Closed djpackham closed 3 years ago
If this was merged with the FPKI OCSP, AIA, CDP, and DN page. Can this issue be closed?
Preview site - https://cg-06ab120d-836f-49a2-bc22-9dfb1585c3c6.app.cloud.gov/preview/gsa/fpki-guides/SIA-page/tools/
@grandamp - Feedback?
my take on this: the end entity OCSP and CDP URIs are the most important and not reflected. Those are the URIs that are first, have the bulk of the data, and require configs on some firewalls and services to access.
@lachellel - I think this is almost all federal issuers under Common and the Bridge and contain the CDP URI and OCSP. The CDP is from a EE cert. Which CA's are missing?
Sample below: "subject": "CN=Veterans Affairs User CA B1, OU=PKI, OU=Services, DC=va, DC=gov", "issuer": "CN=Verizon SSP CA A2, OU=SSP, O=Verizon, C=US", "serialNumber": "251EA36536CFEBB0E9D1334D0CB96102BAB16589", "notBefore": "1/25/2017 04:59", "notAfter": "1/25/2027 04:59", "thumbprint": "671461948B8EF765FE5E1248222AF3FCDD457564", "crldp_http": "http://crl.pki.va.gov/PKI/CRL/VET-SSP-CA-B1.crl", "crldp_ocsp": "http://ocsp.pki.va.gov/", "AIA": "http://aia1.ssp-strong-id.net/CA/VAuserCA.p7c"
A few thoughts/observations:
(1) There are a few cases in which the OCSP responder URI differs for the issuer and root, so that value should likely be mined from the EE cert to populate the issuing CA value as well. For consistency, it may make sense to mine all three values (CDP, AIA OCSP and AIA CAI) from the same certificate, in order to minimize confusion - so all three values would always be mined from a certificate issued by the listed CA.
(2) Where organizations are issuing partitioned CRLs, you probably want to populate the URL for the full CRL (rather than the single partition asserted in a random EE cert).
(3) It would be valuable to include values for the roots (or more generally CAs other than subordinates in the issuance chains) as well.
(4) "crldp_ocsp" seems like an odd label for the OCSP URI; was that intended to be "ocsp_http"?
Should the URL that links to the file be the raw content link, or the GitHub URI?
I.e.,
https://raw.githubusercontent.com/GSA/fpki-guides/SIA-page/_includes/fpki_aia_ocsp_sia_list.json
-vs-
https://github.com/GSA/fpki-guides/blob/SIA-page/_includes/fpki_aia_ocsp_sia_list.json
@weirdscience My confusion stemmed from how it is listed by subject and issuer:
"subject": "CN=Veterans Affairs User CA B1, OU=PKI, OU=Services, DC=va, DC=gov", "issuer": "CN=Verizon SSP CA A2, OU=SSP, O=Verizon, C=US",
Versus just ISSUER for the EE included URIs:
"issuer": "CN=Veterans Affairs User CA B1, OU=PKI, OU=Services, DC=va, DC=gov",
There will be multi-valued attributes for some of the URIs too. I don't want to over-engineer - but how should the files be modified to have multi-valued attributes?
For Julia's comments:
(1) There are a few cases in which the OCSP responder URI differs for the issuer and root, so that value should likely be mined from the EE cert to populate the issuing CA value as well. For consistency, it may make sense to mine all three values (CDP, AIA OCSP and AIA CAI) from the same certificate, in order to minimize confusion - so all three values would always be mined from a certificate issued by the listed CA.
There are also a few cases where EE certs signed by the same Issuing CA have different CDP, AIA OCSP and AIA CAI. One root cause is a practice where the RA inserts an agency or integrator specific value (different domain and services, but replicates the files). I dislike the practice professionally AND the CA operator is still responsible for availability and validity on those status and artifact services operated by another entity. Example:
We also have transitions from domain names. Examples include Verisign -> Symantec -> Digicert:
(2) Where organizations are issuing partitioned CRLs, you probably want to populate the URL for the full CRL (rather than the single partition asserted in a random EE cert).
@weirdscience My joke about a rube goldberg machine wasn't really a joke. :+1: When I try to build a list - I find errors and that leads me to create a customized list for an agency (short term) and in parallel identify the root cause for the problem in the first place. Is it bad policy? profiles? misinterpretation? just an old system that needs to shut down entirely?
I see five+ Issuing CAs missing...I'll post separately after sorting through the data in more detail.
Below is an example of how we are maintaining Certs and CRLs to feed our validation services (in yaml). This example is only for CA's under the Treasury Root CA. Having the key identifiers listed helps to determine the integrity of the artifacts, and relationships. In this case, we only care about the CRL that is produced by each CA key.
scvp_ca_certificates:
- caHash: '48CE02A99AE2CC4F790F2989AA153ED565B7E4D2'
caSKI: '174BB826BA697AAD12505745319E57BB74A5DA2F'
caAKI: 'AD0C7A755CE5F398C479980EAC28FD97F4E702FC'
caName: 'US Treasury Root CA 4K'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/US_Treasury_Root_CA1.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIHwTCCBqmgAwIBAgICc0swDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCVVMx
GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDENMAsGA1UECxMERlBLSTEhMB8GA1UE
AxMYRmVkZXJhbCBDb21tb24gUG9saWN5IENBMB4XDTE5MDgxNDE1NDU0NVoXDTIy
MDgxNDE1NDIyMlowgY4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
bm1lbnQxIzAhBgNVBAsTGkRlcGFydG1lbnQgb2YgdGhlIFRyZWFzdXJ5MSIwIAYD
VQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQLExNVUyBUcmVh
c3VyeSBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7D5n
zQgGJWbAzFCMv5x7nb7bZ1ERbKGEfKVLg7XWT8xTsL8CaItldWtTGGwbjiTH+sbL
mk19jkfCQ7QhyipMHDfmFxEAa/aTc28nWquT/Omt1yEunX2qQK7XA42gGYLRfkjc
V8wr/gcHieQDERUKUSYPo/ecrzfcJ7S7xRpIKqiBPlD5msWJjBHBsgZWvMpvT2tZ
uOU3nK47oQ3FNZtHUiUkYUtQieMRwk8TQ8Y0fdZ+rwJxWTo44LUJp4hXPgtdSSe+
DFDJv+le8Ncvzw1cH8lJ8sjPjFvFCjeWVZVFhDC/HR2BqnC7vqcSAyWCwsIaNNfn
11kruLMf87SUdqKwWeLH+xJOh5slKV91+pee7HqUYIawO3bLCeHZ2TXQfoN37n22
4IeFgzpR2t4fVRLlYYeZuFxRb4vInCIFMwvlmorOXitVCfaZd71Ws9GKO3Sg3ur9
sNvKgBeE7A4mm5bEVRBS0Gpo+s6L9jdUPYvrzV1bRx1f4IfIwuSbxl93Mn1JLLNF
PS1nAHhROc1NzTf/1annVnPWt49xvJfeKmFagwkMKv3wFqa0UHF9TO8TYcO5jueO
wfiHY6e9ASElT0ev5Wk3kaoP5wPWeP8Rhkt1HnD9puitgAiUNHsEol7osemoRQdl
zmg5jZE306KGzwjbgNdX4QN8iGp/vt3rg+0sFVkCAwEAAaOCA1swggNXMA8GA1Ud
EwEB/wQFMAMBAf8wTwYIKwYBBQUHAQEEQzBBMD8GCCsGAQUFBzAChjNodHRwOi8v
aHR0cC5mcGtpLmdvdi9mY3BjYS9jYUNlcnRzSXNzdWVkVG9mY3BjYS5wN2MwDwYD
VR0kBAgwBoABAIEBADAKBgNVHTYEAwIBADCB3QYDVR0gBIHVMIHSMAwGCmCGSAFl
AwIBAwEwDAYKYIZIAWUDAgEDAjAMBgpghkgBZQMCAQMSMAwGCmCGSAFlAwIBAxMw
DAYKYIZIAWUDAgEDFDAMBgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZI
AWUDAgEDCDAMBgpghkgBZQMCAQMkMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgED
EDAMBgpghkgBZQMCAQMRMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpg
hkgBZQMCAQMpMEAGCCsGAQUFBwELBDQwMjAwBggrBgEFBQcwBYYkaHR0cDovL3Br
aS50cmVhc3VyeS5nb3Yvcm9vdF9zaWEucDdjMIIBKwYDVR0hBIIBIjCCAR4wGAYK
YIZIAWUDAgEDAQYKYIZIAWUDAgEFAjAYBgpghkgBZQMCAQMCBgpghkgBZQMCAQUD
MBgGCmCGSAFlAwIBAxIGCmCGSAFlAwIBBQowGAYKYIZIAWUDAgEDEwYKYIZIAWUD
AgEFCzAYBgpghkgBZQMCAQMUBgpghkgBZQMCAQUMMBgGCmCGSAFlAwIBAwYGCmCG
SAFlAwIBAwYwGAYKYIZIAWUDAgEDBgYKYIZIAWUDAgEFBzAYBgpghkgBZQMCAQMH
BgpghkgBZQMCAQMHMBgGCmCGSAFlAwIBAwcGCmCGSAFlAwIBBQQwGAYKYIZIAWUD
AgEDEAYKYIZIAWUDAgEDEDAYBgpghkgBZQMCAQMQBgpghkgBZQMCAQUFMA4GA1Ud
DwEB/wQEAwIBBjAfBgNVHSMEGDAWgBStDHp1XOXzmMR5mA6sKP2X9OcC/DA1BgNV
HR8ELjAsMCqgKKAmhiRodHRwOi8vaHR0cC5mcGtpLmdvdi9mY3BjYS9mY3BjYS5j
cmwwHQYDVR0OBBYEFBdLuCa6aXqtElBXRTGeV7t0pdovMA0GCSqGSIb3DQEBCwUA
A4IBAQBN/LWcgOMcjwYcWYmZ2aSI7ya+q5oC31CL1YbmMSIKTnaSkFlwuS1xiVZ2
L+DjjaDlKcEVTw4OfK/n+BB5SBUb/+ooQUttsl/GZ+0DG10B4qK8NGpGLSu1AvSO
4M9nr+0Pe3WAr9Ok73dhBqa6jak5vKkeHlLjaVzgHgoBgaUsvsmFnFqByZiPiOFd
Zfokq3LfVEuWXRUVLOrLITm/N6VQ7QKc6S3TnpO1Uemid7+P90HDui3D6CRW5NcO
MAlOlH4CYQ54mAo854edYormZXebBc0O4aNsIws+tLo4VI+C4wP0ncyDW9YFkWlR
itbDG1LvIUTocwRe9y/ZcCCcm4sk
-----END CERTIFICATE-----
- caHash: '30EE8B72D745DA0F6938ED137AC604DCD8A74AF0'
caSKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caAKI: '174BB826BA697AAD12505745319E57BB74A5DA2F'
caName: 'US Treasury Root CA 4k to 2k Link Cert - 570d2c00'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/US_Treasury_Root_CA.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIHgDCCBWigAwIBAgIEVw0sADANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMDYwODA1MTQx
NjMwWhcNMjYwODA1MTQ0NjMwWjCBjjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0aGUgVHJlYXN1
cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxHDAaBgNVBAsT
E1VTIFRyZWFzdXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDoJARZzJjHfGSxatc7KUjHu1jq36LEKpPRaNaLg8IqQOZq7G4a3+kj71Rh
2uWi7XYAaQTVTPK/xBtohVGuB6c42QqzUhE2nyKB3gRId76or7LxeC6sxFiHUIYC
DHs3aAidYk21CbfxFnPbBOhG6YiTJcjabaOojCHfxtc2WCDbrfaMEoAil1j040KL
fdH0frl/Vu+6MbxJ7BKvCIC54pdiYH/vg/lj3utwbqvETw80EqbLrSZDy48DxvOe
JB4qg7Bq5in/Vx6xbl9PQNVCtarVtFHksntbBvyCosyxFr8+RMejZLeC9mhy2+b+
e2Hb/q51dszcbFLZvAeoOWbrj5rLAgMBAAGjggLiMIIC3jAOBgNVHQ8BAf8EBAMC
AQYwDwYDVR0TAQH/BAUwAwEB/zBLBggrBgEFBQcBAQQ/MD0wOwYIKwYBBQUHMAKG
L2h0dHA6Ly9wa2kudHJlYXN1cnkuZ292L2NhY2VydHNpc3N1ZWR0b3RyY2EucDdj
MEAGCCsGAQUFBwELBDQwMjAwBggrBgEFBQcwBYYkaHR0cDovL3BraS50cmVhc3Vy
eS5nb3Yvcm9vdF9zaWEucDdjMIH5BgNVHSAEgfEwge4wDAYKYIZIAWUDAgEDBjAM
BgpghkgBZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpghkgB
ZQMCAQMQMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMn
MAwGCmCGSAFlAwIBAygwDAYKYIZIAWUDAgEDKTAMBgpghkgBZQMCAQUCMAwGCmCG
SAFlAwIBBQMwDAYKYIZIAWUDAgEFBDAMBgpghkgBZQMCAQUHMAwGCmCGSAFlAwIB
BQowDAYKYIZIAWUDAgEFCzAMBgpghkgBZQMCAQUMMB8GA1UdIwQYMBaAFBdLuCa6
aXqtElBXRTGeV7t0pdovMB0GA1UdDgQWBBRohBVIjFRwfy0SWA7sHHjvPC5ZZDCB
7wYDVR0fBIHnMIHkMIGpoIGmoIGjpIGgMIGdMQswCQYDVQQGEwJVUzEYMBYGA1UE
ChMPVS5TLiBHb3Zlcm5tZW50MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRoZSBU
cmVhc3VyeTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEcMBoG
A1UECxMTVVMgVHJlYXN1cnkgUm9vdCBDQTENMAsGA1UEAxMEQ1JMMTA2oDSgMoYw
aHR0cDovL3BraS50cmVhc3VyeS5nb3YvVVNfVHJlYXN1cnlfUm9vdF9DQTEuY3Js
MA0GCSqGSIb3DQEBCwUAA4ICAQDkJPyJSS87CAuaDXkdJFGsLkgQOrDxCJpNgD1Z
Q1RmAbBwpO8x94m00gjE2uN9Gj/ezADsK0Yu9z83XdAl/6706GJ3bChBy/0m2xeB
i/oYhhkXB17Sc2a8O8gA8DLm3bXqvO3T32pVJnyXj/ckUU1P424zQjqhj5d+/xs/
M96a/jiFc7pFAE4lCBI6ydDeUNBZgRleX9R7Bp23/Uygd59wzEZ0Jvu2ls9x1bBG
qtp71PsGRhKyU64XFEKTaNknye/0TqRdTqpWzH6foTBjptYvn08cZmGVQNientSb
qWk+pvgxJtM9piiGDlUaPcizdnL5O3xVfjwYQNRteVPwXepkBSl9yPIG49yknUcH
fj0S2NCQy1OYqhy+oFYr+2aJG0CON5LFrwkaUU0bvRAXpW33hqN5/+8cApccXAeh
D42+gKVr+M/vNJGat46KKX6PF1ZflFfrE7jxD3Jza0N4dTXDRCagj30QmegziIA2
vylt+7jH7FHUVvOfTZaHMqvyZfc9dFKYpqJKrFEaMv6Fqawejir8kF9CUpSAF2O7
A843vFQuVRgIwp1M+D4xnvxnLbehLzqEZ6ZSSIPoHXzitfz9/oycCfUbIyYE4TW9
8wEwfpj4wCO1Gldl+2rZYUEb5mjkkltR1O8s5rYqoxVSVKUrAD/fHYdOzteWkNQk
yiTo/Q==
-----END CERTIFICATE-----
- caHash: '14D4454152A6A1384052186ADBB944FB2E1A768D'
caSKI: '1F506BFB74AA5AD33BCB136470AE5273C28549A8'
caAKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caName: 'US Treasury Public CA - 4a61d1db'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/PUBLIC_CA.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIHKTCCBhGgAwIBAgIESmHR2zANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTAxMjA1MTg1
MjM2WhcNMjAxMjA1MTkyMjM2WjCBkDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0aGUgVHJlYXN1
cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxHjAcBgNVBAsT
FVVTIFRyZWFzdXJ5IFB1YmxpYyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAO1zvNemFhhCvVDMkj5E8JhUzQ5kytVW0kiRH6YuGYsVWwAj9VNuj3r3
pPce4M8Iz052zLZCRBJVg1zdcoJCrlaW4gGTkV4dx0+oDP+Tmw6uH0qIz9ZZuJeo
ekoaP3LOja/IQV5EOPeppzPsWhsj8/mZO4olaZrhMtzPuVJX7+3HUNnl4IXjEj0s
iHxqs6VGDBlLxfTJRmTSF+TKIo7Az/MM+WMhZ9Vo4uc6MWs51FJVebm2valLoL03
AVdRdmTA6/TJw1DADLn2knSHDHzP2xG9NrTJsX0yYxDsGPAO90py/Hj36fv6dpbe
uSGYuoZ12yFDtJcG3XyJuf7jXsAfoosCAwEAAaOCA4kwggOFMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/ME8GA1UdIARIMEYwDAYKYIZIAWUDAgEFBDAM
BgpghkgBZQMCAQUHMAwGCmCGSAFlAwIBBQgwDAYKYIZIAWUDAgEFAzAMBgpghkgB
ZQMCAQUCMIIBDwYIKwYBBQUHAQEEggEBMIH+MC0GCCsGAQUFBzAChiFodHRwOi8v
cGtpLnRyZWFzLmdvdi90ZWNhX2FpYS5wN2MwgcwGCCsGAQUFBzAChoG/bGRhcDov
L2xkYXAudHJlYXMuZ292L291PVVTJTIwVHJlYXN1cnklMjBSb290JTIwQ0Esb3U9
Q2VydGlmaWNhdGlvbiUyMEF1dGhvcml0aWVzLG91PURlcGFydG1lbnQlMjBvZiUy
MHRoZSUyMFRyZWFzdXJ5LG89VS5TLiUyMEdvdmVybm1lbnQsYz1VUz9jQUNlcnRp
ZmljYXRlO2JpbmFyeSxjcm9zc0NlcnRpZmljYXRlUGFpcjtiaW5hcnkwggGhBgNV
HR8EggGYMIIBlDAyoDCgLoYsaHR0cDovL3BraS50cmVhcy5nb3YvVVNfVHJlYXN1
cnlfUm9vdF9DQS5jcmwwggFcoIIBWKCCAVSkgaAwgZ0xCzAJBgNVBAYTAlVTMRgw
FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxIzAhBgNVBAsTGkRlcGFydG1lbnQgb2Yg
dGhlIFRyZWFzdXJ5MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVz
MRwwGgYDVQQLExNVUyBUcmVhc3VyeSBSb290IENBMQ0wCwYDVQQDEwRDUkwxhoGu
bGRhcDovL2xkYXAudHJlYXMuZ292L2NuPUNSTDEsb3U9VVMlMjBUcmVhc3VyeSUy
MFJvb3QlMjBDQSxvdT1DZXJ0aWZpY2F0aW9uJTIwQXV0aG9yaXRpZXMsb3U9RGVw
YXJ0bWVudCUyMG9mJTIwdGhlJTIwVHJlYXN1cnksbz1VLlMuJTIwR292ZXJubWVu
dCxjPVVTP2F1dGhvcml0eVJldm9jYXRpb25MaXN0MB8GA1UdIwQYMBaAFGiEFUiM
VHB/LRJYDuwceO88LllkMB0GA1UdDgQWBBQfUGv7dKpa0zvLE2RwrlJzwoVJqDAZ
BgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIAgTANBgkqhkiG9w0BAQsFAAOCAQEAZACR
e/SnltrjBoone9iuKa1RuaiEZIpzm7+p7dYEZ2F3S13R9w3jDWaHO2Euang/T1I+
oO/Pxm03dU+g0IlEnasM3WkiWeDET8RnTSXoncRc0gSscTflLI4dHgaa3t1prXes
Jlpc6eNkgTxQditEwDU0EiOLyCnkLr1MN4XBDpPZXMqNTpvTEDKpziNyIfDJUIj8
Xh42Nk4FmjXtok3wntUC5UG55SEX5h87nbhxwrA+QIktHGsfMxT/UOmW4IUfCAJI
qbl8whB8R0otIWgNuDqP8lL67XFAbZGRXrj+BEx/s78yaBH/FsSkKpPEZQnCVFY2
94iVPtFYb3BIfiUGtw==
-----END CERTIFICATE-----
- caHash: 'BB6C62E648D503F1BEAB75EF5F69B17256175993'
caSKI: '16CDD6CE7FCF17F97E2185F4B1E72C33FF104509'
caAKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caName: 'Social Security Administration Certification Authority - 4e3980ef'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/SSA_CA2.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIGFzCCBP+gAwIBAgIETjmA7zANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTUwNDE5MTUw
NDI5WhcNMjUwNDE5MTUzNDI5WjB2MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5T
LiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNTU0ExPzA9BgNVBAsTNlNvY2lhbCBTZWN1
cml0eSBBZG1pbmlzdHJhdGlvbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANTpa7DCN9Vmjj8BlkQ9PZbiQlBL
yPYt7wl1Sdr35Fc5APcGVj7kfpOxAcpON7taXzARDFzXjo4WRclnVc6rW+mn7UJ9
rP6eTIgJUEjN5iUjfuz1yfrDcMDjCoidFAml5nF8mGnq+oFPaKye6aviF9g0o8A2
UtQLluM66+1B170OGmuY+hGdpYZACVC94o0hQ8s1tnj324CPTdDMXFclcn/E619X
19BlEJWdAlEzzkVieoZi7JBJJXmgzYIu672gQHfV2F06dXWvr62Rnyf40n0pwzpN
Y1sqYv80zogk5tfPm+3InAXyjFSz/Y30QImFCPRFvAsNdVdUyUJUjHVmpfsCAwEA
AaOCApIwggKOMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MIGzBgNV
HSAEgaswgagwDAYKYIZIAWUDAgEDBjAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIB
AwcwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFlAwIBAxAwDAYK
YIZIAWUDAgEDJDAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIBAygwDAYKYIZIAWUD
AgEDKTAMBgpghkgBZQMCAQUCMAwGCmCGSAFlAwIBBQMwQQYIKwYBBQUHAQEENTAz
MDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi9zc2FjYV9haWEu
cDdjMEEGCCsGAQUFBwELBDUwMzAxBggrBgEFBQcwBYYlaHR0cDovL3BraS50cmVh
c3VyeS5nb3Yvc3NhY2Ffc2lhLnA3YzCB7gYDVR0fBIHmMIHjMDWgM6Axhi9odHRw
Oi8vcGtpLnRyZWFzdXJ5Lmdvdi9VU19UcmVhc3VyeV9Sb290X0NBLmNybDCBqaCB
pqCBo6SBoDCBnTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVu
dDEjMCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsT
GUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5
IFJvb3QgQ0ExDTALBgNVBAMTBENSTDEwHwYDVR0jBBgwFoAUaIQVSIxUcH8tElgO
7Bx47zwuWWQwHQYDVR0OBBYEFBbN1s5/zxf5fiGF9LHnLDP/EEUJMA0GCSqGSIb3
DQEBCwUAA4IBAQA9gDh+z1xbtDXcVaxgly6VI1EFhgjiBTmwekbi9+uX8hxx3i1c
E2kt8zwGbrN4JW0VA6LDJY8TpGyRChP2h7rxICTjGtQiLby3X6fVcQ9AL6CEW6Wo
92ROhtXwQIzZfk3LFFpbKYxSYFza9AI89NYfYigGDxk4OuPuVDTrXZQXl7fDabpq
ENHMsB3X0MJDxV8JmqT3sJ0eLGFf/4iEEZCuj5Bwk3byddnJimxXdk54Txd+vCg1
+yRLzU6xwep+SiFmZMd7kjSq3jX3Y4I2xiLpymIgX4qw28fXjA2Yq7JCb0lNTHvZ
orq3DN/saJE3L1yiArkPGug8NQWXyFhIcEP+
-----END CERTIFICATE-----
- caHash: 'B4B209AADE830834C9B5C2F815021D28DC381FE1'
caSKI: 'D639776D50770E4CF03942DC616874AB829F557F'
caAKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caName: 'Social Security Administration Certification Authority - 4a61d2ba'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/SSA_CA1.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIINzCCBx+gAwIBAgIESmHSujANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTEwMjE2MjMy
OTU4WhcNMjEwMjE2MjM1OTU4WjB2MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5T
LiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNTU0ExPzA9BgNVBAsTNlNvY2lhbCBTZWN1
cml0eSBBZG1pbmlzdHJhdGlvbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMc3hAB0ct2XuWzrwrsWEev//s2j
s0i2v4561fJ0s5OiHBJ84+fAGJuZbY2qeWR4+i/0QYZNZlNXL+kz7yRBksDfx5mC
xCUbSVDuGy8JLZSxpLcNBdjzkagTakVwVXCZSsQYJEd9L7r4X1AEIoo9M4TmRtjh
Fb2WZjs3gDGqLJYndM5TkHI3KKPQx/mXNawMbsm9DnE3oUFnw7FfZtwF6/1WE0SY
GUJi9ZiHn5A9fPEWUpV2Gr+syjtk7qcBMvAq5BDv6h9XJ7X5W+0QLrHSaqKv3sY1
bgp2SeBfXe+PrD2vMG0JujlRRaL3JEzwFW15jWFsjXgV++bI8FzgyQj51pcCAwEA
AaOCBLIwggSuMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MHkGA1Ud
IARyMHAwDAYKYIZIAWUDAgEDBjAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIBAwcw
DAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFlAwIBAxAwDAYKYIZI
AWUDAgEFAzAMBgpghkgBZQMCAQUCMIIBEAYIKwYBBQUHAQEEggECMIH/MC4GCCsG
AQUFBzAChiJodHRwOi8vcGtpLnRyZWFzLmdvdi9zc2FjYV9haWEucDdjMIHMBggr
BgEFBQcwAoaBv2xkYXA6Ly9sZGFwLnRyZWFzLmdvdi9vdT1VUyUyMFRyZWFzdXJ5
JTIwUm9vdCUyMENBLG91PUNlcnRpZmljYXRpb24lMjBBdXRob3JpdGllcyxvdT1E
ZXBhcnRtZW50JTIwb2YlMjB0aGUlMjBUcmVhc3VyeSxvPVUuUy4lMjBHb3Zlcm5t
ZW50LGM9VVM/Y0FDZXJ0aWZpY2F0ZTtiaW5hcnksY3Jvc3NDZXJ0aWZpY2F0ZVBh
aXI7YmluYXJ5MIH7BggrBgEFBQcBCwSB7jCB6zAuBggrBgEFBQcwBYYiaHR0cDov
L3BraS50cmVhcy5nb3Yvc3NhY2Ffc2lhLnA3YzCBuAYIKwYBBQUHMAWGgatsZGFw
Oi8vc3NwbGRhcC50cmVhcy5nb3Yvb3U9U29jaWFsJTIwU2VjdXJpdHklMjBBZG1p
bmlzdHJhdGlvbiUyMENlcnRpZmljYXRpb24lMjBBdXRob3JpdHksb3U9U1NBLG89
VS5TLiUyMEdvdmVybm1lbnQsYz1VUz9jQUNlcnRpZmljYXRlO2JpbmFyeSxjcm9z
c0NlcnRpZmljYXRlUGFpcjtiaW5hcnkwggGhBgNVHR8EggGYMIIBlDAyoDCgLoYs
aHR0cDovL3BraS50cmVhcy5nb3YvVVNfVHJlYXN1cnlfUm9vdF9DQS5jcmwwggFc
oIIBWKCCAVSkgaAwgZ0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
bm1lbnQxIzAhBgNVBAsTGkRlcGFydG1lbnQgb2YgdGhlIFRyZWFzdXJ5MSIwIAYD
VQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQLExNVUyBUcmVh
c3VyeSBSb290IENBMQ0wCwYDVQQDEwRDUkwxhoGubGRhcDovL2xkYXAudHJlYXMu
Z292L2NuPUNSTDEsb3U9VVMlMjBUcmVhc3VyeSUyMFJvb3QlMjBDQSxvdT1DZXJ0
aWZpY2F0aW9uJTIwQXV0aG9yaXRpZXMsb3U9RGVwYXJ0bWVudCUyMG9mJTIwdGhl
JTIwVHJlYXN1cnksbz1VLlMuJTIwR292ZXJubWVudCxjPVVTP2F1dGhvcml0eVJl
dm9jYXRpb25MaXN0MB8GA1UdIwQYMBaAFGiEFUiMVHB/LRJYDuwceO88LllkMB0G
A1UdDgQWBBTWOXdtUHcOTPA5QtxhaHSrgp9VfzAZBgkqhkiG9n0HQQAEDDAKGwRW
Ny4xAwIAgTANBgkqhkiG9w0BAQsFAAOCAQEAwFyZKAyGrD8SdfkT6Nchkn8Ketec
8ioUFhS6gFl1yPn0tz5Cost543ZjM0r4Im/e22+Cm8DKcKfAZaM3cXliVV2I9OSx
Wv0qc8BRsA/e0EILv8nV2ge/rimBtTJnvHtyAlVFnXC6KY2kBjLl4yZvL9g+htfC
j2cjv6oC2bAQqAJHcjQnt19pb/wLJcXlBZjlGInsl6y7l9JNb57AgOSVIby/yHlg
cyZxXswy6Qc1LhjxPviY/EsKfdJz437+0OIsGkD/ZPLnhUJsznyRKxOk6on8wd1M
Mtw0mzOJqTBt7s2rdA9SJWvYbgEm/jG1EEgQl4QzNHawY4jn2XRbPyvbZA==
-----END CERTIFICATE-----
- caHash: '897A79FD488D426D6C50D0BA026F698BCA3334F4'
caSKI: '7405E1561A81014CD753E70F4EA2E65815304911'
caAKI: '174BB826BA697AAD12505745319E57BB74A5DA2F'
caName: 'Social Security Administration Certification Authority - 5bf45959'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/SSA_CA3.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIHGDCCBQCgAwIBAgIEW/RZWTANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTkwNDA3MTIz
ODM5WhcNMjkwNDA3MTMwODM5WjB2MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5T
LiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNTU0ExPzA9BgNVBAsTNlNvY2lhbCBTZWN1
cml0eSBBZG1pbmlzdHJhdGlvbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYfCoUm9t8zcTyL9bV0RipMNukT
tv1Z6niw7D7ZMdreoW3xxpkeSiK73g4HJkArhyld9e8X66GaN3wdeYisQsjdMkrV
pYcERnF2ZqlkrOsAOHY7WIprY3ob0ZZSPamz+SaO5bPeKMw+0wsWgIyVc6fjTj83
IVJpWyFk8m0LWLKWAZ3yZdunR3PeG13I6jJQpCJt2ZCaMOh620cB/qqw9qn8r1+x
3ZeJQmNUGBhcrqW+wdtaEDjNP9dE8U/RAIoNKAVYgUnDEyVifM+gMiuhQm7b3CX1
hHgABCZc8XrXjKRKtdUX2Qrg60kKM+uG2RiPNVR/pnYih1wOqMuOjPDgV6MCAwEA
AaOCApMwggKPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MIGzBgNV
HSAEgaswgagwDAYKYIZIAWUDAgEDBjAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIB
AwcwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwGCmCGSAFlAwIBAxAwDAYK
YIZIAWUDAgEDJDAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIBAygwDAYKYIZIAWUD
AgEDKTAMBgpghkgBZQMCAQUCMAwGCmCGSAFlAwIBBQMwQQYIKwYBBQUHAQEENTAz
MDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi9zc2FjYV9haWEu
cDdjMEEGCCsGAQUFBwELBDUwMzAxBggrBgEFBQcwBYYlaHR0cDovL3BraS50cmVh
c3VyeS5nb3Yvc3NhY2Ffc2lhLnA3YzCB7wYDVR0fBIHnMIHkMDagNKAyhjBodHRw
Oi8vcGtpLnRyZWFzdXJ5Lmdvdi9VU19UcmVhc3VyeV9Sb290X0NBMS5jcmwwgamg
gaaggaOkgaAwgZ0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l
bnQxIzAhBgNVBAsTGkRlcGFydG1lbnQgb2YgdGhlIFRyZWFzdXJ5MSIwIAYDVQQL
ExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQLExNVUyBUcmVhc3Vy
eSBSb290IENBMQ0wCwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFBdLuCa6aXqtElBX
RTGeV7t0pdovMB0GA1UdDgQWBBR0BeFWGoEBTNdT5w9OouZYFTBJETANBgkqhkiG
9w0BAQsFAAOCAgEAEYiMA/1f3hR+4ckbhoL9LqOTqaSTqbzDU+cKIqeKkiDnDCbY
kjWKlUxPSGM7TjmhFHH8tOIg8q2pWQmTo+Wwe174jLtGW3xNWfhbUOnJivvfMQum
6VMkTi87rvyPvm4bLRdRPGIkehHNWCt3oUmnIiK+JG4kSAzHWpMUpzHAXDsDUi4w
AqRQxk1tikTNg/H+FcUZq9Y7/iBKg3YmF2BN9DtCzsVJEHZp8LcFN0pugRFUGkmJ
5fXfCs9Jvwjt/rhl7X+Fklo0+EfXx4Y6r3tOc7sM0EJaNnRuXCDthzlaKIG49Z6c
CTbxSPoL0r+/Li09Rjxo9n+t7ZnWZCWl4RBECC2HWaxVdp//kIW8UOK8dQgstP1Z
TYwqs8PL01ZUCUZLZ5kHIeHqb7On7Spgj6+NfFkoxXcry8/if80b/XdgIsaV86Gg
A/dExCR/M5FpotO6HNXXJrJUXjpTaRCXKE9zWzhUJ/LTX7sV64bAzxRVzvc6UwZC
eBzi/uvlbnmoguNXrZ7cJaxj7x5tdDg3jr3QXfOfDxGxMXz1wiUPxNojluY6Ug+G
SWTqSpK+3SIcUUeS1B3OGWIXxZ7U1lAM+2yV4jET/GMSZC4mrLM9SKFTMayh7/Yc
WF8Uqgx23Co7gjAXF4b9l9tkH9Rvnloday4Od8mEUoB+WZxcVvfA0yc9/ek=
-----END CERTIFICATE-----
- caHash: 'E651A5DC6A1305613A22E46548E1666650C2825F'
caSKI: 'CD9A1C6072C1EBBEAEC5ABAC4990EB4D8EF1DFAE'
caAKI: '174BB826BA697AAD12505745319E57BB74A5DA2F'
caName: 'OCIO CA - 5ccb31fe'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/OCIO_CA5.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIHWzCCBUOgAwIBAgIEXMsx/jANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTkwNjIyMTMx
NDAyWhcNMjkwNjIyMTM0NDAyWjCBgjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0aGUgVHJlYXN1
cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxEDAOBgNVBAsT
B09DSU8gQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo+v8tgC+b
hpvjfEr7pu4Qjh9YgGedGnrpkbIogo3w+nwv5LsamJiUIrBYtYwmGlRw7AD0gogQ
9ScUWeeYbeIomxVT0rsUAbY+sJsqJwYzio/EYHZjozQXRqg8oxMF/8QvzQvFQRav
ZV7jGR4wCB3FZ8iQHBQeYM6CpvI/lTD1fReRnLmhTcL2lxNjaMwt+YMQvFQv50ok
qjfQkTuTRLF9j0Gw8vkb/F+m/3+1UZiuNFwlSRzYfzrkLIh+B9JVLV1TS4lFW+GV
g5ezHErRTWcr70m2Hbn7Q5I1hheKfx4t5Yt1smHJ6rpC6gF6gdWvCefVu8qdi4fR
T447PHBJkk1lAgMBAAGjggLJMIICxTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
BAUwAwEB/zCB6wYDVR0gBIHjMIHgMAwGCmCGSAFlAwIBBQIwDAYKYIZIAWUDAgEF
AzAMBgpghkgBZQMCAQUEMAwGCmCGSAFlAwIBBQcwDAYKYIZIAWUDAgEFCjAMBgpg
hkgBZQMCAQULMAwGCmCGSAFlAwIBBQwwDAYKYIZIAWUDAgEDBjAMBgpghkgBZQMC
AQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwG
CmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMoMAwGCmCGSAFl
AwIBAykwQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vcGtpLnRy
ZWFzdXJ5Lmdvdi90b2NhX2FpYS5wN2MwQAYIKwYBBQUHAQsENDAyMDAGCCsGAQUF
BzAFhiRodHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi90b2NhX3NpYS5wN2Mwge8GA1Ud
HwSB5zCB5DA2oDSgMoYwaHR0cDovL3BraS50cmVhc3VyeS5nb3YvVVNfVHJlYXN1
cnlfUm9vdF9DQTEuY3JsMIGpoIGmoIGjpIGgMIGdMQswCQYDVQQGEwJVUzEYMBYG
A1UEChMPVS5TLiBHb3Zlcm5tZW50MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRo
ZSBUcmVhc3VyeTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEc
MBoGA1UECxMTVVMgVHJlYXN1cnkgUm9vdCBDQTENMAsGA1UEAxMEQ1JMMTAfBgNV
HSMEGDAWgBQXS7gmuml6rRJQV0Uxnle7dKXaLzAdBgNVHQ4EFgQUzZocYHLB676u
xausSZDrTY7x364wDQYJKoZIhvcNAQELBQADggIBAG9wmogOowxlcDKIU02g41uY
NPHj6cbzVYrZRPsBqGHAFLgaUujYqhTrnt8WAPSTiYMqK5dElH5yTwsxZa4t1JZT
qoftu/B72Jl5FK06iiHkTAL3UUvXoJMMK+WXaIKIDHuX+9Eghh/HMh85pBjbA1oE
o29x7bvaLzKwBtSxBlTTnCymEJ+KgoUJkwTId51FMnKWVjf9TFxQSlqNQWIUVfZd
4/Fps5lLuD18qUH10LbisS8mg5ZHimXD1TbPLc+Mwx+uoYDqf+2UYmDra7cTYApY
LbNotGTHOKLtQX/2bF2YS0ovyr0M4JPk8BrKSkOdx/8BpxrohhedVk7sWPN/3h54
5MZKN9XGgA1/DRMK7vmDvDv29BatIUjaiRcCs/1ioWaswnrrTPGsZaeswOmJQgDv
zcypSQyGWCG0KsHWiJHefhpABYHFx50Sx7MrJE8KC+/hwn3FyC7A/m4JyZNRKwk7
oiBuD2rM9hVGkQtb0Ufbk+IP5QYgIRMcLi0kopVJlyrdAs3EZov5b8dB/abZMyb5
/gdRurZAPDZz/OyZv6y+FM78BtVNfVtwxvZsRrCIksIxAbcEGGsr6pUXjPmHUhMg
6SaH+i8dwor77muqucT3IxJ9vO3hsqnvTsoHlL4gx35FxjHSzWT/dRGzBsg0rwOn
74bVoheP2PAarCvmEWXL
-----END CERTIFICATE-----
- caHash: '5AD254C3ECEBB5B7E108CAA0CC8030598A7B7709'
caSKI: 'D7CE284CC8246A56465B75658B67C4FAC8E088A5'
caAKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caName: 'OCIO CA - 4e398101'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/OCIO_CA4.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIGFDCCBPygAwIBAgIETjmBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTUwNDE5MTUx
NzQ1WhcNMjUwNDE5MTU0NzQ1WjCBgjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0aGUgVHJlYXN1
cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxEDAOBgNVBAsT
B09DSU8gQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8CjWvG4CZ
kWKvvwoJWwUYjTZCadgM0uPjoRUaIi9iMm2XziiVXbJR4m+g38QB1y5sRKLtbFBS
8Kr0ePlOyhjfAnJ11jPap+j3C2mM6/lFFZb2N/0zOugEKSr7ISMJe1xMya6G8RvZ
bTUCNCte6oMnNbrM+emzppuvtmFcyod6t8vsvQ2I3Zoo+L9uAWjqjiIB+1nIhzYc
kddJACtccpcxseeIfW33DO5OITb9UqIVz6Ldxarn5zAWMKee1btc+t/Uzz43euDd
Zso6wr1+E3JB1dMtGDSAUqCdeBqzLye+nww+vIIPovu7oduT+tP20Zy6WQhUzDJt
tM3rKqMAmWN3AgMBAAGjggKCMIICfjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
BAUwAwEB/zCBpQYDVR0gBIGdMIGaMAwGCmCGSAFlAwIBBQIwDAYKYIZIAWUDAgEF
AzAMBgpghkgBZQMCAQUHMAwGCmCGSAFlAwIBBQQwDAYKYIZIAWUDAgEDCDAMBgpg
hkgBZQMCAQMNMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDJzAMBgpghkgBZQMC
AQMkMAwGCmCGSAFlAwIBAygwDAYKYIZIAWUDAgEDKTBABggrBgEFBQcBAQQ0MDIw
MAYIKwYBBQUHMAKGJGh0dHA6Ly9wa2kudHJlYXN1cnkuZ292L3RvY2FfYWlhLnA3
YzBABggrBgEFBQcBCwQ0MDIwMAYIKwYBBQUHMAWGJGh0dHA6Ly9wa2kudHJlYXN1
cnkuZ292L3RvY2Ffc2lhLnA3YzCB7gYDVR0fBIHmMIHjMDWgM6Axhi9odHRwOi8v
cGtpLnRyZWFzdXJ5Lmdvdi9VU19UcmVhc3VyeV9Sb290X0NBLmNybDCBqaCBpqCB
o6SBoDCBnTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEj
MCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNl
cnRpZmljYXRpb24gQXV0aG9yaXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJv
b3QgQ0ExDTALBgNVBAMTBENSTDEwHwYDVR0jBBgwFoAUaIQVSIxUcH8tElgO7Bx4
7zwuWWQwHQYDVR0OBBYEFNfOKEzIJGpWRlt1ZYtnxPrI4IilMA0GCSqGSIb3DQEB
CwUAA4IBAQAmGCXCZuJf0thAyWX9ryLuiMdyZwC6W/sfXRpYzfQKwmmqMnoU55ls
CLlFCoNjS7DN6Vp3FdsxoRgsZG0juu2fbzO31GkJiyzhAHVR2q4YUtoo8Fi86rG0
bNUXmtJB3C8LFOFHp83w9zPKCrpEFEuzO0CTTrjHmpMgjOflHOKBnMyvYSq3wNbf
q1q/XYClv/3L0L8lvaG82+IZpQIzGrphIFmuw25nMaUkT3NzRQaIPaZxRRzXOFvh
uh8vuWzo4YP2hPOfVO18EMXH0M639REKtqDMIkllBuNOHD8RcMu+CJ/xSxdUrra5
Kao6TKIjbio9/JhCr5XL7ee3a0tjkt9p
-----END CERTIFICATE-----
- caHash: '918A68D87FB6011AFE3666076319ED0462DF0940'
caSKI: 'A213A8E5C607546C243D4EB72B27A2A7711AB5AF'
caAKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caName: 'OCIO CA - 4a61d192'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/OCIO_CA3.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIIHDCCBwSgAwIBAgIESmHRkjANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTAxMTA3MTQ0
NjA4WhcNMjAxMTA3MTUxNjA4WjCBgjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0aGUgVHJlYXN1
cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxEDAOBgNVBAsT
B09DSU8gQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1rUGnfR6T
2B9D020G1kJVV7CRemHz4t/gv16wpxy//78qFCUm87LF2v/StLHYfXd9rj4VRYKf
HZLCpPEyVh+D0GBoLHz8ivdbIaRmJ9mDFEnTO9WgLGuC/q1FQBeq30SzBMu6Ns0p
Wb9IdAj1m/WSXjYFLXxzWNTkC+fXQVcLmFdNJmn35svEe/Pp7C2qJIJ7p4TYSxFp
OkYBP6Vbp62AKXGuamGg+LRQO5+TDMrmY6xxeK1xBw4DunPu79st7uQ8Pr7xfl+0
rXDDBCXX+5InZm9jHcR48jTEMgtt/ZMYxzUDX3/mO8bclPmgu3h2N6CTUEUTCCuK
KDqJabOC2yjNAgMBAAGjggSKMIIEhjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
BAUwAwEB/zBrBgNVHSAEZDBiMAwGCmCGSAFlAwIBBQIwDAYKYIZIAWUDAgEFAzAM
BgpghkgBZQMCAQUEMAwGCmCGSAFlAwIBBQcwDAYKYIZIAWUDAgEFCDAMBgpghkgB
ZQMCAQMNMAwGCmCGSAFlAwIBAxEwggEPBggrBgEFBQcBAQSCAQEwgf4wLQYIKwYB
BQUHMAKGIWh0dHA6Ly9wa2kudHJlYXMuZ292L3RvY2FfYWlhLnA3YzCBzAYIKwYB
BQUHMAKGgb9sZGFwOi8vbGRhcC50cmVhcy5nb3Yvb3U9VVMlMjBUcmVhc3VyeSUy
MFJvb3QlMjBDQSxvdT1DZXJ0aWZpY2F0aW9uJTIwQXV0aG9yaXRpZXMsb3U9RGVw
YXJ0bWVudCUyMG9mJTIwdGhlJTIwVHJlYXN1cnksbz1VLlMuJTIwR292ZXJubWVu
dCxjPVVTP2NBQ2VydGlmaWNhdGU7YmluYXJ5LGNyb3NzQ2VydGlmaWNhdGVQYWly
O2JpbmFyeTCB4gYIKwYBBQUHAQsEgdUwgdIwLQYIKwYBBQUHMAWGIWh0dHA6Ly9w
a2kudHJlYXMuZ292L3RvY2Ffc2lhLnA3YzCBoAYIKwYBBQUHMAWGgZNsZGFwOi8v
bGRhcC50cmVhcy5nb3Yvb3U9T0NJTyUyMENBLG91PUNlcnRpZmljYXRpb24lMjBB
dXRob3JpdGllcyxvdT1EZXBhcnRtZW50JTIwb2YlMjB0aGUlMjBUcmVhc3VyeSxv
PVUuUy4lMjBHb3Zlcm5tZW50LGM9VVM/Y0FDZXJ0aWZpY2F0ZTtiaW5hcnkwggGh
BgNVHR8EggGYMIIBlDAyoDCgLoYsaHR0cDovL3BraS50cmVhcy5nb3YvVVNfVHJl
YXN1cnlfUm9vdF9DQS5jcmwwggFcoIIBWKCCAVSkgaAwgZ0xCzAJBgNVBAYTAlVT
MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxIzAhBgNVBAsTGkRlcGFydG1lbnQg
b2YgdGhlIFRyZWFzdXJ5MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
aWVzMRwwGgYDVQQLExNVUyBUcmVhc3VyeSBSb290IENBMQ0wCwYDVQQDEwRDUkwx
hoGubGRhcDovL2xkYXAudHJlYXMuZ292L2NuPUNSTDEsb3U9VVMlMjBUcmVhc3Vy
eSUyMFJvb3QlMjBDQSxvdT1DZXJ0aWZpY2F0aW9uJTIwQXV0aG9yaXRpZXMsb3U9
RGVwYXJ0bWVudCUyMG9mJTIwdGhlJTIwVHJlYXN1cnksbz1VLlMuJTIwR292ZXJu
bWVudCxjPVVTP2F1dGhvcml0eVJldm9jYXRpb25MaXN0MB8GA1UdIwQYMBaAFGiE
FUiMVHB/LRJYDuwceO88LllkMB0GA1UdDgQWBBSiE6jlxgdUbCQ9TrcrJ6KncRq1
rzAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIAgTANBgkqhkiG9w0BAQsFAAOCAQEA
SQaQPskdUvqKQHLPudiVr+Mvh9Vsn36DwzyO//JkJc7JNFEuS3kKh666tn66Qh6d
C9nqB7LlhyishbkzBlYAVLmkPE/jOiPN8MAqUuipdqlbio+aNDUXdVW9qBztDKBl
URG6GUsojyxdiYyME1yjwj5KmeCxUazVJ+sHwzU552HAEQMRzYyZaaObPGcWBJ7K
95gHNalTJk5LE4kfFSmOHOu6MqGJ+3qpH0rNAUkz0nh0vGaCp5NF1GyOx7usE1j5
ZibqtHCXOagotOsjHEoPglgVstU8bz5vgIAXMaNHbShKb5H2W1JYa+4paSQEwLcQ
BY8L4e8xbZPbSh6jxtiweQ==
-----END CERTIFICATE-----
- caHash: 'F9299790EB271125FD91E661CEDE4EE202D7E758'
caSKI: 'A6B2162A4AAA2FE62FD9110251227CE3B4D933CC'
caAKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caName: 'OCIO CA - 4a61d147'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/OCIO_CA2.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIIHDCCBwSgAwIBAgIESmHRRzANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTAwOTEyMTQ0
NjQxWhcNMjAwOTEyMTUxNjQxWjCBgjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0aGUgVHJlYXN1
cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxEDAOBgNVBAsT
B09DSU8gQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC81LSqbzWt
Z0AaDRLv+2PVvdzsZxlK05NXB4+sGLqflO7ej4FEUhRW3TQRCMKGdx47ZOpAA7ja
0/rqTPLa3G86ukksX+Z4tlQk73rODP73rM5P1/m0WKLu3PqipWd0bg/KHAKqn4lH
UtlBLzJ0ZiuZLPdpkadQH8wqDz+vfRS0oGrArnAtMNNKwEE/sGrYDcgoVLuGhI4s
VjvE6KQi40XmuDZEpuFTrVjks53nBcb5IOM+dYrtS4AsLwUwoU/bncB26FKMdbCp
wGaOW8aJYmRculBAtkAMXqBfwyJN9JRqIR95sfrj5/sSFMOMIV5NEIuO/Hsn6B/E
ogmDeNioLwT/AgMBAAGjggSKMIIEhjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
BAUwAwEB/zBrBgNVHSAEZDBiMAwGCmCGSAFlAwIBBQIwDAYKYIZIAWUDAgEFAzAM
BgpghkgBZQMCAQUEMAwGCmCGSAFlAwIBBQcwDAYKYIZIAWUDAgEFCDAMBgpghkgB
ZQMCAQMNMAwGCmCGSAFlAwIBAxEwggEPBggrBgEFBQcBAQSCAQEwgf4wLQYIKwYB
BQUHMAKGIWh0dHA6Ly9wa2kudHJlYXMuZ292L3RvY2FfYWlhLnA3YzCBzAYIKwYB
BQUHMAKGgb9sZGFwOi8vbGRhcC50cmVhcy5nb3Yvb3U9VVMlMjBUcmVhc3VyeSUy
MFJvb3QlMjBDQSxvdT1DZXJ0aWZpY2F0aW9uJTIwQXV0aG9yaXRpZXMsb3U9RGVw
YXJ0bWVudCUyMG9mJTIwdGhlJTIwVHJlYXN1cnksbz1VLlMuJTIwR292ZXJubWVu
dCxjPVVTP2NBQ2VydGlmaWNhdGU7YmluYXJ5LGNyb3NzQ2VydGlmaWNhdGVQYWly
O2JpbmFyeTCB4gYIKwYBBQUHAQsEgdUwgdIwLQYIKwYBBQUHMAWGIWh0dHA6Ly9w
a2kudHJlYXMuZ292L3RvY2Ffc2lhLnA3YzCBoAYIKwYBBQUHMAWGgZNsZGFwOi8v
bGRhcC50cmVhcy5nb3Yvb3U9T0NJTyUyMENBLG91PUNlcnRpZmljYXRpb24lMjBB
dXRob3JpdGllcyxvdT1EZXBhcnRtZW50JTIwb2YlMjB0aGUlMjBUcmVhc3VyeSxv
PVUuUy4lMjBHb3Zlcm5tZW50LGM9VVM/Y0FDZXJ0aWZpY2F0ZTtiaW5hcnkwggGh
BgNVHR8EggGYMIIBlDAyoDCgLoYsaHR0cDovL3BraS50cmVhcy5nb3YvVVNfVHJl
YXN1cnlfUm9vdF9DQS5jcmwwggFcoIIBWKCCAVSkgaAwgZ0xCzAJBgNVBAYTAlVT
MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxIzAhBgNVBAsTGkRlcGFydG1lbnQg
b2YgdGhlIFRyZWFzdXJ5MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
aWVzMRwwGgYDVQQLExNVUyBUcmVhc3VyeSBSb290IENBMQ0wCwYDVQQDEwRDUkwx
hoGubGRhcDovL2xkYXAudHJlYXMuZ292L2NuPUNSTDEsb3U9VVMlMjBUcmVhc3Vy
eSUyMFJvb3QlMjBDQSxvdT1DZXJ0aWZpY2F0aW9uJTIwQXV0aG9yaXRpZXMsb3U9
RGVwYXJ0bWVudCUyMG9mJTIwdGhlJTIwVHJlYXN1cnksbz1VLlMuJTIwR292ZXJu
bWVudCxjPVVTP2F1dGhvcml0eVJldm9jYXRpb25MaXN0MB8GA1UdIwQYMBaAFGiE
FUiMVHB/LRJYDuwceO88LllkMB0GA1UdDgQWBBSmshYqSqov5i/ZEQJRInzjtNkz
zDAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIAgTANBgkqhkiG9w0BAQUFAAOCAQEA
jnO1DGdMHQ4nuNqcS6++E6OHt4WqqzlN/HP+ytmgsbO0dUsVcXOvpJQ/r2+vBV4l
ZWqkQge4dBLCs0wDRpGynELim1NLCMFMTYl78JB5STPYQA6bEH72rQJqIempmGeX
jn5uuhwH4aD/3RXoXJV2v/y/L/IylyIkBF8QT5/mrF9Yr2f/kky1rzfwCk8RLiGz
U3KpwWyRYeWYE+ye6w+RNqo2fdNRei1+wLp38VHeed/eu2xqKN7dQn0oXkb4eXWh
QEqIT+x+8k2L4Sh9AOsfnBD03DWnhF0nE6aNi3krdX6LL+OS8z+T4cpqLhmfkqvo
aU0Bu+GoZ2fuMFMeV9c08g==
-----END CERTIFICATE-----
- caHash: 'F504012B1FE57B4381E3BF5BA9F491144ED76EE1'
caSKI: '02A4BC7FDC3443D8EB3C3B9E90D6F757A9186F50'
caAKI: '174BB826BA697AAD12505745319E57BB74A5DA2F'
caName: 'NASA Operational CA - 5ccb3196'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/NASA_Operational_CA4.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIHJjCCBQ6gAwIBAgIEXMsxljANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTkwNTA0MTI0
MDU1WhcNMjkwNTA0MTMxMDU1WjB4MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5T
LiBHb3Zlcm5tZW50MQ0wCwYDVQQLEwROQVNBMSIwIAYDVQQLExlDZXJ0aWZpY2F0
aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQLExNOQVNBIE9wZXJhdGlvbmFsIENBMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7V9GuzMVo9GTWC9wjlcEBwRf
NjvZtWBNt1VIybkUqqlTTfLO3tXYZekzmgyu9R6uJ30SjNNGCm/oioMaxZre82Y5
0TBW5/CLUS9hEmWhTgSi2NuhiPRvIBHMLaA3VZ8DXBLtat8YRR+JnWANBSnIvnE1
j6YEL0A3IsRlueIAxzo0IwW3lW/qBLmKwbqjkag1HxnZoTUSAt3j5N7MTa6j4KpP
2+vWokTy6YVqRl6h1q7b1bKCDIlshz1vPr3XKXOE5tRpKBN7XQfdlv87J8FbCg0U
B6wVgoNrEWlj5A6m6rDXTEta3PYfRcFesacFGvDxeZ/yOZClAkDSlyZdf9Z1JwID
AQABo4ICnzCCApswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgcEG
A1UdIASBuTCBtjAMBgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZIAWUD
AgEDCDAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxAwDAYKYIZIAWUDAgEDETAM
BgpghkgBZQMCAQMkMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpghkgB
ZQMCAQMpMAwGCmCGSAFlAwIBBQowDAYKYIZIAWUDAgEFCzAMBgpghkgBZQMCAQUM
MEAGCCsGAQUFBwEBBDQwMjAwBggrBgEFBQcwAoYkaHR0cDovL3BraS50cmVhc3Vy
eS5nb3Yvbm9jYV9haWEucDdjMEAGCCsGAQUFBwELBDQwMjAwBggrBgEFBQcwBYYk
aHR0cDovL3BraS50cmVhc3VyeS5nb3Yvbm9jYV9zaWEucDdjMIHvBgNVHR8Egecw
geQwNqA0oDKGMGh0dHA6Ly9wa2kudHJlYXN1cnkuZ292L1VTX1RyZWFzdXJ5X1Jv
b3RfQ0ExLmNybDCBqaCBpqCBo6SBoDCBnTELMAkGA1UEBhMCVVMxGDAWBgNVBAoT
D1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0aGUgVHJl
YXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxHDAaBgNV
BAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0ExDTALBgNVBAMTBENSTDEwHwYDVR0jBBgw
FoAUF0u4Jrppeq0SUFdFMZ5Xu3Sl2i8wHQYDVR0OBBYEFAKkvH/cNEPY6zw7npDW
91epGG9QMA0GCSqGSIb3DQEBCwUAA4ICAQBrYmDz3VQjTIf+XC78erRN5o3+ZmK/
0eS1YH0mHPzoYEs8KXW5AFoCZOn13e8UuTbT17u6vWh0w4hFgsy42oSbk+9ccqgI
tywKVe/KSxp2Srui0fHZZIDT1EfE35MP/kl9NGLbtMzOWFvIOHmyChe1G05Mzud6
WJENQvSgssMJUDrEfYtTCKDH1vYjANgn0UbU/10d5uOILN1Y5n4wI3rxODSYMbs+
GsSyeF5htochwI8arcokdwpRkXvRjA0PtpNeTllkhOR3CgRo7oqGd8uoOrxIeqWy
fQxvyJsBRFsg1FfVwbEkItltVO53A2Je4jJkcDMPuZGtG5Wh1S3qa2cdrWu0GK7u
RoEkEbqBGi/fwKlFntxtEhC4/1w+cCUEm9UO8zOywGABBjEUcxk0Lz/ek/c3DzEb
f/x4hpviHPEbFYYBJJPVN1/udMVvPNxk61DoVh0JFgWjCrufpg2WQHDafqY1BCID
/b7pQlyTcekrc3HF7HwcRxgUMnjaDf+LTvxC3rudyCB819g80H36w5rw1kEJmqMO
vsbSXqYjnv0y7z32rbfwC6J2WihqoZ5YATSWQftsT9Bm3bvsD/lqXaeF4QkGDbWi
sa1wasV/8lR+NUhYElwnw8U26cyzspGRL5nuP7kgklFXOSWfsNwA/QOV3wzVDkCe
osK9fuSkERJIYw==
-----END CERTIFICATE-----
- caHash: 'FE7572BBDE7B7F44152ACC8E1715C18714DC9D63'
caSKI: '853F77E4D27A51E9564E8D4DC49DC85ED5D84475'
caAKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caName: 'NASA Operational CA - 4e398116'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/NASA_Operational_CA3.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIETjmBFjANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTUwNjEzMTQy
NDUyWhcNMjUwNjEzMTQ1NDUyWjB4MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5T
LiBHb3Zlcm5tZW50MQ0wCwYDVQQLEwROQVNBMSIwIAYDVQQLExlDZXJ0aWZpY2F0
aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQLExNOQVNBIE9wZXJhdGlvbmFsIENBMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZTcDafMMC1SBZaI4/9mXX9B
JOh+o+M34EIuWkB7UW4jN/6qo/1qp2dYOjg3ZJbrxv25X5K2fLbEpq/JWIOQkTL4
GfJZxs11y8nGXCq+5inMAgFgT8FdFLq7yIBNHjBz+DmW0fH+viUd0skZNlWHo4oF
cjm5l+5LkhRMJS5vFAIwIyosu50+k2yWrQszzuq90c8AL3HwYS9bpThGXKUOcP/i
6y2aAVTpT6L9xDOi1FYp+QdufmTLkB6mPAZu3/wYQ6k/92udp5jplVmZqAZ3fVsc
iv/gyG7cagq/DaP+Lov/edblrDtu+Fa2MyviJEGzIN4vXigTiQ1tq5JSislY2QID
AQABo4ICdDCCAnAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZcG
A1UdIASBjzCBjDAMBgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZIAWUD
AgEDCDAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxAwDAYKYIZIAWUDAgEDETAM
BgpghkgBZQMCAQMkMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpghkgB
ZQMCAQMpMEAGCCsGAQUFBwEBBDQwMjAwBggrBgEFBQcwAoYkaHR0cDovL3BraS50
cmVhc3VyeS5nb3Yvbm9jYV9haWEucDdjMEAGCCsGAQUFBwELBDQwMjAwBggrBgEF
BQcwBYYkaHR0cDovL3BraS50cmVhc3VyeS5nb3Yvbm9jYV9zaWEucDdjMIHuBgNV
HR8EgeYwgeMwNaAzoDGGL2h0dHA6Ly9wa2kudHJlYXN1cnkuZ292L1VTX1RyZWFz
dXJ5X1Jvb3RfQ0EuY3JsMIGpoIGmoIGjpIGgMIGdMQswCQYDVQQGEwJVUzEYMBYG
A1UEChMPVS5TLiBHb3Zlcm5tZW50MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRo
ZSBUcmVhc3VyeTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEc
MBoGA1UECxMTVVMgVHJlYXN1cnkgUm9vdCBDQTENMAsGA1UEAxMEQ1JMMTAfBgNV
HSMEGDAWgBRohBVIjFRwfy0SWA7sHHjvPC5ZZDAdBgNVHQ4EFgQUhT935NJ6UelW
To1NxJ3IXtXYRHUwDQYJKoZIhvcNAQELBQADggEBAHNuwl7BwfIjgu5Oyd6Ed8eL
xPHej2qWT4SVr8M5N0mxa9tW7N+bEccctkSa0s0svL5WgXBL8pDakoOXWxbI7aBJ
fSG3+Af7nRE10U1hMBlhxqd+GlQHiIgjJeIXN20WwuRfUwFR7ze45rGmqOzF2GEi
CIA/eeaTtQSiCs7OCqpf/Cx7ShP335XIk5Ft9Em+RXLBd7VVZpj7WOlfJARa3htw
tpqtj/ZSwYEFZpecbWZjxvTVhmrAQv+9k1FO4zcpStYY+tD62eiRdEnHanN5MR3q
E+zLhSow/xs6K5uTJCuVEiaalM+HBDJ10UDjwKGMlUX1H6bI1iEnk/dYbc6Pvv8=
-----END CERTIFICATE-----
- caHash: '76A6EAA852710E00B368C41080E6131140AAF189'
caSKI: '072E9A6A58832153C968625263F66D4B323A9E82'
caAKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caName: 'NASA Operational CA - 4a61d2a5'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/NASA_Operational_CA2.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIICDCCBvCgAwIBAgIESmHSpTANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTEwMTIyMTMz
OTA2WhcNMjEwMTIyMTQwOTA2WjB4MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5T
LiBHb3Zlcm5tZW50MQ0wCwYDVQQLEwROQVNBMSIwIAYDVQQLExlDZXJ0aWZpY2F0
aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQLExNOQVNBIE9wZXJhdGlvbmFsIENBMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3DHBYXeW7Tm7RAgvE01qt2B
BunNaqRfzaLZMNEhniz9lO7HVBzKPoaXb+u9ubL67N3BYdOI93ozLzA/mgysGUVD
a2gKtVGTvs09T3TIfaZcpja1dQ1LgpQl76xHrzilPZh5PYjYt2tl6v50+ZMGjAup
qeQjC2ah0mTeX8DBQ0xP93v/dGF9FT0NCo9KQOe+jF6qBLhSdVn4I3fmhljgpHoI
+TtgY8kyRqaYESJZ0Qfy3WoxN37I2Idb8CCQXA8C1ulXHx5hiUTZEh3vf4u2k1vj
O9XtHwqkM723jusEnENmFLC5tWNPJ/LYCia61rebzWqR8HOcz0TOdePSYElYVwID
AQABo4IEgTCCBH0wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wXQYD
VR0gBFYwVDAMBgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgED
BzAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDEDCCAQ8G
CCsGAQUFBwEBBIIBATCB/jAtBggrBgEFBQcwAoYhaHR0cDovL3BraS50cmVhcy5n
b3Yvbm9jYV9haWEucDdjMIHMBggrBgEFBQcwAoaBv2xkYXA6Ly9sZGFwLnRyZWFz
Lmdvdi9vdT1VUyUyMFRyZWFzdXJ5JTIwUm9vdCUyMENBLG91PUNlcnRpZmljYXRp
b24lMjBBdXRob3JpdGllcyxvdT1EZXBhcnRtZW50JTIwb2YlMjB0aGUlMjBUcmVh
c3VyeSxvPVUuUy4lMjBHb3Zlcm5tZW50LGM9VVM/Y0FDZXJ0aWZpY2F0ZTtiaW5h
cnksY3Jvc3NDZXJ0aWZpY2F0ZVBhaXI7YmluYXJ5MIHtBggrBgEFBQcBCwSB4DCB
3TAtBggrBgEFBQcwBYYhaHR0cDovL3BraS50cmVhcy5nb3Yvbm9jYV9zaWEucDdj
MIGrBggrBgEFBQcwBYaBnmxkYXA6Ly9sYy5uYXNhLmdvdi9vdT1OQVNBJTIwT3Bl
cmF0aW9uYWwlMjBDQSxvdT1DZXJ0aWZpY2F0aW9uJTIwQXV0aG9yaXRpZXMsb3U9
TkFTQSxvPVUuUy4lMjBHb3Zlcm5tZW50LGM9VVM/Y0FDZXJ0aWZpY2F0ZTtiaW5h
cnksY3Jvc3NDZXJ0aWZpY2F0ZVBhaXI7YmluYXJ5MIIBmwYDVR0fBIIBkjCCAY4w
gamggaaggaOkgaAwgZ0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy
bm1lbnQxIzAhBgNVBAsTGkRlcGFydG1lbnQgb2YgdGhlIFRyZWFzdXJ5MSIwIAYD
VQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQLExNVUyBUcmVh
c3VyeSBSb290IENBMQ0wCwYDVQQDEwRDUkwxMIHfoIHcoIHZhixodHRwOi8vcGtp
LnRyZWFzLmdvdi9VU19UcmVhc3VyeV9Sb290X0NBLmNybIaBqGxkYXA6Ly9sZGFw
LnRyZWFzLmdvdi9vdT1VUyUyMFRyZWFzdXJ5JTIwUm9vdCUyMENBLG91PUNlcnRp
ZmljYXRpb24lMjBBdXRob3JpdGllcyxvdT1EZXBhcnRtZW50JTIwb2YlMjB0aGUl
MjBUcmVhc3VyeSxvPVUuUy4lMjBHb3Zlcm5tZW50LGM9VVM/Y2VydGlmaWNhdGVS
ZXZvY2F0aW9uTGlzdDAfBgNVHSMEGDAWgBRohBVIjFRwfy0SWA7sHHjvPC5ZZDAd
BgNVHQ4EFgQUBy6aaliDIVPJaGJSY/ZtSzI6noIwGQYJKoZIhvZ9B0EABAwwChsE
VjcuMQMCAIEwDQYJKoZIhvcNAQELBQADggEBACwix0bmAjpbH10Evdq7S/A3K19c
MY24tFa/zu1ZbYPqsiQQgnwYs2KaFzn3ZJv+3wWUouMFySyX9+fKIBRsD2JelkNH
slJ7mMLZGLIxsFZAKNT2eWMeDZ0fmHyGLI8z17vwAVxDE525CajmY6f4ZoLac0Zu
ejZz1ACbdYriVpPDVQOXHK0s+CCwms4jOoaWkgaYUXtvnnhU5eJzaif4wqXjT8ny
14b0wQPRzeK1Rn3retSoLA5tJ77AM+WuPGV43ioAoBLjKFU1deC7wzzX2w4tcyRT
4ENloYPp+dzsKzv3pwnr+Y50VoQ8veXSj7GUHqodfFP3apRHwaGFj0vEHo0=
-----END CERTIFICATE-----
- caHash: 'ED3FB316118257A44EA11A493DA1415BEB3012D7'
caSKI: '0486A06C34A1AC46051AD8FA8DBE72D0EB934869'
caAKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caName: 'Fiscal Service - 4e398167'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/FS_CA6.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIG7zCCBdegAwIBAgIETjmBZzANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTUxMDE3MTMz
NzI2WhcNMjUxMDE3MTQwNzI2WjBlMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5T
LiBHb3Zlcm5tZW50MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRoZSBUcmVhc3Vy
eTEXMBUGA1UECxMORmlzY2FsIFNlcnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDP+nHCXzRG0vHok09fu3R/M5//iD+1O8l5kQmhizC4nv6tYqBO
ywmEfRnAyEgJmyNOO8ZThSufcvdopvZDMh4mtZ77hxw+48FC2Yb1LexWhb2G5f9G
U7Hi3HXql1VGmtAMoD3QE2gmjBFtVARcwaJ+H+hhrMA5b6iLMowgt7u92Kklhf37
o0cfpd39iCXG/GT0w6UbLFtoR3aowk1e4cLNlWTvUCxEdATup5ekPTBGHctshe+S
y5HDSPnhsDfzqejjGddqpGAaMDq+I3FBmqXWwatsNoMT+xTRVhPIJmCuuUbKUSPJ
XMj4ulbPDFv6a/i+c0xIZGbzV29QFlDEE8O/AgMBAAGjggN7MIIDdzAOBgNVHQ8B
Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBBBgNVHSAEOjA4MAwGCmCGSAFlAwIB
BQQwDAYKYIZIAWUDAgEFBzAMBgpghkgBZQMCAQUDMAwGCmCGSAFlAwIBBQIwggEP
BggrBgEFBQcBAQSCAQEwgf4wLQYIKwYBBQUHMAKGIWh0dHA6Ly9wa2kudHJlYXMu
Z292L2ZzY2FfYWlhLnA3YzCBzAYIKwYBBQUHMAKGgb9sZGFwOi8vbGRhcC50cmVh
cy5nb3Yvb3U9VVMlMjBUcmVhc3VyeSUyMFJvb3QlMjBDQSxvdT1DZXJ0aWZpY2F0
aW9uJTIwQXV0aG9yaXRpZXMsb3U9RGVwYXJ0bWVudCUyMG9mJTIwdGhlJTIwVHJl
YXN1cnksbz1VLlMuJTIwR292ZXJubWVudCxjPVVTP2NBQ2VydGlmaWNhdGU7Ymlu
YXJ5LGNyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTCCAaEGA1UdHwSCAZgwggGU
MIIBXKCCAVigggFUpIGgMIGdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBH
b3Zlcm5tZW50MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRoZSBUcmVhc3VyeTEi
MCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEcMBoGA1UECxMTVVMg
VHJlYXN1cnkgUm9vdCBDQTENMAsGA1UEAxMEQ1JMMYaBrmxkYXA6Ly9sZGFwLnRy
ZWFzLmdvdi9jbj1DUkwxLG91PVVTJTIwVHJlYXN1cnklMjBSb290JTIwQ0Esb3U9
Q2VydGlmaWNhdGlvbiUyMEF1dGhvcml0aWVzLG91PURlcGFydG1lbnQlMjBvZiUy
MHRoZSUyMFRyZWFzdXJ5LG89VS5TLiUyMEdvdmVybm1lbnQsYz1VUz9hdXRob3Jp
dHlSZXZvY2F0aW9uTGlzdDAyoDCgLoYsaHR0cDovL3BraS50cmVhcy5nb3YvVVNf
VHJlYXN1cnlfUm9vdF9DQS5jcmwwHwYDVR0jBBgwFoAUaIQVSIxUcH8tElgO7Bx4
7zwuWWQwHQYDVR0OBBYEFASGoGw0oaxGBRrY+o2+ctDrk0hpMBkGCSqGSIb2fQdB
AAQMMAobBFY3LjEDAgCBMA0GCSqGSIb3DQEBCwUAA4IBAQC/R9Lrmvs14KXZXjAC
UovGR8Fug8pcnhA+P0kF3bMSua8UTp3vTd+0kz3wu1jaXCzKxFC7GIykUEqSMo53
NnOLSWYvejpuDC4BzGIjAGPfGosoXKh2wxt+LQAcfnxO7OIRah8uA78YZsjoEjbO
YNxyOSR/BqOrhphqJjKUxekBf2/DMW2Uer7p8Pl+SZw9rQ664aBJNjZF7kkK733I
cmFbI3ETq+HRodtotcgALmp5WstD/wBnprhYfgWKGe4jweOVIapgkTaahJLIwIeg
DnUpn1vszsPZ9Zn11KQO8BYLNzXuxiG/Cx0y83qm+yaiv8/+BrpbtE6SyJnTZ7qj
dJ6/
-----END CERTIFICATE-----
- caHash: 'B3B90EDE68B05F0096F5AA497787F950FDD8CCAD'
caSKI: 'E8D2AFDCE00A6E16CE13272FD3D8AF3B6A182646'
caAKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caName: 'Fiscal Service - 4a61d1c9'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/FS_CA5.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIG7zCCBdegAwIBAgIESmHRyTANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTAxMjA1MTMz
ODQwWhcNMjAxMjA1MTQwODQwWjBlMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5T
LiBHb3Zlcm5tZW50MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRoZSBUcmVhc3Vy
eTEXMBUGA1UECxMORmlzY2FsIFNlcnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCuISG2vBjIzg7pDx8X52X+rtz3M9IvktHCY45tR7+/quRJ00G
ByqPELij/tMOWicC1D1n/ZBAm0TVIwkhDp4hwtHg5i33wdzogHv3KiEWvXGt/iuY
0SgMnPMc5NdFNjpjjHD0XAghZMieqBq/5uyxx7aXznOToLc3A2HXHcKrwWQCl3pc
UfxvC6541amLeJXlRA1oDkJgfgWXpWF5m1BXaa+sqYP78R4OF8Tfx9j+PYO0idpU
9BWoFJ+o/oJeEcoYwkG9x/pKkYGjoG2v5LiDtvhDlgxD1VXPa+sFjIeY2czxyuIo
SOxA4LIws+XyiHzThnqzSEaARlkkQTXQOt+XAgMBAAGjggN7MIIDdzAOBgNVHQ8B
Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBBBgNVHSAEOjA4MAwGCmCGSAFlAwIB
BQQwDAYKYIZIAWUDAgEFBzAMBgpghkgBZQMCAQUDMAwGCmCGSAFlAwIBBQIwggEP
BggrBgEFBQcBAQSCAQEwgf4wLQYIKwYBBQUHMAKGIWh0dHA6Ly9wa2kudHJlYXMu
Z292L2ZzY2FfYWlhLnA3YzCBzAYIKwYBBQUHMAKGgb9sZGFwOi8vbGRhcC50cmVh
cy5nb3Yvb3U9VVMlMjBUcmVhc3VyeSUyMFJvb3QlMjBDQSxvdT1DZXJ0aWZpY2F0
aW9uJTIwQXV0aG9yaXRpZXMsb3U9RGVwYXJ0bWVudCUyMG9mJTIwdGhlJTIwVHJl
YXN1cnksbz1VLlMuJTIwR292ZXJubWVudCxjPVVTP2NBQ2VydGlmaWNhdGU7Ymlu
YXJ5LGNyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTCCAaEGA1UdHwSCAZgwggGU
MIIBXKCCAVigggFUpIGgMIGdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBH
b3Zlcm5tZW50MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRoZSBUcmVhc3VyeTEi
MCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEcMBoGA1UECxMTVVMg
VHJlYXN1cnkgUm9vdCBDQTENMAsGA1UEAxMEQ1JMMYaBrmxkYXA6Ly9sZGFwLnRy
ZWFzLmdvdi9jbj1DUkwxLG91PVVTJTIwVHJlYXN1cnklMjBSb290JTIwQ0Esb3U9
Q2VydGlmaWNhdGlvbiUyMEF1dGhvcml0aWVzLG91PURlcGFydG1lbnQlMjBvZiUy
MHRoZSUyMFRyZWFzdXJ5LG89VS5TLiUyMEdvdmVybm1lbnQsYz1VUz9hdXRob3Jp
dHlSZXZvY2F0aW9uTGlzdDAyoDCgLoYsaHR0cDovL3BraS50cmVhcy5nb3YvVVNf
VHJlYXN1cnlfUm9vdF9DQS5jcmwwHwYDVR0jBBgwFoAUaIQVSIxUcH8tElgO7Bx4
7zwuWWQwHQYDVR0OBBYEFOjSr9zgCm4WzhMnL9PYrztqGCZGMBkGCSqGSIb2fQdB
AAQMMAobBFY3LjEDAgCBMA0GCSqGSIb3DQEBCwUAA4IBAQDGjOiP9rc567dZZdki
7r4+Z1ZC2j+xmDojgpbZJmC/QEHj8cBSjeqlXH9R0MVax733o7XVBSuzbUKb2zRr
5mCuznTQUudj4OdUN+GDFyxa41kc/9dWF99jJ1KFdmy3t9On7F06Ue3cw1QcdGrK
z0RrX1FvOaP3m3wjgPmryRLGltS1cP0ur8KNtb0XLChXiaQxw6Q10szxlZw2ZquT
0mIFXq+ie8pCb85FdR50LokoBqPBkFpr1RHdirhuHPL3nYHW3U7qBVaizgu3lbjs
WFo/LC/qCAUoaW+skrXuKywhAeoWkleaN0kT5wcAssc7vxkdnq/zfg3pMcxs5fUP
H8cb
-----END CERTIFICATE-----
- caHash: 'A31A5DF2F1C1019B9CF5B7CA4E3B26650B9CA93F'
caSKI: '7CC34A5CBA1F36AB83517DF4E0E50E907F1C1341'
caAKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caName: 'DHS CA4 - 4e398128'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/DHS_CA2.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIGDTCCBPWgAwIBAgIETjmBKDANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTUwNjEzMTQz
NTA0WhcNMjUwNjEzMTUwNTA0WjCBhzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEoMCYGA1UECxMfRGVwYXJ0bWVudCBvZiBIb21lbGFuZCBT
ZWN1cml0eTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEQMA4G
A1UECxMHREhTIENBNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ6z
5QKA2hjOSvwVu0SWd/TJsJv2Xd2WN7yTo9OCSPiQ+U89oAE8xlIpo+97mMK3DjwU
4GdeMP0cdpKarcL7BBSPCK2j1f3o5PNiYU6RDJBR6pgfuvE6LJDAmpKZGcJITnLj
ui25aMAy6dlNX0aNFu2JApB9yDE9VrIODNhZsD6LG4iCa1mATxtGQfIqfZhT/aSN
nfcbzIddZYvhQlYMF53S9+oAJv21XyHLHO91PW75UteWVxWZvxLfQZmkwzeAxJI3
7YnpRrHGvtjjeRVgtUKi3wj3CpvRSVLMy05CAKlgsG56vvG3lgkeIoJrwiBV+sY4
G3aoT7+efJgRnJpxCYcCAwEAAaOCAnYwggJyMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MIGXBgNVHSAEgY8wgYwwDAYKYIZIAWUDAgEDBjAMBgpghkgB
ZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMQ
MAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMnMAwGCmCG
SAFlAwIBAygwDAYKYIZIAWUDAgEDKTBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUH
MAKGJWh0dHA6Ly9wa2kudHJlYXN1cnkuZ292L2Roc2NhX2FpYS5wN2MwQQYIKwYB
BQUHAQsENTAzMDEGCCsGAQUFBzAFhiVodHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi9k
aHNjYV9zaWEucDdjMIHuBgNVHR8EgeYwgeMwNaAzoDGGL2h0dHA6Ly9wa2kudHJl
YXN1cnkuZ292L1VTX1RyZWFzdXJ5X1Jvb3RfQ0EuY3JsMIGpoIGmoIGjpIGgMIGd
MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MSMwIQYDVQQL
ExpEZXBhcnRtZW50IG9mIHRoZSBUcmVhc3VyeTEiMCAGA1UECxMZQ2VydGlmaWNh
dGlvbiBBdXRob3JpdGllczEcMBoGA1UECxMTVVMgVHJlYXN1cnkgUm9vdCBDQTEN
MAsGA1UEAxMEQ1JMMTAfBgNVHSMEGDAWgBRohBVIjFRwfy0SWA7sHHjvPC5ZZDAd
BgNVHQ4EFgQUfMNKXLofNquDUX304OUOkH8cE0EwDQYJKoZIhvcNAQELBQADggEB
AFOQwIQWhIzLNbzkya8Z+U7BoFSrsg+aVXT4StNJjdWPCZO5fP6KU9OW2gcHAz/G
ylC65JrbFM6Wo7Zn+rrTrZZvDnd7uyjafeUDnnI4VwPwYrPUQllyru7YC9aZjp6f
Mm8S+MUN69Dpb7NMFHt2876CYRco+q0t/ESN1T+YLrqGAhPjwz1+opTyrhY3NSBR
tJ8xUzNIcDP34r9td0SXtiidmxX/dDLiGi0YvzD90sSWNAKOANl3MyhIPerCuADF
qpALUkkY5zTa+ZlPHDf/4pfedZN4cJDpv9X49/RterYIj0cGw8UyWFaObSAOVEBr
Ye+Tz+l0RQ3GVQ8mhpBK2YI=
-----END CERTIFICATE-----
- caHash: '49AE4F027419A3EB227E4CD4CCF4FF1BC75213B6'
caSKI: 'F124313658C38C3BD5E9E7C5F61332269DABD3A9'
caAKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caName: 'DHS CA4 - 4a61d293'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/DHS_CA1.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIISDCCBzCgAwIBAgIESmHSkzANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTEwMTIxMTkx
MTI4WhcNMjEwMTIxMTk0MTI4WjCBhzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEoMCYGA1UECxMfRGVwYXJ0bWVudCBvZiBIb21lbGFuZCBT
ZWN1cml0eTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEQMA4G
A1UECxMHREhTIENBNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9y
oWjWI1wi+mcwiSsZE0CA+BxGzGv/tXDgDgxFn9LsQmkskzZFVzXkQatY223ccm3n
jNULVNz4a9gYrBHljFuCkXTXxkOQIMH3X4fcbIge1/133nMbE1U23vvQhrE0qMuI
vcODETxU/NPsDzLgBxLVsQQ1dr3Z6D+XsWHHAeUbZgCUmRi6Rb5HpaMYda6JRu3U
tL9v1sCI3/U3MXz8qQEpQwVewrj60OPlfquwmFcDNgaguObjrODpEAIptmpizy7i
Xl6MhfFPk/xnI6h4gPQSNmZBLUYem9X0uvTsugaH2qCDps/47/dGhCUVyNWj0+su
mcMO7G8tcj7qIXN9EjkCAwEAAaOCBLEwggStMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MGsGA1UdIARkMGIwDAYKYIZIAWUDAgEDBjAMBgpghkgBZQMC
AQMIMAwGCmCGSAFlAwIBAwcwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMRMAwG
CmCGSAFlAwIBAxAwDAYKYIZIAWUDAgEPCDCCARAGCCsGAQUFBwEBBIIBAjCB/zAu
BggrBgEFBQcwAoYiaHR0cDovL3BraS50cmVhcy5nb3YvZGhzY2FfYWlhLnA3YzCB
zAYIKwYBBQUHMAKGgb9sZGFwOi8vbGRhcC50cmVhcy5nb3Yvb3U9VVMlMjBUcmVh
c3VyeSUyMFJvb3QlMjBDQSxvdT1DZXJ0aWZpY2F0aW9uJTIwQXV0aG9yaXRpZXMs
b3U9RGVwYXJ0bWVudCUyMG9mJTIwdGhlJTIwVHJlYXN1cnksbz1VLlMuJTIwR292
ZXJubWVudCxjPVVTP2NBQ2VydGlmaWNhdGU7YmluYXJ5LGNyb3NzQ2VydGlmaWNh
dGVQYWlyO2JpbmFyeTCCAQcGCCsGAQUFBwELBIH6MIH3MC4GCCsGAQUFBzAFhiJo
dHRwOi8vcGtpLnRyZWFzLmdvdi9kaHNjYV9zaWEucDdjMIHEBggrBgEFBQcwBYaB
t2xkYXA6Ly9zc3BsZGFwLnRyZWFzLmdvdi9vdT1ESFMlMjBDQTQsb3U9Q2VydGlm
aWNhdGlvbiUyMEF1dGhvcml0aWVzLG91PURlcGFydG1lbnQlMjBvZiUyMEhvbWVs
YW5kJTIwU2VjdXJpdHksbz1VLlMuJTIwR292ZXJubWVudCxjPVVTP2NBQ2VydGlm
aWNhdGU7YmluYXJ5LGNyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTCCAaEGA1Ud
HwSCAZgwggGUMDKgMKAuhixodHRwOi8vcGtpLnRyZWFzLmdvdi9VU19UcmVhc3Vy
eV9Sb290X0NBLmNybDCCAVygggFYoIIBVKSBoDCBnTELMAkGA1UEBhMCVVMxGDAW
BgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0
aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMx
HDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0ExDTALBgNVBAMTBENSTDGGga5s
ZGFwOi8vbGRhcC50cmVhcy5nb3YvY249Q1JMMSxvdT1VUyUyMFRyZWFzdXJ5JTIw
Um9vdCUyMENBLG91PUNlcnRpZmljYXRpb24lMjBBdXRob3JpdGllcyxvdT1EZXBh
cnRtZW50JTIwb2YlMjB0aGUlMjBUcmVhc3VyeSxvPVUuUy4lMjBHb3Zlcm5tZW50
LGM9VVM/YXV0aG9yaXR5UmV2b2NhdGlvbkxpc3QwHwYDVR0jBBgwFoAUaIQVSIxU
cH8tElgO7Bx47zwuWWQwHQYDVR0OBBYEFPEkMTZYw4w71ennxfYTMiadq9OpMBkG
CSqGSIb2fQdBAAQMMAobBFY3LjEDAgCBMA0GCSqGSIb3DQEBCwUAA4IBAQAoYJ/q
VEu4CTn0OKMIca/Q/ljICwRmWqkArH8oSAZWCRLCbS1vn+fobzywosBCT5JIcqB/
GLBfadmNl+1Cv52O1iH4eqRodXCmbCF3mqQnjx1S4JNMqsTcs++mEtj36Fj7XZPK
tW9/BOXEsBybi6LvT8E8qSecFXiruKFeKGLs1ohOjpG3GXOrufcFP9egmVc3yAtN
2iSzLInIQg4gqChi570Oo82ICpKkK6vxfzzjcOXFzBlG9q7qv9+2oRlnPhKT2ttN
Z38RX/YNfNklph2zFRfkH/8XhLatdDx7iz4a4KGEx0ytdPynvGUCi4UKeNKU4CpH
iymJUztm6HlPAz0g
-----END CERTIFICATE-----
- caHash: '58085A64E181573F4FD917C5C021EB1CF344DD5F'
caSKI: '5E519D99EB82737F86104C5CF8D036C696F42E97'
caAKI: '174BB826BA697AAD12505745319E57BB74A5DA2F'
caName: 'DHS CA4 - 5ccb31ca'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/DHS_CA3.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIHODCCBSCgAwIBAgIEXMsxyjANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTkwNjA2MTEx
MTE2WhcNMjkwNjA2MTE0MTE2WjCBhzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEoMCYGA1UECxMfRGVwYXJ0bWVudCBvZiBIb21lbGFuZCBT
ZWN1cml0eTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEQMA4G
A1UECxMHREhTIENBNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKrZ
tZPgkYS9xOSmj534cOtcYui1qDIjxWWICzhiauFX9sNR8ixYj5hWMv8398Yh4TwU
fxNZOAvoGjzgagPuSB41X6v//W/EWVD/0SCqQuXfObDU24XglH0sG4rgZY1wenu2
04fyWeZar08qeOEEQxGVtBII1Dm6znhGUKXBYAWoOsAJXzpVW0F4nKKdnSaMYWAS
blVw4Cjpr3xCHphfQ8ZOQaDv46Rq7NARHLNUUe3Sbf0b2ktAYz7yJ58loDz1c/Bq
upNDCL1MGL2sXntQmMM3b47AivT3x57OF2ZTo1OLkEaebK6rVZfiIlHuA+O0PLHA
FE4/YrEqfTwrBOYHPgMCAwEAAaOCAqEwggKdMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MIHBBgNVHSAEgbkwgbYwDAYKYIZIAWUDAgEDBjAMBgpghkgB
ZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMQ
MAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMnMAwGCmCG
SAFlAwIBAygwDAYKYIZIAWUDAgEDKTAMBgpghkgBZQMCAQUKMAwGCmCGSAFlAwIB
BQswDAYKYIZIAWUDAgEFDDBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUHMAKGJWh0
dHA6Ly9wa2kudHJlYXN1cnkuZ292L2Roc2NhX2FpYS5wN2MwQQYIKwYBBQUHAQsE
NTAzMDEGCCsGAQUFBzAFhiVodHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi9kaHNjYV9z
aWEucDdjMIHvBgNVHR8EgecwgeQwNqA0oDKGMGh0dHA6Ly9wa2kudHJlYXN1cnku
Z292L1VTX1RyZWFzdXJ5X1Jvb3RfQ0ExLmNybDCBqaCBpqCBo6SBoDCBnTELMAkG
A1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVw
YXJ0bWVudCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24g
QXV0aG9yaXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0ExDTALBgNV
BAMTBENSTDEwHwYDVR0jBBgwFoAUF0u4Jrppeq0SUFdFMZ5Xu3Sl2i8wHQYDVR0O
BBYEFF5RnZnrgnN/hhBMXPjQNsaW9C6XMA0GCSqGSIb3DQEBCwUAA4ICAQCIxiwI
klPmRHjwYAz/Yp3m107qwVqux7ypFve96lWprvg3Nl2SXl7yuJT0qO9K6lgxgVX9
6mSBsvxfQ/+WAfeCXGAA0Cr0X4VkdyDD6nT1RF7DxVQh8O3E7p8ffT1BS2nlUtJa
aLLBX3Z76Qx1FqMb3SCZAyJ22e6gZ3nFqZWvZRjLImImeURrXo+wy79lvJ+sxosj
HGNWd+uGusyVaM8lNvKtNpKFX1O5Z+qyMgdIEBdnp3ITGaujypnM/WriDhkmvxmb
40++sJyco4Xgv/ssuMN/HQ/Zs2qUY6UWBMWEOw3pVnirJkB3Dl2S9v9G2ozT83Vz
Vt1zg/1cnEREOvd2nnxUl4R8XuAuXXig2rf6K/KGTUlmc6681G4iATZmic/mCZ6E
oDoUeHJGlbtRZzHqUwvWkYdAH+EBC8RnfzxhHFRviBz1MuQG3ZQGtayoa6/4QU0K
QAbqU/c6MSGVh8ox4EXJtyh0EoWq3BnSHdjc1vzg2EIQ4tFybochOEcWb5T3D7Ls
+VYI6i1ksL2+bFhAB1G5/+2+/ojGQg8pPER+5X4tb4NskHCmwy4NapJLWO95OIxk
o+nI+HAKZ0viN2BM0be1cvdC9L+6dTo9GQwhJsDdVefRRs8dLcbCLBU8p2uJ/Lzq
osySxPGrjP+XQVXNTzP4cfLr9MHnLDbNxVZnug==
-----END CERTIFICATE-----
- caHash: '76CC898F03EB0FC7E0877AAC30A0C1340BB34879'
caSKI: 'DA9CB61FFF679D47910D26E72966146597E68058'
caAKI: '174BB826BA697AAD12505745319E57BB74A5DA2F'
caName: 'Department of Veterans Affairs CA - 5ccb3215'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/VA_CA2.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIHTzCCBTegAwIBAgIEXMsyFTANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTkwNjIyMTMy
MzIyWhcNMjkwNjIyMTM1MzIyWjCBoDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEnMCUGA1UECxMeRGVwYXJ0bWVudCBvZiBWZXRlcmFucyBB
ZmZhaXJzMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMSowKAYD
VQQLEyFEZXBhcnRtZW50IG9mIFZldGVyYW5zIEFmZmFpcnMgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMWDStdt4CJi7LDq1bYjUVZC0DhDM5PUfp
og7n6DcFMZmAb6MdGxK7nflKqBGZBW9n/rN88/6Z1y/pvCe6fL85sHYxH6R0eTwT
2eAHIkE8tXMJ2tKopofKTvxx9wzKKo4pz5/oMyoLbXxLKikV7ECdV6HcmtUHhY7x
+t6OG5vMrRkiDGwe6BjBAWIbJkJI9CB8NQVU1Lw3h2HWKOoIWCi7NQmTVZcXD5a5
Db0iDC5qGpN7ruYRiXcZ+Z9iTi5ZKyl7jzHVuxYSBs/xD5CQuZOeJeGL8fZTAghR
6niZXvCcscNwPL3RqvFiv3NY0aQNy4SYR+o9SI2g8I5M/I1Wfdf1AgMBAAGjggKf
MIICmzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCBwQYDVR0gBIG5
MIG2MAwGCmCGSAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwG
CmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDEDAMBgpghkgBZQMCAQMRMAwGCmCGSAFl
AwIBAyQwDAYKYIZIAWUDAgEDJzAMBgpghkgBZQMCAQMoMAwGCmCGSAFlAwIBAykw
DAYKYIZIAWUDAgEFCjAMBgpghkgBZQMCAQULMAwGCmCGSAFlAwIBBQwwQAYIKwYB
BQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi92
YWNhX2FpYS5wN2MwQAYIKwYBBQUHAQsENDAyMDAGCCsGAQUFBzAFhiRodHRwOi8v
cGtpLnRyZWFzdXJ5Lmdvdi92YWNhX3NpYS5wN2Mwge8GA1UdHwSB5zCB5DA2oDSg
MoYwaHR0cDovL3BraS50cmVhc3VyeS5nb3YvVVNfVHJlYXN1cnlfUm9vdF9DQTEu
Y3JsMIGpoIGmoIGjpIGgMIGdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBH
b3Zlcm5tZW50MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRoZSBUcmVhc3VyeTEi
MCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEcMBoGA1UECxMTVVMg
VHJlYXN1cnkgUm9vdCBDQTENMAsGA1UEAxMEQ1JMMTAfBgNVHSMEGDAWgBQXS7gm
uml6rRJQV0Uxnle7dKXaLzAdBgNVHQ4EFgQU2py2H/9nnUeRDSbnKWYUZZfmgFgw
DQYJKoZIhvcNAQELBQADggIBAHyyNzdWdhfRawt4ZpW/5nRo7WRd7DxOGOo48WLg
tC9NyAzAKv72O5MJo1aiSGW3VmPcKzFpPaMAwcDiWCmkcmoubNVwoW+xAxFw6I0X
fkv8gqJ7gMe9phU+Cs16U9cfqvtVtLMhyVV5gETE8+gGcVMxFuUDlxvC6OBvPmvy
gS6OfMztj0h5Z8fXJxlaBNTq1egxqV0uIvdhLve9IAVt624taHP+WfctiCr58dd2
VxOQ1Trc2Qur3UQ0XReugkgzUUvc0l72WakxKd/p8EKGOJ7d6fiVUrZ/pIoSXyP3
RFQt/T0CBn4iyattmTtq2pNpvwNFYZKt+e/3BpYEwEJ66Kbv4SZW1BquZVj2AXF/
WTFP+kQKGzy+ghI5LkVx46HzIjpg1N0Z8K+cszBzqocmlnKGCEGtcHR0WxhpAWsz
b81Ih2HlRsjXBz47a6a3Zvj/B8tmzO2cm6GHofyvEqb6BasQFDw9mhaExm/2Eien
Fgu+DGte9Clmhp7nnRGS4o4FYwGuKvxJ7NbrCCbZ9hvKm8/yUFN5rwaTT3nRKpxU
VVQjMLp64+IO/4tiG9MfKrQgeVC6EyNU3bph4wohwbaNImQM2XoS0k2EGCfrlptW
RrMV1HTv/nUmhehzCImuHyAphTsDu7ahLrwaWuTB3VbA6DkZZqJKO0gA7HZEo4AD
bIz2
-----END CERTIFICATE-----
- caHash: '688415488c54707f2d12580eec1c78ef3c2e5964'
caSKI: '7561da1f31926e2e2a645ea36519856580e8c72b'
caAKI: '174BB826BA697AAD12505745319E57BB74A5DA2F'
caName: 'Department of Veterans Affairs CA - 4e398179'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/VA_CA1.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIGJDCCBQygAwIBAgIETjmBeTANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTUxMDE3MTQw
MTI3WhcNMjUxMDE3MTQzMTI3WjCBoDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEnMCUGA1UECxMeRGVwYXJ0bWVudCBvZiBWZXRlcmFucyBB
ZmZhaXJzMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMSowKAYD
VQQLEyFEZXBhcnRtZW50IG9mIFZldGVyYW5zIEFmZmFpcnMgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPGwMIzE+IfsSfh6Tdu6IoLH7psCadFCVM
xPeTYzh7WMZdFrtozM9qCecChkShA4T5lCJPgEG6vN/cnlnBWr6quqkzQDKOIlXN
vhUnyf8dCJiHkCgM5gZmAdCWX098yE1VMdl6cmpNn4mbM0PFjeJhKJoxAlZjvf0n
C2CHraSvjhGS0z4vaoU+JVWsvpNglRNkT367BpBX2Vt2I2wf/uXimu7+NHTdNUFc
jqz9qy7x2Dm9T2HCLkAEsjB5Xnc4zEjdk6RbOmbuENV7IhNMrKZz7PW68KR0HIJ7
66wMJsyHjBz1Ksuz/P7ZiLf8yDPbVfxV21KvfhBGICGWFUyoynILAgMBAAGjggJ0
MIICcDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCBlwYDVR0gBIGP
MIGMMAwGCmCGSAFlAwIBAwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwG
CmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDEDAMBgpghkgBZQMCAQMRMAwGCmCGSAFl
AwIBAyQwDAYKYIZIAWUDAgEDJzAMBgpghkgBZQMCAQMoMAwGCmCGSAFlAwIBAykw
QAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vcGtpLnRyZWFzdXJ5
Lmdvdi92YWNhX2FpYS5wN2MwQAYIKwYBBQUHAQsENDAyMDAGCCsGAQUFBzAFhiRo
dHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi92YWNhX3NpYS5wN2Mwge4GA1UdHwSB5jCB
4zA1oDOgMYYvaHR0cDovL3BraS50cmVhc3VyeS5nb3YvVVNfVHJlYXN1cnlfUm9v
dF9DQS5jcmwwgamggaaggaOkgaAwgZ0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9V
LlMuIEdvdmVybm1lbnQxIzAhBgNVBAsTGkRlcGFydG1lbnQgb2YgdGhlIFRyZWFz
dXJ5MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQL
ExNVUyBUcmVhc3VyeSBSb290IENBMQ0wCwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaA
FGiEFUiMVHB/LRJYDuwceO88LllkMB0GA1UdDgQWBBR1YdofMZJuLipkXqNlGYVl
gOjHKzANBgkqhkiG9w0BAQsFAAOCAQEAa8jTfoCQTVnOdvqUBDUpgNe35XmgVbsZ
MaaN41BWDe81SmE1q1ZVY/6KOcj6rMaII7mzBHFfD89fp5JLlYRVdOtxmh1mEYyw
uX0Uo+bbwJeAq1mzrWXGrb6De00X6Nn73v0m5NjNjlF6CMbyYZKNpehuvRWZ1EIx
aNTZANvU3e/U+O7jo8+PrRpIzCqY72QLKxAHw9VknWmEzWjkkWBYltdzka9CPuM0
6rHkpFYOQic91Z59ExUlHmHb9+GYlyYBvJX5LnrDi+Ai6CvLqCLnmldOnm7rPyyf
mzywCD7A3TRBcaiksPGLPQtIoRL4qpGNoI6/iwbmCf+ZJRsGCXVAwg==
-----END CERTIFICATE-----
- caHash: '519D3222A15EEE034980FC0DA727314F70AF78C0'
caSKI: 'CF793CED4DBC1925F245694E122F9C2953C9A746'
caAKI: '688415488C54707F2D12580EEC1C78EF3C2E5964'
caName: 'Department of Veterans Affairs CA - 4e397f22'
caStoreType: 'CA_CERT_OCSP'
caCrl: 'http://pki.treasury.gov/VA_CA.crl'
caCert: |
-----BEGIN CERTIFICATE-----
MIIIgDCCB2igAwIBAgIETjl/IjANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVu
dCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMTIwODI4MTM0
NzE3WhcNMjIwODI4MTQxNzE3WjCBoDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEnMCUGA1UECxMeRGVwYXJ0bWVudCBvZiBWZXRlcmFucyBB
ZmZhaXJzMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMSowKAYD
VQQLEyFEZXBhcnRtZW50IG9mIFZldGVyYW5zIEFmZmFpcnMgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYkJhojMiw/opeQQuZEq5Ov/vIi1uIpNNK
wKMGm538DCILaX/HtZt0YC7xM9Q7AfWER87Co0D1Z2O6qZXhJM0Vmpku05RTZTQ0
z3seGGsfNUvTUWtvJGMWOFQSmx5STisCrQky99t9XnChJdj4sgKpGqjaDc/N55u8
5bngciTd+pH7mW+tX2REwgvBQAVsqoATeQU73SpIe8q8FhafXMN69TjiK0RaUpUL
RpxvLC38VONvKZViWfPVZfoImGC03d2vyVLJYyyCNplqdfPSMDjlvYI8jj+h899s
DjfT1uOMTJxOKR+MFSsUboP28KRpKMY8KSS4OcV2B9ZEzPPcWZM/AgMBAAGjggTQ
MIIEzDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBrBgNVHSAEZDBi
MAwGCmCGSAFlAwIBAwYwDAYKYIZIAWUDAgEDCDAMBgpghkgBZQMCAQMHMAwGCmCG
SAFlAwIBAw0wDAYKYIZIAWUDAgEDEDAMBgpghkgBZQMCAQMRMAwGCmCGSAFlAwIB
AyQwggEPBggrBgEFBQcBAQSCAQEwgf4wLQYIKwYBBQUHMAKGIWh0dHA6Ly9wa2ku
dHJlYXMuZ292L3ZhY2FfYWlhLnA3YzCBzAYIKwYBBQUHMAKGgb9sZGFwOi8vbGRh
cC50cmVhcy5nb3Yvb3U9VVMlMjBUcmVhc3VyeSUyMFJvb3QlMjBDQSxvdT1DZXJ0
aWZpY2F0aW9uJTIwQXV0aG9yaXRpZXMsb3U9RGVwYXJ0bWVudCUyMG9mJTIwdGhl
JTIwVHJlYXN1cnksbz1VLlMuJTIwR292ZXJubWVudCxjPVVTP2NBQ2VydGlmaWNh
dGU7YmluYXJ5LGNyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTCCAScGCCsGAQUF
BwELBIIBGTCCARUwLQYIKwYBBQUHMAWGIWh0dHA6Ly9wa2kudHJlYXMuZ292L3Zh
Y2Ffc2lhLnA3YzCB4wYIKwYBBQUHMAWGgdZsZGFwOi8vc3NwbGRhcC50cmVhcy5n
b3Yvb3U9RGVwYXJ0bWVudCUyMG9mJTIwVmV0ZXJhbnMlMjBBZmZhaXJzJTIwQ0Es
b3U9Q2VydGlmaWNhdGlvbiUyMEF1dGhvcml0aWVzLG91PURlcGFydG1lbnQlMjBv
ZiUyMFZldGVyYW5zJTIwQWZmYWlycyxvPVUuUy4lMjBHb3Zlcm5tZW50LGM9VVM/
Y0FDZXJ0aWZpY2F0ZTtiaW5hcnksY3Jvc3NDZXJ0aWZpY2F0ZVBhaXI7YmluYXJ5
MIIBoQYDVR0fBIIBmDCCAZQwMqAwoC6GLGh0dHA6Ly9wa2kudHJlYXMuZ292L1VT
X1RyZWFzdXJ5X1Jvb3RfQ0EuY3JsMIIBXKCCAVigggFUpIGgMIGdMQswCQYDVQQG
EwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MSMwIQYDVQQLExpEZXBhcnRt
ZW50IG9mIHRoZSBUcmVhc3VyeTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdGllczEcMBoGA1UECxMTVVMgVHJlYXN1cnkgUm9vdCBDQTENMAsGA1UEAxME
Q1JMMYaBrmxkYXA6Ly9sZGFwLnRyZWFzLmdvdi9jbj1DUkwxLG91PVVTJTIwVHJl
YXN1cnklMjBSb290JTIwQ0Esb3U9Q2VydGlmaWNhdGlvbiUyMEF1dGhvcml0aWVz
LG91PURlcGFydG1lbnQlMjBvZiUyMHRoZSUyMFRyZWFzdXJ5LG89VS5TLiUyMEdv
dmVybm1lbnQsYz1VUz9hdXRob3JpdHlSZXZvY2F0aW9uTGlzdDAfBgNVHSMEGDAW
gBRohBVIjFRwfy0SWA7sHHjvPC5ZZDAdBgNVHQ4EFgQUz3k87U28GSXyRWlOEi+c
KVPJp0YwGQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCAIEwDQYJKoZIhvcNAQELBQAD
ggEBACq03WNXNLGEOorbA6XXMkRq6n4Xlj4WclKZKshBasoa7eBz6buHciAIFbIo
inb2LkqKBCJ+oW2X9bj/7+rHmEv+Lww0kkLW4pS6x6kfO8WO5h8l1SOvw16RaZkc
1ja6xfHAdZRBzn8ladzORseBR9IIcyINVL7ijs3AHZUaOyMd8dfnzFLT5VavKvjH
9hlx8hzf2yXjSzLFl43FTwbo70rAe7vlVPGamu1cqoMwc498iFPdvRCgTtxf08ZU
OX5igBYRFRY+liOMNQxS9lDfEZ38CUJrnddt9bLyq7R0v3DZjYmwDlnJhc7zsMkD
uJt69sr/gafhZeMNfVDvyoL+Wyg=
-----END CERTIFICATE-----
Below are some general comments on the JSON:
serialNumber
values should have quotes, and the same encoding. I.e., hex value of the integer, or, just the integer.
notBefore
and notAfter
, it might not hurt to use a date format that can easily be parsed by code. ISO 8601 would be perfect!I.e.,
... "notBefore": "2019-08-30T17:55:43.000+0000", "notAfter": "2019-08-30T23:55:43.000+0000", ...
Attached is a list of CRLs (in JSON), listed by the AuthorityKeyIdentifier in each CRL. I have not yet processed every CRL to see if they are partitioned, or not.
Slightly more complex, but the JSON can be used to build paths in PEM||CMS message by parsing. I.e., you can use about any language to parse and use for automated configuration management.
If you see any missing/inaccurate data, I would be happy to incorporate. If there is a desire to track OCSP responders answering for a given CA, I can easily incorporate. (writing code to generate and maintain, happy to share)
It sounds like two lists
Re-energizing this thread since it came up again at the August Policy Authority Meeting.
A while ago, I wrote a script to accomplish a similar goal as many have done in this thread:
If the output (attached) is helpful, I can start posting this to GitHub during the weekly FPKI Crawler/Graph updates.
Presenting the data in a web-friendly format is a challenge (there's just a lot of data!). Here's a sample similar to how we have the System Notifications page being populated from a .yaml file. Based on aesthetics, I would not recommend this approach.
Afternoon,
This would be helpful, but, it would be preferable to have all of the artifact information for the entire FPKI.
While we are certainly focused on PIV, we also have to consider PIV-I and Legacy Medium Hardware use cases.
At the moment, we really need a full list of CRLs produced by each CA. That was the primary intent of the fpki.io API.
Here are all of the CRLs that I could find, based on the Certipath Monitor output (.p7b) for all FPKI.
I.e., it maps the subjectKeyIdentifier with each HTTP CRL URL produced the corresponding CA.
The associated code checks possible CRLs, and rules them out if they are not a full CRL (delta and partitioned have no value).
Is there any way to fill in the gaps for the CRLs that are missing in the JSON artifact above?
Looking quickly, I have two matches:
"D238DDB5EF4B5957367FBFBF9CA67D0C193105AD": [http://pki.fti.org/fti_ca/crl/FTICA.crl],
"1AF06981C50D2C7DC0D63FC16CE0B886BDDB1273": [http://www.nextgenidtrust.com/PKI/CRL/NGIDTrustCA1.crl],
I'll see what I can find for the remaining.
Thanks! Lack of the nextgenidtrust.com was a bug, since it actually has an IDP extension, and the current commited code has a "TODO" to extract the IDP extension's distribution point name.
Also, added:
"9D3EC76A082A51C00BB5B2FD543DF9C2DE774F94": ["http://pub.carillon.ca/CRL/CISCA2.crl"],
Found 2 more:
"8619E525C447EF192BAC69C2ED755BE6EBB4442F": ["http://onsite-crl.pki.digicert.com/USDepartmentofEducationDoEDContentSignerG5/LatestCRL.crl"],
"49DAC3330BC70F7D48A3B71F0896378984CCFEAA": ["http://onsite-crl.pki.digicert.com/USNuclearRegulatoryCommissionSSPPIVG4/LatestCRL.crl"],
Found 1 more, only missing 4 now.
"B44EBF67A512F7108473FE378732C6B7B91C483C": ["http://pki-crl.symauth.com/ca_db1ff205d5a9b79af46c7896d15cb2a9/LatestCRL.crl"],
Per a response from DigiCert, the CRL for the following CA has not been published yet:
Subject: CN=DigiCert Class 3 SSP Intermediate CA - G4, O="DigiCert, Inc.", C=US
Issuer: CN=Federal Bridge CA G4, OU=FPKI, O=U.S. Government, C=US
SerialNumber: [ 15728cda d19f38d3 4b9d09df 45729a6f 8df6a2ba]
Once published, it will be available via the following URL:
http://ssp-crl.digicert.com/NFSSP/Class3SSPCAG4.crl
The final 3 missing CRLs are for CAs managed by Fortior Solutions, via TSCP.
@grandamp I'll add the crl miner to the list of useful tools and close this issue.
Description of Issue:
Details of Issue:
References (Docs, Links, Files):
If a New Page or Content is Needed, Expected Outcomes:
Link to the Content Page for Contributors: