1Signed indirectly through an intermediate 2 3$ openssl ocsp -resp_text -respin <([OCSP RESPONSE]) 4OCSP Response Data: 5 OCSP Response Status: successful (0x0) 6 Response Type: Basic OCSP Response 7 Version: 1 (0x0) 8 Responder Id: CN = Test OCSP Signer 9 Produced At: Mar 2 00:00:00 2017 GMT 10 Responses: 11 Certificate ID: 12 Hash Algorithm: sha1 13 Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A 14 Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66 15 Serial Number: 04 16 Cert Status: good 17 This Update: Mar 1 00:00:00 2017 GMT 18 19 Signature Algorithm: sha1WithRSAEncryption 20 7d:ed:91:a9:c8:03:55:eb:cf:5b:b4:99:f9:74:49:39:6f:f5: 21 8c:7c:f9:9c:26:2e:c3:26:22:b1:d7:aa:10:6f:1f:e0:77:76: 22 8a:19:dd:59:fc:09:81:36:aa:2a:42:96:2a:a8:0a:ee:b4:74: 23 cc:65:74:10:7d:ef:a5:69:ed:31:c1:c1:f2:2f:a1:1b:eb:12: 24 f2:86:0d:07:4f:0a:8e:9a:9f:8d:e8:40:61:98:49:b7:ce:56: 25 8a:f1:4d:94:4d:5e:52:22:7f:c5:d0:94:be:88:5b:ed:65:da: 26 00:9f:ba:ec:ba:ad:c4:81:19:16:ee:8f:93:32:88:a1:56:40: 27 7b:14 28Certificate: 29 Data: 30 Version: 3 (0x2) 31 Serial Number: 2 (0x2) 32 Signature Algorithm: sha1WithRSAEncryption 33 Issuer: CN=Test Intermediate CA 34 Validity 35 Not Before: Jan 1 00:00:00 2017 GMT 36 Not After : Jan 1 00:00:00 2018 GMT 37 Subject: CN=Test OCSP Signer 38 Subject Public Key Info: 39 Public Key Algorithm: rsaEncryption 40 RSA Public-Key: (1024 bit) 41 Modulus: 42 00:ae:c4:41:84:d9:d0:fd:63:70:db:d6:95:08:b6: 43 9c:99:5c:34:87:6b:c9:36:d0:21:14:27:60:0d:84: 44 66:8a:fc:9e:60:19:53:c2:db:39:82:d2:f8:ae:d9: 45 d5:9d:46:7a:e8:cd:c2:93:69:34:11:9b:59:c5:5b: 46 8b:8c:ba:48:21:99:9d:1e:3f:d3:f9:54:7a:c7:4b: 47 fb:31:2e:ca:75:8c:4f:7a:af:3b:cd:fd:cf:d4:92: 48 65:b6:06:80:58:c9:29:55:75:23:aa:ad:5b:ce:54: 49 3c:99:95:88:f2:47:f9:ec:14:dc:8c:58:04:df:1d: 50 d7:ef:13:3d:7a:66:f9:bc:e7 51 Exponent: 65537 (0x10001) 52 X509v3 extensions: 53 X509v3 Extended Key Usage: 54 OCSP Signing 55 Signature Algorithm: sha1WithRSAEncryption 56 10:11:34:a4:b3:90:09:21:00:b4:ee:30:16:06:6d:11:f6:f3: 57 f2:42:77:fe:d7:7a:95:4d:77:b4:b5:75:c0:6f:5a:9d:98:83: 58 34:f0:5b:66:8a:54:93:b8:3b:e8:35:bd:15:5f:6c:79:92:0d: 59 80:da:92:db:a5:c2:80:d9:04:b6:47:2b:fc:73:b3:a8:24:02: 60 20:aa:65:e0:d7:6e:6c:7c:a0:52:25:8c:5f:90:25:7f:5f:23: 61 19:14:a5:0a:ba:05:6a:c3:1b:ff:53:1e:ae:8f:64:12:cf:95: 62 c9:7b:f4:d8:33:ef:98:2e:69:79:be:9d:18:58:57:73:f1:f3: 63 c7:62 64~~~~~BEGIN CERTIFICATE~~~~~ 65MIIByzCCATSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0 66IEludGVybWVkaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAw 67MDAwWjAbMRkwFwYDVQQDDBBUZXN0IE9DU1AgU2lnbmVyMIGfMA0GCSqGSIb3DQEB 68AQUAA4GNADCBiQKBgQCuxEGE2dD9Y3Db1pUItpyZXDSHa8k20CEUJ2ANhGaK/J5g 69GVPC2zmC0viu2dWdRnrozcKTaTQRm1nFW4uMukghmZ0eP9P5VHrHS/sxLsp1jE96 70rzvN/c/UkmW2BoBYySlVdSOqrVvOVDyZlYjyR/nsFNyMWATfHdfvEz16Zvm85wID 71AQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOBgQAQ 72ETSks5AJIQC07jAWBm0R9vPyQnf+13qVTXe0tXXAb1qdmIM08FtmilSTuDvoNb0V 73X2x5kg2A2pLbpcKA2QS2Ryv8c7OoJAIgqmXg125sfKBSJYxfkCV/XyMZFKUKugVq 74wxv/Ux6uj2QSz5XJe/TYM++YLml5vp0YWFdz8fPHYg== 75~~~~~END CERTIFICATE~~~~~ 76-----BEGIN OCSP RESPONSE----- 77MIIDCgoBAKCCAwMwggL/BgkrBgEFBQcwAQEEggLwMIIC7DCBgaEdMBsxGTAXBgNVBAMMEFRlc3Q 78gT0NTUCBTaWduZXIYDzIwMTcwMzAyMDAwMDAwWjBPME0wODAHBgUrDgMCGgQURJscWzHG6ZkJZl 79I+ScP3c8AkGQoEFH92WRBlO7VwQSTEHpSu/PlAQxpmAgEEgAAYDzIwMTcwMzAxMDAwMDAwWjALB 80gkqhkiG9w0BAQUDgYEAfe2RqcgDVevPW7SZ+XRJOW/1jHz5nCYuwyYisdeqEG8f4Hd2ihndWfwJ 81gTaqKkKWKqgK7rR0zGV0EH3vpWntMcHB8i+hG+sS8oYNB08KjpqfjehAYZhJt85WivFNlE1eUiJ 82/xdCUvohb7WXaAJ+67LqtxIEZFu6PkzKIoVZAexSgggHTMIIBzzCCAcswggE0oAMCAQICAQIwDQ 83YJKoZIhvcNAQEFBQAwHzEdMBsGA1UEAwwUVGVzdCBJbnRlcm1lZGlhdGUgQ0EwIhgPMjAxNzAxM 84DEwMDAwMDBaGA8yMDE4MDEwMTAwMDAwMFowGzEZMBcGA1UEAwwQVGVzdCBPQ1NQIFNpZ25lcjCB 85nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsRBhNnQ/WNw29aVCLacmVw0h2vJNtAhFCdgDYR 86mivyeYBlTwts5gtL4rtnVnUZ66M3Ck2k0EZtZxVuLjLpIIZmdHj/T+VR6x0v7MS7KdYxPeq87zf 873P1JJltgaAWMkpVXUjqq1bzlQ8mZWI8kf57BTcjFgE3x3X7xM9emb5vOcCAwEAAaMXMBUwEwYDV 88R0lBAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADgYEAEBE0pLOQCSEAtO4wFgZtEfbz8kJ3 89/td6lU13tLV1wG9anZiDNPBbZopUk7g76DW9FV9seZINgNqS26XCgNkEtkcr/HOzqCQCIKpl4Nd 90ubHygUiWMX5Alf18jGRSlCroFasMb/1Mero9kEs+VyXv02DPvmC5peb6dGFhXc/Hzx2I= 91-----END OCSP RESPONSE----- 92 93$ openssl x509 -text < [CA CERTIFICATE] 94Certificate: 95 Data: 96 Version: 3 (0x2) 97 Serial Number: 1 (0x1) 98 Signature Algorithm: sha1WithRSAEncryption 99 Issuer: CN = Test CA 100 Validity 101 Not Before: Jan 1 00:00:00 2017 GMT 102 Not After : Jan 1 00:00:00 2018 GMT 103 Subject: CN = Test Intermediate CA 104 Subject Public Key Info: 105 Public Key Algorithm: rsaEncryption 106 RSA Public-Key: (1024 bit) 107 Modulus: 108 00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22: 109 61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe: 110 81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98: 111 90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80: 112 c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b: 113 a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97: 114 ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10: 115 e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08: 116 34:7c:d0:c6:99:6f:79:98:f9 117 Exponent: 65537 (0x10001) 118 Signature Algorithm: sha1WithRSAEncryption 119 7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f: 120 1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27: 121 21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1: 122 2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6: 123 fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92: 124 22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af: 125 8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f: 126 30:01 127-----BEGIN CA CERTIFICATE----- 128MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI 129wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW 130RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO 131x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+ 1328fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA 133BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy 134EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM 135R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB 136-----END CA CERTIFICATE----- 137 138$ openssl x509 -text < [CERTIFICATE] 139Certificate: 140 Data: 141 Version: 3 (0x2) 142 Serial Number: 4 (0x4) 143 Signature Algorithm: sha1WithRSAEncryption 144 Issuer: CN = Test Intermediate CA 145 Validity 146 Not Before: Jan 1 00:00:00 2017 GMT 147 Not After : Jan 1 00:00:00 2018 GMT 148 Subject: CN = Test Cert 149 Subject Public Key Info: 150 Public Key Algorithm: rsaEncryption 151 RSA Public-Key: (1024 bit) 152 Modulus: 153 00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48: 154 0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4: 155 24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae: 156 f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63: 157 a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23: 158 ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27: 159 37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48: 160 56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67: 161 95:c1:35:46:9e:db:9b:ce:9b 162 Exponent: 65537 (0x10001) 163 Signature Algorithm: sha1WithRSAEncryption 164 8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5: 165 ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3: 166 5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27: 167 a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17: 168 26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7: 169 2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66: 170 82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90: 171 0a:53 172-----BEGIN CERTIFICATE----- 173MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV 174kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA 175lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu 176sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j 1777l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM 178BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2 179yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL 180odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM= 181-----END CERTIFICATE----- 182 183$ openssl asn1parse -i < [OCSP REQUEST] 184 0:d=0 hl=2 l= 66 cons: SEQUENCE 185 2:d=1 hl=2 l= 64 cons: SEQUENCE 186 4:d=2 hl=2 l= 62 cons: SEQUENCE 187 6:d=3 hl=2 l= 60 cons: SEQUENCE 188 8:d=4 hl=2 l= 58 cons: SEQUENCE 189 10:d=5 hl=2 l= 9 cons: SEQUENCE 190 12:d=6 hl=2 l= 5 prim: OBJECT :sha1 191 19:d=6 hl=2 l= 0 prim: NULL 192 21:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A 193 43:d=5 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66 194 65:d=5 hl=2 l= 1 prim: INTEGER :04 195-----BEGIN OCSP REQUEST----- 196MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ 197elK78+UBDGmYCAQQ= 198-----END OCSP REQUEST----- 199