1[Created by: ./generate-chains.py]
2
3Certificate chain where the target certificate contains an
4MSApplicationPolicies extension that is marked as critical and
5does not contain an extendedKeyUsage extension.
6
7Certificate:
8    Data:
9        Version: 3 (0x2)
10        Serial Number:
11            1c:c2:ac:ef:39:90:fd:0d:2e:ae:a2:26:22:5f:34:30:06:a4:a3:f3
12        Signature Algorithm: sha256WithRSAEncryption
13        Issuer: CN=Intermediate
14        Validity
15            Not Before: Oct  5 12:00:00 2021 GMT
16            Not After : Oct  5 12:00:00 2022 GMT
17        Subject: CN=Target
18        Subject Public Key Info:
19            Public Key Algorithm: rsaEncryption
20                Public-Key: (2048 bit)
21                Modulus:
22                    00:dc:ef:39:2d:3e:82:ed:41:24:9b:af:4e:c7:37:
23                    e2:c9:a9:47:32:16:5b:52:3f:82:14:63:bb:6e:b1:
24                    cc:9d:a2:b4:df:90:42:73:14:c1:24:98:83:e5:58:
25                    c4:bd:4c:0d:01:31:b4:c5:4e:a2:a4:e1:8f:ff:d8:
26                    95:4a:7f:90:50:18:81:74:04:e0:29:82:d7:a8:be:
27                    c7:b5:c8:43:93:31:99:33:04:7b:b1:3f:8c:77:44:
28                    f3:66:85:93:10:88:79:f2:30:1d:a5:3a:78:82:ae:
29                    bb:b4:21:2a:64:00:5b:42:07:04:b7:a0:fb:f0:4b:
30                    74:e8:23:53:da:8e:0c:39:da:f2:b2:df:d3:88:91:
31                    11:b5:60:68:26:8e:58:81:a3:d3:06:2a:e7:e0:df:
32                    ba:8b:07:0f:d2:98:6c:6a:4b:54:9d:b6:34:e0:99:
33                    c4:04:b8:02:04:ec:7d:e5:04:f2:4f:1e:50:38:d4:
34                    f0:ca:c7:ca:e8:b3:93:d5:40:14:1b:77:25:45:38:
35                    77:49:92:b4:41:fa:f4:3e:cc:d7:b2:35:72:94:67:
36                    cf:76:e8:e3:9e:5a:67:d9:6d:44:e9:12:4c:40:f6:
37                    56:b9:21:d7:51:4e:68:f5:5b:70:c4:9a:82:38:12:
38                    e3:60:f3:dc:c3:90:e1:41:31:d5:db:8b:87:96:b6:
39                    45:75
40                Exponent: 65537 (0x10001)
41        X509v3 extensions:
42            X509v3 Subject Key Identifier:
43                08:E2:C4:5E:E8:5A:C1:B2:5A:B5:7E:1C:A2:8B:FB:31:B2:94:58:70
44            X509v3 Authority Key Identifier:
45                C9:C5:2E:C4:9B:E4:8A:91:4B:38:EF:9B:47:0E:C5:43:F2:B2:5E:9B
46            Authority Information Access:
47                CA Issuers - URI:http://url-for-aia/Intermediate.cer
48            X509v3 CRL Distribution Points:
49                Full Name:
50                  URI:http://url-for-crl/Intermediate.crl
51            X509v3 Key Usage: critical
52                Digital Signature, Key Encipherment
53            1.3.6.1.4.1.311.21.10: critical
54                ....
55    Signature Algorithm: sha256WithRSAEncryption
56    Signature Value:
57        51:39:30:77:b2:7a:4c:83:f5:cb:ad:60:6f:73:cd:b9:35:1f:
58        dd:a6:8c:da:43:37:65:42:41:95:a5:73:d6:3e:d7:d0:4f:a2:
59        cd:8d:ee:35:1b:e2:b6:74:68:00:f0:ae:d5:45:75:6f:8f:d9:
60        30:f3:10:1d:07:3e:d4:c4:43:39:aa:bd:8f:0c:b7:81:a7:b8:
61        c5:e7:ad:61:24:a5:33:43:d8:1e:0a:a1:4c:82:61:69:56:0b:
62        71:ae:48:7e:80:42:1a:6c:76:04:94:48:ca:0e:05:e1:76:39:
63        4b:55:07:4a:bb:ff:3f:9a:48:aa:14:8a:69:ad:35:cd:af:32:
64        2e:c2:6e:f3:5d:21:c1:a8:0c:45:af:1b:e5:e4:c5:12:66:ff:
65        94:43:6d:9f:4b:c5:b5:7a:a7:4f:42:34:1f:ae:b7:60:dc:81:
66        69:5f:23:74:17:52:28:e0:93:ce:d3:5b:83:14:f4:cf:87:d8:
67        22:ac:af:d8:05:76:ba:0c:5e:73:ec:b6:12:74:6e:c6:92:be:
68        f5:8f:2c:cc:7b:4e:b0:32:91:a1:ee:65:06:1c:a0:25:94:1c:
69        ea:75:f4:50:e6:65:a9:74:ed:b3:f7:ba:7b:45:d7:e2:28:4b:
70        3b:d3:66:c6:d9:7f:1d:1d:d7:cc:81:85:ed:0a:8d:f1:5c:c1:
71        dc:eb:3b:cf
72-----BEGIN CERTIFICATE-----
73MIIDlzCCAn+gAwIBAgIUHMKs7zmQ/Q0urqImIl80MAako/MwDQYJKoZIhvcNAQEL
74BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy
75MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
76AAOCAQ8AMIIBCgKCAQEA3O85LT6C7UEkm69OxzfiyalHMhZbUj+CFGO7brHMnaK0
7735BCcxTBJJiD5VjEvUwNATG0xU6ipOGP/9iVSn+QUBiBdATgKYLXqL7HtchDkzGZ
78MwR7sT+Md0TzZoWTEIh58jAdpTp4gq67tCEqZABbQgcEt6D78Et06CNT2o4MOdry
79st/TiJERtWBoJo5YgaPTBirn4N+6iwcP0phsaktUnbY04JnEBLgCBOx95QTyTx5Q
80ONTwysfK6LOT1UAUG3clRTh3SZK0Qfr0PszXsjVylGfPdujjnlpn2W1E6RJMQPZW
81uSHXUU5o9VtwxJqCOBLjYPPcw5DhQTHV24uHlrZFdQIDAQABo4HgMIHdMB0GA1Ud
82DgQWBBQI4sRe6FrBslq1fhyii/sxspRYcDAfBgNVHSMEGDAWgBTJxS7Em+SKkUs4
8375tHDsVD8rJemzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
84cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
85dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
86oDAUBgkrBgEEAYI3FQoBAf8EBAECAwQwDQYJKoZIhvcNAQELBQADggEBAFE5MHey
87ekyD9cutYG9zzbk1H92mjNpDN2VCQZWlc9Y+19BPos2N7jUb4rZ0aADwrtVFdW+P
882TDzEB0HPtTEQzmqvY8Mt4GnuMXnrWEkpTND2B4KoUyCYWlWC3GuSH6AQhpsdgSU
89SMoOBeF2OUtVB0q7/z+aSKoUimmtNc2vMi7CbvNdIcGoDEWvG+XkxRJm/5RDbZ9L
90xbV6p09CNB+ut2DcgWlfI3QXUijgk87TW4MU9M+H2CKsr9gFdroMXnPsthJ0bsaS
91vvWPLMx7TrAykaHuZQYcoCWUHOp19FDmZal07bP3untF1+IoSzvTZsbZfx0d18yB
92he0KjfFcwdzrO88=
93-----END CERTIFICATE-----
94
95Certificate:
96    Data:
97        Version: 3 (0x2)
98        Serial Number:
99            70:69:1e:f2:d2:50:52:75:0d:f7:2f:a6:37:4f:1c:8e:68:ba:05:14
100        Signature Algorithm: sha256WithRSAEncryption
101        Issuer: CN=Root
102        Validity
103            Not Before: Oct  5 12:00:00 2021 GMT
104            Not After : Oct  5 12:00:00 2022 GMT
105        Subject: CN=Intermediate
106        Subject Public Key Info:
107            Public Key Algorithm: rsaEncryption
108                Public-Key: (2048 bit)
109                Modulus:
110                    00:97:4d:9e:0c:43:a9:0d:f0:5c:d4:7b:cf:3a:a0:
111                    8b:01:6e:cb:30:1c:92:3b:b7:49:92:4b:36:7e:bb:
112                    e3:e6:03:98:60:87:ba:52:12:98:9c:6b:e5:f4:6e:
113                    98:46:8c:fc:c7:c2:af:c5:70:b3:be:bd:b9:ba:7e:
114                    15:29:e3:34:96:2f:94:70:9f:70:35:a2:da:70:c8:
115                    62:e0:30:78:5d:b6:81:ee:91:4a:cc:b4:65:62:f3:
116                    1b:99:c2:65:8b:d5:79:3f:d6:86:e5:58:d5:60:ef:
117                    27:0a:9c:80:a6:49:a2:d0:50:a6:ae:1f:e3:d4:e3:
118                    63:4c:33:9d:ab:8e:b2:37:da:9a:7e:8b:36:c3:5f:
119                    24:9b:b1:51:2b:2a:b4:fd:1f:2a:99:ee:21:71:c8:
120                    61:65:1c:56:be:7f:91:46:49:15:82:08:50:54:15:
121                    83:3f:ab:ef:0b:3d:87:ab:d3:82:2d:25:d2:2f:de:
122                    82:95:b9:25:53:98:4a:16:b8:f8:d4:f7:26:9a:a8:
123                    97:5e:15:ec:25:5c:fa:f6:2a:f5:2e:48:2c:11:2e:
124                    b2:b4:5c:79:4a:c1:66:49:c6:3a:cd:fd:8b:e3:87:
125                    f2:5f:99:3f:37:00:1e:22:64:86:0a:d0:fb:79:fa:
126                    2e:e1:54:ac:38:ba:82:c6:bc:48:9c:5e:aa:a3:e9:
127                    27:df
128                Exponent: 65537 (0x10001)
129        X509v3 extensions:
130            X509v3 Subject Key Identifier:
131                C9:C5:2E:C4:9B:E4:8A:91:4B:38:EF:9B:47:0E:C5:43:F2:B2:5E:9B
132            X509v3 Authority Key Identifier:
133                C9:1B:0A:27:43:C5:EF:E5:72:BC:94:85:D7:E5:F8:99:E1:50:24:8D
134            Authority Information Access:
135                CA Issuers - URI:http://url-for-aia/Root.cer
136            X509v3 CRL Distribution Points:
137                Full Name:
138                  URI:http://url-for-crl/Root.crl
139            X509v3 Key Usage: critical
140                Certificate Sign, CRL Sign
141            X509v3 Basic Constraints: critical
142                CA:TRUE
143    Signature Algorithm: sha256WithRSAEncryption
144    Signature Value:
145        6f:9c:74:6f:bc:bd:6e:dc:06:00:4d:f0:a8:e3:e0:0d:56:82:
146        09:94:bf:95:95:b9:a4:31:0c:8a:0f:19:55:e2:b7:d8:d3:c4:
147        6f:55:b6:ae:19:77:39:4e:43:82:58:3f:7c:da:2a:8c:47:8c:
148        b0:18:5e:d4:00:0c:af:2f:72:e5:40:aa:42:db:a4:7a:03:9d:
149        f1:22:f1:c6:ac:cf:18:81:61:73:dd:00:29:63:fd:ca:5a:51:
150        69:94:ab:c4:c8:c4:fc:ff:70:1d:a7:5e:11:03:c1:18:41:9b:
151        92:e8:03:50:7d:fd:01:d9:32:bf:d5:68:4b:e2:90:88:7c:62:
152        eb:9f:4b:36:4f:37:8d:63:a0:eb:fb:e5:32:bd:87:3f:4d:9a:
153        4f:2c:8b:32:3f:c4:55:a5:d6:e3:cb:83:4a:5a:9e:9f:3d:ec:
154        45:5c:d4:ec:5e:51:1d:eb:98:8c:b1:bb:be:5f:a5:0f:7c:75:
155        b9:2b:a0:63:71:9c:42:76:fc:52:7d:01:54:8f:9c:1a:e0:4d:
156        6b:7e:e7:84:6c:8e:af:87:6b:cd:aa:e0:08:1e:8b:7d:d6:e7:
157        c8:7f:66:3f:ea:d3:2d:99:75:20:f6:8d:34:bd:f0:36:ea:4b:
158        3b:70:f1:57:b7:c8:55:a4:11:9b:ce:17:18:21:03:d0:d5:02:
159        12:25:23:17
160-----BEGIN CERTIFICATE-----
161MIIDgDCCAmigAwIBAgIUcGke8tJQUnUN9y+mN08cjmi6BRQwDQYJKoZIhvcNAQEL
162BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
163MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
164ggEPADCCAQoCggEBAJdNngxDqQ3wXNR7zzqgiwFuyzAckju3SZJLNn674+YDmGCH
165ulISmJxr5fRumEaM/MfCr8Vws769ubp+FSnjNJYvlHCfcDWi2nDIYuAweF22ge6R
166Ssy0ZWLzG5nCZYvVeT/WhuVY1WDvJwqcgKZJotBQpq4f49TjY0wznauOsjfamn6L
167NsNfJJuxUSsqtP0fKpnuIXHIYWUcVr5/kUZJFYIIUFQVgz+r7ws9h6vTgi0l0i/e
168gpW5JVOYSha4+NT3Jpqol14V7CVc+vYq9S5ILBEusrRceUrBZknGOs39i+OH8l+Z
169PzcAHiJkhgrQ+3n6LuFUrDi6gsa8SJxeqqPpJ98CAwEAAaOByzCByDAdBgNVHQ4E
170FgQUycUuxJvkipFLOO+bRw7FQ/KyXpswHwYDVR0jBBgwFoAUyRsKJ0PF7+VyvJSF
1711+X4meFQJI0wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
172LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
173b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
174MA0GCSqGSIb3DQEBCwUAA4IBAQBvnHRvvL1u3AYATfCo4+ANVoIJlL+VlbmkMQyK
175DxlV4rfY08RvVbauGXc5TkOCWD982iqMR4ywGF7UAAyvL3LlQKpC26R6A53xIvHG
176rM8YgWFz3QApY/3KWlFplKvEyMT8/3Adp14RA8EYQZuS6ANQff0B2TK/1WhL4pCI
177fGLrn0s2TzeNY6Dr++UyvYc/TZpPLIsyP8RVpdbjy4NKWp6fPexFXNTsXlEd65iM
178sbu+X6UPfHW5K6BjcZxCdvxSfQFUj5wa4E1rfueEbI6vh2vNquAIHot91ufIf2Y/
1796tMtmXUg9o00vfA26ks7cPFXt8hVpBGbzhcYIQPQ1QISJSMX
180-----END CERTIFICATE-----
181
182Certificate:
183    Data:
184        Version: 3 (0x2)
185        Serial Number:
186            70:69:1e:f2:d2:50:52:75:0d:f7:2f:a6:37:4f:1c:8e:68:ba:05:13
187        Signature Algorithm: sha256WithRSAEncryption
188        Issuer: CN=Root
189        Validity
190            Not Before: Oct  5 12:00:00 2021 GMT
191            Not After : Oct  5 12:00:00 2022 GMT
192        Subject: CN=Root
193        Subject Public Key Info:
194            Public Key Algorithm: rsaEncryption
195                Public-Key: (2048 bit)
196                Modulus:
197                    00:c2:4d:67:95:5f:5c:db:5a:55:2a:c8:09:cf:ed:
198                    c9:1c:4c:38:f4:53:65:24:ec:f0:15:8d:fb:c5:1b:
199                    42:fe:b1:59:1d:16:6b:7d:59:62:72:62:9c:b5:08:
200                    c9:c7:f8:d3:02:29:0c:c1:9d:ff:1d:f7:e3:f3:bd:
201                    33:08:05:ac:2a:52:46:48:f9:41:a7:9a:00:59:78:
202                    68:17:6a:17:59:0b:b2:e7:3a:de:a7:2d:b4:19:76:
203                    52:85:22:0c:d5:15:10:7c:a3:25:ca:75:ed:b5:74:
204                    96:a0:f4:8d:0c:17:42:8e:44:c2:9a:53:ee:58:4a:
205                    f3:0f:ec:c1:20:d9:f7:9b:07:13:b5:59:a7:8d:91:
206                    5e:51:a8:12:7e:db:e9:ad:ec:da:e7:52:b5:2b:85:
207                    7c:dd:77:8f:6f:6a:12:24:b7:f5:d7:74:7d:98:e9:
208                    21:1c:21:ba:e7:fc:52:e4:8d:05:a7:1a:9f:98:a3:
209                    76:6c:a5:3a:5a:a1:6b:ae:be:bc:25:a5:eb:c1:ad:
210                    79:5c:d1:03:ca:c9:a6:d3:14:8d:f4:ed:28:6a:16:
211                    9a:f7:48:32:9b:d2:93:c5:44:f3:23:b0:4b:ff:b1:
212                    aa:06:d3:ba:4e:e4:e3:3d:29:e2:d4:39:05:49:ba:
213                    1f:4d:f1:7a:c6:df:95:45:bd:07:34:c2:13:14:6c:
214                    6c:23
215                Exponent: 65537 (0x10001)
216        X509v3 extensions:
217            X509v3 Subject Key Identifier:
218                C9:1B:0A:27:43:C5:EF:E5:72:BC:94:85:D7:E5:F8:99:E1:50:24:8D
219            X509v3 Authority Key Identifier:
220                C9:1B:0A:27:43:C5:EF:E5:72:BC:94:85:D7:E5:F8:99:E1:50:24:8D
221            Authority Information Access:
222                CA Issuers - URI:http://url-for-aia/Root.cer
223            X509v3 CRL Distribution Points:
224                Full Name:
225                  URI:http://url-for-crl/Root.crl
226            X509v3 Key Usage: critical
227                Certificate Sign, CRL Sign
228            X509v3 Basic Constraints: critical
229                CA:TRUE
230    Signature Algorithm: sha256WithRSAEncryption
231    Signature Value:
232        7e:aa:d8:8d:d4:41:51:cf:31:32:fb:1d:02:85:65:63:ca:15:
233        1d:03:de:f5:9e:21:15:d0:6c:df:f8:13:ea:54:09:d9:4a:bb:
234        28:3c:bc:a1:82:b4:86:c6:05:42:73:ce:7d:4e:a1:15:b5:20:
235        bc:d8:d7:45:71:cc:f0:7e:77:c9:41:b9:2d:dd:43:a8:54:a5:
236        02:d5:eb:6d:af:9b:40:bd:74:28:8e:76:8d:c6:b0:7d:c7:d5:
237        fe:7e:ec:7f:5a:a9:1e:81:a1:c7:bd:86:b3:fa:8d:09:c7:3e:
238        6c:a9:fd:45:8e:c4:2b:ff:3e:9d:49:0b:aa:9e:a7:9e:1c:e0:
239        d2:4c:56:db:4c:f9:9b:93:09:0e:51:57:11:20:7d:6a:fb:c3:
240        57:b9:35:23:3c:4f:39:38:e1:d2:e6:39:d9:2b:9c:1a:1b:42:
241        c7:11:a3:cc:b8:19:5e:fb:93:e8:27:38:95:fb:d3:00:ee:19:
242        30:5a:5e:38:0f:42:fe:58:2b:f9:e2:3e:66:2f:5b:54:5c:23:
243        29:83:09:d2:62:7d:96:a1:16:b9:6c:c7:54:66:77:5b:18:2a:
244        dd:af:fb:fa:01:16:fc:7d:4c:16:77:e2:60:2c:7b:4f:c3:db:
245        72:a1:e0:cf:6e:31:28:1e:9a:15:7f:a8:25:2b:a6:b0:e3:0c:
246        7a:8a:91:ca
247-----BEGIN CERTIFICATE-----
248MIIDeDCCAmCgAwIBAgIUcGke8tJQUnUN9y+mN08cjmi6BRMwDQYJKoZIhvcNAQEL
249BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
250MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
251AoIBAQDCTWeVX1zbWlUqyAnP7ckcTDj0U2Uk7PAVjfvFG0L+sVkdFmt9WWJyYpy1
252CMnH+NMCKQzBnf8d9+PzvTMIBawqUkZI+UGnmgBZeGgXahdZC7LnOt6nLbQZdlKF
253IgzVFRB8oyXKde21dJag9I0MF0KORMKaU+5YSvMP7MEg2febBxO1WaeNkV5RqBJ+
2542+mt7NrnUrUrhXzdd49vahIkt/XXdH2Y6SEcIbrn/FLkjQWnGp+Yo3ZspTpaoWuu
255vrwlpevBrXlc0QPKyabTFI307ShqFpr3SDKb0pPFRPMjsEv/saoG07pO5OM9KeLU
256OQVJuh9N8XrG35VFvQc0whMUbGwjAgMBAAGjgcswgcgwHQYDVR0OBBYEFMkbCidD
257xe/lcryUhdfl+JnhUCSNMB8GA1UdIwQYMBaAFMkbCidDxe/lcryUhdfl+JnhUCSN
258MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
259L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
260b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
2619w0BAQsFAAOCAQEAfqrYjdRBUc8xMvsdAoVlY8oVHQPe9Z4hFdBs3/gT6lQJ2Uq7
262KDy8oYK0hsYFQnPOfU6hFbUgvNjXRXHM8H53yUG5Ld1DqFSlAtXrba+bQL10KI52
263jcawfcfV/n7sf1qpHoGhx72Gs/qNCcc+bKn9RY7EK/8+nUkLqp6nnhzg0kxW20z5
264m5MJDlFXESB9avvDV7k1IzxPOTjh0uY52SucGhtCxxGjzLgZXvuT6Cc4lfvTAO4Z
265MFpeOA9C/lgr+eI+Zi9bVFwjKYMJ0mJ9lqEWuWzHVGZ3Wxgq3a/7+gEW/H1MFnfi
266YCx7T8PbcqHgz24xKB6aFX+oJSumsOMMeoqRyg==
267-----END CERTIFICATE-----
268