1Includes extra certs 2 3$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) 4OCSP Response Data: 5 OCSP Response Status: successful (0x0) 6 Response Type: Basic OCSP Response 7 Version: 1 (0x0) 8 Responder Id: CN = Test Intermediate CA 9 Produced At: Mar 2 00:00:00 2017 GMT 10 Responses: 11 Certificate ID: 12 Hash Algorithm: sha1 13 Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A 14 Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 15 Serial Number: 04 16 Cert Status: good 17 This Update: Mar 1 00:00:00 2017 GMT 18 19 Signature Algorithm: sha1WithRSAEncryption 20 9b:ff:7a:5e:da:ef:06:69:21:2b:f1:e6:e5:d2:85:dc:70:7a: 21 74:ce:be:45:e8:e2:6e:ea:c8:cd:24:de:50:76:c1:4d:b1:7e: 22 15:4d:1c:47:ce:1c:55:7f:a2:20:fa:d3:ec:2b:df:db:b3:55: 23 9b:1e:0c:3c:a6:07:e7:4a:a1:d5:2f:01:84:77:a4:a1:02:0f: 24 73:1b:3f:48:74:af:8b:1b:a8:dc:a2:9c:c9:96:29:02:0a:98: 25 18:d0:48:a6:93:59:fd:ed:79:0c:84:f3:2f:f9:62:5a:f3:f9: 26 49:f3:ab:fc:0f:e9:46:64:f0:51:bd:5f:8f:ce:f4:ef:c2:4f: 27 1b:74 28Certificate: 29 Data: 30 Version: 3 (0x2) 31 Serial Number: 1 (0x1) 32 Signature Algorithm: sha1WithRSAEncryption 33 Issuer: CN=Test CA 34 Validity 35 Not Before: Jan 1 00:00:00 2017 GMT 36 Not After : Jan 1 00:00:00 2018 GMT 37 Subject: CN=Test Intermediate CA 38 Subject Public Key Info: 39 Public Key Algorithm: rsaEncryption 40 RSA Public-Key: (1024 bit) 41 Modulus: 42 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: 43 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: 44 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: 45 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: 46 c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: 47 a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: 48 ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: 49 e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: 50 34:7c:d0:c6:99:6f:79:98:f9 51 Exponent: 65537 (0x10001) 52 Signature Algorithm: sha1WithRSAEncryption 53 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: 54 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: 55 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: 56 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: 57 fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: 58 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: 59 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: 60 30:01 61~~~~~BEGIN CERTIFICATE~~~~~ 62MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0 63IENBMCIYDzIwMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNV 64BAMMFFRlc3QgSW50ZXJtZWRpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB 65iQKBgQDF+4GnG2phOBxq3t3bImFkeiKjOx3lklQXrTku/oH/Rgpw1oSl1b0F0/Kl 66mJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+8fkZgPNq1BAoUTgml+2t 67BpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQABMA0GCSqG 68SIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8D 69JyEQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh 709t5dzznmkiKFMR/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB 71~~~~~END CERTIFICATE~~~~~ 72Certificate: 73 Data: 74 Version: 3 (0x2) 75 Serial Number: 2 (0x2) 76 Signature Algorithm: sha1WithRSAEncryption 77 Issuer: CN=Test Intermediate CA 78 Validity 79 Not Before: Jan 1 00:00:00 2017 GMT 80 Not After : Jan 1 00:00:00 2018 GMT 81 Subject: CN=Test OCSP Signer 82 Subject Public Key Info: 83 Public Key Algorithm: rsaEncryption 84 RSA Public-Key: (1024 bit) 85 Modulus: 86 00:ae:c4:41:84:d9:d0:fd:63:70:db:d6:95:08:b6: 87 9c:99:5c:34:87:6b:c9:36:d0:21:14:27:60:0d:84: 88 66:8a:fc:9e:60:19:53:c2:db:39:82:d2:f8:ae:d9: 89 d5:9d:46:7a:e8:cd:c2:93:69:34:11:9b:59:c5:5b: 90 8b:8c:ba:48:21:99:9d:1e:3f:d3:f9:54:7a:c7:4b: 91 fb:31:2e:ca:75:8c:4f:7a:af:3b:cd:fd:cf:d4:92: 92 65:b6:06:80:58:c9:29:55:75:23:aa:ad:5b:ce:54: 93 3c:99:95:88:f2:47:f9:ec:14:dc:8c:58:04:df:1d: 94 d7:ef:13:3d:7a:66:f9:bc:e7 95 Exponent: 65537 (0x10001) 96 X509v3 extensions: 97 X509v3 Extended Key Usage: 98 OCSP Signing 99 Signature Algorithm: sha1WithRSAEncryption 100 10:11:34:a4:b3:90:09:21:00:b4:ee:30:16:06:6d:11:f6:f3: 101 f2:42:77:fe:d7:7a:95:4d:77:b4:b5:75:c0:6f:5a:9d:98:83: 102 34:f0:5b:66:8a:54:93:b8:3b:e8:35:bd:15:5f:6c:79:92:0d: 103 80:da:92:db:a5:c2:80:d9:04:b6:47:2b:fc:73:b3:a8:24:02: 104 20:aa:65:e0:d7:6e:6c:7c:a0:52:25:8c:5f:90:25:7f:5f:23: 105 19:14:a5:0a:ba:05:6a:c3:1b:ff:53:1e:ae:8f:64:12:cf:95: 106 c9:7b:f4:d8:33:ef:98:2e:69:79:be:9d:18:58:57:73:f1:f3: 107 c7:62 108~~~~~BEGIN CERTIFICATE~~~~~ 109MIIByzCCATSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0 110IEludGVybWVkaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAw 111MDAwWjAbMRkwFwYDVQQDDBBUZXN0IE9DU1AgU2lnbmVyMIGfMA0GCSqGSIb3DQEB 112AQUAA4GNADCBiQKBgQCuxEGE2dD9Y3Db1pUItpyZXDSHa8k20CEUJ2ANhGaK/J5g 113GVPC2zmC0viu2dWdRnrozcKTaTQRm1nFW4uMukghmZ0eP9P5VHrHS/sxLsp1jE96 114rzvN/c/UkmW2BoBYySlVdSOqrVvOVDyZlYjyR/nsFNyMWATfHdfvEz16Zvm85wID 115AQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOBgQAQ 116ETSks5AJIQC07jAWBm0R9vPyQnf+13qVTXe0tXXAb1qdmIM08FtmilSTuDvoNb0V 117X2x5kg2A2pLbpcKA2QS2Ryv8c7OoJAIgqmXg125sfKBSJYxfkCV/XyMZFKUKugVq 118wxv/Ux6uj2QSz5XJe/TYM++YLml5vp0YWFdz8fPHYg== 119~~~~~END CERTIFICATE~~~~~ 120-----BEGIN OCSP RESPONSE----- 121MIIEuwoBAKCCBLQwggSwBgkrBgEFBQcwAQEEggShMIIEnTCBhaEhMB8xHTAbBgNVBAMMFFRlc3Q 122gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowTzBNMDgwBwYFKw4DAhoEFESbHFsxxu 123mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM 124FowCwYJKoZIhvcNAQEFA4GBAJv/el7a7wZpISvx5uXShdxwenTOvkXo4m7qyM0k3lB2wU2xfhVN 125HEfOHFV/oiD60+wr39uzVZseDDymB+dKodUvAYR3pKECD3MbP0h0r4sbqNyinMmWKQIKmBjQSKa 126TWf3teQyE8y/5Ylrz+Unzq/wP6UZk8FG9X4/O9O/CTxt0oIIDgDCCA3wwggGpMIIBEqADAgECAg 127EBMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNzAxMDEwMDAwMDBaG 128A8yMDE4MDEwMTAwMDAwMFowHzEdMBsGA1UEAwwUVGVzdCBJbnRlcm1lZGlhdGUgQ0EwgZ8wDQYJ 129KoZIhvcNAQEBBQADgY0AMIGJAoGBAMX7gacbamE4HGre3dsiYWR6IqM7HeWSVBetOS7+gf9GCnD 130WhKXVvQXT8qWYkP3k/9jSz3zR8ngNSqGAyGpwdYQEwcJLrxeboikrp77x+RmA82rUEChROCaX7a 1310GloWnt3x4OJBE39cQ5FKiSSJsmHFR9bITan8INHzQxplveZj5AgMBAAEwDQYJKoZIhvcNAQEFB 132QADgYEAfWcPOU5847ryY7ntbuxh8opPHoLiS0QE+KWhWryMcpFtvwMnIRCeXIrPS4eD4MLXclXV 133QtPRK3azQoTg6DuAsl9V5+D2tiHG/ZG1ybr62Lpci+H23l3POeaSIoUxH8PtGdsKC/nvpzZN4VS 134vjsBZJUPlaUfE4AAeIevmtBOPMAEwggHLMIIBNKADAgECAgECMA0GCSqGSIb3DQEBBQUAMB8xHT 135AbBgNVBAMMFFRlc3QgSW50ZXJtZWRpYXRlIENBMCIYDzIwMTcwMTAxMDAwMDAwWhgPMjAxODAxM 136DEwMDAwMDBaMBsxGTAXBgNVBAMMEFRlc3QgT0NTUCBTaWduZXIwgZ8wDQYJKoZIhvcNAQEBBQAD 137gY0AMIGJAoGBAK7EQYTZ0P1jcNvWlQi2nJlcNIdryTbQIRQnYA2EZor8nmAZU8LbOYLS+K7Z1Z1 138GeujNwpNpNBGbWcVbi4y6SCGZnR4/0/lUesdL+zEuynWMT3qvO839z9SSZbYGgFjJKVV1I6qtW8 1395UPJmViPJH+ewU3IxYBN8d1+8TPXpm+bznAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMJM 140A0GCSqGSIb3DQEBBQUAA4GBABARNKSzkAkhALTuMBYGbRH28/JCd/7XepVNd7S1dcBvWp2YgzTw 141W2aKVJO4O+g1vRVfbHmSDYDaktulwoDZBLZHK/xzs6gkAiCqZeDXbmx8oFIljF+QJX9fIxkUpQq 1426BWrDG/9THq6PZBLPlcl79Ngz75guaXm+nRhYV3Px88di 143-----END OCSP RESPONSE----- 144 145$ openssl x509 -text < [CA CERTIFICATE] 146Certificate: 147 Data: 148 Version: 3 (0x2) 149 Serial Number: 1 (0x1) 150 Signature Algorithm: sha1WithRSAEncryption 151 Issuer: CN = Test CA 152 Validity 153 Not Before: Jan 1 00:00:00 2017 GMT 154 Not After : Jan 1 00:00:00 2018 GMT 155 Subject: CN = Test Intermediate CA 156 Subject Public Key Info: 157 Public Key Algorithm: rsaEncryption 158 RSA Public-Key: (1024 bit) 159 Modulus: 160 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: 161 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: 162 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: 163 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: 164 c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: 165 a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: 166 ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: 167 e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: 168 34:7c:d0:c6:99:6f:79:98:f9 169 Exponent: 65537 (0x10001) 170 Signature Algorithm: sha1WithRSAEncryption 171 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: 172 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: 173 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: 174 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: 175 fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: 176 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: 177 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: 178 30:01 179-----BEGIN CA CERTIFICATE----- 180MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI 181wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW 182RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO 183x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ 1848fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA 185BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy 186EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM 187R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB 188-----END CA CERTIFICATE----- 189 190$ openssl x509 -text < [CERTIFICATE] 191Certificate: 192 Data: 193 Version: 3 (0x2) 194 Serial Number: 4 (0x4) 195 Signature Algorithm: sha1WithRSAEncryption 196 Issuer: CN = Test Intermediate CA 197 Validity 198 Not Before: Jan 1 00:00:00 2017 GMT 199 Not After : Jan 1 00:00:00 2018 GMT 200 Subject: CN = Test Cert 201 Subject Public Key Info: 202 Public Key Algorithm: rsaEncryption 203 RSA Public-Key: (1024 bit) 204 Modulus: 205 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: 206 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: 207 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: 208 f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: 209 a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: 210 ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: 211 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: 212 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: 213 95:c1:35:46:9e:db:9b:ce:9b 214 Exponent: 65537 (0x10001) 215 Signature Algorithm: sha1WithRSAEncryption 216 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: 217 ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: 218 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: 219 a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: 220 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: 221 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: 222 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: 223 0a:53 224-----BEGIN CERTIFICATE----- 225MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV 226kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA 227lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu 228sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j 2297l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM 230BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 231yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL 232odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= 233-----END CERTIFICATE----- 234 235$ openssl asn1parse -i < [OCSP REQUEST] 236 0:d=0 hl=2 l= 66 cons: SEQUENCE 237 2:d=1 hl=2 l= 64 cons: SEQUENCE 238 4:d=2 hl=2 l= 62 cons: SEQUENCE 239 6:d=3 hl=2 l= 60 cons: SEQUENCE 240 8:d=4 hl=2 l= 58 cons: SEQUENCE 241 10:d=5 hl=2 l= 9 cons: SEQUENCE 242 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 243 19:d=6 hl=2 l= 0 prim: NULL 244 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A 245 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 246 65:d=5 hl=2 l= 1 prim: INTEGER :04 247-----BEGIN OCSP REQUEST----- 248MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ 249elK78+UBDGmYCAQQ= 250-----END OCSP REQUEST----- 251