1[Created by: generate-chains.py]
2
3Certificate chain where the intermediate has a policies extension marked as
4critical, and contains an unknown policy qualifer (1.2.3.4).
5
6Certificate:
7    Data:
8        Version: 3 (0x2)
9        Serial Number:
10            11:0a:fc:bd:a1:b1:c5:a4:95:da:e7:62:79:b3:82:f3:22:28:98:e5
11        Signature Algorithm: sha256WithRSAEncryption
12        Issuer: CN=Intermediate
13        Validity
14            Not Before: Oct  5 12:00:00 2021 GMT
15            Not After : Oct  5 12:00:00 2022 GMT
16        Subject: CN=Target
17        Subject Public Key Info:
18            Public Key Algorithm: rsaEncryption
19                RSA Public-Key: (2048 bit)
20                Modulus:
21                    00:c1:03:58:01:b1:2f:7b:fb:b2:71:dc:49:d0:cb:
22                    06:76:30:64:f7:61:bf:da:55:93:73:29:49:0f:cb:
23                    0a:33:bd:41:0b:28:03:45:35:72:a9:b4:4b:a7:ec:
24                    52:77:3a:8c:ba:cb:87:56:28:3b:39:8d:47:7b:70:
25                    7f:5a:8f:76:8c:7e:13:e8:61:17:19:1d:72:e3:6e:
26                    69:20:bc:83:f7:5b:11:85:6e:1a:b8:fb:7b:f8:fe:
27                    2b:e2:d2:bd:1a:0a:65:62:b0:84:a7:0a:ac:75:ea:
28                    e6:74:c4:1d:2c:e8:04:62:76:4b:4d:04:b6:52:2f:
29                    a6:ba:66:bb:fe:45:d6:6a:21:05:16:e5:f3:25:ae:
30                    94:fd:17:84:80:2f:ac:62:d9:83:e3:17:b0:03:1c:
31                    01:02:8b:47:7f:65:2e:f9:40:cf:ad:92:33:07:8a:
32                    14:44:5e:c2:ed:68:48:a4:d1:f0:7b:f9:67:91:28:
33                    d9:9f:2c:f0:5e:12:92:52:92:97:27:7b:12:dd:c5:
34                    d5:7f:32:8c:9b:26:05:eb:47:e1:26:99:ea:6a:a9:
35                    25:93:64:31:e5:6c:f4:cf:02:27:29:b3:9f:17:94:
36                    0d:38:9c:54:f1:80:ef:b9:b0:4b:6a:12:eb:ca:53:
37                    91:2a:95:ee:16:bf:12:9f:8a:32:a7:8a:81:dd:4c:
38                    02:91
39                Exponent: 65537 (0x10001)
40        X509v3 extensions:
41            X509v3 Subject Key Identifier:
42                EF:56:67:1C:5E:24:60:78:3E:F2:35:40:2E:1A:58:65:4D:B3:4E:BE
43            X509v3 Authority Key Identifier:
44                keyid:47:8C:F1:C9:1E:F8:EC:25:A8:31:F3:1C:CE:BC:C5:70:9F:11:87:63
45
46            Authority Information Access:
47                CA Issuers - URI:http://url-for-aia/Intermediate.cer
48
49            X509v3 CRL Distribution Points:
50
51                Full Name:
52                  URI:http://url-for-crl/Intermediate.crl
53
54            X509v3 Key Usage: critical
55                Digital Signature, Key Encipherment
56            X509v3 Extended Key Usage:
57                TLS Web Server Authentication, TLS Web Client Authentication
58    Signature Algorithm: sha256WithRSAEncryption
59         07:fb:42:4a:92:11:ca:8f:d6:40:8b:92:3a:09:71:d7:28:a4:
60         a3:9b:6b:de:b0:c1:e5:17:17:66:bf:97:db:a8:5e:fd:af:4a:
61         61:11:01:26:22:7b:dd:f7:e9:15:a4:68:91:c0:f8:34:e9:4a:
62         56:e2:d1:94:e2:a1:37:ae:76:f8:e2:88:f8:13:2b:aa:58:aa:
63         cd:b9:d5:a8:1d:b8:04:ef:70:9e:36:c4:ee:1c:94:cd:f6:f0:
64         4f:6a:db:89:59:7e:8f:69:41:92:47:41:7f:f5:5d:1e:a7:d9:
65         76:d1:7c:e1:51:5d:af:53:ae:34:e6:36:47:e3:44:11:ac:12:
66         23:1f:48:d2:87:68:91:9b:4d:3a:d7:f4:c2:b1:1d:aa:ba:17:
67         af:4f:a0:ad:4a:c8:7d:04:96:3c:82:7c:b7:86:63:90:d2:d1:
68         d7:fe:02:7f:11:a3:f1:d2:84:30:8a:d1:ed:ce:3c:51:ff:49:
69         ce:64:96:c1:77:0f:3b:f1:e5:82:bb:5c:57:2c:93:60:e7:b4:
70         ee:8a:d1:44:75:ac:b6:1b:c2:c6:59:40:76:e8:36:ea:18:54:
71         2c:91:63:5b:0d:2e:ff:4a:13:1d:55:8d:f3:02:6e:f4:e8:f4:
72         a4:27:6a:88:2e:27:9a:f2:2b:4f:7c:49:3b:f2:fd:b8:53:18:
73         ea:17:41:d0
74-----BEGIN CERTIFICATE-----
75MIIDoDCCAoigAwIBAgIUEQr8vaGxxaSV2udiebOC8yIomOUwDQYJKoZIhvcNAQEL
76BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy
77MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
78AAOCAQ8AMIIBCgKCAQEAwQNYAbEve/uycdxJ0MsGdjBk92G/2lWTcylJD8sKM71B
79CygDRTVyqbRLp+xSdzqMusuHVig7OY1He3B/Wo92jH4T6GEXGR1y425pILyD91sR
80hW4auPt7+P4r4tK9GgplYrCEpwqsdermdMQdLOgEYnZLTQS2Ui+muma7/kXWaiEF
81FuXzJa6U/ReEgC+sYtmD4xewAxwBAotHf2Uu+UDPrZIzB4oURF7C7WhIpNHwe/ln
82kSjZnyzwXhKSUpKXJ3sS3cXVfzKMmyYF60fhJpnqaqklk2Qx5Wz0zwInKbOfF5QN
83OJxU8YDvubBLahLrylORKpXuFr8Sn4oyp4qB3UwCkQIDAQABo4HpMIHmMB0GA1Ud
84DgQWBBTvVmccXiRgeD7yNUAuGlhlTbNOvjAfBgNVHSMEGDAWgBRHjPHJHvjsJagx
858xzOvMVwnxGHYzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
86cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
87dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
88oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD
89ggEBAAf7QkqSEcqP1kCLkjoJcdcopKOba96wweUXF2a/l9uoXv2vSmERASYie933
906RWkaJHA+DTpSlbi0ZTioTeudvjiiPgTK6pYqs251agduATvcJ42xO4clM328E9q
9124lZfo9pQZJHQX/1XR6n2XbRfOFRXa9TrjTmNkfjRBGsEiMfSNKHaJGbTTrX9MKx
92Haq6F69PoK1KyH0EljyCfLeGY5DS0df+An8Ro/HShDCK0e3OPFH/Sc5klsF3Dzvx
935YK7XFcsk2DntO6K0UR1rLYbwsZZQHboNuoYVCyRY1sNLv9KEx1VjfMCbvTo9KQn
94aoguJ5ryK098STvy/bhTGOoXQdA=
95-----END CERTIFICATE-----
96
97Certificate:
98    Data:
99        Version: 3 (0x2)
100        Serial Number:
101            22:d5:d3:ab:e1:db:b6:4e:c6:30:5b:f4:c2:c2:ff:37:2e:43:2d:1a
102        Signature Algorithm: sha256WithRSAEncryption
103        Issuer: CN=Root
104        Validity
105            Not Before: Oct  5 12:00:00 2021 GMT
106            Not After : Oct  5 12:00:00 2022 GMT
107        Subject: CN=Intermediate
108        Subject Public Key Info:
109            Public Key Algorithm: rsaEncryption
110                RSA Public-Key: (2048 bit)
111                Modulus:
112                    00:ba:0f:08:80:56:6b:27:51:76:78:18:c5:92:b1:
113                    b4:d1:7a:4f:8f:57:6a:6a:96:70:e3:ca:4a:68:9d:
114                    0b:5d:2e:fd:34:1b:2a:d7:f2:a0:e0:3d:98:f8:2c:
115                    88:d1:7e:25:5d:80:80:30:f0:1c:65:a5:e4:60:ed:
116                    7a:31:df:97:20:c3:0c:4e:d0:2a:d8:93:54:d2:21:
117                    fe:9f:85:7d:fe:9d:45:fc:66:14:10:a5:6a:38:e7:
118                    e0:1e:71:fa:fe:9a:c0:79:73:98:87:80:17:a8:e3:
119                    c8:84:cb:9a:a8:db:d2:59:d5:26:40:cc:8b:29:03:
120                    8a:75:3d:05:01:ed:bf:05:57:27:94:e2:a3:7e:2e:
121                    06:95:8b:a2:99:8d:69:d3:3a:86:35:2b:23:19:cd:
122                    53:92:55:fe:7e:75:43:08:4c:05:51:db:1a:14:5d:
123                    6c:bb:4f:de:ef:7f:24:53:b1:e6:fc:90:a0:8a:39:
124                    22:f1:1d:1f:4a:3b:5b:c0:df:ca:a9:57:f2:c8:16:
125                    f5:e0:f4:fa:79:77:9b:93:0d:b8:5a:9d:9b:48:98:
126                    69:75:11:0f:2d:b9:8e:cd:34:4c:06:62:f8:a2:de:
127                    07:d8:7e:a0:5a:88:b0:d1:72:0b:49:67:42:5c:08:
128                    3b:bc:10:60:01:c2:15:ab:f8:31:8f:5d:bb:a2:e6:
129                    da:fb
130                Exponent: 65537 (0x10001)
131        X509v3 extensions:
132            X509v3 Subject Key Identifier:
133                47:8C:F1:C9:1E:F8:EC:25:A8:31:F3:1C:CE:BC:C5:70:9F:11:87:63
134            X509v3 Authority Key Identifier:
135                keyid:BD:1A:91:15:D9:48:10:F5:7E:D3:B8:CE:06:D8:29:10:AE:43:CE:42
136
137            Authority Information Access:
138                CA Issuers - URI:http://url-for-aia/Root.cer
139
140            X509v3 CRL Distribution Points:
141
142                Full Name:
143                  URI:http://url-for-crl/Root.crl
144
145            X509v3 Key Usage: critical
146                Certificate Sign, CRL Sign
147            X509v3 Basic Constraints: critical
148                CA:TRUE
149            X509v3 Certificate Policies: critical
150                Policy: 1.2.3
151                    Unknown Qualifier: 1.2.3.4
152
153    Signature Algorithm: sha256WithRSAEncryption
154         49:0a:83:40:26:72:8f:2b:d7:44:4b:1e:62:27:3b:58:b3:8d:
155         5d:ff:52:5b:1a:14:a5:e1:4b:79:98:ae:13:4a:0d:fd:ee:d1:
156         8c:10:26:8b:a4:71:31:9d:c6:a5:16:10:c4:d4:ae:22:87:da:
157         27:da:2e:ae:e0:9c:83:1e:c0:10:ac:7d:63:df:17:a7:be:27:
158         f1:e7:6f:6f:0a:53:25:7b:88:78:fe:2b:e9:b7:95:6d:f3:37:
159         10:23:df:31:39:c9:cf:23:3f:76:1f:37:0f:21:27:8d:7e:19:
160         84:89:14:c7:ac:06:97:c3:69:15:09:24:c3:b2:f7:b6:1c:0c:
161         ae:c0:c3:62:31:32:ca:f4:8d:4d:5a:3d:5c:7c:9f:af:1b:82:
162         6c:ca:a9:65:9b:5e:3b:15:93:30:28:83:6e:11:fe:fd:23:96:
163         20:d6:cc:df:f0:cf:a8:57:8f:52:6f:77:d2:ed:bc:64:65:54:
164         db:c1:aa:e0:43:0f:0f:07:4d:1f:7f:bd:a0:fc:0e:ea:8c:95:
165         e9:18:cc:b3:c8:25:a1:98:30:22:39:73:96:23:be:27:38:f8:
166         27:7a:4d:82:d1:a3:92:ed:bd:50:6c:54:eb:55:76:f8:11:b1:
167         e1:02:c1:d8:a9:8c:ae:54:f6:00:8e:19:59:9f:88:c7:bc:30:
168         45:58:b6:19
169-----BEGIN CERTIFICATE-----
170MIIDoTCCAomgAwIBAgIUItXTq+Hbtk7GMFv0wsL/Ny5DLRowDQYJKoZIhvcNAQEL
171BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
172MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
173ggEPADCCAQoCggEBALoPCIBWaydRdngYxZKxtNF6T49XamqWcOPKSmidC10u/TQb
174KtfyoOA9mPgsiNF+JV2AgDDwHGWl5GDtejHflyDDDE7QKtiTVNIh/p+Fff6dRfxm
175FBClajjn4B5x+v6awHlzmIeAF6jjyITLmqjb0lnVJkDMiykDinU9BQHtvwVXJ5Ti
176o34uBpWLopmNadM6hjUrIxnNU5JV/n51QwhMBVHbGhRdbLtP3u9/JFOx5vyQoIo5
177IvEdH0o7W8DfyqlX8sgW9eD0+nl3m5MNuFqdm0iYaXURDy25js00TAZi+KLeB9h+
178oFqIsNFyC0lnQlwIO7wQYAHCFav4MY9du6Lm2vsCAwEAAaOB7DCB6TAdBgNVHQ4E
179FgQUR4zxyR747CWoMfMczrzFcJ8Rh2MwHwYDVR0jBBgwFoAUvRqRFdlIEPV+07jO
180BtgpEK5DzkIwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
181LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
182b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
183MB8GA1UdIAEB/wQVMBMwEQYCKgMwCzAJBgMqAwQMAmhpMA0GCSqGSIb3DQEBCwUA
184A4IBAQBJCoNAJnKPK9dESx5iJztYs41d/1JbGhSl4Ut5mK4TSg397tGMECaLpHEx
185ncalFhDE1K4ih9on2i6u4JyDHsAQrH1j3xenvifx529vClMle4h4/ivpt5Vt8zcQ
186I98xOcnPIz92HzcPISeNfhmEiRTHrAaXw2kVCSTDsve2HAyuwMNiMTLK9I1NWj1c
187fJ+vG4Jsyqllm147FZMwKINuEf79I5Yg1szf8M+oV49Sb3fS7bxkZVTbwargQw8P
188B00ff72g/A7qjJXpGMyzyCWhmDAiOXOWI74nOPgnek2C0aOS7b1QbFTrVXb4EbHh
189AsHYqYyuVPYAjhlZn4jHvDBFWLYZ
190-----END CERTIFICATE-----
191
192Certificate:
193    Data:
194        Version: 3 (0x2)
195        Serial Number:
196            22:d5:d3:ab:e1:db:b6:4e:c6:30:5b:f4:c2:c2:ff:37:2e:43:2d:19
197        Signature Algorithm: sha256WithRSAEncryption
198        Issuer: CN=Root
199        Validity
200            Not Before: Oct  5 12:00:00 2021 GMT
201            Not After : Oct  5 12:00:00 2022 GMT
202        Subject: CN=Root
203        Subject Public Key Info:
204            Public Key Algorithm: rsaEncryption
205                RSA Public-Key: (2048 bit)
206                Modulus:
207                    00:ba:3d:c2:46:f3:d5:1b:65:5e:43:a3:bc:db:43:
208                    94:e9:9c:20:e1:ea:84:98:c6:65:51:6d:1c:1d:5f:
209                    8d:f9:81:47:1a:06:18:d9:7c:57:8f:6c:55:5c:36:
210                    63:c2:c6:db:be:47:61:5c:35:46:30:ec:e1:e5:0e:
211                    10:4f:9d:d4:62:58:56:83:00:3a:63:f0:cb:b2:50:
212                    e5:50:52:27:60:41:3e:db:07:61:92:db:d6:60:c2:
213                    66:f8:89:b6:aa:99:cb:5e:9d:74:db:cc:bc:3e:7d:
214                    0b:13:87:29:b8:fa:32:11:e9:fc:9a:e9:77:0d:7c:
215                    03:15:f7:7c:85:6c:f0:2c:2b:b0:32:5b:d9:6f:f8:
216                    f0:82:71:9e:f4:63:5c:6d:98:c9:ea:12:ad:d3:66:
217                    22:da:67:26:3c:ae:b3:23:0e:68:91:b7:28:65:81:
218                    b8:2c:04:34:92:bb:a0:00:39:51:06:53:14:c7:e9:
219                    ae:31:ef:5a:d7:21:28:44:9f:ca:53:cf:ac:4f:60:
220                    56:a9:f4:92:20:ee:c0:db:46:da:83:bd:28:b4:dd:
221                    d2:73:af:93:b5:31:84:55:e8:80:a0:6f:c5:f6:0c:
222                    54:50:dc:3d:b4:26:71:f9:fd:16:3f:62:b1:96:c9:
223                    de:45:b4:28:86:8d:8e:34:ce:aa:41:7c:66:e4:04:
224                    72:bb
225                Exponent: 65537 (0x10001)
226        X509v3 extensions:
227            X509v3 Subject Key Identifier:
228                BD:1A:91:15:D9:48:10:F5:7E:D3:B8:CE:06:D8:29:10:AE:43:CE:42
229            X509v3 Authority Key Identifier:
230                keyid:BD:1A:91:15:D9:48:10:F5:7E:D3:B8:CE:06:D8:29:10:AE:43:CE:42
231
232            Authority Information Access:
233                CA Issuers - URI:http://url-for-aia/Root.cer
234
235            X509v3 CRL Distribution Points:
236
237                Full Name:
238                  URI:http://url-for-crl/Root.crl
239
240            X509v3 Key Usage: critical
241                Certificate Sign, CRL Sign
242            X509v3 Basic Constraints: critical
243                CA:TRUE
244    Signature Algorithm: sha256WithRSAEncryption
245         5b:e3:48:3a:63:d0:61:a7:99:8f:80:6a:42:fa:70:34:d6:69:
246         cb:fe:88:9f:a0:91:2d:3f:97:a1:a5:1f:e2:40:31:f3:2e:be:
247         f9:fb:6f:31:6e:6b:de:15:47:ac:c3:83:6c:d2:f9:30:dc:b6:
248         c2:26:b5:9c:c7:2b:e1:d7:bc:f5:98:54:3b:8c:c4:86:18:8f:
249         70:99:31:46:d1:c6:a9:a0:38:dc:a0:55:fa:c9:5d:83:44:a8:
250         ae:a9:4f:b2:bd:e1:89:20:60:1c:07:b6:81:c3:d8:81:c7:dc:
251         82:68:ae:43:e0:14:95:e3:c9:b4:fe:0d:fb:10:41:33:9b:bf:
252         0b:32:35:3e:fa:c4:91:72:57:66:cd:77:1d:2c:0b:6b:6f:14:
253         e6:5e:a3:a5:f0:01:6b:5e:42:18:ba:e1:32:4b:25:4b:46:c8:
254         2f:b1:4d:dc:b8:91:a1:15:b8:1b:09:5f:bc:a9:b6:ab:5e:14:
255         1e:4a:c4:f2:b0:b1:1c:4e:ad:41:ba:c0:4a:3a:15:9b:6d:ba:
256         a9:95:3f:23:27:b7:20:d4:7c:48:81:2a:39:eb:ff:3e:24:cb:
257         6d:27:3a:1e:f6:6c:59:2f:1e:50:64:aa:ee:9a:68:20:d6:8b:
258         20:17:ec:51:13:3c:86:42:52:b6:e3:1a:b6:ef:e8:11:82:e9:
259         06:49:30:1f
260-----BEGIN CERTIFICATE-----
261MIIDeDCCAmCgAwIBAgIUItXTq+Hbtk7GMFv0wsL/Ny5DLRkwDQYJKoZIhvcNAQEL
262BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
263MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
264AoIBAQC6PcJG89UbZV5Do7zbQ5TpnCDh6oSYxmVRbRwdX435gUcaBhjZfFePbFVc
265NmPCxtu+R2FcNUYw7OHlDhBPndRiWFaDADpj8MuyUOVQUidgQT7bB2GS29Zgwmb4
266ibaqmctenXTbzLw+fQsThym4+jIR6fya6XcNfAMV93yFbPAsK7AyW9lv+PCCcZ70
267Y1xtmMnqEq3TZiLaZyY8rrMjDmiRtyhlgbgsBDSSu6AAOVEGUxTH6a4x71rXIShE
268n8pTz6xPYFap9JIg7sDbRtqDvSi03dJzr5O1MYRV6ICgb8X2DFRQ3D20JnH5/RY/
269YrGWyd5FtCiGjY40zqpBfGbkBHK7AgMBAAGjgcswgcgwHQYDVR0OBBYEFL0akRXZ
270SBD1ftO4zgbYKRCuQ85CMB8GA1UdIwQYMBaAFL0akRXZSBD1ftO4zgbYKRCuQ85C
271MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
272L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
273b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
2749w0BAQsFAAOCAQEAW+NIOmPQYaeZj4BqQvpwNNZpy/6In6CRLT+XoaUf4kAx8y6+
275+ftvMW5r3hVHrMODbNL5MNy2wia1nMcr4de89ZhUO4zEhhiPcJkxRtHGqaA43KBV
276+sldg0SorqlPsr3hiSBgHAe2gcPYgcfcgmiuQ+AUlePJtP4N+xBBM5u/CzI1PvrE
277kXJXZs13HSwLa28U5l6jpfABa15CGLrhMkslS0bIL7FN3LiRoRW4GwlfvKm2q14U
278HkrE8rCxHE6tQbrASjoVm226qZU/Iye3INR8SIEqOev/PiTLbSc6HvZsWS8eUGSq
2797ppoINaLIBfsURM8hkJStuMatu/oEYLpBkkwHw==
280-----END CERTIFICATE-----
281