draft-ietf-anima-bootstrapping-keyinfra-34.txt   draft-ietf-anima-bootstrapping-keyinfra-35.txt 
ANIMA WG M. Pritikin ANIMA WG M. Pritikin
Internet-Draft Cisco Internet-Draft Cisco
Intended status: Standards Track M. Richardson Intended status: Standards Track M. Richardson
Expires: 6 July 2020 Sandelman Expires: 8 August 2020 Sandelman
T.T.E. Eckert T.T.E. Eckert
Futurewei USA Futurewei USA
M.H. Behringer M.H. Behringer
K.W. Watsen K.W. Watsen
Watsen Networks Watsen Networks
3 January 2020 5 February 2020
Bootstrapping Remote Secure Key Infrastructures (BRSKI) Bootstrapping Remote Secure Key Infrastructures (BRSKI)
draft-ietf-anima-bootstrapping-keyinfra-34 draft-ietf-anima-bootstrapping-keyinfra-35
Abstract Abstract
This document specifies automated bootstrapping of an Autonomic This document specifies automated bootstrapping of an Autonomic
Control Plane. To do this a Secure Key Infrastructure is Control Plane. To do this a Secure Key Infrastructure is
bootstrapped. This is done using manufacturer-installed X.509 bootstrapped. This is done using manufacturer-installed X.509
certificates, in combination with a manufacturer's authorizing certificates, in combination with a manufacturer's authorizing
service, both online and offline. We call this process the service, both online and offline. We call this process the
Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol. Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol.
Bootstrapping a new device can occur using a routable address and a Bootstrapping a new device can occur using a routable address and a
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 6 July 2020. This Internet-Draft will expire on 8 August 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 5, line 4 skipping to change at page 5, line 4
Appendix B. mDNS / DNSSD proxy discovery options . . . . . . . . 98 Appendix B. mDNS / DNSSD proxy discovery options . . . . . . . . 98
Appendix C. Example Vouchers . . . . . . . . . . . . . . . . . . 99 Appendix C. Example Vouchers . . . . . . . . . . . . . . . . . . 99
C.1. Keys involved . . . . . . . . . . . . . . . . . . . . . . 99 C.1. Keys involved . . . . . . . . . . . . . . . . . . . . . . 99
C.1.1. MASA key pair for voucher signatures . . . . . . . . 99 C.1.1. MASA key pair for voucher signatures . . . . . . . . 99
C.1.2. Manufacturer key pair for IDevID signatures . . . . . 100 C.1.2. Manufacturer key pair for IDevID signatures . . . . . 100
C.1.3. Registrar key pair . . . . . . . . . . . . . . . . . 100 C.1.3. Registrar key pair . . . . . . . . . . . . . . . . . 100
C.1.4. Pledge key pair . . . . . . . . . . . . . . . . . . . 102 C.1.4. Pledge key pair . . . . . . . . . . . . . . . . . . . 102
C.2. Example process . . . . . . . . . . . . . . . . . . . . . 104 C.2. Example process . . . . . . . . . . . . . . . . . . . . . 104
C.2.1. Pledge to Registrar . . . . . . . . . . . . . . . . . 105 C.2.1. Pledge to Registrar . . . . . . . . . . . . . . . . . 105
C.2.2. Registrar to MASA . . . . . . . . . . . . . . . . . . 108 C.2.2. Registrar to MASA . . . . . . . . . . . . . . . . . . 108
C.2.3. MASA to Registrar . . . . . . . . . . . . . . . . . . 113 C.2.3. MASA to Registrar . . . . . . . . . . . . . . . . . . 114
Appendix D. Additional References . . . . . . . . . . . . . . . 117 Appendix D. Additional References . . . . . . . . . . . . . . . 118
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 117 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 118
1. Introduction 1. Introduction
The Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol The Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol
provides a solution for secure zero-touch (automated) bootstrap of provides a solution for secure zero-touch (automated) bootstrap of
new (unconfigured) devices that are called pledges in this document. new (unconfigured) devices that are called pledges in this document.
Pledges have an IDevID installed in them at the factory. Pledges have an IDevID installed in them at the factory.
"BRSKI" is pronounced like "brewski", a colloquial term for beer in "BRSKI" is pronounced like "brewski", a colloquial term for beer in
Canada and parts of the US-midwest. [brewski] Canada and parts of the US-midwest. [brewski]
skipping to change at page 27, line 47 skipping to change at page 27, line 47
+---- last-renewal-date? yang:date-and-time +---- last-renewal-date? yang:date-and-time
+---- prior-signed-voucher-request? binary +---- prior-signed-voucher-request? binary
+---- proximity-registrar-cert? binary +---- proximity-registrar-cert? binary
Figure 5: YANG Tree diagram for Voucher-Request Figure 5: YANG Tree diagram for Voucher-Request
3.3. Examples 3.3. Examples
This section provides voucher-request examples for illustration This section provides voucher-request examples for illustration
purposes. These examples show the JSON prior to CMS wrapping. JSON purposes. These examples show the JSON prior to CMS wrapping. JSON
encoding rules specify that any binary content by base64 encoded encoding rules specify that any binary content be base64 encoded
([RFC4648] section 4). The contents of the certificate have been ([RFC4648] section 4). The contents of the (base64) encoded
elided to save space. For detailed examples, see Appendix C.2. certificates have been elided to save space. For detailed examples,
These examples conform to the encoding rules defined in [RFC7951]. see Appendix C.2. These examples conform to the encoding rules
defined in [RFC7951].
Example (1) The following example illustrates a pledge voucher- Example (1) The following example illustrates a pledge voucher-
request. The assertion leaf is indicated as 'proximity' request. The assertion leaf is indicated as 'proximity'
and the registrar's TLS server certificate is included and the registrar's TLS server certificate is included
in the 'proximity-registrar-cert' leaf. See in the 'proximity-registrar-cert' leaf. See
Section 5.2. Section 5.2.
{ {
"ietf-voucher-request:voucher": { "ietf-voucher-request:voucher": {
"assertion": "proximity", "assertion": "proximity",
skipping to change at page 95, line 16 skipping to change at page 95, line 16
operator-v2.0.pdf>. operator-v2.0.pdf>.
[docsisroot] [docsisroot]
"CableLabs Digital Certificate Issuance Service", February "CableLabs Digital Certificate Issuance Service", February
2018, <https://www.cablelabs.com/resources/digital- 2018, <https://www.cablelabs.com/resources/digital-
certificate-issuance-service/>. certificate-issuance-service/>.
[I-D.ietf-ace-coap-est] [I-D.ietf-ace-coap-est]
Stok, P., Kampanakis, P., Richardson, M., and S. Raza, Stok, P., Kampanakis, P., Richardson, M., and S. Raza,
"EST over secure CoAP (EST-coaps)", Work in Progress, "EST over secure CoAP (EST-coaps)", Work in Progress,
Internet-Draft, draft-ietf-ace-coap-est-17, 5 December Internet-Draft, draft-ietf-ace-coap-est-18, 6 January
2019, <http://www.ietf.org/internet-drafts/draft-ietf-ace- 2020, <http://www.ietf.org/internet-drafts/draft-ietf-ace-
coap-est-17.txt>. coap-est-18.txt>.
[I-D.ietf-anima-constrained-voucher] [I-D.ietf-anima-constrained-voucher]
Richardson, M., Stok, P., and P. Kampanakis, "Constrained Richardson, M., Stok, P., and P. Kampanakis, "Constrained
Voucher Artifacts for Bootstrapping Protocols", Work in Voucher Artifacts for Bootstrapping Protocols", Work in
Progress, Internet-Draft, draft-ietf-anima-constrained- Progress, Internet-Draft, draft-ietf-anima-constrained-
voucher-05, 8 July 2019, <http://www.ietf.org/internet- voucher-07, 15 January 2020, <http://www.ietf.org/
drafts/draft-ietf-anima-constrained-voucher-05.txt>. internet-drafts/draft-ietf-anima-constrained-voucher-
07.txt>.
[I-D.ietf-anima-reference-model] [I-D.ietf-anima-reference-model]
Behringer, M., Carpenter, B., Eckert, T., Ciavaglia, L., Behringer, M., Carpenter, B., Eckert, T., Ciavaglia, L.,
and J. Nobre, "A Reference Model for Autonomic and J. Nobre, "A Reference Model for Autonomic
Networking", Work in Progress, Internet-Draft, draft-ietf- Networking", Work in Progress, Internet-Draft, draft-ietf-
anima-reference-model-10, 22 November 2018, anima-reference-model-10, 22 November 2018,
<http://www.ietf.org/internet-drafts/draft-ietf-anima- <http://www.ietf.org/internet-drafts/draft-ietf-anima-
reference-model-10.txt>. reference-model-10.txt>.
[I-D.ietf-netconf-keystore] [I-D.ietf-netconf-keystore]
skipping to change at page 101, line 6 skipping to change at page 101, line 6
DuatEwMYh7WGO+IYTHC8K7EyHBOmCYReKT2+GhV/CLWzAjBNy6UMJTt1tsxJsJqd DuatEwMYh7WGO+IYTHC8K7EyHBOmCYReKT2+GhV/CLWzAjBNy6UMJTt1tsxJsJqd
MPUIFj+4wZg1AOIb/JoA6M7r33pwLQTrHRxEzVMGfWOkYUw= MPUIFj+4wZg1AOIb/JoA6M7r33pwLQTrHRxEzVMGfWOkYUw=
-----END CERTIFICATE----- -----END CERTIFICATE-----
C.1.3. Registrar key pair C.1.3. Registrar key pair
The registrar key (or chain) is the representative of the domain The registrar key (or chain) is the representative of the domain
owner. This key signs registrar voucher-requests: owner. This key signs registrar voucher-requests:
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MHcCAQEEIF+obiToYYYeMifPsZvrjWJ0yFsCJwIFhpokmT/TULmXoAoGCCqGSM49 MHcCAQEEIFZodk+PC5Mu24+ra0sbOjKzan+dW5rvDAR7YuJUOC1YoAoGCCqGSM49
AwEHoUQDQgAENWQOzcNMUjP0NrtfeBc0DJLWfeMGgCFdIv6FUz4DifM1ujMBec/g AwEHoUQDQgAElmVQcjS6n+Xd5l/28IFv6UiegQwSBztGj5dkK2MAjQIPV8l8lH+E
6W/P6boTmyTGdFOh/8HwKUerL5bpneK8sg== jLIOYdbJiI0VtEIf1/Jqt+TOBfinTNOLOg==
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----
The public key is indicated in a pledge voucher-request to show The public key is indicated in a pledge voucher-request to show
proximity. proximity.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBrjCCATOgAwIBAgIBAzAKBggqhkjOPQQDAzBOMRIwEAYKCZImiZPyLGQBGRYC MIIB0jCCAVmgAwIBAgIEMMOu0zAKBggqhkjOPQQDAjBUMRIwEAYKCZImiZPyLGQB
Y2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xHTAbBgNVBAMMFFVuc3RydW5n GRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xIzAhBgNVBAMMGiBVbnN0
IEZvdW50YWluIENBMB4XDTE3MDkwNTAxMTI0NVoXDTE5MDkwNTAxMTI0NVowQzES cnVuZyBGb3VudGFpbiBSb290IENBMB4XDTIwMDEyODE5NTEzNloXDTI1MDEyNjE5
MBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZImiZPyLGQBGRYJc2FuZGVsbWFuMRIw NTEzNlowUzESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZImiZPyLGQBGRYJc2Fu
EAYDVQQDDAlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ1ZA7N ZGVsbWFuMSIwIAYDVQQDDBlmb3VudGFpbi10ZXN0LmV4YW1wbGUuY29tMFkwEwYH
w0xSM/Q2u194FzQMktZ94waAIV0i/oVTPgOJ8zW6MwF5z+Dpb8/puhObJMZ0U6H/ KoZIzj0CAQYIKoZIzj0DAQcDQgAElmVQcjS6n+Xd5l/28IFv6UiegQwSBztGj5dk
wfApR6svlumd4ryyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMDA2kAMGYCMQC3 K2MAjQIPV8l8lH+EjLIOYdbJiI0VtEIf1/Jqt+TOBfinTNOLOqMaMBgwFgYDVR0l
/iTQJ3evYYcgbXhbmzrp64t3QC6qjIeY2jkDx062nuNifVKtyaara3F30AIkKSEC AQH/BAwwCgYIKwYBBQUHAxwwCgYIKoZIzj0EAwIDZwAwZAIwYg0bYKzVLBa9Aj72
MQDi29efbTLbdtDk3tecY/rD7V77XaJ6nYCmdDCR54TrSFNLgxvt1lyFM+0fYpYR 2F34rKqFyV6dbanbGpGejRyWiBQnNJrEijtbWuuIp4lj54WyAjBQ6oJTOREZlF/W
c3o= XMmtlTkBNIC3VWofZsKHSjgdz1PpWFOnrBHUABnSWqEvAMiKxOA=
-----END CERTIFICATE----- -----END CERTIFICATE-----
The registrar public certificate as decoded by openssl's x509 The registrar public certificate as decoded by openssl's x509
utility. Note that the registrar certificate is marked with the utility. Note that the registrar certificate is marked with the
cmcRA extension. cmcRA extension.
Certificate: Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: 3 (0x3) Serial Number: 818130643 (0x30c3aed3)
Signature Algorithm: ecdsa-with-SHA384 Signature Algorithm: ecdsa-with-SHA256
Issuer: DC=ca, DC=sandelman, CN=Unstrung Fountain CA Issuer: DC = ca, DC = sandelman, CN = " Unstrung Fountain Root CA"
Validity Validity
Not Before: Sep 5 01:12:45 2017 GMT Not Before: Jan 28 19:51:36 2020 GMT
Not After : Sep 5 01:12:45 2019 GMT Not After : Jan 26 19:51:36 2025 GMT
Subject: DC=ca, DC=sandelman, CN=localhost Subject: DC = ca, DC = sandelman, CN = fountain-test.example.com
Subject Public Key Info: Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit) Public-Key: (256 bit)
pub: pub:
04:35:64:0e:cd:c3:4c:52:33:f4:36:bb:5f:7 04:96:65:50:72:34:ba:9f:e5:dd:e6:5f:f6:f0:81:
8:17: 6f:e9:48:9e:81:0c:12:07:3b:46:8f:97:64:2b:63:
34:0c:92:d6:7d:e3:06:80:21:5d:22:fe:85:5 00:8d:02:0f:57:c9:7c:94:7f:84:8c:b2:0e:61:d6:
3:3e: c9:88:8d:15:b4:42:1f:d7:f2:6a:b7:e4:ce:05:f8:
03:89:f3:35:ba:33:01:79:cf:e0:e9:6f:cf:e a7:4c:d3:8b:3a
9:ba:
13:9b:24:c6:74:53:a1:ff:c1:f0:29:47:ab:2
f:96:
e9:9d:e2:bc:b2
ASN1 OID: prime256v1 ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions: X509v3 extensions:
X509v3 Basic Constraints: X509v3 Extended Key Usage: critical
CA:FALSE CMC Registration Authority
Signature Algorithm: ecdsa-with-SHA384 Signature Algorithm: ecdsa-with-SHA256
30:66:02:31:00:b7:fe:24:d0:27:77:af:61:87:20:6d:78: 30:64:02:30:62:0d:1b:60:ac:d5:2c:16:bd:02:3e:f6:d8:5d:
5b: f8:ac:aa:85:c9:5e:9d:6d:a9:db:1a:91:9e:8d:1c:96:88:14:
9b:3a:e9:eb:8b:77:40:2e:aa:8c:87:98:da:39:03:c7:4e: 27:34:9a:c4:8a:3b:5b:5a:eb:88:a7:89:63:e7:85:b2:02:30:
b6: 50:ea:82:53:39:11:19:94:5f:d6:5c:c9:ad:95:39:01:34:80:
9e:e3:62:7d:52:ad:c9:a6:ab:6b:71:77:d0:02:24:29:21: b7:55:6a:1f:66:c2:87:4a:38:1d:cf:53:e9:58:53:a7:ac:11:
02: d4:00:19:d2:5a:a1:2f:00:c8:8a:c4:e0
31:00:e2:db:d7:9f:6d:32:db:76:d0:e4:de:d7:9c:63:fa:
c3:
ed:5e:fb:5d:a2:7a:9d:80:a6:74:30:91:e7:84:eb:48:53:
4b:
83:1b:ed:d6:5c:85:33:ed:1f:62:96:11:73:7a
C.1.4. Pledge key pair C.1.4. Pledge key pair
NOTE TO THE RFC EDITOR: before publishing, this example will be
replaced with an example with the IANA allocated OID rather than
1.3.6.1.4.1.46930.2.
The pledge has an IDevID key pair built in at manufacturing time: The pledge has an IDevID key pair built in at manufacturing time:
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MHcCAQEEIBgR6SV+uEvWfl5zCQWZxWjYbMhXPyNqdHJ3KPh11mm4oAoGCCqGSM49 MHcCAQEEIBHNh6r8QRevRuo+tEmBJeFjQKf6bpFA/9NGoltv+9sNoAoGCCqGSM49
AwEHoUQDQgAEWi/jqPpRJ0JgWghZRgeZlLKutbXVjmnHb+1AYaEF/YQjE2g5FZV8 AwEHoUQDQgAEA6N1Q4ezfMAKmoecrfb0OBMc1AyEH+BATkF58FsTSyBxs0SbSWLx
KjiR/bkEl+l8M4onIC7KHaXKKkuag9S6Tw== FjDOuwB9gLGn2TsTUJumJ6VPw5Z/TP4hJw==
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----
The public key is used by the registrar to find the MASA. The MASA The public key is used by the registrar to find the MASA. The MASA
URL is in an extension described in Section 2.3. URL is in an extension described in Section 2.3.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICBDCCAYugAwIBAgIECe20qTAKBggqhkjOPQQDAjBNMRIwEAYKCZImiZPyLGQB MIIB5jCCAWygAwIBAgIEDYXcLTAKBggqhkjOPQQDAjBdMQ8wDQYDVQQGEwZDYW5h
GRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xHDAaBgNVBAMME1Vuc3Ry ZGExEDAOBgNVBAgMB09udGFyaW8xEjAQBgNVBAsMCVNhbmRlbG1hbjEkMCIGA1UE
dW5nIEhpZ2h3YXkgQ0EwIBcNMTkwNDI0MDIxNjU4WhgPMjk5OTEyMzEwMDAwMDBa AwwbaGlnaHdheS10ZXN0LmV4YW1wbGUuY29tIENBMCAXDTIwMDIwMzA2NDcyMFoY
MBwxGjAYBgNVBAUMETAwLWQwLWU1LTAyLTAwLTJkMFkwEwYHKoZIzj0CAQYIKoZI DzI5OTkxMjMxMDAwMDAwWjAcMRowGAYDVQQFDBEwMC1EMC1FNS1GMi0wMC0wMjBZ
zj0DAQcDQgAEWi/jqPpRJ0JgWghZRgeZlLKutbXVjmnHb+1AYaEF/YQjE2g5FZV8 MBMGByqGSM49AgEGCCqGSM49AwEHA0IABAOjdUOHs3zACpqHnK329DgTHNQMhB/g
KjiR/bkEl+l8M4onIC7KHaXKKkuag9S6T6OBhzCBhDAdBgNVHQ4EFgQUj8KYdUoE QE5BefBbE0sgcbNEm0li8RYwzrsAfYCxp9k7E1CbpielT8OWf0z+ISejWTBXMB0G
OvJ0kcOIbjEWwgWdDYkwCQYDVR0TBAIwADArBgNVHREEJDAioCAGCSsGAQQBgu5S A1UdDgQWBBRFiMyWlgBkN7C6I2VkZFQIBmxWrTAJBgNVHRMEAjAAMCsGCCsGAQUF
AaATDBEwMC1EMC1FNS0wMi0wMC0yRDArBgkrBgEEAYLuUgIEHgwcbWFzYS5ob25l BwEgBB8MHWhpZ2h3YXktdGVzdC5leGFtcGxlLmNvbTo5NDQzMAoGCCqGSM49BAMC
eWR1a2VzLnNhbmRlbG1hbi5jYTAKBggqhkjOPQQDAgNnADBkAjAmvMjmNgjypDhc A2gAMGUCMCPhqS7vIhI0WqXCFdYove09ltbOBJXvp8jcGKgxx7gENPK3TXmKZyIk
fynMV3kMuIpSKrYzRWr4g3PtTwXDsAe0oitTTj4QtU1bajhOfTkCMGMNbsW2Q41F A0/FzdYGugIxALONXArQ/gSDkNNPbXKXsz4C6vHIWjJyWLdFAlB4vAQdI14ib8N/
z9t6PDVdtOKabBbAP1RVoFTlDQuO9nmLzb5kU+cUqCtPRFZBUXP3kg== jHzXm3AgkbThfw==
-----END CERTIFICATE----- -----END CERTIFICATE-----
The pledge public certificate as decoded by openssl's x509 utility so The pledge public certificate as decoded by openssl's x509 utility so
that the extensions can be seen. This was version 1.1.1c of the that the extensions can be seen. This was version 1.1.1c of the
[openssl] library and utility. There is a second Custom Extension is [openssl] library and utility. The 1.3.6.1.5.5.7.1.32 extension is
included to provided to contain the EUI48/EUI64 that the pledge will the MASA URL extension. There are two bytes that preceed the
configure as it's layer-2 address (this is non-normative). extension which are part of the ASN.1 encoding, which the tool does
not know to how to decode.
Certificate: Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: 166573225 (0x9edb4a9) Serial Number: 226876461 (0xd85dc2d)
Signature Algorithm: ecdsa-with-SHA256 Signature Algorithm: ecdsa-with-SHA256
Issuer: DC = ca, DC = sandelman, CN = Unstrung Highway CA Issuer: C = Canada, ST = Ontario, OU = Sandelman, CN = highway-test.example.com CA
Validity Validity
Not Before: Apr 24 02:16:58 2019 GMT Not Before: Feb 3 06:47:20 2020 GMT
Not After : Dec 31 00:00:00 2999 GMT Not After : Dec 31 00:00:00 2999 GMT
Subject: serialNumber = 00-d0-e5-02-00-2d Subject: serialNumber = 00-D0-E5-F2-00-02
Subject Public Key Info: Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit) Public-Key: (256 bit)
pub: pub:
04:5a:2f:e3:a8:fa:51:27:42:60:5a:08:59:46:07: 04:03:a3:75:43:87:b3:7c:c0:0a:9a:87:9c:ad:f6:
99:94:b2:ae:b5:b5:d5:8e:69:c7:6f:ed:40:61:a1: f4:38:13:1c:d4:0c:84:1f:e0:40:4e:41:79:f0:5b:
05:fd:84:23:13:68:39:15:95:7c:2a:38:91:fd:b9: 13:4b:20:71:b3:44:9b:49:62:f1:16:30:ce:bb:00:
04:97:e9:7c:33:8a:27:20:2e:ca:1d:a5:ca:2a:4b: 7d:80:b1:a7:d9:3b:13:50:9b:a6:27:a5:4f:c3:96:
9a:83:d4:ba:4f 7f:4c:fe:21:27
ASN1 OID: prime256v1 ASN1 OID: prime256v1
NIST CURVE: P-256 NIST CURVE: P-256
X509v3 extensions: X509v3 extensions:
X509v3 Subject Key Identifier: X509v3 Subject Key Identifier:
8F:C2:98:75:4A:04:3A:F2:74:91:C3:88:6E:31:16:C2:05:9D:0D:89 45:88:CC:96:96:00:64:37:B0:BA:23:65:64:64:54:08:06:6C:56:AD
X509v3 Basic Constraints: X509v3 Basic Constraints:
CA:FALSE CA:FALSE
X509v3 Subject Alternative Name: 1.3.6.1.5.5.7.1.32:
othername:<unsupported> ..highway-test.example.com:9443
1.3.6.1.4.1.46930.2:
..masa.honeydukes.sandelman.ca
Signature Algorithm: ecdsa-with-SHA256 Signature Algorithm: ecdsa-with-SHA256
30:64:02:30:26:bc:c8:e6:36:08:f2:a4:38:5c:7f:29:cc:57: 30:65:02:30:23:e1:a9:2e:ef:22:12:34:5a:a5:c2:15:d6:28:
79:0c:b8:8a:52:2a:b6:33:45:6a:f8:83:73:ed:4f:05:c3:b0: bd:ed:3d:96:d6:ce:04:95:ef:a7:c8:dc:18:a8:31:c7:b8:04:
07:b4:a2:2b:53:4e:3e:10:b5:4d:5b:6a:38:4e:7d:39:02:30: 34:f2:b7:4d:79:8a:67:22:24:03:4f:c5:cd:d6:06:ba:02:31:
63:0d:6e:c5:b6:43:8d:45:cf:db:7a:3c:35:5d:b4:e2:9a:6c: 00:b3:8d:5c:0a:d0:fe:04:83:90:d3:4f:6d:72:97:b3:3e:02:
16:c0:3f:54:55:a0:54:e5:0d:0b:8e:f6:79:8b:cd:be:64:53: ea:f1:c8:5a:32:72:58:b7:45:02:50:78:bc:04:1d:23:5e:22:
e7:14:a8:2b:4f:44:56:41:51:73:f7:92 6f:c3:7f:8c:7c:d7:9b:70:20:91:b4:e1:7f
C.2. Example process C.2. Example process
The JSON examples below are wrapped at 60 columns. This results in The JSON examples below are wrapped at 60 columns. This results in
strings that have newlines in them, which makes them invalid JSON as strings that have newlines in them, which makes them invalid JSON as
is. The strings would otherwise be too long, so they need to be is. The strings would otherwise be too long, so they need to be
unwrapped before processing. unwrapped before processing.
C.2.1. Pledge to Registrar C.2.1. Pledge to Registrar
As described in Section 5.2, the pledge will sign a pledge voucher- As described in Section 5.2, the pledge will sign a pledge voucher-
request containing the registrar's public key in the proximity- request containing the registrar's public key in the proximity-
registrar-cert field. The base64 has been wrapped at 60 characters registrar-cert field. The base64 has been wrapped at 60 characters
for presentation reasons. for presentation reasons.
-----BEGIN CMS----- <CODE BEGINS>
MIIGtQYJKoZIhvcNAQcCoIIGpjCCBqICAQExDTALBglghkgBZQMEAgEwggNRBgkq MIIGpwYJKoZIhvcNAQcCoIIGmDCCBpQCAQExDTALBglghkgBZQMEAgEwggNRBgkqhkiG9w0BBwGg
hkiG9w0BBwGgggNCBIIDPnsiaWV0Zi12b3VjaGVyLXJlcXVlc3Q6dm91Y2hlciI6 ggNCBIIDPnsiaWV0Zi12b3VjaGVyLXJlcXVlc3Q6dm91Y2hlciI6eyJhc3NlcnRpb24iOiJwcm94
eyJhc3NlcnRpb24iOiJwcm94aW1pdHkiLCJjcmVhdGVkLW9uIjoiMjAxOS0wNS0x aW1pdHkiLCJjcmVhdGVkLW9uIjoiMjAyMC0wMi0wM1QwMTo1MTowMy41NjEtMDU6MDAiLCJzZXJp
NVQxNzoyNTo1NS42NDQtMDQ6MDAiLCJzZXJpYWwtbnVtYmVyIjoiMDAtZDAtZTUt YWwtbnVtYmVyIjoiMDAtRDAtRTUtRjItMDAtMDIiLCJub25jZSI6IjQzbF8zNTlfN1JrY3FXR2Na
MDItMDAtMmQiLCJub25jZSI6IlZPVUZULVd3ckV2ME51QVFFSG9WN1EiLCJwcm94 Ujh0Z1EiLCJwcm94aW1pdHktcmVnaXN0cmFyLWNlcnQiOiJNSUlCMGpDQ0FWbWdBd0lCQWdJRU1N
aW1pdHktcmVnaXN0cmFyLWNlcnQiOiJNSUlCMFRDQ0FWYWdBd0lCQWdJQkFqQUtC T3UwekFLQmdncWhrak9QUVFEQWpCVU1SSXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhHVEFYQmdv
Z2dxaGtqT1BRUURBekJ4TVJJd0VBWUtDWkltaVpQeUxHUUJHUllDWTJFeEdUQVhC SmtpYUprL0lzWkFFWkZnbHpZVzVrWld4dFlXNHhJekFoQmdOVkJBTU1HaUJWYm5OMGNuVnVaeUJH
Z29Ka2lhSmsvSXNaQUVaRmdsellXNWtaV3h0WVc0eFFEQStCZ05WQkFNTU55TThV YjNWdWRHRnBiaUJTYjI5MElFTkJNQjRYRFRJd01ERXlPREU1TlRFek5sb1hEVEkxTURFeU5qRTVO
M2x6ZEdWdFZtRnlhV0ZpYkdVNk1IZ3dNREF3TURBd05HWTVNVEZoTUQ0Z1ZXNXpk VEV6Tmxvd1V6RVNNQkFHQ2dtU0pvbVQ4aXhrQVJrV0FtTmhNUmt3RndZS0NaSW1pWlB5TEdRQkdS
SEoxYm1jZ1JtOTFiblJoYVc0Z1EwRXdIaGNOTVRjeE1UQTNNak0wTlRJNFdoY05N WUpjMkZ1WkdWc2JXRnVNU0l3SUFZRFZRUUREQmxtYjNWdWRHRnBiaTEwWlhOMExtVjRZVzF3YkdV
VGt4TVRBM01qTTBOVEk0V2pCRE1SSXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhH dVkyOXRNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVsbVZRY2pTNm4rWGQ1bC8y
VEFYQmdvSmtpYUprL0lzWkFFWkZnbHpZVzVrWld4dFlXNHhFakFRQmdOVkJBTU1D OElGdjZVaWVnUXdTQnp0R2o1ZGtLMk1BalFJUFY4bDhsSCtFakxJT1lkYkppSTBWdEVJZjEvSnF0
V3h2WTJGc2FHOXpkREJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFC K1RPQmZpblROT0xPcU1hTUJnd0ZnWURWUjBsQVFIL0JBd3dDZ1lJS3dZQkJRVUhBeHd3Q2dZSUtv
SlpsVUhJMHVwL2wzZVpmOXZDQmIrbElub0VNRWdjN1JvK1haQ3RqQUkwQ0QxZkpm Wkl6ajBFQXdJRFp3QXdaQUl3WWcwYllLelZMQmE5QWo3MjJGMzRyS3FGeVY2ZGJhbmJHcEdlalJ5
SlIvaEl5eURtSFd5WWlORmJSQ0g5ZnlhcmZremdYNHAwelRpenFqRFRBTE1Ba0dB V2lCUW5OSnJFaWp0Yld1dUlwNGxqNTRXeUFqQlE2b0pUT1JFWmxGL1dYTW10bFRrQk5JQzNWV29m
MVVkRXdRQ01BQXdDZ1lJS29aSXpqMEVBd01EYVFBd1pnSXhBTFFNTnVyZjh0djUw WnNLSFNqZ2R6MVBwV0ZPbnJCSFVBQm5TV3FFdkFNaUt4T0E9In19oIIB6jCCAeYwggFsoAMCAQIC
bFJPRDVEUVhIRU9KSk5XM1FWMmc5UUVkRFNrMk1ZK0FvU3JCU21HU05qaDRvbEVP BA2F3C0wCgYIKoZIzj0EAwIwXTEPMA0GA1UEBhMGQ2FuYWRhMRAwDgYDVQQIDAdPbnRhcmlvMRIw
aEV1TGdJeEFKNG5XZk53K0JqYlptS2lJaVVFY1R3SE1oR1ZYYU1IWS9GN24zOXd3 EAYDVQQLDAlTYW5kZWxtYW4xJDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5leGFtcGxlLmNvbSBDQTAg
S2NCQlNPbmROUHFDcE9FTGw2YnEzQ1pxUT09In19oIICCDCCAgQwggGLoAMCAQIC Fw0yMDAyMDMwNjQ3MjBaGA8yOTk5MTIzMTAwMDAwMFowHDEaMBgGA1UEBQwRMDAtRDAtRTUtRjIt
BAnttKkwCgYIKoZIzj0EAwIwTTESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZIm MDAtMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQDo3VDh7N8wAqah5yt9vQ4ExzUDIQf4EBO
iZPyLGQBGRYJc2FuZGVsbWFuMRwwGgYDVQQDDBNVbnN0cnVuZyBIaWdod2F5IENB QXnwWxNLIHGzRJtJYvEWMM67AH2AsafZOxNQm6YnpU/Dln9M/iEno1kwVzAdBgNVHQ4EFgQURYjM
MCAXDTE5MDQyNDAyMTY1OFoYDzI5OTkxMjMxMDAwMDAwWjAcMRowGAYDVQQFDBEw lpYAZDewuiNlZGRUCAZsVq0wCQYDVR0TBAIwADArBggrBgEFBQcBIAQfDB1oaWdod2F5LXRlc3Qu
MC1kMC1lNS0wMi0wMC0yZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFov46j6 ZXhhbXBsZS5jb206OTQ0MzAKBggqhkjOPQQDAgNoADBlAjAj4aku7yISNFqlwhXWKL3tPZbWzgSV
USdCYFoIWUYHmZSyrrW11Y5px2/tQGGhBf2EIxNoORWVfCo4kf25BJfpfDOKJyAu 76fI3BioMce4BDTyt015imciJANPxc3WBroCMQCzjVwK0P4Eg5DTT21yl7M+AurxyFoycli3RQJQ
yh2lyipLmoPUuk+jgYcwgYQwHQYDVR0OBBYEFI/CmHVKBDrydJHDiG4xFsIFnQ2J eLwEHSNeIm/Df4x815twIJG04X8xggE7MIIBNwIBATBlMF0xDzANBgNVBAYTBkNhbmFkYTEQMA4G
MAkGA1UdEwQCMAAwKwYDVR0RBCQwIqAgBgkrBgEEAYLuUgGgEwwRMDAtRDAtRTUt A1UECAwHT250YXJpbzESMBAGA1UECwwJU2FuZGVsbWFuMSQwIgYDVQQDDBtoaWdod2F5LXRlc3Qu
MDItMDAtMkQwKwYJKwYBBAGC7lICBB4MHG1hc2EuaG9uZXlkdWtlcy5zYW5kZWxt ZXhhbXBsZS5jb20gQ0ECBA2F3C0wCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
YW4uY2EwCgYIKoZIzj0EAwIDZwAwZAIwJrzI5jYI8qQ4XH8pzFd5DLiKUiq2M0Vq DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwMjAzMDY1MTAzWjAvBgkqhkiG9w0BCQQxIgQgOx/K7raS
+INz7U8Fw7AHtKIrU04+ELVNW2o4Tn05AjBjDW7FtkONRc/bejw1XbTimmwWwD9U AnJ0BOHJhUeBKXP6LUFVUv5/OIb4i3DoOigwCgYIKoZIzj0EAwIERzBFAiEA3G1jjhpGc687NrMy
VaBU5Q0LjvZ5i82+ZFPnFKgrT0RWQVFz95IxggErMIIBJwIBATBVME0xEjAQBgoJ O5+2iefdiQeAGDVgc6q5ct+FnIUCIDbvSmnLbqi9unhpQ0dK4kmKate1hdt7sx1opFr9Uize
kiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkARkWCXNhbmRlbG1hbjEcMBoGA1UE <CODE ENDS>
AwwTVW5zdHJ1bmcgSGlnaHdheSBDQQIECe20qTALBglghkgBZQMEAgGgaTAYBgkq
hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xOTA1MTUyMTI1
NTVaMC8GCSqGSIb3DQEJBDEiBCAQN2lP7aqwyhmj9qUHt6Qk/SbOTOPXFOwn1wv2
5YGYgDAKBggqhkjOPQQDAgRHMEUCIEYQhHToU0rrhPyQv2fR0TwWePTx2Z1DEhR4
tTl/Dr/ZAiEA47u9+bIz/p6nFJ+wctKHER+ycUzYQF56h9odMo+Ilkc=
-----END CMS-----
The ASN1 decoding of the artifact: The ASN1 decoding of the artifact:
file: examples/vr_00-D0-E5-02-00-2D.pkcs file: examples/vr_00-D0-E5-F2-00-02.b64
0:d=0 hl=4 l=1703 cons: SEQUENCE
0:d=0 hl=4 l=1717 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l=1702 cons: cont [ 0 ] 15:d=1 hl=4 l=1688 cons: cont [ 0 ]
19:d=2 hl=4 l=1698 cons: SEQUENCE 19:d=2 hl=4 l=1684 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01 23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 13 cons: SET 26:d=3 hl=2 l= 13 cons: SET
28:d=4 hl=2 l= 11 cons: SEQUENCE 28:d=4 hl=2 l= 11 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256 30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=3 hl=4 l= 849 cons: SEQUENCE 41:d=3 hl=4 l= 849 cons: SEQUENCE
45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
56:d=4 hl=4 l= 834 cons: cont [ 0 ] 56:d=4 hl=4 l= 834 cons: cont [ 0 ]
60:d=5 hl=4 l= 830 prim: OCTET STRING :{"ietf-voucher-request:v 60:d=5 hl=4 l= 830 prim: OCTET STRING :{"ietf-voucher-request:v
894:d=3 hl=4 l= 520 cons: cont [ 0 ] 894:d=3 hl=4 l= 490 cons: cont [ 0 ]
898:d=4 hl=4 l= 516 cons: SEQUENCE 898:d=4 hl=4 l= 486 cons: SEQUENCE
902:d=5 hl=4 l= 395 cons: SEQUENCE 902:d=5 hl=4 l= 364 cons: SEQUENCE
906:d=6 hl=2 l= 3 cons: cont [ 0 ] 906:d=6 hl=2 l= 3 cons: cont [ 0 ]
908:d=7 hl=2 l= 1 prim: INTEGER :02 908:d=7 hl=2 l= 1 prim: INTEGER :02
911:d=6 hl=2 l= 4 prim: INTEGER :09EDB4A9 911:d=6 hl=2 l= 4 prim: INTEGER :0D85DC2D
917:d=6 hl=2 l= 10 cons: SEQUENCE 917:d=6 hl=2 l= 10 cons: SEQUENCE
919:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 919:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
929:d=6 hl=2 l= 77 cons: SEQUENCE 929:d=6 hl=2 l= 93 cons: SEQUENCE
931:d=7 hl=2 l= 18 cons: SET 931:d=7 hl=2 l= 15 cons: SET
933:d=8 hl=2 l= 16 cons: SEQUENCE 933:d=8 hl=2 l= 13 cons: SEQUENCE
935:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 935:d=9 hl=2 l= 3 prim: OBJECT :countryName
947:d=9 hl=2 l= 2 prim: IA5STRING :ca 940:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada
951:d=7 hl=2 l= 25 cons: SET 948:d=7 hl=2 l= 16 cons: SET
953:d=8 hl=2 l= 23 cons: SEQUENCE 950:d=8 hl=2 l= 14 cons: SEQUENCE
955:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 952:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
967:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 957:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario
978:d=7 hl=2 l= 28 cons: SET 966:d=7 hl=2 l= 18 cons: SET
980:d=8 hl=2 l= 26 cons: SEQUENCE 968:d=8 hl=2 l= 16 cons: SEQUENCE
982:d=9 hl=2 l= 3 prim: OBJECT :commonName 970:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
987:d=9 hl=2 l= 19 prim: UTF8STRING :Unstrung Highway CA 975:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman
1008:d=6 hl=2 l= 32 cons: SEQUENCE 986:d=7 hl=2 l= 36 cons: SET
1010:d=7 hl=2 l= 13 prim: UTCTIME :190424021658Z 988:d=8 hl=2 l= 34 cons: SEQUENCE
1025:d=7 hl=2 l= 15 prim: GENERALIZEDTIME :29991231000000Z 990:d=9 hl=2 l= 3 prim: OBJECT :commonName
1042:d=6 hl=2 l= 28 cons: SEQUENCE 995:d=9 hl=2 l= 27 prim: UTF8STRING :highway-test.example.com
1044:d=7 hl=2 l= 26 cons: SET 1024:d=6 hl=2 l= 32 cons: SEQUENCE
1046:d=8 hl=2 l= 24 cons: SEQUENCE 1026:d=7 hl=2 l= 13 prim: UTCTIME :200203064720Z
1048:d=9 hl=2 l= 3 prim: OBJECT :serialNumber 1041:d=7 hl=2 l= 15 prim: GENERALIZEDTIME :29991231000000Z
1053:d=9 hl=2 l= 17 prim: UTF8STRING :00-d0-e5-02-00-2d 1058:d=6 hl=2 l= 28 cons: SEQUENCE
1072:d=6 hl=2 l= 89 cons: SEQUENCE 1060:d=7 hl=2 l= 26 cons: SET
1074:d=7 hl=2 l= 19 cons: SEQUENCE 1062:d=8 hl=2 l= 24 cons: SEQUENCE
1076:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey 1064:d=9 hl=2 l= 3 prim: OBJECT :serialNumber
1085:d=8 hl=2 l= 8 prim: OBJECT :prime256v1 1069:d=9 hl=2 l= 17 prim: UTF8STRING :00-D0-E5-F2-00-02
1095:d=7 hl=2 l= 66 prim: BIT STRING 1088:d=6 hl=2 l= 89 cons: SEQUENCE
1163:d=6 hl=3 l= 135 cons: cont [ 3 ] 1090:d=7 hl=2 l= 19 cons: SEQUENCE
1166:d=7 hl=3 l= 132 cons: SEQUENCE 1092:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
1169:d=8 hl=2 l= 29 cons: SEQUENCE 1101:d=8 hl=2 l= 8 prim: OBJECT :prime256v1
1171:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Ident 1111:d=7 hl=2 l= 66 prim: BIT STRING
1176:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04148FC298754A 1179:d=6 hl=2 l= 89 cons: cont [ 3 ]
1200:d=8 hl=2 l= 9 cons: SEQUENCE 1181:d=7 hl=2 l= 87 cons: SEQUENCE
1202:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 1183:d=8 hl=2 l= 29 cons: SEQUENCE
1207:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 1185:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Ident
1211:d=8 hl=2 l= 43 cons: SEQUENCE 1190:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04144588CC9696
1213:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternati 1214:d=8 hl=2 l= 9 cons: SEQUENCE
1218:d=9 hl=2 l= 36 prim: OCTET STRING [HEX DUMP]:3022A02006092B 1216:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
1256:d=8 hl=2 l= 43 cons: SEQUENCE 1221:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
1258:d=9 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1.46930.2 1225:d=8 hl=2 l= 43 cons: SEQUENCE
1269:d=9 hl=2 l= 30 prim: OCTET STRING [HEX DUMP]:0C1C6D6173612E 1227:d=9 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.1.32
1301:d=5 hl=2 l= 10 cons: SEQUENCE 1237:d=9 hl=2 l= 31 prim: OCTET STRING [HEX DUMP]:0C1D6869676877
1303:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 1270:d=5 hl=2 l= 10 cons: SEQUENCE
1313:d=5 hl=2 l= 103 prim: BIT STRING 1272:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1418:d=3 hl=4 l= 299 cons: SET 1282:d=5 hl=2 l= 104 prim: BIT STRING
1422:d=4 hl=4 l= 295 cons: SEQUENCE 1388:d=3 hl=4 l= 315 cons: SET
1426:d=5 hl=2 l= 1 prim: INTEGER :01 1392:d=4 hl=4 l= 311 cons: SEQUENCE
1429:d=5 hl=2 l= 85 cons: SEQUENCE 1396:d=5 hl=2 l= 1 prim: INTEGER :01
1431:d=6 hl=2 l= 77 cons: SEQUENCE 1399:d=5 hl=2 l= 101 cons: SEQUENCE
1433:d=7 hl=2 l= 18 cons: SET 1401:d=6 hl=2 l= 93 cons: SEQUENCE
1435:d=8 hl=2 l= 16 cons: SEQUENCE 1403:d=7 hl=2 l= 15 cons: SET
1437:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 1405:d=8 hl=2 l= 13 cons: SEQUENCE
1449:d=9 hl=2 l= 2 prim: IA5STRING :ca 1407:d=9 hl=2 l= 3 prim: OBJECT :countryName
1453:d=7 hl=2 l= 25 cons: SET 1412:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada
1455:d=8 hl=2 l= 23 cons: SEQUENCE 1420:d=7 hl=2 l= 16 cons: SET
1457:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 1422:d=8 hl=2 l= 14 cons: SEQUENCE
1469:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 1424:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
1480:d=7 hl=2 l= 28 cons: SET 1429:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario
1482:d=8 hl=2 l= 26 cons: SEQUENCE 1438:d=7 hl=2 l= 18 cons: SET
1484:d=9 hl=2 l= 3 prim: OBJECT :commonName 1440:d=8 hl=2 l= 16 cons: SEQUENCE
1489:d=9 hl=2 l= 19 prim: UTF8STRING :Unstrung Highway CA 1442:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
1510:d=6 hl=2 l= 4 prim: INTEGER :09EDB4A9 1447:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman
1516:d=5 hl=2 l= 11 cons: SEQUENCE 1458:d=7 hl=2 l= 36 cons: SET
1518:d=6 hl=2 l= 9 prim: OBJECT :sha256 1460:d=8 hl=2 l= 34 cons: SEQUENCE
1529:d=5 hl=2 l= 105 cons: cont [ 0 ] 1462:d=9 hl=2 l= 3 prim: OBJECT :commonName
1531:d=6 hl=2 l= 24 cons: SEQUENCE 1467:d=9 hl=2 l= 27 prim: UTF8STRING :highway-test.example.com
1533:d=7 hl=2 l= 9 prim: OBJECT :contentType 1496:d=6 hl=2 l= 4 prim: INTEGER :0D85DC2D
1544:d=7 hl=2 l= 11 cons: SET 1502:d=5 hl=2 l= 11 cons: SEQUENCE
1546:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data 1504:d=6 hl=2 l= 9 prim: OBJECT :sha256
1557:d=6 hl=2 l= 28 cons: SEQUENCE 1515:d=5 hl=2 l= 105 cons: cont [ 0 ]
1559:d=7 hl=2 l= 9 prim: OBJECT :signingTime 1517:d=6 hl=2 l= 24 cons: SEQUENCE
1570:d=7 hl=2 l= 15 cons: SET 1519:d=7 hl=2 l= 9 prim: OBJECT :contentType
1572:d=8 hl=2 l= 13 prim: UTCTIME :190515212555Z 1530:d=7 hl=2 l= 11 cons: SET
1587:d=6 hl=2 l= 47 cons: SEQUENCE 1532:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
1589:d=7 hl=2 l= 9 prim: OBJECT :messageDigest 1543:d=6 hl=2 l= 28 cons: SEQUENCE
1600:d=7 hl=2 l= 34 cons: SET 1545:d=7 hl=2 l= 9 prim: OBJECT :signingTime
1602:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:1037694FEDAAB0 1556:d=7 hl=2 l= 15 cons: SET
1636:d=5 hl=2 l= 10 cons: SEQUENCE 1558:d=8 hl=2 l= 13 prim: UTCTIME :200203065103Z
1638:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 1573:d=6 hl=2 l= 47 cons: SEQUENCE
1648:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:30450220461084 1575:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
1586:d=7 hl=2 l= 34 cons: SET
1588:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:3B1FCAEEB69202
1622:d=5 hl=2 l= 10 cons: SEQUENCE
1624:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1634:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:3045022100DC6D
The JSON contained in the voucher request: The JSON contained in the voucher request:
{"ietf-voucher-request:voucher":{"assertion":"proximity","cr {"ietf-voucher-request:voucher":{"assertion":"proximity","cr
eated-on":"2019-05-15T17:25:55.644-04:00","serial-number":"0 eated-on":"2020-02-03T01:51:03.561-05:00","serial-number":"0
0-d0-e5-02-00-2d","nonce":"VOUFT-WwrEv0NuAQEHoV7Q","proximit 0-D0-E5-F2-00-02","nonce":"43l_359_7RkcqWGcZR8tgQ","proximit
y-registrar-cert":"MIIB0TCCAVagAwIBAgIBAjAKBggqhkjOPQQDAzBxM y-registrar-cert":"MIIB0jCCAVmgAwIBAgIEMMOu0zAKBggqhkjOPQQDA
RIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtY jBUMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZ
W4xQDA+BgNVBAMMNyM8U3lzdGVtVmFyaWFibGU6MHgwMDAwMDAwNGY5MTFhM WxtYW4xIzAhBgNVBAMMGiBVbnN0cnVuZyBGb3VudGFpbiBSb290IENBMB4XD
D4gVW5zdHJ1bmcgRm91bnRhaW4gQ0EwHhcNMTcxMTA3MjM0NTI4WhcNMTkxM TIwMDEyODE5NTEzNloXDTI1MDEyNjE5NTEzNlowUzESMBAGCgmSJomT8ixkA
TA3MjM0NTI4WjBDMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZ RkWAmNhMRkwFwYKCZImiZPyLGQBGRYJc2FuZGVsbWFuMSIwIAYDVQQDDBlmb
AEZFglzYW5kZWxtYW4xEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49A 3VudGFpbi10ZXN0LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DA
gEGCCqGSM49AwEHA0IABJZlUHI0up/l3eZf9vCBb+lInoEMEgc7Ro+XZCtjA QcDQgAElmVQcjS6n+Xd5l/28IFv6UiegQwSBztGj5dkK2MAjQIPV8l8lH+Ej
I0CD1fJfJR/hIyyDmHWyYiNFbRCH9fyarfkzgX4p0zTizqjDTALMAkGA1UdE LIOYdbJiI0VtEIf1/Jqt+TOBfinTNOLOqMaMBgwFgYDVR0lAQH/BAwwCgYIK
wQCMAAwCgYIKoZIzj0EAwMDaQAwZgIxALQMNurf8tv50lROD5DQXHEOJJNW3 wYBBQUHAxwwCgYIKoZIzj0EAwIDZwAwZAIwYg0bYKzVLBa9Aj722F34rKqFy
QV2g9QEdDSk2MY+AoSrBSmGSNjh4olEOhEuLgIxAJ4nWfNw+BjbZmKiIiUEc V6dbanbGpGejRyWiBQnNJrEijtbWuuIp4lj54WyAjBQ6oJTOREZlF/WXMmtl
TwHMhGVXaMHY/F7n39wwKcBBSOndNPqCpOELl6bq3CZqQ=="}} TkBNIC3VWofZsKHSjgdz1PpWFOnrBHUABnSWqEvAMiKxOA="}}
C.2.2. Registrar to MASA C.2.2. Registrar to MASA
As described in Section 5.5 the registrar will sign a registrar As described in Section 5.5 the registrar will sign a registrar
voucher-request, and will include pledge's voucher request in the voucher-request, and will include pledge's voucher request in the
prior-signed-voucher-request. prior-signed-voucher-request.
-----BEGIN CMS----- <CODE BEGINS>
MIIPkwYJKoZIhvcNAQcCoIIPhDCCD4ACAQExDTALBglghkgBZQMEAgEwggnUBgkq MIIPOAYJKoZIhvcNAQcCoIIPKTCCDyUCAQExDTALBglghkgBZQMEAgEwggnA
hkiG9w0BBwGgggnFBIIJwXsiaWV0Zi12b3VjaGVyLXJlcXVlc3Q6dm91Y2hlciI6 BgkqhkiG9w0BBwGgggmxBIIJrXsiaWV0Zi12b3VjaGVyLXJlcXVlc3Q6dm91
eyJhc3NlcnRpb24iOiJwcm94aW1pdHkiLCJjcmVhdGVkLW9uIjoiMjAxOS0wNS0x Y2hlciI6eyJhc3NlcnRpb24iOiJwcm94aW1pdHkiLCJjcmVhdGVkLW9uIjoi
NVQyMToyNTo1NS43NThaIiwic2VyaWFsLW51bWJlciI6IjAwLWQwLWU1LTAyLTAw MjAyMC0wMi0wM1QwNjo1MTowMy42MjZaIiwic2VyaWFsLW51bWJlciI6IjAw
LTJkIiwibm9uY2UiOiJWT1VGVC1Xd3JFdjBOdUFRRUhvVjdRIiwicHJpb3Itc2ln LUQwLUU1LUYyLTAwLTAyIiwibm9uY2UiOiI0M2xfMzU5XzdSa2NxV0djWlI4
bmVkLXZvdWNoZXItcmVxdWVzdCI6Ik1JSUd0UVlKS29aSWh2Y05BUWNDb0lJR3Bq dGdRIiwicHJpb3Itc2lnbmVkLXZvdWNoZXItcmVxdWVzdCI6Ik1JSUdwd1lK
Q0NCcUlDQVFFeERUQUxCZ2xnaGtnQlpRTUVBZ0V3Z2dOUkJna3Foa2lHOXcwQkJ3 S29aSWh2Y05BUWNDb0lJR21EQ0NCcFFDQVFFeERUQUxCZ2xnaGtnQlpRTUVB
R2dnZ05DQklJRFBuc2lhV1YwWmkxMmIzVmphR1Z5TFhKbGNYVmxjM1E2ZG05MVky Z0V3Z2dOUkJna3Foa2lHOXcwQkJ3R2dnZ05DQklJRFBuc2lhV1YwWmkxMmIz
aGxjaUk2ZXlKaGMzTmxjblJwYjI0aU9pSndjbTk0YVcxcGRIa2lMQ0pqY21WaGRH VmphR1Z5TFhKbGNYVmxjM1E2ZG05MVkyaGxjaUk2ZXlKaGMzTmxjblJwYjI0
VmtMVzl1SWpvaU1qQXhPUzB3TlMweE5WUXhOem95TlRvMU5TNDJORFF0TURRNk1E aU9pSndjbTk0YVcxcGRIa2lMQ0pqY21WaGRHVmtMVzl1SWpvaU1qQXlNQzB3
QWlMQ0p6WlhKcFlXd3RiblZ0WW1WeUlqb2lNREF0WkRBdFpUVXRNREl0TURBdE1t TWkwd00xUXdNVG8xTVRvd015NDFOakV0TURVNk1EQWlMQ0p6WlhKcFlXd3Ri
UWlMQ0p1YjI1alpTSTZJbFpQVlVaVUxWZDNja1YyTUU1MVFWRkZTRzlXTjFFaUxD blZ0WW1WeUlqb2lNREF0UkRBdFJUVXRSakl0TURBdE1ESWlMQ0p1YjI1alpT
SndjbTk0YVcxcGRIa3RjbVZuYVhOMGNtRnlMV05sY25RaU9pSk5TVWxDTUZSRFEw STZJalF6YkY4ek5UbGZOMUpyWTNGWFIyTmFVamgwWjFFaUxDSndjbTk0YVcx
RldZV2RCZDBsQ1FXZEpRa0ZxUVV0Q1oyZHhhR3RxVDFCUlVVUkJla0o0VFZKSmQw cGRIa3RjbVZuYVhOMGNtRnlMV05sY25RaU9pSk5TVWxDTUdwRFEwRldiV2RC
VkJXVXREV2tsdGFWcFFlVXhIVVVKSFVsbERXVEpGZUVkVVFWaENaMjlLYTJsaFNt ZDBsQ1FXZEpSVTFOVDNVd2VrRkxRbWRuY1docmFrOVFVVkZFUVdwQ1ZVMVNT
c3ZTWE5hUVVWYVJtZHNlbGxYTld0YVYzaDBXVmMwZUZGRVFTdENaMDVXUWtGTlRV WGRGUVZsTFExcEpiV2xhVUhsTVIxRkNSMUpaUTFreVJYaEhWRUZZUW1kdlNt
NTVUVGhWTTJ4NlpFZFdkRlp0Um5saFYwWnBZa2RWTmsxSVozZE5SRUYzVFVSQmQw dHBZVXByTDBseldrRkZXa1puYkhwWlZ6VnJXbGQ0ZEZsWE5IaEpla0ZvUW1k
NUhXVFZOVkVab1RVUTBaMVpYTlhwa1NFb3hZbTFqWjFKdE9URmlibEpvWVZjMFox T1ZrSkJUVTFIYVVKV1ltNU9NR051Vm5WYWVVSkhZak5XZFdSSFJuQmlhVUpU
RXdSWGRJYUdOT1RWUmplRTFVUVROTmFrMHdUbFJKTkZkb1kwNU5WR3Q0VFZSQk0w WWpJNU1FbEZUa0pOUWpSWVJGUkpkMDFFUlhsUFJFVTFUbFJGZWs1c2IxaEVW
MXFUVEJPVkVrMFYycENSRTFTU1hkRlFWbExRMXBKYldsYVVIbE1SMUZDUjFKWlEx RWt4VFVSRmVVNXFSVFZPVkVWNlRteHZkMVY2UlZOTlFrRkhRMmR0VTBwdmJW
a3lSWGhIVkVGWVFtZHZTbXRwWVVwckwwbHpXa0ZGV2tabmJIcFpWelZyV2xkNGRG UTRhWGhyUVZKclYwRnRUbWhOVW10M1JuZFpTME5hU1cxcFdsQjVURWRSUWtk
bFhOSGhGYWtGUlFtZE9Wa0pCVFUxRFYzaDJXVEpHYzJGSE9YcGtSRUphVFVKTlIw U1dVcGpNa1oxV2tkV2MySlhSblZOVTBsM1NVRlpSRlpSVVVSRVFteHRZak5X
SjVjVWRUVFRRNVFXZEZSME5EY1VkVFRUUTVRWGRGU0VFd1NVRkNTbHBzVlVoSk1I ZFdSSFJuQmlhVEV3V2xoT01FeHRWalJaVnpGM1lrZFZkVmt5T1hSTlJtdDNS
VndMMnd6WlZwbU9YWkRRbUlyYkVsdWIwVk5SV2RqTjFKdksxaGFRM1JxUVVrd1Ew WGRaU0V0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWc2JW
UXhaa3BtU2xJdmFFbDVlVVJ0U0ZkNVdXbE9SbUpTUTBnNVpubGhjbVpyZW1kWU5I WlJZMnBUTm00cldHUTFiQzh5T0VsR2RqWlZhV1ZuVVhkVFFucDBSMm8xWkd0
QXdlbFJwZW5GcVJGUkJURTFCYTBkQk1WVmtSWGRSUTAxQlFYZERaMWxKUzI5YVNY TE1rMUJhbEZKVUZZNGJEaHNTQ3RGYWt4SlQxbGtZa3BwU1RCV2RFVkpaakV2
cHFNRVZCZDAxRVlWRkJkMXBuU1hoQlRGRk5UblZ5WmpoMGRqVXdiRkpQUkRWRVVW U25GMEsxUlBRbVpwYmxST1QweFBjVTFoVFVKbmQwWm5XVVJXVWpCc1FWRklM
aElSVTlLU2s1WE0xRldNbWM1VVVWa1JGTnJNazFaSzBGdlUzSkNVMjFIVTA1cWFE MEpCZDNkRFoxbEpTM2RaUWtKUlZVaEJlSGQzUTJkWlNVdHZXa2w2YWpCRlFY
UnZiRVZQYUVWMVRHZEplRUZLTkc1WFprNTNLMEpxWWxwdFMybEphVlZGWTFSM1NF ZEpSRnAzUVhkYVFVbDNXV2N3WWxsTGVsWk1RbUU1UVdvM01qSkdNelJ5UzNG
MW9SMVpZWVUxSVdTOUdOMjR6T1hkM1MyTkNRbE5QYm1ST1VIRkRjRTlGVEd3Mllu R2VWWTJaR0poYm1KSGNFZGxhbEo1VjJsQ1VXNU9TbkpGYVdwMFlsZDFkVWx3
RXpRMXB4VVQwOUluMTlvSUlDQ0RDQ0FnUXdnZ0dMb0FNQ0FRSUNCQW50dEtrd0Nn Tkd4cU5UUlhlVUZxUWxFMmIwcFVUMUpGV214R0wxZFlUVzEwYkZSclFrNUpR
WUlLb1pJemowRUF3SXdUVEVTTUJBR0NnbVNKb21UOGl4a0FSa1dBbU5oTVJrd0Z3 ek5XVjI5bVduTkxTRk5xWjJSNk1WQndWMFpQYm5KQ1NGVkJRbTVUVjNGRmRr
WUtDWkltaVpQeUxHUUJHUllKYzJGdVpHVnNiV0Z1TVJ3d0dnWURWUVFEREJOVmJu Rk5hVXQ0VDBFOUluMTlvSUlCNmpDQ0FlWXdnZ0Zzb0FNQ0FRSUNCQTJGM0Mw
TjBjblZ1WnlCSWFXZG9kMkY1SUVOQk1DQVhEVEU1TURReU5EQXlNVFkxT0ZvWUR6 d0NnWUlLb1pJemowRUF3SXdYVEVQTUEwR0ExVUVCaE1HUTJGdVlXUmhNUkF3
STVPVGt4TWpNeE1EQXdNREF3V2pBY01Sb3dHQVlEVlFRRkRCRXdNQzFrTUMxbE5T RGdZRFZRUUlEQWRQYm5SaGNtbHZNUkl3RUFZRFZRUUxEQWxUWVc1a1pXeHRZ
MHdNaTB3TUMweVpEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJG VzR4SkRBaUJnTlZCQU1NRzJocFoyaDNZWGt0ZEdWemRDNWxlR0Z0Y0d4bExt
b3Y0Nmo2VVNkQ1lGb0lXVVlIbVpTeXJyVzExWTVweDIvdFFHR2hCZjJFSXhOb09S TnZiU0JEUVRBZ0Z3MHlNREF5TURNd05qUTNNakJhR0E4eU9UazVNVEl6TVRB
V1ZmQ280a2YyNUJKZnBmRE9LSnlBdXloMmx5aXBMbW9QVXVrK2pnWWN3Z1lRd0hR d01EQXdNRm93SERFYU1CZ0dBMVVFQlF3Uk1EQXRSREF0UlRVdFJqSXRNREF0
WURWUjBPQkJZRUZJL0NtSFZLQkRyeWRKSERpRzR4RnNJRm5RMkpNQWtHQTFVZEV3 TURJd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFRRG8zVkRo
UUNNQUF3S3dZRFZSMFJCQ1F3SXFBZ0Jna3JCZ0VFQVlMdVVnR2dFd3dSTURBdFJE N044d0FxYWg1eXQ5dlE0RXh6VURJUWY0RUJPUVhud1d4TkxJSEd6Ukp0Sll2
QXRSVFV0TURJdE1EQXRNa1F3S3dZSkt3WUJCQUdDN2xJQ0JCNE1IRzFoYzJFdWFH RVdNTTY3QUgyQXNhZlpPeE5RbTZZbnBVL0RsbjlNL2lFbm8xa3dWekFkQmdO
OXVaWGxrZFd0bGN5NXpZVzVrWld4dFlXNHVZMkV3Q2dZSUtvWkl6ajBFQXdJRFp3 VkhRNEVGZ1FVUllqTWxwWUFaRGV3dWlObFpHUlVDQVpzVnEwd0NRWURWUjBU
QXdaQUl3SnJ6STVqWUk4cVE0WEg4cHpGZDVETGlLVWlxMk0wVnErSU56N1U4Rnc3 QkFJd0FEQXJCZ2dyQmdFRkJRY0JJQVFmREIxb2FXZG9kMkY1TFhSbGMzUXVa
QUh0S0lyVTA0K0VMVk5XMm80VG4wNUFqQmpEVzdGdGtPTlJjL2JlancxWGJUaW1t WGhoYlhCc1pTNWpiMjA2T1RRME16QUtCZ2dxaGtqT1BRUURBZ05vQURCbEFq
d1d3RDlVVmFCVTVRMExqdlo1aTgyK1pGUG5GS2dyVDBSV1FWRno5NUl4Z2dFck1J QWo0YWt1N3lJU05GcWx3aFhXS0wzdFBaYld6Z1NWNzZmSTNCaW9NY2U0QkRU
SUJKd0lCQVRCVk1FMHhFakFRQmdvSmtpYUprL0lzWkFFWkZnSmpZVEVaTUJjR0Nn eXQwMTVpbWNpSkFOUHhjM1dCcm9DTVFDempWd0swUDRFZzVEVFQyMXlsN00r
bVNKb21UOGl4a0FSa1dDWE5oYm1SbGJHMWhiakVjTUJvR0ExVUVBd3dUVlc1emRI QXVyeHlGb3ljbGkzUlFKUWVMd0VIU05lSW0vRGY0eDgxNXR3SUpHMDRYOHhn
SjFibWNnU0dsbmFIZGhlU0JEUVFJRUNlMjBxVEFMQmdsZ2hrZ0JaUU1FQWdHZ2FU Z0U3TUlJQk53SUJBVEJsTUYweER6QU5CZ05WQkFZVEJrTmhibUZrWVRFUU1B
QVlCZ2txaGtpRzl3MEJDUU14Q3dZSktvWklodmNOQVFjQk1Cd0dDU3FHU0liM0RR NEdBMVVFQ0F3SFQyNTBZWEpwYnpFU01CQUdBMVVFQ3d3SlUyRnVaR1ZzYldG
RUpCVEVQRncweE9UQTFNVFV5TVRJMU5UVmFNQzhHQ1NxR1NJYjNEUUVKQkRFaUJD dU1TUXdJZ1lEVlFRRERCdG9hV2RvZDJGNUxYUmxjM1F1WlhoaGJYQnNaUzVq
QVFOMmxQN2Fxd3lobWo5cVVIdDZRay9TYk9UT1BYRk93bjF3djI1WUdZZ0RBS0Jn YjIwZ1EwRUNCQTJGM0Mwd0N3WUpZSVpJQVdVREJBSUJvR2t3R0FZSktvWklo
Z3Foa2pPUFFRREFnUkhNRVVDSUVZUWhIVG9VMHJyaFB5UXYyZlIwVHdXZVBUeDJa dmNOQVFrRE1Rc0dDU3FHU0liM0RRRUhBVEFjQmdrcWhraUc5dzBCQ1FVeER4
MURFaFI0dFRsL0RyL1pBaUVBNDd1OStiSXovcDZuRkord2N0S0hFUit5Y1V6WVFG Y05NakF3TWpBek1EWTFNVEF6V2pBdkJna3Foa2lHOXcwQkNRUXhJZ1FnT3gv
NTZoOW9kTW8rSWxrYz0ifX2gggRCMIIB0TCCAVagAwIBAgIBAjAKBggqhkjOPQQD SzdyYVNBbkowQk9ISmhVZUJLWFA2TFVGVlV2NS9PSWI0aTNEb09pZ3dDZ1lJ
AzBxMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxt S29aSXpqMEVBd0lFUnpCRkFpRUEzRzFqamhwR2M2ODdOck15TzUrMmllZmRp
YW4xQDA+BgNVBAMMNyM8U3lzdGVtVmFyaWFibGU6MHgwMDAwMDAwNGY5MTFhMD4g UWVBR0RWZ2M2cTVjdCtGbklVQ0lEYnZTbW5MYnFpOXVuaHBRMGRLNGttS2F0
VW5zdHJ1bmcgRm91bnRhaW4gQ0EwHhcNMTcxMTA3MjM0NTI4WhcNMTkxMTA3MjM0 ZTFoZHQ3c3gxb3BGcjlVaXplIn19oIIEFTCCAdIwggFZoAMCAQICBDDDrtMw
NTI4WjBDMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5k CgYIKoZIzj0EAwIwVDESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZImiZPy
ZWxtYW4xEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEH LGQBGRYJc2FuZGVsbWFuMSMwIQYDVQQDDBogVW5zdHJ1bmcgRm91bnRhaW4g
A0IABJZlUHI0up/l3eZf9vCBb+lInoEMEgc7Ro+XZCtjAI0CD1fJfJR/hIyyDmHW Um9vdCBDQTAeFw0yMDAxMjgxOTUxMzZaFw0yNTAxMjYxOTUxMzZaMFMxEjAQ
yYiNFbRCH9fyarfkzgX4p0zTizqjDTALMAkGA1UdEwQCMAAwCgYIKoZIzj0EAwMD BgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkARkWCXNhbmRlbG1hbjEi
aQAwZgIxALQMNurf8tv50lROD5DQXHEOJJNW3QV2g9QEdDSk2MY+AoSrBSmGSNjh MCAGA1UEAwwZZm91bnRhaW4tdGVzdC5leGFtcGxlLmNvbTBZMBMGByqGSM49
4olEOhEuLgIxAJ4nWfNw+BjbZmKiIiUEcTwHMhGVXaMHY/F7n39wwKcBBSOndNPq AgEGCCqGSM49AwEHA0IABJZlUHI0up/l3eZf9vCBb+lInoEMEgc7Ro+XZCtj
CpOELl6bq3CZqTCCAmkwggHvoAMCAQICAQMwCgYIKoZIzj0EAwIwbTESMBAGCgmS AI0CD1fJfJR/hIyyDmHWyYiNFbRCH9fyarfkzgX4p0zTizqjGjAYMBYGA1Ud
JomT8ixkARkWAmNhMRkwFwYKCZImiZPyLGQBGRYJc2FuZGVsbWFuMTwwOgYDVQQD JQEB/wQMMAoGCCsGAQUFBwMcMAoGCCqGSM49BAMCA2cAMGQCMGING2Cs1SwW
DDNmb3VudGFpbi10ZXN0LmV4YW1wbGUuY29tIFVuc3RydW5nIEZvdW50YWluIFJv vQI+9thd+KyqhclenW2p2xqRno0clogUJzSaxIo7W1rriKeJY+eFsgIwUOqC
b3QgQ0EwHhcNMTkwMTEzMjI1NDQ0WhcNMjEwMTEyMjI1NDQ0WjBtMRIwEAYKCZIm UzkRGZRf1lzJrZU5ATSAt1VqH2bCh0o4Hc9T6VhTp6wR1AAZ0lqhLwDIisTg
iZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xPDA6BgNVBAMM MIICOzCCAcCgAwIBAgIEfK80pDAKBggqhkjOPQQDAjBUMRIwEAYKCZImiZPy
M2ZvdW50YWluLXRlc3QuZXhhbXBsZS5jb20gVW5zdHJ1bmcgRm91bnRhaW4gUm9v LGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xIzAhBgNVBAMM
dCBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABBt/WboXwxq8Zo2MbODD+jFxD2X2 GiBVbnN0cnVuZyBGb3VudGFpbiBSb290IENBMB4XDTIwMDEyMzIxNDQwOFoX
IpG9t1aAB9vfuHqlRU15ikaXGVmWMbGPaX0yvjzIPltjtUb2qNVvm/nA89O5FD9y DTIwMDIyMzA3NDQwOFowVDESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZIm
R1Gkdt3S8L/1yo8wAX/4wl/T9SADRIuL8gdstKNjMGEwDwYDVR0TAQH/BAUwAwEB iZPyLGQBGRYJc2FuZGVsbWFuMSMwIQYDVQQDDBogVW5zdHJ1bmcgRm91bnRh
/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLml9ssR4QekSSynCMZ8ELyHs3Qm aW4gUm9vdCBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABBt/WboXwxq8Zo2M
MB8GA1UdIwQYMBaAFLml9ssR4QekSSynCMZ8ELyHs3QmMAoGCCqGSM49BAMCA2gA bODD+jFxD2X2IpG9t1aAB9vfuHqlRU15ikaXGVmWMbGPaX0yvjzIPltjtUb2
MGUCMAviLdbfd6AZdsOxNgf7D15WFmGC1JkHeEbT/0w4UXz6q/48S71/IMbSXRWH qNVvm/nA89O5FD9yR1Gkdt3S8L/1yo8wAX/4wl/T9SADRIuL8gdstKNjMGEw
aNxiJwIxAOCRjtlN+VSmCLTvWwMTxnSpIuqMr/O1y2Z8rl459VRFphWPdbf4i0qE DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLml
cwu0u4JzpDGCAUwwggFIAgEBMHYwcTESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYK 9ssR4QekSSynCMZ8ELyHs3QmMB8GA1UdIwQYMBaAFLml9ssR4QekSSynCMZ8
CZImiZPyLGQBGRYJc2FuZGVsbWFuMUAwPgYDVQQDDDcjPFN5c3RlbVZhcmlhYmxl ELyHs3QmMAoGCCqGSM49BAMCA2kAMGYCMQCJUCsnv4/1HkYNmFeCbH1RInba
OjB4MDAwMDAwMDRmOTExYTA+IFVuc3RydW5nIEZvdW50YWluIENBAgECMAsGCWCG iWMgUeUK1gdrcJMw2rGMfe1x+T2YC2d4jvjZGsACMQDqQBz8e/Nrssz76Ly3
SAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkF inmusXWBcWXUy2gYvfJ29u+TDkF3MmkEZrxPQnB3gq996zMxggEyMIIBLgIB
MQ8XDTE5MDUxNTIxMjU1NVowLwYJKoZIhvcNAQkEMSIEIFBQjMmWzZOEkRHXrVAS ATBcMFQxEjAQBgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkARkWCXNh
snJwgQ26goyvOAtUFYs3MstMMAoGCCqGSM49BAMCBEcwRQIgBthbhEmgbqZbYDkD bmRlbG1hbjEjMCEGA1UEAwwaIFVuc3RydW5nIEZvdW50YWluIFJvb3QgQ0EC
zxHXLzJ5eusWplzHKqZyxNpzaR8CIQC3UtMu0QsXoUpYL016iTsbd7Eedi8IfnwQ BDDDrtMwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
akExfhh0ew== ATAcBgkqhkiG9w0BCQUxDxcNMjAwMjAzMDY1MTAzWjAvBgkqhkiG9w0BCQQx
-----END CMS----- IgQgCEBi8O99Zou/xcUDmf0u73PrgJFvgYujuiAQXRx1pfkwCgYIKoZIzj0E
AwIERzBFAiEAiBS729QxJrle+L38i3LmwGZADARoBV2wyzh9sB5VKTYCIDTO
B4erLDCU9fb7ZqtSCsSkhBveKM+1WOOQ9A5/Ua9h
<CODE ENDS>
The ASN1 decoding of the artifact: The ASN1 decoding of the artifact:
file: examples/parboiled_vr_00_D0-E5-02-00-2D.pkcs file: examples/parboiled_vr_00_D0-E5-02-00-2D.b64
0:d=0 hl=4 l=3987 cons: SEQUENCE 0:d=0 hl=4 l=3896 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l=3972 cons: cont [ 0 ] 15:d=1 hl=4 l=3881 cons: cont [ 0 ]
19:d=2 hl=4 l=3968 cons: SEQUENCE 19:d=2 hl=4 l=3877 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01 23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 13 cons: SET 26:d=3 hl=2 l= 13 cons: SET
28:d=4 hl=2 l= 11 cons: SEQUENCE 28:d=4 hl=2 l= 11 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256 30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=3 hl=4 l=2516 cons: SEQUENCE 41:d=3 hl=4 l=2496 cons: SEQUENCE
45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
56:d=4 hl=4 l=2501 cons: cont [ 0 ] 56:d=4 hl=4 l=2481 cons: cont [ 0 ]
60:d=5 hl=4 l=2497 prim: OCTET STRING :{"ietf-voucher-request:v 60:d=5 hl=4 l=2477 prim: OCTET STRING :{"ietf-voucher-request:v
2561:d=3 hl=4 l=1090 cons: cont [ 0 ] 2541:d=3 hl=4 l=1045 cons: cont [ 0 ]
2565:d=4 hl=4 l= 465 cons: SEQUENCE 2545:d=4 hl=4 l= 466 cons: SEQUENCE
2569:d=5 hl=4 l= 342 cons: SEQUENCE 2549:d=5 hl=4 l= 345 cons: SEQUENCE
2573:d=6 hl=2 l= 3 cons: cont [ 0 ] 2553:d=6 hl=2 l= 3 cons: cont [ 0 ]
2575:d=7 hl=2 l= 1 prim: INTEGER :02 2555:d=7 hl=2 l= 1 prim: INTEGER :02
2578:d=6 hl=2 l= 1 prim: INTEGER :02 2558:d=6 hl=2 l= 4 prim: INTEGER :30C3AED3
2581:d=6 hl=2 l= 10 cons: SEQUENCE 2564:d=6 hl=2 l= 10 cons: SEQUENCE
2583:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA384 2566:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
2593:d=6 hl=2 l= 113 cons: SEQUENCE 2576:d=6 hl=2 l= 84 cons: SEQUENCE
2595:d=7 hl=2 l= 18 cons: SET 2578:d=7 hl=2 l= 18 cons: SET
2597:d=8 hl=2 l= 16 cons: SEQUENCE 2580:d=8 hl=2 l= 16 cons: SEQUENCE
2599:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 2582:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
2611:d=9 hl=2 l= 2 prim: IA5STRING :ca 2594:d=9 hl=2 l= 2 prim: IA5STRING :ca
2615:d=7 hl=2 l= 25 cons: SET 2598:d=7 hl=2 l= 25 cons: SET
2617:d=8 hl=2 l= 23 cons: SEQUENCE 2600:d=8 hl=2 l= 23 cons: SEQUENCE
2619:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 2602:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
2631:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 2614:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
2642:d=7 hl=2 l= 64 cons: SET 2625:d=7 hl=2 l= 35 cons: SET
2644:d=8 hl=2 l= 62 cons: SEQUENCE 2627:d=8 hl=2 l= 33 cons: SEQUENCE
2646:d=9 hl=2 l= 3 prim: OBJECT :commonName 2629:d=9 hl=2 l= 3 prim: OBJECT :commonName
2651:d=9 hl=2 l= 55 prim: UTF8STRING :#<SystemVariable:0x00000 2634:d=9 hl=2 l= 26 prim: UTF8STRING : Unstrung Fountain Root
2708:d=6 hl=2 l= 30 cons: SEQUENCE 2662:d=6 hl=2 l= 30 cons: SEQUENCE
2710:d=7 hl=2 l= 13 prim: UTCTIME :171107234528Z 2664:d=7 hl=2 l= 13 prim: UTCTIME :200128195136Z
2725:d=7 hl=2 l= 13 prim: UTCTIME :191107234528Z 2679:d=7 hl=2 l= 13 prim: UTCTIME :250126195136Z
2740:d=6 hl=2 l= 67 cons: SEQUENCE 2694:d=6 hl=2 l= 83 cons: SEQUENCE
2742:d=7 hl=2 l= 18 cons: SET 2696:d=7 hl=2 l= 18 cons: SET
2744:d=8 hl=2 l= 16 cons: SEQUENCE 2698:d=8 hl=2 l= 16 cons: SEQUENCE
2746:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 2700:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
2758:d=9 hl=2 l= 2 prim: IA5STRING :ca 2712:d=9 hl=2 l= 2 prim: IA5STRING :ca
2762:d=7 hl=2 l= 25 cons: SET 2716:d=7 hl=2 l= 25 cons: SET
2764:d=8 hl=2 l= 23 cons: SEQUENCE 2718:d=8 hl=2 l= 23 cons: SEQUENCE
2766:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 2720:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
2778:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 2732:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
2789:d=7 hl=2 l= 18 cons: SET 2743:d=7 hl=2 l= 34 cons: SET
2791:d=8 hl=2 l= 16 cons: SEQUENCE 2745:d=8 hl=2 l= 32 cons: SEQUENCE
2793:d=9 hl=2 l= 3 prim: OBJECT :commonName 2747:d=9 hl=2 l= 3 prim: OBJECT :commonName
2798:d=9 hl=2 l= 9 prim: UTF8STRING :localhost 2752:d=9 hl=2 l= 25 prim: UTF8STRING :fountain-test.example.co
2809:d=6 hl=2 l= 89 cons: SEQUENCE 2779:d=6 hl=2 l= 89 cons: SEQUENCE
2811:d=7 hl=2 l= 19 cons: SEQUENCE 2781:d=7 hl=2 l= 19 cons: SEQUENCE
2813:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey 2783:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
2822:d=8 hl=2 l= 8 prim: OBJECT :prime256v1 2792:d=8 hl=2 l= 8 prim: OBJECT :prime256v1
2832:d=7 hl=2 l= 66 prim: BIT STRING 2802:d=7 hl=2 l= 66 prim: BIT STRING
2900:d=6 hl=2 l= 13 cons: cont [ 3 ] 2870:d=6 hl=2 l= 26 cons: cont [ 3 ]
2902:d=7 hl=2 l= 11 cons: SEQUENCE 2872:d=7 hl=2 l= 24 cons: SEQUENCE
2904:d=8 hl=2 l= 9 cons: SEQUENCE 2874:d=8 hl=2 l= 22 cons: SEQUENCE
2906:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 2876:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usag
2911:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 2881:d=9 hl=2 l= 1 prim: BOOLEAN :255
2915:d=5 hl=2 l= 10 cons: SEQUENCE 2884:d=9 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B0601
2917:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA384 2898:d=5 hl=2 l= 10 cons: SEQUENCE
2927:d=5 hl=2 l= 105 prim: BIT STRING 2900:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
3034:d=4 hl=4 l= 617 cons: SEQUENCE 2910:d=5 hl=2 l= 103 prim: BIT STRING
3038:d=5 hl=4 l= 495 cons: SEQUENCE 3015:d=4 hl=4 l= 571 cons: SEQUENCE
3042:d=6 hl=2 l= 3 cons: cont [ 0 ] 3019:d=5 hl=4 l= 448 cons: SEQUENCE
3044:d=7 hl=2 l= 1 prim: INTEGER :02 3023:d=6 hl=2 l= 3 cons: cont [ 0 ]
3047:d=6 hl=2 l= 1 prim: INTEGER :03 3025:d=7 hl=2 l= 1 prim: INTEGER :02
3050:d=6 hl=2 l= 10 cons: SEQUENCE 3028:d=6 hl=2 l= 4 prim: INTEGER :7CAF34A4
3052:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 3034:d=6 hl=2 l= 10 cons: SEQUENCE
3062:d=6 hl=2 l= 109 cons: SEQUENCE 3036:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
3064:d=7 hl=2 l= 18 cons: SET 3046:d=6 hl=2 l= 84 cons: SEQUENCE
3066:d=8 hl=2 l= 16 cons: SEQUENCE 3048:d=7 hl=2 l= 18 cons: SET
3068:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 3050:d=8 hl=2 l= 16 cons: SEQUENCE
3080:d=9 hl=2 l= 2 prim: IA5STRING :ca 3052:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3084:d=7 hl=2 l= 25 cons: SET 3064:d=9 hl=2 l= 2 prim: IA5STRING :ca
3086:d=8 hl=2 l= 23 cons: SEQUENCE 3068:d=7 hl=2 l= 25 cons: SET
3088:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 3070:d=8 hl=2 l= 23 cons: SEQUENCE
3100:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 3072:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3111:d=7 hl=2 l= 60 cons: SET 3084:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
3113:d=8 hl=2 l= 58 cons: SEQUENCE 3095:d=7 hl=2 l= 35 cons: SET
3115:d=9 hl=2 l= 3 prim: OBJECT :commonName 3097:d=8 hl=2 l= 33 cons: SEQUENCE
3120:d=9 hl=2 l= 51 prim: UTF8STRING :fountain-test.example.co 3099:d=9 hl=2 l= 3 prim: OBJECT :commonName
3173:d=6 hl=2 l= 30 cons: SEQUENCE 3104:d=9 hl=2 l= 26 prim: UTF8STRING : Unstrung Fountain Root
3175:d=7 hl=2 l= 13 prim: UTCTIME :190113225444Z 3132:d=6 hl=2 l= 30 cons: SEQUENCE
3190:d=7 hl=2 l= 13 prim: UTCTIME :210112225444Z 3134:d=7 hl=2 l= 13 prim: UTCTIME :200123214408Z
3205:d=6 hl=2 l= 109 cons: SEQUENCE 3149:d=7 hl=2 l= 13 prim: UTCTIME :200223074408Z
3207:d=7 hl=2 l= 18 cons: SET 3164:d=6 hl=2 l= 84 cons: SEQUENCE
3209:d=8 hl=2 l= 16 cons: SEQUENCE 3166:d=7 hl=2 l= 18 cons: SET
3211:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 3168:d=8 hl=2 l= 16 cons: SEQUENCE
3223:d=9 hl=2 l= 2 prim: IA5STRING :ca 3170:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3227:d=7 hl=2 l= 25 cons: SET 3182:d=9 hl=2 l= 2 prim: IA5STRING :ca
3229:d=8 hl=2 l= 23 cons: SEQUENCE 3186:d=7 hl=2 l= 25 cons: SET
3231:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 3188:d=8 hl=2 l= 23 cons: SEQUENCE
3243:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 3190:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3254:d=7 hl=2 l= 60 cons: SET 3202:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
3256:d=8 hl=2 l= 58 cons: SEQUENCE 3213:d=7 hl=2 l= 35 cons: SET
3258:d=9 hl=2 l= 3 prim: OBJECT :commonName 3215:d=8 hl=2 l= 33 cons: SEQUENCE
3263:d=9 hl=2 l= 51 prim: UTF8STRING :fountain-test.example.co 3217:d=9 hl=2 l= 3 prim: OBJECT :commonName
3316:d=6 hl=2 l= 118 cons: SEQUENCE 3222:d=9 hl=2 l= 26 prim: UTF8STRING : Unstrung Fountain Root
3318:d=7 hl=2 l= 16 cons: SEQUENCE 3250:d=6 hl=2 l= 118 cons: SEQUENCE
3320:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey 3252:d=7 hl=2 l= 16 cons: SEQUENCE
3329:d=8 hl=2 l= 5 prim: OBJECT :secp384r1 3254:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
3336:d=7 hl=2 l= 98 prim: BIT STRING 3263:d=8 hl=2 l= 5 prim: OBJECT :secp384r1
3436:d=6 hl=2 l= 99 cons: cont [ 3 ] 3270:d=7 hl=2 l= 98 prim: BIT STRING
3438:d=7 hl=2 l= 97 cons: SEQUENCE 3370:d=6 hl=2 l= 99 cons: cont [ 3 ]
3440:d=8 hl=2 l= 15 cons: SEQUENCE 3372:d=7 hl=2 l= 97 cons: SEQUENCE
3442:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 3374:d=8 hl=2 l= 15 cons: SEQUENCE
3447:d=9 hl=2 l= 1 prim: BOOLEAN :255 3376:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
3450:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF 3381:d=9 hl=2 l= 1 prim: BOOLEAN :255
3457:d=8 hl=2 l= 14 cons: SEQUENCE 3384:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF
3459:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 3391:d=8 hl=2 l= 14 cons: SEQUENCE
3464:d=9 hl=2 l= 1 prim: BOOLEAN :255 3393:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
3467:d=9 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020106 3398:d=9 hl=2 l= 1 prim: BOOLEAN :255
3473:d=8 hl=2 l= 29 cons: SEQUENCE 3401:d=9 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020106
3475:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Ident 3407:d=8 hl=2 l= 29 cons: SEQUENCE
3480:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414B9A5F6CB11 3409:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Ident
3504:d=8 hl=2 l= 31 cons: SEQUENCE 3414:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414B9A5F6CB11
3506:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Ide 3438:d=8 hl=2 l= 31 cons: SEQUENCE
3511:d=9 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014B9A5F6 3440:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Ide
3537:d=5 hl=2 l= 10 cons: SEQUENCE 3445:d=9 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014B9A5F6
3539:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 3471:d=5 hl=2 l= 10 cons: SEQUENCE
3549:d=5 hl=2 l= 104 prim: BIT STRING 3473:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
3655:d=3 hl=4 l= 332 cons: SET 3483:d=5 hl=2 l= 105 prim: BIT STRING
3659:d=4 hl=4 l= 328 cons: SEQUENCE 3590:d=3 hl=4 l= 306 cons: SET
3663:d=5 hl=2 l= 1 prim: INTEGER :01 3594:d=4 hl=4 l= 302 cons: SEQUENCE
3666:d=5 hl=2 l= 118 cons: SEQUENCE 3598:d=5 hl=2 l= 1 prim: INTEGER :01
3668:d=6 hl=2 l= 113 cons: SEQUENCE 3601:d=5 hl=2 l= 92 cons: SEQUENCE
3670:d=7 hl=2 l= 18 cons: SET 3603:d=6 hl=2 l= 84 cons: SEQUENCE
3672:d=8 hl=2 l= 16 cons: SEQUENCE 3605:d=7 hl=2 l= 18 cons: SET
3674:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 3607:d=8 hl=2 l= 16 cons: SEQUENCE
3686:d=9 hl=2 l= 2 prim: IA5STRING :ca 3609:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3690:d=7 hl=2 l= 25 cons: SET 3621:d=9 hl=2 l= 2 prim: IA5STRING :ca
3692:d=8 hl=2 l= 23 cons: SEQUENCE 3625:d=7 hl=2 l= 25 cons: SET
3694:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 3627:d=8 hl=2 l= 23 cons: SEQUENCE
3706:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 3629:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3717:d=7 hl=2 l= 64 cons: SET 3641:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
3719:d=8 hl=2 l= 62 cons: SEQUENCE 3652:d=7 hl=2 l= 35 cons: SET
3721:d=9 hl=2 l= 3 prim: OBJECT :commonName 3654:d=8 hl=2 l= 33 cons: SEQUENCE
3726:d=9 hl=2 l= 55 prim: UTF8STRING :#<SystemVariable:0x00000 3656:d=9 hl=2 l= 3 prim: OBJECT :commonName
3783:d=6 hl=2 l= 1 prim: INTEGER :02 3661:d=9 hl=2 l= 26 prim: UTF8STRING : Unstrung Fountain Root
3786:d=5 hl=2 l= 11 cons: SEQUENCE 3689:d=6 hl=2 l= 4 prim: INTEGER :30C3AED3
3788:d=6 hl=2 l= 9 prim: OBJECT :sha256 3695:d=5 hl=2 l= 11 cons: SEQUENCE
3799:d=5 hl=2 l= 105 cons: cont [ 0 ] 3697:d=6 hl=2 l= 9 prim: OBJECT :sha256
3801:d=6 hl=2 l= 24 cons: SEQUENCE 3708:d=5 hl=2 l= 105 cons: cont [ 0 ]
3803:d=7 hl=2 l= 9 prim: OBJECT :contentType 3710:d=6 hl=2 l= 24 cons: SEQUENCE
3814:d=7 hl=2 l= 11 cons: SET 3712:d=7 hl=2 l= 9 prim: OBJECT :contentType
3816:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data 3723:d=7 hl=2 l= 11 cons: SET
3827:d=6 hl=2 l= 28 cons: SEQUENCE 3725:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
3829:d=7 hl=2 l= 9 prim: OBJECT :signingTime 3736:d=6 hl=2 l= 28 cons: SEQUENCE
3840:d=7 hl=2 l= 15 cons: SET 3738:d=7 hl=2 l= 9 prim: OBJECT :signingTime
3842:d=8 hl=2 l= 13 prim: UTCTIME :190515212555Z 3749:d=7 hl=2 l= 15 cons: SET
3857:d=6 hl=2 l= 47 cons: SEQUENCE 3751:d=8 hl=2 l= 13 prim: UTCTIME :200203065103Z
3859:d=7 hl=2 l= 9 prim: OBJECT :messageDigest 3766:d=6 hl=2 l= 47 cons: SEQUENCE
3870:d=7 hl=2 l= 34 cons: SET 3768:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
3872:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:50508CC996CD93 3779:d=7 hl=2 l= 34 cons: SET
3906:d=5 hl=2 l= 10 cons: SEQUENCE 3781:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:084062F0EF7D66
3908:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 3815:d=5 hl=2 l= 10 cons: SEQUENCE
3918:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:3045022006D85B 3817:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
3827:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:30450221008814
The JSON contained in the voucher request. Note that the previous
voucher request is in the prior-signed-voucher-request attribute.
{"ietf-voucher-request:voucher":{"assertion":"proximity","cr
eated-on":"2020-02-03T06:51:03.626Z","serial-number":"00-D0-
E5-F2-00-02","nonce":"43l_359_7RkcqWGcZR8tgQ","prior-signed-
voucher-request":"MIIGpwYJKoZIhvcNAQcCoIIGmDCCBpQCAQExDTALBg
lghkgBZQMEAgEwggNRBgkqhkiG9w0BBwGgggNCBIIDPnsiaWV0Zi12b3VjaG
VyLXJlcXVlc3Q6dm91Y2hlciI6eyJhc3NlcnRpb24iOiJwcm94aW1pdHkiLC
JjcmVhdGVkLW9uIjoiMjAyMC0wMi0wM1QwMTo1MTowMy41NjEtMDU6MDAiLC
JzZXJpYWwtbnVtYmVyIjoiMDAtRDAtRTUtRjItMDAtMDIiLCJub25jZSI6Ij
QzbF8zNTlfN1JrY3FXR2NaUjh0Z1EiLCJwcm94aW1pdHktcmVnaXN0cmFyLW
NlcnQiOiJNSUlCMGpDQ0FWbWdBd0lCQWdJRU1NT3UwekFLQmdncWhrak9QUV
FEQWpCVU1SSXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhHVEFYQmdvSmtpYU
prL0lzWkFFWkZnbHpZVzVrWld4dFlXNHhJekFoQmdOVkJBTU1HaUJWYm5OMG
NuVnVaeUJHYjNWdWRHRnBiaUJTYjI5MElFTkJNQjRYRFRJd01ERXlPREU1Tl
RFek5sb1hEVEkxTURFeU5qRTVOVEV6Tmxvd1V6RVNNQkFHQ2dtU0pvbVQ4aX
hrQVJrV0FtTmhNUmt3RndZS0NaSW1pWlB5TEdRQkdSWUpjMkZ1WkdWc2JXRn
VNU0l3SUFZRFZRUUREQmxtYjNWdWRHRnBiaTEwWlhOMExtVjRZVzF3YkdVdV
kyOXRNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVsbVZRY2
pTNm4rWGQ1bC8yOElGdjZVaWVnUXdTQnp0R2o1ZGtLMk1BalFJUFY4bDhsSC
tFakxJT1lkYkppSTBWdEVJZjEvSnF0K1RPQmZpblROT0xPcU1hTUJnd0ZnWU
RWUjBsQVFIL0JBd3dDZ1lJS3dZQkJRVUhBeHd3Q2dZSUtvWkl6ajBFQXdJRF
p3QXdaQUl3WWcwYllLelZMQmE5QWo3MjJGMzRyS3FGeVY2ZGJhbmJHcEdlal
J5V2lCUW5OSnJFaWp0Yld1dUlwNGxqNTRXeUFqQlE2b0pUT1JFWmxGL1dYTW
10bFRrQk5JQzNWV29mWnNLSFNqZ2R6MVBwV0ZPbnJCSFVBQm5TV3FFdkFNaU
t4T0E9In19oIIB6jCCAeYwggFsoAMCAQICBA2F3C0wCgYIKoZIzj0EAwIwXT
EPMA0GA1UEBhMGQ2FuYWRhMRAwDgYDVQQIDAdPbnRhcmlvMRIwEAYDVQQLDA
lTYW5kZWxtYW4xJDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5leGFtcGxlLmNvbS
BDQTAgFw0yMDAyMDMwNjQ3MjBaGA8yOTk5MTIzMTAwMDAwMFowHDEaMBgGA1
UEBQwRMDAtRDAtRTUtRjItMDAtMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBw
NCAAQDo3VDh7N8wAqah5yt9vQ4ExzUDIQf4EBOQXnwWxNLIHGzRJtJYvEWMM
67AH2AsafZOxNQm6YnpU/Dln9M/iEno1kwVzAdBgNVHQ4EFgQURYjMlpYAZD
ewuiNlZGRUCAZsVq0wCQYDVR0TBAIwADArBggrBgEFBQcBIAQfDB1oaWdod2
F5LXRlc3QuZXhhbXBsZS5jb206OTQ0MzAKBggqhkjOPQQDAgNoADBlAjAj4a
ku7yISNFqlwhXWKL3tPZbWzgSV76fI3BioMce4BDTyt015imciJANPxc3WBr
oCMQCzjVwK0P4Eg5DTT21yl7M+AurxyFoycli3RQJQeLwEHSNeIm/Df4x815
twIJG04X8xggE7MIIBNwIBATBlMF0xDzANBgNVBAYTBkNhbmFkYTEQMA4GA1
UECAwHT250YXJpbzESMBAGA1UECwwJU2FuZGVsbWFuMSQwIgYDVQQDDBtoaW
dod2F5LXRlc3QuZXhhbXBsZS5jb20gQ0ECBA2F3C0wCwYJYIZIAWUDBAIBoG
kwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMj
AwMjAzMDY1MTAzWjAvBgkqhkiG9w0BCQQxIgQgOx/K7raSAnJ0BOHJhUeBKX
P6LUFVUv5/OIb4i3DoOigwCgYIKoZIzj0EAwIERzBFAiEA3G1jjhpGc687Nr
MyO5+2iefdiQeAGDVgc6q5ct+FnIUCIDbvSmnLbqi9unhpQ0dK4kmKate1hd
t7sx1opFr9Uize"}}
C.2.3. MASA to Registrar C.2.3. MASA to Registrar
The MASA will return a voucher to the registrar, to be relayed to the The MASA will return a voucher to the registrar, to be relayed to the
pledge. pledge.
-----BEGIN CMS----- <CODE BEGINS>
MIIGsgYJKoZIhvcNAQcCoIIGozCCBp8CAQExDTALBglghkgBZQMEAgEwggNABgkq MIIGjwYJKoZIhvcNAQcCoIIGgDCCBnwCAQExDTALBglghkgBZQMEAgEwggNABgkqhkiG9w0BBwGg
hkiG9w0BBwGgggMxBIIDLXsiaWV0Zi12b3VjaGVyOnZvdWNoZXIiOnsiYXNzZXJ0 ggMxBIIDLXsiaWV0Zi12b3VjaGVyOnZvdWNoZXIiOnsiYXNzZXJ0aW9uIjoibG9nZ2VkIiwiY3Jl
aW9uIjoibG9nZ2VkIiwiY3JlYXRlZC1vbiI6IjIwMTktMDUtMTZUMDI6NTE6NDIu YXRlZC1vbiI6IjIwMjAtMDItMDNUMDE6NTE6MDQuMTQyLTA1OjAwIiwic2VyaWFsLW51bWJlciI6
Njk3KzAwOjAwIiwic2VyaWFsLW51bWJlciI6IjAwLWQwLWU1LTAyLTAwLTJkIiwi IjAwLUQwLUU1LUYyLTAwLTAyIiwibm9uY2UiOiI0M2xfMzU5XzdSa2NxV0djWlI4dGdRIiwicGlu
bm9uY2UiOiJHWmUtT2pvZXJwS0VNNFNNN1N6UzlnIiwicGlubmVkLWRvbWFpbi1j bmVkLWRvbWFpbi1jZXJ0IjoiTUlJQjBqQ0NBVm1nQXdJQkFnSUVNTU91MHpBS0JnZ3Foa2pPUFFR
ZXJ0IjoiTUlJQjBUQ0NBVmFnQXdJQkFnSUJBakFLQmdncWhrak9QUVFEQXpCeE1S REFqQlVNUkl3RUFZS0NaSW1pWlB5TEdRQkdSWUNZMkV4R1RBWEJnb0praWFKay9Jc1pBRVpGZ2x6
SXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhHVEFYQmdvSmtpYUprL0lzWkFFWkZn WVc1a1pXeHRZVzR4SXpBaEJnTlZCQU1NR2lCVmJuTjBjblZ1WnlCR2IzVnVkR0ZwYmlCU2IyOTBJ
bHpZVzVrWld4dFlXNHhRREErQmdOVkJBTU1OeU04VTNsemRHVnRWbUZ5YVdGaWJH RU5CTUI0WERUSXdNREV5T0RFNU5URXpObG9YRFRJMU1ERXlOakU1TlRFek5sb3dVekVTTUJBR0Nn
VTZNSGd3TURBd01EQXdOR1k1TVRGaE1ENGdWVzV6ZEhKMWJtY2dSbTkxYm5SaGFX bVNKb21UOGl4a0FSa1dBbU5oTVJrd0Z3WUtDWkltaVpQeUxHUUJHUllKYzJGdVpHVnNiV0Z1TVNJ
NGdRMEV3SGhjTk1UY3hNVEEzTWpNME5USTRXaGNOTVRreE1UQTNNak0wTlRJNFdq d0lBWURWUVFEREJsbWIzVnVkR0ZwYmkxMFpYTjBMbVY0WVcxd2JHVXVZMjl0TUZrd0V3WUhLb1pJ
QkRNUkl3RUFZS0NaSW1pWlB5TEdRQkdSWUNZMkV4R1RBWEJnb0praWFKay9Jc1pB emowQ0FRWUlLb1pJemowREFRY0RRZ0FFbG1WUWNqUzZuK1hkNWwvMjhJRnY2VWllZ1F3U0J6dEdq
RVpGZ2x6WVc1a1pXeHRZVzR4RWpBUUJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERCWk1C NWRrSzJNQWpRSVBWOGw4bEgrRWpMSU9ZZGJKaUkwVnRFSWYxL0pxdCtUT0JmaW5UTk9MT3FNYU1C
TUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkpabFVISTB1cC9sM2VaZjl2 Z3dGZ1lEVlIwbEFRSC9CQXd3Q2dZSUt3WUJCUVVIQXh3d0NnWUlLb1pJemowRUF3SURad0F3WkFJ
Q0JiK2xJbm9FTUVnYzdSbytYWkN0akFJMENEMWZKZkpSL2hJeXlEbUhXeVlpTkZi d1lnMGJZS3pWTEJhOUFqNzIyRjM0cktxRnlWNmRiYW5iR3BHZWpSeVdpQlFuTkpyRWlqdGJXdXVJ
UkNIOWZ5YXJma3pnWDRwMHpUaXpxakRUQUxNQWtHQTFVZEV3UUNNQUF3Q2dZSUtv cDRsajU0V3lBakJRNm9KVE9SRVpsRi9XWE1tdGxUa0JOSUMzVldvZlpzS0hTamdkejFQcFdGT25y
Wkl6ajBFQXdNRGFRQXdaZ0l4QUxRTU51cmY4dHY1MGxST0Q1RFFYSEVPSkpOVzNR QkhVQUJuU1dxRXZBTWlLeE9BPSJ9faCCAeMwggHfMIIBZKADAgECAgQbmV9UMAoGCCqGSM49BAMC
VjJnOVFFZERTazJNWStBb1NyQlNtR1NOamg0b2xFT2hFdUxnSXhBSjRuV2ZOdytC MF0xDzANBgNVBAYTBkNhbmFkYTEQMA4GA1UECAwHT250YXJpbzESMBAGA1UECwwJU2FuZGVsbWFu
amJabUtpSWlVRWNUd0hNaEdWWGFNSFkvRjduMzl3d0tjQkJTT25kTlBxQ3BPRUxs MSQwIgYDVQQDDBtoaWdod2F5LXRlc3QuZXhhbXBsZS5jb20gQ0EwHhcNMTkwMjEyMjIyMjQxWhcN
NmJxM0NacVE9PSJ9faCCAfUwggHxMIIBeKADAgECAgQjzIkTMAoGCCqGSM49BAMC MjEwMjExMjIyMjQxWjBfMQ8wDQYDVQQGEwZDYW5hZGExEDAOBgNVBAgMB09udGFyaW8xEjAQBgNV
ME0xEjAQBgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkARkWCXNhbmRlbG1h BAsMCVNhbmRlbG1hbjEmMCQGA1UEAwwdaGlnaHdheS10ZXN0LmV4YW1wbGUuY29tIE1BU0EwWTAT
bjEcMBoGA1UEAwwTVW5zdHJ1bmcgSGlnaHdheSBDQTAeFw0xOTA0MjMyMzIxMDda BgcqhkjOPQIBBggqhkjOPQMBBwNCAASqBBWjRLniRPjJ+RsHG6Z0c5weumyps6kwqaIyWfegHUcB
Fw0xOTA1MjQwOTIxMDdaMGYxDzANBgNVBAYTBkNhbmFkYTESMBAGA1UECgwJU2Fu bbkwlX6CqLi0wV9InSITC3ySzN9ZcrisuAlLaaeloxAwDjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49
ZGVsbWFuMRMwEQYDVQQLDApob25leWR1a2VzMSowKAYDVQQDDCFtYXNhLmhvbmV5 BAMCA2kAMGYCMQC9VeWbDvv8XpUp44GzFTWqkxiiBL5EcrJRfU1t69HVwRA6sjl7Vz/FzLCjDueZ
ZHVrZXMuc2FuZGVsbWFuLmNhIE1BU0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQ1 RroCMQD2f0R9txT60Wdq1BHDS67m+5qYVvqFIS5cSEzwP/KbP66IIKeu+XL/W/l4aM8PSMkxggE7
/2UdVp8zVmgADoBNql7LcPlJsEaaVAogYEqABikNOkoTO3oPjIQfNBxtGfRFzBXx MIIBNwIBATBlMF0xDzANBgNVBAYTBkNhbmFkYTEQMA4GA1UECAwHT250YXJpbzESMBAGA1UECwwJ
gihzkTH58r8SW1L/Mej8AFqhB4SZyyjmWURdzD71Ju0M+tRritWf7T+QGaE+fcWj U2FuZGVsbWFuMSQwIgYDVQQDDBtoaWdod2F5LXRlc3QuZXhhbXBsZS5jb20gQ0ECBBuZX1QwCwYJ
EDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDZwAwZAIwOMlNOMNYEZo4yLW4 YIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAw
iRltDL8uirmjMdtVmmVYzqYHSindjP0a3pXQkQZ5LLARoSRWAjBTxsnv6ya5HpZI MjAzMDY1MTA0WjAvBgkqhkiG9w0BCQQxIgQgsbxec4y786CAcq0sVxCddMGzKF5iJ41lpkVeO3XP
IWcspDPZGlOSDPm7nuRJSDkgWqevxLI4+9nmIhsfMBsDvz1DJhAxggFMMIIBSAIB I64wCgYIKoZIzj0EAwIERzBFAiEA0o9uXmzOhmBj76XaiBRtBhidnQ88liUi8NqAx8bMpqcCIHJm
ATBVME0xEjAQBgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkARkWCXNhbmRl Hbi7+QgRbqQ3rm+9mXHiL+5DX1uYX+B8vWTDYmZ1
bG1hbjEcMBoGA1UEAwwTVW5zdHJ1bmcgSGlnaHdheSBDQQIEI8yJEzALBglghkgB <CODE ENDS>
ZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP
Fw0xOTA1MTYwMjUxNDJaMC8GCSqGSIb3DQEJBDEiBCCYRh4i21QjEjEk8leRLSVA
x/EVY5g1bM40QM21oR4c2DAKBggqhkjOPQQDAgRoMGYCMQCYYOiSbIlED4nAN0iL
e4S8ixWAZ9SXpGv77bB/G4fTTVTN35mnAeYBfeNfhC6/kOECMQDqlkCmwQJQDdEL
asj1ISinJ/FnZjjgOMz9MXOmGNGIfw9v2VBb9mVyhsOSMcqlVig=
-----END CMS-----
The ASN1 decoding of the artifact: The ASN1 decoding of the artifact:
file: examples/voucher_00-D0-E5-02-00-2D.pkcs file: examples/voucher_00-D0-E5-F2-00-02.b64
0:d=0 hl=4 l=1714 cons: SEQUENCE 0:d=0 hl=4 l=1679 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l=1699 cons: cont [ 0 ] 15:d=1 hl=4 l=1664 cons: cont [ 0 ]
19:d=2 hl=4 l=1695 cons: SEQUENCE 19:d=2 hl=4 l=1660 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01 23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 13 cons: SET 26:d=3 hl=2 l= 13 cons: SET
28:d=4 hl=2 l= 11 cons: SEQUENCE 28:d=4 hl=2 l= 11 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256 30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=3 hl=4 l= 832 cons: SEQUENCE 41:d=3 hl=4 l= 832 cons: SEQUENCE
45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
56:d=4 hl=4 l= 817 cons: cont [ 0 ] 56:d=4 hl=4 l= 817 cons: cont [ 0 ]
60:d=5 hl=4 l= 813 prim: OCTET STRING :{"ietf-voucher:voucher": 60:d=5 hl=4 l= 813 prim: OCTET STRING :{"ietf-voucher:voucher":
877:d=3 hl=4 l= 501 cons: cont [ 0 ] 877:d=3 hl=4 l= 483 cons: cont [ 0 ]
881:d=4 hl=4 l= 497 cons: SEQUENCE 881:d=4 hl=4 l= 479 cons: SEQUENCE
885:d=5 hl=4 l= 376 cons: SEQUENCE 885:d=5 hl=4 l= 356 cons: SEQUENCE
889:d=6 hl=2 l= 3 cons: cont [ 0 ] 889:d=6 hl=2 l= 3 cons: cont [ 0 ]
891:d=7 hl=2 l= 1 prim: INTEGER :02 891:d=7 hl=2 l= 1 prim: INTEGER :02
894:d=6 hl=2 l= 4 prim: INTEGER :23CC8913 894:d=6 hl=2 l= 4 prim: INTEGER :1B995F54
900:d=6 hl=2 l= 10 cons: SEQUENCE 900:d=6 hl=2 l= 10 cons: SEQUENCE
902:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 902:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
912:d=6 hl=2 l= 77 cons: SEQUENCE 912:d=6 hl=2 l= 93 cons: SEQUENCE
914:d=7 hl=2 l= 18 cons: SET 914:d=7 hl=2 l= 15 cons: SET
916:d=8 hl=2 l= 16 cons: SEQUENCE 916:d=8 hl=2 l= 13 cons: SEQUENCE
918:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 918:d=9 hl=2 l= 3 prim: OBJECT :countryName
930:d=9 hl=2 l= 2 prim: IA5STRING :ca 923:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada
934:d=7 hl=2 l= 25 cons: SET 931:d=7 hl=2 l= 16 cons: SET
936:d=8 hl=2 l= 23 cons: SEQUENCE 933:d=8 hl=2 l= 14 cons: SEQUENCE
938:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 935:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
950:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 940:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario
961:d=7 hl=2 l= 28 cons: SET 949:d=7 hl=2 l= 18 cons: SET
963:d=8 hl=2 l= 26 cons: SEQUENCE 951:d=8 hl=2 l= 16 cons: SEQUENCE
965:d=9 hl=2 l= 3 prim: OBJECT :commonName 953:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
970:d=9 hl=2 l= 19 prim: UTF8STRING :Unstrung Highway CA 958:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman
991:d=6 hl=2 l= 30 cons: SEQUENCE 969:d=7 hl=2 l= 36 cons: SET
993:d=7 hl=2 l= 13 prim: UTCTIME :190423232107Z 971:d=8 hl=2 l= 34 cons: SEQUENCE
1008:d=7 hl=2 l= 13 prim: UTCTIME :190524092107Z 973:d=9 hl=2 l= 3 prim: OBJECT :commonName
1023:d=6 hl=2 l= 102 cons: SEQUENCE 978:d=9 hl=2 l= 27 prim: UTF8STRING :highway-test.example.com
1025:d=7 hl=2 l= 15 cons: SET 1007:d=6 hl=2 l= 30 cons: SEQUENCE
1027:d=8 hl=2 l= 13 cons: SEQUENCE 1009:d=7 hl=2 l= 13 prim: UTCTIME :190212222241Z
1029:d=9 hl=2 l= 3 prim: OBJECT :countryName 1024:d=7 hl=2 l= 13 prim: UTCTIME :210211222241Z
1034:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada 1039:d=6 hl=2 l= 95 cons: SEQUENCE
1042:d=7 hl=2 l= 18 cons: SET 1041:d=7 hl=2 l= 15 cons: SET
1044:d=8 hl=2 l= 16 cons: SEQUENCE 1043:d=8 hl=2 l= 13 cons: SEQUENCE
1046:d=9 hl=2 l= 3 prim: OBJECT :organizationName 1045:d=9 hl=2 l= 3 prim: OBJECT :countryName
1051:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman 1050:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada
1062:d=7 hl=2 l= 19 cons: SET 1058:d=7 hl=2 l= 16 cons: SET
1064:d=8 hl=2 l= 17 cons: SEQUENCE 1060:d=8 hl=2 l= 14 cons: SEQUENCE
1066:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName 1062:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
1071:d=9 hl=2 l= 10 prim: UTF8STRING :honeydukes 1067:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario
1083:d=7 hl=2 l= 42 cons: SET 1076:d=7 hl=2 l= 18 cons: SET
1085:d=8 hl=2 l= 40 cons: SEQUENCE 1078:d=8 hl=2 l= 16 cons: SEQUENCE
1087:d=9 hl=2 l= 3 prim: OBJECT :commonName 1080:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
1092:d=9 hl=2 l= 33 prim: UTF8STRING :masa.honeydukes.sandelma 1085:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman
1127:d=6 hl=2 l= 118 cons: SEQUENCE 1096:d=7 hl=2 l= 38 cons: SET
1129:d=7 hl=2 l= 16 cons: SEQUENCE 1098:d=8 hl=2 l= 36 cons: SEQUENCE
1131:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey 1100:d=9 hl=2 l= 3 prim: OBJECT :commonName
1140:d=8 hl=2 l= 5 prim: OBJECT :secp384r1 1105:d=9 hl=2 l= 29 prim: UTF8STRING :highway-test.example.com
1147:d=7 hl=2 l= 98 prim: BIT STRING 1136:d=6 hl=2 l= 89 cons: SEQUENCE
1247:d=6 hl=2 l= 16 cons: cont [ 3 ] 1138:d=7 hl=2 l= 19 cons: SEQUENCE
1249:d=7 hl=2 l= 14 cons: SEQUENCE 1140:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
1251:d=8 hl=2 l= 12 cons: SEQUENCE 1149:d=8 hl=2 l= 8 prim: OBJECT :prime256v1
1253:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 1159:d=7 hl=2 l= 66 prim: BIT STRING
1258:d=9 hl=2 l= 1 prim: BOOLEAN :255 1227:d=6 hl=2 l= 16 cons: cont [ 3 ]
1261:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 1229:d=7 hl=2 l= 14 cons: SEQUENCE
1265:d=5 hl=2 l= 10 cons: SEQUENCE 1231:d=8 hl=2 l= 12 cons: SEQUENCE
1267:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 1233:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
1277:d=5 hl=2 l= 103 prim: BIT STRING 1238:d=9 hl=2 l= 1 prim: BOOLEAN :255
1382:d=3 hl=4 l= 332 cons: SET 1241:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
1386:d=4 hl=4 l= 328 cons: SEQUENCE 1245:d=5 hl=2 l= 10 cons: SEQUENCE
1390:d=5 hl=2 l= 1 prim: INTEGER :01 1247:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1393:d=5 hl=2 l= 85 cons: SEQUENCE 1257:d=5 hl=2 l= 105 prim: BIT STRING
1395:d=6 hl=2 l= 77 cons: SEQUENCE 1364:d=3 hl=4 l= 315 cons: SET
1397:d=7 hl=2 l= 18 cons: SET 1368:d=4 hl=4 l= 311 cons: SEQUENCE
1399:d=8 hl=2 l= 16 cons: SEQUENCE 1372:d=5 hl=2 l= 1 prim: INTEGER :01
1401:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 1375:d=5 hl=2 l= 101 cons: SEQUENCE
1413:d=9 hl=2 l= 2 prim: IA5STRING :ca 1377:d=6 hl=2 l= 93 cons: SEQUENCE
1417:d=7 hl=2 l= 25 cons: SET 1379:d=7 hl=2 l= 15 cons: SET
1419:d=8 hl=2 l= 23 cons: SEQUENCE 1381:d=8 hl=2 l= 13 cons: SEQUENCE
1421:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 1383:d=9 hl=2 l= 3 prim: OBJECT :countryName
1433:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 1388:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada
1444:d=7 hl=2 l= 28 cons: SET 1396:d=7 hl=2 l= 16 cons: SET
1446:d=8 hl=2 l= 26 cons: SEQUENCE 1398:d=8 hl=2 l= 14 cons: SEQUENCE
1448:d=9 hl=2 l= 3 prim: OBJECT :commonName 1400:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
1453:d=9 hl=2 l= 19 prim: UTF8STRING :Unstrung Highway CA 1405:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario
1474:d=6 hl=2 l= 4 prim: INTEGER :23CC8913 1414:d=7 hl=2 l= 18 cons: SET
1480:d=5 hl=2 l= 11 cons: SEQUENCE 1416:d=8 hl=2 l= 16 cons: SEQUENCE
1482:d=6 hl=2 l= 9 prim: OBJECT :sha256 1418:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
1493:d=5 hl=2 l= 105 cons: cont [ 0 ] 1423:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman
1495:d=6 hl=2 l= 24 cons: SEQUENCE 1434:d=7 hl=2 l= 36 cons: SET
1497:d=7 hl=2 l= 9 prim: OBJECT :contentType 1436:d=8 hl=2 l= 34 cons: SEQUENCE
1508:d=7 hl=2 l= 11 cons: SET 1438:d=9 hl=2 l= 3 prim: OBJECT :commonName
1510:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data 1443:d=9 hl=2 l= 27 prim: UTF8STRING :highway-test.example.com
1521:d=6 hl=2 l= 28 cons: SEQUENCE 1472:d=6 hl=2 l= 4 prim: INTEGER :1B995F54
1523:d=7 hl=2 l= 9 prim: OBJECT :signingTime 1478:d=5 hl=2 l= 11 cons: SEQUENCE
1534:d=7 hl=2 l= 15 cons: SET 1480:d=6 hl=2 l= 9 prim: OBJECT :sha256
1536:d=8 hl=2 l= 13 prim: UTCTIME :190516025142Z 1491:d=5 hl=2 l= 105 cons: cont [ 0 ]
1551:d=6 hl=2 l= 47 cons: SEQUENCE 1493:d=6 hl=2 l= 24 cons: SEQUENCE
1553:d=7 hl=2 l= 9 prim: OBJECT :messageDigest 1495:d=7 hl=2 l= 9 prim: OBJECT :contentType
1564:d=7 hl=2 l= 34 cons: SET 1506:d=7 hl=2 l= 11 cons: SET
1566:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:98461E22DB5423 1508:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
1600:d=5 hl=2 l= 10 cons: SEQUENCE 1519:d=6 hl=2 l= 28 cons: SEQUENCE
1602:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 1521:d=7 hl=2 l= 9 prim: OBJECT :signingTime
1612:d=5 hl=2 l= 104 prim: OCTET STRING [HEX DUMP]:30660231009860 1532:d=7 hl=2 l= 15 cons: SET
1534:d=8 hl=2 l= 13 prim: UTCTIME :200203065104Z
1549:d=6 hl=2 l= 47 cons: SEQUENCE
1551:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
1562:d=7 hl=2 l= 34 cons: SET
1564:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:B1BC5E738CBBF3
1598:d=5 hl=2 l= 10 cons: SEQUENCE
1600:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1610:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:3045022100D28F
Appendix D. Additional References Appendix D. Additional References
RFC EDITOR Please remove this section before publication. It exists RFC EDITOR Please remove this section before publication. It exists
just to include references to the things in the YANG descriptions just to include references to the things in the YANG descriptions
which are not otherwise referenced in the text so that xml2rfc will which are not otherwise referenced in the text so that xml2rfc will
not complain. not complain.
[ITU.X690.1994] [ITU.X690.1994]
 End of changes. 47 change blocks. 
606 lines changed or deleted 645 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/