1[Created by: generate-chains.py]
2
3Certificate chain where the leaf has a basic constraints extension with
4CA=false, however specifies the optional pathlen.
5
6Certificate:
7    Data:
8        Version: 3 (0x2)
9        Serial Number:
10            2d:58:fd:1c:9f:8b:f0:cb:61:00:36:cc:88:b7:31:82:91:15:f5:15
11        Signature Algorithm: sha256WithRSAEncryption
12        Issuer: CN=Intermediate
13        Validity
14            Not Before: Nov  3 12:00:00 2020 GMT
15            Not After : Nov  3 12:00:00 2021 GMT
16        Subject: CN=Target
17        Subject Public Key Info:
18            Public Key Algorithm: rsaEncryption
19                RSA Public-Key: (2048 bit)
20                Modulus:
21                    00:ba:80:5c:f0:d7:23:f0:69:d9:b7:8f:fc:c3:d4:
22                    47:a2:41:29:77:01:50:3c:84:8f:52:f7:11:6d:c4:
23                    75:04:84:48:98:8c:4e:bb:f6:4b:e2:cb:4d:be:01:
24                    dc:b2:8e:48:b6:da:76:4d:b0:28:75:94:28:d7:44:
25                    2c:0d:a5:70:fe:b8:ec:c3:d0:0d:8b:74:4a:18:b9:
26                    13:bb:b1:99:80:09:d0:bd:00:a3:20:64:70:bb:18:
27                    00:7c:61:1f:5d:d2:dc:23:6a:6a:e3:8a:6c:13:9b:
28                    a3:c5:7b:dc:91:71:29:46:4e:1c:8e:82:2a:d6:bb:
29                    f9:5a:91:be:f0:a7:a9:b2:d5:8c:df:a2:d2:eb:3a:
30                    e4:49:30:8b:83:20:6d:fb:af:90:19:3e:44:b5:d3:
31                    bb:05:a1:15:a1:0d:4c:61:82:63:5e:24:a5:94:df:
32                    a9:35:5a:0f:56:eb:8c:1d:a5:0e:80:4a:16:d1:ef:
33                    dd:cf:84:f6:45:55:65:55:b8:73:ae:ca:1c:f8:c7:
34                    e2:67:e8:8a:42:5e:eb:f6:2c:bf:55:1c:18:39:51:
35                    5b:15:16:1b:0a:06:ba:b0:ad:bc:45:2d:23:5c:3a:
36                    ca:2b:04:c9:a2:4f:a6:80:ec:d2:b8:d7:98:44:69:
37                    3c:3c:2e:ab:b4:44:e2:50:6a:b8:a6:59:db:d4:61:
38                    54:fd
39                Exponent: 65537 (0x10001)
40        X509v3 extensions:
41            X509v3 Subject Key Identifier:
42                5B:3D:C4:92:95:A9:93:D8:29:1F:56:EB:DA:A0:3C:1A:C0:BD:5D:AB
43            X509v3 Authority Key Identifier:
44                keyid:FB:3A:43:9C:BA:40:89:72:5B:BD:26:8A:3B:25:77:1C:C1:F0:2C:7E
45
46            Authority Information Access:
47                CA Issuers - URI:http://url-for-aia/Intermediate.cer
48
49            X509v3 CRL Distribution Points:
50
51                Full Name:
52                  URI:http://url-for-crl/Intermediate.crl
53
54            X509v3 Key Usage: critical
55                Digital Signature, Key Encipherment
56            X509v3 Extended Key Usage:
57                TLS Web Server Authentication, TLS Web Client Authentication
58            X509v3 Basic Constraints: critical
59                CA:FALSE, pathlen:1
60    Signature Algorithm: sha256WithRSAEncryption
61         10:41:17:d8:4a:3f:98:4b:a2:19:f7:c6:dc:48:0a:76:67:e2:
62         8a:63:3d:31:a6:ff:0b:60:be:64:5e:2c:cf:44:bc:3a:3c:66:
63         42:92:04:d3:f0:2a:7c:bf:99:f4:f0:d6:f7:d1:46:4b:2d:00:
64         f3:2f:31:90:1b:60:26:fe:7d:ad:67:08:6a:e1:80:b4:67:44:
65         cf:00:1c:c9:2d:94:03:75:f2:c7:27:f5:db:1c:0e:6b:4a:b8:
66         f2:ab:86:fd:42:74:e8:1d:5f:2b:e3:a4:f7:b4:10:eb:fb:2c:
67         9c:0c:01:4a:89:9a:ce:f6:8c:71:b5:06:52:4a:91:7c:b9:a3:
68         be:1c:f6:4a:c4:91:4e:05:f3:20:01:8a:6d:ed:25:d6:aa:b5:
69         21:15:70:17:b3:ae:8b:45:fb:49:8a:23:8a:c7:5e:45:7e:21:
70         72:03:26:dc:38:31:54:ac:24:22:62:9b:32:44:c5:20:00:c3:
71         11:45:dd:eb:45:fc:ff:54:91:f8:4c:95:cc:97:bd:1e:ba:8f:
72         41:0a:57:da:04:bb:01:77:3c:71:57:1f:08:f3:86:4b:d2:e9:
73         de:b1:b8:40:17:ed:9a:d6:95:5b:c7:93:e8:ef:94:6d:b0:a7:
74         f3:6e:24:2d:ba:db:38:3d:70:a6:8e:a2:90:f3:8e:97:e5:86:
75         a1:d5:0c:be
76-----BEGIN CERTIFICATE-----
77MIIDsTCCApmgAwIBAgIULVj9HJ+L8MthADbMiLcxgpEV9RUwDQYJKoZIhvcNAQEL
78BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIwMTEwMzEyMDAwMFoXDTIx
79MTEwMzEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
80AAOCAQ8AMIIBCgKCAQEAuoBc8Ncj8GnZt4/8w9RHokEpdwFQPISPUvcRbcR1BIRI
81mIxOu/ZL4stNvgHcso5Ittp2TbAodZQo10QsDaVw/rjsw9ANi3RKGLkTu7GZgAnQ
82vQCjIGRwuxgAfGEfXdLcI2pq44psE5ujxXvckXEpRk4cjoIq1rv5WpG+8KepstWM
8336LS6zrkSTCLgyBt+6+QGT5EtdO7BaEVoQ1MYYJjXiSllN+pNVoPVuuMHaUOgEoW
840e/dz4T2RVVlVbhzrsoc+MfiZ+iKQl7r9iy/VRwYOVFbFRYbCga6sK28RS0jXDrK
85KwTJok+mgOzSuNeYRGk8PC6rtETiUGq4plnb1GFU/QIDAQABo4H6MIH3MB0GA1Ud
86DgQWBBRbPcSSlamT2CkfVuvaoDwawL1dqzAfBgNVHSMEGDAWgBT7OkOcukCJclu9
87Joo7JXccwfAsfjA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
88cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
89dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
90oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwIB
91ATANBgkqhkiG9w0BAQsFAAOCAQEAEEEX2Eo/mEuiGffG3EgKdmfiimM9Mab/C2C+
92ZF4sz0S8OjxmQpIE0/AqfL+Z9PDW99FGSy0A8y8xkBtgJv59rWcIauGAtGdEzwAc
93yS2UA3Xyxyf12xwOa0q48quG/UJ06B1fK+Ok97QQ6/ssnAwBSomazvaMcbUGUkqR
94fLmjvhz2SsSRTgXzIAGKbe0l1qq1IRVwF7Oui0X7SYojisdeRX4hcgMm3DgxVKwk
95ImKbMkTFIADDEUXd60X8/1SR+EyVzJe9HrqPQQpX2gS7AXc8cVcfCPOGS9Lp3rG4
96QBftmtaVW8eT6O+UbbCn824kLbrbOD1wpo6ikPOOl+WGodUMvg==
97-----END CERTIFICATE-----
98
99Certificate:
100    Data:
101        Version: 3 (0x2)
102        Serial Number:
103            7c:eb:63:f0:f3:c9:2c:8c:45:ed:1d:f4:86:49:1e:61:f3:54:68:fe
104        Signature Algorithm: sha256WithRSAEncryption
105        Issuer: CN=Root
106        Validity
107            Not Before: Nov  3 12:00:00 2020 GMT
108            Not After : Nov  3 12:00:00 2021 GMT
109        Subject: CN=Intermediate
110        Subject Public Key Info:
111            Public Key Algorithm: rsaEncryption
112                RSA Public-Key: (2048 bit)
113                Modulus:
114                    00:b1:bb:78:97:4a:b5:56:42:fa:f9:6b:63:6c:f3:
115                    0e:54:92:6c:84:d4:c7:53:48:24:c1:bd:6f:d0:83:
116                    ad:f3:7a:5c:93:f1:74:38:ba:46:f1:19:db:0e:fb:
117                    1b:b4:f2:9e:8b:c4:10:8e:97:b1:ff:f8:2d:03:cd:
118                    36:91:8a:2c:e8:d8:da:a4:7e:58:8d:fb:ff:99:2b:
119                    d5:e1:b3:63:7f:ec:2c:66:b5:0d:ca:ba:e1:74:5e:
120                    b3:ad:bf:49:65:74:52:30:78:ed:ea:7c:08:26:32:
121                    f1:d5:e3:ea:01:7e:3a:fc:0e:84:d6:17:aa:98:f8:
122                    92:63:77:4d:5c:d3:13:61:af:e3:d8:35:0c:ff:1e:
123                    39:91:0c:24:a9:ec:89:ab:28:97:97:56:eb:2a:73:
124                    70:e7:46:17:89:1e:42:73:a5:f6:b6:de:5a:bc:24:
125                    69:5d:41:09:31:f6:12:d3:57:2d:dc:96:9c:0a:4d:
126                    64:f0:c4:24:44:8e:1d:66:37:a1:01:1a:d5:89:a8:
127                    9c:81:82:00:d9:f5:56:e9:58:df:ea:5d:32:7e:fb:
128                    2d:19:1b:39:b4:fb:77:2c:2e:e1:ae:f5:ea:b0:ad:
129                    b7:d4:2e:35:86:26:9f:96:c6:e3:4c:27:7b:6a:7d:
130                    a2:4e:bf:cb:59:33:85:6f:d1:98:e4:27:3c:95:3f:
131                    fd:ad
132                Exponent: 65537 (0x10001)
133        X509v3 extensions:
134            X509v3 Subject Key Identifier:
135                FB:3A:43:9C:BA:40:89:72:5B:BD:26:8A:3B:25:77:1C:C1:F0:2C:7E
136            X509v3 Authority Key Identifier:
137                keyid:8F:4E:5E:78:19:AE:28:82:69:2F:CF:33:95:04:C1:CD:75:D1:F6:FF
138
139            Authority Information Access:
140                CA Issuers - URI:http://url-for-aia/Root.cer
141
142            X509v3 CRL Distribution Points:
143
144                Full Name:
145                  URI:http://url-for-crl/Root.crl
146
147            X509v3 Key Usage: critical
148                Certificate Sign, CRL Sign
149            X509v3 Basic Constraints: critical
150                CA:TRUE
151    Signature Algorithm: sha256WithRSAEncryption
152         06:d8:a9:c4:6a:09:71:fa:4f:5c:c4:a7:66:17:f8:10:fb:8e:
153         d4:68:66:94:1c:ed:87:46:76:f2:91:b9:54:e5:b9:17:9c:e2:
154         f2:4d:2c:64:87:8c:62:c8:1c:0e:3c:76:e6:14:9e:fb:10:a5:
155         00:fb:35:88:18:3e:01:32:5d:22:be:69:eb:33:91:b6:46:04:
156         92:4f:49:1b:fa:28:e7:1e:d9:2e:88:9c:62:5f:b3:ac:cb:6f:
157         1d:14:4f:ea:3b:0b:40:cb:62:38:a4:51:d0:79:83:3c:28:f0:
158         aa:aa:c4:22:fa:8f:da:e2:ce:56:3a:9a:f6:07:f0:8d:e3:67:
159         38:14:f4:c1:78:d7:a5:c0:98:a4:0e:91:81:c4:f4:b6:6e:fe:
160         41:7a:e8:95:c3:06:58:a9:84:fe:f3:38:13:2e:2f:7e:0b:48:
161         37:42:f3:68:9a:46:fc:d4:fb:e5:a0:ae:b3:4f:ab:9f:c2:6a:
162         0a:28:2d:f1:b1:a0:10:69:bb:81:fa:16:29:8b:20:74:e3:f8:
163         15:26:0f:ac:3a:ba:ca:0f:44:b1:eb:cc:5e:a3:88:cf:d7:0e:
164         3a:ef:36:7d:99:c4:1e:a6:b1:95:da:7a:ae:ed:4c:35:65:fe:
165         a8:3d:65:02:0b:b8:3a:5c:e1:2e:53:f4:b8:f5:48:a2:06:4c:
166         bc:58:de:4a
167-----BEGIN CERTIFICATE-----
168MIIDgDCCAmigAwIBAgIUfOtj8PPJLIxF7R30hkkeYfNUaP4wDQYJKoZIhvcNAQEL
169BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMDExMDMxMjAwMDBaFw0yMTExMDMxMjAw
170MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
171ggEPADCCAQoCggEBALG7eJdKtVZC+vlrY2zzDlSSbITUx1NIJMG9b9CDrfN6XJPx
172dDi6RvEZ2w77G7TynovEEI6Xsf/4LQPNNpGKLOjY2qR+WI37/5kr1eGzY3/sLGa1
173Dcq64XRes62/SWV0UjB47ep8CCYy8dXj6gF+OvwOhNYXqpj4kmN3TVzTE2Gv49g1
174DP8eOZEMJKnsiasol5dW6ypzcOdGF4keQnOl9rbeWrwkaV1BCTH2EtNXLdyWnApN
175ZPDEJESOHWY3oQEa1YmonIGCANn1VulY3+pdMn77LRkbObT7dywu4a716rCtt9Qu
176NYYmn5bG40wne2p9ok6/y1kzhW/RmOQnPJU//a0CAwEAAaOByzCByDAdBgNVHQ4E
177FgQU+zpDnLpAiXJbvSaKOyV3HMHwLH4wHwYDVR0jBBgwFoAUj05eeBmuKIJpL88z
178lQTBzXXR9v8wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
179LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
180b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
181MA0GCSqGSIb3DQEBCwUAA4IBAQAG2KnEaglx+k9cxKdmF/gQ+47UaGaUHO2HRnby
182kblU5bkXnOLyTSxkh4xiyBwOPHbmFJ77EKUA+zWIGD4BMl0ivmnrM5G2RgSST0kb
183+ijnHtkuiJxiX7Osy28dFE/qOwtAy2I4pFHQeYM8KPCqqsQi+o/a4s5WOpr2B/CN
18442c4FPTBeNelwJikDpGBxPS2bv5BeuiVwwZYqYT+8zgTLi9+C0g3QvNomkb81Pvl
185oK6zT6ufwmoKKC3xsaAQabuB+hYpiyB04/gVJg+sOrrKD0Sx68xeo4jP1w467zZ9
186mcQeprGV2nqu7Uw1Zf6oPWUCC7g6XOEuU/S49UiiBky8WN5K
187-----END CERTIFICATE-----
188
189Certificate:
190    Data:
191        Version: 3 (0x2)
192        Serial Number:
193            7c:eb:63:f0:f3:c9:2c:8c:45:ed:1d:f4:86:49:1e:61:f3:54:68:fd
194        Signature Algorithm: sha256WithRSAEncryption
195        Issuer: CN=Root
196        Validity
197            Not Before: Nov  3 12:00:00 2020 GMT
198            Not After : Nov  3 12:00:00 2021 GMT
199        Subject: CN=Root
200        Subject Public Key Info:
201            Public Key Algorithm: rsaEncryption
202                RSA Public-Key: (2048 bit)
203                Modulus:
204                    00:b3:59:c0:d6:b0:f3:cb:31:46:9d:ef:de:63:f3:
205                    1a:24:10:36:fb:e8:ee:05:76:21:51:51:fd:52:47:
206                    97:12:13:46:42:bc:94:37:5e:e6:41:d2:d8:75:27:
207                    2c:3d:04:bc:e1:ac:bc:a8:f6:d8:74:63:9a:be:a9:
208                    7b:d2:1b:96:87:25:3b:ce:d1:ff:b4:dd:fa:29:64:
209                    ae:df:4c:1b:b4:fb:9e:8a:9a:6c:74:ba:2a:76:45:
210                    03:b7:91:7e:90:ba:04:3d:dc:0a:17:77:b3:5f:dc:
211                    56:07:eb:63:5e:2b:54:c9:d7:b3:4b:f3:42:6b:9e:
212                    2a:80:9c:71:52:5d:0f:6d:97:c6:d3:f6:c4:7a:7a:
213                    ee:ea:22:4f:1c:e8:42:55:6e:b2:2a:56:cf:86:3c:
214                    94:d1:e7:e0:7c:78:8c:94:05:05:b0:3f:b2:70:18:
215                    da:92:d2:9a:ba:57:7c:fb:52:4b:0f:34:cb:dc:ab:
216                    40:a0:76:4e:cc:11:b9:57:be:f2:e2:fa:2b:ba:20:
217                    b0:c8:ee:8d:0a:11:a2:02:d4:f7:38:3d:f4:a8:49:
218                    f4:b4:8a:08:ff:d0:c3:25:21:0e:dc:f0:17:22:f2:
219                    bf:07:3d:e7:5f:4c:b2:cd:1a:18:f1:fd:3a:5a:42:
220                    79:b3:82:47:ad:ad:e0:02:7f:0b:19:34:5d:3b:90:
221                    81:23
222                Exponent: 65537 (0x10001)
223        X509v3 extensions:
224            X509v3 Subject Key Identifier:
225                8F:4E:5E:78:19:AE:28:82:69:2F:CF:33:95:04:C1:CD:75:D1:F6:FF
226            X509v3 Authority Key Identifier:
227                keyid:8F:4E:5E:78:19:AE:28:82:69:2F:CF:33:95:04:C1:CD:75:D1:F6:FF
228
229            Authority Information Access:
230                CA Issuers - URI:http://url-for-aia/Root.cer
231
232            X509v3 CRL Distribution Points:
233
234                Full Name:
235                  URI:http://url-for-crl/Root.crl
236
237            X509v3 Key Usage: critical
238                Certificate Sign, CRL Sign
239            X509v3 Basic Constraints: critical
240                CA:TRUE
241    Signature Algorithm: sha256WithRSAEncryption
242         69:b8:ea:39:ed:08:fd:55:e8:ee:43:df:d3:4b:0e:38:71:b5:
243         27:2e:d6:bd:10:31:cd:b1:ea:43:38:4e:6e:e9:49:c3:9e:2d:
244         4b:a6:ba:4e:ee:d6:df:86:bb:69:ad:65:19:2c:d5:01:1b:6b:
245         1f:21:2f:3c:7d:4a:cd:c1:ba:e4:ae:00:99:7a:36:60:ec:57:
246         89:80:40:57:81:03:3e:20:27:b9:74:76:2d:35:fd:54:2f:8f:
247         71:a0:16:79:1a:32:7c:75:ad:9a:bd:4b:b1:4e:92:eb:8e:f5:
248         ac:de:b1:fe:ff:7d:70:1e:c2:ef:43:de:bb:5d:fd:27:7c:32:
249         02:99:69:d8:2a:86:46:e4:fa:72:e8:90:53:ff:12:91:d5:40:
250         d1:e4:7c:b9:01:82:d5:43:e2:e1:83:45:9b:ea:eb:97:48:7e:
251         57:b7:82:59:51:d4:78:e3:fe:fe:f3:01:7a:6e:2f:f3:c2:0a:
252         48:bf:32:00:f0:a5:27:a5:67:65:00:bb:ec:40:03:72:d5:a2:
253         99:67:3b:27:da:7a:5c:d2:34:dd:35:1e:e9:48:1b:3e:85:d9:
254         46:0a:ca:04:7b:b5:90:95:6e:63:59:5a:c9:25:64:4b:2d:90:
255         e4:74:82:3b:ef:46:3e:9c:3b:10:0e:0a:a1:45:5f:ed:dd:91:
256         bf:8b:73:b5
257-----BEGIN CERTIFICATE-----
258MIIDeDCCAmCgAwIBAgIUfOtj8PPJLIxF7R30hkkeYfNUaP0wDQYJKoZIhvcNAQEL
259BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMDExMDMxMjAwMDBaFw0yMTExMDMxMjAw
260MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
261AoIBAQCzWcDWsPPLMUad795j8xokEDb76O4FdiFRUf1SR5cSE0ZCvJQ3XuZB0th1
262Jyw9BLzhrLyo9th0Y5q+qXvSG5aHJTvO0f+03fopZK7fTBu0+56Kmmx0uip2RQO3
263kX6QugQ93AoXd7Nf3FYH62NeK1TJ17NL80JrniqAnHFSXQ9tl8bT9sR6eu7qIk8c
2646EJVbrIqVs+GPJTR5+B8eIyUBQWwP7JwGNqS0pq6V3z7UksPNMvcq0Cgdk7MEblX
265vvLi+iu6ILDI7o0KEaIC1Pc4PfSoSfS0igj/0MMlIQ7c8Bci8r8HPedfTLLNGhjx
266/TpaQnmzgketreACfwsZNF07kIEjAgMBAAGjgcswgcgwHQYDVR0OBBYEFI9OXngZ
267riiCaS/PM5UEwc110fb/MB8GA1UdIwQYMBaAFI9OXngZriiCaS/PM5UEwc110fb/
268MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
269L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
270b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
2719w0BAQsFAAOCAQEAabjqOe0I/VXo7kPf00sOOHG1Jy7WvRAxzbHqQzhObulJw54t
272S6a6Tu7W34a7aa1lGSzVARtrHyEvPH1KzcG65K4AmXo2YOxXiYBAV4EDPiAnuXR2
273LTX9VC+PcaAWeRoyfHWtmr1LsU6S6471rN6x/v99cB7C70Peu139J3wyAplp2CqG
274RuT6cuiQU/8SkdVA0eR8uQGC1UPi4YNFm+rrl0h+V7eCWVHUeOP+/vMBem4v88IK
275SL8yAPClJ6VnZQC77EADctWimWc7J9p6XNI03TUe6UgbPoXZRgrKBHu1kJVuY1la
276ySVkSy2Q5HSCO+9GPpw7EA4KoUVf7d2Rv4tztQ==
277-----END CERTIFICATE-----
278