OK, after getting side-tracked by /JBIG2Decode PDFs, let’s get back on the smartcard and RFID track.

The Poken is a little USB stick you keep on your keychain. You link it to your online identities. To befriend other Poken owners, you just have to hold your Pokens together for a second, and they’ll exchange IDs through RFID. The Poken is popular in The Netherlands, not only among children, but adults too. No more need to exchange business cards.

My 2 guinea pig Pokens were delivered last week. If you want to meet them in person, come to Brucon for my workshop.

When plugged into a PC, the Poken simulates a USB memory stick containing 3 files:

• autorun.inf
• help.txt
• Start_Poken.html

Start_Poken.html (started by autorun.inf or by you) will navigate to the Poken website and automatically login to your Poken account. It contains a URL with the necessary data to identify you to the Poken website. Having your Poken lost or stolen is an issue (as explained in the Poken FAQ), because of the auto-login feature.

But loosing physical control over your Poken is not the only way to get your account compromised. The URL is actually the only thing needed to gain access to your account. And because this URL uses the HTTP protocol (the Poken site doesn’t support HTTPS), it’s easy to intercept on insecure networks. Insecure networks are not the only issue. Because all the data is in the URL, it will also leave a copy of the URL in different systems on a network, for example in proxy logs.

To prevent unwanted access to your account, disable auto-login for your account (it was enabled by default for my account).

I was told by the Poken help-desk that they will support HTTPS in the future. But the current Pokens are hard-coded to use HTTP.

When I read the Poken FAQ stating that your data is protected by a “very advanced encryption method” (sic), I interpret that all the data is encrypted with a cipher like AES.
But this isn’t the case. Not all the data is encrypted. Your Poken ID (a 4-byte integer that uniquely identifies your Poken) is not encrypted. And neither are the IDs of the Pokens you befriend. Your personal account data entered on the Poken site is not stored on your Poken. The link between a Poken ID and an account is kept in the database of the Poken web site and is visible for its owner.

The data of a Poken is stored in the URL in file Start_Poken.html:

    URL=http://p.poken.ch/u/ABCDEFGH...

The path (ABCDEFGH…) is encoded in BASE64 (more precisely, a BASE64 variant compatible with URL encoding). I’ve identified the purpose of some of the first 96 bytes of data. It contains your Poken ID and various counters. 2 4-byte integers are changing with each use and appear to be random. These could be a (cryptographic) hash to guarantee the authenticity of the Poken data.
The rest of the data is used to store the IDs of the Pokens you befriended. There is room for 64 records (friends) of 16 bytes each. If you befriend more than 64 Pokens without connecting to the Poken site, the old records get overwritten by new records (like in a circular buffer) and you lose friends.

I’ve a tip for you: if you can’t connect to the Poken web site while befriending more than 64, connect your Poken to your laptop and backup file Start_Poken.html. Later, when you’ve access to the Poken site, open the backuped files in the order you backed them up. Each file will update your data. And after that, use your Poken.

The 16 byte record contains the befriended Poken ID, a status byte (discreet befriending), 3 bytes that look like a timestamp and 8 bytes that appear to be random. These 8 bytes could be a (cryptographic) hash to guarantee the authenticity of befriended Poken data and prevent spoofing or replaying.
So not all the data is encrypted: the Poken IDs are in cleartext. As the link between a Poken ID and the account is safely protected by the Poken web site, even if your data is stolen or intercepted, not much would be disclosed. Traffic analysis could be applied if data of several Pokens is intercepted during an event. Since most people make their friend list public, they shouldn’t care about the interception of the Poken IDs they befriended anyways.

And how about the strenght of the encryption? Well, contrary to what is stated in the Poken FAQ, I don’t believe it is state of the art. Modern, secure ciphers like AES work with blocks of at least 128 bits (16 bytes). In the Poken data, we have blocks of maximum 64 bits (8 bytes). 64 bit encryption is not state of the art anymore. For comparison, DES (and 3DES) work on 64 bits block. You shouldn’t use DES anymore, because it can be brute-forced, although that’s still not trivial to do.

Conclusion: the biggest risk of using a Poken is getting your account compromised, but this can be mitigated. And the encryption of the data on a Poken is not designed to protect your data, but to prevent fraud with the befriending process. The cipher isn’t AES or an equivalent cipher. Yet it is possible to build a small USB device that uses AES to encrypt all data: the YubiKey does it.

Ready for some Security Through Obscurity fun?
I’ve been playing with TrueCrypt‘s Boot Loader Screen Options to display a custom message when I boot my laptop with full disk encryption.

It’s probably enough to be misleading during a casual inspection of your laptop:

The screen doesn’t even display asterisks when you type your TrueCrypt password.
It’s just as unresponsive as the original “NTLDR is missing” screen.
The only difference with the Windows XP NT Loader missing message, is that the original is just a bit longer:

Or you can just let it display gibberish, like this:

And if challenged, say your laptop was infected with a virus from that damned hotel’s WiFi network.

The ultimate disaster recovery plan is not a corporate plan.

This plan is for your family, to help them take over from you, when you’re not able to take up your role in the family. Hopefully, this will only be a temporary situation, but you have to plan for the worse too: your demise.

List all critical tasks you perform for your family. Think about the information a family member needs to take over your tasks. Document this. Communicate this to your family members.

Most of this documentation is private but not confidential. You don’t want an outsider to read it, but it contains no real secrets. You’ll only want to use encryption for the real secrets, and communicate the key and decryption procedure to your family members and/or lawyer (or another trustworthy outsider). You don’t have to trust a single person with your key if you don’t want to, you can split it over several persons, like Cory Doctorow did.

2 years ago, a very good friend of mine died suddenly. That’s what motivated me to develop a html/javascript page with AES encryption to record and encrypt my will. The advantage of html/javascript is that it’s standalone and very portable.

When you open my Virtual Will page, it will detect that it contains no encrypted content, and display the following dialog:

Use this dialog to create and encrypt your message.

Copy all html code from the encrypt textbox, and save it as an html file. This html file is identical to the original, but it also contains your message encrypted with AES.

Provide this document to your family members, together with the (partial) key. For example, you could burn it to a CD-ROM and use autorun to open the page automatically.

To decrypt it, open the html file:

and enter the password:

You can also use a Virtual Will page with ciphertext to create a new page or update your will: type encrypt in the password field, and you’ll see the encryption fields appear.

I obtained the JavaScript AES code from Chris Veness.

Some limitations:

• Chris’ implementation doesn’t use a standard key derivation algorithm (and is limited to first 32 characters of the password)
• the ciphertext is not compatible with the openssl format
• it works with many browsers on different operating systems, but not on my S60 Nokia
• get the enter key to work correctly

I’ll improve these limitations if my software proves to be useful.

Of course, you can use this html page to encrypt anything and then pass it along, it doesn’t have to be a disaster recovery plan.

Download: virtualwill.html

Stina, Yubico’s CEO, gave me a Yubikey at RSA London last year. It’s a small keyfob simulating a USB keyboard. Each time you press the button while it’s inserted in a USB port, it generates a one-time-password.

The Yubikey is a clever little two-factor authentication device.

But I’ve some issues using the Yubikey in a really secure system. As Twitter plays a role in this, and because lately Twitter started to be used by trojans as a communication channel, I decided it’s time to publish the issues I encountered together with mitigating actions.

Technical details

The OTP generated by the Yubikey is an AES-encrypted data stream. I’ve obtained the AES-key embedded in my Yubikey from Yubico and am able to decode the OTP with a simple Python program.

Insert Yubikey and start generating OTPs:

OTP: lkeuuuceeeivjgtbjcbevigeccerfufugdijuhflckrd
public_id = lkeuuuceeeiv
secret_id = ************
counter = 26
counter_session = 1
random_number = 13042
timestamp = 0x8321a8

• public_id and secret_id identifies the Yubikey (notice that the public_id is the prefix of the OTP).
• counter: this is a persistent register. It is increased with 1 each time the Yubikey is inserted in a USB port.
• counter_session: this is a volatile register. It is set to 0 each time the Yubikey is inserted in a USB port, and increased with 1 for each OTP generation
• random_number is what it says on the tin: a random number, different per OTP
• timestamp is a volatile 32-bit register. It is set to a random value each time the Yubikey is inserted in a USB port, and is then increased with 1 by a 8Hz clock. Yubico specifies an average variation of 20% on the 8Hz clock per Yubikey. With the measurements I made, I calculate that the 8Hz clock of my key has a 32% deviation.

Validating an OTP is done by successfully decrypting the OTP. Replay attacks are mitigated by comparing the counters and timestamp with historical data.

When trying to design a website that uses the Yubikey to authenticate, I imagined the following attack and found a way to mitigate it.

Attack 1:

Assume a website that uses the Yubikey to logon (i.e. an OTP generated with your Yubikey is needed to log on to the site, possibly together with more classic credentials like a username/password combo).
Because this website has my AES key and can decrypt my OTP, my Yubikey authenticates me and I’m granted access to the site.
A web browser trojan could steal an OTP like this:

1. I generate an OTP (OTP1) with my Yubikey
2. The trojan intercepts and stores OTP1, doesn’t send OTP1 to the website, but makes the browser display a fake error message (404, server load too high, Yubikey error, …) prompting me to generate a second OTP
3. I’m fooled by the fake error, and generate a second OTP (OTP2) with my Yubikey
4. The trojan intercepts and stores OTP2, and sends OTP1 to the website
5. The website grants me access, and the trojan stops interfering
6. OTP2 can be used by the operators of the trojan to get access to the website, as long as I’m not first to access the website at a later time with a new OTP (OTP3). Twitter could be used as a channel to communicate the OTPs in real-time to the trojan operators.

Mitigation:

The website can detect this attack (the malicious use of OTP2) if the following algorithm is implemented:

1. for every account, the last valid OTP is stored, together with a server-side timestamp (when it was received by the website)
2. if a new OTP is received, the counter value of the previous OTP is compared with the counter value of the new OTP
3. when both counters have the same value, the website knows that the OTPs were generated in the same session, and thus that it can compare timestamps.
4. it calculates the delta of the timestamps of the OTPs, and also the delta of the server-side timestamps when it received the OTPs.
5. if the 2 deltas differ too much (more than 20% margin), then it refuses the OTP and doesn’t grand access to the website

But now comes the second attack for which I have no mitigation, despite some help from the Yubico forum.

Attack 2:

Assume a website which uses the Yubikey OTP to 1) authenticate users and 2) validate transactions. A classic example of such a site is an online banking site. The user generates an OTP to logon, and then has to generate an OTP for each financial transaction.
A web browser trojan could insert its own transaction like this:

1. I generate an OTP (OTP1) with my Yubikey
2. The trojan intercepts and stores OTP1 together with a timestamp, doesn’t send OTP1 to the website, but makes the browser display a fake error message (404, server load too high, Yubikey error, …) prompting me to generate a second OTP
3. I’m fooled by the fake error, and generate a second OTP (OTP2) with my Yubikey
4. The trojan intercepts and stores OTP2 together with a timestamp, and sends OTP1 to the website
5. The website grants me access
6. After an amount of time equal to the delta between the 2 stored timestamps, the trojan starts a transaction (invisible to the user) and uses OTP2 to validate the transaction.
7. When I start my own transactions, the trojan passes the OTPs on to the website, but delays them with the same timestamp delta to avoid post-exploitation detection.

I can’t device an algorithm to detect this fraud server-side, if the Yubikey is the only authentication and validation mechanism used. This attack would not work with a challenge-response token, because the keys generated by such a token are different for logon and transaction validation. Typically, these tokens generate one type of keys for logon, and another type of keys based on a challenge for transactions. The challenge encodes data of the transaction, so that a particular challenge can’t be used for another transaction.

One Yubico forum member suggests a type of CAPTCHA to ensure that each submitted OTP is submitted by a human (hence the CAPTCHA), but I don’t believe this is practical, as malware is able to defeat some CAPTCHAs and humans are unable to solve some CAPTCHAs.

Feel free to post a comment with your migitation suggestions, but please keep them practical .

A couple of people asked me how to get self-signed certificates recognized by Windows.

For example, when you check the digital signature of one of my programs (like ariad.exe), you’ll see this:

The digital signature is valid, but the root certificate used in the signature is not trusted. This is because this root certificate is not installed in the repository of trusted root certificates. I’ll show you how to achieve this, but understand that by installing a new root certificate, you automatically trust all signatures and subordinate certificates issued by this root certificate authority.

The first 2 methods I’ll present add the new root certificate to your own certificate repository (i.e. the one associated with your account). This means that under other user accounts, the new root certificate will not be trusted. The third method explains how to add the new root certificate to the computer’s repository, so that it is trusted by all users.

Say you’ve a root certificate, like one created using this method. Here’s how to install it in your account’s “Trusted Root Certificate Authorities” certificate store:

And from now on, all executables signed by this root certificate authority (or it’s subordinate authorities) are trusted:

As the root certificate we used in this example is good for all purposes, and because your certificate store also integrates with Internet Explorer, SSL certificates issued by this certificate authority will also be trusted by Internet Explorer.

If you don’t have the root certificate to install, you can also get it installed from the AuthentiCode signature like this:

And from here on, you follow the same steps as in the first method;

If you want to install certificates for all users, you’ll need to follow another method. But because this other method requires a certificate file, I’ll show you how to extract a certificate file from an AuthentiCode signature:

Follow the second method to view the root certificate, but instead of installing the certificate, look at the Details tab and export the certificate:

To install a root certificate for all users, you’ll need to start the Microsoft Management Console (mmc.exe) as an administrator:

And now you can import the root certificate following the same steps as in the first method:

TrueCrypt allows for full disk encryption of a system disk. I use it on my Windows machines.

You probably know that the TrueCrypt password you type is not the key. But it is, simply put, used to decrypt the master key that is in the volume header.

On a system drive, the volume header is stored in the last sector of the first track of the encrypted system drive (TrueCrypt 7.0 or later). Usually, a track is 63 sectors long and a sector is 512 bytes long. So the volume header is in sector 62.

When this header is corrupted or modified, you can no longer decrypt the disk, even with the correct password. You need to use the TrueCrypt Rescue Disk to restore the volume header. This rescue disk was created when you encrypted the disk.

I’m using Tiny Hexer on the Universal Boot CD For Windows to erase the volume header (you can’t modify the volume header easily when you booted from the TrueCrypt system disk; using a live CD like UBCD4WIN is one possible workaround).

First I’m checking the geometry of the system drive with MBRWizard:

Take a look at the CHS (Cylinders Heads Sectors) value: S = 63 confirms that a track is 63 sectors long.

Then I open the system drive with Tiny Hexer (notice that the sector size is 512 bytes or 0×200 bytes):

I go to sector 62, the last sector of the first track:

It contains the volume header (an encrypted volume header has no recognizable patterns, it looks like random bytes):

Then I erase the volume header by filling the sector with zeroes and writing it back to disk:

And if you absolutely want to prevent recovery of this erased sector, write several times to it with random data.

Booting is no longer possible, even with the correct password. The TrueCrypt bootloader will tell you the password is incorrect:

One can say that I’ve created a TrueCrypt disk that requires 2-factor authentication. To decrypt this disk, you need 2 factors: the password and the corresponding TrueCrypt Rescue Disk.

First you need to boot from the TrueCrypt Rescue Disk, and select Repair Options (F8):

And then you write the volume header back to the system disk. Remark that the TrueCrypt Rescue Disk requires you to enter the password before it writes the volume header to the disk:

And now you can boot from the system disk with your password.

Use this method if you need to travel with or mail an encrypted system disk and want to be 100% sure there is no way to decrypt the drive while in transit. But don’t travel with the 2 factors on you, send the TrueCrypt Rescue Disk via another channel.

Remark: MBRWizard allows you to wipe sectors, but for whatever reason, it couldn’t successfully wipe sector 62 on my test machine.

Oh yeah, don’t forget to make a full backup before you attempt this technique

Quickpost info

There seems to be some interest in the Authenticode signature used in some components of Flame that chain up to Microsoft’s root CA. So I decided to post the full dump of this signature. I extracted the signature from WuSetupV.exe with my digital signature tool and produced 2 dumps with openssl.

openssl pkcs7 -in WuSetupV.exe.vir.der -inform DER -text -print_certs:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
        Validity
            Not Before: Jun 15 00:00:00 2007 GMT
            Not After : Jun 14 23:59:59 2012 GMT
        Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer - G2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:c4:b5:f2:52:15:bc:88:86:60:29:16:4a:5b:2f:
                    4b:91:6b:87:91:f3:35:54:58:35:ea:d1:36:5e:62:
                    4d:52:51:34:71:c2:7b:66:1d:89:c8:dd:2a:c4:6a:
                    0a:f6:37:d9:98:74:91:f6:92:ae:b0:b5:76:96:f1:
                    a9:4a:63:45:47:2e:6b:0b:92:4e:4b:2b:8c:ee:58:
                    4a:8b:d4:07:e4:1a:2c:f8:82:aa:58:d9:cd:42:f3:
                    2d:c0:75:de:8d:ab:c7:8e:1d:9a:6c:4c:08:95:1e:
                    de:db:ef:67:e1:72:c2:49:c2:9e:60:3c:e1:e2:be:
                    16:a3:63:78:69:14:7b:ad:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access:
                OCSP - URI:http://ocsp.verisign.com

            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.verisign.com/tss-ca.crl

            X509v3 Extended Key Usage: critical
                Time Stamping
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation
            X509v3 Subject Alternative Name:
                DirName:/CN=TSA1-2
    Signature Algorithm: sha1WithRSAEncryption
        50:c5:4b:c8:24:80:df:e4:0d:24:c2:de:1a:b1:a1:02:a1:a6:
        82:2d:0c:83:15:81:37:0a:82:0e:2c:b0:5a:17:61:b5:d8:05:
        fe:88:db:f1:91:91:b3:56:1a:40:a6:eb:92:be:38:39:b0:75:
        36:74:3a:98:4f:e4:37:ba:99:89:ca:95:42:1d:b0:b9:c7:a0:
        8d:57:e0:fa:d5:64:04:42:35:4e:01:d1:33:a2:17:c8:4d:aa:
        27:c7:f2:e1:86:4c:02:38:4d:83:78:c6:fc:53:e0:eb:e0:06:
        87:dd:a4:96:9e:5e:0c:98:e2:a5:be:bf:82:85:c3:60:e1:df:
        ad:28:d8:c7:a5:4b:64:da:c7:1b:5b:bd:ac:39:08:d5:38:22:
        a1:33:8b:2f:8a:9a:eb:bc:07:21:3f:44:41:09:07:b5:65:1c:
        24:bc:48:d3:44:80:eb:a1:cf:c9:02:b4:14:cf:54:c7:16:a3:
        80:5c:f9:79:3e:5d:72:7d:88:17:9e:2c:43:a2:ca:53:ce:7d:
        3d:f6:2a:3a:b8:4f:94:00:a5:6d:0a:83:5d:f9:5e:53:f4:18:
        b3:57:0f:70:c3:fb:f5:ad:95:a0:0e:17:de:c4:16:80:60:c9:
        0f:2b:6e:86:04:f1:eb:f4:78:27:d1:05:c5:ee:34:5b:5e:b9:
        49:32:f2:33
-----BEGIN CERTIFICATE-----
MIIDejCCAmKgAwIBAgIQOCXX+vhhr570kOcmtdZa1TANBgkqhkiG9w0BAQUFADBT
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xKzApBgNVBAMT
IlZlcmlTaWduIFRpbWUgU3RhbXBpbmcgU2VydmljZXMgQ0EwHhcNMDcwNjE1MDAw
MDAwWhcNMTIwNjE0MjM1OTU5WjBcMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVy
aVNpZ24sIEluYy4xNDAyBgNVBAMTK1ZlcmlTaWduIFRpbWUgU3RhbXBpbmcgU2Vy
dmljZXMgU2lnbmVyIC0gRzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMS1
8lIVvIiGYCkWSlsvS5Frh5HzNVRYNerRNl5iTVJRNHHCe2YdicjdKsRqCvY32Zh0
kfaSrrC1dpbxqUpjRUcuawuSTksrjO5YSovUB+QaLPiCqljZzULzLcB13o2rx44d
mmxMCJUe3tvvZ+FywknCnmA84eK+FqNjeGkUe60tAgMBAAGjgcQwgcEwNAYIKwYB
BQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20w
DAYDVR0TAQH/BAIwADAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnZlcmlz
aWduLmNvbS90c3MtY2EuY3JsMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMA4GA1Ud
DwEB/wQEAwIGwDAeBgNVHREEFzAVpBMwETEPMA0GA1UEAxMGVFNBMS0yMA0GCSqG
SIb3DQEBBQUAA4IBAQBQxUvIJIDf5A0kwt4asaECoaaCLQyDFYE3CoIOLLBaF2G1
2AX+iNvxkZGzVhpApuuSvjg5sHU2dDqYT+Q3upmJypVCHbC5x6CNV+D61WQEQjVO
AdEzohfITaonx/LhhkwCOE2DeMb8U+Dr4AaH3aSWnl4MmOKlvr+ChcNg4d+tKNjH
pUtk2scbW72sOQjVOCKhM4sviprrvAchP0RBCQe1ZRwkvEjTRIDroc/JArQUz1TH
FqOAXPl5Pl1yfYgXnixDospTzn099io6uE+UAKVtCoNd+V5T9BizVw9ww/v1rZWg
DhfexBaAYMkPK26GBPHr9Hgn0QXF7jRbXrlJMvIz
-----END CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
        Validity
            Not Before: Dec  4 00:00:00 2003 GMT
            Not After : Dec  3 23:59:59 2013 GMT
        Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a9:ca:b2:a4:cc:cd:20:af:0a:7d:89:ac:87:75:
                    f0:b4:4e:f1:df:c1:0f:bf:67:61:bd:a3:64:1c:da:
                    bb:f9:ca:33:ab:84:30:89:58:7e:8c:db:6b:dd:36:
                    9e:0f:bf:d1:ec:78:f2:77:a6:7e:6f:3c:bf:93:af:
                    0d:ba:68:f4:6c:94:ca:bd:52:2d:ab:48:3d:f5:b6:
                    d5:5d:5f:1b:02:9f:fa:2f:6b:1e:a4:f7:a3:9a:a6:
                    1a:c8:02:e1:7f:4c:52:e3:0e:60:ec:40:1c:7e:b9:
                    0d:de:3f:c7:b4:df:87:bd:5f:7a:6a:31:2e:03:99:
                    81:13:a8:47:20:ce:31:73:0d:57:2d:cd:78:34:33:
                    95:12:99:12:b9:de:68:2f:aa:e6:e3:c2:8a:8c:2a:
                    c3:8b:21:87:66:bd:83:58:57:6f:75:bf:3c:aa:26:
                    87:5d:ca:10:15:3c:9f:84:ea:54:c1:0a:6e:c4:fe:
                    c5:4a:dd:b9:07:11:97:22:7c:db:3e:27:d1:1e:78:
                    ec:9f:31:c9:f1:e6:22:19:db:c4:b3:47:43:9a:1a:
                    5f:a0:1e:90:e4:5e:f5:ee:7c:f1:7d:ab:62:01:8f:
                    f5:4d:0b:de:d0:22:56:a8:95:cd:ae:88:76:ae:ee:
                    ba:0d:f3:e4:4d:d9:a0:fb:68:a0:ae:14:3b:b3:87:
                    c1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access:
                OCSP - URI:http://ocsp.verisign.com

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.verisign.com/ThawteTimestampingCA.crl

            X509v3 Extended Key Usage:
                Time Stamping
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name:
                DirName:/CN=TSA2048-1-53
    Signature Algorithm: sha1WithRSAEncryption
        4a:6b:f9:ea:58:c2:44:1c:31:89:79:99:2b:96:bf:82:ac:01:
        d6:1c:4c:cd:b0:8a:58:6e:df:08:29:a3:5e:c8:ca:93:13:e7:
        04:52:0d:ef:47:27:2f:00:38:b0:e4:c9:93:4e:9a:d4:22:62:
        15:f7:3f:37:21:4f:70:31:80:f1:8b:38:87:b3:e8:e8:97:00:
        fe:cf:55:96:4e:24:d2:a9:27:4e:7a:ae:b7:61:41:f3:2a:ce:
        e7:c9:d9:5e:dd:bb:2b:85:3e:b5:9d:b5:d9:e1:57:ff:be:b4:
        c5:7e:f5:cf:0c:9e:f0:97:fe:2b:d3:3b:52:1b:1b:38:27:f7:
        3f:4a
-----BEGIN CERTIFICATE-----
MIIDxDCCAy2gAwIBAgIQR78Zld+NUkZD99ttSA0xpDANBgkqhkiG9w0BAQUFADCB
izELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxML
RHVyYmFudmlsbGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUVGhhd3RlIENl
cnRpZmljYXRpb24xHzAdBgNVBAMTFlRoYXd0ZSBUaW1lc3RhbXBpbmcgQ0EwHhcN
MDMxMjA0MDAwMDAwWhcNMTMxMjAzMjM1OTU5WjBTMQswCQYDVQQGEwJVUzEXMBUG
A1UEChMOVmVyaVNpZ24sIEluYy4xKzApBgNVBAMTIlZlcmlTaWduIFRpbWUgU3Rh
bXBpbmcgU2VydmljZXMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCpyrKkzM0grwp9iayHdfC0TvHfwQ+/Z2G9o2Qc2rv5yjOrhDCJWH6M22vdNp4P
v9HsePJ3pn5vPL+Trw26aPRslMq9Ui2rSD31ttVdXxsCn/ovax6k96OaphrIAuF/
TFLjDmDsQBx+uQ3eP8e034e9X3pqMS4DmYETqEcgzjFzDVctzXg0M5USmRK53mgv
qubjwoqMKsOLIYdmvYNYV291vzyqJoddyhAVPJ+E6lTBCm7E/sVK3bkHEZcifNs+
J9EeeOyfMcnx5iIZ28SzR0OaGl+gHpDkXvXufPF9q2IBj/VNC97QIlaolc2uiHau
7roN8+RN2aD7aKCuFDuzh8G7AgMBAAGjgdswgdgwNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wEgYDVR0TAQH/BAgw
BgEB/wIBADBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnZlcmlzaWduLmNv
bS9UaGF3dGVUaW1lc3RhbXBpbmdDQS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUHAwgw
DgYDVR0PAQH/BAQDAgEGMCQGA1UdEQQdMBukGTAXMRUwEwYDVQQDEwxUU0EyMDQ4
LTEtNTMwDQYJKoZIhvcNAQEFBQADgYEASmv56ljCRBwxiXmZK5a/gqwB1hxMzbCK
WG7fCCmjXsjKkxPnBFIN70cnLwA4sOTJk06a1CJiFfc/NyFPcDGA8Ys4h7Po6JcA
/s9Vlk4k0qknTnqut2FB8yrO58nZXt27K4U+tZ212eFX/760xX71zwye8Jf+K9M7
UhsbOCf3P0o=
-----END CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
        Signature Algorithm: md5WithRSAEncryption
        Issuer: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
        Validity
            Not Before: Jan 10 07:00:00 1997 GMT
            Not After : Dec 31 07:00:00 2020 GMT
        Subject: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a9:02:bd:c1:70:e6:3b:f2:4e:1b:28:9f:97:78:
                    5e:30:ea:a2:a9:8d:25:5f:f8:fe:95:4c:a3:b7:fe:
                    9d:a2:20:3e:7c:51:a2:9b:a2:8f:60:32:6b:d1:42:
                    64:79:ee:ac:76:c9:54:da:f2:eb:9c:86:1c:8f:9f:
                    84:66:b3:c5:6b:7a:62:23:d6:1d:3c:de:0f:01:92:
                    e8:96:c4:bf:2d:66:9a:9a:68:26:99:d0:3a:2c:bf:
                    0c:b5:58:26:c1:46:e7:0a:3e:38:96:2c:a9:28:39:
                    a8:ec:49:83:42:e3:84:0f:bb:9a:6c:55:61:ac:82:
                    7c:a1:60:2d:77:4c:e9:99:b4:64:3b:9a:50:1c:31:
                    08:24:14:9f:a9:e7:91:2b:18:e6:3d:98:63:14:60:
                    58:05:65:9f:1d:37:52:87:f7:a7:ef:94:02:c6:1b:
                    d3:bf:55:45:b3:89:80:bf:3a:ec:54:94:4e:ae:fd:
                    a7:7a:6d:74:4e:af:18:cc:96:09:28:21:00:57:90:
                    60:69:37:bb:4b:12:07:3c:56:ff:5b:fb:a4:66:0a:
                    08:a6:d2:81:56:57:ef:b6:3b:5e:16:81:77:04:da:
                    f6:be:ae:80:95:fe:b0:cd:7f:d6:a7:1a:72:5c:3c:
                    ca:bc:f0:08:a3:22:30:b3:06:85:c9:b3:20:77:13:
                    85:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            2.5.29.1:
                0....[.p.ir.#Q~..M....r0p1+0)..U..."Copyright (c) 1997 Microsoft Corp.1.0...U....Microsoft Corporation1!0...U....Microsoft Root Authority......<.c..@
    Signature Algorithm: md5WithRSAEncryption
        95:e8:0b:c0:8d:f3:97:18:35:ed:b8:01:24:d8:77:11:f3:5c:
        60:32:9f:9e:0b:cb:3e:05:91:88:8f:c9:3a:e6:21:f2:f0:57:
        93:2c:b5:a0:47:c8:62:ef:fc:d7:cc:3b:3b:5a:a9:36:54:69:
        fe:24:6d:3f:c9:cc:aa:de:05:7c:dd:31:8d:3d:9f:10:70:6a:
        bb:fe:12:4f:18:69:c0:fc:d0:43:e3:11:5a:20:4f:ea:62:7b:
        af:aa:19:c8:2b:37:25:2d:be:65:a1:12:8a:25:0f:63:a3:f7:
        54:1c:f9:21:c9:d6:15:f3:52:ac:6e:43:32:07:fd:82:17:f8:
        e5:67:6c:0d:51:f6:bd:f1:52:c7:bd:e7:c4:30:fc:20:31:09:
        88:1d:95:29:1a:4d:d5:1d:02:a5:f1:80:e0:03:b4:5b:f4:b1:
        dd:c8:57:ee:65:49:c7:52:54:b6:b4:03:28:12:ff:90:d6:f0:
        08:8f:7e:b8:97:c5:ab:37:2c:e4:7a:e4:a8:77:e3:76:a0:00:
        d0:6a:3f:c1:d2:36:8a:e0:41:12:a8:35:6a:1b:6a:db:35:e1:
        d4:1c:04:e4:a8:45:04:c8:5a:33:38:6e:4d:1c:0d:62:b7:0a:
        a2:8c:d3:d5:54:3f:46:cd:1c:55:a6:70:db:12:3a:87:93:75:
        9f:a7:d2:a0
-----BEGIN CERTIFICATE-----
MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAx
KzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAc
BgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0
IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFow
cDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEe
MBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3Nv
ZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR5
7qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbB
RucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55Er
GOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgko
IQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJc
PMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw
72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBN
aWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEh
MB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs
30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4F
kYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+
Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH
/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdS
VLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQc
BOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA=
-----END CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:ab:11:de:e5:2f:1b:19:d0:56
        Signature Algorithm: md5WithRSAEncryption
        Issuer: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
        Validity
            Not Before: Dec 10 01:55:35 2009 GMT
            Not After : Oct 23 08:00:00 2016 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Copyright (c) 1999 Microsoft Corp., CN=Microsoft Enforced Licensing Intermediate PCA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:fa:c9:3f:35:cb:b4:42:4c:19:a8:98:e2:f4:e6:
                    ca:c5:b2:ff:e9:29:25:63:9a:b7:eb:b9:28:2b:a7:
                    58:1f:05:df:d8:f8:cf:4a:f1:92:47:15:c0:b5:e0:
                    42:32:37:82:99:d6:4b:3a:5a:d6:7a:25:2a:9b:13:
                    8f:75:75:cb:9e:52:c6:65:ab:6a:0a:b5:7f:7f:20:
                    69:a4:59:04:2c:b7:b5:eb:7f:2c:0d:82:a8:3b:10:
                    d1:7f:a3:4e:39:e0:28:2c:39:f3:78:d4:84:77:36:
                    ba:68:0f:e8:5d:e5:52:e1:6c:e2:78:d6:d7:c6:b9:
                    dc:7b:08:44:ad:7d:72:ee:4a:f4:d6:5a:a8:59:63:
                    f4:a0:ee:f3:28:55:7d:2b:78:68:2e:79:b6:1d:e6:
                    af:69:8a:09:ba:39:88:b4:92:65:0d:12:17:09:ea:
                    2a:a4:b8:4a:8e:40:f3:74:de:a4:74:e5:08:5a:25:
                    cc:80:7a:76:2e:ee:ff:21:4e:b0:65:6c:64:50:5c:
                    ad:8f:c6:59:9b:07:3e:05:f8:e5:92:cb:d9:56:1d:
                    30:0f:72:f0:ac:a8:5d:43:41:ff:c9:fd:5e:fa:81:
                    cc:3b:dc:f0:fd:56:4c:21:7c:7f:5e:ed:73:30:3a:
                    3f:f2:e8:93:8b:d5:f3:cd:0e:27:14:49:67:94:ce:
                    b9:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage:
                Code Signing, 1.3.6.1.4.1.311.10.6.1, 1.3.6.1.4.1.311.10.6.2
            2.5.29.1:
                0....[.p.ir.#Q~..M....r0p1+0)..U..."Copyright (c) 1997 Microsoft Corp.1.0...U....Microsoft Corporation1!0...U....Microsoft Root Authority......<.c..@
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                6A:97:E0:C8:9F:F4:49:B4:89:24:B3:E3:D1:A8:22:86:AA:D4:94:43
            X509v3 Key Usage:
                Digital Signature, Certificate Sign, CRL Sign
    Signature Algorithm: md5WithRSAEncryption
        5d:2b:68:a5:e2:da:c7:2b:5c:77:ec:ea:0e:1f:e3:8e:41:57:
        60:b4:8f:3f:a2:88:d2:0f:77:1a:92:9f:37:59:bb:15:97:dc:
        a8:73:56:60:87:e3:3d:bc:b4:e1:10:64:2d:c8:b8:d6:81:00:
        06:89:1f:96:41:ac:05:1a:ca:78:00:d9:db:5f:b6:f9:71:87:
        8e:04:7b:fa:78:f2:1e:2f:df:8b:b3:04:fe:7a:cc:ef:af:5e:
        98:da:1d:ad:94:95:74:b0:d9:87:97:58:1c:4f:a4:82:c7:f9:
        b3:ae:09:06:12:7e:cb:fd:22:6a:94:99:4a:c3:b9:32:44:87:
        bc:bf:f7:7c:60:6c:88:cc:c0:fd:b6:5c:14:19:71:31:5f:99:
        d2:db:a7:0c:9d:c2:75:9d:ba:ed:b1:88:6c:52:1b:42:5a:2d:
        b0:e3:13:04:78:ff:51:d7:58:e7:18:c0:01:8c:f8:43:12:a8:
        9d:8c:b5:81:f3:70:a0:ad:19:c6:e4:e4:44:e5:55:05:50:d3:
        88:40:65:aa:d0:02:0e:00:4d:84:bb:6a:39:0c:6d:88:f1:1e:
        d6:95:72:34:70:9b:c5:a6:6f:66:bc:94:14:df:34:ff:e4:63:
        3a:93:31:13:de:a0:2c:7a:73:68:7c:0e:44:98:a0:a8:37:3e:
        2e:3a:5b:22
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIKOqsR3uUvGxnQVjANBgkqhkiG9w0BAQQFADBwMSswKQYD
VQQLEyJDb3B5cmlnaHQgKGMpIDE5OTcgTWljcm9zb2Z0IENvcnAuMR4wHAYDVQQL
ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xITAfBgNVBAMTGE1pY3Jvc29mdCBSb290
IEF1dGhvcml0eTAeFw0wOTEyMTAwMTU1MzVaFw0xNjEwMjMwODAwMDBaMIG5MQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u
ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSswKQYDVQQLEyJDb3B5
cmlnaHQgKGMpIDE5OTkgTWljcm9zb2Z0IENvcnAuMTYwNAYDVQQDEy1NaWNyb3Nv
ZnQgRW5mb3JjZWQgTGljZW5zaW5nIEludGVybWVkaWF0ZSBQQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6yT81y7RCTBmomOL05srFsv/pKSVjmrfr
uSgrp1gfBd/Y+M9K8ZJHFcC14EIyN4KZ1ks6WtZ6JSqbE491dcueUsZlq2oKtX9/
IGmkWQQst7XrfywNgqg7ENF/o0454CgsOfN41IR3NrpoD+hd5VLhbOJ41tfGudx7
CEStfXLuSvTWWqhZY/Sg7vMoVX0reGguebYd5q9pigm6OYi0kmUNEhcJ6iqkuEqO
QPN03qR05QhaJcyAenYu7v8hTrBlbGRQXK2PxlmbBz4F+OWSy9lWHTAPcvCsqF1D
Qf/J/V76gcw73PD9VkwhfH9e7XMwOj/y6JOL1fPNDicUSWeUzrklAgMBAAGjggET
MIIBDzArBgNVHSUEJDAiBggrBgEFBQcDAwYKKwYBBAGCNwoGAQYKKwYBBAGCNwoG
AjCBogYDVR0BBIGaMIGXgBBb0HDvaXKeI1F+FLJNjv/LoXIwcDErMCkGA1UECxMi
Q29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEeMBwGA1UECxMVTWlj
cm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3NvZnQgUm9vdCBBdXRo
b3JpdHmCDwDBAIs8PIgR0T72Y+zfQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
BBRql+DIn/RJtIkks+PRqCKGqtSUQzALBgNVHQ8EBAMCAYYwDQYJKoZIhvcNAQEE
BQADggEBAF0raKXi2scrXHfs6g4f445BV2C0jz+iiNIPdxqSnzdZuxWX3KhzVmCH
4z28tOEQZC3IuNaBAAaJH5ZBrAUayngA2dtftvlxh44Ee/p48h4v34uzBP56zO+v
XpjaHa2UlXSw2YeXWBxPpILH+bOuCQYSfsv9ImqUmUrDuTJEh7y/93xgbIjMwP22
XBQZcTFfmdLbpwydwnWduu2xiGxSG0JaLbDjEwR4/1HXWOcYwAGM+EMSqJ2MtYHz
cKCtGcbk5ETlVQVQ04hAZarQAg4ATYS7ajkMbYjxHtaVcjRwm8Wmb2a8lBTfNP/k
YzqTMRPeoCx6c2h8DkSYoKg3Pi46WyI=
-----END CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:51:5b:02:00:00:00:00:00:08
        Signature Algorithm: md5WithRSAEncryption
        Issuer: DC=com, DC=microsoft, DC=extranet, DC=partners, CN=Microsoft LSRA PA
        Validity
            Not Before: Feb 23 19:21:36 2010 GMT
            Not After : Feb 19 21:48:39 2012 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft, CN=TLS Server
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:b8:88:fb:42:d4:31:b0:f7:d7:f4:dc:35:59:8e:
                    9c:e3:63:d9:fe:81:98:6d:58:80:10:51:9b:9e:11:
                    04:50:e9:29:e6:93:a5:23:f8:10:75:e0:a6:a1:9f:
                    07:53:77:14:b3:db:c8:eb:ab:77:0e:88:9a:a5:f2:
                    29:d4:90:73:e5:d7:13:13:e2:05:57:08:69:1d:e4:
                    42:bd:95:00:8a:2a:43:53:d7:ca:d8:0d:4c:a3:85:
                    3e:70:cf:80:2f:71:bd:18:bb:77:d3:d2:71:5d:47:
                    43:1c:60:9c:35:11:9f:36:b2:d9:6c:37:3d:0b:07:
                    34:7e:cc:2b:11:14:bc:4d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation
            X509v3 Subject Key Identifier:
                C5:01:E3:20:B1:88:03:51:7E:65:13:A8:B1:62:7D:D0:CC:6B:D9:17
            X509v3 Authority Key Identifier:
                keyid:75:E8:03:58:5D:FB:65:E4:D9:A6:AC:17:B6:03:7E:47:AD:2E:81:AF

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://tkxpasrv36.partners.extranet.microsoft.com/CertEnroll/Microsoft%20LSRA%20PA.crl
                  URI:file://\\tkxpasrv36.partners.extranet.microsoft.com\CertEnroll\Microsoft LSRA PA.crl

            Authority Information Access:
                CA Issuers - URI:http://tkxpasrv36.partners.extranet.microsoft.com/CertEnroll/tkxpasrv36.partners.extranet.microsoft.com_Microsoft%20LSRA%20PA.crt
                CA Issuers - URI:file://\\tkxpasrv36.partners.extranet.microsoft.com\CertEnroll\tkxpasrv36.partners.extranet.microsoft.com_Microsoft LSRA PA.crt

    Signature Algorithm: md5WithRSAEncryption
        63:1d:f1:1b:73:08:8c:04:8e:9c:aa:1c:79:9e:cb:3f:6c:22:
        aa:41:a0:66:21:8f:49:21:9e:43:77:0e:22:9a:25:02:b2:15:
        65:f1:6b:82:2d:a5:f6:05:9d:36:4c:25:ae:85:3c:3a:4e:60:
        9d:2a:cb:b0:24:a6:6d:5c:5a:5e:85:df:f6:67:7e:71:9c:21:
        f0:76:42:a2:98:32:0d:7b:61:06:58:c6:c1:a1:38:5e:f1:9c:
        8d:d7:ac:a4:35:80:19:ed:e5:4e:81:4b:a7:d2:4b:e6:b1:84:
        96:07:80:a1:d3:1f:6a:fc:da:22:a1:d9:5b:c7:cd:a4:9f:96:
        f7:11:a9:94:5e:a9:79:13:8d:89:b0:af:ef:da:e5:f4:d1:6e:
        8d:b7:24:e5:a6:7f:92:19:40:b4:0b:3c:03:23:27:f1:78:94:
        9a:05:d3:e1:d7:6c:f4:da:46:2b:5f:0b:71:39:85:26:e5:8b:
        fb:f9:38:bc:d8:cd:06:77:55:f5:59:90:93:5c:04:44:0f:ed:
        32:19:5c:43:67:5d:a8:0e:33:c7:54:69:0d:2b:2f:4b:f8:f4:
        aa:02:c1:ae:3b:f6:32:bf:f3:62:f9:e3:d0:24:ad:3b:66:39:
        a1:5e:87:5b:50:d5:c8:51:f3:8b:a6:2b:d7:7f:63:7f:bc:26:
        bc:99:6c:68
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIKFFFbAgAAAAAACDANBgkqhkiG9w0BAQQFADCBgDETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEYMBYG
CgmSJomT8ixkARkWCGV4dHJhbmV0MRgwFgYKCZImiZPyLGQBGRYIcGFydG5lcnMx
GjAYBgNVBAMTEU1pY3Jvc29mdCBMU1JBIFBBMB4XDTEwMDIyMzE5MjEzNloXDTEy
MDIxOTIxNDgzOVowXTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
EDAOBgNVBAcTB1JlZG1vbmQxEjAQBgNVBAoTCU1pY3Jvc29mdDETMBEGA1UEAxMK
VExTIFNlcnZlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuIj7QtQxsPfX
9Nw1WY6c42PZ/oGYbViAEFGbnhEEUOkp5pOlI/gQdeCmoZ8HU3cUs9vI66t3Doia
pfIp1JBz5dcTE+IFVwhpHeRCvZUAiipDU9fK2A1Mo4U+cM+AL3G9GLt309JxXUdD
HGCcNRGfNrLZbDc9Cwc0fswrERS8TbUCAwEAAaOCAk4wggJKMA4GA1UdDwEB/wQE
AwIGwDAdBgNVHQ4EFgQUxQHjILGIA1F+ZROosWJ90Mxr2RcwHwYDVR0jBBgwFoAU
degDWF37ZeTZpqwXtgN+R60uga8wgcIGA1UdHwSBujCBtzCBtKCBsaCBroZWaHR0
cDovL3RreHBhc3J2MzYucGFydG5lcnMuZXh0cmFuZXQubWljcm9zb2Z0LmNvbS9D
ZXJ0RW5yb2xsL01pY3Jvc29mdCUyMExTUkElMjBQQS5jcmyGVGZpbGU6Ly9cXHRr
eHBhc3J2MzYucGFydG5lcnMuZXh0cmFuZXQubWljcm9zb2Z0LmNvbVxDZXJ0RW5y
b2xsXE1pY3Jvc29mdCBMU1JBIFBBLmNybDCCATEGCCsGAQUFBwEBBIIBIzCCAR8w
gY4GCCsGAQUFBzAChoGBaHR0cDovL3RreHBhc3J2MzYucGFydG5lcnMuZXh0cmFu
ZXQubWljcm9zb2Z0LmNvbS9DZXJ0RW5yb2xsL3RreHBhc3J2MzYucGFydG5lcnMu
ZXh0cmFuZXQubWljcm9zb2Z0LmNvbV9NaWNyb3NvZnQlMjBMU1JBJTIwUEEuY3J0
MIGLBggrBgEFBQcwAoZ/ZmlsZTovL1xcdGt4cGFzcnYzNi5wYXJ0bmVycy5leHRy
YW5ldC5taWNyb3NvZnQuY29tXENlcnRFbnJvbGxcdGt4cGFzcnYzNi5wYXJ0bmVy
cy5leHRyYW5ldC5taWNyb3NvZnQuY29tX01pY3Jvc29mdCBMU1JBIFBBLmNydDAN
BgkqhkiG9w0BAQQFAAOCAQEAYx3xG3MIjASOnKoceZ7LP2wiqkGgZiGPSSGeQ3cO
IpolArIVZfFrgi2l9gWdNkwlroU8Ok5gnSrLsCSmbVxaXoXf9md+cZwh8HZCopgy
DXthBljGwaE4XvGcjdespDWAGe3lToFLp9JL5rGElgeAodMfavzaIqHZW8fNpJ+W
9xGplF6peRONibCv79rl9NFujbck5aZ/khlAtAs8AyMn8XiUmgXT4dds9NpGK18L
cTmFJuWL+/k4vNjNBndV9VmQk1wERA/tMhlcQ2ddqA4zx1RpDSsvS/j0qgLBrjv2
Mr/zYvnj0CStO2Y5oV6HW1DVyFHzi6Yr139jf7wmvJlsaA==
-----END CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:03:73:c5:00:01:00:00:00:1a
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Copyright (c) 2003 Microsoft Corp., CN=Microsoft Enforced Licensing Registration Authority CA
        Validity
            Not Before: Feb 19 21:48:39 2010 GMT
            Not After : Feb 19 21:48:39 2012 GMT
        Subject: DC=com, DC=microsoft, DC=extranet, DC=partners, CN=Microsoft LSRA PA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d7:27:32:63:50:bc:ca:67:6c:44:c2:08:0a:fb:
                    aa:e8:25:ff:e5:a8:f3:32:53:0b:53:af:b7:29:cc:
                    2c:91:34:01:f1:52:59:55:73:df:56:2c:25:ae:41:
                    d1:2a:de:09:d1:90:41:bf:2c:c7:6d:e6:1b:0d:5c:
                    1f:c4:62:06:1f:72:6a:fc:a6:d7:19:57:c1:06:42:
                    35:50:78:ec:6d:a2:13:b0:90:9d:0c:9d:d8:5f:b7:
                    bf:f0:cc:b1:a9:b8:c1:f7:b9:a9:e3:14:c6:9a:bb:
                    6a:8c:c8:6f:bb:c4:e6:3b:de:c3:16:25:cf:76:d4:
                    7c:e5:88:80:e9:4e:27:6d:b9:c6:fb:a6:6e:b0:65:
                    15:e3:4d:b3:1b:e9:ac:fa:87:37:8a:e9:81:d1:4e:
                    49:26:b8:26:72:3d:bf:cc:cb:d3:9c:55:cf:a9:2b:
                    4b:22:78:44:85:0b:04:ee:09:84:bb:65:c4:31:8a:
                    83:3b:fa:53:98:a1:fd:a1:f4:4c:71:4c:e9:15:87:
                    2b:13:ef:dc:d6:52:84:ed:1c:e5:35:4a:22:2c:14:
                    84:6b:f2:8a:ef:9b:f6:d3:75:ce:6d:0e:81:1f:6d:
                    df:22:ee:b3:ec:01:36:d8:ff:68:ff:4e:ba:75:d5:
                    4e:18:e6:b4:00:7e:b9:a3:ee:31:2e:4e:a0:0c:e5:
                    21:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Subject Key Identifier:
                75:E8:03:58:5D:FB:65:E4:D9:A6:AC:17:B6:03:7E:47:AD:2E:81:AF
            X509v3 Key Usage:
                Digital Signature, Certificate Sign, CRL Sign
            1.3.6.1.4.1.311.21.1:
                ...
            1.3.6.1.4.1.311.20.2:
                .
.S.u.b.C.A
            X509v3 Authority Key Identifier:
                keyid:B4:A1:D8:DE:FB:0E:C4:CB:9D:9F:06:CF:36:0D:91:1A:F8:9F:5B:E3

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicEnfLicRegAutCA_2009-12-10.crl
                  URI:http://www.microsoft.com/pki/crl/products/MicEnfLicRegAutCA_2009-12-10.crl

            Authority Information Access:
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicEnfLicRegAutCA_2009-12-10.crt

    Signature Algorithm: md5WithRSAEncryption
        5c:b5:59:bb:13:8c:dc:55:00:48:24:53:8d:fe:09:69:eb:8e:
        5e:f9:79:6d:92:33:7a:f2:29:7f:61:1d:c7:fe:4c:f0:1b:5a:
        ad:ff:6c:36:bc:20:0a:03:31:6a:6e:a0:ac:6b:27:c8:99:9c:
        5d:29:80:a5:c0:61:42:2f:b5:0a:f3:2e:69:b3:6f:3e:64:e1:
        33:5b:03:7b:f1:b7:c9:24:a0:40:91:29:22:07:52:1b:52:39:
        b7:49:c8:16:f9:e2:e4:54:a7:67:47:64:86:fc:c6:cf:32:b9:
        91:49:30:66:0e:9f:a6:d7:6c:e0:48:7e:11:65:42:48:fb:0e:
        09:09:3a:aa:48:e6:ee:5c:0c:51:40:58:19:8b:4c:26:92:ee:
        c8:55:93:40:20:91:d4:dc:33:dd:d2:e6:1c:12:d6:72:bb:c0:
        ad:53:2f:f8:99:43:11:4a:6c:dc:a1:f4:0c:5a:21:b5:05:ea:
        ac:e8:50:1f:29:04:c9:81:c7:8e:95:2c:7c:72:4f:78:e9:c5:
        4c:c4:8e:c8:db:ee:09:10:7b:5b:38:c9:b3:b9:18:ad:87:f6:
        1b:98:25:da:1a:56:61:76:c9:12:7c:98:1a:06:f0:a0:86:38:
        6a:25:0f:5d:b9:1f:7f:c0:85:6a:aa:69:fb:23:91:ca:41:8a:
        0c:19:44:5c
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIKYQNzxQABAAAAGjANBgkqhkiG9w0BAQQFADCBwjELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UECxMiQ29weXJp
Z2h0IChjKSAyMDAzIE1pY3Jvc29mdCBDb3JwLjE/MD0GA1UEAxM2TWljcm9zb2Z0
IEVuZm9yY2VkIExpY2Vuc2luZyBSZWdpc3RyYXRpb24gQXV0aG9yaXR5IENBMB4X
DTEwMDIxOTIxNDgzOVoXDTEyMDIxOTIxNDgzOVowgYAxEzARBgoJkiaJk/IsZAEZ
FgNjb20xGTAXBgoJkiaJk/IsZAEZFgltaWNyb3NvZnQxGDAWBgoJkiaJk/IsZAEZ
FghleHRyYW5ldDEYMBYGCgmSJomT8ixkARkWCHBhcnRuZXJzMRowGAYDVQQDExFN
aWNyb3NvZnQgTFNSQSBQQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANcnMmNQvMpnbETCCAr7qugl/+Wo8zJTC1OvtynMLJE0AfFSWVVz31YsJa5B0Sre
CdGQQb8sx23mGw1cH8RiBh9yavym1xlXwQZCNVB47G2iE7CQnQyd2F+3v/DMsam4
wfe5qeMUxpq7aozIb7vE5jvewxYlz3bUfOWIgOlOJ225xvumbrBlFeNNsxvprPqH
N4rpgdFOSSa4JnI9v8zL05xVz6krSyJ4RIULBO4JhLtlxDGKgzv6U5ih/aH0THFM
6RWHKxPv3NZShO0c5TVKIiwUhGvyiu+b9tN1zm0OgR9t3yLus+wBNtj/aP9OunXV
ThjmtAB+uaPuMS5OoAzlIesCAwEAAaOCAaIwggGeMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0OBBYEFHXoA1hd+2Xk2aasF7YDfketLoGvMAsGA1UdDwQEAwIBhjAQ
BgkrBgEEAYI3FQEEAwIBADAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNV
HSMEGDAWgBS0odje+w7Ey52fBs82DZEa+J9b4zCBrAYDVR0fBIGkMIGhMIGeoIGb
oIGYhkpodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9N
aWNFbmZMaWNSZWdBdXRDQV8yMDA5LTEyLTEwLmNybIZKaHR0cDovL3d3dy5taWNy
b3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljRW5mTGljUmVnQXV0Q0FfMjAw
OS0xMi0xMC5jcmwwXwYIKwYBBQUHAQEEUzBRME8GCCsGAQUFBzAChkNodHRwOi8v
d3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY0VuZkxpY1JlZ0F1dENBXzIw
MDktMTItMTAuY3J0MA0GCSqGSIb3DQEBBAUAA4IBAQBctVm7E4zcVQBIJFON/glp
645e+XltkjN68il/YR3H/kzwG1qt/2w2vCAKAzFqbqCsayfImZxdKYClwGFCL7UK
8y5ps28+ZOEzWwN78bfJJKBAkSkiB1IbUjm3ScgW+eLkVKdnR2SG/MbPMrmRSTBm
Dp+m12zgSH4RZUJI+w4JCTqqSObuXAxRQFgZi0wmku7IVZNAIJHU3DPd0uYcEtZy
u8CtUy/4mUMRSmzcofQMWiG1Beqs6FAfKQTJgceOlSx8ck946cVMxI7I2+4JEHtb
OMmzuRith/YbmCXaGlZhdskSfJgaBvCghjhqJQ9duR9/wIVqqmn7I5HKQYoMGURc
-----END CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7038 (0x1b7e)
        Signature Algorithm: md5WithRSA
        Issuer: DC=com, DC=microsoft, DC=extranet, DC=partners, CN=Microsoft LSRA PA
        Validity
            Not Before: Feb 19 21:48:39 2010 GMT
            Not After : Feb 19 21:48:39 2012 GMT
        Subject: CN=MS
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a6:89:43:6f:c6:ca:9d:42:ad:bd:28:d5:46:49:
                    e0:55:f2:cc:38:e0:3d:c0:7c:ba:1d:ca:bb:92:c4:
                    be:4c:5f:1a:f9:d6:42:4b:34:0b:2f:8a:ac:cb:97:
                    31:ef:76:2f:c3:85:af:95:93:47:46:f6:ff:7c:ca:
                    df:c8:f9:d0:6a:ec:df:0e:91:55:23:ab:64:06:90:
                    d3:37:83:a8:0e:3e:5e:7f:77:35:66:74:20:87:42:
                    1f:25:17:8a:d5:28:05:38:05:c8:48:6d:63:76:3e:
                    fd:5a:11:67:07:09:6d:98:a3:08:4a:f1:11:7f:80:
                    a7:4e:37:d4:f0:0e:34:7a:d5:ba:83:ad:60:1e:57:
                    44:65:50:72:cd:af:1e:d0:1e:30:c2:eb:6a:51:e2:
                    aa:54:85:57:fa:9c:b1:59:e8:24:5e:d4:38:d3:56:
                    81:68:d5:05:8b:48:25:92:a2:11:1b:e8:51:54:d9:
                    d9:04:60:ee:1c:fb:6a:ec:f0:6e:38:bb:ad:da:35:
                    87:63:74:86:ef:1f:cd:80:92:a2:98:3a:97:9a:bd:
                    35:d1:7d:2e:3a:47:04:48:17:74:db:a3:67:d9:82:
                    78:e0:77:2c:cc:ac:39:61:a6:d8:9d:aa:fc:de:6f:
                    60:4c:7c:73:07:31:93:2f:67:28:4a:7e:d1:ae:4c:
                    42:dd
                Exponent: 65537 (0x10001)
    Signature Algorithm: md5WithRSAEncryption
        00:4a:ab:73:72:83:71:31:a8:04:a4:d5:27:cf:cc:5a:ca:76:
        ca:67:4c:05:58:4b:b7:07:e8:94:04:86:a5:10:00:50:34:a1:
        71:fe:5d:fd:9b:4b:29:7f:5c:ca:52:c7:8b:c0:7d:49:c9:8b:
        23:e1:5d:f3:8a:c3:25:ab:48:07:3f:f5:f4:ef:77:dc:46:d2:
        b2:97:0b:c9:7e:bb:af:29:5f:ec:de:40:2b:e8:bb:e5:12:b5:
        f7:4d:71:7b:94:35:50:57:e8:fb:ee:67:f3:85:db:ed:d6:64:
        78:f1:7c:71:70:75:02:17:68:66:49:bb:29:5c:e5:f2:4a:e3:
        ca:dc:8c:f6:6d:62:9c:d0:5f:e6:3e:b1:e1:e5:cd:87:1d:7e:
        97:e2:d8:4e:11:7b:8a:4b:56:79:9d:fb:04:ff:80:ca:01:af:
        36:ac:c8:20:0e:d7:49:14:10:4f:e7:3c:64:ac:30:dd:d1:4c:
        5c:35:ef:16:bf:6f:74:bb:19:fd:26:24:b1:12:c5:05:44:a9:
        1f:42:6b:1f:96:0d:c9:4a:38:b5:00:8d:b3:64:fa:68:fe:d1:
        aa:ce:8c:f7:20:50:d1:17:70:b3:90:85:7f:72:48:c2:d3:03:
        c3:e7:bc:f4:0f:63:01:a0:71:b7:a7:ec:d6:b9:48:17:dd:a1:
        43:a2:b9:96
-----BEGIN CERTIFICATE-----
MIIGgDCCBWigAwIBAgICG34wCQYFKw4DAgMFADCBgDETMBEGCgmSJomT8ixkARkW
A2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEYMBYGCgmSJomT8ixkARkW
CGV4dHJhbmV0MRgwFgYKCZImiZPyLGQBGRYIcGFydG5lcnMxGjAYBgNVBAMTEU1p
Y3Jvc29mdCBMU1JBIFBBMB4XDTEwMDIxOTIxNDgzOVoXDTEyMDIxOTIxNDgzOVow
DTELMAkGA1UEAxMCTVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm
iUNvxsqdQq29KNVGSeBV8sw44D3AfLodyruSxL5MXxr51kJLNAsviqzLlzHvdi/D
ha+Vk0dG9v98yt/I+dBq7N8OkVUjq2QGkNM3g6gOPl5/dzVmdCCHQh8lF4rVKAU4
BchIbWN2Pv1aEWcHCW2YowhK8RF/gKdON9TwDjR61bqDrWAeV0RlUHLNrx7QHjDC
62pR4qpUhVf6nLFZ6CRe1DjTVoFo1QWLSCWSohEb6FFU2dkEYO4c+2rs8G44u63a
NYdjdIbvH82AkqKYOpeavTXRfS46RwRIF3Tbo2fZgnjgdyzMrDlhptidqvzeb2BM
fHMHMZMvZyhKftGuTELdAgMBAAGBggN4AGpM4B/1kWmydDbwf3tLe8a+6z+fmD2j
hIdUfnKHcSVLaDWuZb1sj9yNrMTomJLe3FNi9XJqJSejEkbrf21YzTCD13qFuEjm
DgERaGV9UzgLQPQ7aENZwTwFw0AmnVGX4usuuMIZbk6URjvY1P0NANFo+t/z+hiK
fGWb2iMRnxamiyMkiIciaRnCEeqdNoGt++iL0tDrBvIaho3GhPOIxeDZZMZIldS+
01RIkeZs6R4zlxVC7rRtHxULJ90Iu4HetpYWOdkmRGpf0Ws/EnHc8Jli0kMUWPhu
+CI10pD3/ZNqxEm4ywzpZaj3IrXyBRkg7yVjx7OXSoI+suPutF7LHbNZj430eQGx
tmiJFLSPnWDXcaU9lQIDAQABo4ICWjCCAlYwHQYDVR0OBBYEFJqaXXe9hGak8d4Y
EBtuZ6WXwRSHMB8GA1UdIwQYMBaAFHXoA1hd+2Xk2aasF7YDfketLoGvMIHCBgNV
HR8EgbowgbcwgbSggbGgga6GVmh0dHA6Ly90a3hwYXNydjM2LnBhcnRuZXJzLmV4
dHJhbmV0Lm1pY3Jvc29mdC5jb20vQ2VydEVucm9sbC9NaWNyb3NvZnQlMjBMU1JB
JTIwUEEuY3JshlRmaWxlOi8vXFx0a3hwYXNydjM2LnBhcnRuZXJzLmV4dHJhbmV0
Lm1pY3Jvc29mdC5jb21cQ2VydEVucm9sbFxNaWNyb3NvZnQgTFNSQSBQQS5jcmww
ggExBggrBgEFBQcBAQSCASMwggEfMIGOBggrBgEFBQcwAoaBgWh0dHA6Ly90a3hw
YXNydjM2LnBhcnRuZXJzLmV4dHJhbmV0Lm1pY3Jvc29mdC5jb20vQ2VydEVucm9s
bC90a3hwYXNydjM2LnBhcnRuZXJzLmV4dHJhbmV0Lm1pY3Jvc29mdC5jb21fTWlj
cm9zb2Z0JTIwTFNSQSUyMFBBLmNydDCBiwYIKwYBBQUHMAKGf2ZpbGU6Ly9cXHRr
eHBhc3J2MzYucGFydG5lcnMuZXh0cmFuZXQubWljcm9zb2Z0LmNvbVxDZXJ0RW5y
b2xsXHRreHBhc3J2MzYucGFydG5lcnMuZXh0cmFuZXQubWljcm9zb2Z0LmNvbV9N
aWNyb3NvZnQgTFNSQSBQQS5jcnQwGgYIKwYBBAGCNxIBAf8ECxYJVExTfkJBU0lD
MA0GCSqGSIb3DQEBBAUAA4IBAQAASqtzcoNxMagEpNUnz8xaynbKZ0wFWEu3B+iU
BIalEABQNKFx/l39m0spf1zKUseLwH1JyYsj4V3zisMlq0gHP/X073fcRtKylwvJ
fruvKV/s3kAr6LvlErX3TXF7lDVQV+j77mfzhdvt1mR48XxxcHUCF2hmSbspXOXy
SuPK3Iz2bWKc0F/mPrHh5c2HHX6X4thOEXuKS1Z5nfsE/4DKAa82rMggDtdJFBBP
5zxkrDDd0UxcNe8Wv290uxn9JiSxEsUFRKkfQmsflg3JSji1AI2zZPpo/tGqzoz3
IFDRF3CzkIV/ckjC0wPD57z0D2MBoHG3p+zWuUgX3aFDormW
-----END CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:1a:02:b7:00:02:00:00:00:12
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Copyright (c) 1999 Microsoft Corp., CN=Microsoft Enforced Licensing Intermediate PCA
        Validity
            Not Before: Dec 11 00:03:58 2009 GMT
            Not After : Oct 23 08:00:00 2016 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Copyright (c) 2003 Microsoft Corp., CN=Microsoft Enforced Licensing Registration Authority CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:8e:98:07:ed:46:50:30:aa:8a:95:5e:36:7f:bc:
                    71:30:a1:1d:49:cf:e7:96:ff:2f:9a:09:16:12:f0:
                    98:31:55:45:52:40:63:7d:57:67:46:a2:2b:08:98:
                    6d:9b:c6:69:25:40:87:49:e7:01:37:84:00:1d:69:
                    9d:85:2f:e1:a0:2c:27:83:4c:75:60:8b:2c:eb:f9:
                    90:8e:5e:4a:8f:fd:d3:5b:8c:89:c8:0f:f8:cf:2e:
                    9f:3c:8a:3d:41:cc:b6:84:0c:9c:73:97:46:dd:52:
                    26:12:a5:44:8d:df:0a:50:1f:4a:79:dc:e3:19:3c:
                    ef:ed:82:c9:89:14:91:fd:99:69:a4:f2:8a:a6:c8:
                    8e:bd:38:3b:80:30:8a:59:c8:a0:ab:de:71:44:1b:
                    24:f9:b9:a1:8f:19:9d:fd:19:b4:69:16:17:a2:23:
                    31:a7:11:12:65:cd:c0:9d:78:5d:42:e5:95:8e:13:
                    2f:ac:f8:00:87:6e:96:ef:73:d4:0f:7e:3c:9f:81:
                    47:d0:1f:8f:79:1d:3c:3f:cb:ae:34:22:d6:cd:fc:
                    21:80:35:11:0d:a9:90:cc:55:b4:65:fc:2d:37:7d:
                    80:7a:97:ee:5b:4a:c5:3e:8b:03:aa:ae:4d:22:37:
                    66:70:84:1c:69:c5:d7:97:9a:8f:1e:3a:b2:24:84:
                    8f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                B4:A1:D8:DE:FB:0E:C4:CB:9D:9F:06:CF:36:0D:91:1A:F8:9F:5B:E3
            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
            1.3.6.1.4.1.311.21.1:
                .....
            1.3.6.1.4.1.311.21.2:
                ....x8g.).k/.T..p_....
            1.3.6.1.4.1.311.20.2:
                .
.S.u.b.C.A
            X509v3 Authority Key Identifier:
                keyid:6A:97:E0:C8:9F:F4:49:B4:89:24:B3:E3:D1:A8:22:86:AA:D4:94:43

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicEnfLicPCA_12-10-09.crl

            X509v3 Extended Key Usage:
                Code Signing, 1.3.6.1.4.1.311.10.6.2
            1.3.6.1.4.1.311.2.1.10: critical
                0....).'https://www.microsoft.com/repository/CPS........This certificate incorporates by reference, and its use is strictly
subject to, the Microsoft Certification Practice Statement (CPS)
version 2.0, available in the Microsoft repository at:
https://www.microsoft.com; by E-mail at CPS-requests@microsoft.com; or
by mail at Microsoft Corp, dept. CPS,1 Microsoft Way,Redmond, WA 98052
USA Copyright (c)1999 Microsoft Corp.  All Rights Reserved. CERTAIN
WARRANTIES DISCLAIMED AND LIABILITY LIMITED.

WARNING: THE USE OF THIS CERTIFICATE IS STRICTLY SUBJECT TO THE
VERISIGN CERTIFICATION PRACTICE STATEMENT.  THE ISSUING AUTHORITY
DISCLAIMS CERTAIN IMPLIED AND EXPRESS WARRANTIES, INCLUDING WARRANTIES
OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND WILL NOT
BE LIABLE FOR CONSEQUENTIAL, PUNITIVE, AND CERTAIN OTHER DAMAGES. SEE
THE CPS FOR DETAILS.

Contents of the Microsoft registered nonverifiedSubjectAttributes
extension value shall not be considered as accurate information
validated by the IA.
.6.4https://www.microsoft.com/repository/mscpslogo.gif
    Signature Algorithm: md5WithRSAEncryption
        24:ab:ed:f7:72:44:44:98:71:f6:d1:b9:b5:69:e0:ef:1c:b0:
        4c:04:98:0f:bf:4c:a9:74:47:b0:84:a1:48:e2:81:b3:ea:e1:
        c9:53:92:53:11:c8:45:ba:88:76:68:cd:dc:be:f3:a0:65:80:
        76:d7:93:03:69:8d:c7:bc:7a:ae:89:7c:df:12:10:0a:a6:29:
        a6:d4:e5:9b:55:ab:ca:ec:4b:d9:c1:28:37:d0:d6:71:38:6d:
        5e:75:fd:66:ab:2a:c0:b9:24:6f:9e:42:33:0f:71:b4:6e:a6:
        f7:ba:23:1a:74:ed:cd:b1:ae:0a:32:a8:5c:26:16:fa:31:76:
        23:e8:a7:24:80:f1:de:45:b5:42:bd:f1:58:08:8f:e2:f2:70:
        86:2e:13:83:24:de:50:88:88:c0:23:32:59:74:fa:7a:5f:73:
        d7:63:bd:58:9d:c0:68:b0:53:21:71:50:45:b8:27:cf:3c:e5:
        64:fb:7c:13:8b:c1:01:3e:90:d9:43:f7:3e:cc:19:16:b3:b6:
        16:8f:27:7a:f9:46:ed:8a:da:e7:c5:91:c2:c8:2a:08:21:5a:
        b8:7a:88:4e:a6:2a:a5:f7:ed:20:01:14:48:56:df:57:7d:6f:
        bf:95:75:18:29:17:19:84:a3:13:61:54:82:c3:55:58:3d:83:
        a3:90:75:aa
-----BEGIN CERTIFICATE-----
MIIJcjCCCFqgAwIBAgIKYRoCtwACAAAAEjANBgkqhkiG9w0BAQQFADCBuTELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UECxMiQ29weXJp
Z2h0IChjKSAxOTk5IE1pY3Jvc29mdCBDb3JwLjE2MDQGA1UEAxMtTWljcm9zb2Z0
IEVuZm9yY2VkIExpY2Vuc2luZyBJbnRlcm1lZGlhdGUgUENBMB4XDTA5MTIxMTAw
MDM1OFoXDTE2MTAyMzA4MDAwMFowgcIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX
YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg
Q29ycG9yYXRpb24xKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMjAwMyBNaWNyb3Nv
ZnQgQ29ycC4xPzA9BgNVBAMTNk1pY3Jvc29mdCBFbmZvcmNlZCBMaWNlbnNpbmcg
UmVnaXN0cmF0aW9uIEF1dGhvcml0eSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI6YB+1GUDCqipVeNn+8cTChHUnP55b/L5oJFhLwmDFVRVJAY31X
Z0aiKwiYbZvGaSVAh0nnATeEAB1pnYUv4aAsJ4NMdWCLLOv5kI5eSo/901uMicgP
+M8unzyKPUHMtoQMnHOXRt1SJhKlRI3fClAfSnnc4xk87+2CyYkUkf2ZaaTyiqbI
jr04O4AwilnIoKvecUQbJPm5oY8Znf0ZtGkWF6IjMacREmXNwJ14XULllY4TL6z4
AIdulu9z1A9+PJ+BR9Afj3kdPD/LrjQi1s38IYA1EQ2pkMxVtGX8LTd9gHqX7ltK
xT6LA6quTSI3ZnCEHGnF15eajx46siSEj+8CAwEAAaOCBW8wggVrMA8GA1UdEwEB
/wQFMAMBAf8wHQYDVR0OBBYEFLSh2N77DsTLnZ8GzzYNkRr4n1vjMAsGA1UdDwQE
AwIBxjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBSbkHg4Z5Up
gGsv41SWGnBf8cMRrTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSME
GDAWgBRql+DIn/RJtIkks+PRqCKGqtSUQzBUBgNVHR8ETTBLMEmgR6BFhkNodHRw
Oi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNFbmZMaWNQ
Q0FfMTItMTAtMDkuY3JsMB8GA1UdJQQYMBYGCCsGAQUFBwMDBgorBgEEAYI3CgYC
MIIEPgYKKwYBBAGCNwIBCgEB/wSCBCswggQfoCmAJ2h0dHBzOi8vd3d3Lm1pY3Jv
c29mdC5jb20vcmVwb3NpdG9yeS9DUFOhggO4gYIDtFRoaXMgY2VydGlmaWNhdGUg
aW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0
bHkKc3ViamVjdCB0bywgdGhlIE1pY3Jvc29mdCBDZXJ0aWZpY2F0aW9uIFByYWN0
aWNlIFN0YXRlbWVudCAoQ1BTKQp2ZXJzaW9uIDIuMCwgYXZhaWxhYmxlIGluIHRo
ZSBNaWNyb3NvZnQgcmVwb3NpdG9yeSBhdDoKaHR0cHM6Ly93d3cubWljcm9zb2Z0
LmNvbTsgYnkgRS1tYWlsIGF0IENQUy1yZXF1ZXN0c0BtaWNyb3NvZnQuY29tOyBv
cgpieSBtYWlsIGF0IE1pY3Jvc29mdCBDb3JwLCBkZXB0LiBDUFMsMSBNaWNyb3Nv
ZnQgV2F5LFJlZG1vbmQsIFdBIDk4MDUyClVTQSBDb3B5cmlnaHQgKGMpMTk5OSBN
aWNyb3NvZnQgQ29ycC4gIEFsbCBSaWdodHMgUmVzZXJ2ZWQuIENFUlRBSU4KV0FS
UkFOVElFUyBESVNDTEFJTUVEIEFORCBMSUFCSUxJVFkgTElNSVRFRC4KCldBUk5J
Tkc6IFRIRSBVU0UgT0YgVEhJUyBDRVJUSUZJQ0FURSBJUyBTVFJJQ1RMWSBTVUJK
RUNUIFRPIFRIRQpWRVJJU0lHTiBDRVJUSUZJQ0FUSU9OIFBSQUNUSUNFIFNUQVRF
TUVOVC4gIFRIRSBJU1NVSU5HIEFVVEhPUklUWQpESVNDTEFJTVMgQ0VSVEFJTiBJ
TVBMSUVEIEFORCBFWFBSRVNTIFdBUlJBTlRJRVMsIElOQ0xVRElORyBXQVJSQU5U
SUVTCk9GIE1FUkNIQU5UQUJJTElUWSBPUiBGSVRORVNTIEZPUiBBIFBBUlRJQ1VM
QVIgUFVSUE9TRSwgQU5EIFdJTEwgTk9UCkJFIExJQUJMRSBGT1IgQ09OU0VRVUVO
VElBTCwgUFVOSVRJVkUsIEFORCBDRVJUQUlOIE9USEVSIERBTUFHRVMuIFNFRQpU
SEUgQ1BTIEZPUiBERVRBSUxTLgoKQ29udGVudHMgb2YgdGhlIE1pY3Jvc29mdCBy
ZWdpc3RlcmVkIG5vbnZlcmlmaWVkU3ViamVjdEF0dHJpYnV0ZXMKZXh0ZW5zaW9u
IHZhbHVlIHNoYWxsIG5vdCBiZSBjb25zaWRlcmVkIGFzIGFjY3VyYXRlIGluZm9y
bWF0aW9uCnZhbGlkYXRlZCBieSB0aGUgSUEuCqM2gDRodHRwczovL3d3dy5taWNy
b3NvZnQuY29tL3JlcG9zaXRvcnkvbXNjcHNsb2dvLmdpZjANBgkqhkiG9w0BAQQF
AAOCAQEAJKvt93JERJhx9tG5tWng7xywTASYD79MqXRHsIShSOKBs+rhyVOSUxHI
RbqIdmjN3L7zoGWAdteTA2mNx7x6rol83xIQCqYpptTlm1WryuxL2cEoN9DWcTht
XnX9ZqsqwLkkb55CMw9xtG6m97ojGnTtzbGuCjKoXCYW+jF2I+inJIDx3kW1Qr3x
WAiP4vJwhi4TgyTeUIiIwCMyWXT6el9z12O9WJ3AaLBTIXFQRbgnzzzlZPt8E4vB
AT6Q2UP3PswZFrO2Fo8nevlG7Yra58WRwsgqCCFauHqITqYqpfftIAEUSFbfV31v
v5V1GCkXGYSjE2FUgsNVWD2Do5B1qg==
-----END CERTIFICATE-----

Remark that the two first certificates are from the timestamping service.

openssl asn1parse -in WuSetupV.exe.vir.der -inform DER

0:d=0  hl=4 l=11994 cons: SEQUENCE
4:d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-signedData
15:d=1  hl=4 l=11979 cons: cont [ 0 ]
19:d=2  hl=4 l=11975 cons: SEQUENCE
23:d=3  hl=2 l=   1 prim: INTEGER           :01
26:d=3  hl=2 l=  11 cons: SET
28:d=4  hl=2 l=   9 cons: SEQUENCE
30:d=5  hl=2 l=   5 prim: OBJECT            :sha1
37:d=5  hl=2 l=   0 prim: NULL
39:d=3  hl=2 l= 104 cons: SEQUENCE
41:d=4  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.311.2.1.4
53:d=4  hl=2 l=  90 cons: cont [ 0 ]
55:d=5  hl=2 l=  88 cons: SEQUENCE
57:d=6  hl=2 l=  51 cons: SEQUENCE
59:d=7  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.311.2.1.15
71:d=7  hl=2 l=  37 cons: SEQUENCE
73:d=8  hl=2 l=   1 prim: BIT STRING
76:d=8  hl=2 l=  32 cons: cont [ 0 ]
78:d=9  hl=2 l=  30 cons: cont [ 2 ]
80:d=10 hl=2 l=  28 prim: cont [ 0 ]
110:d=6  hl=2 l=  33 cons: SEQUENCE
112:d=7  hl=2 l=   9 cons: SEQUENCE
114:d=8  hl=2 l=   5 prim: OBJECT            :sha1
121:d=8  hl=2 l=   0 prim: NULL
123:d=7  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:1DDCDB4D549349EA897A3667214DDC6A405D6703
145:d=3  hl=4 l=10943 cons: cont [ 0 ]
149:d=4  hl=4 l= 890 cons: SEQUENCE
153:d=5  hl=4 l= 610 cons: SEQUENCE
157:d=6  hl=2 l=   3 cons: cont [ 0 ]
159:d=7  hl=2 l=   1 prim: INTEGER           :02
162:d=6  hl=2 l=  16 prim: INTEGER           :3825D7FAF861AF9EF490E726B5D65AD5
180:d=6  hl=2 l=  13 cons: SEQUENCE
182:d=7  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
193:d=7  hl=2 l=   0 prim: NULL
195:d=6  hl=2 l=  83 cons: SEQUENCE
197:d=7  hl=2 l=  11 cons: SET
199:d=8  hl=2 l=   9 cons: SEQUENCE
201:d=9  hl=2 l=   3 prim: OBJECT            :countryName
206:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :US
210:d=7  hl=2 l=  23 cons: SET
212:d=8  hl=2 l=  21 cons: SEQUENCE
214:d=9  hl=2 l=   3 prim: OBJECT            :organizationName
219:d=9  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
235:d=7  hl=2 l=  43 cons: SET
237:d=8  hl=2 l=  41 cons: SEQUENCE
239:d=9  hl=2 l=   3 prim: OBJECT            :commonName
244:d=9  hl=2 l=  34 prim: PRINTABLESTRING   :VeriSign Time Stamping Services CA
280:d=6  hl=2 l=  30 cons: SEQUENCE
282:d=7  hl=2 l=  13 prim: UTCTIME           :070615000000Z
297:d=7  hl=2 l=  13 prim: UTCTIME           :120614235959Z
312:d=6  hl=2 l=  92 cons: SEQUENCE
314:d=7  hl=2 l=  11 cons: SET
316:d=8  hl=2 l=   9 cons: SEQUENCE
318:d=9  hl=2 l=   3 prim: OBJECT            :countryName
323:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :US
327:d=7  hl=2 l=  23 cons: SET
329:d=8  hl=2 l=  21 cons: SEQUENCE
331:d=9  hl=2 l=   3 prim: OBJECT            :organizationName
336:d=9  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
352:d=7  hl=2 l=  52 cons: SET
354:d=8  hl=2 l=  50 cons: SEQUENCE
356:d=9  hl=2 l=   3 prim: OBJECT            :commonName
361:d=9  hl=2 l=  43 prim: PRINTABLESTRING   :VeriSign Time Stamping Services Signer - G2
406:d=6  hl=3 l= 159 cons: SEQUENCE
409:d=7  hl=2 l=  13 cons: SEQUENCE
411:d=8  hl=2 l=   9 prim: OBJECT            :rsaEncryption
422:d=8  hl=2 l=   0 prim: NULL
424:d=7  hl=3 l= 141 prim: BIT STRING
568:d=6  hl=3 l= 196 cons: cont [ 3 ]
571:d=7  hl=3 l= 193 cons: SEQUENCE
574:d=8  hl=2 l=  52 cons: SEQUENCE
576:d=9  hl=2 l=   8 prim: OBJECT            :Authority Information Access
586:d=9  hl=2 l=  40 prim: OCTET STRING      [HEX DUMP]:3026302406082B060105050730018618687474703A2F2F6F6373702E766572697369676E2E636F6D
628:d=8  hl=2 l=  12 cons: SEQUENCE
630:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
635:d=9  hl=2 l=   1 prim: BOOLEAN           :255
638:d=9  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
642:d=8  hl=2 l=  51 cons: SEQUENCE
644:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
649:d=9  hl=2 l=  44 prim: OCTET STRING      [HEX DUMP]:302A3028A026A0248622687474703A2F2F63726C2E766572697369676E2E636F6D2F7473732D63612E63726C
695:d=8  hl=2 l=  22 cons: SEQUENCE
697:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
702:d=9  hl=2 l=   1 prim: BOOLEAN           :255
705:d=9  hl=2 l=  12 prim: OCTET STRING      [HEX DUMP]:300A06082B06010505070308
719:d=8  hl=2 l=  14 cons: SEQUENCE
721:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
726:d=9  hl=2 l=   1 prim: BOOLEAN           :255
729:d=9  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030206C0
735:d=8  hl=2 l=  30 cons: SEQUENCE
737:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name
742:d=9  hl=2 l=  23 prim: OCTET STRING      [HEX DUMP]:3015A4133011310F300D06035504031306545341312D32
767:d=5  hl=2 l=  13 cons: SEQUENCE
769:d=6  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
780:d=6  hl=2 l=   0 prim: NULL
782:d=5  hl=4 l= 257 prim: BIT STRING
1043:d=4  hl=4 l= 964 cons: SEQUENCE
1047:d=5  hl=4 l= 813 cons: SEQUENCE
1051:d=6  hl=2 l=   3 cons: cont [ 0 ]
1053:d=7  hl=2 l=   1 prim: INTEGER           :02
1056:d=6  hl=2 l=  16 prim: INTEGER           :47BF1995DF8D524643F7DB6D480D31A4
1074:d=6  hl=2 l=  13 cons: SEQUENCE
1076:d=7  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
1087:d=7  hl=2 l=   0 prim: NULL
1089:d=6  hl=3 l= 139 cons: SEQUENCE
1092:d=7  hl=2 l=  11 cons: SET
1094:d=8  hl=2 l=   9 cons: SEQUENCE
1096:d=9  hl=2 l=   3 prim: OBJECT            :countryName
1101:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :ZA
1105:d=7  hl=2 l=  21 cons: SET
1107:d=8  hl=2 l=  19 cons: SEQUENCE
1109:d=9  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
1114:d=9  hl=2 l=  12 prim: PRINTABLESTRING   :Western Cape
1128:d=7  hl=2 l=  20 cons: SET
1130:d=8  hl=2 l=  18 cons: SEQUENCE
1132:d=9  hl=2 l=   3 prim: OBJECT            :localityName
1137:d=9  hl=2 l=  11 prim: PRINTABLESTRING   :Durbanville
1150:d=7  hl=2 l=  15 cons: SET
1152:d=8  hl=2 l=  13 cons: SEQUENCE
1154:d=9  hl=2 l=   3 prim: OBJECT            :organizationName
1159:d=9  hl=2 l=   6 prim: PRINTABLESTRING   :Thawte
1167:d=7  hl=2 l=  29 cons: SET
1169:d=8  hl=2 l=  27 cons: SEQUENCE
1171:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
1176:d=9  hl=2 l=  20 prim: PRINTABLESTRING   :Thawte Certification
1198:d=7  hl=2 l=  31 cons: SET
1200:d=8  hl=2 l=  29 cons: SEQUENCE
1202:d=9  hl=2 l=   3 prim: OBJECT            :commonName
1207:d=9  hl=2 l=  22 prim: PRINTABLESTRING   :Thawte Timestamping CA
1231:d=6  hl=2 l=  30 cons: SEQUENCE
1233:d=7  hl=2 l=  13 prim: UTCTIME           :031204000000Z
1248:d=7  hl=2 l=  13 prim: UTCTIME           :131203235959Z
1263:d=6  hl=2 l=  83 cons: SEQUENCE
1265:d=7  hl=2 l=  11 cons: SET
1267:d=8  hl=2 l=   9 cons: SEQUENCE
1269:d=9  hl=2 l=   3 prim: OBJECT            :countryName
1274:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :US
1278:d=7  hl=2 l=  23 cons: SET
1280:d=8  hl=2 l=  21 cons: SEQUENCE
1282:d=9  hl=2 l=   3 prim: OBJECT            :organizationName
1287:d=9  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
1303:d=7  hl=2 l=  43 cons: SET
1305:d=8  hl=2 l=  41 cons: SEQUENCE
1307:d=9  hl=2 l=   3 prim: OBJECT            :commonName
1312:d=9  hl=2 l=  34 prim: PRINTABLESTRING   :VeriSign Time Stamping Services CA
1348:d=6  hl=4 l= 290 cons: SEQUENCE
1352:d=7  hl=2 l=  13 cons: SEQUENCE
1354:d=8  hl=2 l=   9 prim: OBJECT            :rsaEncryption
1365:d=8  hl=2 l=   0 prim: NULL
1367:d=7  hl=4 l= 271 prim: BIT STRING
1642:d=6  hl=3 l= 219 cons: cont [ 3 ]
1645:d=7  hl=3 l= 216 cons: SEQUENCE
1648:d=8  hl=2 l=  52 cons: SEQUENCE
1650:d=9  hl=2 l=   8 prim: OBJECT            :Authority Information Access
1660:d=9  hl=2 l=  40 prim: OCTET STRING      [HEX DUMP]:3026302406082B060105050730018618687474703A2F2F6F6373702E766572697369676E2E636F6D
1702:d=8  hl=2 l=  18 cons: SEQUENCE
1704:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
1709:d=9  hl=2 l=   1 prim: BOOLEAN           :255
1712:d=9  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:30060101FF020100
1722:d=8  hl=2 l=  65 cons: SEQUENCE
1724:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
1729:d=9  hl=2 l=  58 prim: OCTET STRING      [HEX DUMP]:30383036A034A0328630687474703A2F2F63726C2E766572697369676E2E636F6D2F54686177746554696D657374616D70696E6743412E63726C
1789:d=8  hl=2 l=  19 cons: SEQUENCE
1791:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
1796:d=9  hl=2 l=  12 prim: OCTET STRING      [HEX DUMP]:300A06082B06010505070308
1810:d=8  hl=2 l=  14 cons: SEQUENCE
1812:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
1817:d=9  hl=2 l=   1 prim: BOOLEAN           :255
1820:d=9  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020106
1826:d=8  hl=2 l=  36 cons: SEQUENCE
1828:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name
1833:d=9  hl=2 l=  29 prim: OCTET STRING      [HEX DUMP]:301BA4193017311530130603550403130C545341323034382D312D3533
1864:d=5  hl=2 l=  13 cons: SEQUENCE
1866:d=6  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
1877:d=6  hl=2 l=   0 prim: NULL
1879:d=5  hl=3 l= 129 prim: BIT STRING
2011:d=4  hl=4 l=1042 cons: SEQUENCE
2015:d=5  hl=4 l= 762 cons: SEQUENCE
2019:d=6  hl=2 l=   3 cons: cont [ 0 ]
2021:d=7  hl=2 l=   1 prim: INTEGER           :02
2024:d=6  hl=2 l=  15 prim: INTEGER           :C1008B3C3C8811D13EF663ECDF40
2041:d=6  hl=2 l=  13 cons: SEQUENCE
2043:d=7  hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
2054:d=7  hl=2 l=   0 prim: NULL
2056:d=6  hl=2 l= 112 cons: SEQUENCE
2058:d=7  hl=2 l=  43 cons: SET
2060:d=8  hl=2 l=  41 cons: SEQUENCE
2062:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
2067:d=9  hl=2 l=  34 prim: PRINTABLESTRING   :Copyright (c) 1997 Microsoft Corp.
2103:d=7  hl=2 l=  30 cons: SET
2105:d=8  hl=2 l=  28 cons: SEQUENCE
2107:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
2112:d=9  hl=2 l=  21 prim: PRINTABLESTRING   :Microsoft Corporation
2135:d=7  hl=2 l=  33 cons: SET
2137:d=8  hl=2 l=  31 cons: SEQUENCE
2139:d=9  hl=2 l=   3 prim: OBJECT            :commonName
2144:d=9  hl=2 l=  24 prim: PRINTABLESTRING   :Microsoft Root Authority
2170:d=6  hl=2 l=  30 cons: SEQUENCE
2172:d=7  hl=2 l=  13 prim: UTCTIME           :970110070000Z
2187:d=7  hl=2 l=  13 prim: UTCTIME           :201231070000Z
2202:d=6  hl=2 l= 112 cons: SEQUENCE
2204:d=7  hl=2 l=  43 cons: SET
2206:d=8  hl=2 l=  41 cons: SEQUENCE
2208:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
2213:d=9  hl=2 l=  34 prim: PRINTABLESTRING   :Copyright (c) 1997 Microsoft Corp.
2249:d=7  hl=2 l=  30 cons: SET
2251:d=8  hl=2 l=  28 cons: SEQUENCE
2253:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
2258:d=9  hl=2 l=  21 prim: PRINTABLESTRING   :Microsoft Corporation
2281:d=7  hl=2 l=  33 cons: SET
2283:d=8  hl=2 l=  31 cons: SEQUENCE
2285:d=9  hl=2 l=   3 prim: OBJECT            :commonName
2290:d=9  hl=2 l=  24 prim: PRINTABLESTRING   :Microsoft Root Authority
2316:d=6  hl=4 l= 290 cons: SEQUENCE
2320:d=7  hl=2 l=  13 cons: SEQUENCE
2322:d=8  hl=2 l=   9 prim: OBJECT            :rsaEncryption
2333:d=8  hl=2 l=   0 prim: NULL
2335:d=7  hl=4 l= 271 prim: BIT STRING
2610:d=6  hl=3 l= 168 cons: cont [ 3 ]
2613:d=7  hl=3 l= 165 cons: SEQUENCE
2616:d=8  hl=3 l= 162 cons: SEQUENCE
2619:d=9  hl=2 l=   3 prim: OBJECT            :2.5.29.1
2624:d=9  hl=3 l= 154 prim: OCTET STRING      [HEX DUMP]:30819780105BD070EF69729E23517E14B24D8EFFCBA1723070312B3029060355040B1322436F70797269676874202863292031393937204D6963726F736F667420436F72702E311E301C060355040B13154D6963726F736F667420436F72706F726174696F6E3121301F060355040313184D6963726F736F667420526F6F7420417574686F72697479820F00C1008B3C3C8811D13EF663ECDF40
2781:d=5  hl=2 l=  13 cons: SEQUENCE
2783:d=6  hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
2794:d=6  hl=2 l=   0 prim: NULL
2796:d=5  hl=4 l= 257 prim: BIT STRING
3057:d=4  hl=4 l=1219 cons: SEQUENCE
3061:d=5  hl=4 l= 939 cons: SEQUENCE
3065:d=6  hl=2 l=   3 cons: cont [ 0 ]
3067:d=7  hl=2 l=   1 prim: INTEGER           :02
3070:d=6  hl=2 l=  10 prim: INTEGER           :3AAB11DEE52F1B19D056
3082:d=6  hl=2 l=  13 cons: SEQUENCE
3084:d=7  hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
3095:d=7  hl=2 l=   0 prim: NULL
3097:d=6  hl=2 l= 112 cons: SEQUENCE
3099:d=7  hl=2 l=  43 cons: SET
3101:d=8  hl=2 l=  41 cons: SEQUENCE
3103:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
3108:d=9  hl=2 l=  34 prim: PRINTABLESTRING   :Copyright (c) 1997 Microsoft Corp.
3144:d=7  hl=2 l=  30 cons: SET
3146:d=8  hl=2 l=  28 cons: SEQUENCE
3148:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
3153:d=9  hl=2 l=  21 prim: PRINTABLESTRING   :Microsoft Corporation
3176:d=7  hl=2 l=  33 cons: SET
3178:d=8  hl=2 l=  31 cons: SEQUENCE
3180:d=9  hl=2 l=   3 prim: OBJECT            :commonName
3185:d=9  hl=2 l=  24 prim: PRINTABLESTRING   :Microsoft Root Authority
3211:d=6  hl=2 l=  30 cons: SEQUENCE
3213:d=7  hl=2 l=  13 prim: UTCTIME           :091210015535Z
3228:d=7  hl=2 l=  13 prim: UTCTIME           :161023080000Z
3243:d=6  hl=3 l= 185 cons: SEQUENCE
3246:d=7  hl=2 l=  11 cons: SET
3248:d=8  hl=2 l=   9 cons: SEQUENCE
3250:d=9  hl=2 l=   3 prim: OBJECT            :countryName
3255:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :US
3259:d=7  hl=2 l=  19 cons: SET
3261:d=8  hl=2 l=  17 cons: SEQUENCE
3263:d=9  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
3268:d=9  hl=2 l=  10 prim: PRINTABLESTRING   :Washington
3280:d=7  hl=2 l=  16 cons: SET
3282:d=8  hl=2 l=  14 cons: SEQUENCE
3284:d=9  hl=2 l=   3 prim: OBJECT            :localityName
3289:d=9  hl=2 l=   7 prim: PRINTABLESTRING   :Redmond
3298:d=7  hl=2 l=  30 cons: SET
3300:d=8  hl=2 l=  28 cons: SEQUENCE
3302:d=9  hl=2 l=   3 prim: OBJECT            :organizationName
3307:d=9  hl=2 l=  21 prim: PRINTABLESTRING   :Microsoft Corporation
3330:d=7  hl=2 l=  43 cons: SET
3332:d=8  hl=2 l=  41 cons: SEQUENCE
3334:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
3339:d=9  hl=2 l=  34 prim: PRINTABLESTRING   :Copyright (c) 1999 Microsoft Corp.
3375:d=7  hl=2 l=  54 cons: SET
3377:d=8  hl=2 l=  52 cons: SEQUENCE
3379:d=9  hl=2 l=   3 prim: OBJECT            :commonName
3384:d=9  hl=2 l=  45 prim: PRINTABLESTRING   :Microsoft Enforced Licensing Intermediate PCA
3431:d=6  hl=4 l= 290 cons: SEQUENCE
3435:d=7  hl=2 l=  13 cons: SEQUENCE
3437:d=8  hl=2 l=   9 prim: OBJECT            :rsaEncryption
3448:d=8  hl=2 l=   0 prim: NULL
3450:d=7  hl=4 l= 271 prim: BIT STRING
3725:d=6  hl=4 l= 275 cons: cont [ 3 ]
3729:d=7  hl=4 l= 271 cons: SEQUENCE
3733:d=8  hl=2 l=  43 cons: SEQUENCE
3735:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
3740:d=9  hl=2 l=  36 prim: OCTET STRING      [HEX DUMP]:302206082B06010505070303060A2B0601040182370A0601060A2B0601040182370A0602
3778:d=8  hl=3 l= 162 cons: SEQUENCE
3781:d=9  hl=2 l=   3 prim: OBJECT            :2.5.29.1
3786:d=9  hl=3 l= 154 prim: OCTET STRING      [HEX DUMP]:30819780105BD070EF69729E23517E14B24D8EFFCBA1723070312B3029060355040B1322436F70797269676874202863292031393937204D6963726F736F667420436F72702E311E301C060355040B13154D6963726F736F667420436F72706F726174696F6E3121301F060355040313184D6963726F736F667420526F6F7420417574686F72697479820F00C1008B3C3C8811D13EF663ECDF40
3943:d=8  hl=2 l=  15 cons: SEQUENCE
3945:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
3950:d=9  hl=2 l=   1 prim: BOOLEAN           :255
3953:d=9  hl=2 l=   5 prim: OCTET STRING      [HEX DUMP]:30030101FF
3960:d=8  hl=2 l=  29 cons: SEQUENCE
3962:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
3967:d=9  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:04146A97E0C89FF449B48924B3E3D1A82286AAD49443
3991:d=8  hl=2 l=  11 cons: SEQUENCE
3993:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
3998:d=9  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020186
4004:d=5  hl=2 l=  13 cons: SEQUENCE
4006:d=6  hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
4017:d=6  hl=2 l=   0 prim: NULL
4019:d=5  hl=4 l= 257 prim: BIT STRING
4280:d=4  hl=4 l=1326 cons: SEQUENCE
4284:d=5  hl=4 l=1046 cons: SEQUENCE
4288:d=6  hl=2 l=   3 cons: cont [ 0 ]
4290:d=7  hl=2 l=   1 prim: INTEGER           :02
4293:d=6  hl=2 l=  10 prim: INTEGER           :14515B02000000000008
4305:d=6  hl=2 l=  13 cons: SEQUENCE
4307:d=7  hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
4318:d=7  hl=2 l=   0 prim: NULL
4320:d=6  hl=3 l= 128 cons: SEQUENCE
4323:d=7  hl=2 l=  19 cons: SET
4325:d=8  hl=2 l=  17 cons: SEQUENCE
4327:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
4339:d=9  hl=2 l=   3 prim: IA5STRING         :com
4344:d=7  hl=2 l=  25 cons: SET
4346:d=8  hl=2 l=  23 cons: SEQUENCE
4348:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
4360:d=9  hl=2 l=   9 prim: IA5STRING         :microsoft
4371:d=7  hl=2 l=  24 cons: SET
4373:d=8  hl=2 l=  22 cons: SEQUENCE
4375:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
4387:d=9  hl=2 l=   8 prim: IA5STRING         :extranet
4397:d=7  hl=2 l=  24 cons: SET
4399:d=8  hl=2 l=  22 cons: SEQUENCE
4401:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
4413:d=9  hl=2 l=   8 prim: IA5STRING         :partners
4423:d=7  hl=2 l=  26 cons: SET
4425:d=8  hl=2 l=  24 cons: SEQUENCE
4427:d=9  hl=2 l=   3 prim: OBJECT            :commonName
4432:d=9  hl=2 l=  17 prim: PRINTABLESTRING   :Microsoft LSRA PA
4451:d=6  hl=2 l=  30 cons: SEQUENCE
4453:d=7  hl=2 l=  13 prim: UTCTIME           :100223192136Z
4468:d=7  hl=2 l=  13 prim: UTCTIME           :120219214839Z
4483:d=6  hl=2 l=  93 cons: SEQUENCE
4485:d=7  hl=2 l=  11 cons: SET
4487:d=8  hl=2 l=   9 cons: SEQUENCE
4489:d=9  hl=2 l=   3 prim: OBJECT            :countryName
4494:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :US
4498:d=7  hl=2 l=  19 cons: SET
4500:d=8  hl=2 l=  17 cons: SEQUENCE
4502:d=9  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
4507:d=9  hl=2 l=  10 prim: PRINTABLESTRING   :Washington
4519:d=7  hl=2 l=  16 cons: SET
4521:d=8  hl=2 l=  14 cons: SEQUENCE
4523:d=9  hl=2 l=   3 prim: OBJECT            :localityName
4528:d=9  hl=2 l=   7 prim: PRINTABLESTRING   :Redmond
4537:d=7  hl=2 l=  18 cons: SET
4539:d=8  hl=2 l=  16 cons: SEQUENCE
4541:d=9  hl=2 l=   3 prim: OBJECT            :organizationName
4546:d=9  hl=2 l=   9 prim: PRINTABLESTRING   :Microsoft
4557:d=7  hl=2 l=  19 cons: SET
4559:d=8  hl=2 l=  17 cons: SEQUENCE
4561:d=9  hl=2 l=   3 prim: OBJECT            :commonName
4566:d=9  hl=2 l=  10 prim: PRINTABLESTRING   :TLS Server
4578:d=6  hl=3 l= 159 cons: SEQUENCE
4581:d=7  hl=2 l=  13 cons: SEQUENCE
4583:d=8  hl=2 l=   9 prim: OBJECT            :rsaEncryption
4594:d=8  hl=2 l=   0 prim: NULL
4596:d=7  hl=3 l= 141 prim: BIT STRING
4740:d=6  hl=4 l= 590 cons: cont [ 3 ]
4744:d=7  hl=4 l= 586 cons: SEQUENCE
4748:d=8  hl=2 l=  14 cons: SEQUENCE
4750:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
4755:d=9  hl=2 l=   1 prim: BOOLEAN           :255
4758:d=9  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030206C0
4764:d=8  hl=2 l=  29 cons: SEQUENCE
4766:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
4771:d=9  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414C501E320B18803517E6513A8B1627DD0CC6BD917
4795:d=8  hl=2 l=  31 cons: SEQUENCE
4797:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
4802:d=9  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:3016801475E803585DFB65E4D9A6AC17B6037E47AD2E81AF
4828:d=8  hl=3 l= 194 cons: SEQUENCE
4831:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
4836:d=9  hl=3 l= 186 prim: OCTET STRING      [HEX DUMP]:3081B73081B4A081B1A081AE8656687474703A2F2F746B78706173727633362E706172746E6572732E65787472616E65742E6D6963726F736F66742E636F6D2F43657274456E726F6C6C2F4D6963726F736F66742532304C53524125323050412E63726C865466696C653A2F2F5C5C746B78706173727633362E706172746E6572732E65787472616E65742E6D6963726F736F66742E636F6D5C43657274456E726F6C6C5C4D6963726F736F6674204C5352412050412E63726C
5025:d=8  hl=4 l= 305 cons: SEQUENCE
5029:d=9  hl=2 l=   8 prim: OBJECT            :Authority Information Access
5039:d=9  hl=4 l= 291 prim: OCTET STRING      [HEX DUMP]:3082011F30818E06082B06010505073002868181687474703A2F2F746B78706173727633362E706172746E6572732E65787472616E65742E6D6963726F736F66742E636F6D2F43657274456E726F6C6C2F746B78706173727633362E706172746E6572732E65787472616E65742E6D6963726F736F66742E636F6D5F4D6963726F736F66742532304C53524125323050412E63727430818B06082B06010505073002867F66696C653A2F2F5C5C746B78706173727633362E706172746E6572732E65787472616E65742E6D6963726F736F66742E636F6D5C43657274456E726F6C6C5C746B78706173727633362E706172746E6572732E65787472616E65742E6D6963726F736F66742E636F6D5F4D6963726F736F6674204C5352412050412E637274
5334:d=5  hl=2 l=  13 cons: SEQUENCE
5336:d=6  hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
5347:d=6  hl=2 l=   0 prim: NULL
5349:d=5  hl=4 l= 257 prim: BIT STRING
5610:d=4  hl=4 l=1388 cons: SEQUENCE
5614:d=5  hl=4 l=1108 cons: SEQUENCE
5618:d=6  hl=2 l=   3 cons: cont [ 0 ]
5620:d=7  hl=2 l=   1 prim: INTEGER           :02
5623:d=6  hl=2 l=  10 prim: INTEGER           :610373C500010000001A
5635:d=6  hl=2 l=  13 cons: SEQUENCE
5637:d=7  hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
5648:d=7  hl=2 l=   0 prim: NULL
5650:d=6  hl=3 l= 194 cons: SEQUENCE
5653:d=7  hl=2 l=  11 cons: SET
5655:d=8  hl=2 l=   9 cons: SEQUENCE
5657:d=9  hl=2 l=   3 prim: OBJECT            :countryName
5662:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :US
5666:d=7  hl=2 l=  19 cons: SET
5668:d=8  hl=2 l=  17 cons: SEQUENCE
5670:d=9  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
5675:d=9  hl=2 l=  10 prim: PRINTABLESTRING   :Washington
5687:d=7  hl=2 l=  16 cons: SET
5689:d=8  hl=2 l=  14 cons: SEQUENCE
5691:d=9  hl=2 l=   3 prim: OBJECT            :localityName
5696:d=9  hl=2 l=   7 prim: PRINTABLESTRING   :Redmond
5705:d=7  hl=2 l=  30 cons: SET
5707:d=8  hl=2 l=  28 cons: SEQUENCE
5709:d=9  hl=2 l=   3 prim: OBJECT            :organizationName
5714:d=9  hl=2 l=  21 prim: PRINTABLESTRING   :Microsoft Corporation
5737:d=7  hl=2 l=  43 cons: SET
5739:d=8  hl=2 l=  41 cons: SEQUENCE
5741:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
5746:d=9  hl=2 l=  34 prim: PRINTABLESTRING   :Copyright (c) 2003 Microsoft Corp.
5782:d=7  hl=2 l=  63 cons: SET
5784:d=8  hl=2 l=  61 cons: SEQUENCE
5786:d=9  hl=2 l=   3 prim: OBJECT            :commonName
5791:d=9  hl=2 l=  54 prim: PRINTABLESTRING   :Microsoft Enforced Licensing Registration Authority CA
5847:d=6  hl=2 l=  30 cons: SEQUENCE
5849:d=7  hl=2 l=  13 prim: UTCTIME           :100219214839Z
5864:d=7  hl=2 l=  13 prim: UTCTIME           :120219214839Z
5879:d=6  hl=3 l= 128 cons: SEQUENCE
5882:d=7  hl=2 l=  19 cons: SET
5884:d=8  hl=2 l=  17 cons: SEQUENCE
5886:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
5898:d=9  hl=2 l=   3 prim: IA5STRING         :com
5903:d=7  hl=2 l=  25 cons: SET
5905:d=8  hl=2 l=  23 cons: SEQUENCE
5907:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
5919:d=9  hl=2 l=   9 prim: IA5STRING         :microsoft
5930:d=7  hl=2 l=  24 cons: SET
5932:d=8  hl=2 l=  22 cons: SEQUENCE
5934:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
5946:d=9  hl=2 l=   8 prim: IA5STRING         :extranet
5956:d=7  hl=2 l=  24 cons: SET
5958:d=8  hl=2 l=  22 cons: SEQUENCE
5960:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
5972:d=9  hl=2 l=   8 prim: IA5STRING         :partners
5982:d=7  hl=2 l=  26 cons: SET
5984:d=8  hl=2 l=  24 cons: SEQUENCE
5986:d=9  hl=2 l=   3 prim: OBJECT            :commonName
5991:d=9  hl=2 l=  17 prim: PRINTABLESTRING   :Microsoft LSRA PA
6010:d=6  hl=4 l= 290 cons: SEQUENCE
6014:d=7  hl=2 l=  13 cons: SEQUENCE
6016:d=8  hl=2 l=   9 prim: OBJECT            :rsaEncryption
6027:d=8  hl=2 l=   0 prim: NULL
6029:d=7  hl=4 l= 271 prim: BIT STRING
6304:d=6  hl=4 l= 418 cons: cont [ 3 ]
6308:d=7  hl=4 l= 414 cons: SEQUENCE
6312:d=8  hl=2 l=  18 cons: SEQUENCE
6314:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
6319:d=9  hl=2 l=   1 prim: BOOLEAN           :255
6322:d=9  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:30060101FF020100
6332:d=8  hl=2 l=  29 cons: SEQUENCE
6334:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
6339:d=9  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:041475E803585DFB65E4D9A6AC17B6037E47AD2E81AF
6363:d=8  hl=2 l=  11 cons: SEQUENCE
6365:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
6370:d=9  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020186
6376:d=8  hl=2 l=  16 cons: SEQUENCE
6378:d=9  hl=2 l=   9 prim: OBJECT            :1.3.6.1.4.1.311.21.1
6389:d=9  hl=2 l=   3 prim: OCTET STRING      [HEX DUMP]:020100
6394:d=8  hl=2 l=  25 cons: SEQUENCE
6396:d=9  hl=2 l=   9 prim: OBJECT            :1.3.6.1.4.1.311.20.2
6407:d=9  hl=2 l=  12 prim: OCTET STRING      [HEX DUMP]:1E0A00530075006200430041
6421:d=8  hl=2 l=  31 cons: SEQUENCE
6423:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
6428:d=9  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014B4A1D8DEFB0EC4CB9D9F06CF360D911AF89F5BE3
6454:d=8  hl=3 l= 172 cons: SEQUENCE
6457:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
6462:d=9  hl=3 l= 164 prim: OCTET STRING      [HEX DUMP]:3081A130819EA0819BA08198864A687474703A2F2F63726C2E6D6963726F736F66742E636F6D2F706B692F63726C2F70726F64756374732F4D6963456E664C696352656741757443415F323030392D31322D31302E63726C864A687474703A2F2F7777772E6D6963726F736F66742E636F6D2F706B692F63726C2F70726F64756374732F4D6963456E664C696352656741757443415F323030392D31322D31302E63726C
6629:d=8  hl=2 l=  95 cons: SEQUENCE
6631:d=9  hl=2 l=   8 prim: OBJECT            :Authority Information Access
6641:d=9  hl=2 l=  83 prim: OCTET STRING      [HEX DUMP]:3051304F06082B060105050730028643687474703A2F2F7777772E6D6963726F736F66742E636F6D2F706B692F63657274732F4D6963456E664C696352656741757443415F323030392D31322D31302E637274
6726:d=5  hl=2 l=  13 cons: SEQUENCE
6728:d=6  hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
6739:d=6  hl=2 l=   0 prim: NULL
6741:d=5  hl=4 l= 257 prim: BIT STRING
7002:d=4  hl=4 l=1664 cons: SEQUENCE
7006:d=5  hl=4 l=1384 cons: SEQUENCE
7010:d=6  hl=2 l=   3 cons: cont [ 0 ]
7012:d=7  hl=2 l=   1 prim: INTEGER           :02
7015:d=6  hl=2 l=   2 prim: INTEGER           :1B7E
7019:d=6  hl=2 l=   9 cons: SEQUENCE
7021:d=7  hl=2 l=   5 prim: OBJECT            :md5WithRSA
7028:d=7  hl=2 l=   0 prim: NULL
7030:d=6  hl=3 l= 128 cons: SEQUENCE
7033:d=7  hl=2 l=  19 cons: SET
7035:d=8  hl=2 l=  17 cons: SEQUENCE
7037:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
7049:d=9  hl=2 l=   3 prim: IA5STRING         :com
7054:d=7  hl=2 l=  25 cons: SET
7056:d=8  hl=2 l=  23 cons: SEQUENCE
7058:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
7070:d=9  hl=2 l=   9 prim: IA5STRING         :microsoft
7081:d=7  hl=2 l=  24 cons: SET
7083:d=8  hl=2 l=  22 cons: SEQUENCE
7085:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
7097:d=9  hl=2 l=   8 prim: IA5STRING         :extranet
7107:d=7  hl=2 l=  24 cons: SET
7109:d=8  hl=2 l=  22 cons: SEQUENCE
7111:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
7123:d=9  hl=2 l=   8 prim: IA5STRING         :partners
7133:d=7  hl=2 l=  26 cons: SET
7135:d=8  hl=2 l=  24 cons: SEQUENCE
7137:d=9  hl=2 l=   3 prim: OBJECT            :commonName
7142:d=9  hl=2 l=  17 prim: PRINTABLESTRING   :Microsoft LSRA PA
7161:d=6  hl=2 l=  30 cons: SEQUENCE
7163:d=7  hl=2 l=  13 prim: UTCTIME           :100219214839Z
7178:d=7  hl=2 l=  13 prim: UTCTIME           :120219214839Z
7193:d=6  hl=2 l=  13 cons: SEQUENCE
7195:d=7  hl=2 l=  11 cons: SET
7197:d=8  hl=2 l=   9 cons: SEQUENCE
7199:d=9  hl=2 l=   3 prim: OBJECT            :commonName
7204:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :MS
7208:d=6  hl=4 l= 290 cons: SEQUENCE
7212:d=7  hl=2 l=  13 cons: SEQUENCE
7214:d=8  hl=2 l=   9 prim: OBJECT            :rsaEncryption
7225:d=8  hl=2 l=   0 prim: NULL
7227:d=7  hl=4 l= 271 prim: BIT STRING
7502:d=6  hl=4 l= 888 prim: cont [ 1 ]
8394:d=5  hl=2 l=  13 cons: SEQUENCE
8396:d=6  hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
8407:d=6  hl=2 l=   0 prim: NULL
8409:d=5  hl=4 l= 257 prim: BIT STRING
8670:d=4  hl=4 l=2418 cons: SEQUENCE
8674:d=5  hl=4 l=2138 cons: SEQUENCE
8678:d=6  hl=2 l=   3 cons: cont [ 0 ]
8680:d=7  hl=2 l=   1 prim: INTEGER           :02
8683:d=6  hl=2 l=  10 prim: INTEGER           :611A02B7000200000012
8695:d=6  hl=2 l=  13 cons: SEQUENCE
8697:d=7  hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
8708:d=7  hl=2 l=   0 prim: NULL
8710:d=6  hl=3 l= 185 cons: SEQUENCE
8713:d=7  hl=2 l=  11 cons: SET
8715:d=8  hl=2 l=   9 cons: SEQUENCE
8717:d=9  hl=2 l=   3 prim: OBJECT            :countryName
8722:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :US
8726:d=7  hl=2 l=  19 cons: SET
8728:d=8  hl=2 l=  17 cons: SEQUENCE
8730:d=9  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
8735:d=9  hl=2 l=  10 prim: PRINTABLESTRING   :Washington
8747:d=7  hl=2 l=  16 cons: SET
8749:d=8  hl=2 l=  14 cons: SEQUENCE
8751:d=9  hl=2 l=   3 prim: OBJECT            :localityName
8756:d=9  hl=2 l=   7 prim: PRINTABLESTRING   :Redmond
8765:d=7  hl=2 l=  30 cons: SET
8767:d=8  hl=2 l=  28 cons: SEQUENCE
8769:d=9  hl=2 l=   3 prim: OBJECT            :organizationName
8774:d=9  hl=2 l=  21 prim: PRINTABLESTRING   :Microsoft Corporation
8797:d=7  hl=2 l=  43 cons: SET
8799:d=8  hl=2 l=  41 cons: SEQUENCE
8801:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
8806:d=9  hl=2 l=  34 prim: PRINTABLESTRING   :Copyright (c) 1999 Microsoft Corp.
8842:d=7  hl=2 l=  54 cons: SET
8844:d=8  hl=2 l=  52 cons: SEQUENCE
8846:d=9  hl=2 l=   3 prim: OBJECT            :commonName
8851:d=9  hl=2 l=  45 prim: PRINTABLESTRING   :Microsoft Enforced Licensing Intermediate PCA
8898:d=6  hl=2 l=  30 cons: SEQUENCE
8900:d=7  hl=2 l=  13 prim: UTCTIME           :091211000358Z
8915:d=7  hl=2 l=  13 prim: UTCTIME           :161023080000Z
8930:d=6  hl=3 l= 194 cons: SEQUENCE
8933:d=7  hl=2 l=  11 cons: SET
8935:d=8  hl=2 l=   9 cons: SEQUENCE
8937:d=9  hl=2 l=   3 prim: OBJECT            :countryName
8942:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :US
8946:d=7  hl=2 l=  19 cons: SET
8948:d=8  hl=2 l=  17 cons: SEQUENCE
8950:d=9  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
8955:d=9  hl=2 l=  10 prim: PRINTABLESTRING   :Washington
8967:d=7  hl=2 l=  16 cons: SET
8969:d=8  hl=2 l=  14 cons: SEQUENCE
8971:d=9  hl=2 l=   3 prim: OBJECT            :localityName
8976:d=9  hl=2 l=   7 prim: PRINTABLESTRING   :Redmond
8985:d=7  hl=2 l=  30 cons: SET
8987:d=8  hl=2 l=  28 cons: SEQUENCE
8989:d=9  hl=2 l=   3 prim: OBJECT            :organizationName
8994:d=9  hl=2 l=  21 prim: PRINTABLESTRING   :Microsoft Corporation
9017:d=7  hl=2 l=  43 cons: SET
9019:d=8  hl=2 l=  41 cons: SEQUENCE
9021:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
9026:d=9  hl=2 l=  34 prim: PRINTABLESTRING   :Copyright (c) 2003 Microsoft Corp.
9062:d=7  hl=2 l=  63 cons: SET
9064:d=8  hl=2 l=  61 cons: SEQUENCE
9066:d=9  hl=2 l=   3 prim: OBJECT            :commonName
9071:d=9  hl=2 l=  54 prim: PRINTABLESTRING   :Microsoft Enforced Licensing Registration Authority CA
9127:d=6  hl=4 l= 290 cons: SEQUENCE
9131:d=7  hl=2 l=  13 cons: SEQUENCE
9133:d=8  hl=2 l=   9 prim: OBJECT            :rsaEncryption
9144:d=8  hl=2 l=   0 prim: NULL
9146:d=7  hl=4 l= 271 prim: BIT STRING
9421:d=6  hl=4 l=1391 cons: cont [ 3 ]
9425:d=7  hl=4 l=1387 cons: SEQUENCE
9429:d=8  hl=2 l=  15 cons: SEQUENCE
9431:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
9436:d=9  hl=2 l=   1 prim: BOOLEAN           :255
9439:d=9  hl=2 l=   5 prim: OCTET STRING      [HEX DUMP]:30030101FF
9446:d=8  hl=2 l=  29 cons: SEQUENCE
9448:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
9453:d=9  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414B4A1D8DEFB0EC4CB9D9F06CF360D911AF89F5BE3
9477:d=8  hl=2 l=  11 cons: SEQUENCE
9479:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
9484:d=9  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030201C6
9490:d=8  hl=2 l=  18 cons: SEQUENCE
9492:d=9  hl=2 l=   9 prim: OBJECT            :1.3.6.1.4.1.311.21.1
9503:d=9  hl=2 l=   5 prim: OCTET STRING      [HEX DUMP]:0203010001
9510:d=8  hl=2 l=  35 cons: SEQUENCE
9512:d=9  hl=2 l=   9 prim: OBJECT            :1.3.6.1.4.1.311.21.2
9523:d=9  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:04149B907838679529806B2FE354961A705FF1C311AD
9547:d=8  hl=2 l=  25 cons: SEQUENCE
9549:d=9  hl=2 l=   9 prim: OBJECT            :1.3.6.1.4.1.311.20.2
9560:d=9  hl=2 l=  12 prim: OCTET STRING      [HEX DUMP]:1E0A00530075006200430041
9574:d=8  hl=2 l=  31 cons: SEQUENCE
9576:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
9581:d=9  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:301680146A97E0C89FF449B48924B3E3D1A82286AAD49443
9607:d=8  hl=2 l=  84 cons: SEQUENCE
9609:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
9614:d=9  hl=2 l=  77 prim: OCTET STRING      [HEX DUMP]:304B3049A047A0458643687474703A2F2F63726C2E6D6963726F736F66742E636F6D2F706B692F63726C2F70726F64756374732F4D6963456E664C69635043415F31322D31302D30392E63726C
9693:d=8  hl=2 l=  31 cons: SEQUENCE
9695:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
9700:d=9  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:301606082B06010505070303060A2B0601040182370A0602
9726:d=8  hl=4 l=1086 cons: SEQUENCE
9730:d=9  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.311.2.1.10
9742:d=9  hl=2 l=   1 prim: BOOLEAN           :255
9745:d=9  hl=4 l=1067 prim: OCTET STRING      [HEX DUMP]:3082041FA029802768747470733A2F2F7777772E6D6963726F736F66742E636F6D2F7265706F7369746F72792F435053A18203B8818203B45468697320636572746966696361746520696E636F72706F7261746573206279207265666572656E63652C20616E642069747320757365206973207374726963746C790A7375626A65637420746F2C20746865204D6963726F736F66742043657274696669636174696F6E2050726163746963652053746174656D656E742028435053290A76657273696F6E20322E302C20617661696C61626C6520696E20746865204D6963726F736F6674207265706F7369746F72792061743A0A68747470733A2F2F7777772E6D6963726F736F66742E636F6D3B20627920452D6D61696C206174204350532D7265717565737473406D6963726F736F66742E636F6D3B206F720A6279206D61696C206174204D6963726F736F667420436F72702C20646570742E204350532C31204D6963726F736F6674205761792C5265646D6F6E642C2057412039383035320A55534120436F707972696768742028632931393939204D6963726F736F667420436F72702E2020416C6C205269676874732052657365727665642E204345525441494E0A57415252414E5449455320444953434C41494D454420414E44204C494142494C495459204C494D495445442E0A0A5741524E494E473A2054484520555345204F462054484953204345525449464943415445204953205354524943544C59205355424A45435420544F205448450A564552495349474E2043455254494649434154494F4E2050524143544943452053544154454D454E542E20205448452049535355494E4720415554484F524954590A444953434C41494D53204345525441494E20494D504C49454420414E4420455850524553532057415252414E544945532C20494E434C5544494E472057415252414E544945530A4F46204D45524348414E544142494C495459204F52204649544E45535320464F52204120504152544943554C415220505552504F53452C20414E442057494C4C204E4F540A4245204C4941424C4520464F5220434F4E53455155454E5449414C2C2050554E49544956452C20414E44204345525441494E204F544845522044414D414745532E205345450A5448452043505320464F522044455441494C532E0A0A436F6E74656E7473206F6620746865204D6963726F736F66742072656769737465726564206E6F6E76657269666965645375626A656374417474726962757465730A657874656E73696F6E2076616C7565207368616C6C206E6F7420626520636F6E7369646572656420617320616363757261746520696E666F726D6174696F6E0A76616C696461746564206279207468652049412E0AA336803468747470733A2F2F7777772E6D6963726F736F66742E636F6D2F7265706F7369746F72792F6D736370736C6F676F2E676966
10816:d=5  hl=2 l=  13 cons: SEQUENCE
10818:d=6  hl=2 l=   9 prim: OBJECT            :md5WithRSAEncryption
10829:d=6  hl=2 l=   0 prim: NULL
10831:d=5  hl=4 l= 257 prim: BIT STRING
11092:d=3  hl=4 l= 902 cons: SET
11096:d=4  hl=4 l= 898 cons: SEQUENCE
11100:d=5  hl=2 l=   1 prim: INTEGER           :01
11103:d=5  hl=3 l= 135 cons: SEQUENCE
11106:d=6  hl=3 l= 128 cons: SEQUENCE
11109:d=7  hl=2 l=  19 cons: SET
11111:d=8  hl=2 l=  17 cons: SEQUENCE
11113:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
11125:d=9  hl=2 l=   3 prim: IA5STRING         :com
11130:d=7  hl=2 l=  25 cons: SET
11132:d=8  hl=2 l=  23 cons: SEQUENCE
11134:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
11146:d=9  hl=2 l=   9 prim: IA5STRING         :microsoft
11157:d=7  hl=2 l=  24 cons: SET
11159:d=8  hl=2 l=  22 cons: SEQUENCE
11161:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
11173:d=9  hl=2 l=   8 prim: IA5STRING         :extranet
11183:d=7  hl=2 l=  24 cons: SET
11185:d=8  hl=2 l=  22 cons: SEQUENCE
11187:d=9  hl=2 l=  10 prim: OBJECT            :domainComponent
11199:d=9  hl=2 l=   8 prim: IA5STRING         :partners
11209:d=7  hl=2 l=  26 cons: SET
11211:d=8  hl=2 l=  24 cons: SEQUENCE
11213:d=9  hl=2 l=   3 prim: OBJECT            :commonName
11218:d=9  hl=2 l=  17 prim: PRINTABLESTRING   :Microsoft LSRA PA
11237:d=6  hl=2 l=   2 prim: INTEGER           :1B7E
11241:d=5  hl=2 l=   9 cons: SEQUENCE
11243:d=6  hl=2 l=   5 prim: OBJECT            :sha1
11250:d=6  hl=2 l=   0 prim: NULL
11252:d=5  hl=2 l=  82 cons: cont [ 0 ]
11254:d=6  hl=2 l=  16 cons: SEQUENCE
11256:d=7  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.311.2.1.12
11268:d=7  hl=2 l=   2 cons: SET
11270:d=8  hl=2 l=   0 cons: SEQUENCE
11272:d=6  hl=2 l=  25 cons: SEQUENCE
11274:d=7  hl=2 l=   9 prim: OBJECT            :contentType
11285:d=7  hl=2 l=  12 cons: SET
11287:d=8  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.311.2.1.4
11299:d=6  hl=2 l=  35 cons: SEQUENCE
11301:d=7  hl=2 l=   9 prim: OBJECT            :messageDigest
11312:d=7  hl=2 l=  22 cons: SET
11314:d=8  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:97C9EC15184C875947428F505D9142C70F34DDE2
11336:d=5  hl=2 l=  13 cons: SEQUENCE
11338:d=6  hl=2 l=   9 prim: OBJECT            :rsaEncryption
11349:d=6  hl=2 l=   0 prim: NULL
11351:d=5  hl=4 l= 256 prim: OCTET STRING      [HEX DUMP]:5C74311B4DD6028410BD229E42EFFF6E6F092FA1F4008DF8F05C2B65B7ADE7ACEA61B5BB51E18C224883703C69E8F66BDC1A15097CE9C975191D5E5061B1521D906630C8F6C6F0F1841D84F1AB8B9EE6AE56EAF85310FCD67520A7A6D6D0587170DDC286DBE0E5C40E4ED5C21D466BE9F0E521B89D10214EA1D1AC6E566A3077915DB8C98BB5F54CE347E9B7B3C68973C823CD602FAFEB4F8A0B4A93014836F78498E41F6B15A088A0A9AD95EFA89F9AEFB0CCF620318FCA28E19EDAEE1C46BE70B3479CFE87795909FD07E46B14728CF3FF0D5B701A7678AEFE592C6A9C22BDF0DA7068FFA48612EA59D29DE015362C936A96B1F13EC4720787FFB7C45ED37C
11611:d=5  hl=4 l= 383 cons: cont [ 1 ]
11615:d=6  hl=4 l= 379 cons: SEQUENCE
11619:d=7  hl=2 l=   9 prim: OBJECT            :countersignature
11630:d=7  hl=4 l= 364 cons: SET
11634:d=8  hl=4 l= 360 cons: SEQUENCE
11638:d=9  hl=2 l=   1 prim: INTEGER           :01
11641:d=9  hl=2 l= 103 cons: SEQUENCE
11643:d=10 hl=2 l=  83 cons: SEQUENCE
11645:d=11 hl=2 l=  11 cons: SET
11647:d=12 hl=2 l=   9 cons: SEQUENCE
11649:d=13 hl=2 l=   3 prim: OBJECT            :countryName
11654:d=13 hl=2 l=   2 prim: PRINTABLESTRING   :US
11658:d=11 hl=2 l=  23 cons: SET
11660:d=12 hl=2 l=  21 cons: SEQUENCE
11662:d=13 hl=2 l=   3 prim: OBJECT            :organizationName
11667:d=13 hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
11683:d=11 hl=2 l=  43 cons: SET
11685:d=12 hl=2 l=  41 cons: SEQUENCE
11687:d=13 hl=2 l=   3 prim: OBJECT            :commonName
11692:d=13 hl=2 l=  34 prim: PRINTABLESTRING   :VeriSign Time Stamping Services CA
11728:d=10 hl=2 l=  16 prim: INTEGER           :3825D7FAF861AF9EF490E726B5D65AD5
11746:d=9  hl=2 l=   9 cons: SEQUENCE
11748:d=10 hl=2 l=   5 prim: OBJECT            :sha1
11755:d=10 hl=2 l=   0 prim: NULL
11757:d=9  hl=2 l=  93 cons: cont [ 0 ]
11759:d=10 hl=2 l=  24 cons: SEQUENCE
11761:d=11 hl=2 l=   9 prim: OBJECT            :contentType
11772:d=11 hl=2 l=  11 cons: SET
11774:d=12 hl=2 l=   9 prim: OBJECT            :pkcs7-data
11785:d=10 hl=2 l=  28 cons: SEQUENCE
11787:d=11 hl=2 l=   9 prim: OBJECT            :signingTime
11798:d=11 hl=2 l=  15 cons: SET
11800:d=12 hl=2 l=  13 prim: UTCTIME           :101228135440Z
11815:d=10 hl=2 l=  35 cons: SEQUENCE
11817:d=11 hl=2 l=   9 prim: OBJECT            :messageDigest
11828:d=11 hl=2 l=  22 cons: SET
11830:d=12 hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:CFA34538FAC770650FE1811558E4E847A2F7F0F3
11852:d=9  hl=2 l=  13 cons: SEQUENCE
11854:d=10 hl=2 l=   9 prim: OBJECT            :rsaEncryption
11865:d=10 hl=2 l=   0 prim: NULL
11867:d=9  hl=3 l= 128 prim: OCTET STRING      [HEX DUMP]:71A030E6FD76A90A4B00C636CDF8E6A2EE51EF628E4A67392BB1A7202929C69AC01CC57FD0B3A954B733105044E216E3EE8943B7FDEDB704E4A1DD4A0142DAD8A355B85D370E48448D0EBE513D36B51C2B8C2FA7D061AAC00BB7B7ACC7F6AA9D54E72F9A4B3F674173B01CC1C14A594CE2D43B3888F0D7E0C82467EF17A6A70F
11998:d=0  hl=2 l=   0 prim: EOC

base64:

MIIu2gYJKoZIhvcNAQcCoIIuyzCCLscCAQExCzAJBgUrDgMCGgUAMGgGCisGAQQB
gjcCAQSgWjBYMDMGCisGAQQBgjcCAQ8wJQMBAKAgoh6AHAA8ADwAPABPAGIAcwBv
AGwAZQB0AGUAPgA+AD4wITAJBgUrDgMCGgUABBQd3NtNVJNJ6ol6NmchTdxqQF1n
A6CCKr8wggN6MIICYqADAgECAhA4Jdf6+GGvnvSQ5ya11lrVMA0GCSqGSIb3DQEB
BQUAMFMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjErMCkG
A1UEAxMiVmVyaVNpZ24gVGltZSBTdGFtcGluZyBTZXJ2aWNlcyBDQTAeFw0wNzA2
MTUwMDAwMDBaFw0xMjA2MTQyMzU5NTlaMFwxCzAJBgNVBAYTAlVTMRcwFQYDVQQK
Ew5WZXJpU2lnbiwgSW5jLjE0MDIGA1UEAxMrVmVyaVNpZ24gVGltZSBTdGFtcGlu
ZyBTZXJ2aWNlcyBTaWduZXIgLSBHMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAxLXyUhW8iIZgKRZKWy9LkWuHkfM1VFg16tE2XmJNUlE0ccJ7Zh2JyN0qxGoK
9jfZmHSR9pKusLV2lvGpSmNFRy5rC5JOSyuM7lhKi9QH5Bos+IKqWNnNQvMtwHXe
javHjh2abEwIlR7e2+9n4XLCScKeYDzh4r4Wo2N4aRR7rS0CAwEAAaOBxDCBwTA0
BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWdu
LmNvbTAMBgNVHRMBAf8EAjAAMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwu
dmVyaXNpZ24uY29tL3Rzcy1jYS5jcmwwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgw
DgYDVR0PAQH/BAQDAgbAMB4GA1UdEQQXMBWkEzARMQ8wDQYDVQQDEwZUU0ExLTIw
DQYJKoZIhvcNAQEFBQADggEBAFDFS8gkgN/kDSTC3hqxoQKhpoItDIMVgTcKgg4s
sFoXYbXYBf6I2/GRkbNWGkCm65K+ODmwdTZ0OphP5De6mYnKlUIdsLnHoI1X4PrV
ZARCNU4B0TOiF8hNqifH8uGGTAI4TYN4xvxT4OvgBofdpJaeXgyY4qW+v4KFw2Dh
360o2MelS2Taxxtbvaw5CNU4IqEziy+Kmuu8ByE/REEJB7VlHCS8SNNEgOuhz8kC
tBTPVMcWo4Bc+Xk+XXJ9iBeeLEOiylPOfT32Kjq4T5QApW0Kg135XlP0GLNXD3DD
+/WtlaAOF97EFoBgyQ8rboYE8ev0eCfRBcXuNFteuUky8jMwggPEMIIDLaADAgEC
AhBHvxmV341SRkP3221IDTGkMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRQwEgYDVQQHEwtEdXJiYW52aWxsZTEP
MA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRUaGF3dGUgQ2VydGlmaWNhdGlvbjEf
MB0GA1UEAxMWVGhhd3RlIFRpbWVzdGFtcGluZyBDQTAeFw0wMzEyMDQwMDAwMDBa
Fw0xMzEyMDMyMzU5NTlaMFMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
biwgSW5jLjErMCkGA1UEAxMiVmVyaVNpZ24gVGltZSBTdGFtcGluZyBTZXJ2aWNl
cyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKnKsqTMzSCvCn2J
rId18LRO8d/BD79nYb2jZBzau/nKM6uEMIlYfozba902ng+/0ex48nemfm88v5Ov
Dbpo9GyUyr1SLatIPfW21V1fGwKf+i9rHqT3o5qmGsgC4X9MUuMOYOxAHH65Dd4/
x7Tfh71femoxLgOZgROoRyDOMXMNVy3NeDQzlRKZErneaC+q5uPCiowqw4shh2a9
g1hXb3W/PKomh13KEBU8n4TqVMEKbsT+xUrduQcRlyJ82z4n0R547J8xyfHmIhnb
xLNHQ5oaX6AekORe9e588X2rYgGP9U0L3tAiVqiVza6Idq7uug3z5E3ZoPtooK4U
O7OHwbsCAwEAAaOB2zCB2DA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMEEGA1Ud
HwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL1RoYXd0ZVRpbWVz
dGFtcGluZ0NBLmNybDATBgNVHSUEDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMC
AQYwJAYDVR0RBB0wG6QZMBcxFTATBgNVBAMTDFRTQTIwNDgtMS01MzANBgkqhkiG
9w0BAQUFAAOBgQBKa/nqWMJEHDGJeZkrlr+CrAHWHEzNsIpYbt8IKaNeyMqTE+cE
Ug3vRycvADiw5MmTTprUImIV9z83IU9wMYDxiziHs+jolwD+z1WWTiTSqSdOeq63
YUHzKs7nydle3bsrhT61nbXZ4Vf/vrTFfvXPDJ7wl/4r0ztSGxs4J/c/SjCCBBIw
ggL6oAMCAQICDwDBAIs8PIgR0T72Y+zfQDANBgkqhkiG9w0BAQQFADBwMSswKQYD
VQQLEyJDb3B5cmlnaHQgKGMpIDE5OTcgTWljcm9zb2Z0IENvcnAuMR4wHAYDVQQL
ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xITAfBgNVBAMTGE1pY3Jvc29mdCBSb290
IEF1dGhvcml0eTAeFw05NzAxMTAwNzAwMDBaFw0yMDEyMzEwNzAwMDBaMHAxKzAp
BgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNV
BAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJv
b3QgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQK9
wXDmO/JOGyifl3heMOqiqY0lX/j+lUyjt/6doiA+fFGim6KPYDJr0UJkee6sdslU
2vLrnIYcj5+EZrPFa3piI9YdPN4PAZLolsS/LWaammgmmdA6LL8MtVgmwUbnCj44
liypKDmo7EmDQuOED7uabFVhrIJ8oWAtd0zpmbRkO5pQHDEIJBSfqeeRKxjmPZhj
FGBYBWWfHTdSh/en75QCxhvTv1VFs4mAvzrsVJROrv2nem10Tq8YzJYJKCEAV5Bg
aTe7SxIHPFb/W/ukZgoIptKBVlfvtjteFoF3BNr2vq6Alf6wzX/WpxpyXDzKvPAI
oyIwswaFybMgdxOF3wIDAQABo4GoMIGlMIGiBgNVHQEEgZowgZeAEFvQcO9pcp4j
UX4Usk2O/8uhcjBwMSswKQYDVQQLEyJDb3B5cmlnaHQgKGMpIDE5OTcgTWljcm9z
b2Z0IENvcnAuMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xITAfBgNV
BAMTGE1pY3Jvc29mdCBSb290IEF1dGhvcml0eYIPAMEAizw8iBHRPvZj7N9AMA0G
CSqGSIb3DQEBBAUAA4IBAQCV6AvAjfOXGDXtuAEk2HcR81xgMp+eC8s+BZGIj8k6
5iHy8FeTLLWgR8hi7/zXzDs7Wqk2VGn+JG0/ycyq3gV83TGNPZ8QcGq7/hJPGGnA
/NBD4xFaIE/qYnuvqhnIKzclLb5loRKKJQ9jo/dUHPkhydYV81KsbkMyB/2CF/jl
Z2wNUfa98VLHvefEMPwgMQmIHZUpGk3VHQKl8YDgA7Rb9LHdyFfuZUnHUlS2tAMo
Ev+Q1vAIj364l8WrNyzkeuSod+N2oADQaj/B0jaK4EESqDVqG2rbNeHUHATkqEUE
yFozOG5NHA1itwqijNPVVD9GzRxVpnDbEjqHk3Wfp9KgMIIEwzCCA6ugAwIBAgIK
OqsR3uUvGxnQVjANBgkqhkiG9w0BAQQFADBwMSswKQYDVQQLEyJDb3B5cmlnaHQg
KGMpIDE5OTcgTWljcm9zb2Z0IENvcnAuMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29y
cG9yYXRpb24xITAfBgNVBAMTGE1pY3Jvc29mdCBSb290IEF1dGhvcml0eTAeFw0w
OTEyMTAwMTU1MzVaFw0xNjEwMjMwODAwMDBaMIG5MQswCQYDVQQGEwJVUzETMBEG
A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj
cm9zb2Z0IENvcnBvcmF0aW9uMSswKQYDVQQLEyJDb3B5cmlnaHQgKGMpIDE5OTkg
TWljcm9zb2Z0IENvcnAuMTYwNAYDVQQDEy1NaWNyb3NvZnQgRW5mb3JjZWQgTGlj
ZW5zaW5nIEludGVybWVkaWF0ZSBQQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQD6yT81y7RCTBmomOL05srFsv/pKSVjmrfruSgrp1gfBd/Y+M9K8ZJH
FcC14EIyN4KZ1ks6WtZ6JSqbE491dcueUsZlq2oKtX9/IGmkWQQst7XrfywNgqg7
ENF/o0454CgsOfN41IR3NrpoD+hd5VLhbOJ41tfGudx7CEStfXLuSvTWWqhZY/Sg
7vMoVX0reGguebYd5q9pigm6OYi0kmUNEhcJ6iqkuEqOQPN03qR05QhaJcyAenYu
7v8hTrBlbGRQXK2PxlmbBz4F+OWSy9lWHTAPcvCsqF1DQf/J/V76gcw73PD9Vkwh
fH9e7XMwOj/y6JOL1fPNDicUSWeUzrklAgMBAAGjggETMIIBDzArBgNVHSUEJDAi
BggrBgEFBQcDAwYKKwYBBAGCNwoGAQYKKwYBBAGCNwoGAjCBogYDVR0BBIGaMIGX
gBBb0HDvaXKeI1F+FLJNjv/LoXIwcDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAx
OTk3IE1pY3Jvc29mdCBDb3JwLjEeMBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0
aW9uMSEwHwYDVQQDExhNaWNyb3NvZnQgUm9vdCBBdXRob3JpdHmCDwDBAIs8PIgR
0T72Y+zfQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRql+DIn/RJtIkks+PR
qCKGqtSUQzALBgNVHQ8EBAMCAYYwDQYJKoZIhvcNAQEEBQADggEBAF0raKXi2scr
XHfs6g4f445BV2C0jz+iiNIPdxqSnzdZuxWX3KhzVmCH4z28tOEQZC3IuNaBAAaJ
H5ZBrAUayngA2dtftvlxh44Ee/p48h4v34uzBP56zO+vXpjaHa2UlXSw2YeXWBxP
pILH+bOuCQYSfsv9ImqUmUrDuTJEh7y/93xgbIjMwP22XBQZcTFfmdLbpwydwnWd
uu2xiGxSG0JaLbDjEwR4/1HXWOcYwAGM+EMSqJ2MtYHzcKCtGcbk5ETlVQVQ04hA
ZarQAg4ATYS7ajkMbYjxHtaVcjRwm8Wmb2a8lBTfNP/kYzqTMRPeoCx6c2h8DkSY
oKg3Pi46WyIwggUuMIIEFqADAgECAgoUUVsCAAAAAAAIMA0GCSqGSIb3DQEBBAUA
MIGAMRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9z
b2Z0MRgwFgYKCZImiZPyLGQBGRYIZXh0cmFuZXQxGDAWBgoJkiaJk/IsZAEZFghw
YXJ0bmVyczEaMBgGA1UEAxMRTWljcm9zb2Z0IExTUkEgUEEwHhcNMTAwMjIzMTky
MTM2WhcNMTIwMjE5MjE0ODM5WjBdMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MRMw
EQYDVQQDEwpUTFMgU2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4
iPtC1DGw99f03DVZjpzjY9n+gZhtWIAQUZueEQRQ6Snmk6Uj+BB14KahnwdTdxSz
28jrq3cOiJql8inUkHPl1xMT4gVXCGkd5EK9lQCKKkNT18rYDUyjhT5wz4Avcb0Y
u3fT0nFdR0McYJw1EZ82stlsNz0LBzR+zCsRFLxNtQIDAQABo4ICTjCCAkowDgYD
VR0PAQH/BAQDAgbAMB0GA1UdDgQWBBTFAeMgsYgDUX5lE6ixYn3QzGvZFzAfBgNV
HSMEGDAWgBR16ANYXftl5NmmrBe2A35HrS6BrzCBwgYDVR0fBIG6MIG3MIG0oIGx
oIGuhlZodHRwOi8vdGt4cGFzcnYzNi5wYXJ0bmVycy5leHRyYW5ldC5taWNyb3Nv
ZnQuY29tL0NlcnRFbnJvbGwvTWljcm9zb2Z0JTIwTFNSQSUyMFBBLmNybIZUZmls
ZTovL1xcdGt4cGFzcnYzNi5wYXJ0bmVycy5leHRyYW5ldC5taWNyb3NvZnQuY29t
XENlcnRFbnJvbGxcTWljcm9zb2Z0IExTUkEgUEEuY3JsMIIBMQYIKwYBBQUHAQEE
ggEjMIIBHzCBjgYIKwYBBQUHMAKGgYFodHRwOi8vdGt4cGFzcnYzNi5wYXJ0bmVy
cy5leHRyYW5ldC5taWNyb3NvZnQuY29tL0NlcnRFbnJvbGwvdGt4cGFzcnYzNi5w
YXJ0bmVycy5leHRyYW5ldC5taWNyb3NvZnQuY29tX01pY3Jvc29mdCUyMExTUkEl
MjBQQS5jcnQwgYsGCCsGAQUFBzAChn9maWxlOi8vXFx0a3hwYXNydjM2LnBhcnRu
ZXJzLmV4dHJhbmV0Lm1pY3Jvc29mdC5jb21cQ2VydEVucm9sbFx0a3hwYXNydjM2
LnBhcnRuZXJzLmV4dHJhbmV0Lm1pY3Jvc29mdC5jb21fTWljcm9zb2Z0IExTUkEg
UEEuY3J0MA0GCSqGSIb3DQEBBAUAA4IBAQBjHfEbcwiMBI6cqhx5nss/bCKqQaBm
IY9JIZ5Ddw4imiUCshVl8WuCLaX2BZ02TCWuhTw6TmCdKsuwJKZtXFpehd/2Z35x
nCHwdkKimDINe2EGWMbBoThe8ZyN16ykNYAZ7eVOgUun0kvmsYSWB4Ch0x9q/Noi
odlbx82kn5b3EamUXql5E42JsK/v2uX00W6NtyTlpn+SGUC0CzwDIyfxeJSaBdPh
12z02kYrXwtxOYUm5Yv7+Ti82M0Gd1X1WZCTXARED+0yGVxDZ12oDjPHVGkNKy9L
+PSqAsGuO/Yyv/Ni+ePQJK07ZjmhXodbUNXIUfOLpivXf2N/vCa8mWxoMIIFbDCC
BFSgAwIBAgIKYQNzxQABAAAAGjANBgkqhkiG9w0BAQQFADCBwjELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV
BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UECxMiQ29weXJpZ2h0IChj
KSAyMDAzIE1pY3Jvc29mdCBDb3JwLjE/MD0GA1UEAxM2TWljcm9zb2Z0IEVuZm9y
Y2VkIExpY2Vuc2luZyBSZWdpc3RyYXRpb24gQXV0aG9yaXR5IENBMB4XDTEwMDIx
OTIxNDgzOVoXDTEyMDIxOTIxNDgzOVowgYAxEzARBgoJkiaJk/IsZAEZFgNjb20x
GTAXBgoJkiaJk/IsZAEZFgltaWNyb3NvZnQxGDAWBgoJkiaJk/IsZAEZFghleHRy
YW5ldDEYMBYGCgmSJomT8ixkARkWCHBhcnRuZXJzMRowGAYDVQQDExFNaWNyb3Nv
ZnQgTFNSQSBQQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANcnMmNQ
vMpnbETCCAr7qugl/+Wo8zJTC1OvtynMLJE0AfFSWVVz31YsJa5B0SreCdGQQb8s
x23mGw1cH8RiBh9yavym1xlXwQZCNVB47G2iE7CQnQyd2F+3v/DMsam4wfe5qeMU
xpq7aozIb7vE5jvewxYlz3bUfOWIgOlOJ225xvumbrBlFeNNsxvprPqHN4rpgdFO
SSa4JnI9v8zL05xVz6krSyJ4RIULBO4JhLtlxDGKgzv6U5ih/aH0THFM6RWHKxPv
3NZShO0c5TVKIiwUhGvyiu+b9tN1zm0OgR9t3yLus+wBNtj/aP9OunXVThjmtAB+
uaPuMS5OoAzlIesCAwEAAaOCAaIwggGeMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYD
VR0OBBYEFHXoA1hd+2Xk2aasF7YDfketLoGvMAsGA1UdDwQEAwIBhjAQBgkrBgEE
AYI3FQEEAwIBADAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSMEGDAW
gBS0odje+w7Ey52fBs82DZEa+J9b4zCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhkpo
dHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNFbmZM
aWNSZWdBdXRDQV8yMDA5LTEyLTEwLmNybIZKaHR0cDovL3d3dy5taWNyb3NvZnQu
Y29tL3BraS9jcmwvcHJvZHVjdHMvTWljRW5mTGljUmVnQXV0Q0FfMjAwOS0xMi0x
MC5jcmwwXwYIKwYBBQUHAQEEUzBRME8GCCsGAQUFBzAChkNodHRwOi8vd3d3Lm1p
Y3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY0VuZkxpY1JlZ0F1dENBXzIwMDktMTIt
MTAuY3J0MA0GCSqGSIb3DQEBBAUAA4IBAQBctVm7E4zcVQBIJFON/glp645e+Xlt
kjN68il/YR3H/kzwG1qt/2w2vCAKAzFqbqCsayfImZxdKYClwGFCL7UK8y5ps28+
ZOEzWwN78bfJJKBAkSkiB1IbUjm3ScgW+eLkVKdnR2SG/MbPMrmRSTBmDp+m12zg
SH4RZUJI+w4JCTqqSObuXAxRQFgZi0wmku7IVZNAIJHU3DPd0uYcEtZyu8CtUy/4
mUMRSmzcofQMWiG1Beqs6FAfKQTJgceOlSx8ck946cVMxI7I2+4JEHtbOMmzuRit
h/YbmCXaGlZhdskSfJgaBvCghjhqJQ9duR9/wIVqqmn7I5HKQYoMGURcMIIGgDCC
BWigAwIBAgICG34wCQYFKw4DAgMFADCBgDETMBEGCgmSJomT8ixkARkWA2NvbTEZ
MBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEYMBYGCgmSJomT8ixkARkWCGV4dHJh
bmV0MRgwFgYKCZImiZPyLGQBGRYIcGFydG5lcnMxGjAYBgNVBAMTEU1pY3Jvc29m
dCBMU1JBIFBBMB4XDTEwMDIxOTIxNDgzOVoXDTEyMDIxOTIxNDgzOVowDTELMAkG
A1UEAxMCTVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmiUNvxsqd
Qq29KNVGSeBV8sw44D3AfLodyruSxL5MXxr51kJLNAsviqzLlzHvdi/Dha+Vk0dG
9v98yt/I+dBq7N8OkVUjq2QGkNM3g6gOPl5/dzVmdCCHQh8lF4rVKAU4BchIbWN2
Pv1aEWcHCW2YowhK8RF/gKdON9TwDjR61bqDrWAeV0RlUHLNrx7QHjDC62pR4qpU
hVf6nLFZ6CRe1DjTVoFo1QWLSCWSohEb6FFU2dkEYO4c+2rs8G44u63aNYdjdIbv
H82AkqKYOpeavTXRfS46RwRIF3Tbo2fZgnjgdyzMrDlhptidqvzeb2BMfHMHMZMv
ZyhKftGuTELdAgMBAAGBggN4AGpM4B/1kWmydDbwf3tLe8a+6z+fmD2jhIdUfnKH
cSVLaDWuZb1sj9yNrMTomJLe3FNi9XJqJSejEkbrf21YzTCD13qFuEjmDgERaGV9
UzgLQPQ7aENZwTwFw0AmnVGX4usuuMIZbk6URjvY1P0NANFo+t/z+hiKfGWb2iMR
nxamiyMkiIciaRnCEeqdNoGt++iL0tDrBvIaho3GhPOIxeDZZMZIldS+01RIkeZs
6R4zlxVC7rRtHxULJ90Iu4HetpYWOdkmRGpf0Ws/EnHc8Jli0kMUWPhu+CI10pD3
/ZNqxEm4ywzpZaj3IrXyBRkg7yVjx7OXSoI+suPutF7LHbNZj430eQGxtmiJFLSP
nWDXcaU9lQIDAQABo4ICWjCCAlYwHQYDVR0OBBYEFJqaXXe9hGak8d4YEBtuZ6WX
wRSHMB8GA1UdIwQYMBaAFHXoA1hd+2Xk2aasF7YDfketLoGvMIHCBgNVHR8Egbow
gbcwgbSggbGgga6GVmh0dHA6Ly90a3hwYXNydjM2LnBhcnRuZXJzLmV4dHJhbmV0
Lm1pY3Jvc29mdC5jb20vQ2VydEVucm9sbC9NaWNyb3NvZnQlMjBMU1JBJTIwUEEu
Y3JshlRmaWxlOi8vXFx0a3hwYXNydjM2LnBhcnRuZXJzLmV4dHJhbmV0Lm1pY3Jv
c29mdC5jb21cQ2VydEVucm9sbFxNaWNyb3NvZnQgTFNSQSBQQS5jcmwwggExBggr
BgEFBQcBAQSCASMwggEfMIGOBggrBgEFBQcwAoaBgWh0dHA6Ly90a3hwYXNydjM2
LnBhcnRuZXJzLmV4dHJhbmV0Lm1pY3Jvc29mdC5jb20vQ2VydEVucm9sbC90a3hw
YXNydjM2LnBhcnRuZXJzLmV4dHJhbmV0Lm1pY3Jvc29mdC5jb21fTWljcm9zb2Z0
JTIwTFNSQSUyMFBBLmNydDCBiwYIKwYBBQUHMAKGf2ZpbGU6Ly9cXHRreHBhc3J2
MzYucGFydG5lcnMuZXh0cmFuZXQubWljcm9zb2Z0LmNvbVxDZXJ0RW5yb2xsXHRr
eHBhc3J2MzYucGFydG5lcnMuZXh0cmFuZXQubWljcm9zb2Z0LmNvbV9NaWNyb3Nv
ZnQgTFNSQSBQQS5jcnQwGgYIKwYBBAGCNxIBAf8ECxYJVExTfkJBU0lDMA0GCSqG
SIb3DQEBBAUAA4IBAQAASqtzcoNxMagEpNUnz8xaynbKZ0wFWEu3B+iUBIalEABQ
NKFx/l39m0spf1zKUseLwH1JyYsj4V3zisMlq0gHP/X073fcRtKylwvJfruvKV/s
3kAr6LvlErX3TXF7lDVQV+j77mfzhdvt1mR48XxxcHUCF2hmSbspXOXySuPK3Iz2
bWKc0F/mPrHh5c2HHX6X4thOEXuKS1Z5nfsE/4DKAa82rMggDtdJFBBP5zxkrDDd
0UxcNe8Wv290uxn9JiSxEsUFRKkfQmsflg3JSji1AI2zZPpo/tGqzoz3IFDRF3Cz
kIV/ckjC0wPD57z0D2MBoHG3p+zWuUgX3aFDormWMIIJcjCCCFqgAwIBAgIKYRoC
twACAAAAEjANBgkqhkiG9w0BAQQFADCBuTELMAkGA1UEBhMCVVMxEzARBgNVBAgT
Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m
dCBDb3Jwb3JhdGlvbjErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk5IE1pY3Jv
c29mdCBDb3JwLjE2MDQGA1UEAxMtTWljcm9zb2Z0IEVuZm9yY2VkIExpY2Vuc2lu
ZyBJbnRlcm1lZGlhdGUgUENBMB4XDTA5MTIxMTAwMDM1OFoXDTE2MTAyMzA4MDAw
MFowgcIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKzApBgNV
BAsTIkNvcHlyaWdodCAoYykgMjAwMyBNaWNyb3NvZnQgQ29ycC4xPzA9BgNVBAMT
Nk1pY3Jvc29mdCBFbmZvcmNlZCBMaWNlbnNpbmcgUmVnaXN0cmF0aW9uIEF1dGhv
cml0eSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI6YB+1GUDCq
ipVeNn+8cTChHUnP55b/L5oJFhLwmDFVRVJAY31XZ0aiKwiYbZvGaSVAh0nnATeE
AB1pnYUv4aAsJ4NMdWCLLOv5kI5eSo/901uMicgP+M8unzyKPUHMtoQMnHOXRt1S
JhKlRI3fClAfSnnc4xk87+2CyYkUkf2ZaaTyiqbIjr04O4AwilnIoKvecUQbJPm5
oY8Znf0ZtGkWF6IjMacREmXNwJ14XULllY4TL6z4AIdulu9z1A9+PJ+BR9Afj3kd
PD/LrjQi1s38IYA1EQ2pkMxVtGX8LTd9gHqX7ltKxT6LA6quTSI3ZnCEHGnF15ea
jx46siSEj+8CAwEAAaOCBW8wggVrMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
FLSh2N77DsTLnZ8GzzYNkRr4n1vjMAsGA1UdDwQEAwIBxjASBgkrBgEEAYI3FQEE
BQIDAQABMCMGCSsGAQQBgjcVAgQWBBSbkHg4Z5UpgGsv41SWGnBf8cMRrTAZBgkr
BgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSMEGDAWgBRql+DIn/RJtIkks+PR
qCKGqtSUQzBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLm1pY3Jvc29mdC5j
b20vcGtpL2NybC9wcm9kdWN0cy9NaWNFbmZMaWNQQ0FfMTItMTAtMDkuY3JsMB8G
A1UdJQQYMBYGCCsGAQUFBwMDBgorBgEEAYI3CgYCMIIEPgYKKwYBBAGCNwIBCgEB
/wSCBCswggQfoCmAJ2h0dHBzOi8vd3d3Lm1pY3Jvc29mdC5jb20vcmVwb3NpdG9y
eS9DUFOhggO4gYIDtFRoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJl
ZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkKc3ViamVjdCB0bywgdGhl
IE1pY3Jvc29mdCBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudCAoQ1BT
KQp2ZXJzaW9uIDIuMCwgYXZhaWxhYmxlIGluIHRoZSBNaWNyb3NvZnQgcmVwb3Np
dG9yeSBhdDoKaHR0cHM6Ly93d3cubWljcm9zb2Z0LmNvbTsgYnkgRS1tYWlsIGF0
IENQUy1yZXF1ZXN0c0BtaWNyb3NvZnQuY29tOyBvcgpieSBtYWlsIGF0IE1pY3Jv
c29mdCBDb3JwLCBkZXB0LiBDUFMsMSBNaWNyb3NvZnQgV2F5LFJlZG1vbmQsIFdB
IDk4MDUyClVTQSBDb3B5cmlnaHQgKGMpMTk5OSBNaWNyb3NvZnQgQ29ycC4gIEFs
bCBSaWdodHMgUmVzZXJ2ZWQuIENFUlRBSU4KV0FSUkFOVElFUyBESVNDTEFJTUVE
IEFORCBMSUFCSUxJVFkgTElNSVRFRC4KCldBUk5JTkc6IFRIRSBVU0UgT0YgVEhJ
UyBDRVJUSUZJQ0FURSBJUyBTVFJJQ1RMWSBTVUJKRUNUIFRPIFRIRQpWRVJJU0lH
TiBDRVJUSUZJQ0FUSU9OIFBSQUNUSUNFIFNUQVRFTUVOVC4gIFRIRSBJU1NVSU5H
IEFVVEhPUklUWQpESVNDTEFJTVMgQ0VSVEFJTiBJTVBMSUVEIEFORCBFWFBSRVNT
IFdBUlJBTlRJRVMsIElOQ0xVRElORyBXQVJSQU5USUVTCk9GIE1FUkNIQU5UQUJJ
TElUWSBPUiBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSwgQU5EIFdJ
TEwgTk9UCkJFIExJQUJMRSBGT1IgQ09OU0VRVUVOVElBTCwgUFVOSVRJVkUsIEFO
RCBDRVJUQUlOIE9USEVSIERBTUFHRVMuIFNFRQpUSEUgQ1BTIEZPUiBERVRBSUxT
LgoKQ29udGVudHMgb2YgdGhlIE1pY3Jvc29mdCByZWdpc3RlcmVkIG5vbnZlcmlm
aWVkU3ViamVjdEF0dHJpYnV0ZXMKZXh0ZW5zaW9uIHZhbHVlIHNoYWxsIG5vdCBi
ZSBjb25zaWRlcmVkIGFzIGFjY3VyYXRlIGluZm9ybWF0aW9uCnZhbGlkYXRlZCBi
eSB0aGUgSUEuCqM2gDRodHRwczovL3d3dy5taWNyb3NvZnQuY29tL3JlcG9zaXRv
cnkvbXNjcHNsb2dvLmdpZjANBgkqhkiG9w0BAQQFAAOCAQEAJKvt93JERJhx9tG5
tWng7xywTASYD79MqXRHsIShSOKBs+rhyVOSUxHIRbqIdmjN3L7zoGWAdteTA2mN
x7x6rol83xIQCqYpptTlm1WryuxL2cEoN9DWcThtXnX9ZqsqwLkkb55CMw9xtG6m
97ojGnTtzbGuCjKoXCYW+jF2I+inJIDx3kW1Qr3xWAiP4vJwhi4TgyTeUIiIwCMy
WXT6el9z12O9WJ3AaLBTIXFQRbgnzzzlZPt8E4vBAT6Q2UP3PswZFrO2Fo8nevlG
7Yra58WRwsgqCCFauHqITqYqpfftIAEUSFbfV31vv5V1GCkXGYSjE2FUgsNVWD2D
o5B1qjGCA4YwggOCAgEBMIGHMIGAMRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYK
CZImiZPyLGQBGRYJbWljcm9zb2Z0MRgwFgYKCZImiZPyLGQBGRYIZXh0cmFuZXQx
GDAWBgoJkiaJk/IsZAEZFghwYXJ0bmVyczEaMBgGA1UEAxMRTWljcm9zb2Z0IExT
UkEgUEECAht+MAkGBSsOAwIaBQCgUjAQBgorBgEEAYI3AgEMMQIwADAZBgkqhkiG
9w0BCQMxDAYKKwYBBAGCNwIBBDAjBgkqhkiG9w0BCQQxFgQUl8nsFRhMh1lHQo9Q
XZFCxw803eIwDQYJKoZIhvcNAQEBBQAEggEAXHQxG03WAoQQvSKeQu//bm8JL6H0
AI348FwrZbet56zqYbW7UeGMIkiDcDxp6PZr3BoVCXzpyXUZHV5QYbFSHZBmMMj2
xvDxhB2E8auLnuauVur4UxD81nUgp6bW0FhxcN3Chtvg5cQOTtXCHUZr6fDlIbid
ECFOodGsblZqMHeRXbjJi7X1TONH6bezxolzyCPNYC+v60+KC0qTAUg294SY5B9r
FaCIoKmtle+on5rvsMz2IDGPyijhntruHEa+cLNHnP6HeVkJ/QfkaxRyjPP/DVtw
GnZ4rv5ZLGqcIr3w2nBo/6SGEupZ0p3gFTYsk2qWsfE+xHIHh/+3xF7TfKGCAX8w
ggF7BgkqhkiG9w0BCQYxggFsMIIBaAIBATBnMFMxCzAJBgNVBAYTAlVTMRcwFQYD
VQQKEw5WZXJpU2lnbiwgSW5jLjErMCkGA1UEAxMiVmVyaVNpZ24gVGltZSBTdGFt
cGluZyBTZXJ2aWNlcyBDQQIQOCXX+vhhr570kOcmtdZa1TAJBgUrDgMCGgUAoF0w
GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTAxMjI4
MTM1NDQwWjAjBgkqhkiG9w0BCQQxFgQUz6NFOPrHcGUP4YEVWOToR6L38PMwDQYJ
KoZIhvcNAQEBBQAEgYBxoDDm/XapCksAxjbN+Oai7lHvYo5KZzkrsacgKSnGmsAc
xX/Qs6lUtzMQUETiFuPuiUO3/e23BOSh3UoBQtrYo1W4XTcOSESNDr5RPTa1HCuM
L6fQYarAC7e3rMf2qp1U5y+aSz9nQXOwHMHBSllM4tQ7OIjw1+DIJGfvF6anDwAA

I’ve worked on a couple of new tools to analyze the digital signature found in PE files. In this post, I’m sharing some invalid signatures I found on my machines.

This signature is invalid because the certificate expired:

Normally, the fact that it expired shouldn’t cause the signature to become invalid, but here it does because the author forgot to countersign the signature with a timestamping service:

I also found several files where the root certificate used in the signatures uses a signature algorithm based on the MD2 hash:

And last a signature with a revoked certificate:

Remember Realtek Semiconductor? Their private key was compromised and used to sign Stuxnet components.

You probably know by now that Adobe will revoke a compromised code signing certificate in a couple of days. As we seem to have more code signing related security incidents recently, I started to develop a couple of new tools.

AnalyzePESig is a tool to check signatures in PE files, just like Sysinternals’ sigcheck. But with a couple of differences.

First, when a signature is not valid, AnalyzePESig will tell you why and still display information about the invalid signature and related certificates. Second, AnalyzePESig displays more information and third, it is open source.

Here is how you use AnalyzePESig to look for executables signed with that Adobe certificate that will soon be revoked:

analyzepesig -e -v -s -o windows.csv c:\windows

This will produce a CSV list of all executables found in the c:\windows directory.

Filter this list for lines including string fdf01dd3f37c66ac4c779d92623c77814a07fe4c (this is the fingerprint of the compromised certificate):

As you can see, I’ve Flash components signed with this compromised certificate. Now, this does not mean that these executables are compromised. To get a better idea, I can use my virustotal-search tool to search VirusTotal.

And here is another example, JP2KLib.dll, a DLL of Adobe Reader X:

AnalyzePESig_V0_0_0_1.zip (https)
MD5: 4BE29E4A5DE470C6040241FD069010C4
SHA256: FB83C6491690402273D42A3335777E77EA29328F5FE8503FF6F5EF62833D1FBC

I added several new fields to the output produce by my new tool AnalyzePESig:

• countCatalogs
• catalogFilename
• signatureTimestamp
• creationtime
• lastwritetime
• lastaccesstime
• dwFileAttributes
• uiCharacteristics
• extensions
• issuer unique id
• sections
• subject unique id
• notBeforeChain
• notAfterChain

AnalyzePESig_V0_0_0_2.zip (https)
MD5: 738F97F76921FA2220368B3F4190F534
SHA256: E0D43E04AFD242307E3E6B675A650952D2605F45FE55F0B883ACF5B22BA32A01

This is an update to my post Howto: Add a Digital Signature to a PDF File, but this time I found free software.

Again we use our certificate which we install (open the .p12 file). Install the free JSignPdf software.

Select the PDF file to sign and select an output file (if you don’t want to overwrite your original):

Push Sign It:

And then you can check the signature with Adobe Reader:

If you get the following error, make sure you change your PDF version from %PDF-1.1 to %PDF-1.4:

Choosen configuration requires PDF version update, but it’s not possible in the “append” signature mode.

Here is a variant to my “Howto: Make Your Own Cert With OpenSSL” method. This time, I needed a signing cert with a Certificate Revocation List (CRL) extension and an (empty) CRL. I used instructions from this post.

Adding a CRL extension to a certificate is not difficult, you just need to include a configuration file with one line. But creating a CRL file requires more steps, that’s why I needed this howto. The start of this howto is the same as my previous howto.

First we generate a 4096-bit long RSA key for our root CA and store it in file ca.key:

openssl genrsa -out ca.key 4096

Generating RSA private key, 4096 bit long modulus
...................................................................................++
........................................................................++
e is 65537 (0x10001)

If you want to password-protect this key, add option -des3.

Next, we create our self-signed root CA certificate ca.crt; you’ll need to provide an identity for your root CA:

openssl req -new -x509 -days 1826 -key ca.key -out ca.crt

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:BE
State or Province Name (full name) []:Brussels
Locality Name (eg, city) [Default City]:Brussels
Organization Name (eg, company) [Default Company Ltd]:Didier Stevens
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:Didier Stevens CA
Email Address []:

The -x509 option is used for a self-signed certificate. 1826 days gives us a cert valid for 5 years.

Next step: create our subordinate CA that will be used for the actual signing. First, generate the key:

openssl genrsa -out ia.key 4096

Generating RSA private key, 4096 bit long modulus
.....++
.............................................................................++
e is 65537 (0x10001)

Then, request a certificate for this subordinate CA:

openssl req -new -key ia.key -out ia.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:BE
State or Province Name (full name) []:Brussels
Locality Name (eg, city) [Default City]:Brussels
Organization Name (eg, company) [Default Company Ltd]:Didier Stevens
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:Didier Stevens IA
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Make sure the Common Name is different for both certs, otherwise you’ll get an error. Now, before we process the request for the subordinate CA certificate and get it signed by the root CA, we need to create a couple of files (this step is done with Linux; to create empty file certindex on Windows, you could use Notepad in stead of touch).

touch certindex
echo 01 > certserial
echo 01 > crlnumber

And also create this configuration file (ca.conf):

# Mainly copied from:
# http://swearingscience.com/2009/01/18/openssl-self-signed-ca/

[ ca ]
default_ca = myca

[ crl_ext ]
# issuerAltName=issuer:copy  #this would copy the issuer name to altname
authorityKeyIdentifier=keyid:always

 [ myca ]
 dir = ./
 new_certs_dir = $dir
 unique_subject = no
 certificate = $dir/ca.crt
 database = $dir/certindex
 private_key = $dir/ca.key
 serial = $dir/certserial
 default_days = 730
 default_md = sha1
 policy = myca_policy
 x509_extensions = myca_extensions
 crlnumber = $dir/crlnumber
 default_crl_days = 730

 [ myca_policy ]
 commonName = supplied
 stateOrProvinceName = supplied
 countryName = optional
 emailAddress = optional
 organizationName = supplied
 organizationalUnitName = optional

 [ myca_extensions ]
 basicConstraints = CA:false
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always
 keyUsage = digitalSignature,keyEncipherment
 extendedKeyUsage = serverAuth
 crlDistributionPoints = URI:http://example.com/root.crl
 subjectAltName  = @alt_names

 [alt_names]
 DNS.1 = example.com
 DNS.2 = *.example.com

Notice the crlDistributionPoints and DNS. entries pointing to domain example.com. You should change them to your domain.

Now you can sign the request:

openssl ca -batch -config ca.conf -notext -in ia.csr -out ia.crt

Using configuration from ca.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName          : PRINTABLE:'BE'
stateOrProvinceName   :ASN.1 12:'Brussels'
localityName          :ASN.1 12:'Brussels'
organizationName      :ASN.1 12:'Didier Stevens'
commonName            :ASN.1 12:'Didier Stevens IA'
Certificate is to be certified until May  3 21:13:02 2015 GMT (730 days)

Write out database with 1 new entries
Data Base Updated

To use this subordinate CA key for Authenticode signatures with Microsoft’s signtool, you’ll have to package the keys and certs in a PKCS12 file:

openssl pkcs12 -export -out ia.p12 -inkey ia.key -in ia.crt -chain -CAfile ca.crt

Enter Export Password:
Verifying - Enter Export Password:

Finally, you can generate the empty CRL file:
openssl ca -config ca.conf -gencrl -keyfile ca.key -cert ca.crt -out root.crl.pem
openssl crl -inform PEM -in root.crl.pem -outform DER -out root.crl
rm root.crl.pem

rm is a Linux command, use del on a Windows machine.

The last step is to host this root.crl file on the webserver pointed to in the CRL extension (http://example.com/root.crl in this example).

If you need to revoke the intermediate certificate, use this command:

openssl ca -config ca.conf -revoke ia.crt -keyfile ca.key -cert ca.crt

And then regenerate the CRL file like explained above.

There’s something that I wanted to test out for quite some time, but kept postponing until recently. Adobe Reader will ask confirmation before it retrieves a URL when a PDF document contains an action to do so. But what about the Certificate Revocation List in a signed PDF document?

When you open a signed PDF document with Adobe Reader, the signature gets checked automatically. If the signature is not OK, for example because it doesn’t chain up to a trusted root CA, revocations checks are not performed. In other words, the CRL is not downloaded:

But when I change the settings so that my root CA is trusted, the signature is considered valid and the CRL is retrieved. No warning is given to the user, it happens automatically and silently. Here is the log entry on my server:

192.168.1.1 – - [26/Apr/2013:11:33:35 -0400] “GET /root.crl HTTP/1.1″ 200 709 “-” “PPKHandler”

PPKHandler is the User Agent String.

The CRL file can’t be an empty file, and must be signed by the root CA, otherwise the signature is considered invalid.

So when you open a signed PDF document with Adobe Reader, the signature is automatically checked and the CRL is silently downloaded. This is done with a request to the webserver of the commercial CA which issued the certificate (crl.adobe.com, crl.geotrust.com, …). You can change automatic checking with Preferences / Signatures / Verification.

A quick check with Foxit Reader reveals it doesn’t check the signature automatically.

A signed PDF file is just like all signed files with embedded signatures: the signature itself is excluded from the hash calculation.

Open a signed PDF document in a hex editor and search for string /ByteRange. You’ll find something like this:

36 0 obj
<</ByteRange[0 227012 248956 23362 ]            /Contents<308226e106092a864886f7

This indicates which byte sequences  are used for the hash calculation (position and length of each sequence). So in this example, byte sequence 227013-248955 is excluded, because it contains the signature in hex format padded with 0×00 bytes. This padding is not part of the DER signature, you can change it without changing or invalidating the signature.

Quickpost info

Soon I’ll release new versions of my Authenticode Tools.

Detecting extra data in the signature field is one of the new features. For example, it will analyze the size specified in the optional header data directory for security, the size specified in the WIN_CERTIFICATE structure and the size specified in the PKCS7 signature itself. These should be the same, taking into account some zero-byte padding.

In case you didn’t know: extra data can be added in the data directory that contains the signature, without invalidating the signature. My Disitool can do this.

With this new version of AnalyzePESig, I found some setup programs that contain extra data after the signature; data that seems to contain installation options for the installer. For example, the Google Chrome installer has this:

As you can see, the size specified in the optional header data directory for security and the size specified in the WIN_CERTIFICATE structure are both 6272 bytes, but the size of the PKCS7 signature is 6079. So that leaves 181 extra bytes. You can see them here:

And I found some other installers with extra data (config data or license information) in the signature directory: GotoMyPc, PowerGrep, RegexBuddy.

In 2009 I added a command to my Disitool to inject data “into” an Authenticode signature without invalidating it.

This year I reported on some installer programs using this padding trick.

With MS13-098, Microsoft releases a patch to prevent this signature padding trick. This change in behavior will become active June 10th 2014.

But you can already activate it now by setting reg_sz key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck to “1″.

Here is the effect illustrated with my AnalyzePESig tool:

But beware of a potential issue with this regkey. Setting it to “0″ will not revert to the old behavior (tested in VM with Windows XP SP3).

I had to deleted the key (actually, I renamed it) and reboot to revert to the old behavior. I informed Microsoft.

I produced a new video: a simple howto for users who don’t know how to use Windows explorer’s properties dialog to check a digital signature.

Later in the video, it gets a bit more technical by using tools (AnalyzePESig and sigcheck) to check signatures.

I found this executable A0000623.sys with 6 detections on VirusTotal. Are these false positives or true positives?

The file was found in the _restore system folder. It looks like it is a Windows system file (tcp.sys), but maybe it is infected. It has no digital signature.

With the help of Google, I was able to trace it back to MS05-019: WindowsXP-KB893066-x86-ENU.exe. But unfortunately, WindowsXP-KB893066-x86-ENU.exe can no longer be downloaded from Microsoft’s site, as they published a new release for this patch: WindowsXP-KB893066-v2-x86-ENU.exe.

Fortunately, I found another file in this _restore folder: A0000615.cat. This is a catalog file that Microsoft uses to sign Windows executables. With Sysinternals’ sigcheck tool and this catalog file, I was able to confirm that this is a signed Windows executable and conclude that the detections are false positives.

I will release a new version of my AnalyzePESig tool that accepts an optional catalog file.

Looks I hadn’t blogged this video:

There are reports of anti-virus false positive detections of Bitcoin files. More precisely for the old Stoned computer virus.

I found the smoking gun! These reports should not be dismissed as hoaxes.

I’ve identified 2 Bitcoin transactions that contain byte sequences found in the Stoned computer virus. Here they are:

• f09904aaa4fa4a8ec7da06f5e3d318a9b6a218e1a215f9307416fbbadf5a1c8e
• fcf5cf9893a142897598edfc753bd6162e3638e138fc2feaf4a3477c0cfb65eb

Both transactions appear in blocks dated 2014-04-04.

The first transaction has byte sequences of the Stoned computer virus in the address of transaction outputs 1, 2, 3 and 4:

Txout 1:
 value: 1
 txOutScriptLength: 25
 txOutScript: 'OP_DUP OP_HASH160 0700ba8000cd13eb4990b90300ba000100000000 OP_EQUALVERIFY OP_CHECKSIG'
 Stoned virus byte sequence:     0700ba8000cd13eb4990b90300ba0001
Txout 2:
 value: 1
 txOutScriptLength: 25
 txOutScript: 'OP_DUP OP_HASH160 b8010333dbb10133d29c00000000000000000000 OP_EQUALVERIFY OP_CHECKSIG'
 Stoned virus byte sequence:     b8010333dbb10133d29c
Txout 3:
 value: 1
 txOutScriptLength: 25
 txOutScript: 'OP_DUP OP_HASH160 750e33c08ed8a03f04a8017503e8070000000000 OP_EQUALVERIFY OP_CHECKSIG'
 Stoned virus byte sequence:     750e33c08ed8a03f04a8017503e80700
Txout 4:
 value: 1
 txOutScriptLength: 25
 txOutScript: 'OP_DUP OP_HASH160 b8010333dbb10133d29c00000000000000000000 OP_EQUALVERIFY OP_CHECKSIG'
 Stoned virus byte sequence:     b8010333dbb10133d29c

I’ve submitted this transaction to VirusTotal: 16 detections. I also submitted the block containing this transaction: 5 detections.

The second transaction has a byte sequence of the Stoned computer virus in the address of transaction output 43:

Txout 43:
 value: 10
 txOutScriptLength: 25
 txOutScript: 'OP_DUP OP_HASH160 0400b801020e07bb000233c98bd1419c00000000 OP_EQUALVERIFY OP_CHECKSIG'
 Stoned virus byte sequence:     0400b801020e07bb000233c98bd1419c

I’ve submitted this transaction to VirusTotal: 14 detections. I also submitted the block containing this transaction: 4 detections.

This is a likely explanation why there were “Stoned Virus” anti-virus alerts for Bitcoin blockchain files reported in the news.

Stuffing messages in the address of the output(s) of a transaction is a well known method to insert messages in the Bitcoin blockchain. The drawback is that the Bitcoins send to these addresses are irrevocably lost, because these addresses have no (known) private key. That is why only very small amounts will be transferred (1 and 10 Satoshis in these transactions). The message is limited to 20 bytes (the size of the raw address used in the output).

But I believe that all output addresses in these transactions (except for the last output) are byte sequences found in malware.

When I run ClamAV’s sigtool on these transactions (with a recent database), a lot of signatures are found:

VIRUS NAME: Gen.600;MATCH: ** YES ** (1 match at offset: 1321)
VIRUS NAME: Gen.696;MATCH: ** YES ** (1 match at offset: 1356)
VIRUS NAME: Gen.801;MATCH: ** YES ** (1 match at offset: 1798)
VIRUS NAME: Stoned.1;MATCH: ** YES ** (1 match at offset: 200)
VIRUS NAME: Stoned.2;MATCH: ** YES ** (1 match at offset: 266)
VIRUS NAME: Syslock.1;MATCH: ** YES ** (1 match at offset: 369)
VIRUS NAME: Syslock.2;MATCH: ** YES ** (2 matches at offsets: 404 368)
VIRUS NAME: Ten-Bytes;MATCH: ** YES ** (1 match at offset: 606)
VIRUS NAME: Terminator.1;MATCH: ** YES ** (1 match at offset: 642)
VIRUS NAME: Terror.1;MATCH: ** YES ** (1 match at offset: 675)
VIRUS NAME: Terror.2;MATCH: ** YES ** (1 match at offset: 709)
VIRUS NAME: Terror.4;MATCH: ** YES ** (1 match at offset: 744)
VIRUS NAME: Terror;MATCH: ** YES ** (1 match at offset: 810)
VIRUS NAME: Tiny-163.A;MATCH: ** YES ** (1 match at offset: 845)
VIRUS NAME: Tiny-163.C;MATCH: ** YES ** (1 match at offset: 879)
VIRUS NAME: Tiny-A;MATCH: ** YES ** (1 match at offset: 912)
VIRUS NAME: Tori-1;MATCH: ** YES ** (1 match at offset: 1014)
VIRUS NAME: Tree;MATCH: ** YES ** (1 match at offset: 1050)
VIRUS NAME: TUQ.RPVS;MATCH: ** YES ** (1 match at offset: 538)
VIRUS NAME: USSR-1049.A;MATCH: ** YES ** (1 match at offset: 1083)
VIRUS NAME: USSR-2144.B;MATCH: ** YES ** (1 match at offset: 1117)
VIRUS NAME: USSR-3103;MATCH: ** YES ** (1 match at offset: 1152)
VIRUS NAME: USSR-311.B;MATCH: ** YES ** (1 match at offset: 1184)
VIRUS NAME: USSR-311.D;MATCH: ** YES ** (1 match at offset: 1219)
VIRUS NAME: USSR-311.E;MATCH: ** YES ** (1 match at offset: 1252)
VIRUS NAME: USSR-516.B;MATCH: ** YES ** (1 match at offset: 1287)
VIRUS NAME: USSR-601;MATCH: ** YES ** (1 match at offset: 1320)
VIRUS NAME: USSR-707.B;MATCH: ** YES ** (1 match at offset: 1390)
VIRUS NAME: USSR-707.C;MATCH: ** YES ** (1 match at offset: 1422)
VIRUS NAME: USSR-711.C;MATCH: ** YES ** (1 match at offset: 1458)
VIRUS NAME: USSR-830;MATCH: ** YES ** (1 match at offset: 1490)
VIRUS NAME: USSR-948.B;MATCH: ** YES ** (1 match at offset: 1525)
VIRUS NAME: V1244;MATCH: ** YES ** (1 match at offset: 1661)
VIRUS NAME: V191;MATCH: ** YES ** (1 match at offset: 1697)
VIRUS NAME: V-1L;MATCH: ** YES ** (1 match at offset: 1594)
VIRUS NAME: V200.B;MATCH: ** YES ** (1 match at offset: 1729)
VIRUS NAME: Vacsina.2;MATCH: ** YES ** (1 match at offset: 1900)
VIRUS NAME: Vacsina.3;MATCH: ** YES ** (1 match at offset: 1934)
VIRUS NAME: Vacsina.4;MATCH: ** YES ** (1 match at offset: 1966)
VIRUS NAME: VCS (Clam);MATCH: ** YES ** (1 match at offset: 1830)
VIRUS NAME: VHP-361.A;MATCH: ** YES ** (1 match at offset: 1864)
VIRUS NAME: Vienna-1028;MATCH: ** YES ** (1 match at offset: 2172)
VIRUS NAME: Vienna.1;MATCH: ** YES ** (2 matches at offsets: 2068 2034)
VIRUS NAME: Vienna.1-1;MATCH: ** YES ** (1 match at offset: 2068)
VIRUS NAME: Vienna.2;MATCH: ** YES ** (1 match at offset: 2102)
VIRUS NAME: Vienna-62.B;MATCH: ** YES ** (1 match at offset: 2205)
VIRUS NAME: Vienna.7;MATCH: ** YES ** (1 match at offset: 2137)
VIRUS NAME: TinyFamily2;MATCH: ** YES ** (1 match at offset: 946)
VIRUS NAME: TinyFamily3;MATCH: ** YES ** (1 match at offset: 980)

VIRUS NAME: Italian.1;MATCH: ** YES ** (1 match at offset: 231)
VIRUS NAME: Italian-Generic;MATCH: ** YES ** (1 match at offset: 266)
VIRUS NAME: Jerusalem.1;MATCH: ** YES ** (1 match at offset: 301)
VIRUS NAME: Jerusalem-1361;MATCH: ** YES ** (1 match at offset: 469)
VIRUS NAME: Jerusalem.2.Nemesis;MATCH: ** YES ** (2 matches at offsets: 1592 334)
VIRUS NAME: Jerusalem.5;MATCH: ** YES ** (1 match at offset: 368)
VIRUS NAME: Jerusalem.7;MATCH: ** YES ** (1 match at offset: 403)
VIRUS NAME: Jerusalem.9;MATCH: ** YES ** (1 match at offset: 436)
VIRUS NAME: Jerusalem-Family.1;MATCH: ** YES ** (1 match at offset: 504)
VIRUS NAME: Jerusalem-USA;MATCH: ** YES ** (1 match at offset: 572)
VIRUS NAME: Kharkov-1024;MATCH: ** YES ** (1 match at offset: 605)
VIRUS NAME: Label.1;MATCH: ** YES ** (1 match at offset: 674)
VIRUS NAME: Label.2;MATCH: ** YES ** (1 match at offset: 707)
VIRUS NAME: Leech.1;MATCH: ** YES ** (1 match at offset: 741)
VIRUS NAME: Leprosy.1;MATCH: ** YES ** (1 match at offset: 777)
VIRUS NAME: Leprosy.2;MATCH: ** YES ** (1 match at offset: 809)
VIRUS NAME: Leprosy.4;MATCH: ** YES ** (1 match at offset: 843)
VIRUS NAME: Leprosy-A;MATCH: ** YES ** (1 match at offset: 879)
VIRUS NAME: LOL;MATCH: ** YES ** (1 match at offset: 641)
VIRUS NAME: Lozinsky.2;MATCH: ** YES ** (1 match at offset: 913)
VIRUS NAME: Macho;MATCH: ** YES ** (1 match at offset: 1015)
VIRUS NAME: Minnow;MATCH: ** YES ** (1 match at offset: 1081)
VIRUS NAME: Mirror.1;MATCH: ** YES ** (1 match at offset: 1117)
VIRUS NAME: Mis-Speller;MATCH: ** YES ** (1 match at offset: 1149)
VIRUS NAME: MIX1;MATCH: ** YES ** (1 match at offset: 1217)
VIRUS NAME: MIX1-B;MATCH: ** YES ** (1 match at offset: 1251)
VIRUS NAME: Mixer-1A;MATCH: ** YES ** (1 match at offset: 1319)
VIRUS NAME: Mixer-1B;MATCH: ** YES ** (1 match at offset: 1354)
VIRUS NAME: Mix-I;MATCH: ** YES ** (1 match at offset: 1286)
VIRUS NAME: MLTI.1;MATCH: ** YES ** (1 match at offset: 945)
VIRUS NAME: MLTI.2;MATCH: ** YES ** (1 match at offset: 981)
VIRUS NAME: Mummy;MATCH: ** YES ** (1 match at offset: 1422)
VIRUS NAME: New-COM.1;MATCH: ** YES ** (1 match at offset: 1659)
VIRUS NAME: Nomenclatura.2;MATCH: ** YES ** (1 match at offset: 1693)
VIRUS NAME: Nothing;MATCH: ** YES ** (1 match at offset: 1729)
VIRUS NAME: NPox-1;MATCH: ** YES ** (1 match at offset: 1491)
VIRUS NAME: NV-71;MATCH: ** YES ** (1 match at offset: 1525)
VIRUS NAME: Ontario.3;MATCH: ** YES ** (1 match at offset: 1932)
VIRUS NAME: Orion-263;MATCH: ** YES ** (1 match at offset: 1966)
VIRUS NAME: Oropax.1;MATCH: ** YES ** (1 match at offset: 2001)
VIRUS NAME: Oropax.2;MATCH: ** YES ** (1 match at offset: 2035)
VIRUS NAME: OV;MATCH: ** YES ** (1 match at offset: 1762)
VIRUS NAME: PC-Bandit;MATCH: ** YES ** (1 match at offset: 2067)
VIRUS NAME: PRSC1024;MATCH: ** YES ** (1 match at offset: 2203)
VIRUS NAME: Boot.OneHalf;MATCH: ** YES ** (1 match at offset: 1898)
VIRUS NAME: Jerusalem-PuertoExe;MATCH: ** YES ** (1 match at offset: 537)
VIRUS NAME: Mistake.TypoBoot;MATCH: ** YES ** (1 match at offset: 1183)
VIRUS NAME: MtE.mem.2-staticsig;MATCH: ** YES ** (1 match at offset: 1387)
VIRUS NAME: MutationEng-NE;MATCH: ** YES ** (1 match at offset: 1455)
VIRUS NAME: OldYankee.1;MATCH: ** YES ** (1 match at offset: 1796)
VIRUS NAME: OldYankee.2;MATCH: ** YES ** (1 match at offset: 1829)
VIRUS NAME: OldYankee.3;MATCH: ** YES ** (1 match at offset: 1863)
VIRUS NAME: Stoned-B;MATCH: ** YES ** (1 match at offset: 1625)
VIRUS NAME: Nado.Lover.602-1;MATCH: ** YES ** (1 match at offset: 1557)

My conclusion: these transactions are a deliberate attempt to generate as much false positive anti-virus detections as possible on systems that store Bitcoin transactions on disk. Virus signatures were stuffed in the address of the outputs of these transactions.

And I don’t think the attempt was limited to these 2 transactions. Around the same time, I find other transactions were the output addresses also ends with null bytes:

Hash: edb83f04e68bfe78bbfe7ce80d33e85acb9335c96ead5712517b8c70d1f27b38
Hash: 7e49504c7cecea7ea95d78ff14687878ba581a21dc0772805d2925c617514129
Hash: f65895220f04aa0084d9abae938d3f517893e3afbffe25fc9e7073e02331b9ed
Hash: 8a445d12f225a21d36bb78da747efd2e74861fcd033757da572c0434d423acd1
Hash: 2814673f0952b936d578d73197bfd371cefbd73c6294bab16de1575a4c3f6e80
Hash: 5dbb9df056c36457228a841d6cc98ac90967bc88411c95372d3c2d92c18060f8

You can also look at the input addresses of these transactions to find other, similar transactions:

• 1H3qw6VpAxXVY4xaKrY6HKYuzADzLJHCVG
• 18BmFvR78YM6oydY5xUJK7r4WHPZpRvtMG

I plan to discuss the methods and tools I used to find and analyze these transactions in an upcoming blog post.