ValidateAsn1 may be too strict ...

Here the contents when dumped with openssl (openssl pkcs7 -in $input -inform 
DER -text -print_certs):

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
        Validity
            Not Before: Dec  4 00:00:00 2003 GMT
            Not After : Dec  3 23:59:59 2013 GMT
        Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a9:ca:b2:a4:cc:cd:20:af:0a:7d:89:ac:87:75:
                    f0:b4:4e:f1:df:c1:0f:bf:67:61:bd:a3:64:1c:da:
                    bb:f9:ca:33:ab:84:30:89:58:7e:8c:db:6b:dd:36:
                    9e:0f:bf:d1:ec:78:f2:77:a6:7e:6f:3c:bf:93:af:
                    0d:ba:68:f4:6c:94:ca:bd:52:2d:ab:48:3d:f5:b6:
                    d5:5d:5f:1b:02:9f:fa:2f:6b:1e:a4:f7:a3:9a:a6:
                    1a:c8:02:e1:7f:4c:52:e3:0e:60:ec:40:1c:7e:b9:
                    0d:de:3f:c7:b4:df:87:bd:5f:7a:6a:31:2e:03:99:
                    81:13:a8:47:20:ce:31:73:0d:57:2d:cd:78:34:33:
                    95:12:99:12:b9:de:68:2f:aa:e6:e3:c2:8a:8c:2a:
                    c3:8b:21:87:66:bd:83:58:57:6f:75:bf:3c:aa:26:
                    87:5d:ca:10:15:3c:9f:84:ea:54:c1:0a:6e:c4:fe:
                    c5:4a:dd:b9:07:11:97:22:7c:db:3e:27:d1:1e:78:
                    ec:9f:31:c9:f1:e6:22:19:db:c4:b3:47:43:9a:1a:
                    5f:a0:1e:90:e4:5e:f5:ee:7c:f1:7d:ab:62:01:8f:
                    f5:4d:0b:de:d0:22:56:a8:95:cd:ae:88:76:ae:ee:
                    ba:0d:f3:e4:4d:d9:a0:fb:68:a0:ae:14:3b:b3:87:
                    c1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.verisign.com/ThawteTimestampingCA.crl

            X509v3 Extended Key Usage: 
                Time Stamping
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name: 
                DirName:/CN=TSA2048-1-53
    Signature Algorithm: sha1WithRSAEncryption
         4a:6b:f9:ea:58:c2:44:1c:31:89:79:99:2b:96:bf:82:ac:01:
         d6:1c:4c:cd:b0:8a:58:6e:df:08:29:a3:5e:c8:ca:93:13:e7:
         04:52:0d:ef:47:27:2f:00:38:b0:e4:c9:93:4e:9a:d4:22:62:
         15:f7:3f:37:21:4f:70:31:80:f1:8b:38:87:b3:e8:e8:97:00:
         fe:cf:55:96:4e:24:d2:a9:27:4e:7a:ae:b7:61:41:f3:2a:ce:
         e7:c9:d9:5e:dd:bb:2b:85:3e:b5:9d:b5:d9:e1:57:ff:be:b4:
         c5:7e:f5:cf:0c:9e:f0:97:fe:2b:d3:3b:52:1b:1b:38:27:f7:
         3f:4a
-----BEGIN CERTIFICATE-----
MIIDxDCCAy2gAwIBAgIQR78Zld+NUkZD99ttSA0xpDANBgkqhkiG9w0BAQUFADCB
izELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxML
RHVyYmFudmlsbGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUVGhhd3RlIENl
cnRpZmljYXRpb24xHzAdBgNVBAMTFlRoYXd0ZSBUaW1lc3RhbXBpbmcgQ0EwHhcN
MDMxMjA0MDAwMDAwWhcNMTMxMjAzMjM1OTU5WjBTMQswCQYDVQQGEwJVUzEXMBUG
A1UEChMOVmVyaVNpZ24sIEluYy4xKzApBgNVBAMTIlZlcmlTaWduIFRpbWUgU3Rh
bXBpbmcgU2VydmljZXMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCpyrKkzM0grwp9iayHdfC0TvHfwQ+/Z2G9o2Qc2rv5yjOrhDCJWH6M22vdNp4P
v9HsePJ3pn5vPL+Trw26aPRslMq9Ui2rSD31ttVdXxsCn/ovax6k96OaphrIAuF/
TFLjDmDsQBx+uQ3eP8e034e9X3pqMS4DmYETqEcgzjFzDVctzXg0M5USmRK53mgv
qubjwoqMKsOLIYdmvYNYV291vzyqJoddyhAVPJ+E6lTBCm7E/sVK3bkHEZcifNs+
J9EeeOyfMcnx5iIZ28SzR0OaGl+gHpDkXvXufPF9q2IBj/VNC97QIlaolc2uiHau
7roN8+RN2aD7aKCuFDuzh8G7AgMBAAGjgdswgdgwNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wEgYDVR0TAQH/BAgw
BgEB/wIBADBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnZlcmlzaWduLmNv
bS9UaGF3dGVUaW1lc3RhbXBpbmdDQS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUHAwgw
DgYDVR0PAQH/BAQDAgEGMCQGA1UdEQQdMBukGTAXMRUwEwYDVQQDEwxUU0EyMDQ4
LTEtNTMwDQYJKoZIhvcNAQEFBQADgYEASmv56ljCRBwxiXmZK5a/gqwB1hxMzbCK
WG7fCCmjXsjKkxPnBFIN70cnLwA4sOTJk06a1CJiFfc/NyFPcDGA8Ys4h7Po6JcA
/s9Vlk4k0qknTnqut2FB8yrO58nZXt27K4U+tZ212eFX/760xX71zwye8Jf+K9M7
UhsbOCf3P0o=
-----END CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
        Validity
            Not Before: Dec  4 00:00:00 2003 GMT
            Not After : Dec  3 23:59:59 2008 GMT
        Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b2:50:28:48:dd:d3:68:7a:84:18:44:66:75:5d:
                    7e:c4:b8:9f:63:26:ff:3d:43:9c:7c:11:38:10:25:
                    55:73:d9:75:27:69:fd:4e:b9:20:5c:d3:0a:f9:a0:
                    1b:2a:ed:55:56:21:61:d8:1e:db:e4:bc:33:6b:c7:
                    ef:dd:a3:37:65:8e:1b:93:0c:b6:53:1e:5c:7c:66:
                    35:5f:05:8a:45:fe:76:4e:df:53:80:a2:81:20:9d:
                    ae:88:5c:a2:08:f7:e5:30:f9:ee:22:37:4c:42:0a:
                    ce:df:c6:1f:c4:d6:55:e9:81:3f:b5:52:a3:2c:aa:
                    01:7a:f2:a2:aa:8d:35:fe:9f:e6:5d:6a:05:9f:3d:
                    6b:e3:bf:96:c0:fe:cc:60:f9:40:e7:07:a0:44:eb:
                    81:51:6e:a5:2a:f2:b6:8a:10:28:ed:8f:dc:06:a0:
                    86:50:9a:7b:4a:08:0d:30:1d:ca:10:9e:6b:f7:e9:
                    58:ae:04:a9:40:99:b2:28:e8:8f:16:ac:3c:e3:53:
                    6f:4b:d3:35:9d:b5:6f:64:1d:b3:96:2c:bb:3d:e7:
                    79:eb:6d:7a:f9:16:e6:26:ad:af:ef:99:53:b7:40:
                    2c:95:b8:79:aa:fe:d4:52:ab:29:74:7e:42:ec:39:
                    1e:a2:6a:16:e6:59:bb:24:68:d8:00:80:43:10:87:
                    80:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access: 
                OCSP - URI:http://ocsp.verisign.com

            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.verisign.com/tss-ca.crl

            X509v3 Extended Key Usage: critical
                Time Stamping
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation
            X509v3 Subject Alternative Name: 
                DirName:/CN=TSA2048-1-54
    Signature Algorithm: sha1WithRSAEncryption
         87:78:70:da:4e:52:01:20:5b:e0:79:c9:82:30:c4:fd:b9:19:
         96:bd:91:00:c3:bd:cd:cd:c6:f4:0e:d8:ff:f9:4d:c0:33:62:
         30:11:c5:f5:74:1b:d4:92:de:5f:9c:20:13:b1:7c:45:be:50:
         cd:83:e7:80:17:83:a7:27:93:67:13:46:fb:ca:b8:98:41:03:
         cc:9b:51:5b:05:8b:7f:a8:6f:f3:1b:50:1b:24:2e:f2:69:8d:
         6c:22:f7:bb:ca:16:95:ed:0c:74:c0:68:77:d9:eb:99:62:87:
         c1:73:90:f8:89:74:7a:23:ab:a3:98:7b:97:b1:f7:8f:29:71:
         4d:2e:75:1b:48:41:da:f0:b5:0d:20:54:d6:77:a0:97:82:63:
         69:fd:09:cf:8a:f0:75:bb:09:9b:d9:f9:11:55:26:9a:61:32:
         be:7a:02:b0:7b:86:be:a2:c3:8b:22:2c:78:d1:35:76:bc:92:
         73:5c:f9:b9:e6:4c:15:0a:23:cc:e4:d2:d4:34:2e:49:40:15:
         3c:0f:60:7a:24:c6:a5:66:ef:96:cf:70:eb:3e:e7:f4:0d:7e:
         dc:d1:7c:a3:76:71:69:c1:9c:4f:47:30:35:21:b1:a2:af:1a:
         62:3c:2b:d9:8e:aa:2a:07:7b:d8:18:b3:5c:7b:e2:9d:a5:6f:
         fe:3c:89:ad
-----BEGIN CERTIFICATE-----
MIID/zCCAuegAwIBAgIQDekr8NTYKYgYMgUJXpp2iDANBgkqhkiG9w0BAQUFADBT
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xKzApBgNVBAMT
IlZlcmlTaWduIFRpbWUgU3RhbXBpbmcgU2VydmljZXMgQ0EwHhcNMDMxMjA0MDAw
MDAwWhcNMDgxMjAzMjM1OTU5WjBXMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVy
aVNpZ24sIEluYy4xLzAtBgNVBAMTJlZlcmlTaWduIFRpbWUgU3RhbXBpbmcgU2Vy
dmljZXMgU2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslAo
SN3TaHqEGERmdV1+xLifYyb/PUOcfBE4ECVVc9l1J2n9TrkgXNMK+aAbKu1VViFh
2B7b5Lwza8fv3aM3ZY4bkwy2Ux5cfGY1XwWKRf52Tt9TgKKBIJ2uiFyiCPflMPnu
IjdMQgrO38YfxNZV6YE/tVKjLKoBevKiqo01/p/mXWoFnz1r47+WwP7MYPlA5weg
ROuBUW6lKvK2ihAo7Y/cBqCGUJp7SggNMB3KEJ5r9+lYrgSpQJmyKOiPFqw841Nv
S9M1nbVvZB2zliy7Ped56216+RbmJq2v75lTt0Aslbh5qv7UUqspdH5C7DkeomoW
5lm7JGjYAIBDEIeAawIDAQABo4HKMIHHMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEF
BQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMAwGA1UdEwEB/wQCMAAwMwYD
VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC52ZXJpc2lnbi5jb20vdHNzLWNhLmNy
bDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCBsAwJAYDVR0R
BB0wG6QZMBcxFTATBgNVBAMTDFRTQTIwNDgtMS01NDANBgkqhkiG9w0BAQUFAAOC
AQEAh3hw2k5SASBb4HnJgjDE/bkZlr2RAMO9zc3G9A7Y//lNwDNiMBHF9XQb1JLe
X5wgE7F8Rb5QzYPngBeDpyeTZxNG+8q4mEEDzJtRWwWLf6hv8xtQGyQu8mmNbCL3
u8oWle0MdMBod9nrmWKHwXOQ+Il0eiOro5h7l7H3jylxTS51G0hB2vC1DSBU1neg
l4Jjaf0Jz4rwdbsJm9n5EVUmmmEyvnoCsHuGvqLDiyIseNE1drySc1z5ueZMFQoj
zOTS1DQuSUAVPA9geiTGpWbvls9w6z7n9A1+3NF8o3ZxacGcT0cwNSGxoq8aYjwr
2Y6qKgd72BizXHvinaVv/jyJrQ==
-----END CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
    Signature Algorithm: md5WithRSAEncryption
        Issuer: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
        Validity
            Not Before: Jan 10 07:00:00 1997 GMT
            Not After : Dec 31 07:00:00 2020 GMT
        Subject: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a9:02:bd:c1:70:e6:3b:f2:4e:1b:28:9f:97:78:
                    5e:30:ea:a2:a9:8d:25:5f:f8:fe:95:4c:a3:b7:fe:
                    9d:a2:20:3e:7c:51:a2:9b:a2:8f:60:32:6b:d1:42:
                    64:79:ee:ac:76:c9:54:da:f2:eb:9c:86:1c:8f:9f:
                    84:66:b3:c5:6b:7a:62:23:d6:1d:3c:de:0f:01:92:
                    e8:96:c4:bf:2d:66:9a:9a:68:26:99:d0:3a:2c:bf:
                    0c:b5:58:26:c1:46:e7:0a:3e:38:96:2c:a9:28:39:
                    a8:ec:49:83:42:e3:84:0f:bb:9a:6c:55:61:ac:82:
                    7c:a1:60:2d:77:4c:e9:99:b4:64:3b:9a:50:1c:31:
                    08:24:14:9f:a9:e7:91:2b:18:e6:3d:98:63:14:60:
                    58:05:65:9f:1d:37:52:87:f7:a7:ef:94:02:c6:1b:
                    d3:bf:55:45:b3:89:80:bf:3a:ec:54:94:4e:ae:fd:
                    a7:7a:6d:74:4e:af:18:cc:96:09:28:21:00:57:90:
                    60:69:37:bb:4b:12:07:3c:56:ff:5b:fb:a4:66:0a:
                    08:a6:d2:81:56:57:ef:b6:3b:5e:16:81:77:04:da:
                    f6:be:ae:80:95:fe:b0:cd:7f:d6:a7:1a:72:5c:3c:
                    ca:bc:f0:08:a3:22:30:b3:06:85:c9:b3:20:77:13:
                    85:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            2.5.29.1: 
                0....[.p.ir.#Q~..M....r0p1+0)..U..."Copyright (c) 1997 Microsoft Corp.1.0...U....Microsoft Corporation1!0...U....Microsoft Root Authority......<<...>.c..@
    Signature Algorithm: md5WithRSAEncryption
         95:e8:0b:c0:8d:f3:97:18:35:ed:b8:01:24:d8:77:11:f3:5c:
         60:32:9f:9e:0b:cb:3e:05:91:88:8f:c9:3a:e6:21:f2:f0:57:
         93:2c:b5:a0:47:c8:62:ef:fc:d7:cc:3b:3b:5a:a9:36:54:69:
         fe:24:6d:3f:c9:cc:aa:de:05:7c:dd:31:8d:3d:9f:10:70:6a:
         bb:fe:12:4f:18:69:c0:fc:d0:43:e3:11:5a:20:4f:ea:62:7b:
         af:aa:19:c8:2b:37:25:2d:be:65:a1:12:8a:25:0f:63:a3:f7:
         54:1c:f9:21:c9:d6:15:f3:52:ac:6e:43:32:07:fd:82:17:f8:
         e5:67:6c:0d:51:f6:bd:f1:52:c7:bd:e7:c4:30:fc:20:31:09:
         88:1d:95:29:1a:4d:d5:1d:02:a5:f1:80:e0:03:b4:5b:f4:b1:
         dd:c8:57:ee:65:49:c7:52:54:b6:b4:03:28:12:ff:90:d6:f0:
         08:8f:7e:b8:97:c5:ab:37:2c:e4:7a:e4:a8:77:e3:76:a0:00:
         d0:6a:3f:c1:d2:36:8a:e0:41:12:a8:35:6a:1b:6a:db:35:e1:
         d4:1c:04:e4:a8:45:04:c8:5a:33:38:6e:4d:1c:0d:62:b7:0a:
         a2:8c:d3:d5:54:3f:46:cd:1c:55:a6:70:db:12:3a:87:93:75:
         9f:a7:d2:a0
-----BEGIN CERTIFICATE-----
MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAx
KzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAc
BgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0
IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFow
cDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEe
MBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3Nv
ZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR5
7qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbB
RucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55Er
GOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgko
IQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJc
PMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw
72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBN
aWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEh
MB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs
30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4F
kYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+
Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH
/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdS
VLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQc
BOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA=
-----END CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
    Signature Algorithm: sha1WithRSA
        Issuer: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
        Validity
            Not Before: Apr  4 17:44:14 2006 GMT
            Not After : Apr 26 07:00:00 2012 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Copyright (c) 2000 Microsoft Corp., CN=Microsoft Code Signing PCA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c3:cc:20:8d:bc:df:ff:3e:50:ee:7a:c2:d4:24:
                    25:f6:76:ce:21:ff:cd:2a:56:4e:ca:9c:b7:82:b2:
                    35:79:2d:00:c4:a8:08:d5:63:c9:b7:a5:f6:e9:c1:
                    c1:d6:b1:8c:96:a2:07:fa:0f:b6:82:52:9a:eb:82:
                    c6:bd:10:c5:a8:c0:ee:6b:84:8e:53:1b:bb:50:fa:
                    64:01:89:c1:16:d4:82:68:00:40:78:44:f5:12:38:
                    4e:fb:63:51:e0:fa:3d:b9:e5:37:b1:df:63:07:23:
                    3b:71:40:34:47:f4:6b:ae:46:f5:27:73:1e:22:cb:
                    42:19:1e:51:b6:52:9a:d3:a3:d0:13:c6:19:3f:71:
                    06:6d:f2:95:21:44:5f:42:ed:c0:c9:99:64:20:b8:
                    c1:34:fc:a2:44:e6:7b:b2:1d:2f:b8:a6:de:f4:a1:
                    df:9b:21:0f:fe:58:31:41:55:38:7e:af:58:e7:e4:
                    ec:59:79:25:ab:f7:2a:2f:11:3f:38:78:3e:42:7f:
                    a7:68:e4:7e:22:68:17:e6:4a:92:c4:78:44:52:47:
                    a1:4f:84:89:93:9b:c0:67:7b:ea:09:fb:86:03:7d:
                    f6:99:71:3c:2b:a7:66:98:cc:df:2d:e2:2b:02:1a:
                    0f:34:48:65:f5:3c:12:af:f1:87:1c:1d:26:52:6f:
                    cc:03
                Exponent: 3 (0x3)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                Code Signing
            2.5.29.1: 
                0....[.p.ir.#Q~..M....r0p1+0)..U..."Copyright (c) 1997 Microsoft Corp.1.0...U....Microsoft Corporation1!0...U....Microsoft Root Authority......<<...>.c..@
            1.3.6.1.4.1.311.21.1: 
                .....
            X509v3 Subject Key Identifier: 
                25:F8:2B:4B:5D:C8:72:54:AD:E5:F6:A0:2A:17:16:FB:C1:F9:53:81
            1.3.6.1.4.1.311.20.2: 
                .
.S.u.b.C.A
            X509v3 Key Usage: 
                Non Repudiation, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha1WithRSA
         63:e3:e0:f3:05:b8:b0:ea:0b:0b:34:d1:82:31:3e:89:62:45:
         d5:08:a7:f9:61:65:c8:2e:03:fa:38:48:41:cf:b5:f2:27:83:
         d3:e3:c5:56:53:a8:b5:19:ce:cc:e6:f1:a0:f9:56:b6:48:94:
         47:24:e5:a9:1f:dc:7a:d4:f6:16:7a:12:db:f3:90:1b:ec:08:
         5d:b3:85:90:b9:8c:58:bb:1c:cc:95:d3:95:94:33:f4:91:de:
         ff:88:9b:5e:4b:49:50:39:26:3a:20:1b:54:37:fc:7d:5c:15:
         93:c3:dc:1c:8e:f0:61:52:3c:e5:07:ed:66:ef:79:ec:8f:ce:
         57:63:65:95:18:49:a0:7a:df:65:b7:df:26:ae:fe:c8:12:b6:
         c6:a2:cc:c6:5f:8b:70:f3:ca:db:ab:82:6e:07:dc:65:19:b9:
         a8:f6:86:c2:09:42:98:f1:26:ac:69:7a:b1:c1:2b:a7:b0:66:
         1f:a5:af:87:08:6b:97:13:b8:b0:36:99:1e:05:a3:13:38:a3:
         c0:ac:30:3e:ba:21:d7:30:a6:ca:62:12:1c:af:57:8d:e5:f1:
         7a:11:ba:5e:3c:0c:37:f1:93:c1:92:88:4e:04:5a:05:5c:c7:
         cf:d6:a9:d9:e1:7d:91:78:27:fb:b4:6e:a5:8f:06:33:58:b1:
         5e:2a:11:0f
-----BEGIN CERTIFICATE-----
MIIEwzCCA6+gAwIBAgIQaguZT8AAHasR2sQCoWYnujAJBgUrDgMCHQUAMHAxKzAp
BgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNV
BAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJv
b3QgQXV0aG9yaXR5MB4XDTA2MDQwNDE3NDQxNFoXDTEyMDQyNjA3MDAwMFowgaYx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt
b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKzApBgNVBAsTIkNv
cHlyaWdodCAoYykgMjAwMCBNaWNyb3NvZnQgQ29ycC4xIzAhBgNVBAMTGk1pY3Jv
c29mdCBDb2RlIFNpZ25pbmcgUENBMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIB
CAKCAQEAw8wgjbzf/z5Q7nrC1CQl9nbOIf/NKlZOypy3grI1eS0AxKgI1WPJt6X2
6cHB1rGMlqIH+g+2glKa64LGvRDFqMDua4SOUxu7UPpkAYnBFtSCaABAeET1EjhO
+2NR4Po9ueU3sd9jByM7cUA0R/Rrrkb1J3MeIstCGR5RtlKa06PQE8YZP3EGbfKV
IURfQu3AyZlkILjBNPyiROZ7sh0vuKbe9KHfmyEP/lgxQVU4fq9Y5+TsWXklq/cq
LxE/OHg+Qn+naOR+ImgX5kqSxHhEUkehT4SJk5vAZ3vqCfuGA332mXE8K6dmmMzf
LeIrAhoPNEhl9TwSr/GHHB0mUm/MAwIBA6OCASowggEmMBMGA1UdJQQMMAoGCCsG
AQUFBwMDMIGiBgNVHQEEgZowgZeAEFvQcO9pcp4jUX4Usk2O/8uhcjBwMSswKQYD
VQQLEyJDb3B5cmlnaHQgKGMpIDE5OTcgTWljcm9zb2Z0IENvcnAuMR4wHAYDVQQL
ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xITAfBgNVBAMTGE1pY3Jvc29mdCBSb290
IEF1dGhvcml0eYIPAMEAizw8iBHRPvZj7N9AMBIGCSsGAQQBgjcVAQQFAgMDAAQw
HQYDVR0OBBYEFCX4K0tdyHJUreX2oCoXFvvB+VOBMBkGCSsGAQQBgjcUAgQMHgoA
UwB1AGIAQwBBMAsGA1UdDwQEAwIBRjAPBgNVHRMBAf8EBTADAQH/MAkGBSsOAwId
BQADggEBAGPj4PMFuLDqCws00YIxPoliRdUIp/lhZcguA/o4SEHPtfIng9PjxVZT
qLUZzszm8aD5VrZIlEck5akf3HrU9hZ6EtvzkBvsCF2zhZC5jFi7HMyV05WUM/SR
3v+Im15LSVA5JjogG1Q3/H1cFZPD3ByO8GFSPOUH7WbveeyPzldjZZUYSaB632W3
3yau/sgStsaizMZfi3Dzyturgm4H3GUZuaj2hsIJQpjxJqxperHBK6ewZh+lr4cI
a5cTuLA2mR4FoxM4o8CsMD66IdcwpspiEhyvV43l8XoRul48DDfxk8GSiE4EWgVc
x8/WqdnhfZF4J/u0bqWPBjNYsV4qEQ8=
-----END CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:46:9e:cb:00:04:00:00:00:65
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Copyright (c) 2000 Microsoft Corp., CN=Microsoft Code Signing PCA
        Validity
            Not Before: Apr  4 19:43:46 2006 GMT
            Not After : Oct  4 19:53:46 2007 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cd:81:96:38:ae:5c:a2:f2:c1:df:de:d0:ab:95:
                    8d:d6:3c:9d:1f:8b:c3:5d:86:2e:5d:f0:b1:72:f5:
                    ab:ac:88:6a:b5:da:b1:22:7b:0b:c8:c8:a5:4b:91:
                    5e:22:13:e9:f9:f5:23:9d:b5:f4:6e:76:ae:ef:ee:
                    a4:3c:c7:c4:c0:59:5c:3f:ab:b3:73:33:26:a6:62:
                    81:61:79:a1:62:f4:6e:88:95:d0:6e:dd:c7:9f:d2:
                    a4:51:11:76:61:ba:70:8a:65:a1:96:16:89:a7:5d:
                    81:d0:44:66:e5:db:56:9e:40:ca:fc:dc:76:24:2e:
                    44:30:00:e5:d6:7d:7b:95:11:d5:58:1d:a3:e8:4f:
                    0b:c9:88:dc:a2:d6:53:99:6c:ca:63:ca:99:6a:9a:
                    92:5e:4c:4d:11:e8:2f:d3:5b:5b:5e:5f:52:a3:73:
                    2d:a5:bb:84:45:0d:8c:19:15:76:cb:08:da:9a:a6:
                    70:15:e8:4d:ec:69:fd:5d:b2:6b:8f:ed:29:51:37:
                    38:8b:c6:46:49:15:94:50:98:b0:f4:68:a4:d7:de:
                    09:71:67:74:9e:77:8c:1d:85:6b:97:ea:e7:5f:45:
                    cc:e0:e6:71:0d:d1:63:00:93:7b:31:98:8e:0b:b4:
                    13:bd:b3:d0:ee:f1:df:21:ee:a9:60:61:ee:37:43:
                    3d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation
            X509v3 Subject Key Identifier: 
                EE:D9:6B:A9:75:53:CD:4F:EE:1B:4E:19:06:1E:A3:9C:AB:CF:94:FD
            X509v3 Extended Key Usage: 
                Code Signing
            X509v3 Authority Key Identifier: 
                keyid:25:F8:2B:4B:5D:C8:72:54:AD:E5:F6:A0:2A:17:16:FB:C1:F9:53:81
                DirName:/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
                serial:6A:0B:99:4F:C0:00:1D:AB:11:DA:C4:02:A1:66:27:BA

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl

            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/CodeSignPCA2.crt

    Signature Algorithm: sha1WithRSAEncryption
         38:d9:ef:95:38:9b:5c:98:14:5d:54:6e:69:df:02:c8:e7:b3:
         fb:d3:c2:4d:ad:2f:ab:7f:54:0d:da:32:b6:f8:6a:e6:0d:fb:
         21:1a:77:3e:a5:68:7a:b4:95:7e:8a:5c:f2:43:c4:83:9b:65:
         7d:88:50:51:7c:82:14:f5:83:73:d7:a2:be:5c:ca:02:70:ce:
         26:6c:17:bc:52:14:a5:89:c0:b7:e4:a1:cc:a1:75:9d:91:71:
         3d:1b:c0:56:00:56:b5:f8:84:26:da:5e:33:fb:d6:25:7a:5e:
         9a:da:a6:fb:f4:f2:41:1a:ac:55:46:ad:48:dc:91:38:13:58:
         09:49:f1:f3:31:87:1f:bc:04:8e:5b:12:65:03:e9:0b:51:d0:
         a1:0c:8a:99:bd:d9:c1:a8:d0:08:15:25:21:b5:b6:57:89:1c:
         d1:5b:86:35:a5:ca:fd:aa:87:ec:a9:37:3f:b7:43:6b:e3:20:
         f1:45:bc:7e:ae:e9:f1:55:b2:a1:48:bc:65:be:53:34:d9:c9:
         e8:06:63:04:06:78:6e:50:ff:48:bb:9b:ea:43:5a:87:db:ad:
         0a:80:f5:59:c5:2c:e4:e5:7f:5b:4a:e5:32:79:ee:22:85:92:
         0c:2d:b3:50:5b:c6:c2:40:58:58:ab:d2:cd:e3:2f:c1:cd:ec:
         6d:9f:37:79
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIKYUaeywAEAAAAZTANBgkqhkiG9w0BAQUFADCBpjELMAkG
A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UECxMiQ29weXJp
Z2h0IChjKSAyMDAwIE1pY3Jvc29mdCBDb3JwLjEjMCEGA1UEAxMaTWljcm9zb2Z0
IENvZGUgU2lnbmluZyBQQ0EwHhcNMDYwNDA0MTk0MzQ2WhcNMDcxMDA0MTk1MzQ2
WjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQD
ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDNgZY4rlyi8sHf3tCrlY3WPJ0fi8Ndhi5d8LFy9ausiGq12rEiewvI
yKVLkV4iE+n59SOdtfRudq7v7qQ8x8TAWVw/q7NzMyamYoFheaFi9G6IldBu3cef
0qRREXZhunCKZaGWFomnXYHQRGbl21aeQMr83HYkLkQwAOXWfXuVEdVYHaPoTwvJ
iNyi1lOZbMpjyplqmpJeTE0R6C/TW1teX1Kjcy2lu4RFDYwZFXbLCNqapnAV6E3s
af1dsmuP7SlRNziLxkZJFZRQmLD0aKTX3glxZ3Sed4wdhWuX6udfRczg5nEN0WMA
k3sxmI4LtBO9s9Du8d8h7qlgYe43Qz3DAgMBAAGjggGSMIIBjjAOBgNVHQ8BAf8E
BAMCBsAwHQYDVR0OBBYEFO7Za6l1U81P7htOGQYeo5yrz5T9MBMGA1UdJQQMMAoG
CCsGAQUFBwMDMIGpBgNVHSMEgaEwgZ6AFCX4K0tdyHJUreX2oCoXFvvB+VOBoXSk
cjBwMSswKQYDVQQLEyJDb3B5cmlnaHQgKGMpIDE5OTcgTWljcm9zb2Z0IENvcnAu
MR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xITAfBgNVBAMTGE1pY3Jv
c29mdCBSb290IEF1dGhvcml0eYIQaguZT8AAHasR2sQCoWYnujBLBgNVHR8ERDBC
MECgPqA8hjpodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0
cy9Db2RlU2lnblBDQTIuY3JsME8GCCsGAQUFBwEBBEMwQTA/BggrBgEFBQcwAoYz
aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9Db2RlU2lnblBDQTIu
Y3J0MA0GCSqGSIb3DQEBBQUAA4IBAQA42e+VOJtcmBRdVG5p3wLI57P708JNrS+r
f1QN2jK2+GrmDfshGnc+pWh6tJV+ilzyQ8SDm2V9iFBRfIIU9YNz16K+XMoCcM4m
bBe8UhSlicC35KHMoXWdkXE9G8BWAFa1+IQm2l4z+9Ylel6a2qb79PJBGqxVRq1I
3JE4E1gJSfHzMYcfvASOWxJlA+kLUdChDIqZvdnBqNAIFSUhtbZXiRzRW4Y1pcr9
qofsqTc/t0Nr4yDxRbx+runxVbKhSLxlvlM02cnoBmMEBnhuUP9Iu5vqQ1qH260K
gPVZxSzk5X9bSuUyee4ihZIMLbNQW8bCQFhYq9LN4y/Bzextnzd5
-----END CERTIFICATE-----
Original comment by windirstat on 17 Dec 2013 at 3:12
chunhualiu / verify-sigs

ValidateAsn1 may be too strict ... #3
