS+wIDAQABo4HpMIHmMB0GA1Ud 82DgQWBBQVx4NRmYrsqvFKLBwEwDe9ZIpDRzAfBgNVHSMEGDAWgBTLxqg6gw5bQQw+ 83wyBIvzdp21rchzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 84cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 85dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF 86oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD 87ggEBADqu/bL/qE4f+IKQPdOe25vYLq9yz374GQeWpmQA6MKWOEjTfQru/7vngZ6E 88SqOxi0uSbFS3dCRkC0pQv90DaFi/fD3jzObIKVurrJ2eQTWPgxj9LYI0TET2JapC 89ULS8S7Kf9Tmcq5AC7DWh9TaYjvrj7TeeWWK2bmGOivpcIuzse8IVgvg1KeO01yR+ 90a2h2qMFEwTMMqj94RoSG36bnM/aTg+ojMCRa7P8/CKso+zil5txlxgrVXf7NO4K+ 911NisS+gn7X+bfjYKHqV59Ehd7o8i3rKfFM0nWtKtP5mki1h587ejl2W56lA97h3A 92oHr/DL+KmPW9h5eMFRudn2m13Ho= 93-----END CERTIFICATE----- 94 95Certificate: 96 Data: 97 Version: 3 (0x2) 98 Serial Number: 99 71:3e:c4:86:ac:54:59:35:82:3f:d6:88:60:c9:83:73:e4:29:0c:27 100 Signature Algorithm: sha256WithRSAEncryption 101 Issuer: CN=Root 102 Validity 103 Not Before: Oct 5 12:00:00 2021 GMT 104 Not After : Oct 5 12:00:00 2022 GMT 105 Subject: CN=Intermediate 106 Subject Public Key Info: 107 Public Key Algorithm: rsaEncryption 108 Public-Key: (2048 bit) 109 Modulus: 110 00:b9:0c:ea:12:ab:57:9d:4a:f2:58:74:68:94:60: 111 14:1e:5f:ff:fc:9d:62:f6:0d:34:6e:e9:2f:ca:d5: 112 53:29:e6:a3:2f:c0:6b:6e:62:82:b1:5f:26:3d:2d: 113 98:99:93:7d:6f:f5:1c:cf:54:d3:c4:4b:81:cb:b3: 114 a5:98:57:bd:fe:7f:19:76:af:99:ef:cc:62:cf:c0: 115 1c:df:5e:f9:b6:94:49:33:6f:db:ba:bf:5b:e2:20: 116 87:9d:3f:7e:c2:e7:94:76:3d:8b:7f:a0:49:f1:2d: 117 30:77:7b:8b:2c:b6:ec:cd:1e:5e:bf:e5:1b:86:dd: 118 d8:c1:e1:0d:b4:57:f0:aa:0a:58:d4:c3:4d:5b:cb: 119 bf:0e:f9:c7:23:61:f8:a3:0e:ab:2d:0f:87:1a:4f: 120 1d:0b:e6:39:0a:0a:35:be:f3:f9:55:f7:87:cd:f7: 121 7a:d7:18:7d:b7:0c:1f:6a:7a:67:52:55:6d:b8:ed: 122 87:28:a9:fe:eb:c3:c8:a8:66:bc:33:93:db:9e:20: 123 44:6b:31:36:b8:15:1b:cf:37:c2:be:9d:45:7c:3d: 124 d2:13:36:a0:1d:d7:74:52:67:a3:b7:3b:4a:54:01: 125 c5:6e:72:71:9d:47:39:44:58:27:08:a2:54:15:b5: 126 27:df:7b:3f:c9:f1:cb:23:be:cf:bd:8e:37:be:f2: 127 8d:8f 128 Exponent: 65537 (0x10001) 129 X509v3 extensions: 130 X509v3 Subject Key Identifier: 131 CB:C6:A8:3A:83:0E:5B:41:0C:3E:C3:20:48:BF:37:69:DB:5A:DC:87 132 X509v3 Authority Key Identifier: 133 04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34 134 Authority Information Access: 135 CA Issuers - URI:http://url-for-aia/Root.cer 136 X509v3 CRL Distribution Points: 137 Full Name: 138 URI:http://url-for-crl/Root.crl 139 X509v3 Key Usage: critical 140 Certificate Sign, CRL Sign 141 X509v3 Basic Constraints: critical 142 CA:TRUE 143 Signature Algorithm: sha256WithRSAEncryption 144 Signature Value: 145 7e:a0:5a:59:73:39:3f:56:aa:ad:33:92:7e:da:68:0f:30:65: 146 b8:4b:ec:6a:7c:e1:de:f6:c4:5e:96:15:6d:dc:87:35:1b:60: 147 52:e6:0c:3c:c6:38:fc:75:f5:10:9a:6b:59:dd:53:7d:3e:26: 148 74:b7:68:89:27:9a:4e:4c:c2:95:5c:ed:ba:4e:20:29:7d:a6: 149 38:81:1c:b4:58:11:c4:d8:02:b2:76:34:23:bf:c5:43:82:6f: 150 65:95:23:1c:cc:86:9a:d2:85:e0:a9:c8:61:74:97:9c:6e:90: 151 c0:47:d0:b2:ce:df:0f:b2:4d:40:1f:b0:70:a0:db:94:97:1a: 152 e6:c4:a0:ff:46:a6:9c:83:28:c2:fc:69:af:42:e6:ce:11:18: 153 ff:05:cb:54:c3:d5:35:3f:a0:1e:2d:76:67:83:b5:b8:79:70: 154 4e:bd:36:cd:e7:82:d5:97:da:10:3f:b4:92:65:dd:c7:c1:d0: 155 6f:30:91:a3:6d:be:22:0c:71:e9:b7:b3:a7:24:c1:28:d2:ac: 156 93:ef:ed:3b:bc:51:b2:64:4d:f7:02:f1:04:80:9d:3f:f8:f7: 157 55:62:d4:6e:62:1e:15:b9:a5:80:c6:30:e6:c4:e2:5d:d5:af: 158 7f:69:5b:38:81:4a:8e:27:58:04:6e:f3:34:7f:7d:e8:c8:90: 159 a6:91:78:a6 160-----BEGIN CERTIFICATE----- 161MIIDgDCCAmigAwIBAgIUcT7EhqxUWTWCP9aIYMmDc+QpDCcwDQYJKoZIhvcNAQEL 162BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw 163MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD 164ggEPADCCAQoCggEBALkM6hKrV51K8lh0aJRgFB5f//ydYvYNNG7pL8rVUynmoy/A 165a25igrFfJj0tmJmTfW/1HM9U08RLgcuzpZhXvf5/GXavme/MYs/AHN9e+baUSTNv 16627q/W+Igh50/fsLnlHY9i3+gSfEtMHd7iyy27M0eXr/lG4bd2MHhDbRX8KoKWNTD 167TVvLvw75xyNh+KMOqy0PhxpPHQvmOQoKNb7z+VX3h833etcYfbcMH2p6Z1JVbbjt 168hyip/uvDyKhmvDOT254gRGsxNrgVG883wr6dRXw90hM2oB3XdFJno7c7SlQBxW5y 169cZ1HOURYJwiiVBW1J997P8nxyyO+z72ON77yjY8CAwEAAaOByzCByDAdBgNVHQ4E 170FgQUy8aoOoMOW0EMPsMgSL83adta3IcwHwYDVR0jBBgwFoAUBMzuhRcsN0zS0wha 171lGbuWv+oeTQwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs 172LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m 173b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ 174MA0GCSqGSIb3DQEBCwUAA4IBAQB+oFpZczk/VqqtM5J+2mgPMGW4S+xqfOHe9sRe 175lhVt3Ic1G2BS5gw8xjj8dfUQmmtZ3VN9PiZ0t2iJJ5pOTMKVXO26TiApfaY4gRy0 176WBHE2AKydjQjv8VDgm9llSMczIaa0oXgqchhdJecbpDAR9Cyzt8Psk1AH7BwoNuU 177lxrmxKD/RqacgyjC/GmvQubOERj/BctUw9U1P6AeLXZng7W4eXBOvTbN54LVl9oQ 178P7SSZd3HwdBvMJGjbb4iDHHpt7OnJMEo0qyT7+07vFGyZE33AvEEgJ0/+PdVYtRu 179Yh4VuaWAxjDmxOJd1a9/aVs4gUqOJ1gEbvM0f33oyJCmkXim 180-----END CERTIFICATE----- 181 182Certificate: 183 Data: 184 Version: 3 (0x2) 185 Serial Number: 186 71:3e:c4:86:ac:54:59:35:82:3f:d6:88:60:c9:83:73:e4:29:0c:26 187 Signature Algorithm: sha256WithRSAEncryption 188 Issuer: CN=Root 189 Validity 190 Not Before: Oct 5 12:00:00 2021 GMT 191 Not After : Oct 5 12:00:00 2022 GMT 192 Subject: CN=Root 193 Subject Public Key Info: 194 Public Key Algorithm: rsaEncryption 195 Public-Key: (2048 bit) 196 Modulus: 197 00:a8:ae:84:aa:34:ef:4a:a7:14:8c:a4:e3:d7:7d: 198 ef:7e:3a:25:72:c0:9c:be:13:87:cd:a0:ae:fc:96: 199 cb:f7:80:6d:4f:d0:2b:c6:5e:b2:9a:0a:b6:af:ae: 200 0a:92:93:99:f1:44:d1:ea:bd:01:54:11:4e:04:5f: 201 00:16:85:81:26:4d:47:44:6b:e2:b7:92:e5:c8:41: 202 a5:7a:5f:23:c5:4e:7f:db:12:f4:8d:a2:2f:5c:83: 203 64:b3:6a:fc:f1:36:53:0e:c2:90:88:18:f5:c3:d8: 204 3d:e7:a6:7f:a0:c7:66:f1:24:aa:80:52:0a:50:96: 205 c3:14:ae:48:ba:ee:ee:34:9f:7e:99:d4:ee:00:c1: 206 41:d8:6c:93:ab:2d:11:65:2b:17:cd:6b:f6:80:f2: 207 66:5b:27:89:7f:92:1c:a6:d0:e1:f4:33:11:b6:7f: 208 a9:f6:4b:46:eb:2d:3c:8d:7f:7a:fd:cf:dd:43:64: 209 b0:14:b8:58:05:dc:f7:59:de:1f:c2:af:d6:89:4e: 210 0e:98:68:21:30:3a:8b:23:00:6c:29:0f:91:fe:99: 211 d3:ac:fa:76:be:f7:f3:2c:87:e8:44:1b:1f:59:fe: 212 81:db:70:88:2d:e3:84:65:e8:33:49:03:c3:f0:a1: 213 39:a5:85:df:58:8d:6d:70:0f:8c:3d:20:fe:f0:ba: 214 22:19 215 Exponent: 65537 (0x10001) 216 X509v3 extensions: 217 X509v3 Subject Key Identifier: 218 04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34 219 X509v3 Authority Key Identifier: 220 04:CC:EE:85:17:2C:37:4C:D2:D3:08:5A:94:66:EE:5A:FF:A8:79:34 221 Authority Information Access: 222 CA Issuers - URI:http://url-for-aia/Root.cer 223 X509v3 CRL Distribution Points: 224 Full Name: 225 URI:http://url-for-crl/Root.crl 226 X509v3 Key Usage: critical 227 Certificate Sign, CRL Sign 228 X509v3 Basic Constraints: critical 229 CA:TRUE 230 X509v3 Policy Constraints: critical 231 Require Explicit Policy:3 232 Signature Algorithm: sha256WithRSAEncryption 233 Signature Value: 234 77:0f:1b:33:10:e7:d2:36:f1:7d:fb:68:33:9e:53:4a:08:c5: 235 b1:66:5c:8f:9f:ed:b0:2f:6a:4a:e7:b3:1e:33:94:66:17:59: 236 86:47:32:e7:27:7f:34:1b:f8:7d:dd:93:40:9f:89:d0:7a:4c: 237 cc:8c:31:5a:23:3f:1d:41:4e:5b:40:c5:d2:c5:a5:7e:a6:8e: 238 75:07:3a:db:6c:80:08:f0:a0:74:fa:94:b1:dc:9a:cc:f3:13: 239 e8:8d:af:7a:95:5b:4e:8c:2b:ce:42:bc:a1:65:bd:a0:1b:74: 240 0f:28:1d:7e:05:8d:10:0f:b9:e6:dd:3b:4f:b8:a5:84:dd:1d: 241 3d:4e:69:58:c1:5c:12:6f:c4:e5:8a:88:3b:9d:0f:c8:ef:f6: 242 36:27:74:b5:e9:a4:b0:dc:3e:2c:eb:6a:74:af:4b:c7:c3:0d: 243 60:f1:ef:ef:58:36:cd:74:c8:f1:f1:73:1c:fa:3d:a1:86:80: 244 90:ee:25:f4:39:b1:08:a3:17:a2:d2:92:84:ff:4a:4a:ca:19: 245 76:d4:91:23:56:e4:74:94:e9:21:e5:3b:bb:22:fe:95:18:a4: 246 ad:80:85:b6:f3:97:fe:1a:11:87:b7:c7:9a:f8:48:55:5a:a5: 247 78:0e:55:70:4d:2d:20:b2:82:e1:51:f0:c5:1d:08:13:b7:26: 248 a7:81:e7:d5 249-----BEGIN CERTIFICATE----- 250MIIDiTCCAnGgAwIBAgIUcT7EhqxUWTWCP9aIYMmDc+QpDCYwDQYJKoZIhvcNAQEL 251BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw 252MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 253AoIBAQCoroSqNO9KpxSMpOPXfe9+OiVywJy+E4fNoK78lsv3gG1P0CvGXrKaCrav 254rgqSk5nxRNHqvQFUEU4EXwAWhYEmTUdEa+K3kuXIQaV6XyPFTn/bEvSNoi9cg2Sz 255avzxNlMOwpCIGPXD2D3npn+gx2bxJKqAUgpQlsMUrki67u40n36Z1O4AwUHYbJOr 256LRFlKxfNa/aA8mZbJ4l/khym0OH0MxG2f6n2S0brLTyNf3r9z91DZLAUuFgF3PdZ 2573h/Cr9aJTg6YaCEwOosjAGwpD5H+mdOs+na+9/Msh+hEGx9Z/oHbcIgt44Rl6DNJ 258A8PwoTmlhd9YjW1wD4w9IP7wuiIZAgMBAAGjgdwwgdkwHQYDVR0OBBYEFATM7oUX 259LDdM0tMIWpRm7lr/qHk0MB8GA1UdIwQYMBaAFATM7oUXLDdM0tMIWpRm7lr/qHk0 260MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh 261L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S 262b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQB 263Af8EBTADgAEDMA0GCSqGSIb3DQEBCwUAA4IBAQB3DxszEOfSNvF9+2gznlNKCMWx 264ZlyPn+2wL2pK57MeM5RmF1mGRzLnJ380G/h93ZNAn4nQekzMjDFaIz8dQU5bQMXS 265xaV+po51BzrbbIAI8KB0+pSx3JrM8xPoja96lVtOjCvOQryhZb2gG3QPKB1+BY0Q 266D7nm3TtPuKWE3R09TmlYwVwSb8Tliog7nQ/I7/Y2J3S16aSw3D4s62p0r0vHww1g 2678e/vWDbNdMjx8XMc+j2hhoCQ7iX0ObEIoxei0pKE/0pKyhl21JEjVuR0lOkh5Tu7 268Iv6VGKStgIW285f+GhGHt8ea+EhVWqV4DlVwTS0gsoLhUfDFHQgTtyangefV 269-----END CERTIFICATE----- 270