draft-ietf-anima-bootstrapping-keyinfra-35.txt   draft-ietf-anima-bootstrapping-keyinfra-36.txt 
ANIMA WG M. Pritikin ANIMA WG M. Pritikin
Internet-Draft Cisco Internet-Draft Cisco
Intended status: Standards Track M. Richardson Intended status: Standards Track M. Richardson
Expires: 8 August 2020 Sandelman Expires: 29 August 2020 Sandelman
T.T.E. Eckert T.T.E. Eckert
Futurewei USA Futurewei USA
M.H. Behringer M.H. Behringer
K.W. Watsen K.W. Watsen
Watsen Networks Watsen Networks
5 February 2020 26 February 2020
Bootstrapping Remote Secure Key Infrastructures (BRSKI) Bootstrapping Remote Secure Key Infrastructures (BRSKI)
draft-ietf-anima-bootstrapping-keyinfra-35 draft-ietf-anima-bootstrapping-keyinfra-36
Abstract Abstract
This document specifies automated bootstrapping of an Autonomic This document specifies automated bootstrapping of an Autonomic
Control Plane. To do this a Secure Key Infrastructure is Control Plane. To do this a Secure Key Infrastructure is
bootstrapped. This is done using manufacturer-installed X.509 bootstrapped. This is done using manufacturer-installed X.509
certificates, in combination with a manufacturer's authorizing certificates, in combination with a manufacturer's authorizing
service, both online and offline. We call this process the service, both online and offline. We call this process the
Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol. Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol.
Bootstrapping a new device can occur using a routable address and a Bootstrapping a new device can occur using a routable address and a
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 8 August 2020. This Internet-Draft will expire on 29 August 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1. Prior Bootstrapping Approaches . . . . . . . . . . . . . 6 1.1. Prior Bootstrapping Approaches . . . . . . . . . . . . . 6
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 7 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 8
1.3. Scope of solution . . . . . . . . . . . . . . . . . . . . 10 1.3. Scope of solution . . . . . . . . . . . . . . . . . . . . 11
1.3.1. Support environment . . . . . . . . . . . . . . . . . 10 1.3.1. Support environment . . . . . . . . . . . . . . . . . 11
1.3.2. Constrained environments . . . . . . . . . . . . . . 11 1.3.2. Constrained environments . . . . . . . . . . . . . . 11
1.3.3. Network Access Controls . . . . . . . . . . . . . . . 12 1.3.3. Network Access Controls . . . . . . . . . . . . . . . 12
1.3.4. Bootstrapping is not Booting . . . . . . . . . . . . 12 1.3.4. Bootstrapping is not Booting . . . . . . . . . . . . 12
1.4. Leveraging the new key infrastructure / next steps . . . 12 1.4. Leveraging the new key infrastructure / next steps . . . 12
1.5. Requirements for Autonomic Network Infrastructure (ANI) 1.5. Requirements for Autonomic Network Infrastructure (ANI)
devices . . . . . . . . . . . . . . . . . . . . . . . . . 13 devices . . . . . . . . . . . . . . . . . . . . . . . . . 13
2. Architectural Overview . . . . . . . . . . . . . . . . . . . 13 2. Architectural Overview . . . . . . . . . . . . . . . . . . . 13
2.1. Behavior of a Pledge . . . . . . . . . . . . . . . . . . 15 2.1. Behavior of a Pledge . . . . . . . . . . . . . . . . . . 15
2.2. Secure Imprinting using Vouchers . . . . . . . . . . . . 16 2.2. Secure Imprinting using Vouchers . . . . . . . . . . . . 16
2.3. Initial Device Identifier . . . . . . . . . . . . . . . . 17 2.3. Initial Device Identifier . . . . . . . . . . . . . . . . 17
skipping to change at page 4, line 46 skipping to change at page 4, line 46
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 90 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 90
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 90 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 90
13.1. Normative References . . . . . . . . . . . . . . . . . . 90 13.1. Normative References . . . . . . . . . . . . . . . . . . 90
13.2. Informative References . . . . . . . . . . . . . . . . . 94 13.2. Informative References . . . . . . . . . . . . . . . . . 94
Appendix A. IPv4 and non-ANI operations . . . . . . . . . . . . 98 Appendix A. IPv4 and non-ANI operations . . . . . . . . . . . . 98
A.1. IPv4 Link Local addresses . . . . . . . . . . . . . . . . 98 A.1. IPv4 Link Local addresses . . . . . . . . . . . . . . . . 98
A.2. Use of DHCPv4 . . . . . . . . . . . . . . . . . . . . . . 98 A.2. Use of DHCPv4 . . . . . . . . . . . . . . . . . . . . . . 98
Appendix B. mDNS / DNSSD proxy discovery options . . . . . . . . 98 Appendix B. mDNS / DNSSD proxy discovery options . . . . . . . . 98
Appendix C. Example Vouchers . . . . . . . . . . . . . . . . . . 99 Appendix C. Example Vouchers . . . . . . . . . . . . . . . . . . 99
C.1. Keys involved . . . . . . . . . . . . . . . . . . . . . . 99 C.1. Keys involved . . . . . . . . . . . . . . . . . . . . . . 99
C.1.1. MASA key pair for voucher signatures . . . . . . . . 99 C.1.1. Manufacturer Certificate Authority for IDevID
C.1.2. Manufacturer key pair for IDevID signatures . . . . . 100 signatures . . . . . . . . . . . . . . . . . . . . . 100
C.1.3. Registrar key pair . . . . . . . . . . . . . . . . . 100 C.1.2. MASA key pair for voucher signatures . . . . . . . . 101
C.1.4. Pledge key pair . . . . . . . . . . . . . . . . . . . 102 C.1.3. Registrar Certificate Authority . . . . . . . . . . . 103
C.2. Example process . . . . . . . . . . . . . . . . . . . . . 104 C.1.4. Registrar key pair . . . . . . . . . . . . . . . . . 104
C.2.1. Pledge to Registrar . . . . . . . . . . . . . . . . . 105 C.1.5. Pledge key pair . . . . . . . . . . . . . . . . . . . 105
C.2.2. Registrar to MASA . . . . . . . . . . . . . . . . . . 108 C.2. Example process . . . . . . . . . . . . . . . . . . . . . 107
C.2.3. MASA to Registrar . . . . . . . . . . . . . . . . . . 114 C.2.1. Pledge to Registrar . . . . . . . . . . . . . . . . . 107
Appendix D. Additional References . . . . . . . . . . . . . . . 118 C.2.2. Registrar to MASA . . . . . . . . . . . . . . . . . . 110
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 118 C.2.3. MASA to Registrar . . . . . . . . . . . . . . . . . . 116
Appendix D. Additional References . . . . . . . . . . . . . . . 120
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 120
1. Introduction 1. Introduction
The Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol The Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol
provides a solution for secure zero-touch (automated) bootstrap of provides a solution for secure zero-touch (automated) bootstrap of
new (unconfigured) devices that are called pledges in this document. new (unconfigured) devices that are called pledges in this document.
Pledges have an IDevID installed in them at the factory. Pledges have an IDevID installed in them at the factory.
"BRSKI" is pronounced like "brewski", a colloquial term for beer in "BRSKI" is pronounced like "brewski", a colloquial term for beer in
Canada and parts of the US-midwest. [brewski] Canada and parts of the US-midwest. [brewski]
skipping to change at page 90, line 49 skipping to change at page 90, line 49
members, including Adam Roach, Alexey Melnikov, Alissa Cooper, members, including Adam Roach, Alexey Melnikov, Alissa Cooper,
Benjamin Kaduk, Eric Vyncke, Roman Danyliw, and Magnus Westerlund. Benjamin Kaduk, Eric Vyncke, Roman Danyliw, and Magnus Westerlund.
13. References 13. References
13.1. Normative References 13.1. Normative References
[I-D.ietf-anima-autonomic-control-plane] [I-D.ietf-anima-autonomic-control-plane]
Eckert, T., Behringer, M., and S. Bjarnason, "An Autonomic Eckert, T., Behringer, M., and S. Bjarnason, "An Autonomic
Control Plane (ACP)", Work in Progress, Internet-Draft, Control Plane (ACP)", Work in Progress, Internet-Draft,
draft-ietf-anima-autonomic-control-plane-21, 3 November draft-ietf-anima-autonomic-control-plane-22, 3 February
2019, <http://www.ietf.org/internet-drafts/draft-ietf- 2020, <http://www.ietf.org/internet-drafts/draft-ietf-
anima-autonomic-control-plane-21.txt>. anima-autonomic-control-plane-22.txt>.
[I-D.ietf-anima-grasp] [I-D.ietf-anima-grasp]
Bormann, C., Carpenter, B., and B. Liu, "A Generic Bormann, C., Carpenter, B., and B. Liu, "A Generic
Autonomic Signaling Protocol (GRASP)", Work in Progress, Autonomic Signaling Protocol (GRASP)", Work in Progress,
Internet-Draft, draft-ietf-anima-grasp-15, 13 July 2017, Internet-Draft, draft-ietf-anima-grasp-15, 13 July 2017,
<http://www.ietf.org/internet-drafts/draft-ietf-anima- <http://www.ietf.org/internet-drafts/draft-ietf-anima-
grasp-15.txt>. grasp-15.txt>.
[IDevID] "IEEE 802.1AR Secure Device Identifier", December 2009, [IDevID] "IEEE 802.1AR Secure Device Identifier", December 2009,
<http://standards.ieee.org/findstds/standard/802.1AR- <http://standards.ieee.org/findstds/standard/802.1AR-
skipping to change at page 96, line 19 skipping to change at page 96, line 19
privacy update (accessed 2018-12-02)", March 2017, privacy update (accessed 2018-12-02)", March 2017,
<https://www.welivesecurity.com/2017/03/03/internet-of- <https://www.welivesecurity.com/2017/03/03/internet-of-
things-security-privacy-iot-update/>. things-security-privacy-iot-update/>.
[livingwithIoT] [livingwithIoT]
"What is it actually like to live in a house filled with "What is it actually like to live in a house filled with
IoT devices? (accessed 2018-12-02)", February 2018, IoT devices? (accessed 2018-12-02)", February 2018,
<https://www.siliconrepublic.com/machines/iot-smart- <https://www.siliconrepublic.com/machines/iot-smart-
devices-reality>. devices-reality>.
[minerva] Richardsdon, M., "Minerva reference implementation for
BRSKI", 2020, <https://minerva.sandelman.ca/>.
[minervagithub]
Richardsdon, M., "GITHUB hosting of Minerva reference
code", 2020, <https://github.com/ANIMAgus-minerva>.
[openssl] "OpenSSL X509 utility", September 2019, [openssl] "OpenSSL X509 utility", September 2019,
<https://www.openssl.org/docs/man1.1.1/man1/openssl- <https://www.openssl.org/docs/man1.1.1/man1/openssl-
x509.html/>. x509.html/>.
[RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address [RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address
Translator (NAT) Terminology and Considerations", Translator (NAT) Terminology and Considerations",
RFC 2663, DOI 10.17487/RFC2663, August 1999, RFC 2663, DOI 10.17487/RFC2663, August 1999,
<https://www.rfc-editor.org/info/rfc2663>. <https://www.rfc-editor.org/info/rfc2663>.
[RFC5209] Sangster, P., Khosravi, H., Mani, M., Narayan, K., and J. [RFC5209] Sangster, P., Khosravi, H., Mani, M., Narayan, K., and J.
skipping to change at page 99, line 30 skipping to change at page 99, line 36
on to normal DNS-based Service Discovery. on to normal DNS-based Service Discovery.
Appendix C. Example Vouchers Appendix C. Example Vouchers
Three entities are involved in a voucher: the MASA issues (signs) it, Three entities are involved in a voucher: the MASA issues (signs) it,
the registrar's public key is mentioned in the voucher, and the the registrar's public key is mentioned in the voucher, and the
pledge validates it. In order to provide reproduceable examples the pledge validates it. In order to provide reproduceable examples the
public and private keys for an example MASA and registrar are first public and private keys for an example MASA and registrar are first
listed. listed.
The keys come from an open source reference implementation of BRSKI,
called "Minerva" [minerva]. It is available on github
[minervagithub]. The keys presented here are used in the unit and
integration tests. The MASA code is called "highway", the Registrar
code is called "fountain", and the example client is called "reach".
The public key components of each are presented as both base64
certificates, as well as being decoded by openssl's x509 utility so
that the extensions can be seen. This was version 1.1.1c of the
[openssl] library and utility.
C.1. Keys involved C.1. Keys involved
The Manufacturer has a Certificate Authority that signs the pledge's The Manufacturer has a Certificate Authority that signs the pledge's
IDevID. In addition the Manufacturer's signing authority (the MASA) IDevID. In addition the Manufacturer's signing authority (the MASA)
signs the vouchers, and that certificate must distributed to the signs the vouchers, and that certificate must distributed to the
devices at manufacturing time so that vouchers can be validated. devices at manufacturing time so that vouchers can be validated.
C.1.1. MASA key pair for voucher signatures C.1.1. Manufacturer Certificate Authority for IDevID signatures
This private key signs vouchers: This private key is Certificate Authority that signs IDevID
certificates:
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDAgiRoYqKoEcfOfvRvmZ5P5Azn58tuI7nSnIy7OgFnCeiNo+BmbgMho MIGkAgEBBDCAYkoLW1IEA5SKKhMMdkTK7sJxk5ybKqYq9Yr5aR7tNwqXyLGS7z8G
r6lcU60gwVagBwYFK4EEACKhZANiAATZAH3Rb2FvIJOnts+vXuWW35ofyNbCHzjA 8S4w/UJ58BqgBwYFK4EEACKhZANiAAQu5/yktJbFLjMC87h7b+yTreFuF8GwewKH
zOi2kWZFE1ByurKImNcNMFGirGnRXIXGqWCfw5ICgJ8CuM3vV5ty9bf7KUlOkejz L4mS0r0dVAQubqDUQcTrjvpXrXCpTojiLCzgp8fzkcUDkZ9LD/M90LDipiLNIOkP
Tvv+5PV++elkP9HQ83vqTAws2WwWTxI= juF8QkoAbT8pMrY83MS8y76wZ7AalNQ=
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----
This public key validates vouchers: This public key validates IDevID certificates:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 519772114 (0x1efb17d2)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = Canada, ST = Ontario, OU = Sandelman, CN = highway-test.example.com CA
Validity
Not Before: Feb 12 22:22:21 2019 GMT
Not After : Feb 11 22:22:21 2021 GMT
Subject: C = Canada, ST = Ontario, OU = Sandelman, CN = highway-test.example.com CA
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:2e:e7:fc:a4:b4:96:c5:2e:33:02:f3:b8:7b:6f:
ec:93:ad:e1:6e:17:c1:b0:7b:02:87:2f:89:92:d2:
bd:1d:54:04:2e:6e:a0:d4:41:c4:eb:8e:fa:57:ad:
70:a9:4e:88:e2:2c:2c:e0:a7:c7:f3:91:c5:03:91:
9f:4b:0f:f3:3d:d0:b0:e2:a6:22:cd:20:e9:0f:8e:
e1:7c:42:4a:00:6d:3f:29:32:b6:3c:dc:c4:bc:cb:
be:b0:67:b0:1a:94:d4
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
5E:0C:A9:52:5A:8C:DF:A9:0F:03:14:E9:96:F1:80:76:8C:53:8A:08
X509v3 Authority Key Identifier:
keyid:5E:0C:A9:52:5A:8C:DF:A9:0F:03:14:E9:96:F1:80:76:8C:53:8A:08
Signature Algorithm: ecdsa-with-SHA256
30:65:02:30:5f:21:fd:c6:ab:d6:94:a6:cd:ca:37:2c:81:33:
87:fe:7b:e1:b5:1a:e8:6c:05:43:a6:8b:4e:22:b5:55:e9:48:
0c:b5:97:f3:c9:1a:65:d9:97:4b:f0:21:86:0d:cb:26:02:31:
00:e3:2d:0d:08:49:4d:a3:f5:dc:57:1f:a7:13:26:a4:e0:d6:
3a:c2:d5:4a:50:83:62:26:2e:79:2b:d0:a5:ee:66:d5:bf:16:
9a:33:75:b4:d1:8d:ba:d3:50:77:6b:92:df
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBzzCCAVagAwIBAgIBATAKBggqhkjOPQQDAjBNMRIwEAYKCZImiZPyLGQBGRYC MIICTDCCAdKgAwIBAgIEHvsX0jAKBggqhkjOPQQDAjBdMQ8wDQYDVQQGEwZDYW5h
Y2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xHDAaBgNVBAMME1Vuc3RydW5n ZGExEDAOBgNVBAgMB09udGFyaW8xEjAQBgNVBAsMCVNhbmRlbG1hbjEkMCIGA1UE
IEhpZ2h3YXkgQ0EwHhcNMTcwMzI2MTYxOTQwWhcNMTkwMzI2MTYxOTQwWjBHMRIw AwwbaGlnaHdheS10ZXN0LmV4YW1wbGUuY29tIENBMB4XDTE5MDIxMjIyMjIyMVoX
EAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xFjAU DTIxMDIxMTIyMjIyMVowXTEPMA0GA1UEBhMGQ2FuYWRhMRAwDgYDVQQIDAdPbnRh
BgNVBAMMDVVuc3RydW5nIE1BU0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZAH3R cmlvMRIwEAYDVQQLDAlTYW5kZWxtYW4xJDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5l
b2FvIJOnts+vXuWW35ofyNbCHzjAzOi2kWZFE1ByurKImNcNMFGirGnRXIXGqWCf eGFtcGxlLmNvbSBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABC7n/KS0lsUuMwLz
w5ICgJ8CuM3vV5ty9bf7KUlOkejzTvv+5PV++elkP9HQ83vqTAws2WwWTxKjEDAO uHtv7JOt4W4XwbB7AocviZLSvR1UBC5uoNRBxOuO+letcKlOiOIsLOCnx/ORxQOR
MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDZwAwZAIwGb0oyM0doP6t3/LSPL5O n0sP8z3QsOKmIs0g6Q+O4XxCSgBtPykytjzcxLzLvrBnsBqU1KNjMGEwDwYDVR0T
DuatEwMYh7WGO+IYTHC8K7EyHBOmCYReKT2+GhV/CLWzAjBNy6UMJTt1tsxJsJqd AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFF4MqVJajN+pDwMU
MPUIFj+4wZg1AOIb/JoA6M7r33pwLQTrHRxEzVMGfWOkYUw= 6ZbxgHaMU4oIMB8GA1UdIwQYMBaAFF4MqVJajN+pDwMU6ZbxgHaMU4oIMAoGCCqG
SM49BAMCA2gAMGUCMF8h/car1pSmzco3LIEzh/574bUa6GwFQ6aLTiK1VelIDLWX
88kaZdmXS/Ahhg3LJgIxAOMtDQhJTaP13FcfpxMmpODWOsLVSlCDYiYueSvQpe5m
1b8WmjN1tNGNutNQd2uS3w==
-----END CERTIFICATE----- -----END CERTIFICATE-----
C.1.2. Manufacturer key pair for IDevID signatures C.1.2. MASA key pair for voucher signatures
This private key signs IDevID certificates: This private key signs vouchers:
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDAgiRoYqKoEcfOfvRvmZ5P5Azn58tuI7nSnIy7OgFnCeiNo+BmbgMho MHcCAQEEIFhdd0eDdzip67kXx72K+KHGJQYJHNy8pkiLJ6CcvxMGoAoGCCqGSM49
r6lcU60gwVagBwYFK4EEACKhZANiAATZAH3Rb2FvIJOnts+vXuWW35ofyNbCHzjA AwEHoUQDQgAEqgQVo0S54kT4yfkbBxumdHOcHrpsqbOpMKmiMln3oB1HAW25MJV+
zOi2kWZFE1ByurKImNcNMFGirGnRXIXGqWCfw5ICgJ8CuM3vV5ty9bf7KUlOkejz gqi4tMFfSJ0iEwt8kszfWXK4rLgJS2mnpQ==
Tvv+5PV++elkP9HQ83vqTAws2WwWTxI=
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----
This public key validates IDevID certificates: This public key validates vouchers, and it has been signed by the CA
above:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 463036244 (0x1b995f54)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = Canada, ST = Ontario, OU = Sandelman, CN = highway-test.example.com CA
Validity
Not Before: Feb 12 22:22:41 2019 GMT
Not After : Feb 11 22:22:41 2021 GMT
Subject: C = Canada, ST = Ontario, OU = Sandelman, CN = highway-test.example.com MASA
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:aa:04:15:a3:44:b9:e2:44:f8:c9:f9:1b:07:1b:
a6:74:73:9c:1e:ba:6c:a9:b3:a9:30:a9:a2:32:59:
f7:a0:1d:47:01:6d:b9:30:95:7e:82:a8:b8:b4:c1:
5f:48:9d:22:13:0b:7c:92:cc:df:59:72:b8:ac:b8:
09:4b:69:a7:a5
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: ecdsa-with-SHA256
30:66:02:31:00:bd:55:e5:9b:0e:fb:fc:5e:95:29:e3:81:b3:
15:35:aa:93:18:a2:04:be:44:72:b2:51:7d:4d:6d:eb:d1:d5:
c1:10:3a:b2:39:7b:57:3f:c5:cc:b0:a3:0e:e7:99:46:ba:02:
31:00:f6:7f:44:7d:b7:14:fa:d1:67:6a:d4:11:c3:4b:ae:e6:
fb:9a:98:56:fa:85:21:2e:5c:48:4c:f0:3f:f2:9b:3f:ae:88:
20:a7:ae:f9:72:ff:5b:f9:78:68:cf:0f:48:c9
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBzzCCAVagAwIBAgIBATAKBggqhkjOPQQDAjBNMRIwEAYKCZImiZPyLGQBGRYC MIIB3zCCAWSgAwIBAgIEG5lfVDAKBggqhkjOPQQDAjBdMQ8wDQYDVQQGEwZDYW5h
Y2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xHDAaBgNVBAMME1Vuc3RydW5n ZGExEDAOBgNVBAgMB09udGFyaW8xEjAQBgNVBAsMCVNhbmRlbG1hbjEkMCIGA1UE
IEhpZ2h3YXkgQ0EwHhcNMTcwMzI2MTYxOTQwWhcNMTkwMzI2MTYxOTQwWjBHMRIw AwwbaGlnaHdheS10ZXN0LmV4YW1wbGUuY29tIENBMB4XDTE5MDIxMjIyMjI0MVoX
EAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xFjAU DTIxMDIxMTIyMjI0MVowXzEPMA0GA1UEBhMGQ2FuYWRhMRAwDgYDVQQIDAdPbnRh
BgNVBAMMDVVuc3RydW5nIE1BU0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZAH3R cmlvMRIwEAYDVQQLDAlTYW5kZWxtYW4xJjAkBgNVBAMMHWhpZ2h3YXktdGVzdC5l
b2FvIJOnts+vXuWW35ofyNbCHzjAzOi2kWZFE1ByurKImNcNMFGirGnRXIXGqWCf eGFtcGxlLmNvbSBNQVNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqgQVo0S5
w5ICgJ8CuM3vV5ty9bf7KUlOkejzTvv+5PV++elkP9HQ83vqTAws2WwWTxKjEDAO 4kT4yfkbBxumdHOcHrpsqbOpMKmiMln3oB1HAW25MJV+gqi4tMFfSJ0iEwt8kszf
MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDZwAwZAIwGb0oyM0doP6t3/LSPL5O WXK4rLgJS2mnpaMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjOPQQDAgNpADBmAjEA
DuatEwMYh7WGO+IYTHC8K7EyHBOmCYReKT2+GhV/CLWzAjBNy6UMJTt1tsxJsJqd vVXlmw77/F6VKeOBsxU1qpMYogS+RHKyUX1NbevR1cEQOrI5e1c/xcywow7nmUa6
MPUIFj+4wZg1AOIb/JoA6M7r33pwLQTrHRxEzVMGfWOkYUw= AjEA9n9EfbcU+tFnatQRw0uu5vuamFb6hSEuXEhM8D/ymz+uiCCnrvly/1v5eGjP
D0jJ
-----END CERTIFICATE----- -----END CERTIFICATE-----
C.1.3. Registrar key pair C.1.3. Registrar Certificate Authority
The registrar key (or chain) is the representative of the domain This Certificate Authority enrolls the pledge once it is authorized,
owner. This key signs registrar voucher-requests: and it also signs the Registrar's certificate.
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MHcCAQEEIFZodk+PC5Mu24+ra0sbOjKzan+dW5rvDAR7YuJUOC1YoAoGCCqGSM49 MIGkAgEBBDCHnLI0MSOLf8XndiZqoZdqblcPR5YSoPGhPOuFxWy1gFi9HbWv8b/R
AwEHoUQDQgAElmVQcjS6n+Xd5l/28IFv6UiegQwSBztGj5dkK2MAjQIPV8l8lH+E EGdRgGEVSjKgBwYFK4EEACKhZANiAAQbf1m6F8MavGaNjGzgw/oxcQ9l9iKRvbdW
jLIOYdbJiI0VtEIf1/Jqt+TOBfinTNOLOg== gAfb37h6pUVNeYpGlxlZljGxj2l9Mr48yD5bY7VG9qjVb5v5wPPTuRQ/ckdRpHbd
0vC/9cqPMAF/+MJf0/UgA0SLi/IHbLQ=
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----
The public key is indicated in a pledge voucher-request to show The public key is indicated in a pledge voucher-request to show
proximity. proximity.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 694879833 (0x296b0659)
Signature Algorithm: ecdsa-with-SHA256
Issuer: DC = ca, DC = sandelman, CN = fountain-test.example.com Unstrung Fountain Root CA
Validity
Not Before: Feb 25 21:31:45 2020 GMT
Not After : Feb 24 21:31:45 2022 GMT
Subject: DC = ca, DC = sandelman, CN = fountain-test.example.com Unstrung Fountain Root CA
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:1b:7f:59:ba:17:c3:1a:bc:66:8d:8c:6c:e0:c3:
fa:31:71:0f:65:f6:22:91:bd:b7:56:80:07:db:df:
b8:7a:a5:45:4d:79:8a:46:97:19:59:96:31:b1:8f:
69:7d:32:be:3c:c8:3e:5b:63:b5:46:f6:a8:d5:6f:
9b:f9:c0:f3:d3:b9:14:3f:72:47:51:a4:76:dd:d2:
f0:bf:f5:ca:8f:30:01:7f:f8:c2:5f:d3:f5:20:03:
44:8b:8b:f2:07:6c:b4
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
B9:A5:F6:CB:11:E1:07:A4:49:2C:A7:08:C6:7C:10:BC:87:B3:74:26
X509v3 Authority Key Identifier:
keyid:B9:A5:F6:CB:11:E1:07:A4:49:2C:A7:08:C6:7C:10:BC:87:B3:74:26
Signature Algorithm: ecdsa-with-SHA256
30:64:02:30:20:83:06:ce:8d:98:a4:54:7a:66:4c:4a:3a:70:
c2:52:36:5a:52:8d:59:7d:20:9b:2a:69:14:58:87:38:d8:55:
79:dd:fd:29:38:95:1e:91:93:76:b4:f5:66:29:44:b4:02:30:
6f:38:f9:af:12:ed:30:d5:85:29:7c:b1:16:58:bd:67:91:43:
c4:0d:30:f9:d8:1c:ac:2f:06:dd:bc:d5:06:42:2c:84:a2:04:
ea:02:a4:5f:17:51:26:fb:d9:2f:d2:5c
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIB0jCCAVmgAwIBAgIEMMOu0zAKBggqhkjOPQQDAjBUMRIwEAYKCZImiZPyLGQB MIICazCCAfKgAwIBAgIEKWsGWTAKBggqhkjOPQQDAjBtMRIwEAYKCZImiZPyLGQB
GRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xIzAhBgNVBAMMGiBVbnN0 GRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xPDA6BgNVBAMMM2ZvdW50
cnVuZyBGb3VudGFpbiBSb290IENBMB4XDTIwMDEyODE5NTEzNloXDTI1MDEyNjE5 YWluLXRlc3QuZXhhbXBsZS5jb20gVW5zdHJ1bmcgRm91bnRhaW4gUm9vdCBDQTAe
NTEzNlowUzESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZImiZPyLGQBGRYJc2Fu Fw0yMDAyMjUyMTMxNDVaFw0yMjAyMjQyMTMxNDVaMG0xEjAQBgoJkiaJk/IsZAEZ
ZGVsbWFuMSIwIAYDVQQDDBlmb3VudGFpbi10ZXN0LmV4YW1wbGUuY29tMFkwEwYH FgJjYTEZMBcGCgmSJomT8ixkARkWCXNhbmRlbG1hbjE8MDoGA1UEAwwzZm91bnRh
KoZIzj0CAQYIKoZIzj0DAQcDQgAElmVQcjS6n+Xd5l/28IFv6UiegQwSBztGj5dk aW4tdGVzdC5leGFtcGxlLmNvbSBVbnN0cnVuZyBGb3VudGFpbiBSb290IENBMHYw
K2MAjQIPV8l8lH+EjLIOYdbJiI0VtEIf1/Jqt+TOBfinTNOLOqMaMBgwFgYDVR0l EAYHKoZIzj0CAQYFK4EEACIDYgAEG39ZuhfDGrxmjYxs4MP6MXEPZfYikb23VoAH
AQH/BAwwCgYIKwYBBQUHAxwwCgYIKoZIzj0EAwIDZwAwZAIwYg0bYKzVLBa9Aj72 29+4eqVFTXmKRpcZWZYxsY9pfTK+PMg+W2O1Rvao1W+b+cDz07kUP3JHUaR23dLw
2F34rKqFyV6dbanbGpGejRyWiBQnNJrEijtbWuuIp4lj54WyAjBQ6oJTOREZlF/W v/XKjzABf/jCX9P1IANEi4vyB2y0o2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
XMmtlTkBNIC3VWofZsKHSjgdz1PpWFOnrBHUABnSWqEvAMiKxOA= DwEB/wQEAwIBBjAdBgNVHQ4EFgQUuaX2yxHhB6RJLKcIxnwQvIezdCYwHwYDVR0j
BBgwFoAUuaX2yxHhB6RJLKcIxnwQvIezdCYwCgYIKoZIzj0EAwIDZwAwZAIwIIMG
zo2YpFR6ZkxKOnDCUjZaUo1ZfSCbKmkUWIc42FV53f0pOJUekZN2tPVmKUS0AjBv
OPmvEu0w1YUpfLEWWL1nkUPEDTD52BysLwbdvNUGQiyEogTqAqRfF1Em+9kv0lw=
-----END CERTIFICATE----- -----END CERTIFICATE-----
The registrar public certificate as decoded by openssl's x509 C.1.4. Registrar key pair
utility. Note that the registrar certificate is marked with the
cmcRA extension. The Registrar is the representative of the domain owner. This key
signs registrar voucher-requests, and terminates the TLS connection
from the pledge.
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIFZodk+PC5Mu24+ra0sbOjKzan+dW5rvDAR7YuJUOC1YoAoGCCqGSM49
AwEHoUQDQgAElmVQcjS6n+Xd5l/28IFv6UiegQwSBztGj5dkK2MAjQIPV8l8lH+E
jLIOYdbJiI0VtEIf1/Jqt+TOBfinTNOLOg==
-----END EC PRIVATE KEY-----
The public key is indicated in a pledge voucher-request to show
proximity.
Certificate: Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: 818130643 (0x30c3aed3) Serial Number: 1066965842 (0x3f989b52)
Signature Algorithm: ecdsa-with-SHA256 Signature Algorithm: ecdsa-with-SHA256
Issuer: DC = ca, DC = sandelman, CN = " Unstrung Fountain Root CA" Issuer: DC = ca, DC = sandelman, CN = fountain-test.example.com Unstrung Fountain Root CA
Validity Validity
Not Before: Jan 28 19:51:36 2020 GMT Not Before: Feb 25 21:31:54 2020 GMT
Not After : Jan 26 19:51:36 2025 GMT Not After : Feb 24 21:31:54 2022 GMT
Subject: DC = ca, DC = sandelman, CN = fountain-test.example.com Subject: DC = ca, DC = sandelman, CN = fountain-test.example.com
Subject Public Key Info: Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit) Public-Key: (256 bit)
pub: pub:
04:96:65:50:72:34:ba:9f:e5:dd:e6:5f:f6:f0:81: 04:96:65:50:72:34:ba:9f:e5:dd:e6:5f:f6:f0:81:
6f:e9:48:9e:81:0c:12:07:3b:46:8f:97:64:2b:63: 6f:e9:48:9e:81:0c:12:07:3b:46:8f:97:64:2b:63:
00:8d:02:0f:57:c9:7c:94:7f:84:8c:b2:0e:61:d6: 00:8d:02:0f:57:c9:7c:94:7f:84:8c:b2:0e:61:d6:
c9:88:8d:15:b4:42:1f:d7:f2:6a:b7:e4:ce:05:f8: c9:88:8d:15:b4:42:1f:d7:f2:6a:b7:e4:ce:05:f8:
a7:4c:d3:8b:3a a7:4c:d3:8b:3a
ASN1 OID: prime256v1 ASN1 OID: prime256v1
NIST CURVE: P-256 NIST CURVE: P-256
X509v3 extensions: X509v3 extensions:
X509v3 Extended Key Usage: critical X509v3 Extended Key Usage: critical
CMC Registration Authority CMC Registration Authority
X509v3 Key Usage: critical
Digital Signature
Signature Algorithm: ecdsa-with-SHA256 Signature Algorithm: ecdsa-with-SHA256
30:64:02:30:62:0d:1b:60:ac:d5:2c:16:bd:02:3e:f6:d8:5d: 30:65:02:30:66:4f:60:4c:55:48:1e:96:07:f8:dd:1f:b9:c8:
f8:ac:aa:85:c9:5e:9d:6d:a9:db:1a:91:9e:8d:1c:96:88:14: 12:8d:45:36:87:9b:23:c0:bc:bb:f1:cb:3d:26:15:56:6f:5f:
27:34:9a:c4:8a:3b:5b:5a:eb:88:a7:89:63:e7:85:b2:02:30: 1f:bf:d5:1c:0e:6a:09:af:1b:76:97:99:19:23:fd:7e:02:31:
50:ea:82:53:39:11:19:94:5f:d6:5c:c9:ad:95:39:01:34:80: 00:bc:ac:c3:41:b0:ba:0d:af:52:f9:9c:6e:7a:7f:00:1d:23:
b7:55:6a:1f:66:c2:87:4a:38:1d:cf:53:e9:58:53:a7:ac:11: c8:62:01:61:bc:4b:c5:c0:47:99:35:0a:0c:77:61:44:01:4a:
d4:00:19:d2:5a:a1:2f:00:c8:8a:c4:e0 07:52:70:57:00:75:ff:be:07:0e:98:cb:e5
C.1.4. Pledge key pair C.1.5. Pledge key pair
The pledge has an IDevID key pair built in at manufacturing time: The pledge has an IDevID key pair built in at manufacturing time:
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MHcCAQEEIBHNh6r8QRevRuo+tEmBJeFjQKf6bpFA/9NGoltv+9sNoAoGCCqGSM49 MHcCAQEEIBHNh6r8QRevRuo+tEmBJeFjQKf6bpFA/9NGoltv+9sNoAoGCCqGSM49
AwEHoUQDQgAEA6N1Q4ezfMAKmoecrfb0OBMc1AyEH+BATkF58FsTSyBxs0SbSWLx AwEHoUQDQgAEA6N1Q4ezfMAKmoecrfb0OBMc1AyEH+BATkF58FsTSyBxs0SbSWLx
FjDOuwB9gLGn2TsTUJumJ6VPw5Z/TP4hJw== FjDOuwB9gLGn2TsTUJumJ6VPw5Z/TP4hJw==
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----
The public key is used by the registrar to find the MASA. The MASA The public key is used by the registrar to find the MASA. There is a
URL is in an extension described in Section 2.3. second
-----BEGIN CERTIFICATE-----
MIIB5jCCAWygAwIBAgIEDYXcLTAKBggqhkjOPQQDAjBdMQ8wDQYDVQQGEwZDYW5h
ZGExEDAOBgNVBAgMB09udGFyaW8xEjAQBgNVBAsMCVNhbmRlbG1hbjEkMCIGA1UE
AwwbaGlnaHdheS10ZXN0LmV4YW1wbGUuY29tIENBMCAXDTIwMDIwMzA2NDcyMFoY
DzI5OTkxMjMxMDAwMDAwWjAcMRowGAYDVQQFDBEwMC1EMC1FNS1GMi0wMC0wMjBZ
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABAOjdUOHs3zACpqHnK329DgTHNQMhB/g
QE5BefBbE0sgcbNEm0li8RYwzrsAfYCxp9k7E1CbpielT8OWf0z+ISejWTBXMB0G
A1UdDgQWBBRFiMyWlgBkN7C6I2VkZFQIBmxWrTAJBgNVHRMEAjAAMCsGCCsGAQUF
BwEgBB8MHWhpZ2h3YXktdGVzdC5leGFtcGxlLmNvbTo5NDQzMAoGCCqGSM49BAMC
A2gAMGUCMCPhqS7vIhI0WqXCFdYove09ltbOBJXvp8jcGKgxx7gENPK3TXmKZyIk
A0/FzdYGugIxALONXArQ/gSDkNNPbXKXsz4C6vHIWjJyWLdFAlB4vAQdI14ib8N/
jHzXm3AgkbThfw==
-----END CERTIFICATE-----
The pledge public certificate as decoded by openssl's x509 utility so
that the extensions can be seen. This was version 1.1.1c of the
[openssl] library and utility. The 1.3.6.1.5.5.7.1.32 extension is
the MASA URL extension. There are two bytes that preceed the
extension which are part of the ASN.1 encoding, which the tool does
not know to how to decode.
Certificate: Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: 226876461 (0xd85dc2d) Serial Number: 226876461 (0xd85dc2d)
Signature Algorithm: ecdsa-with-SHA256 Signature Algorithm: ecdsa-with-SHA256
Issuer: C = Canada, ST = Ontario, OU = Sandelman, CN = highway-test.example.com CA Issuer: C = Canada, ST = Ontario, OU = Sandelman, CN = highway-test.example.com CA
Validity Validity
Not Before: Feb 3 06:47:20 2020 GMT Not Before: Feb 3 06:47:20 2020 GMT
Not After : Dec 31 00:00:00 2999 GMT Not After : Dec 31 00:00:00 2999 GMT
Subject: serialNumber = 00-D0-E5-F2-00-02 Subject: serialNumber = 00-D0-E5-F2-00-02
skipping to change at page 104, line 40 skipping to change at page 106, line 39
CA:FALSE CA:FALSE
1.3.6.1.5.5.7.1.32: 1.3.6.1.5.5.7.1.32:
..highway-test.example.com:9443 ..highway-test.example.com:9443
Signature Algorithm: ecdsa-with-SHA256 Signature Algorithm: ecdsa-with-SHA256
30:65:02:30:23:e1:a9:2e:ef:22:12:34:5a:a5:c2:15:d6:28: 30:65:02:30:23:e1:a9:2e:ef:22:12:34:5a:a5:c2:15:d6:28:
bd:ed:3d:96:d6:ce:04:95:ef:a7:c8:dc:18:a8:31:c7:b8:04: bd:ed:3d:96:d6:ce:04:95:ef:a7:c8:dc:18:a8:31:c7:b8:04:
34:f2:b7:4d:79:8a:67:22:24:03:4f:c5:cd:d6:06:ba:02:31: 34:f2:b7:4d:79:8a:67:22:24:03:4f:c5:cd:d6:06:ba:02:31:
00:b3:8d:5c:0a:d0:fe:04:83:90:d3:4f:6d:72:97:b3:3e:02: 00:b3:8d:5c:0a:d0:fe:04:83:90:d3:4f:6d:72:97:b3:3e:02:
ea:f1:c8:5a:32:72:58:b7:45:02:50:78:bc:04:1d:23:5e:22: ea:f1:c8:5a:32:72:58:b7:45:02:50:78:bc:04:1d:23:5e:22:
6f:c3:7f:8c:7c:d7:9b:70:20:91:b4:e1:7f 6f:c3:7f:8c:7c:d7:9b:70:20:91:b4:e1:7f
-----BEGIN CERTIFICATE-----
MIIB5jCCAWygAwIBAgIEDYXcLTAKBggqhkjOPQQDAjBdMQ8wDQYDVQQGEwZDYW5h
ZGExEDAOBgNVBAgMB09udGFyaW8xEjAQBgNVBAsMCVNhbmRlbG1hbjEkMCIGA1UE
AwwbaGlnaHdheS10ZXN0LmV4YW1wbGUuY29tIENBMCAXDTIwMDIwMzA2NDcyMFoY
DzI5OTkxMjMxMDAwMDAwWjAcMRowGAYDVQQFDBEwMC1EMC1FNS1GMi0wMC0wMjBZ
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABAOjdUOHs3zACpqHnK329DgTHNQMhB/g
QE5BefBbE0sgcbNEm0li8RYwzrsAfYCxp9k7E1CbpielT8OWf0z+ISejWTBXMB0G
A1UdDgQWBBRFiMyWlgBkN7C6I2VkZFQIBmxWrTAJBgNVHRMEAjAAMCsGCCsGAQUF
BwEgBB8MHWhpZ2h3YXktdGVzdC5leGFtcGxlLmNvbTo5NDQzMAoGCCqGSM49BAMC
A2gAMGUCMCPhqS7vIhI0WqXCFdYove09ltbOBJXvp8jcGKgxx7gENPK3TXmKZyIk
A0/FzdYGugIxALONXArQ/gSDkNNPbXKXsz4C6vHIWjJyWLdFAlB4vAQdI14ib8N/
jHzXm3AgkbThfw==
-----END CERTIFICATE-----
C.2. Example process C.2. Example process
The JSON examples below are wrapped at 60 columns. This results in The JSON examples below are wrapped at 60 columns. This results in
strings that have newlines in them, which makes them invalid JSON as strings that have newlines in them, which makes them invalid JSON as
is. The strings would otherwise be too long, so they need to be is. The strings would otherwise be too long, so they need to be
unwrapped before processing. unwrapped before processing.
C.2.1. Pledge to Registrar C.2.1. Pledge to Registrar
As described in Section 5.2, the pledge will sign a pledge voucher- As described in Section 5.2, the pledge will sign a pledge voucher-
request containing the registrar's public key in the proximity- request containing the registrar's public key in the proximity-
registrar-cert field. The base64 has been wrapped at 60 characters registrar-cert field. The base64 has been wrapped at 60 characters
for presentation reasons. for presentation reasons.
<CODE BEGINS> <CODE BEGINS>
MIIGpwYJKoZIhvcNAQcCoIIGmDCCBpQCAQExDTALBglghkgBZQMEAgEwggNRBgkqhkiG9w0BBwGg MIIG3gYJKoZIhvcNAQcCoIIGzzCCBssCAQExDTALBglghkgBZQMEAgEwggOJBgkqhkiG9w0BBwGg
ggNCBIIDPnsiaWV0Zi12b3VjaGVyLXJlcXVlc3Q6dm91Y2hlciI6eyJhc3NlcnRpb24iOiJwcm94 ggN6BIIDdnsiaWV0Zi12b3VjaGVyLXJlcXVlc3Q6dm91Y2hlciI6eyJhc3NlcnRpb24iOiJwcm94
aW1pdHkiLCJjcmVhdGVkLW9uIjoiMjAyMC0wMi0wM1QwMTo1MTowMy41NjEtMDU6MDAiLCJzZXJp aW1pdHkiLCJjcmVhdGVkLW9uIjoiMjAyMC0wMi0yNVQxNjozMzoxMS45ODQtMDU6MDAiLCJzZXJp
YWwtbnVtYmVyIjoiMDAtRDAtRTUtRjItMDAtMDIiLCJub25jZSI6IjQzbF8zNTlfN1JrY3FXR2Na YWwtbnVtYmVyIjoiMDAtRDAtRTUtRjItMDAtMDIiLCJub25jZSI6InkyQmZOYUlTMEtKU3loS2Ft
Ujh0Z1EiLCJwcm94aW1pdHktcmVnaXN0cmFyLWNlcnQiOiJNSUlCMGpDQ0FWbWdBd0lCQWdJRU1N VEdYYVEiLCJwcm94aW1pdHktcmVnaXN0cmFyLWNlcnQiOiJNSUlCL0RDQ0FZS2dBd0lCQWdJRVA1
T3UwekFLQmdncWhrak9QUVFEQWpCVU1SSXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhHVEFYQmdv aWJVakFLQmdncWhrak9QUVFEQWpCdE1SSXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhHVEFYQmdv
SmtpYUprL0lzWkFFWkZnbHpZVzVrWld4dFlXNHhJekFoQmdOVkJBTU1HaUJWYm5OMGNuVnVaeUJH SmtpYUprL0lzWkFFWkZnbHpZVzVrWld4dFlXNHhQREE2QmdOVkJBTU1NMlp2ZFc1MFlXbHVMWFJs
YjNWdWRHRnBiaUJTYjI5MElFTkJNQjRYRFRJd01ERXlPREU1TlRFek5sb1hEVEkxTURFeU5qRTVO YzNRdVpYaGhiWEJzWlM1amIyMGdWVzV6ZEhKMWJtY2dSbTkxYm5SaGFXNGdVbTl2ZENCRFFUQWVG
VEV6Tmxvd1V6RVNNQkFHQ2dtU0pvbVQ4aXhrQVJrV0FtTmhNUmt3RndZS0NaSW1pWlB5TEdRQkdS dzB5TURBeU1qVXlNVE14TlRSYUZ3MHlNakF5TWpReU1UTXhOVFJhTUZNeEVqQVFCZ29Ka2lhSmsv
WUpjMkZ1WkdWc2JXRnVNU0l3SUFZRFZRUUREQmxtYjNWdWRHRnBiaTEwWlhOMExtVjRZVzF3YkdV SXNaQUVaRmdKallURVpNQmNHQ2dtU0pvbVQ4aXhrQVJrV0NYTmhibVJsYkcxaGJqRWlNQ0FHQTFV
dVkyOXRNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVsbVZRY2pTNm4rWGQ1bC8y RUF3d1pabTkxYm5SaGFXNHRkR1Z6ZEM1bGVHRnRjR3hsTG1OdmJUQlpNQk1HQnlxR1NNNDlBZ0VH
OElGdjZVaWVnUXdTQnp0R2o1ZGtLMk1BalFJUFY4bDhsSCtFakxJT1lkYkppSTBWdEVJZjEvSnF0 Q0NxR1NNNDlBd0VIQTBJQUJKWmxVSEkwdXAvbDNlWmY5dkNCYitsSW5vRU1FZ2M3Um8rWFpDdGpB
K1RPQmZpblROT0xPcU1hTUJnd0ZnWURWUjBsQVFIL0JBd3dDZ1lJS3dZQkJRVUhBeHd3Q2dZSUtv STBDRDFmSmZKUi9oSXl5RG1IV3lZaU5GYlJDSDlmeWFyZmt6Z1g0cDB6VGl6cWpLakFvTUJZR0Ex
Wkl6ajBFQXdJRFp3QXdaQUl3WWcwYllLelZMQmE5QWo3MjJGMzRyS3FGeVY2ZGJhbmJHcEdlalJ5 VWRKUUVCL3dRTU1Bb0dDQ3NHQVFVRkJ3TWNNQTRHQTFVZER3RUIvd1FFQXdJSGdEQUtCZ2dxaGtq
V2lCUW5OSnJFaWp0Yld1dUlwNGxqNTRXeUFqQlE2b0pUT1JFWmxGL1dYTW10bFRrQk5JQzNWV29m T1BRUURBZ05vQURCbEFqQm1UMkJNVlVnZWxnZjQzUis1eUJLTlJUYUhteVBBdkx2eHl6MG1GVlp2
WnNLSFNqZ2R6MVBwV0ZPbnJCSFVBQm5TV3FFdkFNaUt4T0E9In19oIIB6jCCAeYwggFsoAMCAQIC WHgrLzFSd09hZ212RzNhWG1Sa2ovWDRDTVFDOHJNTkJzTG9OcjFMNW5HNTZmd0FkSThoaUFXRzhT
BA2F3C0wCgYIKoZIzj0EAwIwXTEPMA0GA1UEBhMGQ2FuYWRhMRAwDgYDVQQIDAdPbnRhcmlvMRIw OFhBUjVrMUNneDNZVVFCU2dkU2NGY0FkZisrQnc2WXkrVT0ifX2gggHqMIIB5jCCAWygAwIBAgIE
EAYDVQQLDAlTYW5kZWxtYW4xJDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5leGFtcGxlLmNvbSBDQTAg DYXcLTAKBggqhkjOPQQDAjBdMQ8wDQYDVQQGEwZDYW5hZGExEDAOBgNVBAgMB09udGFyaW8xEjAQ
Fw0yMDAyMDMwNjQ3MjBaGA8yOTk5MTIzMTAwMDAwMFowHDEaMBgGA1UEBQwRMDAtRDAtRTUtRjIt BgNVBAsMCVNhbmRlbG1hbjEkMCIGA1UEAwwbaGlnaHdheS10ZXN0LmV4YW1wbGUuY29tIENBMCAX
MDAtMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQDo3VDh7N8wAqah5yt9vQ4ExzUDIQf4EBO DTIwMDIwMzA2NDcyMFoYDzI5OTkxMjMxMDAwMDAwWjAcMRowGAYDVQQFDBEwMC1EMC1FNS1GMi0w
QXnwWxNLIHGzRJtJYvEWMM67AH2AsafZOxNQm6YnpU/Dln9M/iEno1kwVzAdBgNVHQ4EFgQURYjM MC0wMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAOjdUOHs3zACpqHnK329DgTHNQMhB/gQE5B
lpYAZDewuiNlZGRUCAZsVq0wCQYDVR0TBAIwADArBggrBgEFBQcBIAQfDB1oaWdod2F5LXRlc3Qu efBbE0sgcbNEm0li8RYwzrsAfYCxp9k7E1CbpielT8OWf0z+ISejWTBXMB0GA1UdDgQWBBRFiMyW
ZXhhbXBsZS5jb206OTQ0MzAKBggqhkjOPQQDAgNoADBlAjAj4aku7yISNFqlwhXWKL3tPZbWzgSV lgBkN7C6I2VkZFQIBmxWrTAJBgNVHRMEAjAAMCsGCCsGAQUFBwEgBB8MHWhpZ2h3YXktdGVzdC5l
76fI3BioMce4BDTyt015imciJANPxc3WBroCMQCzjVwK0P4Eg5DTT21yl7M+AurxyFoycli3RQJQ eGFtcGxlLmNvbTo5NDQzMAoGCCqGSM49BAMCA2gAMGUCMCPhqS7vIhI0WqXCFdYove09ltbOBJXv
eLwEHSNeIm/Df4x815twIJG04X8xggE7MIIBNwIBATBlMF0xDzANBgNVBAYTBkNhbmFkYTEQMA4G p8jcGKgxx7gENPK3TXmKZyIkA0/FzdYGugIxALONXArQ/gSDkNNPbXKXsz4C6vHIWjJyWLdFAlB4
A1UECAwHT250YXJpbzESMBAGA1UECwwJU2FuZGVsbWFuMSQwIgYDVQQDDBtoaWdod2F5LXRlc3Qu vAQdI14ib8N/jHzXm3AgkbThfzGCATowggE2AgEBMGUwXTEPMA0GA1UEBhMGQ2FuYWRhMRAwDgYD
ZXhhbXBsZS5jb20gQ0ECBA2F3C0wCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3 VQQIDAdPbnRhcmlvMRIwEAYDVQQLDAlTYW5kZWxtYW4xJDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5l
DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwMjAzMDY1MTAzWjAvBgkqhkiG9w0BCQQxIgQgOx/K7raS eGFtcGxlLmNvbSBDQQIEDYXcLTALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AnJ0BOHJhUeBKXP6LUFVUv5/OIb4i3DoOigwCgYIKoZIzj0EAwIERzBFAiEA3G1jjhpGc687NrMy AQcBMBwGCSqGSIb3DQEJBTEPFw0yMDAyMjUyMTMzMTFaMC8GCSqGSIb3DQEJBDEiBCB0yBo/clJ6
O5+2iefdiQeAGDVgc6q5ct+FnIUCIDbvSmnLbqi9unhpQ0dK4kmKate1hdt7sx1opFr9Uize GlTKYRILxPrHxYFL9+4MAL0/DavOh/IkETAKBggqhkjOPQQDAgRGMEQCIFpErwe+ypjpXtYpnsIZ
FsfoLFIOfH1p2p+Cr3eo4F1tAiAhvsI/GRsBd2LP7ZA+W0b+sBXwc2heR19a+LV5hwLIOg==
<CODE ENDS> <CODE ENDS>
The ASN1 decoding of the artifact: The ASN1 decoding of the artifact:
file: examples/vr_00-D0-E5-F2-00-02.b64 file: examples/vr_00-D0-E5-F2-00-02.b64
0:d=0 hl=4 l=1703 cons: SEQUENCE
0:d=0 hl=4 l=1758 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l=1688 cons: cont [ 0 ] 15:d=1 hl=4 l=1743 cons: cont [ 0 ]
19:d=2 hl=4 l=1684 cons: SEQUENCE 19:d=2 hl=4 l=1739 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01 23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 13 cons: SET 26:d=3 hl=2 l= 13 cons: SET
28:d=4 hl=2 l= 11 cons: SEQUENCE 28:d=4 hl=2 l= 11 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256 30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=3 hl=4 l= 849 cons: SEQUENCE 41:d=3 hl=4 l= 905 cons: SEQUENCE
45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
56:d=4 hl=4 l= 834 cons: cont [ 0 ] 56:d=4 hl=4 l= 890 cons: cont [ 0 ]
60:d=5 hl=4 l= 830 prim: OCTET STRING :{"ietf-voucher-request:v 60:d=5 hl=4 l= 886 prim: OCTET STRING :{"ietf-voucher-request:v
894:d=3 hl=4 l= 490 cons: cont [ 0 ] 950:d=3 hl=4 l= 490 cons: cont [ 0 ]
898:d=4 hl=4 l= 486 cons: SEQUENCE 954:d=4 hl=4 l= 486 cons: SEQUENCE
902:d=5 hl=4 l= 364 cons: SEQUENCE 958:d=5 hl=4 l= 364 cons: SEQUENCE
906:d=6 hl=2 l= 3 cons: cont [ 0 ] 962:d=6 hl=2 l= 3 cons: cont [ 0 ]
908:d=7 hl=2 l= 1 prim: INTEGER :02 964:d=7 hl=2 l= 1 prim: INTEGER :02
911:d=6 hl=2 l= 4 prim: INTEGER :0D85DC2D 967:d=6 hl=2 l= 4 prim: INTEGER :0D85DC2D
917:d=6 hl=2 l= 10 cons: SEQUENCE 973:d=6 hl=2 l= 10 cons: SEQUENCE
919:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 975:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
929:d=6 hl=2 l= 93 cons: SEQUENCE 985:d=6 hl=2 l= 93 cons: SEQUENCE
931:d=7 hl=2 l= 15 cons: SET 987:d=7 hl=2 l= 15 cons: SET
933:d=8 hl=2 l= 13 cons: SEQUENCE 989:d=8 hl=2 l= 13 cons: SEQUENCE
935:d=9 hl=2 l= 3 prim: OBJECT :countryName 991:d=9 hl=2 l= 3 prim: OBJECT :countryName
940:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada 996:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada
948:d=7 hl=2 l= 16 cons: SET 1004:d=7 hl=2 l= 16 cons: SET
950:d=8 hl=2 l= 14 cons: SEQUENCE 1006:d=8 hl=2 l= 14 cons: SEQUENCE
952:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 1008:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
957:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario 1013:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario
966:d=7 hl=2 l= 18 cons: SET 1022:d=7 hl=2 l= 18 cons: SET
968:d=8 hl=2 l= 16 cons: SEQUENCE 1024:d=8 hl=2 l= 16 cons: SEQUENCE
970:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName 1026:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
975:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman 1031:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman
986:d=7 hl=2 l= 36 cons: SET 1042:d=7 hl=2 l= 36 cons: SET
988:d=8 hl=2 l= 34 cons: SEQUENCE 1044:d=8 hl=2 l= 34 cons: SEQUENCE
990:d=9 hl=2 l= 3 prim: OBJECT :commonName 1046:d=9 hl=2 l= 3 prim: OBJECT :commonName
995:d=9 hl=2 l= 27 prim: UTF8STRING :highway-test.example.com 1051:d=9 hl=2 l= 27 prim: UTF8STRING :highway-test.example.com
1024:d=6 hl=2 l= 32 cons: SEQUENCE 1080:d=6 hl=2 l= 32 cons: SEQUENCE
1026:d=7 hl=2 l= 13 prim: UTCTIME :200203064720Z 1082:d=7 hl=2 l= 13 prim: UTCTIME :200203064720Z
1041:d=7 hl=2 l= 15 prim: GENERALIZEDTIME :29991231000000Z 1097:d=7 hl=2 l= 15 prim: GENERALIZEDTIME :29991231000000Z
1058:d=6 hl=2 l= 28 cons: SEQUENCE 1114:d=6 hl=2 l= 28 cons: SEQUENCE
1060:d=7 hl=2 l= 26 cons: SET 1116:d=7 hl=2 l= 26 cons: SET
1062:d=8 hl=2 l= 24 cons: SEQUENCE 1118:d=8 hl=2 l= 24 cons: SEQUENCE
1064:d=9 hl=2 l= 3 prim: OBJECT :serialNumber 1120:d=9 hl=2 l= 3 prim: OBJECT :serialNumber
1069:d=9 hl=2 l= 17 prim: UTF8STRING :00-D0-E5-F2-00-02 1125:d=9 hl=2 l= 17 prim: UTF8STRING :00-D0-E5-F2-00-02
1088:d=6 hl=2 l= 89 cons: SEQUENCE 1144:d=6 hl=2 l= 89 cons: SEQUENCE
1090:d=7 hl=2 l= 19 cons: SEQUENCE 1146:d=7 hl=2 l= 19 cons: SEQUENCE
1092:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey 1148:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
1101:d=8 hl=2 l= 8 prim: OBJECT :prime256v1 1157:d=8 hl=2 l= 8 prim: OBJECT :prime256v1
1111:d=7 hl=2 l= 66 prim: BIT STRING 1167:d=7 hl=2 l= 66 prim: BIT STRING
1179:d=6 hl=2 l= 89 cons: cont [ 3 ] 1235:d=6 hl=2 l= 89 cons: cont [ 3 ]
1181:d=7 hl=2 l= 87 cons: SEQUENCE 1237:d=7 hl=2 l= 87 cons: SEQUENCE
1183:d=8 hl=2 l= 29 cons: SEQUENCE 1239:d=8 hl=2 l= 29 cons: SEQUENCE
1185:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Ident 1241:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Ident
1190:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04144588CC9696 1246:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04144588CC9696
1214:d=8 hl=2 l= 9 cons: SEQUENCE 1270:d=8 hl=2 l= 9 cons: SEQUENCE
1216:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 1272:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
1221:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 1277:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
1225:d=8 hl=2 l= 43 cons: SEQUENCE 1281:d=8 hl=2 l= 43 cons: SEQUENCE
1227:d=9 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.1.32 1283:d=9 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.1.32
1237:d=9 hl=2 l= 31 prim: OCTET STRING [HEX DUMP]:0C1D6869676877 1293:d=9 hl=2 l= 31 prim: OCTET STRING [HEX DUMP]:0C1D6869676877
1270:d=5 hl=2 l= 10 cons: SEQUENCE 1326:d=5 hl=2 l= 10 cons: SEQUENCE
1272:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 1328:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1282:d=5 hl=2 l= 104 prim: BIT STRING 1338:d=5 hl=2 l= 104 prim: BIT STRING
1388:d=3 hl=4 l= 315 cons: SET 1444:d=3 hl=4 l= 314 cons: SET
1392:d=4 hl=4 l= 311 cons: SEQUENCE 1448:d=4 hl=4 l= 310 cons: SEQUENCE
1396:d=5 hl=2 l= 1 prim: INTEGER :01 1452:d=5 hl=2 l= 1 prim: INTEGER :01
1399:d=5 hl=2 l= 101 cons: SEQUENCE 1455:d=5 hl=2 l= 101 cons: SEQUENCE
1401:d=6 hl=2 l= 93 cons: SEQUENCE 1457:d=6 hl=2 l= 93 cons: SEQUENCE
1403:d=7 hl=2 l= 15 cons: SET 1459:d=7 hl=2 l= 15 cons: SET
1405:d=8 hl=2 l= 13 cons: SEQUENCE 1461:d=8 hl=2 l= 13 cons: SEQUENCE
1407:d=9 hl=2 l= 3 prim: OBJECT :countryName 1463:d=9 hl=2 l= 3 prim: OBJECT :countryName
1412:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada 1468:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada
1420:d=7 hl=2 l= 16 cons: SET 1476:d=7 hl=2 l= 16 cons: SET
1422:d=8 hl=2 l= 14 cons: SEQUENCE 1478:d=8 hl=2 l= 14 cons: SEQUENCE
1424:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 1480:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
1429:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario 1485:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario
1438:d=7 hl=2 l= 18 cons: SET 1494:d=7 hl=2 l= 18 cons: SET
1440:d=8 hl=2 l= 16 cons: SEQUENCE 1496:d=8 hl=2 l= 16 cons: SEQUENCE
1442:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName 1498:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
1447:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman 1503:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman
1458:d=7 hl=2 l= 36 cons: SET 1514:d=7 hl=2 l= 36 cons: SET
1460:d=8 hl=2 l= 34 cons: SEQUENCE 1516:d=8 hl=2 l= 34 cons: SEQUENCE
1462:d=9 hl=2 l= 3 prim: OBJECT :commonName 1518:d=9 hl=2 l= 3 prim: OBJECT :commonName
1467:d=9 hl=2 l= 27 prim: UTF8STRING :highway-test.example.com 1523:d=9 hl=2 l= 27 prim: UTF8STRING :highway-test.example.com
1496:d=6 hl=2 l= 4 prim: INTEGER :0D85DC2D 1552:d=6 hl=2 l= 4 prim: INTEGER :0D85DC2D
1502:d=5 hl=2 l= 11 cons: SEQUENCE 1558:d=5 hl=2 l= 11 cons: SEQUENCE
1504:d=6 hl=2 l= 9 prim: OBJECT :sha256 1560:d=6 hl=2 l= 9 prim: OBJECT :sha256
1515:d=5 hl=2 l= 105 cons: cont [ 0 ] 1571:d=5 hl=2 l= 105 cons: cont [ 0 ]
1517:d=6 hl=2 l= 24 cons: SEQUENCE 1573:d=6 hl=2 l= 24 cons: SEQUENCE
1519:d=7 hl=2 l= 9 prim: OBJECT :contentType 1575:d=7 hl=2 l= 9 prim: OBJECT :contentType
1530:d=7 hl=2 l= 11 cons: SET 1586:d=7 hl=2 l= 11 cons: SET
1532:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data 1588:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
1543:d=6 hl=2 l= 28 cons: SEQUENCE 1599:d=6 hl=2 l= 28 cons: SEQUENCE
1545:d=7 hl=2 l= 9 prim: OBJECT :signingTime 1601:d=7 hl=2 l= 9 prim: OBJECT :signingTime
1556:d=7 hl=2 l= 15 cons: SET 1612:d=7 hl=2 l= 15 cons: SET
1558:d=8 hl=2 l= 13 prim: UTCTIME :200203065103Z 1614:d=8 hl=2 l= 13 prim: UTCTIME :200225213311Z
1573:d=6 hl=2 l= 47 cons: SEQUENCE 1629:d=6 hl=2 l= 47 cons: SEQUENCE
1575:d=7 hl=2 l= 9 prim: OBJECT :messageDigest 1631:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
1586:d=7 hl=2 l= 34 cons: SET 1642:d=7 hl=2 l= 34 cons: SET
1588:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:3B1FCAEEB69202 1644:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:74C81A3F72527A
1622:d=5 hl=2 l= 10 cons: SEQUENCE 1678:d=5 hl=2 l= 10 cons: SEQUENCE
1624:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 1680:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1634:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:3045022100DC6D 1690:d=5 hl=2 l= 70 prim: OCTET STRING [HEX DUMP]:304402205A44AF
The JSON contained in the voucher request: The JSON contained in the voucher request:
{"ietf-voucher-request:voucher":{"assertion":"proximity","cr {"ietf-voucher-request:voucher":{"assertion":"proximity","cr
eated-on":"2020-02-03T01:51:03.561-05:00","serial-number":"0 eated-on":"2020-02-25T16:33:11.984-05:00","serial-number":"0
0-D0-E5-F2-00-02","nonce":"43l_359_7RkcqWGcZR8tgQ","proximit 0-D0-E5-F2-00-02","nonce":"y2BfNaIS0KJSyhKamTGXaQ","proximit
y-registrar-cert":"MIIB0jCCAVmgAwIBAgIEMMOu0zAKBggqhkjOPQQDA y-registrar-cert":"MIIB/DCCAYKgAwIBAgIEP5ibUjAKBggqhkjOPQQDA
jBUMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZ jBtMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZ
WxtYW4xIzAhBgNVBAMMGiBVbnN0cnVuZyBGb3VudGFpbiBSb290IENBMB4XD WxtYW4xPDA6BgNVBAMMM2ZvdW50YWluLXRlc3QuZXhhbXBsZS5jb20gVW5zd
TIwMDEyODE5NTEzNloXDTI1MDEyNjE5NTEzNlowUzESMBAGCgmSJomT8ixkA HJ1bmcgRm91bnRhaW4gUm9vdCBDQTAeFw0yMDAyMjUyMTMxNTRaFw0yMjAyM
RkWAmNhMRkwFwYKCZImiZPyLGQBGRYJc2FuZGVsbWFuMSIwIAYDVQQDDBlmb jQyMTMxNTRaMFMxEjAQBgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkA
3VudGFpbi10ZXN0LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DA RkWCXNhbmRlbG1hbjEiMCAGA1UEAwwZZm91bnRhaW4tdGVzdC5leGFtcGxlL
QcDQgAElmVQcjS6n+Xd5l/28IFv6UiegQwSBztGj5dkK2MAjQIPV8l8lH+Ej mNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJZlUHI0up/l3eZf9vCBb
LIOYdbJiI0VtEIf1/Jqt+TOBfinTNOLOqMaMBgwFgYDVR0lAQH/BAwwCgYIK +lInoEMEgc7Ro+XZCtjAI0CD1fJfJR/hIyyDmHWyYiNFbRCH9fyarfkzgX4p
wYBBQUHAxwwCgYIKoZIzj0EAwIDZwAwZAIwYg0bYKzVLBa9Aj722F34rKqFy 0zTizqjKjAoMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMcMA4GA1UdDwEB/wQEA
V6dbanbGpGejRyWiBQnNJrEijtbWuuIp4lj54WyAjBQ6oJTOREZlF/WXMmtl wIHgDAKBggqhkjOPQQDAgNoADBlAjBmT2BMVUgelgf43R+5yBKNRTaHmyPAv
TkBNIC3VWofZsKHSjgdz1PpWFOnrBHUABnSWqEvAMiKxOA="}} Lvxyz0mFVZvXx+/1RwOagmvG3aXmRkj/X4CMQC8rMNBsLoNr1L5nG56fwAdI
8hiAWG8S8XAR5k1Cgx3YUQBSgdScFcAdf++Bw6Yy+U="}}
C.2.2. Registrar to MASA C.2.2. Registrar to MASA
As described in Section 5.5 the registrar will sign a registrar As described in Section 5.5 the registrar will sign a registrar
voucher-request, and will include pledge's voucher request in the voucher-request, and will include pledge's voucher request in the
prior-signed-voucher-request. prior-signed-voucher-request.
<CODE BEGINS> <CODE BEGINS>
MIIPOAYJKoZIhvcNAQcCoIIPKTCCDyUCAQExDTALBglghkgBZQMEAgEwggnA MIIP9wYJKoZIhvcNAQcCoIIP6DCCD+QCAQExDTALBglghkgBZQMEAgEwggoMBgkqhkiG9w0BBwGg
BgkqhkiG9w0BBwGgggmxBIIJrXsiaWV0Zi12b3VjaGVyLXJlcXVlc3Q6dm91 ggn9BIIJ+XsiaWV0Zi12b3VjaGVyLXJlcXVlc3Q6dm91Y2hlciI6eyJhc3NlcnRpb24iOiJwcm94
Y2hlciI6eyJhc3NlcnRpb24iOiJwcm94aW1pdHkiLCJjcmVhdGVkLW9uIjoi aW1pdHkiLCJjcmVhdGVkLW9uIjoiMjAyMC0wMi0yNVQyMzowNDo0OS4wNTRaIiwic2VyaWFsLW51
MjAyMC0wMi0wM1QwNjo1MTowMy42MjZaIiwic2VyaWFsLW51bWJlciI6IjAw bWJlciI6IjAwLUQwLUU1LUYyLTAwLTAyIiwibm9uY2UiOiJhTWpndWVLVVQtMjJ3VmltajZ6MjdR
LUQwLUU1LUYyLTAwLTAyIiwibm9uY2UiOiI0M2xfMzU5XzdSa2NxV0djWlI4 IiwicHJpb3Itc2lnbmVkLXZvdWNoZXItcmVxdWVzdCI6Ik1JSUczd1lKS29aSWh2Y05BUWNDb0lJ
dGdRIiwicHJpb3Itc2lnbmVkLXZvdWNoZXItcmVxdWVzdCI6Ik1JSUdwd1lK RzBEQ0NCc3dDQVFFeERUQUxCZ2xnaGtnQlpRTUVBZ0V3Z2dPSkJna3Foa2lHOXcwQkJ3R2dnZ042
S29aSWh2Y05BUWNDb0lJR21EQ0NCcFFDQVFFeERUQUxCZ2xnaGtnQlpRTUVB QklJRGRuc2lhV1YwWmkxMmIzVmphR1Z5TFhKbGNYVmxjM1E2ZG05MVkyaGxjaUk2ZXlKaGMzTmxj
Z0V3Z2dOUkJna3Foa2lHOXcwQkJ3R2dnZ05DQklJRFBuc2lhV1YwWmkxMmIz blJwYjI0aU9pSndjbTk0YVcxcGRIa2lMQ0pqY21WaGRHVmtMVzl1SWpvaU1qQXlNQzB3TWkweU5W
VmphR1Z5TFhKbGNYVmxjM1E2ZG05MVkyaGxjaUk2ZXlKaGMzTmxjblJwYjI0 UXhPRG93TkRvME9DNDJOVEl0TURVNk1EQWlMQ0p6WlhKcFlXd3RiblZ0WW1WeUlqb2lNREF0UkRB
aU9pSndjbTk0YVcxcGRIa2lMQ0pqY21WaGRHVmtMVzl1SWpvaU1qQXlNQzB3 dFJUVXRSakl0TURBdE1ESWlMQ0p1YjI1alpTSTZJbUZOYW1kMVpVdFZWQzB5TW5kV2FXMXFObm95
TWkwd00xUXdNVG8xTVRvd015NDFOakV0TURVNk1EQWlMQ0p6WlhKcFlXd3Ri TjFFaUxDSndjbTk0YVcxcGRIa3RjbVZuYVhOMGNtRnlMV05sY25RaU9pSk5TVWxDTDBSRFEwRlpT
blZ0WW1WeUlqb2lNREF0UkRBdFJUVXRSakl0TURBdE1ESWlMQ0p1YjI1alpT MmRCZDBsQ1FXZEpSVkExYVdKVmFrRkxRbWRuY1docmFrOVFVVkZFUVdwQ2RFMVNTWGRGUVZsTFEx
STZJalF6YkY4ek5UbGZOMUpyWTNGWFIyTmFVamgwWjFFaUxDSndjbTk0YVcx cEpiV2xhVUhsTVIxRkNSMUpaUTFreVJYaEhWRUZZUW1kdlNtdHBZVXByTDBseldrRkZXa1puYkhw
cGRIa3RjbVZuYVhOMGNtRnlMV05sY25RaU9pSk5TVWxDTUdwRFEwRldiV2RC WlZ6VnJXbGQ0ZEZsWE5IaFFSRUUyUW1kT1ZrSkJUVTFOTWxwMlpGYzFNRmxYYkhWTVdGSnNZek5S
ZDBsQ1FXZEpSVTFOVDNVd2VrRkxRbWRuY1docmFrOVFVVkZFUVdwQ1ZVMVNT ZFZwWWFHaGlXRUp6V2xNMWFtSXlNR2RXVnpWNlpFaEtNV0p0WTJkU2JUa3hZbTVTYUdGWE5HZFZi
WGRGUVZsTFExcEpiV2xhVUhsTVIxRkNSMUpaUTFreVJYaEhWRUZZUW1kdlNt VGwyWkVOQ1JGRlVRV1ZHZHpCNVRVUkJlVTFxVlhsTlZFMTRUbFJTWVVaM01IbE5ha0Y1VFdwUmVV
dHBZVXByTDBseldrRkZXa1puYkhwWlZ6VnJXbGQ0ZEZsWE5IaEpla0ZvUW1k MVVUWGhPVkZKaFRVWk5lRVZxUVZGQ1oyOUthMmxoU21zdlNYTmFRVVZhUm1kS2FsbFVSVnBOUW1O
T1ZrSkJUVTFIYVVKV1ltNU9NR051Vm5WYWVVSkhZak5XZFdSSFJuQmlhVUpU SFEyZHRVMHB2YlZRNGFYaHJRVkpyVjBOWVRtaGliVkpzWWtjeGFHSnFSV2xOUTBGSFFURlZSVUYz
WWpJNU1FbEZUa0pOUWpSWVJGUkpkMDFFUlhsUFJFVTFUbFJGZWs1c2IxaEVW ZDFwYWJUa3hZbTVTYUdGWE5IUmtSMVo2WkVNMWJHVkhSblJqUjNoc1RHMU9kbUpVUWxwTlFrMUhR
RWt4VFVSRmVVNXFSVFZPVkVWNlRteHZkMVY2UlZOTlFrRkhRMmR0VTBwdmJW bmx4UjFOTk5EbEJaMFZIUTBOeFIxTk5ORGxCZDBWSVFUQkpRVUpLV214VlNFa3dkWEF2YkRObFdt
UTRhWGhyUVZKclYwRnRUbWhOVW10M1JuZFpTME5hU1cxcFdsQjVURWRSUWtk WTVka05DWWl0c1NXNXZSVTFGWjJNM1VtOHJXRnBEZEdwQlNUQkRSREZtU21aS1VpOW9TWGw1Ukcx
U1dVcGpNa1oxV2tkV2MySlhSblZOVTBsM1NVRlpSRlpSVVVSRVFteHRZak5X SVYzbFphVTVHWWxKRFNEbG1lV0Z5Wm10NloxZzBjREI2VkdsNmNXcExha0Z2VFVKWlIwRXhWV1JL
ZFdSSFJuQmlhVEV3V2xoT01FeHRWalJaVnpGM1lrZFZkVmt5T1hSTlJtdDNS VVVWQ0wzZFJUVTFCYjBkRFEzTkhRVkZWUmtKM1RXTk5RVFJIUVRGVlpFUjNSVUl2ZDFGRlFYZEpT
WGRaU0V0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWc2JW R2RFUVV0Q1oyZHhhR3RxVDFCUlVVUkJaMDV2UVVSQ2JFRnFRbTFVTWtKTlZsVm5aV3huWmpRelVp
WlJZMnBUTm00cldHUTFiQzh5T0VsR2RqWlZhV1ZuVVhkVFFucDBSMm8xWkd0 czFlVUpMVGxKVVlVaHRlVkJCZGt4MmVIbDZNRzFHVmxwMldIZ3JMekZTZDA5aFoyMTJSek5oV0cx
TE1rMUJhbEZKVUZZNGJEaHNTQ3RGYWt4SlQxbGtZa3BwU1RCV2RFVkpaakV2 U2Eyb3ZXRFJEVFZGRE9ISk5Ua0p6VEc5T2NqRk1OVzVITlRabWQwRmtTVGhvYVVGWFJ6aFRPRmhC
U25GMEsxUlBRbVpwYmxST1QweFBjVTFoVFVKbmQwWm5XVVJXVWpCc1FWRklM VWpWck1VTm5lRE5aVlZGQ1UyZGtVMk5HWTBGa1ppc3JRbmMyV1hrclZUMGlmWDJnZ2dIcU1JSUI1
MEpCZDNkRFoxbEpTM2RaUWtKUlZVaEJlSGQzUTJkWlNVdHZXa2w2YWpCRlFY akNDQVd5Z0F3SUJBZ0lFRFlYY0xUQUtCZ2dxaGtqT1BRUURBakJkTVE4d0RRWURWUVFHRXdaRFlX
ZEpSRnAzUVhkYVFVbDNXV2N3WWxsTGVsWk1RbUU1UVdvM01qSkdNelJ5UzNG NWhaR0V4RURBT0JnTlZCQWdNQjA5dWRHRnlhVzh4RWpBUUJnTlZCQXNNQ1ZOaGJtUmxiRzFoYmpF
R2VWWTJaR0poYm1KSGNFZGxhbEo1VjJsQ1VXNU9TbkpGYVdwMFlsZDFkVWx3 a01DSUdBMVVFQXd3YmFHbG5hSGRoZVMxMFpYTjBMbVY0WVcxd2JHVXVZMjl0SUVOQk1DQVhEVEl3
Tkd4cU5UUlhlVUZxUWxFMmIwcFVUMUpGV214R0wxZFlUVzEwYkZSclFrNUpR TURJd016QTJORGN5TUZvWUR6STVPVGt4TWpNeE1EQXdNREF3V2pBY01Sb3dHQVlEVlFRRkRCRXdN
ek5XVjI5bVduTkxTRk5xWjJSNk1WQndWMFpQYm5KQ1NGVkJRbTVUVjNGRmRr QzFFTUMxRk5TMUdNaTB3TUMwd01qQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJB
Rk5hVXQ0VDBFOUluMTlvSUlCNmpDQ0FlWXdnZ0Zzb0FNQ0FRSUNCQTJGM0Mw T2pkVU9IczN6QUNwcUhuSzMyOURnVEhOUU1oQi9nUUU1QmVmQmJFMHNnY2JORW0wbGk4Ull3enJz
d0NnWUlLb1pJemowRUF3SXdYVEVQTUEwR0ExVUVCaE1HUTJGdVlXUmhNUkF3 QWZZQ3hwOWs3RTFDYnBpZWxUOE9XZjB6K0lTZWpXVEJYTUIwR0ExVWREZ1FXQkJSRmlNeVdsZ0Jr
RGdZRFZRUUlEQWRQYm5SaGNtbHZNUkl3RUFZRFZRUUxEQWxUWVc1a1pXeHRZ TjdDNkkyVmtaRlFJQm14V3JUQUpCZ05WSFJNRUFqQUFNQ3NHQ0NzR0FRVUZCd0VnQkI4TUhXaHBa
VzR4SkRBaUJnTlZCQU1NRzJocFoyaDNZWGt0ZEdWemRDNWxlR0Z0Y0d4bExt MmgzWVhrdGRHVnpkQzVsZUdGdGNHeGxMbU52YlRvNU5EUXpNQW9HQ0NxR1NNNDlCQU1DQTJnQU1H
TnZiU0JEUVRBZ0Z3MHlNREF5TURNd05qUTNNakJhR0E4eU9UazVNVEl6TVRB VUNNQ1BocVM3dkloSTBXcVhDRmRZb3ZlMDlsdGJPQkpYdnA4amNHS2d4eDdnRU5QSzNUWG1LWnlJ
d01EQXdNRm93SERFYU1CZ0dBMVVFQlF3Uk1EQXRSREF0UlRVdFJqSXRNREF0 a0EwL0Z6ZFlHdWdJeEFMT05YQXJRL2dTRGtOTlBiWEtYc3o0QzZ2SElXakp5V0xkRkFsQjR2QVFk
TURJd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFRRG8zVkRo STE0aWI4Ti9qSHpYbTNBZ2tiVGhmekdDQVRzd2dnRTNBZ0VCTUdVd1hURVBNQTBHQTFVRUJoTUdR
N044d0FxYWg1eXQ5dlE0RXh6VURJUWY0RUJPUVhud1d4TkxJSEd6Ukp0Sll2 MkZ1WVdSaE1SQXdEZ1lEVlFRSURBZFBiblJoY21sdk1SSXdFQVlEVlFRTERBbFRZVzVrWld4dFlX
RVdNTTY3QUgyQXNhZlpPeE5RbTZZbnBVL0RsbjlNL2lFbm8xa3dWekFkQmdO NHhKREFpQmdOVkJBTU1HMmhwWjJoM1lYa3RkR1Z6ZEM1bGVHRnRjR3hsTG1OdmJTQkRRUUlFRFlY
VkhRNEVGZ1FVUllqTWxwWUFaRGV3dWlObFpHUlVDQVpzVnEwd0NRWURWUjBU Y0xUQUxCZ2xnaGtnQlpRTUVBZ0dnYVRBWUJna3Foa2lHOXcwQkNRTXhDd1lKS29aSWh2Y05BUWNC
QkFJd0FEQXJCZ2dyQmdFRkJRY0JJQVFmREIxb2FXZG9kMkY1TFhSbGMzUXVa TUJ3R0NTcUdTSWIzRFFFSkJURVBGdzB5TURBeU1qVXlNekEwTkRoYU1DOEdDU3FHU0liM0RRRUpC
WGhoYlhCc1pTNWpiMjA2T1RRME16QUtCZ2dxaGtqT1BRUURBZ05vQURCbEFq REVpQkNDeDZJcndzdEhGNjA5WTBFcURLNjJRS2J5NGR1eXlJV3VkdnMxNU0xNkJCVEFLQmdncWhr
QWo0YWt1N3lJU05GcWx3aFhXS0wzdFBaYld6Z1NWNzZmSTNCaW9NY2U0QkRU ak9QUVFEQWdSSE1FVUNJQnh3QTFVbGtJa3VRRGYvajdrWi9NVmVmZ3IxNDEraEtCRmdybk5uZ2p3
eXQwMTVpbWNpSkFOUHhjM1dCcm9DTVFDempWd0swUDRFZzVEVFQyMXlsN00r cEFpRUF5OGFYdDBHU0I5bTFibWlFVXBlZkNFaHhTdjJ4TFl1ckdsdWd2MGRmci9FPSJ9faCCBG8w
QXVyeHlGb3ljbGkzUlFKUWVMd0VIU05lSW0vRGY0eDgxNXR3SUpHMDRYOHhn ggH8MIIBgqADAgECAgQ/mJtSMAoGCCqGSM49BAMCMG0xEjAQBgoJkiaJk/IsZAEZFgJjYTEZMBcG
Z0U3TUlJQk53SUJBVEJsTUYweER6QU5CZ05WQkFZVEJrTmhibUZrWVRFUU1B CgmSJomT8ixkARkWCXNhbmRlbG1hbjE8MDoGA1UEAwwzZm91bnRhaW4tdGVzdC5leGFtcGxlLmNv
NEdBMVVFQ0F3SFQyNTBZWEpwYnpFU01CQUdBMVVFQ3d3SlUyRnVaR1ZzYldG bSBVbnN0cnVuZyBGb3VudGFpbiBSb290IENBMB4XDTIwMDIyNTIxMzE1NFoXDTIyMDIyNDIxMzE1
dU1TUXdJZ1lEVlFRRERCdG9hV2RvZDJGNUxYUmxjM1F1WlhoaGJYQnNaUzVq NFowUzESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZImiZPyLGQBGRYJc2FuZGVsbWFuMSIwIAYD
YjIwZ1EwRUNCQTJGM0Mwd0N3WUpZSVpJQVdVREJBSUJvR2t3R0FZSktvWklo VQQDDBlmb3VudGFpbi10ZXN0LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
dmNOQVFrRE1Rc0dDU3FHU0liM0RRRUhBVEFjQmdrcWhraUc5dzBCQ1FVeER4 lmVQcjS6n+Xd5l/28IFv6UiegQwSBztGj5dkK2MAjQIPV8l8lH+EjLIOYdbJiI0VtEIf1/Jqt+TO
Y05NakF3TWpBek1EWTFNVEF6V2pBdkJna3Foa2lHOXcwQkNRUXhJZ1FnT3gv BfinTNOLOqMqMCgwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAxwwDgYDVR0PAQH/BAQDAgeAMAoGCCqG
SzdyYVNBbkowQk9ISmhVZUJLWFA2TFVGVlV2NS9PSWI0aTNEb09pZ3dDZ1lJ SM49BAMCA2gAMGUCMGZPYExVSB6WB/jdH7nIEo1FNoebI8C8u/HLPSYVVm9fH7/VHA5qCa8bdpeZ
S29aSXpqMEVBd0lFUnpCRkFpRUEzRzFqamhwR2M2ODdOck15TzUrMmllZmRp GSP9fgIxALysw0Gwug2vUvmcbnp/AB0jyGIBYbxLxcBHmTUKDHdhRAFKB1JwVwB1/74HDpjL5TCC
UWVBR0RWZ2M2cTVjdCtGbklVQ0lEYnZTbW5MYnFpOXVuaHBRMGRLNGttS2F0 AmswggHyoAMCAQICBClrBlkwCgYIKoZIzj0EAwIwbTESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYK
ZTFoZHQ3c3gxb3BGcjlVaXplIn19oIIEFTCCAdIwggFZoAMCAQICBDDDrtMw CZImiZPyLGQBGRYJc2FuZGVsbWFuMTwwOgYDVQQDDDNmb3VudGFpbi10ZXN0LmV4YW1wbGUuY29t
CgYIKoZIzj0EAwIwVDESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZImiZPy IFVuc3RydW5nIEZvdW50YWluIFJvb3QgQ0EwHhcNMjAwMjI1MjEzMTQ1WhcNMjIwMjI0MjEzMTQ1
LGQBGRYJc2FuZGVsbWFuMSMwIQYDVQQDDBogVW5zdHJ1bmcgRm91bnRhaW4g WjBtMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xPDA6BgNV
Um9vdCBDQTAeFw0yMDAxMjgxOTUxMzZaFw0yNTAxMjYxOTUxMzZaMFMxEjAQ BAMMM2ZvdW50YWluLXRlc3QuZXhhbXBsZS5jb20gVW5zdHJ1bmcgRm91bnRhaW4gUm9vdCBDQTB2
BgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkARkWCXNhbmRlbG1hbjEi MBAGByqGSM49AgEGBSuBBAAiA2IABBt/WboXwxq8Zo2MbODD+jFxD2X2IpG9t1aAB9vfuHqlRU15
MCAGA1UEAwwZZm91bnRhaW4tdGVzdC5leGFtcGxlLmNvbTBZMBMGByqGSM49 ikaXGVmWMbGPaX0yvjzIPltjtUb2qNVvm/nA89O5FD9yR1Gkdt3S8L/1yo8wAX/4wl/T9SADRIuL
AgEGCCqGSM49AwEHA0IABJZlUHI0up/l3eZf9vCBb+lInoEMEgc7Ro+XZCtj 8gdstKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLml9ssR
AI0CD1fJfJR/hIyyDmHWyYiNFbRCH9fyarfkzgX4p0zTizqjGjAYMBYGA1Ud 4QekSSynCMZ8ELyHs3QmMB8GA1UdIwQYMBaAFLml9ssR4QekSSynCMZ8ELyHs3QmMAoGCCqGSM49
JQEB/wQMMAoGCCsGAQUFBwMcMAoGCCqGSM49BAMCA2cAMGQCMGING2Cs1SwW BAMCA2cAMGQCMCCDBs6NmKRUemZMSjpwwlI2WlKNWX0gmyppFFiHONhVed39KTiVHpGTdrT1ZilE
vQI+9thd+KyqhclenW2p2xqRno0clogUJzSaxIo7W1rriKeJY+eFsgIwUOqC tAIwbzj5rxLtMNWFKXyxFli9Z5FDxA0w+dgcrC8G3bzVBkIshKIE6gKkXxdRJvvZL9JcMYIBSzCC
UzkRGZRf1lzJrZU5ATSAt1VqH2bCh0o4Hc9T6VhTp6wR1AAZ0lqhLwDIisTg AUcCAQEwdTBtMRIwEAYKCZImiZPyLGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4x
MIICOzCCAcCgAwIBAgIEfK80pDAKBggqhkjOPQQDAjBUMRIwEAYKCZImiZPy PDA6BgNVBAMMM2ZvdW50YWluLXRlc3QuZXhhbXBsZS5jb20gVW5zdHJ1bmcgRm91bnRhaW4gUm9v
LGQBGRYCY2ExGTAXBgoJkiaJk/IsZAEZFglzYW5kZWxtYW4xIzAhBgNVBAMM dCBDQQIEP5ibUjALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqG
GiBVbnN0cnVuZyBGb3VudGFpbiBSb290IENBMB4XDTIwMDEyMzIxNDQwOFoX SIb3DQEJBTEPFw0yMDAyMjUyMzA0NDlaMC8GCSqGSIb3DQEJBDEiBCA9gYxR1sS0giII3PwvOK/N
DTIwMDIyMzA3NDQwOFowVDESMBAGCgmSJomT8ixkARkWAmNhMRkwFwYKCZIm 5RUBwjSL/cDcrH/Bd+E1ajAKBggqhkjOPQQDAgRHMEUCIFieXZaO7P9eZMpCVn2laB4czw7I0s0P
iZPyLGQBGRYJc2FuZGVsbWFuMSMwIQYDVQQDDBogVW5zdHJ1bmcgRm91bnRh s9+frcJtEBTTAiEAhCcB//qmgqcEA+90mquvVNENmFH9dxCH8Ihhz6SCVDI=
aW4gUm9vdCBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABBt/WboXwxq8Zo2M
bODD+jFxD2X2IpG9t1aAB9vfuHqlRU15ikaXGVmWMbGPaX0yvjzIPltjtUb2
qNVvm/nA89O5FD9yR1Gkdt3S8L/1yo8wAX/4wl/T9SADRIuL8gdstKNjMGEw
DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLml
9ssR4QekSSynCMZ8ELyHs3QmMB8GA1UdIwQYMBaAFLml9ssR4QekSSynCMZ8
ELyHs3QmMAoGCCqGSM49BAMCA2kAMGYCMQCJUCsnv4/1HkYNmFeCbH1RInba
iWMgUeUK1gdrcJMw2rGMfe1x+T2YC2d4jvjZGsACMQDqQBz8e/Nrssz76Ly3
inmusXWBcWXUy2gYvfJ29u+TDkF3MmkEZrxPQnB3gq996zMxggEyMIIBLgIB
ATBcMFQxEjAQBgoJkiaJk/IsZAEZFgJjYTEZMBcGCgmSJomT8ixkARkWCXNh
bmRlbG1hbjEjMCEGA1UEAwwaIFVuc3RydW5nIEZvdW50YWluIFJvb3QgQ0EC
BDDDrtMwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMjAwMjAzMDY1MTAzWjAvBgkqhkiG9w0BCQQx
IgQgCEBi8O99Zou/xcUDmf0u73PrgJFvgYujuiAQXRx1pfkwCgYIKoZIzj0E
AwIERzBFAiEAiBS729QxJrle+L38i3LmwGZADARoBV2wyzh9sB5VKTYCIDTO
B4erLDCU9fb7ZqtSCsSkhBveKM+1WOOQ9A5/Ua9h
<CODE ENDS> <CODE ENDS>
The ASN1 decoding of the artifact: The ASN1 decoding of the artifact:
file: examples/parboiled_vr_00_D0-E5-02-00-2D.b64 file: examples/parboiled_vr_00_D0-E5-02-00-2D.b64
0:d=0 hl=4 l=3896 cons: SEQUENCE 0:d=0 hl=4 l=4087 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l=3881 cons: cont [ 0 ] 15:d=1 hl=4 l=4072 cons: cont [ 0 ]
19:d=2 hl=4 l=3877 cons: SEQUENCE 19:d=2 hl=4 l=4068 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01 23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 13 cons: SET 26:d=3 hl=2 l= 13 cons: SET
28:d=4 hl=2 l= 11 cons: SEQUENCE 28:d=4 hl=2 l= 11 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256 30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=3 hl=4 l=2496 cons: SEQUENCE 41:d=3 hl=4 l=2572 cons: SEQUENCE
45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
56:d=4 hl=4 l=2481 cons: cont [ 0 ] 56:d=4 hl=4 l=2557 cons: cont [ 0 ]
60:d=5 hl=4 l=2477 prim: OCTET STRING :{"ietf-voucher-request:v 60:d=5 hl=4 l=2553 prim: OCTET STRING :{"ietf-voucher-request:v
2541:d=3 hl=4 l=1045 cons: cont [ 0 ] 2617:d=3 hl=4 l=1135 cons: cont [ 0 ]
2545:d=4 hl=4 l= 466 cons: SEQUENCE 2621:d=4 hl=4 l= 508 cons: SEQUENCE
2549:d=5 hl=4 l= 345 cons: SEQUENCE 2625:d=5 hl=4 l= 386 cons: SEQUENCE
2553:d=6 hl=2 l= 3 cons: cont [ 0 ] 2629:d=6 hl=2 l= 3 cons: cont [ 0 ]
2555:d=7 hl=2 l= 1 prim: INTEGER :02 2631:d=7 hl=2 l= 1 prim: INTEGER :02
2558:d=6 hl=2 l= 4 prim: INTEGER :30C3AED3 2634:d=6 hl=2 l= 4 prim: INTEGER :3F989B52
2564:d=6 hl=2 l= 10 cons: SEQUENCE 2640:d=6 hl=2 l= 10 cons: SEQUENCE
2566:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 2642:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
2576:d=6 hl=2 l= 84 cons: SEQUENCE 2652:d=6 hl=2 l= 109 cons: SEQUENCE
2578:d=7 hl=2 l= 18 cons: SET 2654:d=7 hl=2 l= 18 cons: SET
2580:d=8 hl=2 l= 16 cons: SEQUENCE 2656:d=8 hl=2 l= 16 cons: SEQUENCE
2582:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 2658:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
2594:d=9 hl=2 l= 2 prim: IA5STRING :ca 2670:d=9 hl=2 l= 2 prim: IA5STRING :ca
2598:d=7 hl=2 l= 25 cons: SET 2674:d=7 hl=2 l= 25 cons: SET
2600:d=8 hl=2 l= 23 cons: SEQUENCE 2676:d=8 hl=2 l= 23 cons: SEQUENCE
2602:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 2678:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
2614:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 2690:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
2625:d=7 hl=2 l= 35 cons: SET 2701:d=7 hl=2 l= 60 cons: SET
2627:d=8 hl=2 l= 33 cons: SEQUENCE 2703:d=8 hl=2 l= 58 cons: SEQUENCE
2629:d=9 hl=2 l= 3 prim: OBJECT :commonName 2705:d=9 hl=2 l= 3 prim: OBJECT :commonName
2634:d=9 hl=2 l= 26 prim: UTF8STRING : Unstrung Fountain Root 2710:d=9 hl=2 l= 51 prim: UTF8STRING :fountain-test.example.co
2662:d=6 hl=2 l= 30 cons: SEQUENCE 2763:d=6 hl=2 l= 30 cons: SEQUENCE
2664:d=7 hl=2 l= 13 prim: UTCTIME :200128195136Z 2765:d=7 hl=2 l= 13 prim: UTCTIME :200225213154Z
2679:d=7 hl=2 l= 13 prim: UTCTIME :250126195136Z 2780:d=7 hl=2 l= 13 prim: UTCTIME :220224213154Z
2694:d=6 hl=2 l= 83 cons: SEQUENCE 2795:d=6 hl=2 l= 83 cons: SEQUENCE
2696:d=7 hl=2 l= 18 cons: SET 2797:d=7 hl=2 l= 18 cons: SET
2698:d=8 hl=2 l= 16 cons: SEQUENCE 2799:d=8 hl=2 l= 16 cons: SEQUENCE
2700:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 2801:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
2712:d=9 hl=2 l= 2 prim: IA5STRING :ca 2813:d=9 hl=2 l= 2 prim: IA5STRING :ca
2716:d=7 hl=2 l= 25 cons: SET 2817:d=7 hl=2 l= 25 cons: SET
2718:d=8 hl=2 l= 23 cons: SEQUENCE 2819:d=8 hl=2 l= 23 cons: SEQUENCE
2720:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 2821:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
2732:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 2833:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
2743:d=7 hl=2 l= 34 cons: SET 2844:d=7 hl=2 l= 34 cons: SET
2745:d=8 hl=2 l= 32 cons: SEQUENCE 2846:d=8 hl=2 l= 32 cons: SEQUENCE
2747:d=9 hl=2 l= 3 prim: OBJECT :commonName 2848:d=9 hl=2 l= 3 prim: OBJECT :commonName
2752:d=9 hl=2 l= 25 prim: UTF8STRING :fountain-test.example.co 2853:d=9 hl=2 l= 25 prim: UTF8STRING :fountain-test.example.co
2779:d=6 hl=2 l= 89 cons: SEQUENCE 2880:d=6 hl=2 l= 89 cons: SEQUENCE
2781:d=7 hl=2 l= 19 cons: SEQUENCE 2882:d=7 hl=2 l= 19 cons: SEQUENCE
2783:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey 2884:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
2792:d=8 hl=2 l= 8 prim: OBJECT :prime256v1 2893:d=8 hl=2 l= 8 prim: OBJECT :prime256v1
2802:d=7 hl=2 l= 66 prim: BIT STRING 2903:d=7 hl=2 l= 66 prim: BIT STRING
2870:d=6 hl=2 l= 26 cons: cont [ 3 ] 2971:d=6 hl=2 l= 42 cons: cont [ 3 ]
2872:d=7 hl=2 l= 24 cons: SEQUENCE 2973:d=7 hl=2 l= 40 cons: SEQUENCE
2874:d=8 hl=2 l= 22 cons: SEQUENCE 2975:d=8 hl=2 l= 22 cons: SEQUENCE
2876:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usag 2977:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usag
2881:d=9 hl=2 l= 1 prim: BOOLEAN :255 2982:d=9 hl=2 l= 1 prim: BOOLEAN :255
2884:d=9 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B0601 2985:d=9 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B0601
2898:d=5 hl=2 l= 10 cons: SEQUENCE 2999:d=8 hl=2 l= 14 cons: SEQUENCE
2900:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 3001:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
2910:d=5 hl=2 l= 103 prim: BIT STRING 3006:d=9 hl=2 l= 1 prim: BOOLEAN :255
3015:d=4 hl=4 l= 571 cons: SEQUENCE 3009:d=9 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020780
3019:d=5 hl=4 l= 448 cons: SEQUENCE 3015:d=5 hl=2 l= 10 cons: SEQUENCE
3023:d=6 hl=2 l= 3 cons: cont [ 0 ] 3017:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
3025:d=7 hl=2 l= 1 prim: INTEGER :02 3027:d=5 hl=2 l= 104 prim: BIT STRING
3028:d=6 hl=2 l= 4 prim: INTEGER :7CAF34A4 3133:d=4 hl=4 l= 619 cons: SEQUENCE
3034:d=6 hl=2 l= 10 cons: SEQUENCE 3137:d=5 hl=4 l= 498 cons: SEQUENCE
3036:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 3141:d=6 hl=2 l= 3 cons: cont [ 0 ]
3046:d=6 hl=2 l= 84 cons: SEQUENCE 3143:d=7 hl=2 l= 1 prim: INTEGER :02
3048:d=7 hl=2 l= 18 cons: SET 3146:d=6 hl=2 l= 4 prim: INTEGER :296B0659
3050:d=8 hl=2 l= 16 cons: SEQUENCE 3152:d=6 hl=2 l= 10 cons: SEQUENCE
3052:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 3154:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
3064:d=9 hl=2 l= 2 prim: IA5STRING :ca 3164:d=6 hl=2 l= 109 cons: SEQUENCE
3068:d=7 hl=2 l= 25 cons: SET
3070:d=8 hl=2 l= 23 cons: SEQUENCE
3072:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3084:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
3095:d=7 hl=2 l= 35 cons: SET
3097:d=8 hl=2 l= 33 cons: SEQUENCE
3099:d=9 hl=2 l= 3 prim: OBJECT :commonName
3104:d=9 hl=2 l= 26 prim: UTF8STRING : Unstrung Fountain Root
3132:d=6 hl=2 l= 30 cons: SEQUENCE
3134:d=7 hl=2 l= 13 prim: UTCTIME :200123214408Z
3149:d=7 hl=2 l= 13 prim: UTCTIME :200223074408Z
3164:d=6 hl=2 l= 84 cons: SEQUENCE
3166:d=7 hl=2 l= 18 cons: SET 3166:d=7 hl=2 l= 18 cons: SET
3168:d=8 hl=2 l= 16 cons: SEQUENCE 3168:d=8 hl=2 l= 16 cons: SEQUENCE
3170:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 3170:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3182:d=9 hl=2 l= 2 prim: IA5STRING :ca 3182:d=9 hl=2 l= 2 prim: IA5STRING :ca
3186:d=7 hl=2 l= 25 cons: SET 3186:d=7 hl=2 l= 25 cons: SET
3188:d=8 hl=2 l= 23 cons: SEQUENCE 3188:d=8 hl=2 l= 23 cons: SEQUENCE
3190:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 3190:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3202:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 3202:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
3213:d=7 hl=2 l= 35 cons: SET 3213:d=7 hl=2 l= 60 cons: SET
3215:d=8 hl=2 l= 33 cons: SEQUENCE 3215:d=8 hl=2 l= 58 cons: SEQUENCE
3217:d=9 hl=2 l= 3 prim: OBJECT :commonName 3217:d=9 hl=2 l= 3 prim: OBJECT :commonName
3222:d=9 hl=2 l= 26 prim: UTF8STRING : Unstrung Fountain Root 3222:d=9 hl=2 l= 51 prim: UTF8STRING :fountain-test.example.co
3250:d=6 hl=2 l= 118 cons: SEQUENCE 3275:d=6 hl=2 l= 30 cons: SEQUENCE
3252:d=7 hl=2 l= 16 cons: SEQUENCE 3277:d=7 hl=2 l= 13 prim: UTCTIME :200225213145Z
3254:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey 3292:d=7 hl=2 l= 13 prim: UTCTIME :220224213145Z
3263:d=8 hl=2 l= 5 prim: OBJECT :secp384r1 3307:d=6 hl=2 l= 109 cons: SEQUENCE
3270:d=7 hl=2 l= 98 prim: BIT STRING 3309:d=7 hl=2 l= 18 cons: SET
3370:d=6 hl=2 l= 99 cons: cont [ 3 ] 3311:d=8 hl=2 l= 16 cons: SEQUENCE
3372:d=7 hl=2 l= 97 cons: SEQUENCE 3313:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3374:d=8 hl=2 l= 15 cons: SEQUENCE 3325:d=9 hl=2 l= 2 prim: IA5STRING :ca
3376:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 3329:d=7 hl=2 l= 25 cons: SET
3381:d=9 hl=2 l= 1 prim: BOOLEAN :255 3331:d=8 hl=2 l= 23 cons: SEQUENCE
3384:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF 3333:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3391:d=8 hl=2 l= 14 cons: SEQUENCE 3345:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
3393:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 3356:d=7 hl=2 l= 60 cons: SET
3398:d=9 hl=2 l= 1 prim: BOOLEAN :255 3358:d=8 hl=2 l= 58 cons: SEQUENCE
3401:d=9 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020106 3360:d=9 hl=2 l= 3 prim: OBJECT :commonName
3407:d=8 hl=2 l= 29 cons: SEQUENCE 3365:d=9 hl=2 l= 51 prim: UTF8STRING :fountain-test.example.co
3409:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Ident 3418:d=6 hl=2 l= 118 cons: SEQUENCE
3414:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414B9A5F6CB11 3420:d=7 hl=2 l= 16 cons: SEQUENCE
3438:d=8 hl=2 l= 31 cons: SEQUENCE 3422:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
3440:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Ide 3431:d=8 hl=2 l= 5 prim: OBJECT :secp384r1
3445:d=9 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014B9A5F6 3438:d=7 hl=2 l= 98 prim: BIT STRING
3471:d=5 hl=2 l= 10 cons: SEQUENCE 3538:d=6 hl=2 l= 99 cons: cont [ 3 ]
3473:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 3540:d=7 hl=2 l= 97 cons: SEQUENCE
3483:d=5 hl=2 l= 105 prim: BIT STRING 3542:d=8 hl=2 l= 15 cons: SEQUENCE
3590:d=3 hl=4 l= 306 cons: SET 3544:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
3594:d=4 hl=4 l= 302 cons: SEQUENCE 3549:d=9 hl=2 l= 1 prim: BOOLEAN :255
3598:d=5 hl=2 l= 1 prim: INTEGER :01 3552:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF
3601:d=5 hl=2 l= 92 cons: SEQUENCE 3559:d=8 hl=2 l= 14 cons: SEQUENCE
3603:d=6 hl=2 l= 84 cons: SEQUENCE 3561:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
3605:d=7 hl=2 l= 18 cons: SET 3566:d=9 hl=2 l= 1 prim: BOOLEAN :255
3607:d=8 hl=2 l= 16 cons: SEQUENCE 3569:d=9 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020106
3609:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 3575:d=8 hl=2 l= 29 cons: SEQUENCE
3621:d=9 hl=2 l= 2 prim: IA5STRING :ca 3577:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Ident
3625:d=7 hl=2 l= 25 cons: SET 3582:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414B9A5F6CB11
3627:d=8 hl=2 l= 23 cons: SEQUENCE 3606:d=8 hl=2 l= 31 cons: SEQUENCE
3629:d=9 hl=2 l= 10 prim: OBJECT :domainComponent 3608:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Ide
3641:d=9 hl=2 l= 9 prim: IA5STRING :sandelman 3613:d=9 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014B9A5F6
3652:d=7 hl=2 l= 35 cons: SET 3639:d=5 hl=2 l= 10 cons: SEQUENCE
3654:d=8 hl=2 l= 33 cons: SEQUENCE 3641:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
3656:d=9 hl=2 l= 3 prim: OBJECT :commonName 3651:d=5 hl=2 l= 103 prim: BIT STRING
3661:d=9 hl=2 l= 26 prim: UTF8STRING : Unstrung Fountain Root 3756:d=3 hl=4 l= 331 cons: SET
3689:d=6 hl=2 l= 4 prim: INTEGER :30C3AED3 3760:d=4 hl=4 l= 327 cons: SEQUENCE
3695:d=5 hl=2 l= 11 cons: SEQUENCE 3764:d=5 hl=2 l= 1 prim: INTEGER :01
3697:d=6 hl=2 l= 9 prim: OBJECT :sha256 3767:d=5 hl=2 l= 117 cons: SEQUENCE
3708:d=5 hl=2 l= 105 cons: cont [ 0 ] 3769:d=6 hl=2 l= 109 cons: SEQUENCE
3710:d=6 hl=2 l= 24 cons: SEQUENCE 3771:d=7 hl=2 l= 18 cons: SET
3712:d=7 hl=2 l= 9 prim: OBJECT :contentType 3773:d=8 hl=2 l= 16 cons: SEQUENCE
3723:d=7 hl=2 l= 11 cons: SET 3775:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3725:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data 3787:d=9 hl=2 l= 2 prim: IA5STRING :ca
3736:d=6 hl=2 l= 28 cons: SEQUENCE 3791:d=7 hl=2 l= 25 cons: SET
3738:d=7 hl=2 l= 9 prim: OBJECT :signingTime 3793:d=8 hl=2 l= 23 cons: SEQUENCE
3749:d=7 hl=2 l= 15 cons: SET 3795:d=9 hl=2 l= 10 prim: OBJECT :domainComponent
3751:d=8 hl=2 l= 13 prim: UTCTIME :200203065103Z 3807:d=9 hl=2 l= 9 prim: IA5STRING :sandelman
3766:d=6 hl=2 l= 47 cons: SEQUENCE 3818:d=7 hl=2 l= 60 cons: SET
3768:d=7 hl=2 l= 9 prim: OBJECT :messageDigest 3820:d=8 hl=2 l= 58 cons: SEQUENCE
3779:d=7 hl=2 l= 34 cons: SET 3822:d=9 hl=2 l= 3 prim: OBJECT :commonName
3781:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:084062F0EF7D66 3827:d=9 hl=2 l= 51 prim: UTF8STRING :fountain-test.example.co
3815:d=5 hl=2 l= 10 cons: SEQUENCE 3880:d=6 hl=2 l= 4 prim: INTEGER :3F989B52
3817:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 3886:d=5 hl=2 l= 11 cons: SEQUENCE
3827:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:30450221008814 3888:d=6 hl=2 l= 9 prim: OBJECT :sha256
3899:d=5 hl=2 l= 105 cons: cont [ 0 ]
3901:d=6 hl=2 l= 24 cons: SEQUENCE
3903:d=7 hl=2 l= 9 prim: OBJECT :contentType
3914:d=7 hl=2 l= 11 cons: SET
3916:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
3927:d=6 hl=2 l= 28 cons: SEQUENCE
3929:d=7 hl=2 l= 9 prim: OBJECT :signingTime
3940:d=7 hl=2 l= 15 cons: SET
3942:d=8 hl=2 l= 13 prim: UTCTIME :200225230449Z
3957:d=6 hl=2 l= 47 cons: SEQUENCE
3959:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
3970:d=7 hl=2 l= 34 cons: SET
3972:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:3D818C51D6C4B4
4006:d=5 hl=2 l= 10 cons: SEQUENCE
4008:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
4018:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:30450220589E5D
The JSON contained in the voucher request. Note that the previous The JSON contained in the voucher request. Note that the previous
voucher request is in the prior-signed-voucher-request attribute. voucher request is in the prior-signed-voucher-request attribute.
{"ietf-voucher-request:voucher":{"assertion":"proximity","cr {"ietf-voucher-request:voucher":{"assertion":"proximity","cr
eated-on":"2020-02-03T06:51:03.626Z","serial-number":"00-D0- eated-on":"2020-02-25T23:04:49.054Z","serial-number":"00-D0-
E5-F2-00-02","nonce":"43l_359_7RkcqWGcZR8tgQ","prior-signed- E5-F2-00-02","nonce":"aMjgueKUT-22wVimj6z27Q","prior-signed-
voucher-request":"MIIGpwYJKoZIhvcNAQcCoIIGmDCCBpQCAQExDTALBg voucher-request":"MIIG3wYJKoZIhvcNAQcCoIIG0DCCBswCAQExDTALBg
lghkgBZQMEAgEwggNRBgkqhkiG9w0BBwGgggNCBIIDPnsiaWV0Zi12b3VjaG lghkgBZQMEAgEwggOJBgkqhkiG9w0BBwGgggN6BIIDdnsiaWV0Zi12b3VjaG
VyLXJlcXVlc3Q6dm91Y2hlciI6eyJhc3NlcnRpb24iOiJwcm94aW1pdHkiLC VyLXJlcXVlc3Q6dm91Y2hlciI6eyJhc3NlcnRpb24iOiJwcm94aW1pdHkiLC
JjcmVhdGVkLW9uIjoiMjAyMC0wMi0wM1QwMTo1MTowMy41NjEtMDU6MDAiLC JjcmVhdGVkLW9uIjoiMjAyMC0wMi0yNVQxODowNDo0OC42NTItMDU6MDAiLC
JzZXJpYWwtbnVtYmVyIjoiMDAtRDAtRTUtRjItMDAtMDIiLCJub25jZSI6Ij JzZXJpYWwtbnVtYmVyIjoiMDAtRDAtRTUtRjItMDAtMDIiLCJub25jZSI6Im
QzbF8zNTlfN1JrY3FXR2NaUjh0Z1EiLCJwcm94aW1pdHktcmVnaXN0cmFyLW FNamd1ZUtVVC0yMndWaW1qNnoyN1EiLCJwcm94aW1pdHktcmVnaXN0cmFyLW
NlcnQiOiJNSUlCMGpDQ0FWbWdBd0lCQWdJRU1NT3UwekFLQmdncWhrak9QUV NlcnQiOiJNSUlCL0RDQ0FZS2dBd0lCQWdJRVA1aWJVakFLQmdncWhrak9QUV
FEQWpCVU1SSXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhHVEFYQmdvSmtpYU FEQWpCdE1SSXdFQVlLQ1pJbWlaUHlMR1FCR1JZQ1kyRXhHVEFYQmdvSmtpYU
prL0lzWkFFWkZnbHpZVzVrWld4dFlXNHhJekFoQmdOVkJBTU1HaUJWYm5OMG prL0lzWkFFWkZnbHpZVzVrWld4dFlXNHhQREE2QmdOVkJBTU1NMlp2ZFc1MF
NuVnVaeUJHYjNWdWRHRnBiaUJTYjI5MElFTkJNQjRYRFRJd01ERXlPREU1Tl lXbHVMWFJsYzNRdVpYaGhiWEJzWlM1amIyMGdWVzV6ZEhKMWJtY2dSbTkxYm
RFek5sb1hEVEkxTURFeU5qRTVOVEV6Tmxvd1V6RVNNQkFHQ2dtU0pvbVQ4aX 5SaGFXNGdVbTl2ZENCRFFUQWVGdzB5TURBeU1qVXlNVE14TlRSYUZ3MHlNak
hrQVJrV0FtTmhNUmt3RndZS0NaSW1pWlB5TEdRQkdSWUpjMkZ1WkdWc2JXRn F5TWpReU1UTXhOVFJhTUZNeEVqQVFCZ29Ka2lhSmsvSXNaQUVaRmdKallURV
VNU0l3SUFZRFZRUUREQmxtYjNWdWRHRnBiaTEwWlhOMExtVjRZVzF3YkdVdV pNQmNHQ2dtU0pvbVQ4aXhrQVJrV0NYTmhibVJsYkcxaGJqRWlNQ0FHQTFVRU
kyOXRNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVsbVZRY2 F3d1pabTkxYm5SaGFXNHRkR1Z6ZEM1bGVHRnRjR3hsTG1OdmJUQlpNQk1HQn
pTNm4rWGQ1bC8yOElGdjZVaWVnUXdTQnp0R2o1ZGtLMk1BalFJUFY4bDhsSC lxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJKWmxVSEkwdXAvbDNlWmY5dk
tFakxJT1lkYkppSTBWdEVJZjEvSnF0K1RPQmZpblROT0xPcU1hTUJnd0ZnWU NCYitsSW5vRU1FZ2M3Um8rWFpDdGpBSTBDRDFmSmZKUi9oSXl5RG1IV3lZaU
RWUjBsQVFIL0JBd3dDZ1lJS3dZQkJRVUhBeHd3Q2dZSUtvWkl6ajBFQXdJRF 5GYlJDSDlmeWFyZmt6Z1g0cDB6VGl6cWpLakFvTUJZR0ExVWRKUUVCL3dRTU
p3QXdaQUl3WWcwYllLelZMQmE5QWo3MjJGMzRyS3FGeVY2ZGJhbmJHcEdlal 1Bb0dDQ3NHQVFVRkJ3TWNNQTRHQTFVZER3RUIvd1FFQXdJSGdEQUtCZ2dxaG
J5V2lCUW5OSnJFaWp0Yld1dUlwNGxqNTRXeUFqQlE2b0pUT1JFWmxGL1dYTW tqT1BRUURBZ05vQURCbEFqQm1UMkJNVlVnZWxnZjQzUis1eUJLTlJUYUhteV
10bFRrQk5JQzNWV29mWnNLSFNqZ2R6MVBwV0ZPbnJCSFVBQm5TV3FFdkFNaU BBdkx2eHl6MG1GVlp2WHgrLzFSd09hZ212RzNhWG1Sa2ovWDRDTVFDOHJNTk
t4T0E9In19oIIB6jCCAeYwggFsoAMCAQICBA2F3C0wCgYIKoZIzj0EAwIwXT JzTG9OcjFMNW5HNTZmd0FkSThoaUFXRzhTOFhBUjVrMUNneDNZVVFCU2dkU2
EPMA0GA1UEBhMGQ2FuYWRhMRAwDgYDVQQIDAdPbnRhcmlvMRIwEAYDVQQLDA NGY0FkZisrQnc2WXkrVT0ifX2gggHqMIIB5jCCAWygAwIBAgIEDYXcLTAKBg
lTYW5kZWxtYW4xJDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5leGFtcGxlLmNvbS gqhkjOPQQDAjBdMQ8wDQYDVQQGEwZDYW5hZGExEDAOBgNVBAgMB09udGFyaW
BDQTAgFw0yMDAyMDMwNjQ3MjBaGA8yOTk5MTIzMTAwMDAwMFowHDEaMBgGA1 8xEjAQBgNVBAsMCVNhbmRlbG1hbjEkMCIGA1UEAwwbaGlnaHdheS10ZXN0Lm
UEBQwRMDAtRDAtRTUtRjItMDAtMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBw V4YW1wbGUuY29tIENBMCAXDTIwMDIwMzA2NDcyMFoYDzI5OTkxMjMxMDAwMD
NCAAQDo3VDh7N8wAqah5yt9vQ4ExzUDIQf4EBOQXnwWxNLIHGzRJtJYvEWMM AwWjAcMRowGAYDVQQFDBEwMC1EMC1FNS1GMi0wMC0wMjBZMBMGByqGSM49Ag
67AH2AsafZOxNQm6YnpU/Dln9M/iEno1kwVzAdBgNVHQ4EFgQURYjMlpYAZD EGCCqGSM49AwEHA0IABAOjdUOHs3zACpqHnK329DgTHNQMhB/gQE5BefBbE0
ewuiNlZGRUCAZsVq0wCQYDVR0TBAIwADArBggrBgEFBQcBIAQfDB1oaWdod2 sgcbNEm0li8RYwzrsAfYCxp9k7E1CbpielT8OWf0z+ISejWTBXMB0GA1UdDg
F5LXRlc3QuZXhhbXBsZS5jb206OTQ0MzAKBggqhkjOPQQDAgNoADBlAjAj4a QWBBRFiMyWlgBkN7C6I2VkZFQIBmxWrTAJBgNVHRMEAjAAMCsGCCsGAQUFBw
ku7yISNFqlwhXWKL3tPZbWzgSV76fI3BioMce4BDTyt015imciJANPxc3WBr EgBB8MHWhpZ2h3YXktdGVzdC5leGFtcGxlLmNvbTo5NDQzMAoGCCqGSM49BA
oCMQCzjVwK0P4Eg5DTT21yl7M+AurxyFoycli3RQJQeLwEHSNeIm/Df4x815 MCA2gAMGUCMCPhqS7vIhI0WqXCFdYove09ltbOBJXvp8jcGKgxx7gENPK3TX
twIJG04X8xggE7MIIBNwIBATBlMF0xDzANBgNVBAYTBkNhbmFkYTEQMA4GA1 mKZyIkA0/FzdYGugIxALONXArQ/gSDkNNPbXKXsz4C6vHIWjJyWLdFAlB4vA
UECAwHT250YXJpbzESMBAGA1UECwwJU2FuZGVsbWFuMSQwIgYDVQQDDBtoaW QdI14ib8N/jHzXm3AgkbThfzGCATswggE3AgEBMGUwXTEPMA0GA1UEBhMGQ2
dod2F5LXRlc3QuZXhhbXBsZS5jb20gQ0ECBA2F3C0wCwYJYIZIAWUDBAIBoG FuYWRhMRAwDgYDVQQIDAdPbnRhcmlvMRIwEAYDVQQLDAlTYW5kZWxtYW4xJD
kwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMj AiBgNVBAMMG2hpZ2h3YXktdGVzdC5leGFtcGxlLmNvbSBDQQIEDYXcLTALBg
AwMjAzMDY1MTAzWjAvBgkqhkiG9w0BCQQxIgQgOx/K7raSAnJ0BOHJhUeBKX lghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSI
P6LUFVUv5/OIb4i3DoOigwCgYIKoZIzj0EAwIERzBFAiEA3G1jjhpGc687Nr b3DQEJBTEPFw0yMDAyMjUyMzA0NDhaMC8GCSqGSIb3DQEJBDEiBCCx6Irwst
MyO5+2iefdiQeAGDVgc6q5ct+FnIUCIDbvSmnLbqi9unhpQ0dK4kmKate1hd HF609Y0EqDK62QKby4duyyIWudvs15M16BBTAKBggqhkjOPQQDAgRHMEUCIB
t7sx1opFr9Uize"}} xwA1UlkIkuQDf/j7kZ/MVefgr141+hKBFgrnNngjwpAiEAy8aXt0GSB9m1bm
iEUpefCEhxSv2xLYurGlugv0dfr/E="}}
C.2.3. MASA to Registrar C.2.3. MASA to Registrar
The MASA will return a voucher to the registrar, to be relayed to the The MASA will return a voucher to the registrar, to be relayed to the
pledge. pledge.
<CODE BEGINS> <CODE BEGINS>
MIIGjwYJKoZIhvcNAQcCoIIGgDCCBnwCAQExDTALBglghkgBZQMEAgEwggNABgkqhkiG9w0BBwGg MIIGyAYJKoZIhvcNAQcCoIIGuTCCBrUCAQExDTALBglghkgBZQMEAgEwggN4BgkqhkiG9w0BBwGg
ggMxBIIDLXsiaWV0Zi12b3VjaGVyOnZvdWNoZXIiOnsiYXNzZXJ0aW9uIjoibG9nZ2VkIiwiY3Jl ggNpBIIDZXsiaWV0Zi12b3VjaGVyOnZvdWNoZXIiOnsiYXNzZXJ0aW9uIjoibG9nZ2VkIiwiY3Jl
YXRlZC1vbiI6IjIwMjAtMDItMDNUMDE6NTE6MDQuMTQyLTA1OjAwIiwic2VyaWFsLW51bWJlciI6 YXRlZC1vbiI6IjIwMjAtMDItMjVUMTY6MzM6MTIuODQ5LTA1OjAwIiwic2VyaWFsLW51bWJlciI6
IjAwLUQwLUU1LUYyLTAwLTAyIiwibm9uY2UiOiI0M2xfMzU5XzdSa2NxV0djWlI4dGdRIiwicGlu IjAwLUQwLUU1LUYyLTAwLTAyIiwibm9uY2UiOiJ5MkJmTmFJUzBLSlN5aEthbVRHWGFRIiwicGlu
bmVkLWRvbWFpbi1jZXJ0IjoiTUlJQjBqQ0NBVm1nQXdJQkFnSUVNTU91MHpBS0JnZ3Foa2pPUFFR bmVkLWRvbWFpbi1jZXJ0IjoiTUlJQi9EQ0NBWUtnQXdJQkFnSUVQNWliVWpBS0JnZ3Foa2pPUFFR
REFqQlVNUkl3RUFZS0NaSW1pWlB5TEdRQkdSWUNZMkV4R1RBWEJnb0praWFKay9Jc1pBRVpGZ2x6 REFqQnRNUkl3RUFZS0NaSW1pWlB5TEdRQkdSWUNZMkV4R1RBWEJnb0praWFKay9Jc1pBRVpGZ2x6
WVc1a1pXeHRZVzR4SXpBaEJnTlZCQU1NR2lCVmJuTjBjblZ1WnlCR2IzVnVkR0ZwYmlCU2IyOTBJ WVc1a1pXeHRZVzR4UERBNkJnTlZCQU1NTTJadmRXNTBZV2x1TFhSbGMzUXVaWGhoYlhCc1pTNWpi
RU5CTUI0WERUSXdNREV5T0RFNU5URXpObG9YRFRJMU1ERXlOakU1TlRFek5sb3dVekVTTUJBR0Nn MjBnVlc1emRISjFibWNnUm05MWJuUmhhVzRnVW05dmRDQkRRVEFlRncweU1EQXlNalV5TVRNeE5U
bVNKb21UOGl4a0FSa1dBbU5oTVJrd0Z3WUtDWkltaVpQeUxHUUJHUllKYzJGdVpHVnNiV0Z1TVNJ UmFGdzB5TWpBeU1qUXlNVE14TlRSYU1GTXhFakFRQmdvSmtpYUprL0lzWkFFWkZnSmpZVEVaTUJj
d0lBWURWUVFEREJsbWIzVnVkR0ZwYmkxMFpYTjBMbVY0WVcxd2JHVXVZMjl0TUZrd0V3WUhLb1pJ R0NnbVNKb21UOGl4a0FSa1dDWE5oYm1SbGJHMWhiakVpTUNBR0ExVUVBd3daWm05MWJuUmhhVzR0
emowQ0FRWUlLb1pJemowREFRY0RRZ0FFbG1WUWNqUzZuK1hkNWwvMjhJRnY2VWllZ1F3U0J6dEdq ZEdWemRDNWxlR0Z0Y0d4bExtTnZiVEJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFC
NWRrSzJNQWpRSVBWOGw4bEgrRWpMSU9ZZGJKaUkwVnRFSWYxL0pxdCtUT0JmaW5UTk9MT3FNYU1C SlpsVUhJMHVwL2wzZVpmOXZDQmIrbElub0VNRWdjN1JvK1haQ3RqQUkwQ0QxZkpmSlIvaEl5eURt
Z3dGZ1lEVlIwbEFRSC9CQXd3Q2dZSUt3WUJCUVVIQXh3d0NnWUlLb1pJemowRUF3SURad0F3WkFJ SFd5WWlORmJSQ0g5ZnlhcmZremdYNHAwelRpenFqS2pBb01CWUdBMVVkSlFFQi93UU1NQW9HQ0Nz
d1lnMGJZS3pWTEJhOUFqNzIyRjM0cktxRnlWNmRiYW5iR3BHZWpSeVdpQlFuTkpyRWlqdGJXdXVJ R0FRVUZCd01jTUE0R0ExVWREd0VCL3dRRUF3SUhnREFLQmdncWhrak9QUVFEQWdOb0FEQmxBakJt
cDRsajU0V3lBakJRNm9KVE9SRVpsRi9XWE1tdGxUa0JOSUMzVldvZlpzS0hTamdkejFQcFdGT25y VDJCTVZVZ2VsZ2Y0M1IrNXlCS05SVGFIbXlQQXZMdnh5ejBtRlZadlh4Ky8xUndPYWdtdkczYVht
QkhVQUJuU1dxRXZBTWlLeE9BPSJ9faCCAeMwggHfMIIBZKADAgECAgQbmV9UMAoGCCqGSM49BAMC UmtqL1g0Q01RQzhyTU5Cc0xvTnIxTDVuRzU2ZndBZEk4aGlBV0c4UzhYQVI1azFDZ3gzWVVRQlNn
MF0xDzANBgNVBAYTBkNhbmFkYTEQMA4GA1UECAwHT250YXJpbzESMBAGA1UECwwJU2FuZGVsbWFu ZFNjRmNBZGYrK0J3Nll5K1U9In19oIIB4zCCAd8wggFkoAMCAQICBBuZX1QwCgYIKoZIzj0EAwIw
MSQwIgYDVQQDDBtoaWdod2F5LXRlc3QuZXhhbXBsZS5jb20gQ0EwHhcNMTkwMjEyMjIyMjQxWhcN XTEPMA0GA1UEBhMGQ2FuYWRhMRAwDgYDVQQIDAdPbnRhcmlvMRIwEAYDVQQLDAlTYW5kZWxtYW4x
MjEwMjExMjIyMjQxWjBfMQ8wDQYDVQQGEwZDYW5hZGExEDAOBgNVBAgMB09udGFyaW8xEjAQBgNV JDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5leGFtcGxlLmNvbSBDQTAeFw0xOTAyMTIyMjIyNDFaFw0y
BAsMCVNhbmRlbG1hbjEmMCQGA1UEAwwdaGlnaHdheS10ZXN0LmV4YW1wbGUuY29tIE1BU0EwWTAT MTAyMTEyMjIyNDFaMF8xDzANBgNVBAYTBkNhbmFkYTEQMA4GA1UECAwHT250YXJpbzESMBAGA1UE
BgcqhkjOPQIBBggqhkjOPQMBBwNCAASqBBWjRLniRPjJ+RsHG6Z0c5weumyps6kwqaIyWfegHUcB CwwJU2FuZGVsbWFuMSYwJAYDVQQDDB1oaWdod2F5LXRlc3QuZXhhbXBsZS5jb20gTUFTQTBZMBMG
bbkwlX6CqLi0wV9InSITC3ySzN9ZcrisuAlLaaeloxAwDjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49 ByqGSM49AgEGCCqGSM49AwEHA0IABKoEFaNEueJE+Mn5GwcbpnRznB66bKmzqTCpojJZ96AdRwFt
BAMCA2kAMGYCMQC9VeWbDvv8XpUp44GzFTWqkxiiBL5EcrJRfU1t69HVwRA6sjl7Vz/FzLCjDueZ uTCVfoKouLTBX0idIhMLfJLM31lyuKy4CUtpp6WjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0E
RroCMQD2f0R9txT60Wdq1BHDS67m+5qYVvqFIS5cSEzwP/KbP66IIKeu+XL/W/l4aM8PSMkxggE7 AwIDaQAwZgIxAL1V5ZsO+/xelSnjgbMVNaqTGKIEvkRyslF9TW3r0dXBEDqyOXtXP8XMsKMO55lG
MIIBNwIBATBlMF0xDzANBgNVBAYTBkNhbmFkYTEQMA4GA1UECAwHT250YXJpbzESMBAGA1UECwwJ ugIxAPZ/RH23FPrRZ2rUEcNLrub7mphW+oUhLlxITPA/8ps/roggp675cv9b+Xhozw9IyTGCATww
U2FuZGVsbWFuMSQwIgYDVQQDDBtoaWdod2F5LXRlc3QuZXhhbXBsZS5jb20gQ0ECBBuZX1QwCwYJ ggE4AgEBMGUwXTEPMA0GA1UEBhMGQ2FuYWRhMRAwDgYDVQQIDAdPbnRhcmlvMRIwEAYDVQQLDAlT
YIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAw YW5kZWxtYW4xJDAiBgNVBAMMG2hpZ2h3YXktdGVzdC5leGFtcGxlLmNvbSBDQQIEG5lfVDALBglg
MjAzMDY1MTA0WjAvBgkqhkiG9w0BCQQxIgQgsbxec4y786CAcq0sVxCddMGzKF5iJ41lpkVeO3XP hkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMDAy
I64wCgYIKoZIzj0EAwIERzBFAiEA0o9uXmzOhmBj76XaiBRtBhidnQ88liUi8NqAx8bMpqcCIHJm MjUyMTMzMTJaMC8GCSqGSIb3DQEJBDEiBCAUaEb583jZIHCPYTPwZSRKJ7XONLRtjvf071ZCHb6i
Hbi7+QgRbqQ3rm+9mXHiL+5DX1uYX+B8vWTDYmZ1 6jAKBggqhkjOPQQDAgRIMEYCIQCOzdl41Cdb0OycWymjmoT6alVT+mPvGfVPl2xyMxqwHwIhAPri
bTuYNFARgkPLS5MX6iZx5IKhiTCjbJKY8hwfAqCE
<CODE ENDS> <CODE ENDS>
The ASN1 decoding of the artifact: The ASN1 decoding of the artifact:
file: examples/voucher_00-D0-E5-F2-00-02.b64 file: examples/voucher_00-D0-E5-F2-00-02.b64
0:d=0 hl=4 l=1679 cons: SEQUENCE 0:d=0 hl=4 l=1736 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l=1664 cons: cont [ 0 ] 15:d=1 hl=4 l=1721 cons: cont [ 0 ]
19:d=2 hl=4 l=1660 cons: SEQUENCE 19:d=2 hl=4 l=1717 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01 23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 13 cons: SET 26:d=3 hl=2 l= 13 cons: SET
28:d=4 hl=2 l= 11 cons: SEQUENCE 28:d=4 hl=2 l= 11 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256 30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=3 hl=4 l= 832 cons: SEQUENCE 41:d=3 hl=4 l= 888 cons: SEQUENCE
45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
56:d=4 hl=4 l= 817 cons: cont [ 0 ] 56:d=4 hl=4 l= 873 cons: cont [ 0 ]
60:d=5 hl=4 l= 813 prim: OCTET STRING :{"ietf-voucher:voucher": 60:d=5 hl=4 l= 869 prim: OCTET STRING :{"ietf-voucher:voucher":
877:d=3 hl=4 l= 483 cons: cont [ 0 ] 933:d=3 hl=4 l= 483 cons: cont [ 0 ]
881:d=4 hl=4 l= 479 cons: SEQUENCE 937:d=4 hl=4 l= 479 cons: SEQUENCE
885:d=5 hl=4 l= 356 cons: SEQUENCE 941:d=5 hl=4 l= 356 cons: SEQUENCE
889:d=6 hl=2 l= 3 cons: cont [ 0 ] 945:d=6 hl=2 l= 3 cons: cont [ 0 ]
891:d=7 hl=2 l= 1 prim: INTEGER :02 947:d=7 hl=2 l= 1 prim: INTEGER :02
894:d=6 hl=2 l= 4 prim: INTEGER :1B995F54 950:d=6 hl=2 l= 4 prim: INTEGER :1B995F54
900:d=6 hl=2 l= 10 cons: SEQUENCE 956:d=6 hl=2 l= 10 cons: SEQUENCE
902:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 958:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
912:d=6 hl=2 l= 93 cons: SEQUENCE 968:d=6 hl=2 l= 93 cons: SEQUENCE
914:d=7 hl=2 l= 15 cons: SET 970:d=7 hl=2 l= 15 cons: SET
916:d=8 hl=2 l= 13 cons: SEQUENCE 972:d=8 hl=2 l= 13 cons: SEQUENCE
918:d=9 hl=2 l= 3 prim: OBJECT :countryName 974:d=9 hl=2 l= 3 prim: OBJECT :countryName
923:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada 979:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada
931:d=7 hl=2 l= 16 cons: SET 987:d=7 hl=2 l= 16 cons: SET
933:d=8 hl=2 l= 14 cons: SEQUENCE 989:d=8 hl=2 l= 14 cons: SEQUENCE
935:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 991:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
940:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario 996:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario
949:d=7 hl=2 l= 18 cons: SET 1005:d=7 hl=2 l= 18 cons: SET
951:d=8 hl=2 l= 16 cons: SEQUENCE 1007:d=8 hl=2 l= 16 cons: SEQUENCE
953:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName 1009:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
958:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman 1014:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman
969:d=7 hl=2 l= 36 cons: SET 1025:d=7 hl=2 l= 36 cons: SET
971:d=8 hl=2 l= 34 cons: SEQUENCE 1027:d=8 hl=2 l= 34 cons: SEQUENCE
973:d=9 hl=2 l= 3 prim: OBJECT :commonName 1029:d=9 hl=2 l= 3 prim: OBJECT :commonName
978:d=9 hl=2 l= 27 prim: UTF8STRING :highway-test.example.com 1034:d=9 hl=2 l= 27 prim: UTF8STRING :highway-test.example.com
1007:d=6 hl=2 l= 30 cons: SEQUENCE 1063:d=6 hl=2 l= 30 cons: SEQUENCE
1009:d=7 hl=2 l= 13 prim: UTCTIME :190212222241Z 1065:d=7 hl=2 l= 13 prim: UTCTIME :190212222241Z
1024:d=7 hl=2 l= 13 prim: UTCTIME :210211222241Z 1080:d=7 hl=2 l= 13 prim: UTCTIME :210211222241Z
1039:d=6 hl=2 l= 95 cons: SEQUENCE 1095:d=6 hl=2 l= 95 cons: SEQUENCE
1041:d=7 hl=2 l= 15 cons: SET 1097:d=7 hl=2 l= 15 cons: SET
1043:d=8 hl=2 l= 13 cons: SEQUENCE 1099:d=8 hl=2 l= 13 cons: SEQUENCE
1045:d=9 hl=2 l= 3 prim: OBJECT :countryName 1101:d=9 hl=2 l= 3 prim: OBJECT :countryName
1050:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada 1106:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada
1058:d=7 hl=2 l= 16 cons: SET 1114:d=7 hl=2 l= 16 cons: SET
1060:d=8 hl=2 l= 14 cons: SEQUENCE 1116:d=8 hl=2 l= 14 cons: SEQUENCE
1062:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 1118:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
1067:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario 1123:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario
1076:d=7 hl=2 l= 18 cons: SET 1132:d=7 hl=2 l= 18 cons: SET
1078:d=8 hl=2 l= 16 cons: SEQUENCE 1134:d=8 hl=2 l= 16 cons: SEQUENCE
1080:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName 1136:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
1085:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman 1141:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman
1096:d=7 hl=2 l= 38 cons: SET 1152:d=7 hl=2 l= 38 cons: SET
1098:d=8 hl=2 l= 36 cons: SEQUENCE 1154:d=8 hl=2 l= 36 cons: SEQUENCE
1100:d=9 hl=2 l= 3 prim: OBJECT :commonName 1156:d=9 hl=2 l= 3 prim: OBJECT :commonName
1105:d=9 hl=2 l= 29 prim: UTF8STRING :highway-test.example.com 1161:d=9 hl=2 l= 29 prim: UTF8STRING :highway-test.example.com
1136:d=6 hl=2 l= 89 cons: SEQUENCE 1192:d=6 hl=2 l= 89 cons: SEQUENCE
1138:d=7 hl=2 l= 19 cons: SEQUENCE 1194:d=7 hl=2 l= 19 cons: SEQUENCE
1140:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey 1196:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
1149:d=8 hl=2 l= 8 prim: OBJECT :prime256v1 1205:d=8 hl=2 l= 8 prim: OBJECT :prime256v1
1159:d=7 hl=2 l= 66 prim: BIT STRING 1215:d=7 hl=2 l= 66 prim: BIT STRING
1227:d=6 hl=2 l= 16 cons: cont [ 3 ] 1283:d=6 hl=2 l= 16 cons: cont [ 3 ]
1229:d=7 hl=2 l= 14 cons: SEQUENCE 1285:d=7 hl=2 l= 14 cons: SEQUENCE
1231:d=8 hl=2 l= 12 cons: SEQUENCE 1287:d=8 hl=2 l= 12 cons: SEQUENCE
1233:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 1289:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
1238:d=9 hl=2 l= 1 prim: BOOLEAN :255 1294:d=9 hl=2 l= 1 prim: BOOLEAN :255
1241:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 1297:d=9 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
1245:d=5 hl=2 l= 10 cons: SEQUENCE 1301:d=5 hl=2 l= 10 cons: SEQUENCE
1247:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 1303:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1257:d=5 hl=2 l= 105 prim: BIT STRING 1313:d=5 hl=2 l= 105 prim: BIT STRING
1364:d=3 hl=4 l= 315 cons: SET 1420:d=3 hl=4 l= 316 cons: SET
1368:d=4 hl=4 l= 311 cons: SEQUENCE 1424:d=4 hl=4 l= 312 cons: SEQUENCE
1372:d=5 hl=2 l= 1 prim: INTEGER :01 1428:d=5 hl=2 l= 1 prim: INTEGER :01
1375:d=5 hl=2 l= 101 cons: SEQUENCE 1431:d=5 hl=2 l= 101 cons: SEQUENCE
1377:d=6 hl=2 l= 93 cons: SEQUENCE 1433:d=6 hl=2 l= 93 cons: SEQUENCE
1379:d=7 hl=2 l= 15 cons: SET 1435:d=7 hl=2 l= 15 cons: SET
1381:d=8 hl=2 l= 13 cons: SEQUENCE 1437:d=8 hl=2 l= 13 cons: SEQUENCE
1383:d=9 hl=2 l= 3 prim: OBJECT :countryName 1439:d=9 hl=2 l= 3 prim: OBJECT :countryName
1388:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada 1444:d=9 hl=2 l= 6 prim: PRINTABLESTRING :Canada
1396:d=7 hl=2 l= 16 cons: SET 1452:d=7 hl=2 l= 16 cons: SET
1398:d=8 hl=2 l= 14 cons: SEQUENCE 1454:d=8 hl=2 l= 14 cons: SEQUENCE
1400:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 1456:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
1405:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario 1461:d=9 hl=2 l= 7 prim: UTF8STRING :Ontario
1414:d=7 hl=2 l= 18 cons: SET 1470:d=7 hl=2 l= 18 cons: SET
1416:d=8 hl=2 l= 16 cons: SEQUENCE 1472:d=8 hl=2 l= 16 cons: SEQUENCE
1418:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName 1474:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
1423:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman 1479:d=9 hl=2 l= 9 prim: UTF8STRING :Sandelman
1434:d=7 hl=2 l= 36 cons: SET 1490:d=7 hl=2 l= 36 cons: SET
1436:d=8 hl=2 l= 34 cons: SEQUENCE 1492:d=8 hl=2 l= 34 cons: SEQUENCE
1438:d=9 hl=2 l= 3 prim: OBJECT :commonName 1494:d=9 hl=2 l= 3 prim: OBJECT :commonName
1443:d=9 hl=2 l= 27 prim: UTF8STRING :highway-test.example.com 1499:d=9 hl=2 l= 27 prim: UTF8STRING :highway-test.example.com
1472:d=6 hl=2 l= 4 prim: INTEGER :1B995F54 1528:d=6 hl=2 l= 4 prim: INTEGER :1B995F54
1478:d=5 hl=2 l= 11 cons: SEQUENCE 1534:d=5 hl=2 l= 11 cons: SEQUENCE
1480:d=6 hl=2 l= 9 prim: OBJECT :sha256 1536:d=6 hl=2 l= 9 prim: OBJECT :sha256
1491:d=5 hl=2 l= 105 cons: cont [ 0 ] 1547:d=5 hl=2 l= 105 cons: cont [ 0 ]
1493:d=6 hl=2 l= 24 cons: SEQUENCE 1549:d=6 hl=2 l= 24 cons: SEQUENCE
1495:d=7 hl=2 l= 9 prim: OBJECT :contentType 1551:d=7 hl=2 l= 9 prim: OBJECT :contentType
1506:d=7 hl=2 l= 11 cons: SET 1562:d=7 hl=2 l= 11 cons: SET
1508:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data 1564:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
1519:d=6 hl=2 l= 28 cons: SEQUENCE 1575:d=6 hl=2 l= 28 cons: SEQUENCE
1521:d=7 hl=2 l= 9 prim: OBJECT :signingTime 1577:d=7 hl=2 l= 9 prim: OBJECT :signingTime
1532:d=7 hl=2 l= 15 cons: SET 1588:d=7 hl=2 l= 15 cons: SET
1534:d=8 hl=2 l= 13 prim: UTCTIME :200203065104Z 1590:d=8 hl=2 l= 13 prim: UTCTIME :200225213312Z
1549:d=6 hl=2 l= 47 cons: SEQUENCE 1605:d=6 hl=2 l= 47 cons: SEQUENCE
1551:d=7 hl=2 l= 9 prim: OBJECT :messageDigest 1607:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
1562:d=7 hl=2 l= 34 cons: SET 1618:d=7 hl=2 l= 34 cons: SET
1564:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:B1BC5E738CBBF3 1620:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:146846F9F378D9
1598:d=5 hl=2 l= 10 cons: SEQUENCE 1654:d=5 hl=2 l= 10 cons: SEQUENCE
1600:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 1656:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1610:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:3045022100D28F 1666:d=5 hl=2 l= 72 prim: OCTET STRING [HEX DUMP]:30460221008ECD
Appendix D. Additional References Appendix D. Additional References
RFC EDITOR Please remove this section before publication. It exists RFC EDITOR Please remove this section before publication. It exists
just to include references to the things in the YANG descriptions just to include references to the things in the YANG descriptions
which are not otherwise referenced in the text so that xml2rfc will which are not otherwise referenced in the text so that xml2rfc will
not complain. not complain.
[ITU.X690.1994] [ITU.X690.1994]
 End of changes. 56 change blocks. 
656 lines changed or deleted 793 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/