I narrowed it down to these URL. To reproduces first go to: https://i.tdconline.dk/tdco/gfx/local/sso/knap_q.gif
then go to: https://bestilling.certifikat.tdc.dk/csp/authenticode/README
You found a *very* interesting case.
The culprint is the third certificate in the certificate chain, not the server certificate itself.
And the problem is that *one* *bit* of data is different between the two. But it's not inside the signed part of the certificate, not even really inside the data, just inside the der padding.
It makes the der encoding only very slightly invalid, der decoders will just ignore the error. dumpasn1 does report it, but not "openssl asn1parse". Haven't tested with NSS's asn1 dumping tool;-)
But the fingerprint of the two certificates do not match anymore, so NSS reports them as two different certs with the same serial number.
Maybe for *that* particular case, NSS should use a fingerprint based on the signed part of the cert.
It is annoying to not be able to use the cert, because of an error on the unsigned part of it, that certainly has nothing to see with the ca, but some mistreatment later.
On the other hand, this kind of case might be very rare, and maybe you can just solve it by telling the server operator they got something wrong when they installed i.tdconline.dk by showing them, the cert is a bit different from the supposedly same cert from bestbilling.
If you want to reproduce you can use : openssl s_client -connect i.tdconline.dk:443 -showcerts openssl s_client -connect bestilling.certifikat.tdc.dk:443 -showcerts and Peter Gutmann's dumpasn1.
Joining the two certs as attachment, as well as dumpasn1 output.
-----BEGIN CERTIFICATE----- MIIDhDCCAmygAwIBAgILAQAAAAAA5fIRge4wDQYJKoZIhvcNAQEFBQAwXzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFDASBgNVBAsTC1Bh cnRuZXJzIENBMR8wHQYDVQQDExZHbG9iYWxTaWduIFBhcnRuZXJzIENBMB4XDTAx MDQwMTEyMDAwMFoXDTA4MTIzMTEyMDAwMFowQzELMAkGA1UEBhMCREsxFTATBgNV BAoTDFREQyBJbnRlcm5ldDEdMBsGA1UECxMUVERDIEludGVybmV0IFJvb3QgQ0Ew ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEuEC8kdVjH9eZoIsMQB50 t0idRowCsuAkX/AZE6c3g2tdx475hDDOGjv6+86LbSPGw25mn4ml3+BCUGf6H2we 9NAF1r/K1k7kaGBsRqocXWPhB4YOZQCnLqZxxry5gag6fRrS+dGsS8vOda/ce/qB c9T8ur1BiNR0s/leODo8Q6jSlU53bRMMnY94AbdaIB8DNzXiLNtLKyx4uUnbxNDH nJzkiiAJIRZWZv8F7Fvj8M+rJCRew39wehLE0rUQoLYh4Y14aVVEafXKlhw0hRcl d+L2LyeYeP15Bjqi1lpDwf/sBDvuE+/TWFr/kuvsrtryNwNHQbaXyS0KQSK7u+an AgMBAAGjXTBbMAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUbGQBx/2FbazI2p5QCIUI tTxWqFAwHwYDVR0jBBgwFoAUQySNcBUIYlWcTwxAF12GXg+iTPswDAYDVR0TBAUw AwEB/zANBgkqhkiG9w0BAQUFAAOCAQEBOHbxCwLKbxsuL9kLsTaP6Ky6qqxWs51t kT4EkuIEzxkuD4jwCXY+MvS55uw5Y3dQ9Ln2XEPIY6dY8qJXQOP9JWA6YvPWONSX BDXCFuyxnpZrOjG4Ofp6hDosNQE7+U7VSnL0uaZK2vT7VEaXxmEMELngDb8FcSKs BehWbmeTAunQphF3HAhSlk2q+tN6d1mNIutQfdrHOl+Z7rbCF4PrWylcg/6wwzcu KGKTVblmUG3HjyoqGkvRN05Wbl/P73LLN62dPpECliyE/NFEB0XBWuNin3GJkxqZ /uIfhiwuqlYcfddKe+rSc9Y79azxsp3K9qObGJjHf/xa/k80ovy2/g== -----END CERTIFICATE-----
Cannot open config file 'dumpasn1.cfg', which should be in the same directory as the dumpasn1 program, a standard system directory, or in a location pointed to by the DUMPASN1_PATH environment variable. Operation will continue without the ability to display Object Identifier information.
If the config file is located elsewhere, you can set the environment
variable DUMPASN1_PATH to the path to the file.
<30 82 03 84 30 82 02 6C A0 03 02 01 02 02 0B 01 00 00 00 00 00 E5 F2 11>
0 900: SEQUENCE {
<30 82 02 6C A0 03 02 01 02 02 0B 01 00 00 00 00 00 E5 F2 11 81 EE 30 0D>
4 620: SEQUENCE {
<A0 03 02 01 02>
8 3: [0] {
<02 01 02>
10 1: INTEGER 2
: }
<02 0B 01 00 00 00 00 00 E5 F2 11 81 EE>
13 11: INTEGER 01 00 00 00 00 00 E5 F2 11 81 EE
<30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00>
26 13: SEQUENCE {
<06 09 2A 86 48 86 F7 0D 01 01 05>
28 9: OBJECT IDENTIFIER '1 2 840 113549 1 1 5'
<05 00>
39 0: NULL
: }
<30 5F 31 0B 30 09 06 03 55 04 06 13 02 42 45 31 19 30 17 06 03 55 04 0A>
41 95: SEQUENCE {
<31 0B 30 09 06 03 55 04 06 13 02 42 45>
43 11: SET {
<30 09 06 03 55 04 06 13 02 42 45>
45 9: SEQUENCE {
<06 03 55 04 06>
47 3: OBJECT IDENTIFIER '2 5 4 6'
<13 02 42 45>
52 2: PrintableString 'BE'
: }
: }
<31 19 30 17 06 03 55 04 0A 13 10 47 6C 6F 62 61 6C 53 69 67 6E 20 6E 76>
56 25: SET {
<30 17 06 03 55 04 0A 13 10 47 6C 6F 62 61 6C 53 69 67 6E 20 6E 76 2D 73>
58 23: SEQUENCE {
<06 03 55 04 0A>
60 3: OBJECT IDENTIFIER '2 5 4 10'
<13 10 47 6C 6F 62 61 6C 53 69 67 6E 20 6E 76 2D 73 61>
65 16: PrintableString 'GlobalSign nv-sa'
: }
: }
<31 14 30 12 06 03 55 04 0B 13 0B 50 61 72 74 6E 65 72 73 20 43 41>
83 20: SET {
<30 12 06 03 55 04 0B 13 0B 50 61 72 74 6E 65 72 73 20 43 41>
85 18: SEQUENCE {
<06 03 55 04 0B>
87 3: OBJECT IDENTIFIER '2 5 4 11'
<13 0B 50 61 72 74 6E 65 72 73 20 43 41>
92 11: PrintableString 'Partners CA'
: }
: }
<31 1F 30 1D 06 03 55 04 03 13 16 47 6C 6F 62 61 6C 53 69 67 6E 20 50 61>
105 31: SET {
<30 1D 06 03 55 04 03 13 16 47 6C 6F 62 61 6C 53 69 67 6E 20 50 61 72 74>
107 29: SEQUENCE {
<06 03 55 04 03>
109 3: OBJECT IDENTIFIER '2 5 4 3'
<13 16 47 6C 6F 62 61 6C 53 69 67 6E 20 50 61 72 74 6E 65 72 73 20 43 41>
114 22: PrintableString 'GlobalSign Partners CA'
: }
: }
: }
<30 1E 17 0D 30 31 30 34 30 31 31 32 30 30 30 30 5A 17 0D 30 38 31 32 33>
138 30: SEQUENCE {
<17 0D 30 31 30 34 30 31 31 32 30 30 30 30 5A>
140 13: UTCTime 01/04/2001 12:00:00 GMT
<17 0D 30 38 31 32 33 31 31 32 30 30 30 30 5A>
155 13: UTCTime 31/12/2008 12:00:00 GMT
: }
<30 43 31 0B 30 09 06 03 55 04 06 13 02 44 4B 31 15 30 13 06 03 55 04 0A>
170 67: SEQUENCE {
<31 0B 30 09 06 03 55 04 06 13 02 44 4B>
172 11: SET {
<30 09 06 03 55 04 06 13 02 44 4B>
174 9: SEQUENCE {
<06 03 55 04 06>
176 3: OBJECT IDENTIFIER '2 5 4 6'
<13 02 44 4B>
181 2: PrintableString 'DK'
: }
: }
<31 15 30 13 06 03 55 04 0A 13 0C 54 44 43 20 49 6E 74 65 72 6E 65 74>
185 21: SET {
<30 13 06 03 55 04 0A 13 0C 54 44 43 20 49 6E 74 65 72 6E 65 74>
187 19: SEQUENCE {
<06 03 55 04 0A>
189 3: OBJECT IDENTIFIER '2 5 4 10'
<13 0C 54 44 43 20 49 6E 74 65 72 6E 65 74>
194 12: PrintableString 'TDC Internet'
: }
: }
<31 1D 30 1B 06 03 55 04 0B 13 14 54 44 43 20 49 6E 74 65 72 6E 65 74 20>
208 29: SET {
<30 1B 06 03 55 04 0B 13 14 54 44 43 20 49 6E 74 65 72 6E 65 74 20 52 6F>
210 27: SEQUENCE {
<06 03 55 04 0B>
212 3: OBJECT IDENTIFIER '2 5 4 11'
<13 14 54 44 43 20 49 6E 74 65 72 6E 65 74 20 52 6F 6F 74 20 43 41>
217 20: PrintableString 'TDC Internet Root CA'
: }
: }
: }
<30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00>
239 290: SEQUENCE {
<30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00>
243 13: SEQUENCE {
<06 09 2A 86 48 86 F7 0D 01 01 01>
245 9: OBJECT IDENTIFIER '1 2 840 113549 1 1 1'
<05 00>
256 0: NULL
: }
<03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 C4 B8 40 BC 91 D5 63 1F D7 99>
258 271: BIT STRING, encapsulates {
<30 82 01 0A 02 82 01 01 00 C4 B8 40 BC 91 D5 63 1F D7 99 A0 8B 0C 40 1E>
263 266: SEQUENCE {
<02 82 01 01 00 C4 B8 40 BC 91 D5 63 1F D7 99 A0 8B 0C 40 1E 74 B7 48 9D>
267 257: INTEGER
: 00 C4 B8 40 BC 91 D5 63 1F D7 99 A0 8B 0C 40 1E
: 74 B7 48 9D 46 8C 02 B2 E0 24 5F F0 19 13 A7 37
: 83 6B 5D C7 8E F9 84 30 CE 1A 3B FA FB CE 8B 6D
: 23 C6 C3 6E 66 9F 89 A5 DF E0 42 50 67 FA 1F 6C
: 1E F4 D0 05 D6 BF CA D6 4E E4 68 60 6C 46 AA 1C
: 5D 63 E1 07 86 0E 65 00 A7 2E A6 71 C6 BC B9 81
: A8 3A 7D 1A D2 F9 D1 AC 4B CB CE 75 AF DC 7B FA
: 81 73 D4 FC BA BD 41 88 D4 74 B3 F9 5E 38 3A 3C
: [ Another 129 bytes skipped ]
<02 03 01 00 01>
528 3: INTEGER 65537
: }
: }
: }
<A3 5D 30 5B 30 0B 06 03 55 1D 0F 04 04 03 02 01 06 30 1D 06 03 55 1D 0E>
533 93: [3] {
<30 5B 30 0B 06 03 55 1D 0F 04 04 03 02 01 06 30 1D 06 03 55 1D 0E 04 16>
535 91: SEQUENCE {
<30 0B 06 03 55 1D 0F 04 04 03 02 01 06>
537 11: SEQUENCE {
<06 03 55 1D 0F>
539 3: OBJECT IDENTIFIER '2 5 29 15'
<04 04 03 02 01 06>
544 4: OCTET STRING, encapsulates {
<03 02 01 06>
546 2: BIT STRING 1 unused bits
: '1100000'B
: }
: }
<30 1D 06 03 55 1D 0E 04 16 04 14 6C 64 01 C7 FD 85 6D AC C8 DA 9E 50 08>
550 29: SEQUENCE {
<06 03 55 1D 0E>
552 3: OBJECT IDENTIFIER '2 5 29 14'
<04 16 04 14 6C 64 01 C7 FD 85 6D AC C8 DA 9E 50 08 85 08 B5 3C 56 A8 50>
557 22: OCTET STRING, encapsulates {
<04 14 6C 64 01 C7 FD 85 6D AC C8 DA 9E 50 08 85 08 B5 3C 56 A8 50>
559 20: OCTET STRING
: 6C 64 01 C7 FD 85 6D AC C8 DA 9E 50 08 85 08 B5
: 3C 56 A8 50
: }
: }
<30 1F 06 03 55 1D 23 04 18 30 16 80 14 43 24 8D 70 15 08 62 55 9C 4F 0C>
581 31: SEQUENCE {
<06 03 55 1D 23>
583 3: OBJECT IDENTIFIER '2 5 29 35'
<04 18 30 16 80 14 43 24 8D 70 15 08 62 55 9C 4F 0C 40 17 5D 86 5E 0F A2>
588 24: OCTET STRING, encapsulates {
<30 16 80 14 43 24 8D 70 15 08 62 55 9C 4F 0C 40 17 5D 86 5E 0F A2 4C FB>
590 22: SEQUENCE {
<80 14 43 24 8D 70 15 08 62 55 9C 4F 0C 40 17 5D 86 5E 0F A2 4C FB>
592 20: [0]
: 43 24 8D 70 15 08 62 55 9C 4F 0C 40 17 5D 86 5E
: 0F A2 4C FB
: }
: }
: }
<30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF>
614 12: SEQUENCE {
<06 03 55 1D 13>
616 3: OBJECT IDENTIFIER '2 5 29 19'
<04 05 30 03 01 01 FF>
621 5: OCTET STRING, encapsulates {
<30 03 01 01 FF>
623 3: SEQUENCE {
<01 01 FF>
625 1: BOOLEAN TRUE
: }
: }
: }
: }
: }
: }
<30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00>
628 13: SEQUENCE {
<06 09 2A 86 48 86 F7 0D 01 01 05>
630 9: OBJECT IDENTIFIER '1 2 840 113549 1 1 5'
<05 00>
641 0: NULL
: }
<03 82 01 01 01 38 76 F1 0B 02 CA 6F 1B 2E 2F D9 0B B1 36 8F E8 AC BA AA>
643 257: BIT STRING 1 unused bits
: 38 76 F1 0B 02 CA 6F 1B 2E 2F D9 0B B1 36 8F E8
: AC BA AA AC 56 B3 9D 6D 91 3E 04 92 E2 04 CF 19
: 2E 0F 88 F0 09 76 3E 32 F4 B9 E6 EC 39 63 77 50
: F4 B9 F6 5C 43 C8 63 A7 58 F2 A2 57 40 E3 FD 25
: 60 3A 62 F3 D6 38 D4 97 04 35 C2 16 EC B1 9E 96
: 6B 3A 31 B8 39 FA 7A 84 3A 2C 35 01 3B F9 4E D5
: 4A 72 F4 B9 A6 4A DA F4 FB 54 46 97 C6 61 0C 10
: B9 E0 0D BF 05 71 22 AC 05 E8 56 6E 67 93 02 E9
: [ Another 128 bytes skipped ]
: }
-----BEGIN CERTIFICATE----- MIIDhDCCAmygAwIBAgILAQAAAAAA5fIRge4wDQYJKoZIhvcNAQEFBQAwXzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFDASBgNVBAsTC1Bh cnRuZXJzIENBMR8wHQYDVQQDExZHbG9iYWxTaWduIFBhcnRuZXJzIENBMB4XDTAx MDQwMTEyMDAwMFoXDTA4MTIzMTEyMDAwMFowQzELMAkGA1UEBhMCREsxFTATBgNV BAoTDFREQyBJbnRlcm5ldDEdMBsGA1UECxMUVERDIEludGVybmV0IFJvb3QgQ0Ew ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEuEC8kdVjH9eZoIsMQB50 t0idRowCsuAkX/AZE6c3g2tdx475hDDOGjv6+86LbSPGw25mn4ml3+BCUGf6H2we 9NAF1r/K1k7kaGBsRqocXWPhB4YOZQCnLqZxxry5gag6fRrS+dGsS8vOda/ce/qB c9T8ur1BiNR0s/leODo8Q6jSlU53bRMMnY94AbdaIB8DNzXiLNtLKyx4uUnbxNDH nJzkiiAJIRZWZv8F7Fvj8M+rJCRew39wehLE0rUQoLYh4Y14aVVEafXKlhw0hRcl d+L2LyeYeP15Bjqi1lpDwf/sBDvuE+/TWFr/kuvsrtryNwNHQbaXyS0KQSK7u+an AgMBAAGjXTBbMAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUbGQBx/2FbazI2p5QCIUI tTxWqFAwHwYDVR0jBBgwFoAUQySNcBUIYlWcTwxAF12GXg+iTPswDAYDVR0TBAUw AwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAOHbxCwLKbxsuL9kLsTaP6Ky6qqxWs51t kT4EkuIEzxkuD4jwCXY+MvS55uw5Y3dQ9Ln2XEPIY6dY8qJXQOP9JWA6YvPWONSX BDXCFuyxnpZrOjG4Ofp6hDosNQE7+U7VSnL0uaZK2vT7VEaXxmEMELngDb8FcSKs BehWbmeTAunQphF3HAhSlk2q+tN6d1mNIutQfdrHOl+Z7rbCF4PrWylcg/6wwzcu KGKTVblmUG3HjyoqGkvRN05Wbl/P73LLN62dPpECliyE/NFEB0XBWuNin3GJkxqZ /uIfhiwuqlYcfddKe+rSc9Y79azxsp3K9qObGJjHf/xa/k80ovy2/g== -----END CERTIFICATE-----
Cannot open config file 'dumpasn1.cfg', which should be in the same
directory as the dumpasn1 program, a standard system directory, or
in a location pointed to by the DUMPASN1_PATH environment variable.
Operation will continue without the ability to display Object
Identifier information.
If the config file is located elsewhere, you can set the environment
variable DUMPASN1_PATH to the path to the file.
<30 82 03 84 30 82 02 6C A0 03 02 01 02 02 0B 01 00 00 00 00 00 E5 F2 11>
0 900: SEQUENCE {
<30 82 02 6C A0 03 02 01 02 02 0B 01 00 00 00 00 00 E5 F2 11 81 EE 30 0D>
4 620: SEQUENCE {
<A0 03 02 01 02>
8 3: [0] {
<02 01 02>
10 1: INTEGER 2
: }
<02 0B 01 00 00 00 00 00 E5 F2 11 81 EE>
13 11: INTEGER 01 00 00 00 00 00 E5 F2 11 81 EE
<30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00>
26 13: SEQUENCE {
<06 09 2A 86 48 86 F7 0D 01 01 05>
28 9: OBJECT IDENTIFIER '1 2 840 113549 1 1 5'
<05 00>
39 0: NULL
: }
<30 5F 31 0B 30 09 06 03 55 04 06 13 02 42 45 31 19 30 17 06 03 55 04 0A>
41 95: SEQUENCE {
<31 0B 30 09 06 03 55 04 06 13 02 42 45>
43 11: SET {
<30 09 06 03 55 04 06 13 02 42 45>
45 9: SEQUENCE {
<06 03 55 04 06>
47 3: OBJECT IDENTIFIER '2 5 4 6'
<13 02 42 45>
52 2: PrintableString 'BE'
: }
: }
<31 19 30 17 06 03 55 04 0A 13 10 47 6C 6F 62 61 6C 53 69 67 6E 20 6E 76>
56 25: SET {
<30 17 06 03 55 04 0A 13 10 47 6C 6F 62 61 6C 53 69 67 6E 20 6E 76 2D 73>
58 23: SEQUENCE {
<06 03 55 04 0A>
60 3: OBJECT IDENTIFIER '2 5 4 10'
<13 10 47 6C 6F 62 61 6C 53 69 67 6E 20 6E 76 2D 73 61>
65 16: PrintableString 'GlobalSign nv-sa'
: }
: }
<31 14 30 12 06 03 55 04 0B 13 0B 50 61 72 74 6E 65 72 73 20 43 41>
83 20: SET {
<30 12 06 03 55 04 0B 13 0B 50 61 72 74 6E 65 72 73 20 43 41>
85 18: SEQUENCE {
<06 03 55 04 0B>
87 3: OBJECT IDENTIFIER '2 5 4 11'
<13 0B 50 61 72 74 6E 65 72 73 20 43 41>
92 11: PrintableString 'Partners CA'
: }
: }
<31 1F 30 1D 06 03 55 04 03 13 16 47 6C 6F 62 61 6C 53 69 67 6E 20 50 61>
105 31: SET {
<30 1D 06 03 55 04 03 13 16 47 6C 6F 62 61 6C 53 69 67 6E 20 50 61 72 74>
107 29: SEQUENCE {
<06 03 55 04 03>
109 3: OBJECT IDENTIFIER '2 5 4 3'
<13 16 47 6C 6F 62 61 6C 53 69 67 6E 20 50 61 72 74 6E 65 72 73 20 43 41>
114 22: PrintableString 'GlobalSign Partners CA'
: }
: }
: }
<30 1E 17 0D 30 31 30 34 30 31 31 32 30 30 30 30 5A 17 0D 30 38 31 32 33>
138 30: SEQUENCE {
<17 0D 30 31 30 34 30 31 31 32 30 30 30 30 5A>
140 13: UTCTime 01/04/2001 12:00:00 GMT
<17 0D 30 38 31 32 33 31 31 32 30 30 30 30 5A>
155 13: UTCTime 31/12/2008 12:00:00 GMT
: }
<30 43 31 0B 30 09 06 03 55 04 06 13 02 44 4B 31 15 30 13 06 03 55 04 0A>
170 67: SEQUENCE {
<31 0B 30 09 06 03 55 04 06 13 02 44 4B>
172 11: SET {
<30 09 06 03 55 04 06 13 02 44 4B>
174 9: SEQUENCE {
<06 03 55 04 06>
176 3: OBJECT IDENTIFIER '2 5 4 6'
<13 02 44 4B>
181 2: PrintableString 'DK'
: }
: }
<31 15 30 13 06 03 55 04 0A 13 0C 54 44 43 20 49 6E 74 65 72 6E 65 74>
185 21: SET {
<30 13 06 03 55 04 0A 13 0C 54 44 43 20 49 6E 74 65 72 6E 65 74>
187 19: SEQUENCE {
<06 03 55 04 0A>
189 3: OBJECT IDENTIFIER '2 5 4 10'
<13 0C 54 44 43 20 49 6E 74 65 72 6E 65 74>
194 12: PrintableString 'TDC Internet'
: }
: }
<31 1D 30 1B 06 03 55 04 0B 13 14 54 44 43 20 49 6E 74 65 72 6E 65 74 20>
208 29: SET {
<30 1B 06 03 55 04 0B 13 14 54 44 43 20 49 6E 74 65 72 6E 65 74 20 52 6F>
210 27: SEQUENCE {
<06 03 55 04 0B>
212 3: OBJECT IDENTIFIER '2 5 4 11'
<13 14 54 44 43 20 49 6E 74 65 72 6E 65 74 20 52 6F 6F 74 20 43 41>
217 20: PrintableString 'TDC Internet Root CA'
: }
: }
: }
<30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00>
239 290: SEQUENCE {
<30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00>
243 13: SEQUENCE {
<06 09 2A 86 48 86 F7 0D 01 01 01>
245 9: OBJECT IDENTIFIER '1 2 840 113549 1 1 1'
<05 00>
256 0: NULL
: }
<03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 C4 B8 40 BC 91 D5 63 1F D7 99>
258 271: BIT STRING, encapsulates {
<30 82 01 0A 02 82 01 01 00 C4 B8 40 BC 91 D5 63 1F D7 99 A0 8B 0C 40 1E>
263 266: SEQUENCE {
<02 82 01 01 00 C4 B8 40 BC 91 D5 63 1F D7 99 A0 8B 0C 40 1E 74 B7 48 9D>
267 257: INTEGER
: 00 C4 B8 40 BC 91 D5 63 1F D7 99 A0 8B 0C 40 1E
: 74 B7 48 9D 46 8C 02 B2 E0 24 5F F0 19 13 A7 37
: 83 6B 5D C7 8E F9 84 30 CE 1A 3B FA FB CE 8B 6D
: 23 C6 C3 6E 66 9F 89 A5 DF E0 42 50 67 FA 1F 6C
: 1E F4 D0 05 D6 BF CA D6 4E E4 68 60 6C 46 AA 1C
: 5D 63 E1 07 86 0E 65 00 A7 2E A6 71 C6 BC B9 81
: A8 3A 7D 1A D2 F9 D1 AC 4B CB CE 75 AF DC 7B FA
: 81 73 D4 FC BA BD 41 88 D4 74 B3 F9 5E 38 3A 3C
: [ Another 129 bytes skipped ]
<02 03 01 00 01>
528 3: INTEGER 65537
: }
: }
: }
<A3 5D 30 5B 30 0B 06 03 55 1D 0F 04 04 03 02 01 06 30 1D 06 03 55 1D 0E>
533 93: [3] {
<30 5B 30 0B 06 03 55 1D 0F 04 04 03 02 01 06 30 1D 06 03 55 1D 0E 04 16>
535 91: SEQUENCE {
<30 0B 06 03 55 1D 0F 04 04 03 02 01 06>
537 11: SEQUENCE {
<06 03 55 1D 0F>
539 3: OBJECT IDENTIFIER '2 5 29 15'
<04 04 03 02 01 06>
544 4: OCTET STRING, encapsulates {
<03 02 01 06>
546 2: BIT STRING 1 unused bits
: '1100000'B
: }
: }
<30 1D 06 03 55 1D 0E 04 16 04 14 6C 64 01 C7 FD 85 6D AC C8 DA 9E 50 08>
550 29: SEQUENCE {
<06 03 55 1D 0E>
552 3: OBJECT IDENTIFIER '2 5 29 14'
<04 16 04 14 6C 64 01 C7 FD 85 6D AC C8 DA 9E 50 08 85 08 B5 3C 56 A8 50>
557 22: OCTET STRING, encapsulates {
<04 14 6C 64 01 C7 FD 85 6D AC C8 DA 9E 50 08 85 08 B5 3C 56 A8 50>
559 20: OCTET STRING
: 6C 64 01 C7 FD 85 6D AC C8 DA 9E 50 08 85 08 B5
: 3C 56 A8 50
: }
: }
<30 1F 06 03 55 1D 23 04 18 30 16 80 14 43 24 8D 70 15 08 62 55 9C 4F 0C>
581 31: SEQUENCE {
<06 03 55 1D 23>
583 3: OBJECT IDENTIFIER '2 5 29 35'
<04 18 30 16 80 14 43 24 8D 70 15 08 62 55 9C 4F 0C 40 17 5D 86 5E 0F A2>
588 24: OCTET STRING, encapsulates {
<30 16 80 14 43 24 8D 70 15 08 62 55 9C 4F 0C 40 17 5D 86 5E 0F A2 4C FB>
590 22: SEQUENCE {
<80 14 43 24 8D 70 15 08 62 55 9C 4F 0C 40 17 5D 86 5E 0F A2 4C FB>
592 20: [0]
: 43 24 8D 70 15 08 62 55 9C 4F 0C 40 17 5D 86 5E
: 0F A2 4C FB
: }
: }
: }
<30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF>
614 12: SEQUENCE {
<06 03 55 1D 13>
616 3: OBJECT IDENTIFIER '2 5 29 19'
<04 05 30 03 01 01 FF>
621 5: OCTET STRING, encapsulates {
<30 03 01 01 FF>
623 3: SEQUENCE {
<01 01 FF>
625 1: BOOLEAN TRUE
: }
: }
: }
: }
: }
: }
<30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00>
628 13: SEQUENCE {
<06 09 2A 86 48 86 F7 0D 01 01 05>
630 9: OBJECT IDENTIFIER '1 2 840 113549 1 1 5'
<05 00>
641 0: NULL
: }
<03 82 01 01 00 38 76 F1 0B 02 CA 6F 1B 2E 2F D9 0B B1 36 8F E8 AC BA AA>
643 257: BIT STRING
: 38 76 F1 0B 02 CA 6F 1B 2E 2F D9 0B B1 36 8F E8
: AC BA AA AC 56 B3 9D 6D 91 3E 04 92 E2 04 CF 19
: 2E 0F 88 F0 09 76 3E 32 F4 B9 E6 EC 39 63 77 50
: F4 B9 F6 5C 43 C8 63 A7 58 F2 A2 57 40 E3 FD 25
: 60 3A 62 F3 D6 38 D4 97 04 35 C2 16 EC B1 9E 96
: 6B 3A 31 B8 39 FA 7A 84 3A 2C 35 01 3B F9 4E D5
: 4A 72 F4 B9 A6 4A DA F4 FB 54 46 97 C6 61 0C 10
: B9 E0 0D BF 05 71 22 AC 05 E8 56 6E 67 93 02 E9
: [ Another 128 bytes skipped ]
: }
