1[Created by: ./generate-chains.py] 2 3Certificate chain with policyMappings on the root, and appropriate policies 4on the intermediate and leaf. Should pass. 5 6Certificate: 7 Data: 8 Version: 3 (0x2) 9 Serial Number: 10 5a:e9:b2:55:6d:14:8e:a6:58:4c:c4:d4:42:26:ad:b3:da:6c:6e:e2 11 Signature Algorithm: sha256WithRSAEncryption 12 Issuer: CN=Intermediate 13 Validity 14 Not Before: Oct 5 12:00:00 2021 GMT 15 Not After : Oct 5 12:00:00 2022 GMT 16 Subject: CN=Target 17 Subject Public Key Info: 18 Public Key Algorithm: rsaEncryption 19 Public-Key: (2048 bit) 20 Modulus: 21 00:a8:b5:55:2c:03:e1:5f:2a:e2:6b:38:51:05:21: 22 d4:60:d5:a4:6a:7a:1f:2a:a4:a5:d2:90:de:06:71: 23 cf:07:0c:70:96:8a:31:b9:ab:5c:f9:53:2a:02:96: 24 42:b1:43:5a:43:29:95:01:5b:0e:57:00:e2:51:71: 25 b8:e6:8d:21:ee:a8:2c:82:1c:40:1b:5b:17:23:1f: 26 40:61:eb:db:a6:e9:27:f2:ca:10:93:08:e0:06:44: 27 e6:2f:0b:17:e3:07:0a:bc:eb:79:16:42:f9:73:32: 28 6a:84:d8:6c:2f:bc:1b:71:29:91:9d:e8:8e:b7:ae: 29 2b:ba:7d:6d:62:75:67:32:8c:d1:25:45:32:66:c8: 30 b6:17:ba:61:55:a4:bd:61:98:13:d5:28:e7:77:21: 31 22:5b:7b:89:52:7f:24:ee:80:43:d1:d1:9b:35:b4: 32 7b:19:99:54:31:9f:c6:85:8a:91:57:c3:16:5a:7d: 33 70:cd:5a:53:6b:b1:0f:14:1b:a3:8f:10:2f:82:68: 34 2b:cb:f0:3d:60:45:ba:d8:5a:ab:a8:64:f5:dd:a1: 35 ab:8b:ae:22:74:42:79:3f:d1:b0:d7:37:9b:2e:7c: 36 c3:a9:fa:01:9e:77:21:3a:29:21:75:be:0c:0f:69: 37 55:32:a7:27:07:d4:52:a1:79:10:77:6e:b6:d7:b4: 38 f6:7f 39 Exponent: 65537 (0x10001) 40 X509v3 extensions: 41 X509v3 Subject Key Identifier: 42 89:AA:33:F0:29:99:24:A9:76:76:A9:42:19:F0:27:7C:A9:21:FB:92 43 X509v3 Authority Key Identifier: 44 23:15:56:0B:B2:09:04:1C:9D:21:49:EA:4E:E4:E0:EA:15:FC:E7:BF 45 Authority Information Access: 46 CA Issuers - URI:http://url-for-aia/Intermediate.cer 47 X509v3 CRL Distribution Points: 48 Full Name: 49 URI:http://url-for-crl/Intermediate.crl 50 X509v3 Key Usage: critical 51 Digital Signature, Key Encipherment 52 X509v3 Extended Key Usage: 53 TLS Web Server Authentication, TLS Web Client Authentication 54 X509v3 Certificate Policies: critical 55 Policy: 1.2.3.5 56 Signature Algorithm: sha256WithRSAEncryption 57 Signature Value: 58 60:9e:8e:5c:f2:af:67:d4:aa:66:1a:8b:21:ad:3f:84:8c:3d: 59 f0:72:39:61:6b:96:29:61:35:e2:c0:95:65:d0:e0:4d:4f:90: 60 88:73:c9:fb:63:49:62:28:db:3d:d4:f5:86:69:8e:8f:88:1a: 61 d7:10:99:48:9d:1a:50:11:0c:6c:f2:9d:81:67:b6:15:3c:34: 62 ee:71:99:d2:c8:3c:1e:92:4d:04:c1:e0:4e:0b:f1:22:64:11: 63 f5:da:3f:2b:30:6c:fe:80:00:30:fa:5f:e1:6f:8e:13:ab:f7: 64 d2:1b:3d:ad:94:24:97:83:b1:ce:51:e5:ef:00:41:2f:4b:de: 65 2b:1d:8d:f6:b6:4b:2f:5e:03:03:f3:62:56:9b:ef:86:6b:26: 66 1c:d4:b7:e8:e7:b1:30:ee:34:18:c2:b3:9d:c4:ef:ba:80:10: 67 ed:be:44:03:42:e2:95:0c:32:61:ca:8b:47:de:b6:68:e1:1d: 68 79:f2:00:d0:3d:d7:3b:3e:cd:87:67:57:00:f3:06:a5:09:f3: 69 f2:a1:b2:10:ca:f8:57:b9:42:a0:47:59:35:bb:42:30:59:c4: 70 ff:50:d4:f0:07:f4:bf:27:9a:45:23:39:65:a4:35:ac:5c:e6: 71 6a:7d:cc:ac:c3:d9:74:81:4e:42:1d:a4:5a:a9:81:c8:7b:cb: 72 19:0b:c9:5d 73-----BEGIN CERTIFICATE----- 74MIIDtTCCAp2gAwIBAgIUWumyVW0UjqZYTMTUQiats9psbuIwDQYJKoZIhvcNAQEL 75BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy 76MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF 77AAOCAQ8AMIIBCgKCAQEAqLVVLAPhXyriazhRBSHUYNWkanofKqSl0pDeBnHPBwxw 78looxuatc+VMqApZCsUNaQymVAVsOVwDiUXG45o0h7qgsghxAG1sXIx9AYevbpukn 798soQkwjgBkTmLwsX4wcKvOt5FkL5czJqhNhsL7wbcSmRneiOt64run1tYnVnMozR 80JUUyZsi2F7phVaS9YZgT1SjndyEiW3uJUn8k7oBD0dGbNbR7GZlUMZ/GhYqRV8MW 81Wn1wzVpTa7EPFBujjxAvgmgry/A9YEW62FqrqGT13aGri64idEJ5P9Gw1zebLnzD 82qfoBnnchOikhdb4MD2lVMqcnB9RSoXkQd26217T2fwIDAQABo4H+MIH7MB0GA1Ud 83DgQWBBSJqjPwKZkkqXZ2qUIZ8Cd8qSH7kjAfBgNVHSMEGDAWgBQjFVYLsgkEHJ0h 84SepO5ODqFfznvzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 85cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 86dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF 87oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF 88BgMqAwUwDQYJKoZIhvcNAQELBQADggEBAGCejlzyr2fUqmYaiyGtP4SMPfByOWFr 89lilhNeLAlWXQ4E1PkIhzyftjSWIo2z3U9YZpjo+IGtcQmUidGlARDGzynYFnthU8 90NO5xmdLIPB6STQTB4E4L8SJkEfXaPyswbP6AADD6X+FvjhOr99IbPa2UJJeDsc5R 915e8AQS9L3isdjfa2Sy9eAwPzYlab74ZrJhzUt+jnsTDuNBjCs53E77qAEO2+RANC 924pUMMmHKi0fetmjhHXnyANA91zs+zYdnVwDzBqUJ8/KhshDK+Fe5QqBHWTW7QjBZ 93xP9Q1PAH9L8nmkUjOWWkNaxc5mp9zKzD2XSBTkIdpFqpgch7yxkLyV0= 94-----END CERTIFICATE----- 95 96Certificate: 97 Data: 98 Version: 3 (0x2) 99 Serial Number: 100 25:ab:91:cd:cb:d4:6b:d6:d6:c9:c3:14:54:9c:9a:29:5f:02:ac:94 101 Signature Algorithm: sha256WithRSAEncryption 102 Issuer: CN=Root 103 Validity 104 Not Before: Oct 5 12:00:00 2021 GMT 105 Not After : Oct 5 12:00:00 2022 GMT 106 Subject: CN=Intermediate 107 Subject Public Key Info: 108 Public Key Algorithm: rsaEncryption 109 Public-Key: (2048 bit) 110 Modulus: 111 00:a9:98:43:77:82:03:75:51:a8:61:e5:0f:2b:9b: 112 d2:31:9d:dd:0f:09:55:47:26:8d:33:0a:65:84:5c: 113 a6:d1:50:6f:f0:62:3a:3f:e7:8f:19:04:4a:24:e2: 114 71:56:00:64:1a:64:42:81:96:2c:a7:fa:c7:30:58: 115 77:6b:45:63:d1:e7:9d:4a:94:e0:0e:25:03:22:94: 116 eb:b5:4f:22:4d:b9:3c:60:80:ac:12:49:76:f0:37: 117 72:04:1f:f0:69:98:6b:1f:00:76:30:9e:9f:ad:71: 118 7a:dd:90:93:69:e3:9d:bd:ff:58:92:13:1f:3d:00: 119 b8:d5:7a:91:73:0f:e7:af:44:c5:aa:dd:80:23:ec: 120 95:b0:fb:ab:1b:36:1b:5c:a3:7a:09:09:41:79:0e: 121 86:1c:93:14:98:fa:ea:be:40:1b:bd:f4:46:28:2d: 122 21:8f:85:6c:6f:8f:5e:70:2c:cf:f7:22:89:a6:3a: 123 14:d4:3b:26:a6:3e:1f:1c:69:25:03:e8:8c:8a:18: 124 91:25:33:39:2b:a3:34:72:af:e9:8c:35:66:7a:81: 125 15:fd:36:21:a9:7d:5a:6c:39:bf:0f:05:cd:9d:cf: 126 2f:7f:71:95:5c:f5:b3:5b:43:7c:8e:55:24:b7:2f: 127 f2:69:38:b5:53:49:bb:bf:57:cc:cf:96:22:3b:05: 128 9c:59 129 Exponent: 65537 (0x10001) 130 X509v3 extensions: 131 X509v3 Subject Key Identifier: 132 23:15:56:0B:B2:09:04:1C:9D:21:49:EA:4E:E4:E0:EA:15:FC:E7:BF 133 X509v3 Authority Key Identifier: 134 60:B0:E9:54:4F:5B:06:6B:93:AF:1C:BB:7E:96:27:2D:01:DC:24:8B 135 Authority Information Access: 136 CA Issuers - URI:http://url-for-aia/Root.cer 137 X509v3 CRL Distribution Points: 138 Full Name: 139 URI:http://url-for-crl/Root.crl 140 X509v3 Key Usage: critical 141 Certificate Sign, CRL Sign 142 X509v3 Basic Constraints: critical 143 CA:TRUE 144 X509v3 Policy Constraints: critical 145 Require Explicit Policy:0 146 X509v3 Certificate Policies: critical 147 Policy: 1.2.3.5 148 Signature Algorithm: sha256WithRSAEncryption 149 Signature Value: 150 5c:b4:05:b4:a0:61:80:8a:1f:21:c0:0f:18:5e:9d:8b:c9:12: 151 45:db:06:c3:1f:0f:47:86:4b:61:0d:c1:fc:a6:7c:fb:4e:47: 152 dc:41:3a:fc:60:93:e9:4f:8b:d9:ec:a5:28:2e:5e:1f:41:48: 153 0f:86:ba:fd:d5:a5:2f:5f:51:e6:f8:58:8f:5d:28:2b:d0:9e: 154 1a:b7:2e:62:e6:03:ab:4a:f5:10:e4:01:52:ce:eb:6e:a4:f6: 155 97:c6:3e:86:19:20:68:1f:e6:72:8f:65:ab:95:e0:a3:0e:2b: 156 22:60:b1:9b:55:04:ca:a8:51:4c:82:46:db:e2:a4:1d:63:59: 157 6e:28:82:85:94:4a:4f:44:5f:1e:eb:8e:d2:d7:ec:9b:b7:51: 158 2a:88:58:4d:63:05:c0:0a:bc:a8:14:a6:79:5e:1d:c5:8d:b2: 159 2f:cf:a8:d6:9d:51:76:28:64:3f:b5:69:f1:d2:2f:85:59:1b: 160 b4:a0:59:61:af:b9:76:ce:75:54:75:68:87:d0:63:18:96:8f: 161 e0:33:a4:9a:77:ef:91:bb:83:f6:5e:4a:33:23:ff:71:85:d1: 162 66:b9:33:d7:2d:58:55:9f:1a:14:20:d3:5a:4d:20:84:44:88: 163 fa:1c:5c:41:41:1a:4e:bf:88:5f:14:c1:67:09:73:21:81:14: 164 0d:61:41:a1 165-----BEGIN CERTIFICATE----- 166MIIDpjCCAo6gAwIBAgIUJauRzcvUa9bWycMUVJyaKV8CrJQwDQYJKoZIhvcNAQEL 167BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw 168MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD 169ggEPADCCAQoCggEBAKmYQ3eCA3VRqGHlDyub0jGd3Q8JVUcmjTMKZYRcptFQb/Bi 170Oj/njxkESiTicVYAZBpkQoGWLKf6xzBYd2tFY9HnnUqU4A4lAyKU67VPIk25PGCA 171rBJJdvA3cgQf8GmYax8AdjCen61xet2Qk2njnb3/WJITHz0AuNV6kXMP569Exard 172gCPslbD7qxs2G1yjegkJQXkOhhyTFJj66r5AG730RigtIY+FbG+PXnAsz/ciiaY6 173FNQ7JqY+HxxpJQPojIoYkSUzOSujNHKv6Yw1ZnqBFf02Ial9Wmw5vw8FzZ3PL39x 174lVz1s1tDfI5VJLcv8mk4tVNJu79XzM+WIjsFnFkCAwEAAaOB8TCB7jAdBgNVHQ4E 175FgQUIxVWC7IJBBydIUnqTuTg6hX8578wHwYDVR0jBBgwFoAUYLDpVE9bBmuTrxy7 176fpYnLQHcJIswNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs 177LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m 178b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ 179MA8GA1UdJAEB/wQFMAOAAQAwEwYDVR0gAQH/BAkwBzAFBgMqAwUwDQYJKoZIhvcN 180AQELBQADggEBAFy0BbSgYYCKHyHADxhenYvJEkXbBsMfD0eGS2ENwfymfPtOR9xB 181Ovxgk+lPi9nspSguXh9BSA+Guv3VpS9fUeb4WI9dKCvQnhq3LmLmA6tK9RDkAVLO 182626k9pfGPoYZIGgf5nKPZauV4KMOKyJgsZtVBMqoUUyCRtvipB1jWW4ogoWUSk9E 183Xx7rjtLX7Ju3USqIWE1jBcAKvKgUpnleHcWNsi/PqNadUXYoZD+1afHSL4VZG7Sg 184WWGvuXbOdVR1aIfQYxiWj+AzpJp375G7g/ZeSjMj/3GF0Wa5M9ctWFWfGhQg01pN 185IIREiPocXEFBGk6/iF8UwWcJcyGBFA1hQaE= 186-----END CERTIFICATE----- 187 188Certificate: 189 Data: 190 Version: 3 (0x2) 191 Serial Number: 192 25:ab:91:cd:cb:d4:6b:d6:d6:c9:c3:14:54:9c:9a:29:5f:02:ac:93 193 Signature Algorithm: sha256WithRSAEncryption 194 Issuer: CN=Root 195 Validity 196 Not Before: Oct 5 12:00:00 2021 GMT 197 Not After : Oct 5 12:00:00 2022 GMT 198 Subject: CN=Root 199 Subject Public Key Info: 200 Public Key Algorithm: rsaEncryption 201 Public-Key: (2048 bit) 202 Modulus: 203 00:ba:b5:60:e3:ae:80:d9:8d:1b:a2:fc:e7:31:20: 204 f8:8a:f5:e1:10:65:40:74:80:4b:74:28:64:dc:ce: 205 0f:9b:ac:ca:24:e5:0d:ac:f7:dc:ef:b4:10:8b:97: 206 04:b9:81:1e:b8:fa:1a:1f:6c:a6:35:9f:1f:5b:19: 207 61:65:3b:10:eb:5c:fa:f8:f6:89:b3:2a:98:19:6d: 208 92:dd:c1:69:8e:be:52:2b:06:59:57:f2:8c:d0:08: 209 40:1d:fc:73:be:06:a0:87:e6:72:6f:09:f5:ab:ae: 210 c4:38:fc:85:0b:3c:2c:62:b1:25:50:32:a5:83:ee: 211 3c:2f:85:48:46:f1:ec:db:d9:aa:dd:b5:2a:a2:64: 212 87:d0:75:a7:71:4f:e8:58:53:31:c8:ad:89:0f:a6: 213 76:6d:de:78:0b:21:22:5d:35:1f:d4:5c:74:41:0b: 214 dd:72:fc:e4:84:30:bc:7b:b5:82:a6:84:4d:69:50: 215 f3:85:7d:f9:a1:10:fa:25:00:e4:53:cb:0e:0c:d6: 216 26:9f:1c:d4:12:2f:c9:f2:fc:80:27:5c:23:72:28: 217 30:d8:81:40:0b:80:6c:5a:f7:05:9c:13:db:98:66: 218 4a:52:65:4f:14:da:55:eb:bd:52:81:2f:b1:8e:a0: 219 99:8b:76:8a:77:51:64:f5:67:ff:98:1d:f3:8e:6f: 220 e3:6b 221 Exponent: 65537 (0x10001) 222 X509v3 extensions: 223 X509v3 Subject Key Identifier: 224 60:B0:E9:54:4F:5B:06:6B:93:AF:1C:BB:7E:96:27:2D:01:DC:24:8B 225 X509v3 Authority Key Identifier: 226 60:B0:E9:54:4F:5B:06:6B:93:AF:1C:BB:7E:96:27:2D:01:DC:24:8B 227 Authority Information Access: 228 CA Issuers - URI:http://url-for-aia/Root.cer 229 X509v3 CRL Distribution Points: 230 Full Name: 231 URI:http://url-for-crl/Root.crl 232 X509v3 Key Usage: critical 233 Certificate Sign, CRL Sign 234 X509v3 Basic Constraints: critical 235 CA:TRUE 236 X509v3 Certificate Policies: critical 237 Policy: 1.2.3.4 238 X509v3 Policy Mappings: critical 239 1.2.3.4:1.2.3.5 240 Signature Algorithm: sha256WithRSAEncryption 241 Signature Value: 242 1d:e9:a8:3e:aa:2d:d9:12:11:71:a8:0d:a8:5b:b7:c8:ae:6e: 243 bf:e0:8b:1e:d8:87:db:8f:97:1f:52:2e:87:05:73:3f:58:49: 244 d4:43:7a:44:57:7f:57:aa:97:4f:1a:98:0e:8f:cb:76:7f:a4: 245 6a:e7:73:65:e3:bf:f3:12:38:6d:11:1d:ec:b1:e4:1a:23:c0: 246 59:8c:7e:f7:6f:07:65:57:36:6b:3e:70:25:10:2f:c0:a3:15: 247 9c:05:b3:b2:b4:a6:20:cb:3d:15:5f:61:ed:20:af:34:2f:3a: 248 61:cc:f9:9b:e2:bf:98:df:ec:23:ab:4c:4c:f1:1a:cd:f3:84: 249 7a:01:6b:1b:c4:18:af:1f:10:89:6b:66:95:b4:da:25:ae:3f: 250 cb:e0:eb:55:6b:10:06:3b:c4:16:b8:58:59:23:e7:10:f7:8a: 251 8c:70:18:f7:0d:cf:72:25:15:f2:7f:6a:14:a5:18:40:7d:47: 252 6a:16:e7:68:77:cf:cd:24:80:0a:52:0e:2e:d6:d3:8b:24:be: 253 25:ab:85:a1:17:d0:2e:90:04:2d:c8:b5:cb:27:94:e4:4f:a1: 254 d4:6b:b1:92:20:bd:b7:5d:54:48:72:8f:3f:30:59:5c:33:e8: 255 16:90:dd:b8:9f:ca:d4:46:5c:ed:85:0f:82:a8:1f:c8:c7:1f: 256 65:b6:7c:96 257-----BEGIN CERTIFICATE----- 258MIIDpzCCAo+gAwIBAgIUJauRzcvUa9bWycMUVJyaKV8CrJMwDQYJKoZIhvcNAQEL 259BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw 260MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 261AoIBAQC6tWDjroDZjRui/OcxIPiK9eEQZUB0gEt0KGTczg+brMok5Q2s99zvtBCL 262lwS5gR64+hofbKY1nx9bGWFlOxDrXPr49omzKpgZbZLdwWmOvlIrBllX8ozQCEAd 263/HO+BqCH5nJvCfWrrsQ4/IULPCxisSVQMqWD7jwvhUhG8ezb2ardtSqiZIfQdadx 264T+hYUzHIrYkPpnZt3ngLISJdNR/UXHRBC91y/OSEMLx7tYKmhE1pUPOFffmhEPol 265AORTyw4M1iafHNQSL8ny/IAnXCNyKDDYgUALgGxa9wWcE9uYZkpSZU8U2lXrvVKB 266L7GOoJmLdop3UWT1Z/+YHfOOb+NrAgMBAAGjgfowgfcwHQYDVR0OBBYEFGCw6VRP 267WwZrk68cu36WJy0B3CSLMB8GA1UdIwQYMBaAFGCw6VRPWwZrk68cu36WJy0B3CSL 268MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh 269L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S 270b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSAB 271Af8ECTAHMAUGAyoDBDAYBgNVHSEBAf8EDjAMMAoGAyoDBAYDKgMFMA0GCSqGSIb3 272DQEBCwUAA4IBAQAd6ag+qi3ZEhFxqA2oW7fIrm6/4Ise2Ifbj5cfUi6HBXM/WEnU 273Q3pEV39XqpdPGpgOj8t2f6Rq53Nl47/zEjhtER3sseQaI8BZjH73bwdlVzZrPnAl 274EC/AoxWcBbOytKYgyz0VX2HtIK80LzphzPmb4r+Y3+wjq0xM8RrN84R6AWsbxBiv 275HxCJa2aVtNolrj/L4OtVaxAGO8QWuFhZI+cQ94qMcBj3Dc9yJRXyf2oUpRhAfUdq 276Fudod8/NJIAKUg4u1tOLJL4lq4WhF9AukAQtyLXLJ5TkT6HUa7GSIL23XVRIco8/ 277MFlcM+gWkN24n8rURlzthQ+CqB/Ixx9ltnyW 278-----END CERTIFICATE----- 279