1Has a critical extension in the ResponseData
2
3$ openssl ocsp -resp_text -respin <([OCSP RESPONSE])
4OCSP Response Data:
5    OCSP Response Status: successful (0x0)
6    Response Type: Basic OCSP Response
7    Version: 1 (0x0)
8    Responder Id: CN = Test Intermediate CA
9    Produced At: Mar  2 00:00:00 2017 GMT
10    Responses:
11    Certificate ID:
12      Hash Algorithm: sha1
13      Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A
14      Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66
15      Serial Number: 04
16    Cert Status: good
17    This Update: Mar  1 00:00:00 2017 GMT
18
19    Response Extensions:
20        1.2.3.4: critical
21            DEADBEEF
22    Signature Algorithm: sha1WithRSAEncryption
23         83:54:d0:3f:1a:22:0b:1c:2f:7c:bc:11:ec:74:f9:8f:a4:48:
24         cf:6a:18:95:3c:3f:ba:88:ac:31:cc:fd:e4:b2:0d:6a:d5:ad:
25         97:9f:03:0e:e0:3d:08:4e:4b:ff:77:9d:1d:06:ae:bc:90:09:
26         28:71:78:47:a3:63:e1:75:d3:a6:92:43:8d:60:cf:cc:cf:0b:
27         5f:fe:b1:91:96:1f:81:5a:50:77:b0:c7:e3:be:98:9e:6c:64:
28         44:9d:67:82:d9:87:d8:f6:93:0b:4d:8f:44:d2:51:2d:d1:61:
29         d7:ec:5c:46:ad:9c:6d:f1:c8:61:91:83:2b:d0:83:e8:9c:22:
30         df:e1
31-----BEGIN OCSP RESPONSE-----
32MIIBTwoBAKCCAUgwggFEBgkrBgEFBQcwAQEEggE1MIIBMTCBnaEhMB8xHTAbBgNVBAMMFFRlc3Q
33gSW50ZXJtZWRpYXRlIENBGA8yMDE3MDMwMjAwMDAwMFowTzBNMDgwBwYFKw4DAhoEFESbHFsxxu
34mZCWZSPknD93PAJBkKBBR/dlkQZTu1cEEkxB6Urvz5QEMaZgIBBIAAGA8yMDE3MDMwMTAwMDAwM
35FqhFjAUMBIGAyoDBAEB/wQIREVBREJFRUYwCwYJKoZIhvcNAQEFA4GBAINU0D8aIgscL3y8Eex0
36+Y+kSM9qGJU8P7qIrDHM/eSyDWrVrZefAw7gPQhOS/93nR0GrryQCShxeEejY+F106aSQ41gz8z
37PC1/+sZGWH4FaUHewx+O+mJ5sZESdZ4LZh9j2kwtNj0TSUS3RYdfsXEatnG3xyGGRgyvQg+icIt
38/h
39-----END OCSP RESPONSE-----
40
41$ openssl x509 -text < [CA CERTIFICATE]
42Certificate:
43    Data:
44        Version: 3 (0x2)
45        Serial Number: 1 (0x1)
46        Signature Algorithm: sha1WithRSAEncryption
47        Issuer: CN = Test CA
48        Validity
49            Not Before: Jan  1 00:00:00 2017 GMT
50            Not After : Jan  1 00:00:00 2018 GMT
51        Subject: CN = Test Intermediate CA
52        Subject Public Key Info:
53            Public Key Algorithm: rsaEncryption
54                RSA Public-Key: (1024 bit)
55                Modulus:
56                    00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22:
57                    61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe:
58                    81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98:
59                    90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80:
60                    c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b:
61                    a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97:
62                    ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10:
63                    e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08:
64                    34:7c:d0:c6:99:6f:79:98:f9
65                Exponent: 65537 (0x10001)
66    Signature Algorithm: sha1WithRSAEncryption
67         7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f:
68         1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27:
69         21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1:
70         2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6:
71         fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92:
72         22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af:
73         8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f:
74         30:01
75-----BEGIN CA CERTIFICATE-----
76MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI
77wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW
78RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO
79x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+
808fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA
81BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy
82EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM
83R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB
84-----END CA CERTIFICATE-----
85
86$ openssl x509 -text < [CERTIFICATE]
87Certificate:
88    Data:
89        Version: 3 (0x2)
90        Serial Number: 4 (0x4)
91        Signature Algorithm: sha1WithRSAEncryption
92        Issuer: CN = Test Intermediate CA
93        Validity
94            Not Before: Jan  1 00:00:00 2017 GMT
95            Not After : Jan  1 00:00:00 2018 GMT
96        Subject: CN = Test Cert
97        Subject Public Key Info:
98            Public Key Algorithm: rsaEncryption
99                RSA Public-Key: (1024 bit)
100                Modulus:
101                    00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48:
102                    0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4:
103                    24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae:
104                    f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63:
105                    a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23:
106                    ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27:
107                    37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48:
108                    56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67:
109                    95:c1:35:46:9e:db:9b:ce:9b
110                Exponent: 65537 (0x10001)
111    Signature Algorithm: sha1WithRSAEncryption
112         8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5:
113         ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3:
114         5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27:
115         a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17:
116         26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7:
117         2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66:
118         82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90:
119         0a:53
120-----BEGIN CERTIFICATE-----
121MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV
122kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA
123lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu
124sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j
1257l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM
126BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2
127yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL
128odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM=
129-----END CERTIFICATE-----
130
131$ openssl asn1parse -i < [OCSP REQUEST]
132    0:d=0  hl=2 l=  66 cons: SEQUENCE
133    2:d=1  hl=2 l=  64 cons:  SEQUENCE
134    4:d=2  hl=2 l=  62 cons:   SEQUENCE
135    6:d=3  hl=2 l=  60 cons:    SEQUENCE
136    8:d=4  hl=2 l=  58 cons:     SEQUENCE
137   10:d=5  hl=2 l=   9 cons:      SEQUENCE
138   12:d=6  hl=2 l=   5 prim:       OBJECT            :sha1
139   19:d=6  hl=2 l=   0 prim:       NULL
140   21:d=5  hl=2 l=  20 prim:      OCTET STRING      [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A
141   43:d=5  hl=2 l=  20 prim:      OCTET STRING      [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66
142   65:d=5  hl=2 l=   1 prim:      INTEGER           :04
143-----BEGIN OCSP REQUEST-----
144MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ
145elK78+UBDGmYCAQQ=
146-----END OCSP REQUEST-----
147