1Signed indirectly through an intermediate
2
3$ openssl ocsp -resp_text -respin <([OCSP RESPONSE])
4OCSP Response Data:
5    OCSP Response Status: successful (0x0)
6    Response Type: Basic OCSP Response
7    Version: 1 (0x0)
8    Responder Id: CN = Test OCSP Signer
9    Produced At: Mar  2 00:00:00 2017 GMT
10    Responses:
11    Certificate ID:
12      Hash Algorithm: sha1
13      Issuer Name Hash: 449B1C5B31C6E9990966523E49C3F773C024190A
14      Issuer Key Hash: 7F765910653BB5704124C41E94AEFCF940431A66
15      Serial Number: 04
16    Cert Status: good
17    This Update: Mar  1 00:00:00 2017 GMT
18
19    Signature Algorithm: sha1WithRSAEncryption
20         7d:ed:91:a9:c8:03:55:eb:cf:5b:b4:99:f9:74:49:39:6f:f5:
21         8c:7c:f9:9c:26:2e:c3:26:22:b1:d7:aa:10:6f:1f:e0:77:76:
22         8a:19:dd:59:fc:09:81:36:aa:2a:42:96:2a:a8:0a:ee:b4:74:
23         cc:65:74:10:7d:ef:a5:69:ed:31:c1:c1:f2:2f:a1:1b:eb:12:
24         f2:86:0d:07:4f:0a:8e:9a:9f:8d:e8:40:61:98:49:b7:ce:56:
25         8a:f1:4d:94:4d:5e:52:22:7f:c5:d0:94:be:88:5b:ed:65:da:
26         00:9f:ba:ec:ba:ad:c4:81:19:16:ee:8f:93:32:88:a1:56:40:
27         7b:14
28Certificate:
29    Data:
30        Version: 3 (0x2)
31        Serial Number: 2 (0x2)
32        Signature Algorithm: sha1WithRSAEncryption
33        Issuer: CN=Test Intermediate CA
34        Validity
35            Not Before: Jan  1 00:00:00 2017 GMT
36            Not After : Jan  1 00:00:00 2018 GMT
37        Subject: CN=Test OCSP Signer
38        Subject Public Key Info:
39            Public Key Algorithm: rsaEncryption
40                RSA Public-Key: (1024 bit)
41                Modulus:
42                    00:ae:c4:41:84:d9:d0:fd:63:70:db:d6:95:08:b6:
43                    9c:99:5c:34:87:6b:c9:36:d0:21:14:27:60:0d:84:
44                    66:8a:fc:9e:60:19:53:c2:db:39:82:d2:f8:ae:d9:
45                    d5:9d:46:7a:e8:cd:c2:93:69:34:11:9b:59:c5:5b:
46                    8b:8c:ba:48:21:99:9d:1e:3f:d3:f9:54:7a:c7:4b:
47                    fb:31:2e:ca:75:8c:4f:7a:af:3b:cd:fd:cf:d4:92:
48                    65:b6:06:80:58:c9:29:55:75:23:aa:ad:5b:ce:54:
49                    3c:99:95:88:f2:47:f9:ec:14:dc:8c:58:04:df:1d:
50                    d7:ef:13:3d:7a:66:f9:bc:e7
51                Exponent: 65537 (0x10001)
52        X509v3 extensions:
53            X509v3 Extended Key Usage:
54                OCSP Signing
55    Signature Algorithm: sha1WithRSAEncryption
56         10:11:34:a4:b3:90:09:21:00:b4:ee:30:16:06:6d:11:f6:f3:
57         f2:42:77:fe:d7:7a:95:4d:77:b4:b5:75:c0:6f:5a:9d:98:83:
58         34:f0:5b:66:8a:54:93:b8:3b:e8:35:bd:15:5f:6c:79:92:0d:
59         80:da:92:db:a5:c2:80:d9:04:b6:47:2b:fc:73:b3:a8:24:02:
60         20:aa:65:e0:d7:6e:6c:7c:a0:52:25:8c:5f:90:25:7f:5f:23:
61         19:14:a5:0a:ba:05:6a:c3:1b:ff:53:1e:ae:8f:64:12:cf:95:
62         c9:7b:f4:d8:33:ef:98:2e:69:79:be:9d:18:58:57:73:f1:f3:
63         c7:62
64~~~~~BEGIN CERTIFICATE~~~~~
65MIIByzCCATSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0
66IEludGVybWVkaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAw
67MDAwWjAbMRkwFwYDVQQDDBBUZXN0IE9DU1AgU2lnbmVyMIGfMA0GCSqGSIb3DQEB
68AQUAA4GNADCBiQKBgQCuxEGE2dD9Y3Db1pUItpyZXDSHa8k20CEUJ2ANhGaK/J5g
69GVPC2zmC0viu2dWdRnrozcKTaTQRm1nFW4uMukghmZ0eP9P5VHrHS/sxLsp1jE96
70rzvN/c/UkmW2BoBYySlVdSOqrVvOVDyZlYjyR/nsFNyMWATfHdfvEz16Zvm85wID
71AQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOBgQAQ
72ETSks5AJIQC07jAWBm0R9vPyQnf+13qVTXe0tXXAb1qdmIM08FtmilSTuDvoNb0V
73X2x5kg2A2pLbpcKA2QS2Ryv8c7OoJAIgqmXg125sfKBSJYxfkCV/XyMZFKUKugVq
74wxv/Ux6uj2QSz5XJe/TYM++YLml5vp0YWFdz8fPHYg==
75~~~~~END CERTIFICATE~~~~~
76-----BEGIN OCSP RESPONSE-----
77MIIDCgoBAKCCAwMwggL/BgkrBgEFBQcwAQEEggLwMIIC7DCBgaEdMBsxGTAXBgNVBAMMEFRlc3Q
78gT0NTUCBTaWduZXIYDzIwMTcwMzAyMDAwMDAwWjBPME0wODAHBgUrDgMCGgQURJscWzHG6ZkJZl
79I+ScP3c8AkGQoEFH92WRBlO7VwQSTEHpSu/PlAQxpmAgEEgAAYDzIwMTcwMzAxMDAwMDAwWjALB
80gkqhkiG9w0BAQUDgYEAfe2RqcgDVevPW7SZ+XRJOW/1jHz5nCYuwyYisdeqEG8f4Hd2ihndWfwJ
81gTaqKkKWKqgK7rR0zGV0EH3vpWntMcHB8i+hG+sS8oYNB08KjpqfjehAYZhJt85WivFNlE1eUiJ
82/xdCUvohb7WXaAJ+67LqtxIEZFu6PkzKIoVZAexSgggHTMIIBzzCCAcswggE0oAMCAQICAQIwDQ
83YJKoZIhvcNAQEFBQAwHzEdMBsGA1UEAwwUVGVzdCBJbnRlcm1lZGlhdGUgQ0EwIhgPMjAxNzAxM
84DEwMDAwMDBaGA8yMDE4MDEwMTAwMDAwMFowGzEZMBcGA1UEAwwQVGVzdCBPQ1NQIFNpZ25lcjCB
85nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsRBhNnQ/WNw29aVCLacmVw0h2vJNtAhFCdgDYR
86mivyeYBlTwts5gtL4rtnVnUZ66M3Ck2k0EZtZxVuLjLpIIZmdHj/T+VR6x0v7MS7KdYxPeq87zf
873P1JJltgaAWMkpVXUjqq1bzlQ8mZWI8kf57BTcjFgE3x3X7xM9emb5vOcCAwEAAaMXMBUwEwYDV
88R0lBAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADgYEAEBE0pLOQCSEAtO4wFgZtEfbz8kJ3
89/td6lU13tLV1wG9anZiDNPBbZopUk7g76DW9FV9seZINgNqS26XCgNkEtkcr/HOzqCQCIKpl4Nd
90ubHygUiWMX5Alf18jGRSlCroFasMb/1Mero9kEs+VyXv02DPvmC5peb6dGFhXc/Hzx2I=
91-----END OCSP RESPONSE-----
92
93$ openssl x509 -text < [CA CERTIFICATE]
94Certificate:
95    Data:
96        Version: 3 (0x2)
97        Serial Number: 1 (0x1)
98        Signature Algorithm: sha1WithRSAEncryption
99        Issuer: CN = Test CA
100        Validity
101            Not Before: Jan  1 00:00:00 2017 GMT
102            Not After : Jan  1 00:00:00 2018 GMT
103        Subject: CN = Test Intermediate CA
104        Subject Public Key Info:
105            Public Key Algorithm: rsaEncryption
106                RSA Public-Key: (1024 bit)
107                Modulus:
108                    00:c5:fb:81:a7:1b:6a:61:38:1c:6a:de:dd:db:22:
109                    61:64:7a:22:a3:3b:1d:e5:92:54:17:ad:39:2e:fe:
110                    81:ff:46:0a:70:d6:84:a5:d5:bd:05:d3:f2:a5:98:
111                    90:fd:e4:ff:d8:d2:cf:7c:d1:f2:78:0d:4a:a1:80:
112                    c8:6a:70:75:84:04:c1:c2:4b:af:17:9b:a2:29:2b:
113                    a7:be:f1:f9:19:80:f3:6a:d4:10:28:51:38:26:97:
114                    ed:ad:06:96:85:a7:b7:7c:78:38:90:44:df:d7:10:
115                    e4:52:a2:49:22:6c:98:71:51:f5:b2:13:6a:7f:08:
116                    34:7c:d0:c6:99:6f:79:98:f9
117                Exponent: 65537 (0x10001)
118    Signature Algorithm: sha1WithRSAEncryption
119         7d:67:0f:39:4e:7c:e3:ba:f2:63:b9:ed:6e:ec:61:f2:8a:4f:
120         1e:82:e2:4b:44:04:f8:a5:a1:5a:bc:8c:72:91:6d:bf:03:27:
121         21:10:9e:5c:8a:cf:4b:87:83:e0:c2:d7:72:55:d5:42:d3:d1:
122         2b:76:b3:42:84:e0:e8:3b:80:b2:5f:55:e7:e0:f6:b6:21:c6:
123         fd:91:b5:c9:ba:fa:d8:ba:5c:8b:e1:f6:de:5d:cf:39:e6:92:
124         22:85:31:1f:c3:ed:19:db:0a:0b:f9:ef:a7:36:4d:e1:54:af:
125         8e:c0:59:25:43:e5:69:47:c4:e0:00:1e:21:eb:e6:b4:13:8f:
126         30:01
127-----BEGIN CA CERTIFICATE-----
128MIIBqTCCARKgAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzI
129wMTcwMTAxMDAwMDAwWhgPMjAxODAxMDEwMDAwMDBaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZW
130RpYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF+4GnG2phOBxq3t3bImFkeiKjO
131x3lklQXrTku/oH/Rgpw1oSl1b0F0/KlmJD95P/Y0s980fJ4DUqhgMhqcHWEBMHCS68Xm6IpK6e+
1328fkZgPNq1BAoUTgml+2tBpaFp7d8eDiQRN/XEORSokkibJhxUfWyE2p/CDR80MaZb3mY+QIDAQA
133BMA0GCSqGSIb3DQEBBQUAA4GBAH1nDzlOfOO68mO57W7sYfKKTx6C4ktEBPiloVq8jHKRbb8DJy
134EQnlyKz0uHg+DC13JV1ULT0St2s0KE4Og7gLJfVefg9rYhxv2Rtcm6+ti6XIvh9t5dzznmkiKFM
135R/D7RnbCgv576c2TeFUr47AWSVD5WlHxOAAHiHr5rQTjzAB
136-----END CA CERTIFICATE-----
137
138$ openssl x509 -text < [CERTIFICATE]
139Certificate:
140    Data:
141        Version: 3 (0x2)
142        Serial Number: 4 (0x4)
143        Signature Algorithm: sha1WithRSAEncryption
144        Issuer: CN = Test Intermediate CA
145        Validity
146            Not Before: Jan  1 00:00:00 2017 GMT
147            Not After : Jan  1 00:00:00 2018 GMT
148        Subject: CN = Test Cert
149        Subject Public Key Info:
150            Public Key Algorithm: rsaEncryption
151                RSA Public-Key: (1024 bit)
152                Modulus:
153                    00:d1:d2:a7:fd:5f:56:b8:4a:4a:00:c4:f0:36:48:
154                    0d:99:1e:ba:ca:8d:8c:0e:e9:5a:f4:31:94:26:f4:
155                    24:77:0c:2d:76:39:fe:1e:51:9c:b1:3a:b2:61:ae:
156                    f6:2b:41:46:92:81:b4:1e:35:73:bb:df:53:d6:63:
157                    a4:07:58:e9:0a:40:7a:b7:71:a3:fd:7d:6a:3f:23:
158                    ee:5e:76:90:3f:60:ea:85:6b:74:1b:1f:6a:40:27:
159                    37:7f:ac:6e:97:ee:13:f7:cb:81:44:26:f3:25:48:
160                    56:40:ef:33:84:c8:d7:52:66:8a:40:35:ed:ec:67:
161                    95:c1:35:46:9e:db:9b:ce:9b
162                Exponent: 65537 (0x10001)
163    Signature Algorithm: sha1WithRSAEncryption
164         8e:94:5a:91:44:aa:ab:e4:bf:c4:ca:a3:ee:10:67:2d:3e:d5:
165         ac:b8:90:8b:4e:7f:3e:bc:83:bb:b2:c9:0c:a2:ae:fb:6c:b3:
166         5d:b7:40:20:9f:9b:7c:3d:5f:67:bc:0e:f9:20:bc:24:67:27:
167         a9:2e:81:08:e5:3f:ad:e9:b7:eb:a9:c5:58:55:55:f3:26:17:
168         26:46:5f:ef:20:38:c9:f2:81:ba:39:d9:28:4b:e8:83:ff:d7:
169         2e:87:72:36:77:0f:46:9b:a1:fe:d8:d8:20:50:68:c1:7b:66:
170         82:5d:62:94:90:98:71:8b:b9:83:69:a8:65:a4:58:5d:ce:90:
171         0a:53
172-----BEGIN CERTIFICATE-----
173MIIBqzCCARSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMR0wGwYDVQQDDBRUZXN0IEludGVybWV
174kaWF0ZSBDQTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMTgwMTAxMDAwMDAwWjAUMRIwEAYDVQQDDA
175lUZXN0IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANHSp/1fVrhKSgDE8DZIDZkeu
176sqNjA7pWvQxlCb0JHcMLXY5/h5RnLE6smGu9itBRpKBtB41c7vfU9ZjpAdY6QpAerdxo/19aj8j
1777l52kD9g6oVrdBsfakAnN3+sbpfuE/fLgUQm8yVIVkDvM4TI11JmikA17exnlcE1Rp7bm86bAgM
178BAAEwDQYJKoZIhvcNAQEFBQADgYEAjpRakUSqq+S/xMqj7hBnLT7VrLiQi05/PryDu7LJDKKu+2
179yzXbdAIJ+bfD1fZ7wO+SC8JGcnqS6BCOU/rem366nFWFVV8yYXJkZf7yA4yfKBujnZKEvog//XL
180odyNncPRpuh/tjYIFBowXtmgl1ilJCYcYu5g2moZaRYXc6QClM=
181-----END CERTIFICATE-----
182
183$ openssl asn1parse -i < [OCSP REQUEST]
184    0:d=0  hl=2 l=  66 cons: SEQUENCE
185    2:d=1  hl=2 l=  64 cons:  SEQUENCE
186    4:d=2  hl=2 l=  62 cons:   SEQUENCE
187    6:d=3  hl=2 l=  60 cons:    SEQUENCE
188    8:d=4  hl=2 l=  58 cons:     SEQUENCE
189   10:d=5  hl=2 l=   9 cons:      SEQUENCE
190   12:d=6  hl=2 l=   5 prim:       OBJECT            :sha1
191   19:d=6  hl=2 l=   0 prim:       NULL
192   21:d=5  hl=2 l=  20 prim:      OCTET STRING      [HEX DUMP]:449B1C5B31C6E9990966523E49C3F773C024190A
193   43:d=5  hl=2 l=  20 prim:      OCTET STRING      [HEX DUMP]:7F765910653BB5704124C41E94AEFCF940431A66
194   65:d=5  hl=2 l=   1 prim:      INTEGER           :04
195-----BEGIN OCSP REQUEST-----
196MEIwQDA+MDwwOjAJBgUrDgMCGgUABBREmxxbMcbpmQlmUj5Jw/dzwCQZCgQUf3ZZEGU7tXBBJMQ
197elK78+UBDGmYCAQQ=
198-----END OCSP REQUEST-----
199