1[Created by: ./generate-chains.py]
2
3Certificate chain with policies and requireExplicitPolicy, including
4policies on the root which don't match the policies in the rest of the chain.
5This should fail to verify if the policies on the root are processed.
6
7Certificate:
8    Data:
9        Version: 3 (0x2)
10        Serial Number:
11            5d:2e:4b:b8:dc:93:ec:5c:c1:45:8e:67:8e:80:9a:6b:e3:aa:78:d9
12        Signature Algorithm: sha256WithRSAEncryption
13        Issuer: CN=Intermediate
14        Validity
15            Not Before: Oct  5 12:00:00 2021 GMT
16            Not After : Oct  5 12:00:00 2022 GMT
17        Subject: CN=Target
18        Subject Public Key Info:
19            Public Key Algorithm: rsaEncryption
20                Public-Key: (2048 bit)
21                Modulus:
22                    00:b8:21:b3:ab:6b:2d:0c:d8:f5:3c:a1:46:37:cb:
23                    c2:6a:51:e6:07:3f:93:d6:71:fa:5f:e4:86:81:d0:
24                    50:97:aa:81:b7:a9:6d:86:d0:29:5c:00:d3:f3:c8:
25                    01:6c:33:df:7d:b4:1e:dd:c0:12:26:b4:51:3d:2e:
26                    71:37:e6:3c:3d:6d:05:70:75:a1:74:a6:c1:ad:32:
27                    3b:6c:a9:50:d0:c2:a3:31:a1:fc:bd:9f:e2:55:70:
28                    ce:97:79:e0:79:ec:25:c8:0d:38:0e:81:3f:95:36:
29                    bb:cc:68:4b:71:ae:60:f7:d6:1f:6a:70:cc:6d:20:
30                    05:d9:7a:e8:7a:27:c0:da:49:2a:79:64:f8:54:57:
31                    41:96:f1:18:10:c3:47:d4:4e:14:d1:3c:c1:f9:ab:
32                    da:6a:ef:48:eb:21:5b:46:32:04:e4:03:93:1b:5d:
33                    18:17:b3:e9:0f:4f:a3:74:59:c5:a9:92:27:e8:b3:
34                    c1:fc:f0:f1:8d:d4:89:b4:74:83:d3:1d:cb:e0:f8:
35                    1e:4a:93:e8:20:fc:26:1e:70:89:78:1d:c6:ae:de:
36                    50:03:a9:bd:ab:97:f5:2c:58:7e:de:c6:51:24:6b:
37                    80:58:a4:ec:b1:bb:34:6d:92:76:e7:4a:c4:f5:e6:
38                    d3:42:4b:b3:5c:33:85:90:45:51:29:7d:7b:76:b8:
39                    fc:5f
40                Exponent: 65537 (0x10001)
41        X509v3 extensions:
42            X509v3 Subject Key Identifier:
43                BC:A7:DB:3B:5C:A2:AA:2A:20:CA:D6:D5:B1:67:E9:2B:56:46:C7:EF
44            X509v3 Authority Key Identifier:
45                B6:D6:AA:A8:03:5C:D8:51:7D:A2:14:39:A2:21:C4:B2:A2:12:39:B5
46            Authority Information Access:
47                CA Issuers - URI:http://url-for-aia/Intermediate.cer
48            X509v3 CRL Distribution Points:
49                Full Name:
50                  URI:http://url-for-crl/Intermediate.crl
51            X509v3 Key Usage: critical
52                Digital Signature, Key Encipherment
53            X509v3 Extended Key Usage:
54                TLS Web Server Authentication, TLS Web Client Authentication
55            X509v3 Certificate Policies: critical
56                Policy: 1.2.3.4
57    Signature Algorithm: sha256WithRSAEncryption
58    Signature Value:
59        4b:cb:5c:2f:d3:ff:27:94:fa:a3:33:9a:c5:45:36:6e:52:b9:
60        dd:32:86:40:77:7a:bb:2b:4d:ba:e7:5a:f4:b1:1f:1b:61:39:
61        a1:94:38:5b:88:d0:b6:8e:62:fa:7b:cc:71:d2:6c:30:8f:dc:
62        cb:50:8b:52:64:ce:83:ea:d1:ed:41:81:a4:72:21:b6:73:d8:
63        8e:c3:87:e8:c8:0c:18:eb:ba:6b:64:3d:eb:c0:ea:ac:e5:4c:
64        52:d5:9b:b2:fb:9f:26:15:f3:3f:d4:8d:53:1f:af:f7:4e:23:
65        35:4f:57:61:5a:ba:6d:79:36:1d:74:40:b8:03:40:fa:aa:bf:
66        4a:25:42:13:a8:82:3d:e1:82:5d:6b:f7:e3:da:72:c4:23:0d:
67        a3:03:e8:b4:6c:ed:da:9a:40:b1:26:5f:7b:26:ec:67:2d:68:
68        17:11:32:bc:14:aa:78:eb:90:4b:23:3a:2f:44:ae:69:ef:8c:
69        12:ff:04:ff:b9:e5:6c:ba:84:10:3f:ac:f1:62:c4:ad:db:bd:
70        fb:65:f7:89:66:5a:a5:eb:31:af:a7:49:19:f3:22:b9:90:68:
71        26:b9:f2:b7:3f:ca:87:c6:2d:a1:2d:6f:e1:bb:8b:95:28:c4:
72        19:a9:f5:ed:f8:be:02:02:d9:d1:23:e3:8b:4d:b4:e0:5e:3b:
73        b2:e1:cd:43
74-----BEGIN CERTIFICATE-----
75MIIDtTCCAp2gAwIBAgIUXS5LuNyT7FzBRY5njoCaa+OqeNkwDQYJKoZIhvcNAQEL
76BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy
77MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
78AAOCAQ8AMIIBCgKCAQEAuCGzq2stDNj1PKFGN8vCalHmBz+T1nH6X+SGgdBQl6qB
79t6lthtApXADT88gBbDPffbQe3cASJrRRPS5xN+Y8PW0FcHWhdKbBrTI7bKlQ0MKj
80MaH8vZ/iVXDOl3ngeewlyA04DoE/lTa7zGhLca5g99YfanDMbSAF2XroeifA2kkq
81eWT4VFdBlvEYEMNH1E4U0TzB+avaau9I6yFbRjIE5AOTG10YF7PpD0+jdFnFqZIn
826LPB/PDxjdSJtHSD0x3L4PgeSpPoIPwmHnCJeB3Grt5QA6m9q5f1LFh+3sZRJGuA
83WKTssbs0bZJ250rE9ebTQkuzXDOFkEVRKX17drj8XwIDAQABo4H+MIH7MB0GA1Ud
84DgQWBBS8p9s7XKKqKiDK1tWxZ+krVkbH7zAfBgNVHSMEGDAWgBS21qqoA1zYUX2i
85FDmiIcSyohI5tTA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
86cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
87dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
88oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF
89BgMqAwQwDQYJKoZIhvcNAQELBQADggEBAEvLXC/T/yeU+qMzmsVFNm5Sud0yhkB3
90ersrTbrnWvSxHxthOaGUOFuI0LaOYvp7zHHSbDCP3MtQi1JkzoPq0e1BgaRyIbZz
912I7Dh+jIDBjrumtkPevA6qzlTFLVm7L7nyYV8z/UjVMfr/dOIzVPV2Faum15Nh10
92QLgDQPqqv0olQhOogj3hgl1r9+PacsQjDaMD6LRs7dqaQLEmX3sm7GctaBcRMrwU
93qnjrkEsjOi9ErmnvjBL/BP+55Wy6hBA/rPFixK3bvftl94lmWqXrMa+nSRnzIrmQ
94aCa58rc/yofGLaEtb+G7i5UoxBmp9e34vgIC2dEj44tNtOBeO7LhzUM=
95-----END CERTIFICATE-----
96
97Certificate:
98    Data:
99        Version: 3 (0x2)
100        Serial Number:
101            2e:db:34:c3:9c:3a:39:ee:a0:8e:aa:23:61:df:f0:1d:e5:84:50:22
102        Signature Algorithm: sha256WithRSAEncryption
103        Issuer: CN=Root
104        Validity
105            Not Before: Oct  5 12:00:00 2021 GMT
106            Not After : Oct  5 12:00:00 2022 GMT
107        Subject: CN=Intermediate
108        Subject Public Key Info:
109            Public Key Algorithm: rsaEncryption
110                Public-Key: (2048 bit)
111                Modulus:
112                    00:b1:c3:a1:f6:8c:47:91:b3:e9:57:39:c8:d6:f6:
113                    ed:cf:95:d3:59:45:e4:1f:66:27:30:1a:5e:4b:6e:
114                    26:cf:a1:6d:4a:44:28:88:89:5e:70:48:60:47:f1:
115                    d5:dc:0e:52:e7:21:35:ce:f8:5f:8f:43:7f:ea:67:
116                    d4:a2:86:20:6b:d7:9a:30:3e:0a:c5:15:20:47:ec:
117                    dd:7a:c7:60:35:c7:0c:50:68:fb:e9:8d:75:3a:a1:
118                    47:3e:e6:28:c7:5f:3f:bd:76:60:b6:ff:0d:67:1e:
119                    c1:3e:b5:14:a1:69:38:35:68:8f:b0:8f:d9:d3:7b:
120                    a9:40:ef:db:e8:73:b6:4d:88:5f:bf:2c:98:d9:1b:
121                    fa:9e:a7:51:0a:92:d1:bc:20:bd:03:42:fa:35:60:
122                    0c:d8:a3:b0:84:43:0e:58:59:16:5d:fd:c9:f1:b1:
123                    65:07:28:6a:dd:d9:68:22:6a:6e:c2:b1:94:92:d3:
124                    b9:33:67:bc:a9:a2:8e:2b:12:b9:ef:5a:64:65:73:
125                    66:c9:de:04:4e:b2:3b:23:d9:f9:06:9c:bb:dd:36:
126                    bc:ee:87:e4:58:f5:11:e5:4d:37:4d:4f:bd:0f:01:
127                    99:fc:65:97:0f:b5:17:3f:2f:d9:d3:63:09:f1:47:
128                    bd:c7:0f:96:9b:b2:c5:7c:ee:7d:d6:cb:00:b7:1c:
129                    86:47
130                Exponent: 65537 (0x10001)
131        X509v3 extensions:
132            X509v3 Subject Key Identifier:
133                B6:D6:AA:A8:03:5C:D8:51:7D:A2:14:39:A2:21:C4:B2:A2:12:39:B5
134            X509v3 Authority Key Identifier:
135                43:44:3D:B9:F8:92:0F:2F:82:B2:89:B9:46:B3:51:38:70:00:E1:3D
136            Authority Information Access:
137                CA Issuers - URI:http://url-for-aia/Root.cer
138            X509v3 CRL Distribution Points:
139                Full Name:
140                  URI:http://url-for-crl/Root.crl
141            X509v3 Key Usage: critical
142                Certificate Sign, CRL Sign
143            X509v3 Basic Constraints: critical
144                CA:TRUE
145            X509v3 Certificate Policies: critical
146                Policy: 1.2.3.4
147            X509v3 Policy Constraints: critical
148                Require Explicit Policy:0
149    Signature Algorithm: sha256WithRSAEncryption
150    Signature Value:
151        96:6b:6d:97:9b:d1:81:4e:a8:a1:30:85:52:73:40:57:a5:09:
152        c5:ac:af:21:9b:d2:fa:a2:81:00:50:d2:cf:74:76:d1:56:8b:
153        94:95:09:7e:25:10:53:3c:bc:63:a1:50:1f:b7:9f:84:da:c7:
154        28:f9:d9:98:02:9e:9d:02:7b:0e:5a:ce:ca:1f:d7:bc:7e:ea:
155        d5:aa:b6:9d:ef:d0:e4:7b:29:0a:b3:e9:06:d7:af:a6:b1:10:
156        01:9c:8a:be:b2:91:12:ab:3c:da:22:db:8e:1e:f2:79:6a:b1:
157        19:58:e1:3f:72:74:d3:17:68:00:af:fc:65:26:11:ec:5f:e6:
158        27:dc:d8:df:50:f3:ce:95:aa:82:11:d6:cb:5f:90:39:b3:56:
159        c3:d7:d9:ea:9f:ea:13:e3:98:2e:86:8e:64:ef:94:9b:ba:ff:
160        78:11:a7:b0:04:d4:f3:7c:7e:3f:f9:ed:25:8a:d8:18:13:23:
161        e8:5d:18:82:4a:ac:3e:f6:42:74:de:33:c2:52:b8:0b:29:73:
162        1b:f4:ed:38:20:8b:ee:e9:e0:63:94:54:07:25:fa:a1:81:27:
163        e0:87:d8:b5:ed:61:34:72:02:d8:35:94:a5:94:5f:28:ea:e3:
164        49:d6:77:65:93:15:21:e1:65:b4:06:d6:a6:be:ea:e6:3f:26:
165        ce:a0:c9:d0
166-----BEGIN CERTIFICATE-----
167MIIDpjCCAo6gAwIBAgIULts0w5w6Oe6gjqojYd/wHeWEUCIwDQYJKoZIhvcNAQEL
168BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
169MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
170ggEPADCCAQoCggEBALHDofaMR5Gz6Vc5yNb27c+V01lF5B9mJzAaXktuJs+hbUpE
171KIiJXnBIYEfx1dwOUuchNc74X49Df+pn1KKGIGvXmjA+CsUVIEfs3XrHYDXHDFBo
172++mNdTqhRz7mKMdfP712YLb/DWcewT61FKFpODVoj7CP2dN7qUDv2+hztk2IX78s
173mNkb+p6nUQqS0bwgvQNC+jVgDNijsIRDDlhZFl39yfGxZQcoat3ZaCJqbsKxlJLT
174uTNnvKmijisSue9aZGVzZsneBE6yOyPZ+Qacu902vO6H5Fj1EeVNN01PvQ8Bmfxl
175lw+1Fz8v2dNjCfFHvccPlpuyxXzufdbLALcchkcCAwEAAaOB8TCB7jAdBgNVHQ4E
176FgQUttaqqANc2FF9ohQ5oiHEsqISObUwHwYDVR0jBBgwFoAUQ0Q9ufiSDy+Csom5
177RrNROHAA4T0wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
178LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
179b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
180MBMGA1UdIAEB/wQJMAcwBQYDKgMEMA8GA1UdJAEB/wQFMAOAAQAwDQYJKoZIhvcN
181AQELBQADggEBAJZrbZeb0YFOqKEwhVJzQFelCcWsryGb0vqigQBQ0s90dtFWi5SV
182CX4lEFM8vGOhUB+3n4Taxyj52ZgCnp0Cew5azsof17x+6tWqtp3v0OR7KQqz6QbX
183r6axEAGcir6ykRKrPNoi244e8nlqsRlY4T9ydNMXaACv/GUmEexf5ifc2N9Q886V
184qoIR1stfkDmzVsPX2eqf6hPjmC6GjmTvlJu6/3gRp7AE1PN8fj/57SWK2BgTI+hd
185GIJKrD72QnTeM8JSuAspcxv07Tggi+7p4GOUVAcl+qGBJ+CH2LXtYTRyAtg1lKWU
186Xyjq40nWd2WTFSHhZbQG1qa+6uY/Js6gydA=
187-----END CERTIFICATE-----
188
189Certificate:
190    Data:
191        Version: 3 (0x2)
192        Serial Number:
193            2e:db:34:c3:9c:3a:39:ee:a0:8e:aa:23:61:df:f0:1d:e5:84:50:21
194        Signature Algorithm: sha256WithRSAEncryption
195        Issuer: CN=Root
196        Validity
197            Not Before: Oct  5 12:00:00 2021 GMT
198            Not After : Oct  5 12:00:00 2022 GMT
199        Subject: CN=Root
200        Subject Public Key Info:
201            Public Key Algorithm: rsaEncryption
202                Public-Key: (2048 bit)
203                Modulus:
204                    00:e1:6e:78:ca:b6:dd:31:40:ef:dc:08:cc:9d:7d:
205                    04:a7:e8:5a:43:63:58:ca:2a:8b:01:fd:ea:aa:9a:
206                    2a:c3:7b:86:0e:4a:28:b2:20:50:49:82:84:fc:9e:
207                    1a:90:ab:04:f1:20:89:11:79:b5:18:27:c7:88:f4:
208                    d4:39:7b:6f:f0:26:ae:22:b1:3d:35:f8:78:8f:78:
209                    62:73:d5:80:e8:b2:01:37:1e:14:9d:22:44:87:2e:
210                    25:7f:42:72:7a:61:2e:24:f0:06:ed:c9:fc:da:c6:
211                    11:5a:d7:50:bf:2e:02:8f:1a:f0:32:4f:e9:e2:22:
212                    88:61:81:dd:ce:9f:f2:db:92:5c:e2:38:00:26:b7:
213                    3b:7d:ec:b2:98:b9:1b:23:b7:c4:2d:23:04:4c:0e:
214                    bb:c6:3f:59:13:29:ba:55:ba:84:c8:6c:f8:a9:7c:
215                    f2:bc:1c:ee:cb:d1:5a:dc:44:b8:c3:73:e5:4b:fc:
216                    d1:53:ae:ea:75:b3:73:e9:f6:5c:a6:8c:62:0c:3a:
217                    78:cb:19:0a:a7:ce:a1:70:61:8f:8b:c1:f6:b4:7f:
218                    19:e0:c6:9b:bd:69:eb:36:1f:f6:bd:a1:04:da:2f:
219                    0e:4c:19:d2:ba:53:03:7e:3c:ca:e1:3f:56:0c:bf:
220                    11:ee:a7:a9:87:65:68:b1:22:54:bf:a6:fb:5b:bf:
221                    2a:99
222                Exponent: 65537 (0x10001)
223        X509v3 extensions:
224            X509v3 Subject Key Identifier:
225                43:44:3D:B9:F8:92:0F:2F:82:B2:89:B9:46:B3:51:38:70:00:E1:3D
226            X509v3 Authority Key Identifier:
227                43:44:3D:B9:F8:92:0F:2F:82:B2:89:B9:46:B3:51:38:70:00:E1:3D
228            Authority Information Access:
229                CA Issuers - URI:http://url-for-aia/Root.cer
230            X509v3 CRL Distribution Points:
231                Full Name:
232                  URI:http://url-for-crl/Root.crl
233            X509v3 Key Usage: critical
234                Certificate Sign, CRL Sign
235            X509v3 Basic Constraints: critical
236                CA:TRUE
237            X509v3 Certificate Policies: critical
238                Policy: 1.2.3.5
239    Signature Algorithm: sha256WithRSAEncryption
240    Signature Value:
241        dc:37:26:f3:42:d7:1a:10:83:63:d1:85:bb:ae:f4:d4:ac:7b:
242        e2:55:1a:1b:19:6d:03:1f:e9:c7:94:83:15:ae:49:d3:9e:f4:
243        4c:b1:69:2a:ad:78:1a:db:50:a8:85:3c:a2:bb:e7:79:05:6d:
244        2f:21:a1:e2:64:7c:07:35:47:58:8a:df:5a:2c:08:2f:d2:57:
245        f7:59:bb:d3:38:56:74:fe:e5:c0:55:b2:df:f3:a2:92:95:39:
246        0b:9d:73:1a:ba:91:c3:07:4d:59:bf:bf:e2:9c:34:33:84:6b:
247        4f:5e:29:7c:7d:62:ac:ca:ee:6a:02:36:72:bc:7b:04:d0:16:
248        ff:3f:d0:7f:f8:b3:ca:be:7b:b7:55:2b:16:97:53:06:24:92:
249        ad:c5:a4:8b:6e:b8:41:85:7f:18:b4:83:b4:7c:5a:6f:62:9f:
250        6b:33:74:39:b4:60:b7:a5:5d:cf:54:c2:a9:03:85:24:df:e6:
251        4c:d4:b7:20:9b:fb:be:0c:d4:ff:90:4d:88:a6:b2:0c:3a:a0:
252        b6:76:60:39:97:2f:f3:5a:6a:6a:b0:ed:5c:69:b5:70:7e:b6:
253        af:c6:d8:89:76:ce:02:d9:90:9d:6c:51:cc:e3:77:83:d1:a1:
254        8b:a7:4f:c1:0e:c6:60:04:95:36:03:1f:ca:90:2d:fa:00:f3:
255        a6:34:fa:cc
256-----BEGIN CERTIFICATE-----
257MIIDjTCCAnWgAwIBAgIULts0w5w6Oe6gjqojYd/wHeWEUCEwDQYJKoZIhvcNAQEL
258BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
259MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
260AoIBAQDhbnjKtt0xQO/cCMydfQSn6FpDY1jKKosB/eqqmirDe4YOSiiyIFBJgoT8
261nhqQqwTxIIkRebUYJ8eI9NQ5e2/wJq4isT01+HiPeGJz1YDosgE3HhSdIkSHLiV/
262QnJ6YS4k8AbtyfzaxhFa11C/LgKPGvAyT+niIohhgd3On/LbklziOAAmtzt97LKY
263uRsjt8QtIwRMDrvGP1kTKbpVuoTIbPipfPK8HO7L0VrcRLjDc+VL/NFTrup1s3Pp
2649lymjGIMOnjLGQqnzqFwYY+Lwfa0fxngxpu9aes2H/a9oQTaLw5MGdK6UwN+PMrh
265P1YMvxHup6mHZWixIlS/pvtbvyqZAgMBAAGjgeAwgd0wHQYDVR0OBBYEFENEPbn4
266kg8vgrKJuUazUThwAOE9MB8GA1UdIwQYMBaAFENEPbn4kg8vgrKJuUazUThwAOE9
267MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
268L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
269b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSAB
270Af8ECTAHMAUGAyoDBTANBgkqhkiG9w0BAQsFAAOCAQEA3Dcm80LXGhCDY9GFu670
2711Kx74lUaGxltAx/px5SDFa5J0570TLFpKq14GttQqIU8orvneQVtLyGh4mR8BzVH
272WIrfWiwIL9JX91m70zhWdP7lwFWy3/OikpU5C51zGrqRwwdNWb+/4pw0M4RrT14p
273fH1irMruagI2crx7BNAW/z/Qf/izyr57t1UrFpdTBiSSrcWki264QYV/GLSDtHxa
274b2KfazN0ObRgt6Vdz1TCqQOFJN/mTNS3IJv7vgzU/5BNiKayDDqgtnZgOZcv81pq
275arDtXGm1cH62r8bYiXbOAtmQnWxRzON3g9Ghi6dPwQ7GYASVNgMfypAt+gDzpjT6
276zA==
277-----END CERTIFICATE-----
278