1[Created by: generate-chains.py] 2 3A certificate tree with two self-signed root certificates(oldroot, newroot), 4and a third root certificate (newrootrollover) which has the same key as newroot 5but is signed by oldroot, all with the same subject and issuer. 6There are two intermediates with the same key, subject and issuer 7(oldintermediate signed by oldroot, and newintermediate signed by newroot). 8The target certificate is signed by the intermediate key. 9 10 11In graphical form: 12 13 oldroot-------->newrootrollover newroot 14 | | | 15 v v v 16oldintermediate newintermediate 17 | | 18 +------------+-------------+ 19 | 20 v 21 target 22 23 24Several chains are output: 25 key-rollover-oldchain.pem: 26 target<-oldintermediate<-oldroot 27 key-rollover-rolloverchain.pem: 28 target<-newintermediate<-newrootrollover<-oldroot 29 key-rollover-longrolloverchain.pem: 30 target<-newintermediate<-newroot<-newrootrollover<-oldroot 31 key-rollover-newchain.pem: 32 target<-newintermediate<-newroot 33 34All of these chains should verify successfully. 35 36 37Certificate: 38 Data: 39 Version: 3 (0x2) 40 Serial Number: 41 60:cf:3c:af:c2:01:a7:ee:48:ed:83:9c:13:19:f0:c1:ff:af:13:68 42 Signature Algorithm: sha256WithRSAEncryption 43 Issuer: CN=Intermediate 44 Validity 45 Not Before: Jan 1 12:00:00 2015 GMT 46 Not After : Jan 1 12:00:00 2016 GMT 47 Subject: CN=Target 48 Subject Public Key Info: 49 Public Key Algorithm: rsaEncryption 50 RSA Public-Key: (2048 bit) 51 Modulus: 52 00:ef:77:94:e8:68:c5:7e:1d:9b:ae:10:cd:d5:bb: 53 96:27:0c:05:17:f4:ec:bc:da:7d:28:e5:b7:e5:8f: 54 da:d8:ae:7a:2a:d2:e3:15:9b:12:62:79:02:61:3d: 55 3f:8b:64:4e:fb:7d:e1:59:bd:2f:83:ad:d3:b8:e5: 56 45:33:c4:13:5f:79:ef:8a:3e:c0:39:20:81:e2:98: 57 b9:e6:c9:60:b6:8e:b4:bf:b4:2b:55:ae:b1:7c:21: 58 d3:fe:ec:f0:56:31:fe:0a:19:c4:2c:54:a4:97:aa: 59 84:a2:83:f8:5a:9a:f3:11:b8:ad:3b:14:3a:68:5a: 60 72:24:49:6f:6f:5a:02:39:91:07:09:cb:18:57:13: 61 1e:a4:54:03:31:5c:b6:e9:7d:78:2d:e8:ba:2f:70: 62 17:0a:03:11:aa:90:c7:5e:f0:1b:7f:56:39:f5:e0: 63 1f:1e:33:8d:23:30:e6:7a:ba:5e:ca:46:33:13:04: 64 5c:65:b0:be:53:7f:ab:a7:9f:8d:fb:bd:46:e5:87: 65 44:31:55:e5:9f:97:7e:a3:ec:69:a8:d7:8b:47:ae: 66 48:ae:74:50:5e:57:55:31:ca:36:ec:43:a1:dd:61: 67 b2:18:12:6a:29:0b:63:24:d5:71:4d:da:e7:0f:0d: 68 e3:2c:aa:76:6b:f9:2c:93:c2:fa:f9:40:2c:1b:34: 69 65:53 70 Exponent: 65537 (0x10001) 71 X509v3 extensions: 72 X509v3 Subject Key Identifier: 73 FA:2D:AF:E0:5F:8E:8E:18:7A:FB:AF:FE:D9:C9:A3:62:AA:B8:2A:18 74 X509v3 Authority Key Identifier: 75 keyid:CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B 76 77 Authority Information Access: 78 CA Issuers - URI:http://url-for-aia/Intermediate.cer 79 80 X509v3 CRL Distribution Points: 81 82 Full Name: 83 URI:http://url-for-crl/Intermediate.crl 84 85 X509v3 Key Usage: critical 86 Digital Signature, Key Encipherment 87 X509v3 Extended Key Usage: 88 TLS Web Server Authentication, TLS Web Client Authentication 89 Signature Algorithm: sha256WithRSAEncryption 90 01:db:ae:1e:db:9c:37:2a:1c:f6:44:c8:55:cb:39:9d:88:f5: 91 72:27:94:80:ec:51:ce:86:c3:64:b9:7f:f6:c2:83:38:9c:66: 92 27:44:94:31:28:bc:ed:37:dc:bd:7c:84:d5:c6:44:74:ef:81: 93 54:01:78:55:d0:59:60:99:bc:ab:bb:6a:45:0b:50:f9:de:d4: 94 3e:ce:ed:1a:26:8f:8b:6c:2d:3a:b2:e8:4b:17:c4:b8:d6:41: 95 4e:fa:8c:af:70:44:6f:30:71:f5:92:62:7e:db:19:f2:67:18: 96 e9:17:a6:98:b7:9e:7e:df:69:0c:d9:ad:65:b8:0b:5c:1d:c0: 97 a9:4c:e4:1b:2c:56:57:36:3b:8f:50:26:a6:7e:95:4b:06:d6: 98 67:1d:0e:b4:58:a7:c1:c2:37:ca:87:3a:86:e7:07:df:3c:55: 99 13:18:e8:5b:8d:08:d2:30:04:1b:de:3f:f3:eb:21:6f:99:e2: 100 5c:52:6f:37:1f:d9:93:45:e5:81:9d:4b:db:0c:6f:55:fd:e4: 101 6d:98:ac:88:7b:1a:48:b8:e8:24:ed:a6:cf:e9:f6:e2:a9:71: 102 60:cd:d7:90:0e:c3:92:b3:57:ec:da:2f:48:84:47:c8:91:c4: 103 50:1e:f0:c4:91:99:8b:4f:f1:35:65:c1:ab:a2:4a:12:1b:cf: 104 bd:68:1c:bf 105-----BEGIN CERTIFICATE----- 106MIIDoDCCAoigAwIBAgIUYM88r8IBp+5I7YOcExnwwf+vE2gwDQYJKoZIhvcNAQEL 107BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTE1MDEwMTEyMDAwMFoXDTE2 108MDEwMTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF 109AAOCAQ8AMIIBCgKCAQEA73eU6GjFfh2brhDN1buWJwwFF/TsvNp9KOW35Y/a2K56 110KtLjFZsSYnkCYT0/i2RO+33hWb0vg63TuOVFM8QTX3nvij7AOSCB4pi55slgto60 111v7QrVa6xfCHT/uzwVjH+ChnELFSkl6qEooP4WprzEbitOxQ6aFpyJElvb1oCOZEH 112CcsYVxMepFQDMVy26X14Lei6L3AXCgMRqpDHXvAbf1Y59eAfHjONIzDmerpeykYz 113EwRcZbC+U3+rp5+N+71G5YdEMVXln5d+o+xpqNeLR65IrnRQXldVMco27EOh3WGy 114GBJqKQtjJNVxTdrnDw3jLKp2a/ksk8L6+UAsGzRlUwIDAQABo4HpMIHmMB0GA1Ud 115DgQWBBT6La/gX46OGHr7r/7ZyaNiqrgqGDAfBgNVHSMEGDAWgBTMcmDwjYzLqWz/ 116CVfzav4pRiQmWzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 117cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 118dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF 119oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD 120ggEBAAHbrh7bnDcqHPZEyFXLOZ2I9XInlIDsUc6Gw2S5f/bCgzicZidElDEovO03 1213L18hNXGRHTvgVQBeFXQWWCZvKu7akULUPne1D7O7Romj4tsLTqy6EsXxLjWQU76 122jK9wRG8wcfWSYn7bGfJnGOkXppi3nn7faQzZrWW4C1wdwKlM5BssVlc2O49QJqZ+ 123lUsG1mcdDrRYp8HCN8qHOobnB988VRMY6FuNCNIwBBveP/PrIW+Z4lxSbzcf2ZNF 1245YGdS9sMb1X95G2YrIh7Gki46CTtps/p9uKpcWDN15AOw5KzV+zaL0iER8iRxFAe 1258MSRmYtP8TVlwauiShIbz71oHL8= 126-----END CERTIFICATE----- 127 128Certificate: 129 Data: 130 Version: 3 (0x2) 131 Serial Number: 132 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:95 133 Signature Algorithm: sha256WithRSAEncryption 134 Issuer: CN=Root 135 Validity 136 Not Before: Jan 2 12:00:00 2015 GMT 137 Not After : Jan 1 12:00:00 2016 GMT 138 Subject: CN=Intermediate 139 Subject Public Key Info: 140 Public Key Algorithm: rsaEncryption 141 RSA Public-Key: (2048 bit) 142 Modulus: 143 00:9d:2b:d3:86:6e:f6:af:a0:b2:08:23:93:2a:c0: 144 1c:02:49:c6:ef:a9:64:39:4e:80:6a:36:56:e5:a5: 145 93:0e:45:12:ad:05:41:9a:5d:cc:ed:af:2e:7b:b6: 146 cf:bd:14:79:8f:a5:59:16:02:fe:23:5c:2b:e4:90: 147 d2:67:7c:bb:74:cb:37:20:40:c4:62:fa:e0:23:f1: 148 a4:89:70:fe:54:ea:ea:3b:d7:1a:7a:9b:0d:a1:74: 149 44:89:c9:58:3d:d6:99:42:6b:e5:da:f5:f1:0c:33: 150 26:11:e1:d4:2b:33:d7:2e:be:b9:42:5d:e7:b2:ce: 151 52:37:51:30:17:80:a7:77:e0:ca:55:ac:42:12:23: 152 17:d6:42:5a:6d:55:1f:f8:f1:13:7b:73:7d:b6:ff: 153 b7:67:72:d8:55:af:8e:60:71:cd:b8:a4:72:9f:84: 154 d8:6f:a6:62:1a:0f:79:de:3e:27:a5:08:bc:90:20: 155 f6:a3:b2:64:21:92:3e:1c:8c:35:f5:38:16:96:18: 156 f1:5c:de:fd:89:b6:4d:ca:00:0a:59:91:84:9a:28: 157 ea:1c:8f:0d:14:aa:4b:e5:56:66:9e:40:36:35:ff: 158 dc:72:f3:ea:e3:7f:b4:73:64:66:ff:81:16:b9:93: 159 8e:61:30:7f:15:2e:1d:6c:23:90:76:56:b2:60:11: 160 91:19 161 Exponent: 65537 (0x10001) 162 X509v3 extensions: 163 X509v3 Subject Key Identifier: 164 CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B 165 X509v3 Authority Key Identifier: 166 keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 167 168 Authority Information Access: 169 CA Issuers - URI:http://url-for-aia/Root.cer 170 171 X509v3 CRL Distribution Points: 172 173 Full Name: 174 URI:http://url-for-crl/Root.crl 175 176 X509v3 Key Usage: critical 177 Certificate Sign, CRL Sign 178 X509v3 Basic Constraints: critical 179 CA:TRUE 180 Signature Algorithm: sha256WithRSAEncryption 181 58:20:51:07:c1:79:72:0f:8d:3b:34:8d:af:79:8a:f4:65:dd: 182 f6:62:8c:28:b1:e3:91:7a:c1:e0:75:11:6e:f4:cf:90:04:39: 183 8f:08:19:c9:d5:3b:61:4a:30:5c:f1:dd:93:1d:b0:05:d0:2b: 184 f4:a0:ce:4a:8d:10:f9:ce:47:92:a1:84:8a:5d:42:62:e4:81: 185 4d:8d:2a:49:cf:41:b7:1f:b8:ef:62:68:80:64:52:b5:b4:e8: 186 9c:33:10:85:f6:2d:18:0c:a1:cd:a7:6d:2a:b6:73:a8:3d:4c: 187 64:c3:3a:33:11:8b:6b:0c:68:86:ab:28:c8:e2:21:a0:26:78: 188 ed:15:f6:14:3c:d0:19:ea:d2:88:3b:ed:de:c8:99:4b:74:ff: 189 aa:d3:80:1b:5d:f0:f4:08:33:28:33:e9:0a:e8:07:0c:c4:ab: 190 f6:8c:3d:08:5a:4b:91:84:45:56:85:a0:92:59:e8:b4:e8:c6: 191 92:0d:db:1a:fe:dc:4f:ac:b6:5c:7e:6f:e5:56:14:85:f4:74: 192 33:f8:1e:eb:33:d0:0b:74:a6:ef:4e:3b:e7:77:c4:92:26:4e: 193 5d:e2:cd:6e:dc:f7:25:ee:92:b9:b0:48:5d:46:e5:a9:50:a8: 194 bb:68:57:cb:f8:7f:07:f7:b2:54:97:f9:6e:54:1c:53:09:ce: 195 c0:6b:f1:f1 196-----BEGIN CERTIFICATE----- 197MIIDgDCCAmigAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZUwDQYJKoZIhvcNAQEL 198BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xNjAxMDExMjAw 199MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD 200ggEPADCCAQoCggEBAJ0r04Zu9q+gsggjkyrAHAJJxu+pZDlOgGo2VuWlkw5FEq0F 201QZpdzO2vLnu2z70UeY+lWRYC/iNcK+SQ0md8u3TLNyBAxGL64CPxpIlw/lTq6jvX 202GnqbDaF0RInJWD3WmUJr5dr18QwzJhHh1Csz1y6+uUJd57LOUjdRMBeAp3fgylWs 203QhIjF9ZCWm1VH/jxE3tzfbb/t2dy2FWvjmBxzbikcp+E2G+mYhoPed4+J6UIvJAg 2049qOyZCGSPhyMNfU4FpYY8Vze/Ym2TcoAClmRhJoo6hyPDRSqS+VWZp5ANjX/3HLz 2056uN/tHNkZv+BFrmTjmEwfxUuHWwjkHZWsmARkRkCAwEAAaOByzCByDAdBgNVHQ4E 206FgQUzHJg8I2My6ls/wlX82r+KUYkJlswHwYDVR0jBBgwFoAUAWtJHyGPgN3Ul8Co 207uyp+3PPa/eEwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs 208LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m 209b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ 210MA0GCSqGSIb3DQEBCwUAA4IBAQBYIFEHwXlyD407NI2veYr0Zd32YowoseOResHg 211dRFu9M+QBDmPCBnJ1TthSjBc8d2THbAF0Cv0oM5KjRD5zkeSoYSKXUJi5IFNjSpJ 212z0G3H7jvYmiAZFK1tOicMxCF9i0YDKHNp20qtnOoPUxkwzozEYtrDGiGqyjI4iGg 213JnjtFfYUPNAZ6tKIO+3eyJlLdP+q04AbXfD0CDMoM+kK6AcMxKv2jD0IWkuRhEVW 214haCSWei06MaSDdsa/txPrLZcfm/lVhSF9HQz+B7rM9ALdKbvTjvnd8SSJk5d4s1u 2153Pcl7pK5sEhdRuWpUKi7aFfL+H8H97JUl/luVBxTCc7Aa/Hx 216-----END CERTIFICATE----- 217 218Certificate: 219 Data: 220 Version: 3 (0x2) 221 Serial Number: 222 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:94 223 Signature Algorithm: sha256WithRSAEncryption 224 Issuer: CN=Root 225 Validity 226 Not Before: Jan 2 12:00:00 2015 GMT 227 Not After : Jan 1 12:00:00 2016 GMT 228 Subject: CN=Root 229 Subject Public Key Info: 230 Public Key Algorithm: rsaEncryption 231 RSA Public-Key: (2048 bit) 232 Modulus: 233 00:c7:04:19:c8:b2:fc:28:77:e5:99:8e:f0:05:8b: 234 0d:5b:e5:38:f1:8e:d1:07:d2:f6:d8:6b:bd:c8:c3: 235 2c:f3:05:e9:1f:4c:b6:c1:39:d4:0f:03:2f:62:ba: 236 e7:c4:7e:9c:7c:1c:be:df:6b:f2:34:b2:45:ec:b9: 237 76:a5:3a:25:1c:a1:b7:78:76:0c:e8:3d:76:d1:46: 238 bd:20:e1:ef:1c:80:22:12:b5:8a:de:78:4f:ed:05: 239 25:5d:b4:83:4c:9e:b2:ee:64:b5:df:d9:d1:b7:5f: 240 3c:e9:8a:e1:e1:49:bd:d6:7c:fe:4a:38:f1:94:9a: 241 b5:cc:cf:85:aa:bd:bb:2d:93:b9:a9:2b:c1:f9:82: 242 c0:ba:68:a5:90:4f:e1:d4:30:6f:99:c4:d9:6c:e8: 243 6a:0c:71:a8:ff:c4:7f:b5:9a:e6:07:a0:ed:f4:3c: 244 3a:4b:a3:88:b1:41:cf:f1:b8:ea:f8:b7:43:b0:9f: 245 88:05:eb:cd:ab:27:f5:ed:62:55:05:3d:62:59:b4: 246 1c:07:ca:c4:49:3d:07:80:93:13:ff:0f:31:4f:34: 247 41:9e:5b:a9:0a:79:fa:13:91:da:7c:35:c4:7b:56: 248 9c:a1:89:05:7d:6e:12:e5:e4:83:be:9a:5e:14:cd: 249 fc:27:58:ae:f5:26:83:36:a4:04:61:a7:4a:01:2f: 250 1a:4f 251 Exponent: 65537 (0x10001) 252 X509v3 extensions: 253 X509v3 Subject Key Identifier: 254 01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 255 X509v3 Authority Key Identifier: 256 keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 257 258 Authority Information Access: 259 CA Issuers - URI:http://url-for-aia/Root.cer 260 261 X509v3 CRL Distribution Points: 262 263 Full Name: 264 URI:http://url-for-crl/Root.crl 265 266 X509v3 Key Usage: critical 267 Certificate Sign, CRL Sign 268 X509v3 Basic Constraints: critical 269 CA:TRUE 270 Signature Algorithm: sha256WithRSAEncryption 271 2c:4d:7f:fd:1c:4e:6a:f0:7b:d1:a6:d2:92:35:0a:bb:00:96: 272 f6:87:a2:8f:c8:20:51:fe:34:1b:e2:72:e0:52:ce:33:14:b8: 273 9a:fb:2d:71:5d:cb:77:1e:47:cb:00:f3:e8:12:54:1a:d4:02: 274 e7:ee:4b:21:d2:b0:7e:df:a3:47:f2:0a:15:fe:b8:e6:7f:85: 275 97:eb:2f:8d:1d:9d:0d:ba:34:ce:10:a9:a8:36:b8:ea:95:83: 276 28:10:4b:09:2f:c6:7d:b4:9c:d7:20:cc:af:9f:99:36:67:a9: 277 09:27:99:98:e5:10:6e:1b:ad:a1:46:0f:2f:82:98:98:28:30: 278 72:33:1f:7a:24:fd:61:17:5d:23:a3:ca:70:76:a4:95:b8:7c: 279 84:d7:f8:68:bd:23:27:34:0b:0f:65:c0:74:2f:28:94:46:73: 280 e3:7c:1a:f6:11:36:13:9b:16:5a:92:84:85:6d:59:88:85:82: 281 b5:43:22:fd:f5:9f:2d:82:27:cb:40:a4:b9:6c:50:7d:31:af: 282 3f:cf:83:57:72:e5:d4:6b:5e:9d:97:d1:bf:a5:0a:0d:00:88: 283 3d:25:b4:5c:a5:62:00:69:22:4e:ef:07:39:cf:74:33:7e:bb: 284 03:07:57:49:38:d7:5c:3c:43:bf:cd:fe:af:1a:75:24:4d:a5: 285 f9:63:2c:bf 286-----BEGIN CERTIFICATE----- 287MIIDeDCCAmCgAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZQwDQYJKoZIhvcNAQEL 288BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xNjAxMDExMjAw 289MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 290AoIBAQDHBBnIsvwod+WZjvAFiw1b5TjxjtEH0vbYa73IwyzzBekfTLbBOdQPAy9i 291uufEfpx8HL7fa/I0skXsuXalOiUcobd4dgzoPXbRRr0g4e8cgCIStYreeE/tBSVd 292tINMnrLuZLXf2dG3XzzpiuHhSb3WfP5KOPGUmrXMz4Wqvbstk7mpK8H5gsC6aKWQ 293T+HUMG+ZxNls6GoMcaj/xH+1muYHoO30PDpLo4ixQc/xuOr4t0Own4gF682rJ/Xt 294YlUFPWJZtBwHysRJPQeAkxP/DzFPNEGeW6kKefoTkdp8NcR7VpyhiQV9bhLl5IO+ 295ml4UzfwnWK71JoM2pARhp0oBLxpPAgMBAAGjgcswgcgwHQYDVR0OBBYEFAFrSR8h 296j4Dd1JfAqLsqftzz2v3hMB8GA1UdIwQYMBaAFAFrSR8hj4Dd1JfAqLsqftzz2v3h 297MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh 298L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S 299b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG 3009w0BAQsFAAOCAQEALE1//RxOavB70abSkjUKuwCW9oeij8ggUf40G+Jy4FLOMxS4 301mvstcV3Ldx5HywDz6BJUGtQC5+5LIdKwft+jR/IKFf645n+Fl+svjR2dDbo0zhCp 302qDa46pWDKBBLCS/GfbSc1yDMr5+ZNmepCSeZmOUQbhutoUYPL4KYmCgwcjMfeiT9 303YRddI6PKcHaklbh8hNf4aL0jJzQLD2XAdC8olEZz43wa9hE2E5sWWpKEhW1ZiIWC 304tUMi/fWfLYIny0CkuWxQfTGvP8+DV3Ll1GtenZfRv6UKDQCIPSW0XKViAGkiTu8H 305Oc90M367AwdXSTjXXDxDv83+rxp1JE2l+WMsvw== 306-----END CERTIFICATE----- 307 308Certificate: 309 Data: 310 Version: 3 (0x2) 311 Serial Number: 312 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:96 313 Signature Algorithm: sha256WithRSAEncryption 314 Issuer: CN=Root 315 Validity 316 Not Before: Jan 2 12:00:00 2015 GMT 317 Not After : Jan 1 12:00:00 2016 GMT 318 Subject: CN=Root 319 Subject Public Key Info: 320 Public Key Algorithm: rsaEncryption 321 RSA Public-Key: (2048 bit) 322 Modulus: 323 00:c7:04:19:c8:b2:fc:28:77:e5:99:8e:f0:05:8b: 324 0d:5b:e5:38:f1:8e:d1:07:d2:f6:d8:6b:bd:c8:c3: 325 2c:f3:05:e9:1f:4c:b6:c1:39:d4:0f:03:2f:62:ba: 326 e7:c4:7e:9c:7c:1c:be:df:6b:f2:34:b2:45:ec:b9: 327 76:a5:3a:25:1c:a1:b7:78:76:0c:e8:3d:76:d1:46: 328 bd:20:e1:ef:1c:80:22:12:b5:8a:de:78:4f:ed:05: 329 25:5d:b4:83:4c:9e:b2:ee:64:b5:df:d9:d1:b7:5f: 330 3c:e9:8a:e1:e1:49:bd:d6:7c:fe:4a:38:f1:94:9a: 331 b5:cc:cf:85:aa:bd:bb:2d:93:b9:a9:2b:c1:f9:82: 332 c0:ba:68:a5:90:4f:e1:d4:30:6f:99:c4:d9:6c:e8: 333 6a:0c:71:a8:ff:c4:7f:b5:9a:e6:07:a0:ed:f4:3c: 334 3a:4b:a3:88:b1:41:cf:f1:b8:ea:f8:b7:43:b0:9f: 335 88:05:eb:cd:ab:27:f5:ed:62:55:05:3d:62:59:b4: 336 1c:07:ca:c4:49:3d:07:80:93:13:ff:0f:31:4f:34: 337 41:9e:5b:a9:0a:79:fa:13:91:da:7c:35:c4:7b:56: 338 9c:a1:89:05:7d:6e:12:e5:e4:83:be:9a:5e:14:cd: 339 fc:27:58:ae:f5:26:83:36:a4:04:61:a7:4a:01:2f: 340 1a:4f 341 Exponent: 65537 (0x10001) 342 X509v3 extensions: 343 X509v3 Subject Key Identifier: 344 01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 345 X509v3 Authority Key Identifier: 346 keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD 347 348 Authority Information Access: 349 CA Issuers - URI:http://url-for-aia/Root.cer 350 351 X509v3 CRL Distribution Points: 352 353 Full Name: 354 URI:http://url-for-crl/Root.crl 355 356 X509v3 Key Usage: critical 357 Certificate Sign, CRL Sign 358 X509v3 Basic Constraints: critical 359 CA:TRUE 360 Signature Algorithm: sha256WithRSAEncryption 361 92:e9:36:26:51:cb:1d:31:0c:a0:5e:86:32:26:b1:0a:2f:2a: 362 e7:a5:65:0d:6e:56:e2:6d:1e:41:52:23:03:38:63:72:20:10: 363 b8:0f:42:28:9a:53:6e:ea:3c:88:a4:b6:89:67:50:34:2b:84: 364 15:a3:ee:e2:a6:88:74:80:c0:8d:f0:af:84:10:94:2f:50:6f: 365 b8:7f:55:a6:a2:18:d5:0e:98:1d:2e:62:29:15:eb:07:eb:01: 366 a8:33:f2:11:08:d3:b1:09:2a:2a:05:81:ec:7c:29:10:bd:6f: 367 07:55:05:77:21:e1:84:25:b3:65:b2:be:e6:db:7b:3f:e2:46: 368 a6:03:75:07:d0:ec:b4:00:e8:46:bf:16:2d:b0:87:0e:06:84: 369 7c:54:3b:a1:8c:0e:fa:d3:d1:d2:5d:40:c1:24:b9:00:31:b7: 370 bc:9a:3a:e9:68:5a:bc:20:7e:5a:5e:8b:a7:28:e2:a6:5c:9b: 371 ff:0f:c6:ae:39:04:1d:73:77:8f:e3:28:03:7e:c5:92:50:9a: 372 dc:15:67:b6:42:be:7f:b1:a6:5f:25:3c:61:6c:68:a0:b5:d0: 373 d9:d5:bd:45:29:06:bc:ab:ee:16:6f:63:55:6b:eb:d1:9c:a5: 374 a7:47:70:4b:43:3a:2a:b2:a1:b5:3a:a2:fe:57:78:db:16:66: 375 9f:4c:3e:55 376-----BEGIN CERTIFICATE----- 377MIIDeDCCAmCgAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZYwDQYJKoZIhvcNAQEL 378BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDIxMjAwMDBaFw0xNjAxMDExMjAw 379MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 380AoIBAQDHBBnIsvwod+WZjvAFiw1b5TjxjtEH0vbYa73IwyzzBekfTLbBOdQPAy9i 381uufEfpx8HL7fa/I0skXsuXalOiUcobd4dgzoPXbRRr0g4e8cgCIStYreeE/tBSVd 382tINMnrLuZLXf2dG3XzzpiuHhSb3WfP5KOPGUmrXMz4Wqvbstk7mpK8H5gsC6aKWQ 383T+HUMG+ZxNls6GoMcaj/xH+1muYHoO30PDpLo4ixQc/xuOr4t0Own4gF682rJ/Xt 384YlUFPWJZtBwHysRJPQeAkxP/DzFPNEGeW6kKefoTkdp8NcR7VpyhiQV9bhLl5IO+ 385ml4UzfwnWK71JoM2pARhp0oBLxpPAgMBAAGjgcswgcgwHQYDVR0OBBYEFAFrSR8h 386j4Dd1JfAqLsqftzz2v3hMB8GA1UdIwQYMBaAFNJFZGiGjgfyr78L891/YR1La0rN 387MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh 388L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S 389b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG 3909w0BAQsFAAOCAQEAkuk2JlHLHTEMoF6GMiaxCi8q56VlDW5W4m0eQVIjAzhjciAQ 391uA9CKJpTbuo8iKS2iWdQNCuEFaPu4qaIdIDAjfCvhBCUL1BvuH9VpqIY1Q6YHS5i 392KRXrB+sBqDPyEQjTsQkqKgWB7HwpEL1vB1UFdyHhhCWzZbK+5tt7P+JGpgN1B9Ds 393tADoRr8WLbCHDgaEfFQ7oYwO+tPR0l1AwSS5ADG3vJo66WhavCB+Wl6Lpyjiplyb 394/w/GrjkEHXN3j+MoA37FklCa3BVntkK+f7GmXyU8YWxooLXQ2dW9RSkGvKvuFm9j 395VWvr0Zylp0dwS0M6KrKhtTqi/ld42xZmn0w+VQ== 396-----END CERTIFICATE----- 397 398Certificate: 399 Data: 400 Version: 3 (0x2) 401 Serial Number: 402 52:7c:19:50:39:c6:38:0e:14:9f:b2:17:b8:81:f7:cf:f8:66:d1:92 403 Signature Algorithm: sha256WithRSAEncryption 404 Issuer: CN=Root 405 Validity 406 Not Before: Jan 1 12:00:00 2015 GMT 407 Not After : Jan 1 12:00:00 2016 GMT 408 Subject: CN=Root 409 Subject Public Key Info: 410 Public Key Algorithm: rsaEncryption 411 RSA Public-Key: (2048 bit) 412 Modulus: 413 00:ef:5f:3f:57:00:ad:2d:82:81:56:19:c0:da:98: 414 72:8b:7f:4b:4f:37:f2:d9:0e:b3:3c:7b:73:d3:8a: 415 ad:5a:94:9c:37:0b:bc:68:4b:40:ac:a9:d1:1f:1b: 416 35:6a:74:50:6b:91:c2:30:e5:a6:88:87:90:f4:dc: 417 8d:09:49:6a:3e:f0:fe:cf:bb:b3:3b:33:c1:2a:2e: 418 b9:fb:9b:6a:db:2a:a6:9f:87:46:6a:b0:7d:87:c6: 419 63:27:cd:58:e7:55:7d:c5:6c:d8:ac:c7:10:fb:6e: 420 68:40:9d:69:bf:8f:a0:9c:36:d8:7a:dc:fb:14:48: 421 f4:96:5d:c2:0e:8f:e9:2f:1d:08:13:04:a0:1d:03: 422 78:b8:a6:97:15:13:0f:91:4e:9e:18:00:96:9f:94: 423 e6:ad:02:2e:c7:60:c8:ed:50:54:02:2e:b2:6b:6e: 424 d5:78:7f:7a:74:20:20:f6:9c:fa:98:17:b3:8f:fd: 425 92:01:3d:ff:e6:56:fa:45:28:41:b1:3c:ba:4a:ef: 426 bc:ff:4c:1e:d3:96:bc:5d:a6:06:7d:27:d8:66:13: 427 e0:40:74:83:8c:f4:89:c9:8d:8a:13:b7:98:88:32: 428 6c:51:6c:15:92:1c:1b:e7:f7:08:a6:35:81:b4:24: 429 be:45:10:1f:ff:c9:e4:4d:35:b7:4d:3c:ae:54:d2: 430 ee:6f 431 Exponent: 65537 (0x10001) 432 X509v3 extensions: 433 X509v3 Subject Key Identifier: 434 D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD 435 X509v3 Authority Key Identifier: 436 keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD 437 438 Authority Information Access: 439 CA Issuers - URI:http://url-for-aia/Root.cer 440 441 X509v3 CRL Distribution Points: 442 443 Full Name: 444 URI:http://url-for-crl/Root.crl 445 446 X509v3 Key Usage: critical 447 Certificate Sign, CRL Sign 448 X509v3 Basic Constraints: critical 449 CA:TRUE 450 Signature Algorithm: sha256WithRSAEncryption 451 c3:93:57:64:ef:a6:14:46:fd:70:31:57:e2:2d:d1:84:90:c6: 452 24:77:6a:9d:e4:a7:39:fc:ae:f6:22:f8:ae:04:d9:8b:9c:e7: 453 c1:52:b4:1a:39:85:62:30:25:49:40:86:87:48:5f:fb:f8:4e: 454 19:fe:68:1f:07:17:e2:a7:09:86:f1:49:58:6e:3e:04:49:01: 455 87:2a:92:c1:38:45:4a:fa:e9:36:f5:30:77:01:2a:03:2b:ae: 456 9c:bd:bc:a4:61:43:4c:a4:90:97:f6:d8:40:8b:20:c2:7e:cf: 457 ed:83:08:b8:c5:68:4f:a4:69:83:16:c5:b5:e5:9a:a3:4d:f2: 458 4f:f4:51:3a:19:3f:8b:83:3e:04:c3:bf:7a:bf:cf:37:86:0f: 459 a1:79:a7:bf:c9:9c:7b:52:b9:84:ca:97:51:89:f2:25:bd:15: 460 4f:61:d5:bd:f0:86:e9:14:b3:77:92:11:d5:b9:7a:58:6c:b3: 461 96:16:9b:ac:db:e1:97:f7:5e:f9:58:e7:b3:4b:35:05:e6:aa: 462 a4:ca:a5:1a:48:b0:28:84:81:7f:32:07:39:cd:31:32:b5:c8: 463 da:0c:07:c2:1a:01:26:41:76:26:68:36:50:2c:34:5c:3f:b7: 464 05:4a:50:d3:37:ec:8c:d1:84:3c:25:f0:d9:ef:5e:0d:b9:b1: 465 f9:d9:d6:3a 466-----BEGIN CERTIFICATE----- 467MIIDeDCCAmCgAwIBAgIUUnwZUDnGOA4Un7IXuIH3z/hm0ZIwDQYJKoZIhvcNAQEL 468BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAw 469MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 470AoIBAQDvXz9XAK0tgoFWGcDamHKLf0tPN/LZDrM8e3PTiq1alJw3C7xoS0CsqdEf 471GzVqdFBrkcIw5aaIh5D03I0JSWo+8P7Pu7M7M8EqLrn7m2rbKqafh0ZqsH2HxmMn 472zVjnVX3FbNisxxD7bmhAnWm/j6CcNth63PsUSPSWXcIOj+kvHQgTBKAdA3i4ppcV 473Ew+RTp4YAJaflOatAi7HYMjtUFQCLrJrbtV4f3p0ICD2nPqYF7OP/ZIBPf/mVvpF 474KEGxPLpK77z/TB7TlrxdpgZ9J9hmE+BAdIOM9InJjYoTt5iIMmxRbBWSHBvn9wim 475NYG0JL5FEB//yeRNNbdNPK5U0u5vAgMBAAGjgcswgcgwHQYDVR0OBBYEFNJFZGiG 476jgfyr78L891/YR1La0rNMB8GA1UdIwQYMBaAFNJFZGiGjgfyr78L891/YR1La0rN 477MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh 478L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S 479b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG 4809w0BAQsFAAOCAQEAw5NXZO+mFEb9cDFX4i3RhJDGJHdqneSnOfyu9iL4rgTZi5zn 481wVK0GjmFYjAlSUCGh0hf+/hOGf5oHwcX4qcJhvFJWG4+BEkBhyqSwThFSvrpNvUw 482dwEqAyuunL28pGFDTKSQl/bYQIsgwn7P7YMIuMVoT6RpgxbFteWao03yT/RROhk/ 483i4M+BMO/er/PN4YPoXmnv8mce1K5hMqXUYnyJb0VT2HVvfCG6RSzd5IR1bl6WGyz 484lhabrNvhl/de+Vjns0s1BeaqpMqlGkiwKISBfzIHOc0xMrXI2gwHwhoBJkF2Jmg2 485UCw0XD+3BUpQ0zfsjNGEPCXw2e9eDbmx+dnWOg== 486-----END CERTIFICATE----- 487