File: fpki.go

package info (click to toggle)
golang-github-zmap-zcrypto 0.0~git20240512.0fef58d-2
links: PTS, VCS
area: main
in suites: forky, sid, trixie
size: 6,856 kB
sloc: python: 567; sh: 124; makefile: 9
file content (2872 lines) | stat: -rw-r--r-- 156,583 bytes
/*
 * ZCrypto Copyright 2017 Regents of the University of Michigan
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy
 * of the License at http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */

package certificates

// HexSPKISubjectFingerprintDoDRootCA3 is the hex of the SPKI Subject
// Fingerprint for the DoD Root CA 3.
const HexSPKISubjectFingerprintDoDRootCA3 = "e90ccfd162ae66b7d6e9771abf6c461837c813a5589f693b65c66c3803cf8f4c"

// HexSPKISubjectFingerprintDoDInteropCA2 is the hex of the SPKI Subject
// Fingerprint for the DoD Interoperability CA 2.
const HexSPKISubjectFingerprintDoDInteropCA2 = "a55a05216a8f75908ceec798c466e892cd5b505767d057b2204daa111de0c809"

// HexSPKISubjectFingerprintFederalBridgeCA is the hex of the SPKI Subject
// Fingerprint for the Federal Bridge CA.
const HexSPKISubjectFingerprintFederalBridgeCA = "3d12afc9ed8e531eac28d6ac979b629a2472a585bd18fcfddb0084f1997fa362"

// HexSPKISubjectFingerprintFederalBridgeCA2013 is the hex of the SPKI Subject
// Fingerprint of the Federal Bridge CA 2013.
const HexSPKISubjectFingerprintFederalBridgeCA2013 = "219718a39232361f3e20d793a57d73897c59baecfd1c358aedcab87b5ab396d8"

// HexSPKISubjectFingerprintFederalBridgeCA2016 is the hex of the SPKI Subject
// Fingerprint of the Federal Bridge CA 2016.
const HexSPKISubjectFingerprintFederalBridgeCA2016 = "d02e526c39cc5919006349e57a3f42bccffec8d422964edba1ebdbb43b06a1ce"

// HexSPKISubjectFingerprintFederalCommonPolicyCA is the hex of the SPKI Subject
// Fingerprint of the Federal Common Policy CA.
const HexSPKISubjectFingerprintFederalCommonPolicyCA = "be701d4acacaba917b5b936a8aa40e1970827df3b95a70b3c1fe99d4fea0b3c5"

// PEMDoDRootCA3SignedBySelf is the "DoD Root CA 3" self-signed certificate.
const PEMDoDRootCA3SignedBySelf = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3
        Validity
            Not Before: Mar 20 18:46:41 2012 GMT
            Not After : Dec 30 18:46:41 2029 GMT
        Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:a9:ec:14:72:8a:e8:4b:70:a3:da:10:03:84:a6:
                    fb:a7:36:0d:2a:3a:52:16:bf:30:15:52:86:05:47:
                    20:cf:aa:a6:cd:75:c4:64:6e:ef:f1:60:23:cb:0a:
                    66:40:ae:b4:c8:68:2a:00:51:68:49:37:e9:59:32:
                    4d:95:bc:43:27:e9:40:8d:3a:10:ce:14:bc:43:18:
                    a1:f9:de:cc:e7:85:76:73:5e:18:1a:23:5b:bd:3f:
                    1f:f2:ed:8d:19:cc:03:d1:40:a4:8f:a7:20:02:4c:
                    27:5a:79:36:f6:a3:37:21:8e:00:5a:06:16:ca:d3:
                    55:96:6f:31:29:bb:72:0e:cb:e2:48:51:f2:d4:37:
                    a4:35:d6:6f:ee:17:b3:b1:06:ab:0b:19:86:e8:23:
                    6d:31:1b:28:78:65:c5:de:62:52:bc:c1:7d:eb:ee:
                    a0:5d:54:04:fb:b2:cb:2b:b2:23:54:91:82:4c:f0:
                    bf:ba:74:40:3b:0c:04:45:80:67:5c:c5:eb:a2:57:
                    c3:1a:7f:0a:2d:bd:7f:b9:dc:c1:99:b0:c8:07:e4:
                    0c:86:36:94:3a:25:2f:f2:7d:e6:97:3c:1b:94:b4:
                    97:59:06:c9:3a:e4:0b:d9:ea:e9:fc:3b:73:34:6f:
                    fd:e7:98:e4:f3:a1:c2:90:5f:1c:f5:3f:2e:d7:19:
                    d3:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:8A:94:A2:77:B1:80:72:1D:81:7A:16:AA:F2:DC:CE:66:EE:45:C0
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
        9f:71:a4:c0:b6:96:d2:80:43:a0:48:e9:1f:76:04:f9:c5:3c:
        ad:66:18:58:63:9b:c3:b6:e8:68:8a:85:5a:42:66:12:b4:d2:
        e6:8b:88:7f:87:f4:98:f5:a8:c6:09:c9:1f:f0:2c:1f:ec:82:
        b8:f4:a5:47:38:c1:33:2b:df:4c:7e:9a:be:0b:0b:b1:cb:0f:
        7c:50:28:10:cf:8a:8d:a2:e9:ba:ac:86:d7:d4:b1:93:5f:22:
        8f:96:05:b4:4e:0c:75:91:7d:d3:f2:e7:94:c2:94:14:76:4f:
        8f:0c:ab:10:87:58:32:85:07:75:86:12:0b:5e:ea:53:b4:0a:
        c8:4c:84:92:1f:eb:e8:41:86:3c:ba:f4:4e:41:4a:d1:6c:58:
        47:41:c3:86:5a:f2:ee:e9:f2:98:27:82:ea:2e:36:d6:f8:06:
        5e:82:f1:a0:52:93:44:09:ba:d2:a9:19:5a:58:a3:a8:5d:20:
        6d:4f:64:f8:30:87:1b:90:13:48:81:cd:ca:90:c7:0d:c1:d4:
        98:3f:8e:f2:0e:57:68:33:12:8e:99:09:b1:f0:e4:f6:10:f4:
        36:f2:49:bd:ea:a3:38:c8:56:41:23:83:9a:df:a1:1b:35:7c:
        eb:3f:41:b3:f5:6f:4b:3a:5e:ae:6f:93:76:98:d2:f1:99:9d:
        45:c4:8e:72
-----BEGIN CERTIFICATE-----
MIIDczCCAlugAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEY
MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
A1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xMjAzMjAxODQ2NDFaFw0y
OTEyMzAxODQ2NDFaMFsxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1Eb0Qg
Um9vdCBDQSAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqewUcoro
S3Cj2hADhKb7pzYNKjpSFr8wFVKGBUcgz6qmzXXEZG7v8WAjywpmQK60yGgqAFFo
STfpWTJNlbxDJ+lAjToQzhS8Qxih+d7M54V2c14YGiNbvT8f8u2NGcwD0UCkj6cg
AkwnWnk29qM3IY4AWgYWytNVlm8xKbtyDsviSFHy1DekNdZv7hezsQarCxmG6CNt
MRsoeGXF3mJSvMF96+6gXVQE+7LLK7IjVJGCTPC/unRAOwwERYBnXMXrolfDGn8K
Lb1/udzBmbDIB+QMhjaUOiUv8n3mlzwblLSXWQbJOuQL2erp/DtzNG/955jk86HC
kF8c9T8u1xnTfwIDAQABo0IwQDAdBgNVHQ4EFgQUbIqUonexgHIdgXoWqvLczmbu
RcAwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggEBAJ9xpMC2ltKAQ6BI6R92BPnFPK1mGFhjm8O26GiKhVpCZhK00uaLiH+H
9Jj1qMYJyR/wLB/sgrj0pUc4wTMr30x+mr4LC7HLD3xQKBDPio2i6bqshtfUsZNf
Io+WBbRODHWRfdPy55TClBR2T48MqxCHWDKFB3WGEgte6lO0CshMhJIf6+hBhjy6
9E5BStFsWEdBw4Za8u7p8pgnguouNtb4Bl6C8aBSk0QJutKpGVpYo6hdIG1PZPgw
hxuQE0iBzcqQxw3B1Jg/jvIOV2gzEo6ZCbHw5PYQ9DbySb3qozjIVkEjg5rfoRs1
fOs/QbP1b0s6Xq5vk3aY0vGZnUXEjnI=
-----END CERTIFICATE-----
`

// HexHashDoDRootCA3SignedBySelf is the hex SHA256 fingerprint of
// DoDRootCA3SignedBySelf.
const HexHashDoDRootCA3SignedBySelf = "b107b33f453e5510f68e513110c6f6944bacc263df0137f821c1b3c2f8f863d2"

// PEMDoDRootCA3SignedByDoDInteropCA2Serial655 is the PEM of a certificate for
// the DoD Root CA 3 signed by DoD Interoperability CA 2 with serial number 655.
const PEMDoDRootCA3SignedByDoDInteropCA2Serial655 string = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 655 (0x28f)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Interoperability Root CA 2
        Validity
            Not Before: Sep 23 16:37:25 2015 GMT
            Not After : Sep 23 16:37:25 2018 GMT
        Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:a9:ec:14:72:8a:e8:4b:70:a3:da:10:03:84:a6:
                    fb:a7:36:0d:2a:3a:52:16:bf:30:15:52:86:05:47:
                    20:cf:aa:a6:cd:75:c4:64:6e:ef:f1:60:23:cb:0a:
                    66:40:ae:b4:c8:68:2a:00:51:68:49:37:e9:59:32:
                    4d:95:bc:43:27:e9:40:8d:3a:10:ce:14:bc:43:18:
                    a1:f9:de:cc:e7:85:76:73:5e:18:1a:23:5b:bd:3f:
                    1f:f2:ed:8d:19:cc:03:d1:40:a4:8f:a7:20:02:4c:
                    27:5a:79:36:f6:a3:37:21:8e:00:5a:06:16:ca:d3:
                    55:96:6f:31:29:bb:72:0e:cb:e2:48:51:f2:d4:37:
                    a4:35:d6:6f:ee:17:b3:b1:06:ab:0b:19:86:e8:23:
                    6d:31:1b:28:78:65:c5:de:62:52:bc:c1:7d:eb:ee:
                    a0:5d:54:04:fb:b2:cb:2b:b2:23:54:91:82:4c:f0:
                    bf:ba:74:40:3b:0c:04:45:80:67:5c:c5:eb:a2:57:
                    c3:1a:7f:0a:2d:bd:7f:b9:dc:c1:99:b0:c8:07:e4:
                    0c:86:36:94:3a:25:2f:f2:7d:e6:97:3c:1b:94:b4:
                    97:59:06:c9:3a:e4:0b:d9:ea:e9:fc:3b:73:34:6f:
                    fd:e7:98:e4:f3:a1:c2:90:5f:1c:f5:3f:2e:d7:19:
                    d3:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:FF:F8:AE:13:8B:92:2B:79:92:41:A3:76:5C:2C:81:9E:9A:C5:9C:78

            X509v3 Subject Key Identifier:
                6C:8A:94:A2:77:B1:80:72:1D:81:7A:16:AA:F2:DC:CE:66:EE:45:C0
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:
                URI:http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA2.crl

            Authority Information Access:
                CA Issuers - URI:http://crl.disa.mil/issuedto/DODINTEROPERABILITYROOTCA2_IT.p7c
                OCSP - URI:http://ocsp.disa.mil

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.2.1.11.36
                Policy: 2.16.840.1.101.2.1.11.39
                Policy: 2.16.840.1.101.2.1.11.42
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.17

            X509v3 Policy Constraints: critical
                Require Explicit Policy:0
            Subject Information Access:
                CA Repository - URI:http://crl.disa.mil/issuedby/DODROOTCA3_IB.p7c

    Signature Algorithm: sha256WithRSAEncryption
        8c:30:87:13:a9:7d:fb:98:fc:50:ca:a1:20:8a:9c:10:7b:0c:
        c4:d7:0c:d9:4d:5e:36:26:24:ed:2b:5f:75:ed:9a:0a:b8:e9:
        6e:5f:20:a3:19:ef:39:24:3e:9e:a2:e1:19:c5:b3:53:fc:58:
        e6:8e:ca:84:fa:cd:35:94:38:6d:f2:e3:3e:04:31:dc:7b:ec:
        d5:fc:3a:2e:34:46:1c:e4:50:c1:74:ce:e9:fc:87:89:21:a6:
        a5:27:a2:9f:fb:f0:88:3a:d8:95:a4:d1:b9:78:d0:fd:c3:54:
        1a:b9:8d:9f:df:af:b6:60:96:8c:66:bb:55:92:d9:08:53:94:
        ca:35:f4:e3:87:93:2a:64:e3:ba:69:d1:5c:f3:1d:2e:7b:1c:
        4f:3a:95:c2:f6:b3:bc:e0:40:c8:83:c2:9e:3d:50:02:cf:7b:
        eb:f4:2d:b2:06:98:2d:07:5d:d3:06:2a:de:6e:e1:4d:57:0c:
        81:b6:08:e4:18:98:22:ce:44:94:00:b6:7f:ae:8d:84:57:66:
        40:b5:b6:67:95:67:41:53:4b:8b:e9:3f:e7:28:e9:b2:80:dd:
        7d:d9:7c:89:40:2e:55:e1:45:5f:d5:47:6a:9b:b6:34:03:97:
        5e:32:a5:ec:3e:02:d6:49:a5:c9:4f:85:21:d8:f8:0e:9f:a8:
        2d:6c:02:f0
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgICAo8wDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
EwNQS0kxJzAlBgNVBAMTHkRvRCBJbnRlcm9wZXJhYmlsaXR5IFJvb3QgQ0EgMjAe
Fw0xNTA5MjMxNjM3MjVaFw0xODA5MjMxNjM3MjVaMFsxCzAJBgNVBAYTAlVTMRgw
FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD
UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSAzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAqewUcoroS3Cj2hADhKb7pzYNKjpSFr8wFVKGBUcgz6qmzXXE
ZG7v8WAjywpmQK60yGgqAFFoSTfpWTJNlbxDJ+lAjToQzhS8Qxih+d7M54V2c14Y
GiNbvT8f8u2NGcwD0UCkj6cgAkwnWnk29qM3IY4AWgYWytNVlm8xKbtyDsviSFHy
1DekNdZv7hezsQarCxmG6CNtMRsoeGXF3mJSvMF96+6gXVQE+7LLK7IjVJGCTPC/
unRAOwwERYBnXMXrolfDGn8KLb1/udzBmbDIB+QMhjaUOiUv8n3mlzwblLSXWQbJ
OuQL2erp/DtzNG/955jk86HCkF8c9T8u1xnTfwIDAQABo4IB1zCCAdMwHwYDVR0j
BBgwFoAU//iuE4uSK3mSQaN2XCyBnprFnHgwHQYDVR0OBBYEFGyKlKJ3sYByHYF6
Fqry3M5m7kXAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMEcGA1Ud
HwRAMD4wPKA6oDiGNmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRElOVEVST1BF
UkFCSUxJVFlST09UQ0EyLmNybDB8BggrBgEFBQcBAQRwMG4wSgYIKwYBBQUHMAKG
Pmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9ESU5URVJPUEVSQUJJTElU
WVJPT1RDQTJfSVQucDdjMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1p
bDBMBgNVHSAERTBDMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJYIZIAWUC
AQsqMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDETAPBgNVHSQBAf8EBTADgAEA
MEoGCCsGAQUFBwELBD4wPDA6BggrBgEFBQcwBYYuaHR0cDovL2NybC5kaXNhLm1p
bC9pc3N1ZWRieS9ET0RST09UQ0EzX0lCLnA3YzANBgkqhkiG9w0BAQsFAAOCAQEA
jDCHE6l9+5j8UMqhIIqcEHsMxNcM2U1eNiYk7Stfde2aCrjpbl8goxnvOSQ+nqLh
GcWzU/xY5o7KhPrNNZQ4bfLjPgQx3Hvs1fw6LjRGHORQwXTO6fyHiSGmpSein/vw
iDrYlaTRuXjQ/cNUGrmNn9+vtmCWjGa7VZLZCFOUyjX044eTKmTjumnRXPMdLnsc
TzqVwvazvOBAyIPCnj1QAs976/QtsgaYLQdd0wYq3m7hTVcMgbYI5BiYIs5ElAC2
f66NhFdmQLW2Z5VnQVNLi+k/5yjpsoDdfdl8iUAuVeFFX9VHapu2NAOXXjKl7D4C
1kmlyU+FIdj4Dp+oLWwC8A==
-----END CERTIFICATE-----
`

// HexHashDoDRootCA3SignedByDoDInteropCA2Serial655 is the hex SHA256
// fingerprint of DoDRootCA3SignedByDoDInteropCA2Serial655.
const HexHashDoDRootCA3SignedByDoDInteropCA2Serial655 = "fc326b6b92fd2a3dd0c2961428672bf10f974552319f6930c62c6c791d18e84a"

// PEMDoDRootCA3SignedByDoDInteropCA2Serial748 is the certificate for the DoD
// Root CA 3 signed by the DoD Interoperability CA 2 with serial number 748.
const PEMDoDRootCA3SignedByDoDInteropCA2Serial748 = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 748 (0x2ec)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Interoperability Root CA 2
        Validity
            Not Before: Feb 17 14:32:11 2016 GMT
            Not After : Feb 17 14:32:11 2019 GMT
        Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:a9:ec:14:72:8a:e8:4b:70:a3:da:10:03:84:a6:
                    fb:a7:36:0d:2a:3a:52:16:bf:30:15:52:86:05:47:
                    20:cf:aa:a6:cd:75:c4:64:6e:ef:f1:60:23:cb:0a:
                    66:40:ae:b4:c8:68:2a:00:51:68:49:37:e9:59:32:
                    4d:95:bc:43:27:e9:40:8d:3a:10:ce:14:bc:43:18:
                    a1:f9:de:cc:e7:85:76:73:5e:18:1a:23:5b:bd:3f:
                    1f:f2:ed:8d:19:cc:03:d1:40:a4:8f:a7:20:02:4c:
                    27:5a:79:36:f6:a3:37:21:8e:00:5a:06:16:ca:d3:
                    55:96:6f:31:29:bb:72:0e:cb:e2:48:51:f2:d4:37:
                    a4:35:d6:6f:ee:17:b3:b1:06:ab:0b:19:86:e8:23:
                    6d:31:1b:28:78:65:c5:de:62:52:bc:c1:7d:eb:ee:
                    a0:5d:54:04:fb:b2:cb:2b:b2:23:54:91:82:4c:f0:
                    bf:ba:74:40:3b:0c:04:45:80:67:5c:c5:eb:a2:57:
                    c3:1a:7f:0a:2d:bd:7f:b9:dc:c1:99:b0:c8:07:e4:
                    0c:86:36:94:3a:25:2f:f2:7d:e6:97:3c:1b:94:b4:
                    97:59:06:c9:3a:e4:0b:d9:ea:e9:fc:3b:73:34:6f:
                    fd:e7:98:e4:f3:a1:c2:90:5f:1c:f5:3f:2e:d7:19:
                    d3:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:FF:F8:AE:13:8B:92:2B:79:92:41:A3:76:5C:2C:81:9E:9A:C5:9C:78

            X509v3 Subject Key Identifier:
                6C:8A:94:A2:77:B1:80:72:1D:81:7A:16:AA:F2:DC:CE:66:EE:45:C0
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:
                URI:http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA2.crl

            Authority Information Access:
                CA Issuers - URI:http://crl.disa.mil/issuedto/DODINTEROPERABILITYROOTCA2_IT.p7c
                OCSP - URI:http://ocsp.disa.mil

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.2.1.11.36
                Policy: 2.16.840.1.101.2.1.11.39
                Policy: 2.16.840.1.101.2.1.11.42
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.17
                Policy: 2.16.840.1.101.3.2.1.3.39

            X509v3 Policy Constraints: critical
                Require Explicit Policy:0
            Subject Information Access:
                CA Repository - URI:http://crl.disa.mil/issuedby/DODROOTCA3_IB.p7c

    Signature Algorithm: sha256WithRSAEncryption
        77:f6:ef:07:25:8d:e5:85:60:05:6a:39:83:fb:1c:c4:da:6f:
        d7:91:78:0d:16:cb:d9:a6:6d:37:94:1d:c7:44:71:d1:e9:41:
        8f:d2:bb:05:02:52:75:47:0a:10:84:ce:4d:e7:e4:04:5d:42:
        1e:21:39:c5:88:e3:0a:b6:50:05:31:3f:8f:d0:8c:56:75:d4:
        43:3e:fe:df:1c:4d:86:97:70:e7:22:62:3f:40:76:96:66:86:
        41:8f:17:01:29:30:b7:0a:a7:9f:6a:a2:41:be:88:a7:fa:59:
        75:2f:f3:de:e6:a4:f0:f4:2c:60:65:0f:74:c5:65:5c:b4:bd:
        d2:c7:e7:33:d8:74:16:d2:ff:a9:29:c7:8d:d0:c7:23:04:3a:
        e9:eb:1b:6f:9a:59:24:3e:86:5f:e5:9e:0d:ac:c3:2c:6b:c0:
        64:30:01:eb:13:5d:aa:a7:f6:31:9e:88:fd:29:db:ba:e5:54:
        a6:86:c2:1e:8e:34:77:02:ea:1f:6c:cc:f6:0b:83:e6:27:8b:
        b0:4a:88:92:5c:3a:39:10:8b:c9:48:c9:e3:1b:34:1e:41:43:
        6e:95:de:b0:c7:97:f0:a5:e2:93:0c:de:6a:df:72:9d:be:3e:
        ee:4c:62:9c:10:b0:ed:2b:fb:c6:95:f8:4a:24:1e:8e:29:1b:
        dc:93:f5:e4
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgICAuwwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
EwNQS0kxJzAlBgNVBAMTHkRvRCBJbnRlcm9wZXJhYmlsaXR5IFJvb3QgQ0EgMjAe
Fw0xNjAyMTcxNDMyMTFaFw0xOTAyMTcxNDMyMTFaMFsxCzAJBgNVBAYTAlVTMRgw
FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMD
UEtJMRYwFAYDVQQDEw1Eb0QgUm9vdCBDQSAzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAqewUcoroS3Cj2hADhKb7pzYNKjpSFr8wFVKGBUcgz6qmzXXE
ZG7v8WAjywpmQK60yGgqAFFoSTfpWTJNlbxDJ+lAjToQzhS8Qxih+d7M54V2c14Y
GiNbvT8f8u2NGcwD0UCkj6cgAkwnWnk29qM3IY4AWgYWytNVlm8xKbtyDsviSFHy
1DekNdZv7hezsQarCxmG6CNtMRsoeGXF3mJSvMF96+6gXVQE+7LLK7IjVJGCTPC/
unRAOwwERYBnXMXrolfDGn8KLb1/udzBmbDIB+QMhjaUOiUv8n3mlzwblLSXWQbJ
OuQL2erp/DtzNG/955jk86HCkF8c9T8u1xnTfwIDAQABo4IB5TCCAeEwHwYDVR0j
BBgwFoAU//iuE4uSK3mSQaN2XCyBnprFnHgwHQYDVR0OBBYEFGyKlKJ3sYByHYF6
Fqry3M5m7kXAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMEcGA1Ud
HwRAMD4wPKA6oDiGNmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRElOVEVST1BF
UkFCSUxJVFlST09UQ0EyLmNybDB8BggrBgEFBQcBAQRwMG4wSgYIKwYBBQUHMAKG
Pmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVkdG8vRE9ESU5URVJPUEVSQUJJTElU
WVJPT1RDQTJfSVQucDdjMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1p
bDBaBgNVHSAEUzBRMAsGCWCGSAFlAgELJDALBglghkgBZQIBCycwCwYJYIZIAWUC
AQsqMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMnMA8G
A1UdJAEB/wQFMAOAAQAwSgYIKwYBBQUHAQsEPjA8MDoGCCsGAQUFBzAFhi5odHRw
Oi8vY3JsLmRpc2EubWlsL2lzc3VlZGJ5L0RPRFJPT1RDQTNfSUIucDdjMA0GCSqG
SIb3DQEBCwUAA4IBAQB39u8HJY3lhWAFajmD+xzE2m/XkXgNFsvZpm03lB3HRHHR
6UGP0rsFAlJ1RwoQhM5N5+QEXUIeITnFiOMKtlAFMT+P0IxWddRDPv7fHE2Gl3Dn
ImI/QHaWZoZBjxcBKTC3CqefaqJBvoin+ll1L/Pe5qTw9CxgZQ90xWVctL3Sx+cz
2HQW0v+pKceN0McjBDrp6xtvmlkkPoZf5Z4NrMMsa8BkMAHrE12qp/Yxnoj9Kdu6
5VSmhsIejjR3AuofbMz2C4PmJ4uwSoiSXDo5EIvJSMnjGzQeQUNuld6wx5fwpeKT
DN5q33Kdvj7uTGKcELDtK/vGlfhKJB6OKRvck/Xk
-----END CERTIFICATE-----
`

// HexHashDoDRootCA3SignedByDoDInteropCA2Serial748 is the hex SHA256
// fingerprint of DoDRootCA3SignedByDoDInteropCA2Serial748.
const HexHashDoDRootCA3SignedByDoDInteropCA2Serial748 = "42e59ccbf68c413a10dd1bb6bc41a930bf1228e16905d9301559cfc4083d589b"

// PEMDoDRootCA3SignedByCCEBInteropRootCA2 is the certificate for DoD Root CA 3
// signed by the DoD CCEB Interoperability Root CA 2.
const PEMDoDRootCA3SignedByCCEBInteropRootCA2 = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 28 (0x1c)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=US DoD CCEB Interoperability Root CA 2
        Validity
            Not Before: Sep 27 12:41:41 2016 GMT
            Not After : Sep 27 12:41:41 2019 GMT
        Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:a9:ec:14:72:8a:e8:4b:70:a3:da:10:03:84:a6:
                    fb:a7:36:0d:2a:3a:52:16:bf:30:15:52:86:05:47:
                    20:cf:aa:a6:cd:75:c4:64:6e:ef:f1:60:23:cb:0a:
                    66:40:ae:b4:c8:68:2a:00:51:68:49:37:e9:59:32:
                    4d:95:bc:43:27:e9:40:8d:3a:10:ce:14:bc:43:18:
                    a1:f9:de:cc:e7:85:76:73:5e:18:1a:23:5b:bd:3f:
                    1f:f2:ed:8d:19:cc:03:d1:40:a4:8f:a7:20:02:4c:
                    27:5a:79:36:f6:a3:37:21:8e:00:5a:06:16:ca:d3:
                    55:96:6f:31:29:bb:72:0e:cb:e2:48:51:f2:d4:37:
                    a4:35:d6:6f:ee:17:b3:b1:06:ab:0b:19:86:e8:23:
                    6d:31:1b:28:78:65:c5:de:62:52:bc:c1:7d:eb:ee:
                    a0:5d:54:04:fb:b2:cb:2b:b2:23:54:91:82:4c:f0:
                    bf:ba:74:40:3b:0c:04:45:80:67:5c:c5:eb:a2:57:
                    c3:1a:7f:0a:2d:bd:7f:b9:dc:c1:99:b0:c8:07:e4:
                    0c:86:36:94:3a:25:2f:f2:7d:e6:97:3c:1b:94:b4:
                    97:59:06:c9:3a:e4:0b:d9:ea:e9:fc:3b:73:34:6f:
                    fd:e7:98:e4:f3:a1:c2:90:5f:1c:f5:3f:2e:d7:19:
                    d3:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:16:2B:91:DA:E2:17:0C:96:AB:5C:7D:DE:7D:48:F2:5D:A8:00:AC:E7

            X509v3 Subject Key Identifier:
                6C:8A:94:A2:77:B1:80:72:1D:81:7A:16:AA:F2:DC:CE:66:EE:45:C0
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.2.1.11.36
                Policy: 2.16.840.1.101.2.1.11.39
                Policy: 2.16.840.1.101.2.1.11.42

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Policy Constraints: critical
                Require Explicit Policy:0
            X509v3 CRL Distribution Points:
                URI:http://crl.disa.mil/crl/USDODCCEBINTEROPERABILITYROOTCA2.crl

            Authority Information Access:
                CA Issuers - URI:http://crl.disa.mil/issuedto/USDODCCEBINTEROPERABILITYROOTCA2_IT.p7c
                OCSP - URI:http://ocsp.disa.mil

            Subject Information Access:
                CA Repository - URI:http://crl.disa.mil/issuedby/DODROOTCA3_IB.p7c

    Signature Algorithm: sha256WithRSAEncryption
        47:e1:98:48:c9:7c:2a:1f:60:aa:17:fc:51:bf:57:e1:46:1d:
        6e:af:2a:47:64:47:d3:f8:23:2c:d0:6f:aa:ae:4c:93:95:b6:
        18:da:f4:1a:b1:97:e9:09:1e:10:b2:12:66:a5:7c:03:15:e5:
        b1:ff:98:7b:c2:11:d3:1f:3c:fa:97:43:cb:bc:83:66:1e:01:
        fd:86:fd:c3:c8:0f:bb:0f:ca:82:72:77:d5:7f:08:7e:ba:b1:
        d3:27:03:3a:d9:94:81:9d:f8:44:17:b1:bf:20:2e:e8:8e:d3:
        67:d6:8d:e6:f6:54:bc:7f:fa:cd:37:3d:f6:e6:f8:dd:b6:01:
        89:b4:a8:b9:7c:a1:40:e4:2b:00:d5:78:be:a1:27:f1:26:48:
        44:e7:f9:11:c4:dc:df:59:7b:86:70:c4:62:0a:44:79:aa:74:
        5f:25:ac:2f:9f:7a:d1:d7:f2:85:86:83:89:e4:20:24:57:9f:
        e7:b5:f0:be:d0:c6:2d:94:ae:f9:01:6a:f3:b6:69:b1:4a:73:
        76:33:a2:72:5a:5a:2a:96:8b:54:3e:f4:de:90:78:61:88:17:
        e5:db:8c:4f:a6:13:f7:10:f8:8d:a5:b4:2d:7f:b2:19:65:7f:
        15:fc:4f:08:8a:0f:06:a5:62:a9:b3:9a:ee:2f:b1:97:31:b2:
        04:c2:e4:47
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIBHDANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJVUzEY
MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT
A1BLSTEvMC0GA1UEAxMmVVMgRG9EIENDRUIgSW50ZXJvcGVyYWJpbGl0eSBSb290
IENBIDIwHhcNMTYwOTI3MTI0MTQxWhcNMTkwOTI3MTI0MTQxWjBbMQswCQYDVQQG
EwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAK
BgNVBAsTA1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAKnsFHKK6Etwo9oQA4Sm+6c2DSo6Uha/MBVShgVH
IM+qps11xGRu7/FgI8sKZkCutMhoKgBRaEk36VkyTZW8QyfpQI06EM4UvEMYofne
zOeFdnNeGBojW70/H/LtjRnMA9FApI+nIAJMJ1p5NvajNyGOAFoGFsrTVZZvMSm7
cg7L4khR8tQ3pDXWb+4Xs7EGqwsZhugjbTEbKHhlxd5iUrzBfevuoF1UBPuyyyuy
I1SRgkzwv7p0QDsMBEWAZ1zF66JXwxp/Ci29f7ncwZmwyAfkDIY2lDolL/J95pc8
G5S0l1kGyTrkC9nq6fw7czRv/eeY5POhwpBfHPU/LtcZ038CAwEAAaOCAcgwggHE
MB8GA1UdIwQYMBaAFBYrkdriFwyWq1x93n1I8l2oAKznMB0GA1UdDgQWBBRsipSi
d7GAch2Behaq8tzOZu5FwDAOBgNVHQ8BAf8EBAMCAQYwMAYDVR0gBCkwJzALBglg
hkgBZQIBCyQwCwYJYIZIAWUCAQsnMAsGCWCGSAFlAgELKjAPBgNVHRMBAf8EBTAD
AQH/MA8GA1UdJAEB/wQFMAOAAQAwTQYDVR0fBEYwRDBCoECgPoY8aHR0cDovL2Ny
bC5kaXNhLm1pbC9jcmwvVVNET0RDQ0VCSU5URVJPUEVSQUJJTElUWVJPT1RDQTIu
Y3JsMIGCBggrBgEFBQcBAQR2MHQwUAYIKwYBBQUHMAKGRGh0dHA6Ly9jcmwuZGlz
YS5taWwvaXNzdWVkdG8vVVNET0RDQ0VCSU5URVJPUEVSQUJJTElUWVJPT1RDQTJf
SVQucDdjMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDBKBggrBgEF
BQcBCwQ+MDwwOgYIKwYBBQUHMAWGLmh0dHA6Ly9jcmwuZGlzYS5taWwvaXNzdWVk
YnkvRE9EUk9PVENBM19JQi5wN2MwDQYJKoZIhvcNAQELBQADggEBAEfhmEjJfCof
YKoX/FG/V+FGHW6vKkdkR9P4IyzQb6quTJOVthja9Bqxl+kJHhCyEmalfAMV5bH/
mHvCEdMfPPqXQ8u8g2YeAf2G/cPID7sPyoJyd9V/CH66sdMnAzrZlIGd+EQXsb8g
LuiO02fWjeb2VLx/+s03Pfbm+N22AYm0qLl8oUDkKwDVeL6hJ/EmSETn+RHE3N9Z
e4ZwxGIKRHmqdF8lrC+fetHX8oWGg4nkICRXn+e18L7Qxi2UrvkBavO2abFKc3Yz
onJaWiqWi1Q+9N6QeGGIF+XbjE+mE/cQ+I2ltC1/shllfxX8TwiKDwalYqmzmu4v
sZcxsgTC5Ec=
-----END CERTIFICATE-----
`

// HexHashDoDRootCA3SignedByCCEBInteropRootCA2 is the hex SHA256 fingerprint
// ofDoDRootCA3SignedByCCEBInteropRootCA2.
const HexHashDoDRootCA3SignedByCCEBInteropRootCA2 = "925820ceae31ca372175d0eda58063e0bf8d7f6bd1a6de007d22861bb6270b62"

// PEMDoDInteropCA2SignedByFederalBridgeCA2016 is a certificate for the DoD
// Interoperability CA 2 signed by the Federal Bridge CA 2016.
const PEMDoDInteropCA2SignedByFederalBridgeCA2016 = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:d1:6f:14:b3:c9:52:02:58:ab:27:af:8e:14:a9:72:c7:d5:b3:91
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA 2016
        Validity
            Not Before: May 10 15:35:12 2017 GMT
            Not After : Aug 15 15:34:38 2019 GMT
        Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Interoperability Root CA 2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:f7:c6:d0:83:93:e6:0b:83:29:e8:28:3b:b6:4a:
                    e0:ac:8c:9e:b4:55:c3:df:18:7e:e2:b3:73:72:b4:
                    68:a1:66:d8:98:63:ea:be:8f:5e:c0:0e:11:ad:7f:
                    d2:f3:a5:25:2f:ee:7e:a3:d8:90:8d:4b:21:60:d3:
                    df:3f:85:1b:fc:43:17:bd:ac:cd:d1:fe:e0:2d:fe:
                    bd:46:1f:3e:98:56:88:df:07:4c:92:04:b4:05:d5:
                    15:e0:9a:a4:c3:51:d3:0a:78:d8:3c:fc:5c:1c:e5:
                    cd:23:49:97:50:3e:b1:b4:b6:a2:53:52:34:09:31:
                    03:8c:13:e7:e9:4d:c3:fb:03:dc:02:a3:5a:d5:6d:
                    6b:af:16:2b:d4:4e:fe:7b:a0:41:38:ed:4b:af:26:
                    35:b5:9c:89:69:0e:e9:25:cd:b1:4d:33:af:8e:6d:
                    65:91:28:e5:dc:fd:72:e8:f8:a6:31:33:92:ff:f0:
                    02:a3:50:4e:81:c1:f8:34:eb:95:29:09:a5:da:ab:
                    60:61:fd:ea:b9:4f:4a:31:8a:97:66:f8:c3:00:d2:
                    d2:86:a3:42:43:d3:bb:79:27:2e:6f:b5:b2:65:e5:
                    4b:8d:49:af:10:b1:d2:5b:75:77:10:74:e3:16:f2:
                    24:67:78:0c:b6:f6:36:0f:42:ef:ff:a3:c0:bb:c6:
                    5e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.3.2.1.3.3
                Policy: 2.16.840.1.101.3.2.1.3.12
                Policy: 2.16.840.1.101.3.2.1.3.37
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.17
                Policy: 2.16.840.1.101.3.2.1.3.18
                Policy: 2.16.840.1.101.3.2.1.3.19
                Policy: 2.16.840.1.101.3.2.1.3.20
                Policy: 2.16.840.1.101.3.2.1.3.39

            Authority Information Access:
                CA Issuers - URI:http://http.fpki.gov/bridge/caCertsIssuedTofbca2016.p7c

            X509v3 Policy Mappings:
                2.16.840.1.101.3.2.1.3.3:2.16.840.1.101.2.1.11.39, 2.16.840.1.101.3.2.1.3.12:2.16.840.1.101.2.1.11.42, 2.16.840.1.101.3.2.1.3.37:2.16.840.1.101.2.1.11.36, 2.16.840.1.101.3.2.1.3.3:2.16.840.1.101.3.2.1.12.4, 2.16.840.1.101.3.2.1.3.12:2.16.840.1.101.3.2.1.12.5, 2.16.840.1.101.3.2.1.3.37:2.16.840.1.101.3.2.1.12.9, 2.16.840.1.101.3.2.1.3.18:2.16.840.1.101.3.2.1.12.6, 2.16.840.1.101.3.2.1.3.19:2.16.840.1.101.3.2.1.12.7, 2.16.840.1.101.3.2.1.3.20:2.16.840.1.101.3.2.1.12.8, 2.16.840.1.101.3.2.1.3.12:2.16.840.1.101.3.2.1.12.10
            X509v3 Name Constraints:
                Permitted:
                  DirName: C = US, O = U.S. Government, OU = DoD
                  DirName: DC = mil
                  DirName: C = US, O = U.S. Government, OU = ECA

            Subject Information Access:
                CA Repository - URI:http://crl.disa.mil/issuedby/DODINTEROPERABILITYROOTCA2_IB.p7c

            X509v3 Policy Constraints:
                Require Explicit Policy:0, Inhibit Policy Mapping:0
            X509v3 Inhibit Any Policy:
                0
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:23:B0:B3:7D:16:54:D4:02:56:76:EB:3A:BE:A9:6B:2F:43:7B:28:16

            X509v3 CRL Distribution Points:
                URI:http://http.fpki.gov/bridge/fbca2016.crl

            X509v3 Subject Key Identifier:
                FF:F8:AE:13:8B:92:2B:79:92:41:A3:76:5C:2C:81:9E:9A:C5:9C:78
    Signature Algorithm: sha256WithRSAEncryption
        a3:14:ba:01:a3:f9:45:88:5d:c7:52:e3:ff:3b:16:15:fc:af:
        87:d8:4c:67:f9:ff:30:2d:5a:21:6a:5f:22:d0:06:c5:b6:0b:
        4c:42:fa:0a:45:01:c3:62:f8:34:86:1e:11:3a:30:e5:cc:b7:
        76:b7:51:3c:b5:28:08:75:cf:c4:aa:05:ce:0e:04:d9:57:b8:
        9f:06:8c:b2:28:9c:37:9a:ba:20:92:5b:62:83:e2:27:be:56:
        b6:48:d2:a0:7c:c2:e9:3f:e0:13:4a:11:cc:bd:98:0a:bb:ae:
        65:82:91:32:06:f5:15:5a:69:37:3f:77:f5:63:de:63:04:92:
        51:4d:fa:4a:77:a2:e6:6e:11:a3:64:d5:09:1a:2f:96:19:17:
        10:b3:e2:de:4d:9b:f8:64:23:2c:16:33:83:1b:0f:37:e3:15:
        03:83:83:2a:29:1a:c3:5f:d5:f0:16:ff:7e:fe:61:9d:e5:65:
        c9:27:14:ea:d0:f5:69:1b:b1:93:7b:da:d3:22:8b:53:07:18:
        8f:ee:ca:a6:03:68:02:89:f6:33:02:2a:a2:36:94:94:c1:73:
        5b:75:c2:8f:02:9b:c7:8a:68:57:af:e5:2d:07:7e:ca:56:c6:
        25:2f:bc:7a:fb:77:94:88:66:6c:10:47:72:21:29:10:4d:cc:
        0c:e1:ec:74
-----BEGIN CERTIFICATE-----
MIIHADCCBeigAwIBAgIUBdFvFLPJUgJYqyevjhSpcsfVs5EwDQYJKoZIhvcNAQEL
BQAwVzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG
A1UECxMERlBLSTEfMB0GA1UEAxMWRmVkZXJhbCBCcmlkZ2UgQ0EgMjAxNjAeFw0x
NzA1MTAxNTM1MTJaFw0xOTA4MTUxNTM0MzhaMGwxCzAJBgNVBAYTAlVTMRgwFgYD
VQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJ
MScwJQYDVQQDEx5Eb0QgSW50ZXJvcGVyYWJpbGl0eSBSb290IENBIDIwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3xtCDk+YLgynoKDu2SuCsjJ60VcPf
GH7is3NytGihZtiYY+q+j17ADhGtf9LzpSUv7n6j2JCNSyFg098/hRv8Qxe9rM3R
/uAt/r1GHz6YVojfB0ySBLQF1RXgmqTDUdMKeNg8/Fwc5c0jSZdQPrG0tqJTUjQJ
MQOME+fpTcP7A9wCo1rVbWuvFivUTv57oEE47UuvJjW1nIlpDuklzbFNM6+ObWWR
KOXc/XLo+KYxM5L/8AKjUE6Bwfg065UpCaXaq2Bh/eq5T0oxipdm+MMA0tKGo0JD
07t5Jy5vtbJl5UuNSa8QsdJbdXcQdOMW8iRneAy29jYPQu//o8C7xl61AgMBAAGj
ggOtMIIDqTAPBgNVHRMBAf8EBTADAQH/MIGIBgNVHSAEgYAwfjAMBgpghkgBZQMC
AQMDMAwGCmCGSAFlAwIBAwwwDAYKYIZIAWUDAgEDJTAMBgpghkgBZQMCAQMNMAwG
CmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDEjAMBgpghkgBZQMCAQMTMAwGCmCGSAFl
AwIBAxQwDAYKYIZIAWUDAgEDJzBTBggrBgEFBQcBAQRHMEUwQwYIKwYBBQUHMAKG
N2h0dHA6Ly9odHRwLmZwa2kuZ292L2JyaWRnZS9jYUNlcnRzSXNzdWVkVG9mYmNh
MjAxNi5wN2MwggEOBgNVHSEEggEFMIIBATAXBgpghkgBZQMCAQMDBglghkgBZQIB
CycwFwYKYIZIAWUDAgEDDAYJYIZIAWUCAQsqMBcGCmCGSAFlAwIBAyUGCWCGSAFl
AgELJDAYBgpghkgBZQMCAQMDBgpghkgBZQMCAQwEMBgGCmCGSAFlAwIBAwwGCmCG
SAFlAwIBDAUwGAYKYIZIAWUDAgEDJQYKYIZIAWUDAgEMCTAYBgpghkgBZQMCAQMS
BgpghkgBZQMCAQwGMBgGCmCGSAFlAwIBAxMGCmCGSAFlAwIBDAcwGAYKYIZIAWUD
AgEDFAYKYIZIAWUDAgEMCDAYBgpghkgBZQMCAQMMBgpghkgBZQMCAQwKMIGfBgNV
HR4EgZcwgZSggZEwOaQ3MDUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdv
dmVybm1lbnQxDDAKBgNVBAsTA0RvRDAZpBcwFTETMBEGCgmSJomT8ixkARkWA21p
bDA5pDcwNTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEM
MAoGA1UECxMDRUNBMFoGCCsGAQUFBwELBE4wTDBKBggrBgEFBQcwBYY+aHR0cDov
L2NybC5kaXNhLm1pbC9pc3N1ZWRieS9ET0RJTlRFUk9QRVJBQklMSVRZUk9PVENB
Ml9JQi5wN2MwDwYDVR0kBAgwBoABAIEBADAKBgNVHTYEAwIBADAOBgNVHQ8BAf8E
BAMCAQYwHwYDVR0jBBgwFoAUI7CzfRZU1AJWdus6vqlrL0N7KBYwOQYDVR0fBDIw
MDAuoCygKoYoaHR0cDovL2h0dHAuZnBraS5nb3YvYnJpZGdlL2ZiY2EyMDE2LmNy
bDAdBgNVHQ4EFgQU//iuE4uSK3mSQaN2XCyBnprFnHgwDQYJKoZIhvcNAQELBQAD
ggEBAKMUugGj+UWIXcdS4/87FhX8r4fYTGf5/zAtWiFqXyLQBsW2C0xC+gpFAcNi
+DSGHhE6MOXMt3a3UTy1KAh1z8SqBc4OBNlXuJ8GjLIonDeauiCSW2KD4ie+VrZI
0qB8wuk/4BNKEcy9mAq7rmWCkTIG9RVaaTc/d/Vj3mMEklFN+kp3ouZuEaNk1Qka
L5YZFxCz4t5Nm/hkIywWM4MbDzfjFQODgyopGsNf1fAW/37+YZ3lZcknFOrQ9Wkb
sZN72tMii1MHGI/uyqYDaAKJ9jMCKqI2lJTBc1t1wo8Cm8eKaFev5S0HfspWxiUv
vHr7d5SIZmwQR3IhKRBNzAzh7HQ=
-----END CERTIFICATE-----
`

// HexHashDoDInteropCA2SignedByFederalBridgeCA2016 is the hex SHA256 fingerprint
// of DoDInteropCA2SignedByFederalBridgeCA2016.
const HexHashDoDInteropCA2SignedByFederalBridgeCA2016 = "4859a804b9e7e62cbdf1fe18c80bd7df77f0b07f716305efce6e5663358f5738"

// PEMDoDInteropCA2SignedByFederalBridgeCA is a certificate for the DoD
// Interoperability CA 2 signed by the Federal Bridge CA.
const PEMDoDInteropCA2SignedByFederalBridgeCA = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4515 (0x11a3)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA
        Validity
            Not Before: May 21 16:05:18 2013 GMT
            Not After : May 21 16:03:30 2016 GMT
        Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Interoperability Root CA 2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:f7:c6:d0:83:93:e6:0b:83:29:e8:28:3b:b6:4a:
                    e0:ac:8c:9e:b4:55:c3:df:18:7e:e2:b3:73:72:b4:
                    68:a1:66:d8:98:63:ea:be:8f:5e:c0:0e:11:ad:7f:
                    d2:f3:a5:25:2f:ee:7e:a3:d8:90:8d:4b:21:60:d3:
                    df:3f:85:1b:fc:43:17:bd:ac:cd:d1:fe:e0:2d:fe:
                    bd:46:1f:3e:98:56:88:df:07:4c:92:04:b4:05:d5:
                    15:e0:9a:a4:c3:51:d3:0a:78:d8:3c:fc:5c:1c:e5:
                    cd:23:49:97:50:3e:b1:b4:b6:a2:53:52:34:09:31:
                    03:8c:13:e7:e9:4d:c3:fb:03:dc:02:a3:5a:d5:6d:
                    6b:af:16:2b:d4:4e:fe:7b:a0:41:38:ed:4b:af:26:
                    35:b5:9c:89:69:0e:e9:25:cd:b1:4d:33:af:8e:6d:
                    65:91:28:e5:dc:fd:72:e8:f8:a6:31:33:92:ff:f0:
                    02:a3:50:4e:81:c1:f8:34:eb:95:29:09:a5:da:ab:
                    60:61:fd:ea:b9:4f:4a:31:8a:97:66:f8:c3:00:d2:
                    d2:86:a3:42:43:d3:bb:79:27:2e:6f:b5:b2:65:e5:
                    4b:8d:49:af:10:b1:d2:5b:75:77:10:74:e3:16:f2:
                    24:67:78:0c:b6:f6:36:0f:42:ef:ff:a3:c0:bb:c6:
                    5e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.3.2.1.3.3
                Policy: 2.16.840.1.101.3.2.1.3.12
                Policy: 2.16.840.1.101.3.2.1.3.37
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.17

            Authority Information Access:
                CA Issuers - URI:http://http.fpki.gov/bridge/caCertsIssuedTofbca.p7c

            X509v3 Policy Mappings:
                2.16.840.1.101.3.2.1.3.3:2.16.840.1.101.2.1.11.39, 2.16.840.1.101.3.2.1.3.12:2.16.840.1.101.2.1.11.42, 2.16.840.1.101.3.2.1.3.37:2.16.840.1.101.2.1.11.36
            X509v3 Name Constraints: critical
                Permitted:
                  DirName: C = US, O = U.S. Government, OU = DoD
                  DirName: DC = mil

            Subject Information Access:
                CA Repository - URI:http://crl.disa.mil/issuedby/DODINTEROPERABILITYROOTCA2_IB.p7c

            X509v3 Policy Constraints: critical
                Require Explicit Policy:0, Inhibit Policy Mapping:0
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:C4:9D:FC:9D:5D:3A:5D:05:7A:BF:02:81:EC:DB:49:70:15:C7:B2:72

            X509v3 CRL Distribution Points:
                URI:http://http.fpki.gov/bridge/fbca.crl

            X509v3 Subject Key Identifier:
                FF:F8:AE:13:8B:92:2B:79:92:41:A3:76:5C:2C:81:9E:9A:C5:9C:78
    Signature Algorithm: sha256WithRSAEncryption
        0d:57:8a:eb:a0:c6:17:d6:b0:f3:36:86:41:b9:9f:20:81:7b:
        f0:a8:c1:d0:77:60:5a:77:d8:f9:3a:be:92:e5:c3:c8:ed:a1:
        58:e8:30:46:c7:ee:e3:33:78:97:6a:e6:31:1c:b7:9c:eb:28:
        80:11:b4:de:12:d4:a8:48:10:b9:58:32:ab:2b:e8:77:39:22:
        f0:cb:83:05:1a:a6:ad:87:f5:e4:49:cd:09:da:b6:a1:bb:63:
        cf:b8:86:fb:ab:f9:54:6e:14:77:8e:13:ee:f2:ff:a4:9b:81:
        3e:ef:c1:d3:16:60:74:76:2b:a3:af:ef:77:e4:2a:d8:fb:d8:
        c5:e2:cc:d3:d0:49:7b:ac:26:64:3b:ed:33:a6:ab:ae:d1:62:
        5c:c1:fd:e3:0b:ae:ef:2a:9d:75:12:04:63:d1:05:b5:0f:15:
        0e:07:c1:4b:04:0c:db:b8:30:0b:e2:93:2f:2c:a8:2e:f0:19:
        2c:13:29:28:d7:d6:40:00:56:f5:5a:06:11:89:03:11:cb:c8:
        ee:a7:1c:27:0c:fc:76:64:9f:da:f9:f9:c6:6a:03:f2:07:09:
        52:9e:09:c8:04:70:d9:bd:de:12:8b:bb:ef:91:06:88:8d:3e:
        92:3e:31:c1:e0:ff:ea:a6:c7:15:64:69:6f:a6:f4:3c:34:13:
        da:72:31:98
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgICEaMwDQYJKoZIhvcNAQELBQAwUjELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEaMBgGA1UE
AxMRRmVkZXJhbCBCcmlkZ2UgQ0EwHhcNMTMwNTIxMTYwNTE4WhcNMTYwNTIxMTYw
MzMwWjBsMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQww
CgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEnMCUGA1UEAxMeRG9EIEludGVyb3Bl
cmFiaWxpdHkgUm9vdCBDQSAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA98bQg5PmC4Mp6Cg7tkrgrIyetFXD3xh+4rNzcrRooWbYmGPqvo9ewA4RrX/S
86UlL+5+o9iQjUshYNPfP4Ub/EMXvazN0f7gLf69Rh8+mFaI3wdMkgS0BdUV4Jqk
w1HTCnjYPPxcHOXNI0mXUD6xtLaiU1I0CTEDjBPn6U3D+wPcAqNa1W1rrxYr1E7+
e6BBOO1LryY1tZyJaQ7pJc2xTTOvjm1lkSjl3P1y6PimMTOS//ACo1BOgcH4NOuV
KQml2qtgYf3quU9KMYqXZvjDANLShqNCQ9O7eScub7WyZeVLjUmvELHSW3V3EHTj
FvIkZ3gMtvY2D0Lv/6PAu8ZetQIDAQABo4ICajCCAmYwDwYDVR0TAQH/BAUwAwEB
/zBPBgNVHSAESDBGMAwGCmCGSAFlAwIBAwMwDAYKYIZIAWUDAgEDDDAMBgpghkgB
ZQMCAQMlMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDETBPBggrBgEFBQcBAQRD
MEEwPwYIKwYBBQUHMAKGM2h0dHA6Ly9odHRwLmZwa2kuZ292L2JyaWRnZS9jYUNl
cnRzSXNzdWVkVG9mYmNhLnA3YzBUBgNVHSEETTBLMBcGCmCGSAFlAwIBAwMGCWCG
SAFlAgELJzAXBgpghkgBZQMCAQMMBglghkgBZQIBCyowFwYKYIZIAWUDAgEDJQYJ
YIZIAWUCAQskMGQGA1UdHgEB/wRaMFigVjA5pDcwNTELMAkGA1UEBhMCVVMxGDAW
BgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMBmkFzAVMRMwEQYK
CZImiZPyLGQBGRYDbWlsMFoGCCsGAQUFBwELBE4wTDBKBggrBgEFBQcwBYY+aHR0
cDovL2NybC5kaXNhLm1pbC9pc3N1ZWRieS9ET0RJTlRFUk9QRVJBQklMSVRZUk9P
VENBMl9JQi5wN2MwEgYDVR0kAQH/BAgwBoABAIEBADAOBgNVHQ8BAf8EBAMCAQYw
HwYDVR0jBBgwFoAUxJ38nV06XQV6vwKB7NtJcBXHsnIwNQYDVR0fBC4wLDAqoCig
JoYkaHR0cDovL2h0dHAuZnBraS5nb3YvYnJpZGdlL2ZiY2EuY3JsMB0GA1UdDgQW
BBT/+K4Ti5IreZJBo3ZcLIGemsWceDANBgkqhkiG9w0BAQsFAAOCAQEADVeK66DG
F9aw8zaGQbmfIIF78KjB0HdgWnfY+Tq+kuXDyO2hWOgwRsfu4zN4l2rmMRy3nOso
gBG03hLUqEgQuVgyqyvodzki8MuDBRqmrYf15EnNCdq2obtjz7iG+6v5VG4Ud44T
7vL/pJuBPu/B0xZgdHYro6/vd+Qq2PvYxeLM09BJe6wmZDvtM6arrtFiXMH94wuu
7yqddRIEY9EFtQ8VDgfBSwQM27gwC+KTLyyoLvAZLBMpKNfWQABW9VoGEYkDEcvI
7qccJwz8dmSf2vn5xmoD8gcJUp4JyARw2b3eEou775EGiI0+kj4xweD/6qbHFWRp
b6b0PDQT2nIxmA==
-----END CERTIFICATE-----
`

// HexHashDoDInteropCA2SignedByFederalBridgeCA is the hex SHA256 fingerprint
// ofDoDInteropCA2SignedByFederalBridgeCA.
const HexHashDoDInteropCA2SignedByFederalBridgeCA = "76eb46d3a0808c7ef85fcd7128c2611e840c8299b836cc88d372564e1be1e96f"

// PEMDoDInteropCA2SignedByFederalBridgeCA2013Serial906 is the certificate for
// the DoD Interoperability CA 2 signed by the Federal Bridge CA 2013 with the
// serial number 906.
const PEMDoDInteropCA2SignedByFederalBridgeCA2013Serial906 = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 906 (0x38a)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA 2013
        Validity
            Not Before: Jan 29 14:20:36 2014 GMT
            Not After : May 21 13:12:52 2016 GMT
        Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Interoperability Root CA 2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:f7:c6:d0:83:93:e6:0b:83:29:e8:28:3b:b6:4a:
                    e0:ac:8c:9e:b4:55:c3:df:18:7e:e2:b3:73:72:b4:
                    68:a1:66:d8:98:63:ea:be:8f:5e:c0:0e:11:ad:7f:
                    d2:f3:a5:25:2f:ee:7e:a3:d8:90:8d:4b:21:60:d3:
                    df:3f:85:1b:fc:43:17:bd:ac:cd:d1:fe:e0:2d:fe:
                    bd:46:1f:3e:98:56:88:df:07:4c:92:04:b4:05:d5:
                    15:e0:9a:a4:c3:51:d3:0a:78:d8:3c:fc:5c:1c:e5:
                    cd:23:49:97:50:3e:b1:b4:b6:a2:53:52:34:09:31:
                    03:8c:13:e7:e9:4d:c3:fb:03:dc:02:a3:5a:d5:6d:
                    6b:af:16:2b:d4:4e:fe:7b:a0:41:38:ed:4b:af:26:
                    35:b5:9c:89:69:0e:e9:25:cd:b1:4d:33:af:8e:6d:
                    65:91:28:e5:dc:fd:72:e8:f8:a6:31:33:92:ff:f0:
                    02:a3:50:4e:81:c1:f8:34:eb:95:29:09:a5:da:ab:
                    60:61:fd:ea:b9:4f:4a:31:8a:97:66:f8:c3:00:d2:
                    d2:86:a3:42:43:d3:bb:79:27:2e:6f:b5:b2:65:e5:
                    4b:8d:49:af:10:b1:d2:5b:75:77:10:74:e3:16:f2:
                    24:67:78:0c:b6:f6:36:0f:42:ef:ff:a3:c0:bb:c6:
                    5e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.3.2.1.3.3
                Policy: 2.16.840.1.101.3.2.1.3.12
                Policy: 2.16.840.1.101.3.2.1.3.37
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.17

            Authority Information Access:
                CA Issuers - URI:http://http.fpki.gov/bridge/caCertsIssuedTofbca2013.p7c

            X509v3 Policy Mappings:
                2.16.840.1.101.3.2.1.3.3:2.16.840.1.101.2.1.11.39, 2.16.840.1.101.3.2.1.3.12:2.16.840.1.101.2.1.11.42, 2.16.840.1.101.3.2.1.3.37:2.16.840.1.101.2.1.11.36
            X509v3 Name Constraints: critical
                Permitted:
                  DirName: C = US, O = U.S. Government, OU = DoD
                  DirName: DC = mil

            Subject Information Access:
                CA Repository - URI:http://crl.disa.mil/issuedby/DODINTEROPERABILITYROOTCA2_IB.p7c

            X509v3 Policy Constraints: critical
                Require Explicit Policy:0, Inhibit Policy Mapping:0
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:BB:CE:74:71:83:34:4E:59:32:45:15:5F:40:60:60:DC:2B:B0:B4:E4

            X509v3 CRL Distribution Points:
                URI:http://http.fpki.gov/bridge/fbca2013.crl

            X509v3 Subject Key Identifier:
                FF:F8:AE:13:8B:92:2B:79:92:41:A3:76:5C:2C:81:9E:9A:C5:9C:78
    Signature Algorithm: sha256WithRSAEncryption
        49:4f:71:1e:75:c1:69:ff:ed:07:ce:4a:01:71:4e:39:63:9a:
        59:66:c5:b9:84:04:a9:5c:35:76:33:65:f6:d2:56:bb:6e:8f:
        4e:63:24:a0:c5:5e:b8:67:1b:c5:9f:a2:e5:44:83:c1:b7:6b:
        15:ee:4e:21:9a:56:37:3d:15:68:6c:96:24:3b:88:41:d2:23:
        db:ed:b2:ce:6d:a5:56:66:75:f3:a7:b5:78:86:c1:a3:6f:3e:
        b7:d9:88:45:23:7e:92:7e:52:86:31:b1:3d:f1:a3:7e:3f:47:
        37:df:60:fe:a1:4a:0f:fb:80:c6:f6:0c:b6:da:73:20:d4:d2:
        1e:21:7e:37:fc:dd:60:a8:98:60:37:d4:1a:8b:fb:ea:7b:c1:
        89:db:32:43:f1:ab:1d:bc:ae:73:9b:45:9d:1e:5d:72:95:ac:
        47:3b:09:81:1d:c4:b3:ed:1a:49:ec:f9:5a:57:17:f5:94:67:
        a9:66:fa:59:4a:20:2d:8f:ad:d0:d0:16:69:74:48:49:e2:68:
        2d:e6:fc:0c:87:12:c0:db:13:3d:73:73:0f:1e:ff:c4:80:b7:
        df:ff:f8:b3:44:43:1c:71:a5:7c:b6:31:fa:59:78:f9:76:c0:
        75:65:e0:d5:65:63:ea:f0:e5:ba:b9:dd:d5:56:b6:b8:e1:93:
        c6:68:af:c6
-----BEGIN CERTIFICATE-----
MIIFszCCBJugAwIBAgICA4owDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEfMB0GA1UE
AxMWRmVkZXJhbCBCcmlkZ2UgQ0EgMjAxMzAeFw0xNDAxMjkxNDIwMzZaFw0xNjA1
MjExMzEyNTJaMGwxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l
bnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMScwJQYDVQQDEx5Eb0QgSW50
ZXJvcGVyYWJpbGl0eSBSb290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQD3xtCDk+YLgynoKDu2SuCsjJ60VcPfGH7is3NytGihZtiYY+q+j17A
DhGtf9LzpSUv7n6j2JCNSyFg098/hRv8Qxe9rM3R/uAt/r1GHz6YVojfB0ySBLQF
1RXgmqTDUdMKeNg8/Fwc5c0jSZdQPrG0tqJTUjQJMQOME+fpTcP7A9wCo1rVbWuv
FivUTv57oEE47UuvJjW1nIlpDuklzbFNM6+ObWWRKOXc/XLo+KYxM5L/8AKjUE6B
wfg065UpCaXaq2Bh/eq5T0oxipdm+MMA0tKGo0JD07t5Jy5vtbJl5UuNSa8QsdJb
dXcQdOMW8iRneAy29jYPQu//o8C7xl61AgMBAAGjggJyMIICbjAPBgNVHRMBAf8E
BTADAQH/ME8GA1UdIARIMEYwDAYKYIZIAWUDAgEDAzAMBgpghkgBZQMCAQMMMAwG
CmCGSAFlAwIBAyUwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMFMGCCsGAQUF
BwEBBEcwRTBDBggrBgEFBQcwAoY3aHR0cDovL2h0dHAuZnBraS5nb3YvYnJpZGdl
L2NhQ2VydHNJc3N1ZWRUb2ZiY2EyMDEzLnA3YzBUBgNVHSEETTBLMBcGCmCGSAFl
AwIBAwMGCWCGSAFlAgELJzAXBgpghkgBZQMCAQMMBglghkgBZQIBCyowFwYKYIZI
AWUDAgEDJQYJYIZIAWUCAQskMGQGA1UdHgEB/wRaMFigVjA5pDcwNTELMAkGA1UE
BhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMBmk
FzAVMRMwEQYKCZImiZPyLGQBGRYDbWlsMFoGCCsGAQUFBwELBE4wTDBKBggrBgEF
BQcwBYY+aHR0cDovL2NybC5kaXNhLm1pbC9pc3N1ZWRieS9ET0RJTlRFUk9QRVJB
QklMSVRZUk9PVENBMl9JQi5wN2MwEgYDVR0kAQH/BAgwBoABAIEBADAOBgNVHQ8B
Af8EBAMCAQYwHwYDVR0jBBgwFoAUu850cYM0TlkyRRVfQGBg3CuwtOQwOQYDVR0f
BDIwMDAuoCygKoYoaHR0cDovL2h0dHAuZnBraS5nb3YvYnJpZGdlL2ZiY2EyMDEz
LmNybDAdBgNVHQ4EFgQU//iuE4uSK3mSQaN2XCyBnprFnHgwDQYJKoZIhvcNAQEL
BQADggEBAElPcR51wWn/7QfOSgFxTjljmllmxbmEBKlcNXYzZfbSVrtuj05jJKDF
XrhnG8WfouVEg8G3axXuTiGaVjc9FWhsliQ7iEHSI9vtss5tpVZmdfOntXiGwaNv
PrfZiEUjfpJ+UoYxsT3xo34/RzffYP6hSg/7gMb2DLbacyDU0h4hfjf83WComGA3
1BqL++p7wYnbMkPxqx28rnObRZ0eXXKVrEc7CYEdxLPtGkns+VpXF/WUZ6lm+llK
IC2PrdDQFml0SEniaC3m/AyHEsDbEz1zcw8e/8SAt9//+LNEQxxxpXy2MfpZePl2
wHVl4NVlY+rw5bq53dVWtrjhk8Zor8Y=
-----END CERTIFICATE-----
`

// HexHashDoDInteropCA2SignedByFederalBridgeCA2013Serial906 is the hex SHA256
// fingerprint ofDoDInteropCA2SignedByFederalBridgeCA2013Serial906.
const HexHashDoDInteropCA2SignedByFederalBridgeCA2013Serial906 = "f1ca80e8c4420f0cab6c2f8b04b4deda19b1cea1f6869e16907674209035d5a1"

// PEMDoDInteropCA2SignedByFederalBridgeCA2013Serial8225 is the certificate for
// the DoD Interoperability CA 2 signed by the Federal Bridge CA 2013 with the
// serial number 8225.
const PEMDoDInteropCA2SignedByFederalBridgeCA2013Serial8225 = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8225 (0x2021)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA 2013
        Validity
            Not Before: Apr  6 17:00:49 2016 GMT
            Not After : May 21 13:56:52 2016 GMT
        Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Interoperability Root CA 2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:f7:c6:d0:83:93:e6:0b:83:29:e8:28:3b:b6:4a:
                    e0:ac:8c:9e:b4:55:c3:df:18:7e:e2:b3:73:72:b4:
                    68:a1:66:d8:98:63:ea:be:8f:5e:c0:0e:11:ad:7f:
                    d2:f3:a5:25:2f:ee:7e:a3:d8:90:8d:4b:21:60:d3:
                    df:3f:85:1b:fc:43:17:bd:ac:cd:d1:fe:e0:2d:fe:
                    bd:46:1f:3e:98:56:88:df:07:4c:92:04:b4:05:d5:
                    15:e0:9a:a4:c3:51:d3:0a:78:d8:3c:fc:5c:1c:e5:
                    cd:23:49:97:50:3e:b1:b4:b6:a2:53:52:34:09:31:
                    03:8c:13:e7:e9:4d:c3:fb:03:dc:02:a3:5a:d5:6d:
                    6b:af:16:2b:d4:4e:fe:7b:a0:41:38:ed:4b:af:26:
                    35:b5:9c:89:69:0e:e9:25:cd:b1:4d:33:af:8e:6d:
                    65:91:28:e5:dc:fd:72:e8:f8:a6:31:33:92:ff:f0:
                    02:a3:50:4e:81:c1:f8:34:eb:95:29:09:a5:da:ab:
                    60:61:fd:ea:b9:4f:4a:31:8a:97:66:f8:c3:00:d2:
                    d2:86:a3:42:43:d3:bb:79:27:2e:6f:b5:b2:65:e5:
                    4b:8d:49:af:10:b1:d2:5b:75:77:10:74:e3:16:f2:
                    24:67:78:0c:b6:f6:36:0f:42:ef:ff:a3:c0:bb:c6:
                    5e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.3.2.1.3.3
                Policy: 2.16.840.1.101.3.2.1.3.12
                Policy: 2.16.840.1.101.3.2.1.3.37
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.17

            Authority Information Access:
                CA Issuers - URI:http://http.fpki.gov/bridge/caCertsIssuedTofbca2013.p7c

            X509v3 Policy Mappings:
                2.16.840.1.101.3.2.1.3.3:2.16.840.1.101.2.1.11.39, 2.16.840.1.101.3.2.1.3.12:2.16.840.1.101.2.1.11.42, 2.16.840.1.101.3.2.1.3.37:2.16.840.1.101.2.1.11.36
            X509v3 Name Constraints:
                Permitted:
                  DirName: C = US, O = U.S. Government, OU = DoD
                  DirName: DC = mil

            Subject Information Access:
                CA Repository - URI:http://crl.disa.mil/issuedby/DODINTEROPERABILITYROOTCA2_IB.p7c

            X509v3 Policy Constraints: critical
                Require Explicit Policy:0, Inhibit Policy Mapping:0
            X509v3 Inhibit Any Policy:
                0
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:BB:CE:74:71:83:34:4E:59:32:45:15:5F:40:60:60:DC:2B:B0:B4:E4

            X509v3 CRL Distribution Points:
                URI:http://http.fpki.gov/bridge/fbca2013.crl

            X509v3 Subject Key Identifier:
                FF:F8:AE:13:8B:92:2B:79:92:41:A3:76:5C:2C:81:9E:9A:C5:9C:78
    Signature Algorithm: sha256WithRSAEncryption
        3b:cc:08:c7:bf:ca:a7:6d:88:45:23:1b:7a:01:d3:ce:c9:f6:
        4e:29:43:73:34:a5:ed:2a:f3:fa:db:2f:14:ee:b7:d8:08:34:
        78:a8:32:6e:6f:61:ea:d1:44:f2:6a:c3:a7:3c:ce:46:72:2d:
        37:78:28:c2:e6:ac:18:a9:45:55:9c:65:1a:45:8b:71:d5:23:
        69:96:63:a0:f8:c8:3d:cd:6e:70:63:fa:9f:1b:b8:cb:f5:9c:
        01:ba:ec:0a:c6:32:85:db:8e:57:f8:78:f2:08:a6:1a:99:34:
        d6:46:96:bd:15:f8:dc:64:c0:c9:9c:95:34:5d:fe:2a:9f:9c:
        e8:fc:de:73:36:1d:1b:98:f4:3a:51:37:14:c4:7e:33:91:1e:
        88:c3:08:c8:95:dd:ae:f1:f9:b9:f3:77:05:41:4a:56:3f:b9:
        69:7b:69:99:ca:54:50:a9:c0:29:84:f8:69:5e:99:89:ba:d1:
        7e:04:c2:10:91:a7:7e:14:9a:b6:ad:ad:62:5b:e3:5d:44:90:
        a5:75:e5:04:f8:a4:83:6e:c4:5d:67:4d:52:f3:12:1f:c8:ec:
        92:6b:a2:d9:1e:a6:b0:12:fc:36:60:a4:8d:c7:4a:4c:6a:c1:
        d9:d0:7d:6e:20:85:22:5f:91:5f:9f:76:9a:db:4c:01:03:03:
        5c:b6:70:59
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgICICEwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEfMB0GA1UE
AxMWRmVkZXJhbCBCcmlkZ2UgQ0EgMjAxMzAeFw0xNjA0MDYxNzAwNDlaFw0xNjA1
MjExMzU2NTJaMGwxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l
bnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMScwJQYDVQQDEx5Eb0QgSW50
ZXJvcGVyYWJpbGl0eSBSb290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQD3xtCDk+YLgynoKDu2SuCsjJ60VcPfGH7is3NytGihZtiYY+q+j17A
DhGtf9LzpSUv7n6j2JCNSyFg098/hRv8Qxe9rM3R/uAt/r1GHz6YVojfB0ySBLQF
1RXgmqTDUdMKeNg8/Fwc5c0jSZdQPrG0tqJTUjQJMQOME+fpTcP7A9wCo1rVbWuv
FivUTv57oEE47UuvJjW1nIlpDuklzbFNM6+ObWWRKOXc/XLo+KYxM5L/8AKjUE6B
wfg065UpCaXaq2Bh/eq5T0oxipdm+MMA0tKGo0JD07t5Jy5vtbJl5UuNSa8QsdJb
dXcQdOMW8iRneAy29jYPQu//o8C7xl61AgMBAAGjggJ7MIICdzAPBgNVHRMBAf8E
BTADAQH/ME8GA1UdIARIMEYwDAYKYIZIAWUDAgEDAzAMBgpghkgBZQMCAQMMMAwG
CmCGSAFlAwIBAyUwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMFMGCCsGAQUF
BwEBBEcwRTBDBggrBgEFBQcwAoY3aHR0cDovL2h0dHAuZnBraS5nb3YvYnJpZGdl
L2NhQ2VydHNJc3N1ZWRUb2ZiY2EyMDEzLnA3YzBUBgNVHSEETTBLMBcGCmCGSAFl
AwIBAwMGCWCGSAFlAgELJzAXBgpghkgBZQMCAQMMBglghkgBZQIBCyowFwYKYIZI
AWUDAgEDJQYJYIZIAWUCAQskMGEGA1UdHgRaMFigVjA5pDcwNTELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMBmkFzAV
MRMwEQYKCZImiZPyLGQBGRYDbWlsMFoGCCsGAQUFBwELBE4wTDBKBggrBgEFBQcw
BYY+aHR0cDovL2NybC5kaXNhLm1pbC9pc3N1ZWRieS9ET0RJTlRFUk9QRVJBQklM
SVRZUk9PVENBMl9JQi5wN2MwEgYDVR0kAQH/BAgwBoABAIEBADAKBgNVHTYEAwIB
ADAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAUu850cYM0TlkyRRVfQGBg3Cuw
tOQwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2h0dHAuZnBraS5nb3YvYnJpZGdl
L2ZiY2EyMDEzLmNybDAdBgNVHQ4EFgQU//iuE4uSK3mSQaN2XCyBnprFnHgwDQYJ
KoZIhvcNAQELBQADggEBADvMCMe/yqdtiEUjG3oB087J9k4pQ3M0pe0q8/rbLxTu
t9gINHioMm5vYerRRPJqw6c8zkZyLTd4KMLmrBipRVWcZRpFi3HVI2mWY6D4yD3N
bnBj+p8buMv1nAG67ArGMoXbjlf4ePIIphqZNNZGlr0V+NxkwMmclTRd/iqfnOj8
3nM2HRuY9DpRNxTEfjORHojDCMiV3a7x+bnzdwVBSlY/uWl7aZnKVFCpwCmE+Gle
mYm60X4EwhCRp34UmratrWJb411EkKV15QT4pINuxF1nTVLzEh/I7JJrotkeprAS
/DZgpI3HSkxqwdnQfW4ghSJfkV+fdprbTAEDA1y2cFk=
-----END CERTIFICATE-----
`

// HexHashDoDInteropCA2SignedByFederalBridgeCA2013Serial8225 is the hex
// SHA256 fingerprint ofDoDInteropCA2SignedByFederalBridgeCA2013Serial8225.
const HexHashDoDInteropCA2SignedByFederalBridgeCA2013Serial8225 = "15fc3efd4294832257ba5a24a232fee2244880dcdc297a2872a6b75727557b1f"

// PEMDoDInteropCA2SignedByFederalBridgeCA2013Serial8844 is the certificate for
// the DoD Interoperability CA 2 signed by the Federal Bridge CA 2013 with the
// serial number 8844.
const PEMDoDInteropCA2SignedByFederalBridgeCA2013Serial8844 = `Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8844 (0x228c)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA 2013
        Validity
            Not Before: May 18 17:25:34 2016 GMT
            Not After : Aug 21 21:24:28 2016 GMT
        Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Interoperability Root CA 2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:f7:c6:d0:83:93:e6:0b:83:29:e8:28:3b:b6:4a:
                    e0:ac:8c:9e:b4:55:c3:df:18:7e:e2:b3:73:72:b4:
                    68:a1:66:d8:98:63:ea:be:8f:5e:c0:0e:11:ad:7f:
                    d2:f3:a5:25:2f:ee:7e:a3:d8:90:8d:4b:21:60:d3:
                    df:3f:85:1b:fc:43:17:bd:ac:cd:d1:fe:e0:2d:fe:
                    bd:46:1f:3e:98:56:88:df:07:4c:92:04:b4:05:d5:
                    15:e0:9a:a4:c3:51:d3:0a:78:d8:3c:fc:5c:1c:e5:
                    cd:23:49:97:50:3e:b1:b4:b6:a2:53:52:34:09:31:
                    03:8c:13:e7:e9:4d:c3:fb:03:dc:02:a3:5a:d5:6d:
                    6b:af:16:2b:d4:4e:fe:7b:a0:41:38:ed:4b:af:26:
                    35:b5:9c:89:69:0e:e9:25:cd:b1:4d:33:af:8e:6d:
                    65:91:28:e5:dc:fd:72:e8:f8:a6:31:33:92:ff:f0:
                    02:a3:50:4e:81:c1:f8:34:eb:95:29:09:a5:da:ab:
                    60:61:fd:ea:b9:4f:4a:31:8a:97:66:f8:c3:00:d2:
                    d2:86:a3:42:43:d3:bb:79:27:2e:6f:b5:b2:65:e5:
                    4b:8d:49:af:10:b1:d2:5b:75:77:10:74:e3:16:f2:
                    24:67:78:0c:b6:f6:36:0f:42:ef:ff:a3:c0:bb:c6:
                    5e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.3.2.1.3.3
                Policy: 2.16.840.1.101.3.2.1.3.12
                Policy: 2.16.840.1.101.3.2.1.3.37
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.17

            Authority Information Access:
                CA Issuers - URI:http://http.fpki.gov/bridge/caCertsIssuedTofbca2013.p7c

            X509v3 Policy Mappings:
                2.16.840.1.101.3.2.1.3.3:2.16.840.1.101.2.1.11.39, 2.16.840.1.101.3.2.1.3.12:2.16.840.1.101.2.1.11.42, 2.16.840.1.101.3.2.1.3.37:2.16.840.1.101.2.1.11.36
            X509v3 Name Constraints:
                Permitted:
                  DirName: C = US, O = U.S. Government, OU = DoD
                  DirName: DC = mil

            Subject Information Access:
                CA Repository - URI:http://crl.disa.mil/issuedby/DODINTEROPERABILITYROOTCA2_IB.p7c

            X509v3 Policy Constraints:
                Require Explicit Policy:0, Inhibit Policy Mapping:0
            X509v3 Inhibit Any Policy:
                0
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:BB:CE:74:71:83:34:4E:59:32:45:15:5F:40:60:60:DC:2B:B0:B4:E4

            X509v3 CRL Distribution Points:
                URI:http://http.fpki.gov/bridge/fbca2013.crl

            X509v3 Subject Key Identifier:
                FF:F8:AE:13:8B:92:2B:79:92:41:A3:76:5C:2C:81:9E:9A:C5:9C:78
    Signature Algorithm: sha256WithRSAEncryption
        1a:b0:c5:ce:3c:14:22:41:a3:70:5a:ed:d3:3a:24:9a:a1:61:
        ee:5b:0e:7a:46:0c:e0:7d:e8:8f:9c:dc:38:6b:27:83:a3:dd:
        f4:38:2f:09:39:b5:63:0b:ac:25:2c:4e:1d:ad:39:fe:92:7b:
        2d:a0:6e:02:d0:a8:21:4e:c1:fa:54:ec:7c:7d:08:ff:69:c7:
        05:e7:f7:71:c8:65:8d:6c:c8:bf:d7:c7:17:98:d3:a6:c2:d6:
        a3:bc:b5:37:cd:57:bb:58:35:83:22:5d:3e:8e:9d:dd:8c:f6:
        e4:36:2a:95:5c:50:73:10:99:1a:c0:d9:f7:e0:1d:34:b0:aa:
        d5:0d:ae:27:9f:3c:a2:c7:5e:57:20:0b:0e:51:17:58:d0:aa:
        dc:93:35:93:15:61:6b:c6:13:97:4a:fe:e2:f6:0f:11:ae:0c:
        39:66:9c:24:14:d7:16:00:60:10:80:38:9e:b8:12:46:89:70:
        37:21:73:74:6d:db:c6:7c:41:15:27:7a:1a:a3:d1:3d:08:26:
        65:17:aa:b1:ca:11:af:6c:67:60:4a:ca:3c:20:bc:e6:53:27:
        37:bb:de:26:b1:66:da:b5:93:1c:23:e5:27:36:99:18:bb:fb:
        7d:1f:3c:01:4f:2d:da:e2:3a:7e:75:8b:0c:a9:d7:30:3b:e9:
        19:28:16:d0
-----BEGIN CERTIFICATE-----
MIIFuTCCBKGgAwIBAgICIowwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEfMB0GA1UE
AxMWRmVkZXJhbCBCcmlkZ2UgQ0EgMjAxMzAeFw0xNjA1MTgxNzI1MzRaFw0xNjA4
MjEyMTI0MjhaMGwxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l
bnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMScwJQYDVQQDEx5Eb0QgSW50
ZXJvcGVyYWJpbGl0eSBSb290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQD3xtCDk+YLgynoKDu2SuCsjJ60VcPfGH7is3NytGihZtiYY+q+j17A
DhGtf9LzpSUv7n6j2JCNSyFg098/hRv8Qxe9rM3R/uAt/r1GHz6YVojfB0ySBLQF
1RXgmqTDUdMKeNg8/Fwc5c0jSZdQPrG0tqJTUjQJMQOME+fpTcP7A9wCo1rVbWuv
FivUTv57oEE47UuvJjW1nIlpDuklzbFNM6+ObWWRKOXc/XLo+KYxM5L/8AKjUE6B
wfg065UpCaXaq2Bh/eq5T0oxipdm+MMA0tKGo0JD07t5Jy5vtbJl5UuNSa8QsdJb
dXcQdOMW8iRneAy29jYPQu//o8C7xl61AgMBAAGjggJ4MIICdDAPBgNVHRMBAf8E
BTADAQH/ME8GA1UdIARIMEYwDAYKYIZIAWUDAgEDAzAMBgpghkgBZQMCAQMMMAwG
CmCGSAFlAwIBAyUwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMFMGCCsGAQUF
BwEBBEcwRTBDBggrBgEFBQcwAoY3aHR0cDovL2h0dHAuZnBraS5nb3YvYnJpZGdl
L2NhQ2VydHNJc3N1ZWRUb2ZiY2EyMDEzLnA3YzBUBgNVHSEETTBLMBcGCmCGSAFl
AwIBAwMGCWCGSAFlAgELJzAXBgpghkgBZQMCAQMMBglghkgBZQIBCyowFwYKYIZI
AWUDAgEDJQYJYIZIAWUCAQskMGEGA1UdHgRaMFigVjA5pDcwNTELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMBmkFzAV
MRMwEQYKCZImiZPyLGQBGRYDbWlsMFoGCCsGAQUFBwELBE4wTDBKBggrBgEFBQcw
BYY+aHR0cDovL2NybC5kaXNhLm1pbC9pc3N1ZWRieS9ET0RJTlRFUk9QRVJBQklM
SVRZUk9PVENBMl9JQi5wN2MwDwYDVR0kBAgwBoABAIEBADAKBgNVHTYEAwIBADAO
BgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAUu850cYM0TlkyRRVfQGBg3CuwtOQw
OQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2h0dHAuZnBraS5nb3YvYnJpZGdlL2Zi
Y2EyMDEzLmNybDAdBgNVHQ4EFgQU//iuE4uSK3mSQaN2XCyBnprFnHgwDQYJKoZI
hvcNAQELBQADggEBABqwxc48FCJBo3Ba7dM6JJqhYe5bDnpGDOB96I+c3DhrJ4Oj
3fQ4Lwk5tWMLrCUsTh2tOf6Sey2gbgLQqCFOwfpU7Hx9CP9pxwXn93HIZY1syL/X
xxeY06bC1qO8tTfNV7tYNYMiXT6Ond2M9uQ2KpVcUHMQmRrA2ffgHTSwqtUNrief
PKLHXlcgCw5RF1jQqtyTNZMVYWvGE5dK/uL2DxGuDDlmnCQU1xYAYBCAOJ64EkaJ
cDchc3Rt28Z8QRUnehqj0T0IJmUXqrHKEa9sZ2BKyjwgvOZTJze73iaxZtq1kxwj
5Sc2mRi7+30fPAFPLdriOn51iwyp1zA76RkoFtA=
-----END CERTIFICATE-----
`

// HexHashDoDInteropCA2SignedByFederalBridgeCA2013Serial8844 is the hex
// SHA256 fingerprint ofDoDInteropCA2SignedByFederalBridgeCA2013Serial8844.
const HexHashDoDInteropCA2SignedByFederalBridgeCA2013Serial8844 = "ce1a4657b4649ba5701126c740642a56c464225eec3bf398a1a45b57e33356b6"

// PEMDoDInteropCA2SignedByFederalBridgeCA2013Serial9644 is the certificate for
// the Dod Interoperability CA 2 signed by the Federal Bridge CA 2013 with the
// serial number 9644.
const PEMDoDInteropCA2SignedByFederalBridgeCA2013Serial9644 = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9644 (0x25ac)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA 2013
        Validity
            Not Before: Aug 15 15:47:46 2016 GMT
            Not After : Aug 15 15:47:23 2019 GMT
        Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Interoperability Root CA 2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:f7:c6:d0:83:93:e6:0b:83:29:e8:28:3b:b6:4a:
                    e0:ac:8c:9e:b4:55:c3:df:18:7e:e2:b3:73:72:b4:
                    68:a1:66:d8:98:63:ea:be:8f:5e:c0:0e:11:ad:7f:
                    d2:f3:a5:25:2f:ee:7e:a3:d8:90:8d:4b:21:60:d3:
                    df:3f:85:1b:fc:43:17:bd:ac:cd:d1:fe:e0:2d:fe:
                    bd:46:1f:3e:98:56:88:df:07:4c:92:04:b4:05:d5:
                    15:e0:9a:a4:c3:51:d3:0a:78:d8:3c:fc:5c:1c:e5:
                    cd:23:49:97:50:3e:b1:b4:b6:a2:53:52:34:09:31:
                    03:8c:13:e7:e9:4d:c3:fb:03:dc:02:a3:5a:d5:6d:
                    6b:af:16:2b:d4:4e:fe:7b:a0:41:38:ed:4b:af:26:
                    35:b5:9c:89:69:0e:e9:25:cd:b1:4d:33:af:8e:6d:
                    65:91:28:e5:dc:fd:72:e8:f8:a6:31:33:92:ff:f0:
                    02:a3:50:4e:81:c1:f8:34:eb:95:29:09:a5:da:ab:
                    60:61:fd:ea:b9:4f:4a:31:8a:97:66:f8:c3:00:d2:
                    d2:86:a3:42:43:d3:bb:79:27:2e:6f:b5:b2:65:e5:
                    4b:8d:49:af:10:b1:d2:5b:75:77:10:74:e3:16:f2:
                    24:67:78:0c:b6:f6:36:0f:42:ef:ff:a3:c0:bb:c6:
                    5e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.3.2.1.3.3
                Policy: 2.16.840.1.101.3.2.1.3.12
                Policy: 2.16.840.1.101.3.2.1.3.37
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.17
                Policy: 2.16.840.1.101.3.2.1.3.18
                Policy: 2.16.840.1.101.3.2.1.3.19
                Policy: 2.16.840.1.101.3.2.1.3.20
                Policy: 2.16.840.1.101.3.2.1.3.39

            Authority Information Access:
                CA Issuers - URI:http://http.fpki.gov/bridge/caCertsIssuedTofbca2013.p7c

            X509v3 Policy Mappings:
                2.16.840.1.101.3.2.1.3.3:2.16.840.1.101.2.1.11.39, 2.16.840.1.101.3.2.1.3.12:2.16.840.1.101.2.1.11.42, 2.16.840.1.101.3.2.1.3.37:2.16.840.1.101.2.1.11.36, 2.16.840.1.101.3.2.1.3.3:2.16.840.1.101.3.2.1.12.4, 2.16.840.1.101.3.2.1.3.12:2.16.840.1.101.3.2.1.12.5, 2.16.840.1.101.3.2.1.3.37:2.16.840.1.101.3.2.1.12.9, 2.16.840.1.101.3.2.1.3.18:2.16.840.1.101.3.2.1.12.6, 2.16.840.1.101.3.2.1.3.19:2.16.840.1.101.3.2.1.12.7, 2.16.840.1.101.3.2.1.3.20:2.16.840.1.101.3.2.1.12.8, 2.16.840.1.101.3.2.1.3.12:2.16.840.1.101.3.2.1.12.10
            X509v3 Name Constraints:
                Permitted:
                  DirName: C = US, O = U.S. Government, OU = DoD
                  DirName: DC = mil
                  DirName: C = US, O = U.S. Government, OU = ECA

            Subject Information Access:
                CA Repository - URI:http://crl.disa.mil/issuedby/DODINTEROPERABILITYROOTCA2_IB.p7c

            X509v3 Policy Constraints:
                Require Explicit Policy:0, Inhibit Policy Mapping:0
            X509v3 Inhibit Any Policy:
                0
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:BB:CE:74:71:83:34:4E:59:32:45:15:5F:40:60:60:DC:2B:B0:B4:E4

            X509v3 CRL Distribution Points:
                URI:http://http.fpki.gov/bridge/fbca2013.crl

            X509v3 Subject Key Identifier:
                FF:F8:AE:13:8B:92:2B:79:92:41:A3:76:5C:2C:81:9E:9A:C5:9C:78
    Signature Algorithm: sha256WithRSAEncryption
        85:a2:4c:ab:e0:9b:d4:27:69:4e:e0:f4:05:6f:2e:55:90:5a:
        ce:8f:6d:8e:03:43:9f:23:83:33:91:de:64:6d:b3:fd:3b:57:
        84:59:04:d3:0f:83:e1:56:d2:34:73:d1:c6:9f:a7:46:c5:70:
        93:02:db:cb:95:c0:0d:6c:38:ce:be:81:13:48:4b:af:8f:a7:
        5c:1d:cd:7d:3f:e4:09:db:83:df:75:5d:91:8a:b2:ef:5c:3a:
        e7:05:8f:cd:27:a3:f1:fd:f0:b5:3c:60:28:76:3a:f7:bb:c6:
        b5:a6:36:27:d4:7a:5e:6c:92:dc:f9:20:ce:db:84:67:69:f8:
        c0:82:59:98:8d:5d:50:81:7e:90:06:75:61:9e:ec:e4:87:58:
        3c:e7:ed:8c:d8:da:45:24:80:e5:3e:2d:2a:3a:ea:1f:29:e3:
        bc:dd:94:b2:bc:d8:58:17:e2:3f:99:b8:c4:67:35:44:f5:24:
        f3:d0:57:68:b5:91:af:b2:f7:4a:1c:15:7c:1b:44:2b:d9:84:
        4c:85:b7:87:d9:be:10:c6:26:1c:ba:e9:f0:ad:6d:4d:8e:d2:
        a9:2d:fc:ec:3c:bf:ae:ce:1d:17:c6:d4:d8:60:33:3f:76:61:
        75:66:f6:be:78:b6:47:ac:ce:4a:43:44:14:56:bf:81:92:10:
        82:49:c1:da
-----BEGIN CERTIFICATE-----
MIIG7jCCBdagAwIBAgICJawwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEfMB0GA1UE
AxMWRmVkZXJhbCBCcmlkZ2UgQ0EgMjAxMzAeFw0xNjA4MTUxNTQ3NDZaFw0xOTA4
MTUxNTQ3MjNaMGwxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l
bnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMScwJQYDVQQDEx5Eb0QgSW50
ZXJvcGVyYWJpbGl0eSBSb290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQD3xtCDk+YLgynoKDu2SuCsjJ60VcPfGH7is3NytGihZtiYY+q+j17A
DhGtf9LzpSUv7n6j2JCNSyFg098/hRv8Qxe9rM3R/uAt/r1GHz6YVojfB0ySBLQF
1RXgmqTDUdMKeNg8/Fwc5c0jSZdQPrG0tqJTUjQJMQOME+fpTcP7A9wCo1rVbWuv
FivUTv57oEE47UuvJjW1nIlpDuklzbFNM6+ObWWRKOXc/XLo+KYxM5L/8AKjUE6B
wfg065UpCaXaq2Bh/eq5T0oxipdm+MMA0tKGo0JD07t5Jy5vtbJl5UuNSa8QsdJb
dXcQdOMW8iRneAy29jYPQu//o8C7xl61AgMBAAGjggOtMIIDqTAPBgNVHRMBAf8E
BTADAQH/MIGIBgNVHSAEgYAwfjAMBgpghkgBZQMCAQMDMAwGCmCGSAFlAwIBAwww
DAYKYIZIAWUDAgEDJTAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxEwDAYKYIZI
AWUDAgEDEjAMBgpghkgBZQMCAQMTMAwGCmCGSAFlAwIBAxQwDAYKYIZIAWUDAgED
JzBTBggrBgEFBQcBAQRHMEUwQwYIKwYBBQUHMAKGN2h0dHA6Ly9odHRwLmZwa2ku
Z292L2JyaWRnZS9jYUNlcnRzSXNzdWVkVG9mYmNhMjAxMy5wN2MwggEOBgNVHSEE
ggEFMIIBATAXBgpghkgBZQMCAQMDBglghkgBZQIBCycwFwYKYIZIAWUDAgEDDAYJ
YIZIAWUCAQsqMBcGCmCGSAFlAwIBAyUGCWCGSAFlAgELJDAYBgpghkgBZQMCAQMD
BgpghkgBZQMCAQwEMBgGCmCGSAFlAwIBAwwGCmCGSAFlAwIBDAUwGAYKYIZIAWUD
AgEDJQYKYIZIAWUDAgEMCTAYBgpghkgBZQMCAQMSBgpghkgBZQMCAQwGMBgGCmCG
SAFlAwIBAxMGCmCGSAFlAwIBDAcwGAYKYIZIAWUDAgEDFAYKYIZIAWUDAgEMCDAY
BgpghkgBZQMCAQMMBgpghkgBZQMCAQwKMIGfBgNVHR4EgZcwgZSggZEwOaQ3MDUx
CzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsT
A0RvRDAZpBcwFTETMBEGCgmSJomT8ixkARkWA21pbDA5pDcwNTELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRUNBMFoGCCsG
AQUFBwELBE4wTDBKBggrBgEFBQcwBYY+aHR0cDovL2NybC5kaXNhLm1pbC9pc3N1
ZWRieS9ET0RJTlRFUk9QRVJBQklMSVRZUk9PVENBMl9JQi5wN2MwDwYDVR0kBAgw
BoABAIEBADAKBgNVHTYEAwIBADAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAU
u850cYM0TlkyRRVfQGBg3CuwtOQwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2h0
dHAuZnBraS5nb3YvYnJpZGdlL2ZiY2EyMDEzLmNybDAdBgNVHQ4EFgQU//iuE4uS
K3mSQaN2XCyBnprFnHgwDQYJKoZIhvcNAQELBQADggEBAIWiTKvgm9QnaU7g9AVv
LlWQWs6PbY4DQ58jgzOR3mRts/07V4RZBNMPg+FW0jRz0cafp0bFcJMC28uVwA1s
OM6+gRNIS6+Pp1wdzX0/5Anbg991XZGKsu9cOucFj80no/H98LU8YCh2Ove7xrWm
NifUel5sktz5IM7bhGdp+MCCWZiNXVCBfpAGdWGe7OSHWDzn7YzY2kUkgOU+LSo6
6h8p47zdlLK82FgX4j+ZuMRnNUT1JPPQV2i1ka+y90ocFXwbRCvZhEyFt4fZvhDG
Jhy66fCtbU2O0qkt/Ow8v67OHRfG1NhgMz92YXVm9r54tkeszkpDRBRWv4GSEIJJ
wdo=
-----END CERTIFICATE-----
`

// HexHashDoDInteropCA2SignedByFederalBridgeCA2013Serial9644 is the hex
// SHA256 fingerprint forDoDInteropCA2SignedByFederalBridgeCA2013Serial9644.
const HexHashDoDInteropCA2SignedByFederalBridgeCA2013Serial9644 = "f72ccd4b250e9e53ebf1d8d400322c21456afb255be1a23d8053eaa8763d3c80"

// PEMFederalBridgeCASignedByDoDInteropCA2 is the certificate for the Federal
// Bridge CA signed by the DoD Interoperability Root CA 2.
const PEMFederalBridgeCASignedByDoDInteropCA2 = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 140 (0x8c)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Interoperability Root CA 2
        Validity
            Not Before: Jul 17 14:01:43 2013 GMT
            Not After : Jul 17 14:01:43 2016 GMT
        Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:b9:33:6e:9e:e1:55:12:96:26:f6:6e:b6:85:58:
                    a6:21:69:4b:37:41:24:7d:27:0b:90:40:76:50:4e:
                    6b:a1:4c:e4:12:70:f3:bb:83:f2:40:74:db:d3:17:
                    29:8e:20:79:d7:ae:29:e4:3e:63:86:f9:8c:aa:c5:
                    04:1e:98:d7:48:ab:7c:a2:e4:00:14:b7:e2:3a:54:
                    e8:6c:7d:23:61:65:36:49:b1:22:a8:36:c6:7b:d9:
                    3c:6a:39:59:0b:32:f2:96:37:26:71:bd:c6:4a:dd:
                    b1:b5:c3:1e:5e:12:bb:4a:aa:54:4c:8d:3a:2f:c4:
                    65:f0:56:4b:41:e3:f2:7e:8a:ef:7b:e5:22:31:4f:
                    59:88:68:db:0d:5a:dc:90:39:41:77:4f:83:fb:2b:
                    cf:ee:d5:5c:0f:99:9d:92:8c:c3:58:8c:a9:c5:41:
                    4e:c4:d1:57:e8:d4:e1:06:59:4a:d1:d0:aa:d2:05:
                    44:f6:56:ee:8f:4a:3d:8e:c2:41:ab:e5:ea:7a:ae:
                    bf:b6:be:36:e8:1e:95:86:eb:8a:8e:a0:14:07:c8:
                    6c:1d:ee:ee:9f:ff:64:cf:92:80:f9:38:ea:86:74:
                    a3:83:e1:bc:a2:7f:08:b8:2f:96:ab:6a:eb:27:c5:
                    8f:98:cb:b8:cc:33:e8:9f:1b:5a:8a:0c:68:2e:a4:
                    c2:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:FF:F8:AE:13:8B:92:2B:79:92:41:A3:76:5C:2C:81:9E:9A:C5:9C:78

            X509v3 Subject Key Identifier:
                C4:9D:FC:9D:5D:3A:5D:05:7A:BF:02:81:EC:DB:49:70:15:C7:B2:72
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.2.1.11.36
                Policy: 2.16.840.1.101.2.1.11.42
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.17
                Policy: 2.16.840.1.101.3.2.1.3.18
                Policy: 2.16.840.1.101.3.2.1.3.19
                Policy: 2.16.840.1.101.3.2.1.3.20

            X509v3 Policy Mappings:
                2.16.840.1.101.2.1.11.36:2.16.840.1.101.3.2.1.3.38, 2.16.840.1.101.2.1.11.42:2.16.840.1.101.3.2.1.3.12, 2.16.840.1.101.2.1.11.42:2.16.840.1.101.3.2.1.3.4
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Name Constraints: critical
                Excluded:
                  DirName: C = US, O = U.S. Government, OU = DoD

            X509v3 Policy Constraints: critical
                Require Explicit Policy:0
            X509v3 CRL Distribution Points:
                URI:http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA2.crl

            Authority Information Access:
                CA Issuers - URI:http://crl.disa.mil/issuedto/DODINTEROPERABILITYROOTCA2_IT.p7c

            Subject Information Access:
                CA Repository - URI:http://http.fpki.gov/bridge/caCertsIssuedByfbca.p7c

    Signature Algorithm: sha256WithRSAEncryption
        2f:67:3e:c3:5e:21:4e:c2:cf:c5:a1:76:3b:c3:1e:cc:e5:32:
        fe:1f:9d:a8:9b:2f:0d:af:2b:e1:61:ef:d4:5b:0e:d5:05:d7:
        a8:b8:14:b8:a3:8d:f1:7b:c8:c5:c3:0b:6c:14:c8:87:43:d4:
        89:2c:ac:d0:8c:e2:8c:a8:62:d2:05:d5:e6:a4:99:82:00:3e:
        e0:aa:47:e7:7d:a8:58:69:e5:ac:85:fa:bc:fa:65:3b:8b:93:
        eb:bb:23:57:9d:41:e7:2b:d1:0d:5c:21:c4:a0:76:5c:15:99:
        3a:a3:9e:77:fa:0e:98:f2:54:11:fc:74:be:7f:c9:d1:17:f7:
        9e:ae:55:26:51:8a:1b:c6:84:00:b3:f2:32:8f:e4:37:0f:96:
        cf:f6:2a:c1:cd:b8:71:63:ed:4f:4c:70:ef:88:d1:18:67:e2:
        39:f0:34:60:a9:60:ff:37:9c:21:b9:1b:d1:2c:ba:59:43:7c:
        d2:56:ac:13:33:13:6e:b6:b3:3d:c8:89:3f:43:2a:31:5f:9f:
        a8:65:2e:e8:dc:33:e3:6f:dd:3b:d0:7e:c4:27:87:ae:50:a5:
        8a:41:00:86:9e:91:bb:f9:85:fe:2b:83:a4:da:7a:73:34:0f:
        7d:bf:a9:39:d9:03:91:0e:b4:72:16:da:67:43:02:fe:16:f3:
        b8:43:e4:eb
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgICAIwwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
EwNQS0kxJzAlBgNVBAMTHkRvRCBJbnRlcm9wZXJhYmlsaXR5IFJvb3QgQ0EgMjAe
Fw0xMzA3MTcxNDAxNDNaFw0xNjA3MTcxNDAxNDNaMFIxCzAJBgNVBAYTAlVTMRgw
FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDTALBgNVBAsTBEZQS0kxGjAYBgNVBAMT
EUZlZGVyYWwgQnJpZGdlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuTNunuFVEpYm9m62hVimIWlLN0EkfScLkEB2UE5roUzkEnDzu4PyQHTb0xcp
jiB5164p5D5jhvmMqsUEHpjXSKt8ouQAFLfiOlTobH0jYWU2SbEiqDbGe9k8ajlZ
CzLyljcmcb3GSt2xtcMeXhK7SqpUTI06L8Rl8FZLQePyforve+UiMU9ZiGjbDVrc
kDlBd0+D+yvP7tVcD5mdkozDWIypxUFOxNFX6NThBllK0dCq0gVE9lbuj0o9jsJB
q+Xqeq6/tr426B6VhuuKjqAUB8hsHe7un/9kz5KA+TjqhnSjg+G8on8IuC+Wq2rr
J8WPmMu4zDPonxtaigxoLqTCYwIDAQABo4ICeDCCAnQwHwYDVR0jBBgwFoAU//iu
E4uSK3mSQaN2XCyBnprFnHgwHQYDVR0OBBYEFMSd/J1dOl0Fer8CgezbSXAVx7Jy
MA4GA1UdDwEB/wQEAwIBBjBpBgNVHSAEYjBgMAsGCWCGSAFlAgELJDALBglghkgB
ZQIBCyowDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFlAwIBAxIw
DAYKYIZIAWUDAgEDEzAMBgpghkgBZQMCAQMUMFQGA1UdIQRNMEswFwYJYIZIAWUC
AQskBgpghkgBZQMCAQMmMBcGCWCGSAFlAgELKgYKYIZIAWUDAgEDDDAXBglghkgB
ZQIBCyoGCmCGSAFlAwIBAwQwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR4BAf8EPzA9
oTswOaQ3MDUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQx
DDAKBgNVBAsTA0RvRDAPBgNVHSQBAf8EBTADgAEAMEcGA1UdHwRAMD4wPKA6oDiG
Nmh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRElOVEVST1BFUkFCSUxJVFlST09U
Q0EyLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly9jcmwu
ZGlzYS5taWwvaXNzdWVkdG8vRE9ESU5URVJPUEVSQUJJTElUWVJPT1RDQTJfSVQu
cDdjME8GCCsGAQUFBwELBEMwQTA/BggrBgEFBQcwBYYzaHR0cDovL2h0dHAuZnBr
aS5nb3YvYnJpZGdlL2NhQ2VydHNJc3N1ZWRCeWZiY2EucDdjMA0GCSqGSIb3DQEB
CwUAA4IBAQAvZz7DXiFOws/FoXY7wx7M5TL+H52omy8NryvhYe/UWw7VBdeouBS4
o43xe8jFwwtsFMiHQ9SJLKzQjOKMqGLSBdXmpJmCAD7gqkfnfahYaeWshfq8+mU7
i5PruyNXnUHnK9ENXCHEoHZcFZk6o553+g6Y8lQR/HS+f8nRF/eerlUmUYobxoQA
s/Iyj+Q3D5bP9irBzbhxY+1PTHDviNEYZ+I58DRgqWD/N5whuRvRLLpZQ3zSVqwT
MxNutrM9yIk/QyoxX5+oZS7o3DPjb9070H7EJ4euUKWKQQCGnpG7+YX+K4Ok2npz
NA99v6k52QORDrRyFtpnQwL+FvO4Q+Tr
-----END CERTIFICATE-----
`

// HexHashFederalBridgeCASignedByDoDInteropCA2 is the hex SHA256 fingerprint
// ofFederalBridgeCASignedByDoDInteropCA2.
const HexHashFederalBridgeCASignedByDoDInteropCA2 = "fa22bf37e4111e66c0c0761eae45adc973a88a87a47b7d8f65b485d563fa5c2b"

// PEMFederalBridgeCASignedByFederalBridgeCA2013 is the certificate for the Federal
// Bridge CA signed by the Federal Bridge CA 2013.
const PEMFederalBridgeCASignedByFederalBridgeCA2013 = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6 (0x6)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA 2013
        Validity
            Not Before: Oct 21 19:28:34 2013 GMT
            Not After : Oct 11 05:25:13 2016 GMT
        Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:b9:33:6e:9e:e1:55:12:96:26:f6:6e:b6:85:58:
                    a6:21:69:4b:37:41:24:7d:27:0b:90:40:76:50:4e:
                    6b:a1:4c:e4:12:70:f3:bb:83:f2:40:74:db:d3:17:
                    29:8e:20:79:d7:ae:29:e4:3e:63:86:f9:8c:aa:c5:
                    04:1e:98:d7:48:ab:7c:a2:e4:00:14:b7:e2:3a:54:
                    e8:6c:7d:23:61:65:36:49:b1:22:a8:36:c6:7b:d9:
                    3c:6a:39:59:0b:32:f2:96:37:26:71:bd:c6:4a:dd:
                    b1:b5:c3:1e:5e:12:bb:4a:aa:54:4c:8d:3a:2f:c4:
                    65:f0:56:4b:41:e3:f2:7e:8a:ef:7b:e5:22:31:4f:
                    59:88:68:db:0d:5a:dc:90:39:41:77:4f:83:fb:2b:
                    cf:ee:d5:5c:0f:99:9d:92:8c:c3:58:8c:a9:c5:41:
                    4e:c4:d1:57:e8:d4:e1:06:59:4a:d1:d0:aa:d2:05:
                    44:f6:56:ee:8f:4a:3d:8e:c2:41:ab:e5:ea:7a:ae:
                    bf:b6:be:36:e8:1e:95:86:eb:8a:8e:a0:14:07:c8:
                    6c:1d:ee:ee:9f:ff:64:cf:92:80:f9:38:ea:86:74:
                    a3:83:e1:bc:a2:7f:08:b8:2f:96:ab:6a:eb:27:c5:
                    8f:98:cb:b8:cc:33:e8:9f:1b:5a:8a:0c:68:2e:a4:
                    c2:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            Authority Information Access:
                CA Issuers - URI:http://http.fpki.gov/bridge/caCertsIssuedTofbca2013.p7c

            Subject Information Access:
                CA Repository - URI:http://http.fpki.gov/bridge/caCertsIssuedByfbca.p7c

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:BB:CE:74:71:83:34:4E:59:32:45:15:5F:40:60:60:DC:2B:B0:B4:E4

            X509v3 CRL Distribution Points:
                URI:http://http.fpki.gov/bridge/fbca2013.crl

            X509v3 Subject Key Identifier:
                C4:9D:FC:9D:5D:3A:5D:05:7A:BF:02:81:EC:DB:49:70:15:C7:B2:72
    Signature Algorithm: sha256WithRSAEncryption
        4c:c2:92:36:81:b2:ae:46:74:bc:cf:a9:87:37:34:4d:88:76:
        c8:85:9d:51:ef:45:2b:a8:c2:88:50:67:79:48:17:72:f7:8c:
        61:a0:4a:ba:1a:30:89:15:9d:66:64:87:1d:42:d2:1d:40:6f:
        1c:44:58:84:06:f3:37:59:95:a3:8f:99:95:91:93:4a:8f:40:
        86:23:26:49:03:63:c6:d8:9f:ef:5d:11:02:4f:55:12:c3:c7:
        b9:72:c5:23:65:d6:86:71:21:8b:9e:48:1a:cf:0d:d4:6e:df:
        f4:c3:8c:e0:db:a6:6e:e5:e9:91:0c:23:99:f7:3c:a0:77:75:
        6e:5f:9d:e4:f8:1c:9a:eb:b7:f0:d9:24:ab:9b:b5:cc:84:dd:
        e8:87:ea:53:9a:aa:d2:25:0f:11:74:39:01:be:03:dc:6d:ef:
        e8:e4:35:94:8b:c7:74:1d:77:38:3a:2e:92:50:ad:bd:ee:45:
        d8:e3:f8:bf:50:14:1d:6e:25:48:84:38:9e:65:d8:28:bb:72:
        1c:8e:8a:11:12:60:f7:22:b9:09:a1:43:01:cd:5f:22:5b:0c:
        52:e1:6a:f8:ba:17:60:8b:81:e0:4d:24:03:ce:f0:6d:7a:0c:
        42:92:99:e3:86:7e:d9:4e:cb:51:e4:c3:7e:5f:dc:55:e1:39:
        83:71:8d:48
-----BEGIN CERTIFICATE-----
MIIEbDCCA1SgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEY
MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQ0wCwYDVQQLEwRGUEtJMR8wHQYDVQQD
ExZGZWRlcmFsIEJyaWRnZSBDQSAyMDEzMB4XDTEzMTAyMTE5MjgzNFoXDTE2MTAx
MTA1MjUxM1owUjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVu
dDENMAsGA1UECxMERlBLSTEaMBgGA1UEAxMRRmVkZXJhbCBCcmlkZ2UgQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5M26e4VUSlib2braFWKYhaUs3
QSR9JwuQQHZQTmuhTOQScPO7g/JAdNvTFymOIHnXrinkPmOG+YyqxQQemNdIq3yi
5AAUt+I6VOhsfSNhZTZJsSKoNsZ72TxqOVkLMvKWNyZxvcZK3bG1wx5eErtKqlRM
jTovxGXwVktB4/J+iu975SIxT1mIaNsNWtyQOUF3T4P7K8/u1VwPmZ2SjMNYjKnF
QU7E0Vfo1OEGWUrR0KrSBUT2Vu6PSj2OwkGr5ep6rr+2vjboHpWG64qOoBQHyGwd
7u6f/2TPkoD5OOqGdKOD4byifwi4L5arausnxY+Yy7jMM+ifG1qKDGgupMJjAgMB
AAGjggFGMIIBQjAPBgNVHRMBAf8EBTADAQH/MFMGCCsGAQUFBwEBBEcwRTBDBggr
BgEFBQcwAoY3aHR0cDovL2h0dHAuZnBraS5nb3YvYnJpZGdlL2NhQ2VydHNJc3N1
ZWRUb2ZiY2EyMDEzLnA3YzBPBggrBgEFBQcBCwRDMEEwPwYIKwYBBQUHMAWGM2h0
dHA6Ly9odHRwLmZwa2kuZ292L2JyaWRnZS9jYUNlcnRzSXNzdWVkQnlmYmNhLnA3
YzAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAUu850cYM0TlkyRRVfQGBg3Cuw
tOQwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2h0dHAuZnBraS5nb3YvYnJpZGdl
L2ZiY2EyMDEzLmNybDAdBgNVHQ4EFgQUxJ38nV06XQV6vwKB7NtJcBXHsnIwDQYJ
KoZIhvcNAQELBQADggEBAEzCkjaBsq5GdLzPqYc3NE2IdsiFnVHvRSuowohQZ3lI
F3L3jGGgSroaMIkVnWZkhx1C0h1AbxxEWIQG8zdZlaOPmZWRk0qPQIYjJkkDY8bY
n+9dEQJPVRLDx7lyxSNl1oZxIYueSBrPDdRu3/TDjODbpm7l6ZEMI5n3PKB3dW5f
neT4HJrrt/DZJKubtcyE3eiH6lOaqtIlDxF0OQG+A9xt7+jkNZSLx3Qddzg6LpJQ
rb3uRdjj+L9QFB1uJUiEOJ5l2Ci7chyOihESYPciuQmhQwHNXyJbDFLhavi6F2CL
geBNJAPO8G16DEKSmeOGftlOy1Hkw35f3FXhOYNxjUg=
-----END CERTIFICATE-----
`

// HexHashFederalBridgeCASignedByFederalBridgeCA2013 is the hex SHA256
// fingerprint ofFederalBridgeCASignedByFederalBridgeCA2013.
const HexHashFederalBridgeCASignedByFederalBridgeCA2013 = "687cae341a976f2862ce9c7543f5bbbc466a6cb9719cad755b14b76bc1e7788b"

// PEMFederalBridgeCASignedByFederalCommonPolicyCA is the certificate for the
// Federal Bridge CA signed by the Federal Common Policy CA.
const PEMFederalBridgeCASignedByFederalCommonPolicyCA = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2004 (0x7d4)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
        Validity
            Not Before: Dec 29 19:28:58 2011 GMT
            Not After : Dec 29 19:27:54 2014 GMT
        Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:b9:33:6e:9e:e1:55:12:96:26:f6:6e:b6:85:58:
                    a6:21:69:4b:37:41:24:7d:27:0b:90:40:76:50:4e:
                    6b:a1:4c:e4:12:70:f3:bb:83:f2:40:74:db:d3:17:
                    29:8e:20:79:d7:ae:29:e4:3e:63:86:f9:8c:aa:c5:
                    04:1e:98:d7:48:ab:7c:a2:e4:00:14:b7:e2:3a:54:
                    e8:6c:7d:23:61:65:36:49:b1:22:a8:36:c6:7b:d9:
                    3c:6a:39:59:0b:32:f2:96:37:26:71:bd:c6:4a:dd:
                    b1:b5:c3:1e:5e:12:bb:4a:aa:54:4c:8d:3a:2f:c4:
                    65:f0:56:4b:41:e3:f2:7e:8a:ef:7b:e5:22:31:4f:
                    59:88:68:db:0d:5a:dc:90:39:41:77:4f:83:fb:2b:
                    cf:ee:d5:5c:0f:99:9d:92:8c:c3:58:8c:a9:c5:41:
                    4e:c4:d1:57:e8:d4:e1:06:59:4a:d1:d0:aa:d2:05:
                    44:f6:56:ee:8f:4a:3d:8e:c2:41:ab:e5:ea:7a:ae:
                    bf:b6:be:36:e8:1e:95:86:eb:8a:8e:a0:14:07:c8:
                    6c:1d:ee:ee:9f:ff:64:cf:92:80:f9:38:ea:86:74:
                    a3:83:e1:bc:a2:7f:08:b8:2f:96:ab:6a:eb:27:c5:
                    8f:98:cb:b8:cc:33:e8:9f:1b:5a:8a:0c:68:2e:a4:
                    c2:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.3.2.1.3.2
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.1
                Policy: 2.16.840.1.101.3.2.1.3.6
                Policy: 2.16.840.1.101.3.2.1.3.7
                Policy: 2.16.840.1.101.3.2.1.3.8
                Policy: 2.16.840.1.101.3.2.1.3.16
                Policy: 2.16.840.1.101.3.2.1.3.36
                Policy: 2.16.840.1.101.3.2.1.3.17
                Policy: 2.16.840.1.101.3.2.1.3.14
                Policy: 2.16.840.1.101.3.2.1.3.15
                Policy: 2.16.840.1.101.3.2.1.3.18
                Policy: 2.16.840.1.101.3.2.1.3.20
                Policy: 2.16.840.1.101.3.2.1.3.19
                Policy: 2.16.840.1.101.3.2.1.3.21
                Policy: 2.16.840.1.101.3.2.1.3.23
                Policy: 2.16.840.1.101.3.2.1.3.22
                Policy: 2.16.840.1.101.3.2.1.3.24
                Policy: 2.16.840.1.101.3.2.1.3.25
                Policy: 2.16.840.1.101.3.2.1.3.26
                Policy: 2.16.840.1.101.3.2.1.3.27

            Authority Information Access:
                CA Issuers - URI:http://http.fpki.gov/fcpca/caCertsIssuedTofcpca.p7c

            X509v3 Policy Mappings:
                2.16.840.1.101.3.2.1.3.6:2.16.840.1.101.3.2.1.3.3, 2.16.840.1.101.3.2.1.3.7:2.16.840.1.101.3.2.1.3.12, 2.16.840.1.101.3.2.1.3.16:2.16.840.1.101.3.2.1.3.4, 2.16.840.1.101.3.2.1.3.8:2.16.840.1.101.3.2.1.3.37, 2.16.840.1.101.3.2.1.3.36:2.16.840.1.101.3.2.1.3.38
            Subject Information Access:
                CA Repository - URI:http://http.fpki.gov/bridge/caCertsIssuedByfbca.p7c

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:AD:0C:7A:75:5C:E5:F3:98:C4:79:98:0E:AC:28:FD:97:F4:E7:02:FC

            X509v3 CRL Distribution Points:
                URI:http://http.fpki.gov/fcpca/fcpca.crl

            X509v3 Subject Key Identifier:
                C4:9D:FC:9D:5D:3A:5D:05:7A:BF:02:81:EC:DB:49:70:15:C7:B2:72
    Signature Algorithm: sha256WithRSAEncryption
        73:86:2a:f3:5b:fb:e2:d5:c1:47:41:b5:11:a8:50:11:63:11:
        08:67:a5:64:23:b3:30:07:66:e5:be:61:ff:35:89:7e:5d:87:
        c3:75:25:d8:63:99:ab:8f:30:50:a9:87:70:ae:8b:8f:ea:26:
        ac:3b:bd:47:84:a0:86:85:6c:89:ca:b3:a5:04:cd:eb:16:b6:
        b9:de:bc:6c:b0:27:8a:d0:c4:b0:5c:a5:27:8c:c5:5d:ff:e3:
        e8:eb:e8:fb:37:78:82:19:47:98:0f:25:dc:a7:b3:bd:a4:33:
        56:86:cf:75:c7:ae:9a:2b:ac:ca:22:d5:a9:38:79:f5:c6:2c:
        4b:69:73:a4:8a:d7:9f:2c:17:dc:33:92:77:d0:95:48:7b:c2:
        6f:3d:6f:64:eb:42:d5:eb:1d:39:2d:5d:46:22:15:36:9c:cb:
        0f:ff:a9:2f:7a:63:b5:3e:cc:45:a3:df:22:15:06:c4:90:07:
        7d:fc:9d:2d:e8:e1:12:09:30:9c:66:84:61:61:b4:98:63:da:
        83:c6:a7:e0:f1:a7:c2:ba:88:2a:29:55:52:32:08:3b:2a:77:
        30:f4:74:06:c3:d2:d8:64:e1:08:33:33:65:1e:02:2c:d1:5e:
        fc:6c:44:a8:de:87:19:1b:6f:07:d7:67:cd:11:62:70:9b:c8:
        cf:f9:fa:a4
-----BEGIN CERTIFICATE-----
MIIGLjCCBRagAwIBAgICB9QwDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEhMB8GA1UE
AxMYRmVkZXJhbCBDb21tb24gUG9saWN5IENBMB4XDTExMTIyOTE5Mjg1OFoXDTE0
MTIyOTE5Mjc1NFowUjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu
bWVudDENMAsGA1UECxMERlBLSTEaMBgGA1UEAxMRRmVkZXJhbCBCcmlkZ2UgQ0Ew
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5M26e4VUSlib2braFWKYh
aUs3QSR9JwuQQHZQTmuhTOQScPO7g/JAdNvTFymOIHnXrinkPmOG+YyqxQQemNdI
q3yi5AAUt+I6VOhsfSNhZTZJsSKoNsZ72TxqOVkLMvKWNyZxvcZK3bG1wx5eErtK
qlRMjTovxGXwVktB4/J+iu975SIxT1mIaNsNWtyQOUF3T4P7K8/u1VwPmZ2SjMNY
jKnFQU7E0Vfo1OEGWUrR0KrSBUT2Vu6PSj2OwkGr5ep6rr+2vjboHpWG64qOoBQH
yGwd7u6f/2TPkoD5OOqGdKOD4byifwi4L5arausnxY+Yy7jMM+ifG1qKDGgupMJj
AgMBAAGjggMFMIIDATAPBgNVHRMBAf8EBTADAQH/MIIBMwYDVR0gBIIBKjCCASYw
DAYKYIZIAWUDAgEDAjAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAwEwDAYKYIZI
AWUDAgEDBjAMBgpghkgBZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgED
EDAMBgpghkgBZQMCAQMkMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDDjAMBgpg
hkgBZQMCAQMPMAwGCmCGSAFlAwIBAxIwDAYKYIZIAWUDAgEDFDAMBgpghkgBZQMC
AQMTMAwGCmCGSAFlAwIBAxUwDAYKYIZIAWUDAgEDFzAMBgpghkgBZQMCAQMWMAwG
CmCGSAFlAwIBAxgwDAYKYIZIAWUDAgEDGTAMBgpghkgBZQMCAQMaMAwGCmCGSAFl
AwIBAxswTwYIKwYBBQUHAQEEQzBBMD8GCCsGAQUFBzAChjNodHRwOi8vaHR0cC5m
cGtpLmdvdi9mY3BjYS9jYUNlcnRzSXNzdWVkVG9mY3BjYS5wN2MwgY0GA1UdIQSB
hTCBgjAYBgpghkgBZQMCAQMGBgpghkgBZQMCAQMDMBgGCmCGSAFlAwIBAwcGCmCG
SAFlAwIBAwwwGAYKYIZIAWUDAgEDEAYKYIZIAWUDAgEDBDAYBgpghkgBZQMCAQMI
BgpghkgBZQMCAQMlMBgGCmCGSAFlAwIBAyQGCmCGSAFlAwIBAyYwTwYIKwYBBQUH
AQsEQzBBMD8GCCsGAQUFBzAFhjNodHRwOi8vaHR0cC5mcGtpLmdvdi9icmlkZ2Uv
Y2FDZXJ0c0lzc3VlZEJ5ZmJjYS5wN2MwDgYDVR0PAQH/BAQDAgEGMB8GA1UdIwQY
MBaAFK0MenVc5fOYxHmYDqwo/Zf05wL8MDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6
Ly9odHRwLmZwa2kuZ292L2ZjcGNhL2ZjcGNhLmNybDAdBgNVHQ4EFgQUxJ38nV06
XQV6vwKB7NtJcBXHsnIwDQYJKoZIhvcNAQELBQADggEBAHOGKvNb++LVwUdBtRGo
UBFjEQhnpWQjszAHZuW+Yf81iX5dh8N1JdhjmauPMFCph3Cui4/qJqw7vUeEoIaF
bInKs6UEzesWtrnevGywJ4rQxLBcpSeMxV3/4+jr6Ps3eIIZR5gPJdyns72kM1aG
z3XHrporrMoi1ak4efXGLEtpc6SK158sF9wzknfQlUh7wm89b2TrQtXrHTktXUYi
FTacyw//qS96Y7U+zEWj3yIVBsSQB338nS3o4RIJMJxmhGFhtJhj2oPGp+Dxp8K6
iCopVVIyCDsqdzD0dAbD0thk4QgzM2UeAizRXvxsRKjehxkbbwfXZ80RYnCbyM/5
+qQ=
-----END CERTIFICATE-----
`

// HexHashFederalBridgeCASignedByFederalCommonPolicyCA is the hex SHA256
// fingeprint ofFederalBridgeCASignedByFederalCommonPolicyCA.
const HexHashFederalBridgeCASignedByFederalCommonPolicyCA = "8a51e575c2eac47ad7d9739684e9bbabcc28caff53bc6a1ebb860a2bdcf732c8"

// PEMFederalBridgeCA2013SignedByCommonPolicyCASerial5524 is the certificate for
// the Federal Bridge CA 2013 signed by the Federal Common Policy CA with serial
// numbewr 5524.
const PEMFederalBridgeCA2013SignedByCommonPolicyCASerial5524 = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5524 (0x1594)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
        Validity
            Not Before: Oct 21 17:12:58 2013 GMT
            Not After : Oct 21 17:12:58 2016 GMT
        Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA 2013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:9c:e8:17:25:c2:59:ef:34:a5:c5:44:3b:00:35:
                    ec:31:40:a5:7a:02:d2:3e:19:14:9b:25:89:cd:4a:
                    8c:3b:e6:5e:6a:da:1c:6b:dd:0c:03:2a:45:84:29:
                    9d:4f:2e:ff:b0:a0:6c:02:c6:5a:a7:78:67:a5:77:
                    bb:c6:98:f8:b1:7e:e2:94:bb:fa:11:4f:63:38:1c:
                    1e:7c:08:0c:9e:f6:2a:15:63:22:62:14:12:e7:9f:
                    d4:ea:50:2e:d4:7e:3e:64:25:e4:2e:1c:1b:b8:ed:
                    5f:65:b4:f3:00:15:4f:0d:24:92:2c:71:50:22:3c:
                    eb:11:69:b3:2c:38:f3:e0:73:a1:98:26:75:a6:2d:
                    56:a9:05:af:9b:c9:38:8c:66:c0:c8:08:3b:43:3c:
                    83:dd:2a:52:ab:08:21:7e:cd:4f:ef:45:69:70:0c:
                    7c:b5:fe:1b:51:4e:09:28:2c:07:2b:4a:79:8c:41:
                    45:c4:53:0b:cd:e5:d4:a6:bb:93:33:d8:37:96:c3:
                    b0:2b:5b:c5:c5:e6:49:5c:41:5b:75:a3:02:db:15:
                    9e:73:d0:a6:cc:e4:c8:9a:1a:c7:01:07:93:b0:df:
                    eb:b8:fd:7f:dc:ab:18:94:92:8b:8d:f4:0c:29:09:
                    50:4f:5b:71:e1:da:50:5e:a3:bf:df:dc:a4:8a:f0:
                    07:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.3.2.1.3.6
                Policy: 2.16.840.1.101.3.2.1.3.7
                Policy: 2.16.840.1.101.3.2.1.3.8
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.16
                Policy: 2.16.840.1.101.3.2.1.3.1
                Policy: 2.16.840.1.101.3.2.1.3.2
                Policy: 2.16.840.1.101.3.2.1.3.14
                Policy: 2.16.840.1.101.3.2.1.3.15
                Policy: 2.16.840.1.101.3.2.1.3.17
                Policy: 2.16.840.1.101.3.2.1.3.18
                Policy: 2.16.840.1.101.3.2.1.3.19
                Policy: 2.16.840.1.101.3.2.1.3.20
                Policy: 2.16.840.1.101.3.2.1.3.21
                Policy: 2.16.840.1.101.3.2.1.3.22
                Policy: 2.16.840.1.101.3.2.1.3.23
                Policy: 2.16.840.1.101.3.2.1.3.24
                Policy: 2.16.840.1.101.3.2.1.3.25
                Policy: 2.16.840.1.101.3.2.1.3.26
                Policy: 2.16.840.1.101.3.2.1.3.27
                Policy: 2.16.840.1.101.3.2.1.3.36

            Authority Information Access:
                CA Issuers - URI:http://http.fpki.gov/fcpca/caCertsIssuedTofcpca.p7c

            X509v3 Policy Mappings:
                2.16.840.1.101.3.2.1.3.6:2.16.840.1.101.3.2.1.3.3, 2.16.840.1.101.3.2.1.3.7:2.16.840.1.101.3.2.1.3.12, 2.16.840.1.101.3.2.1.3.16:2.16.840.1.101.3.2.1.3.4, 2.16.840.1.101.3.2.1.3.8:2.16.840.1.101.3.2.1.3.37, 2.16.840.1.101.3.2.1.3.36:2.16.840.1.101.3.2.1.3.38
            Subject Information Access:
                CA Repository - URI:http://http.fpki.gov/bridge/caCertsIssuedByfbca2013.p7c

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:AD:0C:7A:75:5C:E5:F3:98:C4:79:98:0E:AC:28:FD:97:F4:E7:02:FC

            X509v3 CRL Distribution Points:
                URI:http://http.fpki.gov/fcpca/fcpca.crl

            X509v3 Subject Key Identifier:
                BB:CE:74:71:83:34:4E:59:32:45:15:5F:40:60:60:DC:2B:B0:B4:E4
    Signature Algorithm: sha256WithRSAEncryption
        c7:50:ad:8a:75:35:28:65:8c:18:1c:e7:ed:89:35:17:f9:e3:
        c6:61:94:e2:2b:89:ba:3a:91:19:13:09:36:34:84:8c:f8:b6:
        d5:5c:ad:6b:2a:5b:ff:77:11:2f:6a:e9:be:1c:74:c3:b0:7c:
        35:dc:e8:c7:c4:d9:0b:8a:88:8b:ac:20:fc:96:db:37:d4:38:
        96:5e:c0:b5:12:f1:88:2a:2d:9c:2d:5c:a2:25:59:4e:7b:bb:
        31:c8:6b:5c:7c:57:77:a6:9c:0a:6f:a6:8b:4f:af:6b:b0:51:
        6e:e9:23:b1:bb:6f:06:eb:82:5d:e4:81:cf:63:7e:6d:5c:f1:
        0c:86:cd:d4:f2:50:59:74:39:18:7a:99:1d:a1:7f:31:03:49:
        f7:6d:06:69:6d:b4:6a:49:4d:dc:5c:e7:64:54:59:a2:5b:39:
        27:86:7d:ec:73:71:65:98:60:80:3d:b8:0d:b0:be:61:7b:d2:
        d3:ae:f7:c3:80:72:a7:47:00:2e:98:fb:9c:b6:9f:34:df:99:
        14:b2:c4:80:65:bf:7b:8c:95:9f:b7:89:68:fb:7b:22:2c:c9:
        32:55:75:f1:f0:22:d1:d0:f6:00:44:a9:f6:9c:00:58:d9:18:
        9b:b8:03:ee:b0:e3:f6:3f:8f:a9:53:22:16:2b:d4:e8:16:69:
        52:ea:b3:5a
-----BEGIN CERTIFICATE-----
MIIGNzCCBR+gAwIBAgICFZQwDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEhMB8GA1UE
AxMYRmVkZXJhbCBDb21tb24gUG9saWN5IENBMB4XDTEzMTAyMTE3MTI1OFoXDTE2
MTAyMTE3MTI1OFowVzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu
bWVudDENMAsGA1UECxMERlBLSTEfMB0GA1UEAxMWRmVkZXJhbCBCcmlkZ2UgQ0Eg
MjAxMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzoFyXCWe80pcVE
OwA17DFApXoC0j4ZFJslic1KjDvmXmraHGvdDAMqRYQpnU8u/7CgbALGWqd4Z6V3
u8aY+LF+4pS7+hFPYzgcHnwIDJ72KhVjImIUEuef1OpQLtR+PmQl5C4cG7jtX2W0
8wAVTw0kkixxUCI86xFpsyw48+BzoZgmdaYtVqkFr5vJOIxmwMgIO0M8g90qUqsI
IX7NT+9FaXAMfLX+G1FOCSgsBytKeYxBRcRTC83l1Ka7kzPYN5bDsCtbxcXmSVxB
W3WjAtsVnnPQpszkyJoaxwEHk7Df67j9f9yrGJSSi430DCkJUE9bceHaUF6jv9/c
pIrwB0sCAwEAAaOCAwkwggMFMA8GA1UdEwEB/wQFMAMBAf8wggEzBgNVHSAEggEq
MIIBJjAMBgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZIAWUDAgEDCDAM
BgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxAwDAYKYIZIAWUDAgEDATAMBgpghkgB
ZQMCAQMCMAwGCmCGSAFlAwIBAw4wDAYKYIZIAWUDAgEDDzAMBgpghkgBZQMCAQMR
MAwGCmCGSAFlAwIBAxIwDAYKYIZIAWUDAgEDEzAMBgpghkgBZQMCAQMUMAwGCmCG
SAFlAwIBAxUwDAYKYIZIAWUDAgEDFjAMBgpghkgBZQMCAQMXMAwGCmCGSAFlAwIB
AxgwDAYKYIZIAWUDAgEDGTAMBgpghkgBZQMCAQMaMAwGCmCGSAFlAwIBAxswDAYK
YIZIAWUDAgEDJDBPBggrBgEFBQcBAQRDMEEwPwYIKwYBBQUHMAKGM2h0dHA6Ly9o
dHRwLmZwa2kuZ292L2ZjcGNhL2NhQ2VydHNJc3N1ZWRUb2ZjcGNhLnA3YzCBjQYD
VR0hBIGFMIGCMBgGCmCGSAFlAwIBAwYGCmCGSAFlAwIBAwMwGAYKYIZIAWUDAgED
BwYKYIZIAWUDAgEDDDAYBgpghkgBZQMCAQMQBgpghkgBZQMCAQMEMBgGCmCGSAFl
AwIBAwgGCmCGSAFlAwIBAyUwGAYKYIZIAWUDAgEDJAYKYIZIAWUDAgEDJjBTBggr
BgEFBQcBCwRHMEUwQwYIKwYBBQUHMAWGN2h0dHA6Ly9odHRwLmZwa2kuZ292L2Jy
aWRnZS9jYUNlcnRzSXNzdWVkQnlmYmNhMjAxMy5wN2MwDgYDVR0PAQH/BAQDAgEG
MB8GA1UdIwQYMBaAFK0MenVc5fOYxHmYDqwo/Zf05wL8MDUGA1UdHwQuMCwwKqAo
oCaGJGh0dHA6Ly9odHRwLmZwa2kuZ292L2ZjcGNhL2ZjcGNhLmNybDAdBgNVHQ4E
FgQUu850cYM0TlkyRRVfQGBg3CuwtOQwDQYJKoZIhvcNAQELBQADggEBAMdQrYp1
NShljBgc5+2JNRf548ZhlOIribo6kRkTCTY0hIz4ttVcrWsqW/93ES9q6b4cdMOw
fDXc6MfE2QuKiIusIPyW2zfUOJZewLUS8YgqLZwtXKIlWU57uzHIa1x8V3emnApv
potPr2uwUW7pI7G7bwbrgl3kgc9jfm1c8QyGzdTyUFl0ORh6mR2hfzEDSfdtBmlt
tGpJTdxc52RUWaJbOSeGfexzcWWYYIA9uA2wvmF70tOu98OAcqdHAC6Y+5y2nzTf
mRSyxIBlv3uMlZ+3iWj7eyIsyTJVdfHwItHQ9gBEqfacAFjZGJu4A+6w4/Y/j6lT
IhYr1OgWaVLqs1o=
-----END CERTIFICATE-----
`

// HexHashFederalBridgeCA2013SignedByCommonPolicyCASerial5524 is the hex
// SHA256 fingerprint ofFederalBridgeCA2013SignedByCommonPolicyCASerial5524.
const HexHashFederalBridgeCA2013SignedByCommonPolicyCASerial5524 = "ae014e287fb3709f7d57c29065cdc0d37499e52f83f5ffbe83b883698a2c03f6"

// PEMFederalBridgeCA2013SignedByCommonPolicyCASerial11424 is the certificate
// for the Federal Bridge CA 2013 signed by the Federal Common Policy CA with
// the serial number 11424.
const PEMFederalBridgeCA2013SignedByCommonPolicyCASerial11424 = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 11424 (0x2ca0)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
        Validity
            Not Before: Jun 24 15:45:07 2015 GMT
            Not After : Jun 24 15:45:07 2018 GMT
        Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA 2013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:9c:e8:17:25:c2:59:ef:34:a5:c5:44:3b:00:35:
                    ec:31:40:a5:7a:02:d2:3e:19:14:9b:25:89:cd:4a:
                    8c:3b:e6:5e:6a:da:1c:6b:dd:0c:03:2a:45:84:29:
                    9d:4f:2e:ff:b0:a0:6c:02:c6:5a:a7:78:67:a5:77:
                    bb:c6:98:f8:b1:7e:e2:94:bb:fa:11:4f:63:38:1c:
                    1e:7c:08:0c:9e:f6:2a:15:63:22:62:14:12:e7:9f:
                    d4:ea:50:2e:d4:7e:3e:64:25:e4:2e:1c:1b:b8:ed:
                    5f:65:b4:f3:00:15:4f:0d:24:92:2c:71:50:22:3c:
                    eb:11:69:b3:2c:38:f3:e0:73:a1:98:26:75:a6:2d:
                    56:a9:05:af:9b:c9:38:8c:66:c0:c8:08:3b:43:3c:
                    83:dd:2a:52:ab:08:21:7e:cd:4f:ef:45:69:70:0c:
                    7c:b5:fe:1b:51:4e:09:28:2c:07:2b:4a:79:8c:41:
                    45:c4:53:0b:cd:e5:d4:a6:bb:93:33:d8:37:96:c3:
                    b0:2b:5b:c5:c5:e6:49:5c:41:5b:75:a3:02:db:15:
                    9e:73:d0:a6:cc:e4:c8:9a:1a:c7:01:07:93:b0:df:
                    eb:b8:fd:7f:dc:ab:18:94:92:8b:8d:f4:0c:29:09:
                    50:4f:5b:71:e1:da:50:5e:a3:bf:df:dc:a4:8a:f0:
                    07:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            Authority Information Access:
                CA Issuers - URI:http://http.fpki.gov/fcpca/caCertsIssuedTofcpca.p7c

            X509v3 Policy Mappings:
                2.16.840.1.101.3.2.1.3.6:2.16.840.1.101.3.2.1.3.3, 2.16.840.1.101.3.2.1.3.7:2.16.840.1.101.3.2.1.3.12, 2.16.840.1.101.3.2.1.3.8:2.16.840.1.101.3.2.1.3.37, 2.16.840.1.101.3.2.1.3.16:2.16.840.1.101.3.2.1.3.4, 2.16.840.1.101.3.2.1.3.36:2.16.840.1.101.3.2.1.3.38
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.3.2.1.3.1
                Policy: 2.16.840.1.101.3.2.1.3.2
                Policy: 2.16.840.1.101.3.2.1.3.3
                Policy: 2.16.840.1.101.3.2.1.3.12
                Policy: 2.16.840.1.101.3.2.1.3.14
                Policy: 2.16.840.1.101.3.2.1.3.15
                Policy: 2.16.840.1.101.3.2.1.3.37
                Policy: 2.16.840.1.101.3.2.1.3.38
                Policy: 2.16.840.1.101.3.2.1.3.4
                Policy: 2.16.840.1.101.3.2.1.3.18
                Policy: 2.16.840.1.101.3.2.1.3.19
                Policy: 2.16.840.1.101.3.2.1.3.20
                Policy: 2.16.840.1.101.3.2.1.3.6
                Policy: 2.16.840.1.101.3.2.1.3.7
                Policy: 2.16.840.1.101.3.2.1.3.8
                Policy: 2.16.840.1.101.3.2.1.3.36
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.16
                Policy: 2.16.840.1.101.3.2.1.3.17
                Policy: 2.16.840.1.101.3.2.1.3.40
                Policy: 2.16.840.1.101.3.2.1.3.41
                Policy: 2.16.840.1.101.3.2.1.3.39

            Subject Information Access:
                CA Repository - URI:http://http.fpki.gov/bridge/caCertsIssuedByfbca2013.p7c

            X509v3 Policy Constraints: critical
                Inhibit Policy Mapping:2
            X509v3 Inhibit Any Policy: critical
                0
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:AD:0C:7A:75:5C:E5:F3:98:C4:79:98:0E:AC:28:FD:97:F4:E7:02:FC

            X509v3 CRL Distribution Points:
                URI:http://http.fpki.gov/fcpca/fcpca.crl

            X509v3 Subject Key Identifier:
                BB:CE:74:71:83:34:4E:59:32:45:15:5F:40:60:60:DC:2B:B0:B4:E4
    Signature Algorithm: sha256WithRSAEncryption
        c0:1e:6d:27:f0:79:47:52:46:84:c8:88:5d:2e:9c:a6:76:fd:
        fc:f9:85:d2:79:3c:06:21:fb:cc:fd:27:39:bc:a3:1a:91:64:
        57:a8:5e:80:71:b0:43:66:9d:2a:f8:11:47:ba:0c:7e:58:5f:
        b7:51:8f:23:b9:dd:13:ef:18:f2:89:f4:51:37:59:81:4a:c4:
        70:ad:47:ec:8b:1a:53:71:e7:2f:49:66:c6:ef:84:1b:2c:f3:
        43:5d:3c:11:7b:41:20:5b:8e:5a:72:d5:01:84:f6:32:f5:01:
        f1:3a:c8:7e:8f:f4:fa:d0:c5:78:d6:bf:a3:84:1c:18:66:c8:
        4d:bc:33:fd:df:4d:ce:78:b2:52:1b:46:88:72:67:4d:6d:72:
        5b:bb:e1:57:2d:cf:3e:0a:4d:07:37:70:94:b2:23:bb:da:d5:
        be:6f:87:52:f6:57:53:a8:6b:33:3b:60:d9:b0:84:0e:b0:4a:
        59:4f:6b:ac:b7:4c:95:be:37:b1:d3:39:83:c8:b3:8d:eb:dc:
        38:65:cf:16:33:66:ae:72:92:8f:0d:68:e4:d2:5d:72:73:30:
        08:a5:4c:74:5a:dc:1f:9b:4b:71:60:9c:d3:5e:50:bf:2e:6d:
        ce:b2:5b:e6:c6:ed:c9:7c:8b:01:d1:db:b1:cd:a7:a1:62:6e:
        d4:67:5e:31
-----BEGIN CERTIFICATE-----
MIIGZTCCBU2gAwIBAgICLKAwDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEhMB8GA1UE
AxMYRmVkZXJhbCBDb21tb24gUG9saWN5IENBMB4XDTE1MDYyNDE1NDUwN1oXDTE4
MDYyNDE1NDUwN1owVzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu
bWVudDENMAsGA1UECxMERlBLSTEfMB0GA1UEAxMWRmVkZXJhbCBCcmlkZ2UgQ0Eg
MjAxMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzoFyXCWe80pcVE
OwA17DFApXoC0j4ZFJslic1KjDvmXmraHGvdDAMqRYQpnU8u/7CgbALGWqd4Z6V3
u8aY+LF+4pS7+hFPYzgcHnwIDJ72KhVjImIUEuef1OpQLtR+PmQl5C4cG7jtX2W0
8wAVTw0kkixxUCI86xFpsyw48+BzoZgmdaYtVqkFr5vJOIxmwMgIO0M8g90qUqsI
IX7NT+9FaXAMfLX+G1FOCSgsBytKeYxBRcRTC83l1Ka7kzPYN5bDsCtbxcXmSVxB
W3WjAtsVnnPQpszkyJoaxwEHk7Df67j9f9yrGJSSi430DCkJUE9bceHaUF6jv9/c
pIrwB0sCAwEAAaOCAzcwggMzMA8GA1UdEwEB/wQFMAMBAf8wTwYIKwYBBQUHAQEE
QzBBMD8GCCsGAQUFBzAChjNodHRwOi8vaHR0cC5mcGtpLmdvdi9mY3BjYS9jYUNl
cnRzSXNzdWVkVG9mY3BjYS5wN2MwgY0GA1UdIQSBhTCBgjAYBgpghkgBZQMCAQMG
BgpghkgBZQMCAQMDMBgGCmCGSAFlAwIBAwcGCmCGSAFlAwIBAwwwGAYKYIZIAWUD
AgEDCAYKYIZIAWUDAgEDJTAYBgpghkgBZQMCAQMQBgpghkgBZQMCAQMEMBgGCmCG
SAFlAwIBAyQGCmCGSAFlAwIBAyYwggFBBgNVHSAEggE4MIIBNDAMBgpghkgBZQMC
AQMBMAwGCmCGSAFlAwIBAwIwDAYKYIZIAWUDAgEDAzAMBgpghkgBZQMCAQMMMAwG
CmCGSAFlAwIBAw4wDAYKYIZIAWUDAgEDDzAMBgpghkgBZQMCAQMlMAwGCmCGSAFl
AwIBAyYwDAYKYIZIAWUDAgEDBDAMBgpghkgBZQMCAQMSMAwGCmCGSAFlAwIBAxMw
DAYKYIZIAWUDAgEDFDAMBgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZI
AWUDAgEDCDAMBgpghkgBZQMCAQMkMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgED
EDAMBgpghkgBZQMCAQMRMAwGCmCGSAFlAwIBAygwDAYKYIZIAWUDAgEDKTAMBgpg
hkgBZQMCAQMnMFMGCCsGAQUFBwELBEcwRTBDBggrBgEFBQcwBYY3aHR0cDovL2h0
dHAuZnBraS5nb3YvYnJpZGdlL2NhQ2VydHNJc3N1ZWRCeWZiY2EyMDEzLnA3YzAP
BgNVHSQBAf8EBTADgQECMA0GA1UdNgEB/wQDAgEAMA4GA1UdDwEB/wQEAwIBBjAf
BgNVHSMEGDAWgBStDHp1XOXzmMR5mA6sKP2X9OcC/DA1BgNVHR8ELjAsMCqgKKAm
hiRodHRwOi8vaHR0cC5mcGtpLmdvdi9mY3BjYS9mY3BjYS5jcmwwHQYDVR0OBBYE
FLvOdHGDNE5ZMkUVX0BgYNwrsLTkMA0GCSqGSIb3DQEBCwUAA4IBAQDAHm0n8HlH
UkaEyIhdLpymdv38+YXSeTwGIfvM/Sc5vKMakWRXqF6AcbBDZp0q+BFHugx+WF+3
UY8jud0T7xjyifRRN1mBSsRwrUfsixpTcecvSWbG74QbLPNDXTwRe0EgW45actUB
hPYy9QHxOsh+j/T60MV41r+jhBwYZshNvDP9303OeLJSG0aIcmdNbXJbu+FXLc8+
Ck0HN3CUsiO72tW+b4dS9ldTqGszO2DZsIQOsEpZT2ust0yVvjex0zmDyLON69w4
Zc8WM2aucpKPDWjk0l1yczAIpUx0Wtwfm0txYJzTXlC/Lm3Oslvmxu3JfIsB0dux
zaehYm7UZ14x
-----END CERTIFICATE-----
`

// HexHashFederalBridgeCA2013SignedByCommonPolicyCASerial11424 is the hex
// SHA256 fingerprint of
// FederalBridgeCA2013SignedByCommonPolicyCASerial11424.
const HexHashFederalBridgeCA2013SignedByCommonPolicyCASerial11424 = "8ed99089806b1005d6a6417c50f182325b670b9d87b17f3fd7aefc360a300e91"

// PEMFederalBridgeCA2013SignedByIdenTrust is the certificate for the Federal
// Bridge CA 2013 signed by IdenTrust ACES CA 1.
const PEMFederalBridgeCA2013SignedByIdenTrust = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:00:00:01:00:00:01:4a:f3:fc:79:ab:00:00:00:02
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=IdenTrust, OU=IdenTrust Public Sector, CN=IdenTrust ACES CA 1
        Validity
            Not Before: Jan 16 18:23:37 2015 GMT
            Not After : Jan 14 18:23:37 2018 GMT
        Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA 2013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:9c:e8:17:25:c2:59:ef:34:a5:c5:44:3b:00:35:
                    ec:31:40:a5:7a:02:d2:3e:19:14:9b:25:89:cd:4a:
                    8c:3b:e6:5e:6a:da:1c:6b:dd:0c:03:2a:45:84:29:
                    9d:4f:2e:ff:b0:a0:6c:02:c6:5a:a7:78:67:a5:77:
                    bb:c6:98:f8:b1:7e:e2:94:bb:fa:11:4f:63:38:1c:
                    1e:7c:08:0c:9e:f6:2a:15:63:22:62:14:12:e7:9f:
                    d4:ea:50:2e:d4:7e:3e:64:25:e4:2e:1c:1b:b8:ed:
                    5f:65:b4:f3:00:15:4f:0d:24:92:2c:71:50:22:3c:
                    eb:11:69:b3:2c:38:f3:e0:73:a1:98:26:75:a6:2d:
                    56:a9:05:af:9b:c9:38:8c:66:c0:c8:08:3b:43:3c:
                    83:dd:2a:52:ab:08:21:7e:cd:4f:ef:45:69:70:0c:
                    7c:b5:fe:1b:51:4e:09:28:2c:07:2b:4a:79:8c:41:
                    45:c4:53:0b:cd:e5:d4:a6:bb:93:33:d8:37:96:c3:
                    b0:2b:5b:c5:c5:e6:49:5c:41:5b:75:a3:02:db:15:
                    9e:73:d0:a6:cc:e4:c8:9a:1a:c7:01:07:93:b0:df:
                    eb:b8:fd:7f:dc:ab:18:94:92:8b:8d:f4:0c:29:09:
                    50:4f:5b:71:e1:da:50:5e:a3:bf:df:dc:a4:8a:f0:
                    07:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Inhibit Any Policy: critical
                0
            X509v3 Policy Mappings:
                2.16.840.1.101.3.2.1.1.2:2.16.840.1.101.3.2.1.3.2, 2.16.840.1.101.3.2.1.1.3:2.16.840.1.101.3.2.1.3.3, 2.16.840.1.101.3.2.1.1.5:2.16.840.1.101.3.2.1.3.3, 2.16.840.1.101.3.2.1.1.6:2.16.840.1.101.3.2.1.3.3, 2.16.840.1.101.3.2.1.1.7:2.16.840.1.101.3.2.1.3.3
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.3.2.1.1.2
                Policy: 2.16.840.1.101.3.2.1.1.3
                Policy: 2.16.840.1.101.3.2.1.1.5
                Policy: 2.16.840.1.101.3.2.1.1.6
                Policy: 2.16.840.1.101.3.2.1.1.7

            X509v3 Subject Key Identifier:
                BB:CE:74:71:83:34:4E:59:32:45:15:5F:40:60:60:DC:2B:B0:B4:E4
            X509v3 CRL Distribution Points:
                URI:http://crl.identrust.com/acespublicsector1.crl

            Subject Information Access:
                CA Repository - URI:http://http.fpki.gov/bridge/caCertsIssuedByfbca2013.p7c

            Authority Information Access:
                CA Issuers - URI:http://apps.identrust.com/roots/acespublicsector1.p7c
                OCSP - URI:https://aces.ocsp.identrust.com

            X509v3 Authority Key Identifier:
                keyid:E6:33:09:63:89:B5:66:1A:4F:D5:B3:CC:0F:AB:FB:B5:0C:C7:F3:47

    Signature Algorithm: sha256WithRSAEncryption
        6c:c3:71:b3:ed:4e:73:c3:b7:16:83:05:81:bb:17:bb:eb:34:
        a3:af:a2:f3:18:8d:3e:65:5b:3c:44:ec:a2:c5:58:ed:1b:6d:
        e9:38:4d:d9:30:b8:bb:57:73:df:3f:64:3c:be:b4:8d:7b:9d:
        13:c7:93:85:b9:86:c2:82:ff:7a:e5:03:12:f0:9a:84:31:06:
        b9:4a:5c:8e:e9:3e:42:d7:35:d0:17:9e:d2:8b:89:bc:cd:84:
        d4:73:e0:ed:0c:b9:c9:1c:9e:56:05:79:af:f2:8e:a1:f5:a0:
        9e:b0:02:75:80:6a:ac:ac:97:9c:5c:76:af:f0:3f:ab:1f:6f:
        7d:cb:ea:78:b3:42:91:8e:19:5e:e0:f8:2d:20:2e:66:3f:7f:
        80:b7:44:88:ab:3a:29:c3:59:c7:5b:d2:9a:18:e3:33:2f:39:
        47:41:db:d3:c7:4e:12:b3:4b:2b:ef:58:c1:d4:3d:11:f1:7b:
        e5:5f:8b:43:c6:92:34:78:1e:f8:42:fe:75:cb:52:89:41:34:
        e0:73:80:12:90:2c:94:2a:26:3e:44:36:72:26:73:c0:5c:c0:
        88:d0:5f:1f:04:de:3f:9a:66:03:56:b3:d8:73:fd:5a:45:19:
        de:99:6b:66:96:43:f3:4a:4a:66:30:32:21:c5:66:45:17:0d:
        ce:5b:7c:63
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgIQfwAAAQAAAUrz/HmrAAAAAjANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSAwHgYDVQQLExdJZGVu
VHJ1c3QgUHVibGljIFNlY3RvcjEcMBoGA1UEAxMTSWRlblRydXN0IEFDRVMgQ0Eg
MTAeFw0xNTAxMTYxODIzMzdaFw0xODAxMTQxODIzMzdaMFcxCzAJBgNVBAYTAlVT
MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDTALBgNVBAsTBEZQS0kxHzAdBgNV
BAMTFkZlZGVyYWwgQnJpZGdlIENBIDIwMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCc6BclwlnvNKXFRDsANewxQKV6AtI+GRSbJYnNSow75l5q2hxr
3QwDKkWEKZ1PLv+woGwCxlqneGeld7vGmPixfuKUu/oRT2M4HB58CAye9ioVYyJi
FBLnn9TqUC7Ufj5kJeQuHBu47V9ltPMAFU8NJJIscVAiPOsRabMsOPPgc6GYJnWm
LVapBa+byTiMZsDICDtDPIPdKlKrCCF+zU/vRWlwDHy1/htRTgkoLAcrSnmMQUXE
UwvN5dSmu5Mz2DeWw7ArW8XF5klcQVt1owLbFZ5z0KbM5MiaGscBB5Ow3+u4/X/c
qxiUkouN9AwpCVBPW3Hh2lBeo7/f3KSK8AdLAgMBAAGjggJrMIICZzAOBgNVHQ8B
Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgNVHTYBAf8EAwIBADCBjQYDVR0h
BIGFMIGCMBgGCmCGSAFlAwIBAQIGCmCGSAFlAwIBAwIwGAYKYIZIAWUDAgEBAwYK
YIZIAWUDAgEDAzAYBgpghkgBZQMCAQEFBgpghkgBZQMCAQMDMBgGCmCGSAFlAwIB
AQYGCmCGSAFlAwIBAwMwGAYKYIZIAWUDAgEBBwYKYIZIAWUDAgEDAzBPBgNVHSAE
SDBGMAwGCmCGSAFlAwIBAQIwDAYKYIZIAWUDAgEBAzAMBgpghkgBZQMCAQEFMAwG
CmCGSAFlAwIBAQYwDAYKYIZIAWUDAgEBBzAdBgNVHQ4EFgQUu850cYM0TlkyRRVf
QGBg3CuwtOQwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NybC5pZGVudHJ1c3Qu
Y29tL2FjZXNwdWJsaWNzZWN0b3IxLmNybDBTBggrBgEFBQcBCwRHMEUwQwYIKwYB
BQUHMAWGN2h0dHA6Ly9odHRwLmZwa2kuZ292L2JyaWRnZS9jYUNlcnRzSXNzdWVk
QnlmYmNhMjAxMy5wN2MwfgYIKwYBBQUHAQEEcjBwMEEGCCsGAQUFBzAChjVodHRw
Oi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2FjZXNwdWJsaWNzZWN0b3IxLnA3
YzArBggrBgEFBQcwAYYfaHR0cHM6Ly9hY2VzLm9jc3AuaWRlbnRydXN0LmNvbTAf
BgNVHSMEGDAWgBTmMwljibVmGk/Vs8wPq/u1DMfzRzANBgkqhkiG9w0BAQsFAAOC
AQEAbMNxs+1Oc8O3FoMFgbsXu+s0o6+i8xiNPmVbPETsosVY7Rtt6ThN2TC4u1dz
3z9kPL60jXudE8eThbmGwoL/euUDEvCahDEGuUpcjuk+Qtc10Bee0ouJvM2E1HPg
7Qy5yRyeVgV5r/KOofWgnrACdYBqrKyXnFx2r/A/qx9vfcvqeLNCkY4ZXuD4LSAu
Zj9/gLdEiKs6KcNZx1vSmhjjMy85R0Hb08dOErNLK+9YwdQ9EfF75V+LQ8aSNHge
+EL+dctSiUE04HOAEpAslComPkQ2ciZzwFzAiNBfHwTeP5pmA1az2HP9WkUZ3plr
ZpZD80pKZjAyIcVmRRcNzlt8Yw==
-----END CERTIFICATE-----
`

// HexHashFederalBridgeCA2013SignedByIdenTrust is the hex SHA256 fingerprint
// ofFederalBridgeCA2013SignedByIdenTrust.
const HexHashFederalBridgeCA2013SignedByIdenTrust = "a2d96559f2237d3962a5d879e0327f9610097f83fe3e6f4e8d9fa567e88efca4"

// PEMFederalBridgeCA2013SignedByDoDInteropCA2 is the certificate for the
// Federal Bridge CA 2013 signed by the DoD Interoperability Root CA 2.
const PEMFederalBridgeCA2013SignedByDoDInteropCA2 = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 302 (0x12e)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Interoperability Root CA 2
        Validity
            Not Before: Apr 16 13:41:32 2014 GMT
            Not After : Apr 16 13:41:32 2017 GMT
        Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA 2013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:9c:e8:17:25:c2:59:ef:34:a5:c5:44:3b:00:35:
                    ec:31:40:a5:7a:02:d2:3e:19:14:9b:25:89:cd:4a:
                    8c:3b:e6:5e:6a:da:1c:6b:dd:0c:03:2a:45:84:29:
                    9d:4f:2e:ff:b0:a0:6c:02:c6:5a:a7:78:67:a5:77:
                    bb:c6:98:f8:b1:7e:e2:94:bb:fa:11:4f:63:38:1c:
                    1e:7c:08:0c:9e:f6:2a:15:63:22:62:14:12:e7:9f:
                    d4:ea:50:2e:d4:7e:3e:64:25:e4:2e:1c:1b:b8:ed:
                    5f:65:b4:f3:00:15:4f:0d:24:92:2c:71:50:22:3c:
                    eb:11:69:b3:2c:38:f3:e0:73:a1:98:26:75:a6:2d:
                    56:a9:05:af:9b:c9:38:8c:66:c0:c8:08:3b:43:3c:
                    83:dd:2a:52:ab:08:21:7e:cd:4f:ef:45:69:70:0c:
                    7c:b5:fe:1b:51:4e:09:28:2c:07:2b:4a:79:8c:41:
                    45:c4:53:0b:cd:e5:d4:a6:bb:93:33:d8:37:96:c3:
                    b0:2b:5b:c5:c5:e6:49:5c:41:5b:75:a3:02:db:15:
                    9e:73:d0:a6:cc:e4:c8:9a:1a:c7:01:07:93:b0:df:
                    eb:b8:fd:7f:dc:ab:18:94:92:8b:8d:f4:0c:29:09:
                    50:4f:5b:71:e1:da:50:5e:a3:bf:df:dc:a4:8a:f0:
                    07:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:FF:F8:AE:13:8B:92:2B:79:92:41:A3:76:5C:2C:81:9E:9A:C5:9C:78

            X509v3 Subject Key Identifier:
                BB:CE:74:71:83:34:4E:59:32:45:15:5F:40:60:60:DC:2B:B0:B4:E4
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.2.1.11.36
                Policy: 2.16.840.1.101.2.1.11.42
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.17
                Policy: 2.16.840.1.101.3.2.1.3.39
                Policy: 2.16.840.1.101.3.2.1.3.18
                Policy: 2.16.840.1.101.3.2.1.3.19
                Policy: 2.16.840.1.101.3.2.1.3.20

            X509v3 Policy Mappings:
                2.16.840.1.101.2.1.11.36:2.16.840.1.101.3.2.1.3.38, 2.16.840.1.101.2.1.11.42:2.16.840.1.101.3.2.1.3.12, 2.16.840.1.101.2.1.11.42:2.16.840.1.101.3.2.1.3.4
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Name Constraints: critical
                Excluded:
                  DirName: C = US, O = U.S. Government, OU = DoD

            X509v3 Policy Constraints: critical
                Require Explicit Policy:0
            X509v3 CRL Distribution Points:
                URI:http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA2.crl

            Authority Information Access:
                CA Issuers - URI:http://crl.disa.mil/issuedto/DODINTEROPERABILITYROOTCA2_IT.p7c

            Subject Information Access:
                CA Repository - URI:http://http.fpki.gov/bridge/caCertsIssuedByfbca2013.p7c

    Signature Algorithm: sha256WithRSAEncryption
        68:6d:52:24:9d:4c:98:71:ca:aa:3c:72:42:69:76:db:93:11:
        28:6c:12:7c:93:cb:89:28:c4:b0:b9:a6:8d:58:8f:16:e2:aa:
        82:a3:d7:cb:55:cf:b7:b8:5a:c6:01:3e:39:e8:19:4e:e5:ce:
        fc:a6:29:a8:f7:72:c0:9c:48:32:a2:dd:d0:e2:c8:a3:ac:1e:
        65:f8:66:79:68:55:ab:7a:02:42:d5:88:57:87:05:a5:60:0c:
        05:d7:0d:ce:eb:e3:25:cf:19:8b:a0:19:ba:48:04:41:14:21:
        c1:c8:f7:16:de:1b:c5:45:c6:e5:26:a2:e2:5e:2d:13:35:2f:
        2a:99:37:8d:7f:0f:dc:ba:97:61:92:af:51:2e:a9:be:de:bd:
        82:1a:c3:f6:27:53:b5:f5:52:8b:70:39:2d:c8:1e:80:36:db:
        49:d2:c8:0b:f9:8b:f4:02:8e:1b:bc:00:88:e5:db:db:2d:59:
        17:b4:8f:b0:0b:10:c7:f8:c7:ed:e2:01:1b:a4:50:69:23:5f:
        6e:94:79:81:1c:28:27:dd:f3:a9:b5:dd:62:c1:80:fe:e9:12:
        31:28:d9:66:47:f5:9a:46:7c:ad:b0:c1:8c:15:9f:b6:51:b5:
        17:34:41:f0:2d:28:0e:a8:94:ca:a2:83:42:2a:d8:dc:b0:fd:
        59:80:09:7d
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgICAS4wDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
EwNQS0kxJzAlBgNVBAMTHkRvRCBJbnRlcm9wZXJhYmlsaXR5IFJvb3QgQ0EgMjAe
Fw0xNDA0MTYxMzQxMzJaFw0xNzA0MTYxMzQxMzJaMFcxCzAJBgNVBAYTAlVTMRgw
FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDTALBgNVBAsTBEZQS0kxHzAdBgNVBAMT
FkZlZGVyYWwgQnJpZGdlIENBIDIwMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCc6BclwlnvNKXFRDsANewxQKV6AtI+GRSbJYnNSow75l5q2hxr3QwD
KkWEKZ1PLv+woGwCxlqneGeld7vGmPixfuKUu/oRT2M4HB58CAye9ioVYyJiFBLn
n9TqUC7Ufj5kJeQuHBu47V9ltPMAFU8NJJIscVAiPOsRabMsOPPgc6GYJnWmLVap
Ba+byTiMZsDICDtDPIPdKlKrCCF+zU/vRWlwDHy1/htRTgkoLAcrSnmMQUXEUwvN
5dSmu5Mz2DeWw7ArW8XF5klcQVt1owLbFZ5z0KbM5MiaGscBB5Ow3+u4/X/cqxiU
kouN9AwpCVBPW3Hh2lBeo7/f3KSK8AdLAgMBAAGjggKKMIIChjAfBgNVHSMEGDAW
gBT/+K4Ti5IreZJBo3ZcLIGemsWceDAdBgNVHQ4EFgQUu850cYM0TlkyRRVfQGBg
3CuwtOQwDgYDVR0PAQH/BAQDAgEGMHcGA1UdIARwMG4wCwYJYIZIAWUCAQskMAsG
CWCGSAFlAgELKjAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUD
AgEDJzAMBgpghkgBZQMCAQMSMAwGCmCGSAFlAwIBAxMwDAYKYIZIAWUDAgEDFDBU
BgNVHSEETTBLMBcGCWCGSAFlAgELJAYKYIZIAWUDAgEDJjAXBglghkgBZQIBCyoG
CmCGSAFlAwIBAwwwFwYJYIZIAWUCAQsqBgpghkgBZQMCAQMEMA8GA1UdEwEB/wQF
MAMBAf8wSQYDVR0eAQH/BD8wPaE7MDmkNzA1MQswCQYDVQQGEwJVUzEYMBYGA1UE
ChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QwDwYDVR0kAQH/BAUwA4AB
ADBHBgNVHR8EQDA+MDygOqA4hjZodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RJ
TlRFUk9QRVJBQklMSVRZUk9PVENBMi5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsG
AQUFBzAChj5odHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRElOVEVST1BF
UkFCSUxJVFlST09UQ0EyX0lULnA3YzBTBggrBgEFBQcBCwRHMEUwQwYIKwYBBQUH
MAWGN2h0dHA6Ly9odHRwLmZwa2kuZ292L2JyaWRnZS9jYUNlcnRzSXNzdWVkQnlm
YmNhMjAxMy5wN2MwDQYJKoZIhvcNAQELBQADggEBAGhtUiSdTJhxyqo8ckJpdtuT
EShsEnyTy4koxLC5po1YjxbiqoKj18tVz7e4WsYBPjnoGU7lzvymKaj3csCcSDKi
3dDiyKOsHmX4ZnloVat6AkLViFeHBaVgDAXXDc7r4yXPGYugGbpIBEEUIcHI9xbe
G8VFxuUmouJeLRM1LyqZN41/D9y6l2GSr1Euqb7evYIaw/YnU7X1UotwOS3IHoA2
20nSyAv5i/QCjhu8AIjl29stWRe0j7ALEMf4x+3iARukUGkjX26UeYEcKCfd86m1
3WLBgP7pEjEo2WZH9ZpGfK2wwYwVn7ZRtRc0QfAtKA6olMqig0Iq2Nyw/VmACX0=
-----END CERTIFICATE-----
`

// HexHashFederalBridgeCA2013SignedByDoDInteropCA2 is the hex SHA256
// fingerprint ofFederalBridgeCA2013SignedByDoDInteropCA2.
const HexHashFederalBridgeCA2013SignedByDoDInteropCA2 = "d19ee1728a2fbe37342f3b993d6c3f771516dbba190823ab059b2da0b3e44617"

// PEMFederalBridgeCA2016SignedByDodInteropCA2 is the certificate for the
// Federal Bridge CA 2016 signed by the Dod Interoperability Root CA 2.
const PEMFederalBridgeCA2016SignedByDodInteropCA2 = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1061 (0x425)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Interoperability Root CA 2
        Validity
            Not Before: May  9 13:14:15 2017 GMT
            Not After : May  9 13:14:15 2020 GMT
        Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA 2016
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:be:9d:35:79:6f:25:b5:f4:90:83:6e:13:bf:53:
                    50:ca:cd:1c:96:d4:1c:6b:81:f2:8a:9b:0f:46:a7:
                    df:b7:ef:ff:ed:44:59:ce:87:96:6f:5f:57:b1:fe:
                    33:ab:47:c7:85:97:77:3c:8a:0e:14:cd:2f:79:6a:
                    27:14:d2:78:5b:a5:a5:4b:38:3a:b8:df:f6:8b:0b:
                    da:53:11:23:59:9f:a9:62:32:90:f4:1a:4f:05:83:
                    3e:3d:cd:9b:15:7b:90:d8:8b:a1:cd:cc:b8:c0:43:
                    9f:cd:a7:8b:be:23:41:7d:29:33:df:59:7d:40:c0:
                    e3:da:73:c3:af:43:bf:96:58:4a:c2:83:b2:2a:e2:
                    21:7e:93:97:6a:f9:15:69:8c:7e:0c:68:91:3a:f0:
                    b7:2c:81:5a:0a:bd:92:86:b9:84:99:92:98:04:9f:
                    d4:c4:89:c2:91:e1:21:52:48:7e:dd:00:9f:8f:f9:
                    2d:3e:f2:e8:5e:0a:54:cc:4f:82:48:2f:0c:02:5e:
                    07:b6:32:e4:93:29:37:cc:56:77:21:76:66:1a:99:
                    f2:0b:13:e2:c3:f9:3b:e0:98:1c:9c:3f:f5:23:c8:
                    86:2f:8f:cb:e9:bf:5f:1a:e2:68:32:07:bd:bb:b6:
                    37:89:de:b8:70:fd:c8:c9:83:44:2b:18:be:86:77:
                    12:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:FF:F8:AE:13:8B:92:2B:79:92:41:A3:76:5C:2C:81:9E:9A:C5:9C:78

            X509v3 Subject Key Identifier:
                23:B0:B3:7D:16:54:D4:02:56:76:EB:3A:BE:A9:6B:2F:43:7B:28:16
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.2.1.11.36
                Policy: 2.16.840.1.101.2.1.11.42
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.17
                Policy: 2.16.840.1.101.3.2.1.3.18
                Policy: 2.16.840.1.101.3.2.1.3.19
                Policy: 2.16.840.1.101.3.2.1.3.20
                Policy: 2.16.840.1.101.3.2.1.3.39

            X509v3 Policy Mappings:
                2.16.840.1.101.2.1.11.36:2.16.840.1.101.3.2.1.3.38, 2.16.840.1.101.2.1.11.42:2.16.840.1.101.3.2.1.3.12, 2.16.840.1.101.2.1.11.42:2.16.840.1.101.3.2.1.3.4
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Name Constraints: critical
                Excluded:
                  DirName: C = US, O = U.S. Government, OU = DoD
                  DirName: C = US, O = U.S. Government, OU = ECA

            X509v3 Policy Constraints: critical
                Require Explicit Policy:0
            X509v3 CRL Distribution Points:
                URI:http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA2.crl

            Authority Information Access:
                CA Issuers - URI:http://crl.disa.mil/issuedto/DODINTEROPERABILITYROOTCA2_IT.p7c
                OCSP - URI:http://ocsp.disa.mil

            Subject Information Access:
                CA Repository - URI:http://http.fpki.gov/bridge/caCertsIssuedByfbca2016.p7c

            X509v3 Inhibit Any Policy:
                0
    Signature Algorithm: sha256WithRSAEncryption
        b7:02:a4:e4:61:66:40:58:e5:6a:bf:78:d2:02:40:b8:c6:53:
        2a:6e:16:26:46:e1:b4:75:ba:48:94:eb:b5:ec:4c:85:b0:3e:
        6f:70:26:af:10:2d:9e:a3:4a:f0:a4:ab:14:e7:7b:c2:7f:01:
        4b:f9:5d:52:18:0e:cd:9b:1d:5c:85:0d:24:54:51:60:1f:c8:
        70:2c:ff:55:5d:c4:93:d1:7a:79:a2:ea:7c:85:40:72:7a:12:
        f8:fa:d5:e3:25:44:41:6b:5a:20:48:b6:f8:59:83:ed:54:7b:
        d7:f5:97:0b:24:d8:99:20:56:78:05:65:87:0f:ab:cd:3b:87:
        00:d7:29:5e:67:71:df:79:32:46:e9:ca:87:62:75:52:0f:26:
        1c:ca:1a:0e:33:13:da:2c:32:1d:6e:fc:11:f4:19:1b:5b:ac:
        bd:9b:26:bc:6a:f3:bd:63:73:8b:f3:66:e7:6b:cb:d8:9b:ae:
        a9:d0:71:a9:ae:0a:c3:6b:ea:fb:0b:29:b1:40:ee:0c:ed:4d:
        99:08:dc:55:79:50:90:26:fb:e3:f1:d6:53:6b:1a:c7:05:15:
        df:29:33:62:55:f9:b0:db:12:ad:a9:a0:ad:a2:c7:7f:de:f9:
        53:5c:90:f5:f0:80:7f:98:a2:7d:e7:63:55:76:cb:33:49:e4:
        86:c1:cb:e9
-----BEGIN CERTIFICATE-----
MIIGNTCCBR2gAwIBAgICBCUwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQL
EwNQS0kxJzAlBgNVBAMTHkRvRCBJbnRlcm9wZXJhYmlsaXR5IFJvb3QgQ0EgMjAe
Fw0xNzA1MDkxMzE0MTVaFw0yMDA1MDkxMzE0MTVaMFcxCzAJBgNVBAYTAlVTMRgw
FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDTALBgNVBAsTBEZQS0kxHzAdBgNVBAMT
FkZlZGVyYWwgQnJpZGdlIENBIDIwMTYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC+nTV5byW19JCDbhO/U1DKzRyW1BxrgfKKmw9Gp9+37//tRFnOh5Zv
X1ex/jOrR8eFl3c8ig4UzS95aicU0nhbpaVLODq43/aLC9pTESNZn6liMpD0Gk8F
gz49zZsVe5DYi6HNzLjAQ5/Np4u+I0F9KTPfWX1AwOPac8OvQ7+WWErCg7Iq4iF+
k5dq+RVpjH4MaJE68LcsgVoKvZKGuYSZkpgEn9TEicKR4SFSSH7dAJ+P+S0+8uhe
ClTMT4JILwwCXge2MuSTKTfMVnchdmYamfILE+LD+TvgmBycP/UjyIYvj8vpv18a
4mgyB727tjeJ3rhw/cjJg0QrGL6GdxI5AgMBAAGjggL0MIIC8DAfBgNVHSMEGDAW
gBT/+K4Ti5IreZJBo3ZcLIGemsWceDAdBgNVHQ4EFgQUI7CzfRZU1AJWdus6vqlr
L0N7KBYwDgYDVR0PAQH/BAQDAgEGMHcGA1UdIARwMG4wCwYJYIZIAWUCAQskMAsG
CWCGSAFlAgELKjAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUD
AgEDEjAMBgpghkgBZQMCAQMTMAwGCmCGSAFlAwIBAxQwDAYKYIZIAWUDAgEDJzBU
BgNVHSEETTBLMBcGCWCGSAFlAgELJAYKYIZIAWUDAgEDJjAXBglghkgBZQIBCyoG
CmCGSAFlAwIBAwwwFwYJYIZIAWUCAQsqBgpghkgBZQMCAQMEMA8GA1UdEwEB/wQF
MAMBAf8wgYQGA1UdHgEB/wR6MHihdjA5pDcwNTELMAkGA1UEBhMCVVMxGDAWBgNV
BAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMDmkNzA1MQswCQYDVQQG
EwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNFQ0EwDwYD
VR0kAQH/BAUwA4ABADBHBgNVHR8EQDA+MDygOqA4hjZodHRwOi8vY3JsLmRpc2Eu
bWlsL2NybC9ET0RJTlRFUk9QRVJBQklMSVRZUk9PVENBMi5jcmwwfAYIKwYBBQUH
AQEEcDBuMEoGCCsGAQUFBzAChj5odHRwOi8vY3JsLmRpc2EubWlsL2lzc3VlZHRv
L0RPRElOVEVST1BFUkFCSUxJVFlST09UQ0EyX0lULnA3YzAgBggrBgEFBQcwAYYU
aHR0cDovL29jc3AuZGlzYS5taWwwUwYIKwYBBQUHAQsERzBFMEMGCCsGAQUFBzAF
hjdodHRwOi8vaHR0cC5mcGtpLmdvdi9icmlkZ2UvY2FDZXJ0c0lzc3VlZEJ5ZmJj
YTIwMTYucDdjMAoGA1UdNgQDAgEAMA0GCSqGSIb3DQEBCwUAA4IBAQC3AqTkYWZA
WOVqv3jSAkC4xlMqbhYmRuG0dbpIlOu17EyFsD5vcCavEC2eo0rwpKsU53vCfwFL
+V1SGA7Nmx1chQ0kVFFgH8hwLP9VXcST0Xp5oup8hUByehL4+tXjJURBa1ogSLb4
WYPtVHvX9ZcLJNiZIFZ4BWWHD6vNO4cA1yleZ3HfeTJG6cqHYnVSDyYcyhoOMxPa
LDIdbvwR9BkbW6y9mya8avO9Y3OL82bna8vYm66p0HGprgrDa+r7CymxQO4M7U2Z
CNxVeVCQJvvj8dZTaxrHBRXfKTNiVfmw2xKtqaCtosd/3vlTXJD18IB/mKJ952NV
dsszSeSGwcvp
-----END CERTIFICATE-----
`

// HexHashFederalBridgeCA2016SignedByDodInteropCA2 is the hex SHA256
// fingerprint ofFederalBridgeCA2016SignedByDodInteropCA2.
const HexHashFederalBridgeCA2016SignedByDodInteropCA2 = "bf6cbf5649bc6eacf8cc906ecb6b23c190bd926e49cafeb23c3ecf4dc5906bbb"

// PEMFederalBridgeCA2016SignedByFederalCommonPolicyCA is the certificate for
// the Federal Bridge CA 2016 signed by the Federal Common Policy CA.
const PEMFederalBridgeCA2016SignedByFederalCommonPolicyCA = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 16194 (0x3f42)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
        Validity
            Not Before: Nov  8 18:20:38 2016 GMT
            Not After : Nov  8 18:20:38 2019 GMT
        Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA 2016
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:be:9d:35:79:6f:25:b5:f4:90:83:6e:13:bf:53:
                    50:ca:cd:1c:96:d4:1c:6b:81:f2:8a:9b:0f:46:a7:
                    df:b7:ef:ff:ed:44:59:ce:87:96:6f:5f:57:b1:fe:
                    33:ab:47:c7:85:97:77:3c:8a:0e:14:cd:2f:79:6a:
                    27:14:d2:78:5b:a5:a5:4b:38:3a:b8:df:f6:8b:0b:
                    da:53:11:23:59:9f:a9:62:32:90:f4:1a:4f:05:83:
                    3e:3d:cd:9b:15:7b:90:d8:8b:a1:cd:cc:b8:c0:43:
                    9f:cd:a7:8b:be:23:41:7d:29:33:df:59:7d:40:c0:
                    e3:da:73:c3:af:43:bf:96:58:4a:c2:83:b2:2a:e2:
                    21:7e:93:97:6a:f9:15:69:8c:7e:0c:68:91:3a:f0:
                    b7:2c:81:5a:0a:bd:92:86:b9:84:99:92:98:04:9f:
                    d4:c4:89:c2:91:e1:21:52:48:7e:dd:00:9f:8f:f9:
                    2d:3e:f2:e8:5e:0a:54:cc:4f:82:48:2f:0c:02:5e:
                    07:b6:32:e4:93:29:37:cc:56:77:21:76:66:1a:99:
                    f2:0b:13:e2:c3:f9:3b:e0:98:1c:9c:3f:f5:23:c8:
                    86:2f:8f:cb:e9:bf:5f:1a:e2:68:32:07:bd:bb:b6:
                    37:89:de:b8:70:fd:c8:c9:83:44:2b:18:be:86:77:
                    12:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.3.2.1.3.6
                Policy: 2.16.840.1.101.3.2.1.3.7
                Policy: 2.16.840.1.101.3.2.1.3.8
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.16
                Policy: 2.16.840.1.101.3.2.1.3.1
                Policy: 2.16.840.1.101.3.2.1.3.2
                Policy: 2.16.840.1.101.3.2.1.3.14
                Policy: 2.16.840.1.101.3.2.1.3.15
                Policy: 2.16.840.1.101.3.2.1.3.17
                Policy: 2.16.840.1.101.3.2.1.3.18
                Policy: 2.16.840.1.101.3.2.1.3.19
                Policy: 2.16.840.1.101.3.2.1.3.20
                Policy: 2.16.840.1.101.3.2.1.3.36
                Policy: 2.16.840.1.101.3.2.1.3.3
                Policy: 2.16.840.1.101.3.2.1.3.4
                Policy: 2.16.840.1.101.3.2.1.3.12
                Policy: 2.16.840.1.101.3.2.1.3.37
                Policy: 2.16.840.1.101.3.2.1.3.38
                Policy: 2.16.840.1.101.3.2.1.3.39
                Policy: 2.16.840.1.101.3.2.1.3.40
                Policy: 2.16.840.1.101.3.2.1.3.41

            Authority Information Access:
                CA Issuers - URI:http://http.fpki.gov/fcpca/caCertsIssuedTofcpca.p7c

            X509v3 Policy Mappings:
                2.16.840.1.101.3.2.1.3.6:2.16.840.1.101.3.2.1.3.3, 2.16.840.1.101.3.2.1.3.16:2.16.840.1.101.3.2.1.3.4, 2.16.840.1.101.3.2.1.3.7:2.16.840.1.101.3.2.1.3.12, 2.16.840.1.101.3.2.1.3.8:2.16.840.1.101.3.2.1.3.37, 2.16.840.1.101.3.2.1.3.36:2.16.840.1.101.3.2.1.3.38
            Subject Information Access:
                CA Repository - URI:http://http.fpki.gov/bridge/caCertsIssuedByfbca2016.p7c

            X509v3 Policy Constraints: critical
                Inhibit Policy Mapping:2
            X509v3 Inhibit Any Policy: critical
                0
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:AD:0C:7A:75:5C:E5:F3:98:C4:79:98:0E:AC:28:FD:97:F4:E7:02:FC

            X509v3 CRL Distribution Points:
                URI:http://http.fpki.gov/fcpca/fcpca.crl

            X509v3 Subject Key Identifier:
                23:B0:B3:7D:16:54:D4:02:56:76:EB:3A:BE:A9:6B:2F:43:7B:28:16
    Signature Algorithm: sha256WithRSAEncryption
        23:ad:f1:65:e7:65:6a:bc:ec:f3:f2:ef:cf:6a:d1:42:8e:42:
        41:0d:ad:f7:c1:47:95:2f:bc:34:ce:ee:fe:97:a4:ec:30:94:
        99:6c:fb:0f:65:7e:ee:a5:80:10:29:fd:a9:49:68:f5:b2:d7:
        5b:be:97:bb:40:b9:71:18:fd:9b:8c:6f:99:5c:25:e2:04:95:
        15:db:e2:89:1d:1d:61:15:0c:75:36:9c:ca:7d:78:bf:b2:a9:
        68:2e:b5:01:81:a3:87:12:03:4a:49:7e:18:9c:9a:28:8f:7d:
        d5:68:4c:9f:84:48:a4:ef:2f:df:5c:97:8f:1e:8e:99:fe:86:
        09:2c:9c:55:e9:c6:a0:1e:6a:f0:90:33:07:c7:cb:a3:bd:dc:
        81:0f:3a:2e:6b:6f:41:20:e1:f4:46:f7:d9:04:3e:70:4f:c5:
        26:ae:78:3e:da:28:83:72:84:d3:fe:28:2b:b3:73:1d:12:2a:
        81:ee:0d:dc:4e:a1:6b:24:9d:fa:33:46:47:5a:8c:0e:ae:69:
        f6:1e:52:c8:f9:7d:e2:94:2f:ba:5a:80:79:0e:b7:5b:62:02:
        56:b9:31:c6:b8:6d:f7:b2:14:30:af:78:8a:e7:b8:d3:72:0a:
        b1:10:9c:80:b7:1e:f6:ea:3d:08:f8:a5:ba:58:bf:ab:f6:fe:
        da:ca:43:68
-----BEGIN CERTIFICATE-----
MIIGZTCCBU2gAwIBAgICP0IwDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEhMB8GA1UE
AxMYRmVkZXJhbCBDb21tb24gUG9saWN5IENBMB4XDTE2MTEwODE4MjAzOFoXDTE5
MTEwODE4MjAzOFowVzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu
bWVudDENMAsGA1UECxMERlBLSTEfMB0GA1UEAxMWRmVkZXJhbCBCcmlkZ2UgQ0Eg
MjAxNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6dNXlvJbX0kINu
E79TUMrNHJbUHGuB8oqbD0an37fv/+1EWc6Hlm9fV7H+M6tHx4WXdzyKDhTNL3lq
JxTSeFulpUs4Orjf9osL2lMRI1mfqWIykPQaTwWDPj3NmxV7kNiLoc3MuMBDn82n
i74jQX0pM99ZfUDA49pzw69Dv5ZYSsKDsiriIX6Tl2r5FWmMfgxokTrwtyyBWgq9
koa5hJmSmASf1MSJwpHhIVJIft0An4/5LT7y6F4KVMxPgkgvDAJeB7Yy5JMpN8xW
dyF2ZhqZ8gsT4sP5O+CYHJw/9SPIhi+Py+m/XxriaDIHvbu2N4neuHD9yMmDRCsY
voZ3EjkCAwEAAaOCAzcwggMzMA8GA1UdEwEB/wQFMAMBAf8wggFBBgNVHSAEggE4
MIIBNDAMBgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZIAWUDAgEDCDAM
BgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxAwDAYKYIZIAWUDAgEDATAMBgpghkgB
ZQMCAQMCMAwGCmCGSAFlAwIBAw4wDAYKYIZIAWUDAgEDDzAMBgpghkgBZQMCAQMR
MAwGCmCGSAFlAwIBAxIwDAYKYIZIAWUDAgEDEzAMBgpghkgBZQMCAQMUMAwGCmCG
SAFlAwIBAyQwDAYKYIZIAWUDAgEDAzAMBgpghkgBZQMCAQMEMAwGCmCGSAFlAwIB
AwwwDAYKYIZIAWUDAgEDJTAMBgpghkgBZQMCAQMmMAwGCmCGSAFlAwIBAycwDAYK
YIZIAWUDAgEDKDAMBgpghkgBZQMCAQMpME8GCCsGAQUFBwEBBEMwQTA/BggrBgEF
BQcwAoYzaHR0cDovL2h0dHAuZnBraS5nb3YvZmNwY2EvY2FDZXJ0c0lzc3VlZFRv
ZmNwY2EucDdjMIGNBgNVHSEEgYUwgYIwGAYKYIZIAWUDAgEDBgYKYIZIAWUDAgED
AzAYBgpghkgBZQMCAQMQBgpghkgBZQMCAQMEMBgGCmCGSAFlAwIBAwcGCmCGSAFl
AwIBAwwwGAYKYIZIAWUDAgEDCAYKYIZIAWUDAgEDJTAYBgpghkgBZQMCAQMkBgpg
hkgBZQMCAQMmMFMGCCsGAQUFBwELBEcwRTBDBggrBgEFBQcwBYY3aHR0cDovL2h0
dHAuZnBraS5nb3YvYnJpZGdlL2NhQ2VydHNJc3N1ZWRCeWZiY2EyMDE2LnA3YzAP
BgNVHSQBAf8EBTADgQECMA0GA1UdNgEB/wQDAgEAMA4GA1UdDwEB/wQEAwIBBjAf
BgNVHSMEGDAWgBStDHp1XOXzmMR5mA6sKP2X9OcC/DA1BgNVHR8ELjAsMCqgKKAm
hiRodHRwOi8vaHR0cC5mcGtpLmdvdi9mY3BjYS9mY3BjYS5jcmwwHQYDVR0OBBYE
FCOws30WVNQCVnbrOr6pay9DeygWMA0GCSqGSIb3DQEBCwUAA4IBAQAjrfFl52Vq
vOzz8u/PatFCjkJBDa33wUeVL7w0zu7+l6TsMJSZbPsPZX7upYAQKf2pSWj1stdb
vpe7QLlxGP2bjG+ZXCXiBJUV2+KJHR1hFQx1NpzKfXi/sqloLrUBgaOHEgNKSX4Y
nJooj33VaEyfhEik7y/fXJePHo6Z/oYJLJxV6cagHmrwkDMHx8ujvdyBDzoua29B
IOH0RvfZBD5wT8Umrng+2iiDcoTT/igrs3MdEiqB7g3cTqFrJJ36M0ZHWowOrmn2
HlLI+X3ilC+6WoB5DrdbYgJWuTHGuG33shQwr3iK57jTcgqxEJyAtx726j0I+KW6
WL+r9v7aykNo
-----END CERTIFICATE-----
`

// HexHashFederalBridgeCA2016SignedByFederalCommonPolicyCA is the hex SHA256
// fingerprint ofFederalBridgeCA2016SignedByFederalCommonPolicyCA.
const HexHashFederalBridgeCA2016SignedByFederalCommonPolicyCA = "039c1473089282fb36a4dbc23b1125aec83219c6e624fd169b02e08e6409c3f2"

// PEMFederalCommonPolicyCASignedBySelf is the self-signed certificate for the
// Federal Common Policy CA.
const PEMFederalCommonPolicyCASignedBySelf = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 304 (0x130)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
        Validity
            Not Before: Dec  1 16:45:27 2010 GMT
            Not After : Dec  1 16:45:27 2030 GMT
        Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:d8:75:fb:35:16:34:5a:41:bf:5a:af:5c:30:04:
                    14:1c:ad:78:44:b5:ea:26:ea:75:61:c7:cd:36:79:
                    f8:7c:d8:bd:29:51:66:59:21:e3:79:ab:d4:78:be:
                    b0:2d:b0:a1:d5:b2:35:16:23:d0:cc:1e:be:0e:e8:
                    ab:dc:c3:c9:d6:12:d7:a7:72:68:18:31:b8:17:22:
                    b2:3e:7e:ba:08:6d:c6:fd:d1:58:2c:69:a0:03:f0:
                    2a:a3:f6:3f:21:25:3d:df:b7:32:c5:8e:27:b3:23:
                    a5:e0:52:b3:5d:96:e9:b0:b8:c5:c5:9f:bb:c5:a0:
                    6e:82:40:bb:c5:27:05:36:49:d6:26:27:69:0c:34:
                    8f:cf:27:7a:2a:0a:a3:41:5f:8d:1d:03:86:83:15:
                    e0:55:c1:c5:98:2c:9e:ec:1a:72:dc:48:c1:3e:f9:
                    84:d2:84:82:c1:1b:c3:74:36:b7:b9:c7:36:32:7a:
                    f8:32:b6:d0:36:ae:22:18:31:8c:50:73:21:9e:fe:
                    83:3b:30:88:24:e3:e9:c1:7e:de:ed:98:c7:1f:92:
                    10:8a:9f:5b:62:2f:9d:a4:bc:d5:85:6f:3a:fd:c9:
                    53:a7:20:4b:aa:db:20:ab:21:4e:1d:0d:4e:e6:98:
                    85:e5:ab:11:47:5d:9d:3f:c4:23:c0:e3:14:06:6e:
                    fe:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            Subject Information Access:
                CA Repository - URI:http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c
                CA Repository - URI:ldap://ldap.fpki.gov/cn=Federal%20Common%20Policy%20CA,ou=FPKI,o=U.S.%20Government,c=US?cACertificate;binary,crossCertificatePair;binary

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier:
                AD:0C:7A:75:5C:E5:F3:98:C4:79:98:0E:AC:28:FD:97:F4:E7:02:FC
    Signature Algorithm: sha256WithRSAEncryption
        8f:73:da:e1:7f:80:b1:87:f6:ec:2c:cf:d1:84:63:1e:f6:f1:
        88:b7:9a:f2:11:b5:ef:54:ad:8a:6e:18:37:28:ef:5c:1b:e4:
        ef:50:b7:6c:26:18:23:22:4d:1d:26:47:20:e9:09:9c:e2:70:
        62:71:ab:11:cf:91:89:e8:b3:f5:2a:a0:47:c0:14:cb:4e:42:
        c1:dd:0c:0e:1b:f0:87:5b:ec:e5:77:d7:aa:e0:54:d7:45:f4:
        85:3e:ec:b4:1d:de:7c:8a:7f:5b:4d:9c:96:8a:d0:a2:32:9f:
        da:6c:31:0c:f8:a4:ef:7e:73:e8:91:dc:08:7a:70:5a:a0:af:
        62:81:59:f8:00:74:a2:c8:dd:54:ca:41:56:47:bd:e9:c0:4f:
        ed:20:dd:e3:a5:09:df:ae:28:c2:fc:d1:c8:17:d8:12:c7:6f:
        de:2e:e9:bd:9a:91:f2:3c:5a:94:2e:91:22:80:89:a1:8c:58:
        cc:83:7a:26:19:75:02:a5:0e:7d:0a:26:73:51:ea:86:cb:07:
        a8:c8:fd:63:5a:35:9b:d2:af:bf:4f:31:48:c1:84:70:db:35:
        7b:9a:19:0f:e5:8f:f4:6a:0c:6f:33:d9:eb:1c:70:a2:0d:e3:
        b9:50:03:61:02:ff:4a:ec:92:a4:dc:2d:ee:2a:34:93:07:b7:
        2c:e7:18:8f
-----BEGIN CERTIFICATE-----
MIIEYDCCA0igAwIBAgICATAwDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEhMB8GA1UE
AxMYRmVkZXJhbCBDb21tb24gUG9saWN5IENBMB4XDTEwMTIwMTE2NDUyN1oXDTMw
MTIwMTE2NDUyN1owWTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu
bWVudDENMAsGA1UECxMERlBLSTEhMB8GA1UEAxMYRmVkZXJhbCBDb21tb24gUG9s
aWN5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HX7NRY0WkG/
Wq9cMAQUHK14RLXqJup1YcfNNnn4fNi9KVFmWSHjeavUeL6wLbCh1bI1FiPQzB6+
Duir3MPJ1hLXp3JoGDG4FyKyPn66CG3G/dFYLGmgA/Aqo/Y/ISU937cyxY4nsyOl
4FKzXZbpsLjFxZ+7xaBugkC7xScFNknWJidpDDSPzyd6KgqjQV+NHQOGgxXgVcHF
mCye7Bpy3EjBPvmE0oSCwRvDdDa3ucc2Mnr4MrbQNq4iGDGMUHMhnv6DOzCIJOPp
wX7e7ZjHH5IQip9bYi+dpLzVhW86/clTpyBLqtsgqyFOHQ1O5piF5asRR12dP8Qj
wOMUBm7+nQIDAQABo4IBMDCCASwwDwYDVR0TAQH/BAUwAwEB/zCB6QYIKwYBBQUH
AQsEgdwwgdkwPwYIKwYBBQUHMAWGM2h0dHA6Ly9odHRwLmZwa2kuZ292L2ZjcGNh
L2NhQ2VydHNJc3N1ZWRCeWZjcGNhLnA3YzCBlQYIKwYBBQUHMAWGgYhsZGFwOi8v
bGRhcC5mcGtpLmdvdi9jbj1GZWRlcmFsJTIwQ29tbW9uJTIwUG9saWN5JTIwQ0Es
b3U9RlBLSSxvPVUuUy4lMjBHb3Zlcm5tZW50LGM9VVM/Y0FDZXJ0aWZpY2F0ZTti
aW5hcnksY3Jvc3NDZXJ0aWZpY2F0ZVBhaXI7YmluYXJ5MA4GA1UdDwEB/wQEAwIB
BjAdBgNVHQ4EFgQUrQx6dVzl85jEeZgOrCj9l/TnAvwwDQYJKoZIhvcNAQELBQAD
ggEBAI9z2uF/gLGH9uwsz9GEYx728Yi3mvIRte9UrYpuGDco71wb5O9Qt2wmGCMi
TR0mRyDpCZzicGJxqxHPkYnos/UqoEfAFMtOQsHdDA4b8Idb7OV316rgVNdF9IU+
7LQd3nyKf1tNnJaK0KIyn9psMQz4pO9+c+iR3Ah6cFqgr2KBWfgAdKLI3VTKQVZH
venAT+0g3eOlCd+uKML80cgX2BLHb94u6b2akfI8WpQukSKAiaGMWMyDeiYZdQKl
Dn0KJnNR6obLB6jI/WNaNZvSr79PMUjBhHDbNXuaGQ/lj/RqDG8z2esccKIN47lQ
A2EC/0rskqTcLe4qNJMHtyznGI8=
-----END CERTIFICATE-----
`

// HexHashFederalCommonPolicyCASignedBySelf is the hex SHA256 fingerprint of
// FederalCommonPolicyCASignedBySelf.
const HexHashFederalCommonPolicyCASignedBySelf = "894ebc0b23da2a50c0186b7f8f25ef1f6b2935af32a94584ef80aaf877a3a06e"

// PEMFederalCommonPolicyCASignedByFederalBridgeCA is the certificate for the
// Federal Common Policy CA signed by the Federal Bridge CA.
const PEMFederalCommonPolicyCASignedByFederalBridgeCA = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1905 (0x771)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA
        Validity
            Not Before: Dec 29 18:55:46 2011 GMT
            Not After : Dec 29 18:53:04 2014 GMT
        Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:d8:75:fb:35:16:34:5a:41:bf:5a:af:5c:30:04:
                    14:1c:ad:78:44:b5:ea:26:ea:75:61:c7:cd:36:79:
                    f8:7c:d8:bd:29:51:66:59:21:e3:79:ab:d4:78:be:
                    b0:2d:b0:a1:d5:b2:35:16:23:d0:cc:1e:be:0e:e8:
                    ab:dc:c3:c9:d6:12:d7:a7:72:68:18:31:b8:17:22:
                    b2:3e:7e:ba:08:6d:c6:fd:d1:58:2c:69:a0:03:f0:
                    2a:a3:f6:3f:21:25:3d:df:b7:32:c5:8e:27:b3:23:
                    a5:e0:52:b3:5d:96:e9:b0:b8:c5:c5:9f:bb:c5:a0:
                    6e:82:40:bb:c5:27:05:36:49:d6:26:27:69:0c:34:
                    8f:cf:27:7a:2a:0a:a3:41:5f:8d:1d:03:86:83:15:
                    e0:55:c1:c5:98:2c:9e:ec:1a:72:dc:48:c1:3e:f9:
                    84:d2:84:82:c1:1b:c3:74:36:b7:b9:c7:36:32:7a:
                    f8:32:b6:d0:36:ae:22:18:31:8c:50:73:21:9e:fe:
                    83:3b:30:88:24:e3:e9:c1:7e:de:ed:98:c7:1f:92:
                    10:8a:9f:5b:62:2f:9d:a4:bc:d5:85:6f:3a:fd:c9:
                    53:a7:20:4b:aa:db:20:ab:21:4e:1d:0d:4e:e6:98:
                    85:e5:ab:11:47:5d:9d:3f:c4:23:c0:e3:14:06:6e:
                    fe:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.3.2.1.3.2
                Policy: 2.16.840.1.101.3.2.1.3.3
                Policy: 2.16.840.1.101.3.2.1.3.12
                Policy: 2.16.840.1.101.3.2.1.3.1
                Policy: 2.16.840.1.101.3.2.1.3.14
                Policy: 2.16.840.1.101.3.2.1.3.15
                Policy: 2.16.840.1.101.3.2.1.3.37
                Policy: 2.16.840.1.101.3.2.1.3.18
                Policy: 2.16.840.1.101.3.2.1.3.20
                Policy: 2.16.840.1.101.3.2.1.3.19
                Policy: 2.16.840.1.101.3.2.1.3.4
                Policy: 2.16.840.1.101.3.2.1.3.21
                Policy: 2.16.840.1.101.3.2.1.3.22
                Policy: 2.16.840.1.101.3.2.1.3.23
                Policy: 2.16.840.1.101.3.2.1.3.24
                Policy: 2.16.840.1.101.3.2.1.3.25
                Policy: 2.16.840.1.101.3.2.1.3.26
                Policy: 2.16.840.1.101.3.2.1.3.27
                Policy: 2.16.840.1.101.3.2.1.3.17
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.38

            Authority Information Access:
                CA Issuers - URI:http://http.fpki.gov/bridge/caCertsIssuedTofbca.p7c

            X509v3 Policy Mappings:
                2.16.840.1.101.3.2.1.3.3:2.16.840.1.101.3.2.1.3.6, 2.16.840.1.101.3.2.1.3.12:2.16.840.1.101.3.2.1.3.7, 2.16.840.1.101.3.2.1.3.37:2.16.840.1.101.3.2.1.3.8, 2.16.840.1.101.3.2.1.3.4:2.16.840.1.101.3.2.1.3.16, 2.16.840.1.101.3.2.1.3.38:2.16.840.1.101.3.2.1.3.36
            Subject Information Access:
                CA Repository - URI:http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:C4:9D:FC:9D:5D:3A:5D:05:7A:BF:02:81:EC:DB:49:70:15:C7:B2:72

            X509v3 CRL Distribution Points:
                URI:http://http.fpki.gov/bridge/fbca.crl

            X509v3 Subject Key Identifier:
                AD:0C:7A:75:5C:E5:F3:98:C4:79:98:0E:AC:28:FD:97:F4:E7:02:FC
    Signature Algorithm: sha256WithRSAEncryption
        3c:fb:d6:ac:b6:07:3b:af:87:c5:6d:36:44:41:91:3e:a9:ee:
        1e:96:e9:1d:96:6d:2b:af:4f:4e:a3:5b:b4:38:e3:be:96:b4:
        d0:be:7a:38:2c:c6:7c:1a:ce:a3:90:ed:bb:25:6c:f3:68:cd:
        9c:30:ea:ed:0f:1f:12:87:e2:24:41:1d:92:e2:00:50:62:6d:
        65:13:88:4e:4b:3e:af:b3:df:f7:4f:3f:78:8f:ae:1f:9e:1d:
        76:39:aa:d7:3c:1d:9f:f3:2f:60:44:2e:1c:03:8e:bd:ab:0b:
        92:fd:02:4a:17:81:f8:4e:3a:26:a3:36:d9:cd:ad:a4:ee:4d:
        21:ec:2d:39:a1:2a:6b:79:e8:e4:2d:dc:ea:25:02:37:86:4b:
        d5:3a:45:3a:d8:03:76:46:e1:1d:44:47:74:9d:d2:c3:4d:fe:
        e7:cb:ac:80:23:b0:50:3e:bc:5a:d3:36:8e:97:ae:4d:1f:0f:
        46:0e:84:3a:29:88:27:94:65:a0:d2:b6:a7:9b:db:7f:65:0d:
        e9:e9:de:57:b5:ed:33:bf:27:10:bc:69:5c:06:db:ba:b0:0e:
        f9:e2:67:9a:80:5b:47:5c:6f:82:04:6c:b6:11:7e:cb:68:a8:
        0e:59:5a:96:f9:a6:de:94:d4:eb:f1:65:9d:a1:ee:26:fc:33:
        06:b5:78:78
-----BEGIN CERTIFICATE-----
MIIGLjCCBRagAwIBAgICB3EwDQYJKoZIhvcNAQELBQAwUjELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEaMBgGA1UE
AxMRRmVkZXJhbCBCcmlkZ2UgQ0EwHhcNMTExMjI5MTg1NTQ2WhcNMTQxMjI5MTg1
MzA0WjBZMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQ0w
CwYDVQQLEwRGUEtJMSEwHwYDVQQDExhGZWRlcmFsIENvbW1vbiBQb2xpY3kgQ0Ew
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYdfs1FjRaQb9ar1wwBBQc
rXhEteom6nVhx802efh82L0pUWZZIeN5q9R4vrAtsKHVsjUWI9DMHr4O6Kvcw8nW
EtencmgYMbgXIrI+froIbcb90VgsaaAD8Cqj9j8hJT3ftzLFjiezI6XgUrNdlumw
uMXFn7vFoG6CQLvFJwU2SdYmJ2kMNI/PJ3oqCqNBX40dA4aDFeBVwcWYLJ7sGnLc
SME++YTShILBG8N0Nre5xzYyevgyttA2riIYMYxQcyGe/oM7MIgk4+nBft7tmMcf
khCKn1tiL52kvNWFbzr9yVOnIEuq2yCrIU4dDU7mmIXlqxFHXZ0/xCPA4xQGbv6d
AgMBAAGjggMFMIIDATAPBgNVHRMBAf8EBTADAQH/MIIBMwYDVR0gBIIBKjCCASYw
DAYKYIZIAWUDAgEDAjAMBgpghkgBZQMCAQMDMAwGCmCGSAFlAwIBAwwwDAYKYIZI
AWUDAgEDATAMBgpghkgBZQMCAQMOMAwGCmCGSAFlAwIBAw8wDAYKYIZIAWUDAgED
JTAMBgpghkgBZQMCAQMSMAwGCmCGSAFlAwIBAxQwDAYKYIZIAWUDAgEDEzAMBgpg
hkgBZQMCAQMEMAwGCmCGSAFlAwIBAxUwDAYKYIZIAWUDAgEDFjAMBgpghkgBZQMC
AQMXMAwGCmCGSAFlAwIBAxgwDAYKYIZIAWUDAgEDGTAMBgpghkgBZQMCAQMaMAwG
CmCGSAFlAwIBAxswDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMNMAwGCmCGSAFl
AwIBAyYwTwYIKwYBBQUHAQEEQzBBMD8GCCsGAQUFBzAChjNodHRwOi8vaHR0cC5m
cGtpLmdvdi9icmlkZ2UvY2FDZXJ0c0lzc3VlZFRvZmJjYS5wN2MwgY0GA1UdIQSB
hTCBgjAYBgpghkgBZQMCAQMDBgpghkgBZQMCAQMGMBgGCmCGSAFlAwIBAwwGCmCG
SAFlAwIBAwcwGAYKYIZIAWUDAgEDJQYKYIZIAWUDAgEDCDAYBgpghkgBZQMCAQME
BgpghkgBZQMCAQMQMBgGCmCGSAFlAwIBAyYGCmCGSAFlAwIBAyQwTwYIKwYBBQUH
AQsEQzBBMD8GCCsGAQUFBzAFhjNodHRwOi8vaHR0cC5mcGtpLmdvdi9mY3BjYS9j
YUNlcnRzSXNzdWVkQnlmY3BjYS5wN2MwDgYDVR0PAQH/BAQDAgEGMB8GA1UdIwQY
MBaAFMSd/J1dOl0Fer8CgezbSXAVx7JyMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6
Ly9odHRwLmZwa2kuZ292L2JyaWRnZS9mYmNhLmNybDAdBgNVHQ4EFgQUrQx6dVzl
85jEeZgOrCj9l/TnAvwwDQYJKoZIhvcNAQELBQADggEBADz71qy2Bzuvh8VtNkRB
kT6p7h6W6R2WbSuvT06jW7Q4476WtNC+ejgsxnwazqOQ7bslbPNozZww6u0PHxKH
4iRBHZLiAFBibWUTiE5LPq+z3/dPP3iPrh+eHXY5qtc8HZ/zL2BELhwDjr2rC5L9
AkoXgfhOOiajNtnNraTuTSHsLTmhKmt56OQt3OolAjeGS9U6RTrYA3ZG4R1ER3Sd
0sNN/ufLrIAjsFA+vFrTNo6Xrk0fD0YOhDopiCeUZaDStqeb239lDenp3le17TO/
JxC8aVwG27qwDvniZ5qAW0dcb4IEbLYRfstoqA5ZWpb5pt6U1OvxZZ2h7ib8Mwa1
eHg=
-----END CERTIFICATE-----
`

// HexHashFederalCommonPolicyCASignedByFederalBridgeCA is the hex SHA256
// fingeprint ofFederalCommonPolicyCASignedByFederalBridgeCA.
const HexHashFederalCommonPolicyCASignedByFederalBridgeCA = "96289a5f9a419d10c9cf3739c477a3fb8cd1c56f8f69528b97a2dbb1b6a3270f"

// PEMFederalCommonPolicyCASignedByFederalBridgeCA2013 is the certificate for
// the Federal Common Policy CA signed by the Federal Bridge CA 2013.
const PEMFederalCommonPolicyCASignedByFederalBridgeCA2013 = `
-----BEGIN CERTIFICATE-----
MIIGaTCCBVGgAwIBAgICFlwwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEfMB0GA1UE
AxMWRmVkZXJhbCBCcmlkZ2UgQ0EgMjAxMzAeFw0xNTA2MjQxNTUyMDdaFw0xODA2
MjQxNTUyMDdaMFkxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l
bnQxDTALBgNVBAsTBEZQS0kxITAfBgNVBAMTGEZlZGVyYWwgQ29tbW9uIFBvbGlj
eSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANh1+zUWNFpBv1qv
XDAEFByteES16ibqdWHHzTZ5+HzYvSlRZlkh43mr1Hi+sC2wodWyNRYj0Mwevg7o
q9zDydYS16dyaBgxuBcisj5+ughtxv3RWCxpoAPwKqP2PyElPd+3MsWOJ7MjpeBS
s12W6bC4xcWfu8WgboJAu8UnBTZJ1iYnaQw0j88neioKo0FfjR0DhoMV4FXBxZgs
nuwactxIwT75hNKEgsEbw3Q2t7nHNjJ6+DK20DauIhgxjFBzIZ7+gzswiCTj6cF+
3u2Yxx+SEIqfW2IvnaS81YVvOv3JU6cgS6rbIKshTh0NTuaYheWrEUddnT/EI8Dj
FAZu/p0CAwEAAaOCAzswggM3MA8GA1UdEwEB/wQFMAMBAf8wUwYIKwYBBQUHAQEE
RzBFMEMGCCsGAQUFBzAChjdodHRwOi8vaHR0cC5mcGtpLmdvdi9icmlkZ2UvY2FD
ZXJ0c0lzc3VlZFRvZmJjYTIwMTMucDdjMIIBQQYDVR0gBIIBODCCATQwDAYKYIZI
AWUDAgEDATAMBgpghkgBZQMCAQMCMAwGCmCGSAFlAwIBAwMwDAYKYIZIAWUDAgED
DDAMBgpghkgBZQMCAQMOMAwGCmCGSAFlAwIBAw8wDAYKYIZIAWUDAgEDJTAMBgpg
hkgBZQMCAQMmMAwGCmCGSAFlAwIBAwQwDAYKYIZIAWUDAgEDEjAMBgpghkgBZQMC
AQMTMAwGCmCGSAFlAwIBAxQwDAYKYIZIAWUDAgEDBjAMBgpghkgBZQMCAQMHMAwG
CmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMNMAwGCmCGSAFl
AwIBAxAwDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMoMAwGCmCGSAFlAwIBAykw
DAYKYIZIAWUDAgEDJzBPBggrBgEFBQcBCwRDMEEwPwYIKwYBBQUHMAWGM2h0dHA6
Ly9odHRwLmZwa2kuZ292L2ZjcGNhL2NhQ2VydHNJc3N1ZWRCeWZjcGNhLnA3YzCB
jQYDVR0hBIGFMIGCMBgGCmCGSAFlAwIBAwMGCmCGSAFlAwIBAwYwGAYKYIZIAWUD
AgEDBAYKYIZIAWUDAgEDEDAYBgpghkgBZQMCAQMMBgpghkgBZQMCAQMHMBgGCmCG
SAFlAwIBAyUGCmCGSAFlAwIBAwgwGAYKYIZIAWUDAgEDJgYKYIZIAWUDAgEDJDAN
BgNVHTYBAf8EAwIBADAPBgNVHSQBAf8EBTADgQEBMA4GA1UdDwEB/wQEAwIBBjAf
BgNVHSMEGDAWgBS7znRxgzROWTJFFV9AYGDcK7C05DA5BgNVHR8EMjAwMC6gLKAq
hihodHRwOi8vaHR0cC5mcGtpLmdvdi9icmlkZ2UvZmJjYTIwMTMuY3JsMB0GA1Ud
DgQWBBStDHp1XOXzmMR5mA6sKP2X9OcC/DANBgkqhkiG9w0BAQsFAAOCAQEAfcpu
K1Y69/mTqMBJ7RV2rNfTExexIdU67nwadpT2izyN4qUKFyCN3jXl1P32pSUr1Moz
Ml7NOA5oHRYC88I1D5auCymCW55sOt5fs9QAbNbM9nwhbyq6ROMDH68j4nV6sb2D
g7slYPbf5UbacCmqIGzjGpks349Cpi3/2Kd1brzx4/13tinNlC9Vocs1RyCDecC7
NJNoE6nApq43m3Ns598EY6aVlXHpCWA913A+yUG4H7rmm4fr+5MrXT79j8iqTLR3
ZbE+MYKadMsXhFkpcp2J4hKPsoycvRXegy00411ZLkUcn48Ha8DdDJSktUQgJolZ
IeSPIo86WvJEwAAVhg==
-----END CERTIFICATE-----`

// HexHashFederalCommonPolicyCASignedByFederalBridgeCA2013 is the hex SHA256
// fingerprint ofFederalCommonPolicyCASignedByFederalBridgeCA2013.
const HexHashFederalCommonPolicyCASignedByFederalBridgeCA2013 = "59cb0702bc82d6a6c58eedbf84e610c3d9ce4630e61fba5745ded0cb371e675c"

// PEMFederalCommonPolicyCASignedByFederalBridgeCA2016 is the certificate for
// the Federal Common Policy CA signed by the Federal Bridge CA 2016.
const PEMFederalCommonPolicyCASignedByFederalBridgeCA2016 = `
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:6f:fe:26:1a:79:65:43:cd:c7:88:e1:5f:90:f5:e3:ec:e6:9b:f4
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA 2016
        Validity
            Not Before: Nov  8 18:14:36 2016 GMT
            Not After : Nov  8 18:14:36 2019 GMT
        Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:d8:75:fb:35:16:34:5a:41:bf:5a:af:5c:30:04:
                    14:1c:ad:78:44:b5:ea:26:ea:75:61:c7:cd:36:79:
                    f8:7c:d8:bd:29:51:66:59:21:e3:79:ab:d4:78:be:
                    b0:2d:b0:a1:d5:b2:35:16:23:d0:cc:1e:be:0e:e8:
                    ab:dc:c3:c9:d6:12:d7:a7:72:68:18:31:b8:17:22:
                    b2:3e:7e:ba:08:6d:c6:fd:d1:58:2c:69:a0:03:f0:
                    2a:a3:f6:3f:21:25:3d:df:b7:32:c5:8e:27:b3:23:
                    a5:e0:52:b3:5d:96:e9:b0:b8:c5:c5:9f:bb:c5:a0:
                    6e:82:40:bb:c5:27:05:36:49:d6:26:27:69:0c:34:
                    8f:cf:27:7a:2a:0a:a3:41:5f:8d:1d:03:86:83:15:
                    e0:55:c1:c5:98:2c:9e:ec:1a:72:dc:48:c1:3e:f9:
                    84:d2:84:82:c1:1b:c3:74:36:b7:b9:c7:36:32:7a:
                    f8:32:b6:d0:36:ae:22:18:31:8c:50:73:21:9e:fe:
                    83:3b:30:88:24:e3:e9:c1:7e:de:ed:98:c7:1f:92:
                    10:8a:9f:5b:62:2f:9d:a4:bc:d5:85:6f:3a:fd:c9:
                    53:a7:20:4b:aa:db:20:ab:21:4e:1d:0d:4e:e6:98:
                    85:e5:ab:11:47:5d:9d:3f:c4:23:c0:e3:14:06:6e:
                    fe:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies:
                Policy: 2.16.840.1.101.3.2.1.3.13
                Policy: 2.16.840.1.101.3.2.1.3.1
                Policy: 2.16.840.1.101.3.2.1.3.2
                Policy: 2.16.840.1.101.3.2.1.3.14
                Policy: 2.16.840.1.101.3.2.1.3.15
                Policy: 2.16.840.1.101.3.2.1.3.17
                Policy: 2.16.840.1.101.3.2.1.3.18
                Policy: 2.16.840.1.101.3.2.1.3.19
                Policy: 2.16.840.1.101.3.2.1.3.20
                Policy: 2.16.840.1.101.3.2.1.3.3
                Policy: 2.16.840.1.101.3.2.1.3.12
                Policy: 2.16.840.1.101.3.2.1.3.4
                Policy: 2.16.840.1.101.3.2.1.3.37
                Policy: 2.16.840.1.101.3.2.1.3.38
                Policy: 2.16.840.1.101.3.2.1.3.6
                Policy: 2.16.840.1.101.3.2.1.3.7
                Policy: 2.16.840.1.101.3.2.1.3.8
                Policy: 2.16.840.1.101.3.2.1.3.36
                Policy: 2.16.840.1.101.3.2.1.3.16
                Policy: 2.16.840.1.101.3.2.1.3.39
                Policy: 2.16.840.1.101.3.2.1.3.40
                Policy: 2.16.840.1.101.3.2.1.3.41

            Authority Information Access:
                CA Issuers - URI:http://http.fpki.gov/bridge/caCertsIssuedTofbca2016.p7c

            X509v3 Policy Mappings:
                2.16.840.1.101.3.2.1.3.3:2.16.840.1.101.3.2.1.3.6, 2.16.840.1.101.3.2.1.3.4:2.16.840.1.101.3.2.1.3.16, 2.16.840.1.101.3.2.1.3.12:2.16.840.1.101.3.2.1.3.7, 2.16.840.1.101.3.2.1.3.37:2.16.840.1.101.3.2.1.3.8, 2.16.840.1.101.3.2.1.3.38:2.16.840.1.101.3.2.1.3.36
            Subject Information Access:
                CA Repository - URI:http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c

            X509v3 Policy Constraints: critical
                Inhibit Policy Mapping:1
            X509v3 Inhibit Any Policy: critical
                0
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:23:B0:B3:7D:16:54:D4:02:56:76:EB:3A:BE:A9:6B:2F:43:7B:28:16

            X509v3 CRL Distribution Points:
                URI:http://http.fpki.gov/bridge/fbca2016.crl

            X509v3 Subject Key Identifier:
                AD:0C:7A:75:5C:E5:F3:98:C4:79:98:0E:AC:28:FD:97:F4:E7:02:FC
    Signature Algorithm: sha256WithRSAEncryption
        67:c8:d1:37:2d:db:6c:88:3a:4f:93:42:3b:89:c6:46:d7:cb:
        38:23:6f:bd:15:ff:1b:a9:f3:f0:0c:7b:14:6d:ff:c6:b6:50:
        cb:d8:f0:0f:29:9d:a7:4c:10:4c:9d:6f:2a:1b:69:43:43:6f:
        d0:1c:54:df:3c:35:3b:3b:a3:2a:80:fa:cb:b9:9b:e4:4b:2e:
        9c:65:d5:8b:b4:65:b7:0d:4b:25:56:42:69:70:b8:d0:37:c3:
        54:4a:b1:e2:15:5d:d0:97:68:16:5b:81:05:8b:3c:5d:91:1d:
        bd:ed:6c:a1:b9:04:01:f3:54:86:7e:4b:30:29:25:a8:66:f9:
        e6:34:8f:49:d5:c3:37:91:c9:de:dd:ef:27:9c:63:5d:b7:96:
        6e:c4:c0:87:44:da:dd:9e:e9:64:0e:68:b0:c2:b1:df:d5:70:
        5c:8b:56:63:26:81:7c:2c:4e:2d:16:fd:36:ef:b0:12:aa:f1:
        a6:57:7c:de:91:84:26:9c:ef:47:b4:96:7c:18:ab:7d:56:1a:
        dc:4d:64:1e:2c:e3:4e:c3:35:19:8e:e9:8e:d1:c6:c0:cd:a2:
        62:02:54:b8:9c:16:df:61:c7:3f:1c:25:33:00:2b:e3:3c:46:
        e5:eb:ff:55:4c:46:86:66:70:f5:b6:e4:6c:bb:e6:2e:f5:d7:
        10:66:fa:05
-----BEGIN CERTIFICATE-----
MIIGezCCBWOgAwIBAgIUe2/+Jhp5ZUPNx4jhX5D14+zmm/QwDQYJKoZIhvcNAQEL
BQAwVzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsG
A1UECxMERlBLSTEfMB0GA1UEAxMWRmVkZXJhbCBCcmlkZ2UgQ0EgMjAxNjAeFw0x
NjExMDgxODE0MzZaFw0xOTExMDgxODE0MzZaMFkxCzAJBgNVBAYTAlVTMRgwFgYD
VQQKEw9VLlMuIEdvdmVybm1lbnQxDTALBgNVBAsTBEZQS0kxITAfBgNVBAMTGEZl
ZGVyYWwgQ29tbW9uIFBvbGljeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBANh1+zUWNFpBv1qvXDAEFByteES16ibqdWHHzTZ5+HzYvSlRZlkh43mr
1Hi+sC2wodWyNRYj0Mwevg7oq9zDydYS16dyaBgxuBcisj5+ughtxv3RWCxpoAPw
KqP2PyElPd+3MsWOJ7MjpeBSs12W6bC4xcWfu8WgboJAu8UnBTZJ1iYnaQw0j88n
eioKo0FfjR0DhoMV4FXBxZgsnuwactxIwT75hNKEgsEbw3Q2t7nHNjJ6+DK20Dau
IhgxjFBzIZ7+gzswiCTj6cF+3u2Yxx+SEIqfW2IvnaS81YVvOv3JU6cgS6rbIKsh
Th0NTuaYheWrEUddnT/EI8DjFAZu/p0CAwEAAaOCAzswggM3MA8GA1UdEwEB/wQF
MAMBAf8wggFBBgNVHSAEggE4MIIBNDAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIB
AwEwDAYKYIZIAWUDAgEDAjAMBgpghkgBZQMCAQMOMAwGCmCGSAFlAwIBAw8wDAYK
YIZIAWUDAgEDETAMBgpghkgBZQMCAQMSMAwGCmCGSAFlAwIBAxMwDAYKYIZIAWUD
AgEDFDAMBgpghkgBZQMCAQMDMAwGCmCGSAFlAwIBAwwwDAYKYIZIAWUDAgEDBDAM
BgpghkgBZQMCAQMlMAwGCmCGSAFlAwIBAyYwDAYKYIZIAWUDAgEDBjAMBgpghkgB
ZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMQ
MAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpghkgBZQMCAQMpMFMGCCsG
AQUFBwEBBEcwRTBDBggrBgEFBQcwAoY3aHR0cDovL2h0dHAuZnBraS5nb3YvYnJp
ZGdlL2NhQ2VydHNJc3N1ZWRUb2ZiY2EyMDE2LnA3YzCBjQYDVR0hBIGFMIGCMBgG
CmCGSAFlAwIBAwMGCmCGSAFlAwIBAwYwGAYKYIZIAWUDAgEDBAYKYIZIAWUDAgED
EDAYBgpghkgBZQMCAQMMBgpghkgBZQMCAQMHMBgGCmCGSAFlAwIBAyUGCmCGSAFl
AwIBAwgwGAYKYIZIAWUDAgEDJgYKYIZIAWUDAgEDJDBPBggrBgEFBQcBCwRDMEEw
PwYIKwYBBQUHMAWGM2h0dHA6Ly9odHRwLmZwa2kuZ292L2ZjcGNhL2NhQ2VydHNJ
c3N1ZWRCeWZjcGNhLnA3YzAPBgNVHSQBAf8EBTADgQEBMA0GA1UdNgEB/wQDAgEA
MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQjsLN9FlTUAlZ26zq+qWsvQ3so
FjA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vaHR0cC5mcGtpLmdvdi9icmlkZ2Uv
ZmJjYTIwMTYuY3JsMB0GA1UdDgQWBBStDHp1XOXzmMR5mA6sKP2X9OcC/DANBgkq
hkiG9w0BAQsFAAOCAQEAZ8jRNy3bbIg6T5NCO4nGRtfLOCNvvRX/G6nz8Ax7FG3/
xrZQy9jwDymdp0wQTJ1vKhtpQ0Nv0BxU3zw1OzujKoD6y7mb5EsunGXVi7Rltw1L
JVZCaXC40DfDVEqx4hVd0JdoFluBBYs8XZEdve1sobkEAfNUhn5LMCklqGb55jSP
SdXDN5HJ3t3vJ5xjXbeWbsTAh0Ta3Z7pZA5osMKx39VwXItWYyaBfCxOLRb9Nu+w
Eqrxpld83pGEJpzvR7SWfBirfVYa3E1kHizjTsM1GY7pjtHGwM2iYgJUuJwW32HH
PxwlMwAr4zxG5ev/VUxGhmZw9bbkbLvmLvXXEGb6BQ==
-----END CERTIFICATE-----
`

// HexHashFederalCommonPolicyCASignedByFederalBridgeCA2016 is the hex SHA256
// fingerprint ofFederalCommonPolicyCASignedByFederalBridgeCA2016.
const HexHashFederalCommonPolicyCASignedByFederalBridgeCA2016 = "343293348becda9784b09e5e252a25355772e488cb75dc8b5075dc89541b3cc9"