1Certifcate chain: 2 3Target -> Intermediate2 -> Intermediate1 -> Root 4 5The root certificate has a pathlen=1 constraint on it, so when validating with 6trust anchor constraints enforced this should fail. 7 8Certificate: 9 Data: 10 Version: 3 (0x2) 11 Serial Number: 1 (0x1) 12 Signature Algorithm: sha256WithRSAEncryption 13 Issuer: CN=Intermediate2 14 Validity 15 Not Before: Jan 1 12:00:00 2015 GMT 16 Not After : Jan 1 12:00:00 2017 GMT 17 Subject: CN=Target 18 Subject Public Key Info: 19 Public Key Algorithm: rsaEncryption 20 Public-Key: (2048 bit) 21 Modulus: 22 00:cc:e7:c5:5e:00:e6:6e:62:c7:a5:ee:c5:6e:e0: 23 a1:1a:83:a7:fa:c8:90:ee:82:ef:94:b7:4c:b8:56: 24 2e:71:e1:03:67:dc:82:35:1e:b3:68:79:43:86:8f: 25 04:30:86:a7:4e:43:59:52:9f:e7:43:b8:8e:c1:70: 26 a4:59:d7:c0:c4:ae:da:70:dc:1a:52:a0:05:1c:c8: 27 1c:3d:1f:6e:c1:b2:ea:5e:e6:56:f2:4a:3c:01:19: 28 9a:19:fb:c1:fe:62:77:93:fb:4e:55:44:e3:4f:d6: 29 c4:bb:32:ef:aa:67:53:04:50:5c:db:06:3b:7e:37: 30 82:92:26:f2:47:38:c4:6a:9b:d8:42:32:44:1b:89: 31 84:ab:77:af:ec:27:c3:34:4e:d2:e5:8a:77:40:61: 32 76:fb:6d:78:3d:a4:d6:00:64:83:24:3b:fc:6b:83: 33 00:59:03:c1:9b:4f:5e:94:ac:f0:50:5e:e4:d1:e7: 34 60:c9:f3:74:6e:91:a2:47:47:6c:5a:a3:0b:83:3d: 35 50:a4:eb:1c:9e:83:7e:3c:f3:68:87:e8:d6:a6:30: 36 0d:01:a8:9d:96:de:a6:ff:7f:1a:36:5c:7b:b6:92: 37 73:ec:9d:f1:b6:5f:c5:3c:c8:2a:98:35:15:16:b5: 38 8d:78:ea:2c:3a:22:14:d4:4d:13:7c:70:81:8b:66: 39 6a:63 40 Exponent: 65537 (0x10001) 41 X509v3 extensions: 42 X509v3 Subject Key Identifier: 43 6C:44:41:6E:89:1C:49:B5:BF:47:3C:98:EA:28:86:E2:1A:17:64:09 44 X509v3 Authority Key Identifier: 45 keyid:BE:E8:01:F9:AD:F7:6E:8B:62:7E:59:3A:10:CC:60:78:95:62:9C:CA 46 47 Authority Information Access: 48 CA Issuers - URI:http://url-for-aia/Intermediate2.cer 49 50 X509v3 CRL Distribution Points: 51 52 Full Name: 53 URI:http://url-for-crl/Intermediate2.crl 54 55 X509v3 Key Usage: critical 56 Digital Signature, Key Encipherment 57 X509v3 Extended Key Usage: 58 TLS Web Server Authentication, TLS Web Client Authentication 59 Signature Algorithm: sha256WithRSAEncryption 60 48:66:26:79:cd:4f:a1:7b:ca:fc:49:27:60:c1:e0:17:6f:14: 61 13:ae:a0:be:44:d4:49:68:63:31:b1:11:f2:65:7d:2e:13:d9: 62 df:12:19:fd:ac:8b:03:b6:a3:84:4c:a1:0a:67:3a:35:80:a0: 63 c7:a1:0c:3b:c8:7a:4a:bc:b2:78:02:80:98:aa:46:ca:55:cd: 64 d1:5d:60:d8:80:b5:a3:f1:76:7a:0d:a1:9a:f0:4b:da:e1:24: 65 b7:f9:41:90:6b:fa:d5:ba:e5:31:5a:49:a7:9d:3d:b0:10:64: 66 fe:2f:f5:aa:88:09:75:dd:86:57:bb:29:a8:80:87:fb:5c:a9: 67 97:9b:7f:9b:f9:2b:c5:9d:1e:01:46:a7:f2:a1:42:f5:5d:c7: 68 95:fe:a3:85:5b:23:c1:a7:6b:1d:d5:ab:b0:09:44:14:2f:ea: 69 db:ca:02:4d:1c:05:b9:88:ce:1e:97:d8:aa:7e:54:5f:a5:fa: 70 ed:af:25:d0:a8:33:5e:b6:c7:71:0c:8d:6a:f0:d4:c7:e1:d9: 71 fe:9b:e9:f6:cc:cf:62:36:45:bc:10:53:27:3c:59:83:38:62: 72 6f:24:87:7e:a4:9b:c9:fc:4b:2a:6e:22:cc:3a:23:17:12:68: 73 16:fc:40:10:2c:fc:68:46:ff:3b:97:94:88:b3:70:05:1d:40: 74 f7:05:8c:cd 75-----BEGIN CERTIFICATE----- 76MIIDkDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1JbnRl 77cm1lZGlhdGUyMB4XDTE1MDEwMTEyMDAwMFoXDTE3MDEwMTEyMDAwMFowETEPMA0G 78A1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOfF 79XgDmbmLHpe7FbuChGoOn+siQ7oLvlLdMuFYuceEDZ9yCNR6zaHlDho8EMIanTkNZ 80Up/nQ7iOwXCkWdfAxK7acNwaUqAFHMgcPR9uwbLqXuZW8ko8ARmaGfvB/mJ3k/tO 81VUTjT9bEuzLvqmdTBFBc2wY7fjeCkibyRzjEapvYQjJEG4mEq3ev7CfDNE7S5Yp3 82QGF2+214PaTWAGSDJDv8a4MAWQPBm09elKzwUF7k0edgyfN0bpGiR0dsWqMLgz1Q 83pOscnoN+PPNoh+jWpjANAaidlt6m/38aNlx7tpJz7J3xtl/FPMgqmDUVFrWNeOos 84OiIU1E0TfHCBi2ZqYwIDAQABo4HrMIHoMB0GA1UdDgQWBBRsREFuiRxJtb9HPJjq 85KIbiGhdkCTAfBgNVHSMEGDAWgBS+6AH5rfdui2J+WToQzGB4lWKcyjBABggrBgEF 86BQcBAQQ0MDIwMAYIKwYBBQUHMAKGJGh0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1l 87ZGlhdGUyLmNlcjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vdXJsLWZvci1jcmwv 88SW50ZXJtZWRpYXRlMi5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG 89AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEASGYmec1PoXvK/Ekn 90YMHgF28UE66gvkTUSWhjMbER8mV9LhPZ3xIZ/ayLA7ajhEyhCmc6NYCgx6EMO8h6 91SryyeAKAmKpGylXN0V1g2IC1o/F2eg2hmvBL2uEkt/lBkGv61brlMVpJp509sBBk 92/i/1qogJdd2GV7spqICH+1ypl5t/m/krxZ0eAUan8qFC9V3Hlf6jhVsjwadrHdWr 93sAlEFC/q28oCTRwFuYjOHpfYqn5UX6X67a8l0KgzXrbHcQyNavDUx+HZ/pvp9szP 94YjZFvBBTJzxZgzhibySHfqSbyfxLKm4izDojFxJoFvxAECz8aEb/O5eUiLNwBR1A 959wWMzQ== 96-----END CERTIFICATE----- 97 98Certificate: 99 Data: 100 Version: 3 (0x2) 101 Serial Number: 1 (0x1) 102 Signature Algorithm: sha256WithRSAEncryption 103 Issuer: CN=Intermediate1 104 Validity 105 Not Before: Jan 1 12:00:00 2015 GMT 106 Not After : Jan 1 12:00:00 2017 GMT 107 Subject: CN=Intermediate2 108 Subject Public Key Info: 109 Public Key Algorithm: rsaEncryption 110 Public-Key: (2048 bit) 111 Modulus: 112 00:a7:ec:37:93:db:d9:5f:78:b7:a7:b7:41:3a:a0: 113 18:c6:33:52:72:15:ea:8e:71:4b:38:45:63:fe:5c: 114 82:2d:6d:ec:86:9d:42:b4:48:24:9f:48:90:a9:7d: 115 88:89:c8:52:09:57:34:84:65:7b:b5:81:68:cd:86: 116 a6:7a:b0:ae:d4:29:e4:62:6d:4a:f3:cf:a3:c7:12: 117 b4:5b:9d:9d:97:a1:49:f9:50:3f:a7:e9:bf:de:1f: 118 44:35:be:61:57:e0:fc:25:0c:ca:db:aa:6a:bf:c0: 119 9a:54:be:ad:08:d5:0b:9e:46:4c:b9:69:06:ba:dc: 120 b4:d5:21:19:c6:2a:ad:7c:63:27:a5:be:a7:85:79: 121 a3:7b:39:47:e0:90:4e:fc:2d:1a:58:55:9b:f2:34: 122 e7:c6:49:be:f7:b2:98:e5:29:46:60:66:28:67:24: 123 1b:86:57:f7:a3:03:dc:0c:c8:b1:44:42:e5:db:f4: 124 5c:34:e4:9b:06:56:43:16:0b:09:82:7c:b4:68:d8: 125 0d:cd:34:6c:24:97:16:0e:e1:15:e0:03:04:9a:c6: 126 c7:e1:8e:45:2b:0f:d5:90:fc:f0:8a:05:79:e5:5e: 127 ed:85:b0:fe:87:08:e7:6b:7c:d6:a0:37:7f:63:af: 128 08:19:dd:a9:59:02:78:2d:67:6b:95:d3:e2:f2:07: 129 58:e3 130 Exponent: 65537 (0x10001) 131 X509v3 extensions: 132 X509v3 Subject Key Identifier: 133 BE:E8:01:F9:AD:F7:6E:8B:62:7E:59:3A:10:CC:60:78:95:62:9C:CA 134 X509v3 Authority Key Identifier: 135 keyid:AC:1F:06:9D:6A:D6:77:47:85:F5:29:6A:85:DF:71:F7:AC:F7:83:93 136 137 Authority Information Access: 138 CA Issuers - URI:http://url-for-aia/Intermediate1.cer 139 140 X509v3 CRL Distribution Points: 141 142 Full Name: 143 URI:http://url-for-crl/Intermediate1.crl 144 145 X509v3 Key Usage: critical 146 Certificate Sign, CRL Sign 147 X509v3 Basic Constraints: critical 148 CA:TRUE 149 Signature Algorithm: sha256WithRSAEncryption 150 56:5b:1e:a3:6c:34:0f:79:dc:8c:ce:60:2d:46:9e:32:75:18: 151 06:6a:c4:3e:4d:90:a8:36:33:af:37:7f:16:2b:9f:55:8f:d5: 152 b7:93:2e:7a:62:85:df:52:c1:e2:19:df:21:7e:0d:eb:74:1f: 153 8e:dd:d2:9b:42:49:2b:bb:ca:bf:4a:65:f4:33:c7:29:fa:0a: 154 ce:16:95:28:77:85:eb:a3:50:f8:b0:a9:49:7a:00:15:06:92: 155 63:34:38:37:aa:7c:18:15:c8:61:ef:a6:e2:43:ad:41:bd:2d: 156 23:06:9c:6c:b6:ee:0c:2d:e2:b1:1f:ce:1a:39:83:db:ab:7b: 157 e2:cf:03:f4:bc:e1:8d:9e:22:50:bb:c3:82:04:a1:9b:1a:b6: 158 8f:28:dc:2b:f0:5c:3a:c6:99:5e:5c:b0:be:c0:ad:6a:56:ba: 159 1c:88:d1:d6:6a:76:d2:bd:ef:91:3c:f2:f3:ad:19:2f:1d:42: 160 fc:1a:c7:6a:a9:48:75:04:14:be:1d:d0:bb:4c:d8:7c:93:c4: 161 eb:25:58:02:0e:2f:66:a9:64:28:23:0c:a7:55:51:94:c8:e6: 162 65:15:58:e3:53:02:56:f8:13:fa:08:51:3d:a7:35:e2:15:a9: 163 59:0e:48:1f:9e:c7:dc:cc:a2:1f:db:c9:3d:46:b6:0e:5d:2e: 164 bc:85:5f:4d 165-----BEGIN CERTIFICATE----- 166MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1JbnRl 167cm1lZGlhdGUxMB4XDTE1MDEwMTEyMDAwMFoXDTE3MDEwMTEyMDAwMFowGDEWMBQG 168A1UEAwwNSW50ZXJtZWRpYXRlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC 169ggEBAKfsN5Pb2V94t6e3QTqgGMYzUnIV6o5xSzhFY/5cgi1t7IadQrRIJJ9IkKl9 170iInIUglXNIRle7WBaM2GpnqwrtQp5GJtSvPPo8cStFudnZehSflQP6fpv94fRDW+ 171YVfg/CUMytuqar/AmlS+rQjVC55GTLlpBrrctNUhGcYqrXxjJ6W+p4V5o3s5R+CQ 172TvwtGlhVm/I058ZJvveymOUpRmBmKGckG4ZX96MD3AzIsURC5dv0XDTkmwZWQxYL 173CYJ8tGjYDc00bCSXFg7hFeADBJrGx+GORSsP1ZD88IoFeeVe7YWw/ocI52t81qA3 174f2OvCBndqVkCeC1na5XT4vIHWOMCAwEAAaOB3TCB2jAdBgNVHQ4EFgQUvugB+a33 175botiflk6EMxgeJVinMowHwYDVR0jBBgwFoAUrB8GnWrWd0eF9Slqhd9x96z3g5Mw 176QAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vdXJsLWZvci1haWEv 177SW50ZXJtZWRpYXRlMS5jZXIwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL3VybC1m 178b3ItY3JsL0ludGVybWVkaWF0ZTEuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB 179Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBWWx6jbDQPedyMzmAtRp4ydRgG 180asQ+TZCoNjOvN38WK59Vj9W3ky56YoXfUsHiGd8hfg3rdB+O3dKbQkkru8q/SmX0 181M8cp+grOFpUod4Xro1D4sKlJegAVBpJjNDg3qnwYFchh76biQ61BvS0jBpxstu4M 182LeKxH84aOYPbq3vizwP0vOGNniJQu8OCBKGbGraPKNwr8Fw6xpleXLC+wK1qVroc 183iNHWanbSve+RPPLzrRkvHUL8GsdqqUh1BBS+HdC7TNh8k8TrJVgCDi9mqWQoIwyn 184VVGUyOZlFVjjUwJW+BP6CFE9pzXiFalZDkgfnsfczKIf28k9RrYOXS68hV9N 185-----END CERTIFICATE----- 186 187Certificate: 188 Data: 189 Version: 3 (0x2) 190 Serial Number: 2 (0x2) 191 Signature Algorithm: sha256WithRSAEncryption 192 Issuer: CN=Root 193 Validity 194 Not Before: Jan 1 12:00:00 2015 GMT 195 Not After : Jan 1 12:00:00 2017 GMT 196 Subject: CN=Intermediate1 197 Subject Public Key Info: 198 Public Key Algorithm: rsaEncryption 199 Public-Key: (2048 bit) 200 Modulus: 201 00:bd:dc:ee:4c:41:6f:ec:b0:20:19:e3:70:5f:b0: 202 25:ed:ac:de:06:06:25:0e:6d:e8:14:cf:cd:8a:93: 203 14:3d:27:d4:7f:a5:31:a0:5e:bb:7f:ce:f3:f4:3e: 204 04:60:04:05:45:4b:c7:28:c7:66:75:c0:0b:dd:37: 205 27:4b:43:c0:dc:20:76:34:e5:ac:8d:29:9c:62:fb: 206 43:9a:4c:c0:44:52:ca:e3:fa:6f:1d:85:39:a9:c0: 207 45:32:46:eb:97:4e:f4:81:0d:f2:0a:ea:36:4f:f3: 208 85:4d:bf:d6:76:97:ff:05:35:fa:19:fe:d4:f2:ed: 209 22:73:ad:10:5f:ce:7d:fe:a7:40:d0:dc:ef:39:65: 210 ce:6f:79:3d:18:96:a2:c9:5b:d4:85:2a:52:16:eb: 211 66:87:90:e6:82:0f:89:0b:56:9a:26:66:4a:03:39: 212 ef:28:ad:a8:fa:3f:e6:cb:27:fa:fc:6b:7d:cc:de: 213 5b:7d:7f:01:c7:75:0e:4b:a8:88:fa:80:61:c9:8c: 214 84:43:4b:c1:73:17:be:23:ed:ee:a7:9f:68:cb:10: 215 3d:bd:a1:d4:c0:f3:71:ef:40:5e:82:29:a7:e7:97: 216 57:20:b7:b9:d8:0d:f2:f4:31:99:37:0d:76:4f:6e: 217 e4:10:e1:c5:20:20:86:30:2c:fb:2d:86:cf:22:64: 218 b6:17 219 Exponent: 65537 (0x10001) 220 X509v3 extensions: 221 X509v3 Subject Key Identifier: 222 AC:1F:06:9D:6A:D6:77:47:85:F5:29:6A:85:DF:71:F7:AC:F7:83:93 223 X509v3 Authority Key Identifier: 224 keyid:0A:DF:C7:0D:59:04:C9:15:E8:1C:79:ED:96:12:22:7C:E6:0D:36:3E 225 226 Authority Information Access: 227 CA Issuers - URI:http://url-for-aia/Root.cer 228 229 X509v3 CRL Distribution Points: 230 231 Full Name: 232 URI:http://url-for-crl/Root.crl 233 234 X509v3 Key Usage: critical 235 Certificate Sign, CRL Sign 236 X509v3 Basic Constraints: critical 237 CA:TRUE 238 Signature Algorithm: sha256WithRSAEncryption 239 76:78:87:7e:d8:e4:50:5f:9d:c0:92:51:2a:2e:8c:f5:65:97: 240 00:52:31:7f:30:8a:33:d1:37:49:1d:57:c3:60:a1:46:48:bc: 241 95:51:a8:ef:4c:55:5b:8b:e5:b1:84:57:72:ad:e8:aa:30:1d: 242 2c:f5:cb:e6:b4:88:1b:af:72:1b:37:72:94:16:73:8f:ad:d2: 243 04:58:68:bc:ac:cc:01:5d:a6:e1:78:c7:b8:7c:38:fb:68:3d: 244 58:04:77:e7:35:37:1f:30:c5:72:63:d0:2f:0f:ac:46:ad:33: 245 01:58:a7:23:a7:a5:fe:c0:e2:2b:61:fc:9a:f0:ab:a7:97:9d: 246 d2:e6:b1:db:52:1e:c3:0c:bf:6a:e0:3c:4b:97:73:c6:84:84: 247 56:d4:03:35:a0:a5:e5:16:91:02:51:5d:c9:87:13:47:63:92: 248 c0:ac:f0:2b:43:26:f8:f3:32:c7:a7:39:7c:84:1b:53:15:10: 249 7a:94:14:e0:b6:7b:98:74:9c:55:88:6b:0d:64:02:8b:a7:17: 250 4a:76:3f:1d:26:c6:4a:20:03:3a:69:e4:fb:cf:65:95:46:68: 251 73:66:47:9f:50:86:26:e6:1a:db:eb:45:04:07:7a:79:4d:be: 252 93:43:30:0d:5f:19:02:71:f2:d4:bc:e0:2e:51:ad:0c:af:59: 253 ae:47:c9:a7 254-----BEGIN CERTIFICATE----- 255MIIDbjCCAlagAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 256MB4XDTE1MDEwMTEyMDAwMFoXDTE3MDEwMTEyMDAwMFowGDEWMBQGA1UEAwwNSW50 257ZXJtZWRpYXRlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3c7kxB 258b+ywIBnjcF+wJe2s3gYGJQ5t6BTPzYqTFD0n1H+lMaBeu3/O8/Q+BGAEBUVLxyjH 259ZnXAC903J0tDwNwgdjTlrI0pnGL7Q5pMwERSyuP6bx2FOanARTJG65dO9IEN8grq 260Nk/zhU2/1naX/wU1+hn+1PLtInOtEF/Off6nQNDc7zllzm95PRiWoslb1IUqUhbr 261ZoeQ5oIPiQtWmiZmSgM57yitqPo/5ssn+vxrfczeW31/Acd1DkuoiPqAYcmMhENL 262wXMXviPt7qefaMsQPb2h1MDzce9AXoIpp+eXVyC3udgN8vQxmTcNdk9u5BDhxSAg 263hjAs+y2GzyJkthcCAwEAAaOByzCByDAdBgNVHQ4EFgQUrB8GnWrWd0eF9Slqhd9x 26496z3g5MwHwYDVR0jBBgwFoAUCt/HDVkEyRXoHHntlhIifOYNNj4wNwYIKwYBBQUH 265AQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIw 266LAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4G 267A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB 268AQB2eId+2ORQX53AklEqLoz1ZZcAUjF/MIoz0TdJHVfDYKFGSLyVUajvTFVbi+Wx 269hFdyreiqMB0s9cvmtIgbr3IbN3KUFnOPrdIEWGi8rMwBXabheMe4fDj7aD1YBHfn 270NTcfMMVyY9AvD6xGrTMBWKcjp6X+wOIrYfya8Kunl53S5rHbUh7DDL9q4DxLl3PG 271hIRW1AM1oKXlFpECUV3JhxNHY5LArPArQyb48zLHpzl8hBtTFRB6lBTgtnuYdJxV 272iGsNZAKLpxdKdj8dJsZKIAM6aeT7z2WVRmhzZkefUIYm5hrb60UEB3p5Tb6TQzAN 273XxkCcfLUvOAuUa0Mr1muR8mn 274-----END CERTIFICATE----- 275 276Certificate: 277 Data: 278 Version: 3 (0x2) 279 Serial Number: 1 (0x1) 280 Signature Algorithm: sha256WithRSAEncryption 281 Issuer: CN=Root 282 Validity 283 Not Before: Jan 1 12:00:00 2015 GMT 284 Not After : Jan 1 12:00:00 2017 GMT 285 Subject: CN=Root 286 Subject Public Key Info: 287 Public Key Algorithm: rsaEncryption 288 Public-Key: (2048 bit) 289 Modulus: 290 00:98:39:31:20:2b:a7:f7:a5:ff:43:cd:c0:09:56: 291 e2:85:b2:3e:ff:64:7a:12:b4:d5:8e:a5:6c:fb:b5: 292 31:1e:18:cb:c6:97:fe:c8:43:b1:f3:a9:68:14:f7: 293 29:1b:69:ea:39:a0:f1:b9:fd:a4:71:9f:0e:cf:67: 294 0e:af:2a:16:66:e9:d1:eb:b5:d4:27:d4:b8:9c:10: 295 70:ea:cb:00:3a:d2:d7:20:7d:b6:e6:29:4b:a7:21: 296 ba:e8:d7:42:55:83:0a:a5:9f:e3:bc:da:eb:4f:0b: 297 87:7f:4a:3a:97:8f:de:e5:44:a1:fd:ef:e5:4c:08: 298 67:b5:04:93:79:f6:6e:d1:ac:98:f1:e8:4c:c4:dd: 299 5c:9b:f4:c2:18:4e:0b:ab:7d:51:d9:57:a8:e0:5e: 300 c7:4d:14:17:33:7f:b2:f5:7d:a6:90:eb:e1:3c:55: 301 b1:d4:4c:a3:5f:2b:19:f3:91:0d:8e:0c:08:ea:18: 302 62:38:59:01:7e:e4:ed:11:1a:67:b0:72:79:39:4f: 303 e3:67:4d:f4:d1:af:b1:4d:b4:f8:0d:b2:c9:7d:96: 304 83:f9:5c:7f:69:99:a6:44:0d:c5:b2:74:47:ca:18: 305 58:10:95:bf:33:f3:34:9f:25:83:67:c2:d6:61:1a: 306 7a:7e:a6:95:f6:a3:80:7f:f5:5d:c5:4d:a0:72:af: 307 a3:6d 308 Exponent: 65537 (0x10001) 309 X509v3 extensions: 310 X509v3 Subject Key Identifier: 311 0A:DF:C7:0D:59:04:C9:15:E8:1C:79:ED:96:12:22:7C:E6:0D:36:3E 312 X509v3 Authority Key Identifier: 313 keyid:0A:DF:C7:0D:59:04:C9:15:E8:1C:79:ED:96:12:22:7C:E6:0D:36:3E 314 315 Authority Information Access: 316 CA Issuers - URI:http://url-for-aia/Root.cer 317 318 X509v3 CRL Distribution Points: 319 320 Full Name: 321 URI:http://url-for-crl/Root.crl 322 323 X509v3 Key Usage: critical 324 Certificate Sign, CRL Sign 325 X509v3 Basic Constraints: critical 326 CA:TRUE, pathlen:1 327 Signature Algorithm: sha256WithRSAEncryption 328 1e:01:f0:29:f0:53:fd:49:52:f0:72:79:4d:e9:ec:7d:04:47: 329 32:b2:f7:ef:a0:80:15:8c:5f:77:cf:89:49:dc:f9:65:fe:c5: 330 3b:03:c5:c2:a9:6f:d0:cd:cd:4b:89:6b:74:8b:1a:a5:88:d3: 331 aa:84:ed:2a:76:8f:60:b4:e4:5d:6f:b2:f4:09:94:6d:ff:c4: 332 a7:83:bc:f2:8a:95:ff:68:7b:8b:a4:9c:af:35:49:0c:5f:f4: 333 ac:a4:a8:ab:12:49:02:c5:4d:d2:a3:cc:c0:d8:c7:59:09:40: 334 d8:0e:2f:e1:f4:a6:77:df:85:51:db:51:fe:1e:75:a5:fd:6a: 335 5a:cb:7d:42:5c:0c:0a:3d:5f:88:0c:ef:46:68:24:bd:e1:4f: 336 bf:3c:92:cf:89:8c:12:d8:14:5f:ab:4c:36:27:a7:87:cb:c9: 337 25:8d:e6:ff:c8:e7:22:23:3e:15:78:ca:19:ad:d8:ce:72:4a: 338 2a:8d:ce:94:87:bb:60:58:0a:da:a9:f9:f8:d2:64:c5:fd:41: 339 8f:33:ff:6e:8c:86:db:b8:45:7c:f8:f1:9c:4d:7f:dc:ec:5c: 340 71:e7:29:10:7f:84:2f:30:b1:a6:75:fe:ea:7f:b0:15:4a:e4: 341 1a:ce:47:a9:6e:c0:e8:00:bf:e0:0e:bb:4f:3a:08:cd:d7:cc: 342 83:3b:b0:6b 343-----BEGIN CERTIFICATE----- 344MIIDaDCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 345MB4XDTE1MDEwMTEyMDAwMFoXDTE3MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v 346dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJg5MSArp/el/0PNwAlW 3474oWyPv9kehK01Y6lbPu1MR4Yy8aX/shDsfOpaBT3KRtp6jmg8bn9pHGfDs9nDq8q 348Fmbp0eu11CfUuJwQcOrLADrS1yB9tuYpS6chuujXQlWDCqWf47za608Lh39KOpeP 3493uVEof3v5UwIZ7UEk3n2btGsmPHoTMTdXJv0whhOC6t9UdlXqOBex00UFzN/svV9 350ppDr4TxVsdRMo18rGfORDY4MCOoYYjhZAX7k7REaZ7ByeTlP42dN9NGvsU20+A2y 351yX2Wg/lcf2mZpkQNxbJ0R8oYWBCVvzPzNJ8lg2fC1mEaen6mlfajgH/1XcVNoHKv 352o20CAwEAAaOBzjCByzAdBgNVHQ4EFgQUCt/HDVkEyRXoHHntlhIifOYNNj4wHwYD 353VR0jBBgwFoAUCt/HDVkEyRXoHHntlhIifOYNNj4wNwYIKwYBBQUHAQEEKzApMCcG 354CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw 355IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE 356AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAeAfAp 3578FP9SVLwcnlN6ex9BEcysvfvoIAVjF93z4lJ3Pll/sU7A8XCqW/Qzc1LiWt0ixql 358iNOqhO0qdo9gtORdb7L0CZRt/8Sng7zyipX/aHuLpJyvNUkMX/SspKirEkkCxU3S 359o8zA2MdZCUDYDi/h9KZ334VR21H+HnWl/Wpay31CXAwKPV+IDO9GaCS94U+/PJLP 360iYwS2BRfq0w2J6eHy8kljeb/yOciIz4VeMoZrdjOckoqjc6Uh7tgWAraqfn40mTF 361/UGPM/9ujIbbuEV8+PGcTX/c7Fxx5ykQf4QvMLGmdf7qf7AVSuQazkepbsDoAL/g 362DrtPOgjN18yDO7Br 363-----END CERTIFICATE----- 364 365Target's private key. 366 367-----BEGIN RSA PRIVATE KEY----- 368MIIEowIBAAKCAQEAzOfFXgDmbmLHpe7FbuChGoOn+siQ7oLvlLdMuFYuceEDZ9yC 369NR6zaHlDho8EMIanTkNZUp/nQ7iOwXCkWdfAxK7acNwaUqAFHMgcPR9uwbLqXuZW 3708ko8ARmaGfvB/mJ3k/tOVUTjT9bEuzLvqmdTBFBc2wY7fjeCkibyRzjEapvYQjJE 371G4mEq3ev7CfDNE7S5Yp3QGF2+214PaTWAGSDJDv8a4MAWQPBm09elKzwUF7k0edg 372yfN0bpGiR0dsWqMLgz1QpOscnoN+PPNoh+jWpjANAaidlt6m/38aNlx7tpJz7J3x 373tl/FPMgqmDUVFrWNeOosOiIU1E0TfHCBi2ZqYwIDAQABAoIBAQCy/g+x8zVX3iAq 374+i4rkjwJLlLxxnycbXKdxZVWPapqvjW8Z6qyfnQYYj2zcIEnZqkFu91uSNK7nJ/P 375qPdYqBjzdw7Ioey4mqJ8pu3MEwYsXH9RkQMIugI6r8OmyP6Imjl84n1mDTxIRQMr 376x+4GPCYP0aebiJE1y4Xa5/yibJtfx913N+mCbDyS9vOzuh5lOcsdMvfx2UvhuR+z 377/fTDCcrzOgyTA4GC5zojUbgNqSJ/bxZ7EudQhkPVrP7MI7vxiL+JdRV8m30txxRn 378jkiqh1nrHbyQ97p653CpgkxErlCDERq65dj1Y1OexSk5fCKVUq4jtLNCwe47BcJx 379KMXZhd1ZAoGBAOYbgmYNxDpRHJ7YN+tIOcLtlh9NZ1ONcLgwiDsrQmEag3IqsYwX 380G4AREhXyWlscMCSR5q2HyHIk6r3et4eoV6R+sIIl2HxiSzyJpXn0L6V2/P86d5wm 381PP8MoFkMGWvUiQoNEmM1Jo80mcU29wLYGI50u8iRcRR47f9yyAe4ngLnAoGBAOP2 382ScQ0thh71Twg2PPJyuAd9F2CHWz9KXcZd/L/GifPk09DKBGItpWR0vMceZoke/7S 383WubIrIjPV8ks263ivgQdzIUCi44NWKc7WkXXzgvNqzpAGs5e0jGZ4Q732rtqWWCX 384CLctogFS3AgrQjGhHVPFZjthXxtaTX5VsHnG/yklAoGADULum/UVJws/rAPoDR5H 385fe11Zm5ukwkmwubBIy/WDoSZqL2/J8S5KANT2IH0JSYVvDXQZpXZvoJUKQcp6p6Q 386FoHaqFWICXscvOtt5v5ktJOL9yWmeRBXGZffseIZoPZJw5OHSMJqa3xrlEsbp0VO 387/P7LR77iFnz1snAqCQ/hw2cCgYBtfgBUY1ULUX9MECLkhYoSN5EF0Nc9YCOodu0s 388I+d2M7d3nLQEJ/w6vv3pk0W9CcUc0gCjVMO6OozZrdgeHwhRhdaUFHLfWf245UMo 389xMzM0o5pvhyh/t1KwbRdsiK3Xg9r219uTFbB+ACDU/PJTq99axT9dHlv8+HAynun 390IjOwmQKBgCDlcopCoJ0l9A4wvBhQVu6QRw4mgN22cHl+tYb4Ik4ql9prRJ0nxVDi 391DFpyxj5O6SG/DloXzIX6nzZ4dgNVE90EuTHQ311SgZ85Q30Fif6TDGDhwnXLLgyt 392O+MJ2bV2eCVsW85gMA9swzoJ1bjXMukCBtVSnOVWkRVwc5Xoy8hy 393-----END RSA PRIVATE KEY----- 394