1[Created by: generate-chains.py] 2 3Certificate chain where the leaf has a basic constraints extension with 4CA=false, however specifies the optional pathlen. 5 6Certificate: 7 Data: 8 Version: 3 (0x2) 9 Serial Number: 10 2d:58:fd:1c:9f:8b:f0:cb:61:00:36:cc:88:b7:31:82:91:15:f5:15 11 Signature Algorithm: sha256WithRSAEncryption 12 Issuer: CN=Intermediate 13 Validity 14 Not Before: Nov 3 12:00:00 2020 GMT 15 Not After : Nov 3 12:00:00 2021 GMT 16 Subject: CN=Target 17 Subject Public Key Info: 18 Public Key Algorithm: rsaEncryption 19 RSA Public-Key: (2048 bit) 20 Modulus: 21 00:ba:80:5c:f0:d7:23:f0:69:d9:b7:8f:fc:c3:d4: 22 47:a2:41:29:77:01:50:3c:84:8f:52:f7:11:6d:c4: 23 75:04:84:48:98:8c:4e:bb:f6:4b:e2:cb:4d:be:01: 24 dc:b2:8e:48:b6:da:76:4d:b0:28:75:94:28:d7:44: 25 2c:0d:a5:70:fe:b8:ec:c3:d0:0d:8b:74:4a:18:b9: 26 13:bb:b1:99:80:09:d0:bd:00:a3:20:64:70:bb:18: 27 00:7c:61:1f:5d:d2:dc:23:6a:6a:e3:8a:6c:13:9b: 28 a3:c5:7b:dc:91:71:29:46:4e:1c:8e:82:2a:d6:bb: 29 f9:5a:91:be:f0:a7:a9:b2:d5:8c:df:a2:d2:eb:3a: 30 e4:49:30:8b:83:20:6d:fb:af:90:19:3e:44:b5:d3: 31 bb:05:a1:15:a1:0d:4c:61:82:63:5e:24:a5:94:df: 32 a9:35:5a:0f:56:eb:8c:1d:a5:0e:80:4a:16:d1:ef: 33 dd:cf:84:f6:45:55:65:55:b8:73:ae:ca:1c:f8:c7: 34 e2:67:e8:8a:42:5e:eb:f6:2c:bf:55:1c:18:39:51: 35 5b:15:16:1b:0a:06:ba:b0:ad:bc:45:2d:23:5c:3a: 36 ca:2b:04:c9:a2:4f:a6:80:ec:d2:b8:d7:98:44:69: 37 3c:3c:2e:ab:b4:44:e2:50:6a:b8:a6:59:db:d4:61: 38 54:fd 39 Exponent: 65537 (0x10001) 40 X509v3 extensions: 41 X509v3 Subject Key Identifier: 42 5B:3D:C4:92:95:A9:93:D8:29:1F:56:EB:DA:A0:3C:1A:C0:BD:5D:AB 43 X509v3 Authority Key Identifier: 44 keyid:FB:3A:43:9C:BA:40:89:72:5B:BD:26:8A:3B:25:77:1C:C1:F0:2C:7E 45 46 Authority Information Access: 47 CA Issuers - URI:http://url-for-aia/Intermediate.cer 48 49 X509v3 CRL Distribution Points: 50 51 Full Name: 52 URI:http://url-for-crl/Intermediate.crl 53 54 X509v3 Key Usage: critical 55 Digital Signature, Key Encipherment 56 X509v3 Extended Key Usage: 57 TLS Web Server Authentication, TLS Web Client Authentication 58 X509v3 Basic Constraints: critical 59 CA:FALSE, pathlen:1 60 Signature Algorithm: sha256WithRSAEncryption 61 10:41:17:d8:4a:3f:98:4b:a2:19:f7:c6:dc:48:0a:76:67:e2: 62 8a:63:3d:31:a6:ff:0b:60:be:64:5e:2c:cf:44:bc:3a:3c:66: 63 42:92:04:d3:f0:2a:7c:bf:99:f4:f0:d6:f7:d1:46:4b:2d:00: 64 f3:2f:31:90:1b:60:26:fe:7d:ad:67:08:6a:e1:80:b4:67:44: 65 cf:00:1c:c9:2d:94:03:75:f2:c7:27:f5:db:1c:0e:6b:4a:b8: 66 f2:ab:86:fd:42:74:e8:1d:5f:2b:e3:a4:f7:b4:10:eb:fb:2c: 67 9c:0c:01:4a:89:9a:ce:f6:8c:71:b5:06:52:4a:91:7c:b9:a3: 68 be:1c:f6:4a:c4:91:4e:05:f3:20:01:8a:6d:ed:25:d6:aa:b5: 69 21:15:70:17:b3:ae:8b:45:fb:49:8a:23:8a:c7:5e:45:7e:21: 70 72:03:26:dc:38:31:54:ac:24:22:62:9b:32:44:c5:20:00:c3: 71 11:45:dd:eb:45:fc:ff:54:91:f8:4c:95:cc:97:bd:1e:ba:8f: 72 41:0a:57:da:04:bb:01:77:3c:71:57:1f:08:f3:86:4b:d2:e9: 73 de:b1:b8:40:17:ed:9a:d6:95:5b:c7:93:e8:ef:94:6d:b0:a7: 74 f3:6e:24:2d:ba:db:38:3d:70:a6:8e:a2:90:f3:8e:97:e5:86: 75 a1:d5:0c:be 76-----BEGIN CERTIFICATE----- 77MIIDsTCCApmgAwIBAgIULVj9HJ+L8MthADbMiLcxgpEV9RUwDQYJKoZIhvcNAQEL 78BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIwMTEwMzEyMDAwMFoXDTIx 79MTEwMzEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF 80AAOCAQ8AMIIBCgKCAQEAuoBc8Ncj8GnZt4/8w9RHokEpdwFQPISPUvcRbcR1BIRI 81mIxOu/ZL4stNvgHcso5Ittp2TbAodZQo10QsDaVw/rjsw9ANi3RKGLkTu7GZgAnQ 82vQCjIGRwuxgAfGEfXdLcI2pq44psE5ujxXvckXEpRk4cjoIq1rv5WpG+8KepstWM 8336LS6zrkSTCLgyBt+6+QGT5EtdO7BaEVoQ1MYYJjXiSllN+pNVoPVuuMHaUOgEoW 840e/dz4T2RVVlVbhzrsoc+MfiZ+iKQl7r9iy/VRwYOVFbFRYbCga6sK28RS0jXDrK 85KwTJok+mgOzSuNeYRGk8PC6rtETiUGq4plnb1GFU/QIDAQABo4H6MIH3MB0GA1Ud 86DgQWBBRbPcSSlamT2CkfVuvaoDwawL1dqzAfBgNVHSMEGDAWgBT7OkOcukCJclu9 87Joo7JXccwfAsfjA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91 88cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0 89dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF 90oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwIB 91ATANBgkqhkiG9w0BAQsFAAOCAQEAEEEX2Eo/mEuiGffG3EgKdmfiimM9Mab/C2C+ 92ZF4sz0S8OjxmQpIE0/AqfL+Z9PDW99FGSy0A8y8xkBtgJv59rWcIauGAtGdEzwAc 93yS2UA3Xyxyf12xwOa0q48quG/UJ06B1fK+Ok97QQ6/ssnAwBSomazvaMcbUGUkqR 94fLmjvhz2SsSRTgXzIAGKbe0l1qq1IRVwF7Oui0X7SYojisdeRX4hcgMm3DgxVKwk 95ImKbMkTFIADDEUXd60X8/1SR+EyVzJe9HrqPQQpX2gS7AXc8cVcfCPOGS9Lp3rG4 96QBftmtaVW8eT6O+UbbCn824kLbrbOD1wpo6ikPOOl+WGodUMvg== 97-----END CERTIFICATE----- 98 99Certificate: 100 Data: 101 Version: 3 (0x2) 102 Serial Number: 103 7c:eb:63:f0:f3:c9:2c:8c:45:ed:1d:f4:86:49:1e:61:f3:54:68:fe 104 Signature Algorithm: sha256WithRSAEncryption 105 Issuer: CN=Root 106 Validity 107 Not Before: Nov 3 12:00:00 2020 GMT 108 Not After : Nov 3 12:00:00 2021 GMT 109 Subject: CN=Intermediate 110 Subject Public Key Info: 111 Public Key Algorithm: rsaEncryption 112 RSA Public-Key: (2048 bit) 113 Modulus: 114 00:b1:bb:78:97:4a:b5:56:42:fa:f9:6b:63:6c:f3: 115 0e:54:92:6c:84:d4:c7:53:48:24:c1:bd:6f:d0:83: 116 ad:f3:7a:5c:93:f1:74:38:ba:46:f1:19:db:0e:fb: 117 1b:b4:f2:9e:8b:c4:10:8e:97:b1:ff:f8:2d:03:cd: 118 36:91:8a:2c:e8:d8:da:a4:7e:58:8d:fb:ff:99:2b: 119 d5:e1:b3:63:7f:ec:2c:66:b5:0d:ca:ba:e1:74:5e: 120 b3:ad:bf:49:65:74:52:30:78:ed:ea:7c:08:26:32: 121 f1:d5:e3:ea:01:7e:3a:fc:0e:84:d6:17:aa:98:f8: 122 92:63:77:4d:5c:d3:13:61:af:e3:d8:35:0c:ff:1e: 123 39:91:0c:24:a9:ec:89:ab:28:97:97:56:eb:2a:73: 124 70:e7:46:17:89:1e:42:73:a5:f6:b6:de:5a:bc:24: 125 69:5d:41:09:31:f6:12:d3:57:2d:dc:96:9c:0a:4d: 126 64:f0:c4:24:44:8e:1d:66:37:a1:01:1a:d5:89:a8: 127 9c:81:82:00:d9:f5:56:e9:58:df:ea:5d:32:7e:fb: 128 2d:19:1b:39:b4:fb:77:2c:2e:e1:ae:f5:ea:b0:ad: 129 b7:d4:2e:35:86:26:9f:96:c6:e3:4c:27:7b:6a:7d: 130 a2:4e:bf:cb:59:33:85:6f:d1:98:e4:27:3c:95:3f: 131 fd:ad 132 Exponent: 65537 (0x10001) 133 X509v3 extensions: 134 X509v3 Subject Key Identifier: 135 FB:3A:43:9C:BA:40:89:72:5B:BD:26:8A:3B:25:77:1C:C1:F0:2C:7E 136 X509v3 Authority Key Identifier: 137 keyid:8F:4E:5E:78:19:AE:28:82:69:2F:CF:33:95:04:C1:CD:75:D1:F6:FF 138 139 Authority Information Access: 140 CA Issuers - URI:http://url-for-aia/Root.cer 141 142 X509v3 CRL Distribution Points: 143 144 Full Name: 145 URI:http://url-for-crl/Root.crl 146 147 X509v3 Key Usage: critical 148 Certificate Sign, CRL Sign 149 X509v3 Basic Constraints: critical 150 CA:TRUE 151 Signature Algorithm: sha256WithRSAEncryption 152 06:d8:a9:c4:6a:09:71:fa:4f:5c:c4:a7:66:17:f8:10:fb:8e: 153 d4:68:66:94:1c:ed:87:46:76:f2:91:b9:54:e5:b9:17:9c:e2: 154 f2:4d:2c:64:87:8c:62:c8:1c:0e:3c:76:e6:14:9e:fb:10:a5: 155 00:fb:35:88:18:3e:01:32:5d:22:be:69:eb:33:91:b6:46:04: 156 92:4f:49:1b:fa:28:e7:1e:d9:2e:88:9c:62:5f:b3:ac:cb:6f: 157 1d:14:4f:ea:3b:0b:40:cb:62:38:a4:51:d0:79:83:3c:28:f0: 158 aa:aa:c4:22:fa:8f:da:e2:ce:56:3a:9a:f6:07:f0:8d:e3:67: 159 38:14:f4:c1:78:d7:a5:c0:98:a4:0e:91:81:c4:f4:b6:6e:fe: 160 41:7a:e8:95:c3:06:58:a9:84:fe:f3:38:13:2e:2f:7e:0b:48: 161 37:42:f3:68:9a:46:fc:d4:fb:e5:a0:ae:b3:4f:ab:9f:c2:6a: 162 0a:28:2d:f1:b1:a0:10:69:bb:81:fa:16:29:8b:20:74:e3:f8: 163 15:26:0f:ac:3a:ba:ca:0f:44:b1:eb:cc:5e:a3:88:cf:d7:0e: 164 3a:ef:36:7d:99:c4:1e:a6:b1:95:da:7a:ae:ed:4c:35:65:fe: 165 a8:3d:65:02:0b:b8:3a:5c:e1:2e:53:f4:b8:f5:48:a2:06:4c: 166 bc:58:de:4a 167-----BEGIN CERTIFICATE----- 168MIIDgDCCAmigAwIBAgIUfOtj8PPJLIxF7R30hkkeYfNUaP4wDQYJKoZIhvcNAQEL 169BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMDExMDMxMjAwMDBaFw0yMTExMDMxMjAw 170MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD 171ggEPADCCAQoCggEBALG7eJdKtVZC+vlrY2zzDlSSbITUx1NIJMG9b9CDrfN6XJPx 172dDi6RvEZ2w77G7TynovEEI6Xsf/4LQPNNpGKLOjY2qR+WI37/5kr1eGzY3/sLGa1 173Dcq64XRes62/SWV0UjB47ep8CCYy8dXj6gF+OvwOhNYXqpj4kmN3TVzTE2Gv49g1 174DP8eOZEMJKnsiasol5dW6ypzcOdGF4keQnOl9rbeWrwkaV1BCTH2EtNXLdyWnApN 175ZPDEJESOHWY3oQEa1YmonIGCANn1VulY3+pdMn77LRkbObT7dywu4a716rCtt9Qu 176NYYmn5bG40wne2p9ok6/y1kzhW/RmOQnPJU//a0CAwEAAaOByzCByDAdBgNVHQ4E 177FgQU+zpDnLpAiXJbvSaKOyV3HMHwLH4wHwYDVR0jBBgwFoAUj05eeBmuKIJpL88z 178lQTBzXXR9v8wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs 179LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m 180b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ 181MA0GCSqGSIb3DQEBCwUAA4IBAQAG2KnEaglx+k9cxKdmF/gQ+47UaGaUHO2HRnby 182kblU5bkXnOLyTSxkh4xiyBwOPHbmFJ77EKUA+zWIGD4BMl0ivmnrM5G2RgSST0kb 183+ijnHtkuiJxiX7Osy28dFE/qOwtAy2I4pFHQeYM8KPCqqsQi+o/a4s5WOpr2B/CN 18442c4FPTBeNelwJikDpGBxPS2bv5BeuiVwwZYqYT+8zgTLi9+C0g3QvNomkb81Pvl 185oK6zT6ufwmoKKC3xsaAQabuB+hYpiyB04/gVJg+sOrrKD0Sx68xeo4jP1w467zZ9 186mcQeprGV2nqu7Uw1Zf6oPWUCC7g6XOEuU/S49UiiBky8WN5K 187-----END CERTIFICATE----- 188 189Certificate: 190 Data: 191 Version: 3 (0x2) 192 Serial Number: 193 7c:eb:63:f0:f3:c9:2c:8c:45:ed:1d:f4:86:49:1e:61:f3:54:68:fd 194 Signature Algorithm: sha256WithRSAEncryption 195 Issuer: CN=Root 196 Validity 197 Not Before: Nov 3 12:00:00 2020 GMT 198 Not After : Nov 3 12:00:00 2021 GMT 199 Subject: CN=Root 200 Subject Public Key Info: 201 Public Key Algorithm: rsaEncryption 202 RSA Public-Key: (2048 bit) 203 Modulus: 204 00:b3:59:c0:d6:b0:f3:cb:31:46:9d:ef:de:63:f3: 205 1a:24:10:36:fb:e8:ee:05:76:21:51:51:fd:52:47: 206 97:12:13:46:42:bc:94:37:5e:e6:41:d2:d8:75:27: 207 2c:3d:04:bc:e1:ac:bc:a8:f6:d8:74:63:9a:be:a9: 208 7b:d2:1b:96:87:25:3b:ce:d1:ff:b4:dd:fa:29:64: 209 ae:df:4c:1b:b4:fb:9e:8a:9a:6c:74:ba:2a:76:45: 210 03:b7:91:7e:90:ba:04:3d:dc:0a:17:77:b3:5f:dc: 211 56:07:eb:63:5e:2b:54:c9:d7:b3:4b:f3:42:6b:9e: 212 2a:80:9c:71:52:5d:0f:6d:97:c6:d3:f6:c4:7a:7a: 213 ee:ea:22:4f:1c:e8:42:55:6e:b2:2a:56:cf:86:3c: 214 94:d1:e7:e0:7c:78:8c:94:05:05:b0:3f:b2:70:18: 215 da:92:d2:9a:ba:57:7c:fb:52:4b:0f:34:cb:dc:ab: 216 40:a0:76:4e:cc:11:b9:57:be:f2:e2:fa:2b:ba:20: 217 b0:c8:ee:8d:0a:11:a2:02:d4:f7:38:3d:f4:a8:49: 218 f4:b4:8a:08:ff:d0:c3:25:21:0e:dc:f0:17:22:f2: 219 bf:07:3d:e7:5f:4c:b2:cd:1a:18:f1:fd:3a:5a:42: 220 79:b3:82:47:ad:ad:e0:02:7f:0b:19:34:5d:3b:90: 221 81:23 222 Exponent: 65537 (0x10001) 223 X509v3 extensions: 224 X509v3 Subject Key Identifier: 225 8F:4E:5E:78:19:AE:28:82:69:2F:CF:33:95:04:C1:CD:75:D1:F6:FF 226 X509v3 Authority Key Identifier: 227 keyid:8F:4E:5E:78:19:AE:28:82:69:2F:CF:33:95:04:C1:CD:75:D1:F6:FF 228 229 Authority Information Access: 230 CA Issuers - URI:http://url-for-aia/Root.cer 231 232 X509v3 CRL Distribution Points: 233 234 Full Name: 235 URI:http://url-for-crl/Root.crl 236 237 X509v3 Key Usage: critical 238 Certificate Sign, CRL Sign 239 X509v3 Basic Constraints: critical 240 CA:TRUE 241 Signature Algorithm: sha256WithRSAEncryption 242 69:b8:ea:39:ed:08:fd:55:e8:ee:43:df:d3:4b:0e:38:71:b5: 243 27:2e:d6:bd:10:31:cd:b1:ea:43:38:4e:6e:e9:49:c3:9e:2d: 244 4b:a6:ba:4e:ee:d6:df:86:bb:69:ad:65:19:2c:d5:01:1b:6b: 245 1f:21:2f:3c:7d:4a:cd:c1:ba:e4:ae:00:99:7a:36:60:ec:57: 246 89:80:40:57:81:03:3e:20:27:b9:74:76:2d:35:fd:54:2f:8f: 247 71:a0:16:79:1a:32:7c:75:ad:9a:bd:4b:b1:4e:92:eb:8e:f5: 248 ac:de:b1:fe:ff:7d:70:1e:c2:ef:43:de:bb:5d:fd:27:7c:32: 249 02:99:69:d8:2a:86:46:e4:fa:72:e8:90:53:ff:12:91:d5:40: 250 d1:e4:7c:b9:01:82:d5:43:e2:e1:83:45:9b:ea:eb:97:48:7e: 251 57:b7:82:59:51:d4:78:e3:fe:fe:f3:01:7a:6e:2f:f3:c2:0a: 252 48:bf:32:00:f0:a5:27:a5:67:65:00:bb:ec:40:03:72:d5:a2: 253 99:67:3b:27:da:7a:5c:d2:34:dd:35:1e:e9:48:1b:3e:85:d9: 254 46:0a:ca:04:7b:b5:90:95:6e:63:59:5a:c9:25:64:4b:2d:90: 255 e4:74:82:3b:ef:46:3e:9c:3b:10:0e:0a:a1:45:5f:ed:dd:91: 256 bf:8b:73:b5 257-----BEGIN CERTIFICATE----- 258MIIDeDCCAmCgAwIBAgIUfOtj8PPJLIxF7R30hkkeYfNUaP0wDQYJKoZIhvcNAQEL 259BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMDExMDMxMjAwMDBaFw0yMTExMDMxMjAw 260MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK 261AoIBAQCzWcDWsPPLMUad795j8xokEDb76O4FdiFRUf1SR5cSE0ZCvJQ3XuZB0th1 262Jyw9BLzhrLyo9th0Y5q+qXvSG5aHJTvO0f+03fopZK7fTBu0+56Kmmx0uip2RQO3 263kX6QugQ93AoXd7Nf3FYH62NeK1TJ17NL80JrniqAnHFSXQ9tl8bT9sR6eu7qIk8c 2646EJVbrIqVs+GPJTR5+B8eIyUBQWwP7JwGNqS0pq6V3z7UksPNMvcq0Cgdk7MEblX 265vvLi+iu6ILDI7o0KEaIC1Pc4PfSoSfS0igj/0MMlIQ7c8Bci8r8HPedfTLLNGhjx 266/TpaQnmzgketreACfwsZNF07kIEjAgMBAAGjgcswgcgwHQYDVR0OBBYEFI9OXngZ 267riiCaS/PM5UEwc110fb/MB8GA1UdIwQYMBaAFI9OXngZriiCaS/PM5UEwc110fb/ 268MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh 269L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S 270b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG 2719w0BAQsFAAOCAQEAabjqOe0I/VXo7kPf00sOOHG1Jy7WvRAxzbHqQzhObulJw54t 272S6a6Tu7W34a7aa1lGSzVARtrHyEvPH1KzcG65K4AmXo2YOxXiYBAV4EDPiAnuXR2 273LTX9VC+PcaAWeRoyfHWtmr1LsU6S6471rN6x/v99cB7C70Peu139J3wyAplp2CqG 274RuT6cuiQU/8SkdVA0eR8uQGC1UPi4YNFm+rrl0h+V7eCWVHUeOP+/vMBem4v88IK 275SL8yAPClJ6VnZQC77EADctWimWc7J9p6XNI03TUe6UgbPoXZRgrKBHu1kJVuY1la 276ySVkSy2Q5HSCO+9GPpw7EA4KoUVf7d2Rv4tztQ== 277-----END CERTIFICATE----- 278