blob: 94105ff2915745350d03ec47369ca8a6c187f8f0 [file] [log] [blame]
[Created by: ./generate-key-rollover.py]
A certificate tree with two self-signed root certificates(oldroot, newroot),
and a third root certificate (newrootrollover) which has the same key as newroot
but is signed by oldroot, all with the same subject and issuer.
There are two intermediates with the same key, subject and issuer
(oldintermediate signed by oldroot, and newintermediate signed by newroot).
The target certificate is signed by the intermediate key.
In graphical form:
oldroot-------->newrootrollover newroot
| | |
v v v
oldintermediate newintermediate
| |
+------------+-------------+
|
v
target
Several chains are output:
key-rollover-oldchain.pem:
target<-oldintermediate<-oldroot
key-rollover-rolloverchain.pem:
target<-newintermediate<-newrootrollover<-oldroot
key-rollover-longrolloverchain.pem:
target<-newintermediate<-newroot<-newrootrollover<-oldroot
key-rollover-newchain.pem:
target<-newintermediate<-newroot
All of these chains should verify successfully.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:be:12:1c:48:e4:73:1f:5c:d2:54:a9:7b:58:1c:
37:73:c2:49:26:3e:ed:b5:6b:55:17:c9:4c:52:34:
ce:d9:76:86:32:74:74:ae:11:b2:99:1b:51:a0:33:
48:34:2f:b9:d3:2b:06:c2:5c:29:53:35:ce:7c:a6:
67:b2:6a:d4:33:c3:13:62:30:a1:53:5f:45:78:5b:
bb:47:ad:07:a4:98:9a:e9:e3:b1:3b:e6:33:c2:c1:
5c:95:d7:c8:b9:a6:72:27:7a:79:da:c4:c8:5a:1a:
3e:5e:5e:a6:62:64:c6:72:86:b1:78:98:5b:63:27:
70:15:04:6b:b1:0f:11:9c:4d:3b:5c:e7:8d:c0:be:
d5:84:46:6c:bd:11:1e:21:c1:82:9c:d0:aa:2d:2f:
f8:2a:e9:3b:e4:35:15:6d:c7:4a:dd:a8:65:69:b8:
16:a1:8a:04:a2:44:68:40:b6:99:ae:61:df:9f:6c:
40:ef:79:c9:a3:6d:e4:2d:07:01:68:f1:21:4e:0e:
28:a7:fd:2f:ad:ee:7d:65:cf:36:fd:4f:1b:ba:10:
8e:86:fd:ec:37:67:0c:20:71:66:48:64:f3:82:af:
f5:e1:73:c9:09:36:03:3f:c2:47:7a:f2:33:b9:f9:
9f:53:9b:24:5e:c3:cc:05:d9:a9:ed:d7:b2:2a:c5:
b7:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:45:0B:2A:F2:D8:8D:2A:D7:CE:AF:56:BF:82:B0:84:0C:C8:2E:F4
X509v3 Authority Key Identifier:
keyid:B1:39:79:13:35:D0:03:6B:E9:C4:63:2B:CC:D6:61:C3:82:EC:14:C1
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
63:66:9e:6c:34:8c:5d:74:ae:90:25:55:ae:86:49:b9:3d:fd:
27:bc:4f:69:7b:70:cb:25:0e:a3:8c:7a:7d:9c:4f:0b:7c:f2:
85:a5:ea:82:d2:37:c2:74:a2:ae:a8:bf:62:f4:5f:d4:c6:41:
45:0c:cc:27:53:aa:8f:66:58:e9:b0:de:ae:98:14:bd:92:df:
9b:0f:f2:c5:3b:d2:bc:1c:3e:80:b4:09:0f:c1:9f:d6:3a:29:
52:71:b6:1a:92:95:5a:18:dc:b4:30:dc:61:61:93:54:d1:55:
83:92:5d:c0:c7:dc:ab:d7:08:dd:8a:44:cf:92:f9:4d:86:25:
aa:ac:52:f6:0e:17:99:0b:31:d2:75:5e:33:f9:f5:b6:77:42:
07:62:a9:53:cc:f3:79:84:57:d9:14:3f:ab:4c:8b:ae:c7:9f:
cf:7a:1f:bf:7e:1d:44:bd:76:b4:cd:8d:c8:1d:75:f7:3b:b5:
bc:35:8b:3f:29:b1:cb:67:a4:17:af:a4:ca:9f:2b:e7:15:66:
e4:c8:c1:7c:08:78:9e:5d:4b:c3:c6:58:66:96:42:e8:e6:40:
fd:dc:24:ce:3b:58:11:38:40:0e:fc:a9:c0:2c:0f:e5:cc:bb:
02:32:31:b9:bc:6f:2d:1d:f6:2b:7c:d3:f8:24:f6:60:38:8a:
1f:dd:e1:50
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+EhxI
5HMfXNJUqXtYHDdzwkkmPu21a1UXyUxSNM7ZdoYydHSuEbKZG1GgM0g0L7nTKwbC
XClTNc58pmeyatQzwxNiMKFTX0V4W7tHrQekmJrp47E75jPCwVyV18i5pnInenna
xMhaGj5eXqZiZMZyhrF4mFtjJ3AVBGuxDxGcTTtc543AvtWERmy9ER4hwYKc0Kot
L/gq6TvkNRVtx0rdqGVpuBahigSiRGhAtpmuYd+fbEDvecmjbeQtBwFo8SFODiin
/S+t7n1lzzb9Txu6EI6G/ew3ZwwgcWZIZPOCr/Xhc8kJNgM/wkd68jO5+Z9TmyRe
w8wF2ant17Iqxbc5AgMBAAGjgekwgeYwHQYDVR0OBBYEFMlFCyry2I0q186vVr+C
sIQMyC70MB8GA1UdIwQYMBaAFLE5eRM10ANr6cRjK8zWYcOC7BTBMD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAY2aebDSMXXSukCVVroZJ
uT39J7xPaXtwyyUOo4x6fZxPC3zyhaXqgtI3wnSirqi/YvRf1MZBRQzMJ1Oqj2ZY
6bDerpgUvZLfmw/yxTvSvBw+gLQJD8Gf1jopUnG2GpKVWhjctDDcYWGTVNFVg5Jd
wMfcq9cI3YpEz5L5TYYlqqxS9g4XmQsx0nVeM/n1tndCB2KpU8zzeYRX2RQ/q0yL
rsefz3ofv34dRL12tM2NyB119zu1vDWLPymxy2ekF6+kyp8r5xVm5MjBfAh4nl1L
w8ZYZpZC6OZA/dwkzjtYEThADvypwCwP5cy7AjIxubxvLR32K3zT+CT2YDiKH93h
UA==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 2 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9c:d0:2e:3b:06:d6:ea:65:bd:dd:b2:d3:e8:88:
ea:08:73:01:42:ac:ca:38:28:17:32:93:5e:16:a8:
c1:79:44:9a:db:24:08:ba:81:52:63:9c:b4:ed:57:
d4:b2:ac:54:64:3b:70:39:7e:37:da:11:e1:8c:ba:
09:bc:1a:9b:e7:fe:6d:75:f8:71:31:f0:ca:52:89:
2a:9e:d5:53:db:b8:c0:76:cf:bf:58:58:e1:bb:81:
de:62:bb:06:58:1f:9b:64:03:75:7d:ee:76:6f:39:
47:cb:8e:34:32:07:83:89:b0:83:2a:78:d0:ac:e2:
86:0a:a8:ab:3b:97:81:de:9d:36:b4:03:b7:d5:06:
05:53:d7:80:03:44:86:53:72:db:7a:5f:c5:20:dd:
c7:44:58:3b:40:7f:0e:39:bc:be:0d:ca:6a:f6:82:
a2:97:a2:17:79:51:6f:42:5d:0d:6a:b7:a0:de:5f:
6a:00:be:e7:5a:b7:91:e9:fc:77:fd:75:88:8d:52:
76:3d:0e:91:4b:c7:db:96:a4:5f:39:59:55:62:65:
3b:15:7a:bc:7b:09:9f:3e:75:d9:9e:c5:00:b3:19:
d4:26:7e:eb:db:62:07:c2:f5:b6:4e:87:2d:eb:56:
8b:5a:68:6c:85:2f:b4:3e:1d:dd:5d:31:49:98:8b:
06:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:39:79:13:35:D0:03:6B:E9:C4:63:2B:CC:D6:61:C3:82:EC:14:C1
X509v3 Authority Key Identifier:
keyid:15:9E:A6:AD:F5:9F:8A:A1:C1:08:99:BF:66:6F:CF:CA:72:CD:0C:34
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
a8:ad:48:d8:6e:1d:24:09:d2:b3:29:3c:48:60:27:7f:37:64:
d5:f1:3b:b3:5c:43:de:7c:b4:5f:ee:3a:f2:1a:25:24:0a:8a:
25:6d:19:5b:dc:0c:4e:48:61:2f:60:d3:6b:f3:9c:03:2c:d3:
fa:c8:9b:99:e7:2e:c5:43:c0:5f:14:cd:8b:92:62:4f:e5:3a:
cd:b5:0a:d8:b2:01:c7:44:b4:3a:86:66:bf:fa:11:a5:f8:24:
3f:d1:1a:e8:eb:1e:ad:f0:70:31:6f:bc:21:cf:db:ce:63:4e:
84:e9:52:9e:bb:1b:c4:72:ae:e0:6c:88:9e:99:dc:79:d9:fd:
83:26:8e:f6:19:70:d9:5e:fc:f4:0c:d1:17:6f:af:10:f6:64:
16:08:d8:72:ba:3a:2d:66:28:5a:41:0d:f3:47:87:a7:9c:78:
c6:cd:5e:25:71:0b:f2:93:b8:26:17:b2:19:17:cc:03:ed:c0:
6e:06:e2:4b:4a:57:5f:23:02:2a:69:06:7a:c4:b7:3e:2f:e8:
f0:03:ae:b8:2d:df:63:22:20:73:23:75:d9:3c:d7:22:e4:b4:
65:65:ed:b9:e6:02:1d:b5:51:11:9c:db:92:e4:fe:8c:1d:bb:
c5:95:87:5b:38:ee:ff:e4:01:d1:5d:84:b9:73:d3:da:23:ca:
5e:05:d3:7d
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMjEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNAuOwbW
6mW93bLT6IjqCHMBQqzKOCgXMpNeFqjBeUSa2yQIuoFSY5y07VfUsqxUZDtwOX43
2hHhjLoJvBqb5/5tdfhxMfDKUokqntVT27jAds+/WFjhu4HeYrsGWB+bZAN1fe52
bzlHy440MgeDibCDKnjQrOKGCqirO5eB3p02tAO31QYFU9eAA0SGU3Lbel/FIN3H
RFg7QH8OOby+Dcpq9oKil6IXeVFvQl0Nareg3l9qAL7nWreR6fx3/XWIjVJ2PQ6R
S8fblqRfOVlVYmU7FXq8ewmfPnXZnsUAsxnUJn7r22IHwvW2Toct61aLWmhshS+0
Ph3dXTFJmIsGVQIDAQABo4HLMIHIMB0GA1UdDgQWBBSxOXkTNdADa+nEYyvM1mHD
guwUwTAfBgNVHSMEGDAWgBQVnqat9Z+KocEImb9mb8/Kcs0MNDA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
AKitSNhuHSQJ0rMpPEhgJ383ZNXxO7NcQ958tF/uOvIaJSQKiiVtGVvcDE5IYS9g
02vznAMs0/rIm5nnLsVDwF8UzYuSYk/lOs21CtiyAcdEtDqGZr/6EaX4JD/RGujr
Hq3wcDFvvCHP285jToTpUp67G8RyruBsiJ6Z3HnZ/YMmjvYZcNle/PQM0RdvrxD2
ZBYI2HK6Oi1mKFpBDfNHh6eceMbNXiVxC/KTuCYXshkXzAPtwG4G4ktKV18jAipp
BnrEtz4v6PADrrgt32MiIHMjddk81yLktGVl7bnmAh21URGc25Lk/owdu8WVh1s4
7v/kAdFdhLlz09ojyl4F030=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 2 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ae:ea:3b:3f:b6:e9:3d:ea:eb:3d:dd:e8:4d:45:
83:63:78:ea:07:90:3a:3c:4f:92:54:2b:2d:02:1b:
eb:9e:81:72:68:2e:73:f8:4a:a1:de:0c:d6:f0:c2:
61:26:90:0b:48:59:ab:23:25:8f:e4:4a:6b:c9:2d:
ba:a7:35:c4:22:df:76:99:d8:7b:f7:6d:ca:9b:da:
d2:ed:7e:c8:93:b2:a7:f6:f0:05:6a:5d:c6:e1:79:
d0:25:59:a9:50:1e:65:eb:1c:c9:cd:4e:6a:3a:2a:
a4:1a:fa:81:a3:e7:ae:d7:de:43:d9:e8:0b:5c:b0:
6b:46:39:c5:9c:4a:6d:59:bf:da:70:2e:80:ac:c8:
80:e3:83:d1:71:7b:a7:0b:92:bf:a8:81:ad:5c:b2:
d5:e9:b9:5f:b5:4f:93:43:67:72:36:b3:f7:17:b9:
1b:da:2a:13:83:70:36:ae:59:03:3d:f0:71:de:a2:
7a:41:ad:b5:e9:a2:51:e4:18:ec:88:ad:48:f1:df:
17:04:43:54:2a:af:3c:c0:f5:84:39:43:d1:a7:d2:
52:0f:3c:dd:ef:13:58:8c:1d:d4:dd:2e:6d:1a:e7:
73:9b:8b:f3:41:7b:9a:53:4e:0d:92:d3:5d:3f:fc:
c3:61:dc:5f:a0:93:3c:08:cc:b4:9b:ce:9d:78:e3:
77:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:9E:A6:AD:F5:9F:8A:A1:C1:08:99:BF:66:6F:CF:CA:72:CD:0C:34
X509v3 Authority Key Identifier:
keyid:02:CE:F6:AC:1A:39:1E:85:E8:72:D1:8A:C6:1D:E8:7A:8F:9D:15:6B
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
51:9b:dd:56:f2:b1:2b:e5:36:c8:2f:1d:a9:53:1f:89:e1:24:
33:bd:ac:56:c1:c3:1a:38:a6:7e:fc:61:9a:ae:7c:1f:13:3e:
37:e4:e6:a9:11:9e:2b:6e:ce:dd:12:0c:c1:b2:b7:eb:48:0e:
c7:a5:65:f0:86:49:8a:dc:cf:1b:6d:33:af:af:96:51:49:01:
e4:82:d6:e6:5a:d0:41:c7:05:9f:16:eb:06:bd:bc:ab:fe:a0:
d7:ac:de:62:d1:71:7e:69:82:31:03:e3:60:28:e6:18:3b:e5:
93:2b:58:ee:d5:0b:7b:b6:af:f2:4f:22:eb:4d:b7:a6:74:68:
b7:82:68:7f:a9:b6:ee:a0:20:d7:c6:16:0e:9c:1c:39:ea:24:
5e:60:12:fc:39:60:0d:54:3e:aa:b3:43:e1:0f:ef:d7:8f:3e:
09:a9:55:95:e9:3d:0c:4f:ad:cb:c2:f3:2c:10:43:67:54:f9:
66:54:81:ff:62:61:94:05:b0:42:af:f0:c5:ac:00:91:28:5c:
aa:a3:61:44:ba:c2:a6:ab:f8:1d:7e:02:69:33:48:fe:ac:93:
7f:4c:99:91:d9:18:37:f9:70:3f:56:2a:ee:4a:e0:4d:f3:60:
12:5d:30:d8:37:bf:ca:40:85:29:0c:a7:8f:ab:ad:03:6d:7b:
ba:62:7f:58
-----BEGIN CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMjEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7qOz+26T3q6z3d6E1F
g2N46geQOjxPklQrLQIb656Bcmguc/hKod4M1vDCYSaQC0hZqyMlj+RKa8ktuqc1
xCLfdpnYe/dtypva0u1+yJOyp/bwBWpdxuF50CVZqVAeZescyc1OajoqpBr6gaPn
rtfeQ9noC1ywa0Y5xZxKbVm/2nAugKzIgOOD0XF7pwuSv6iBrVyy1em5X7VPk0Nn
cjaz9xe5G9oqE4NwNq5ZAz3wcd6iekGttemiUeQY7IitSPHfFwRDVCqvPMD1hDlD
0afSUg883e8TWIwd1N0ubRrnc5uL80F7mlNODZLTXT/8w2HcX6CTPAjMtJvOnXjj
d8kCAwEAAaOByzCByDAdBgNVHQ4EFgQUFZ6mrfWfiqHBCJm/Zm/PynLNDDQwHwYD
VR0jBBgwFoAUAs72rBo5HoXoctGKxh3oeo+dFWswNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBRm91W8rEr
5TbILx2pUx+J4SQzvaxWwcMaOKZ+/GGarnwfEz435OapEZ4rbs7dEgzBsrfrSA7H
pWXwhkmK3M8bbTOvr5ZRSQHkgtbmWtBBxwWfFusGvbyr/qDXrN5i0XF+aYIxA+Ng
KOYYO+WTK1ju1Qt7tq/yTyLrTbemdGi3gmh/qbbuoCDXxhYOnBw56iReYBL8OWAN
VD6qs0PhD+/Xjz4JqVWV6T0MT63LwvMsEENnVPlmVIH/YmGUBbBCr/DFrACRKFyq
o2FEusKmq/gdfgJpM0j+rJN/TJmR2Rg3+XA/ViruSuBN82ASXTDYN7/KQIUpDKeP
q60DbXu6Yn9Y
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a6:44:ec:a7:15:00:1f:89:ac:91:f8:ec:7b:03:
46:0b:53:15:ed:23:40:35:94:f3:96:80:27:d3:4a:
84:92:68:c9:0c:e0:14:32:c7:31:67:49:29:58:77:
ea:ce:8a:72:5b:93:b1:a0:a8:e5:84:c6:52:9d:5a:
c0:41:bf:98:5f:18:5d:aa:d1:65:79:fb:e9:b0:84:
92:9d:2c:58:bc:f1:c4:29:59:ed:bc:ac:85:ce:d7:
0e:aa:08:e8:2d:90:25:cb:91:9d:7d:91:74:42:a0:
ae:77:d2:11:7b:57:49:04:24:c0:94:f4:20:54:60:
d9:1b:76:76:0b:2c:23:3c:67:90:8c:06:ed:4e:df:
ac:24:22:26:f7:26:8f:5a:d2:5b:79:8a:6f:6e:53:
27:60:10:cb:c7:b4:9f:60:2d:8f:32:69:4b:01:d1:
f0:6d:69:1a:22:14:06:66:63:97:e8:fc:79:41:8d:
15:44:44:d1:43:2a:37:5e:77:e4:06:e6:a9:85:13:
e9:24:63:9d:09:d0:f5:13:d5:ba:59:2e:1c:d2:70:
06:b1:80:f7:57:d7:30:f7:14:f3:18:06:7f:84:38:
b6:81:46:9f:a2:36:87:0e:5f:1a:45:38:b7:20:16:
b7:c6:e1:91:3b:0e:0c:ab:b7:4e:3d:a4:6d:66:d8:
85:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:CE:F6:AC:1A:39:1E:85:E8:72:D1:8A:C6:1D:E8:7A:8F:9D:15:6B
X509v3 Authority Key Identifier:
keyid:02:CE:F6:AC:1A:39:1E:85:E8:72:D1:8A:C6:1D:E8:7A:8F:9D:15:6B
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
0e:00:56:5c:72:31:88:bd:95:13:f7:64:96:1c:63:c2:1c:11:
60:04:d2:c3:5f:7c:a2:d7:d1:33:6d:51:6b:77:61:78:a8:70:
2e:50:97:5d:c1:e8:9b:dd:c6:61:a7:d3:e1:2c:83:07:85:5c:
c9:d7:1e:22:c2:5f:76:83:19:d7:de:4a:5e:82:0f:43:80:45:
02:d7:d0:3d:ca:c3:c0:fc:04:c8:f6:89:32:d7:47:c6:bf:1f:
c6:bd:71:e1:07:00:90:12:ec:61:63:1b:6c:e9:58:2c:fc:4c:
a9:8f:58:e1:b1:6e:a5:ca:4d:be:7e:32:16:74:5f:fd:35:e4:
37:aa:1a:c5:33:21:20:8a:3e:1c:af:da:f3:c7:a2:22:d3:93:
6c:5e:ac:0a:65:d5:db:e4:8b:11:5e:ca:eb:8f:da:c4:5d:2f:
7a:98:e8:3c:d1:89:15:05:02:86:ef:eb:17:18:81:28:ca:d6:
58:87:bd:d4:e2:50:41:92:d9:7f:b1:f7:53:8f:f3:cc:f3:1e:
1d:e4:5a:c2:60:1b:17:42:78:53:e9:2d:5d:bb:f9:21:50:ff:
87:53:be:5f:e6:d4:8f:25:7f:d7:83:d7:f8:4d:c1:7c:7a:40:
0b:11:f1:d9:c6:eb:97:45:00:d6:6b:84:1c:4f:fc:8e:1f:5b:
b5:3d:60:0c
-----BEGIN TRUSTED_CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZE7KcVAB+JrJH47HsD
RgtTFe0jQDWU85aAJ9NKhJJoyQzgFDLHMWdJKVh36s6KcluTsaCo5YTGUp1awEG/
mF8YXarRZXn76bCEkp0sWLzxxClZ7byshc7XDqoI6C2QJcuRnX2RdEKgrnfSEXtX
SQQkwJT0IFRg2Rt2dgssIzxnkIwG7U7frCQiJvcmj1rSW3mKb25TJ2AQy8e0n2At
jzJpSwHR8G1pGiIUBmZjl+j8eUGNFURE0UMqN1535AbmqYUT6SRjnQnQ9RPVulku
HNJwBrGA91fXMPcU8xgGf4Q4toFGn6I2hw5fGkU4tyAWt8bhkTsODKu3Tj2kbWbY
hfsCAwEAAaOByzCByDAdBgNVHQ4EFgQUAs72rBo5HoXoctGKxh3oeo+dFWswHwYD
VR0jBBgwFoAUAs72rBo5HoXoctGKxh3oeo+dFWswNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAOAFZccjGI
vZUT92SWHGPCHBFgBNLDX3yi19EzbVFrd2F4qHAuUJddweib3cZhp9PhLIMHhVzJ
1x4iwl92gxnX3kpegg9DgEUC19A9ysPA/ATI9oky10fGvx/GvXHhBwCQEuxhYxts
6Vgs/Eypj1jhsW6lyk2+fjIWdF/9NeQ3qhrFMyEgij4cr9rzx6Ii05NsXqwKZdXb
5IsRXsrrj9rEXS96mOg80YkVBQKG7+sXGIEoytZYh73U4lBBktl/sfdTj/PM8x4d
5FrCYBsXQnhT6S1du/khUP+HU75f5tSPJX/Xg9f4TcF8ekALEfHZxuuXRQDWa4Qc
T/yOH1u1PWAM
-----END TRUSTED_CERTIFICATE-----
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
-----BEGIN VERIFY_RESULT-----
U1VDQ0VTUw==
-----END VERIFY_RESULT-----