1[Created by: generate-chains.py]
2
3Certificate chain where the intermediate has a smaller validity range
4than the other certificates, making it easy to violate just its validity.
5
6  Root:          2015/01/01 -> 2016/01/01
7  Intermediate:  2015/03/01 -> 2015/09/01
8  Target:        2015/01/01 -> 2016/01/01
9
10
11Certificate:
12    Data:
13        Version: 3 (0x2)
14        Serial Number:
15            73:60:af:38:91:cf:45:20:b2:11:f8:2c:36:b2:3d:e8:ed:26:6b:7c
16        Signature Algorithm: sha256WithRSAEncryption
17        Issuer: CN=Intermediate
18        Validity
19            Not Before: Jan  1 12:00:00 2015 GMT
20            Not After : Jan  1 12:00:00 2016 GMT
21        Subject: CN=Target
22        Subject Public Key Info:
23            Public Key Algorithm: rsaEncryption
24                RSA Public-Key: (2048 bit)
25                Modulus:
26                    00:e5:5d:52:78:e5:9d:90:f8:e6:89:33:f2:76:2f:
27                    04:9f:a8:f1:db:92:f1:b3:43:19:a3:7c:1f:a1:46:
28                    2f:aa:b4:48:fe:f2:35:cd:2d:61:76:e7:5c:52:c9:
29                    7b:d6:90:3a:91:11:44:a8:bd:39:d4:5d:10:e0:17:
30                    71:03:b9:e2:a5:fb:08:15:d2:50:dd:4d:67:ed:9c:
31                    a9:9b:3e:bd:3a:91:57:49:53:73:8b:2b:3e:c0:e4:
32                    aa:c9:c2:68:31:82:b4:0e:40:a9:e7:d1:c4:f6:5b:
33                    48:3d:88:74:1f:43:2e:f8:b3:66:d8:41:b4:0b:6a:
34                    21:38:05:65:05:99:8f:84:75:07:57:3a:1b:7b:2d:
35                    21:0a:fc:7a:22:d9:d3:89:43:0c:1a:18:f9:92:d9:
36                    42:0f:86:d8:28:d2:b4:ca:28:9a:85:29:1b:0a:d7:
37                    01:3b:bd:cb:83:36:a0:d3:d3:4c:5a:54:06:a0:a0:
38                    c6:51:12:33:00:5f:85:2e:0a:b5:63:2e:e0:f3:95:
39                    03:f9:d8:17:24:19:85:a1:23:cc:45:ea:2f:2e:89:
40                    3c:05:52:f0:69:95:0e:fc:71:1a:8f:2c:90:54:6f:
41                    14:46:33:99:bd:8b:a7:5e:0b:ad:ad:00:4f:78:8b:
42                    69:36:a5:38:43:63:f4:6f:f1:a8:f6:21:22:38:56:
43                    9f:7b
44                Exponent: 65537 (0x10001)
45        X509v3 extensions:
46            X509v3 Subject Key Identifier:
47                6E:07:CA:2E:D6:33:0C:B0:73:89:52:A6:81:9F:EA:5A:7D:58:36:E5
48            X509v3 Authority Key Identifier:
49                keyid:72:43:36:2F:89:32:3C:1F:45:05:00:D1:48:B6:8F:03:7A:01:52:38
50
51            Authority Information Access:
52                CA Issuers - URI:http://url-for-aia/Intermediate.cer
53
54            X509v3 CRL Distribution Points:
55
56                Full Name:
57                  URI:http://url-for-crl/Intermediate.crl
58
59            X509v3 Key Usage: critical
60                Digital Signature, Key Encipherment
61            X509v3 Extended Key Usage:
62                TLS Web Server Authentication, TLS Web Client Authentication
63    Signature Algorithm: sha256WithRSAEncryption
64         14:34:ce:62:08:64:36:8e:3c:83:a8:5a:e9:42:34:8a:bf:29:
65         c6:98:10:f5:11:cb:e6:dd:09:a9:61:77:ef:62:d3:35:ba:3d:
66         7b:f1:77:1a:c0:c2:05:b8:05:6a:f0:2d:82:a4:a5:58:ae:e4:
67         bc:86:d4:19:68:9b:61:1a:2b:3b:d8:f1:c4:fa:ce:75:ea:0e:
68         f8:79:00:0d:1c:42:28:de:2b:fb:d6:2c:55:25:d1:f9:91:ce:
69         fd:3b:8e:20:03:c1:46:a8:3f:06:c2:f6:31:70:f4:0e:ac:e5:
70         d3:7e:35:2a:33:b7:85:49:b5:90:34:86:fb:91:f8:a2:f9:96:
71         cb:6e:0b:22:7f:0e:10:d1:6b:ef:f8:50:51:6e:1b:4a:cd:ea:
72         a2:13:6c:f6:31:3e:fb:53:7a:33:b4:1b:22:83:c7:0a:b1:e4:
73         ab:7e:46:38:31:4e:59:c7:63:6a:61:a4:b1:b6:9d:76:10:b6:
74         70:fa:4b:1c:a8:41:9e:7f:1b:c0:1c:c5:c3:77:94:3d:36:b8:
75         2e:38:7a:cb:ac:10:91:ac:13:33:93:77:ca:ec:96:e1:45:ee:
76         40:45:0a:11:af:b7:59:be:86:ba:1a:fd:03:ec:4b:5e:7f:0f:
77         24:9f:8e:5a:a4:6e:11:da:68:56:b5:af:51:87:99:52:e7:09:
78         48:6e:ee:61
79-----BEGIN CERTIFICATE-----
80MIIDoDCCAoigAwIBAgIUc2CvOJHPRSCyEfgsNrI96O0ma3wwDQYJKoZIhvcNAQEL
81BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE2
82MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
83AAOCAQ8AMIIBCgKCAQEA5V1SeOWdkPjmiTPydi8En6jx25Lxs0MZo3wfoUYvqrRI
84/vI1zS1hdudcUsl71pA6kRFEqL051F0Q4BdxA7nipfsIFdJQ3U1n7Zypmz69OpFX
85SVNziys+wOSqycJoMYK0DkCp59HE9ltIPYh0H0Mu+LNm2EG0C2ohOAVlBZmPhHUH
86Vzobey0hCvx6ItnTiUMMGhj5ktlCD4bYKNK0yiiahSkbCtcBO73Lgzag09NMWlQG
87oKDGURIzAF+FLgq1Yy7g85UD+dgXJBmFoSPMReovLok8BVLwaZUO/HEajyyQVG8U
88RjOZvYunXgutrQBPeItpNqU4Q2P0b/Go9iEiOFafewIDAQABo4HpMIHmMB0GA1Ud
89DgQWBBRuB8ou1jMMsHOJUqaBn+pafVg25TAfBgNVHSMEGDAWgBRyQzYviTI8H0UF
90ANFIto8DegFSODA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
91cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
92dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
93oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD
94ggEBABQ0zmIIZDaOPIOoWulCNIq/KcaYEPURy+bdCalhd+9i0zW6PXvxdxrAwgW4
95BWrwLYKkpViu5LyG1Blom2EaKzvY8cT6znXqDvh5AA0cQijeK/vWLFUl0fmRzv07
96jiADwUaoPwbC9jFw9A6s5dN+NSozt4VJtZA0hvuR+KL5lstuCyJ/DhDRa+/4UFFu
97G0rN6qITbPYxPvtTejO0GyKDxwqx5Kt+RjgxTlnHY2phpLG2nXYQtnD6SxyoQZ5/
98G8AcxcN3lD02uC44esusEJGsEzOTd8rsluFF7kBFChGvt1m+hroa/QPsS15/DySf
99jlqkbhHaaFa1r1GHmVLnCUhu7mE=
100-----END CERTIFICATE-----
101
102Certificate:
103    Data:
104        Version: 3 (0x2)
105        Serial Number:
106            38:57:36:7e:2c:71:3a:58:d9:58:83:7f:8c:1f:66:21:38:9d:41:83
107        Signature Algorithm: sha256WithRSAEncryption
108        Issuer: CN=Root
109        Validity
110            Not Before: Mar  1 12:00:00 2015 GMT
111            Not After : Sep  1 12:00:00 2015 GMT
112        Subject: CN=Intermediate
113        Subject Public Key Info:
114            Public Key Algorithm: rsaEncryption
115                RSA Public-Key: (2048 bit)
116                Modulus:
117                    00:c2:f3:7c:09:dc:05:78:96:43:d9:a5:90:a3:1d:
118                    a4:d8:2e:f6:2d:c4:4e:8d:ee:37:1d:30:28:44:f6:
119                    50:f9:99:12:c4:b6:be:44:0f:07:48:22:67:d1:60:
120                    42:60:2a:27:62:15:d2:d1:2e:9a:16:02:4e:fb:44:
121                    37:8c:ba:7a:7d:72:af:55:cf:d6:f5:7c:1f:b3:dd:
122                    fa:b8:57:e4:78:72:72:90:f5:85:cb:c3:7e:8d:1f:
123                    89:1f:50:43:ff:53:e4:a7:ff:65:b7:af:da:bd:b1:
124                    80:77:0d:d5:a2:e3:59:35:97:d0:fc:39:26:b5:9a:
125                    af:3c:7c:ac:5a:05:af:ca:98:40:3f:20:1c:ae:3c:
126                    b2:35:e7:52:ff:01:aa:83:1a:67:aa:77:83:67:2e:
127                    95:6e:79:49:e8:28:dd:74:82:b2:c0:17:81:9e:f7:
128                    2a:1d:c2:14:7c:2a:10:b4:16:19:e1:59:10:48:36:
129                    35:c8:f9:bc:35:36:91:2d:c9:81:a4:18:b4:2f:ff:
130                    79:6d:32:ca:23:52:c0:d3:39:2c:7e:c2:a1:99:53:
131                    9d:ee:1e:50:4b:5d:af:f3:ca:df:39:6b:dc:54:24:
132                    0c:14:7b:3e:f7:f8:5e:b8:af:ea:67:68:4b:08:1f:
133                    25:5b:14:ff:31:e7:7d:50:c7:15:b2:53:2a:a3:5a:
134                    a5:c3
135                Exponent: 65537 (0x10001)
136        X509v3 extensions:
137            X509v3 Subject Key Identifier:
138                72:43:36:2F:89:32:3C:1F:45:05:00:D1:48:B6:8F:03:7A:01:52:38
139            X509v3 Authority Key Identifier:
140                keyid:5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F
141
142            Authority Information Access:
143                CA Issuers - URI:http://url-for-aia/Root.cer
144
145            X509v3 CRL Distribution Points:
146
147                Full Name:
148                  URI:http://url-for-crl/Root.crl
149
150            X509v3 Key Usage: critical
151                Certificate Sign, CRL Sign
152            X509v3 Basic Constraints: critical
153                CA:TRUE
154    Signature Algorithm: sha256WithRSAEncryption
155         b0:33:01:a0:4a:ee:23:13:a3:e6:93:bc:54:f6:18:0d:e9:1f:
156         71:f9:0d:3a:c0:8a:63:9b:66:d0:35:34:97:38:a9:32:fa:ef:
157         b0:c5:6b:b5:ea:6c:2e:db:bb:2d:2d:d1:5b:74:71:e3:17:a5:
158         ef:a3:4d:64:8f:98:b4:f4:e0:9e:3e:ad:f2:ac:a7:5d:1a:b4:
159         09:68:54:4b:ef:c7:a1:3a:8f:3e:5f:13:21:04:f9:ed:8d:31:
160         43:f2:1f:f2:87:d4:22:c9:70:9d:f4:a6:0c:ad:f5:27:49:59:
161         e9:95:41:d9:58:38:4c:c4:f9:6a:77:e0:15:a6:4c:6b:17:1e:
162         25:b3:10:c3:0b:cd:47:d0:db:86:62:7b:50:e4:d5:54:e7:d3:
163         89:82:8e:f2:c7:a5:57:00:7d:b3:1d:b4:ed:c7:4c:50:dd:a3:
164         56:74:cc:15:30:fc:a9:c9:39:18:39:75:3a:ec:1f:28:1e:e3:
165         ba:01:de:98:e8:e9:fe:8b:16:99:c7:67:93:c9:c2:40:48:0f:
166         c6:e2:ba:51:0b:03:18:21:41:56:cc:ea:40:0e:b5:9d:8e:d6:
167         f8:01:df:0d:97:f2:8b:cc:54:e5:eb:46:59:19:4d:a3:f3:3a:
168         ce:3e:c7:f5:46:77:d7:41:c7:1b:4d:fd:58:27:4d:c7:32:ed:
169         33:88:44:b3
170-----BEGIN CERTIFICATE-----
171MIIDgDCCAmigAwIBAgIUOFc2fixxOljZWIN/jB9mITidQYMwDQYJKoZIhvcNAQEL
172BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAzMDExMjAwMDBaFw0xNTA5MDExMjAw
173MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
174ggEPADCCAQoCggEBAMLzfAncBXiWQ9mlkKMdpNgu9i3ETo3uNx0wKET2UPmZEsS2
175vkQPB0giZ9FgQmAqJ2IV0tEumhYCTvtEN4y6en1yr1XP1vV8H7Pd+rhX5HhycpD1
176hcvDfo0fiR9QQ/9T5Kf/Zbev2r2xgHcN1aLjWTWX0Pw5JrWarzx8rFoFr8qYQD8g
177HK48sjXnUv8BqoMaZ6p3g2culW55Sego3XSCssAXgZ73Kh3CFHwqELQWGeFZEEg2
178Ncj5vDU2kS3JgaQYtC//eW0yyiNSwNM5LH7CoZlTne4eUEtdr/PK3zlr3FQkDBR7
179Pvf4Xriv6mdoSwgfJVsU/zHnfVDHFbJTKqNapcMCAwEAAaOByzCByDAdBgNVHQ4E
180FgQUckM2L4kyPB9FBQDRSLaPA3oBUjgwHwYDVR0jBBgwFoAUWivrfHsUq387WOzs
181IV6l6+H0T18wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
182LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
183b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
184MA0GCSqGSIb3DQEBCwUAA4IBAQCwMwGgSu4jE6Pmk7xU9hgN6R9x+Q06wIpjm2bQ
185NTSXOKky+u+wxWu16mwu27stLdFbdHHjF6Xvo01kj5i09OCePq3yrKddGrQJaFRL
18678ehOo8+XxMhBPntjTFD8h/yh9QiyXCd9KYMrfUnSVnplUHZWDhMxPlqd+AVpkxr
187Fx4lsxDDC81H0NuGYntQ5NVU59OJgo7yx6VXAH2zHbTtx0xQ3aNWdMwVMPypyTkY
188OXU67B8oHuO6Ad6Y6On+ixaZx2eTycJASA/G4rpRCwMYIUFWzOpADrWdjtb4Ad8N
189l/KLzFTl60ZZGU2j8zrOPsf1RnfXQccbTf1YJ03HMu0ziESz
190-----END CERTIFICATE-----
191
192Certificate:
193    Data:
194        Version: 3 (0x2)
195        Serial Number:
196            38:57:36:7e:2c:71:3a:58:d9:58:83:7f:8c:1f:66:21:38:9d:41:82
197        Signature Algorithm: sha256WithRSAEncryption
198        Issuer: CN=Root
199        Validity
200            Not Before: Jan  1 12:00:00 2015 GMT
201            Not After : Jan  1 12:00:00 2016 GMT
202        Subject: CN=Root
203        Subject Public Key Info:
204            Public Key Algorithm: rsaEncryption
205                RSA Public-Key: (2048 bit)
206                Modulus:
207                    00:c5:99:c3:5a:ac:ee:dd:88:55:9e:e4:3b:02:e9:
208                    99:bf:7e:7c:20:2e:ad:35:96:06:74:f8:06:62:6c:
209                    30:55:b5:16:f9:e2:db:99:65:f8:b7:58:00:01:70:
210                    3f:7c:23:ff:a7:39:4b:3a:d8:f7:72:65:3e:fd:66:
211                    c0:69:43:cc:85:22:3b:d7:22:5d:1f:aa:d4:39:83:
212                    58:08:cd:e3:c1:8b:f1:77:4a:92:6a:5c:83:df:1b:
213                    59:dd:b5:92:fd:b0:6a:b0:29:a6:13:7e:2b:0e:cb:
214                    a7:0e:30:c4:b6:2f:f7:1b:e3:ce:3c:38:2c:18:bd:
215                    0c:21:dd:e1:dd:2a:18:77:94:31:12:89:0a:ee:80:
216                    30:98:2f:3a:fc:72:75:9c:f1:fb:39:31:c7:ac:63:
217                    24:d4:11:40:86:49:e4:72:ce:b9:df:f3:51:bd:d7:
218                    f2:7b:49:cd:97:65:4a:8f:65:c0:87:61:99:9c:86:
219                    c9:96:95:fc:bc:d2:c4:c2:cc:82:c4:1b:3d:18:ba:
220                    dd:13:1c:80:cf:9a:34:e7:44:90:29:c5:e5:f9:53:
221                    2f:20:e2:1c:95:ff:01:bb:ea:89:d1:47:59:fd:5a:
222                    44:75:58:df:42:29:bc:50:89:bc:1d:6c:e3:35:f8:
223                    85:ce:57:c4:c5:47:58:37:5d:1f:1b:03:66:61:0d:
224                    2f:79
225                Exponent: 65537 (0x10001)
226        X509v3 extensions:
227            X509v3 Subject Key Identifier:
228                5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F
229            X509v3 Authority Key Identifier:
230                keyid:5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F
231
232            Authority Information Access:
233                CA Issuers - URI:http://url-for-aia/Root.cer
234
235            X509v3 CRL Distribution Points:
236
237                Full Name:
238                  URI:http://url-for-crl/Root.crl
239
240            X509v3 Key Usage: critical
241                Certificate Sign, CRL Sign
242            X509v3 Basic Constraints: critical
243                CA:TRUE
244    Signature Algorithm: sha256WithRSAEncryption
245         26:d5:ba:c9:fb:e4:0d:75:44:79:16:26:33:6c:08:5d:67:60:
246         19:ef:e0:6d:49:72:30:4a:f1:88:b9:51:bc:c5:e4:e6:10:6c:
247         ce:0c:6b:37:b7:a7:d3:d9:03:41:7f:4e:e7:a0:4a:ec:52:af:
248         35:10:03:90:a2:84:4f:9a:b7:c3:d3:f4:f0:14:f8:23:f5:b2:
249         1c:55:b8:8f:6a:fd:9b:05:60:b8:48:95:e3:9b:15:99:f8:98:
250         2f:1d:cd:89:ae:91:b5:3b:4b:22:29:44:d2:76:0d:1c:0a:e5:
251         9d:98:8f:6e:c1:d4:8b:fb:b3:aa:9d:7f:56:cb:a4:9a:27:9a:
252         e3:52:50:82:01:fe:8f:ba:dc:fb:f5:7e:d0:ce:07:4b:5e:91:
253         fa:41:21:9f:a6:15:e0:01:0d:7b:c5:53:07:f5:3d:63:89:87:
254         b4:a9:a2:9a:49:f7:26:64:6e:1b:9a:ce:95:e9:51:98:31:25:
255         ea:cb:c8:dd:6a:3f:af:32:78:22:27:32:b7:61:64:c5:6c:b7:
256         96:77:1c:ec:14:93:2d:14:e5:53:9d:d9:db:09:61:bf:7f:bf:
257         cd:d4:d3:09:03:8a:20:0a:b6:19:40:a2:58:8d:e9:65:54:56:
258         ca:6a:13:f3:e1:cf:da:e3:f9:eb:49:52:cf:89:2e:52:1d:ee:
259         64:1e:40:91
260-----BEGIN CERTIFICATE-----
261MIIDeDCCAmCgAwIBAgIUOFc2fixxOljZWIN/jB9mITidQYIwDQYJKoZIhvcNAQEL
262BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw
263MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
264AoIBAQDFmcNarO7diFWe5DsC6Zm/fnwgLq01lgZ0+AZibDBVtRb54tuZZfi3WAAB
265cD98I/+nOUs62PdyZT79ZsBpQ8yFIjvXIl0fqtQ5g1gIzePBi/F3SpJqXIPfG1nd
266tZL9sGqwKaYTfisOy6cOMMS2L/cb4848OCwYvQwh3eHdKhh3lDESiQrugDCYLzr8
267cnWc8fs5McesYyTUEUCGSeRyzrnf81G91/J7Sc2XZUqPZcCHYZmchsmWlfy80sTC
268zILEGz0Yut0THIDPmjTnRJApxeX5Uy8g4hyV/wG76onRR1n9WkR1WN9CKbxQibwd
269bOM1+IXOV8TFR1g3XR8bA2ZhDS95AgMBAAGjgcswgcgwHQYDVR0OBBYEFFor63x7
270FKt/O1js7CFepevh9E9fMB8GA1UdIwQYMBaAFFor63x7FKt/O1js7CFepevh9E9f
271MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
272L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
273b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
2749w0BAQsFAAOCAQEAJtW6yfvkDXVEeRYmM2wIXWdgGe/gbUlyMErxiLlRvMXk5hBs
275zgxrN7en09kDQX9O56BK7FKvNRADkKKET5q3w9P08BT4I/WyHFW4j2r9mwVguEiV
27645sVmfiYLx3Nia6RtTtLIilE0nYNHArlnZiPbsHUi/uzqp1/Vsukmiea41JQggH+
277j7rc+/V+0M4HS16R+kEhn6YV4AENe8VTB/U9Y4mHtKmimkn3JmRuG5rOlelRmDEl
2786svI3Wo/rzJ4Iicyt2FkxWy3lncc7BSTLRTlU53Z2wlhv3+/zdTTCQOKIAq2GUCi
279WI3pZVRWymoT8+HP2uP560lSz4kuUh3uZB5AkQ==
280-----END CERTIFICATE-----
281