draft-ietf-anima-bootstrapping-keyinfra-20.txt   draft-ietf-anima-bootstrapping-keyinfra-21.txt 
ANIMA WG M. Pritikin ANIMA WG M. Pritikin
Internet-Draft Cisco Internet-Draft Cisco
Intended status: Standards Track M. Richardson Intended status: Standards Track M. Richardson
Expires: November 12, 2019 Sandelman Expires: December 15, 2019 Sandelman
M. Behringer M. Behringer
S. Bjarnason S. Bjarnason
Arbor Networks Arbor Networks
K. Watsen K. Watsen
Juniper Networks Watsen Networks
May 11, 2019 June 13, 2019
Bootstrapping Remote Secure Key Infrastructures (BRSKI) Bootstrapping Remote Secure Key Infrastructures (BRSKI)
draft-ietf-anima-bootstrapping-keyinfra-20 draft-ietf-anima-bootstrapping-keyinfra-21
Abstract Abstract
This document specifies automated bootstrapping of an Autonomic This document specifies automated bootstrapping of an Autonomic
Control Plane. To do this a remote secure key infrastructure (BRSKI) Control Plane. To do this a remote secure key infrastructure (BRSKI)
is created using manufacturer installed X.509 certificate, in is created using manufacturer installed X.509 certificate, in
combination with a manufacturer's authorizing service, both online combination with a manufacturer's authorizing service, both online
and offline. Bootstrapping a new device can occur using a routable and offline. Bootstrapping a new device can occur using a routable
address and a cloud service, or using only link-local connectivity, address and a cloud service, or using only link-local connectivity,
or on limited/disconnected networks. Support for lower security or on limited/disconnected networks. Support for lower security
skipping to change at page 1, line 49 skipping to change at page 1, line 49
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 12, 2019. This Internet-Draft will expire on December 15, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 35 skipping to change at page 4, line 35
Appendix B. mDNS / DNSSD proxy discovery options . . . . . . . . 76 Appendix B. mDNS / DNSSD proxy discovery options . . . . . . . . 76
Appendix C. MUD Extension . . . . . . . . . . . . . . . . . . . 77 Appendix C. MUD Extension . . . . . . . . . . . . . . . . . . . 77
Appendix D. Example Vouchers . . . . . . . . . . . . . . . . . . 79 Appendix D. Example Vouchers . . . . . . . . . . . . . . . . . . 79
D.1. Keys involved . . . . . . . . . . . . . . . . . . . . . . 79 D.1. Keys involved . . . . . . . . . . . . . . . . . . . . . . 79
D.1.1. MASA key pair for voucher signatures . . . . . . . . 79 D.1.1. MASA key pair for voucher signatures . . . . . . . . 79
D.1.2. Manufacturer key pair for IDevID signatures . . . . . 79 D.1.2. Manufacturer key pair for IDevID signatures . . . . . 79
D.1.3. Registrar key pair . . . . . . . . . . . . . . . . . 80 D.1.3. Registrar key pair . . . . . . . . . . . . . . . . . 80
D.1.4. Pledge key pair . . . . . . . . . . . . . . . . . . . 82 D.1.4. Pledge key pair . . . . . . . . . . . . . . . . . . . 82
D.2. Example process . . . . . . . . . . . . . . . . . . . . . 83 D.2. Example process . . . . . . . . . . . . . . . . . . . . . 83
D.2.1. Pledge to Registrar . . . . . . . . . . . . . . . . . 83 D.2.1. Pledge to Registrar . . . . . . . . . . . . . . . . . 83
D.2.2. Registrar to MASA . . . . . . . . . . . . . . . . . . 89 D.2.2. Registrar to MASA . . . . . . . . . . . . . . . . . . 87
D.2.3. MASA to Registrar . . . . . . . . . . . . . . . . . . 95 D.2.3. MASA to Registrar . . . . . . . . . . . . . . . . . . 92
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 100 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 96
1. Introduction 1. Introduction
BRSKI provides a solution for secure zero-touch (automated) bootstrap BRSKI provides a solution for secure zero-touch (automated) bootstrap
of new (unconfigured) devices that are called pledges in this of new (unconfigured) devices that are called pledges in this
document. document.
This document primarily provides for the needs of the ISP and This document primarily provides for the needs of the ISP and
Enterprise focused ANIMA Autonomic Control Plane (ACP) Enterprise focused ANIMA Autonomic Control Plane (ACP)
[I-D.ietf-anima-autonomic-control-plane]. Other users of the BRSKI [I-D.ietf-anima-autonomic-control-plane]. Other users of the BRSKI
skipping to change at page 13, line 25 skipping to change at page 13, line 25
V | MASA V | MASA
+-------+ ............................................|... +-------+ ............................................|...
| | . | . | | . | .
| | . +------------+ +-----------+ | . | | . +------------+ +-----------+ | .
| | . | | | | | . | | . | | | | | .
|Pledge | . | Join | | Domain <-------+ . |Pledge | . | Join | | Domain <-------+ .
| | . | Proxy | | Registrar | . | | . | Proxy | | Registrar | .
| <-------->............<-------> (PKI RA) | . | <-------->............<-------> (PKI RA) | .
| | | BRSKI-EST | | . | | | BRSKI-EST | | .
| | . | | +-----+-----+ . | | . | | +-----+-----+ .
|IDevID | . +------------+ | EST RFC7030 . |IDevID | . +------------+ | e.g. RFC7030 .
| | . +-----------------+----------+ . | | . +-----------------+----------+ .
| | . | Key Infrastructure | . | | . | Key Infrastructure | .
| | . | (e.g., PKI Certificate | . | | . | (e.g., PKI Certificate | .
+-------+ . | Authority) | . +-------+ . | Authority) | .
. +----------------------------+ . . +----------------------------+ .
. . . .
................................................ ................................................
"Domain" components "Domain" components
Figure 1 Figure 1
skipping to change at page 25, line 8 skipping to change at page 25, line 8
The following tree diagram illustrates a high-level view of a The following tree diagram illustrates a high-level view of a
voucher-request document. The voucher-request builds upon the voucher-request document. The voucher-request builds upon the
voucher artifact described in [RFC8366]. The tree diagram is voucher artifact described in [RFC8366]. The tree diagram is
described in [RFC8340]. Each node in the diagram is fully described described in [RFC8340]. Each node in the diagram is fully described
by the YANG module in Section 3.4. Please review the YANG module for by the YANG module in Section 3.4. Please review the YANG module for
a detailed description of the voucher-request format. a detailed description of the voucher-request format.
module: ietf-voucher-request module: ietf-voucher-request
grouping voucher-request-grouping grouping voucher-request-grouping
+---- voucher +-- voucher
+---- created-on? yang:date-and-time +-- created-on? yang:date-and-time
+---- expires-on? yang:date-and-time +-- expires-on? yang:date-and-time
+---- assertion? enumeration +-- assertion? enumeration
+---- serial-number string +-- serial-number string
+---- idevid-issuer? binary +-- idevid-issuer? binary
+---- pinned-domain-cert? binary +-- pinned-domain-cert? binary
+---- domain-cert-revocation-checks? boolean +-- domain-cert-revocation-checks? boolean
+---- nonce? binary +-- nonce? binary
+---- last-renewal-date? yang:date-and-time +-- last-renewal-date? yang:date-and-time
+---- prior-signed-voucher-request? binary +-- prior-signed-voucher-request? binary
+---- proximity-registrar-cert? binary +-- proximity-registrar-cert? binary
3.3. Examples 3.3. Examples
This section provides voucher-request examples for illustration This section provides voucher-request examples for illustration
purposes. For detailed examples, see Appendix D.2. These examples purposes. For detailed examples, see Appendix D.2. These examples
conform to the encoding rules defined in [RFC7951]. conform to the encoding rules defined in [RFC7951].
Example (1) The following example illustrates a pledge voucher- Example (1) The following example illustrates a pledge voucher-
request. The assertion leaf is indicated as 'proximity' request. The assertion leaf is indicated as 'proximity'
and the registrar's TLS server certificate is included and the registrar's TLS server certificate is included
skipping to change at page 68, line 42 skipping to change at page 68, line 42
the scope of BRSKI. There are a number of mechanisms that can the scope of BRSKI. There are a number of mechanisms that can
adopted including: adopted including:
o Manually configuring each manufacturer's trust anchor. o Manually configuring each manufacturer's trust anchor.
o A Trust-On-First-Use (TOFU) mechanism. A human would be queried o A Trust-On-First-Use (TOFU) mechanism. A human would be queried
upon seeing a manufacturer's trust anchor for the first time, and upon seeing a manufacturer's trust anchor for the first time, and
then the trust anchor would be installed to the trusted store. then the trust anchor would be installed to the trusted store.
There are risks with this; even if the key to name is validated There are risks with this; even if the key to name is validated
using something like the WebPKI, there remains the possibility using something like the WebPKI, there remains the possibility
that the name is a look alike: e.g, c1sco.com, .. that the name is a look alike: e.g, dem0.example. vs demO.example.
o scanning the trust anchor from a QR code that came with the o scanning the trust anchor from a QR code that came with the
packaging (this is really a manual TOFU mechanism) packaging (this is really a manual TOFU mechanism)
o some sales integration process where trust anchors are provided as o some sales integration process where trust anchors are provided as
part of the sales process, probably included in a digital packing part of the sales process, probably included in a digital packing
"slip", or a sales invoice. "slip", or a sales invoice.
o consortium membership, where all manufacturers of a particular o consortium membership, where all manufacturers of a particular
device category (e.g, a light bulb, or a cable-modem) are signed device category (e.g, a light bulb, or a cable-modem) are signed
skipping to change at page 73, line 18 skipping to change at page 73, line 18
<https://spec.torproject.org/tor-spec>. <https://spec.torproject.org/tor-spec>.
[docsisroot] [docsisroot]
"CableLabs Digital Certificate Issuance Service", February "CableLabs Digital Certificate Issuance Service", February
2018, <https://www.cablelabs.com/resources/ 2018, <https://www.cablelabs.com/resources/
digital-certificate-issuance-service/>. digital-certificate-issuance-service/>.
[I-D.ietf-ace-coap-est] [I-D.ietf-ace-coap-est]
Stok, P., Kampanakis, P., Richardson, M., and S. Raza, Stok, P., Kampanakis, P., Richardson, M., and S. Raza,
"EST over secure CoAP (EST-coaps)", draft-ietf-ace-coap- "EST over secure CoAP (EST-coaps)", draft-ietf-ace-coap-
est-10 (work in progress), March 2019. est-12 (work in progress), June 2019.
[I-D.ietf-anima-constrained-voucher] [I-D.ietf-anima-constrained-voucher]
Richardson, M., Stok, P., and P. Kampanakis, "Constrained Richardson, M., Stok, P., and P. Kampanakis, "Constrained
Voucher Artifacts for Bootstrapping Protocols", draft- Voucher Artifacts for Bootstrapping Protocols", draft-
ietf-anima-constrained-voucher-03 (work in progress), ietf-anima-constrained-voucher-03 (work in progress),
March 2019. March 2019.
[I-D.ietf-anima-reference-model] [I-D.ietf-anima-reference-model]
Behringer, M., Carpenter, B., Eckert, T., Ciavaglia, L., Behringer, M., Carpenter, B., Eckert, T., Ciavaglia, L.,
and J. Nobre, "A Reference Model for Autonomic and J. Nobre, "A Reference Model for Autonomic
skipping to change at page 84, line 7 skipping to change at page 84, line 7
RFC-EDITOR: these examples will need to be replaced with CMS versions RFC-EDITOR: these examples will need to be replaced with CMS versions
once IANA has assigned the eContentType in [RFC8366]. once IANA has assigned the eContentType in [RFC8366].
D.2.1. Pledge to Registrar D.2.1. Pledge to Registrar
As described in Section 5.2, the pledge will sign a pledge voucher- As described in Section 5.2, the pledge will sign a pledge voucher-
request containing the registrar's public key in the proximity- request containing the registrar's public key in the proximity-
registrar-cert field. The base64 has been wrapped at 60 characters registrar-cert field. The base64 has been wrapped at 60 characters
for presentation reasons. for presentation reasons.
MIIHHAYJKoZIhvcNAQcCoIIHDTCCBwkCAQExDzANBglghkgBZQMEAgEFADCC -----BEGIN CMS-----
Aw4GCSqGSIb3DQEHAaCCAv8EggL7eyJpZXRmLXZvdWNoZXItcmVxdWVzdDp2 MIIGtQYJKoZIhvcNAQcCoIIGpjCCBqICAQExDTALBglghkgBZQMEAgEwggNRBgkq
b3VjaGVyIjp7ImFzc2VydGlvbiI6InByb3hpbWl0eSIsImNyZWF0ZWQtb24i hkiG9w0BBwGgggNCBIIDPnsiaWV0Zi12b3VjaGVyLXJlcXVlc3Q6dm91Y2hlciI6
OiIyMDE3LTA5LTAxIiwic2VyaWFsLW51bWJlciI6IjAwLUQwLUU1LUYyLTAw eyJhc3NlcnRpb24iOiJwcm94aW1pdHkiLCJjcmVhdGVkLW9uIjoiMjAxOS0wNS0x
LTAyIiwibm9uY2UiOiJEc3M5OXNCcjNwTk1PQUNlLUxZWTd3IiwicHJveGlt NVQxNzoyNTo1NS42NDQtMDQ6MDAiLCJzZXJpYWwtbnVtYmVyIjoiMDAtZDAtZTUt
aXR5LXJlZ2lzdHJhci1jZXJ0IjoiTUlJQnJqQ0NBVE9nQXdJQkFnSUJBekFL MDItMDAtMmQiLCJub25jZSI6IlZPVUZULVd3ckV2ME51QVFFSG9WN1EiLCJwcm94
QmdncWhrak9QUVFEQXpCT01SSXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhH aW1pdHktcmVnaXN0cmFyLWNlcnQiOiJNSUlCMFRDQ0FWYWdBd0lCQWdJQkFqQUtC
VEFYQmdvSmtpYUprL0lzWkFFWkZnbHpZVzVrWld4dFlXNHhIVEFiQmdOVkJB Z2dxaGtqT1BRUURBekJ4TVJJd0VBWUtDWkltaVpQeUxHUUJHUllDWTJFeEdUQVhC
TU1GRlZ1YzNSeWRXNW5JRVp2ZFc1MFlXbHVJRU5CTUI0WERURTNNRGt3TlRB Z29Ka2lhSmsvSXNaQUVaRmdsellXNWtaV3h0WVc0eFFEQStCZ05WQkFNTU55TThV
eE1USTBOVm9YRFRFNU1Ea3dOVEF4TVRJME5Wb3dRekVTTUJBR0NnbVNKb21U M2x6ZEdWdFZtRnlhV0ZpYkdVNk1IZ3dNREF3TURBd05HWTVNVEZoTUQ0Z1ZXNXpk
OGl4a0FSa1dBbU5oTVJrd0Z3WUtDWkltaVpQeUxHUUJHUllKYzJGdVpHVnNi SEoxYm1jZ1JtOTFiblJoYVc0Z1EwRXdIaGNOTVRjeE1UQTNNak0wTlRJNFdoY05N
V0Z1TVJJd0VBWURWUVFEREFsc2IyTmhiR2h2YzNRd1dUQVRCZ2NxaGtqT1BR VGt4TVRBM01qTTBOVEk0V2pCRE1SSXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhH
SUJCZ2dxaGtqT1BRTUJCd05DQUFRMVpBN053MHhTTS9RMnUxOTRGelFNa3Ra VEFYQmdvSmtpYUprL0lzWkFFWkZnbHpZVzVrWld4dFlXNHhFakFRQmdOVkJBTU1D
OTR3YUFJVjBpL29WVFBnT0o4elc2TXdGNXorRHBiOC9wdWhPYkpNWjBVNkgv V3h2WTJGc2FHOXpkREJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFC
d2ZBcFI2c3ZsdW1kNHJ5eW93MHdDekFKQmdOVkhSTUVBakFBTUFvR0NDcUdT SlpsVUhJMHVwL2wzZVpmOXZDQmIrbElub0VNRWdjN1JvK1haQ3RqQUkwQ0QxZkpm
TTQ5QkFNREEya0FNR1lDTVFDMy9pVFFKM2V2WVljZ2JYaGJtenJwNjR0M1FD SlIvaEl5eURtSFd5WWlORmJSQ0g5ZnlhcmZremdYNHAwelRpenFqRFRBTE1Ba0dB
NnFqSWVZMmprRHgwNjJudU5pZlZLdHlhYXJhM0YzMEFJa0tTRUNNUURpMjll MVVkRXdRQ01BQXdDZ1lJS29aSXpqMEVBd01EYVFBd1pnSXhBTFFNTnVyZjh0djUw
ZmJUTGJkdERrM3RlY1kvckQ3Vjc3WGFKNm5ZQ21kRENSNTRUclNGTkxneHZ0 bFJPRDVEUVhIRU9KSk5XM1FWMmc5UUVkRFNrMk1ZK0FvU3JCU21HU05qaDRvbEVP
MWx5Rk0rMGZZcFlSYzNvPSJ9faCCAjYwggIyMIIBt6ADAgECAgEMMAoGCCqG aEV1TGdJeEFKNG5XZk53K0JqYlptS2lJaVVFY1R3SE1oR1ZYYU1IWS9GN24zOXd3
SM49BAMCME0xEjAQBgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkARkW S2NCQlNPbmROUHFDcE9FTGw2YnEzQ1pxUT09In19oIICCDCCAgQwggGLoAMCAQIC
CXNhbmRlbG1hbjEcMBoGA1UEAwwTVW5zdHJ1bmcgSGlnaHdheSBDQTAgFw0x BAnttKkwCgYIKoZIzj0EAwIwTTESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZIm
NzEwMTIxMzUyNTJaGA8yOTk5MTIzMTAwMDAwMFowSzESMBAGCgmSJomT8ixk iZPyLGQBGRYJc2FuZGVsbWFuMRwwGgYDVQQDDBNVbnN0cnVuZyBIaWdod2F5IENB
ARkWAmNhMRkwFwYKCZImiZPyLGQBGRYJc2FuZGVsbWFuMRowGAYDVQQDDBEw MCAXDTE5MDQyNDAyMTY1OFoYDzI5OTkxMjMxMDAwMDAwWjAcMRowGAYDVQQFDBEw
MC1EMC1FNS1GMi0wMC0wMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEmn MC1kMC1lNS0wMi0wMC0yZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFov46j6
mLR1TVpSdHa7zAxHCCQ26k1s0zubWfSaP7QolmNw8iogP62s+NNKhu24h2lE USdCYFoIWUYHmZSyrrW11Y5px2/tQGGhBf2EIxNoORWVfCo4kf25BJfpfDOKJyAu
98ZnyFT+chS96rDKhgjwE9ujgYcwgYQwHQYDVR0OBBYEFB0xFmG2EVCbPPoT yh2lyipLmoPUuk+jgYcwgYQwHQYDVR0OBBYEFI/CmHVKBDrydJHDiG4xFsIFnQ2J
thVfOQvtdkMqMAkGA1UdEwQCMAAwKwYDVR0RBCQwIqAgBgkrBgEEAYLuUgGg MAkGA1UdEwQCMAAwKwYDVR0RBCQwIqAgBgkrBgEEAYLuUgGgEwwRMDAtRDAtRTUt
EwwRMDAtRDAtRTUtRjItMDAtMDIwKwYJKwYBBAGC7lICBB4MHGh0dHBzOi8v MDItMDAtMkQwKwYJKwYBBAGC7lICBB4MHG1hc2EuaG9uZXlkdWtlcy5zYW5kZWxt
aGlnaHdheS5zYW5kZWxtYW4uY2EwCgYIKoZIzj0EAwIDaQAwZgIxAOEnU355 YW4uY2EwCgYIKoZIzj0EAwIDZwAwZAIwJrzI5jYI8qQ4XH8pzFd5DLiKUiq2M0Vq
qdbVT97mqgxIa9S9YdHu6JzxwluHu9fLnzScGzxuk2frST/4jO8RR60zMgIx +INz7U8Fw7AHtKIrU04+ELVNW2o4Tn05AjBjDW7FtkONRc/bejw1XbTimmwWwD9U
AKvW7G91h4qruZtFcJHhkImzDrt8nuPJdlsJRKKv7fAFPb6VaCDM8NGBgHkA VaBU5Q0LjvZ5i82+ZFPnFKgrT0RWQVFz95IxggErMIIBJwIBATBVME0xEjAQBgoJ
FvuwDDGCAaUwggGhAgEBMFIwTTESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYK kiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkARkWCXNhbmRlbG1hbjEcMBoGA1UE
CZImiZPyLGQBGRYJc2FuZGVsbWFuMRwwGgYDVQQDDBNVbnN0cnVuZyBIaWdo AwwTVW5zdHJ1bmcgSGlnaHdheSBDQQIECe20qTALBglghkgBZQMEAgGgaTAYBgkq
d2F5IENBAgEMMA0GCWCGSAFlAwQCAQUAoIHkMBgGCSqGSIb3DQEJAzELBgkq hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xOTA1MTUyMTI1
hkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE3MTAxMjE3NTQzMFowLwYJKoZI NTVaMC8GCSqGSIb3DQEJBDEiBCAQN2lP7aqwyhmj9qUHt6Qk/SbOTOPXFOwn1wv2
hvcNAQkEMSIEIP59cuKVAPkKOOlQIaIV/W1AsWKbmVmBd9wFSuD5yLafMHkG 5YGYgDAKBggqhkjOPQQDAgRHMEUCIEYQhHToU0rrhPyQv2fR0TwWePTx2Z1DEhR4
CSqGSIb3DQEJDzFsMGowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjALBglg tTl/Dr/ZAiEA47u9+bIz/p6nFJ+wctKHER+ycUzYQF56h9odMo+Ilkc=
hkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3 -----END CMS-----
DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAoGCCqGSM49BAMCBEYw
RAIgYUy0NTdP+xTkm/Et69eI++S/2z3dQwPKOwdL0cDCSvACIAh3jJbybMnK
cf7DKKnsn2G/O06HeB/8imMI+hnA7CfN
file: examples/vr_00-D0-E5-F2-00-02.pkcs file: examples/vr_00-D0-E5-02-00-2D.pkcs
The ASN1 decoding of the artifact: The ASN1 decoding of the artifact:
0:d=0 hl=4 l=1820 cons: SEQUENCE 0:d=0 hl=4 l=1717 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signed 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
Data
15:d=1 hl=4 l=1805 cons: cont [ 0 ] 15:d=1 hl=4 l=1702 cons: cont [ 0 ]
19:d=2 hl=4 l=1801 cons: SEQUENCE 19:d=2 hl=4 l=1698 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01 23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 15 cons: SET 26:d=3 hl=2 l= 13 cons: SET
28:d=4 hl=2 l= 13 cons: SEQUENCE 28:d=4 hl=2 l= 11 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256 30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=5 hl=2 l= 0 prim: NULL 41:d=3 hl=4 l= 849 cons: SEQUENCE
43:d=3 hl=4 l= 782 cons: SEQUENCE 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
47:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 56:d=4 hl=4 l= 834 cons: cont [ 0 ]
58:d=4 hl=4 l= 767 cons: cont [ 0 ] 60:d=5 hl=4 l= 830 prim: OCTET STRING :{"ietf-voucher-request:v
62:d=5 hl=4 l= 763 prim: OCTET STRING :{"ietf-vouch 894:d=3 hl=4 l= 520 cons: cont [ 0 ]
er-request:voucher":{"assertion":"proximity","created-on":"2 898:d=4 hl=4 l= 516 cons: SEQUENCE
017-09-01","serial-number":"00-D0-E5-F2-00-02","nonce":"Dss9 902:d=5 hl=4 l= 395 cons: SEQUENCE
9sBr3pNMOACe-LYY7w","proximity-registrar-cert":"MIIBrjCCATOg 906:d=6 hl=2 l= 3 cons: cont [ 0 ]
AwIBAgIBAzAKBggqhkjOPQQDAzBOMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAX 908:d=7 hl=2 l= 1 prim: INTEGER :02
BgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xHTAbBgNVBAMMFFVuc3RydW5nIEZv 911:d=6 hl=2 l= 4 prim: INTEGER :09EDB4A9
dW50YWluIENBMB4XDTE3MDkwNTAxMTI0NVoXDTE5MDkwNTAxMTI0NVowQzES 917:d=6 hl=2 l= 10 cons: SEQUENCE
MBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZImiZPyLGQBGRYJc2FuZGVsbWFu 919:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
MRIwEAYDVQQDDAlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC 929:d=6 hl=2 l= 77 cons: SEQUENCE
AAQ1ZA7Nw0xSM/Q2u194FzQMktZ94waAIV0i/oVTPgOJ8zW6MwF5z+Dpb8/p 931:d=7 hl=2 l= 18 cons: SET
uhObJMZ0U6H/wfApR6svlumd4ryyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49 933:d=8 hl=2 l= 16 cons: SEQUENCE
BAMDA2kAMGYCMQC3/iTQJ3evYYcgbXhbmzrp64t3QC6qjIeY2jkDx062nuNi 935:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
fVKtyaara3F30AIkKSECMQDi29efbTLbdtDk3tecY/rD7V77XaJ6nYCmdDCR 947:d=9 hl=2 l= 2 prim: IA5STRING :ca
54TrSFNLgxvt1lyFM+0fYpYRc3o="}} 951:d=7 hl=2 l= 25 cons: SET
829:d=3 hl=4 l= 566 cons: cont [ 0 ] 953:d=8 hl=2 l= 23 cons: SEQUENCE
833:d=4 hl=4 l= 562 cons: SEQUENCE 955:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
837:d=5 hl=4 l= 439 cons: SEQUENCE 967:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
841:d=6 hl=2 l= 3 cons: cont [ 0 ] 978:d=7 hl=2 l= 28 cons: SET
843:d=7 hl=2 l= 1 prim: INTEGER :02 980:d=8 hl=2 l= 26 cons: SEQUENCE
846:d=6 hl=2 l= 1 prim: INTEGER :0C 982:d=9 hl=2 l= 3 prim: OBJECT :commonName
849:d=6 hl=2 l= 10 cons: SEQUENCE 987:d=9 hl=2 l= 19 prim: UTF8STRING :Unstrung Highway CA
851:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-S 1008:d=6 hl=2 l= 32 cons: SEQUENCE
HA256 1010:d=7 hl=2 l= 13 prim: UTCTIME :190424021658Z
861:d=6 hl=2 l= 77 cons: SEQUENCE 1025:d=7 hl=2 l= 15 prim: GENERALIZEDTIME :29991231000000Z
863:d=7 hl=2 l= 18 cons: SET 1042:d=6 hl=2 l= 28 cons: SEQUENCE
865:d=8 hl=2 l= 16 cons: SEQUENCE 1044:d=7 hl=2 l= 26 cons: SET
867:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 1046:d=8 hl=2 l= 24 cons: SEQUENCE
ent 1048:d=9 hl=2 l= 3 prim: OBJECT :serialNumber
879:d=9 hl=2 l= 2 prim: IA5STRING :ca 1053:d=9 hl=2 l= 17 prim: UTF8STRING :00-d0-e5-02-00-2d
883:d=7 hl=2 l= 25 cons: SET 1072:d=6 hl=2 l= 89 cons: SEQUENCE
885:d=8 hl=2 l= 23 cons: SEQUENCE 1074:d=7 hl=2 l= 19 cons: SEQUENCE
887:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 1076:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
ent 1085:d=8 hl=2 l= 8 prim: OBJECT :prime256v1
899:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 1095:d=7 hl=2 l= 66 prim: BIT STRING
910:d=7 hl=2 l= 28 cons: SET 1163:d=6 hl=3 l= 135 cons: cont [ 3 ]
912:d=8 hl=2 l= 26 cons: SEQUENCE 1166:d=7 hl=3 l= 132 cons: SEQUENCE
914:d=9 hl=2 l= 3 prim: OBJECT :commonName 1169:d=8 hl=2 l= 29 cons: SEQUENCE
919:d=9 hl=2 l= 19 prim: UTF8STRING :Unstrung Hig 1171:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Ident
hway CA 1176:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04148FC298754A
940:d=6 hl=2 l= 32 cons: SEQUENCE 1200:d=8 hl=2 l= 9 cons: SEQUENCE
942:d=7 hl=2 l= 13 prim: UTCTIME :171012135252 1202:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
Z 1207:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
957:d=7 hl=2 l= 15 prim: GENERALIZEDTIME :299912310000 1211:d=8 hl=2 l= 43 cons: SEQUENCE
00Z 1213:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternati
974:d=6 hl=2 l= 75 cons: SEQUENCE 1218:d=9 hl=2 l= 36 prim: OCTET STRING [HEX DUMP]:3022A02006092B
976:d=7 hl=2 l= 18 cons: SET 1256:d=8 hl=2 l= 43 cons: SEQUENCE
978:d=8 hl=2 l= 16 cons: SEQUENCE 1258:d=9 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1.46930.2
980:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 1269:d=9 hl=2 l= 30 prim: OCTET STRING [HEX DUMP]:0C1C6D6173612E
ent 1301:d=5 hl=2 l= 10 cons: SEQUENCE
992:d=9 hl=2 l= 2 prim: IA5STRING :ca 1303:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
996:d=7 hl=2 l= 25 cons: SET 1313:d=5 hl=2 l= 103 prim: BIT STRING
998:d=8 hl=2 l= 23 cons: SEQUENCE 1418:d=3 hl=4 l= 299 cons: SET
1000:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 1422:d=4 hl=4 l= 295 cons: SEQUENCE
ent 1426:d=5 hl=2 l= 1 prim: INTEGER :01
1012:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 1429:d=5 hl=2 l= 85 cons: SEQUENCE
1023:d=7 hl=2 l= 26 cons: SET 1431:d=6 hl=2 l= 77 cons: SEQUENCE
1025:d=8 hl=2 l= 24 cons: SEQUENCE 1433:d=7 hl=2 l= 18 cons: SET
1027:d=9 hl=2 l= 3 prim: OBJECT :commonName 1435:d=8 hl=2 l= 16 cons: SEQUENCE
1032:d=9 hl=2 l= 17 prim: UTF8STRING :00-D0-E5-F2- 1437:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
00-02 1449:d=9 hl=2 l= 2 prim: IA5STRING :ca
1051:d=6 hl=2 l= 89 cons: SEQUENCE 1453:d=7 hl=2 l= 25 cons: SET
1053:d=7 hl=2 l= 19 cons: SEQUENCE 1455:d=8 hl=2 l= 23 cons: SEQUENCE
1055:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicK 1457:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
ey 1469:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
1064:d=8 hl=2 l= 8 prim: OBJECT :prime256v1 1480:d=7 hl=2 l= 28 cons: SET
1074:d=7 hl=2 l= 66 prim: BIT STRING 1482:d=8 hl=2 l= 26 cons: SEQUENCE
1142:d=6 hl=3 l= 135 cons: cont [ 3 ] 1484:d=9 hl=2 l= 3 prim: OBJECT :commonName
1145:d=7 hl=3 l= 132 cons: SEQUENCE 1489:d=9 hl=2 l= 19 prim: UTF8STRING :Unstrung Highway CA
1148:d=8 hl=2 l= 29 cons: SEQUENCE 1510:d=6 hl=2 l= 4 prim: INTEGER :09EDB4A9
1150:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subje 1516:d=5 hl=2 l= 11 cons: SEQUENCE
ct Key Identifier 1518:d=6 hl=2 l= 9 prim: OBJECT :sha256
1155:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04 1529:d=5 hl=2 l= 105 cons: cont [ 0 ]
141D311661B611509B3CFA13B6155F390BED76432A 1531:d=6 hl=2 l= 24 cons: SEQUENCE
1179:d=8 hl=2 l= 9 cons: SEQUENCE 1533:d=7 hl=2 l= 9 prim: OBJECT :contentType
1181:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic 1544:d=7 hl=2 l= 11 cons: SET
Constraints 1546:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
1186:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:30 1557:d=6 hl=2 l= 28 cons: SEQUENCE
00 1559:d=7 hl=2 l= 9 prim: OBJECT :signingTime
1190:d=8 hl=2 l= 43 cons: SEQUENCE 1570:d=7 hl=2 l= 15 cons: SET
1192:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subje 1572:d=8 hl=2 l= 13 prim: UTCTIME :190515212555Z
ct Alternative Name 1587:d=6 hl=2 l= 47 cons: SEQUENCE
1197:d=9 hl=2 l= 36 prim: OCTET STRING [HEX DUMP]:30 1589:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
22A02006092B0601040182EE5201A0130C1130302D44302D45352D46322D 1600:d=7 hl=2 l= 34 cons: SET
30302D3032 1602:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:1037694FEDAAB0
1235:d=8 hl=2 l= 43 cons: SEQUENCE 1636:d=5 hl=2 l= 10 cons: SEQUENCE
1237:d=9 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1. 1638:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
46930.2 1648:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:30450220461084
1248:d=9 hl=2 l= 30 prim: OCTET STRING [HEX DUMP]:0C
1C68747470733A2F2F686967687761792E73616E64656C6D616E2E6361
1280:d=5 hl=2 l= 10 cons: SEQUENCE
1282:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-S
HA256
1292:d=5 hl=2 l= 105 prim: BIT STRING
1399:d=3 hl=4 l= 421 cons: SET
1403:d=4 hl=4 l= 417 cons: SEQUENCE
1407:d=5 hl=2 l= 1 prim: INTEGER :01
1410:d=5 hl=2 l= 82 cons: SEQUENCE
1412:d=6 hl=2 l= 77 cons: SEQUENCE
1414:d=7 hl=2 l= 18 cons: SET
1416:d=8 hl=2 l= 16 cons: SEQUENCE
1418:d=9 hl=2 l= 10 prim: OBJECT :domainCompon
ent
1430:d=9 hl=2 l= 2 prim: IA5STRING :ca
1434:d=7 hl=2 l= 25 cons: SET
1436:d=8 hl=2 l= 23 cons: SEQUENCE
1438:d=9 hl=2 l= 10 prim: OBJECT :domainCompon
ent
1450:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
1461:d=7 hl=2 l= 28 cons: SET
1463:d=8 hl=2 l= 26 cons: SEQUENCE
1465:d=9 hl=2 l= 3 prim: OBJECT :commonName
1470:d=9 hl=2 l= 19 prim: UTF8STRING :Unstrung Hig
hway CA
1491:d=6 hl=2 l= 1 prim: INTEGER :0C
1494:d=5 hl=2 l= 13 cons: SEQUENCE
1496:d=6 hl=2 l= 9 prim: OBJECT :sha256
1507:d=6 hl=2 l= 0 prim: NULL
1509:d=5 hl=3 l= 228 cons: cont [ 0 ]
1512:d=6 hl=2 l= 24 cons: SEQUENCE
1514:d=7 hl=2 l= 9 prim: OBJECT :contentType
1525:d=7 hl=2 l= 11 cons: SET
1527:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
1538:d=6 hl=2 l= 28 cons: SEQUENCE
1540:d=7 hl=2 l= 9 prim: OBJECT :signingTime
1551:d=7 hl=2 l= 15 cons: SET
1553:d=8 hl=2 l= 13 prim: UTCTIME :171012175430
Z
1568:d=6 hl=2 l= 47 cons: SEQUENCE
1570:d=7 hl=2 l= 9 prim: OBJECT :messageDiges
t
1581:d=7 hl=2 l= 34 cons: SET
1583:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:FE
7D72E29500F90A38E95021A215FD6D40B1629B99598177DC054AE0F9C8B6
9F
1617:d=6 hl=2 l= 121 cons: SEQUENCE
1619:d=7 hl=2 l= 9 prim: OBJECT :S/MIME Capab
ilities
1630:d=7 hl=2 l= 108 cons: SET
1632:d=8 hl=2 l= 106 cons: SEQUENCE
1634:d=9 hl=2 l= 11 cons: SEQUENCE
1636:d=10 hl=2 l= 9 prim: OBJECT :aes-256-cbc
1647:d=9 hl=2 l= 11 cons: SEQUENCE
1649:d=10 hl=2 l= 9 prim: OBJECT :aes-192-cbc
1660:d=9 hl=2 l= 11 cons: SEQUENCE
1662:d=10 hl=2 l= 9 prim: OBJECT :aes-128-cbc
1673:d=9 hl=2 l= 10 cons: SEQUENCE
1675:d=10 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
1685:d=9 hl=2 l= 14 cons: SEQUENCE
1687:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
1697:d=10 hl=2 l= 2 prim: INTEGER :80
1701:d=9 hl=2 l= 13 cons: SEQUENCE
1703:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
1713:d=10 hl=2 l= 1 prim: INTEGER :40
1716:d=9 hl=2 l= 7 cons: SEQUENCE
1718:d=10 hl=2 l= 5 prim: OBJECT :des-cbc
1725:d=9 hl=2 l= 13 cons: SEQUENCE
1727:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
1737:d=10 hl=2 l= 1 prim: INTEGER :28
1740:d=5 hl=2 l= 10 cons: SEQUENCE
1742:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-S
HA256
1752:d=5 hl=2 l= 70 prim: OCTET STRING [HEX DUMP]:30
440220614CB435374FFB14E49BF12DEBD788FBE4BFDB3DDD4303CA3B074B
D1C0C24AF0022008778C96F26CC9CA71FEC328A9EC9F61BF3B4E87781FFC
8A6308FA19C0EC27CD
The JSON contained in the voucher request: The JSON contained in the voucher request:
{"ietf-voucher-request:voucher":{"assertion":"proximity","cr {"ietf-voucher-request:voucher":{"assertion":"proximity","created-on":"2019-05-15T17:25:55.644-04:00","serial-number":"00-d0-e5-02-00-2d","nonce":"VOUFT-WwrEv0NuAQEHoV7Q","proximity-registrar-cert":"MIIB0TCCAVagAwIBAgIBAjAKBggqhkjOPQQDAzBxMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xQDA+BgNVBAMMNyM8U3lzdGVtVmFyaWFibGU6MHgwMDAwMDAwNGY5MTFhMD4gVW5zdHJ1bmcgRm91bnRhaW4gQ0EwHhcNMTcxMTA3MjM0NTI4WhcNMTkxMTA3MjM0NTI4WjBDMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJZlUHI0up/l3eZf9vCBb+lInoEMEgc7Ro+XZCtjAI0CD1fJfJR/hIyyDmHWyYiNFbRCH9fyarfkzgX4p0zTizqjDTALMAkGA1UdEwQCMAAwCgYIKoZIzj0EAwMDaQAwZgIxALQMNurf8tv50lROD5DQXHEOJJNW3QV2g9QEdDSk2MY+AoSrBSmGSNjh4olEOhEuLgIxAJ4nWfNw+BjbZmKiIiUEcTwHMhGVXaMHY/F7n39wwKcBBSOndNPqCpOELl6bq3CZqQ=="}}
eated-on":"2017-09-01","serial-number":"00-D0-E5-F2-00-02","
nonce":"Dss99sBr3pNMOACe-LYY7w","proximity-registrar-cert":"
MIIBrjCCATOgAwIBAgIBAzAKBggqhkjOPQQDAzBOMRIwEAYKCZImiZPyLGQB
GRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xHTAbBgNVBAMMFFVu
c3RydW5nIEZvdW50YWluIENBMB4XDTE3MDkwNTAxMTI0NVoXDTE5MDkwNTAx
MTI0NVowQzESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZImiZPyLGQBGRYJ
c2FuZGVsbWFuMRIwEAYDVQQDDAlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAAQ1ZA7Nw0xSM/Q2u194FzQMktZ94waAIV0i/oVTPgOJ8zW6
MwF5z+Dpb8/puhObJMZ0U6H/wfApR6svlumd4ryyow0wCzAJBgNVHRMEAjAA
MAoGCCqGSM49BAMDA2kAMGYCMQC3/iTQJ3evYYcgbXhbmzrp64t3QC6qjIeY
2jkDx062nuNifVKtyaara3F30AIkKSECMQDi29efbTLbdtDk3tecY/rD7V77
XaJ6nYCmdDCR54TrSFNLgxvt1lyFM+0fYpYRc3o="}}
D.2.2. Registrar to MASA D.2.2. Registrar to MASA
As described in Section 5.5 the registrar will sign a registrar As described in Section 5.5 the registrar will sign a registrar
voucher-request, and will include pledge's voucher request in the voucher-request, and will include pledge's voucher request in the
prior-signed-voucher-request. prior-signed-voucher-request.
MIIN2gYJKoZIhvcNAQcCoIINyzCCDccCAQExDzANBglghkgBZQMEAgEFADCC -----BEGIN CMS-----
Ck4GCSqGSIb3DQEHAaCCCj8Eggo7eyJpZXRmLXZvdWNoZXItcmVxdWVzdDp2 MIIPkwYJKoZIhvcNAQcCoIIPhDCCD4ACAQExDTALBglghkgBZQMEAgEwggnUBgkq
b3VjaGVyIjp7ImFzc2VydGlvbiI6InByb3hpbWl0eSIsImNyZWF0ZWQtb24i hkiG9w0BBwGgggnFBIIJwXsiaWV0Zi12b3VjaGVyLXJlcXVlc3Q6dm91Y2hlciI6
OiIyMDE3LTA5LTE1VDAwOjAwOjAwLjAwMFoiLCJzZXJpYWwtbnVtYmVyIjoi eyJhc3NlcnRpb24iOiJwcm94aW1pdHkiLCJjcmVhdGVkLW9uIjoiMjAxOS0wNS0x
SkFEQTEyMzQ1Njc4OSIsIm5vbmNlIjoiYWJjZDEyMzQiLCJwcmlvci1zaWdu NVQyMToyNTo1NS43NThaIiwic2VyaWFsLW51bWJlciI6IjAwLWQwLWU1LTAyLTAw
ZWQtdm91Y2hlci1yZXF1ZXN0IjoiTUlJSEhRWUpLb1pJaHZjTkFRY0NvSUlI LTJkIiwibm9uY2UiOiJWT1VGVC1Xd3JFdjBOdUFRRUhvVjdRIiwicHJpb3Itc2ln
RGpDQ0J3b0NBUUV4RHpBTkJnbGdoa2dCWlFNRUFnRUZBRENDQXc0R0NTcUdT bmVkLXZvdWNoZXItcmVxdWVzdCI6Ik1JSUd0UVlKS29aSWh2Y05BUWNDb0lJR3Bq
SWIzRFFFSEFhQ0NBdjhFZ2dMN2V5SnBaWFJtTFhadmRXTm9aWEl0Y21WeGRX Q0NCcUlDQVFFeERUQUxCZ2xnaGtnQlpRTUVBZ0V3Z2dOUkJna3Foa2lHOXcwQkJ3
VnpkRHAyYjNWamFHVnlJanA3SW1GemMyVnlkR2x2YmlJNkluQnliM2hwYlds R2dnZ05DQklJRFBuc2lhV1YwWmkxMmIzVmphR1Z5TFhKbGNYVmxjM1E2ZG05MVky
MGVTSXNJbU55WldGMFpXUXRiMjRpT2lJeU1ERTNMVEE1TFRBeElpd2ljMlZ5 aGxjaUk2ZXlKaGMzTmxjblJwYjI0aU9pSndjbTk0YVcxcGRIa2lMQ0pqY21WaGRH
YVdGc0xXNTFiV0psY2lJNklqQXdMVVF3TFVVMUxVWXlMVEF3TFRBeUlpd2li VmtMVzl1SWpvaU1qQXhPUzB3TlMweE5WUXhOem95TlRvMU5TNDJORFF0TURRNk1E
bTl1WTJVaU9pSkVjM001T1hOQ2NqTndUazFQUVVObExVeFpXVGQzSWl3aWNI QWlMQ0p6WlhKcFlXd3RiblZ0WW1WeUlqb2lNREF0WkRBdFpUVXRNREl0TURBdE1t
SnZlR2x0YVhSNUxYSmxaMmx6ZEhKaGNpMWpaWEowSWpvaVRVbEpRbkpxUTBO UWlMQ0p1YjI1alpTSTZJbFpQVlVaVUxWZDNja1YyTUU1MVFWRkZTRzlXTjFFaUxD
QlZFOW5RWGRKUWtGblNVSkJla0ZMUW1kbmNXaHJhazlRVVZGRVFYcENUMDFT SndjbTk0YVcxcGRIa3RjbVZuYVhOMGNtRnlMV05sY25RaU9pSk5TVWxDTUZSRFEw
U1hkRlFWbExRMXBKYldsYVVIbE1SMUZDUjFKWlExa3lSWGhIVkVGWVFtZHZT RldZV2RCZDBsQ1FXZEpRa0ZxUVV0Q1oyZHhhR3RxVDFCUlVVUkJla0o0VFZKSmQw
bXRwWVVwckwwbHpXa0ZGV2tabmJIcFpWelZyV2xkNGRGbFhOSGhJVkVGaVFt VkJXVXREV2tsdGFWcFFlVXhIVVVKSFVsbERXVEpGZUVkVVFWaENaMjlLYTJsaFNt
ZE9Wa0pCVFUxR1JsWjFZek5TZVdSWE5XNUpSVnAyWkZjMU1GbFhiSFZKUlU1 c3ZTWE5hUVVWYVJtZHNlbGxYTld0YVYzaDBXVmMwZUZGRVFTdENaMDVXUWtGTlRV
Q1RVSTBXRVJVUlROTlJHdDNUbFJCZUUxVVNUQk9WbTlZUkZSRk5VMUVhM2RP NTVUVGhWTTJ4NlpFZFdkRlp0Um5saFYwWnBZa2RWTmsxSVozZE5SRUYzVFVSQmQw
VkVGNFRWUkpNRTVXYjNkUmVrVlRUVUpCUjBObmJWTktiMjFVT0dsNGEwRlNh NUhXVFZOVkVab1RVUTBaMVpYTlhwa1NFb3hZbTFqWjFKdE9URmlibEpvWVZjMFox
MWRCYlU1b1RWSnJkMFozV1V0RFdrbHRhVnBRZVV4SFVVSkhVbGxLWXpKR2RW RXdSWGRJYUdOT1RWUmplRTFVUVROTmFrMHdUbFJKTkZkb1kwNU5WR3Q0VFZSQk0w
cEhWbk5pVjBaMVRWSkpkMFZCV1VSV1VWRkVSRUZzYzJJeVRtaGlSMmgyWXpO MXFUVEJPVkVrMFYycENSRTFTU1hkRlFWbExRMXBKYldsYVVIbE1SMUZDUjFKWlEx
UmQxZFVRVlJDWjJOeGFHdHFUMUJSU1VKQ1oyZHhhR3RxVDFCUlRVSkNkMDVE a3lSWGhIVkVGWVFtZHZTbXRwWVVwckwwbHpXa0ZGV2tabmJIcFpWelZyV2xkNGRG
UVVGUk1WcEJOMDUzTUhoVFRTOVJNblV4T1RSR2VsRk5hM1JhT1RSM1lVRkpW bFhOSGhGYWtGUlFtZE9Wa0pCVFUxRFYzaDJXVEpHYzJGSE9YcGtSRUphVFVKTlIw
akJwTDI5V1ZGQm5UMG80ZWxjMlRYZEdOWG9yUkhCaU9DOXdkV2hQWWtwTldq SjVjVWRUVFRRNVFXZEZSME5EY1VkVFRUUTVRWGRGU0VFd1NVRkNTbHBzVlVoSk1I
QlZOa2d2ZDJaQmNGSTJjM1pzZFcxa05ISjVlVzkzTUhkRGVrRktRbWRPVmto VndMMnd6WlZwbU9YWkRRbUlyYkVsdWIwVk5SV2RqTjFKdksxaGFRM1JxUVVrd1Ew
U1RVVkJha0ZCVFVGdlIwTkRjVWRUVFRRNVFrRk5SRUV5YTBGTlIxbERUVkZE UXhaa3BtU2xJdmFFbDVlVVJ0U0ZkNVdXbE9SbUpTUTBnNVpubGhjbVpyZW1kWU5I
TXk5cFZGRktNMlYyV1ZsaloySllhR0p0ZW5Kd05qUjBNMUZETm5GcVNXVlpN QXdlbFJwZW5GcVJGUkJURTFCYTBkQk1WVmtSWGRSUTAxQlFYZERaMWxKUzI5YVNY
bXByUkhnd05qSnVkVTVwWmxaTGRIbGhZWEpoTTBZek1FRkphMHRUUlVOTlVV cHFNRVZCZDAxRVlWRkJkMXBuU1hoQlRGRk5UblZ5WmpoMGRqVXdiRkpQUkRWRVVW
UnBNamxsWm1KVVRHSmtkRVJyTTNSbFkxa3Zja1EzVmpjM1dHRktObTVaUTIx aElSVTlLU2s1WE0xRldNbWM1VVVWa1JGTnJNazFaSzBGdlUzSkNVMjFIVTA1cWFE
a1JFTlNOVFJVY2xOR1RreG5lSFowTVd4NVJrMHJNR1paY0ZsU1l6TnZQU0o5 UnZiRVZQYUVWMVRHZEplRUZLTkc1WFprNTNLMEpxWWxwdFMybEphVlZGWTFSM1NF
ZmFDQ0FqWXdnZ0l5TUlJQnQ2QURBZ0VDQWdFTU1Bb0dDQ3FHU000OUJBTUNN MW9SMVpZWVUxSVdTOUdOMjR6T1hkM1MyTkNRbE5QYm1ST1VIRkRjRTlGVEd3Mllu
RTB4RWpBUUJnb0praWFKay9Jc1pBRVpGZ0pqWVRFWk1CY0dDZ21TSm9tVDhp RXpRMXB4VVQwOUluMTlvSUlDQ0RDQ0FnUXdnZ0dMb0FNQ0FRSUNCQW50dEtrd0Nn
eGtBUmtXQ1hOaGJtUmxiRzFoYmpFY01Cb0dBMVVFQXd3VFZXNXpkSEoxYm1j WUlLb1pJemowRUF3SXdUVEVTTUJBR0NnbVNKb21UOGl4a0FSa1dBbU5oTVJrd0Z3
Z1NHbG5hSGRoZVNCRFFUQWdGdzB4TnpFd01USXhNelV5TlRKYUdBOHlPVGs1 WUtDWkltaVpQeUxHUUJHUllKYzJGdVpHVnNiV0Z1TVJ3d0dnWURWUVFEREJOVmJu
TVRJek1UQXdNREF3TUZvd1N6RVNNQkFHQ2dtU0pvbVQ4aXhrQVJrV0FtTmhN TjBjblZ1WnlCSWFXZG9kMkY1SUVOQk1DQVhEVEU1TURReU5EQXlNVFkxT0ZvWUR6
Umt3RndZS0NaSW1pWlB5TEdRQkdSWUpjMkZ1WkdWc2JXRnVNUm93R0FZRFZR STVPVGt4TWpNeE1EQXdNREF3V2pBY01Sb3dHQVlEVlFRRkRCRXdNQzFrTUMxbE5T
UUREQkV3TUMxRU1DMUZOUzFHTWkwd01DMHdNakJaTUJNR0J5cUdTTTQ5QWdF MHdNaTB3TUMweVpEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJG
R0NDcUdTTTQ5QXdFSEEwSUFCRW1ubUxSMVRWcFNkSGE3ekF4SENDUTI2azFz b3Y0Nmo2VVNkQ1lGb0lXVVlIbVpTeXJyVzExWTVweDIvdFFHR2hCZjJFSXhOb09S
MHp1YldmU2FQN1FvbG1Odzhpb2dQNjJzK05OS2h1MjRoMmxFOThabnlGVCtj V1ZmQ280a2YyNUJKZnBmRE9LSnlBdXloMmx5aXBMbW9QVXVrK2pnWWN3Z1lRd0hR
aFM5NnJES2hnandFOXVqZ1ljd2dZUXdIUVlEVlIwT0JCWUVGQjB4Rm1HMkVW WURWUjBPQkJZRUZJL0NtSFZLQkRyeWRKSERpRzR4RnNJRm5RMkpNQWtHQTFVZEV3
Q2JQUG9UdGhWZk9RdnRka01xTUFrR0ExVWRFd1FDTUFBd0t3WURWUjBSQkNR UUNNQUF3S3dZRFZSMFJCQ1F3SXFBZ0Jna3JCZ0VFQVlMdVVnR2dFd3dSTURBdFJE
d0lxQWdCZ2tyQmdFRUFZTHVVZ0dnRXd3Uk1EQXRSREF0UlRVdFJqSXRNREF0 QXRSVFV0TURJdE1EQXRNa1F3S3dZSkt3WUJCQUdDN2xJQ0JCNE1IRzFoYzJFdWFH
TURJd0t3WUpLd1lCQkFHQzdsSUNCQjRNSEdoMGRIQnpPaTh2YUdsbmFIZGhl OXVaWGxrZFd0bGN5NXpZVzVrWld4dFlXNHVZMkV3Q2dZSUtvWkl6ajBFQXdJRFp3
UzV6WVc1a1pXeHRZVzR1WTJFd0NnWUlLb1pJemowRUF3SURhUUF3WmdJeEFP QXdaQUl3SnJ6STVqWUk4cVE0WEg4cHpGZDVETGlLVWlxMk0wVnErSU56N1U4Rnc3
RW5VMzU1cWRiVlQ5N21xZ3hJYTlTOVlkSHU2Snp4d2x1SHU5ZkxuelNjR3p4 QUh0S0lyVTA0K0VMVk5XMm80VG4wNUFqQmpEVzdGdGtPTlJjL2JlancxWGJUaW1t
dWsyZnJTVC80ak84UlI2MHpNZ0l4QUt2VzdHOTFoNHFydVp0RmNKSGhrSW16 d1d3RDlVVmFCVTVRMExqdlo1aTgyK1pGUG5GS2dyVDBSV1FWRno5NUl4Z2dFck1J
RHJ0OG51UEpkbHNKUktLdjdmQUZQYjZWYUNETThOR0JnSGtBRnZ1d0RER0NB SUJKd0lCQVRCVk1FMHhFakFRQmdvSmtpYUprL0lzWkFFWkZnSmpZVEVaTUJjR0Nn
YVl3Z2dHaUFnRUJNRkl3VFRFU01CQUdDZ21TSm9tVDhpeGtBUmtXQW1OaE1S bVNKb21UOGl4a0FSa1dDWE5oYm1SbGJHMWhiakVjTUJvR0ExVUVBd3dUVlc1emRI
a3dGd1lLQ1pJbWlaUHlMR1FCR1JZSmMyRnVaR1ZzYldGdU1Sd3dHZ1lEVlFR SjFibWNnU0dsbmFIZGhlU0JEUVFJRUNlMjBxVEFMQmdsZ2hrZ0JaUU1FQWdHZ2FU
RERCTlZibk4wY25WdVp5QklhV2RvZDJGNUlFTkJBZ0VNTUEwR0NXQ0dTQUZs QVlCZ2txaGtpRzl3MEJDUU14Q3dZSktvWklodmNOQVFjQk1Cd0dDU3FHU0liM0RR
QXdRQ0FRVUFvSUhrTUJnR0NTcUdTSWIzRFFFSkF6RUxCZ2txaGtpRzl3MEJC RUpCVEVQRncweE9UQTFNVFV5TVRJMU5UVmFNQzhHQ1NxR1NJYjNEUUVKQkRFaUJD
d0V3SEFZSktvWklodmNOQVFrRk1ROFhEVEUzTVRBeE1qRXpOVGd5TTFvd0x3 QVFOMmxQN2Fxd3lobWo5cVVIdDZRay9TYk9UT1BYRk93bjF3djI1WUdZZ0RBS0Jn
WUpLb1pJaHZjTkFRa0VNU0lFSVA1OWN1S1ZBUGtLT09sUUlhSVYvVzFBc1dL Z3Foa2pPUFFRREFnUkhNRVVDSUVZUWhIVG9VMHJyaFB5UXYyZlIwVHdXZVBUeDJa
Ym1WbUJkOXdGU3VENXlMYWZNSGtHQ1NxR1NJYjNEUUVKRHpGc01Hb3dDd1lK MURFaFI0dFRsL0RyL1pBaUVBNDd1OStiSXovcDZuRkord2N0S0hFUit5Y1V6WVFG
WUlaSUFXVURCQUVxTUFzR0NXQ0dTQUZsQXdRQkZqQUxCZ2xnaGtnQlpRTUVB NTZoOW9kTW8rSWxrYz0ifX2gggRCMIIB0TCCAVagAwIBAgIBAjAKBggqhkjOPQQD
UUl3Q2dZSUtvWklodmNOQXdjd0RnWUlLb1pJaHZjTkF3SUNBZ0NBTUEwR0ND AzBxMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxt
cUdTSWIzRFFNQ0FnRkFNQWNHQlNzT0F3SUhNQTBHQ0NxR1NJYjNEUU1DQWdF YW4xQDA+BgNVBAMMNyM8U3lzdGVtVmFyaWFibGU6MHgwMDAwMDAwNGY5MTFhMD4g
b01Bb0dDQ3FHU000OUJBTUNCRWN3UlFJZ0VNZzFkSkw3RmNkdHJWRHg4cUNh VW5zdHJ1bmcgRm91bnRhaW4gQ0EwHhcNMTcxMTA3MjM0NTI4WhcNMTkxMTA3MjM0
em9lOSsyMk56NFp3UkI5Z0FUR0w3TU1DSVFEanNzVWxaekpxcDIva0NkNFdo NTI4WjBDMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5k
eFVoc2FDcFRGd1Bybk5ldzV3Q2tZVUY4UT09In19oIIBsjCCAa4wggEzoAMC ZWxtYW4xEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEH
AQICAQMwCgYIKoZIzj0EAwMwTjESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYK A0IABJZlUHI0up/l3eZf9vCBb+lInoEMEgc7Ro+XZCtjAI0CD1fJfJR/hIyyDmHW
CZImiZPyLGQBGRYJc2FuZGVsbWFuMR0wGwYDVQQDDBRVbnN0cnVuZyBGb3Vu yYiNFbRCH9fyarfkzgX4p0zTizqjDTALMAkGA1UdEwQCMAAwCgYIKoZIzj0EAwMD
dGFpbiBDQTAeFw0xNzA5MDUwMTEyNDVaFw0xOTA5MDUwMTEyNDVaMEMxEjAQ aQAwZgIxALQMNurf8tv50lROD5DQXHEOJJNW3QV2g9QEdDSk2MY+AoSrBSmGSNjh
BgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkARkWCXNhbmRlbG1hbjES 4olEOhEuLgIxAJ4nWfNw+BjbZmKiIiUEcTwHMhGVXaMHY/F7n39wwKcBBSOndNPq
MBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE CpOELl6bq3CZqTCCAmkwggHvoAMCAQICAQMwCgYIKoZIzj0EAwIwbTESMBAGCgmS
NWQOzcNMUjP0NrtfeBc0DJLWfeMGgCFdIv6FUz4DifM1ujMBec/g6W/P6boT JomT8ixkARkWAmNhMRkwFwYKCZImiZPyLGQBGRYJc2FuZGVsbWFuMTwwOgYDVQQD
myTGdFOh/8HwKUerL5bpneK8sqMNMAswCQYDVR0TBAIwADAKBggqhkjOPQQD DDNmb3VudGFpbi10ZXN0LmV4YW1wbGUuY29tIFVuc3RydW5nIEZvdW50YWluIFJv
AwNpADBmAjEAt/4k0Cd3r2GHIG14W5s66euLd0AuqoyHmNo5A8dOtp7jYn1S b3QgQ0EwHhcNMTkwMTEzMjI1NDQ0WhcNMjEwMTEyMjI1NDQ0WjBtMRIwEAYKCZIm
rcmmq2txd9ACJCkhAjEA4tvXn20y23bQ5N7XnGP6w+1e+12iep2ApnQwkeeE iZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xPDA6BgNVBAMM
60hTS4Mb7dZchTPtH2KWEXN6MYIBpzCCAaMCAQEwUzBOMRIwEAYKCZImiZPy M2ZvdW50YWluLXRlc3QuZXhhbXBsZS5jb20gVW5zdHJ1bmcgRm91bnRhaW4gUm9v
LGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xHTAbBgNVBAMM dCBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABBt/WboXwxq8Zo2MbODD+jFxD2X2
FFVuc3RydW5nIEZvdW50YWluIENBAgEDMA0GCWCGSAFlAwQCAQUAoIHkMBgG IpG9t1aAB9vfuHqlRU15ikaXGVmWMbGPaX0yvjzIPltjtUb2qNVvm/nA89O5FD9y
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE3MTAy R1Gkdt3S8L/1yo8wAX/4wl/T9SADRIuL8gdstKNjMGEwDwYDVR0TAQH/BAUwAwEB
NjAxMzYxOFowLwYJKoZIhvcNAQkEMSIEIEQBM73PZzPo7tE9Mj8gQvaaYeMQ /zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLml9ssR4QekSSynCMZ8ELyHs3Qm
OsxlACaW/HenAqNwMHkGCSqGSIb3DQEJDzFsMGowCwYJYIZIAWUDBAEqMAsG MB8GA1UdIwQYMBaAFLml9ssR4QekSSynCMZ8ELyHs3QmMAoGCCqGSM49BAMCA2gA
CWCGSAFlAwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcN MGUCMAviLdbfd6AZdsOxNgf7D15WFmGC1JkHeEbT/0w4UXz6q/48S71/IMbSXRWH
AwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEo aNxiJwIxAOCRjtlN+VSmCLTvWwMTxnSpIuqMr/O1y2Z8rl459VRFphWPdbf4i0qE
MAoGCCqGSM49BAMCBEcwRQIgDdp5uPUlMKp7GFQAD7ypAgqFv8q+KkJt6c3O cwu0u4JzpDGCAUwwggFIAgEBMHYwcTESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYK
7iVpVI8CIQCD1u8BkxipvigwvIDmWfjlYdJxcvozNjffq5j3UHg7Rg== CZImiZPyLGQBGRYJc2FuZGVsbWFuMUAwPgYDVQQDDDcjPFN5c3RlbVZhcmlhYmxl
OjB4MDAwMDAwMDRmOTExYTA+IFVuc3RydW5nIEZvdW50YWluIENBAgECMAsGCWCG
SAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkF
MQ8XDTE5MDUxNTIxMjU1NVowLwYJKoZIhvcNAQkEMSIEIFBQjMmWzZOEkRHXrVAS
snJwgQ26goyvOAtUFYs3MstMMAoGCCqGSM49BAMCBEcwRQIgBthbhEmgbqZbYDkD
zxHXLzJ5eusWplzHKqZyxNpzaR8CIQC3UtMu0QsXoUpYL016iTsbd7Eedi8IfnwQ
akExfhh0ew==
-----END CMS-----
file: examples/parboiled_vr_00-D0-E5-F2-00-02.pkcs file: examples/parboiled_vr_00_D0-E5-02-00-2D.pkcs
The ASN1 decoding of the artifact: The ASN1 decoding of the artifact:
0:d=0 hl=4 l=3546 cons: SEQUENCE 0:d=0 hl=4 l=3987 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signed 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
Data 15:d=1 hl=4 l=3972 cons: cont [ 0 ]
15:d=1 hl=4 l=3531 cons: cont [ 0 ] 19:d=2 hl=4 l=3968 cons: SEQUENCE
19:d=2 hl=4 l=3527 cons: SEQUENCE 23:d=3 hl=2 l= 1 prim: INTEGER :01
23:d=3 hl=2 l= 1 prim: INTEGER :01 26:d=3 hl=2 l= 13 cons: SET
26:d=3 hl=2 l= 15 cons: SET 28:d=4 hl=2 l= 11 cons: SEQUENCE
28:d=4 hl=2 l= 13 cons: SEQUENCE 30:d=5 hl=2 l= 9 prim: OBJECT :sha256
30:d=5 hl=2 l= 9 prim: OBJECT :sha256 41:d=3 hl=4 l=2516 cons: SEQUENCE
41:d=5 hl=2 l= 0 prim: NULL 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
43:d=3 hl=4 l=2638 cons: SEQUENCE 56:d=4 hl=4 l=2501 cons: cont [ 0 ]
47:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 60:d=5 hl=4 l=2497 prim: OCTET STRING :{"ietf-voucher-request:v
58:d=4 hl=4 l=2623 cons: cont [ 0 ] 2561:d=3 hl=4 l=1090 cons: cont [ 0 ]
62:d=5 hl=4 l=2619 prim: OCTET STRING :{"ietf-vouch 2565:d=4 hl=4 l= 465 cons: SEQUENCE
er-request:voucher":{"assertion":"proximity","created-on":"2 2569:d=5 hl=4 l= 342 cons: SEQUENCE
017-09-15T00:00:00.000Z","serial-number":"JADA123456789","no 2573:d=6 hl=2 l= 3 cons: cont [ 0 ]
nce":"abcd1234","prior-signed-voucher-request":"MIIHHQYJKoZI 2575:d=7 hl=2 l= 1 prim: INTEGER :02
hvcNAQcCoIIHDjCCBwoCAQExDzANBglghkgBZQMEAgEFADCCAw4GCSqGSIb3 2578:d=6 hl=2 l= 1 prim: INTEGER :02
DQEHAaCCAv8EggL7eyJpZXRmLXZvdWNoZXItcmVxdWVzdDp2b3VjaGVyIjp7 2581:d=6 hl=2 l= 10 cons: SEQUENCE
ImFzc2VydGlvbiI6InByb3hpbWl0eSIsImNyZWF0ZWQtb24iOiIyMDE3LTA5 2583:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA384
LTAxIiwic2VyaWFsLW51bWJlciI6IjAwLUQwLUU1LUYyLTAwLTAyIiwibm9u 2593:d=6 hl=2 l= 113 cons: SEQUENCE
Y2UiOiJEc3M5OXNCcjNwTk1PQUNlLUxZWTd3IiwicHJveGltaXR5LXJlZ2lz 2595:d=7 hl=2 l= 18 cons: SET
dHJhci1jZXJ0IjoiTUlJQnJqQ0NBVE9nQXdJQkFnSUJBekFLQmdncWhrak9Q 2597:d=8 hl=2 l= 16 cons: SEQUENCE
UVFEQXpCT01SSXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhHVEFYQmdvSmtp 2599:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
YUprL0lzWkFFWkZnbHpZVzVrWld4dFlXNHhIVEFiQmdOVkJBTU1GRlZ1YzNS 2611:d=9 hl=2 l= 2 prim: IA5STRING :ca
eWRXNW5JRVp2ZFc1MFlXbHVJRU5CTUI0WERURTNNRGt3TlRBeE1USTBOVm9Y 2615:d=7 hl=2 l= 25 cons: SET
RFRFNU1Ea3dOVEF4TVRJME5Wb3dRekVTTUJBR0NnbVNKb21UOGl4a0FSa1dB 2617:d=8 hl=2 l= 23 cons: SEQUENCE
bU5oTVJrd0Z3WUtDWkltaVpQeUxHUUJHUllKYzJGdVpHVnNiV0Z1TVJJd0VB 2619:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
WURWUVFEREFsc2IyTmhiR2h2YzNRd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtq 2631:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
T1BRTUJCd05DQUFRMVpBN053MHhTTS9RMnUxOTRGelFNa3RaOTR3YUFJVjBp 2642:d=7 hl=2 l= 64 cons: SET
L29WVFBnT0o4elc2TXdGNXorRHBiOC9wdWhPYkpNWjBVNkgvd2ZBcFI2c3Zs 2644:d=8 hl=2 l= 62 cons: SEQUENCE
dW1kNHJ5eW93MHdDekFKQmdOVkhSTUVBakFBTUFvR0NDcUdTTTQ5QkFNREEy 2646:d=9 hl=2 l= 3 prim: OBJECT :commonName
a0FNR1lDTVFDMy9pVFFKM2V2WVljZ2JYaGJtenJwNjR0M1FDNnFqSWVZMmpr 2651:d=9 hl=2 l= 55 prim: UTF8STRING :#<SystemVariable:0x00000
RHgwNjJudU5pZlZLdHlhYXJhM0YzMEFJa0tTRUNNUURpMjllZmJUTGJkdERr 2708:d=6 hl=2 l= 30 cons: SEQUENCE
M3RlY1kvckQ3Vjc3WGFKNm5ZQ21kRENSNTRUclNGTkxneHZ0MWx5Rk0rMGZZ 2710:d=7 hl=2 l= 13 prim: UTCTIME :171107234528Z
cFlSYzNvPSJ9faCCAjYwggIyMIIBt6ADAgECAgEMMAoGCCqGSM49BAMCME0x 2725:d=7 hl=2 l= 13 prim: UTCTIME :191107234528Z
EjAQBgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkARkWCXNhbmRlbG1h 2740:d=6 hl=2 l= 67 cons: SEQUENCE
bjEcMBoGA1UEAwwTVW5zdHJ1bmcgSGlnaHdheSBDQTAgFw0xNzEwMTIxMzUy 2742:d=7 hl=2 l= 18 cons: SET
NTJaGA8yOTk5MTIzMTAwMDAwMFowSzESMBAGCgmSJomT8ixkARkWAmNhMRkw 2744:d=8 hl=2 l= 16 cons: SEQUENCE
FwYKCZImiZPyLGQBGRYJc2FuZGVsbWFuMRowGAYDVQQDDBEwMC1EMC1FNS1G 2746:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
Mi0wMC0wMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEmnmLR1TVpSdHa7 2758:d=9 hl=2 l= 2 prim: IA5STRING :ca
zAxHCCQ26k1s0zubWfSaP7QolmNw8iogP62s+NNKhu24h2lE98ZnyFT+chS9 2762:d=7 hl=2 l= 25 cons: SET
6rDKhgjwE9ujgYcwgYQwHQYDVR0OBBYEFB0xFmG2EVCbPPoTthVfOQvtdkMq 2764:d=8 hl=2 l= 23 cons: SEQUENCE
MAkGA1UdEwQCMAAwKwYDVR0RBCQwIqAgBgkrBgEEAYLuUgGgEwwRMDAtRDAt 2766:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
RTUtRjItMDAtMDIwKwYJKwYBBAGC7lICBB4MHGh0dHBzOi8vaGlnaHdheS5z 2778:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
YW5kZWxtYW4uY2EwCgYIKoZIzj0EAwIDaQAwZgIxAOEnU355qdbVT97mqgxI 2789:d=7 hl=2 l= 18 cons: SET
a9S9YdHu6JzxwluHu9fLnzScGzxuk2frST/4jO8RR60zMgIxAKvW7G91h4qr 2791:d=8 hl=2 l= 16 cons: SEQUENCE
uZtFcJHhkImzDrt8nuPJdlsJRKKv7fAFPb6VaCDM8NGBgHkAFvuwDDGCAaYw 2793:d=9 hl=2 l= 3 prim: OBJECT :commonName
ggGiAgEBMFIwTTESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZImiZPyLGQB 2798:d=9 hl=2 l= 9 prim: UTF8STRING :localhost
GRYJc2FuZGVsbWFuMRwwGgYDVQQDDBNVbnN0cnVuZyBIaWdod2F5IENBAgEM 2809:d=6 hl=2 l= 89 cons: SEQUENCE
MA0GCWCGSAFlAwQCAQUAoIHkMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw 2811:d=7 hl=2 l= 19 cons: SEQUENCE
HAYJKoZIhvcNAQkFMQ8XDTE3MTAxMjEzNTgyM1owLwYJKoZIhvcNAQkEMSIE 2813:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
IP59cuKVAPkKOOlQIaIV/W1AsWKbmVmBd9wFSuD5yLafMHkGCSqGSIb3DQEJ 2822:d=8 hl=2 l= 8 prim: OBJECT :prime256v1
DzFsMGowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIw 2832:d=7 hl=2 l= 66 prim: BIT STRING
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcG 2900:d=6 hl=2 l= 13 cons: cont [ 3 ]
BSsOAwIHMA0GCCqGSIb3DQMCAgEoMAoGCCqGSM49BAMCBEcwRQIgEMg1dJL7 2902:d=7 hl=2 l= 11 cons: SEQUENCE
FcdtrVDx8qCazoe9+22Nz4ZwRB9gATGL7MMCIQDjssUlZzJqp2/kCd4WhxUh 2904:d=8 hl=2 l= 9 cons: SEQUENCE
saCpTFwPrnNew5wCkYUF8Q=="}} 2906:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
2685:d=3 hl=4 l= 434 cons: cont [ 0 ] 2911:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
2689:d=4 hl=4 l= 430 cons: SEQUENCE 2915:d=5 hl=2 l= 10 cons: SEQUENCE
2693:d=5 hl=4 l= 307 cons: SEQUENCE 2917:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA384
2697:d=6 hl=2 l= 3 cons: cont [ 0 ] 2927:d=5 hl=2 l= 105 prim: BIT STRING
2699:d=7 hl=2 l= 1 prim: INTEGER :02 3034:d=4 hl=4 l= 617 cons: SEQUENCE
2702:d=6 hl=2 l= 1 prim: INTEGER :03 3038:d=5 hl=4 l= 495 cons: SEQUENCE
2705:d=6 hl=2 l= 10 cons: SEQUENCE 3042:d=6 hl=2 l= 3 cons: cont [ 0 ]
2707:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-S 3044:d=7 hl=2 l= 1 prim: INTEGER :02
HA384 3047:d=6 hl=2 l= 1 prim: INTEGER :03
2717:d=6 hl=2 l= 78 cons: SEQUENCE 3050:d=6 hl=2 l= 10 cons: SEQUENCE
2719:d=7 hl=2 l= 18 cons: SET 3052:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
2721:d=8 hl=2 l= 16 cons: SEQUENCE 3062:d=6 hl=2 l= 109 cons: SEQUENCE
2723:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 3064:d=7 hl=2 l= 18 cons: SET
ent 3066:d=8 hl=2 l= 16 cons: SEQUENCE
2735:d=9 hl=2 l= 2 prim: IA5STRING :ca 3068:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
2739:d=7 hl=2 l= 25 cons: SET 3080:d=9 hl=2 l= 2 prim: IA5STRING :ca
2741:d=8 hl=2 l= 23 cons: SEQUENCE 3084:d=7 hl=2 l= 25 cons: SET
2743:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 3086:d=8 hl=2 l= 23 cons: SEQUENCE
ent 3088:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
2755:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 3100:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
2766:d=7 hl=2 l= 29 cons: SET 3111:d=7 hl=2 l= 60 cons: SET
2768:d=8 hl=2 l= 27 cons: SEQUENCE 3113:d=8 hl=2 l= 58 cons: SEQUENCE
2770:d=9 hl=2 l= 3 prim: OBJECT :commonName 3115:d=9 hl=2 l= 3 prim: OBJECT :commonName
2775:d=9 hl=2 l= 20 prim: UTF8STRING :Unstrung Fou 3120:d=9 hl=2 l= 51 prim: UTF8STRING :fountain-test.example.co
ntain CA 3173:d=6 hl=2 l= 30 cons: SEQUENCE
2797:d=6 hl=2 l= 30 cons: SEQUENCE 3175:d=7 hl=2 l= 13 prim: UTCTIME :190113225444Z
2799:d=7 hl=2 l= 13 prim: UTCTIME :170905011245 3190:d=7 hl=2 l= 13 prim: UTCTIME :210112225444Z
Z 3205:d=6 hl=2 l= 109 cons: SEQUENCE
2814:d=7 hl=2 l= 13 prim: UTCTIME :190905011245 3207:d=7 hl=2 l= 18 cons: SET
Z 3209:d=8 hl=2 l= 16 cons: SEQUENCE
2829:d=6 hl=2 l= 67 cons: SEQUENCE 3211:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
2831:d=7 hl=2 l= 18 cons: SET 3223:d=9 hl=2 l= 2 prim: IA5STRING :ca
2833:d=8 hl=2 l= 16 cons: SEQUENCE 3227:d=7 hl=2 l= 25 cons: SET
2835:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 3229:d=8 hl=2 l= 23 cons: SEQUENCE
ent 3231:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
2847:d=9 hl=2 l= 2 prim: IA5STRING :ca 3243:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
2851:d=7 hl=2 l= 25 cons: SET 3254:d=7 hl=2 l= 60 cons: SET
2853:d=8 hl=2 l= 23 cons: SEQUENCE 3256:d=8 hl=2 l= 58 cons: SEQUENCE
2855:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 3258:d=9 hl=2 l= 3 prim: OBJECT :commonName
ent 3263:d=9 hl=2 l= 51 prim: UTF8STRING :fountain-test.example.co
2867:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 3316:d=6 hl=2 l= 118 cons: SEQUENCE
2878:d=7 hl=2 l= 18 cons: SET 3318:d=7 hl=2 l= 16 cons: SEQUENCE
2880:d=8 hl=2 l= 16 cons: SEQUENCE 3320:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
2882:d=9 hl=2 l= 3 prim: OBJECT :commonName 3329:d=8 hl=2 l= 5 prim: OBJECT :secp384r1
2887:d=9 hl=2 l= 9 prim: UTF8STRING :localhost 3336:d=7 hl=2 l= 98 prim: BIT STRING
2898:d=6 hl=2 l= 89 cons: SEQUENCE 3436:d=6 hl=2 l= 99 cons: cont [ 3 ]
2900:d=7 hl=2 l= 19 cons: SEQUENCE 3438:d=7 hl=2 l= 97 cons: SEQUENCE
2902:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicK 3440:d=8 hl=2 l= 15 cons: SEQUENCE
ey 3442:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
2911:d=8 hl=2 l= 8 prim: OBJECT :prime256v1 3447:d=9 hl=2 l= 1 prim: BOOLEAN :255
2921:d=7 hl=2 l= 66 prim: BIT STRING 3450:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF
2989:d=6 hl=2 l= 13 cons: cont [ 3 ] 3457:d=8 hl=2 l= 14 cons: SEQUENCE
2991:d=7 hl=2 l= 11 cons: SEQUENCE 3459:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
2993:d=8 hl=2 l= 9 cons: SEQUENCE 3464:d=9 hl=2 l= 1 prim: BOOLEAN :255
2995:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic 3467:d=9 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020106
Constraints 3473:d=8 hl=2 l= 29 cons: SEQUENCE
3000:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:30 3475:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Ident
00 3480:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414B9A5F6CB11
3004:d=5 hl=2 l= 10 cons: SEQUENCE 3504:d=8 hl=2 l= 31 cons: SEQUENCE
3006:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-S 3506:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Ide
HA384 3511:d=9 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014B9A5F6
3016:d=5 hl=2 l= 105 prim: BIT STRING 3537:d=5 hl=2 l= 10 cons: SEQUENCE
3123:d=3 hl=4 l= 423 cons: SET 3539:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
3127:d=4 hl=4 l= 419 cons: SEQUENCE 3549:d=5 hl=2 l= 104 prim: BIT STRING
3131:d=5 hl=2 l= 1 prim: INTEGER :01 3655:d=3 hl=4 l= 332 cons: SET
3134:d=5 hl=2 l= 83 cons: SEQUENCE 3659:d=4 hl=4 l= 328 cons: SEQUENCE
3136:d=6 hl=2 l= 78 cons: SEQUENCE 3663:d=5 hl=2 l= 1 prim: INTEGER :01
3138:d=7 hl=2 l= 18 cons: SET 3666:d=5 hl=2 l= 118 cons: SEQUENCE
3140:d=8 hl=2 l= 16 cons: SEQUENCE 3668:d=6 hl=2 l= 113 cons: SEQUENCE
3142:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 3670:d=7 hl=2 l= 18 cons: SET
ent 3672:d=8 hl=2 l= 16 cons: SEQUENCE
3154:d=9 hl=2 l= 2 prim: IA5STRING :ca 3674:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3158:d=7 hl=2 l= 25 cons: SET 3686:d=9 hl=2 l= 2 prim: IA5STRING :ca
3160:d=8 hl=2 l= 23 cons: SEQUENCE 3690:d=7 hl=2 l= 25 cons: SET
3162:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 3692:d=8 hl=2 l= 23 cons: SEQUENCE
ent 3694:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3174:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 3706:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
3185:d=7 hl=2 l= 29 cons: SET 3717:d=7 hl=2 l= 64 cons: SET
3187:d=8 hl=2 l= 27 cons: SEQUENCE 3719:d=8 hl=2 l= 62 cons: SEQUENCE
3189:d=9 hl=2 l= 3 prim: OBJECT :commonName 3721:d=9 hl=2 l= 3 prim: OBJECT :commonName
3194:d=9 hl=2 l= 20 prim: UTF8STRING :Unstrung Fou 3726:d=9 hl=2 l= 55 prim: UTF8STRING :#<SystemVariable:0x00000
ntain CA 3783:d=6 hl=2 l= 1 prim: INTEGER :02
3216:d=6 hl=2 l= 1 prim: INTEGER :03 3786:d=5 hl=2 l= 11 cons: SEQUENCE
3219:d=5 hl=2 l= 13 cons: SEQUENCE 3788:d=6 hl=2 l= 9 prim: OBJECT :sha256
3221:d=6 hl=2 l= 9 prim: OBJECT :sha256 3799:d=5 hl=2 l= 105 cons: cont [ 0 ]
3232:d=6 hl=2 l= 0 prim: NULL 3801:d=6 hl=2 l= 24 cons: SEQUENCE
3234:d=5 hl=3 l= 228 cons: cont [ 0 ] 3803:d=7 hl=2 l= 9 prim: OBJECT :contentType
3237:d=6 hl=2 l= 24 cons: SEQUENCE 3814:d=7 hl=2 l= 11 cons: SET
3239:d=7 hl=2 l= 9 prim: OBJECT :contentType 3816:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
3250:d=7 hl=2 l= 11 cons: SET 3827:d=6 hl=2 l= 28 cons: SEQUENCE
3252:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data 3829:d=7 hl=2 l= 9 prim: OBJECT :signingTime
3263:d=6 hl=2 l= 28 cons: SEQUENCE 3840:d=7 hl=2 l= 15 cons: SET
3265:d=7 hl=2 l= 9 prim: OBJECT :signingTime 3842:d=8 hl=2 l= 13 prim: UTCTIME :190515212555Z
3276:d=7 hl=2 l= 15 cons: SET 3857:d=6 hl=2 l= 47 cons: SEQUENCE
3278:d=8 hl=2 l= 13 prim: UTCTIME :171026013618 3859:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
Z 3870:d=7 hl=2 l= 34 cons: SET
3293:d=6 hl=2 l= 47 cons: SEQUENCE 3872:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:50508CC996CD93
3295:d=7 hl=2 l= 9 prim: OBJECT :messageDiges 3906:d=5 hl=2 l= 10 cons: SEQUENCE
t 3908:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
3306:d=7 hl=2 l= 34 cons: SET 3918:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:3045022006D85B
3308:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:44
0133BDCF6733E8EED13D323F2042F69A61E3103ACC65002696FC77A702A3
70
3342:d=6 hl=2 l= 121 cons: SEQUENCE
3344:d=7 hl=2 l= 9 prim: OBJECT :S/MIME Capab
ilities
3355:d=7 hl=2 l= 108 cons: SET
3357:d=8 hl=2 l= 106 cons: SEQUENCE
3359:d=9 hl=2 l= 11 cons: SEQUENCE
3361:d=10 hl=2 l= 9 prim: OBJECT :aes-256-cbc
3372:d=9 hl=2 l= 11 cons: SEQUENCE
3374:d=10 hl=2 l= 9 prim: OBJECT :aes-192-cbc
3385:d=9 hl=2 l= 11 cons: SEQUENCE
3387:d=10 hl=2 l= 9 prim: OBJECT :aes-128-cbc
3398:d=9 hl=2 l= 10 cons: SEQUENCE
3400:d=10 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
3410:d=9 hl=2 l= 14 cons: SEQUENCE
3412:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
3422:d=10 hl=2 l= 2 prim: INTEGER :80
3426:d=9 hl=2 l= 13 cons: SEQUENCE
3428:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
3438:d=10 hl=2 l= 1 prim: INTEGER :40
3441:d=9 hl=2 l= 7 cons: SEQUENCE
3443:d=10 hl=2 l= 5 prim: OBJECT :des-cbc
3450:d=9 hl=2 l= 13 cons: SEQUENCE
3452:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
3462:d=10 hl=2 l= 1 prim: INTEGER :28
3465:d=5 hl=2 l= 10 cons: SEQUENCE
3467:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-S
HA256
3477:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:30
4502200DDA79B8F52530AA7B1854000FBCA9020A85BFCABE2A426DE9CDCE
EE2569548F02210083D6EF019318A9BE2830BC80E659F8E561D27172FA33
3637DFAB98F750783B46
D.2.3. MASA to Registrar D.2.3. MASA to Registrar
The MASA will return a voucher to the registrar, to be relayed to the The MASA will return a voucher to the registrar, to be relayed to the
pledge. pledge.
MIIG3AYJKoZIhvcNAQcCoIIGzTCCBskCAQExDzANBglghkgBZQMEAgEFADCC -----BEGIN CMS-----
AxAGCSqGSIb3DQEHAaCCAwEEggL9eyJpZXRmLXZvdWNoZXI6dm91Y2hlciI6 MIIGsgYJKoZIhvcNAQcCoIIGozCCBp8CAQExDTALBglghkgBZQMEAgEwggNABgkq
eyJhc3NlcnRpb24iOiJsb2dnZWQiLCJjcmVhdGVkLW9uIjoiMjAxNy0xMC0x hkiG9w0BBwGgggMxBIIDLXsiaWV0Zi12b3VjaGVyOnZvdWNoZXIiOnsiYXNzZXJ0
MlQxMzo1NDozMS40MzktMDQ6MDAiLCJzZXJpYWwtbnVtYmVyIjoiMDAtRDAt aW9uIjoibG9nZ2VkIiwiY3JlYXRlZC1vbiI6IjIwMTktMDUtMTZUMDI6NTE6NDIu
RTUtRjItMDAtMDIiLCJub25jZSI6IkRzczk5c0JyM3BOTU9BQ2UtTFlZN3ci Njk3KzAwOjAwIiwic2VyaWFsLW51bWJlciI6IjAwLWQwLWU1LTAyLTAwLTJkIiwi
LCJwaW5uZWQtZG9tYWluLWNlcnQiOiJNSUlCcmpDQ0FUT2dBd0lCQWdJQkF6 bm9uY2UiOiJHWmUtT2pvZXJwS0VNNFNNN1N6UzlnIiwicGlubmVkLWRvbWFpbi1j
QUtCZ2dxaGtqT1BRUURBekJPTVJJd0VBWUtDWkltaVpQeUxHUUJHUllDWTJF ZXJ0IjoiTUlJQjBUQ0NBVmFnQXdJQkFnSUJBakFLQmdncWhrak9QUVFEQXpCeE1S
eEdUQVhCZ29Ka2lhSmsvSXNaQUVaRmdsellXNWtaV3h0WVc0eEhUQWJCZ05W SXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhHVEFYQmdvSmtpYUprL0lzWkFFWkZn
QkFNTUZGVnVjM1J5ZFc1bklFWnZkVzUwWVdsdUlFTkJNQjRYRFRFM01Ea3dO bHpZVzVrWld4dFlXNHhRREErQmdOVkJBTU1OeU04VTNsemRHVnRWbUZ5YVdGaWJH
VEF4TVRJME5Wb1hEVEU1TURrd05UQXhNVEkwTlZvd1F6RVNNQkFHQ2dtU0pv VTZNSGd3TURBd01EQXdOR1k1TVRGaE1ENGdWVzV6ZEhKMWJtY2dSbTkxYm5SaGFX
bVQ4aXhrQVJrV0FtTmhNUmt3RndZS0NaSW1pWlB5TEdRQkdSWUpjMkZ1WkdW NGdRMEV3SGhjTk1UY3hNVEEzTWpNME5USTRXaGNOTVRreE1UQTNNak0wTlRJNFdq
c2JXRnVNUkl3RUFZRFZRUUREQWxzYjJOaGJHaHZjM1F3V1RBVEJnY3Foa2pP QkRNUkl3RUFZS0NaSW1pWlB5TEdRQkdSWUNZMkV4R1RBWEJnb0praWFKay9Jc1pB
UFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVExWkE3TncweFNNL1EydTE5NEZ6UU1r RVpGZ2x6WVc1a1pXeHRZVzR4RWpBUUJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERCWk1C
dFo5NHdhQUlWMGkvb1ZUUGdPSjh6VzZNd0Y1eitEcGI4L3B1aE9iSk1aMFU2 TUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkpabFVISTB1cC9sM2VaZjl2
SC93ZkFwUjZzdmx1bWQ0cnl5b3cwd0N6QUpCZ05WSFJNRUFqQUFNQW9HQ0Nx Q0JiK2xJbm9FTUVnYzdSbytYWkN0akFJMENEMWZKZkpSL2hJeXlEbUhXeVlpTkZi
R1NNNDlCQU1EQTJrQU1HWUNNUUMzL2lUUUozZXZZWWNnYlhoYm16cnA2NHQz UkNIOWZ5YXJma3pnWDRwMHpUaXpxakRUQUxNQWtHQTFVZEV3UUNNQUF3Q2dZSUtv
UUM2cWpJZVkyamtEeDA2Mm51TmlmVkt0eWFhcmEzRjMwQUlrS1NFQ01RRGky Wkl6ajBFQXdNRGFRQXdaZ0l4QUxRTU51cmY4dHY1MGxST0Q1RFFYSEVPSkpOVzNR
OWVmYlRMYmR0RGszdGVjWS9yRDdWNzdYYUo2bllDbWREQ1I1NFRyU0ZOTGd4 VjJnOVFFZERTazJNWStBb1NyQlNtR1NOamg0b2xFT2hFdUxnSXhBSjRuV2ZOdytC
dnQxbHlGTSswZllwWVJjM289In19oIIB0zCCAc8wggFWoAMCAQICAQEwCgYI amJabUtpSWlVRWNUd0hNaEdWWGFNSFkvRjduMzl3d0tjQkJTT25kTlBxQ3BPRUxs
KoZIzj0EAwIwTTESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZImiZPyLGQB NmJxM0NacVE9PSJ9faCCAfUwggHxMIIBeKADAgECAgQjzIkTMAoGCCqGSM49BAMC
GRYJc2FuZGVsbWFuMRwwGgYDVQQDDBNVbnN0cnVuZyBIaWdod2F5IENBMB4X ME0xEjAQBgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkARkWCXNhbmRlbG1h
DTE3MDMyNjE2MTk0MFoXDTE5MDMyNjE2MTk0MFowRzESMBAGCgmSJomT8ixk bjEcMBoGA1UEAwwTVW5zdHJ1bmcgSGlnaHdheSBDQTAeFw0xOTA0MjMyMzIxMDda
ARkWAmNhMRkwFwYKCZImiZPyLGQBGRYJc2FuZGVsbWFuMRYwFAYDVQQDDA1V Fw0xOTA1MjQwOTIxMDdaMGYxDzANBgNVBAYTBkNhbmFkYTESMBAGA1UECgwJU2Fu
bnN0cnVuZyBNQVNBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE2QB90W9hbyCT ZGVsbWFuMRMwEQYDVQQLDApob25leWR1a2VzMSowKAYDVQQDDCFtYXNhLmhvbmV5
p7bPr17llt+aH8jWwh84wMzotpFmRRNQcrqyiJjXDTBRoqxp0VyFxqlgn8OS ZHVrZXMuc2FuZGVsbWFuLmNhIE1BU0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQ1
AoCfArjN71ebcvW3+ylJTpHo8077/uT1fvnpZD/R0PN76kwMLNlsFk8SoxAw /2UdVp8zVmgADoBNql7LcPlJsEaaVAogYEqABikNOkoTO3oPjIQfNBxtGfRFzBXx
DjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA2cAMGQCMBm9KMjNHaD+rd/y gihzkTH58r8SW1L/Mej8AFqhB4SZyyjmWURdzD71Ju0M+tRritWf7T+QGaE+fcWj
0jy+Tg7mrRMDGIe1hjviGExwvCuxMhwTpgmEXik9vhoVfwi1swIwTculDCU7 EDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDZwAwZAIwOMlNOMNYEZo4yLW4
dbbMSbCanTD1CBY/uMGYNQDiG/yaAOjO6996cC0E6x0cRM1TBn1jpGFMMYIB iRltDL8uirmjMdtVmmVYzqYHSindjP0a3pXQkQZ5LLARoSRWAjBTxsnv6ya5HpZI
xjCCAcICAQEwUjBNMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/Is IWcspDPZGlOSDPm7nuRJSDkgWqevxLI4+9nmIhsfMBsDvz1DJhAxggFMMIIBSAIB
ZAEZFglzYW5kZWxtYW4xHDAaBgNVBAMME1Vuc3RydW5nIEhpZ2h3YXkgQ0EC ATBVME0xEjAQBgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkARkWCXNhbmRl
AQEwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH bG1hbjEcMBoGA1UEAwwTVW5zdHJ1bmcgSGlnaHdheSBDQQIEI8yJEzALBglghkgB
ATAcBgkqhkiG9w0BCQUxDxcNMTcxMDEyMTc1NDMxWjAvBgkqhkiG9w0BCQQx ZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP
IgQgQXnG628cIW8MoYfB1ljDDlLlJQlxED2tnjcvkLEfix0weQYJKoZIhvcN Fw0xOTA1MTYwMjUxNDJaMC8GCSqGSIb3DQEJBDEiBCCYRh4i21QjEjEk8leRLSVA
AQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQB x/EVY5g1bM40QM21oR4c2DAKBggqhkjOPQQDAgRoMGYCMQCYYOiSbIlED4nAN0iL
AjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAw e4S8ixWAZ9SXpGv77bB/G4fTTVTN35mnAeYBfeNfhC6/kOECMQDqlkCmwQJQDdEL
BwYFKw4DAgcwDQYIKoZIhvcNAwICASgwCgYIKoZIzj0EAwIEZzBlAjEAhzid asj1ISinJ/FnZjjgOMz9MXOmGNGIfw9v2VBb9mVyhsOSMcqlVig=
/AkNjttpSP1rflNppdHsi324Z2+TXJxueewnJ8z/2NXb+Tf3DsThv7du00Oz -----END CMS-----
AjBjyOnmkkSKHsPR2JluA5c6wovuPEnNKP32daGGeFKGEHMkTInbrqipC881
/5K9Q+k=
file: examples/voucher_00-D0-E5-F2-00-02.pkcs file: examples/voucher_00-D0-E5-02-00-2D.pkcs
The ASN1 decoding of the artifact: The ASN1 decoding of the artifact:
0:d=0 hl=4 l=1756 cons: SEQUENCE 0:d=0 hl=4 l=1714 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signed 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
Data 15:d=1 hl=4 l=1699 cons: cont [ 0 ]
15:d=1 hl=4 l=1741 cons: cont [ 0 ] 19:d=2 hl=4 l=1695 cons: SEQUENCE
19:d=2 hl=4 l=1737 cons: SEQUENCE 23:d=3 hl=2 l= 1 prim: INTEGER :01
23:d=3 hl=2 l= 1 prim: INTEGER :01 26:d=3 hl=2 l= 13 cons: SET
26:d=3 hl=2 l= 15 cons: SET 28:d=4 hl=2 l= 11 cons: SEQUENCE
28:d=4 hl=2 l= 13 cons: SEQUENCE 30:d=5 hl=2 l= 9 prim: OBJECT :sha256
30:d=5 hl=2 l= 9 prim: OBJECT :sha256 41:d=3 hl=4 l= 832 cons: SEQUENCE
41:d=5 hl=2 l= 0 prim: NULL 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
43:d=3 hl=4 l= 784 cons: SEQUENCE 56:d=4 hl=4 l= 817 cons: cont [ 0 ]
47:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 60:d=5 hl=4 l= 813 prim: OCTET STRING :{"ietf-voucher:voucher":
58:d=4 hl=4 l= 769 cons: cont [ 0 ] 877:d=3 hl=4 l= 501 cons: cont [ 0 ]
62:d=5 hl=4 l= 765 prim: OCTET STRING :{"ietf-vouch 881:d=4 hl=4 l= 497 cons: SEQUENCE
er:voucher":{"assertion":"logged","created-on":"2017-10-12T1 885:d=5 hl=4 l= 376 cons: SEQUENCE
3:54:31.439-04:00","serial-number":"00-D0-E5-F2-00-02","nonc 889:d=6 hl=2 l= 3 cons: cont [ 0 ]
e":"Dss99sBr3pNMOACe-LYY7w","pinned-domain-cert":"MIIBrjCCAT 891:d=7 hl=2 l= 1 prim: INTEGER :02
OgAwIBAgIBAzAKBggqhkjOPQQDAzBOMRIwEAYKCZImiZPyLGQBGRYCY2ExGT 894:d=6 hl=2 l= 4 prim: INTEGER :23CC8913
AXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xHTAbBgNVBAMMFFVuc3RydW5nIE 900:d=6 hl=2 l= 10 cons: SEQUENCE
ZvdW50YWluIENBMB4XDTE3MDkwNTAxMTI0NVoXDTE5MDkwNTAxMTI0NVowQz 902:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
ESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZImiZPyLGQBGRYJc2FuZGVsbW 912:d=6 hl=2 l= 77 cons: SEQUENCE
FuMRIwEAYDVQQDDAlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBw 914:d=7 hl=2 l= 18 cons: SET
NCAAQ1ZA7Nw0xSM/Q2u194FzQMktZ94waAIV0i/oVTPgOJ8zW6MwF5z+Dpb8 916:d=8 hl=2 l= 16 cons: SEQUENCE
/puhObJMZ0U6H/wfApR6svlumd4ryyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM 918:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
49BAMDA2kAMGYCMQC3/iTQJ3evYYcgbXhbmzrp64t3QC6qjIeY2jkDx062nu 930:d=9 hl=2 l= 2 prim: IA5STRING :ca
NifVKtyaara3F30AIkKSECMQDi29efbTLbdtDk3tecY/rD7V77XaJ6nYCmdD 934:d=7 hl=2 l= 25 cons: SET
CR54TrSFNLgxvt1lyFM+0fYpYRc3o="}} 936:d=8 hl=2 l= 23 cons: SEQUENCE
831:d=3 hl=4 l= 467 cons: cont [ 0 ] 938:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
835:d=4 hl=4 l= 463 cons: SEQUENCE 950:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
839:d=5 hl=4 l= 342 cons: SEQUENCE 961:d=7 hl=2 l= 28 cons: SET
843:d=6 hl=2 l= 3 cons: cont [ 0 ] 963:d=8 hl=2 l= 26 cons: SEQUENCE
845:d=7 hl=2 l= 1 prim: INTEGER :02 965:d=9 hl=2 l= 3 prim: OBJECT :commonName
848:d=6 hl=2 l= 1 prim: INTEGER :01 970:d=9 hl=2 l= 19 prim: UTF8STRING :Unstrung Highway CA
851:d=6 hl=2 l= 10 cons: SEQUENCE 991:d=6 hl=2 l= 30 cons: SEQUENCE
853:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-S 993:d=7 hl=2 l= 13 prim: UTCTIME :190423232107Z
HA256 1008:d=7 hl=2 l= 13 prim: UTCTIME :190524092107Z
863:d=6 hl=2 l= 77 cons: SEQUENCE 1023:d=6 hl=2 l= 102 cons: SEQUENCE
865:d=7 hl=2 l= 18 cons: SET 1025:d=7 hl=2 l= 15 cons: SET
867:d=8 hl=2 l= 16 cons: SEQUENCE 1027:d=8 hl=2 l= 13 cons: SEQUENCE
869:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 1029:d=9 hl=2 l= 3 prim: OBJECT :countryName
ent 1034:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada
881:d=9 hl=2 l= 2 prim: IA5STRING :ca 1042:d=7 hl=2 l= 18 cons: SET
885:d=7 hl=2 l= 25 cons: SET 1044:d=8 hl=2 l= 16 cons: SEQUENCE
887:d=8 hl=2 l= 23 cons: SEQUENCE 1046:d=9 hl=2 l= 3 prim: OBJECT :organizationName
889:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 1051:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman
ent 1062:d=7 hl=2 l= 19 cons: SET
901:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 1064:d=8 hl=2 l= 17 cons: SEQUENCE
912:d=7 hl=2 l= 28 cons: SET 1066:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
914:d=8 hl=2 l= 26 cons: SEQUENCE 1071:d=9 hl=2 l= 10 prim: UTF8STRING :honeydukes
916:d=9 hl=2 l= 3 prim: OBJECT :commonName 1083:d=7 hl=2 l= 42 cons: SET
921:d=9 hl=2 l= 19 prim: UTF8STRING :Unstrung Hig 1085:d=8 hl=2 l= 40 cons: SEQUENCE
1087:d=9 hl=2 l= 3 prim: OBJECT :commonName
hway CA 1092:d=9 hl=2 l= 33 prim: UTF8STRING :masa.honeydukes.sandelma
942:d=6 hl=2 l= 30 cons: SEQUENCE 1127:d=6 hl=2 l= 118 cons: SEQUENCE
944:d=7 hl=2 l= 13 prim: UTCTIME :170326161940 1129:d=7 hl=2 l= 16 cons: SEQUENCE
Z 1131:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
959:d=7 hl=2 l= 13 prim: UTCTIME :190326161940 1140:d=8 hl=2 l= 5 prim: OBJECT :secp384r1
Z 1147:d=7 hl=2 l= 98 prim: BIT STRING
974:d=6 hl=2 l= 71 cons: SEQUENCE 1247:d=6 hl=2 l= 16 cons: cont [ 3 ]
976:d=7 hl=2 l= 18 cons: SET 1249:d=7 hl=2 l= 14 cons: SEQUENCE
978:d=8 hl=2 l= 16 cons: SEQUENCE 1251:d=8 hl=2 l= 12 cons: SEQUENCE
980:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 1253:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
ent 1258:d=9 hl=2 l= 1 prim: BOOLEAN :255
992:d=9 hl=2 l= 2 prim: IA5STRING :ca 1261:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
996:d=7 hl=2 l= 25 cons: SET 1265:d=5 hl=2 l= 10 cons: SEQUENCE
998:d=8 hl=2 l= 23 cons: SEQUENCE 1267:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1000:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 1277:d=5 hl=2 l= 103 prim: BIT STRING
ent 1382:d=3 hl=4 l= 332 cons: SET
1012:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 1386:d=4 hl=4 l= 328 cons: SEQUENCE
1023:d=7 hl=2 l= 22 cons: SET 1390:d=5 hl=2 l= 1 prim: INTEGER :01
1025:d=8 hl=2 l= 20 cons: SEQUENCE 1393:d=5 hl=2 l= 85 cons: SEQUENCE
1027:d=9 hl=2 l= 3 prim: OBJECT :commonName 1395:d=6 hl=2 l= 77 cons: SEQUENCE
1032:d=9 hl=2 l= 13 prim: UTF8STRING :Unstrung MAS 1397:d=7 hl=2 l= 18 cons: SET
A 1399:d=8 hl=2 l= 16 cons: SEQUENCE
1047:d=6 hl=2 l= 118 cons: SEQUENCE 1401:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
1049:d=7 hl=2 l= 16 cons: SEQUENCE 1413:d=9 hl=2 l= 2 prim: IA5STRING :ca
1051:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicK 1417:d=7 hl=2 l= 25 cons: SET
ey 1419:d=8 hl=2 l= 23 cons: SEQUENCE
1060:d=8 hl=2 l= 5 prim: OBJECT :secp384r1 1421:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
1067:d=7 hl=2 l= 98 prim: BIT STRING 1433:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
1167:d=6 hl=2 l= 16 cons: cont [ 3 ] 1444:d=7 hl=2 l= 28 cons: SET
1169:d=7 hl=2 l= 14 cons: SEQUENCE 1446:d=8 hl=2 l= 26 cons: SEQUENCE
1171:d=8 hl=2 l= 12 cons: SEQUENCE 1448:d=9 hl=2 l= 3 prim: OBJECT :commonName
1173:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic 1453:d=9 hl=2 l= 19 prim: UTF8STRING :Unstrung Highway CA
Constraints 1474:d=6 hl=2 l= 4 prim: INTEGER :23CC8913
1178:d=9 hl=2 l= 1 prim: BOOLEAN :255 1480:d=5 hl=2 l= 11 cons: SEQUENCE
1181:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:30 1482:d=6 hl=2 l= 9 prim: OBJECT :sha256
00 1493:d=5 hl=2 l= 105 cons: cont [ 0 ]
1185:d=5 hl=2 l= 10 cons: SEQUENCE 1495:d=6 hl=2 l= 24 cons: SEQUENCE
1187:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-S 1497:d=7 hl=2 l= 9 prim: OBJECT :contentType
HA256 1508:d=7 hl=2 l= 11 cons: SET
1197:d=5 hl=2 l= 103 prim: BIT STRING 1510:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
1302:d=3 hl=4 l= 454 cons: SET 1521:d=6 hl=2 l= 28 cons: SEQUENCE
1306:d=4 hl=4 l= 450 cons: SEQUENCE 1523:d=7 hl=2 l= 9 prim: OBJECT :signingTime
1310:d=5 hl=2 l= 1 prim: INTEGER :01 1534:d=7 hl=2 l= 15 cons: SET
1313:d=5 hl=2 l= 82 cons: SEQUENCE 1536:d=8 hl=2 l= 13 prim: UTCTIME :190516025142Z
1315:d=6 hl=2 l= 77 cons: SEQUENCE 1551:d=6 hl=2 l= 47 cons: SEQUENCE
1317:d=7 hl=2 l= 18 cons: SET 1553:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
1319:d=8 hl=2 l= 16 cons: SEQUENCE 1564:d=7 hl=2 l= 34 cons: SET
1321:d=9 hl=2 l= 10 prim: OBJECT :domainCompon 1566:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:98461E22DB5423
1600:d=5 hl=2 l= 10 cons: SEQUENCE
ent 1602:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1333:d=9 hl=2 l= 2 prim: IA5STRING :ca 1612:d=5 hl=2 l= 104 prim: OCTET STRING [HEX DUMP]:30660231009860
1337:d=7 hl=2 l= 25 cons: SET
1339:d=8 hl=2 l= 23 cons: SEQUENCE
1341:d=9 hl=2 l= 10 prim: OBJECT :domainCompon
ent
1353:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
1364:d=7 hl=2 l= 28 cons: SET
1366:d=8 hl=2 l= 26 cons: SEQUENCE
1368:d=9 hl=2 l= 3 prim: OBJECT :commonName
1373:d=9 hl=2 l= 19 prim: UTF8STRING :Unstrung Hig
hway CA
1394:d=6 hl=2 l= 1 prim: INTEGER :01
1397:d=5 hl=2 l= 13 cons: SEQUENCE
1399:d=6 hl=2 l= 9 prim: OBJECT :sha256
1410:d=6 hl=2 l= 0 prim: NULL
1412:d=5 hl=3 l= 228 cons: cont [ 0 ]
1415:d=6 hl=2 l= 24 cons: SEQUENCE
1417:d=7 hl=2 l= 9 prim: OBJECT :contentType
1428:d=7 hl=2 l= 11 cons: SET
1430:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
1441:d=6 hl=2 l= 28 cons: SEQUENCE
1443:d=7 hl=2 l= 9 prim: OBJECT :signingTime
1454:d=7 hl=2 l= 15 cons: SET
1456:d=8 hl=2 l= 13 prim: UTCTIME :171012175431
Z
1471:d=6 hl=2 l= 47 cons: SEQUENCE
1473:d=7 hl=2 l= 9 prim: OBJECT :messageDiges
t
1484:d=7 hl=2 l= 34 cons: SET
1486:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:41
79C6EB6F1C216F0CA187C1D658C30E52E5250971103DAD9E372F90B11F8B
1D
1520:d=6 hl=2 l= 121 cons: SEQUENCE
1522:d=7 hl=2 l= 9 prim: OBJECT :S/MIME Capab
ilities
1533:d=7 hl=2 l= 108 cons: SET
1535:d=8 hl=2 l= 106 cons: SEQUENCE
1537:d=9 hl=2 l= 11 cons: SEQUENCE
1539:d=10 hl=2 l= 9 prim: OBJECT :aes-256-cbc
1550:d=9 hl=2 l= 11 cons: SEQUENCE
1552:d=10 hl=2 l= 9 prim: OBJECT :aes-192-cbc
1563:d=9 hl=2 l= 11 cons: SEQUENCE
1565:d=10 hl=2 l= 9 prim: OBJECT :aes-128-cbc
1576:d=9 hl=2 l= 10 cons: SEQUENCE
1578:d=10 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
1588:d=9 hl=2 l= 14 cons: SEQUENCE
1590:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
1600:d=10 hl=2 l= 2 prim: INTEGER :80
1604:d=9 hl=2 l= 13 cons: SEQUENCE
1606:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
1616:d=10 hl=2 l= 1 prim: INTEGER :40
1619:d=9 hl=2 l= 7 cons: SEQUENCE
1621:d=10 hl=2 l= 5 prim: OBJECT :des-cbc
1628:d=9 hl=2 l= 13 cons: SEQUENCE
1630:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
1640:d=10 hl=2 l= 1 prim: INTEGER :28
1643:d=5 hl=2 l= 10 cons: SEQUENCE
1645:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-S
HA256
1655:d=5 hl=2 l= 103 prim: OCTET STRING [HEX DUMP]:30
6502310087389DFC090D8EDB6948FD6B7E5369A5D1EC8B7DB8676F935C9C
6E79EC2727CCFFD8D5DBF937F70EC4E1BFB76ED343B3023063C8E9E69244
8A1EC3D1D8996E03973AC28BEE3C49CD28FDF675A1867852861073244C89
DBAEA8A90BCF35FF92BD43E9
Authors' Addresses Authors' Addresses
Max Pritikin Max Pritikin
Cisco Cisco
Email: pritikin@cisco.com Email: pritikin@cisco.com
Michael C. Richardson Michael C. Richardson
Sandelman Software Works Sandelman Software Works
skipping to change at page 100, line 45 skipping to change at page 96, line 30
Michael H. Behringer Michael H. Behringer
Email: Michael.H.Behringer@gmail.com Email: Michael.H.Behringer@gmail.com
Steinthor Bjarnason Steinthor Bjarnason
Arbor Networks Arbor Networks
Email: sbjarnason@arbor.net Email: sbjarnason@arbor.net
Kent Watsen Kent Watsen
Juniper Networks Watsen Networks
Email: kwatsen@juniper.net Email: kent+ietf@watsen.net
 End of changes. 21 change blocks. 
736 lines changed or deleted 551 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/