1[Created by: generate-chains.py]
2
3Certificate chain where the root has a smaller validity range than the other
4certificates, making it easy to violate just its validity.
5
6  Root:          2015/03/01 -> 2015/09/01
7  Intermediate:  2015/01/01 -> 2016/01/01
8  Target:        2015/01/01 -> 2016/01/01
9
10
11Certificate:
12    Data:
13        Version: 3 (0x2)
14        Serial Number:
15            3c:f7:2e:2d:8f:c5:f0:b0:65:49:87:7e:d7:10:b9:ab:3b:56:ba:be
16        Signature Algorithm: sha256WithRSAEncryption
17        Issuer: CN=Intermediate
18        Validity
19            Not Before: Jan  1 12:00:00 2015 GMT
20            Not After : Jan  1 12:00:00 2016 GMT
21        Subject: CN=Target
22        Subject Public Key Info:
23            Public Key Algorithm: rsaEncryption
24                RSA Public-Key: (2048 bit)
25                Modulus:
26                    00:c8:7c:97:b3:0d:f9:56:4b:f9:6c:a3:4b:05:f3:
27                    d6:34:aa:f9:3b:b9:59:7f:02:7b:89:b5:d0:9b:be:
28                    38:c9:e6:62:0e:79:38:c7:aa:bc:2c:0b:6b:3e:b5:
29                    22:ba:8a:23:2f:ee:c4:8b:5a:59:a7:9e:4d:a0:bb:
30                    a2:13:61:9e:d6:b0:1f:34:74:b6:bc:ff:fd:ee:95:
31                    00:5b:3a:71:e1:c1:5c:89:5f:f4:70:60:f1:ca:1c:
32                    2d:33:49:03:a2:78:a1:b4:96:f1:ef:6a:ba:03:77:
33                    89:bc:64:34:99:b1:20:54:18:78:5b:d7:98:c9:c2:
34                    d2:f1:c6:64:2f:18:2f:b8:e7:e7:25:78:91:7a:59:
35                    34:ca:2f:e2:c9:47:62:b6:ff:0d:39:11:03:f5:97:
36                    e5:fd:33:14:52:4f:cc:46:6e:b1:8c:52:00:fb:dd:
37                    be:e7:dd:fe:93:49:15:ae:98:86:bf:ea:13:ca:2b:
38                    29:4a:16:ab:83:4f:26:e5:bd:e8:23:40:55:a9:a3:
39                    aa:f4:0c:56:54:13:a0:f1:dd:3b:6b:d1:7b:2b:a8:
40                    46:37:3a:fa:6b:2c:94:0e:17:0a:1b:f0:fa:37:1f:
41                    e1:14:74:d8:50:43:f6:86:9c:99:bb:03:6e:46:1e:
42                    e4:64:f5:4f:4f:67:b8:f6:8c:c2:5e:9d:ef:c1:0f:
43                    ac:c3
44                Exponent: 65537 (0x10001)
45        X509v3 extensions:
46            X509v3 Subject Key Identifier:
47                CA:78:A4:F1:F5:90:DF:91:0F:99:E9:68:EC:EA:37:23:7B:83:C1:6D
48            X509v3 Authority Key Identifier:
49                keyid:56:44:1D:0C:BA:47:5A:7D:24:AB:AC:13:96:25:FF:86:D0:08:85:8C
50
51            Authority Information Access:
52                CA Issuers - URI:http://url-for-aia/Intermediate.cer
53
54            X509v3 CRL Distribution Points:
55
56                Full Name:
57                  URI:http://url-for-crl/Intermediate.crl
58
59            X509v3 Key Usage: critical
60                Digital Signature, Key Encipherment
61            X509v3 Extended Key Usage:
62                TLS Web Server Authentication, TLS Web Client Authentication
63    Signature Algorithm: sha256WithRSAEncryption
64         63:36:d1:99:49:b6:e8:c3:28:ee:2b:1d:ab:32:ac:94:27:2e:
65         48:45:19:19:8a:82:f7:f3:47:e4:07:e6:26:95:3b:6b:c4:ab:
66         d7:b3:1b:3a:6e:3a:ee:bf:84:47:cf:d9:6b:a7:67:e6:ba:d5:
67         4c:a8:3d:6f:ce:25:c1:ea:44:e6:15:ae:95:f3:e7:9b:3f:9b:
68         cb:53:e7:ce:e8:94:ee:fd:cd:b5:a4:e2:0a:e2:eb:b3:a0:90:
69         f0:c7:1e:59:e9:53:78:9c:57:45:a3:6d:a3:2a:ff:fa:77:a1:
70         4c:d4:31:5e:df:0e:cc:4a:24:23:4b:0a:ec:8c:31:ca:cc:6a:
71         67:74:34:be:d2:5b:78:75:5a:bb:b5:30:2c:b2:63:08:4c:ff:
72         3e:ac:ad:1d:22:9b:67:87:0c:66:0e:6b:25:34:0d:7d:31:de:
73         52:af:3d:a1:9c:ad:74:da:45:6c:f2:80:c3:1f:0d:31:c9:40:
74         57:d1:d3:34:b9:b9:d2:50:31:55:43:bb:d1:d2:89:7e:35:27:
75         a5:99:5b:b5:d9:e8:4f:a6:67:e3:62:4a:70:f6:85:98:5a:2f:
76         e6:3e:10:e5:09:e4:15:d2:e8:64:2b:db:5c:64:08:6b:aa:a0:
77         c4:8b:fc:ba:4f:df:a1:49:a7:7d:e9:e8:91:de:1b:f8:8b:82:
78         d4:68:e0:75
79-----BEGIN CERTIFICATE-----
80MIIDoDCCAoigAwIBAgIUPPcuLY/F8LBlSYd+1xC5qztWur4wDQYJKoZIhvcNAQEL
81BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE2
82MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
83AAOCAQ8AMIIBCgKCAQEAyHyXsw35Vkv5bKNLBfPWNKr5O7lZfwJ7ibXQm744yeZi
84Dnk4x6q8LAtrPrUiuoojL+7Ei1pZp55NoLuiE2Ge1rAfNHS2vP/97pUAWzpx4cFc
85iV/0cGDxyhwtM0kDonihtJbx72q6A3eJvGQ0mbEgVBh4W9eYycLS8cZkLxgvuOfn
86JXiRelk0yi/iyUditv8NORED9Zfl/TMUUk/MRm6xjFIA+92+593+k0kVrpiGv+oT
87yispSharg08m5b3oI0BVqaOq9AxWVBOg8d07a9F7K6hGNzr6ayyUDhcKG/D6Nx/h
88FHTYUEP2hpyZuwNuRh7kZPVPT2e49ozCXp3vwQ+swwIDAQABo4HpMIHmMB0GA1Ud
89DgQWBBTKeKTx9ZDfkQ+Z6Wjs6jcje4PBbTAfBgNVHSMEGDAWgBRWRB0MukdafSSr
90rBOWJf+G0AiFjDA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
91cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
92dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
93oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD
94ggEBAGM20ZlJtujDKO4rHasyrJQnLkhFGRmKgvfzR+QH5iaVO2vEq9ezGzpuOu6/
95hEfP2WunZ+a61UyoPW/OJcHqROYVrpXz55s/m8tT587olO79zbWk4gri67OgkPDH
96HlnpU3icV0WjbaMq//p3oUzUMV7fDsxKJCNLCuyMMcrMamd0NL7SW3h1Wru1MCyy
97YwhM/z6srR0im2eHDGYOayU0DX0x3lKvPaGcrXTaRWzygMMfDTHJQFfR0zS5udJQ
98MVVDu9HSiX41J6WZW7XZ6E+mZ+NiSnD2hZhaL+Y+EOUJ5BXS6GQr21xkCGuqoMSL
99/LpP36FJp33p6JHeG/iLgtRo4HU=
100-----END CERTIFICATE-----
101
102Certificate:
103    Data:
104        Version: 3 (0x2)
105        Serial Number:
106            60:94:d2:f0:61:1b:d8:58:84:ab:f1:64:de:71:09:ef:28:1e:23:d7
107        Signature Algorithm: sha256WithRSAEncryption
108        Issuer: CN=Root
109        Validity
110            Not Before: Jan  1 12:00:00 2015 GMT
111            Not After : Jan  1 12:00:00 2016 GMT
112        Subject: CN=Intermediate
113        Subject Public Key Info:
114            Public Key Algorithm: rsaEncryption
115                RSA Public-Key: (2048 bit)
116                Modulus:
117                    00:b8:ea:dc:cf:e7:81:3c:c1:99:70:bd:71:4c:93:
118                    94:33:49:be:87:bf:28:2b:d0:6c:38:90:66:7d:37:
119                    d5:a3:f1:5c:a1:a5:41:35:0b:5c:a7:bc:8f:ac:b3:
120                    09:ef:62:68:9f:60:3e:9e:4c:cb:7f:a4:bf:4a:0f:
121                    a7:b2:5a:93:ec:b8:14:30:3f:d9:86:b8:ad:31:8a:
122                    bf:20:ab:c7:40:dc:28:5b:3e:dc:39:b2:00:44:34:
123                    01:d6:81:13:a7:e6:d1:d8:d3:68:22:95:ee:bf:bd:
124                    e4:d1:9f:08:dd:a9:ff:65:ff:81:6a:68:1d:ee:d3:
125                    d5:c4:76:85:54:43:73:bf:f0:3c:c1:66:bb:a4:eb:
126                    22:1e:81:29:dd:4f:41:c2:a4:73:63:43:24:60:ef:
127                    e2:f0:ae:e6:a6:25:c8:a9:ee:1b:7f:ab:be:71:cb:
128                    f7:15:cb:2d:b4:a7:56:4b:2b:35:08:9b:12:70:15:
129                    33:53:ca:a7:b4:97:37:34:d3:f7:d5:f8:19:54:03:
130                    50:b4:f5:47:1a:f1:10:03:b5:54:64:c1:9c:b5:6d:
131                    14:0a:5a:28:24:4b:11:b6:fe:70:c2:0f:80:82:cd:
132                    94:59:16:ff:75:8b:da:91:3d:5f:16:95:4d:61:77:
133                    67:28:37:3b:6e:a6:a4:88:33:01:12:a0:10:fc:59:
134                    49:d3
135                Exponent: 65537 (0x10001)
136        X509v3 extensions:
137            X509v3 Subject Key Identifier:
138                56:44:1D:0C:BA:47:5A:7D:24:AB:AC:13:96:25:FF:86:D0:08:85:8C
139            X509v3 Authority Key Identifier:
140                keyid:07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1
141
142            Authority Information Access:
143                CA Issuers - URI:http://url-for-aia/Root.cer
144
145            X509v3 CRL Distribution Points:
146
147                Full Name:
148                  URI:http://url-for-crl/Root.crl
149
150            X509v3 Key Usage: critical
151                Certificate Sign, CRL Sign
152            X509v3 Basic Constraints: critical
153                CA:TRUE
154    Signature Algorithm: sha256WithRSAEncryption
155         14:86:d2:95:9b:c1:98:21:6d:4e:a8:ac:96:32:e2:52:08:9d:
156         f3:bf:2c:9c:83:9a:71:aa:39:f0:ee:89:b9:41:a3:23:c3:2a:
157         84:1d:d0:07:65:4b:ce:42:66:eb:a6:3b:c7:23:83:31:f0:b4:
158         d4:b5:e4:cd:89:13:58:35:43:de:05:64:84:4b:ed:84:6f:ac:
159         dc:57:29:ae:5f:0b:81:56:9b:b2:60:c2:89:68:0c:18:ee:f2:
160         d2:42:6f:e3:61:ff:b8:02:f9:61:f7:20:41:dc:91:66:52:ee:
161         ba:a3:bc:66:84:fd:89:cd:38:25:5b:53:cf:f1:6e:f9:d2:95:
162         9a:7f:61:39:d5:1c:28:16:4a:c2:12:0e:f4:4a:94:ef:85:db:
163         ee:4f:18:7f:92:ef:de:4f:fb:9f:f5:0a:d9:ea:be:55:80:2c:
164         85:b5:09:fc:3e:c0:32:39:68:ae:00:20:95:25:78:ba:98:f0:
165         85:ef:ad:1c:b1:9c:7a:47:49:09:ae:ec:e0:90:71:3c:55:b4:
166         41:c4:5d:d0:65:58:30:2d:87:1b:90:27:f8:f6:ce:de:fd:8e:
167         ec:a0:c6:25:b8:7f:f8:d0:11:90:26:a6:6a:69:2d:bf:fe:6d:
168         d9:66:d8:97:79:5a:70:96:b0:49:e5:e2:17:2f:2c:8b:63:77:
169         88:6c:ff:e5
170-----BEGIN CERTIFICATE-----
171MIIDgDCCAmigAwIBAgIUYJTS8GEb2FiEq/Fk3nEJ7ygeI9cwDQYJKoZIhvcNAQEL
172BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw
173MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
174ggEPADCCAQoCggEBALjq3M/ngTzBmXC9cUyTlDNJvoe/KCvQbDiQZn031aPxXKGl
175QTULXKe8j6yzCe9iaJ9gPp5My3+kv0oPp7Jak+y4FDA/2Ya4rTGKvyCrx0DcKFs+
1763DmyAEQ0AdaBE6fm0djTaCKV7r+95NGfCN2p/2X/gWpoHe7T1cR2hVRDc7/wPMFm
177u6TrIh6BKd1PQcKkc2NDJGDv4vCu5qYlyKnuG3+rvnHL9xXLLbSnVksrNQibEnAV
178M1PKp7SXNzTT99X4GVQDULT1RxrxEAO1VGTBnLVtFApaKCRLEbb+cMIPgILNlFkW
179/3WL2pE9XxaVTWF3Zyg3O26mpIgzARKgEPxZSdMCAwEAAaOByzCByDAdBgNVHQ4E
180FgQUVkQdDLpHWn0kq6wTliX/htAIhYwwHwYDVR0jBBgwFoAUB3Ue42T5ygZHtGi5
1812DQ5RoeNJ6EwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
182LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
183b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
184MA0GCSqGSIb3DQEBCwUAA4IBAQAUhtKVm8GYIW1OqKyWMuJSCJ3zvyycg5pxqjnw
1857om5QaMjwyqEHdAHZUvOQmbrpjvHI4Mx8LTUteTNiRNYNUPeBWSES+2Eb6zcVymu
186XwuBVpuyYMKJaAwY7vLSQm/jYf+4Avlh9yBB3JFmUu66o7xmhP2JzTglW1PP8W75
1870pWaf2E51RwoFkrCEg70SpTvhdvuTxh/ku/eT/uf9QrZ6r5VgCyFtQn8PsAyOWiu
188ACCVJXi6mPCF760csZx6R0kJruzgkHE8VbRBxF3QZVgwLYcbkCf49s7e/Y7soMYl
189uH/40BGQJqZqaS2//m3ZZtiXeVpwlrBJ5eIXLyyLY3eIbP/l
190-----END CERTIFICATE-----
191
192Certificate:
193    Data:
194        Version: 3 (0x2)
195        Serial Number:
196            60:94:d2:f0:61:1b:d8:58:84:ab:f1:64:de:71:09:ef:28:1e:23:d6
197        Signature Algorithm: sha256WithRSAEncryption
198        Issuer: CN=Root
199        Validity
200            Not Before: Mar  1 12:00:00 2015 GMT
201            Not After : Sep  1 12:00:00 2015 GMT
202        Subject: CN=Root
203        Subject Public Key Info:
204            Public Key Algorithm: rsaEncryption
205                RSA Public-Key: (2048 bit)
206                Modulus:
207                    00:a9:91:e0:b0:cc:ae:f4:2a:c1:32:17:cf:cf:c8:
208                    f1:19:d8:82:d0:ae:e4:22:4b:3b:94:af:4a:ee:7a:
209                    36:29:60:18:39:8f:f2:51:d7:1c:a0:18:29:f1:98:
210                    cb:8d:fa:e0:09:d6:0d:7f:74:08:cb:58:2e:0f:8b:
211                    1c:9d:05:31:8a:e2:41:b6:18:0f:98:ee:70:78:d3:
212                    2b:50:d4:87:a7:f6:36:6b:71:40:37:97:a9:34:3f:
213                    a1:40:37:f7:e3:5b:bc:4f:21:b6:80:ef:c9:cb:e8:
214                    94:da:fa:d0:23:33:e6:e1:7f:57:72:59:c6:ca:7f:
215                    93:2f:5c:5e:d9:a8:55:8e:f2:a0:45:77:03:29:6b:
216                    55:f6:38:c2:fa:42:bc:9a:73:4a:5b:2a:27:5a:dd:
217                    ab:c0:68:d0:b3:51:5b:e7:b8:4e:02:8f:09:35:31:
218                    36:93:52:a3:bd:69:5f:58:f4:de:3f:44:4a:8d:ea:
219                    9a:08:8f:1e:f6:5c:b1:db:21:0b:07:0a:8f:9b:d1:
220                    d4:7f:cb:05:96:d5:04:b1:d2:5e:d9:13:6a:33:5b:
221                    d4:98:05:1c:c0:33:07:a7:84:7c:6a:ca:5d:65:5e:
222                    ea:18:6c:ef:4c:d6:65:a6:c1:07:bb:11:78:c3:fb:
223                    91:be:36:09:08:98:42:9b:6f:eb:ad:80:e0:14:13:
224                    11:85
225                Exponent: 65537 (0x10001)
226        X509v3 extensions:
227            X509v3 Subject Key Identifier:
228                07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1
229            X509v3 Authority Key Identifier:
230                keyid:07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1
231
232            Authority Information Access:
233                CA Issuers - URI:http://url-for-aia/Root.cer
234
235            X509v3 CRL Distribution Points:
236
237                Full Name:
238                  URI:http://url-for-crl/Root.crl
239
240            X509v3 Key Usage: critical
241                Certificate Sign, CRL Sign
242            X509v3 Basic Constraints: critical
243                CA:TRUE
244    Signature Algorithm: sha256WithRSAEncryption
245         4a:c7:5d:18:0f:b3:5f:d3:48:b3:8a:a5:74:4f:1b:f6:79:4e:
246         ac:b4:39:2d:aa:ae:62:72:ef:23:42:7d:dd:1f:64:0f:9e:5e:
247         f9:b9:80:13:fd:b8:a7:f6:f2:c5:53:ba:b4:42:d3:b7:6f:36:
248         5a:83:f4:ca:84:f4:02:3e:8c:dc:81:10:1f:a9:4e:91:72:39:
249         6c:ab:6d:cd:6a:a9:ac:c6:ae:ae:02:07:fd:80:64:bc:5f:7e:
250         31:59:53:2c:b9:ae:0c:21:bd:f0:e2:e5:90:49:5e:18:3e:47:
251         60:d3:38:fe:2b:8c:ac:f4:1b:20:12:a7:a9:13:c0:72:2f:b7:
252         1a:1c:92:87:3f:8f:53:7a:b8:0e:db:8f:35:a0:fe:2a:d8:f4:
253         63:c5:e4:ca:a2:a6:59:4f:c1:a5:b8:46:10:a9:cc:1c:fa:72:
254         f5:f7:63:07:d3:73:c4:21:10:cb:23:07:56:d7:df:6e:02:62:
255         ed:fc:50:3f:16:05:3e:16:07:ef:0d:f0:f9:fa:b7:59:21:d5:
256         c1:fe:1c:d5:54:18:68:51:d6:45:51:68:ef:99:d8:d4:e1:6a:
257         2a:b7:a7:f7:5c:21:60:16:73:50:87:9c:dc:ff:f3:95:33:62:
258         31:30:b9:65:f3:23:a6:ed:6d:18:c4:d8:57:08:93:31:35:2a:
259         31:e8:0b:d1
260-----BEGIN CERTIFICATE-----
261MIIDeDCCAmCgAwIBAgIUYJTS8GEb2FiEq/Fk3nEJ7ygeI9YwDQYJKoZIhvcNAQEL
262BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAzMDExMjAwMDBaFw0xNTA5MDExMjAw
263MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
264AoIBAQCpkeCwzK70KsEyF8/PyPEZ2ILQruQiSzuUr0ruejYpYBg5j/JR1xygGCnx
265mMuN+uAJ1g1/dAjLWC4PixydBTGK4kG2GA+Y7nB40ytQ1Ien9jZrcUA3l6k0P6FA
266N/fjW7xPIbaA78nL6JTa+tAjM+bhf1dyWcbKf5MvXF7ZqFWO8qBFdwMpa1X2OML6
267Qryac0pbKida3avAaNCzUVvnuE4Cjwk1MTaTUqO9aV9Y9N4/REqN6poIjx72XLHb
268IQsHCo+b0dR/ywWW1QSx0l7ZE2ozW9SYBRzAMwenhHxqyl1lXuoYbO9M1mWmwQe7
269EXjD+5G+NgkImEKbb+utgOAUExGFAgMBAAGjgcswgcgwHQYDVR0OBBYEFAd1HuNk
270+coGR7Roudg0OUaHjSehMB8GA1UdIwQYMBaAFAd1HuNk+coGR7Roudg0OUaHjSeh
271MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
272L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
273b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
2749w0BAQsFAAOCAQEASsddGA+zX9NIs4qldE8b9nlOrLQ5LaquYnLvI0J93R9kD55e
275+bmAE/24p/byxVO6tELTt282WoP0yoT0Aj6M3IEQH6lOkXI5bKttzWqprMaurgIH
276/YBkvF9+MVlTLLmuDCG98OLlkEleGD5HYNM4/iuMrPQbIBKnqRPAci+3GhyShz+P
277U3q4DtuPNaD+Ktj0Y8XkyqKmWU/BpbhGEKnMHPpy9fdjB9NzxCEQyyMHVtffbgJi
2787fxQPxYFPhYH7w3w+fq3WSHVwf4c1VQYaFHWRVFo75nY1OFqKren91whYBZzUIec
2793P/zlTNiMTC5ZfMjpu1tGMTYVwiTMTUqMegL0Q==
280-----END CERTIFICATE-----
281