| This is a TBSCertificate where the serial number is more than 20 octets (21 |
| octets, where first octet is a 0). This violates the rules in RFC 5280. |
| |
| |
| |
| -----BEGIN TBS CERTIFICATE----- |
| MFCgAwIBAAIVANjDfk2H+cjIK68m71NQHfH886UgMAMEAQEwAwQBBTAeFw0xMjEwMTgwMzEyMDB |
| aFw0xMzEwMTgxNDU5NTlaMAMEAYMwAwQB8w== |
| -----END TBS CERTIFICATE----- |
| |
| $ openssl asn1parse -i < [TBS CERTIFICATE] |
| 0:d=0 hl=2 l= 80 cons: SEQUENCE |
| 2:d=1 hl=2 l= 3 cons: cont [ 0 ] |
| 4:d=2 hl=2 l= 1 prim: INTEGER :00 |
| 7:d=1 hl=2 l= 21 prim: INTEGER :D8C37E4D87F9C8C82BAF26EF53501DF1FCF3A520 |
| 30:d=1 hl=2 l= 3 cons: SEQUENCE |
| 32:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 |
| 35:d=1 hl=2 l= 3 cons: SEQUENCE |
| 37:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 |
| 40:d=1 hl=2 l= 30 cons: SEQUENCE |
| 42:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z |
| 57:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z |
| 72:d=1 hl=2 l= 3 cons: SEQUENCE |
| 74:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 |
| 77:d=1 hl=2 l= 3 cons: SEQUENCE |
| 79:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 |