diff --git a/policy/bro.init b/policy/bro.init index a9ed8fac82..ba5c1d0b8f 100644 --- a/policy/bro.init +++ b/policy/bro.init @@ -11,9 +11,12 @@ global no_handler: event(name: string, val: any); # Type declarations type string_array: table[count] of string; type string_set: set[string]; +type count_set: set[count]; type index_vec: vector of count; type string_vec: vector of string; +type table_string_of_string: table[string] of string; + type transport_proto: enum { unknown_transport, tcp, udp, icmp }; type conn_id: record { @@ -930,16 +933,20 @@ global dns_max_queries = 5; # has bigger cipherspecs, we won't do a comparisons of cipherspecs. const ssl_max_cipherspec_size = 68 &redef; -# SSL and X.509 types. -type cipher_suites_list: set[count]; -type SSL_sessionID: table[count] of count; -type X509_extension: table[count] of string; +type X509_extensions: table[count] of string; + type X509: record { - issuer: string; + version: count; + serial: string; subject: string; - orig_addr: addr; + issuer: string; + not_valid_before: time; + not_valid_after: time; }; +# This is indexed with the CA's name and yields a DER (binary) encoded certificate. +const root_ca_certs: table[string] of string = {} &redef; + type http_stats_rec: record { num_requests: count; num_replies: count; diff --git a/policy/ssl-mozilla-CAs.bro b/policy/ssl-mozilla-CAs.bro new file mode 100644 index 0000000000..5d92e27dbd --- /dev/null +++ b/policy/ssl-mozilla-CAs.bro @@ -0,0 +1,131 @@ +redef root_ca_certs += { + ["GTE CyberTrust Global Root"] = "\x30\x82\x02\x5a\x30\x82\x01\xc3\x02\x02\x01\xa5\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x75\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x13\x0f\x47\x54\x45\x20\x43\x6f\x72\x70\x6f\x72\x61\x74\x69\x6f\x6e\x31\x27\x30\x25\x06\x03\x55\x04\x0b\x13\x1e\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x2c\x20\x49\x6e\x63\x2e\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x39\x38\x30\x38\x31\x33\x30\x30\x32\x39\x30\x30\x5a\x17\x0d\x31\x38\x30\x38\x31\x33\x32\x33\x35\x39\x30\x30\x5a\x30\x75\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x13\x0f\x47\x54\x45\x20\x43\x6f\x72\x70\x6f\x72\x61\x74\x69\x6f\x6e\x31\x27\x30\x25\x06\x03\x55\x04\x0b\x13\x1e\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x2c\x20\x49\x6e\x63\x2e\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\x95\x0f\xa0\xb6\xf0\x50\x9c\xe8\x7a\xc7\x88\xcd\xdd\x17\x0e\x2e\xb0\x94\xd0\x1b\x3d\x0e\xf6\x94\xc0\x8a\x94\xc7\x06\xc8\x90\x97\xc8\xb8\x64\x1a\x7a\x7e\x6c\x3c\x53\xe1\x37\x28\x73\x60\x7f\xb2\x97\x53\x07\x9f\x53\xf9\x6d\x58\x94\xd2\xaf\x8d\x6d\x88\x67\x80\xe6\xed\xb2\x95\xcf\x72\x31\xca\xa5\x1c\x72\xba\x5c\x02\xe7\x64\x42\xe7\xf9\xa9\x2c\xd6\x3a\x0d\xac\x8d\x42\xaa\x24\x01\x39\xe6\x9c\x3f\x01\x85\x57\x0d\x58\x87\x45\xf8\xd3\x85\xaa\x93\x69\x26\x85\x70\x48\x80\x3f\x12\x15\xc7\x79\xb4\x1f\x05\x2f\x3b\x62\x99\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x6d\xeb\x1b\x09\xe9\x5e\xd9\x51\xdb\x67\x22\x61\xa4\x2a\x3c\x48\x77\xe3\xa0\x7c\xa6\xde\x73\xa2\x14\x03\x85\x3d\xfb\xab\x0e\x30\xc5\x83\x16\x33\x81\x13\x08\x9e\x7b\x34\x4e\xdf\x40\xc8\x74\xd7\xb9\x7d\xdc\xf4\x76\x55\x7d\x9b\x63\x54\x18\xe9\xf0\xea\xf3\x5c\xb1\xd9\x8b\x42\x1e\xb9\xc0\x95\x4e\xba\xfa\xd5\xe2\x7c\xf5\x68\x61\xbf\x8e\xec\x05\x97\x5f\x5b\xb0\xd7\xa3\x85\x34\xc4\x24\xa7\x0d\x0f\x95\x93\xef\xcb\x94\xd8\x9e\x1f\x9d\x5c\x85\x6d\xc7\xaa\xae\x4f\x1f\x22\xb5\xcd\x95\xad\xba\xa7\xcc\xf9\xab\x0b\x7a\x7f", + ["Thawte Server CA"] = "\x30\x82\x03\x13\x30\x82\x02\x7c\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\xc4\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5a\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0c\x57\x65\x73\x74\x65\x72\x6e\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6f\x77\x6e\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6f\x6e\x73\x75\x6c\x74\x69\x6e\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x54\x68\x61\x77\x74\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x26\x30\x24\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x17\x73\x65\x72\x76\x65\x72\x2d\x63\x65\x72\x74\x73\x40\x74\x68\x61\x77\x74\x65\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x39\x36\x30\x38\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xc4\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5a\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0c\x57\x65\x73\x74\x65\x72\x6e\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6f\x77\x6e\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6f\x6e\x73\x75\x6c\x74\x69\x6e\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x54\x68\x61\x77\x74\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x26\x30\x24\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x17\x73\x65\x72\x76\x65\x72\x2d\x63\x65\x72\x74\x73\x40\x74\x68\x61\x77\x74\x65\x2e\x63\x6f\x6d\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xd3\xa4\x50\x6e\xc8\xff\x56\x6b\xe6\xcf\x5d\xb6\xea\x0c\x68\x75\x47\xa2\xaa\xc2\xda\x84\x25\xfc\xa8\xf4\x47\x51\xda\x85\xb5\x20\x74\x94\x86\x1e\x0f\x75\xc9\xe9\x08\x61\xf5\x06\x6d\x30\x6e\x15\x19\x02\xe9\x52\xc0\x62\xdb\x4d\x99\x9e\xe2\x6a\x0c\x44\x38\xcd\xfe\xbe\xe3\x64\x09\x70\xc5\xfe\xb1\x6b\x29\xb6\x2f\x49\xc8\x3b\xd4\x27\x04\x25\x10\x97\x2f\xe7\x90\x6d\xc0\x28\x42\x99\xd7\x4c\x43\xde\xc3\xf5\x21\x6d\x54\x9f\x5d\xc3\x58\xe1\xc0\xe4\xd9\x5b\xb0\xb8\xdc\xb4\x7b\xdf\x36\x3a\xc2\xb5\x66\x22\x12\xd6\x87\x0d\x02\x03\x01\x00\x01\xa3\x13\x30\x11\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x07\xfa\x4c\x69\x5c\xfb\x95\xcc\x46\xee\x85\x83\x4d\x21\x30\x8e\xca\xd9\xa8\x6f\x49\x1a\xe6\xda\x51\xe3\x60\x70\x6c\x84\x61\x11\xa1\x1a\xc8\x48\x3e\x59\x43\x7d\x4f\x95\x3d\xa1\x8b\xb7\x0b\x62\x98\x7a\x75\x8a\xdd\x88\x4e\x4e\x9e\x40\xdb\xa8\xcc\x32\x74\xb9\x6f\x0d\xc6\xe3\xb3\x44\x0b\xd9\x8a\x6f\x9a\x29\x9b\x99\x18\x28\x3b\xd1\xe3\x40\x28\x9a\x5a\x3c\xd5\xb5\xe7\x20\x1b\x8b\xca\xa4\xab\x8d\xe9\x51\xd9\xe2\x4c\x2c\x59\xa9\xda\xb9\xb2\x75\x1b\xf6\x42\xf2\xef\xc7\xf2\x18\xf9\x89\xbc\xa3\xff\x8a\x23\x2e\x70\x47", + ["Thawte Premium Server CA"] = "\x30\x82\x03\x27\x30\x82\x02\x90\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\xce\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5a\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0c\x57\x65\x73\x74\x65\x72\x6e\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6f\x77\x6e\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6f\x6e\x73\x75\x6c\x74\x69\x6e\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x54\x68\x61\x77\x74\x65\x20\x50\x72\x65\x6d\x69\x75\x6d\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x28\x30\x26\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x19\x70\x72\x65\x6d\x69\x75\x6d\x2d\x73\x65\x72\x76\x65\x72\x40\x74\x68\x61\x77\x74\x65\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x39\x36\x30\x38\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xce\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5a\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0c\x57\x65\x73\x74\x65\x72\x6e\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6f\x77\x6e\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6f\x6e\x73\x75\x6c\x74\x69\x6e\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x54\x68\x61\x77\x74\x65\x20\x50\x72\x65\x6d\x69\x75\x6d\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x28\x30\x26\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x19\x70\x72\x65\x6d\x69\x75\x6d\x2d\x73\x65\x72\x76\x65\x72\x40\x74\x68\x61\x77\x74\x65\x2e\x63\x6f\x6d\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xd2\x36\x36\x6a\x8b\xd7\xc2\x5b\x9e\xda\x81\x41\x62\x8f\x38\xee\x49\x04\x55\xd6\xd0\xef\x1c\x1b\x95\x16\x47\xef\x18\x48\x35\x3a\x52\xf4\x2b\x6a\x06\x8f\x3b\x2f\xea\x56\xe3\xaf\x86\x8d\x9e\x17\xf7\x9e\xb4\x65\x75\x02\x4d\xef\xcb\x09\xa2\x21\x51\xd8\x9b\xd0\x67\xd0\xba\x0d\x92\x06\x14\x73\xd4\x93\xcb\x97\x2a\x00\x9c\x5c\x4e\x0c\xbc\xfa\x15\x52\xfc\xf2\x44\x6e\xda\x11\x4a\x6e\x08\x9f\x2f\x2d\xe3\xf9\xaa\x3a\x86\x73\xb6\x46\x53\x58\xc8\x89\x05\xbd\x83\x11\xb8\x73\x3f\xaa\x07\x8d\xf4\x42\x4d\xe7\x40\x9d\x1c\x37\x02\x03\x01\x00\x01\xa3\x13\x30\x11\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x26\x48\x2c\x16\xc2\x58\xfa\xe8\x16\x74\x0c\xaa\xaa\x5f\x54\x3f\xf2\xd7\xc9\x78\x60\x5e\x5e\x6e\x37\x63\x22\x77\x36\x7e\xb2\x17\xc4\x34\xb9\xf5\x08\x85\xfc\xc9\x01\x38\xff\x4d\xbe\xf2\x16\x42\x43\xe7\xbb\x5a\x46\xfb\xc1\xc6\x11\x1f\xf1\x4a\xb0\x28\x46\xc9\xc3\xc4\x42\x7d\xbc\xfa\xab\x59\x6e\xd5\xb7\x51\x88\x11\xe3\xa4\x85\x19\x6b\x82\x4c\xa4\x0c\x12\xad\xe9\xa4\xae\x3f\xf1\xc3\x49\x65\x9a\x8c\xc5\xc8\x3e\x25\xb7\x94\x99\xbb\x92\x32\x71\x07\xf0\x86\x5e\xed\x50\x27\xa6\x0d\xa6\x23\xf9\xbb\xcb\xa6\x07\x14\x42", + ["Equifax Secure CA"] = "\x30\x82\x03\x20\x30\x82\x02\x89\xa0\x03\x02\x01\x02\x02\x04\x35\xde\xf4\xcf\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2d\x30\x2b\x06\x03\x55\x04\x0b\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x39\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5a\x17\x0d\x31\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5a\x30\x4e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2d\x30\x2b\x06\x03\x55\x04\x0b\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xc1\x5d\xb1\x58\x67\x08\x62\xee\xa0\x9a\x2d\x1f\x08\x6d\x91\x14\x68\x98\x0a\x1e\xfe\xda\x04\x6f\x13\x84\x62\x21\xc3\xd1\x7c\xce\x9f\x05\xe0\xb8\x01\xf0\x4e\x34\xec\xe2\x8a\x95\x04\x64\xac\xf1\x6b\x53\x5f\x05\xb3\xcb\x67\x80\xbf\x42\x02\x8e\xfe\xdd\x01\x09\xec\xe1\x00\x14\x4f\xfc\xfb\xf0\x0c\xdd\x43\xba\x5b\x2b\xe1\x1f\x80\x70\x99\x15\x57\x93\x16\xf1\x0f\x97\x6a\xb7\xc2\x68\x23\x1c\xcc\x4d\x59\x30\xac\x51\x1e\x3b\xaf\x2b\xd6\xee\x63\x45\x7b\xc5\xd9\x5f\x50\xd2\xe3\x50\x0f\x3a\x88\xe7\xbf\x14\xfd\xe0\xc7\xb9\x02\x03\x01\x00\x01\xa3\x82\x01\x09\x30\x82\x01\x05\x30\x70\x06\x03\x55\x1d\x1f\x04\x69\x30\x67\x30\x65\xa0\x63\xa0\x61\xa4\x5f\x30\x5d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2d\x30\x2b\x06\x03\x55\x04\x0b\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x1a\x06\x03\x55\x1d\x10\x04\x13\x30\x11\x81\x0f\x32\x30\x31\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x48\xe6\x68\xf9\x2b\xd2\xb2\x95\xd7\x47\xd8\x23\x20\x10\x4f\x33\x98\x90\x9f\xd4\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x48\xe6\x68\xf9\x2b\xd2\xb2\x95\xd7\x47\xd8\x23\x20\x10\x4f\x33\x98\x90\x9f\xd4\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x1a\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x0d\x30\x0b\x1b\x05\x56\x33\x2e\x30\x63\x03\x02\x06\xc0\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x58\xce\x29\xea\xfc\xf7\xde\xb5\xce\x02\xb9\x17\xb5\x85\xd1\xb9\xe3\xe0\x95\xcc\x25\x31\x0d\x00\xa6\x92\x6e\x7f\xb6\x92\x63\x9e\x50\x95\xd1\x9a\x6f\xe4\x11\xde\x63\x85\x6e\x98\xee\xa8\xff\x5a\xc8\xd3\x55\xb2\x66\x71\x57\xde\xc0\x21\xeb\x3d\x2a\xa7\x23\x49\x01\x04\x86\x42\x7b\xfc\xee\x7f\xa2\x16\x52\xb5\x67\x67\xd3\x40\xdb\x3b\x26\x58\xb2\x28\x77\x3d\xae\x14\x77\x61\xd6\xfa\x2a\x66\x27\xa0\x0d\xfa\xa7\x73\x5c\xea\x70\xf1\x94\x21\x65\x44\x5f\xfa\xfc\xef\x29\x68\xa9\xa2\x87\x79\xef\x79\xef\x4f\xac\x07\x77\x38", + ["Digital Signature Trust Co. Global CA 1"] = "\x30\x82\x03\x29\x30\x82\x02\x92\xa0\x03\x02\x01\x02\x02\x04\x36\x70\x15\x96\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x46\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x43\x41\x20\x45\x31\x30\x1e\x17\x0d\x39\x38\x31\x32\x31\x30\x31\x38\x31\x30\x32\x33\x5a\x17\x0d\x31\x38\x31\x32\x31\x30\x31\x38\x34\x30\x32\x33\x5a\x30\x46\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x43\x41\x20\x45\x31\x30\x81\x9d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8b\x00\x30\x81\x87\x02\x81\x81\x00\xa0\x6c\x81\xa9\xcf\x34\x1e\x24\xdd\xfe\x86\x28\xcc\xde\x83\x2f\xf9\x5e\xd4\x42\xd2\xe8\x74\x60\x66\x13\x98\x06\x1c\xa9\x51\x12\x69\x6f\x31\x55\xb9\x49\x72\x00\x08\x7e\xd3\xa5\x62\x44\x37\x24\x99\x8f\xd9\x83\x48\x8f\x99\x6d\x95\x13\xbb\x43\x3b\x2e\x49\x4e\x88\x37\xc1\xbb\x58\x7f\xfe\xe1\xbd\xf8\xbb\x61\xcd\xf3\x47\xc0\x99\xa6\xf1\xf3\x91\xe8\x78\x7c\x00\xcb\x61\xc9\x44\x27\x71\x69\x55\x4a\x7e\x49\x4d\xed\xa2\xa3\xbe\x02\x4c\x00\xca\x02\xa8\xee\x01\x02\x31\x64\x0f\x52\x2d\x13\x74\x76\x36\xb5\x7a\xb4\x2d\x71\x02\x01\x03\xa3\x82\x01\x24\x30\x82\x01\x20\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x68\x06\x03\x55\x1d\x1f\x04\x61\x30\x5f\x30\x5d\xa0\x5b\xa0\x59\xa4\x57\x30\x55\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x43\x41\x20\x45\x31\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x31\x39\x39\x38\x31\x32\x31\x30\x31\x38\x31\x30\x32\x33\x5a\x81\x0f\x32\x30\x31\x38\x31\x32\x31\x30\x31\x38\x31\x30\x32\x33\x5a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x6a\x79\x7e\x91\x69\x46\x18\x13\x0a\x02\x77\xa5\x59\x5b\x60\x98\x25\x0e\xa2\xf8\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x6a\x79\x7e\x91\x69\x46\x18\x13\x0a\x02\x77\xa5\x59\x5b\x60\x98\x25\x0e\xa2\xf8\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x19\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x0c\x30\x0a\x1b\x04\x56\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x22\x12\xd8\x7a\x1d\xdc\x81\x06\xb6\x09\x65\xb2\x87\xc8\x1f\x5e\xb4\x2f\xe9\xc4\x1e\xf2\x3c\xc1\xbb\x04\x90\x11\x4a\x83\x4e\x7e\x93\xb9\x4d\x42\xc7\x92\x26\xa0\x5c\x34\x9a\x38\x72\xf8\xfd\x6b\x16\x3e\x20\xee\x82\x8b\x31\x2a\x93\x36\x85\x23\x88\x8a\x3c\x03\x68\xd3\xc9\x09\x0f\x4d\xfc\x6c\xa4\xda\x28\x72\x93\x0e\x89\x80\xb0\x7d\xfe\x80\x6f\x65\x6d\x18\x33\x97\x8b\xc2\x6b\x89\xee\x60\x3d\xc8\x9b\xef\x7f\x2b\x32\x62\x73\x93\xcb\x3c\xe3\x7b\xe2\x76\x78\x45\xbc\xa1\x93\x04\xbb\x86\x9f\x3a\x5b\x43\x7a\xc3\x8a\x65", + ["Digital Signature Trust Co. Global CA 3"] = "\x30\x82\x03\x29\x30\x82\x02\x92\xa0\x03\x02\x01\x02\x02\x04\x36\x6e\xd3\xce\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x46\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x30\x1e\x17\x0d\x39\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5a\x17\x0d\x31\x38\x31\x32\x30\x39\x31\x39\x34\x37\x32\x36\x5a\x30\x46\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x30\x81\x9d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8b\x00\x30\x81\x87\x02\x81\x81\x00\xbf\x93\x8f\x17\x92\xef\x33\x13\x18\xeb\x10\x7f\x4e\x16\xbf\xff\x06\x8f\x2a\x85\xbc\x5e\xf9\x24\xa6\x24\x88\xb6\x03\xb7\xc1\xc3\x5f\x03\x5b\xd1\x6f\xae\x7e\x42\xea\x66\x23\xb8\x63\x83\x56\xfb\x28\x2d\xe1\x38\x8b\xb4\xee\xa8\x01\xe1\xce\x1c\xb6\x88\x2a\x22\x46\x85\xfb\x9f\xa7\x70\xa9\x47\x14\x3f\xce\xde\x65\xf0\xa8\x71\xf7\x4f\x26\x6c\x8c\xbc\xc6\xb5\xef\xde\x49\x27\xff\x48\x2a\x7d\xe8\x4d\x03\xcc\xc7\xb2\x52\xc6\x17\x31\x13\x3b\xb5\x4d\xdb\xc8\xc4\xf6\xc3\x0f\x24\x2a\xda\x0c\x9d\xe7\x91\x5b\x80\xcd\x94\x9d\x02\x01\x03\xa3\x82\x01\x24\x30\x82\x01\x20\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x68\x06\x03\x55\x1d\x1f\x04\x61\x30\x5f\x30\x5d\xa0\x5b\xa0\x59\xa4\x57\x30\x55\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x31\x39\x39\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5a\x81\x0f\x32\x30\x31\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x1e\x82\x4d\x28\x65\x80\x3c\xc9\x41\x6e\xac\x35\x2e\x5a\xcb\xde\xee\xf8\x39\x5b\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x1e\x82\x4d\x28\x65\x80\x3c\xc9\x41\x6e\xac\x35\x2e\x5a\xcb\xde\xee\xf8\x39\x5b\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x19\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x0c\x30\x0a\x1b\x04\x56\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x47\x8d\x83\xad\x62\xf2\xdb\xb0\x9e\x45\x22\x05\xb9\xa2\xd6\x03\x0e\x38\x72\xe7\x9e\xfc\x7b\xe6\x93\xb6\x9a\xa5\xa2\x94\xc8\x34\x1d\x91\xd1\xc5\xd7\xf4\x0a\x25\x0f\x3d\x78\x81\x9e\x0f\xb1\x67\xc4\x90\x4c\x63\xdd\x5e\xa7\xe2\xba\x9f\xf5\xf7\x4d\xa5\x31\x7b\x9c\x29\x2d\x4c\xfe\x64\x3e\xec\xb6\x53\xfe\xea\x9b\xed\x82\xdb\x74\x75\x4b\x07\x79\x6e\x1e\xd8\x19\x83\x73\xde\xf5\x3e\xd0\xb5\xde\xe7\x4b\x68\x7d\x43\x2e\x2a\x20\xe1\x7e\xa0\x78\x44\x9e\x08\xf5\x98\xf9\xc7\x7f\x1b\x1b\xd6\x06\x20\x02\x58\xa1\xc3\xa2\x03", + ["Verisign Class 3 Public Primary Certification Authority"] = "\x30\x82\x02\x3c\x30\x82\x01\xa5\x02\x10\x70\xba\xe4\x1d\x10\xd9\x29\x34\xb6\x38\xca\x7b\x03\xcc\xba\xbf\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x02\x05\x00\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x0b\x13\x2e\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x0b\x13\x2e\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xc9\x5c\x59\x9e\xf2\x1b\x8a\x01\x14\xb4\x10\xdf\x04\x40\xdb\xe3\x57\xaf\x6a\x45\x40\x8f\x84\x0c\x0b\xd1\x33\xd9\xd9\x11\xcf\xee\x02\x58\x1f\x25\xf7\x2a\xa8\x44\x05\xaa\xec\x03\x1f\x78\x7f\x9e\x93\xb9\x9a\x00\xaa\x23\x7d\xd6\xac\x85\xa2\x63\x45\xc7\x72\x27\xcc\xf4\x4c\xc6\x75\x71\xd2\x39\xef\x4f\x42\xf0\x75\xdf\x0a\x90\xc6\x8e\x20\x6f\x98\x0f\xf8\xac\x23\x5f\x70\x29\x36\xa4\xc9\x86\xe7\xb1\x9a\x20\xcb\x53\xa5\x85\xe7\x3d\xbe\x7d\x9a\xfe\x24\x45\x33\xdc\x76\x15\xed\x0f\xa2\x71\x64\x4c\x65\x2e\x81\x68\x45\xa7\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x02\x05\x00\x03\x81\x81\x00\xbb\x4c\x12\x2b\xcf\x2c\x26\x00\x4f\x14\x13\xdd\xa6\xfb\xfc\x0a\x11\x84\x8c\xf3\x28\x1c\x67\x92\x2f\x7c\xb6\xc5\xfa\xdf\xf0\xe8\x95\xbc\x1d\x8f\x6c\x2c\xa8\x51\xcc\x73\xd8\xa4\xc0\x53\xf0\x4e\xd6\x26\xc0\x76\x01\x57\x81\x92\x5e\x21\xf1\xd1\xb1\xff\xe7\xd0\x21\x58\xcd\x69\x17\xe3\x44\x1c\x9c\x19\x44\x39\x89\x5c\xdc\x9c\x00\x0f\x56\x8d\x02\x99\xed\xa2\x90\x45\x4c\xe4\xbb\x10\xa4\x3d\xf0\x32\x03\x0e\xf1\xce\xf8\xe8\xc9\x51\x8c\xe6\x62\x9f\xe6\x9f\xc0\x7d\xb7\x72\x9c\xc9\x36\x3a\x6b\x9f\x4e\xa8\xff\x64\x0d\x64", + ["Verisign Class 3 Public Primary Certification Authority - G2"] = "\x30\x82\x03\x02\x30\x82\x02\x6b\x02\x10\x7d\xd9\xfe\x07\xcf\xa8\x1e\xb7\x10\x79\x67\xfb\xa7\x89\x34\xc6\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xc1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x0b\x13\x33\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x32\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x30\x1e\x17\x0d\x39\x38\x30\x35\x31\x38\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xc1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x0b\x13\x33\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x32\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xcc\x5e\xd1\x11\x5d\x5c\x69\xd0\xab\xd3\xb9\x6a\x4c\x99\x1f\x59\x98\x30\x8e\x16\x85\x20\x46\x6d\x47\x3f\xd4\x85\x20\x84\xe1\x6d\xb3\xf8\xa4\xed\x0c\xf1\x17\x0f\x3b\xf9\xa7\xf9\x25\xd7\xc1\xcf\x84\x63\xf2\x7c\x63\xcf\xa2\x47\xf2\xc6\x5b\x33\x8e\x64\x40\x04\x68\xc1\x80\xb9\x64\x1c\x45\x77\xc7\xd8\x6e\xf5\x95\x29\x3c\x50\xe8\x34\xd7\x78\x1f\xa8\xba\x6d\x43\x91\x95\x8f\x45\x57\x5e\x7e\xc5\xfb\xca\xa4\x04\xeb\xea\x97\x37\x54\x30\x6f\xbb\x01\x47\x32\x33\xcd\xdc\x57\x9b\x64\x69\x61\xf8\x9b\x1d\x1c\x89\x4f\x5c\x67\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x51\x4d\xcd\xbe\x5c\xcb\x98\x19\x9c\x15\xb2\x01\x39\x78\x2e\x4d\x0f\x67\x70\x70\x99\xc6\x10\x5a\x94\xa4\x53\x4d\x54\x6d\x2b\xaf\x0d\x5d\x40\x8b\x64\xd3\xd7\xee\xde\x56\x61\x92\x5f\xa6\xc4\x1d\x10\x61\x36\xd3\x2c\x27\x3c\xe8\x29\x09\xb9\x11\x64\x74\xcc\xb5\x73\x9f\x1c\x48\xa9\xbc\x61\x01\xee\xe2\x17\xa6\x0c\xe3\x40\x08\x3b\x0e\xe7\xeb\x44\x73\x2a\x9a\xf1\x69\x92\xef\x71\x14\xc3\x39\xac\x71\xa7\x91\x09\x6f\xe4\x71\x06\xb3\xba\x59\x57\x26\x79\x00\xf6\xf8\x0d\xa2\x33\x30\x28\xd4\xaa\x58\xa0\x9d\x9d\x69\x91\xfd", + ["Verisign Class 4 Public Primary Certification Authority - G2"] = "\x30\x82\x03\x02\x30\x82\x02\x6b\x02\x10\x32\x88\x8e\x9a\xd2\xf5\xeb\x13\x47\xf8\x7f\xc4\x20\x37\x25\xf8\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xc1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x0b\x13\x33\x43\x6c\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x32\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x30\x1e\x17\x0d\x39\x38\x30\x35\x31\x38\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xc1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x0b\x13\x33\x43\x6c\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x32\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xba\xf0\xe4\xcf\xf9\xc4\xae\x85\x54\xb9\x07\x57\xf9\x8f\xc5\x7f\x68\x11\xf8\xc4\x17\xb0\x44\xdc\xe3\x30\x73\xd5\x2a\x62\x2a\xb8\xd0\xcc\x1c\xed\x28\x5b\x7e\xbd\x6a\xdc\xb3\x91\x24\xca\x41\x62\x3c\xfc\x02\x01\xbf\x1c\x16\x31\x94\x05\x97\x76\x6e\xa2\xad\xbd\x61\x17\x6c\x4e\x30\x86\xf0\x51\x37\x2a\x50\xc7\xa8\x62\x81\xdc\x5b\x4a\xaa\xc1\xa0\xb4\x6e\xeb\x2f\xe5\x57\xc5\xb1\x2b\x40\x70\xdb\x5a\x4d\xa1\x8e\x1f\xbd\x03\x1f\xd8\x03\xd4\x8f\x4c\x99\x71\xbc\xe2\x82\xcc\x58\xe8\x98\x3a\x86\xd3\x86\x38\xf3\x00\x29\x1f\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x85\x8c\x12\xc1\xa7\xb9\x50\x15\x7a\xcb\x3e\xac\xb8\x43\x8a\xdc\xaa\xdd\x14\xba\x89\x81\x7e\x01\x3c\x23\x71\x21\x88\x2f\x82\xdc\x63\xfa\x02\x45\xac\x45\x59\xd7\x2a\x58\x44\x5b\xb7\x9f\x81\x3b\x92\x68\x3d\xe2\x37\x24\xf5\x7b\x6c\x8f\x76\x35\x96\x09\xa8\x59\x9d\xb9\xce\x23\xab\x74\xd6\x83\xfd\x32\x73\x27\xd8\x69\x3e\x43\x74\xf6\xae\xc5\x89\x9a\xe7\x53\x7c\xe9\x7b\xf6\x4b\xf3\xc1\x65\x83\xde\x8d\x8a\x9c\x3c\x88\x8d\x39\x59\xfc\xaa\x3f\x22\x8d\xa1\xc1\x66\x50\x81\x72\x4c\xed\x22\x64\x4f\x4f\xca\x80\x91\xb6\x29", + ["GlobalSign Root CA"] = "\x30\x82\x03\x75\x30\x82\x02\x5d\xa0\x03\x02\x01\x02\x02\x0b\x04\x00\x00\x00\x00\x01\x15\x4b\x5a\xc3\x94\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x57\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x6e\x76\x2d\x73\x61\x31\x10\x30\x0e\x06\x03\x55\x04\x0b\x13\x07\x52\x6f\x6f\x74\x20\x43\x41\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x39\x38\x30\x39\x30\x31\x31\x32\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x30\x31\x32\x38\x31\x32\x30\x30\x30\x30\x5a\x30\x57\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x6e\x76\x2d\x73\x61\x31\x10\x30\x0e\x06\x03\x55\x04\x0b\x13\x07\x52\x6f\x6f\x74\x20\x43\x41\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xda\x0e\xe6\x99\x8d\xce\xa3\xe3\x4f\x8a\x7e\xfb\xf1\x8b\x83\x25\x6b\xea\x48\x1f\xf1\x2a\xb0\xb9\x95\x11\x04\xbd\xf0\x63\xd1\xe2\x67\x66\xcf\x1c\xdd\xcf\x1b\x48\x2b\xee\x8d\x89\x8e\x9a\xaf\x29\x80\x65\xab\xe9\xc7\x2d\x12\xcb\xab\x1c\x4c\x70\x07\xa1\x3d\x0a\x30\xcd\x15\x8d\x4f\xf8\xdd\xd4\x8c\x50\x15\x1c\xef\x50\xee\xc4\x2e\xf7\xfc\xe9\x52\xf2\x91\x7d\xe0\x6d\xd5\x35\x30\x8e\x5e\x43\x73\xf2\x41\xe9\xd5\x6a\xe3\xb2\x89\x3a\x56\x39\x38\x6f\x06\x3c\x88\x69\x5b\x2a\x4d\xc5\xa7\x54\xb8\x6c\x89\xcc\x9b\xf9\x3c\xca\xe5\xfd\x89\xf5\x12\x3c\x92\x78\x96\xd6\xdc\x74\x6e\x93\x44\x61\xd1\x8d\xc7\x46\xb2\x75\x0e\x86\xe8\x19\x8a\xd5\x6d\x6c\xd5\x78\x16\x95\xa2\xe9\xc8\x0a\x38\xeb\xf2\x24\x13\x4f\x73\x54\x93\x13\x85\x3a\x1b\xbc\x1e\x34\xb5\x8b\x05\x8c\xb9\x77\x8b\xb1\xdb\x1f\x20\x91\xab\x09\x53\x6e\x90\xce\x7b\x37\x74\xb9\x70\x47\x91\x22\x51\x63\x16\x79\xae\xb1\xae\x41\x26\x08\xc8\x19\x2b\xd1\x46\xaa\x48\xd6\x64\x2a\xd7\x83\x34\xff\x2c\x2a\xc1\x6c\x19\x43\x4a\x07\x85\xe7\xd3\x7c\xf6\x21\x68\xef\xea\xf2\x52\x9f\x7f\x93\x90\xcf\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x60\x7b\x66\x1a\x45\x0d\x97\xca\x89\x50\x2f\x7d\x04\xcd\x34\xa8\xff\xfc\xfd\x4b\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xd6\x73\xe7\x7c\x4f\x76\xd0\x8d\xbf\xec\xba\xa2\xbe\x34\xc5\x28\x32\xb5\x7c\xfc\x6c\x9c\x2c\x2b\xbd\x09\x9e\x53\xbf\x6b\x5e\xaa\x11\x48\xb6\xe5\x08\xa3\xb3\xca\x3d\x61\x4d\xd3\x46\x09\xb3\x3e\xc3\xa0\xe3\x63\x55\x1b\xf2\xba\xef\xad\x39\xe1\x43\xb9\x38\xa3\xe6\x2f\x8a\x26\x3b\xef\xa0\x50\x56\xf9\xc6\x0a\xfd\x38\xcd\xc4\x0b\x70\x51\x94\x97\x98\x04\xdf\xc3\x5f\x94\xd5\x15\xc9\x14\x41\x9c\xc4\x5d\x75\x64\x15\x0d\xff\x55\x30\xec\x86\x8f\xff\x0d\xef\x2c\xb9\x63\x46\xf6\xaa\xfc\xdf\xbc\x69\xfd\x2e\x12\x48\x64\x9a\xe0\x95\xf0\xa6\xef\x29\x8f\x01\xb1\x15\xb5\x0c\x1d\xa5\xfe\x69\x2c\x69\x24\x78\x1e\xb3\xa7\x1c\x71\x62\xee\xca\xc8\x97\xac\x17\x5d\x8a\xc2\xf8\x47\x86\x6e\x2a\xc4\x56\x31\x95\xd0\x67\x89\x85\x2b\xf9\x6c\xa6\x5d\x46\x9d\x0c\xaa\x82\xe4\x99\x51\xdd\x70\xb7\xdb\x56\x3d\x61\xe4\x6a\xe1\x5c\xd6\xf6\xfe\x3d\xde\x41\xcc\x07\xae\x63\x52\xbf\x53\x53\xf4\x2b\xe9\xc7\xfd\xb6\xf7\x82\x5f\x85\xd2\x41\x18\xdb\x81\xb3\x04\x1c\xc5\x1f\xa4\x80\x6f\x15\x20\xc9\xde\x0c\x88\x0a\x1d\xd6\x66\x55\xe2\xfc\x48\xc9\x29\x26\x69\xe0", + ["GlobalSign Root CA - R2"] = "\x30\x82\x03\xba\x30\x82\x02\xa2\xa0\x03\x02\x01\x02\x02\x0b\x04\x00\x00\x00\x00\x01\x0f\x86\x26\xe6\x0d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4c\x31\x20\x30\x1e\x06\x03\x55\x04\x0b\x13\x17\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x30\x1e\x17\x0d\x30\x36\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5a\x17\x0d\x32\x31\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5a\x30\x4c\x31\x20\x30\x1e\x06\x03\x55\x04\x0b\x13\x17\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x52\x32\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa6\xcf\x24\x0e\xbe\x2e\x6f\x28\x99\x45\x42\xc4\xab\x3e\x21\x54\x9b\x0b\xd3\x7f\x84\x70\xfa\x12\xb3\xcb\xbf\x87\x5f\xc6\x7f\x86\xd3\xb2\x30\x5c\xd6\xfd\xad\xf1\x7b\xdc\xe5\xf8\x60\x96\x09\x92\x10\xf5\xd0\x53\xde\xfb\x7b\x7e\x73\x88\xac\x52\x88\x7b\x4a\xa6\xca\x49\xa6\x5e\xa8\xa7\x8c\x5a\x11\xbc\x7a\x82\xeb\xbe\x8c\xe9\xb3\xac\x96\x25\x07\x97\x4a\x99\x2a\x07\x2f\xb4\x1e\x77\xbf\x8a\x0f\xb5\x02\x7c\x1b\x96\xb8\xc5\xb9\x3a\x2c\xbc\xd6\x12\xb9\xeb\x59\x7d\xe2\xd0\x06\x86\x5f\x5e\x49\x6a\xb5\x39\x5e\x88\x34\xec\xbc\x78\x0c\x08\x98\x84\x6c\xa8\xcd\x4b\xb4\xa0\x7d\x0c\x79\x4d\xf0\xb8\x2d\xcb\x21\xca\xd5\x6c\x5b\x7d\xe1\xa0\x29\x84\xa1\xf9\xd3\x94\x49\xcb\x24\x62\x91\x20\xbc\xdd\x0b\xd5\xd9\xcc\xf9\xea\x27\x0a\x2b\x73\x91\xc6\x9d\x1b\xac\xc8\xcb\xe8\xe0\xa0\xf4\x2f\x90\x8b\x4d\xfb\xb0\x36\x1b\xf6\x19\x7a\x85\xe0\x6d\xf2\x61\x13\x88\x5c\x9f\xe0\x93\x0a\x51\x97\x8a\x5a\xce\xaf\xab\xd5\xf7\xaa\x09\xaa\x60\xbd\xdc\xd9\x5f\xdf\x72\xa9\x60\x13\x5e\x00\x01\xc9\x4a\xfa\x3f\xa4\xea\x07\x03\x21\x02\x8e\x82\xca\x03\xc2\x9b\x8f\x02\x03\x01\x00\x01\xa3\x81\x9c\x30\x81\x99\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x9b\xe2\x07\x57\x67\x1c\x1e\xc0\x6a\x06\xde\x59\xb4\x9a\x2d\xdf\xdc\x19\x86\x2e\x30\x36\x06\x03\x55\x1d\x1f\x04\x2f\x30\x2d\x30\x2b\xa0\x29\xa0\x27\x86\x25\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x67\x6c\x6f\x62\x61\x6c\x73\x69\x67\x6e\x2e\x6e\x65\x74\x2f\x72\x6f\x6f\x74\x2d\x72\x32\x2e\x63\x72\x6c\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x9b\xe2\x07\x57\x67\x1c\x1e\xc0\x6a\x06\xde\x59\xb4\x9a\x2d\xdf\xdc\x19\x86\x2e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x99\x81\x53\x87\x1c\x68\x97\x86\x91\xec\xe0\x4a\xb8\x44\x0b\xab\x81\xac\x27\x4f\xd6\xc1\xb8\x1c\x43\x78\xb3\x0c\x9a\xfc\xea\x2c\x3c\x6e\x61\x1b\x4d\x4b\x29\xf5\x9f\x05\x1d\x26\xc1\xb8\xe9\x83\x00\x62\x45\xb6\xa9\x08\x93\xb9\xa9\x33\x4b\x18\x9a\xc2\xf8\x87\x88\x4e\xdb\xdd\x71\x34\x1a\xc1\x54\xda\x46\x3f\xe0\xd3\x2a\xab\x6d\x54\x22\xf5\x3a\x62\xcd\x20\x6f\xba\x29\x89\xd7\xdd\x91\xee\xd3\x5c\xa2\x3e\xa1\x5b\x41\xf5\xdf\xe5\x64\x43\x2d\xe9\xd5\x39\xab\xd2\xa2\xdf\xb7\x8b\xd0\xc0\x80\x19\x1c\x45\xc0\x2d\x8c\xe8\xf8\x2d\xa4\x74\x56\x49\xc5\x05\xb5\x4f\x15\xde\x6e\x44\x78\x39\x87\xa8\x7e\xbb\xf3\x79\x18\x91\xbb\xf4\x6f\x9d\xc1\xf0\x8c\x35\x8c\x5d\x01\xfb\xc3\x6d\xb9\xef\x44\x6d\x79\x46\x31\x7e\x0a\xfe\xa9\x82\xc1\xff\xef\xab\x6e\x20\xc4\x50\xc9\x5f\x9d\x4d\x9b\x17\x8c\x0c\xe5\x01\xc9\xa0\x41\x6a\x73\x53\xfa\xa5\x50\xb4\x6e\x25\x0f\xfb\x4c\x18\xf4\xfd\x52\xd9\x8e\x69\xb1\xe8\x11\x0f\xde\x88\xd8\xfb\x1d\x49\xf7\xaa\xde\x95\xcf\x20\x78\xc2\x60\x12\xdb\x25\x40\x8c\x6a\xfc\x7e\x42\x38\x40\x64\x12\xf7\x9e\x81\xe1\x93\x2e", + ["ValiCert Class 1 VA"] = "\x30\x82\x02\xe7\x30\x82\x02\x50\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xbb\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1b\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x61\x6c\x69\x43\x65\x72\x74\x2c\x20\x49\x6e\x63\x2e\x31\x35\x30\x33\x06\x03\x55\x04\x0b\x13\x2c\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x43\x6c\x61\x73\x73\x20\x31\x20\x50\x6f\x6c\x69\x63\x79\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x2f\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x35\x32\x32\x32\x33\x34\x38\x5a\x17\x0d\x31\x39\x30\x36\x32\x35\x32\x32\x32\x33\x34\x38\x5a\x30\x81\xbb\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1b\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x61\x6c\x69\x43\x65\x72\x74\x2c\x20\x49\x6e\x63\x2e\x31\x35\x30\x33\x06\x03\x55\x04\x0b\x13\x2c\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x43\x6c\x61\x73\x73\x20\x31\x20\x50\x6f\x6c\x69\x63\x79\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x2f\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xd8\x59\x82\x7a\x89\xb8\x96\xba\xa6\x2f\x68\x6f\x58\x2e\xa7\x54\x1c\x06\x6e\xf4\xea\x8d\x48\xbc\x31\x94\x17\xf0\xf3\x4e\xbc\xb2\xb8\x35\x92\x76\xb0\xd0\xa5\xa5\x01\xd7\x00\x03\x12\x22\x19\x08\xf8\xff\x11\x23\x9b\xce\x07\xf5\xbf\x69\x1a\x26\xfe\x4e\xe9\xd1\x7f\x9d\x2c\x40\x1d\x59\x68\x6e\xa6\xf8\x58\xb0\x9d\x1a\x8f\xd3\x3f\xf1\xdc\x19\x06\x81\xa8\x0e\xe0\x3a\xdd\xc8\x53\x45\x09\x06\xe6\x0f\x70\xc3\xfa\x40\xa6\x0e\xe2\x56\x05\x0f\x18\x4d\xfc\x20\x82\xd1\x73\x55\x74\x8d\x76\x72\xa0\x1d\x9d\x1d\xc0\xdd\x3f\x71\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x50\x68\x3d\x49\xf4\x2c\x1c\x06\x94\xdf\x95\x60\x7f\x96\x7b\x17\xfe\x4f\x71\xad\x64\xc8\xdd\x77\xd2\xef\x59\x55\xe8\x3f\xe8\x8e\x05\x2a\x21\xf2\x07\xd2\xb5\xa7\x52\xfe\x9c\xb1\xb6\xe2\x5b\x77\x17\x40\xea\x72\xd6\x23\xcb\x28\x81\x32\xc3\x00\x79\x18\xec\x59\x17\x89\xc9\xc6\x6a\x1e\x71\xc9\xfd\xb7\x74\xa5\x25\x45\x69\xc5\x48\xab\x19\xe1\x45\x8a\x25\x6b\x19\xee\xe5\xbb\x12\xf5\x7f\xf7\xa6\x8d\x51\xc3\xf0\x9d\x74\xb7\xa9\x3e\xa0\xa5\xff\xb6\x49\x03\x13\xda\x22\xcc\xed\x71\x82\x2b\x99\xcf\x3a\xb7\xf5\x2d\x72\xc8", + ["ValiCert Class 2 VA"] = "\x30\x82\x02\xe7\x30\x82\x02\x50\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xbb\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1b\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x61\x6c\x69\x43\x65\x72\x74\x2c\x20\x49\x6e\x63\x2e\x31\x35\x30\x33\x06\x03\x55\x04\x0b\x13\x2c\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x50\x6f\x6c\x69\x63\x79\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x2f\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x36\x30\x30\x31\x39\x35\x34\x5a\x17\x0d\x31\x39\x30\x36\x32\x36\x30\x30\x31\x39\x35\x34\x5a\x30\x81\xbb\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1b\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x61\x6c\x69\x43\x65\x72\x74\x2c\x20\x49\x6e\x63\x2e\x31\x35\x30\x33\x06\x03\x55\x04\x0b\x13\x2c\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x50\x6f\x6c\x69\x63\x79\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x2f\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xce\x3a\x71\xca\xe5\xab\xc8\x59\x92\x55\xd7\xab\xd8\x74\x0e\xf9\xee\xd9\xf6\x55\x47\x59\x65\x47\x0e\x05\x55\xdc\xeb\x98\x36\x3c\x5c\x53\x5d\xd3\x30\xcf\x38\xec\xbd\x41\x89\xed\x25\x42\x09\x24\x6b\x0a\x5e\xb3\x7c\xdd\x52\x2d\x4c\xe6\xd4\xd6\x7d\x5a\x59\xa9\x65\xd4\x49\x13\x2d\x24\x4d\x1c\x50\x6f\xb5\xc1\x85\x54\x3b\xfe\x71\xe4\xd3\x5c\x42\xf9\x80\xe0\x91\x1a\x0a\x5b\x39\x36\x67\xf3\x3f\x55\x7c\x1b\x3f\xb4\x5f\x64\x73\x34\xe3\xb4\x12\xbf\x87\x64\xf8\xda\x12\xff\x37\x27\xc1\xb3\x43\xbb\xef\x7b\x6e\x2e\x69\xf7\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x3b\x7f\x50\x6f\x6f\x50\x94\x99\x49\x62\x38\x38\x1f\x4b\xf8\xa5\xc8\x3e\xa7\x82\x81\xf6\x2b\xc7\xe8\xc5\xce\xe8\x3a\x10\x82\xcb\x18\x00\x8e\x4d\xbd\xa8\x58\x7f\xa1\x79\x00\xb5\xbb\xe9\x8d\xaf\x41\xd9\x0f\x34\xee\x21\x81\x19\xa0\x32\x49\x28\xf4\xc4\x8e\x56\xd5\x52\x33\xfd\x50\xd5\x7e\x99\x6c\x03\xe4\xc9\x4c\xfc\xcb\x6c\xab\x66\xb3\x4a\x21\x8c\xe5\xb5\x0c\x32\x3e\x10\xb2\xcc\x6c\xa1\xdc\x9a\x98\x4c\x02\x5b\xf3\xce\xb9\x9e\xa5\x72\x0e\x4a\xb7\x3f\x3c\xe6\x16\x68\xf8\xbe\xed\x74\x4c\xbc\x5b\xd5\x62\x1f\x43\xdd", + ["RSA Root Certificate 1"] = "\x30\x82\x02\xe7\x30\x82\x02\x50\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xbb\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1b\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x61\x6c\x69\x43\x65\x72\x74\x2c\x20\x49\x6e\x63\x2e\x31\x35\x30\x33\x06\x03\x55\x04\x0b\x13\x2c\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x6f\x6c\x69\x63\x79\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x2f\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x36\x30\x30\x32\x32\x33\x33\x5a\x17\x0d\x31\x39\x30\x36\x32\x36\x30\x30\x32\x32\x33\x33\x5a\x30\x81\xbb\x31\x24\x30\x22\x06\x03\x55\x04\x07\x13\x1b\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x61\x6c\x69\x43\x65\x72\x74\x2c\x20\x49\x6e\x63\x2e\x31\x35\x30\x33\x06\x03\x55\x04\x0b\x13\x2c\x56\x61\x6c\x69\x43\x65\x72\x74\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x6f\x6c\x69\x63\x79\x20\x56\x61\x6c\x69\x64\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x2f\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x76\x61\x6c\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xe3\x98\x51\x96\x1c\xe8\xd5\xb1\x06\x81\x6a\x57\xc3\x72\x75\x93\xab\xcf\x9e\xa6\xfc\xf3\x16\x52\xd6\x2d\x4d\x9f\x35\x44\xa8\x2e\x04\x4d\x07\x49\x8a\x38\x29\xf5\x77\x37\xe7\xb7\xab\x5d\xdf\x36\x71\x14\x99\x8f\xdc\xc2\x92\xf1\xe7\x60\x92\x97\xec\xd8\x48\xdc\xbf\xc1\x02\x20\xc6\x24\xa4\x28\x4c\x30\x5a\x76\x6d\xb1\x5c\xf3\xdd\xde\x9e\x10\x71\xa1\x88\xc7\x5b\x9b\x41\x6d\xca\xb0\xb8\x8e\x15\xee\xad\x33\x2b\xcf\x47\x04\x5c\x75\x71\x0a\x98\x24\x98\x29\xa7\x49\x59\xa5\xdd\xf8\xb7\x43\x62\x61\xf3\xd3\xe2\xd0\x55\x3f\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x56\xbb\x02\x58\x84\x67\x08\x2c\xdf\x1f\xdb\x7b\x49\x33\xf5\xd3\x67\x9d\xf4\xb4\x0a\x10\xb3\xc9\xc5\x2c\xe2\x92\x6a\x71\x78\x27\xf2\x70\x83\x42\xd3\x3e\xcf\xa9\x54\xf4\xf1\xd8\x92\x16\x8c\xd1\x04\xcb\x4b\xab\xc9\x9f\x45\xae\x3c\x8a\xa9\xb0\x71\x33\x5d\xc8\xc5\x57\xdf\xaf\xa8\x35\xb3\x7f\x89\x87\xe9\xe8\x25\x92\xb8\x7f\x85\x7a\xae\xd6\xbc\x1e\x37\x58\x2a\x67\xc9\x91\xcf\x2a\x81\x3e\xed\xc6\x39\xdf\xc0\x3e\x19\x9c\x19\xcc\x13\x4d\x82\x41\xb5\x8c\xde\xe0\x3d\x60\x08\x20\x0f\x45\x7e\x6b\xa2\x7f\xa3\x8c\x15\xee", + ["Verisign Class 3 Public Primary Certification Authority - G3"] = "\x30\x82\x04\x1a\x30\x82\x03\x02\x02\x11\x00\x9b\x7e\x06\x49\xa3\x3e\x62\xb9\xd5\xee\x90\x48\x71\x29\xef\x57\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x33\x30\x1e\x17\x0d\x39\x39\x31\x30\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xcb\xba\x9c\x52\xfc\x78\x1f\x1a\x1e\x6f\x1b\x37\x73\xbd\xf8\xc9\x6b\x94\x12\x30\x4f\xf0\x36\x47\xf5\xd0\x91\x0a\xf5\x17\xc8\xa5\x61\xc1\x16\x40\x4d\xfb\x8a\x61\x90\xe5\x76\x20\xc1\x11\x06\x7d\xab\x2c\x6e\xa6\xf5\x11\x41\x8e\xfa\x2d\xad\x2a\x61\x59\xa4\x67\x26\x4c\xd0\xe8\xbc\x52\x5b\x70\x20\x04\x58\xd1\x7a\xc9\xa4\x69\xbc\x83\x17\x64\xad\x05\x8b\xbc\xd0\x58\xce\x8d\x8c\xf5\xeb\xf0\x42\x49\x0b\x9d\x97\x27\x67\x32\x6e\xe1\xae\x93\x15\x1c\x70\xbc\x20\x4d\x2f\x18\xde\x92\x88\xe8\x6c\x85\x57\x11\x1a\xe9\x7e\xe3\x26\x11\x54\xa2\x45\x96\x55\x83\xca\x30\x89\xe8\xdc\xd8\xa3\xed\x2a\x80\x3f\x7f\x79\x65\x57\x3e\x15\x20\x66\x08\x2f\x95\x93\xbf\xaa\x47\x2f\xa8\x46\x97\xf0\x12\xe2\xfe\xc2\x0a\x2b\x51\xe6\x76\xe6\xb7\x46\xb7\xe2\x0d\xa6\xcc\xa8\xc3\x4c\x59\x55\x89\xe6\xe8\x53\x5c\x1c\xea\x9d\xf0\x62\x16\x0b\xa7\xc9\x5f\x0c\xf0\xde\xc2\x76\xce\xaf\xf7\x6a\xf2\xfa\x41\xa6\xa2\x33\x14\xc9\xe5\x7a\x63\xd3\x9e\x62\x37\xd5\x85\x65\x9e\x0e\xe6\x53\x24\x74\x1b\x5e\x1d\x12\x53\x5b\xc7\x2c\xe7\x83\x49\x3b\x15\xae\x8a\x68\xb9\x57\x97\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x11\x14\x96\xc1\xab\x92\x08\xf7\x3f\x2f\xc9\xb2\xfe\xe4\x5a\x9f\x64\xde\xdb\x21\x4f\x86\x99\x34\x76\x36\x57\xdd\xd0\x15\x2f\xc5\xad\x7f\x15\x1f\x37\x62\x73\x3e\xd4\xe7\x5f\xce\x17\x03\xdb\x35\xfa\x2b\xdb\xae\x60\x09\x5f\x1e\x5f\x8f\x6e\xbb\x0b\x3d\xea\x5a\x13\x1e\x0c\x60\x6f\xb5\xc0\xb5\x23\x22\x2e\x07\x0b\xcb\xa9\x74\xcb\x47\xbb\x1d\xc1\xd7\xa5\x6b\xcc\x2f\xd2\x42\xfd\x49\xdd\xa7\x89\xcf\x53\xba\xda\x00\x5a\x28\xbf\x82\xdf\xf8\xba\x13\x1d\x50\x86\x82\xfd\x8e\x30\x8f\x29\x46\xb0\x1e\x3d\x35\xda\x38\x62\x16\x18\x4a\xad\xe6\xb6\x51\x6c\xde\xaf\x62\xeb\x01\xd0\x1e\x24\xfe\x7a\x8f\x12\x1a\x12\x68\xb8\xfb\x66\x99\x14\x14\x45\x5c\xae\xe7\xae\x69\x17\x81\x2b\x5a\x37\xc9\x5e\x2a\xf4\xc6\xe2\xa1\x5c\x54\x9b\xa6\x54\x00\xcf\xf0\xf1\xc1\xc7\x98\x30\x1a\x3b\x36\x16\xdb\xa3\x6e\xea\xfd\xad\xb2\xc2\xda\xef\x02\x47\x13\x8a\xc0\xf1\xb3\x31\xad\x4f\x1c\xe1\x4f\x9c\xaf\x0f\x0c\x9d\xf7\x78\x0d\xd8\xf4\x35\x56\x80\xda\xb7\x6d\x17\x8f\x9d\x1e\x81\x64\xe1\xfe\xc5\x45\xba\xad\x6b\xb9\x0a\x7a\x4e\x4f\x4b\x84\xee\x4b\xf1\x7d\xdd\x11", + ["Verisign Class 4 Public Primary Certification Authority - G3"] = "\x30\x82\x04\x1a\x30\x82\x03\x02\x02\x11\x00\xec\xa0\xa7\x8b\x6e\x75\x6a\x01\xcf\xc4\x7c\xcc\x2f\x94\x5e\xd7\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x33\x30\x1e\x17\x0d\x39\x39\x31\x30\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xad\xcb\xa5\x11\x69\xc6\x59\xab\xf1\x8f\xb5\x19\x0f\x56\xce\xcc\xb5\x1f\x20\xe4\x9e\x26\x25\x4b\xe0\x73\x65\x89\x59\xde\xd0\x83\xe4\xf5\x0f\xb5\xbb\xad\xf1\x7c\xe8\x21\xfc\xe4\xe8\x0c\xee\x7c\x45\x22\x19\x76\x92\xb4\x13\xb7\x20\x5b\x09\xfa\x61\xae\xa8\xf2\xa5\x8d\x85\xc2\x2a\xd6\xde\x66\x36\xd2\x9b\x02\xf4\xa8\x92\x60\x7c\x9c\x69\xb4\x8f\x24\x1e\xd0\x86\x52\xf6\x32\x9c\x41\x58\x1e\x22\xbd\xcd\x45\x62\x95\x08\x6e\xd0\x66\xdd\x53\xa2\xcc\xf0\x10\xdc\x54\x73\x8b\x04\xa1\x46\x33\x33\x5c\x17\x40\xb9\x9e\x4d\xd3\xf3\xbe\x55\x83\xe8\xb1\x89\x8e\x5a\x7c\x9a\x96\x22\x90\x3b\x88\x25\xf2\xd2\x53\x88\x02\x0c\x0b\x78\xf2\xe6\x37\x17\x4b\x30\x46\x07\xe4\x80\x6d\xa6\xd8\x96\x2e\xe8\x2c\xf8\x11\xb3\x38\x0d\x66\xa6\x9b\xea\xc9\x23\x5b\xdb\x8e\xe2\xf3\x13\x8e\x1a\x59\x2d\xaa\x02\xf0\xec\xa4\x87\x66\xdc\xc1\x3f\xf5\xd8\xb9\xf4\xec\x82\xc6\xd2\x3d\x95\x1d\xe5\xc0\x4f\x84\xc9\xd9\xa3\x44\x28\x06\x6a\xd7\x45\xac\xf0\x6b\x6a\xef\x4e\x5f\xf8\x11\x82\x1e\x38\x63\x34\x66\x50\xd4\x3e\x93\x73\xfa\x30\xc3\x66\xad\xff\x93\x2d\x97\xef\x03\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8f\xfa\x25\x6b\x4f\x5b\xe4\xa4\x4e\x27\x55\xab\x22\x15\x59\x3c\xca\xb5\x0a\xd4\x4a\xdb\xab\xdd\xa1\x5f\x53\xc5\xa0\x57\x39\xc2\xce\x47\x2b\xbe\x3a\xc8\x56\xbf\xc2\xd9\x27\x10\x3a\xb1\x05\x3c\xc0\x77\x31\xbb\x3a\xd3\x05\x7b\x6d\x9a\x1c\x30\x8c\x80\xcb\x93\x93\x2a\x83\xab\x05\x51\x82\x02\x00\x11\x67\x6b\xf3\x88\x61\x47\x5f\x03\x93\xd5\x5b\x0d\xe0\xf1\xd4\xa1\x32\x35\x85\xb2\x3a\xdb\xb0\x82\xab\xd1\xcb\x0a\xbc\x4f\x8c\x5b\xc5\x4b\x00\x3b\x1f\x2a\x82\xa6\x7e\x36\x85\xdc\x7e\x3c\x67\x00\xb5\xe4\x3b\x52\xe0\xa8\xeb\x5d\x15\xf9\xc6\x6d\xf0\xad\x1d\x0e\x85\xb7\xa9\x9a\x73\x14\x5a\x5b\x8f\x41\x28\xc0\xd5\xe8\x2d\x4d\xa4\x5e\xcd\xaa\xd9\xed\xce\xdc\xd8\xd5\x3c\x42\x1d\x17\xc1\x12\x5d\x45\x38\xc3\x38\xf3\xfc\x85\x2e\x83\x46\x48\xb2\xd7\x20\x5f\x92\x36\x8f\xe7\x79\x0f\x98\x5e\x99\xe8\xf0\xd0\xa4\xbb\xf5\x53\xbd\x2a\xce\x59\xb0\xaf\x6e\x7f\x6c\xbb\xd2\x1e\x00\xb0\x21\xed\xf8\x41\x62\x82\xb9\xd8\xb2\xc4\xbb\x46\x50\xf3\x31\xc5\x8f\x01\xa8\x74\xeb\xf5\x78\x27\xda\xe7\xf7\x66\x43\xf3\x9e\x83\x3e\x20\xaa\xc3\x35\x60\x91\xce", + ["Entrust.net Secure Server CA"] = "\x30\x82\x04\xd8\x30\x82\x04\x41\xa0\x03\x02\x01\x02\x02\x04\x37\x4a\xd2\x43\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xc3\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x3b\x30\x39\x06\x03\x55\x04\x0b\x13\x32\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x20\x69\x6e\x63\x6f\x72\x70\x2e\x20\x62\x79\x20\x72\x65\x66\x2e\x20\x28\x6c\x69\x6d\x69\x74\x73\x20\x6c\x69\x61\x62\x2e\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x3a\x30\x38\x06\x03\x55\x04\x03\x13\x31\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x53\x65\x63\x75\x72\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x39\x39\x30\x35\x32\x35\x31\x36\x30\x39\x34\x30\x5a\x17\x0d\x31\x39\x30\x35\x32\x35\x31\x36\x33\x39\x34\x30\x5a\x30\x81\xc3\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x3b\x30\x39\x06\x03\x55\x04\x0b\x13\x32\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x20\x69\x6e\x63\x6f\x72\x70\x2e\x20\x62\x79\x20\x72\x65\x66\x2e\x20\x28\x6c\x69\x6d\x69\x74\x73\x20\x6c\x69\x61\x62\x2e\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x3a\x30\x38\x06\x03\x55\x04\x03\x13\x31\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x53\x65\x63\x75\x72\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x81\x9d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8b\x00\x30\x81\x87\x02\x81\x81\x00\xcd\x28\x83\x34\x54\x1b\x89\xf3\x0f\xaf\x37\x91\x31\xff\xaf\x31\x60\xc9\xa8\xe8\xb2\x10\x68\xed\x9f\xe7\x93\x36\xf1\x0a\x64\xbb\x47\xf5\x04\x17\x3f\x23\x47\x4d\xc5\x27\x19\x81\x26\x0c\x54\x72\x0d\x88\x2d\xd9\x1f\x9a\x12\x9f\xbc\xb3\x71\xd3\x80\x19\x3f\x47\x66\x7b\x8c\x35\x28\xd2\xb9\x0a\xdf\x24\xda\x9c\xd6\x50\x79\x81\x7a\x5a\xd3\x37\xf7\xc2\x4a\xd8\x29\x92\x26\x64\xd1\xe4\x98\x6c\x3a\x00\x8a\xf5\x34\x9b\x65\xf8\xed\xe3\x10\xff\xfd\xb8\x49\x58\xdc\xa0\xde\x82\x39\x6b\x81\xb1\x16\x19\x61\xb9\x54\xb6\xe6\x43\x02\x01\x03\xa3\x82\x01\xd7\x30\x82\x01\xd3\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x82\x01\x19\x06\x03\x55\x1d\x1f\x04\x82\x01\x10\x30\x82\x01\x0c\x30\x81\xde\xa0\x81\xdb\xa0\x81\xd8\xa4\x81\xd5\x30\x81\xd2\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x3b\x30\x39\x06\x03\x55\x04\x0b\x13\x32\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x20\x69\x6e\x63\x6f\x72\x70\x2e\x20\x62\x79\x20\x72\x65\x66\x2e\x20\x28\x6c\x69\x6d\x69\x74\x73\x20\x6c\x69\x61\x62\x2e\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x3a\x30\x38\x06\x03\x55\x04\x03\x13\x31\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x53\x65\x63\x75\x72\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x29\xa0\x27\xa0\x25\x86\x23\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x52\x4c\x2f\x6e\x65\x74\x31\x2e\x63\x72\x6c\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x31\x39\x39\x39\x30\x35\x32\x35\x31\x36\x30\x39\x34\x30\x5a\x81\x0f\x32\x30\x31\x39\x30\x35\x32\x35\x31\x36\x30\x39\x34\x30\x5a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xf0\x17\x62\x13\x55\x3d\xb3\xff\x0a\x00\x6b\xfb\x50\x84\x97\xf3\xed\x62\xd0\x1a\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xf0\x17\x62\x13\x55\x3d\xb3\xff\x0a\x00\x6b\xfb\x50\x84\x97\xf3\xed\x62\xd0\x1a\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x19\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x0c\x30\x0a\x1b\x04\x56\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x90\xdc\x30\x02\xfa\x64\x74\xc2\xa7\x0a\xa5\x7c\x21\x8d\x34\x17\xa8\xfb\x47\x0e\xff\x25\x7c\x8d\x13\x0a\xfb\xe4\x98\xb5\xef\x8c\xf8\xc5\x10\x0d\xf7\x92\xbe\xf1\xc3\xd5\xd5\x95\x6a\x04\xbb\x2c\xce\x26\x36\x65\xc8\x31\xc6\xe7\xee\x3f\xe3\x57\x75\x84\x7a\x11\xef\x46\x4f\x18\xf4\xd3\x98\xbb\xa8\x87\x32\xba\x72\xf6\x3c\xe2\x3d\x9f\xd7\x1d\xd9\xc3\x60\x43\x8c\x58\x0e\x22\x96\x2f\x62\xa3\x2c\x1f\xba\xad\x05\xef\xab\x32\x78\x87\xa0\x54\x73\x19\xb5\x5c\x05\xf9\x52\x3e\x6d\x2d\x45\x0b\xf7\x0a\x93\xea\xed\x06\xf9\xb2", + ["Entrust.net Premium 2048 Secure Server CA"] = "\x30\x82\x04\x5c\x30\x82\x03\x44\xa0\x03\x02\x01\x02\x02\x04\x38\x63\xb9\x66\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xb4\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x40\x30\x3e\x06\x03\x55\x04\x0b\x14\x37\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x5f\x32\x30\x34\x38\x20\x69\x6e\x63\x6f\x72\x70\x2e\x20\x62\x79\x20\x72\x65\x66\x2e\x20\x28\x6c\x69\x6d\x69\x74\x73\x20\x6c\x69\x61\x62\x2e\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2a\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x28\x32\x30\x34\x38\x29\x30\x1e\x17\x0d\x39\x39\x31\x32\x32\x34\x31\x37\x35\x30\x35\x31\x5a\x17\x0d\x31\x39\x31\x32\x32\x34\x31\x38\x32\x30\x35\x31\x5a\x30\x81\xb4\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x40\x30\x3e\x06\x03\x55\x04\x0b\x14\x37\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x5f\x32\x30\x34\x38\x20\x69\x6e\x63\x6f\x72\x70\x2e\x20\x62\x79\x20\x72\x65\x66\x2e\x20\x28\x6c\x69\x6d\x69\x74\x73\x20\x6c\x69\x61\x62\x2e\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2a\x45\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x28\x32\x30\x34\x38\x29\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xad\x4d\x4b\xa9\x12\x86\xb2\xea\xa3\x20\x07\x15\x16\x64\x2a\x2b\x4b\xd1\xbf\x0b\x4a\x4d\x8e\xed\x80\x76\xa5\x67\xb7\x78\x40\xc0\x73\x42\xc8\x68\xc0\xdb\x53\x2b\xdd\x5e\xb8\x76\x98\x35\x93\x8b\x1a\x9d\x7c\x13\x3a\x0e\x1f\x5b\xb7\x1e\xcf\xe5\x24\x14\x1e\xb1\x81\xa9\x8d\x7d\xb8\xcc\x6b\x4b\x03\xf1\x02\x0c\xdc\xab\xa5\x40\x24\x00\x7f\x74\x94\xa1\x9d\x08\x29\xb3\x88\x0b\xf5\x87\x77\x9d\x55\xcd\xe4\xc3\x7e\xd7\x6a\x64\xab\x85\x14\x86\x95\x5b\x97\x32\x50\x6f\x3d\xc8\xba\x66\x0c\xe3\xfc\xbd\xb8\x49\xc1\x76\x89\x49\x19\xfd\xc0\xa8\xbd\x89\xa3\x67\x2f\xc6\x9f\xbc\x71\x19\x60\xb8\x2d\xe9\x2c\xc9\x90\x76\x66\x7b\x94\xe2\xaf\x78\xd6\x65\x53\x5d\x3c\xd6\x9c\xb2\xcf\x29\x03\xf9\x2f\xa4\x50\xb2\xd4\x48\xce\x05\x32\x55\x8a\xfd\xb2\x64\x4c\x0e\xe4\x98\x07\x75\xdb\x7f\xdf\xb9\x08\x55\x60\x85\x30\x29\xf9\x7b\x48\xa4\x69\x86\xe3\x35\x3f\x1e\x86\x5d\x7a\x7a\x15\xbd\xef\x00\x8e\x15\x22\x54\x17\x00\x90\x26\x93\xbc\x0e\x49\x68\x91\xbf\xf8\x47\xd3\x9d\x95\x42\xc1\x0e\x4d\xdf\x6f\x26\xcf\xc3\x18\x21\x62\x66\x43\x70\xd6\xd5\xc0\x07\xe1\x02\x03\x01\x00\x01\xa3\x74\x30\x72\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x55\xe4\x81\xd1\x11\x80\xbe\xd8\x89\xb9\x08\xa3\x31\xf9\xa1\x24\x09\x16\xb9\x70\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x55\xe4\x81\xd1\x11\x80\xbe\xd8\x89\xb9\x08\xa3\x31\xf9\xa1\x24\x09\x16\xb9\x70\x30\x1d\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x10\x30\x0e\x1b\x08\x56\x35\x2e\x30\x3a\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x59\x47\xac\x21\x84\x8a\x17\xc9\x9c\x89\x53\x1e\xba\x80\x85\x1a\xc6\x3c\x4e\x3e\xb1\x9c\xb6\x7c\xc6\x92\x5d\x18\x64\x02\xe3\xd3\x06\x08\x11\x61\x7c\x63\xe3\x2b\x9d\x31\x03\x70\x76\xd2\xa3\x28\xa0\xf4\xbb\x9a\x63\x73\xed\x6d\xe5\x2a\xdb\xed\x14\xa9\x2b\xc6\x36\x11\xd0\x2b\xeb\x07\x8b\xa5\xda\x9e\x5c\x19\x9d\x56\x12\xf5\x54\x29\xc8\x05\xed\xb2\x12\x2a\x8d\xf4\x03\x1b\xff\xe7\x92\x10\x87\xb0\x3a\xb5\xc3\x9d\x05\x37\x12\xa3\xc7\xf4\x15\xb9\xd5\xa4\x39\x16\x9b\x53\x3a\x23\x91\xf1\xa8\x82\xa2\x6a\x88\x68\xc1\x79\x02\x22\xbc\xaa\xa6\xd6\xae\xdf\xb0\x14\x5f\xb8\x87\xd0\xdd\x7c\x7f\x7b\xff\xaf\x1c\xcf\xe6\xdb\x07\xad\x5e\xdb\x85\x9d\xd0\x2b\x0d\x33\xdb\x04\xd1\xe6\x49\x40\x13\x2b\x76\xfb\x3e\xe9\x9c\x89\x0f\x15\xce\x18\xb0\x85\x78\x21\x4f\x6b\x4f\x0e\xfa\x36\x67\xcd\x07\xf2\xff\x08\xd0\xe2\xde\xd9\xbf\x2a\xaf\xb8\x87\x86\x21\x3c\x04\xca\xb7\x94\x68\x7f\xcf\x3c\xe9\x98\xd7\x38\xff\xec\xc0\xd9\x50\xf0\x2e\x4b\x58\xae\x46\x6f\xd0\x2e\xc3\x60\xda\x72\x55\x72\xbd\x4c\x45\x9e\x61\xba\xbf\x84\x81\x92\x03\xd1\xd2\x69\x7c\xc5", + ["Baltimore CyberTrust Root"] = "\x30\x82\x03\x77\x30\x82\x02\x5f\xa0\x03\x02\x01\x02\x02\x04\x02\x00\x00\xb9\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x5a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x45\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x13\x09\x42\x61\x6c\x74\x69\x6d\x6f\x72\x65\x31\x13\x30\x11\x06\x03\x55\x04\x0b\x13\x0a\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x42\x61\x6c\x74\x69\x6d\x6f\x72\x65\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x30\x30\x35\x31\x32\x31\x38\x34\x36\x30\x30\x5a\x17\x0d\x32\x35\x30\x35\x31\x32\x32\x33\x35\x39\x30\x30\x5a\x30\x5a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x45\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x13\x09\x42\x61\x6c\x74\x69\x6d\x6f\x72\x65\x31\x13\x30\x11\x06\x03\x55\x04\x0b\x13\x0a\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x42\x61\x6c\x74\x69\x6d\x6f\x72\x65\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa3\x04\xbb\x22\xab\x98\x3d\x57\xe8\x26\x72\x9a\xb5\x79\xd4\x29\xe2\xe1\xe8\x95\x80\xb1\xb0\xe3\x5b\x8e\x2b\x29\x9a\x64\xdf\xa1\x5d\xed\xb0\x09\x05\x6d\xdb\x28\x2e\xce\x62\xa2\x62\xfe\xb4\x88\xda\x12\xeb\x38\xeb\x21\x9d\xc0\x41\x2b\x01\x52\x7b\x88\x77\xd3\x1c\x8f\xc7\xba\xb9\x88\xb5\x6a\x09\xe7\x73\xe8\x11\x40\xa7\xd1\xcc\xca\x62\x8d\x2d\xe5\x8f\x0b\xa6\x50\xd2\xa8\x50\xc3\x28\xea\xf5\xab\x25\x87\x8a\x9a\x96\x1c\xa9\x67\xb8\x3f\x0c\xd5\xf7\xf9\x52\x13\x2f\xc2\x1b\xd5\x70\x70\xf0\x8f\xc0\x12\xca\x06\xcb\x9a\xe1\xd9\xca\x33\x7a\x77\xd6\xf8\xec\xb9\xf1\x68\x44\x42\x48\x13\xd2\xc0\xc2\xa4\xae\x5e\x60\xfe\xb6\xa6\x05\xfc\xb4\xdd\x07\x59\x02\xd4\x59\x18\x98\x63\xf5\xa5\x63\xe0\x90\x0c\x7d\x5d\xb2\x06\x7a\xf3\x85\xea\xeb\xd4\x03\xae\x5e\x84\x3e\x5f\xff\x15\xed\x69\xbc\xf9\x39\x36\x72\x75\xcf\x77\x52\x4d\xf3\xc9\x90\x2c\xb9\x3d\xe5\xc9\x23\x53\x3f\x1f\x24\x98\x21\x5c\x07\x99\x29\xbd\xc6\x3a\xec\xe7\x6e\x86\x3a\x6b\x97\x74\x63\x33\xbd\x68\x18\x31\xf0\x78\x8d\x76\xbf\xfc\x9e\x8e\x5d\x2a\x86\xa7\x4d\x90\xdc\x27\x1a\x39\x02\x03\x01\x00\x01\xa3\x45\x30\x43\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xe5\x9d\x59\x30\x82\x47\x58\xcc\xac\xfa\x08\x54\x36\x86\x7b\x3a\xb5\x04\x4d\xf0\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x03\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x85\x0c\x5d\x8e\xe4\x6f\x51\x68\x42\x05\xa0\xdd\xbb\x4f\x27\x25\x84\x03\xbd\xf7\x64\xfd\x2d\xd7\x30\xe3\xa4\x10\x17\xeb\xda\x29\x29\xb6\x79\x3f\x76\xf6\x19\x13\x23\xb8\x10\x0a\xf9\x58\xa4\xd4\x61\x70\xbd\x04\x61\x6a\x12\x8a\x17\xd5\x0a\xbd\xc5\xbc\x30\x7c\xd6\xe9\x0c\x25\x8d\x86\x40\x4f\xec\xcc\xa3\x7e\x38\xc6\x37\x11\x4f\xed\xdd\x68\x31\x8e\x4c\xd2\xb3\x01\x74\xee\xbe\x75\x5e\x07\x48\x1a\x7f\x70\xff\x16\x5c\x84\xc0\x79\x85\xb8\x05\xfd\x7f\xbe\x65\x11\xa3\x0f\xc0\x02\xb4\xf8\x52\x37\x39\x04\xd5\xa9\x31\x7a\x18\xbf\xa0\x2a\xf4\x12\x99\xf7\xa3\x45\x82\xe3\x3c\x5e\xf5\x9d\x9e\xb5\xc8\x9e\x7c\x2e\xc8\xa4\x9e\x4e\x08\x14\x4b\x6d\xfd\x70\x6d\x6b\x1a\x63\xbd\x64\xe6\x1f\xb7\xce\xf0\xf2\x9f\x2e\xbb\x1b\xb7\xf2\x50\x88\x73\x92\xc2\xe2\xe3\x16\x8d\x9a\x32\x02\xab\x8e\x18\xdd\xe9\x10\x11\xee\x7e\x35\xab\x90\xaf\x3e\x30\x94\x7a\xd0\x33\x3d\xa7\x65\x0f\xf5\xfc\x8e\x9e\x62\xcf\x47\x44\x2c\x01\x5d\xbb\x1d\xb5\x32\xd2\x47\xd2\x38\x2e\xd0\xfe\x81\xdc\x32\x6a\x1e\xb5\xee\x3c\xd5\xfc\xe7\x81\x1d\x19\xc3\x24\x42\xea\x63\x39\xa9", + ["Equifax Secure Global eBusiness CA"] = "\x30\x82\x02\x90\x30\x82\x01\xf9\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x5a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6e\x63\x2e\x31\x2d\x30\x2b\x06\x03\x55\x04\x03\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x47\x6c\x6f\x62\x61\x6c\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x31\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5a\x17\x0d\x32\x30\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5a\x30\x5a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6e\x63\x2e\x31\x2d\x30\x2b\x06\x03\x55\x04\x03\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x47\x6c\x6f\x62\x61\x6c\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x31\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xba\xe7\x17\x90\x02\x65\xb1\x34\x55\x3c\x49\xc2\x51\xd5\xdf\xa7\xd1\x37\x8f\xd1\xe7\x81\x73\x41\x52\x60\x9b\x9d\xa1\x17\x26\x78\xad\xc7\xb1\xe8\x26\x94\x32\xb5\xde\x33\x8d\x3a\x2f\xdb\xf2\x9a\x7a\x5a\x73\x98\xa3\x5c\xe9\xfb\x8a\x73\x1b\x5c\xe7\xc3\xbf\x80\x6c\xcd\xa9\xf4\xd6\x2b\xc0\xf7\xf9\x99\xaa\x63\xa2\xb1\x47\x02\x0f\xd4\xe4\x51\x3a\x12\x3c\x6c\x8a\x5a\x54\x84\x70\xdb\xc1\xc5\x90\xcf\x72\x45\xcb\xa8\x59\xc0\xcd\x33\x9d\x3f\xa3\x96\xeb\x85\x33\x21\x1c\x3e\x1e\x3e\x60\x6e\x76\x9c\x67\x85\xc5\xc8\xc3\x61\x02\x03\x01\x00\x01\xa3\x66\x30\x64\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xbe\xa8\xa0\x74\x72\x50\x6b\x44\xb7\xc9\x23\xd8\xfb\xa8\xff\xb3\x57\x6b\x68\x6c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xbe\xa8\xa0\x74\x72\x50\x6b\x44\xb7\xc9\x23\xd8\xfb\xa8\xff\xb3\x57\x6b\x68\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x30\xe2\x01\x51\xaa\xc7\xea\x5f\xda\xb9\xd0\x65\x0f\x30\xd6\x3e\xda\x0d\x14\x49\x6e\x91\x93\x27\x14\x31\xef\xc4\xf7\x2d\x45\xf8\xec\xc7\xbf\xa2\x41\x0d\x23\xb4\x92\xf9\x19\x00\x67\xbd\x01\xaf\xcd\xe0\x71\xfc\x5a\xcf\x64\xc4\xe0\x96\x98\xd0\xa3\x40\xe2\x01\x8a\xef\x27\x07\xf1\x65\x01\x8a\x44\x2d\x06\x65\x75\x52\xc0\x86\x10\x20\x21\x5f\x6c\x6b\x0f\x6c\xae\x09\x1c\xaf\xf2\xa2\x18\x34\xc4\x75\xa4\x73\x1c\xf1\x8d\xdc\xef\xad\xf9\xb3\x76\xb4\x92\xbf\xdc\x95\x10\x1e\xbe\xcb\xc8\x3b\x5a\x84\x60\x19\x56\x94\xa9\x55", + ["Equifax Secure eBusiness CA 1"] = "\x30\x82\x02\x82\x30\x82\x01\xeb\xa0\x03\x02\x01\x02\x02\x01\x04\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6e\x63\x2e\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1d\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x31\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5a\x17\x0d\x32\x30\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5a\x30\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6e\x63\x2e\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1d\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x31\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xce\x2f\x19\xbc\x17\xb7\x77\xde\x93\xa9\x5f\x5a\x0d\x17\x4f\x34\x1a\x0c\x98\xf4\x22\xd9\x59\xd4\xc4\x68\x46\xf0\xb4\x35\xc5\x85\x03\x20\xc6\xaf\x45\xa5\x21\x51\x45\x41\xeb\x16\x58\x36\x32\x6f\xe2\x50\x62\x64\xf9\xfd\x51\x9c\xaa\x24\xd9\xf4\x9d\x83\x2a\x87\x0a\x21\xd3\x12\x38\x34\x6c\x8d\x00\x6e\x5a\xa0\xd9\x42\xee\x1a\x21\x95\xf9\x52\x4c\x55\x5a\xc5\x0f\x38\x4f\x46\xfa\x6d\xf8\x2e\x35\xd6\x1d\x7c\xeb\xe2\xf0\xb0\x75\x80\xc8\xa9\x13\xac\xbe\x88\xef\x3a\x6e\xab\x5f\x2a\x38\x62\x02\xb0\x12\x7b\xfe\x8f\xa6\x03\x02\x03\x01\x00\x01\xa3\x66\x30\x64\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x4a\x78\x32\x52\x11\xdb\x59\x16\x36\x5e\xdf\xc1\x14\x36\x40\x6a\x47\x7c\x4c\xa1\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x4a\x78\x32\x52\x11\xdb\x59\x16\x36\x5e\xdf\xc1\x14\x36\x40\x6a\x47\x7c\x4c\xa1\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x75\x5b\xa8\x9b\x03\x11\xe6\xe9\x56\x4c\xcd\xf9\xa9\x4c\xc0\x0d\x9a\xf3\xcc\x65\x69\xe6\x25\x76\xcc\x59\xb7\xd6\x54\xc3\x1d\xcd\x99\xac\x19\xdd\xb4\x85\xd5\xe0\x3d\xfc\x62\x20\xa7\x84\x4b\x58\x65\xf1\xe2\xf9\x95\x21\x3f\xf5\xd4\x7e\x58\x1e\x47\x87\x54\x3e\x58\xa1\xb5\xb5\xf8\x2a\xef\x71\xe7\xbc\xc3\xf6\xb1\x49\x46\xe2\xd7\xa0\x6b\xe5\x56\x7a\x9a\x27\x98\x7c\x46\x62\x14\xe7\xc9\xfc\x6e\x03\x12\x79\x80\x38\x1d\x48\x82\x8d\xfc\x17\xfe\x2a\x96\x2b\xb5\x62\xa6\xa6\x3d\xbd\x7f\x92\x59\xcd\x5a\x2a\x82\xb2\x37\x79", + ["Equifax Secure eBusiness CA 2"] = "\x30\x82\x03\x20\x30\x82\x02\x89\xa0\x03\x02\x01\x02\x02\x04\x37\x70\xcf\xb5\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x31\x26\x30\x24\x06\x03\x55\x04\x0b\x13\x1d\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x32\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x33\x31\x32\x31\x34\x34\x35\x5a\x17\x0d\x31\x39\x30\x36\x32\x33\x31\x32\x31\x34\x34\x35\x5a\x30\x4e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x31\x26\x30\x24\x06\x03\x55\x04\x0b\x13\x1d\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x32\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xe4\x39\x39\x93\x1e\x52\x06\x1b\x28\x36\xf8\xb2\xa3\x29\xc5\xed\x8e\xb2\x11\xbd\xfe\xeb\xe7\xb4\x74\xc2\x8f\xff\x05\xe7\xd9\x9d\x06\xbf\x12\xc8\x3f\x0e\xf2\xd6\xd1\x24\xb2\x11\xde\xd1\x73\x09\x8a\xd4\xb1\x2c\x98\x09\x0d\x1e\x50\x46\xb2\x83\xa6\x45\x8d\x62\x68\xbb\x85\x1b\x20\x70\x32\xaa\x40\xcd\xa6\x96\x5f\xc4\x71\x37\x3f\x04\xf3\xb7\x41\x24\x39\x07\x1a\x1e\x2e\x61\x58\xa0\x12\x0b\xe5\xa5\xdf\xc5\xab\xea\x37\x71\xcc\x1c\xc8\x37\x3a\xb9\x97\x52\xa7\xac\xc5\x6a\x24\x94\x4e\x9c\x7b\xcf\xc0\x6a\xd6\xdf\x21\xbd\x02\x03\x01\x00\x01\xa3\x82\x01\x09\x30\x82\x01\x05\x30\x70\x06\x03\x55\x1d\x1f\x04\x69\x30\x67\x30\x65\xa0\x63\xa0\x61\xa4\x5f\x30\x5d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x31\x26\x30\x24\x06\x03\x55\x04\x0b\x13\x1d\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6e\x65\x73\x73\x20\x43\x41\x2d\x32\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x1a\x06\x03\x55\x1d\x10\x04\x13\x30\x11\x81\x0f\x32\x30\x31\x39\x30\x36\x32\x33\x31\x32\x31\x34\x34\x35\x5a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x50\x9e\x0b\xea\xaf\x5e\xb9\x20\x48\xa6\x50\x6a\xcb\xfd\xd8\x20\x7a\xa7\x82\x76\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x50\x9e\x0b\xea\xaf\x5e\xb9\x20\x48\xa6\x50\x6a\xcb\xfd\xd8\x20\x7a\xa7\x82\x76\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x1a\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x0d\x30\x0b\x1b\x05\x56\x33\x2e\x30\x63\x03\x02\x06\xc0\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x0c\x86\x82\xad\xe8\x4e\x1a\xf5\x8e\x89\x27\xe2\x35\x58\x3d\x29\xb4\x07\x8f\x36\x50\x95\xbf\x6e\xc1\x9e\xeb\xc4\x90\xb2\x85\xa8\xbb\xb7\x42\xe0\x0f\x07\x39\xdf\xfb\x9e\x90\xb2\xd1\xc1\x3e\x53\x9f\x03\x44\xb0\x7e\x4b\xf4\x6f\xe4\x7c\x1f\xe7\xe2\xb1\xe4\xb8\x9a\xef\xc3\xbd\xce\xde\x0b\x32\x34\xd9\xde\x28\xed\x33\x6b\xc4\xd4\xd7\x3d\x12\x58\xab\x7d\x09\x2d\xcb\x70\xf5\x13\x8a\x94\xa1\x27\xa4\xd6\x70\xc5\x6d\x94\xb5\xc9\x7d\x9d\xa0\xd2\xc6\x08\x49\xd9\x66\x9b\xa6\xd3\xf4\x0b\xdc\xc5\x26\x57\xe1\x91\x30\xea\xcd", + ["AddTrust Low-Value Services Root"] = "\x30\x82\x04\x18\x30\x82\x03\x00\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6c\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x30\x30\x35\x33\x30\x31\x30\x33\x38\x33\x31\x5a\x17\x0d\x32\x30\x30\x35\x33\x30\x31\x30\x33\x38\x33\x31\x5a\x30\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6c\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x96\x96\xd4\x21\x49\x60\xe2\x6b\xe8\x41\x07\x0c\xde\xc4\xe0\xdc\x13\x23\xcd\xc1\x35\xc7\xfb\xd6\x4e\x11\x0a\x67\x5e\xf5\x06\x5b\x6b\xa5\x08\x3b\x5b\x29\x16\x3a\xe7\x87\xb2\x34\x06\xc5\xbc\x05\xa5\x03\x7c\x82\xcb\x29\x10\xae\xe1\x88\x81\xbd\xd6\x9e\xd3\xfe\x2d\x56\xc1\x15\xce\xe3\x26\x9d\x15\x2e\x10\xfb\x06\x8f\x30\x04\xde\xa7\xb4\x63\xb4\xff\xb1\x9c\xae\x3c\xaf\x77\xb6\x56\xc5\xb5\xab\xa2\xe9\x69\x3a\x3d\x0e\x33\x79\x32\x3f\x70\x82\x92\x99\x61\x6d\x8d\x30\x08\x8f\x71\x3f\xa6\x48\x57\x19\xf8\x25\xdc\x4b\x66\x5c\xa5\x74\x8f\x98\xae\xc8\xf9\xc0\x06\x22\xe7\xac\x73\xdf\xa5\x2e\xfb\x52\xdc\xb1\x15\x65\x20\xfa\x35\x66\x69\xde\xdf\x2c\xf1\x6e\xbc\x30\xdb\x2c\x24\x12\xdb\xeb\x35\x35\x68\x90\xcb\x00\xb0\x97\x21\x3d\x74\x21\x23\x65\x34\x2b\xbb\x78\x59\xa3\xd6\xe1\x76\x39\x9a\xa4\x49\x8e\x8c\x74\xaf\x6e\xa4\x9a\xa3\xd9\x9b\xd2\x38\x5c\x9b\xa2\x18\xcc\x75\x23\x84\xbe\xeb\xe2\x4d\x33\x71\x8e\x1a\xf0\xc2\xf8\xc7\x1d\xa2\xad\x03\x97\x2c\xf8\xcf\x25\xc6\xf6\xb8\x24\x31\xb1\x63\x5d\x92\x7f\x63\xf0\x25\xc9\x53\x2e\x1f\xbf\x4d\x02\x03\x01\x00\x01\xa3\x81\xd2\x30\x81\xcf\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x95\xb1\xb4\xf0\x94\xb6\xbd\xc7\xda\xd1\x11\x09\x21\xbe\xc1\xaf\x49\xfd\x10\x7b\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\x8f\x06\x03\x55\x1d\x23\x04\x81\x87\x30\x81\x84\x80\x14\x95\xb1\xb4\xf0\x94\xb6\xbd\xc7\xda\xd1\x11\x09\x21\xbe\xc1\xaf\x49\xfd\x10\x7b\xa1\x69\xa4\x67\x30\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6c\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6f\x6f\x74\x82\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x2c\x6d\x64\x1b\x1f\xcd\x0d\xdd\xb9\x01\xfa\x96\x63\x34\x32\x48\x47\x99\xae\x97\xed\xfd\x72\x16\xa6\x73\x47\x5a\xf4\xeb\xdd\xe9\xf5\xd6\xfb\x45\xcc\x29\x89\x44\x5d\xbf\x46\x39\x3d\xe8\xee\xbc\x4d\x54\x86\x1e\x1d\x6c\xe3\x17\x27\x43\xe1\x89\x56\x2b\xa9\x6f\x72\x4e\x49\x33\xe3\x72\x7c\x2a\x23\x9a\xbc\x3e\xff\x28\x2a\xed\xa3\xff\x1c\x23\xba\x43\x57\x09\x67\x4d\x4b\x62\x06\x2d\xf8\xff\x6c\x9d\x60\x1e\xd8\x1c\x4b\x7d\xb5\x31\x2f\xd9\xd0\x7c\x5d\xf8\xde\x6b\x83\x18\x78\x37\x57\x2f\xe8\x33\x07\x67\xdf\x1e\xc7\x6b\x2a\x95\x76\xae\x8f\x57\xa3\xf0\xf4\x52\xb4\xa9\x53\x08\xcf\xe0\x4f\xd3\x7a\x53\x8b\xfd\xbb\x1c\x56\x36\xf2\xfe\xb2\xb6\xe5\x76\xbb\xd5\x22\x65\xa7\x3f\xfe\xd1\x66\xad\x0b\xbc\x6b\x99\x86\xef\x3f\x7d\xf3\x18\x32\xca\x7b\xc6\xe3\xab\x64\x46\x95\xf8\x26\x69\xd9\x55\x83\x7b\x2c\x96\x07\xff\x59\x2c\x44\xa3\xc6\xe5\xe9\xa9\xdc\xa1\x63\x80\x5a\x21\x5e\x21\xcf\x53\x54\xf0\xba\x6f\x89\xdb\xa8\xaa\x95\xcf\x8b\xe3\x71\xcc\x1e\x1b\x20\x44\x08\xc0\x7a\xb6\x40\xfd\xc4\xe4\x35\xe1\x1d\x16\x1c\xd0\xbc\x2b\x8e\xd6\x71\xd9", + ["AddTrust External Root"] = "\x30\x82\x04\x36\x30\x82\x03\x1e\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x6f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0b\x13\x1d\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6e\x61\x6c\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6e\x61\x6c\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x30\x30\x35\x33\x30\x31\x30\x34\x38\x33\x38\x5a\x17\x0d\x32\x30\x30\x35\x33\x30\x31\x30\x34\x38\x33\x38\x5a\x30\x6f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0b\x13\x1d\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6e\x61\x6c\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6e\x61\x6c\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb7\xf7\x1a\x33\xe6\xf2\x00\x04\x2d\x39\xe0\x4e\x5b\xed\x1f\xbc\x6c\x0f\xcd\xb5\xfa\x23\xb6\xce\xde\x9b\x11\x33\x97\xa4\x29\x4c\x7d\x93\x9f\xbd\x4a\xbc\x93\xed\x03\x1a\xe3\x8f\xcf\xe5\x6d\x50\x5a\xd6\x97\x29\x94\x5a\x80\xb0\x49\x7a\xdb\x2e\x95\xfd\xb8\xca\xbf\x37\x38\x2d\x1e\x3e\x91\x41\xad\x70\x56\xc7\xf0\x4f\x3f\xe8\x32\x9e\x74\xca\xc8\x90\x54\xe9\xc6\x5f\x0f\x78\x9d\x9a\x40\x3c\x0e\xac\x61\xaa\x5e\x14\x8f\x9e\x87\xa1\x6a\x50\xdc\xd7\x9a\x4e\xaf\x05\xb3\xa6\x71\x94\x9c\x71\xb3\x50\x60\x0a\xc7\x13\x9d\x38\x07\x86\x02\xa8\xe9\xa8\x69\x26\x18\x90\xab\x4c\xb0\x4f\x23\xab\x3a\x4f\x84\xd8\xdf\xce\x9f\xe1\x69\x6f\xbb\xd7\x42\xd7\x6b\x44\xe4\xc7\xad\xee\x6d\x41\x5f\x72\x5a\x71\x08\x37\xb3\x79\x65\xa4\x59\xa0\x94\x37\xf7\x00\x2f\x0d\xc2\x92\x72\xda\xd0\x38\x72\xdb\x14\xa8\x45\xc4\x5d\x2a\x7d\xb7\xb4\xd6\xc4\xee\xac\xcd\x13\x44\xb7\xc9\x2b\xdd\x43\x00\x25\xfa\x61\xb9\x69\x6a\x58\x23\x11\xb7\xa7\x33\x8f\x56\x75\x59\xf5\xcd\x29\xd7\x46\xb7\x0a\x2b\x65\xb6\xd3\x42\x6f\x15\xb2\xb8\x7b\xfb\xef\xe9\x5d\x53\xd5\x34\x5a\x27\x02\x03\x01\x00\x01\xa3\x81\xdc\x30\x81\xd9\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xad\xbd\x98\x7a\x34\xb4\x26\xf7\xfa\xc4\x26\x54\xef\x03\xbd\xe0\x24\xcb\x54\x1a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\x99\x06\x03\x55\x1d\x23\x04\x81\x91\x30\x81\x8e\x80\x14\xad\xbd\x98\x7a\x34\xb4\x26\xf7\xfa\xc4\x26\x54\xef\x03\xbd\xe0\x24\xcb\x54\x1a\xa1\x73\xa4\x71\x30\x6f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0b\x13\x1d\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6e\x61\x6c\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6e\x61\x6c\x20\x43\x41\x20\x52\x6f\x6f\x74\x82\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xb0\x9b\xe0\x85\x25\xc2\xd6\x23\xe2\x0f\x96\x06\x92\x9d\x41\x98\x9c\xd9\x84\x79\x81\xd9\x1e\x5b\x14\x07\x23\x36\x65\x8f\xb0\xd8\x77\xbb\xac\x41\x6c\x47\x60\x83\x51\xb0\xf9\x32\x3d\xe7\xfc\xf6\x26\x13\xc7\x80\x16\xa5\xbf\x5a\xfc\x87\xcf\x78\x79\x89\x21\x9a\xe2\x4c\x07\x0a\x86\x35\xbc\xf2\xde\x51\xc4\xd2\x96\xb7\xdc\x7e\x4e\xee\x70\xfd\x1c\x39\xeb\x0c\x02\x51\x14\x2d\x8e\xbd\x16\xe0\xc1\xdf\x46\x75\xe7\x24\xad\xec\xf4\x42\xb4\x85\x93\x70\x10\x67\xba\x9d\x06\x35\x4a\x18\xd3\x2b\x7a\xcc\x51\x42\xa1\x7a\x63\xd1\xe6\xbb\xa1\xc5\x2b\xc2\x36\xbe\x13\x0d\xe6\xbd\x63\x7e\x79\x7b\xa7\x09\x0d\x40\xab\x6a\xdd\x8f\x8a\xc3\xf6\xf6\x8c\x1a\x42\x05\x51\xd4\x45\xf5\x9f\xa7\x62\x21\x68\x15\x20\x43\x3c\x99\xe7\x7c\xbd\x24\xd8\xa9\x91\x17\x73\x88\x3f\x56\x1b\x31\x38\x18\xb4\x71\x0f\x9a\xcd\xc8\x0e\x9e\x8e\x2e\x1b\xe1\x8c\x98\x83\xcb\x1f\x31\xf1\x44\x4c\xc6\x04\x73\x49\x76\x60\x0f\xc7\xf8\xbd\x17\x80\x6b\x2e\xe9\xcc\x4c\x0e\x5a\x9a\x79\x0f\x20\x0a\x2e\xd5\x9e\x63\x26\x1e\x55\x92\x94\xd8\x82\x17\x5a\x7b\xd0\xbc\xc7\x8f\x4e\x86\x04", + ["AddTrust Public Services Root"] = "\x30\x82\x04\x15\x30\x82\x02\xfd\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x64\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6c\x69\x63\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x30\x30\x35\x33\x30\x31\x30\x34\x31\x35\x30\x5a\x17\x0d\x32\x30\x30\x35\x33\x30\x31\x30\x34\x31\x35\x30\x5a\x30\x64\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6c\x69\x63\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xe9\x1a\x30\x8f\x83\x88\x14\xc1\x20\xd8\x3c\x9b\x8f\x1b\x7e\x03\x74\xbb\xda\x69\xd3\x46\xa5\xf8\x8e\xc2\x0c\x11\x90\x51\xa5\x2f\x66\x54\x40\x55\xea\xdb\x1f\x4a\x56\xee\x9f\x23\x6e\xf4\x39\xcb\xa1\xb9\x6f\xf2\x7e\xf9\x5d\x87\x26\x61\x9e\x1c\xf8\xe2\xec\xa6\x81\xf8\x21\xc5\x24\xcc\x11\x0c\x3f\xdb\x26\x72\x7a\xc7\x01\x97\x07\x17\xf9\xd7\x18\x2c\x30\x7d\x0e\x7a\x1e\x62\x1e\xc6\x4b\xc0\xfd\x7d\x62\x77\xd3\x44\x1e\x27\xf6\x3f\x4b\x44\xb3\xb7\x38\xd9\x39\x1f\x60\xd5\x51\x92\x73\x03\xb4\x00\x69\xe3\xf3\x14\x4e\xee\xd1\xdc\x09\xcf\x77\x34\x46\x50\xb0\xf8\x11\xf2\xfe\x38\x79\xf7\x07\x39\xfe\x51\x92\x97\x0b\x5b\x08\x5f\x34\x86\x01\xad\x88\x97\xeb\x66\xcd\x5e\xd1\xff\xdc\x7d\xf2\x84\xda\xba\x77\xad\xdc\x80\x08\xc7\xa7\x87\xd6\x55\x9f\x97\x6a\xe8\xc8\x11\x64\xba\xe7\x19\x29\x3f\x11\xb3\x78\x90\x84\x20\x52\x5b\x11\xef\x78\xd0\x83\xf6\xd5\x48\x90\xd0\x30\x1c\xcf\x80\xf9\x60\xfe\x79\xe4\x88\xf2\xdd\x00\xeb\x94\x45\xeb\x65\x94\x69\x40\xba\xc0\xd5\xb4\xb8\xba\x7d\x04\x11\xa8\xeb\x31\x05\x96\x94\x4e\x58\x21\x8e\x9f\xd0\x60\xfd\x02\x03\x01\x00\x01\xa3\x81\xd1\x30\x81\xce\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x81\x3e\x37\xd8\x92\xb0\x1f\x77\x9f\x5c\xb4\xab\x73\xaa\xe7\xf6\x34\x60\x2f\xfa\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\x8e\x06\x03\x55\x1d\x23\x04\x81\x86\x30\x81\x83\x80\x14\x81\x3e\x37\xd8\x92\xb0\x1f\x77\x9f\x5c\xb4\xab\x73\xaa\xe7\xf6\x34\x60\x2f\xfa\xa1\x68\xa4\x66\x30\x64\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6c\x69\x63\x20\x43\x41\x20\x52\x6f\x6f\x74\x82\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xf7\x15\x4a\xf8\x24\xda\x23\x56\x16\x93\x76\xdd\x36\x28\xb9\xae\x1b\xb8\xc3\xf1\x64\xba\x20\x18\x78\x95\x29\x27\x57\x05\xbc\x7c\x2a\xf4\xb9\x51\x55\xda\x87\x02\xde\x0f\x16\x17\x31\xf8\xaa\x79\x2e\x09\x13\xbb\xaf\xb2\x20\x19\x12\xe5\x93\xf9\x4b\xf9\x83\xe8\x44\xd5\xb2\x41\x25\xbf\x88\x75\x6f\xff\x10\xfc\x4a\x54\xd0\x5f\xf0\xfa\xef\x36\x73\x7d\x1b\x36\x45\xc6\x21\x6d\xb4\x15\xb8\x4e\xcf\x9c\x5c\xa5\x3d\x5a\x00\x8e\x06\xe3\x3c\x6b\x32\x7b\xf2\x9f\xf0\xb6\xfd\xdf\xf0\x28\x18\x48\xf0\xc6\xbc\xd0\xbf\x34\x80\x96\xc2\x4a\xb1\x6d\x8e\xc7\x90\x45\xde\x2f\x67\xac\x45\x04\xa3\x7a\xdc\x55\x92\xc9\x47\x66\xd8\x1a\x8c\xc7\xed\x9c\x4e\x9a\xe0\x12\xbb\xb5\x6a\x4c\x84\xe1\xe1\x22\x0d\x87\x00\x64\xfe\x8c\x7d\x62\x39\x65\xa6\xef\x42\xb6\x80\x25\x12\x61\x01\xa8\x24\x13\x70\x00\x11\x26\x5f\xfa\x35\x50\xc5\x48\xcc\x06\x47\xe8\x27\xd8\x70\x8d\x5f\x64\xe6\xa1\x44\x26\x5e\x22\xec\x92\xcd\xff\x42\x9a\x44\x21\x6d\x5c\xc5\xe3\x22\x1d\x5f\x47\x12\xe7\xce\x5f\x5d\xfa\xd8\xaa\xb1\x33\x2d\xd9\x76\xf2\x4e\x3a\x33\x0c\x2b\xb3\x2d\x90\x06", + ["AddTrust Qualified Certificates Root"] = "\x30\x82\x04\x1e\x30\x82\x03\x06\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x67\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x41\x64\x64\x54\x72\x75\x73\x74\x20\x51\x75\x61\x6c\x69\x66\x69\x65\x64\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x30\x30\x35\x33\x30\x31\x30\x34\x34\x35\x30\x5a\x17\x0d\x32\x30\x30\x35\x33\x30\x31\x30\x34\x34\x35\x30\x5a\x30\x67\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x41\x64\x64\x54\x72\x75\x73\x74\x20\x51\x75\x61\x6c\x69\x66\x69\x65\x64\x20\x43\x41\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xe4\x1e\x9a\xfe\xdc\x09\x5a\x87\xa4\x9f\x47\xbe\x11\x5f\xaf\x84\x34\xdb\x62\x3c\x79\x78\xb7\xe9\x30\xb5\xec\x0c\x1c\x2a\xc4\x16\xff\xe0\xec\x71\xeb\x8a\xf5\x11\x6e\xed\x4f\x0d\x91\xd2\x12\x18\x2d\x49\x15\x01\xc2\xa4\x22\x13\xc7\x11\x64\xff\x22\x12\x9a\xb9\x8e\x5c\x2f\x08\xcf\x71\x6a\xb3\x67\x01\x59\xf1\x5d\x46\xf3\xb0\x78\xa5\xf6\x0e\x42\x7a\xe3\x7f\x1b\xcc\xd0\xf0\xb7\x28\xfd\x2a\xea\x9e\xb3\xb0\xb9\x04\xaa\xfd\xf6\xc7\xb4\xb1\xb8\x2a\xa0\xfb\x58\xf1\x19\xa0\x6f\x70\x25\x7e\x3e\x69\x4a\x7f\x0f\x22\xd8\xef\xad\x08\x11\x9a\x29\x99\xe1\xaa\x44\x45\x9a\x12\x5e\x3e\x9d\x6d\x52\xfc\xe7\xa0\x3d\x68\x2f\xf0\x4b\x70\x7c\x13\x38\xad\xbc\x15\x25\xf1\xd6\xce\xab\xa2\xc0\x31\xd6\x2f\x9f\xe0\xff\x14\x59\xfc\x84\x93\xd9\x87\x7c\x4c\x54\x13\xeb\x9f\xd1\x2d\x11\xf8\x18\x3a\x3a\xde\x25\xd9\xf7\xd3\x40\xed\xa4\x06\x12\xc4\x3b\xe1\x91\xc1\x56\x35\xf0\x14\xdc\x65\x36\x09\x6e\xab\xa4\x07\xc7\x35\xd1\xc2\x03\x33\x36\x5b\x75\x26\x6d\x42\xf1\x12\x6b\x43\x6f\x4b\x71\x94\xfa\x34\x1d\xed\x13\x6e\xca\x80\x7f\x98\x2f\x6c\xb9\x65\xd8\xe9\x02\x03\x01\x00\x01\xa3\x81\xd4\x30\x81\xd1\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x39\x95\x8b\x62\x8b\x5c\xc9\xd4\x80\xba\x58\x0f\x97\x3f\x15\x08\x43\xcc\x98\xa7\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\x91\x06\x03\x55\x1d\x23\x04\x81\x89\x30\x81\x86\x80\x14\x39\x95\x8b\x62\x8b\x5c\xc9\xd4\x80\xba\x58\x0f\x97\x3f\x15\x08\x43\xcc\x98\xa7\xa1\x6b\xa4\x69\x30\x67\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x41\x64\x64\x54\x72\x75\x73\x74\x20\x51\x75\x61\x6c\x69\x66\x69\x65\x64\x20\x43\x41\x20\x52\x6f\x6f\x74\x82\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x19\xab\x75\xea\xf8\x8b\x65\x61\x95\x13\xba\x69\x04\xef\x86\xca\x13\xa0\xc7\xaa\x4f\x64\x1b\x3f\x18\xf6\xa8\x2d\x2c\x55\x8f\x05\xb7\x30\xea\x42\x6a\x1d\xc0\x25\x51\x2d\xa7\xbf\x0c\xb3\xed\xef\x08\x7f\x6c\x3c\x46\x1a\xea\x18\x43\xdf\x76\xcc\xf9\x66\x86\x9c\x2c\x68\xf5\xe9\x17\xf8\x31\xb3\x18\xc4\xd6\x48\x7d\x23\x4c\x68\xc1\x7e\xbb\x01\x14\x6f\xc5\xd9\x6e\xde\xbb\x04\x42\x6a\xf8\xf6\x5c\x7d\xe5\xda\xfa\x87\xeb\x0d\x35\x52\x67\xd0\x9e\x97\x76\x05\x93\x3f\x95\xc7\x01\xe6\x69\x55\x38\x7f\x10\x61\x99\xc9\xe3\x5f\xa6\xca\x3e\x82\x63\x48\xaa\xe2\x08\x48\x3e\xaa\xf2\xb2\x85\x62\xa6\xb4\xa7\xd9\xbd\x37\x9c\x68\xb5\x2d\x56\x7d\xb0\xb7\x3f\xa0\xb1\x07\xd6\xe9\x4f\xdc\xde\x45\x71\x30\x32\x7f\x1b\x2e\x09\xf9\xbf\x52\xa1\xee\xc2\x80\x3e\x06\x5c\x2e\x55\x40\xc1\x1b\xf5\x70\x45\xb0\xdc\x5d\xfa\xf6\x72\x5a\x77\xd2\x63\xcd\xcf\x58\x89\x00\x42\x63\x3f\x79\x39\xd0\x44\xb0\x82\x6e\x41\x19\xe8\xdd\xe0\xc1\x88\x5a\xd1\x1e\x71\x93\x1f\x24\x30\x74\xe5\x1e\xa8\xde\x3c\x27\x37\x7f\x83\xae\x9e\x77\xcf\xf0\x30\xb1\xff\x4b\x99\xe8\xc6\xa1", + ["Thawte Time Stamping CA"] = "\x30\x82\x02\xa1\x30\x82\x02\x0a\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\x8b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5a\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0c\x57\x65\x73\x74\x65\x72\x6e\x20\x43\x61\x70\x65\x31\x14\x30\x12\x06\x03\x55\x04\x07\x13\x0b\x44\x75\x72\x62\x61\x6e\x76\x69\x6c\x6c\x65\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x13\x06\x54\x68\x61\x77\x74\x65\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x54\x68\x61\x77\x74\x65\x20\x54\x69\x6d\x65\x73\x74\x61\x6d\x70\x69\x6e\x67\x20\x43\x41\x30\x1e\x17\x0d\x39\x37\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\x8b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5a\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0c\x57\x65\x73\x74\x65\x72\x6e\x20\x43\x61\x70\x65\x31\x14\x30\x12\x06\x03\x55\x04\x07\x13\x0b\x44\x75\x72\x62\x61\x6e\x76\x69\x6c\x6c\x65\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x13\x06\x54\x68\x61\x77\x74\x65\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x54\x68\x61\x77\x74\x65\x20\x54\x69\x6d\x65\x73\x74\x61\x6d\x70\x69\x6e\x67\x20\x43\x41\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xd6\x2b\x58\x78\x61\x45\x86\x53\xea\x34\x7b\x51\x9c\xed\xb0\xe6\x2e\x18\x0e\xfe\xe0\x5f\xa8\x27\xd3\xb4\xc9\xe0\x7c\x59\x4e\x16\x0e\x73\x54\x60\xc1\x7f\xf6\x9f\x2e\xe9\x3a\x85\x24\x15\x3c\xdb\x47\x04\x63\xc3\x9e\xc4\x94\x1a\x5a\xdf\x4c\x7a\xf3\xd9\x43\x1d\x3c\x10\x7a\x79\x25\xdb\x90\xfe\xf0\x51\xe7\x30\xd6\x41\x00\xfd\x9f\x28\xdf\x79\xbe\x94\xbb\x9d\xb6\x14\xe3\x23\x85\xd7\xa9\x41\xe0\x4c\xa4\x79\xb0\x2b\x1a\x8b\xf2\xf8\x3b\x8a\x3e\x45\xac\x71\x92\x00\xb4\x90\x41\x98\xfb\x5f\xed\xfa\xb7\x2e\x8a\xf8\x88\x37\x02\x03\x01\x00\x01\xa3\x13\x30\x11\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x67\xdb\xe2\xc2\xe6\x87\x3d\x40\x83\x86\x37\x35\x7d\x1f\xce\x9a\xc3\x0c\x66\x20\xa8\xba\xaa\x04\x89\x86\xc2\xf5\x10\x08\x0d\xbf\xcb\xa2\x05\x8a\xd0\x4d\x36\x3e\xf4\xd7\xef\x69\xc6\x5e\xe4\xb0\x94\x6f\x4a\xb9\xe7\xde\x5b\x88\xb6\x7b\xdb\xe3\x27\xe5\x76\xc3\xf0\x35\xc1\xcb\xb5\x27\x9b\x33\x79\xdc\x90\xa6\x00\x9e\x77\xfa\xfc\xcd\x27\x94\x42\x16\x9c\xd3\x1c\x68\xec\xbf\x5c\xdd\xe5\xa9\x7b\x10\x0a\x32\x74\x54\x13\x31\x8b\x85\x03\x84\x91\xb7\x58\x01\x30\x14\x38\xaf\x28\xca\xfc\xb1\x50\x19\x19\x09\xac\x89\x49\xd3", + ["Entrust Root Certification Authority"] = "\x30\x82\x04\x91\x30\x82\x03\x79\xa0\x03\x02\x01\x02\x02\x04\x45\x6b\x50\x54\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xb0\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x45\x6e\x74\x72\x75\x73\x74\x2c\x20\x49\x6e\x63\x2e\x31\x39\x30\x37\x06\x03\x55\x04\x0b\x13\x30\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x20\x69\x73\x20\x69\x6e\x63\x6f\x72\x70\x6f\x72\x61\x74\x65\x64\x20\x62\x79\x20\x72\x65\x66\x65\x72\x65\x6e\x63\x65\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x28\x63\x29\x20\x32\x30\x30\x36\x20\x45\x6e\x74\x72\x75\x73\x74\x2c\x20\x49\x6e\x63\x2e\x31\x2d\x30\x2b\x06\x03\x55\x04\x03\x13\x24\x45\x6e\x74\x72\x75\x73\x74\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x36\x31\x31\x32\x37\x32\x30\x32\x33\x34\x32\x5a\x17\x0d\x32\x36\x31\x31\x32\x37\x32\x30\x35\x33\x34\x32\x5a\x30\x81\xb0\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x45\x6e\x74\x72\x75\x73\x74\x2c\x20\x49\x6e\x63\x2e\x31\x39\x30\x37\x06\x03\x55\x04\x0b\x13\x30\x77\x77\x77\x2e\x65\x6e\x74\x72\x75\x73\x74\x2e\x6e\x65\x74\x2f\x43\x50\x53\x20\x69\x73\x20\x69\x6e\x63\x6f\x72\x70\x6f\x72\x61\x74\x65\x64\x20\x62\x79\x20\x72\x65\x66\x65\x72\x65\x6e\x63\x65\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x28\x63\x29\x20\x32\x30\x30\x36\x20\x45\x6e\x74\x72\x75\x73\x74\x2c\x20\x49\x6e\x63\x2e\x31\x2d\x30\x2b\x06\x03\x55\x04\x03\x13\x24\x45\x6e\x74\x72\x75\x73\x74\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb6\x95\xb6\x43\x42\xfa\xc6\x6d\x2a\x6f\x48\xdf\x94\x4c\x39\x57\x05\xee\xc3\x79\x11\x41\x68\x36\xed\xec\xfe\x9a\x01\x8f\xa1\x38\x28\xfc\xf7\x10\x46\x66\x2e\x4d\x1e\x1a\xb1\x1a\x4e\xc6\xd1\xc0\x95\x88\xb0\xc9\xff\x31\x8b\x33\x03\xdb\xb7\x83\x7b\x3e\x20\x84\x5e\xed\xb2\x56\x28\xa7\xf8\xe0\xb9\x40\x71\x37\xc5\xcb\x47\x0e\x97\x2a\x68\xc0\x22\x95\x62\x15\xdb\x47\xd9\xf5\xd0\x2b\xff\x82\x4b\xc9\xad\x3e\xde\x4c\xdb\x90\x80\x50\x3f\x09\x8a\x84\x00\xec\x30\x0a\x3d\x18\xcd\xfb\xfd\x2a\x59\x9a\x23\x95\x17\x2c\x45\x9e\x1f\x6e\x43\x79\x6d\x0c\x5c\x98\xfe\x48\xa7\xc5\x23\x47\x5c\x5e\xfd\x6e\xe7\x1e\xb4\xf6\x68\x45\xd1\x86\x83\x5b\xa2\x8a\x8d\xb1\xe3\x29\x80\xfe\x25\x71\x88\xad\xbe\xbc\x8f\xac\x52\x96\x4b\xaa\x51\x8d\xe4\x13\x31\x19\xe8\x4e\x4d\x9f\xdb\xac\xb3\x6a\xd5\xbc\x39\x54\x71\xca\x7a\x7a\x7f\x90\xdd\x7d\x1d\x80\xd9\x81\xbb\x59\x26\xc2\x11\xfe\xe6\x93\xe2\xf7\x80\xe4\x65\xfb\x34\x37\x0e\x29\x80\x70\x4d\xaf\x38\x86\x2e\x9e\x7f\x57\xaf\x9e\x17\xae\xeb\x1c\xcb\x28\x21\x5f\xb6\x1c\xd8\xe7\xa2\x04\x22\xf9\xd3\xda\xd8\xcb\x02\x03\x01\x00\x01\xa3\x81\xb0\x30\x81\xad\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x32\x30\x30\x36\x31\x31\x32\x37\x32\x30\x32\x33\x34\x32\x5a\x81\x0f\x32\x30\x32\x36\x31\x31\x32\x37\x32\x30\x35\x33\x34\x32\x5a\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x68\x90\xe4\x67\xa4\xa6\x53\x80\xc7\x86\x66\xa4\xf1\xf7\x4b\x43\xfb\x84\xbd\x6d\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x68\x90\xe4\x67\xa4\xa6\x53\x80\xc7\x86\x66\xa4\xf1\xf7\x4b\x43\xfb\x84\xbd\x6d\x30\x1d\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x10\x30\x0e\x1b\x08\x56\x37\x2e\x31\x3a\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x93\xd4\x30\xb0\xd7\x03\x20\x2a\xd0\xf9\x63\xe8\x91\x0c\x05\x20\xa9\x5f\x19\xca\x7b\x72\x4e\xd4\xb1\xdb\xd0\x96\xfb\x54\x5a\x19\x2c\x0c\x08\xf7\xb2\xbc\x85\xa8\x9d\x7f\x6d\x3b\x52\xb3\x2a\xdb\xe7\xd4\x84\x8c\x63\xf6\x0f\xcb\x26\x01\x91\x50\x6c\xf4\x5f\x14\xe2\x93\x74\xc0\x13\x9e\x30\x3a\x50\xe3\xb4\x60\xc5\x1c\xf0\x22\x44\x8d\x71\x47\xac\xc8\x1a\xc9\xe9\x9b\x9a\x00\x60\x13\xff\x70\x7e\x5f\x11\x4d\x49\x1b\xb3\x15\x52\x7b\xc9\x54\xda\xbf\x9d\x95\xaf\x6b\x9a\xd8\x9e\xe9\xf1\xe4\x43\x8d\xe2\x11\x44\x3a\xbf\xaf\xbd\x83\x42\x73\x52\x8b\xaa\xbb\xa7\x29\xcf\xf5\x64\x1c\x0a\x4d\xd1\xbc\xaa\xac\x9f\x2a\xd0\xff\x7f\x7f\xda\x7d\xea\xb1\xed\x30\x25\xc1\x84\xda\x34\xd2\x5b\x78\x83\x56\xec\x9c\x36\xc3\x26\xe2\x11\xf6\x67\x49\x1d\x92\xab\x8c\xfb\xeb\xff\x7a\xee\x85\x4a\xa7\x50\x80\xf0\xa7\x5c\x4a\x94\x2e\x5f\x05\x99\x3c\x52\x41\xe0\xcd\xb4\x63\xcf\x01\x43\xba\x9c\x83\xdc\x8f\x60\x3b\xf3\x5a\xb4\xb4\x7b\xae\xda\x0b\x90\x38\x75\xef\x81\x1d\x66\xd2\xf7\x57\x70\x36\xb3\xbf\xfc\x28\xaf\x71\x25\x85\x5b\x13\xfe\x1e\x7f\x5a\xb4\x3c", + ["AOL Time Warner Root Certification Authority 1"] = "\x30\x82\x03\xe6\x30\x82\x02\xce\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x83\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x49\x6e\x63\x2e\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x03\x13\x2e\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x31\x30\x1e\x17\x0d\x30\x32\x30\x35\x32\x39\x30\x36\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x31\x31\x32\x30\x31\x35\x30\x33\x30\x30\x5a\x30\x81\x83\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x49\x6e\x63\x2e\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x03\x13\x2e\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x99\xde\x8f\xc3\x25\xa3\x69\x34\xe8\x05\xf7\x74\xb9\xbf\x5a\x97\x19\xb9\x2f\x94\xd2\x93\xe5\x2d\x89\xca\x84\x7c\x3f\x10\x43\x1b\x8c\x8b\x7c\x84\x58\xf8\x24\x7c\x48\xcf\x2a\xfd\xc0\x15\xd9\x18\x7e\x84\x1a\x17\xd3\xdb\x9e\xd7\xca\xe4\xd9\xd7\xaa\x58\x51\x87\xf0\xf0\x8b\x48\x4e\xe2\xc2\xc4\x59\x69\x30\x62\xb6\x30\xa2\x8c\x0b\x11\x99\x61\x35\x6d\x7e\xef\xc5\xb1\x19\x06\x20\x12\x8e\x42\xe1\xdf\x0f\x96\x10\x52\xa8\xcf\x9c\x5f\x95\x14\xd8\xaf\x3b\x75\x0b\x31\x20\x1f\x44\x2f\xa2\x62\x41\xb3\xbb\x18\x21\xdb\xca\x71\x3c\x8c\xec\xb6\xb9\x0d\x9f\xef\x51\xef\x4d\x7b\x12\xf2\x0b\x0c\xe1\xac\x40\x8f\x77\x7f\xb0\xca\x78\x71\x0c\x5d\x16\x71\x70\xa2\xd7\xc2\x3a\x85\xcd\x0e\x9a\xc4\xe0\x00\xb0\xd5\x25\xea\xdc\x2b\xe4\x94\x2d\x38\x9c\x89\x41\x57\x64\x28\x65\x19\x1c\xb6\x44\xb4\xc8\x31\x6b\x8e\x01\x7b\x76\x59\x25\x7f\x15\x1c\x84\x08\x7c\x73\x65\x20\x0a\xa1\x04\x2e\x1a\x32\xa8\x9a\x20\xb1\x9c\x2c\x21\x59\xe7\xfb\xcf\xee\x70\x2d\x08\xca\x63\x3e\x2c\x9b\x93\x19\x6a\xa4\xc2\x97\xff\xb7\x86\x57\x88\x85\x6c\x9e\x15\x16\x2b\x4d\x2c\xb3\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa1\x36\x30\x16\xcb\x86\x90\x00\x45\x80\x53\xb1\x8f\xc8\xd8\x3d\x7c\xbe\x5f\x12\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xa1\x36\x30\x16\xcb\x86\x90\x00\x45\x80\x53\xb1\x8f\xc8\xd8\x3d\x7c\xbe\x5f\x12\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8a\x20\x18\xa5\xbe\xb3\x2f\xb4\xa6\x84\x00\x40\x30\x29\xfa\xb4\x14\x73\x4c\x79\x45\xa7\xf6\x70\xe0\xe8\x7e\x64\x1e\x0a\x95\x7c\x6a\x61\xc2\xef\x4e\x1f\xbe\xff\xc9\x99\x1f\x07\x61\x4a\xe1\x5d\x4c\xcd\xad\xee\xd0\x52\x32\xd9\x59\x32\xbc\xda\x79\x72\xd6\x7b\x09\xe8\x02\x81\x35\xd3\x0a\xdf\x11\x1d\xc9\x79\xa0\x80\x4d\xfe\x5a\xd7\x56\xd6\xed\x0f\x2a\xaf\xa7\x18\x75\x33\x0c\xea\xc1\x61\x05\x4f\x6a\x9a\x89\xf2\x8d\xb9\x9f\x2e\xef\xb0\x5f\x5a\x00\xeb\xbe\xad\xa0\xf8\x44\x05\x67\xbc\xcb\x04\xef\x9e\x64\xc5\xe9\xc8\x3f\x05\xbf\xc6\x2f\x07\x1c\xc3\x36\x71\x86\xca\x38\x66\x4a\xcd\xd6\xb8\x4b\xc6\x6c\xa7\x97\x3b\xfa\x13\x2d\x6e\x23\x61\x87\xa1\x63\x42\xac\xc2\xcb\x97\x9f\x61\x68\xcf\x2d\x4c\x04\x9d\xd7\x25\x4f\x0a\x0e\x4d\x90\x8b\x18\x56\xa8\x93\x48\x57\xdc\x6f\xae\xbd\x9e\x67\x57\x77\x89\x50\xb3\xbe\x11\x9b\x45\x67\x83\x86\x19\x87\xd3\x98\xbd\x08\x1a\x16\x1f\x58\x82\x0b\xe1\x96\x69\x05\x4b\x8e\xec\x83\x51\x31\x07\xd5\xd4\x9f\xff\x59\x7b\xa8\x6e\x85\xcf\xd3\x4b\xa9\x49\xb0\x5f\xb0\x39\x28\x68\x0e\x73\xdd\x25\x9a\xde\x12", + ["AOL Time Warner Root Certification Authority 2"] = "\x30\x82\x05\xe6\x30\x82\x03\xce\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x83\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x49\x6e\x63\x2e\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x03\x13\x2e\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x32\x30\x1e\x17\x0d\x30\x32\x30\x35\x32\x39\x30\x36\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x30\x39\x32\x38\x32\x33\x34\x33\x30\x30\x5a\x30\x81\x83\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x13\x14\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x49\x6e\x63\x2e\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x03\x13\x2e\x41\x4f\x4c\x20\x54\x69\x6d\x65\x20\x57\x61\x72\x6e\x65\x72\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xb4\x37\x5a\x08\x16\x99\x14\xe8\x55\xb1\x1b\x24\x6b\xfc\xc7\x8b\xe6\x87\xa9\x89\xee\x8b\x99\xcd\x4f\x40\x86\xa4\xb6\x4d\xc9\xd9\xb1\xdc\x3c\x4d\x0d\x85\x4c\x15\x6c\x46\x8b\x52\x78\x9f\xf8\x23\xfd\x67\xf5\x24\x3a\x68\x5d\xd0\xf7\x64\x61\x41\x54\xa3\x8b\xa5\x08\xd2\x29\x5b\x9b\x60\x4f\x26\x83\xd1\x63\x12\x56\x49\x76\xa4\x16\xc2\xa5\x9d\x45\xac\x8b\x84\x95\xa8\x16\xb1\xec\x9f\xea\x24\x1a\xef\xb9\x57\x5c\x9a\x24\x21\x2c\x4d\x0e\x71\x1f\xa6\xac\x5d\x45\x74\x03\x98\xc4\x54\x8c\x16\x4a\x41\x77\x86\x95\x75\x0c\x47\x01\x66\x60\xfc\x15\xf1\x0f\xea\xf5\x14\x78\xc7\x0e\xd7\x6e\x81\x1c\x5e\xbf\x5e\xe7\x3a\x2a\xd8\x97\x17\x30\x7c\x00\xad\x08\x9d\x33\xaf\xb8\x99\x61\x80\x8b\xa8\x95\x7e\x14\xdc\x12\x6c\xa4\xd0\xd8\xef\x40\x49\x02\x36\xf9\x6e\xa9\xd6\x1d\x96\x56\x04\xb2\xb3\x2d\x16\x56\x86\x8f\xd9\x20\x57\x80\xcd\x67\x10\x6d\xb0\x4c\xf0\xda\x46\xb6\xea\x25\x2e\x46\xaf\x8d\xb0\x85\x38\x34\x8b\x14\x26\x82\x2b\xac\xae\x99\x0b\x8e\x14\xd7\x52\xbd\x9e\x69\xc3\x86\x02\x0b\xea\x76\x75\x31\x09\xce\x33\x19\x21\x85\x43\xe6\x89\x2d\x9f\x25\x37\x67\xf1\x23\x6a\xd2\x00\x6d\x97\xf9\x9f\xe7\x29\xca\xdd\x1f\xd7\x06\xea\xb8\xc9\xb9\x09\x21\x9f\xc8\x3f\x06\xc5\xd2\xe9\x12\x46\x00\x4e\x7b\x08\xeb\x42\x3d\x2b\x48\x6e\x9d\x67\xdd\x4b\x02\xe4\x44\xf3\x93\x19\xa5\x27\xce\x69\x7a\xbe\x67\xd3\xfc\x50\xa4\x2c\xab\xc3\x6b\xb9\xe3\x80\x4c\xcf\x05\x61\x4b\x2b\xdc\x1b\xb9\xa6\xd2\xd0\xaa\xf5\x2b\x73\xfb\xce\x90\x35\x9f\x0c\x52\x1c\xbf\x5c\x21\x61\x11\x5b\x15\x4b\xa9\x24\x51\xfc\xa4\x5c\xf7\x17\x9d\xb0\xd2\xfa\x07\xe9\x8f\x56\xe4\x1a\x8c\x68\x8a\x04\xd3\x7c\x5a\xe3\x9e\xa2\xa1\xca\x71\x5b\xa2\xd4\xa0\xe7\x29\x85\x5d\x03\x68\x2a\x4f\xd2\x06\xd7\x3d\xf9\xc3\x03\x2f\x3f\x65\xf9\x67\x1e\x47\x40\xd3\x63\x0f\xe3\xd5\x8e\xf9\x85\xab\x97\x4c\xb3\xd7\x26\xeb\x96\x0a\x94\xde\x85\x36\x9c\xc8\x7f\x81\x09\x02\x49\x2a\x0e\xf5\x64\x32\x0c\x82\xd1\xba\x6a\x82\x1b\xb3\x4b\x74\x11\xf3\x8c\x77\xd6\x9f\xbf\xdc\x37\xa4\xa7\x55\x04\x2f\xd4\x31\xe8\xd3\x46\xb9\x03\x7c\xda\x12\x4e\x59\x64\xb7\x51\x31\x31\x50\xa0\xca\x1c\x27\xd9\x10\x2e\xad\xd6\xbd\x10\x66\x2b\xc3\xb0\x22\x4a\x12\x5b\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x4f\x69\x6d\x03\x7e\x9d\x9f\x07\x18\x43\xbc\xb7\x10\x4e\xd5\xbf\xa9\xc4\x20\x28\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x4f\x69\x6d\x03\x7e\x9d\x9f\x07\x18\x43\xbc\xb7\x10\x4e\xd5\xbf\xa9\xc4\x20\x28\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x3b\xf3\xae\xca\xe8\x2e\x87\x85\xfb\x65\x59\xe7\xad\x11\x14\xa5\x57\xbc\x58\x9f\x24\x12\x57\xbb\xfb\x3f\x34\xda\xee\xad\x7a\x2a\x34\x72\x70\x31\x6b\xc7\x19\x98\x80\xc9\x82\xde\x37\x77\x5e\x54\x8b\x8e\xf2\xea\x67\x4f\xc9\x74\x84\x91\x56\x09\xd5\xe5\x7a\x9a\x81\xb6\x81\xc2\xad\x36\xe4\xf1\x54\x11\x53\xf3\x34\x45\x01\x26\xc8\xe5\x1a\xbc\x34\x44\x21\xde\xad\x25\xfc\x76\x16\x77\x21\x90\x80\x98\x57\x9d\x4e\xea\xec\x2f\xaa\x3c\x14\x7b\x57\xc1\x7e\x18\x14\x67\xee\x24\xc6\xbd\xba\x15\xb0\xd2\x18\xbd\xb7\x55\x81\xac\x53\xc0\xe8\xdd\x69\x12\x13\x42\xb7\x02\xb5\x05\x41\xca\x79\x50\x6e\x82\x0e\x71\x72\x93\x46\xe8\x9d\x0d\x5d\xbd\xae\xce\x29\xad\x63\xd5\x55\x16\x80\x30\x27\xff\x76\xba\xf7\xb8\xd6\x4a\xe3\xd9\xb5\xf9\x52\xd0\x4e\x40\xa9\xc7\xe5\xc2\x32\xc7\xaa\x76\x24\xe1\x6b\x05\x50\xeb\xc5\xbf\x0a\x54\xe5\xb9\x42\x3c\x24\xfb\xb7\x07\x9c\x30\x9f\x79\x5a\xe6\xe0\x40\x52\x15\xf4\xfc\xaa\xf4\x56\xf9\x44\x97\x87\xed\x0e\x65\x72\x5e\xbe\x26\xfb\x4d\xa4\x2d\x08\x07\xde\xd8\x5c\xa0\xdc\x81\x33\x99\x18\x25\x11\x77\xa7\xeb\xfd\x58\x09\x2c\x99\x6b\x1b\x8a\xf3\x52\x3f\x1a\x4d\x48\x60\xf1\xa0\xf6\x33\x02\x53\x8b\xed\x25\x09\xb8\x0d\x2d\xed\x97\x73\xec\xd7\x96\x1f\x8e\x60\x0e\xda\x10\x9b\x2f\x18\x24\xf6\xa6\x4d\x0a\xf9\x3b\xcb\x75\xc2\xcc\x2f\xce\x24\x69\xc9\x0a\x22\x8e\x59\xa7\xf7\x82\x0c\xd7\xd7\x6b\x35\x9c\x43\x00\x6a\xc4\x95\x67\xba\x9c\x45\xcb\xb8\x0e\x37\xf7\xdc\x4e\x01\x4f\xbe\x0a\xb6\x03\xd3\xad\x8a\x45\xf7\xda\x27\x4d\x29\xb1\x48\xdf\xe4\x11\xe4\x96\x46\xbd\x6c\x02\x3e\xd6\x51\xc8\x95\x17\x01\x15\xa9\xf2\xaa\xaa\xf2\xbf\x2f\x65\x1b\x6f\xd0\xb9\x1a\x93\xf5\x8e\x35\xc4\x80\x87\x3e\x94\x2f\x66\xe4\xe9\xa8\xff\x41\x9c\x70\x2a\x4f\x2a\x39\x18\x95\x1e\x7e\xfb\x61\x01\x3c\x51\x08\x2e\x28\x18\xa4\x16\x0f\x31\xfd\x3a\x6c\x23\x93\x20\x76\xe1\xfd\x07\x85\xd1\x5b\x3f\xd2\x1c\x73\x32\xdd\xfa\xb9\xf8\x8c\xcf\x02\x87\x7a\x9a\x96\xe4\xed\x4f\x89\x8d\x53\x43\xab\x0e\x13\xc0\x01\x15\xb4\x79\x38\xdb\xfc\x6e\x3d\x9e\x51\xb6\xb8\x13\x8b\x67\xcf\xf9\x7c\xd9\x22\x1d\xf6\x5d\xc5\x1c\x01\x2f\x98\xe8\x7a\x24\x18\xbc\x84\xd7\xfa\xdc\x72\x5b\xf7\xc1\x3a\x68", + ["RSA Security 2048 v3"] = "\x30\x82\x03\x61\x30\x82\x02\x49\xa0\x03\x02\x01\x02\x02\x10\x0a\x01\x01\x01\x00\x00\x02\x7c\x00\x00\x00\x0a\x00\x00\x00\x02\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3a\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x52\x53\x41\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x49\x6e\x63\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x52\x53\x41\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x32\x30\x34\x38\x20\x56\x33\x30\x1e\x17\x0d\x30\x31\x30\x32\x32\x32\x32\x30\x33\x39\x32\x33\x5a\x17\x0d\x32\x36\x30\x32\x32\x32\x32\x30\x33\x39\x32\x33\x5a\x30\x3a\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x52\x53\x41\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x49\x6e\x63\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x52\x53\x41\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x32\x30\x34\x38\x20\x56\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb7\x8f\x55\x71\xd2\x80\xdd\x7b\x69\x79\xa7\xf0\x18\x50\x32\x3c\x62\x67\xf6\x0a\x95\x07\xdd\xe6\x1b\xf3\x9e\xd9\xd2\x41\x54\x6b\xad\x9f\x7c\xbe\x19\xcd\xfb\x46\xab\x41\x68\x1e\x18\xea\x55\xc8\x2f\x91\x78\x89\x28\xfb\x27\x29\x60\xff\xdf\x8f\x8c\x3b\xc9\x49\x9b\xb5\xa4\x94\xce\x01\xea\x3e\xb5\x63\x7b\x7f\x26\xfd\x19\xdd\xc0\x21\xbd\x84\xd1\x2d\x4f\x46\xc3\x4e\xdc\xd8\x37\x39\x3b\x28\xaf\xcb\x9d\x1a\xea\x2b\xaf\x21\xa5\xc1\x23\x22\xb8\xb8\x1b\x5a\x13\x87\x57\x83\xd1\xf0\x20\xe7\xe8\x4f\x23\x42\xb0\x00\xa5\x7d\x89\xe9\xe9\x61\x73\x94\x98\x71\x26\xbc\x2d\x6a\xe0\xf7\x4d\xf0\xf1\xb6\x2a\x38\x31\x81\x0d\x29\xe1\x00\xc1\x51\x0f\x4c\x52\xf8\x04\x5a\xaa\x7d\x72\xd3\xb8\x87\x2a\xbb\x63\x10\x03\x2a\xb3\xa1\x4f\x0d\x5a\x5e\x46\xb7\x3d\x0e\xf5\x74\xec\x99\x9f\xf9\x3d\x24\x81\x88\xa6\xdd\x60\x54\xe8\x95\x36\x3d\xc6\x09\x93\x9a\xa3\x12\x80\x00\x55\x99\x19\x47\xbd\xd0\xa5\x7c\xc3\xba\xfb\x1f\xf7\xf5\x0f\xf8\xac\xb9\xb5\xf4\x37\x98\x13\x18\xde\x85\x5b\xb7\x0c\x82\x3b\x87\x6f\x95\x39\x58\x30\xda\x6e\x01\x68\x17\x22\xcc\xc0\x0b\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x07\xc3\x51\x30\xa4\xaa\xe9\x45\xae\x35\x24\xfa\xff\x24\x2c\x33\xd0\xb1\x9d\x8c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x07\xc3\x51\x30\xa4\xaa\xe9\x45\xae\x35\x24\xfa\xff\x24\x2c\x33\xd0\xb1\x9d\x8c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5f\x3e\x86\x76\x6e\xb8\x35\x3c\x4e\x36\x1c\x1e\x79\x98\xbf\xfd\xd5\x12\x11\x79\x52\x0e\xee\x31\x89\xbc\xdd\x7f\xf9\xd1\xc6\x15\x21\xe8\x8a\x01\x54\x0d\x3a\xfb\x54\xb9\xd6\x63\xd4\xb1\xaa\x96\x4d\xa2\x42\x4d\xd4\x53\x1f\x8b\x10\xde\x7f\x65\xbe\x60\x13\x27\x71\x88\xa4\x73\xe3\x84\x63\xd1\xa4\x55\xe1\x50\x93\xe6\x1b\x0e\x79\xd0\x67\xbc\x46\xc8\xbf\x3f\x17\x0d\x95\xe6\xc6\x90\x69\xde\xe7\xb4\x2f\xde\x95\x7d\xd0\x12\x3f\x3d\x3e\x7f\x4d\x3f\x14\x68\xf5\x11\x50\xd5\xc1\xf4\x90\xa5\x08\x1d\x31\x60\xff\x60\x8c\x23\x54\x0a\xaf\xfe\xa1\x6e\xc5\xd1\x7a\x2a\x68\x78\xcf\x1e\x82\x0a\x20\xb4\x1f\xad\xe5\x85\xb2\x6a\x68\x75\x4e\xad\x25\x37\x94\x85\xbe\xbd\xa1\xd4\xea\xb7\x0c\x4b\x3c\x9d\xe8\x12\x00\xf0\x5f\xac\x0d\xe1\xac\x70\x63\x73\xf7\x7f\x79\x9f\x32\x25\x42\x74\x05\x80\x28\xbf\xbd\xc1\x24\x96\x58\x15\xb1\x17\x21\xe9\x89\x4b\xdb\x07\x88\x67\xf4\x15\xad\x70\x3e\x2f\x4d\x85\x3b\xc2\xb7\xdb\xfe\x98\x68\x23\x89\xe1\x74\x0f\xde\xf4\xc5\x84\x63\x29\x1b\xcc\xcb\x07\xc9\x00\xa4\xa9\xd7\xc2\x22\x4f\x67\xd7\x77\xec\x20\x05\x61\xde", + ["GeoTrust Global CA"] = "\x30\x82\x03\x54\x30\x82\x02\x3c\xa0\x03\x02\x01\x02\x02\x03\x02\x34\x56\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x42\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x41\x30\x1e\x17\x0d\x30\x32\x30\x35\x32\x31\x30\x34\x30\x30\x30\x30\x5a\x17\x0d\x32\x32\x30\x35\x32\x31\x30\x34\x30\x30\x30\x30\x5a\x30\x42\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xda\xcc\x18\x63\x30\xfd\xf4\x17\x23\x1a\x56\x7e\x5b\xdf\x3c\x6c\x38\xe4\x71\xb7\x78\x91\xd4\xbc\xa1\xd8\x4c\xf8\xa8\x43\xb6\x03\xe9\x4d\x21\x07\x08\x88\xda\x58\x2f\x66\x39\x29\xbd\x05\x78\x8b\x9d\x38\xe8\x05\xb7\x6a\x7e\x71\xa4\xe6\xc4\x60\xa6\xb0\xef\x80\xe4\x89\x28\x0f\x9e\x25\xd6\xed\x83\xf3\xad\xa6\x91\xc7\x98\xc9\x42\x18\x35\x14\x9d\xad\x98\x46\x92\x2e\x4f\xca\xf1\x87\x43\xc1\x16\x95\x57\x2d\x50\xef\x89\x2d\x80\x7a\x57\xad\xf2\xee\x5f\x6b\xd2\x00\x8d\xb9\x14\xf8\x14\x15\x35\xd9\xc0\x46\xa3\x7b\x72\xc8\x91\xbf\xc9\x55\x2b\xcd\xd0\x97\x3e\x9c\x26\x64\xcc\xdf\xce\x83\x19\x71\xca\x4e\xe6\xd4\xd5\x7b\xa9\x19\xcd\x55\xde\xc8\xec\xd2\x5e\x38\x53\xe5\x5c\x4f\x8c\x2d\xfe\x50\x23\x36\xfc\x66\xe6\xcb\x8e\xa4\x39\x19\x00\xb7\x95\x02\x39\x91\x0b\x0e\xfe\x38\x2e\xd1\x1d\x05\x9a\xf6\x4d\x3e\x6f\x0f\x07\x1d\xaf\x2c\x1e\x8f\x60\x39\xe2\xfa\x36\x53\x13\x39\xd4\x5e\x26\x2b\xdb\x3d\xa8\x14\xbd\x32\xeb\x18\x03\x28\x52\x04\x71\xe5\xab\x33\x3d\xe1\x38\xbb\x07\x36\x84\x62\x9c\x79\xea\x16\x30\xf4\x5f\xc0\x2b\xe8\x71\x6b\xe4\xf9\x02\x03\x01\x00\x01\xa3\x53\x30\x51\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc0\x7a\x98\x68\x8d\x89\xfb\xab\x05\x64\x0c\x11\x7d\xaa\x7d\x65\xb8\xca\xcc\x4e\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xc0\x7a\x98\x68\x8d\x89\xfb\xab\x05\x64\x0c\x11\x7d\xaa\x7d\x65\xb8\xca\xcc\x4e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x35\xe3\x29\x6a\xe5\x2f\x5d\x54\x8e\x29\x50\x94\x9f\x99\x1a\x14\xe4\x8f\x78\x2a\x62\x94\xa2\x27\x67\x9e\xd0\xcf\x1a\x5e\x47\xe9\xc1\xb2\xa4\xcf\xdd\x41\x1a\x05\x4e\x9b\x4b\xee\x4a\x6f\x55\x52\xb3\x24\xa1\x37\x0a\xeb\x64\x76\x2a\x2e\x2c\xf3\xfd\x3b\x75\x90\xbf\xfa\x71\xd8\xc7\x3d\x37\xd2\xb5\x05\x95\x62\xb9\xa6\xde\x89\x3d\x36\x7b\x38\x77\x48\x97\xac\xa6\x20\x8f\x2e\xa6\xc9\x0c\xc2\xb2\x99\x45\x00\xc7\xce\x11\x51\x22\x22\xe0\xa5\xea\xb6\x15\x48\x09\x64\xea\x5e\x4f\x74\xf7\x05\x3e\xc7\x8a\x52\x0c\xdb\x15\xb4\xbd\x6d\x9b\xe5\xc6\xb1\x54\x68\xa9\xe3\x69\x90\xb6\x9a\xa5\x0f\xb8\xb9\x3f\x20\x7d\xae\x4a\xb5\xb8\x9c\xe4\x1d\xb6\xab\xe6\x94\xa5\xc1\xc7\x83\xad\xdb\xf5\x27\x87\x0e\x04\x6c\xd5\xff\xdd\xa0\x5d\xed\x87\x52\xb7\x2b\x15\x02\xae\x39\xa6\x6a\x74\xe9\xda\xc4\xe7\xbc\x4d\x34\x1e\xa9\x5c\x4d\x33\x5f\x92\x09\x2f\x88\x66\x5d\x77\x97\xc7\x1d\x76\x13\xa9\xd5\xe5\xf1\x16\x09\x11\x35\xd5\xac\xdb\x24\x71\x70\x2c\x98\x56\x0b\xd9\x17\xb4\xd1\xe3\x51\x2b\x5e\x75\xe8\xd5\xd0\xdc\x4f\x34\xed\xc2\x05\x66\x80\xa1\xcb\xe6\x33", + ["GeoTrust Global CA 2"] = "\x30\x82\x03\x66\x30\x82\x02\x4e\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x44\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x13\x14\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x41\x20\x32\x30\x1e\x17\x0d\x30\x34\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5a\x17\x0d\x31\x39\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5a\x30\x44\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x13\x14\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x41\x20\x32\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xef\x3c\x4d\x40\x3d\x10\xdf\x3b\x53\x00\xe1\x67\xfe\x94\x60\x15\x3e\x85\x88\xf1\x89\x0d\x90\xc8\x28\x23\x99\x05\xe8\x2b\x20\x9d\xc6\xf3\x60\x46\xd8\xc1\xb2\xd5\x8c\x31\xd9\xdc\x20\x79\x24\x81\xbf\x35\x32\xfc\x63\x69\xdb\xb1\x2a\x6b\xee\x21\x58\xf2\x08\xe9\x78\xcb\x6f\xcb\xfc\x16\x52\xc8\x91\xc4\xff\x3d\x73\xde\xb1\x3e\xa7\xc2\x7d\x66\xc1\xf5\x7e\x52\x24\x1a\xe2\xd5\x67\x91\xd0\x82\x10\xd7\x78\x4b\x4f\x2b\x42\x39\xbd\x64\x2d\x40\xa0\xb0\x10\xd3\x38\x48\x46\x88\xa1\x0c\xbb\x3a\x33\x2a\x62\x98\xfb\x00\x9d\x13\x59\x7f\x6f\x3b\x72\xaa\xee\xa6\x0f\x86\xf9\x05\x61\xea\x67\x7f\x0c\x37\x96\x8b\xe6\x69\x16\x47\x11\xc2\x27\x59\x03\xb3\xa6\x60\xc2\x21\x40\x56\xfa\xa0\xc7\x7d\x3a\x13\xe3\xec\x57\xc7\xb3\xd6\xae\x9d\x89\x80\xf7\x01\xe7\x2c\xf6\x96\x2b\x13\x0d\x79\x2c\xd9\xc0\xe4\x86\x7b\x4b\x8c\x0c\x72\x82\x8a\xfb\x17\xcd\x00\x6c\x3a\x13\x3c\xb0\x84\x87\x4b\x16\x7a\x29\xb2\x4f\xdb\x1d\xd4\x0b\xf3\x66\x37\xbd\xd8\xf6\x57\xbb\x5e\x24\x7a\xb8\x3c\x8b\xb9\xfa\x92\x1a\x1a\x84\x9e\xd8\x74\x8f\xaa\x1b\x7f\x5e\xf4\xfe\x45\x22\x21\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x71\x38\x36\xf2\x02\x31\x53\x47\x2b\x6e\xba\x65\x46\xa9\x10\x15\x58\x20\x05\x09\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x71\x38\x36\xf2\x02\x31\x53\x47\x2b\x6e\xba\x65\x46\xa9\x10\x15\x58\x20\x05\x09\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xf7\xb5\x2b\xab\x5d\x10\xfc\x7b\xb2\xb2\x5e\xac\x9b\x0e\x7e\x53\x78\x59\x3e\x42\x04\xfe\x75\xa3\xad\xac\x81\x4e\xd7\x02\x8b\x5e\xc4\x2d\xc8\x52\x76\xc7\x2c\x1f\xfc\x81\x32\x98\xd1\x4b\xc6\x92\x93\x33\x35\x31\x2f\xfc\xd8\x1d\x44\xdd\xe0\x81\x7f\x9d\xe9\x8b\xe1\x64\x91\x62\x0b\x39\x08\x8c\xac\x74\x9d\x59\xd9\x7a\x59\x52\x97\x11\xb9\x16\x7b\x6f\x45\xd3\x96\xd9\x31\x7d\x02\x36\x0f\x9c\x3b\x6e\xcf\x2c\x0d\x03\x46\x45\xeb\xa0\xf4\x7f\x48\x44\xc6\x08\x40\xcc\xde\x1b\x70\xb5\x29\xad\xba\x8b\x3b\x34\x65\x75\x1b\x71\x21\x1d\x2c\x14\x0a\xb0\x96\x95\xb8\xd6\xea\xf2\x65\xfb\x29\xba\x4f\xea\x91\x93\x74\x69\xb6\xf2\xff\xe1\x1a\xd0\x0c\xd1\x76\x85\xcb\x8a\x25\xbd\x97\x5e\x2c\x6f\x15\x99\x26\xe7\xb6\x29\xff\x22\xec\xc9\x02\xc7\x56\x00\xcd\x49\xb9\xb3\x6c\x7b\x53\x04\x1a\xe2\xa8\xc9\xaa\x12\x05\x23\xc2\xce\xe7\xbb\x04\x02\xcc\xc0\x47\xa2\xe4\xc4\x29\x2f\x5b\x45\x57\x89\x51\xee\x3c\xeb\x52\x08\xff\x07\x35\x1e\x9f\x35\x6a\x47\x4a\x56\x98\xd1\x5a\x85\x1f\x8c\xf5\x22\xbf\xab\xce\x83\xf3\xe2\x22\x29\xae\x7d\x83\x40\xa8\xba\x6c", + ["GeoTrust Universal CA"] = "\x30\x82\x05\x68\x30\x82\x03\x50\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x1e\x30\x1c\x06\x03\x55\x04\x03\x13\x15\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x30\x1e\x17\x0d\x30\x34\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5a\x17\x0d\x32\x39\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5a\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x1e\x30\x1c\x06\x03\x55\x04\x03\x13\x15\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xa6\x15\x55\xa0\xa3\xc6\xe0\x1f\x8c\x9d\x21\x50\xd7\xc1\xbe\x2b\x5b\xb5\xa4\x9e\xa1\xd9\x72\x58\xbd\x00\x1b\x4c\xbf\x61\xc9\x14\x1d\x45\x82\xab\xc6\x1d\x80\xd6\x3d\xeb\x10\x9c\x3a\xaf\x6d\x24\xf8\xbc\x71\x01\x9e\x06\xf5\x7c\x5f\x1e\xc1\x0e\x55\xca\x83\x9a\x59\x30\xae\x19\xcb\x30\x48\x95\xed\x22\x37\x8d\xf4\x4a\x9a\x72\x66\x3e\xad\x95\xc0\xe0\x16\x00\xe0\x10\x1f\x2b\x31\x0e\xd7\x94\x54\xd3\x42\x33\xa0\x34\x1d\x1e\x45\x76\xdd\x4f\xca\x18\x37\xec\x85\x15\x7a\x19\x08\xfc\xd5\xc7\x9c\xf0\xf2\xa9\x2e\x10\xa9\x92\xe6\x3d\x58\x3d\xa9\x16\x68\x3c\x2f\x75\x21\x18\x7f\x28\x77\xa5\xe1\x61\x17\xb7\xa6\xe9\xf8\x1e\x99\xdb\x73\x6e\xf4\x0a\xa2\x21\x6c\xee\xda\xaa\x85\x92\x66\xaf\xf6\x7a\x6b\x82\xda\xba\x22\x08\x35\x0f\xcf\x42\xf1\x35\xfa\x6a\xee\x7e\x2b\x25\xcc\x3a\x11\xe4\x6d\xaf\x73\xb2\x76\x1d\xad\xd0\xb2\x78\x67\x1a\xa4\x39\x1c\x51\x0b\x67\x56\x83\xfd\x38\x5d\x0d\xce\xdd\xf0\xbb\x2b\x96\x1f\xde\x7b\x32\x52\xfd\x1d\xbb\xb5\x06\xa1\xb2\x21\x5e\xa5\xd6\x95\x68\x7f\xf0\x99\x9e\xdc\x45\x08\x3e\xe7\xd2\x09\x0d\x35\x94\xdd\x80\x4e\x53\x97\xd7\xb5\x09\x44\x20\x64\x16\x17\x03\x02\x4c\x53\x0d\x68\xde\xd5\xaa\x72\x4d\x93\x6d\x82\x0e\xdb\x9c\xbd\xcf\xb4\xf3\x5c\x5d\x54\x7a\x69\x09\x96\xd6\xdb\x11\xc1\x8d\x75\xa8\xb4\xcf\x39\xc8\xce\x3c\xbc\x24\x7c\xe6\x62\xca\xe1\xbd\x7d\xa7\xbd\x57\x65\x0b\xe4\xfe\x25\xed\xb6\x69\x10\xdc\x28\x1a\x46\xbd\x01\x1d\xd0\x97\xb5\xe1\x98\x3b\xc0\x37\x64\xd6\x3d\x94\xee\x0b\xe1\xf5\x28\xae\x0b\x56\xbf\x71\x8b\x23\x29\x41\x8e\x86\xc5\x4b\x52\x7b\xd8\x71\xab\x1f\x8a\x15\xa6\x3b\x83\x5a\xd7\x58\x01\x51\xc6\x4c\x41\xd9\x7f\xd8\x41\x67\x72\xa2\x28\xdf\x60\x83\xa9\x9e\xc8\x7b\xfc\x53\x73\x72\x59\xf5\x93\x7a\x17\x76\x0e\xce\xf7\xe5\x5c\xd9\x0b\x55\x34\xa2\xaa\x5b\xb5\x6a\x54\xe7\x13\xca\x57\xec\x97\x6d\xf4\x5e\x06\x2f\x45\x8b\x58\xd4\x23\x16\x92\xe4\x16\x6e\x28\x63\x59\x30\xdf\x50\x01\x9c\x63\x89\x1a\x9f\xdb\x17\x94\x82\x70\x37\xc3\x24\x9e\x9a\x47\xd6\x5a\xca\x4e\xa8\x69\x89\x72\x1f\x91\x6c\xdb\x7e\x9e\x1b\xad\xc7\x1f\x73\xdd\x2c\x4f\x19\x65\xfd\x7f\x93\x40\x10\x2e\xd2\xf0\xed\x3c\x9e\x2e\x28\x3e\x69\x26\x33\xc5\x7b\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xda\xbb\x2e\xaa\xb0\x0c\xb8\x88\x26\x51\x74\x5c\x6d\x03\xd3\xc0\xd8\x8f\x7a\xd6\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xda\xbb\x2e\xaa\xb0\x0c\xb8\x88\x26\x51\x74\x5c\x6d\x03\xd3\xc0\xd8\x8f\x7a\xd6\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x31\x78\xe6\xc7\xb5\xdf\xb8\x94\x40\xc9\x71\xc4\xa8\x35\xec\x46\x1d\xc2\x85\xf3\x28\x58\x86\xb0\x0b\xfc\x8e\xb2\x39\x8f\x44\x55\xab\x64\x84\x5c\x69\xa9\xd0\x9a\x38\x3c\xfa\xe5\x1f\x35\xe5\x44\xe3\x80\x79\x94\x68\xa4\xbb\xc4\x9f\x3d\xe1\x34\xcd\x30\x46\x8b\x54\x2b\x95\xa5\xef\xf7\x3f\x99\x84\xfd\x35\xe6\xcf\x31\xc6\xdc\x6a\xbf\xa7\xd7\x23\x08\xe1\x98\x5e\xc3\x5a\x08\x76\xa9\xa6\xaf\x77\x2f\xb7\x60\xbd\x44\x46\x6a\xef\x97\xff\x73\x95\xc1\x8e\xe8\x93\xfb\xfd\x31\xb7\xec\x57\x11\x11\x45\x9b\x30\xf1\x1a\x88\x39\xc1\x4f\x3c\xa7\x00\xd5\xc7\xfc\xab\x6d\x80\x22\x70\xa5\x0c\xe0\x5d\x04\x29\x02\xfb\xcb\xa0\x91\xd1\x7c\xd6\xc3\x7e\x50\xd5\x9d\x58\xbe\x41\x38\xeb\xb9\x75\x3c\x15\xd9\x9b\xc9\x4a\x83\x59\xc0\xda\x53\xfd\x33\xbb\x36\x18\x9b\x85\x0f\x15\xdd\xee\x2d\xac\x76\x93\xb9\xd9\x01\x8d\x48\x10\xa8\xfb\xf5\x38\x86\xf1\xdb\x0a\xc6\xbd\x84\xa3\x23\x41\xde\xd6\x77\x6f\x85\xd4\x85\x1c\x50\xe0\xae\x51\x8a\xba\x8d\x3e\x76\xe2\xb9\xca\x27\xf2\x5f\x9f\xef\x6e\x59\x0d\x06\xd8\x2b\x17\xa4\xd2\x7c\x6b\xbb\x5f\x14\x1a\x48\x8f\x1a\x4c\xe7\xb3\x47\x1c\x8e\x4c\x45\x2b\x20\xee\x48\xdf\xe7\xdd\x09\x8e\x18\xa8\xda\x40\x8d\x92\x26\x11\x53\x61\x73\x5d\xeb\xbd\xe7\xc4\x4d\x29\x37\x61\xeb\xac\x39\x2d\x67\x2e\x16\xd6\xf5\x00\x83\x85\xa1\xcc\x7f\x76\xc4\x7d\xe4\xb7\x4b\x66\xef\x03\x45\x60\x69\xb6\x0c\x52\x96\x92\x84\x5e\xa6\xa3\xb5\xa4\x3e\x2b\xd9\xcc\xd8\x1b\x47\xaa\xf2\x44\xda\x4f\xf9\x03\xe8\xf0\x14\xcb\x3f\xf3\x83\xde\xd0\xc1\x54\xe3\xb7\xe8\x0a\x37\x4d\x8b\x20\x59\x03\x30\x19\xa1\x2c\xc8\xbd\x11\x1f\xdf\xae\xc9\x4a\xc5\xf3\x27\x66\x66\x86\xac\x68\x91\xff\xd9\xe6\x53\x1c\x0f\x8b\x5c\x69\x65\x0a\x26\xc8\x1e\x34\xc3\x5d\x51\x7b\xd7\xa9\x9c\x06\xa1\x36\xdd\xd5\x89\x94\xbc\xd9\xe4\x2d\x0c\x5e\x09\x6c\x08\x97\x7c\xa3\x3d\x7c\x93\xff\x3f\xa1\x14\xa7\xcf\xb5\x5d\xeb\xdb\xdb\x1c\xc4\x76\xdf\x88\xb9\xbd\x45\x05\x95\x1b\xae\xfc\x46\x6a\x4c\xaf\x48\xe3\xce\xae\x0f\xd2\x7e\xeb\xe6\x6c\x9c\x4f\x81\x6a\x7a\x64\xac\xbb\x3e\xd5\xe7\xcb\x76\x2e\xc5\xa7\x48\xc1\x5c\x90\x0f\xcb\xc8\x3f\xfa\xe6\x32\xe1\x8d\x1b\x6f\xa4\xe6\x8e\xd8\xf9\x29\x48\x8a\xce\x73\xfe\x2c", + ["GeoTrust Universal CA 2"] = "\x30\x82\x05\x6c\x30\x82\x03\x54\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x47\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x20\x32\x30\x1e\x17\x0d\x30\x34\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5a\x17\x0d\x32\x39\x30\x33\x30\x34\x30\x35\x30\x30\x30\x30\x5a\x30\x47\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x20\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xb3\x54\x52\xc1\xc9\x3e\xf2\xd9\xdc\xb1\x53\x1a\x59\x29\xe7\xb1\xc3\x45\x28\xe5\xd7\xd1\xed\xc5\xc5\x4b\xa1\xaa\x74\x7b\x57\xaf\x4a\x26\xfc\xd8\xf5\x5e\xa7\x6e\x19\xdb\x74\x0c\x4f\x35\x5b\x32\x0b\x01\xe3\xdb\xeb\x7a\x77\x35\xea\xaa\x5a\xe0\xd6\xe8\xa1\x57\x94\xf0\x90\xa3\x74\x56\x94\x44\x30\x03\x1e\x5c\x4e\x2b\x85\x26\x74\x82\x7a\x0c\x76\xa0\x6f\x4d\xce\x41\x2d\xa0\x15\x06\x14\x5f\xb7\x42\xcd\x7b\x8f\x58\x61\x34\xdc\x2a\x08\xf9\x2e\xc3\x01\xa6\x22\x44\x1c\x4c\x07\x82\xe6\x5b\xce\xd0\x4a\x7c\x04\xd3\x19\x73\x27\xf0\xaa\x98\x7f\x2e\xaf\x4e\xeb\x87\x1e\x24\x77\x6a\x5d\xb6\xe8\x5b\x45\xba\xdc\xc3\xa1\x05\x6f\x56\x8e\x8f\x10\x26\xa5\x49\xc3\x2e\xd7\x41\x87\x22\xe0\x4f\x86\xca\x60\xb5\xea\xa1\x63\xc0\x01\x97\x10\x79\xbd\x00\x3c\x12\x6d\x2b\x15\xb1\xac\x4b\xb1\xee\x18\xb9\x4e\x96\xdc\xdc\x76\xff\x3b\xbe\xcf\x5f\x03\xc0\xfc\x3b\xe8\xbe\x46\x1b\xff\xda\x40\xc2\x52\xf7\xfe\xe3\x3a\xf7\x6a\x77\x35\xd0\xda\x8d\xeb\x5e\x18\x6a\x31\xc7\x1e\xba\x3c\x1b\x28\xd6\x6b\x54\xc6\xaa\x5b\xd7\xa2\x2c\x1b\x19\xcc\xa2\x02\xf6\x9b\x59\xbd\x37\x6b\x86\xb5\x6d\x82\xba\xd8\xea\xc9\x56\xbc\xa9\x36\x58\xfd\x3e\x19\xf3\xed\x0c\x26\xa9\x93\x38\xf8\x4f\xc1\x5d\x22\x06\xd0\x97\xea\xe1\xad\xc6\x55\xe0\x81\x2b\x28\x83\x3a\xfa\xf4\x7b\x21\x51\x00\xbe\x52\x38\xce\xcd\x66\x79\xa8\xf4\x81\x56\xe2\xd0\x83\x09\x47\x51\x5b\x50\x6a\xcf\xdb\x48\x1a\x5d\x3e\xf7\xcb\xf6\x65\xf7\x6c\xf1\x95\xf8\x02\x3b\x32\x56\x82\x39\x7a\x5b\xbd\x2f\x89\x1b\xbf\xa1\xb4\xe8\xff\x7f\x8d\x8c\xdf\x03\xf1\x60\x4e\x58\x11\x4c\xeb\xa3\x3f\x10\x2b\x83\x9a\x01\x73\xd9\x94\x6d\x84\x00\x27\x66\xac\xf0\x70\x40\x09\x42\x92\xad\x4f\x93\x0d\x61\x09\x51\x24\xd8\x92\xd5\x0b\x94\x61\xb2\x87\xb2\xed\xff\x9a\x35\xff\x85\x54\xca\xed\x44\x43\xac\x1b\x3c\x16\x6b\x48\x4a\x0a\x1c\x40\x88\x1f\x92\xc2\x0b\x00\x05\xff\xf2\xc8\x02\x4a\xa4\xaa\xa9\xcc\x99\x96\x9c\x2f\x58\xe0\x7d\xe1\xbe\xbb\x07\xdc\x5f\x04\x72\x5c\x31\x34\xc3\xec\x5f\x2d\xe0\x3d\x64\x90\x22\xe6\xd1\xec\xb8\x2e\xdd\x59\xae\xd9\xa1\x37\xbf\x54\x35\xdc\x73\x32\x4f\x8c\x04\x1e\x33\xb2\xc9\x46\xf1\xd8\x5c\xc8\x55\x50\xc9\x68\xbd\xa8\xba\x36\x09\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x76\xf3\x55\xe1\xfa\xa4\x36\xfb\xf0\x9f\x5c\x62\x71\xed\x3c\xf4\x47\x38\x10\x2b\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x76\xf3\x55\xe1\xfa\xa4\x36\xfb\xf0\x9f\x5c\x62\x71\xed\x3c\xf4\x47\x38\x10\x2b\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x66\xc1\xc6\x23\xf3\xd9\xe0\x2e\x6e\x5f\xe8\xcf\xae\xb0\xb0\x25\x4d\x2b\xf8\x3b\x58\x9b\x40\x24\x37\x5a\xcb\xab\x16\x49\xff\xb3\x75\x79\x33\xa1\x2f\x6d\x70\x17\x34\x91\xfe\x67\x7e\x8f\xec\x9b\xe5\x5e\x82\xa9\x55\x1f\x2f\xdc\xd4\x51\x07\x12\xfe\xac\x16\x3e\x2c\x35\xc6\x63\xfc\xdc\x10\xeb\x0d\xa3\xaa\xd0\x7c\xcc\xd1\xd0\x2f\x51\x2e\xc4\x14\x5a\xde\xe8\x19\xe1\x3e\xc6\xcc\xa4\x29\xe7\x2e\x84\xaa\x06\x30\x78\x76\x54\x73\x28\x98\x59\x38\xe0\x00\x0d\x62\xd3\x42\x7d\x21\x9f\xae\x3d\x3a\x8c\xd5\xfa\x77\x0d\x18\x2b\x16\x0e\x5f\x36\xe1\xfc\x2a\xb5\x30\x24\xcf\xe0\x63\x0c\x7b\x58\x1a\xfe\x99\xba\x42\x12\xb1\x91\xf4\x7c\x68\xe2\xc8\xe8\xaf\x2c\xea\xc9\x7e\xae\xbb\x2a\x3d\x0d\x15\xdc\x34\x95\xb6\x18\x74\xa8\x6a\x0f\xc7\xb4\xf4\x13\xc4\xe4\x5b\xed\x0a\xd2\xa4\x97\x4c\x2a\xed\x2f\x6c\x12\x89\x3d\xf1\x27\x70\xaa\x6a\x03\x52\x21\x9f\x40\xa8\x67\x50\xf2\xf3\x5a\x1f\xdf\xdf\x23\xf6\xdc\x78\x4e\xe6\x98\x4f\x55\x3a\x53\xe3\xef\xf2\xf4\x9f\xc7\x7c\xd8\x58\xaf\x29\x22\x97\xb8\xe0\xbd\x91\x2e\xb0\x76\xec\x57\x11\xcf\xef\x29\x44\xf3\xe9\x85\x7a\x60\x63\xe4\x5d\x33\x89\x17\xd9\x31\xaa\xda\xd6\xf3\x18\x35\x72\xcf\x87\x2b\x2f\x63\x23\x84\x5d\x84\x8c\x3f\x57\xa0\x88\xfc\x99\x91\x28\x26\x69\x99\xd4\x8f\x97\x44\xbe\x8e\xd5\x48\xb1\xa4\x28\x29\xf1\x15\xb4\xe1\xe5\x9e\xdd\xf8\x8f\xa6\x6f\x26\xd7\x09\x3c\x3a\x1c\x11\x0e\xa6\x6c\x37\xf7\xad\x44\x87\x2c\x28\xc7\xd8\x74\x82\xb3\xd0\x6f\x4a\x57\xbb\x35\x29\x27\xa0\x8b\xe8\x21\xa7\x87\x64\x36\x5d\xcc\xd8\x16\xac\xc7\xb2\x27\x40\x92\x55\x38\x28\x8d\x51\x6e\xdd\x14\x67\x53\x6c\x71\x5c\x26\x84\x4d\x75\x5a\xb6\x7e\x60\x56\xa9\x4d\xad\xfb\x9b\x1e\x97\xf3\x0d\xd9\xd2\x97\x54\x77\xda\x3d\x12\xb7\xe0\x1e\xef\x08\x06\xac\xf9\x85\x87\xe9\xa2\xdc\xaf\x7e\x18\x12\x83\xfd\x56\x17\x41\x2e\xd5\x29\x82\x7d\x99\xf4\x31\xf6\x71\xa9\xcf\x2c\x01\x27\xa5\x05\xb9\xaa\xb2\x48\x4e\x2a\xef\x9f\x93\x52\x51\x95\x3c\x52\x73\x8e\x56\x4c\x17\x40\xc0\x09\x28\xe4\x8b\x6a\x48\x53\xdb\xec\xcd\x55\x55\xf1\xc6\xf8\xe9\xa2\x2c\x4c\xa6\xd1\x26\x5f\x7e\xaf\x5a\x4c\xda\x1f\xa6\xf2\x1c\x2c\x7e\xae\x02\x16\xd2\x56\xd0\x2f\x57\x53\x47\xe8\x92", + ["America Online Root Certification Authority 1"] = "\x30\x82\x03\xa4\x30\x82\x02\x8c\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x31\x30\x1e\x17\x0d\x30\x32\x30\x35\x32\x38\x30\x36\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x31\x31\x31\x39\x32\x30\x34\x33\x30\x30\x5a\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa8\x2f\xe8\xa4\x69\x06\x03\x47\xc3\xe9\x2a\x98\xff\x19\xa2\x70\x9a\xc6\x50\xb2\x7e\xa5\xdf\x68\x4d\x1b\x7c\x0f\xb6\x97\x68\x7d\x2d\xa6\x8b\x97\xe9\x64\x86\xc9\xa3\xef\xa0\x86\xbf\x60\x65\x9c\x4b\x54\x88\xc2\x48\xc5\x4a\x39\xbf\x14\xe3\x59\x55\xe5\x19\xb4\x74\xc8\xb4\x05\x39\x5c\x16\xa5\xe2\x95\x05\xe0\x12\xae\x59\x8b\xa2\x33\x68\x58\x1c\xa6\xd4\x15\xb7\xd8\x9f\xd7\xdc\x71\xab\x7e\x9a\xbf\x9b\x8e\x33\x0f\x22\xfd\x1f\x2e\xe7\x07\x36\xef\x62\x39\xc5\xdd\xcb\xba\x25\x14\x23\xde\x0c\xc6\x3d\x3c\xce\x82\x08\xe6\x66\x3e\xda\x51\x3b\x16\x3a\xa3\x05\x7f\xa0\xdc\x87\xd5\x9c\xfc\x72\xa9\xa0\x7d\x78\xe4\xb7\x31\x55\x1e\x65\xbb\xd4\x61\xb0\x21\x60\xed\x10\x32\x72\xc5\x92\x25\x1e\xf8\x90\x4a\x18\x78\x47\xdf\x7e\x30\x37\x3e\x50\x1b\xdb\x1c\xd3\x6b\x9a\x86\x53\x07\xb0\xef\xac\x06\x78\xf8\x84\x99\xfe\x21\x8d\x4c\x80\xb6\x0c\x82\xf6\x66\x70\x79\x1a\xd3\x4f\xa3\xcf\xf1\xcf\x46\xb0\x4b\x0f\x3e\xdd\x88\x62\xb8\x8c\xa9\x09\x28\x3b\x7a\xc7\x97\xe1\x1e\xe5\xf4\x9f\xc0\xc0\xae\x24\xa0\xc8\xa1\xd9\x0f\xd6\x7b\x26\x82\x69\x32\x3d\xa7\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x00\xad\xd9\xa3\xf6\x79\xf6\x6e\x74\xa9\x7f\x33\x3d\x81\x17\xd7\x4c\xcf\x33\xde\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x00\xad\xd9\xa3\xf6\x79\xf6\x6e\x74\xa9\x7f\x33\x3d\x81\x17\xd7\x4c\xcf\x33\xde\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7c\x8a\xd1\x1f\x18\x37\x82\xe0\xb8\xb0\xa3\xed\x56\x95\xc8\x62\x61\x9c\x05\xa2\xcd\xc2\x62\x26\x61\xcd\x10\x16\xd7\xcc\xb4\x65\x34\xd0\x11\x8a\xad\xa8\xa9\x05\x66\xef\x74\xf3\x6d\x5f\x9d\x99\xaf\xf6\x8b\xfb\xeb\x52\xb2\x05\x98\xa2\x6f\x2a\xc5\x54\xbd\x25\xbd\x5f\xae\xc8\x86\xea\x46\x2c\xc1\xb3\xbd\xc1\xe9\x49\x70\x18\x16\x97\x08\x13\x8c\x20\xe0\x1b\x2e\x3a\x47\xcb\x1e\xe4\x00\x30\x95\x5b\xf4\x45\xa3\xc0\x1a\xb0\x01\x4e\xab\xbd\xc0\x23\x6e\x63\x3f\x80\x4a\xc5\x07\xed\xdc\xe2\x6f\xc7\xc1\x62\xf1\xe3\x72\xd6\x04\xc8\x74\x67\x0b\xfa\x88\xab\xa1\x01\xc8\x6f\xf0\x14\xaf\xd2\x99\xcd\x51\x93\x7e\xed\x2e\x38\xc7\xbd\xce\x46\x50\x3d\x72\xe3\x79\x25\x9d\x9b\x88\x2b\x10\x20\xdd\xa5\xb8\x32\x9f\x8d\xe0\x29\xdf\x21\x74\x86\x82\xdb\x2f\x82\x30\xc6\xc7\x35\x86\xb3\xf9\x96\x5f\x46\xdb\x0c\x45\xfd\xf3\x50\xc3\x6f\xc6\xc3\x48\xad\x46\xa6\xe1\x27\x47\x0a\x1d\x0e\x9b\xb6\xc2\x77\x7f\x63\xf2\xe0\x7d\x1a\xbe\xfc\xe0\xdf\xd7\xc7\xa7\x6c\xb0\xf9\xae\xba\x3c\xfd\x74\xb4\x11\xe8\x58\x0d\x80\xbc\xd3\xa8\x80\x3a\x99\xed\x75\xcc\x46\x7b", + ["America Online Root Certification Authority 2"] = "\x30\x82\x05\xa4\x30\x82\x03\x8c\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x32\x30\x1e\x17\x0d\x30\x32\x30\x35\x32\x38\x30\x36\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x30\x39\x32\x39\x31\x34\x30\x38\x30\x30\x5a\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x49\x6e\x63\x2e\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x41\x6d\x65\x72\x69\x63\x61\x20\x4f\x6e\x6c\x69\x6e\x65\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xcc\x41\x45\x1d\xe9\x3d\x4d\x10\xf6\x8c\xb1\x41\xc9\xe0\x5e\xcb\x0d\xb7\xbf\x47\x73\xd3\xf0\x55\x4d\xdd\xc6\x0c\xfa\xb1\x66\x05\x6a\xcd\x78\xb4\xdc\x02\xdb\x4e\x81\xf3\xd7\xa7\x7c\x71\xbc\x75\x63\xa0\x5d\xe3\x07\x0c\x48\xec\x25\xc4\x03\x20\xf4\xff\x0e\x3b\x12\xff\x9b\x8d\xe1\xc6\xd5\x1b\xb4\x6d\x22\xe3\xb1\xdb\x7f\x21\x64\xaf\x86\xbc\x57\x22\x2a\xd6\x47\x81\x57\x44\x82\x56\x53\xbd\x86\x14\x01\x0b\xfc\x7f\x74\xa4\x5a\xae\xf1\xba\x11\xb5\x9b\x58\x5a\x80\xb4\x37\x78\x09\x33\x7c\x32\x47\x03\x5c\xc4\xa5\x83\x48\xf4\x57\x56\x6e\x81\x36\x27\x18\x4f\xec\x9b\x28\xc2\xd4\xb4\xd7\x7c\x0c\x3e\x0c\x2b\xdf\xca\x04\xd7\xc6\x8e\xea\x58\x4e\xa8\xa4\xa5\x18\x1c\x6c\x45\x98\xa3\x41\xd1\x2d\xd2\xc7\x6d\x8d\x19\xf1\xad\x79\xb7\x81\x3f\xbd\x06\x82\x27\x2d\x10\x58\x05\xb5\x78\x05\xb9\x2f\xdb\x0c\x6b\x90\x90\x7e\x14\x59\x38\xbb\x94\x24\x13\xe5\xd1\x9d\x14\xdf\xd3\x82\x4d\x46\xf0\x80\x39\x52\x32\x0f\xe3\x84\xb2\x7a\x43\xf2\x5e\xde\x5f\x3f\x1d\xdd\xe3\xb2\x1b\xa0\xa1\x2a\x23\x03\x6e\x2e\x01\x15\x87\x5c\xa6\x75\x75\xc7\x97\x61\xbe\xde\x86\xdc\xd4\x48\xdb\xbd\x2a\xbf\x4a\x55\xda\xe8\x7d\x50\xfb\xb4\x80\x17\xb8\x94\xbf\x01\x3d\xea\xda\xba\x7c\xe0\x58\x67\x17\xb9\x58\xe0\x88\x86\x46\x67\x6c\x9d\x10\x47\x58\x32\xd0\x35\x7c\x79\x2a\x90\xa2\x5a\x10\x11\x23\x35\xad\x2f\xcc\xe4\x4a\x5b\xa7\xc8\x27\xf2\x83\xde\x5e\xbb\x5e\x77\xe7\xe8\xa5\x6e\x63\xc2\x0d\x5d\x61\xd0\x8c\xd2\x6c\x5a\x21\x0e\xca\x28\xa3\xce\x2a\xe9\x95\xc7\x48\xcf\x96\x6f\x1d\x92\x25\xc8\xc6\xc6\xc1\xc1\x0c\x05\xac\x26\xc4\xd2\x75\xd2\xe1\x2a\x67\xc0\x3d\x5b\xa5\x9a\xeb\xcf\x7b\x1a\xa8\x9d\x14\x45\xe5\x0f\xa0\x9a\x65\xde\x2f\x28\xbd\xce\x6f\x94\x66\x83\x48\x29\xd8\xea\x65\x8c\xaf\x93\xd9\x64\x9f\x55\x57\x26\xbf\x6f\xcb\x37\x31\x99\xa3\x60\xbb\x1c\xad\x89\x34\x32\x62\xb8\x43\x21\x06\x72\x0c\xa1\x5c\x6d\x46\xc5\xfa\x29\xcf\x30\xde\x89\xdc\x71\x5b\xdd\xb6\x37\x3e\xdf\x50\xf5\xb8\x07\x25\x26\xe5\xbc\xb5\xfe\x3c\x02\xb3\xb7\xf8\xbe\x43\xc1\x87\x11\x94\x9e\x23\x6c\x17\x8a\xb8\x8a\x27\x0c\x54\x47\xf0\xa9\xb3\xc0\x80\x8c\xa0\x27\xeb\x1d\x19\xe3\x07\x8e\x77\x70\xca\x2b\xf4\x7d\x76\xe0\x78\x67\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x4d\x45\xc1\x68\x38\xbb\x73\xa9\x69\xa1\x20\xe7\xed\xf5\x22\xa1\x23\x14\xd7\x9e\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x4d\x45\xc1\x68\x38\xbb\x73\xa9\x69\xa1\x20\xe7\xed\xf5\x22\xa1\x23\x14\xd7\x9e\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x67\x6b\x06\xb9\x5f\x45\x3b\x2a\x4b\x33\xb3\xe6\x1b\x6b\x59\x4e\x22\xcc\xb9\xb7\xa4\x25\xc9\xa7\xc4\xf0\x54\x96\x0b\x64\xf3\xb1\x58\x4f\x5e\x51\xfc\xb2\x97\x7b\x27\x65\xc2\xe5\xca\xe7\x0d\x0c\x25\x7b\x62\xe3\xfa\x9f\xb4\x87\xb7\x45\x46\xaf\x83\xa5\x97\x48\x8c\xa5\xbd\xf1\x16\x2b\x9b\x76\x2c\x7a\x35\x60\x6c\x11\x80\x97\xcc\xa9\x92\x52\xe6\x2b\xe6\x69\xed\xa9\xf8\x36\x2d\x2c\x77\xbf\x61\x48\xd1\x63\x0b\xb9\x5b\x52\xed\x18\xb0\x43\x42\x22\xa6\xb1\x77\xae\xde\x69\xc5\xcd\xc7\x1c\xa1\xb1\xa5\x1c\x10\xfb\x18\xbe\x1a\x70\xdd\xc1\x92\x4b\xbe\x29\x5a\x9d\x3f\x35\xbe\xe5\x7d\x51\xf8\x55\xe0\x25\x75\x23\x87\x1e\x5c\xdc\xba\x9d\xb0\xac\xb3\x69\xdb\x17\x83\xc9\xf7\xde\x0c\xbc\x08\xdc\x91\x9e\xa8\xd0\xd7\x15\x37\x73\xa5\x35\xb8\xfc\x7e\xc5\x44\x40\x06\xc3\xeb\xf8\x22\x80\x5c\x47\xce\x02\xe3\x11\x9f\x44\xff\xfd\x9a\x32\xcc\x7d\x64\x51\x0e\xeb\x57\x26\x76\x3a\xe3\x1e\x22\x3c\xc2\xa6\x36\xdd\x19\xef\xa7\xfc\x12\xf3\x26\xc0\x59\x31\x85\x4c\x9c\xd8\xcf\xdf\xa4\xcc\xcc\x29\x93\xff\x94\x6d\x76\x5c\x13\x08\x97\xf2\xed\xa5\x0b\x4d\xdd\xe8\xc9\x68\x0e\x66\xd3\x00\x0e\x33\x12\x5b\xbc\x95\xe5\x32\x90\xa8\xb3\xc6\x6c\x83\xad\x77\xee\x8b\x7e\x7e\xb1\xa9\xab\xd3\xe1\xf1\xb6\xc0\xb1\xea\x88\xc0\xe7\xd3\x90\xe9\x28\x92\x94\x7b\x68\x7b\x97\x2a\x0a\x67\x2d\x85\x02\x38\x10\xe4\x03\x61\xd4\xda\x25\x36\xc7\x08\x58\x2d\xa1\xa7\x51\xaf\x30\x0a\x49\xf5\xa6\x69\x87\x07\x2d\x44\x46\x76\x8e\x2a\xe5\x9a\x3b\xd7\x18\xa2\xfc\x9c\x38\x10\xcc\xc6\x3b\xd2\xb5\x17\x3a\x6f\xfd\xae\x25\xbd\xf5\x72\x59\x64\xb1\x74\x2a\x38\x5f\x18\x4c\xdf\xcf\x71\x04\x5a\x36\xd4\xbf\x2f\x99\x9c\xe8\xd9\xba\xb1\x95\xe6\x02\x4b\x21\xa1\x5b\xd5\xc1\x4f\x8f\xae\x69\x6d\x53\xdb\x01\x93\xb5\x5c\x1e\x18\xdd\x64\x5a\xca\x18\x28\x3e\x63\x04\x11\xfd\x1c\x8d\x00\x0f\xb8\x37\xdf\x67\x8a\x9d\x66\xa9\x02\x6a\x91\xff\x13\xca\x2f\x5d\x83\xbc\x87\x93\x6c\xdc\x24\x51\x16\x04\x25\x66\xfa\xb3\xd9\xc2\xba\x29\xbe\x9a\x48\x38\x82\x99\xf4\xbf\x3b\x4a\x31\x19\xf9\xbf\x8e\x21\x33\x14\xca\x4f\x54\x5f\xfb\xce\xfb\x8f\x71\x7f\xfd\x5e\x19\xa0\x0f\x4b\x91\xb8\xc4\x54\xbc\x06\xb0\x45\x8f\x26\x91\xa2\x8e\xfe\xa9", + ["Visa eCommerce Root"] = "\x30\x82\x03\xa2\x30\x82\x02\x8a\xa0\x03\x02\x01\x02\x02\x10\x13\x86\x35\x4d\x1d\x3f\x06\xf2\xc1\xf9\x65\x05\xd5\x90\x1c\x62\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x6b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0d\x30\x0b\x06\x03\x55\x04\x0a\x13\x04\x56\x49\x53\x41\x31\x2f\x30\x2d\x06\x03\x55\x04\x0b\x13\x26\x56\x69\x73\x61\x20\x49\x6e\x74\x65\x72\x6e\x61\x74\x69\x6f\x6e\x61\x6c\x20\x53\x65\x72\x76\x69\x63\x65\x20\x41\x73\x73\x6f\x63\x69\x61\x74\x69\x6f\x6e\x31\x1c\x30\x1a\x06\x03\x55\x04\x03\x13\x13\x56\x69\x73\x61\x20\x65\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x32\x30\x36\x32\x36\x30\x32\x31\x38\x33\x36\x5a\x17\x0d\x32\x32\x30\x36\x32\x34\x30\x30\x31\x36\x31\x32\x5a\x30\x6b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0d\x30\x0b\x06\x03\x55\x04\x0a\x13\x04\x56\x49\x53\x41\x31\x2f\x30\x2d\x06\x03\x55\x04\x0b\x13\x26\x56\x69\x73\x61\x20\x49\x6e\x74\x65\x72\x6e\x61\x74\x69\x6f\x6e\x61\x6c\x20\x53\x65\x72\x76\x69\x63\x65\x20\x41\x73\x73\x6f\x63\x69\x61\x74\x69\x6f\x6e\x31\x1c\x30\x1a\x06\x03\x55\x04\x03\x13\x13\x56\x69\x73\x61\x20\x65\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xaf\x57\xde\x56\x1e\x6e\xa1\xda\x60\xb1\x94\x27\xcb\x17\xdb\x07\x3f\x80\x85\x4f\xc8\x9c\xb6\xd0\xf4\x6f\x4f\xcf\x99\xd8\xe1\xdb\xc2\x48\x5c\x3a\xac\x39\x33\xc7\x1f\x6a\x8b\x26\x3d\x2b\x35\xf5\x48\xb1\x91\xc1\x02\x4e\x04\x96\x91\x7b\xb0\x33\xf0\xb1\x14\x4e\x11\x6f\xb5\x40\xaf\x1b\x45\xa5\x4a\xef\x7e\xb6\xac\xf2\xa0\x1f\x58\x3f\x12\x46\x60\x3c\x8d\xa1\xe0\x7d\xcf\x57\x3e\x33\x1e\xfb\x47\xf1\xaa\x15\x97\x07\x55\x66\xa5\xb5\x2d\x2e\xd8\x80\x59\xb2\xa7\x0d\xb7\x46\xec\x21\x63\xff\x35\xab\xa5\x02\xcf\x2a\xf4\x4c\xfe\x7b\xf5\x94\x5d\x84\x4d\xa8\xf2\x60\x8f\xdb\x0e\x25\x3c\x9f\x73\x71\xcf\x94\xdf\x4a\xea\xdb\xdf\x72\x38\x8c\xf3\x96\xbd\xf1\x17\xbc\xd2\xba\x3b\x45\x5a\xc6\xa7\xf6\xc6\x17\x8b\x01\x9d\xfc\x19\xa8\x2a\x83\x16\xb8\x3a\x48\xfe\x4e\x3e\xa0\xab\x06\x19\xe9\x53\xf3\x80\x13\x07\xed\x2d\xbf\x3f\x0a\x3c\x55\x20\x39\x2c\x2c\x00\x69\x74\x95\x4a\xbc\x20\xb2\xa9\x79\xe5\x18\x89\x91\xa8\xdc\x1c\x4d\xef\xbb\x7e\x37\x0b\x5d\xfe\x39\xa5\x88\x52\x8c\x00\x6c\xec\x18\x7c\x41\xbd\xf6\x8b\x75\x77\xba\x60\x9d\x84\xe7\xfe\x2d\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x15\x38\x83\x0f\x3f\x2c\x3f\x70\x33\x1e\xcd\x46\xfe\x07\x8c\x20\xe0\xd7\xc3\xb7\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5f\xf1\x41\x7d\x7c\x5c\x08\xb9\x2b\xe0\xd5\x92\x47\xfa\x67\x5c\xa5\x13\xc3\x03\x21\x9b\x2b\x4c\x89\x46\xcf\x59\x4d\xc9\xfe\xa5\x40\xb6\x63\xcd\xdd\x71\x28\x95\x67\x11\xcc\x24\xac\xd3\x44\x6c\x71\xae\x01\x20\x6b\x03\xa2\x8f\x18\xb7\x29\x3a\x7d\xe5\x16\x60\x53\x78\x3c\xc0\xaf\x15\x83\xf7\x8f\x52\x33\x24\xbd\x64\x93\x97\xee\x8b\xf7\xdb\x18\xa8\x6d\x71\xb3\xf7\x2c\x17\xd0\x74\x25\x69\xf7\xfe\x6b\x3c\x94\xbe\x4d\x4b\x41\x8c\x4e\xe2\x73\xd0\xe3\x90\x22\x73\x43\xcd\xf3\xef\xea\x73\xce\x45\x8a\xb0\xa6\x49\xff\x4c\x7d\x9d\x71\x88\xc4\x76\x1d\x90\x5b\x1d\xee\xfd\xcc\xf7\xee\xfd\x60\xa5\xb1\x7a\x16\x71\xd1\x16\xd0\x7c\x12\x3c\x6c\x69\x97\xdb\xae\x5f\x39\x9a\x70\x2f\x05\x3c\x19\x46\x04\x99\x20\x36\xd0\x60\x6e\x61\x06\xbb\x16\x42\x8c\x70\xf7\x30\xfb\xe0\xdb\x66\xa3\x00\x01\xbd\xe6\x2c\xda\x91\x5f\xa0\x46\x8b\x4d\x6a\x9c\x3d\x3d\xdd\x05\x46\xfe\x76\xbf\xa0\x0a\x3c\xe4\x00\xe6\x27\xb7\xff\x84\x2d\xde\xba\x22\x27\x96\x10\x71\xeb\x22\xed\xdf\xdf\x33\x9c\xcf\xe3\xad\xae\x8e\xd4\x8e\xe6\x4f\x51\xaf\x16\x92\xe0\x5c\xf6\x07\x0f", + ["TC TrustCenter, Germany, Class 2 CA"] = "\x30\x82\x03\x5c\x30\x82\x02\xc5\xa0\x03\x02\x01\x02\x02\x02\x03\xea\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\xbc\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0e\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x3a\x30\x38\x06\x03\x55\x04\x0a\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x66\x6f\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6e\x20\x44\x61\x74\x61\x20\x4e\x65\x74\x77\x6f\x72\x6b\x73\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x1a\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x30\x1e\x17\x0d\x39\x38\x30\x33\x30\x39\x31\x31\x35\x39\x35\x39\x5a\x17\x0d\x31\x31\x30\x31\x30\x31\x31\x31\x35\x39\x35\x39\x5a\x30\x81\xbc\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0e\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x3a\x30\x38\x06\x03\x55\x04\x0a\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x66\x6f\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6e\x20\x44\x61\x74\x61\x20\x4e\x65\x74\x77\x6f\x72\x6b\x73\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x1a\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xda\x38\xe8\xed\x32\x00\x29\x71\x83\x01\x0d\xbf\x8c\x01\xdc\xda\xc6\xad\x39\xa4\xa9\x8a\x2f\xd5\x8b\x5c\x68\x5f\x50\xc6\x62\xf5\x66\xbd\xca\x91\x22\xec\xaa\x1d\x51\xd7\x3d\xb3\x51\xb2\x83\x4e\x5d\xcb\x49\xb0\xf0\x4c\x55\xe5\x6b\x2d\xc7\x85\x0b\x30\x1c\x92\x4e\x82\xd4\xca\x02\xed\xf7\x6f\xbe\xdc\xe0\xe3\x14\xb8\x05\x53\xf2\x9a\xf4\x56\x8b\x5a\x9e\x85\x93\xd1\xb4\x82\x56\xae\x4d\xbb\xa8\x4b\x57\x16\xbc\xfe\xf8\x58\x9e\xf8\x29\x8d\xb0\x7b\xcd\x78\xc9\x4f\xac\x8b\x67\x0c\xf1\x9c\xfb\xfc\x57\x9b\x57\x5c\x4f\x0d\x02\x03\x01\x00\x01\xa3\x6b\x30\x69\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x33\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x08\x04\x26\x16\x24\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x2f\x67\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x84\x52\xfb\x28\xdf\xff\x1f\x75\x01\xbc\x01\xbe\x04\x56\x97\x6a\x74\x42\x24\x31\x83\xf9\x46\xb1\x06\x8a\x89\xcf\x96\x2c\x33\xbf\x8c\xb5\x5f\x7a\x72\xa1\x85\x06\xce\x86\xf8\x05\x8e\xe8\xf9\x25\xca\xda\x83\x8c\x06\xac\xeb\x36\x6d\x85\x91\x34\x04\x36\xf4\x42\xf0\xf8\x79\x2e\x0a\x48\x5c\xab\xcc\x51\x4f\x78\x76\xa0\xd9\xac\x19\xbd\x2a\xd1\x69\x04\x28\x91\xca\x36\x10\x27\x80\x57\x5b\xd2\x5c\xf5\xc2\x5b\xab\x64\x81\x63\x74\x51\xf4\x97\xbf\xcd\x12\x28\xf7\x4d\x66\x7f\xa7\xf0\x1c\x01\x26\x78\xb2\x66\x47\x70\x51\x64", + ["TC TrustCenter, Germany, Class 3 CA"] = "\x30\x82\x03\x5c\x30\x82\x02\xc5\xa0\x03\x02\x01\x02\x02\x02\x03\xeb\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\xbc\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0e\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x3a\x30\x38\x06\x03\x55\x04\x0a\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x66\x6f\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6e\x20\x44\x61\x74\x61\x20\x4e\x65\x74\x77\x6f\x72\x6b\x73\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x1a\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x30\x1e\x17\x0d\x39\x38\x30\x33\x30\x39\x31\x31\x35\x39\x35\x39\x5a\x17\x0d\x31\x31\x30\x31\x30\x31\x31\x31\x35\x39\x35\x39\x5a\x30\x81\xbc\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x10\x30\x0e\x06\x03\x55\x04\x08\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x48\x61\x6d\x62\x75\x72\x67\x31\x3a\x30\x38\x06\x03\x55\x04\x0a\x13\x31\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x66\x6f\x72\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x69\x6e\x20\x44\x61\x74\x61\x20\x4e\x65\x74\x77\x6f\x72\x6b\x73\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x31\x29\x30\x27\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x1a\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x40\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xb6\xb4\xc1\x35\x05\x2e\x0d\x8d\xec\xa0\x40\x6a\x1c\x0e\x27\xa6\x50\x92\x6b\x50\x1b\x07\xde\x2e\xe7\x76\xcc\xe0\xda\xfc\x84\xa8\x5e\x8c\x63\x6a\x2b\x4d\xd9\x4e\x02\x76\x11\xc1\x0b\xf2\x8d\x79\xca\x00\xb6\xf1\xb0\x0e\xd7\xfb\xa4\x17\x3d\xaf\xab\x69\x7a\x96\x27\xbf\xaf\x33\xa1\x9a\x2a\x59\xaa\xc4\xb5\x37\x08\xf2\x12\xa5\x31\xb6\x43\xf5\x32\x96\x71\x28\x28\xab\x8d\x28\x86\xdf\xbb\xee\xe3\x0c\x7d\x30\xd6\xc3\x52\xab\x8f\x5d\x27\x9c\x6b\xc0\xa3\xe7\x05\x6b\x57\x49\x44\xb3\x6e\xea\x64\xcf\xd2\x8e\x7a\x50\x77\x77\x02\x03\x01\x00\x01\xa3\x6b\x30\x69\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x33\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x08\x04\x26\x16\x24\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x2f\x67\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x16\x3d\xc6\xcd\xc1\xbb\x85\x71\x85\x46\x9f\x3e\x20\x8f\x51\x28\x99\xec\x2d\x45\x21\x63\x23\x5b\x04\xbb\x4c\x90\xb8\x88\x92\x04\x4d\xbd\x7d\x01\xa3\x3f\xf6\xec\xce\xf1\xde\xfe\x7d\xe5\xe1\x3e\xbb\xc6\xab\x5e\x0b\xdd\x3d\x96\xc4\xcb\xa9\xd4\xf9\x26\xe6\x06\x4e\x9e\x0c\xa5\x7a\xba\x6e\xc3\x7c\x82\x19\xd1\xc7\xb1\xb1\xc3\xdb\x0d\x8e\x9b\x40\x7c\x37\x0b\xf1\x5d\xe8\xfd\x1f\x90\x88\xa5\x0e\x4e\x37\x64\x21\xa8\x4e\x8d\xb4\x9f\xf1\xde\x48\xad\xd5\x56\x18\x52\x29\x8b\x47\x34\x12\x09\xd4\xbb\x92\x35\xef\x0f\xdb\x34", + ["Certum Root CA"] = "\x30\x82\x03\x0c\x30\x82\x01\xf4\xa0\x03\x02\x01\x02\x02\x03\x01\x00\x20\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4c\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x55\x6e\x69\x7a\x65\x74\x6f\x20\x53\x70\x2e\x20\x7a\x20\x6f\x2e\x6f\x2e\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x43\x65\x72\x74\x75\x6d\x20\x43\x41\x30\x1e\x17\x0d\x30\x32\x30\x36\x31\x31\x31\x30\x34\x36\x33\x39\x5a\x17\x0d\x32\x37\x30\x36\x31\x31\x31\x30\x34\x36\x33\x39\x5a\x30\x3e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4c\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x55\x6e\x69\x7a\x65\x74\x6f\x20\x53\x70\x2e\x20\x7a\x20\x6f\x2e\x6f\x2e\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x43\x65\x72\x74\x75\x6d\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xce\xb1\xc1\x2e\xd3\x4f\x7c\xcd\x25\xce\x18\x3e\x4f\xc4\x8c\x6f\x80\x6a\x73\xc8\x5b\x51\xf8\x9b\xd2\xdc\xbb\x00\x5c\xb1\xa0\xfc\x75\x03\xee\x81\xf0\x88\xee\x23\x52\xe9\xe6\x15\x33\x8d\xac\x2d\x09\xc5\x76\xf9\x2b\x39\x80\x89\xe4\x97\x4b\x90\xa5\xa8\x78\xf8\x73\x43\x7b\xa4\x61\xb0\xd8\x58\xcc\xe1\x6c\x66\x7e\x9c\xf3\x09\x5e\x55\x63\x84\xd5\xa8\xef\xf3\xb1\x2e\x30\x68\xb3\xc4\x3c\xd8\xac\x6e\x8d\x99\x5a\x90\x4e\x34\xdc\x36\x9a\x8f\x81\x88\x50\xb7\x6d\x96\x42\x09\xf3\xd7\x95\x83\x0d\x41\x4b\xb0\x6a\x6b\xf8\xfc\x0f\x7e\x62\x9f\x67\xc4\xed\x26\x5f\x10\x26\x0f\x08\x4f\xf0\xa4\x57\x28\xce\x8f\xb8\xed\x45\xf6\x6e\xee\x25\x5d\xaa\x6e\x39\xbe\xe4\x93\x2f\xd9\x47\xa0\x72\xeb\xfa\xa6\x5b\xaf\xca\x53\x3f\xe2\x0e\xc6\x96\x56\x11\x6e\xf7\xe9\x66\xa9\x26\xd8\x7f\x95\x53\xed\x0a\x85\x88\xba\x4f\x29\xa5\x42\x8c\x5e\xb6\xfc\x85\x20\x00\xaa\x68\x0b\xa1\x1a\x85\x01\x9c\xc4\x46\x63\x82\x88\xb6\x22\xb1\xee\xfe\xaa\x46\x59\x7e\xcf\x35\x2c\xd5\xb6\xda\x5d\xf7\x48\x33\x14\x54\xb6\xeb\xd9\x6f\xce\xcd\x88\xd6\xab\x1b\xda\x96\x3b\x1d\x59\x02\x03\x01\x00\x01\xa3\x13\x30\x11\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xb8\x8d\xce\xef\xe7\x14\xba\xcf\xee\xb0\x44\x92\x6c\xb4\x39\x3e\xa2\x84\x6e\xad\xb8\x21\x77\xd2\xd4\x77\x82\x87\xe6\x20\x41\x81\xee\xe2\xf8\x11\xb7\x63\xd1\x17\x37\xbe\x19\x76\x24\x1c\x04\x1a\x4c\xeb\x3d\xaa\x67\x6f\x2d\xd4\xcd\xfe\x65\x31\x70\xc5\x1b\xa6\x02\x0a\xba\x60\x7b\x6d\x58\xc2\x9a\x49\xfe\x63\x32\x0b\x6b\xe3\x3a\xc0\xac\xab\x3b\xb0\xe8\xd3\x09\x51\x8c\x10\x83\xc6\x34\xe0\xc5\x2b\xe0\x1a\xb6\x60\x14\x27\x6c\x32\x77\x8c\xbc\xb2\x72\x98\xcf\xcd\xcc\x3f\xb9\xc8\x24\x42\x14\xd6\x57\xfc\xe6\x26\x43\xa9\x1d\xe5\x80\x90\xce\x03\x54\x28\x3e\xf7\x3f\xd3\xf8\x4d\xed\x6a\x0a\x3a\x93\x13\x9b\x3b\x14\x23\x13\x63\x9c\x3f\xd1\x87\x27\x79\xe5\x4c\x51\xe3\x01\xad\x85\x5d\x1a\x3b\xb1\xd5\x73\x10\xa4\xd3\xf2\xbc\x6e\x64\xf5\x5a\x56\x90\xa8\xc7\x0e\x4c\x74\x0f\x2e\x71\x3b\xf7\xc8\x47\xf4\x69\x6f\x15\xf2\x11\x5e\x83\x1e\x9c\x7c\x52\xae\xfd\x02\xda\x12\xa8\x59\x67\x18\xdb\xbc\x70\xdd\x9b\xb1\x69\xed\x80\xce\x89\x40\x48\x6a\x0e\x35\xca\x29\x66\x15\x21\x94\x2c\xe8\x60\x2a\x9b\x85\x4a\x40\xf3\x6b\x8a\x24\xec\x06\x16\x2c\x73", + ["Comodo AAA Services root"] = "\x30\x82\x04\x32\x30\x82\x03\x1a\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x0c\x18\x41\x41\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1e\x17\x0d\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x7b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x0c\x18\x41\x41\x41\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbe\x40\x9d\xf4\x6e\xe1\xea\x76\x87\x1c\x4d\x45\x44\x8e\xbe\x46\xc8\x83\x06\x9d\xc1\x2a\xfe\x18\x1f\x8e\xe4\x02\xfa\xf3\xab\x5d\x50\x8a\x16\x31\x0b\x9a\x06\xd0\xc5\x70\x22\xcd\x49\x2d\x54\x63\xcc\xb6\x6e\x68\x46\x0b\x53\xea\xcb\x4c\x24\xc0\xbc\x72\x4e\xea\xf1\x15\xae\xf4\x54\x9a\x12\x0a\xc3\x7a\xb2\x33\x60\xe2\xda\x89\x55\xf3\x22\x58\xf3\xde\xdc\xcf\xef\x83\x86\xa2\x8c\x94\x4f\x9f\x68\xf2\x98\x90\x46\x84\x27\xc7\x76\xbf\xe3\xcc\x35\x2c\x8b\x5e\x07\x64\x65\x82\xc0\x48\xb0\xa8\x91\xf9\x61\x9f\x76\x20\x50\xa8\x91\xc7\x66\xb5\xeb\x78\x62\x03\x56\xf0\x8a\x1a\x13\xea\x31\xa3\x1e\xa0\x99\xfd\x38\xf6\xf6\x27\x32\x58\x6f\x07\xf5\x6b\xb8\xfb\x14\x2b\xaf\xb7\xaa\xcc\xd6\x63\x5f\x73\x8c\xda\x05\x99\xa8\x38\xa8\xcb\x17\x78\x36\x51\xac\xe9\x9e\xf4\x78\x3a\x8d\xcf\x0f\xd9\x42\xe2\x98\x0c\xab\x2f\x9f\x0e\x01\xde\xef\x9f\x99\x49\xf1\x2d\xdf\xac\x74\x4d\x1b\x98\xb5\x47\xc5\xe5\x29\xd1\xf9\x90\x18\xc7\x62\x9c\xbe\x83\xc7\x26\x7b\x3e\x8a\x25\xc7\xc0\xdd\x9d\xe6\x35\x68\x10\x20\x9d\x8f\xd8\xde\xd2\xc3\x84\x9c\x0d\x5e\xe8\x2f\xc9\x02\x03\x01\x00\x01\xa3\x81\xc0\x30\x81\xbd\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa0\x11\x0a\x23\x3e\x96\xf1\x07\xec\xe2\xaf\x29\xef\x82\xa5\x7f\xd0\x30\xa4\xb4\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x7b\x06\x03\x55\x1d\x1f\x04\x74\x30\x72\x30\x38\xa0\x36\xa0\x34\x86\x32\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x63\x61\x2e\x63\x6f\x6d\x2f\x41\x41\x41\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2e\x63\x72\x6c\x30\x36\xa0\x34\xa0\x32\x86\x30\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x2e\x6e\x65\x74\x2f\x41\x41\x41\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x08\x56\xfc\x02\xf0\x9b\xe8\xff\xa4\xfa\xd6\x7b\xc6\x44\x80\xce\x4f\xc4\xc5\xf6\x00\x58\xcc\xa6\xb6\xbc\x14\x49\x68\x04\x76\xe8\xe6\xee\x5d\xec\x02\x0f\x60\xd6\x8d\x50\x18\x4f\x26\x4e\x01\xe3\xe6\xb0\xa5\xee\xbf\xbc\x74\x54\x41\xbf\xfd\xfc\x12\xb8\xc7\x4f\x5a\xf4\x89\x60\x05\x7f\x60\xb7\x05\x4a\xf3\xf6\xf1\xc2\xbf\xc4\xb9\x74\x86\xb6\x2d\x7d\x6b\xcc\xd2\xf3\x46\xdd\x2f\xc6\xe0\x6a\xc3\xc3\x34\x03\x2c\x7d\x96\xdd\x5a\xc2\x0e\xa7\x0a\x99\xc1\x05\x8b\xab\x0c\x2f\xf3\x5c\x3a\xcf\x6c\x37\x55\x09\x87\xde\x53\x40\x6c\x58\xef\xfc\xb6\xab\x65\x6e\x04\xf6\x1b\xdc\x3c\xe0\x5a\x15\xc6\x9e\xd9\xf1\x59\x48\x30\x21\x65\x03\x6c\xec\xe9\x21\x73\xec\x9b\x03\xa1\xe0\x37\xad\xa0\x15\x18\x8f\xfa\xba\x02\xce\xa7\x2c\xa9\x10\x13\x2c\xd4\xe5\x08\x26\xab\x22\x97\x60\xf8\x90\x5e\x74\xd4\xa2\x9a\x53\xbd\xf2\xa9\x68\xe0\xa2\x6e\xc2\xd7\x6c\xb1\xa3\x0f\x9e\xbf\xeb\x68\xe7\x56\xf2\xae\xf2\xe3\x2b\x38\x3a\x09\x81\xb5\x6b\x85\xd7\xbe\x2d\xed\x3f\x1a\xb7\xb2\x63\xe2\xf5\x62\x2c\x82\xd4\x6a\x00\x41\x50\xf1\x39\x83\x9f\x95\xe9\x36\x96\x98\x6e", + ["Comodo Secure Services root"] = "\x30\x82\x04\x3f\x30\x82\x03\x27\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x24\x30\x22\x06\x03\x55\x04\x03\x0c\x1b\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1e\x17\x0d\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x7e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x24\x30\x22\x06\x03\x55\x04\x03\x0c\x1b\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc0\x71\x33\x82\x8a\xd0\x70\xeb\x73\x87\x82\x40\xd5\x1d\xe4\xcb\xc9\x0e\x42\x90\xf9\xde\x34\xb9\xa1\xba\x11\xf4\x25\x85\xf3\xcc\x72\x6d\xf2\x7b\x97\x6b\xb3\x07\xf1\x77\x24\x91\x5f\x25\x8f\xf6\x74\x3d\xe4\x80\xc2\xf8\x3c\x0d\xf3\xbf\x40\xea\xf7\xc8\x52\xd1\x72\x6f\xef\xc8\xab\x41\xb8\x6e\x2e\x17\x2a\x95\x69\x0c\xcd\xd2\x1e\x94\x7b\x2d\x94\x1d\xaa\x75\xd7\xb3\x98\xcb\xac\xbc\x64\x53\x40\xbc\x8f\xac\xac\x36\xcb\x5c\xad\xbb\xdd\xe0\x94\x17\xec\xd1\x5c\xd0\xbf\xef\xa5\x95\xc9\x90\xc5\xb0\xac\xfb\x1b\x43\xdf\x7a\x08\x5d\xb7\xb8\xf2\x40\x1b\x2b\x27\x9e\x50\xce\x5e\x65\x82\x88\x8c\x5e\xd3\x4e\x0c\x7a\xea\x08\x91\xb6\x36\xaa\x2b\x42\xfb\xea\xc2\xa3\x39\xe5\xdb\x26\x38\xad\x8b\x0a\xee\x19\x63\xc7\x1c\x24\xdf\x03\x78\xda\xe6\xea\xc1\x47\x1a\x0b\x0b\x46\x09\xdd\x02\xfc\xde\xcb\x87\x5f\xd7\x30\x63\x68\xa1\xae\xdc\x32\xa1\xba\xbe\xfe\x44\xab\x68\xb6\xa5\x17\x15\xfd\xbd\xd5\xa7\xa7\x9a\xe4\x44\x33\xe9\x88\x8e\xfc\xed\x51\xeb\x93\x71\x4e\xad\x01\xe7\x44\x8e\xab\x2d\xcb\xa8\xfe\x01\x49\x48\xf0\xc0\xdd\xc7\x68\xd8\x92\xfe\x3d\x02\x03\x01\x00\x01\xa3\x81\xc7\x30\x81\xc4\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x3c\xd8\x93\x88\xc2\xc0\x82\x09\xcc\x01\x99\x06\x93\x20\xe9\x9e\x70\x09\x63\x4f\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\x81\x06\x03\x55\x1d\x1f\x04\x7a\x30\x78\x30\x3b\xa0\x39\xa0\x37\x86\x35\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x63\x61\x2e\x63\x6f\x6d\x2f\x53\x65\x63\x75\x72\x65\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2e\x63\x72\x6c\x30\x39\xa0\x37\xa0\x35\x86\x33\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x2e\x6e\x65\x74\x2f\x53\x65\x63\x75\x72\x65\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x87\x01\x6d\x23\x1d\x7e\x5b\x17\x7d\xc1\x61\x32\xcf\x8f\xe7\xf3\x8a\x94\x59\x66\xe0\x9e\x28\xa8\x5e\xd3\xb7\xf4\x34\xe6\xaa\x39\xb2\x97\x16\xc5\x82\x6f\x32\xa4\xe9\x8c\xe7\xaf\xfd\xef\xc2\xe8\xb9\x4b\xaa\xa3\xf4\xe6\xda\x8d\x65\x21\xfb\xba\x80\xeb\x26\x28\x85\x1a\xfe\x39\x8c\xde\x5b\x04\x04\xb4\x54\xf9\xa3\x67\x9e\x41\xfa\x09\x52\xcc\x05\x48\xa8\xc9\x3f\x21\x04\x1e\xce\x48\x6b\xfc\x85\xe8\xc2\x7b\xaf\x7f\xb7\xcc\xf8\x5f\x3a\xfd\x35\xc6\x0d\xef\x97\xdc\x4c\xab\x11\xe1\x6b\xcb\x31\xd1\x6c\xfb\x48\x80\xab\xdc\x9c\x37\xb8\x21\x14\x4b\x0d\x71\x3d\xec\x83\x33\x6e\xd1\x6e\x32\x16\xec\x98\xc7\x16\x8b\x59\xa6\x34\xab\x05\x57\x2d\x93\xf7\xaa\x13\xcb\xd2\x13\xe2\xb7\x2e\x3b\xcd\x6b\x50\x17\x09\x68\x3e\xb5\x26\x57\xee\xb6\xe0\xb6\xdd\xb9\x29\x80\x79\x7d\x8f\xa3\xf0\xa4\x28\xa4\x15\xc4\x85\xf4\x27\xd4\x6b\xbf\xe5\x5c\xe4\x65\x02\x76\x54\xb4\xe3\x37\x66\x24\xd3\x19\x61\xc8\x52\x10\xe5\x8b\x37\x9a\xb9\xa9\xf9\x1d\xbf\xea\x99\x92\x61\x96\xff\x01\xcd\xa1\x5f\x0d\xbc\x71\xbc\x0e\xac\x0b\x1d\x47\x45\x1d\xc1\xec\x7c\xec\xfd\x29", + ["Comodo Trusted Services root"] = "\x30\x82\x04\x43\x30\x82\x03\x2b\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0c\x1c\x54\x72\x75\x73\x74\x65\x64\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x1e\x17\x0d\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0c\x1c\x54\x72\x75\x73\x74\x65\x64\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xdf\x71\x6f\x36\x58\x53\x5a\xf2\x36\x54\x57\x80\xc4\x74\x08\x20\xed\x18\x7f\x2a\x1d\xe6\x35\x9a\x1e\x25\xac\x9c\xe5\x96\x7e\x72\x52\xa0\x15\x42\xdb\x59\xdd\x64\x7a\x1a\xd0\xb8\x7b\xdd\x39\x15\xbc\x55\x48\xc4\xed\x3a\x00\xea\x31\x11\xba\xf2\x71\x74\x1a\x67\xb8\xcf\x33\xcc\xa8\x31\xaf\xa3\xe3\xd7\x7f\xbf\x33\x2d\x4c\x6a\x3c\xec\x8b\xc3\x92\xd2\x53\x77\x24\x74\x9c\x07\x6e\x70\xfc\xbd\x0b\x5b\x76\xba\x5f\xf2\xff\xd7\x37\x4b\x4a\x60\x78\xf7\xf0\xfa\xca\x70\xb4\xea\x59\xaa\xa3\xce\x48\x2f\xa9\xc3\xb2\x0b\x7e\x17\x72\x16\x0c\xa6\x07\x0c\x1b\x38\xcf\xc9\x62\xb7\x3f\xa0\x93\xa5\x87\x41\xf2\xb7\x70\x40\x77\xd8\xbe\x14\x7c\xe3\xa8\xc0\x7a\x8e\xe9\x63\x6a\xd1\x0f\x9a\xc6\xd2\xf4\x8b\x3a\x14\x04\x56\xd4\xed\xb8\xcc\x6e\xf5\xfb\xe2\x2c\x58\xbd\x7f\x4f\x6b\x2b\xf7\x60\x24\x58\x24\xce\x26\xef\x34\x91\x3a\xd5\xe3\x81\xd0\xb2\xf0\x04\x02\xd7\x5b\xb7\x3e\x92\xac\x6b\x12\x8a\xf9\xe4\x05\xb0\x3b\x91\x49\x5c\xb2\xeb\x53\xea\xf8\x9f\x47\x86\xee\xbf\x95\xc0\xc0\x06\x9f\xd2\x5b\x5e\x11\x1b\xf4\xc7\x04\x35\x29\xd2\x55\x5c\xe4\xed\xeb\x02\x03\x01\x00\x01\xa3\x81\xc9\x30\x81\xc6\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc5\x7b\x58\xbd\xed\xda\x25\x69\xd2\xf7\x59\x16\xa8\xb3\x32\xc0\x7b\x27\x5b\xf4\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\x83\x06\x03\x55\x1d\x1f\x04\x7c\x30\x7a\x30\x3c\xa0\x3a\xa0\x38\x86\x36\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x63\x61\x2e\x63\x6f\x6d\x2f\x54\x72\x75\x73\x74\x65\x64\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2e\x63\x72\x6c\x30\x3a\xa0\x38\xa0\x36\x86\x34\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x2e\x6e\x65\x74\x2f\x54\x72\x75\x73\x74\x65\x64\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xc8\x93\x81\x3b\x89\xb4\xaf\xb8\x84\x12\x4c\x8d\xd2\xf0\xdb\x70\xba\x57\x86\x15\x34\x10\xb9\x2f\x7f\x1e\xb0\xa8\x89\x60\xa1\x8a\xc2\x77\x0c\x50\x4a\x9b\x00\x8b\xd8\x8b\xf4\x41\xe2\xd0\x83\x8a\x4a\x1c\x14\x06\xb0\xa3\x68\x05\x70\x31\x30\xa7\x53\x9b\x0e\xe9\x4a\xa0\x58\x69\x67\x0e\xae\x9d\xf6\xa5\x2c\x41\xbf\x3c\x06\x6b\xe4\x59\xcc\x6d\x10\xf1\x96\x6f\x1f\xdf\xf4\x04\x02\xa4\x9f\x45\x3e\xc8\xd8\xfa\x36\x46\x44\x50\x3f\x82\x97\x91\x1f\x28\xdb\x18\x11\x8c\x2a\xe4\x65\x83\x57\x12\x12\x8c\x17\x3f\x94\x36\xfe\x5d\xb0\xc0\x04\x77\x13\xb8\xf4\x15\xd5\x3f\x38\xcc\x94\x3a\x55\xd0\xac\x98\xf5\xba\x00\x5f\xe0\x86\x19\x81\x78\x2f\x28\xc0\x7e\xd3\xcc\x42\x0a\xf5\xae\x50\xa0\xd1\x3e\xc6\xa1\x71\xec\x3f\xa0\x20\x8c\x66\x3a\x89\xb4\x8e\xd4\xd8\xb1\x4d\x25\x47\xee\x2f\x88\xc8\xb5\xe1\x05\x45\xc0\xbe\x14\x71\xde\x7a\xfd\x8e\x7b\x7d\x4d\x08\x96\xa5\x12\x73\xf0\x2d\xca\x37\x27\x74\x12\x27\x4c\xcb\xb6\x97\xe9\xd9\xae\x08\x6d\x5a\x39\x40\xdd\x05\x47\x75\x6a\x5a\x21\xb3\xa3\x18\xcf\x4e\xf7\x2e\x57\xb7\x98\x70\x5e\xc8\xc4\x78\xb0\x62", + ["QuoVadis Root CA"] = "\x30\x82\x05\xd0\x30\x82\x04\xb8\xa0\x03\x02\x01\x02\x02\x04\x3a\xb6\x50\x8b\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x2e\x30\x2c\x06\x03\x55\x04\x03\x13\x25\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x31\x30\x33\x31\x39\x31\x38\x33\x33\x33\x33\x5a\x17\x0d\x32\x31\x30\x33\x31\x37\x31\x38\x33\x33\x33\x33\x5a\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x2e\x30\x2c\x06\x03\x55\x04\x03\x13\x25\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbf\x61\xb5\x95\x53\xba\x57\xfc\xfa\xf2\x67\x0b\x3a\x1a\xdf\x11\x80\x64\x95\xb4\xd1\xbc\xcd\x7a\xcf\xf6\x29\x96\x2e\x24\x54\x40\x24\x38\xf7\x1a\x85\xdc\x58\x4c\xcb\xa4\x27\x42\x97\xd0\x9f\x83\x8a\xc3\xe4\x06\x03\x5b\x00\xa5\x51\x1e\x70\x04\x74\xe2\xc1\xd4\x3a\xab\xd7\xad\x3b\x07\x18\x05\x8e\xfd\x83\xac\xea\x66\xd9\x18\x1b\x68\x8a\xf5\x57\x1a\x98\xba\xf5\xed\x76\x3d\x7c\xd9\xde\x94\x6a\x3b\x4b\x17\xc1\xd5\x8f\xbd\x65\x38\x3a\x95\xd0\x3d\x55\x36\x4e\xdf\x79\x57\x31\x2a\x1e\xd8\x59\x65\x49\x58\x20\x98\x7e\xab\x5f\x7e\x9f\xe9\xd6\x4d\xec\x83\x74\xa9\xc7\x6c\xd8\xee\x29\x4a\x85\x2a\x06\x14\xf9\x54\xe6\xd3\xda\x65\x07\x8b\x63\x37\x12\xd7\xd0\xec\xc3\x7b\x20\x41\x44\xa3\xed\xcb\xa0\x17\xe1\x71\x65\xce\x1d\x66\x31\xf7\x76\x01\x19\xc8\x7d\x03\x58\xb6\x95\x49\x1d\xa6\x12\x26\xe8\xc6\x0c\x76\xe0\xe3\x66\xcb\xea\x5d\xa6\x26\xee\xe5\xcc\x5f\xbd\x67\xa7\x01\x27\x0e\xa2\xca\x54\xc5\xb1\x7a\x95\x1d\x71\x1e\x4a\x29\x8a\x03\xdc\x6a\x45\xc1\xa4\x19\x5e\x6f\x36\xcd\xc3\xa2\xb0\xb7\xfe\x5c\x38\xe2\x52\xbc\xf8\x44\x43\xe6\x90\xbb\x02\x03\x01\x00\x01\xa3\x82\x02\x52\x30\x82\x02\x4e\x30\x3d\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x01\x04\x31\x30\x2f\x30\x2d\x06\x08\x2b\x06\x01\x05\x05\x07\x30\x01\x86\x21\x68\x74\x74\x70\x73\x3a\x2f\x2f\x6f\x63\x73\x70\x2e\x71\x75\x6f\x76\x61\x64\x69\x73\x6f\x66\x66\x73\x68\x6f\x72\x65\x2e\x63\x6f\x6d\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x82\x01\x1a\x06\x03\x55\x1d\x20\x04\x82\x01\x11\x30\x82\x01\x0d\x30\x82\x01\x09\x06\x09\x2b\x06\x01\x04\x01\xbe\x58\x00\x01\x30\x81\xfb\x30\x81\xd4\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x81\xc7\x1a\x81\xc4\x52\x65\x6c\x69\x61\x6e\x63\x65\x20\x6f\x6e\x20\x74\x68\x65\x20\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x62\x79\x20\x61\x6e\x79\x20\x70\x61\x72\x74\x79\x20\x61\x73\x73\x75\x6d\x65\x73\x20\x61\x63\x63\x65\x70\x74\x61\x6e\x63\x65\x20\x6f\x66\x20\x74\x68\x65\x20\x74\x68\x65\x6e\x20\x61\x70\x70\x6c\x69\x63\x61\x62\x6c\x65\x20\x73\x74\x61\x6e\x64\x61\x72\x64\x20\x74\x65\x72\x6d\x73\x20\x61\x6e\x64\x20\x63\x6f\x6e\x64\x69\x74\x69\x6f\x6e\x73\x20\x6f\x66\x20\x75\x73\x65\x2c\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x70\x72\x61\x63\x74\x69\x63\x65\x73\x2c\x20\x61\x6e\x64\x20\x74\x68\x65\x20\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x50\x6f\x6c\x69\x63\x79\x2e\x30\x22\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x16\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x71\x75\x6f\x76\x61\x64\x69\x73\x2e\x62\x6d\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x8b\x4b\x6d\xed\xd3\x29\xb9\x06\x19\xec\x39\x39\xa9\xf0\x97\x84\x6a\xcb\xef\xdf\x30\x81\xae\x06\x03\x55\x1d\x23\x04\x81\xa6\x30\x81\xa3\x80\x14\x8b\x4b\x6d\xed\xd3\x29\xb9\x06\x19\xec\x39\x39\xa9\xf0\x97\x84\x6a\xcb\xef\xdf\xa1\x81\x84\xa4\x81\x81\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x2e\x30\x2c\x06\x03\x55\x04\x03\x13\x25\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x82\x04\x3a\xb6\x50\x8b\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8a\xd4\x14\xb5\xfe\xf4\x9a\x92\xa7\x19\xd4\xa4\x7e\x72\x18\x8f\xd9\x68\x7c\x52\x24\xdd\x67\x6f\x39\x7a\xc4\xaa\x5e\x3d\xe2\x58\xb0\x4d\x70\x98\x84\x61\xe8\x1b\xe3\x69\x18\x0e\xce\xfb\x47\x50\xa0\x4e\xff\xf0\x24\x1f\xbd\xb2\xce\xf5\x27\xfc\xec\x2f\x53\xaa\x73\x7b\x03\x3d\x74\x6e\xe6\x16\x9e\xeb\xa5\x2e\xc4\xbf\x56\x27\x50\x2b\x62\xba\xbe\x4b\x1c\x3c\x55\x5c\x41\x1d\x24\xbe\x82\x20\x47\x5d\xd5\x44\x7e\x7a\x16\x68\xdf\x7d\x4d\x51\x70\x78\x57\x1d\x33\x1e\xfd\x02\x99\x9c\x0c\xcd\x0a\x05\x4f\xc7\xbb\x8e\xa4\x75\xfa\x4a\x6d\xb1\x80\x8e\x09\x56\xb9\x9c\x1a\x60\xfe\x5d\xc1\xd7\x7a\xdc\x11\x78\xd0\xd6\x5d\xc1\xb7\xd5\xad\x32\x99\x03\x3a\x8a\xcc\x54\x25\x39\x31\x81\x7b\x13\x22\x51\xba\x46\x6c\xa1\xbb\x9e\xfa\x04\x6c\x49\x26\x74\x8f\xd2\x73\xeb\xcc\x30\xa2\xe6\xea\x59\x22\x87\xf8\x97\xf5\x0e\xfd\xea\xcc\x92\xa4\x16\xc4\x52\x18\xea\x21\xce\xb1\xf1\xe6\x84\x81\xe5\xba\xa9\x86\x28\xf2\x43\x5a\x5d\x12\x9d\xac\x1e\xd9\xa8\xe5\x0a\x6a\xa7\x7f\xa0\x87\x29\xcf\xf2\x89\x4d\xd4\xec\xc5\xe2\xe6\x7a\xd0\x36\x23\x8a\x4a\x74\x36\xf9", + ["QuoVadis Root CA 2"] = "\x30\x82\x05\xb7\x30\x82\x03\x9f\xa0\x03\x02\x01\x02\x02\x02\x05\x09\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x30\x1e\x17\x0d\x30\x36\x31\x31\x32\x34\x31\x38\x32\x37\x30\x30\x5a\x17\x0d\x33\x31\x31\x31\x32\x34\x31\x38\x32\x33\x33\x33\x5a\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\x9a\x18\xca\x4b\x94\x0d\x00\x2d\xaf\x03\x29\x8a\xf0\x0f\x81\xc8\xae\x4c\x19\x85\x1d\x08\x9f\xab\x29\x44\x85\xf3\x2f\x81\xad\x32\x1e\x90\x46\xbf\xa3\x86\x26\x1a\x1e\xfe\x7e\x1c\x18\x3a\x5c\x9c\x60\x17\x2a\x3a\x74\x83\x33\x30\x7d\x61\x54\x11\xcb\xed\xab\xe0\xe6\xd2\xa2\x7e\xf5\x6b\x6f\x18\xb7\x0a\x0b\x2d\xfd\xe9\x3e\xef\x0a\xc6\xb3\x10\xe9\xdc\xc2\x46\x17\xf8\x5d\xfd\xa4\xda\xff\x9e\x49\x5a\x9c\xe6\x33\xe6\x24\x96\xf7\x3f\xba\x5b\x2b\x1c\x7a\x35\xc2\xd6\x67\xfe\xab\x66\x50\x8b\x6d\x28\x60\x2b\xef\xd7\x60\xc3\xc7\x93\xbc\x8d\x36\x91\xf3\x7f\xf8\xdb\x11\x13\xc4\x9c\x77\x76\xc1\xae\xb7\x02\x6a\x81\x7a\xa9\x45\x83\xe2\x05\xe6\xb9\x56\xc1\x94\x37\x8f\x48\x71\x63\x22\xec\x17\x65\x07\x95\x8a\x4b\xdf\x8f\xc6\x5a\x0a\xe5\xb0\xe3\x5f\x5e\x6b\x11\xab\x0c\xf9\x85\xeb\x44\xe9\xf8\x04\x73\xf2\xe9\xfe\x5c\x98\x8c\xf5\x73\xaf\x6b\xb4\x7e\xcd\xd4\x5c\x02\x2b\x4c\x39\xe1\xb2\x95\x95\x2d\x42\x87\xd7\xd5\xb3\x90\x43\xb7\x6c\x13\xf1\xde\xdd\xf6\xc4\xf8\x89\x3f\xd1\x75\xf5\x92\xc3\x91\xd5\x8a\x88\xd0\x90\xec\xdc\x6d\xde\x89\xc2\x65\x71\x96\x8b\x0d\x03\xfd\x9c\xbf\x5b\x16\xac\x92\xdb\xea\xfe\x79\x7c\xad\xeb\xaf\xf7\x16\xcb\xdb\xcd\x25\x2b\xe5\x1f\xfb\x9a\x9f\xe2\x51\xcc\x3a\x53\x0c\x48\xe6\x0e\xbd\xc9\xb4\x76\x06\x52\xe6\x11\x13\x85\x72\x63\x03\x04\xe0\x04\x36\x2b\x20\x19\x02\xe8\x74\xa7\x1f\xb6\xc9\x56\x66\xf0\x75\x25\xdc\x67\xc1\x0e\x61\x60\x88\xb3\x3e\xd1\xa8\xfc\xa3\xda\x1d\xb0\xd1\xb1\x23\x54\xdf\x44\x76\x6d\xed\x41\xd8\xc1\xb2\x22\xb6\x53\x1c\xdf\x35\x1d\xdc\xa1\x77\x2a\x31\xe4\x2d\xf5\xe5\xe5\xdb\xc8\xe0\xff\xe5\x80\xd7\x0b\x63\xa0\xff\x33\xa1\x0f\xba\x2c\x15\x15\xea\x97\xb3\xd2\xa2\xb5\xbe\xf2\x8c\x96\x1e\x1a\x8f\x1d\x6c\xa4\x61\x37\xb9\x86\x73\x33\xd7\x97\x96\x9e\x23\x7d\x82\xa4\x4c\x81\xe2\xa1\xd1\xba\x67\x5f\x95\x07\xa3\x27\x11\xee\x16\x10\x7b\xbc\x45\x4a\x4c\xb2\x04\xd2\xab\xef\xd5\xfd\x0c\x51\xce\x50\x6a\x08\x31\xf9\x91\xda\x0c\x8f\x64\x5c\x03\xc3\x3a\x8b\x20\x3f\x6e\x8d\x67\x3d\x3a\xd6\xfe\x7d\x5b\x88\xc9\x5e\xfb\xcc\x61\xdc\x8b\x33\x77\xd3\x44\x32\x35\x09\x62\x04\x92\x16\x10\xd8\x9e\x27\x47\xfb\x3b\x21\xe3\xf8\xeb\x1d\x5b\x02\x03\x01\x00\x01\xa3\x81\xb0\x30\x81\xad\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x1a\x84\x62\xbc\x48\x4c\x33\x25\x04\xd4\xee\xd0\xf6\x03\xc4\x19\x46\xd1\x94\x6b\x30\x6e\x06\x03\x55\x1d\x23\x04\x67\x30\x65\x80\x14\x1a\x84\x62\xbc\x48\x4c\x33\x25\x04\xd4\xee\xd0\xf6\x03\xc4\x19\x46\xd1\x94\x6b\xa1\x49\xa4\x47\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x82\x02\x05\x09\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x3e\x0a\x16\x4d\x9f\x06\x5b\xa8\xae\x71\x5d\x2f\x05\x2f\x67\xe6\x13\x45\x83\xc4\x36\xf6\xf3\xc0\x26\x0c\x0d\xb5\x47\x64\x5d\xf8\xb4\x72\xc9\x46\xa5\x03\x18\x27\x55\x89\x78\x7d\x76\xea\x96\x34\x80\x17\x20\xdc\xe7\x83\xf8\x8d\xfc\x07\xb8\xda\x5f\x4d\x2e\x67\xb2\x84\xfd\xd9\x44\xfc\x77\x50\x81\xe6\x7c\xb4\xc9\x0d\x0b\x72\x53\xf8\x76\x07\x07\x41\x47\x96\x0c\xfb\xe0\x82\x26\x93\x55\x8c\xfe\x22\x1f\x60\x65\x7c\x5f\xe7\x26\xb3\xf7\x32\x90\x98\x50\xd4\x37\x71\x55\xf6\x92\x21\x78\xf7\x95\x79\xfa\xf8\x2d\x26\x87\x66\x56\x30\x77\xa6\x37\x78\x33\x52\x10\x58\xae\x3f\x61\x8e\xf2\x6a\xb1\xef\x18\x7e\x4a\x59\x63\xca\x8d\xa2\x56\xd5\xa7\x2f\xbc\x56\x1f\xcf\x39\xc1\xe2\xfb\x0a\xa8\x15\x2c\x7d\x4d\x7a\x63\xc6\x6c\x97\x44\x3c\xd2\x6f\xc3\x4a\x17\x0a\xf8\x90\xd2\x57\xa2\x19\x51\xa5\x2d\x97\x41\xda\x07\x4f\xa9\x50\xda\x90\x8d\x94\x46\xe1\x3e\xf0\x94\xfd\x10\x00\x38\xf5\x3b\xe8\x40\xe1\xb4\x6e\x56\x1a\x20\xcc\x6f\x58\x8d\xed\x2e\x45\x8f\xd6\xe9\x93\x3f\xe7\xb1\x2c\xdf\x3a\xd6\x22\x8c\xdc\x84\xbb\x22\x6f\xd0\xf8\xe4\xc6\x39\xe9\x04\x88\x3c\xc3\xba\xeb\x55\x7a\x6d\x80\x99\x24\xf5\x6c\x01\xfb\xf8\x97\xb0\x94\x5b\xeb\xfd\xd2\x6f\xf1\x77\x68\x0d\x35\x64\x23\xac\xb8\x55\xa1\x03\xd1\x4d\x42\x19\xdc\xf8\x75\x59\x56\xa3\xf9\xa8\x49\x79\xf8\xaf\x0e\xb9\x11\xa0\x7c\xb7\x6a\xed\x34\xd0\xb6\x26\x62\x38\x1a\x87\x0c\xf8\xe8\xfd\x2e\xd3\x90\x7f\x07\x91\x2a\x1d\xd6\x7e\x5c\x85\x83\x99\xb0\x38\x08\x3f\xe9\x5e\xf9\x35\x07\xe4\xc9\x62\x6e\x57\x7f\xa7\x50\x95\xf7\xba\xc8\x9b\xe6\x8e\xa2\x01\xc5\xd6\x66\xbf\x79\x61\xf3\x3c\x1c\xe1\xb9\x82\x5c\x5d\xa0\xc3\xe9\xd8\x48\xbd\x19\xa2\x11\x14\x19\x6e\xb2\x86\x1b\x68\x3e\x48\x37\x1a\x88\xb7\x5d\x96\x5e\x9c\xc7\xef\x27\x62\x08\xe2\x91\x19\x5c\xd2\xf1\x21\xdd\xba\x17\x42\x82\x97\x71\x81\x53\x31\xa9\x9f\xf6\x7d\x62\xbf\x72\xe1\xa3\x93\x1d\xcc\x8a\x26\x5a\x09\x38\xd0\xce\xd7\x0d\x80\x16\xb4\x78\xa5\x3a\x87\x4c\x8d\x8a\xa5\xd5\x46\x97\xf2\x2c\x10\xb9\xbc\x54\x22\xc0\x01\x50\x69\x43\x9e\xf4\xb2\xef\x6d\xf8\xec\xda\xf1\xe3\xb1\xef\xdf\x91\x8f\x54\x2a\x0b\x25\xc1\x26\x19\xc4\x52\x10\x05\x65\xd5\x82\x10\xea\xc2\x31\xcd\x2e", + ["QuoVadis Root CA 3"] = "\x30\x82\x06\x9d\x30\x82\x04\x85\xa0\x03\x02\x01\x02\x02\x02\x05\xc6\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x33\x30\x1e\x17\x0d\x30\x36\x31\x31\x32\x34\x31\x39\x31\x31\x32\x33\x5a\x17\x0d\x33\x31\x31\x31\x32\x34\x31\x39\x30\x36\x34\x34\x5a\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x33\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xcc\x57\x42\x16\x54\x9c\xe6\x98\xd3\xd3\x4d\xee\xfe\xed\xc7\x9f\x43\x39\x4a\x65\xb3\xe8\x16\x88\x34\xdb\x0d\x59\x91\x74\xcf\x92\xb8\x04\x40\xad\x02\x4b\x31\xab\xbc\x8d\x91\x68\xd8\x20\x0e\x1a\x01\xe2\x1a\x7b\x4e\x17\x5d\xe2\x8a\xb7\x3f\x99\x1a\xcd\xeb\x61\xab\xc2\x65\xa6\x1f\xb7\xb7\xbd\xb7\x8f\xfc\xfd\x70\x8f\x0b\xa0\x67\xbe\x01\xa2\x59\xcf\x71\xe6\x0f\x29\x76\xff\xb1\x56\x79\x45\x2b\x1f\x9e\x7a\x54\xe8\xa3\x29\x35\x68\xa4\x01\x4f\x0f\xa4\x2e\x37\xef\x1b\xbf\xe3\x8f\x10\xa8\x72\xab\x58\x57\xe7\x54\x86\xc8\xc9\xf3\x5b\xda\x2c\xda\x5d\x8e\x6e\x3c\xa3\x3e\xda\xfb\x82\xe5\xdd\xf2\x5c\xb2\x05\x33\x6f\x8a\x36\xce\xd0\x13\x4e\xff\xbf\x4a\x0c\x34\x4c\xa6\xc3\x21\xbd\x50\x04\x55\xeb\xb1\xbb\x9d\xfb\x45\x1e\x64\x15\xde\x55\x01\x8c\x02\x76\xb5\xcb\xa1\x3f\x42\x69\xbc\x2f\xbd\x68\x43\x16\x56\x89\x2a\x37\x61\x91\xfd\xa6\xae\x4e\xc0\xcb\x14\x65\x94\x37\x4b\x92\x06\xef\x04\xd0\xc8\x9c\x88\xdb\x0b\x7b\x81\xaf\xb1\x3d\x2a\xc4\x65\x3a\x78\xb6\xee\xdc\x80\xb1\xd2\xd3\x99\x9c\x3a\xee\x6b\x5a\x6b\xb3\x8d\xb7\xd5\xce\x9c\xc2\xbe\xa5\x4b\x2f\x16\xb1\x9e\x68\x3b\x06\x6f\xae\x7d\x9f\xf8\xde\xec\xcc\x29\xa7\x98\xa3\x25\x43\x2f\xef\xf1\x5f\x26\xe1\x88\x4d\xf8\x5e\x6e\xd7\xd9\x14\x6e\x19\x33\x69\xa7\x3b\x84\x89\x93\xc4\x53\x55\x13\xa1\x51\x78\x40\xf8\xb8\xc9\xa2\xee\x7b\xba\x52\x42\x83\x9e\x14\xed\x05\x52\x5a\x59\x56\xa7\x97\xfc\x9d\x3f\x0a\x29\xd8\xdc\x4f\x91\x0e\x13\xbc\xde\x95\xa4\xdf\x8b\x99\xbe\xac\x9b\x33\x88\xef\xb5\x81\xaf\x1b\xc6\x22\x53\xc8\xf6\xc7\xee\x97\x14\xb0\xc5\x7c\x78\x52\xc8\xf0\xce\x6e\x77\x60\x84\xa6\xe9\x2a\x76\x20\xed\x58\x01\x17\x30\x93\xe9\x1a\x8b\xe0\x73\x63\xd9\x6a\x92\x94\x49\x4e\xb4\xad\x4a\x85\xc4\xa3\x22\x30\xfc\x09\xed\x68\x22\x73\xa6\x88\x0c\x55\x21\x58\xc5\xe1\x3a\x9f\x2a\xdd\xca\xe1\x90\xe0\xd9\x73\xab\x6c\x80\xb8\xe8\x0b\x64\x93\xa0\x9c\x8c\x19\xff\xb3\xd2\x0c\xec\x91\x26\x87\x8a\xb3\xa2\xe1\x70\x8f\x2c\x0a\xe5\xcd\x6d\x68\x51\xeb\xda\x3f\x05\x7f\x8b\x32\xe6\x13\x5c\x6b\xfe\x5f\x40\xe2\x22\xc8\xb4\xb4\x64\x4f\xd6\xba\x7d\x48\x3e\xa8\x69\x0c\xd7\xbb\x86\x71\xc9\x73\xb8\x3f\x3b\x9d\x25\x4b\xda\xff\x40\xeb\x02\x03\x01\x00\x01\xa3\x82\x01\x95\x30\x82\x01\x91\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\xe1\x06\x03\x55\x1d\x20\x04\x81\xd9\x30\x81\xd6\x30\x81\xd3\x06\x09\x2b\x06\x01\x04\x01\xbe\x58\x00\x03\x30\x81\xc5\x30\x81\x93\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x81\x86\x1a\x81\x83\x41\x6e\x79\x20\x75\x73\x65\x20\x6f\x66\x20\x74\x68\x69\x73\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x63\x6f\x6e\x73\x74\x69\x74\x75\x74\x65\x73\x20\x61\x63\x63\x65\x70\x74\x61\x6e\x63\x65\x20\x6f\x66\x20\x74\x68\x65\x20\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x33\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x50\x6f\x6c\x69\x63\x79\x20\x2f\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x50\x72\x61\x63\x74\x69\x63\x65\x20\x53\x74\x61\x74\x65\x6d\x65\x6e\x74\x2e\x30\x2d\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x21\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x71\x75\x6f\x76\x61\x64\x69\x73\x67\x6c\x6f\x62\x61\x6c\x2e\x63\x6f\x6d\x2f\x63\x70\x73\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xf2\xc0\x13\xe0\x82\x43\x3e\xfb\xee\x2f\x67\x32\x96\x35\x5c\xdb\xb8\xcb\x02\xd0\x30\x6e\x06\x03\x55\x1d\x23\x04\x67\x30\x65\x80\x14\xf2\xc0\x13\xe0\x82\x43\x3e\xfb\xee\x2f\x67\x32\x96\x35\x5c\xdb\xb8\xcb\x02\xd0\xa1\x49\xa4\x47\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x4d\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x51\x75\x6f\x56\x61\x64\x69\x73\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x33\x82\x02\x05\xc6\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x4f\xad\xa0\x2c\x4c\xfa\xc0\xf2\x6f\xf7\x66\x55\xab\x23\x34\xee\xe7\x29\xda\xc3\x5b\xb6\xb0\x83\xd9\xd0\xd0\xe2\x21\xfb\xf3\x60\xa7\x3b\x5d\x60\x53\x27\xa2\x9b\xf6\x08\x22\x2a\xe7\xbf\xa0\x72\xe5\x9c\x24\x6a\x31\xb1\x90\x7a\x27\xdb\x84\x11\x89\x27\xa6\x77\x5a\x38\xd7\xbf\xac\x86\xfc\xee\x5d\x83\xbc\x06\xc6\xd1\x77\x6b\x0f\x6d\x24\x2f\x4b\x7a\x6c\xa7\x07\x96\xca\xe3\x84\x9f\xad\x88\x8b\x1d\xab\x16\x8d\x5b\x66\x17\xd9\x16\xf4\x8b\x80\xd2\xdd\xf8\xb2\x76\xc3\xfc\x38\x13\xaa\x0c\xde\x42\x69\x2b\x6e\xf3\x3c\xeb\x80\x27\xdb\xf5\xa6\x44\x0d\x9f\x5a\x55\x59\x0b\xd5\x0d\x52\x48\xc5\xae\x9f\xf2\x2f\x80\xc5\xea\x32\x50\x35\x12\x97\x2e\xc1\xe1\xff\xf1\x23\x88\x51\x38\x9f\xf2\x66\x56\x76\xe7\x0f\x51\x97\xa5\x52\x0c\x4d\x49\x51\x95\x36\x3d\xbf\xa2\x4b\x0c\x10\x1d\x86\x99\x4c\xaa\xf3\x72\x11\x93\xe4\xea\xf6\x9b\xda\xa8\x5d\xa7\x4d\xb7\x9e\x02\xae\x73\x00\xc8\xda\x23\x03\xe8\xf9\xea\x19\x74\x62\x00\x94\xcb\x22\x20\xbe\x94\xa7\x59\xb5\x82\x6a\xbe\x99\x79\x7a\xa9\xf2\x4a\x24\x52\xf7\x74\xfd\xba\x4e\xe6\xa8\x1d\x02\x6e\xb1\x0d\x80\x44\xc1\xae\xd3\x23\x37\x5f\xbb\x85\x7c\x2b\x92\x2e\xe8\x7e\xa5\x8b\xdd\x99\xe1\xbf\x27\x6f\x2d\x5d\xaa\x7b\x87\xfe\x0a\xdd\x4b\xfc\x8e\xf5\x26\xe4\x6e\x70\x42\x6e\x33\xec\x31\x9e\x7b\x93\xc1\xe4\xc9\x69\x1a\x3d\xc0\x6b\x4e\x22\x6d\xee\xab\x58\x4d\xc6\xd0\x41\xc1\x2b\xea\x4f\x12\x87\x5e\xeb\x45\xd8\x6c\xf5\x98\x02\xd3\xa0\xd8\x55\x8a\x06\x99\x19\xa2\xa0\x77\xd1\x30\x9e\xac\xcc\x75\xee\x83\xf5\xb0\x62\x39\xcf\x6c\x57\xe2\x4c\xd2\x91\x0b\x0e\x75\x28\x1b\x9a\xbf\xfd\x1a\x43\xf1\xca\x77\xfb\x3b\x8f\x61\xb8\x69\x28\x16\x42\x04\x5e\x70\x2a\x1c\x21\xd8\x8f\xe1\xbd\x23\x5b\x2d\x74\x40\x92\xd9\x63\x19\x0d\x73\xdd\x69\xbc\x62\x47\xbc\xe0\x74\x2b\xb2\xeb\x7d\xbe\x41\x1b\xb5\xc0\x46\xc5\xa1\x22\xcb\x5f\x4e\xc1\x28\x92\xde\x18\xba\xd5\x2a\x28\xbb\x11\x8b\x17\x93\x98\x99\x60\x94\x5c\x23\xcf\x5a\x27\x97\x5e\x0b\x05\x06\x93\x37\x1e\x3b\x69\x36\xeb\xa9\x9e\x61\x1d\x8f\x32\xda\x8e\x0c\xd6\x74\x3e\x7b\x09\x24\xda\x01\x77\x47\xc4\x3b\xcd\x34\x8c\x99\xf5\xca\xe1\x25\x61\x33\xb2\x59\x1b\xe2\x6e\xd7\x37\x57\xb6\x0d\xa9\x12\xda", + ["Security Communication Root CA"] = "\x30\x82\x03\x5a\x30\x82\x02\x42\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x50\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x13\x0f\x53\x45\x43\x4f\x4d\x20\x54\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0b\x13\x1e\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6f\x6d\x6d\x75\x6e\x69\x63\x61\x74\x69\x6f\x6e\x20\x52\x6f\x6f\x74\x43\x41\x31\x30\x1e\x17\x0d\x30\x33\x30\x39\x33\x30\x30\x34\x32\x30\x34\x39\x5a\x17\x0d\x32\x33\x30\x39\x33\x30\x30\x34\x32\x30\x34\x39\x5a\x30\x50\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x13\x0f\x53\x45\x43\x4f\x4d\x20\x54\x72\x75\x73\x74\x2e\x6e\x65\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0b\x13\x1e\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6f\x6d\x6d\x75\x6e\x69\x63\x61\x74\x69\x6f\x6e\x20\x52\x6f\x6f\x74\x43\x41\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb3\xb3\xfe\x7f\xd3\x6d\xb1\xef\x16\x7c\x57\xa5\x0c\x6d\x76\x8a\x2f\x4b\xbf\x64\xfb\x4c\xee\x8a\xf0\xf3\x29\x7c\xf5\xff\xee\x2a\xe0\xe9\xe9\xba\x5b\x64\x22\x9a\x9a\x6f\x2c\x3a\x26\x69\x51\x05\x99\x26\xdc\xd5\x1c\x6a\x71\xc6\x9a\x7d\x1e\x9d\xdd\x7c\x6c\xc6\x8c\x67\x67\x4a\x3e\xf8\x71\xb0\x19\x27\xa9\x09\x0c\xa6\x95\xbf\x4b\x8c\x0c\xfa\x55\x98\x3b\xd8\xe8\x22\xa1\x4b\x71\x38\x79\xac\x97\x92\x69\xb3\x89\x7e\xea\x21\x68\x06\x98\x14\x96\x87\xd2\x61\x36\xbc\x6d\x27\x56\x9e\x57\xee\xc0\xc0\x56\xfd\x32\xcf\xa4\xd9\x8e\xc2\x23\xd7\x8d\xa8\xf3\xd8\x25\xac\x97\xe4\x70\x38\xf4\xb6\x3a\xb4\x9d\x3b\x97\x26\x43\xa3\xa1\xbc\x49\x59\x72\x4c\x23\x30\x87\x01\x58\xf6\x4e\xbe\x1c\x68\x56\x66\xaf\xcd\x41\x5d\xc8\xb3\x4d\x2a\x55\x46\xab\x1f\xda\x1e\xe2\x40\x3d\xdb\xcd\x7d\xb9\x92\x80\x9c\x37\xdd\x0c\x96\x64\x9d\xdc\x22\xf7\x64\x8b\xdf\x61\xde\x15\x94\x52\x15\xa0\x7d\x52\xc9\x4b\xa8\x21\xc9\xc6\xb1\xed\xcb\xc3\x95\x60\xd1\x0f\xf0\xab\x70\xf8\xdf\xcb\x4d\x7e\xec\xd6\xfa\xab\xd9\xbd\x7f\x54\xf2\xa5\xe9\x79\xfa\xd9\xd6\x76\x24\x28\x73\x02\x03\x01\x00\x01\xa3\x3f\x30\x3d\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa0\x73\x49\x99\x68\xdc\x85\x5b\x65\xe3\x9b\x28\x2f\x57\x9f\xbd\x33\xbc\x07\x48\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x68\x40\xa9\xa8\xbb\xe4\x4f\x5d\x79\xb3\x05\xb5\x17\xb3\x60\x13\xeb\xc6\x92\x5d\xe0\xd1\xd3\x6a\xfe\xfb\xbe\x9b\x6d\xbf\xc7\x05\x6d\x59\x20\xc4\x1c\xf0\xb7\xda\x84\x58\x02\x63\xfa\x48\x16\xef\x4f\xa5\x0b\xf7\x4a\x98\xf2\x3f\x9e\x1b\xad\x47\x6b\x63\xce\x08\x47\xeb\x52\x3f\x78\x9c\xaf\x4d\xae\xf8\xd5\x4f\xcf\x9a\x98\x2a\x10\x41\x39\x52\xc4\xdd\xd9\x9b\x0e\xef\x93\x01\xae\xb2\x2e\xca\x68\x42\x24\x42\x6c\xb0\xb3\x3a\x3e\xcd\xe9\xda\x48\xc4\x15\xcb\xe9\xf9\x07\x0f\x92\x50\x49\x8a\xdd\x31\x97\x5f\xc9\xe9\x37\xaa\x3b\x59\x65\x97\x94\x32\xc9\xb3\x9f\x3e\x3a\x62\x58\xc5\x49\xad\x62\x0e\x71\xa5\x32\xaa\x2f\xc6\x89\x76\x43\x40\x13\x13\x67\x3d\xa2\x54\x25\x10\xcb\xf1\x3a\xf2\xd9\xfa\xdb\x49\x56\xbb\xa6\xfe\xa7\x41\x35\xc3\xe0\x88\x61\xc9\x88\xc7\xdf\x36\x10\x22\x98\x59\xea\xb0\x4a\xfb\x56\x16\x73\x6e\xac\x4d\xf7\x22\xa1\x4f\xad\x1d\x7a\x2d\x45\x27\xe5\x30\xc1\x5e\xf2\xda\x13\xcb\x25\x42\x51\x95\x47\x03\x8c\x6c\x21\xcc\x74\x42\xed\x53\xff\x33\x8b\x8f\x0f\x57\x01\x16\x2f\xcf\xa6\xee\xc9\x70\x22\x14\xbd\xfd\xbe\x6c\x0b\x03", + ["Sonera Class 2 Root CA"] = "\x30\x82\x03\x20\x30\x82\x02\x08\xa0\x03\x02\x01\x02\x02\x01\x1d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x39\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x13\x06\x53\x6f\x6e\x65\x72\x61\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x6f\x6e\x65\x72\x61\x20\x43\x6c\x61\x73\x73\x32\x20\x43\x41\x30\x1e\x17\x0d\x30\x31\x30\x34\x30\x36\x30\x37\x32\x39\x34\x30\x5a\x17\x0d\x32\x31\x30\x34\x30\x36\x30\x37\x32\x39\x34\x30\x5a\x30\x39\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x49\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x13\x06\x53\x6f\x6e\x65\x72\x61\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x6f\x6e\x65\x72\x61\x20\x43\x6c\x61\x73\x73\x32\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x90\x17\x4a\x35\x9d\xca\xf0\x0d\x96\xc7\x44\xfa\x16\x37\xfc\x48\xbd\xbd\x7f\x80\x2d\x35\x3b\xe1\x6f\xa8\x67\xa9\xbf\x03\x1c\x4d\x8c\x6f\x32\x47\xd5\x41\x68\xa4\x13\x04\xc1\x35\x0c\x9a\x84\x43\xfc\x5c\x1d\xff\x89\xb3\xe8\x17\x18\xcd\x91\x5f\xfb\x89\xe3\xea\xbf\x4e\x5d\x7c\x1b\x26\xd3\x75\x79\xed\xe6\x84\xe3\x57\xe5\xad\x29\xc4\xf4\x3a\x28\xe7\xa5\x7b\x84\x36\x69\xb3\xfd\x5e\x76\xbd\xa3\x2d\x99\xd3\x90\x4e\x23\x28\x7d\x18\x63\xf1\x54\x3b\x26\x9d\x76\x5b\x97\x42\xb2\xff\xae\xf0\x4e\xec\xdd\x39\x95\x4e\x83\x06\x7f\xe7\x49\x40\xc8\xc5\x01\xb2\x54\x5a\x66\x1d\x3d\xfc\xf9\xe9\x3c\x0a\x9e\x81\xb8\x70\xf0\x01\x8b\xe4\x23\x54\x7c\xc8\xae\xf8\x90\x1e\x00\x96\x72\xd4\x54\xcf\x61\x23\xbc\xea\xfb\x9d\x02\x95\xd1\xb6\xb9\x71\x3a\x69\x08\x3f\x0f\xb4\xe1\x42\xc7\x88\xf5\x3f\x98\xa8\xa7\xba\x1c\xe0\x71\x71\xef\x58\x57\x81\x50\x7a\x5c\x6b\x74\x46\x0e\x83\x03\x98\xc3\x8e\xa8\x6e\xf2\x76\x32\x6e\x27\x83\xc2\x73\xf3\xdc\x18\xe8\xb4\x93\xea\x75\x44\x6b\x04\x60\x20\x71\x57\x87\x9d\xf3\xbe\xa0\x90\x23\x3d\x8a\x24\xe1\xda\x21\xdb\xc3\x02\x03\x01\x00\x01\xa3\x33\x30\x31\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x11\x06\x03\x55\x1d\x0e\x04\x0a\x04\x08\x4a\xa0\xaa\x58\x84\xd3\x5e\x3c\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5a\xce\x87\xf9\x16\x72\x15\x57\x4b\x1d\xd9\x9b\xe7\xa2\x26\x30\xec\x93\x67\xdf\xd6\x2d\xd2\x34\xaf\xf7\x38\xa5\xce\xab\x16\xb9\xab\x2f\x7c\x35\xcb\xac\xd0\x0f\xb4\x4c\x2b\xfc\x80\xef\x6b\x8c\x91\x5f\x36\x76\xf7\xdb\xb3\x1b\x19\xea\xf4\xb2\x11\xfd\x61\x71\x44\xbf\x28\xb3\x3a\x1d\xbf\xb3\x43\xe8\x9f\xbf\xdc\x31\x08\x71\xb0\x9d\x8d\xd6\x34\x47\x32\x90\xc6\x65\x24\xf7\xa0\x4a\x7c\x04\x73\x8f\x39\x6f\x17\x8c\x72\xb5\xbd\x4b\xc8\x7a\xf8\x7b\x83\xc3\x28\x4e\x9c\x09\xea\x67\x3f\xb2\x67\x04\x1b\xc3\x14\xda\xf8\xe7\x49\x24\x91\xd0\x1d\x6a\xfa\x61\x39\xef\x6b\xe7\x21\x75\x06\x07\xd8\x12\xb4\x21\x20\x70\x42\x71\x81\xda\x3c\x9a\x36\xbe\xa6\x5b\x0d\x6a\x6c\x9a\x1f\x91\x7b\xf9\xf9\xef\x42\xba\x4e\x4e\x9e\xcc\x0c\x8d\x94\xdc\xd9\x45\x9c\x5e\xec\x42\x50\x63\xae\xf4\x5d\xc4\xb1\x12\xdc\xca\x3b\xa8\x2e\x9d\x14\x5a\x05\x75\xb7\xec\xd7\x63\xe2\xba\x35\xb6\x04\x08\x91\xe8\xda\x9d\x9c\xf6\x66\xb5\x18\xac\x0a\xa6\x54\x26\x34\x33\xd2\x1b\xc1\xd4\x7f\x1a\x3a\x8e\x0b\xaa\x32\x6e\xdb\xfc\x4f\x25\x9f\xd9\x32\xc7\x96\x5a\x70\xac\xdf\x4c", + ["Staat der Nederlanden Root CA"] = "\x30\x82\x03\xba\x30\x82\x02\xa2\xa0\x03\x02\x01\x02\x02\x04\x00\x98\x96\x8a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x55\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4c\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x13\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1d\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x32\x31\x32\x31\x37\x30\x39\x32\x33\x34\x39\x5a\x17\x0d\x31\x35\x31\x32\x31\x36\x30\x39\x31\x35\x33\x38\x5a\x30\x55\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4c\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x13\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1d\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x98\xd2\xb5\x51\x11\x7a\x81\xa6\x14\x98\x71\x6d\xbe\xcc\xe7\x13\x1b\xd6\x27\x0e\x7a\xb3\x6a\x18\x1c\xb6\x61\x5a\xd5\x61\x09\xbf\xde\x90\x13\xc7\x67\xee\xdd\xf3\xda\xc5\x0c\x12\x9e\x35\x55\x3e\x2c\x27\x88\x40\x6b\xf7\xdc\xdd\x22\x61\xf5\xc2\xc7\x0e\xf5\xf6\xd5\x76\x53\x4d\x8f\x8c\xbc\x18\x76\x37\x85\x9d\xe8\xca\x49\xc7\xd2\x4f\x98\x13\x09\xa2\x3e\x22\x88\x9c\x7f\xd6\xf2\x10\x65\xb4\xee\x5f\x18\xd5\x17\xe3\xf8\xc5\xfd\xe2\x9d\xa2\xef\x53\x0e\x85\x77\xa2\x0f\xe1\x30\x47\xee\x00\xe7\x33\x7d\x44\x67\x1a\x0b\x51\xe8\x8b\xa0\x9e\x50\x98\x68\x34\x52\x1f\x2e\x6d\x01\xf2\x60\x45\xf2\x31\xeb\xa9\x31\x68\x29\xbb\x7a\x41\x9e\xc6\x19\x7f\x94\xb4\x51\x39\x03\x7f\xb2\xde\xa7\x32\x9b\xb4\x47\x8e\x6f\xb4\x4a\xae\xe5\xaf\xb1\xdc\xb0\x1b\x61\xbc\x99\x72\xde\xe4\x89\xb7\x7a\x26\x5d\xda\x33\x49\x5b\x52\x9c\x0e\xf5\x8a\xad\xc3\xb8\x3d\xe8\x06\x6a\xc2\xd5\x2a\x0b\x6c\x7b\x84\xbd\x56\x05\xcb\x86\x65\x92\xec\x44\x2b\xb0\x8e\xb9\xdc\x70\x0b\x46\xda\xad\xbc\x63\x88\x39\xfa\xdb\x6a\xfe\x23\xfa\xbc\xe4\x48\xf4\x67\x2b\x6a\x11\x10\x21\x49\x02\x03\x01\x00\x01\xa3\x81\x91\x30\x81\x8e\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x4f\x06\x03\x55\x1d\x20\x04\x48\x30\x46\x30\x44\x06\x04\x55\x1d\x20\x00\x30\x3c\x30\x3a\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x2e\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x70\x6b\x69\x6f\x76\x65\x72\x68\x65\x69\x64\x2e\x6e\x6c\x2f\x70\x6f\x6c\x69\x63\x69\x65\x73\x2f\x72\x6f\x6f\x74\x2d\x70\x6f\x6c\x69\x63\x79\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa8\x7d\xeb\xbc\x63\xa4\x74\x13\x74\x00\xec\x96\xe0\xd3\x34\xc1\x2c\xbf\x6c\xf8\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x05\x84\x87\x55\x74\x36\x61\xc1\xbb\xd1\xd4\xc6\x15\xa8\x13\xb4\x9f\xa4\xfe\xbb\xee\x15\xb4\x2f\x06\x0c\x29\xf2\xa8\x92\xa4\x61\x0d\xfc\xab\x5c\x08\x5b\x51\x13\x2b\x4d\xc2\x2a\x61\xc8\xf8\x09\x58\xfc\x2d\x02\xb2\x39\x7d\x99\x66\x81\xbf\x6e\x5c\x95\x45\x20\x6c\xe6\x79\xa7\xd1\xd8\x1c\x29\xfc\xc2\x20\x27\x51\xc8\xf1\x7c\x5d\x34\x67\x69\x85\x11\x30\xc6\x00\xd2\xd7\xf3\xd3\x7c\xb6\xf0\x31\x57\x28\x12\x82\x73\xe9\x33\x2f\xa6\x55\xb4\x0b\x91\x94\x47\x9c\xfa\xbb\x7a\x42\x32\xe8\xae\x7e\x2d\xc8\xbc\xac\x14\xbf\xd9\x0f\xd9\x5b\xfc\xc1\xf9\x7a\x95\xe1\x7d\x7e\x96\xfc\x71\xb0\xc2\x4c\xc8\xdf\x45\x34\xc9\xce\x0d\xf2\x9c\x64\x08\xd0\x3b\xc3\x29\xc5\xb2\xed\x90\x04\xc1\xb1\x29\x91\xc5\x30\x6f\xc1\xa9\x72\x33\xcc\xfe\x5d\x16\x17\x2c\x11\x69\xe7\x7e\xfe\xc5\x83\x08\xdf\xbc\xdc\x22\x3a\x2e\x20\x69\x23\x39\x56\x60\x67\x90\x8b\x2e\x76\x39\xfb\x11\x88\x97\xf6\x7c\xbd\x4b\xb8\x20\x16\x67\x05\x8d\xe2\x3b\xc1\x72\x3f\x94\x95\x37\xc7\x5d\xb9\x9e\xd8\x93\xa1\x17\x8f\xff\x0c\x66\x15\xc1\x24\x7c\x32\x7c\x03\x1d\x3b\xa1\x58\x45\x32\x93", + ["TDC Internet Root CA"] = "\x30\x82\x04\x2b\x30\x82\x03\x13\xa0\x03\x02\x01\x02\x02\x04\x3a\xcc\xa5\x4c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x43\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4b\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x54\x44\x43\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x54\x44\x43\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x31\x30\x34\x30\x35\x31\x36\x33\x33\x31\x37\x5a\x17\x0d\x32\x31\x30\x34\x30\x35\x31\x37\x30\x33\x31\x37\x5a\x30\x43\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4b\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x54\x44\x43\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x54\x44\x43\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc4\xb8\x40\xbc\x91\xd5\x63\x1f\xd7\x99\xa0\x8b\x0c\x40\x1e\x74\xb7\x48\x9d\x46\x8c\x02\xb2\xe0\x24\x5f\xf0\x19\x13\xa7\x37\x83\x6b\x5d\xc7\x8e\xf9\x84\x30\xce\x1a\x3b\xfa\xfb\xce\x8b\x6d\x23\xc6\xc3\x6e\x66\x9f\x89\xa5\xdf\xe0\x42\x50\x67\xfa\x1f\x6c\x1e\xf4\xd0\x05\xd6\xbf\xca\xd6\x4e\xe4\x68\x60\x6c\x46\xaa\x1c\x5d\x63\xe1\x07\x86\x0e\x65\x00\xa7\x2e\xa6\x71\xc6\xbc\xb9\x81\xa8\x3a\x7d\x1a\xd2\xf9\xd1\xac\x4b\xcb\xce\x75\xaf\xdc\x7b\xfa\x81\x73\xd4\xfc\xba\xbd\x41\x88\xd4\x74\xb3\xf9\x5e\x38\x3a\x3c\x43\xa8\xd2\x95\x4e\x77\x6d\x13\x0c\x9d\x8f\x78\x01\xb7\x5a\x20\x1f\x03\x37\x35\xe2\x2c\xdb\x4b\x2b\x2c\x78\xb9\x49\xdb\xc4\xd0\xc7\x9c\x9c\xe4\x8a\x20\x09\x21\x16\x56\x66\xff\x05\xec\x5b\xe3\xf0\xcf\xab\x24\x24\x5e\xc3\x7f\x70\x7a\x12\xc4\xd2\xb5\x10\xa0\xb6\x21\xe1\x8d\x78\x69\x55\x44\x69\xf5\xca\x96\x1c\x34\x85\x17\x25\x77\xe2\xf6\x2f\x27\x98\x78\xfd\x79\x06\x3a\xa2\xd6\x5a\x43\xc1\xff\xec\x04\x3b\xee\x13\xef\xd3\x58\x5a\xff\x92\xeb\xec\xae\xda\xf2\x37\x03\x47\x41\xb6\x97\xc9\x2d\x0a\x41\x22\xbb\xbb\xe6\xa7\x02\x03\x01\x00\x01\xa3\x82\x01\x25\x30\x82\x01\x21\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x65\x06\x03\x55\x1d\x1f\x04\x5e\x30\x5c\x30\x5a\xa0\x58\xa0\x56\xa4\x54\x30\x52\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4b\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x54\x44\x43\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x31\x1d\x30\x1b\x06\x03\x55\x04\x0b\x13\x14\x54\x44\x43\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x20\x52\x6f\x6f\x74\x20\x43\x41\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x32\x30\x30\x31\x30\x34\x30\x35\x31\x36\x33\x33\x31\x37\x5a\x81\x0f\x32\x30\x32\x31\x30\x34\x30\x35\x31\x37\x30\x33\x31\x37\x5a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x6c\x64\x01\xc7\xfd\x85\x6d\xac\xc8\xda\x9e\x50\x08\x85\x08\xb5\x3c\x56\xa8\x50\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x6c\x64\x01\xc7\xfd\x85\x6d\xac\xc8\xda\x9e\x50\x08\x85\x08\xb5\x3c\x56\xa8\x50\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x10\x30\x0e\x1b\x08\x56\x35\x2e\x30\x3a\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4e\x43\xcc\xd1\xdd\x1d\x10\x1b\x06\x7f\xb7\xa4\xfa\xd3\xd9\x4d\xfb\x23\x9f\x23\x54\x5b\xe6\x8b\x2f\x04\x28\x8b\xb5\x27\x6d\x89\xa1\xec\x98\x69\xdc\xe7\x8d\x26\x83\x05\x79\x74\xec\xb4\xb9\xa3\x97\xc1\x35\x00\xfd\x15\xda\x39\x81\x3a\x95\x31\x90\xde\x97\xe9\x86\xa8\x99\x77\x0c\xe5\x5a\xa0\x84\xff\x12\x16\xac\x6e\xb8\x8d\xc3\x7b\x92\xc2\xac\x2e\xd0\x7d\x28\xec\xb6\xf3\x60\x38\x69\x6f\x3e\xd8\x04\x55\x3e\x9e\xcc\x55\xd2\xba\xfe\xbb\x47\x04\xd7\x0a\xd9\x16\x0a\x34\x29\xf5\x58\x13\xd5\x4f\xcf\x8f\x56\x4b\xb3\x1e\xee\xd3\x98\x79\xda\x08\x1e\x0c\x6f\xb8\xf8\x16\x27\xef\xc2\x6f\x3d\xf6\xa3\x4b\x3e\x0e\xe4\x6d\x6c\xdb\x3b\x41\x12\x9b\xbd\x0d\x47\x23\x7f\x3c\x4a\xd0\xaf\xc0\xaf\xf6\xef\x1b\xb5\x15\xc4\xeb\x83\xc4\x09\x5f\x74\x8b\xd9\x11\xfb\xc2\x56\xb1\x3c\xf8\x70\xca\x34\x8d\x43\x40\x13\x8c\xfd\x99\x03\x54\x79\xc6\x2e\xea\x86\xa1\xf6\x3a\xd4\x09\xbc\xf4\xbc\x66\xcc\x3d\x58\xd0\x57\x49\x0a\xee\x25\xe2\x41\xee\x13\xf9\x9b\x38\x34\xd1\x00\xf5\x7e\xe7\x94\x1d\xfc\x69\x03\x62\xb8\x99\x05\x05\x3d\x6b\x78\x12\xbd\xb0\x6f\x65", + ["TDC OCES Root CA"] = "\x30\x82\x05\x19\x30\x82\x04\x01\xa0\x03\x02\x01\x02\x02\x04\x3e\x48\xbd\xc4\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x31\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4b\x31\x0c\x30\x0a\x06\x03\x55\x04\x0a\x13\x03\x54\x44\x43\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0b\x54\x44\x43\x20\x4f\x43\x45\x53\x20\x43\x41\x30\x1e\x17\x0d\x30\x33\x30\x32\x31\x31\x30\x38\x33\x39\x33\x30\x5a\x17\x0d\x33\x37\x30\x32\x31\x31\x30\x39\x30\x39\x33\x30\x5a\x30\x31\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4b\x31\x0c\x30\x0a\x06\x03\x55\x04\x0a\x13\x03\x54\x44\x43\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0b\x54\x44\x43\x20\x4f\x43\x45\x53\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xac\x62\xf6\x61\x20\xb2\xcf\xc0\xc6\x85\xd7\xe3\x79\xe6\xcc\xed\xf2\x39\x92\xa4\x97\x2e\x64\xa3\x84\x5b\x87\x9c\x4c\xfd\xa4\xf3\xc4\x5f\x21\xbd\x56\x10\xeb\xdb\x2e\x61\xec\x93\x69\xe3\xa3\xcc\xbd\x99\xc3\x05\xfc\x06\xb8\xca\x36\x1c\xfe\x90\x8e\x49\x4c\xc4\x56\x9a\x2f\x56\xbc\xcf\x7b\x0c\xf1\x6f\x47\xa6\x0d\x43\x4d\xe2\xe9\x1d\x39\x34\xcd\x8d\x2c\xd9\x12\x98\xf9\xe3\xe1\xc1\x4a\x7c\x86\x38\xc4\xa9\xc4\x61\x88\xd2\x5e\xaf\x1a\x26\x4d\xd5\xe4\xa0\x22\x47\x84\xd9\x64\xb7\x19\x96\xfc\xec\x19\xe4\xb2\x97\x26\x4e\x4a\x4c\xcb\x8f\x24\x8b\x54\x18\x1c\x48\x61\x7b\xd5\x88\x68\xda\x5d\xb5\xea\xcd\x1a\x30\xc1\x80\x83\x76\x50\xaa\x4f\xd1\xd4\xdd\x38\xf0\xef\x16\xf4\xe1\x0c\x50\x06\xbf\xea\xfb\x7a\x49\xa1\x28\x2b\x1c\xf6\xfc\x15\x32\xa3\x74\x6a\x8f\xa9\xc3\x62\x29\x71\x31\xe5\x3b\xa4\x60\x17\x5e\x74\xe6\xda\x13\xed\xe9\x1f\x1f\x1b\xd1\xb2\x68\x73\xc6\x10\x34\x75\x46\x10\x10\xe3\x90\x00\x76\x40\xcb\x8b\xb7\x43\x09\x21\xff\xab\x4e\x93\xc6\x58\xe9\xa5\x82\xdb\x77\xc4\x3a\x99\xb1\x72\x95\x49\x04\xf0\xb7\x2b\xfa\x7b\x59\x8e\xdd\x02\x03\x01\x00\x01\xa3\x82\x02\x37\x30\x82\x02\x33\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x81\xec\x06\x03\x55\x1d\x20\x04\x81\xe4\x30\x81\xe1\x30\x81\xde\x06\x08\x2a\x81\x50\x81\x29\x01\x01\x01\x30\x81\xd1\x30\x2f\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x65\x72\x74\x69\x66\x69\x6b\x61\x74\x2e\x64\x6b\x2f\x72\x65\x70\x6f\x73\x69\x74\x6f\x72\x79\x30\x81\x9d\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x81\x90\x30\x0a\x16\x03\x54\x44\x43\x30\x03\x02\x01\x01\x1a\x81\x81\x43\x65\x72\x74\x69\x66\x69\x6b\x61\x74\x65\x72\x20\x66\x72\x61\x20\x64\x65\x6e\x6e\x65\x20\x43\x41\x20\x75\x64\x73\x74\x65\x64\x65\x73\x20\x75\x6e\x64\x65\x72\x20\x4f\x49\x44\x20\x31\x2e\x32\x2e\x32\x30\x38\x2e\x31\x36\x39\x2e\x31\x2e\x31\x2e\x31\x2e\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x73\x20\x66\x72\x6f\x6d\x20\x74\x68\x69\x73\x20\x43\x41\x20\x61\x72\x65\x20\x69\x73\x73\x75\x65\x64\x20\x75\x6e\x64\x65\x72\x20\x4f\x49\x44\x20\x31\x2e\x32\x2e\x32\x30\x38\x2e\x31\x36\x39\x2e\x31\x2e\x31\x2e\x31\x2e\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x81\x81\x06\x03\x55\x1d\x1f\x04\x7a\x30\x78\x30\x48\xa0\x46\xa0\x44\xa4\x42\x30\x40\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x4b\x31\x0c\x30\x0a\x06\x03\x55\x04\x0a\x13\x03\x54\x44\x43\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0b\x54\x44\x43\x20\x4f\x43\x45\x53\x20\x43\x41\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4c\x31\x30\x2c\xa0\x2a\xa0\x28\x86\x26\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x6f\x63\x65\x73\x2e\x63\x65\x72\x74\x69\x66\x69\x6b\x61\x74\x2e\x64\x6b\x2f\x6f\x63\x65\x73\x2e\x63\x72\x6c\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x32\x30\x30\x33\x30\x32\x31\x31\x30\x38\x33\x39\x33\x30\x5a\x81\x0f\x32\x30\x33\x37\x30\x32\x31\x31\x30\x39\x30\x39\x33\x30\x5a\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x60\xb5\x85\xec\x56\x64\x7e\x12\x19\x27\x67\x1d\x50\x15\x4b\x73\xae\x3b\xf9\x12\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x60\xb5\x85\xec\x56\x64\x7e\x12\x19\x27\x67\x1d\x50\x15\x4b\x73\xae\x3b\xf9\x12\x30\x1d\x06\x09\x2a\x86\x48\x86\xf6\x7d\x07\x41\x00\x04\x10\x30\x0e\x1b\x08\x56\x36\x2e\x30\x3a\x34\x2e\x30\x03\x02\x04\x90\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x0a\xba\x26\x26\x46\xd3\x73\xa8\x09\xf3\x6b\x0b\x30\x99\xfd\x8a\xe1\x57\x7a\x11\xd3\xb8\x94\xd7\x09\x10\x6e\xa3\xb1\x38\x03\xd1\xb6\xf2\x43\x41\x29\x62\xa7\x72\xd8\xfb\x7c\x05\xe6\x31\x70\x27\x54\x18\x4e\x8a\x7c\x4e\xe5\xd1\xca\x8c\x78\x88\xcf\x1b\xd3\x90\x8b\xe6\x23\xf8\x0b\x0e\x33\x43\x7d\x9c\xe2\x0a\x19\x8f\xc9\x01\x3e\x74\x5d\x74\xc9\x8b\x1c\x03\xe5\x18\xc8\x01\x4c\x3f\xcb\x97\x05\x5d\x98\x71\xa6\x98\x6f\xb6\x7c\xbd\x37\x7f\xbe\xe1\x93\x25\x6d\x6f\xf0\x0a\xad\x17\x18\xe1\x03\xbc\x07\x29\xc8\xad\x26\xe8\xf8\x61\xf0\xfd\x21\x09\x7e\x9a\x8e\xa9\x68\x7d\x48\x62\x72\xbd\x00\xea\x01\x99\xb8\x06\x82\x51\x81\x4e\xf1\xf5\xb4\x91\x54\xb9\x23\x7a\x00\x9a\x9f\x5d\x8d\xe0\x3c\x64\xb9\x1a\x12\x92\x2a\xc7\x82\x44\x72\x39\xdc\xe2\x3c\xc6\xd8\x55\xf5\x15\x4e\xc8\x05\x0e\xdb\xc6\xd0\x62\xa6\xec\x15\xb4\xb5\x02\x82\xdb\xac\x8c\xa2\x81\xf0\x9b\x99\x31\xf5\x20\x20\xa8\x88\x61\x0a\x07\x9f\x94\xfc\xd0\xd7\x1b\xcc\x2e\x17\xf3\x04\x27\x76\x67\xeb\x54\x83\xfd\xa4\x90\x7e\x06\x3d\x04\xa3\x43\x2d\xda\xfc\x0b\x62\xea\x2f\x5f\x62\x53", + ["UTN DATACorp SGC Root CA"] = "\x30\x82\x04\x5e\x30\x82\x03\x46\xa0\x03\x02\x01\x02\x02\x10\x44\xbe\x0c\x8b\x50\x00\x21\xb4\x11\xd3\x2a\x68\x06\xa9\xad\x69\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x93\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0e\x53\x61\x6c\x74\x20\x4c\x61\x6b\x65\x20\x43\x69\x74\x79\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x0b\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x55\x54\x4e\x20\x2d\x20\x44\x41\x54\x41\x43\x6f\x72\x70\x20\x53\x47\x43\x30\x1e\x17\x0d\x39\x39\x30\x36\x32\x34\x31\x38\x35\x37\x32\x31\x5a\x17\x0d\x31\x39\x30\x36\x32\x34\x31\x39\x30\x36\x33\x30\x5a\x30\x81\x93\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0e\x53\x61\x6c\x74\x20\x4c\x61\x6b\x65\x20\x43\x69\x74\x79\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x0b\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x55\x54\x4e\x20\x2d\x20\x44\x41\x54\x41\x43\x6f\x72\x70\x20\x53\x47\x43\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xdf\xee\x58\x10\xa2\x2b\x6e\x55\xc4\x8e\xbf\x2e\x46\x09\xe7\xe0\x08\x0f\x2e\x2b\x7a\x13\x94\x1b\xbd\xf6\xb6\x80\x8e\x65\x05\x93\x00\x1e\xbc\xaf\xe2\x0f\x8e\x19\x0d\x12\x47\xec\xac\xad\xa3\xfa\x2e\x70\xf8\xde\x6e\xfb\x56\x42\x15\x9e\x2e\x5c\xef\x23\xde\x21\xb9\x05\x76\x27\x19\x0f\x4f\xd6\xc3\x9c\xb4\xbe\x94\x19\x63\xf2\xa6\x11\x0a\xeb\x53\x48\x9c\xbe\xf2\x29\x3b\x16\xe8\x1a\xa0\x4c\xa6\xc9\xf4\x18\x59\x68\xc0\x70\xf2\x53\x00\xc0\x5e\x50\x82\xa5\x56\x6f\x36\xf9\x4a\xe0\x44\x86\xa0\x4d\x4e\xd6\x47\x6e\x49\x4a\xcb\x67\xd7\xa6\xc4\x05\xb9\x8e\x1e\xf4\xfc\xff\xcd\xe7\x36\xe0\x9c\x05\x6c\xb2\x33\x22\x15\xd0\xb4\xe0\xcc\x17\xc0\xb2\xc0\xf4\xfe\x32\x3f\x29\x2a\x95\x7b\xd8\xf2\xa7\x4e\x0f\x54\x7c\xa1\x0d\x80\xb3\x09\x03\xc1\xff\x5c\xdd\x5e\x9a\x3e\xbc\xae\xbc\x47\x8a\x6a\xae\x71\xca\x1f\xb1\x2a\xb8\x5f\x42\x05\x0b\xec\x46\x30\xd1\x72\x0b\xca\xe9\x56\x6d\xf5\xef\xdf\x78\xbe\x61\xba\xb2\xa5\xae\x04\x4c\xbc\xa8\xac\x69\x15\x97\xbd\xef\xeb\xb4\x8c\xbf\x35\xf8\xd4\xc3\xd1\x28\x0e\x5c\x3a\x9f\x70\x18\x33\x20\x77\xc4\xa2\xaf\x02\x03\x01\x00\x01\xa3\x81\xab\x30\x81\xa8\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\xc6\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x53\x32\xd1\xb3\xcf\x7f\xfa\xe0\xf1\xa0\x5d\x85\x4e\x92\xd2\x9e\x45\x1d\xb4\x4f\x30\x3d\x06\x03\x55\x1d\x1f\x04\x36\x30\x34\x30\x32\xa0\x30\xa0\x2e\x86\x2c\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x2f\x55\x54\x4e\x2d\x44\x41\x54\x41\x43\x6f\x72\x70\x53\x47\x43\x2e\x63\x72\x6c\x30\x2a\x06\x03\x55\x1d\x25\x04\x23\x30\x21\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x0a\x03\x03\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x04\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x27\x35\x97\x00\x8a\x8b\x28\xbd\xc6\x33\x30\x1e\x29\xfc\xe2\xf7\xd5\x98\xd4\x40\xbb\x60\xca\xbf\xab\x17\x2c\x09\x36\x7f\x50\xfa\x41\xdc\xae\x96\x3a\x0a\x23\x3e\x89\x59\xc9\xa3\x07\xed\x1b\x37\xad\xfc\x7c\xbe\x51\x49\x5a\xde\x3a\x0a\x54\x08\x16\x45\xc2\x99\xb1\x87\xcd\x8c\x68\xe0\x69\x03\xe9\xc4\x4e\x98\xb2\x3b\x8c\x16\xb3\x0e\xa0\x0c\x98\x50\x9b\x93\xa9\x70\x09\xc8\x2c\xa3\x8f\xdf\x02\xe4\xe0\x71\x3a\xf1\xb4\x23\x72\xa0\xaa\x01\xdf\xdf\x98\x3e\x14\x50\xa0\x31\x26\xbd\x28\xe9\x5a\x30\x26\x75\xf9\x7b\x60\x1c\x8d\xf3\xcd\x50\x26\x6d\x04\x27\x9a\xdf\xd5\x0d\x45\x47\x29\x6b\x2c\xe6\x76\xd9\xa9\x29\x7d\x32\xdd\xc9\x36\x3c\xbd\xae\x35\xf1\x11\x9e\x1d\xbb\x90\x3f\x12\x47\x4e\x8e\xd7\x7e\x0f\x62\x73\x1d\x52\x26\x38\x1c\x18\x49\xfd\x30\x74\x9a\xc4\xe5\x22\x2f\xd8\xc0\x8d\xed\x91\x7a\x4c\x00\x8f\x72\x7f\x5d\xda\xdd\x1b\x8b\x45\x6b\xe7\xdd\x69\x97\xa8\xc5\x56\x4c\x0f\x0c\xf6\x9f\x7a\x91\x37\xf6\x97\x82\xe0\xdd\x71\x69\xff\x76\x3f\x60\x4d\x3c\xcf\xf7\x99\xf9\xc6\x57\xf4\xc9\x55\x39\x78\xba\x2c\x79\xc9\xa6\x88\x2b\xf4\x08", + ["UTN USERFirst Hardware Root CA"] = "\x30\x82\x04\x74\x30\x82\x03\x5c\xa0\x03\x02\x01\x02\x02\x10\x44\xbe\x0c\x8b\x50\x00\x24\xb4\x11\xd3\x36\x2a\xfe\x65\x0a\xfd\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x97\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0e\x53\x61\x6c\x74\x20\x4c\x61\x6b\x65\x20\x43\x69\x74\x79\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x0b\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x55\x54\x4e\x2d\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2d\x48\x61\x72\x64\x77\x61\x72\x65\x30\x1e\x17\x0d\x39\x39\x30\x37\x30\x39\x31\x38\x31\x30\x34\x32\x5a\x17\x0d\x31\x39\x30\x37\x30\x39\x31\x38\x31\x39\x32\x32\x5a\x30\x81\x97\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0b\x30\x09\x06\x03\x55\x04\x08\x13\x02\x55\x54\x31\x17\x30\x15\x06\x03\x55\x04\x07\x13\x0e\x53\x61\x6c\x74\x20\x4c\x61\x6b\x65\x20\x43\x69\x74\x79\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x13\x15\x54\x68\x65\x20\x55\x53\x45\x52\x54\x52\x55\x53\x54\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x21\x30\x1f\x06\x03\x55\x04\x0b\x13\x18\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x55\x54\x4e\x2d\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2d\x48\x61\x72\x64\x77\x61\x72\x65\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb1\xf7\xc3\x38\x3f\xb4\xa8\x7f\xcf\x39\x82\x51\x67\xd0\x6d\x9f\xd2\xff\x58\xf3\xe7\x9f\x2b\xec\x0d\x89\x54\x99\xb9\x38\x99\x16\xf7\xe0\x21\x79\x48\xc2\xbb\x61\x74\x12\x96\x1d\x3c\x6a\x72\xd5\x3c\x10\x67\x3a\x39\xed\x2b\x13\xcd\x66\xeb\x95\x09\x33\xa4\x6c\x97\xb1\xe8\xc6\xec\xc1\x75\x79\x9c\x46\x5e\x8d\xab\xd0\x6a\xfd\xb9\x2a\x55\x17\x10\x54\xb3\x19\xf0\x9a\xf6\xf1\xb1\x5d\xb6\xa7\x6d\xfb\xe0\x71\x17\x6b\xa2\x88\xfb\x00\xdf\xfe\x1a\x31\x77\x0c\x9a\x01\x7a\xb1\x32\xe3\x2b\x01\x07\x38\x6e\xc3\xa5\x5e\x23\xbc\x45\x9b\x7b\x50\xc1\xc9\x30\x8f\xdb\xe5\x2b\x7a\xd3\x5b\xfb\x33\x40\x1e\xa0\xd5\x98\x17\xbc\x8b\x87\xc3\x89\xd3\x5d\xa0\x8e\xb2\xaa\xaa\xf6\x8e\x69\x88\x06\xc5\xfa\x89\x21\xf3\x08\x9d\x69\x2e\x09\x33\x9b\x29\x0d\x46\x0f\x8c\xcc\x49\x34\xb0\x69\x51\xbd\xf9\x06\xcd\x68\xad\x66\x4c\xbc\x3e\xac\x61\xbd\x0a\x88\x0e\xc8\xdf\x3d\xee\x7c\x04\x4c\x9d\x0a\x5e\x6b\x91\xd6\xee\xc7\xed\x28\x8d\xab\x4d\x87\x89\x73\xd0\x6e\xa4\xd0\x1e\x16\x8b\x14\xe1\x76\x44\x03\x7f\x63\xac\xe4\xcd\x49\x9c\xc5\x92\xf4\xab\x32\xa1\x48\x5b\x02\x03\x01\x00\x01\xa3\x81\xb9\x30\x81\xb6\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\xc6\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa1\x72\x5f\x26\x1b\x28\x98\x43\x95\x5d\x07\x37\xd5\x85\x96\x9d\x4b\xd2\xc3\x45\x30\x44\x06\x03\x55\x1d\x1f\x04\x3d\x30\x3b\x30\x39\xa0\x37\xa0\x35\x86\x33\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x75\x73\x65\x72\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x2f\x55\x54\x4e\x2d\x55\x53\x45\x52\x46\x69\x72\x73\x74\x2d\x48\x61\x72\x64\x77\x61\x72\x65\x2e\x63\x72\x6c\x30\x31\x06\x03\x55\x1d\x25\x04\x2a\x30\x28\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x05\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x06\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x07\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x47\x19\x0f\xde\x74\xc6\x99\x97\xaf\xfc\xad\x28\x5e\x75\x8e\xeb\x2d\x67\xee\x4e\x7b\x2b\xd7\x0c\xff\xf6\xde\xcb\x55\xa2\x0a\xe1\x4c\x54\x65\x93\x60\x6b\x9f\x12\x9c\xad\x5e\x83\x2c\xeb\x5a\xae\xc0\xe4\x2d\xf4\x00\x63\x1d\xb8\xc0\x6c\xf2\xcf\x49\xbb\x4d\x93\x6f\x06\xa6\x0a\x22\xb2\x49\x62\x08\x4e\xff\xc8\xc8\x14\xb2\x88\x16\x5d\xe7\x01\xe4\x12\x95\xe5\x45\x34\xb3\x8b\x69\xbd\xcf\xb4\x85\x8f\x75\x51\x9e\x7d\x3a\x38\x3a\x14\x48\x12\xc6\xfb\xa7\x3b\x1a\x8d\x0d\x82\x40\x07\xe8\x04\x08\x90\xa1\x89\xcb\x19\x50\xdf\xca\x1c\x01\xbc\x1d\x04\x19\x7b\x10\x76\x97\x3b\xee\x90\x90\xca\xc4\x0e\x1f\x16\x6e\x75\xef\x33\xf8\xd3\x6f\x5b\x1e\x96\xe3\xe0\x74\x77\x74\x7b\x8a\xa2\x6e\x2d\xdd\x76\xd6\x39\x30\x82\xf0\xab\x9c\x52\xf2\x2a\xc7\xaf\x49\x5e\x7e\xc7\x68\xe5\x82\x81\xc8\x6a\x27\xf9\x27\x88\x2a\xd5\x58\x50\x95\x1f\xf0\x3b\x1c\x57\xbb\x7d\x14\x39\x62\x2b\x9a\xc9\x94\x92\x2a\xa3\x22\x0c\xff\x89\x26\x7d\x5f\x23\x2b\x47\xd7\x15\x1d\xa9\x6a\x9e\x51\x0d\x2a\x51\x9e\x81\xf9\xd4\x3b\x5e\x70\x12\x7f\x10\x32\x9c\x1e\xbb\x9d\xf8\x66\xa8", + ["Camerfirma Chambers of Commerce Root"] = "\x30\x82\x04\xbd\x30\x82\x03\xa5\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x13\x1a\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x68\x61\x6d\x62\x65\x72\x73\x20\x6f\x66\x20\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x33\x30\x39\x33\x30\x31\x36\x31\x33\x34\x33\x5a\x17\x0d\x33\x37\x30\x39\x33\x30\x31\x36\x31\x33\x34\x34\x5a\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x13\x1a\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x43\x68\x61\x6d\x62\x65\x72\x73\x20\x6f\x66\x20\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x30\x82\x01\x20\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0d\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xb7\x36\x55\xe5\xa5\x5d\x18\x30\xe0\xda\x89\x54\x91\xfc\xc8\xc7\x52\xf8\x2f\x50\xd9\xef\xb1\x75\x73\x65\x47\x7d\x1b\x5b\xba\x75\xc5\xfc\xa1\x88\x24\xfa\x2f\xed\xca\x08\x4a\x39\x54\xc4\x51\x7a\xb5\xda\x60\xea\x38\x3c\x81\xb2\xcb\xf1\xbb\xd9\x91\x23\x3f\x48\x01\x70\x75\xa9\x05\x2a\xad\x1f\x71\xf3\xc9\x54\x3d\x1d\x06\x6a\x40\x3e\xb3\x0c\x85\xee\x5c\x1b\x79\xc2\x62\xc4\xb8\x36\x8e\x35\x5d\x01\x0c\x23\x04\x47\x35\xaa\x9b\x60\x4e\xa0\x66\x3d\xcb\x26\x0a\x9c\x40\xa1\xf4\x5d\x98\xbf\x71\xab\xa5\x00\x68\x2a\xed\x83\x7a\x0f\xa2\x14\xb5\xd4\x22\xb3\x80\xb0\x3c\x0c\x5a\x51\x69\x2d\x58\x18\x8f\xed\x99\x9e\xf1\xae\xe2\x95\xe6\xf6\x47\xa8\xd6\x0c\x0f\xb0\x58\x58\xdb\xc3\x66\x37\x9e\x9b\x91\x54\x33\x37\xd2\x94\x1c\x6a\x48\xc9\xc9\xf2\xa5\xda\xa5\x0c\x23\xf7\x23\x0e\x9c\x32\x55\x5e\x71\x9c\x84\x05\x51\x9a\x2d\xfd\xe6\x4e\x2a\x34\x5a\xde\xca\x40\x37\x67\x0c\x54\x21\x55\x77\xda\x0a\x0c\xcc\x97\xae\x80\xdc\x94\x36\x4a\xf4\x3e\xce\x36\x13\x1e\x53\xe4\xac\x4e\x3a\x05\xec\xdb\xae\x72\x9c\x38\x8b\xd0\x39\x3b\x89\x0a\x3e\x77\xfe\x75\x02\x01\x03\xa3\x82\x01\x44\x30\x82\x01\x40\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x0c\x30\x3c\x06\x03\x55\x1d\x1f\x04\x35\x30\x33\x30\x31\xa0\x2f\xa0\x2d\x86\x2b\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x2f\x63\x68\x61\x6d\x62\x65\x72\x73\x72\x6f\x6f\x74\x2e\x63\x72\x6c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xe3\x94\xf5\xb1\x4d\xe9\xdb\xa1\x29\x5b\x57\x8b\x4d\x76\x06\x76\xe1\xd1\xa2\x8a\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x27\x06\x03\x55\x1d\x11\x04\x20\x30\x1e\x81\x1c\x63\x68\x61\x6d\x62\x65\x72\x73\x72\x6f\x6f\x74\x40\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x30\x27\x06\x03\x55\x1d\x12\x04\x20\x30\x1e\x81\x1c\x63\x68\x61\x6d\x62\x65\x72\x73\x72\x6f\x6f\x74\x40\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x30\x58\x06\x03\x55\x1d\x20\x04\x51\x30\x4f\x30\x4d\x06\x0b\x2b\x06\x01\x04\x01\x81\x87\x2e\x0a\x03\x01\x30\x3e\x30\x3c\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x30\x68\x74\x74\x70\x3a\x2f\x2f\x63\x70\x73\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x2f\x63\x70\x73\x2f\x63\x68\x61\x6d\x62\x65\x72\x73\x72\x6f\x6f\x74\x2e\x68\x74\x6d\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x0c\x41\x97\xc2\x1a\x86\xc0\x22\x7c\x9f\xfb\x90\xf3\x1a\xd1\x03\xb1\xef\x13\xf9\x21\x5f\x04\x9c\xda\xc9\xa5\x8d\x27\x6c\x96\x87\x91\xbe\x41\x90\x01\x72\x93\xe7\x1e\x7d\x5f\xf6\x89\xc6\x5d\xa7\x40\x09\x3d\xac\x49\x45\x45\xdc\x2e\x8d\x30\x68\xb2\x09\xba\xfb\xc3\x2f\xcc\xba\x0b\xdf\x3f\x77\x7b\x46\x7d\x3a\x12\x24\x8e\x96\x8f\x3c\x05\x0a\x6f\xd2\x94\x28\x1d\x6d\x0c\xc0\x2e\x88\x22\xd5\xd8\xcf\x1d\x13\xc7\xf0\x48\xd7\xd7\x05\xa7\xcf\xc7\x47\x9e\x3b\x3c\x34\xc8\x80\x4f\xd4\x14\xbb\xfc\x0d\x50\xf7\xfa\xb3\xec\x42\x5f\xa9\xdd\x6d\xc8\xf4\x75\xcf\x7b\xc1\x72\x26\xb1\x01\x1c\x5c\x2c\xfd\x7a\x4e\xb4\x01\xc5\x05\x57\xb9\xe7\x3c\xaa\x05\xd9\x88\xe9\x07\x46\x41\xce\xef\x41\x81\xae\x58\xdf\x83\xa2\xae\xca\xd7\x77\x1f\xe7\x00\x3c\x9d\x6f\x8e\xe4\x32\x09\x1d\x4d\x78\x34\x78\x34\x3c\x94\x9b\x26\xed\x4f\x71\xc6\x19\x7a\xbd\x20\x22\x48\x5a\xfe\x4b\x7d\x03\xb7\xe7\x58\xbe\xc6\x32\x4e\x74\x1e\x68\xdd\xa8\x68\x5b\xb3\x3e\xee\x62\x7d\xd9\x80\xe8\x0a\x75\x7a\xb7\xee\xb4\x65\x9a\x21\x90\xe0\xaa\xd0\x98\xbc\x38\xb5\x73\x3c\x8b\xf8\xdc", + ["Camerfirma Global Chambersign Root"] = "\x30\x82\x04\xc5\x30\x82\x03\xad\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x13\x1a\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x47\x6c\x6f\x62\x61\x6c\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x33\x30\x39\x33\x30\x31\x36\x31\x34\x31\x38\x5a\x17\x0d\x33\x37\x30\x39\x33\x30\x31\x36\x31\x34\x31\x38\x5a\x30\x7d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x41\x20\x43\x49\x46\x20\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x13\x1a\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x47\x6c\x6f\x62\x61\x6c\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x20\x52\x6f\x6f\x74\x30\x82\x01\x20\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0d\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xa2\x70\xa2\xd0\x9f\x42\xae\x5b\x17\xc7\xd8\x7d\xcf\x14\x83\xfc\x4f\xc9\xa1\xb7\x13\xaf\x8a\xd7\x9e\x3e\x04\x0a\x92\x8b\x60\x56\xfa\xb4\x32\x2f\x88\x4d\xa1\x60\x08\xf4\xb7\x09\x4e\xa0\x49\x2f\x49\xd6\xd3\xdf\x9d\x97\x5a\x9f\x94\x04\x70\xec\x3f\x59\xd9\xb7\xcc\x66\x8b\x98\x52\x28\x09\x02\xdf\xc5\x2f\x84\x8d\x7a\x97\x77\xbf\xec\x40\x9d\x25\x72\xab\xb5\x3f\x32\x98\xfb\xb7\xb7\xfc\x72\x84\xe5\x35\x87\xf9\x55\xfa\xa3\x1f\x0e\x6f\x2e\x28\xdd\x69\xa0\xd9\x42\x10\xc6\xf8\xb5\x44\xc2\xd0\x43\x7f\xdb\xbc\xe4\xa2\x3c\x6a\x55\x78\x0a\x77\xa9\xd8\xea\x19\x32\xb7\x2f\xfe\x5c\x3f\x1b\xee\xb1\x98\xec\xca\xad\x7a\x69\x45\xe3\x96\x0f\x55\xf6\xe6\xed\x75\xea\x65\xe8\x32\x56\x93\x46\x89\xa8\x25\x8a\x65\x06\xee\x6b\xbf\x79\x07\xd0\xf1\xb7\xaf\xed\x2c\x4d\x92\xbb\xc0\xa8\x5f\xa7\x67\x7d\x04\xf2\x15\x08\x70\xac\x92\xd6\x7d\x04\xd2\x33\xfb\x4c\xb6\x0b\x0b\xfb\x1a\xc9\xc4\x8d\x03\xa9\x7e\x5c\xf2\x50\xab\x12\xa5\xa1\xcf\x48\x50\xa5\xef\xd2\xc8\x1a\x13\xfa\xb0\x7f\xb1\x82\x1c\x77\x6a\x0f\x5f\xdc\x0b\x95\x8f\xef\x43\x7e\xe6\x45\x09\x25\x02\x01\x03\xa3\x82\x01\x50\x30\x82\x01\x4c\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x0c\x30\x3f\x06\x03\x55\x1d\x1f\x04\x38\x30\x36\x30\x34\xa0\x32\xa0\x30\x86\x2e\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x2f\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x72\x6f\x6f\x74\x2e\x63\x72\x6c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x43\x9c\x36\x9f\xb0\x9e\x30\x4d\xc6\xce\x5f\xad\x10\xab\xe5\x03\xa5\xfa\xa9\x14\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x2a\x06\x03\x55\x1d\x11\x04\x23\x30\x21\x81\x1f\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x72\x6f\x6f\x74\x40\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x30\x2a\x06\x03\x55\x1d\x12\x04\x23\x30\x21\x81\x1f\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x72\x6f\x6f\x74\x40\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x30\x5b\x06\x03\x55\x1d\x20\x04\x54\x30\x52\x30\x50\x06\x0b\x2b\x06\x01\x04\x01\x81\x87\x2e\x0a\x01\x01\x30\x41\x30\x3f\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x33\x68\x74\x74\x70\x3a\x2f\x2f\x63\x70\x73\x2e\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x2e\x6f\x72\x67\x2f\x63\x70\x73\x2f\x63\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x72\x6f\x6f\x74\x2e\x68\x74\x6d\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3c\x3b\x70\x91\xf9\x04\x54\x27\x91\xe1\xed\xed\xfe\x68\x7f\x61\x5d\xe5\x41\x65\x4f\x32\xf1\x18\x05\x94\x6a\x1c\xde\x1f\x70\xdb\x3e\x7b\x32\x02\x34\xb5\x0c\x6c\xa1\x8a\x7c\xa5\xf4\x8f\xff\xd4\xd8\xad\x17\xd5\x2d\x04\xd1\x3f\x58\x80\xe2\x81\x59\x88\xbe\xc0\xe3\x46\x93\x24\xfe\x90\xbd\x26\xa2\x30\x2d\xe8\x97\x26\x57\x35\x89\x74\x96\x18\xf6\x15\xe2\xaf\x24\x19\x56\x02\x02\xb2\xba\x0f\x14\xea\xc6\x8a\x66\xc1\x86\x45\x55\x8b\xbe\x92\xbe\x9c\xa4\x04\xc7\x49\x3c\x9e\xe8\x29\x7a\x89\xd7\xfe\xaf\xff\x68\xf5\xa5\x17\x90\xbd\xac\x99\xcc\xa5\x86\x57\x09\x67\x46\xdb\xd6\x16\xc2\x46\xf1\xe4\xa9\x50\xf5\x8f\xd1\x92\x15\xd3\x5f\x3e\xc6\x00\x49\x3a\x6e\x58\xb2\xd1\xd1\x27\x0d\x25\xc8\x32\xf8\x20\x11\xcd\x7d\x32\x33\x48\x94\x54\x4c\xdd\xdc\x79\xc4\x30\x9f\xeb\x8e\xb8\x55\xb5\xd7\x88\x5c\xc5\x6a\x24\x3d\xb2\xd3\x05\x03\x51\xc6\x07\xef\xcc\x14\x72\x74\x3d\x6e\x72\xce\x18\x28\x8c\x4a\xa0\x77\xe5\x09\x2b\x45\x44\x47\xac\xb7\x67\x7f\x01\x8a\x05\x5a\x93\xbe\xa1\xc1\xff\xf8\xe7\x0e\x67\xa4\x47\x49\x76\x5d\x75\x90\x1a\xf5\x26\x8f\xf0", + ["NetLock Notary (Class A) Root"] = "\x30\x82\x06\x7d\x30\x82\x05\x65\xa0\x03\x02\x01\x02\x02\x02\x01\x03\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\xaf\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x10\x30\x0e\x06\x03\x55\x04\x08\x13\x07\x48\x75\x6e\x67\x61\x72\x79\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x48\x61\x6c\x6f\x7a\x61\x74\x62\x69\x7a\x74\x6f\x6e\x73\x61\x67\x69\x20\x4b\x66\x74\x2e\x31\x1a\x30\x18\x06\x03\x55\x04\x0b\x13\x11\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x6b\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x6f\x7a\x6a\x65\x67\x79\x7a\x6f\x69\x20\x28\x43\x6c\x61\x73\x73\x20\x41\x29\x20\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x30\x1e\x17\x0d\x39\x39\x30\x32\x32\x34\x32\x33\x31\x34\x34\x37\x5a\x17\x0d\x31\x39\x30\x32\x31\x39\x32\x33\x31\x34\x34\x37\x5a\x30\x81\xaf\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x10\x30\x0e\x06\x03\x55\x04\x08\x13\x07\x48\x75\x6e\x67\x61\x72\x79\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x48\x61\x6c\x6f\x7a\x61\x74\x62\x69\x7a\x74\x6f\x6e\x73\x61\x67\x69\x20\x4b\x66\x74\x2e\x31\x1a\x30\x18\x06\x03\x55\x04\x0b\x13\x11\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x6b\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x6f\x7a\x6a\x65\x67\x79\x7a\x6f\x69\x20\x28\x43\x6c\x61\x73\x73\x20\x41\x29\x20\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbc\x74\x8c\x0f\xbb\x4c\xf4\x37\x1e\xa9\x05\x82\xd8\xe6\xe1\x6c\x70\xea\x78\xb5\x6e\xd1\x38\x44\x0d\xa8\x83\xce\x5d\xd2\xd6\xd5\x81\xc5\xd4\x4b\xe7\x5b\x94\x70\x26\xdb\x3b\x9d\x6a\x4c\x62\xf7\x71\xf3\x64\xd6\x61\x3b\x3d\xeb\x73\xa3\x37\xd9\xcf\xea\x8c\x92\x3b\xcd\xf7\x07\xdc\x66\x74\x97\xf4\x45\x22\xdd\xf4\x5c\xe0\xbf\x6d\xf3\xbe\x65\x33\xe4\x15\x3a\xbf\xdb\x98\x90\x55\x38\xc4\xed\xa6\x55\x63\x0b\xb0\x78\x04\xf4\xe3\x6e\xc1\x3f\x8e\xfc\x51\x78\x1f\x92\x9e\x83\xc2\xfe\xd9\xb0\xa9\xc9\xbc\x5a\x00\xff\xa9\xa8\x98\x74\xfb\xf6\x2c\x3e\x15\x39\x0d\xb6\x04\x55\xa8\x0e\x98\x20\x42\xb3\xb1\x25\xad\x7e\x9a\x6f\x5d\x53\xb1\xab\x0c\xfc\xeb\xe0\xf3\x7a\xb3\xa8\xb3\xff\x46\xf6\x63\xa2\xd8\x3a\x98\x7b\xb6\xac\x85\xff\xb0\x25\x4f\x74\x63\xe7\x13\x07\xa5\x0a\x8f\x05\xf7\xc0\x64\x6f\x7e\xa7\x27\x80\x96\xde\xd4\x2e\x86\x60\xc7\x6b\x2b\x5e\x73\x7b\x17\xe7\x91\x3f\x64\x0c\xd8\x4b\x22\x34\x2b\x9b\x32\xf2\x48\x1f\x9f\xa1\x0a\x84\x7a\xe2\xc2\xad\x97\x3d\x8e\xd5\xc1\xf9\x56\xa3\x50\xe9\xc6\xb4\xfa\x98\xa2\xee\x95\xe6\x2a\x03\x8c\xdf\x02\x03\x01\x00\x01\xa3\x82\x02\x9f\x30\x82\x02\x9b\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x00\x06\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x04\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x82\x02\x60\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x0d\x04\x82\x02\x51\x16\x82\x02\x4d\x46\x49\x47\x59\x45\x4c\x45\x4d\x21\x20\x45\x7a\x65\x6e\x20\x74\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x41\x6c\x74\x61\x6c\x61\x6e\x6f\x73\x20\x53\x7a\x6f\x6c\x67\x61\x6c\x74\x61\x74\x61\x73\x69\x20\x46\x65\x6c\x74\x65\x74\x65\x6c\x65\x69\x62\x65\x6e\x20\x6c\x65\x69\x72\x74\x20\x65\x6c\x6a\x61\x72\x61\x73\x6f\x6b\x20\x61\x6c\x61\x70\x6a\x61\x6e\x20\x6b\x65\x73\x7a\x75\x6c\x74\x2e\x20\x41\x20\x68\x69\x74\x65\x6c\x65\x73\x69\x74\x65\x73\x20\x66\x6f\x6c\x79\x61\x6d\x61\x74\x61\x74\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x74\x65\x72\x6d\x65\x6b\x66\x65\x6c\x65\x6c\x6f\x73\x73\x65\x67\x2d\x62\x69\x7a\x74\x6f\x73\x69\x74\x61\x73\x61\x20\x76\x65\x64\x69\x2e\x20\x41\x20\x64\x69\x67\x69\x74\x61\x6c\x69\x73\x20\x61\x6c\x61\x69\x72\x61\x73\x20\x65\x6c\x66\x6f\x67\x61\x64\x61\x73\x61\x6e\x61\x6b\x20\x66\x65\x6c\x74\x65\x74\x65\x6c\x65\x20\x61\x7a\x20\x65\x6c\x6f\x69\x72\x74\x20\x65\x6c\x6c\x65\x6e\x6f\x72\x7a\x65\x73\x69\x20\x65\x6c\x6a\x61\x72\x61\x73\x20\x6d\x65\x67\x74\x65\x74\x65\x6c\x65\x2e\x20\x41\x7a\x20\x65\x6c\x6a\x61\x72\x61\x73\x20\x6c\x65\x69\x72\x61\x73\x61\x20\x6d\x65\x67\x74\x61\x6c\x61\x6c\x68\x61\x74\x6f\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x20\x68\x6f\x6e\x6c\x61\x70\x6a\x61\x6e\x20\x61\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2f\x64\x6f\x63\x73\x20\x63\x69\x6d\x65\x6e\x20\x76\x61\x67\x79\x20\x6b\x65\x72\x68\x65\x74\x6f\x20\x61\x7a\x20\x65\x6c\x6c\x65\x6e\x6f\x72\x7a\x65\x73\x40\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x20\x65\x2d\x6d\x61\x69\x6c\x20\x63\x69\x6d\x65\x6e\x2e\x20\x49\x4d\x50\x4f\x52\x54\x41\x4e\x54\x21\x20\x54\x68\x65\x20\x69\x73\x73\x75\x61\x6e\x63\x65\x20\x61\x6e\x64\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6f\x66\x20\x74\x68\x69\x73\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x69\x73\x20\x73\x75\x62\x6a\x65\x63\x74\x20\x74\x6f\x20\x74\x68\x65\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x43\x50\x53\x20\x61\x76\x61\x69\x6c\x61\x62\x6c\x65\x20\x61\x74\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2f\x64\x6f\x63\x73\x20\x6f\x72\x20\x62\x79\x20\x65\x2d\x6d\x61\x69\x6c\x20\x61\x74\x20\x63\x70\x73\x40\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x82\x01\x01\x00\x48\x24\x46\xf7\xba\x56\x6f\xfa\xc8\x28\x03\x40\x4e\xe5\x31\x39\x6b\x26\x6b\x53\x7f\xdb\xdf\xdf\xf3\x71\x3d\x26\xc0\x14\x0e\xc6\x67\x7b\x23\xa8\x0c\x73\xdd\x01\xbb\xc6\xca\x6e\x37\x39\x55\xd5\xc7\x8c\x56\x20\x0e\x28\x0a\x0e\xd2\x2a\xa4\xb0\x49\x52\xc6\x38\x07\xfe\xbe\x0a\x09\x8c\xd1\x98\xcf\xca\xda\x14\x31\xa1\x4f\xd2\x39\xfc\x0f\x11\x2c\x43\xc3\xdd\xab\x93\xc7\x55\x3e\x47\x7c\x18\x1a\x00\xdc\xf3\x7b\xd8\xf2\x7f\x52\x6c\x20\xf4\x0b\x5f\x69\x52\xf4\xee\xf8\xb2\x29\x60\xeb\xe3\x49\x31\x21\x0d\xd6\xb5\x10\x41\xe2\x41\x09\x6c\xe2\x1a\x9a\x56\x4b\x77\x02\xf6\xa0\x9b\x9a\x27\x87\xe8\x55\x29\x71\xc2\x90\x9f\x45\x78\x1a\xe1\x15\x64\x3d\xd0\x0e\xd8\xa0\x76\x9f\xae\xc5\xd0\x2e\xea\xd6\x0f\x56\xec\x64\x7f\x5a\x9b\x14\x58\x01\x27\x7e\x13\x50\xc7\x6b\x2a\xe6\x68\x3c\xbf\x5c\xa0\x0a\x1b\xe1\x0e\x7a\xe9\xe2\x80\xc3\xe9\xe9\xf6\xfd\x6c\x11\x9e\xd0\xe5\x28\x27\x2b\x54\x32\x42\x14\x82\x75\xe6\x4a\xf0\x2b\x66\x75\x63\x8c\xa2\xfb\x04\x3e\x83\x0e\x9b\x36\xf0\x18\xe4\x26\x20\xc3\x8c\xf0\x28\x07\xad\x3c\x17\x66\x88\xb5\xfd\xb6\x88", + ["NetLock Business (Class B) Root"] = "\x30\x82\x05\x4b\x30\x82\x04\xb4\xa0\x03\x02\x01\x02\x02\x01\x69\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\x99\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x48\x61\x6c\x6f\x7a\x61\x74\x62\x69\x7a\x74\x6f\x6e\x73\x61\x67\x69\x20\x4b\x66\x74\x2e\x31\x1a\x30\x18\x06\x03\x55\x04\x0b\x13\x11\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x6b\x31\x32\x30\x30\x06\x03\x55\x04\x03\x13\x29\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x55\x7a\x6c\x65\x74\x69\x20\x28\x43\x6c\x61\x73\x73\x20\x42\x29\x20\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x30\x1e\x17\x0d\x39\x39\x30\x32\x32\x35\x31\x34\x31\x30\x32\x32\x5a\x17\x0d\x31\x39\x30\x32\x32\x30\x31\x34\x31\x30\x32\x32\x5a\x30\x81\x99\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x48\x61\x6c\x6f\x7a\x61\x74\x62\x69\x7a\x74\x6f\x6e\x73\x61\x67\x69\x20\x4b\x66\x74\x2e\x31\x1a\x30\x18\x06\x03\x55\x04\x0b\x13\x11\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x6b\x31\x32\x30\x30\x06\x03\x55\x04\x03\x13\x29\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x55\x7a\x6c\x65\x74\x69\x20\x28\x43\x6c\x61\x73\x73\x20\x42\x29\x20\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xb1\xea\x04\xec\x20\xa0\x23\xc2\x8f\x38\x60\xcf\xc7\x46\xb3\xd5\x1b\xfe\xfb\xb9\x99\x9e\x04\xdc\x1c\x7f\x8c\x4a\x81\x98\xee\xa4\xd4\xca\x8a\x17\xb9\x22\x7f\x83\x0a\x75\x4c\x9b\xc0\x69\xd8\x64\x39\xa3\xed\x92\xa3\xfd\x5b\x5c\x74\x1a\xc0\x47\xca\x3a\x69\x76\x9a\xba\xe2\x44\x17\xfc\x4c\xa3\xd5\xfe\xb8\x97\x88\xaf\x88\x03\x89\x1f\xa4\xf2\x04\x3e\xc8\x07\x0b\xe6\xf9\xb3\x2f\x7a\x62\x14\x09\x46\x14\xca\x64\xf5\x8b\x80\xb5\x62\xa8\xd8\x6b\xd6\x71\x93\x2d\xb3\xbf\x09\x54\x58\xed\x06\xeb\xa8\x7b\xdc\x43\xb1\xa1\x69\x02\x03\x01\x00\x01\xa3\x82\x02\x9f\x30\x82\x02\x9b\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x04\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x00\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x82\x02\x60\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x0d\x04\x82\x02\x51\x16\x82\x02\x4d\x46\x49\x47\x59\x45\x4c\x45\x4d\x21\x20\x45\x7a\x65\x6e\x20\x74\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x41\x6c\x74\x61\x6c\x61\x6e\x6f\x73\x20\x53\x7a\x6f\x6c\x67\x61\x6c\x74\x61\x74\x61\x73\x69\x20\x46\x65\x6c\x74\x65\x74\x65\x6c\x65\x69\x62\x65\x6e\x20\x6c\x65\x69\x72\x74\x20\x65\x6c\x6a\x61\x72\x61\x73\x6f\x6b\x20\x61\x6c\x61\x70\x6a\x61\x6e\x20\x6b\x65\x73\x7a\x75\x6c\x74\x2e\x20\x41\x20\x68\x69\x74\x65\x6c\x65\x73\x69\x74\x65\x73\x20\x66\x6f\x6c\x79\x61\x6d\x61\x74\x61\x74\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x74\x65\x72\x6d\x65\x6b\x66\x65\x6c\x65\x6c\x6f\x73\x73\x65\x67\x2d\x62\x69\x7a\x74\x6f\x73\x69\x74\x61\x73\x61\x20\x76\x65\x64\x69\x2e\x20\x41\x20\x64\x69\x67\x69\x74\x61\x6c\x69\x73\x20\x61\x6c\x61\x69\x72\x61\x73\x20\x65\x6c\x66\x6f\x67\x61\x64\x61\x73\x61\x6e\x61\x6b\x20\x66\x65\x6c\x74\x65\x74\x65\x6c\x65\x20\x61\x7a\x20\x65\x6c\x6f\x69\x72\x74\x20\x65\x6c\x6c\x65\x6e\x6f\x72\x7a\x65\x73\x69\x20\x65\x6c\x6a\x61\x72\x61\x73\x20\x6d\x65\x67\x74\x65\x74\x65\x6c\x65\x2e\x20\x41\x7a\x20\x65\x6c\x6a\x61\x72\x61\x73\x20\x6c\x65\x69\x72\x61\x73\x61\x20\x6d\x65\x67\x74\x61\x6c\x61\x6c\x68\x61\x74\x6f\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x20\x68\x6f\x6e\x6c\x61\x70\x6a\x61\x6e\x20\x61\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2f\x64\x6f\x63\x73\x20\x63\x69\x6d\x65\x6e\x20\x76\x61\x67\x79\x20\x6b\x65\x72\x68\x65\x74\x6f\x20\x61\x7a\x20\x65\x6c\x6c\x65\x6e\x6f\x72\x7a\x65\x73\x40\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x20\x65\x2d\x6d\x61\x69\x6c\x20\x63\x69\x6d\x65\x6e\x2e\x20\x49\x4d\x50\x4f\x52\x54\x41\x4e\x54\x21\x20\x54\x68\x65\x20\x69\x73\x73\x75\x61\x6e\x63\x65\x20\x61\x6e\x64\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6f\x66\x20\x74\x68\x69\x73\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x69\x73\x20\x73\x75\x62\x6a\x65\x63\x74\x20\x74\x6f\x20\x74\x68\x65\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x43\x50\x53\x20\x61\x76\x61\x69\x6c\x61\x62\x6c\x65\x20\x61\x74\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2f\x64\x6f\x63\x73\x20\x6f\x72\x20\x62\x79\x20\x65\x2d\x6d\x61\x69\x6c\x20\x61\x74\x20\x63\x70\x73\x40\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x04\xdb\xae\x8c\x17\xaf\xf8\x0e\x90\x31\x4e\xcd\x3e\x09\xc0\x6d\x3a\xb0\xf8\x33\x4c\x47\x4c\xe3\x75\x88\x10\x97\xac\xb0\x38\x15\x91\xc6\x29\x96\xcc\x21\xc0\x6d\x3c\xa5\x74\xcf\xd8\x82\xa5\x39\xc3\x65\xe3\x42\x70\xbb\x22\x90\xe3\x7d\xdb\x35\x76\xe1\xa0\xb5\xda\x9f\x70\x6e\x93\x1a\x30\x39\x1d\x30\xdb\x2e\xe3\x7c\xb2\x91\xb2\xd1\x37\x29\xfa\xb9\xd6\x17\x5c\x47\x4f\xe3\x1d\x38\xeb\x9f\xd5\x7b\x95\xa8\x28\x9e\x15\x4a\xd1\xd1\xd0\x2b\x00\x97\xa0\xe2\x92\x36\x2b\x63\xac\x58\x01\x6b\x33\x29\x50\x86\x83\xf1\x01\x48", + ["NetLock Express (Class C) Root"] = "\x30\x82\x05\x4f\x30\x82\x04\xb8\xa0\x03\x02\x01\x02\x02\x01\x68\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x81\x9b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x48\x61\x6c\x6f\x7a\x61\x74\x62\x69\x7a\x74\x6f\x6e\x73\x61\x67\x69\x20\x4b\x66\x74\x2e\x31\x1a\x30\x18\x06\x03\x55\x04\x0b\x13\x11\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x6b\x31\x34\x30\x32\x06\x03\x55\x04\x03\x13\x2b\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x45\x78\x70\x72\x65\x73\x73\x7a\x20\x28\x43\x6c\x61\x73\x73\x20\x43\x29\x20\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x30\x1e\x17\x0d\x39\x39\x30\x32\x32\x35\x31\x34\x30\x38\x31\x31\x5a\x17\x0d\x31\x39\x30\x32\x32\x30\x31\x34\x30\x38\x31\x31\x5a\x30\x81\x9b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x27\x30\x25\x06\x03\x55\x04\x0a\x13\x1e\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x48\x61\x6c\x6f\x7a\x61\x74\x62\x69\x7a\x74\x6f\x6e\x73\x61\x67\x69\x20\x4b\x66\x74\x2e\x31\x1a\x30\x18\x06\x03\x55\x04\x0b\x13\x11\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x6b\x31\x34\x30\x32\x06\x03\x55\x04\x03\x13\x2b\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x45\x78\x70\x72\x65\x73\x73\x7a\x20\x28\x43\x6c\x61\x73\x73\x20\x43\x29\x20\x54\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x6b\x69\x61\x64\x6f\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xeb\xec\xb0\x6c\x61\x8a\x23\x25\xaf\x60\x20\xe3\xd9\x9f\xfc\x93\x0b\xdb\x5d\x8d\xb0\xa1\xb3\x40\x3a\x82\xce\xfd\x75\xe0\x78\x32\x03\x86\x5a\x86\x95\x91\xed\x53\xfa\x9d\x40\xfc\xe6\xe8\xdd\xd9\x5b\x7a\x03\xbd\x5d\xf3\x3b\x0c\xc3\x51\x79\x9b\xad\x55\xa0\xe9\xd0\x03\x10\xaf\x0a\xba\x14\x42\xd9\x52\x26\x11\x22\xc7\xd2\x20\xcc\x82\xa4\x9a\xa9\xfe\xb8\x81\x76\x9d\x6a\xb7\xd2\x36\x75\x3e\xb1\x86\x09\xf6\x6e\x6d\x7e\x4e\xb7\x7a\xec\xae\x71\x84\xf6\x04\x33\x08\x25\x32\xeb\x74\xac\x16\x44\xc6\xe4\x40\x93\x1d\x7f\xad\x02\x03\x01\x00\x01\xa3\x82\x02\x9f\x30\x82\x02\x9b\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x04\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x00\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x82\x02\x60\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x0d\x04\x82\x02\x51\x16\x82\x02\x4d\x46\x49\x47\x59\x45\x4c\x45\x4d\x21\x20\x45\x7a\x65\x6e\x20\x74\x61\x6e\x75\x73\x69\x74\x76\x61\x6e\x79\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x41\x6c\x74\x61\x6c\x61\x6e\x6f\x73\x20\x53\x7a\x6f\x6c\x67\x61\x6c\x74\x61\x74\x61\x73\x69\x20\x46\x65\x6c\x74\x65\x74\x65\x6c\x65\x69\x62\x65\x6e\x20\x6c\x65\x69\x72\x74\x20\x65\x6c\x6a\x61\x72\x61\x73\x6f\x6b\x20\x61\x6c\x61\x70\x6a\x61\x6e\x20\x6b\x65\x73\x7a\x75\x6c\x74\x2e\x20\x41\x20\x68\x69\x74\x65\x6c\x65\x73\x69\x74\x65\x73\x20\x66\x6f\x6c\x79\x61\x6d\x61\x74\x61\x74\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x74\x65\x72\x6d\x65\x6b\x66\x65\x6c\x65\x6c\x6f\x73\x73\x65\x67\x2d\x62\x69\x7a\x74\x6f\x73\x69\x74\x61\x73\x61\x20\x76\x65\x64\x69\x2e\x20\x41\x20\x64\x69\x67\x69\x74\x61\x6c\x69\x73\x20\x61\x6c\x61\x69\x72\x61\x73\x20\x65\x6c\x66\x6f\x67\x61\x64\x61\x73\x61\x6e\x61\x6b\x20\x66\x65\x6c\x74\x65\x74\x65\x6c\x65\x20\x61\x7a\x20\x65\x6c\x6f\x69\x72\x74\x20\x65\x6c\x6c\x65\x6e\x6f\x72\x7a\x65\x73\x69\x20\x65\x6c\x6a\x61\x72\x61\x73\x20\x6d\x65\x67\x74\x65\x74\x65\x6c\x65\x2e\x20\x41\x7a\x20\x65\x6c\x6a\x61\x72\x61\x73\x20\x6c\x65\x69\x72\x61\x73\x61\x20\x6d\x65\x67\x74\x61\x6c\x61\x6c\x68\x61\x74\x6f\x20\x61\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x20\x68\x6f\x6e\x6c\x61\x70\x6a\x61\x6e\x20\x61\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2f\x64\x6f\x63\x73\x20\x63\x69\x6d\x65\x6e\x20\x76\x61\x67\x79\x20\x6b\x65\x72\x68\x65\x74\x6f\x20\x61\x7a\x20\x65\x6c\x6c\x65\x6e\x6f\x72\x7a\x65\x73\x40\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x20\x65\x2d\x6d\x61\x69\x6c\x20\x63\x69\x6d\x65\x6e\x2e\x20\x49\x4d\x50\x4f\x52\x54\x41\x4e\x54\x21\x20\x54\x68\x65\x20\x69\x73\x73\x75\x61\x6e\x63\x65\x20\x61\x6e\x64\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6f\x66\x20\x74\x68\x69\x73\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x69\x73\x20\x73\x75\x62\x6a\x65\x63\x74\x20\x74\x6f\x20\x74\x68\x65\x20\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x43\x50\x53\x20\x61\x76\x61\x69\x6c\x61\x62\x6c\x65\x20\x61\x74\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2f\x64\x6f\x63\x73\x20\x6f\x72\x20\x62\x79\x20\x65\x2d\x6d\x61\x69\x6c\x20\x61\x74\x20\x63\x70\x73\x40\x6e\x65\x74\x6c\x6f\x63\x6b\x2e\x6e\x65\x74\x2e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81\x00\x10\xad\x7f\xd7\x0c\x32\x80\x0a\xd8\x86\xf1\x79\x98\xb5\xad\xd4\xcd\xb3\x36\xc4\x96\x48\xc1\x5c\xcd\x9a\xd9\x05\x2e\x9f\xbe\x50\xeb\xf4\x26\x14\x10\x2d\xd4\x66\x17\xf8\x9e\xc1\x27\xfd\xf1\xed\xe4\x7b\x4b\xa0\x6c\xb5\xab\x9a\x57\x70\xa6\xed\xa0\xa4\xed\x2e\xf5\xfd\xfc\xbd\xfe\x4d\x37\x08\x0c\xbc\xe3\x96\x83\x22\xf5\x49\x1b\x7f\x4b\x2b\xb4\x54\xc1\x80\x7c\x99\x4e\x1d\xd0\x8c\xee\xd0\xac\xe5\x92\xfa\x75\x56\xfe\x64\xa0\x13\x8f\xb8\xb8\x16\x9d\x61\x05\x67\x80\xc8\xd0\xd8\xa5\x07\x02\x34\x98\x04\x8d\x33\x04\xd4", + ["XRamp Global CA Root"] = "\x30\x82\x04\x30\x30\x82\x03\x18\xa0\x03\x02\x01\x02\x02\x10\x50\x94\x6c\xec\x18\xea\xd5\x9c\x4d\xd5\x97\xef\x75\x8f\xa0\xad\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1e\x30\x1c\x06\x03\x55\x04\x0b\x13\x15\x77\x77\x77\x2e\x78\x72\x61\x6d\x70\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x63\x6f\x6d\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x58\x52\x61\x6d\x70\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x49\x6e\x63\x31\x2d\x30\x2b\x06\x03\x55\x04\x03\x13\x24\x58\x52\x61\x6d\x70\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x34\x31\x31\x30\x31\x31\x37\x31\x34\x30\x34\x5a\x17\x0d\x33\x35\x30\x31\x30\x31\x30\x35\x33\x37\x31\x39\x5a\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1e\x30\x1c\x06\x03\x55\x04\x0b\x13\x15\x77\x77\x77\x2e\x78\x72\x61\x6d\x70\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x63\x6f\x6d\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x58\x52\x61\x6d\x70\x20\x53\x65\x63\x75\x72\x69\x74\x79\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x49\x6e\x63\x31\x2d\x30\x2b\x06\x03\x55\x04\x03\x13\x24\x58\x52\x61\x6d\x70\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x98\x24\x1e\xbd\x15\xb4\xba\xdf\xc7\x8c\xa5\x27\xb6\x38\x0b\x69\xf3\xb6\x4e\xa8\x2c\x2e\x21\x1d\x5c\x44\xdf\x21\x5d\x7e\x23\x74\xfe\x5e\x7e\xb4\x4a\xb7\xa6\xad\x1f\xae\xe0\x06\x16\xe2\x9b\x5b\xd9\x67\x74\x6b\x5d\x80\x8f\x29\x9d\x86\x1b\xd9\x9c\x0d\x98\x6d\x76\x10\x28\x58\xe4\x65\xb0\x7f\x4a\x98\x79\x9f\xe0\xc3\x31\x7e\x80\x2b\xb5\x8c\xc0\x40\x3b\x11\x86\xd0\xcb\xa2\x86\x36\x60\xa4\xd5\x30\x82\x6d\xd9\x6e\xd0\x0f\x12\x04\x33\x97\x5f\x4f\x61\x5a\xf0\xe4\xf9\x91\xab\xe7\x1d\x3b\xbc\xe8\xcf\xf4\x6b\x2d\x34\x7c\xe2\x48\x61\x1c\x8e\xf3\x61\x44\xcc\x6f\xa0\x4a\xa9\x94\xb0\x4d\xda\xe7\xa9\x34\x7a\x72\x38\xa8\x41\xcc\x3c\x94\x11\x7d\xeb\xc8\xa6\x8c\xb7\x86\xcb\xca\x33\x3b\xd9\x3d\x37\x8b\xfb\x7a\x3e\x86\x2c\xe7\x73\xd7\x0a\x57\xac\x64\x9b\x19\xeb\xf4\x0f\x04\x08\x8a\xac\x03\x17\x19\x64\xf4\x5a\x25\x22\x8d\x34\x2c\xb2\xf6\x68\x1d\x12\x6d\xd3\x8a\x1e\x14\xda\xc4\x8f\xa6\xe2\x23\x85\xd5\x7a\x0d\xbd\x6a\xe0\xe9\xec\xec\x17\xbb\x42\x1b\x67\xaa\x25\xed\x45\x83\x21\xfc\xc1\xc9\x7c\xd5\x62\x3e\xfa\xf2\xc5\x2d\xd3\xfd\xd4\x65\x02\x03\x01\x00\x01\xa3\x81\x9f\x30\x81\x9c\x30\x13\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x14\x02\x04\x06\x1e\x04\x00\x43\x00\x41\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc6\x4f\xa2\x3d\x06\x63\x84\x09\x9c\xce\x62\xe4\x04\xac\x8d\x5c\xb5\xe9\xb6\x1b\x30\x36\x06\x03\x55\x1d\x1f\x04\x2f\x30\x2d\x30\x2b\xa0\x29\xa0\x27\x86\x25\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x78\x72\x61\x6d\x70\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x63\x6f\x6d\x2f\x58\x47\x43\x41\x2e\x63\x72\x6c\x30\x10\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x15\x01\x04\x03\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x91\x15\x39\x03\x01\x1b\x67\xfb\x4a\x1c\xf9\x0a\x60\x5b\xa1\xda\x4d\x97\x62\xf9\x24\x53\x27\xd7\x82\x64\x4e\x90\x2e\xc3\x49\x1b\x2b\x9a\xdc\xfc\xa8\x78\x67\x35\xf1\x1d\xf0\x11\xbd\xb7\x48\xe3\x10\xf6\x0d\xdf\x3f\xd2\xc9\xb6\xaa\x55\xa4\x48\xba\x02\xdb\xde\x59\x2e\x15\x5b\x3b\x9d\x16\x7d\x47\xd7\x37\xea\x5f\x4d\x76\x12\x36\xbb\x1f\xd7\xa1\x81\x04\x46\x20\xa3\x2c\x6d\xa9\x9e\x01\x7e\x3f\x29\xce\x00\x93\xdf\xfd\xc9\x92\x73\x89\x89\x64\x9e\xe7\x2b\xe4\x1c\x91\x2c\xd2\xb9\xce\x7d\xce\x6f\x31\x99\xd3\xe6\xbe\xd2\x1e\x90\xf0\x09\x14\x79\x5c\x23\xab\x4d\xd2\xda\x21\x1f\x4d\x99\x79\x9d\xe1\xcf\x27\x9f\x10\x9b\x1c\x88\x0d\xb0\x8a\x64\x41\x31\xb8\x0e\x6c\x90\x24\xa4\x9b\x5c\x71\x8f\xba\xbb\x7e\x1c\x1b\xdb\x6a\x80\x0f\x21\xbc\xe9\xdb\xa6\xb7\x40\xf4\xb2\x8b\xa9\xb1\xe4\xef\x9a\x1a\xd0\x3d\x69\x99\xee\xa8\x28\xa3\xe1\x3c\xb3\xf0\xb2\x11\x9c\xcf\x7c\x40\xe6\xdd\xe7\x43\x7d\xa2\xd8\x3a\xb5\xa9\x8d\xf2\x34\x99\xc4\xd4\x10\xe1\x06\xfd\x09\x84\x10\x3b\xee\xc4\x4c\xf4\xec\x27\x7c\x42\xc2\x74\x7c\x82\x8a\x09\xc9\xb4\x03\x25\xbc", + ["Go Daddy Class 2 CA"] = "\x30\x82\x04\x00\x30\x82\x02\xe8\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1f\x06\x03\x55\x04\x0a\x13\x18\x54\x68\x65\x20\x47\x6f\x20\x44\x61\x64\x64\x79\x20\x47\x72\x6f\x75\x70\x2c\x20\x49\x6e\x63\x2e\x31\x31\x30\x2f\x06\x03\x55\x04\x0b\x13\x28\x47\x6f\x20\x44\x61\x64\x64\x79\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x34\x30\x36\x32\x39\x31\x37\x30\x36\x32\x30\x5a\x17\x0d\x33\x34\x30\x36\x32\x39\x31\x37\x30\x36\x32\x30\x5a\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1f\x06\x03\x55\x04\x0a\x13\x18\x54\x68\x65\x20\x47\x6f\x20\x44\x61\x64\x64\x79\x20\x47\x72\x6f\x75\x70\x2c\x20\x49\x6e\x63\x2e\x31\x31\x30\x2f\x06\x03\x55\x04\x0b\x13\x28\x47\x6f\x20\x44\x61\x64\x64\x79\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x20\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0d\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xde\x9d\xd7\xea\x57\x18\x49\xa1\x5b\xeb\xd7\x5f\x48\x86\xea\xbe\xdd\xff\xe4\xef\x67\x1c\xf4\x65\x68\xb3\x57\x71\xa0\x5e\x77\xbb\xed\x9b\x49\xe9\x70\x80\x3d\x56\x18\x63\x08\x6f\xda\xf2\xcc\xd0\x3f\x7f\x02\x54\x22\x54\x10\xd8\xb2\x81\xd4\xc0\x75\x3d\x4b\x7f\xc7\x77\xc3\x3e\x78\xab\x1a\x03\xb5\x20\x6b\x2f\x6a\x2b\xb1\xc5\x88\x7e\xc4\xbb\x1e\xb0\xc1\xd8\x45\x27\x6f\xaa\x37\x58\xf7\x87\x26\xd7\xd8\x2d\xf6\xa9\x17\xb7\x1f\x72\x36\x4e\xa6\x17\x3f\x65\x98\x92\xdb\x2a\x6e\x5d\xa2\xfe\x88\xe0\x0b\xde\x7f\xe5\x8d\x15\xe1\xeb\xcb\x3a\xd5\xe2\x12\xa2\x13\x2d\xd8\x8e\xaf\x5f\x12\x3d\xa0\x08\x05\x08\xb6\x5c\xa5\x65\x38\x04\x45\x99\x1e\xa3\x60\x60\x74\xc5\x41\xa5\x72\x62\x1b\x62\xc5\x1f\x6f\x5f\x1a\x42\xbe\x02\x51\x65\xa8\xae\x23\x18\x6a\xfc\x78\x03\xa9\x4d\x7f\x80\xc3\xfa\xab\x5a\xfc\xa1\x40\xa4\xca\x19\x16\xfe\xb2\xc8\xef\x5e\x73\x0d\xee\x77\xbd\x9a\xf6\x79\x98\xbc\xb1\x07\x67\xa2\x15\x0d\xdd\xa0\x58\xc6\x44\x7b\x0a\x3e\x62\x28\x5f\xba\x41\x07\x53\x58\xcf\x11\x7e\x38\x74\xc5\xf8\xff\xb5\x69\x90\x8f\x84\x74\xea\x97\x1b\xaf\x02\x01\x03\xa3\x81\xc0\x30\x81\xbd\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xd2\xc4\xb0\xd2\x91\xd4\x4c\x11\x71\xb3\x61\xcb\x3d\xa1\xfe\xdd\xa8\x6a\xd4\xe3\x30\x81\x8d\x06\x03\x55\x1d\x23\x04\x81\x85\x30\x81\x82\x80\x14\xd2\xc4\xb0\xd2\x91\xd4\x4c\x11\x71\xb3\x61\xcb\x3d\xa1\xfe\xdd\xa8\x6a\xd4\xe3\xa1\x67\xa4\x65\x30\x63\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1f\x06\x03\x55\x04\x0a\x13\x18\x54\x68\x65\x20\x47\x6f\x20\x44\x61\x64\x64\x79\x20\x47\x72\x6f\x75\x70\x2c\x20\x49\x6e\x63\x2e\x31\x31\x30\x2f\x06\x03\x55\x04\x0b\x13\x28\x47\x6f\x20\x44\x61\x64\x64\x79\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x82\x01\x00\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x32\x4b\xf3\xb2\xca\x3e\x91\xfc\x12\xc6\xa1\x07\x8c\x8e\x77\xa0\x33\x06\x14\x5c\x90\x1e\x18\xf7\x08\xa6\x3d\x0a\x19\xf9\x87\x80\x11\x6e\x69\xe4\x96\x17\x30\xff\x34\x91\x63\x72\x38\xee\xcc\x1c\x01\xa3\x1d\x94\x28\xa4\x31\xf6\x7a\xc4\x54\xd7\xf6\xe5\x31\x58\x03\xa2\xcc\xce\x62\xdb\x94\x45\x73\xb5\xbf\x45\xc9\x24\xb5\xd5\x82\x02\xad\x23\x79\x69\x8d\xb8\xb6\x4d\xce\xcf\x4c\xca\x33\x23\xe8\x1c\x88\xaa\x9d\x8b\x41\x6e\x16\xc9\x20\xe5\x89\x9e\xcd\x3b\xda\x70\xf7\x7e\x99\x26\x20\x14\x54\x25\xab\x6e\x73\x85\xe6\x9b\x21\x9d\x0a\x6c\x82\x0e\xa8\xf8\xc2\x0c\xfa\x10\x1e\x6c\x96\xef\x87\x0d\xc4\x0f\x61\x8b\xad\xee\x83\x2b\x95\xf8\x8e\x92\x84\x72\x39\xeb\x20\xea\x83\xed\x83\xcd\x97\x6e\x08\xbc\xeb\x4e\x26\xb6\x73\x2b\xe4\xd3\xf6\x4c\xfe\x26\x71\xe2\x61\x11\x74\x4a\xff\x57\x1a\x87\x0f\x75\x48\x2e\xcf\x51\x69\x17\xa0\x02\x12\x61\x95\xd5\xd1\x40\xb2\x10\x4c\xee\xc4\xac\x10\x43\xa6\xa5\x9e\x0a\xd5\x95\x62\x9a\x0d\xcf\x88\x82\xc5\x32\x0c\xe4\x2b\x9f\x45\xe6\x0d\x9f\x28\x9c\xb1\xb9\x2a\x5a\x57\xad\x37\x0f\xaf\x1d\x7f\xdb\xbd\x9f", + ["Starfield Class 2 CA"] = "\x30\x82\x04\x0f\x30\x82\x02\xf7\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x68\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x25\x30\x23\x06\x03\x55\x04\x0a\x13\x1c\x53\x74\x61\x72\x66\x69\x65\x6c\x64\x20\x54\x65\x63\x68\x6e\x6f\x6c\x6f\x67\x69\x65\x73\x2c\x20\x49\x6e\x63\x2e\x31\x32\x30\x30\x06\x03\x55\x04\x0b\x13\x29\x53\x74\x61\x72\x66\x69\x65\x6c\x64\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x34\x30\x36\x32\x39\x31\x37\x33\x39\x31\x36\x5a\x17\x0d\x33\x34\x30\x36\x32\x39\x31\x37\x33\x39\x31\x36\x5a\x30\x68\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x25\x30\x23\x06\x03\x55\x04\x0a\x13\x1c\x53\x74\x61\x72\x66\x69\x65\x6c\x64\x20\x54\x65\x63\x68\x6e\x6f\x6c\x6f\x67\x69\x65\x73\x2c\x20\x49\x6e\x63\x2e\x31\x32\x30\x30\x06\x03\x55\x04\x0b\x13\x29\x53\x74\x61\x72\x66\x69\x65\x6c\x64\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x20\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0d\x00\x30\x82\x01\x08\x02\x82\x01\x01\x00\xb7\x32\xc8\xfe\xe9\x71\xa6\x04\x85\xad\x0c\x11\x64\xdf\xce\x4d\xef\xc8\x03\x18\x87\x3f\xa1\xab\xfb\x3c\xa6\x9f\xf0\xc3\xa1\xda\xd4\xd8\x6e\x2b\x53\x90\xfb\x24\xa4\x3e\x84\xf0\x9e\xe8\x5f\xec\xe5\x27\x44\xf5\x28\xa6\x3f\x7b\xde\xe0\x2a\xf0\xc8\xaf\x53\x2f\x9e\xca\x05\x01\x93\x1e\x8f\x66\x1c\x39\xa7\x4d\xfa\x5a\xb6\x73\x04\x25\x66\xeb\x77\x7f\xe7\x59\xc6\x4a\x99\x25\x14\x54\xeb\x26\xc7\xf3\x7f\x19\xd5\x30\x70\x8f\xaf\xb0\x46\x2a\xff\xad\xeb\x29\xed\xd7\x9f\xaa\x04\x87\xa3\xd4\xf9\x89\xa5\x34\x5f\xdb\x43\x91\x82\x36\xd9\x66\x3c\xb1\xb8\xb9\x82\xfd\x9c\x3a\x3e\x10\xc8\x3b\xef\x06\x65\x66\x7a\x9b\x19\x18\x3d\xff\x71\x51\x3c\x30\x2e\x5f\xbe\x3d\x77\x73\xb2\x5d\x06\x6c\xc3\x23\x56\x9a\x2b\x85\x26\x92\x1c\xa7\x02\xb3\xe4\x3f\x0d\xaf\x08\x79\x82\xb8\x36\x3d\xea\x9c\xd3\x35\xb3\xbc\x69\xca\xf5\xcc\x9d\xe8\xfd\x64\x8d\x17\x80\x33\x6e\x5e\x4a\x5d\x99\xc9\x1e\x87\xb4\x9d\x1a\xc0\xd5\x6e\x13\x35\x23\x5e\xdf\x9b\x5f\x3d\xef\xd6\xf7\x76\xc2\xea\x3e\xbb\x78\x0d\x1c\x42\x67\x6b\x04\xd8\xf8\xd6\xda\x6f\x8b\xf2\x44\xa0\x01\xab\x02\x01\x03\xa3\x81\xc5\x30\x81\xc2\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xbf\x5f\xb7\xd1\xce\xdd\x1f\x86\xf4\x5b\x55\xac\xdc\xd7\x10\xc2\x0e\xa9\x88\xe7\x30\x81\x92\x06\x03\x55\x1d\x23\x04\x81\x8a\x30\x81\x87\x80\x14\xbf\x5f\xb7\xd1\xce\xdd\x1f\x86\xf4\x5b\x55\xac\xdc\xd7\x10\xc2\x0e\xa9\x88\xe7\xa1\x6c\xa4\x6a\x30\x68\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x25\x30\x23\x06\x03\x55\x04\x0a\x13\x1c\x53\x74\x61\x72\x66\x69\x65\x6c\x64\x20\x54\x65\x63\x68\x6e\x6f\x6c\x6f\x67\x69\x65\x73\x2c\x20\x49\x6e\x63\x2e\x31\x32\x30\x30\x06\x03\x55\x04\x0b\x13\x29\x53\x74\x61\x72\x66\x69\x65\x6c\x64\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x82\x01\x00\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x05\x9d\x3f\x88\x9d\xd1\xc9\x1a\x55\xa1\xac\x69\xf3\xf3\x59\xda\x9b\x01\x87\x1a\x4f\x57\xa9\xa1\x79\x09\x2a\xdb\xf7\x2f\xb2\x1e\xcc\xc7\x5e\x6a\xd8\x83\x87\xa1\x97\xef\x49\x35\x3e\x77\x06\x41\x58\x62\xbf\x8e\x58\xb8\x0a\x67\x3f\xec\xb3\xdd\x21\x66\x1f\xc9\x54\xfa\x72\xcc\x3d\x4c\x40\xd8\x81\xaf\x77\x9e\x83\x7a\xbb\xa2\xc7\xf5\x34\x17\x8e\xd9\x11\x40\xf4\xfc\x2c\x2a\x4d\x15\x7f\xa7\x62\x5d\x2e\x25\xd3\x00\x0b\x20\x1a\x1d\x68\xf9\x17\xb8\xf4\xbd\x8b\xed\x28\x59\xdd\x4d\x16\x8b\x17\x83\xc8\xb2\x65\xc7\x2d\x7a\xa5\xaa\xbc\x53\x86\x6d\xdd\x57\xa4\xca\xf8\x20\x41\x0b\x68\xf0\xf4\xfb\x74\xbe\x56\x5d\x7a\x79\xf5\xf9\x1d\x85\xe3\x2d\x95\xbe\xf5\x71\x90\x43\xcc\x8d\x1f\x9a\x00\x0a\x87\x29\xe9\x55\x22\x58\x00\x23\xea\xe3\x12\x43\x29\x5b\x47\x08\xdd\x8c\x41\x6a\x65\x06\xa8\xe5\x21\xaa\x41\xb4\x95\x21\x95\xb9\x7d\xd1\x34\xab\x13\xd6\xad\xbc\xdc\xe2\x3d\x39\xcd\xbd\x3e\x75\x70\xa1\x18\x59\x03\xc9\x22\xb4\x8f\x9c\xd5\x5e\x2a\xd7\xa5\xb6\xd4\x0a\x6d\xf8\xb7\x40\x11\x46\x9a\x1f\x79\x0e\x62\xbf\x0f\x97\xec\xe0\x2f\x1f\x17\x94", + ["StartCom Certification Authority"] = "\x30\x82\x07\xc9\x30\x82\x05\xb1\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4c\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x53\x74\x61\x72\x74\x43\x6f\x6d\x20\x4c\x74\x64\x2e\x31\x2b\x30\x29\x06\x03\x55\x04\x0b\x13\x22\x53\x65\x63\x75\x72\x65\x20\x44\x69\x67\x69\x74\x61\x6c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x69\x67\x6e\x69\x6e\x67\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x53\x74\x61\x72\x74\x43\x6f\x6d\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x36\x30\x39\x31\x37\x31\x39\x34\x36\x33\x36\x5a\x17\x0d\x33\x36\x30\x39\x31\x37\x31\x39\x34\x36\x33\x36\x5a\x30\x7d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4c\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x53\x74\x61\x72\x74\x43\x6f\x6d\x20\x4c\x74\x64\x2e\x31\x2b\x30\x29\x06\x03\x55\x04\x0b\x13\x22\x53\x65\x63\x75\x72\x65\x20\x44\x69\x67\x69\x74\x61\x6c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x69\x67\x6e\x69\x6e\x67\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x53\x74\x61\x72\x74\x43\x6f\x6d\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xc1\x88\xdb\x09\xbc\x6c\x46\x7c\x78\x9f\x95\x7b\xb5\x33\x90\xf2\x72\x62\xd6\xc1\x36\x20\x22\x24\x5e\xce\xe9\x77\xf2\x43\x0a\xa2\x06\x64\xa4\xcc\x8e\x36\xf8\x38\xe6\x23\xf0\x6e\x6d\xb1\x3c\xdd\x72\xa3\x85\x1c\xa1\xd3\x3d\xb4\x33\x2b\xd3\x2f\xaf\xfe\xea\xb0\x41\x59\x67\xb6\xc4\x06\x7d\x0a\x9e\x74\x85\xd6\x79\x4c\x80\x37\x7a\xdf\x39\x05\x52\x59\xf7\xf4\x1b\x46\x43\xa4\xd2\x85\x85\xd2\xc3\x71\xf3\x75\x62\x34\xba\x2c\x8a\x7f\x1e\x8f\xee\xed\x34\xd0\x11\xc7\x96\xcd\x52\x3d\xba\x33\xd6\xdd\x4d\xde\x0b\x3b\x4a\x4b\x9f\xc2\x26\x2f\xfa\xb5\x16\x1c\x72\x35\x77\xca\x3c\x5d\xe6\xca\xe1\x26\x8b\x1a\x36\x76\x5c\x01\xdb\x74\x14\x25\xfe\xed\xb5\xa0\x88\x0f\xdd\x78\xca\x2d\x1f\x07\x97\x30\x01\x2d\x72\x79\xfa\x46\xd6\x13\x2a\xa8\xb9\xa6\xab\x83\x49\x1d\xe5\xf2\xef\xdd\xe4\x01\x8e\x18\x0a\x8f\x63\x53\x16\x85\x62\xa9\x0e\x19\x3a\xcc\xb5\x66\xa6\xc2\x6b\x74\x07\xe4\x2b\xe1\x76\x3e\xb4\x6d\xd8\xf6\x44\xe1\x73\x62\x1f\x3b\xc4\xbe\xa0\x53\x56\x25\x6c\x51\x09\xf7\xaa\xab\xca\xbf\x76\xfd\x6d\x9b\xf3\x9d\xdb\xbf\x3d\x66\xbc\x0c\x56\xaa\xaf\x98\x48\x95\x3a\x4b\xdf\xa7\x58\x50\xd9\x38\x75\xa9\x5b\xea\x43\x0c\x02\xff\x99\xeb\xe8\x6c\x4d\x70\x5b\x29\x65\x9c\xdd\xaa\x5d\xcc\xaf\x01\x31\xec\x0c\xeb\xd2\x8d\xe8\xea\x9c\x7b\xe6\x6e\xf7\x27\x66\x0c\x1a\x48\xd7\x6e\x42\xe3\x3f\xde\x21\x3e\x7b\xe1\x0d\x70\xfb\x63\xaa\xa8\x6c\x1a\x54\xb4\x5c\x25\x7a\xc9\xa2\xc9\x8b\x16\xa6\xbb\x2c\x7e\x17\x5e\x05\x4d\x58\x6e\x12\x1d\x01\xee\x12\x10\x0d\xc6\x32\x7f\x18\xff\xfc\xf4\xfa\xcd\x6e\x91\xe8\x36\x49\xbe\x1a\x48\x69\x8b\xc2\x96\x4d\x1a\x12\xb2\x69\x17\xc1\x0a\x90\xd6\xfa\x79\x22\x48\xbf\xba\x7b\x69\xf8\x70\xc7\xfa\x7a\x37\xd8\xd8\x0d\xd2\x76\x4f\x57\xff\x90\xb7\xe3\x91\xd2\xdd\xef\xc2\x60\xb7\x67\x3a\xdd\xfe\xaa\x9c\xf0\xd4\x8b\x7f\x72\x22\xce\xc6\x9f\x97\xb6\xf8\xaf\x8a\xa0\x10\xa8\xd9\xfb\x18\xc6\xb6\xb5\x5c\x52\x3c\x89\xb6\x19\x2a\x73\x01\x0a\x0f\x03\xb3\x12\x60\xf2\x7a\x2f\x81\xdb\xa3\x6e\xff\x26\x30\x97\xf5\x8b\xdd\x89\x57\xb6\xad\x3d\xb3\xaf\x2b\xc5\xb7\x76\x02\xf0\xa5\xd6\x2b\x9a\x86\x14\x2a\x72\xf6\xe3\x33\x8c\x5d\x09\x4b\x13\xdf\xbb\x8c\x74\x13\x52\x4b\x02\x03\x01\x00\x01\xa3\x82\x02\x52\x30\x82\x02\x4e\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\xae\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x4e\x0b\xef\x1a\xa4\x40\x5b\xa5\x17\x69\x87\x30\xca\x34\x68\x43\xd0\x41\xae\xf2\x30\x64\x06\x03\x55\x1d\x1f\x04\x5d\x30\x5b\x30\x2c\xa0\x2a\xa0\x28\x86\x26\x68\x74\x74\x70\x3a\x2f\x2f\x63\x65\x72\x74\x2e\x73\x74\x61\x72\x74\x63\x6f\x6d\x2e\x6f\x72\x67\x2f\x73\x66\x73\x63\x61\x2d\x63\x72\x6c\x2e\x63\x72\x6c\x30\x2b\xa0\x29\xa0\x27\x86\x25\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x73\x74\x61\x72\x74\x63\x6f\x6d\x2e\x6f\x72\x67\x2f\x73\x66\x73\x63\x61\x2d\x63\x72\x6c\x2e\x63\x72\x6c\x30\x82\x01\x5d\x06\x03\x55\x1d\x20\x04\x82\x01\x54\x30\x82\x01\x50\x30\x82\x01\x4c\x06\x0b\x2b\x06\x01\x04\x01\x81\xb5\x37\x01\x01\x01\x30\x82\x01\x3b\x30\x2f\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x63\x65\x72\x74\x2e\x73\x74\x61\x72\x74\x63\x6f\x6d\x2e\x6f\x72\x67\x2f\x70\x6f\x6c\x69\x63\x79\x2e\x70\x64\x66\x30\x35\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x29\x68\x74\x74\x70\x3a\x2f\x2f\x63\x65\x72\x74\x2e\x73\x74\x61\x72\x74\x63\x6f\x6d\x2e\x6f\x72\x67\x2f\x69\x6e\x74\x65\x72\x6d\x65\x64\x69\x61\x74\x65\x2e\x70\x64\x66\x30\x81\xd0\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x81\xc3\x30\x27\x16\x20\x53\x74\x61\x72\x74\x20\x43\x6f\x6d\x6d\x65\x72\x63\x69\x61\x6c\x20\x28\x53\x74\x61\x72\x74\x43\x6f\x6d\x29\x20\x4c\x74\x64\x2e\x30\x03\x02\x01\x01\x1a\x81\x97\x4c\x69\x6d\x69\x74\x65\x64\x20\x4c\x69\x61\x62\x69\x6c\x69\x74\x79\x2c\x20\x72\x65\x61\x64\x20\x74\x68\x65\x20\x73\x65\x63\x74\x69\x6f\x6e\x20\x2a\x4c\x65\x67\x61\x6c\x20\x4c\x69\x6d\x69\x74\x61\x74\x69\x6f\x6e\x73\x2a\x20\x6f\x66\x20\x74\x68\x65\x20\x53\x74\x61\x72\x74\x43\x6f\x6d\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x50\x6f\x6c\x69\x63\x79\x20\x61\x76\x61\x69\x6c\x61\x62\x6c\x65\x20\x61\x74\x20\x68\x74\x74\x70\x3a\x2f\x2f\x63\x65\x72\x74\x2e\x73\x74\x61\x72\x74\x63\x6f\x6d\x2e\x6f\x72\x67\x2f\x70\x6f\x6c\x69\x63\x79\x2e\x70\x64\x66\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x38\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x0d\x04\x2b\x16\x29\x53\x74\x61\x72\x74\x43\x6f\x6d\x20\x46\x72\x65\x65\x20\x53\x53\x4c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x16\x6c\x99\xf4\x66\x0c\x34\xf5\xd0\x85\x5e\x7d\x0a\xec\xda\x10\x4e\x38\x1c\x5e\xdf\xa6\x25\x05\x4b\x91\x32\xc1\xe8\x3b\xf1\x3d\xdd\x44\x09\x5b\x07\x49\x8a\x29\xcb\x66\x02\xb7\xb1\x9a\xf7\x25\x98\x09\x3c\x8e\x1b\xe1\xdd\x36\x87\x2b\x4b\xbb\x68\xd3\x39\x66\x3d\xa0\x26\xc7\xf2\x39\x91\x1d\x51\xab\x82\x7b\x7e\xd5\xce\x5a\xe4\xe2\x03\x57\x70\x69\x97\x08\xf9\x5e\x58\xa6\x0a\xdf\x8c\x06\x9a\x45\x16\x16\x38\x0a\x5e\x57\xf6\x62\xc7\x7a\x02\x05\xe6\xbc\x1e\xb5\xf2\x9e\xf4\xa9\x29\x83\xf8\xb2\x14\xe3\x6e\x28\x87\x44\xc3\x90\x1a\xde\x38\xa9\x3c\xac\x43\x4d\x64\x45\xce\xdd\x28\xa9\x5c\xf2\x73\x7b\x04\xf8\x17\xe8\xab\xb1\xf3\x2e\x5c\x64\x6e\x73\x31\x3a\x12\xb8\xbc\xb3\x11\xe4\x7d\x8f\x81\x51\x9a\x3b\x8d\x89\xf4\x4d\x93\x66\x7b\x3c\x03\xed\xd3\x9a\x1d\x9a\xf3\x65\x50\xf5\xa0\xd0\x75\x9f\x2f\xaf\xf0\xea\x82\x43\x98\xf8\x69\x9c\x89\x79\xc4\x43\x8e\x46\x72\xe3\x64\x36\x12\xaf\xf7\x25\x1e\x38\x89\x90\x77\x7e\xc3\x6b\x6a\xb9\xc3\xcb\x44\x4b\xac\x78\x90\x8b\xe7\xc7\x2c\x1e\x4b\x11\x44\xc8\x34\x52\x27\xcd\x0a\x5d\x9f\x85\xc1\x89\xd5\x1a\x78\xf2\x95\x10\x53\x32\xdd\x80\x84\x66\x75\xd9\xb5\x68\x28\xfb\x61\x2e\xbe\x84\xa8\x38\xc0\x99\x12\x86\xa5\x1e\x67\x64\xad\x06\x2e\x2f\xa9\x70\x85\xc7\x96\x0f\x7c\x89\x65\xf5\x8e\x43\x54\x0e\xab\xdd\xa5\x80\x39\x94\x60\xc0\x34\xc9\x96\x70\x2c\xa3\x12\xf5\x1f\x48\x7b\xbd\x1c\x7e\x6b\xb7\x9d\x90\xf4\x22\x3b\xae\xf8\xfc\x2a\xca\xfa\x82\x52\xa0\xef\xaf\x4b\x55\x93\xeb\xc1\xb5\xf0\x22\x8b\xac\x34\x4e\x26\x22\x04\xa1\x87\x2c\x75\x4a\xb7\xe5\x7d\x13\xd7\xb8\x0c\x64\xc0\x36\xd2\xc9\x2f\x86\x12\x8c\x23\x09\xc1\x1b\x82\x3b\x73\x49\xa3\x6a\x57\x87\x94\xe5\xd6\x78\xc5\x99\x43\x63\xe3\x4d\xe0\x77\x2d\xe1\x65\x99\x72\x69\x04\x1a\x47\x09\xe6\x0f\x01\x56\x24\xfb\x1f\xbf\x0e\x79\xa9\x58\x2e\xb9\xc4\x09\x01\x7e\x95\xba\x6d\x00\x06\x3e\xb2\xea\x4a\x10\x39\xd8\xd0\x2b\xf5\xbf\xec\x75\xbf\x97\x02\xc5\x09\x1b\x08\xdc\x55\x37\xe2\x81\xfb\x37\x84\x43\x62\x20\xca\xe7\x56\x4b\x65\xea\xfe\x6c\xc1\x24\x93\x24\xa1\x34\xeb\x05\xff\x9a\x22\xae\x9b\x7d\x3f\xf1\x65\x51\x0a\xa6\x30\x6a\xb3\xf4\x88\x1c\x80\x0d\xfc\x72\x8a\xe8\x83\x5e", + ["Taiwan GRCA"] = "\x30\x82\x05\x72\x30\x82\x03\x5a\xa0\x03\x02\x01\x02\x02\x10\x1f\x9d\x59\x5a\xd7\x2f\xc2\x06\x44\xa5\x80\x08\x69\xe3\x5e\xf6\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x30\x30\x2e\x06\x03\x55\x04\x0a\x0c\x27\x47\x6f\x76\x65\x72\x6e\x6d\x65\x6e\x74\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x32\x31\x32\x30\x35\x31\x33\x32\x33\x33\x33\x5a\x17\x0d\x33\x32\x31\x32\x30\x35\x31\x33\x32\x33\x33\x33\x5a\x30\x3f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x30\x30\x2e\x06\x03\x55\x04\x0a\x0c\x27\x47\x6f\x76\x65\x72\x6e\x6d\x65\x6e\x74\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\x9a\x25\xb8\xec\xcc\xa2\x75\xa8\x7b\xf7\xce\x5b\x59\x8a\xc9\xd1\x86\x12\x08\x54\xec\x9c\xf2\xe7\x46\xf6\x88\xf3\x7c\xe9\xa5\xdf\x4c\x47\x36\xa4\x1b\x01\x1c\x7f\x1e\x57\x8a\x8d\xc3\xc5\xd1\x21\xe3\xda\x24\x3f\x48\x2b\xfb\x9f\x2e\xa1\x94\xe7\x2c\x1c\x93\xd1\xbf\x1b\x01\x87\x53\x99\xce\xa7\xf5\x0a\x21\x76\x77\xff\xa9\xb7\xc6\x73\x94\x4f\x46\xf7\x10\x49\x37\xfa\xa8\x59\x49\x5d\x6a\x81\x07\x56\xf2\x8a\xf9\x06\xd0\xf7\x70\x22\x4d\xb4\xb7\x41\xb9\x32\xb8\xb1\xf0\xb1\xc3\x9c\x3f\x70\xfd\x53\xdd\x81\xaa\xd8\x63\x78\xf6\xd8\x53\x6e\xa1\xac\x6a\x84\x24\x72\x54\x86\xc6\xd2\xb2\xca\x1c\x0e\x79\x81\xd6\xb5\x70\x62\x08\x01\x2e\x4e\x4f\x0e\xd5\x11\xaf\xa9\xaf\xe5\x9a\xbf\xdc\xcc\x87\x6d\x26\xe4\xc9\x57\xa2\xfb\x96\xf9\xcc\xe1\x3f\x53\x8c\x6c\x4c\x7e\x9b\x53\x08\x0b\x6c\x17\xfb\x67\xc8\xc2\xad\xb1\xcd\x80\xb4\x97\xdc\x76\x01\x16\x15\xe9\x6a\xd7\xa4\xe1\x78\x47\xce\x86\xd5\xfb\x31\xf3\xfa\x31\xbe\x34\xaa\x28\xfb\x70\x4c\x1d\x49\xc7\xaf\x2c\x9d\x6d\x66\xa6\xb6\x8d\x64\x7e\xb5\x20\x6a\x9d\x3b\x81\xb6\x8f\x40\x00\x67\x4b\x89\x86\xb8\xcc\x65\xfe\x15\x53\xe9\x04\xc1\xd6\x5f\x1d\x44\xd7\x0a\x2f\x27\x9a\x46\x7d\xa1\x0d\x75\xad\x54\x86\x15\xdc\x49\x3b\xf1\x96\xce\x0f\x9b\xa0\xec\xa3\x7a\x5d\xbe\xd5\x2a\x75\x42\xe5\x7b\xde\xa5\xb6\xaa\xaf\x28\xac\xac\x90\xac\x38\xb7\xd5\x68\x35\x26\x7a\xdc\xf7\x3b\xf3\xfd\x45\x9b\xd1\xbb\x43\x78\x6e\x6f\xf1\x42\x54\x6a\x98\xf0\x0d\xad\x97\xe9\x52\x5e\xe9\xd5\x6a\x72\xde\x6a\xf7\x1b\x60\x14\xf4\xa5\xe4\xb6\x71\x67\xaa\x1f\xea\xe2\x4d\xc1\x42\x40\xfe\x67\x46\x17\x38\x2f\x47\x3f\x71\x9c\xae\xe5\x21\xca\x61\x2d\x6d\x07\xa8\x84\x7c\x2d\xee\x51\x25\xf1\x63\x90\x9e\xfd\xe1\x57\x88\x6b\xef\x8a\x23\x6d\xb1\xe6\xbd\x3f\xad\xd1\x3d\x96\x0b\x85\x8d\xcd\x6b\x27\xbb\xb7\x05\x9b\xec\xbb\x91\xa9\x0a\x07\x12\x02\x97\x4e\x20\x90\xf0\xff\x0d\x1e\xe2\x41\x3b\xd3\x40\x3a\xe7\x8d\x5d\xda\x66\xe4\x02\xb0\x07\x52\x98\x5c\x0e\x8e\x33\x9c\xc2\xa6\x95\xfb\x55\x19\x6e\x4c\x8e\xae\x4b\x0f\xbd\xc1\x38\x4d\x5e\x8f\x84\x1d\x66\xcd\xc5\x60\x96\xb4\x52\x5a\x05\x89\x8e\x95\x7a\x98\xc1\x91\x3c\x95\x23\xb2\x0e\xf4\x79\xb4\xc9\x7c\xc1\x4a\x21\x02\x03\x01\x00\x01\xa3\x6a\x30\x68\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xcc\xcc\xef\xcc\x29\x60\xa4\x3b\xb1\x92\xb6\x3c\xfa\x32\x62\x8f\xac\x25\x15\x3b\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x39\x06\x04\x67\x2a\x07\x00\x04\x31\x30\x2f\x30\x2d\x02\x01\x00\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x30\x07\x06\x05\x67\x2a\x03\x00\x00\x04\x14\x03\x9b\xf0\x22\x13\xff\x95\x28\x36\xd3\xdc\x9e\xc0\x32\xfb\x31\x3a\x8a\x51\x65\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x40\x80\x4a\xfa\x26\xc9\xce\x5e\x30\xdd\x4f\x86\x74\x76\x58\xf5\xae\xb3\x83\x33\x78\xa4\x7a\x74\x17\x19\x4e\xe9\x52\xb5\xb9\xe0\x0a\x74\x62\xaa\x68\xca\x78\xa0\x4c\x9a\x8e\x2c\x23\x2e\xd5\x6a\x12\x24\xbf\xd4\x68\xd3\x8a\xd0\xd8\x9c\x9f\xb4\x1f\x0c\xde\x38\x7e\x57\x38\xfc\x8d\xe2\x4f\x5e\x0c\x9f\xab\x3b\xd2\xff\x75\x97\xcb\xa4\xe3\x67\x08\xff\xe5\xc0\x16\xb5\x48\x01\x7d\xe9\xf9\x0a\xff\x1b\xe5\x6a\x69\xbf\x78\x21\xa8\xc2\xa7\x23\xa9\x86\xab\x76\x56\xe8\x0e\x0c\xf6\x13\xdd\x2a\x66\x8a\x64\x49\x3d\x1a\x18\x87\x90\x04\x9f\x42\x52\xb7\x4f\xcb\xfe\x47\x41\x76\x35\xef\xff\x00\x76\x36\x45\x32\x9b\xc6\x46\x85\x5d\xe2\x24\xb0\x1e\xe3\x48\x96\x98\x57\x47\x94\x55\x7a\x0f\x41\xb1\x44\x24\xf3\xc1\xfe\x1a\x6b\xbf\x88\xfd\xc1\xa6\xda\x93\x60\x5e\x81\x4a\x99\x20\x9c\x48\x66\x19\xb5\x00\x79\x54\x0f\xb8\x2c\x2f\x4b\xbc\xa9\x5d\x5b\x60\x7f\x8c\x87\xa5\xe0\x52\x63\x2a\xbe\xd8\x3b\x85\x40\x15\xfe\x1e\xb6\x65\x3f\xc5\x4b\xda\x7e\xb5\x7a\x35\x29\xa3\x2e\x7a\x98\x60\x22\xa3\xf4\x7d\x27\x4e\x2d\xea\xb4\x74\x3c\xe9\x0f\xa4\x33\x0f\x10\x11\xbc\x13\x01\xd6\xe5\x0e\xd3\xbf\xb5\x12\xa2\xe1\x45\x23\xc0\xcc\x08\x6e\x61\xb7\x89\xab\x83\xe3\x24\x1e\xe6\x5d\x07\xe7\x1f\x20\x3e\xcf\x67\xc8\xe7\xac\x30\x6d\x27\x4b\x68\x6e\x4b\x2a\x5c\x02\x08\x34\xdb\xf8\x76\xe4\x67\xa3\x26\x9c\x3f\xa2\x32\xc2\x4a\xc5\x81\x18\x31\x10\x56\xaa\x84\xef\x2d\x0a\xff\xb8\x1f\x77\xd2\xbf\xa5\x58\xa0\x62\xe4\xd7\x4b\x91\x75\x8d\x89\x80\x98\x7e\x6d\xcb\x53\x4e\x5e\xaf\xf6\xb2\x97\x85\x97\xb9\xda\x55\x06\xb9\x24\xee\xd7\xc6\x38\x1e\x63\x1b\x12\x3b\x95\xe1\x58\xac\xf2\xdf\x84\xd5\x5f\x99\x2f\x0d\x55\x5b\xe6\x38\xdb\x2e\x3f\x72\xe9\x48\x85\xcb\xbb\x29\x13\x8f\x1e\x38\x55\xb9\xf3\xb2\xc4\x30\x99\x23\x4e\x5d\xf2\x48\xa1\x12\x0c\xdc\x12\x90\x09\x90\x54\x91\x03\x3c\x47\xe5\xd5\xc9\x65\xe0\xb7\x4b\x7d\xec\x47\xd3\xb3\x0b\x3e\xad\x9e\xd0\x74\x00\x0e\xeb\xbd\x51\xad\xc0\xde\x2c\xc0\xc3\x6a\xfe\xef\xdc\x0b\xa7\xfa\x46\xdf\x60\xdb\x9c\xa6\x59\x50\x75\x23\x69\x73\x93\xb2\xf9\xfc\x02\xd3\x47\xe6\x71\xce\x10\x02\xee\x27\x8c\x84\xff\xac\x45\x0d\x13\x5c\x83\x32\xe0\x25\xa5\x86\x2c\x7c\xf4\x12", + ["Firmaprofesional Root CA"] = "\x30\x82\x04\x57\x30\x82\x03\x3f\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x9d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x22\x30\x20\x06\x03\x55\x04\x07\x13\x19\x43\x2f\x20\x4d\x75\x6e\x74\x61\x6e\x65\x72\x20\x32\x34\x34\x20\x42\x61\x72\x63\x65\x6c\x6f\x6e\x61\x31\x42\x30\x40\x06\x03\x55\x04\x03\x13\x39\x41\x75\x74\x6f\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6f\x6e\x20\x46\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x31\x26\x30\x24\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x17\x63\x61\x40\x66\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x30\x31\x31\x30\x32\x34\x32\x32\x30\x30\x30\x30\x5a\x17\x0d\x31\x33\x31\x30\x32\x34\x32\x32\x30\x30\x30\x30\x5a\x30\x81\x9d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x22\x30\x20\x06\x03\x55\x04\x07\x13\x19\x43\x2f\x20\x4d\x75\x6e\x74\x61\x6e\x65\x72\x20\x32\x34\x34\x20\x42\x61\x72\x63\x65\x6c\x6f\x6e\x61\x31\x42\x30\x40\x06\x03\x55\x04\x03\x13\x39\x41\x75\x74\x6f\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6f\x6e\x20\x46\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x31\x26\x30\x24\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x17\x63\x61\x40\x66\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x2e\x63\x6f\x6d\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xe7\x23\x03\x6f\x6f\x23\xa5\x5e\x78\xce\x95\x2c\xed\x94\x1e\x6e\x0a\x9e\x01\xc7\xea\x30\xd1\x2c\x9d\xdd\x37\xe8\x9b\x98\x79\x56\xd3\xfc\x73\xdf\xd0\x8a\xde\x55\x8f\x51\xf9\x5a\xea\xde\xb5\x70\xc4\xed\xa4\xed\xff\xa3\x0d\x6e\x0f\x64\x50\x31\xaf\x01\x27\x58\xae\xfe\x6c\xa7\x4a\x2f\x17\x2d\xd3\x73\xd5\x13\x1c\x8f\x59\xa5\x34\x2c\x1d\x54\x04\x45\xcd\x68\xb8\xa0\xc0\x03\xa5\xcf\x85\x42\x47\x95\x28\x5b\xcf\xef\x80\x6c\xe0\x90\x97\x8a\x01\x3c\x1d\xf3\x87\x10\x30\x26\x48\x7d\xd7\xfc\xe9\x9d\x91\x71\xff\x41\x9a\xa9\x40\xb5\x37\x9c\x29\x20\x4f\x1f\x52\xe3\xa0\x7d\x13\x6d\x54\xb7\x0a\xde\xe9\x6a\x4e\x07\xac\xac\x19\x5f\xdc\x7e\x62\x74\xf6\xb2\x05\x00\xba\x85\xa0\xfd\x1d\x38\x6e\xcb\x5a\xbb\x86\xbc\x94\x67\x33\x35\x83\x2c\x1f\x23\xcd\xf8\xc8\x91\x71\xcc\x97\x8b\xef\xae\x0f\xdc\x29\x03\x1b\xc0\x39\xeb\x70\xed\xc1\x6e\x0e\xd8\x67\x0b\x89\xa9\xbc\x35\xe4\xef\xb6\x34\xb4\xa5\xb6\xc4\x2d\xa5\xbe\xd0\xc3\x94\x24\x48\xdb\xdf\x96\xd3\x00\xb5\x66\x1a\x8b\x66\x05\x0f\xdd\x3f\x3f\xcb\x3f\xaa\x5e\x9a\x4a\xf8\xb4\x4a\xef\x95\x37\x1b\x02\x03\x01\x00\x01\xa3\x81\x9f\x30\x81\x9c\x30\x2a\x06\x03\x55\x1d\x11\x04\x23\x30\x21\x86\x1f\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x66\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x2e\x63\x6f\x6d\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x01\x30\x2b\x06\x03\x55\x1d\x10\x04\x24\x30\x22\x80\x0f\x32\x30\x30\x31\x31\x30\x32\x34\x32\x32\x30\x30\x30\x30\x5a\x81\x0f\x32\x30\x31\x33\x31\x30\x32\x34\x32\x32\x30\x30\x30\x30\x5a\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x33\x0b\xa0\x66\xd1\xea\xda\xce\xde\x62\x93\x04\x28\x52\xb5\x14\x7f\x38\x68\xb7\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x47\x73\xfe\x8d\x27\x54\xf0\xf5\xd4\x77\x9c\x27\x79\x57\x57\xb7\x15\x56\xec\xc7\xd8\x58\xb7\x01\x02\xf4\x33\xed\x93\x50\x88\x9e\x7c\x46\xb1\xbd\x3f\x14\x6f\xf1\xb3\x47\x48\x8b\x8c\x97\x06\xd7\xea\x7e\xa3\x5c\x2a\xbb\x4d\x2f\x47\xe2\xf8\x39\x06\xc9\x9c\x2e\x31\x1a\x03\x78\xf4\xbc\x38\xc6\x22\x8b\x33\x31\xf0\x16\x04\x04\x7d\xf9\x76\xe4\x4b\xd7\xc0\xe6\x83\xec\x59\xcc\x3f\xde\xff\x4f\x6b\xb7\x67\x7e\xa6\x86\x81\x32\x23\x03\x9d\xc8\xf7\x5f\xc1\x4a\x60\xa5\x92\xa9\xb1\xa4\xa0\x60\xc3\x78\x87\xb3\x22\xf3\x2a\xeb\x5b\xa9\xed\x05\xab\x37\x0f\xb1\xe2\xd3\x95\x76\x63\x56\x74\x8c\x58\x72\x1b\x37\xe5\x64\xa1\xbe\x4d\x0c\x93\x98\x0c\x97\xf6\x87\x6d\xb3\x3f\xe7\xcb\x80\xa6\xed\x88\xc7\x5f\x50\x62\x02\xe8\x99\x74\x16\xd0\xe6\xb4\x39\xf1\x27\xcb\xc8\x40\xd6\xe3\x86\x10\xa9\x23\x12\x92\xe0\x69\x41\x63\xa7\xaf\x25\x0b\xc0\xc5\x92\xcb\x1e\x98\xa3\x5a\xba\xc5\x33\x0f\xa0\x97\x01\xdd\x7f\xe0\x7b\xd6\x06\x54\xcf\xa1\xe2\x4d\x38\xeb\x4b\x50\xb5\xcb\x26\xf4\xca\xda\x70\x4a\x6a\xa1\xe2\x79\xaa\xe1\xa7\x33\xf6\xfd\x4a\x1f\xf6\xd9\x60", + ["Wells Fargo Root CA"] = "\x30\x82\x03\xe5\x30\x82\x02\xcd\xa0\x03\x02\x01\x02\x02\x04\x39\xe4\x97\x9e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x31\x2c\x30\x2a\x06\x03\x55\x04\x0b\x13\x23\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x2f\x30\x2d\x06\x03\x55\x04\x03\x13\x26\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x30\x31\x30\x31\x31\x31\x36\x34\x31\x32\x38\x5a\x17\x0d\x32\x31\x30\x31\x31\x34\x31\x36\x34\x31\x32\x38\x5a\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x13\x0b\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x31\x2c\x30\x2a\x06\x03\x55\x04\x0b\x13\x23\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x31\x2f\x30\x2d\x06\x03\x55\x04\x03\x13\x26\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xd5\xa8\x33\x3b\x26\xf9\x34\xff\xcd\x9b\x7e\xe5\x04\x47\xce\x00\xe2\x7d\x77\xe7\x31\xc2\x2e\x27\xa5\x4d\x68\xb9\x31\xba\x8d\x43\x59\x97\xc7\x73\xaa\x7f\x3d\x5c\x40\x9e\x05\xe5\xa1\xe2\x89\xd9\x4c\xb8\x3f\x9b\xf9\x0c\xb4\xc8\x62\x19\x2c\x45\xae\x91\x1e\x73\x71\x41\xc4\x4b\x13\xfd\x70\xc2\x25\xac\x22\xf5\x75\x0b\xb7\x53\xe4\xa5\x2b\xdd\xce\xbd\x1c\x3a\x7a\xc3\xf7\x13\x8f\x26\x54\x9c\x16\x6b\x6b\xaf\xfb\xd8\x96\xb1\x60\x9a\x48\xe0\x25\x22\x24\x79\x34\xce\x0e\x26\x00\x0b\x4e\xab\xfd\x8b\xce\x82\xd7\x2f\x08\x70\x68\xc1\xa8\x0a\xf9\x74\x4f\x07\xab\xa4\xf9\xe2\x83\x7e\x27\x73\x74\x3e\xb8\xf9\x38\x42\xfc\xa5\xa8\x5b\x48\x23\xb3\xeb\xe3\x25\xb2\x80\xae\x96\xd4\x0a\x9c\xc2\x78\x9a\xc6\x68\x18\xae\x37\x62\x37\x5e\x51\x75\xa8\x58\x63\xc0\x51\xee\x40\x78\x7e\xa8\xaf\x1a\xa0\xe1\xb0\x78\x9d\x50\x8c\x7b\xe7\xb3\xfc\x8e\x23\xb0\xdb\x65\x00\x70\x84\x01\x08\x00\x14\x6e\x54\x86\x9a\xba\xcc\xf9\x37\x10\xf6\xe0\xde\x84\x2d\x9d\xa4\x85\x37\xd3\x87\xe3\x15\xd0\xc1\x17\x90\x7e\x19\x21\x6a\x12\xa9\x76\xfd\x12\x02\xe9\x4f\x21\x5e\x17\x02\x03\x01\x00\x01\xa3\x61\x30\x5f\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x4c\x06\x03\x55\x1d\x20\x04\x45\x30\x43\x30\x41\x06\x0b\x60\x86\x48\x01\x86\xfb\x7b\x87\x07\x01\x0b\x30\x32\x30\x30\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x24\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x77\x65\x6c\x6c\x73\x66\x61\x72\x67\x6f\x2e\x63\x6f\x6d\x2f\x63\x65\x72\x74\x70\x6f\x6c\x69\x63\x79\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xd2\x27\xdd\x9c\x0a\x77\x2b\xbb\x22\xf2\x02\xb5\x4a\x4a\x91\xf9\xd1\x2d\xbe\xe4\xbb\x1a\x68\xef\x0e\xa4\x00\xe9\xee\xe7\xef\xee\xf6\xf9\xe5\x74\xa4\xc2\xd8\x52\x58\xc4\x74\xfb\xce\x6b\xb5\x3b\x29\x79\x18\x5a\xef\x9b\xed\x1f\x6b\x36\xee\x48\x25\x25\x14\xb6\x56\xa2\x10\xe8\xee\xa7\x7f\xd0\x3f\xa3\xd0\xc3\x5d\x26\xee\x07\xcc\xc3\xc1\x24\x21\x87\x1e\xdf\x2a\x12\x53\x6f\x41\x16\xe7\xed\xae\x94\xfa\x8c\x72\xfa\x13\x47\xf0\x3c\x7e\xae\x7d\x11\x3a\x13\xec\xed\xfa\x6f\x72\x64\x7b\x9d\x7d\x7f\x26\xfd\x7a\xfb\x25\xad\xea\x3e\x29\x7f\x4c\xe3\x00\x57\x32\xb0\xb3\xe9\xed\x53\x17\xd9\x8b\xb2\x14\x0e\x30\xe8\xe5\xd5\x13\xc6\x64\xaf\xc4\x00\xd5\xd8\x58\x24\xfc\xf5\x8f\xec\xf1\xc7\x7d\xa5\xdb\x0f\x27\xd1\xc6\xf2\x40\x88\xe6\x1f\xf6\x61\xa8\xf4\x42\xc8\xb9\x37\xd3\xa9\xbe\x2c\x56\x78\xc2\x72\x9b\x59\x5d\x35\x40\x8a\xe8\x4e\x63\x1a\xb6\xe9\x20\x6a\x51\xe2\xce\xa4\x90\xdf\x76\x70\x99\x5c\x70\x43\x4d\xb7\xb6\xa7\x19\x64\x4e\x92\xb7\xc5\x91\x3c\x7f\x48\x16\x65\x7b\x16\xfd\xcb\xfc\xfb\xd9\xd5\xd6\x4f\x21\x65\x3b\x4a\x7f\x47\xa3\xfb", + ["Swisscom Root CA 1"] = "\x30\x82\x05\xd9\x30\x82\x03\xc1\xa0\x03\x02\x01\x02\x02\x10\x5c\x0b\x85\x5c\x0b\xe7\x59\x41\xdf\x57\xcc\x3f\x7f\x9d\xa8\x36\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x64\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x13\x08\x53\x77\x69\x73\x73\x63\x6f\x6d\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x44\x69\x67\x69\x74\x61\x6c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x53\x77\x69\x73\x73\x63\x6f\x6d\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x31\x30\x1e\x17\x0d\x30\x35\x30\x38\x31\x38\x31\x32\x30\x36\x32\x30\x5a\x17\x0d\x32\x35\x30\x38\x31\x38\x32\x32\x30\x36\x32\x30\x5a\x30\x64\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x13\x08\x53\x77\x69\x73\x73\x63\x6f\x6d\x31\x25\x30\x23\x06\x03\x55\x04\x0b\x13\x1c\x44\x69\x67\x69\x74\x61\x6c\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x53\x77\x69\x73\x73\x63\x6f\x6d\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x31\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xd0\xb9\xb0\xa8\x0c\xd9\xbb\x3f\x21\xf8\x1b\xd5\x33\x93\x80\x16\x65\x20\x75\xb2\x3d\x9b\x60\x6d\x46\xc8\x8c\x31\x6f\x17\xc3\xfa\x9a\x6c\x56\xed\x3c\xc5\x91\x57\xc3\xcd\xab\x96\x49\x90\x2a\x19\x4b\x1e\xa3\x6d\x57\xdd\xf1\x2b\x62\x28\x75\x45\x5e\xaa\xd6\x5b\xfa\x0b\x25\xd8\xa1\x16\xf9\x1c\xc4\x2e\xe6\x95\x2a\x67\xcc\xd0\x29\x6e\x3c\x85\x34\x38\x61\x49\xb1\x00\x9f\xd6\x3a\x71\x5f\x4d\x6d\xce\x5f\xb9\xa9\xe4\x89\x7f\x6a\x52\xfa\xca\x9b\xf2\xdc\xa9\xf9\x9d\x99\x47\x3f\x4e\x29\x5f\xb4\xa6\x8d\x5d\x7b\x0b\x99\x11\x03\x03\xfe\xe7\xdb\xdb\xa3\xff\x1d\xa5\xcd\x90\x1e\x01\x1f\x35\xb0\x7f\x00\xdb\x90\x6f\xc6\x7e\x7b\xd1\xee\x7a\x7a\xa7\xaa\x0c\x57\x6f\xa4\x6d\xc5\x13\x3b\xb0\xa5\xd9\xed\x32\x1c\xb4\x5e\x67\x8b\x54\xdc\x73\x87\xe5\xd3\x17\x7c\x66\x50\x72\x5d\xd4\x1a\x58\xc1\xd9\xcf\xd8\x89\x02\x6f\xa7\x49\xb4\x36\x5d\xd0\xa4\xde\x07\x2c\xb6\x75\xb7\x28\x91\xd6\x97\xbe\x28\xf5\x98\x1e\xea\x5b\x26\xc9\xbd\xb0\x97\x73\xda\xae\x91\x26\xeb\x68\xc1\xf9\x39\x15\xd6\x67\x4b\x0a\x6d\x4f\xcb\xcf\xb0\xe4\x42\x71\x8c\x53\x79\xe7\xee\xe1\xdb\x1d\xa0\x6e\x1d\x8c\x1a\x77\x35\x5c\x16\x1e\x2b\x53\x1f\x34\x8b\xd1\x6c\xfc\xf2\x67\x07\x7a\xf5\xad\xed\xd6\x9a\xab\xa1\xb1\x4b\xe1\xcc\x37\x5f\xfd\x7f\xcd\x4d\xae\xb8\x1f\x9c\x43\xf9\x2a\x58\x55\x43\x45\xbc\x96\xcd\x70\x0e\xfc\xc9\xe3\x66\xba\x4e\x8d\x3b\x81\xcb\x15\x64\x7b\xb9\x94\xe8\x5d\x33\x52\x85\x71\x2e\x4f\x8e\xa2\x06\x11\x51\xc9\xe3\xcb\xa1\x6e\x31\x08\x64\x0c\xc2\xd2\x3c\xf5\x36\xe8\xd7\xd0\x0e\x78\x23\x20\x91\xc9\x24\x2a\x65\x29\x5b\x22\xf7\x21\xce\x83\x5e\xa4\xf3\xde\x4b\xd3\x68\x8f\x46\x75\x5c\x83\x09\x6e\x29\x6b\xc4\x70\x8c\xf5\x9d\xd7\x20\x2f\xff\x46\xd2\x2b\x38\xc2\x2f\x75\x1c\x3d\x7e\xda\xa5\xef\x1e\x60\x85\x69\x42\xd3\xcc\xf8\x63\xfe\x1e\x43\x39\x85\xa6\xb6\x63\x41\x10\xb3\x73\x1e\xbc\xd3\xfa\xca\x7d\x16\x47\xe2\xa7\xd5\xd0\xa3\x8a\x0a\x08\x96\x62\x56\x6e\x34\xdb\xd9\x02\xb9\x30\x75\xe3\x04\xd2\xe7\x8f\xc2\xb0\x11\x40\x0a\xac\xd5\x71\x02\x62\x8b\x31\xbe\xdd\xc6\x23\x58\x31\x42\x43\x2d\x74\xf9\xc6\x9e\xa6\x8a\x0f\xe9\xfe\xbf\x83\xe6\x43\x57\x24\xba\xef\x46\x34\xaa\xd7\x12\x01\x38\xed\x02\x03\x01\x00\x01\xa3\x81\x86\x30\x81\x83\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x1d\x06\x03\x55\x1d\x21\x04\x16\x30\x14\x30\x12\x06\x07\x60\x85\x74\x01\x53\x00\x01\x06\x07\x60\x85\x74\x01\x53\x00\x01\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x07\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x03\x25\x2f\xde\x6f\x82\x01\x3a\x5c\x2c\xdc\x2b\xa1\x69\xb5\x67\xd4\x8c\xd3\xfd\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x03\x25\x2f\xde\x6f\x82\x01\x3a\x5c\x2c\xdc\x2b\xa1\x69\xb5\x67\xd4\x8c\xd3\xfd\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x35\x10\xcb\xec\xa6\x04\x0d\x0d\x0f\xcd\xc0\xdb\xab\xa8\xf2\x88\x97\x0c\xdf\x93\x2f\x4d\x7c\x40\x56\x31\x7a\xeb\xa4\x0f\x60\xcd\x7a\xf3\xbe\xc3\x27\x8e\x03\x3e\xa4\xdd\x12\xef\x7e\x1e\x74\x06\x3c\x3f\x31\xf2\x1c\x7b\x91\x31\x21\xb4\xf0\xd0\x6c\x97\xd4\xe9\x97\xb2\x24\x56\x1e\x56\xc3\x35\xbd\x88\x05\x0f\x5b\x10\x1a\x64\xe1\xc7\x82\x30\xf9\x32\xad\x9e\x50\x2c\xe7\x78\x05\xd0\x31\xb1\x5a\x98\x8a\x75\x4e\x90\x5c\x6a\x14\x2a\xe0\x52\x47\x82\x60\xe6\x1e\xda\x81\xb1\xfb\x14\x0b\x5a\xf1\x9f\xd2\x95\xba\x3e\xd0\x1b\xd6\x15\x1d\xa3\xbe\x86\xd5\xdb\x0f\xc0\x49\x64\xbb\x2e\x50\x19\x4b\xd2\x24\xf8\xdd\x1e\x07\x56\xd0\x38\xa0\x95\x70\x20\x76\x8c\xd7\xdd\x1e\xde\x9f\x71\xc4\x23\xef\x83\x13\x5c\xa3\x24\x15\x4d\x29\x40\x3c\x6a\xc4\xa9\xd8\xb7\xa6\x44\xa5\x0d\xf4\xe0\x9d\x77\x1e\x40\x70\x26\xfc\xda\xd9\x36\xe4\x79\xe4\xb5\x3f\xbc\x9b\x65\xbe\xbb\x11\x96\xcf\xdb\xc6\x28\x39\x3a\x08\xce\x47\x5b\x53\x5a\xc5\x99\xfe\x5d\xa9\xdd\xef\x4c\xd4\xc6\xa5\xad\x02\xe6\x8c\x07\x12\x1e\x6f\x03\xd1\x6f\xa0\xa3\xf3\x29\xbd\x12\xc7\x50\xa2\xb0\x7f\x88\xa9\x99\x77\x9a\xb1\xc0\xa5\x39\x2e\x5c\x7c\x69\xe2\x2c\xb0\xea\x37\x6a\xa4\xe1\x5a\xe1\xf5\x50\xe5\x83\xef\xa5\xbb\x2a\x88\xe7\x8c\xdb\xfd\x6d\x5e\x97\x19\xa8\x7e\x66\x75\x6b\x71\xea\xbf\xb1\xc7\x6f\xa0\xf4\x8e\xa4\xec\x34\x51\x5b\x8c\x26\x03\x70\xa1\x77\xd5\x01\x12\x57\x00\x35\xdb\x23\xde\x0e\x8a\x28\x99\xfd\xb1\x10\x6f\x4b\xff\x38\x2d\x60\x4e\x2c\x9c\xeb\x67\xb5\xad\x49\xee\x4b\x1f\xac\xaf\xfb\x0d\x90\x5a\x66\x60\x70\x5d\xaa\xcd\x78\xd4\x24\xee\xc8\x41\xa0\x93\x01\x92\x9c\x6a\x9e\xfc\xb9\x24\xc5\xb3\x15\x82\x7e\xbe\xae\x95\x2b\xeb\xb1\xc0\xda\xe3\x01\x60\x0b\x5e\x69\xac\x84\x56\x61\xbe\x71\x17\xfe\x1d\x13\x0f\xfe\xc6\x87\x45\xe9\xfe\x32\xa0\x1a\x0d\x13\xa4\x94\x55\x71\xa5\x16\x8b\xba\xca\x89\xb0\xb2\xc7\xfc\x8f\xd8\x54\xb5\x93\x62\x9d\xce\xcf\x59\xfb\x3d\x18\xce\x2a\xcb\x35\x15\x82\x5d\xff\x54\x22\x5b\x71\x52\xfb\xb7\xc9\xfe\x60\x9b\x00\x41\x64\xf0\xaa\x2a\xec\xb6\x42\x43\xce\x89\x66\x81\xc8\x8b\x9f\x39\x54\x03\x25\xd3\x16\x35\x8e\x84\xd0\x5f\xfa\x30\x1a\xf5\x9a\x6c\xf4\x0e\x53\xf9\x3a\x5b\xd1\x1c", + ["DigiCert Assured ID Root CA"] = "\x30\x82\x03\xb7\x30\x82\x02\x9f\xa0\x03\x02\x01\x02\x02\x10\x0c\xe7\xe0\xe5\x17\xd8\x46\xfe\x8f\xe5\x60\xfc\x1b\xf0\x30\x39\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6e\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x77\x77\x77\x2e\x64\x69\x67\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1b\x44\x69\x67\x69\x43\x65\x72\x74\x20\x41\x73\x73\x75\x72\x65\x64\x20\x49\x44\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x31\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5a\x30\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6e\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x77\x77\x77\x2e\x64\x69\x67\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1b\x44\x69\x67\x69\x43\x65\x72\x74\x20\x41\x73\x73\x75\x72\x65\x64\x20\x49\x44\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xad\x0e\x15\xce\xe4\x43\x80\x5c\xb1\x87\xf3\xb7\x60\xf9\x71\x12\xa5\xae\xdc\x26\x94\x88\xaa\xf4\xce\xf5\x20\x39\x28\x58\x60\x0c\xf8\x80\xda\xa9\x15\x95\x32\x61\x3c\xb5\xb1\x28\x84\x8a\x8a\xdc\x9f\x0a\x0c\x83\x17\x7a\x8f\x90\xac\x8a\xe7\x79\x53\x5c\x31\x84\x2a\xf6\x0f\x98\x32\x36\x76\xcc\xde\xdd\x3c\xa8\xa2\xef\x6a\xfb\x21\xf2\x52\x61\xdf\x9f\x20\xd7\x1f\xe2\xb1\xd9\xfe\x18\x64\xd2\x12\x5b\x5f\xf9\x58\x18\x35\xbc\x47\xcd\xa1\x36\xf9\x6b\x7f\xd4\xb0\x38\x3e\xc1\x1b\xc3\x8c\x33\xd9\xd8\x2f\x18\xfe\x28\x0f\xb3\xa7\x83\xd6\xc3\x6e\x44\xc0\x61\x35\x96\x16\xfe\x59\x9c\x8b\x76\x6d\xd7\xf1\xa2\x4b\x0d\x2b\xff\x0b\x72\xda\x9e\x60\xd0\x8e\x90\x35\xc6\x78\x55\x87\x20\xa1\xcf\xe5\x6d\x0a\xc8\x49\x7c\x31\x98\x33\x6c\x22\xe9\x87\xd0\x32\x5a\xa2\xba\x13\x82\x11\xed\x39\x17\x9d\x99\x3a\x72\xa1\xe6\xfa\xa4\xd9\xd5\x17\x31\x75\xae\x85\x7d\x22\xae\x3f\x01\x46\x86\xf6\x28\x79\xc8\xb1\xda\xe4\x57\x17\xc4\x7e\x1c\x0e\xb0\xb4\x92\xa6\x56\xb3\xbd\xb2\x97\xed\xaa\xa7\xf0\xb7\xc5\xa8\x3f\x95\x16\xd0\xff\xa1\x96\xeb\x08\x5f\x18\x77\x4f\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x45\xeb\xa2\xaf\xf4\x92\xcb\x82\x31\x2d\x51\x8b\xa7\xa7\x21\x9d\xf3\x6d\xc8\x0f\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x45\xeb\xa2\xaf\xf4\x92\xcb\x82\x31\x2d\x51\x8b\xa7\xa7\x21\x9d\xf3\x6d\xc8\x0f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xa2\x0e\xbc\xdf\xe2\xed\xf0\xe3\x72\x73\x7a\x64\x94\xbf\xf7\x72\x66\xd8\x32\xe4\x42\x75\x62\xae\x87\xeb\xf2\xd5\xd9\xde\x56\xb3\x9f\xcc\xce\x14\x28\xb9\x0d\x97\x60\x5c\x12\x4c\x58\xe4\xd3\x3d\x83\x49\x45\x58\x97\x35\x69\x1a\xa8\x47\xea\x56\xc6\x79\xab\x12\xd8\x67\x81\x84\xdf\x7f\x09\x3c\x94\xe6\xb8\x26\x2c\x20\xbd\x3d\xb3\x28\x89\xf7\x5f\xff\x22\xe2\x97\x84\x1f\xe9\x65\xef\x87\xe0\xdf\xc1\x67\x49\xb3\x5d\xeb\xb2\x09\x2a\xeb\x26\xed\x78\xbe\x7d\x3f\x2b\xf3\xb7\x26\x35\x6d\x5f\x89\x01\xb6\x49\x5b\x9f\x01\x05\x9b\xab\x3d\x25\xc1\xcc\xb6\x7f\xc2\xf1\x6f\x86\xc6\xfa\x64\x68\xeb\x81\x2d\x94\xeb\x42\xb7\xfa\x8c\x1e\xdd\x62\xf1\xbe\x50\x67\xb7\x6c\xbd\xf3\xf1\x1f\x6b\x0c\x36\x07\x16\x7f\x37\x7c\xa9\x5b\x6d\x7a\xf1\x12\x46\x60\x83\xd7\x27\x04\xbe\x4b\xce\x97\xbe\xc3\x67\x2a\x68\x11\xdf\x80\xe7\x0c\x33\x66\xbf\x13\x0d\x14\x6e\xf3\x7f\x1f\x63\x10\x1e\xfa\x8d\x1b\x25\x6d\x6c\x8f\xa5\xb7\x61\x01\xb1\xd2\xa3\x26\xa1\x10\x71\x9d\xad\xe2\xc3\xf9\xc3\x99\x51\xb7\x2b\x07\x08\xce\x2e\xe6\x50\xb2\xa7\xfa\x0a\x45\x2f\xa2\xf0\xf2", + ["DigiCert Global Root CA"] = "\x30\x82\x03\xaf\x30\x82\x02\x97\xa0\x03\x02\x01\x02\x02\x10\x08\x3b\xe0\x56\x90\x42\x46\xb1\xa1\x75\x6a\xc9\x59\x91\xc7\x4a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x61\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6e\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x77\x77\x77\x2e\x64\x69\x67\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x44\x69\x67\x69\x43\x65\x72\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x31\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5a\x30\x61\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6e\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x77\x77\x77\x2e\x64\x69\x67\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x44\x69\x67\x69\x43\x65\x72\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xe2\x3b\xe1\x11\x72\xde\xa8\xa4\xd3\xa3\x57\xaa\x50\xa2\x8f\x0b\x77\x90\xc9\xa2\xa5\xee\x12\xce\x96\x5b\x01\x09\x20\xcc\x01\x93\xa7\x4e\x30\xb7\x53\xf7\x43\xc4\x69\x00\x57\x9d\xe2\x8d\x22\xdd\x87\x06\x40\x00\x81\x09\xce\xce\x1b\x83\xbf\xdf\xcd\x3b\x71\x46\xe2\xd6\x66\xc7\x05\xb3\x76\x27\x16\x8f\x7b\x9e\x1e\x95\x7d\xee\xb7\x48\xa3\x08\xda\xd6\xaf\x7a\x0c\x39\x06\x65\x7f\x4a\x5d\x1f\xbc\x17\xf8\xab\xbe\xee\x28\xd7\x74\x7f\x7a\x78\x99\x59\x85\x68\x6e\x5c\x23\x32\x4b\xbf\x4e\xc0\xe8\x5a\x6d\xe3\x70\xbf\x77\x10\xbf\xfc\x01\xf6\x85\xd9\xa8\x44\x10\x58\x32\xa9\x75\x18\xd5\xd1\xa2\xbe\x47\xe2\x27\x6a\xf4\x9a\x33\xf8\x49\x08\x60\x8b\xd4\x5f\xb4\x3a\x84\xbf\xa1\xaa\x4a\x4c\x7d\x3e\xcf\x4f\x5f\x6c\x76\x5e\xa0\x4b\x37\x91\x9e\xdc\x22\xe6\x6d\xce\x14\x1a\x8e\x6a\xcb\xfe\xcd\xb3\x14\x64\x17\xc7\x5b\x29\x9e\x32\xbf\xf2\xee\xfa\xd3\x0b\x42\xd4\xab\xb7\x41\x32\xda\x0c\xd4\xef\xf8\x81\xd5\xbb\x8d\x58\x3f\xb5\x1b\xe8\x49\x28\xa2\x70\xda\x31\x04\xdd\xf7\xb2\x16\xf2\x4c\x0a\x4e\x07\xa8\xed\x4a\x3d\x5e\xb5\x7f\xa3\x90\xc3\xaf\x27\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x03\xde\x50\x35\x56\xd1\x4c\xbb\x66\xf0\xa3\xe2\x1b\x1b\xc3\x97\xb2\x3d\xd1\x55\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x03\xde\x50\x35\x56\xd1\x4c\xbb\x66\xf0\xa3\xe2\x1b\x1b\xc3\x97\xb2\x3d\xd1\x55\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xcb\x9c\x37\xaa\x48\x13\x12\x0a\xfa\xdd\x44\x9c\x4f\x52\xb0\xf4\xdf\xae\x04\xf5\x79\x79\x08\xa3\x24\x18\xfc\x4b\x2b\x84\xc0\x2d\xb9\xd5\xc7\xfe\xf4\xc1\x1f\x58\xcb\xb8\x6d\x9c\x7a\x74\xe7\x98\x29\xab\x11\xb5\xe3\x70\xa0\xa1\xcd\x4c\x88\x99\x93\x8c\x91\x70\xe2\xab\x0f\x1c\xbe\x93\xa9\xff\x63\xd5\xe4\x07\x60\xd3\xa3\xbf\x9d\x5b\x09\xf1\xd5\x8e\xe3\x53\xf4\x8e\x63\xfa\x3f\xa7\xdb\xb4\x66\xdf\x62\x66\xd6\xd1\x6e\x41\x8d\xf2\x2d\xb5\xea\x77\x4a\x9f\x9d\x58\xe2\x2b\x59\xc0\x40\x23\xed\x2d\x28\x82\x45\x3e\x79\x54\x92\x26\x98\xe0\x80\x48\xa8\x37\xef\xf0\xd6\x79\x60\x16\xde\xac\xe8\x0e\xcd\x6e\xac\x44\x17\x38\x2f\x49\xda\xe1\x45\x3e\x2a\xb9\x36\x53\xcf\x3a\x50\x06\xf7\x2e\xe8\xc4\x57\x49\x6c\x61\x21\x18\xd5\x04\xad\x78\x3c\x2c\x3a\x80\x6b\xa7\xeb\xaf\x15\x14\xe9\xd8\x89\xc1\xb9\x38\x6c\xe2\x91\x6c\x8a\xff\x64\xb9\x77\x25\x57\x30\xc0\x1b\x24\xa3\xe1\xdc\xe9\xdf\x47\x7c\xb5\xb4\x24\x08\x05\x30\xec\x2d\xbd\x0b\xbf\x45\xbf\x50\xb9\xa9\xf3\xeb\x98\x01\x12\xad\xc8\x88\xc6\x98\x34\x5f\x8d\x0a\x3c\xc6\xe9\xd5\x95\x95\x6d\xde", + ["DigiCert High Assurance EV Root CA"] = "\x30\x82\x03\xc5\x30\x82\x02\xad\xa0\x03\x02\x01\x02\x02\x10\x02\xac\x5c\x26\x6a\x0b\x40\x9b\x8f\x0b\x79\xf2\xae\x46\x25\x77\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x6c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6e\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x77\x77\x77\x2e\x64\x69\x67\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x31\x2b\x30\x29\x06\x03\x55\x04\x03\x13\x22\x44\x69\x67\x69\x43\x65\x72\x74\x20\x48\x69\x67\x68\x20\x41\x73\x73\x75\x72\x61\x6e\x63\x65\x20\x45\x56\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x31\x31\x31\x31\x30\x30\x30\x30\x30\x30\x30\x5a\x30\x6c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x44\x69\x67\x69\x43\x65\x72\x74\x20\x49\x6e\x63\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x77\x77\x77\x2e\x64\x69\x67\x69\x63\x65\x72\x74\x2e\x63\x6f\x6d\x31\x2b\x30\x29\x06\x03\x55\x04\x03\x13\x22\x44\x69\x67\x69\x43\x65\x72\x74\x20\x48\x69\x67\x68\x20\x41\x73\x73\x75\x72\x61\x6e\x63\x65\x20\x45\x56\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc6\xcc\xe5\x73\xe6\xfb\xd4\xbb\xe5\x2d\x2d\x32\xa6\xdf\xe5\x81\x3f\xc9\xcd\x25\x49\xb6\x71\x2a\xc3\xd5\x94\x34\x67\xa2\x0a\x1c\xb0\x5f\x69\xa6\x40\xb1\xc4\xb7\xb2\x8f\xd0\x98\xa4\xa9\x41\x59\x3a\xd3\xdc\x94\xd6\x3c\xdb\x74\x38\xa4\x4a\xcc\x4d\x25\x82\xf7\x4a\xa5\x53\x12\x38\xee\xf3\x49\x6d\x71\x91\x7e\x63\xb6\xab\xa6\x5f\xc3\xa4\x84\xf8\x4f\x62\x51\xbe\xf8\xc5\xec\xdb\x38\x92\xe3\x06\xe5\x08\x91\x0c\xc4\x28\x41\x55\xfb\xcb\x5a\x89\x15\x7e\x71\xe8\x35\xbf\x4d\x72\x09\x3d\xbe\x3a\x38\x50\x5b\x77\x31\x1b\x8d\xb3\xc7\x24\x45\x9a\xa7\xac\x6d\x00\x14\x5a\x04\xb7\xba\x13\xeb\x51\x0a\x98\x41\x41\x22\x4e\x65\x61\x87\x81\x41\x50\xa6\x79\x5c\x89\xde\x19\x4a\x57\xd5\x2e\xe6\x5d\x1c\x53\x2c\x7e\x98\xcd\x1a\x06\x16\xa4\x68\x73\xd0\x34\x04\x13\x5c\xa1\x71\xd3\x5a\x7c\x55\xdb\x5e\x64\xe1\x37\x87\x30\x56\x04\xe5\x11\xb4\x29\x80\x12\xf1\x79\x39\x88\xa2\x02\x11\x7c\x27\x66\xb7\x88\xb7\x78\xf2\xca\x0a\xa8\x38\xab\x0a\x64\xc2\xbf\x66\x5d\x95\x84\xc1\xa1\x25\x1e\x87\x5d\x1a\x50\x0b\x20\x12\xcc\x41\xbb\x6e\x0b\x51\x38\xb8\x4b\xcb\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xb1\x3e\xc3\x69\x03\xf8\xbf\x47\x01\xd4\x98\x26\x1a\x08\x02\xef\x63\x64\x2b\xc3\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xb1\x3e\xc3\x69\x03\xf8\xbf\x47\x01\xd4\x98\x26\x1a\x08\x02\xef\x63\x64\x2b\xc3\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x1c\x1a\x06\x97\xdc\xd7\x9c\x9f\x3c\x88\x66\x06\x08\x57\x21\xdb\x21\x47\xf8\x2a\x67\xaa\xbf\x18\x32\x76\x40\x10\x57\xc1\x8a\xf3\x7a\xd9\x11\x65\x8e\x35\xfa\x9e\xfc\x45\xb5\x9e\xd9\x4c\x31\x4b\xb8\x91\xe8\x43\x2c\x8e\xb3\x78\xce\xdb\xe3\x53\x79\x71\xd6\xe5\x21\x94\x01\xda\x55\x87\x9a\x24\x64\xf6\x8a\x66\xcc\xde\x9c\x37\xcd\xa8\x34\xb1\x69\x9b\x23\xc8\x9e\x78\x22\x2b\x70\x43\xe3\x55\x47\x31\x61\x19\xef\x58\xc5\x85\x2f\x4e\x30\xf6\xa0\x31\x16\x23\xc8\xe7\xe2\x65\x16\x33\xcb\xbf\x1a\x1b\xa0\x3d\xf8\xca\x5e\x8b\x31\x8b\x60\x08\x89\x2d\x0c\x06\x5c\x52\xb7\xc4\xf9\x0a\x98\xd1\x15\x5f\x9f\x12\xbe\x7c\x36\x63\x38\xbd\x44\xa4\x7f\xe4\x26\x2b\x0a\xc4\x97\x69\x0d\xe9\x8c\xe2\xc0\x10\x57\xb8\xc8\x76\x12\x91\x55\xf2\x48\x69\xd8\xbc\x2a\x02\x5b\x0f\x44\xd4\x20\x31\xdb\xf4\xba\x70\x26\x5d\x90\x60\x9e\xbc\x4b\x17\x09\x2f\xb4\xcb\x1e\x43\x68\xc9\x07\x27\xc1\xd2\x5c\xf7\xea\x21\xb9\x68\x12\x9c\x3c\x9c\xbf\x9e\xfc\x80\x5c\x9b\x63\xcd\xec\x47\xaa\x25\x27\x67\xa0\x37\xf3\x00\x82\x7d\x54\xd7\xa9\xf8\xe9\x2e\x13\xa3\x77\xe8\x1f\x4a", + ["Certplus Class 2 Primary CA"] = "\x30\x82\x03\x92\x30\x82\x02\x7a\xa0\x03\x02\x01\x02\x02\x11\x00\x85\xbd\x4b\xf3\xd8\xda\xe3\x69\xf6\x94\xd7\x5f\xc3\xa5\x44\x23\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x13\x08\x43\x65\x72\x74\x70\x6c\x75\x73\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6c\x61\x73\x73\x20\x32\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x41\x30\x1e\x17\x0d\x39\x39\x30\x37\x30\x37\x31\x37\x30\x35\x30\x30\x5a\x17\x0d\x31\x39\x30\x37\x30\x36\x32\x33\x35\x39\x35\x39\x5a\x30\x3d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x13\x08\x43\x65\x72\x74\x70\x6c\x75\x73\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6c\x61\x73\x73\x20\x32\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xdc\x50\x96\xd0\x12\xf8\x35\xd2\x08\x78\x7a\xb6\x52\x70\xfd\x6f\xee\xcf\xb9\x11\xcb\x5d\x77\xe1\xec\xe9\x7e\x04\x8d\xd6\xcc\x6f\x73\x43\x57\x60\xac\x33\x0a\x44\xec\x03\x5f\x1c\x80\x24\x91\xe5\xa8\x91\x56\x12\x82\xf7\xe0\x2b\xf4\xdb\xae\x61\x2e\x89\x10\x8d\x6b\x6c\xba\xb3\x02\xbd\xd5\x36\xc5\x48\x37\x23\xe2\xf0\x5a\x37\x52\x33\x17\x12\xe2\xd1\x60\x4d\xbe\x2f\x41\x11\xe3\xf6\x17\x25\x0c\x8b\x91\xc0\x1b\x99\x7b\x99\x56\x0d\xaf\xee\xd2\xbc\x47\x57\xe3\x79\x49\x7b\x34\x89\x27\x24\x84\xde\xb1\xec\xe9\x58\x4e\xfe\x4e\xdf\x5a\xbe\x41\xad\xac\x08\xc5\x18\x0e\xef\xd2\x53\xee\x6c\xd0\x9d\x12\x01\x13\x8d\xdc\x80\x62\xf7\x95\xa9\x44\x88\x4a\x71\x4e\x60\x55\x9e\xdb\x23\x19\x79\x56\x07\x0c\x3f\x63\x0b\x5c\xb0\xe2\xbe\x7e\x15\xfc\x94\x33\x58\x41\x38\x74\xc4\xe1\x8f\x8b\xdf\x26\xac\x1f\xb5\x8b\x3b\xb7\x43\x59\x6b\xb0\x24\xa6\x6d\x90\x8b\xc4\x72\xea\x5d\x33\x98\xb7\xcb\xde\x5e\x7b\xef\x94\xf1\x1b\x3e\xca\xc9\x21\xc1\xc5\x98\x02\xaa\xa2\xf6\x5b\x77\x9b\xf5\x7e\x96\x55\x34\x1c\x67\x69\xc0\xf1\x42\xe3\x47\xac\xfc\x28\x1c\x66\x55\x02\x03\x01\x00\x01\xa3\x81\x8c\x30\x81\x89\x30\x0f\x06\x03\x55\x1d\x13\x04\x08\x30\x06\x01\x01\xff\x02\x01\x0a\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xe3\x73\x2d\xdf\xcb\x0e\x28\x0c\xde\xdd\xb3\xa4\xca\x79\xb8\x8e\xbb\xe8\x30\x89\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x01\x06\x30\x37\x06\x03\x55\x1d\x1f\x04\x30\x30\x2e\x30\x2c\xa0\x2a\xa0\x28\x86\x26\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x65\x72\x74\x70\x6c\x75\x73\x2e\x63\x6f\x6d\x2f\x43\x52\x4c\x2f\x63\x6c\x61\x73\x73\x32\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xa7\x54\xcf\x88\x44\x19\xcb\xdf\xd4\x7f\x00\xdf\x56\x33\x62\xb5\xf7\x51\x01\x90\xeb\xc3\x3f\xd1\x88\x44\xe9\x24\x5d\xef\xe7\x14\xbd\x20\xb7\x9a\x3c\x00\xfe\x6d\x9f\xdb\x90\xdc\xd7\xf4\x62\xd6\x8b\x70\x5d\xe7\xe5\x04\x48\xa9\x68\x7c\xc9\xf1\x42\xf3\x6c\x7f\xc5\x7a\x7c\x1d\x51\x88\xba\xd2\x0a\x3e\x27\x5d\xde\x2d\x51\x4e\xd3\x13\x64\x69\xe4\x2e\xe3\xd3\xe7\x9b\x09\x99\xa6\xe0\x95\x9b\xce\x1a\xd7\x7f\xbe\x3c\xce\x52\xb3\x11\x15\xc1\x0f\x17\xcd\x03\xbb\x9c\x25\x15\xba\xa2\x76\x89\xfc\x06\xf1\x18\xd0\x93\x4b\x0e\x7c\x82\xb7\xa5\xf4\xf6\x5f\xfe\xed\x40\xa6\x9d\x84\x74\x39\xb9\xdc\x1e\x85\x16\xda\x29\x1b\x86\x23\x00\xc9\xbb\x89\x7e\x6e\x80\x88\x1e\x2f\x14\xb4\x03\x24\xa8\x32\x6f\x03\x9a\x47\x2c\x30\xbe\x56\xc6\xa7\x42\x02\x70\x1b\xea\x40\xd8\xba\x05\x03\x70\x07\xa4\x96\xff\xfd\x48\x33\x0a\xe1\xdc\xa5\x81\x90\x9b\x4d\xdd\x7d\xe7\xe7\xb2\xcd\x5c\xc8\x6a\x95\xf8\xa5\xf6\x8d\xc4\x5d\x78\x08\xbe\x7b\x06\xd6\x49\xcf\x19\x36\x50\x23\x2e\x08\xe6\x9e\x05\x4d\x47\x18\xd5\x16\xe9\xb1\xd6\xb6\x10\xd5\xbb\x97\xbf\xa2\x8e\xb4\x54", + ["DST Root CA X3"] = "\x30\x82\x03\x4a\x30\x82\x02\x32\xa0\x03\x02\x01\x02\x02\x10\x44\xaf\xb0\x80\xd6\xa3\x27\xba\x89\x30\x39\x86\x2e\xf8\x40\x6b\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3f\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x44\x53\x54\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x58\x33\x30\x1e\x17\x0d\x30\x30\x30\x39\x33\x30\x32\x31\x31\x32\x31\x39\x5a\x17\x0d\x32\x31\x30\x39\x33\x30\x31\x34\x30\x31\x31\x35\x5a\x30\x3f\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x13\x1b\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6f\x2e\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x44\x53\x54\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x58\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xdf\xaf\xe9\x97\x50\x08\x83\x57\xb4\xcc\x62\x65\xf6\x90\x82\xec\xc7\xd3\x2c\x6b\x30\xca\x5b\xec\xd9\xc3\x7d\xc7\x40\xc1\x18\x14\x8b\xe0\xe8\x33\x76\x49\x2a\xe3\x3f\x21\x49\x93\xac\x4e\x0e\xaf\x3e\x48\xcb\x65\xee\xfc\xd3\x21\x0f\x65\xd2\x2a\xd9\x32\x8f\x8c\xe5\xf7\x77\xb0\x12\x7b\xb5\x95\xc0\x89\xa3\xa9\xba\xed\x73\x2e\x7a\x0c\x06\x32\x83\xa2\x7e\x8a\x14\x30\xcd\x11\xa0\xe1\x2a\x38\xb9\x79\x0a\x31\xfd\x50\xbd\x80\x65\xdf\xb7\x51\x63\x83\xc8\xe2\x88\x61\xea\x4b\x61\x81\xec\x52\x6b\xb9\xa2\xe2\x4b\x1a\x28\x9f\x48\xa3\x9e\x0c\xda\x09\x8e\x3e\x17\x2e\x1e\xdd\x20\xdf\x5b\xc6\x2a\x8a\xab\x2e\xbd\x70\xad\xc5\x0b\x1a\x25\x90\x74\x72\xc5\x7b\x6a\xab\x34\xd6\x30\x89\xff\xe5\x68\x13\x7b\x54\x0b\xc8\xd6\xae\xec\x5a\x9c\x92\x1e\x3d\x64\xb3\x8c\xc6\xdf\xbf\xc9\x41\x70\xec\x16\x72\xd5\x26\xec\x38\x55\x39\x43\xd0\xfc\xfd\x18\x5c\x40\xf1\x97\xeb\xd5\x9a\x9b\x8d\x1d\xba\xda\x25\xb9\xc6\xd8\xdf\xc1\x15\x02\x3a\xab\xda\x6e\xf1\x3e\x2e\xf5\x5c\x08\x9c\x3c\xd6\x83\x69\xe4\x10\x9b\x19\x2a\xb6\x29\x57\xe3\xe5\x3d\x9b\x9f\xf0\x02\x5d\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc4\xa7\xb1\xa4\x7b\x2c\x71\xfa\xdb\xe1\x4b\x90\x75\xff\xc4\x15\x60\x85\x89\x10\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xa3\x1a\x2c\x9b\x17\x00\x5c\xa9\x1e\xee\x28\x66\x37\x3a\xbf\x83\xc7\x3f\x4b\xc3\x09\xa0\x95\x20\x5d\xe3\xd9\x59\x44\xd2\x3e\x0d\x3e\xbd\x8a\x4b\xa0\x74\x1f\xce\x10\x82\x9c\x74\x1a\x1d\x7e\x98\x1a\xdd\xcb\x13\x4b\xb3\x20\x44\xe4\x91\xe9\xcc\xfc\x7d\xa5\xdb\x6a\xe5\xfe\xe6\xfd\xe0\x4e\xdd\xb7\x00\x3a\xb5\x70\x49\xaf\xf2\xe5\xeb\x02\xf1\xd1\x02\x8b\x19\xcb\x94\x3a\x5e\x48\xc4\x18\x1e\x58\x19\x5f\x1e\x02\x5a\xf0\x0c\xf1\xb1\xad\xa9\xdc\x59\x86\x8b\x6e\xe9\x91\xf5\x86\xca\xfa\xb9\x66\x33\xaa\x59\x5b\xce\xe2\xa7\x16\x73\x47\xcb\x2b\xcc\x99\xb0\x37\x48\xcf\xe3\x56\x4b\xf5\xcf\x0f\x0c\x72\x32\x87\xc6\xf0\x44\xbb\x53\x72\x6d\x43\xf5\x26\x48\x9a\x52\x67\xb7\x58\xab\xfe\x67\x76\x71\x78\xdb\x0d\xa2\x56\x14\x13\x39\x24\x31\x85\xa2\xa8\x02\x5a\x30\x47\xe1\xdd\x50\x07\xbc\x02\x09\x90\x00\xeb\x64\x63\x60\x9b\x16\xbc\x88\xc9\x12\xe6\xd2\x7d\x91\x8b\xf9\x3d\x32\x8d\x65\xb4\xe9\x7c\xb1\x57\x76\xea\xc5\xb6\x28\x39\xbf\x15\x65\x1c\xc8\xf6\x77\x96\x6a\x0a\x8d\x77\x0b\xd8\x91\x0b\x04\x8e\x07\xdb\x29\xb6\x0a\xee\x9d\x82\x35\x35\x10", + ["DST ACES CA X6"] = "\x30\x82\x04\x09\x30\x82\x02\xf1\xa0\x03\x02\x01\x02\x02\x10\x0d\x5e\x99\x0a\xd6\x9d\xb7\x78\xec\xd8\x07\x56\x3b\x86\x15\xd9\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x5b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x13\x17\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x20\x41\x43\x45\x53\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x44\x53\x54\x20\x41\x43\x45\x53\x20\x43\x41\x20\x58\x36\x30\x1e\x17\x0d\x30\x33\x31\x31\x32\x30\x32\x31\x31\x39\x35\x38\x5a\x17\x0d\x31\x37\x31\x31\x32\x30\x32\x31\x31\x39\x35\x38\x5a\x30\x5b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x13\x17\x44\x69\x67\x69\x74\x61\x6c\x20\x53\x69\x67\x6e\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x31\x11\x30\x0f\x06\x03\x55\x04\x0b\x13\x08\x44\x53\x54\x20\x41\x43\x45\x53\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x44\x53\x54\x20\x41\x43\x45\x53\x20\x43\x41\x20\x58\x36\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb9\x3d\xf5\x2c\xc9\x94\xdc\x75\x8a\x95\x5d\x63\xe8\x84\x77\x76\x66\xb9\x59\x91\x5c\x46\xdd\x92\x3e\x9f\xf9\x0e\x03\xb4\x3d\x61\x92\xbd\x23\x26\xb5\x63\xee\x92\xd2\x9e\xd6\x3c\xc8\x0d\x90\x5f\x64\x81\xb1\xa8\x08\x0d\x4c\xd8\xf9\xd3\x05\x28\x52\xb4\x01\x25\xc5\x95\x1c\x0c\x7e\x3e\x10\x84\x75\xcf\xc1\x19\x91\x63\xcf\xe8\xa8\x91\x88\xb9\x43\x52\xbb\x80\xb1\x55\x89\x8b\x31\xfa\xd0\xb7\x76\xbe\x41\x3d\x30\x9a\xa4\x22\x25\x17\x73\xe8\x1e\xe2\xd3\xac\x2a\xbd\x5b\x38\x21\xd5\x2a\x4b\xd7\x55\x7d\xe3\x3a\x55\xbd\xd7\x6d\x6b\x02\x57\x6b\xe6\x47\x7c\x08\xc8\x82\xba\xde\xa7\x87\x3d\xa1\x6d\xb8\x30\x56\xc2\xb3\x02\x81\x5f\x2d\xf5\xe2\x9a\x30\x18\x28\xb8\x66\xd3\xcb\x01\x96\x6f\xea\x8a\x45\x55\xd6\xe0\x9d\xff\x67\x2b\x17\x02\xa6\x4e\x1a\x6a\x11\x0b\x7e\xb7\x7b\xe7\x98\xd6\x8c\x76\x6f\xc1\x3b\xdb\x50\x93\x7e\xe5\xd0\x8e\x1f\x37\xb8\xbd\xba\xc6\x9f\x6c\xe9\x7c\x33\xf2\x32\x3c\x26\x47\xfa\x27\x24\x02\xc9\x7e\x1d\x5b\x88\x42\x13\x6a\x35\x7c\x7d\x35\xe9\x2e\x66\x91\x72\x93\xd5\x32\x26\xc4\x74\xf5\x53\xa3\xb3\x5d\x9a\xf6\x09\xcb\x02\x03\x01\x00\x01\xa3\x81\xc8\x30\x81\xc5\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc6\x30\x1f\x06\x03\x55\x1d\x11\x04\x18\x30\x16\x81\x14\x70\x6b\x69\x2d\x6f\x70\x73\x40\x74\x72\x75\x73\x74\x64\x73\x74\x2e\x63\x6f\x6d\x30\x62\x06\x03\x55\x1d\x20\x04\x5b\x30\x59\x30\x57\x06\x0a\x60\x86\x48\x01\x65\x03\x02\x01\x01\x01\x30\x49\x30\x47\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x3b\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x64\x73\x74\x2e\x63\x6f\x6d\x2f\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x73\x2f\x70\x6f\x6c\x69\x63\x79\x2f\x41\x43\x45\x53\x2d\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x09\x72\x06\x4e\x18\x43\x0f\xe5\xd6\xcc\xc3\x6a\x8b\x31\x7b\x78\x8f\xa8\x83\xb8\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xa3\xd8\x8e\xd6\xb2\xdb\xce\x05\xe7\x32\xcd\x01\xd3\x04\x03\xe5\x76\xe4\x56\x2b\x9c\x99\x90\xe8\x08\x30\x6c\xdf\x7d\x3d\xee\xe5\xbf\xb5\x24\x40\x84\x49\xe1\xd1\x28\xae\xc4\xc2\x3a\x53\x30\x88\xf1\xf5\x77\x6e\x51\xca\xfa\xff\x99\xaf\x24\x5f\x1b\xa0\xfd\xf2\xac\x84\xca\xdf\xa9\xf0\x5f\x04\x2e\xad\x16\xbf\x21\x97\x10\x81\x3d\xe3\xff\x87\x8d\x32\xdc\x94\xe5\x47\x8a\x5e\x6a\x13\xc9\x94\x95\x3d\xd2\xee\xc8\x34\x95\xd0\x80\xd4\xad\x32\x08\x80\x54\x3c\xe0\xbd\x52\x53\xd7\x52\x7c\xb2\x69\x3f\x7f\x7a\xcf\x6a\x74\xca\xfa\x04\x2a\x9c\x4c\x5a\x06\xa5\xe9\x20\xad\x45\x66\x0f\x69\xf1\xdd\xbf\xe9\xe3\x32\x8b\xfa\xe0\xc1\x86\x4d\x72\x3c\x2e\xd8\x93\x78\x0a\x2a\xf8\xd8\xd2\x27\x3d\x19\x89\x5f\x5a\x7b\x8a\x3b\xcc\x0c\xda\x51\xae\xc7\x0b\xf7\x2b\xb0\x37\x05\xec\xbc\x57\x23\xe2\x38\xd2\x9b\x68\xf3\x56\x12\x88\x4f\x42\x7c\xb8\x31\xc4\xb5\xdb\xe4\xc8\x21\x34\xe9\x48\x11\x35\xee\xfa\xc7\x92\x57\xc5\x9f\x34\xe4\xc7\xf6\xf7\x0e\x0b\x4c\x9c\x68\x78\x7b\x71\x31\xc7\xeb\x1e\xe0\x67\x41\xf3\xb7\xa0\xa7\xcd\xe5\x7a\x33\x36\x6a\xfa\x9a\x2b", + ["TURKTRUST Certificate Services Provider Root 1"] = "\x30\x82\x03\xfb\x30\x82\x02\xe3\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xb7\x31\x3f\x30\x3d\x06\x03\x55\x04\x03\x0c\x36\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x0c\x02\x54\x52\x31\x0f\x30\x0d\x06\x03\x55\x04\x07\x0c\x06\x41\x4e\x4b\x41\x52\x41\x31\x56\x30\x54\x06\x03\x55\x04\x0a\x0c\x4d\x28\x63\x29\x20\x32\x30\x30\x35\x20\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x42\x69\x6c\x67\x69\x20\xc4\xb0\x6c\x65\x74\x69\xc5\x9f\x69\x6d\x20\x76\x65\x20\x42\x69\x6c\x69\xc5\x9f\x69\x6d\x20\x47\xc3\xbc\x76\x65\x6e\x6c\x69\xc4\x9f\x69\x20\x48\x69\x7a\x6d\x65\x74\x6c\x65\x72\x69\x20\x41\x2e\xc5\x9e\x2e\x30\x1e\x17\x0d\x30\x35\x30\x35\x31\x33\x31\x30\x32\x37\x31\x37\x5a\x17\x0d\x31\x35\x30\x33\x32\x32\x31\x30\x32\x37\x31\x37\x5a\x30\x81\xb7\x31\x3f\x30\x3d\x06\x03\x55\x04\x03\x0c\x36\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x0c\x02\x54\x52\x31\x0f\x30\x0d\x06\x03\x55\x04\x07\x0c\x06\x41\x4e\x4b\x41\x52\x41\x31\x56\x30\x54\x06\x03\x55\x04\x0a\x0c\x4d\x28\x63\x29\x20\x32\x30\x30\x35\x20\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x42\x69\x6c\x67\x69\x20\xc4\xb0\x6c\x65\x74\x69\xc5\x9f\x69\x6d\x20\x76\x65\x20\x42\x69\x6c\x69\xc5\x9f\x69\x6d\x20\x47\xc3\xbc\x76\x65\x6e\x6c\x69\xc4\x9f\x69\x20\x48\x69\x7a\x6d\x65\x74\x6c\x65\x72\x69\x20\x41\x2e\xc5\x9e\x2e\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xca\x52\x05\xd6\x63\x03\xd8\x1c\x5f\xdd\xd2\x7b\x5d\xf2\x0c\x60\x61\x5b\x6b\x3b\x74\x2b\x78\x0d\x7d\x45\xbd\x22\x74\xe8\x8c\x03\xc1\xc6\x11\x2a\x3d\x95\xbc\xa9\x94\xb0\xbb\x91\x97\xc8\x69\x7c\x84\xc5\xb4\x91\x6c\x6c\x13\x6a\xa4\x55\xad\xa4\x85\xe8\x95\x7e\xb3\x00\xaf\x00\xc2\x05\x18\xf5\x70\x9d\x36\x8b\xae\xcb\xe4\x1b\x81\x7f\x93\x88\xfb\x6a\x55\xbb\x7d\x85\x92\xce\xba\x58\x9f\xdb\x32\xc5\xbd\x5d\xef\x22\x4a\x2f\x41\x07\x7e\x49\x61\xb3\x86\xec\x4e\xa6\x41\x6e\x84\xbc\x03\xec\xf5\x3b\x1c\xc8\x1f\xc2\xee\xa8\xee\xea\x12\x4a\x8d\x14\xcf\xf3\x0a\xe0\x50\x39\xf9\x08\x35\xf8\x11\x59\xad\xe7\x22\xea\x4b\xca\x14\x06\xde\x42\xba\xb2\x99\xf3\x2d\x54\x88\x10\x06\xea\xe1\x1a\x3e\x3d\x67\x1f\xfb\xce\xfb\x7c\x82\xe8\x11\x5d\x4a\xc1\xb9\x14\xea\x54\xd9\x66\x9b\x7c\x89\x7d\x04\x9a\x62\xc9\xe9\x52\x3c\x9e\x9c\xef\xd2\xf5\x26\xe4\xe6\xe5\x18\x7c\x8b\x6e\xdf\x6c\xcc\x78\x5b\x4f\x72\xb2\xcb\x5c\x3f\x8c\x05\x8d\xd1\x4c\x8c\xad\x92\xc7\xe1\x78\x7f\x65\x6c\x49\x06\x50\x2c\x9e\x32\xc2\xd7\x4a\xc6\x75\x8a\x59\x4e\x75\x6f\x47\x5e\xc1\x02\x03\x01\x00\x01\xa3\x10\x30\x0e\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x15\xf5\x55\xff\x37\x96\x80\x59\x21\xa4\xfc\xa1\x15\x4c\x20\xf6\xd4\x5f\xda\x03\x24\xfc\xcf\x90\x1a\xf4\x21\x0a\x9a\xee\x3a\xb1\x6a\xef\xef\xf8\x60\xd1\x4c\x36\x66\x45\x1d\xf3\x66\x02\x74\x04\x7b\x92\x30\xa8\xde\x0a\x76\x0f\xef\x95\x6e\xbd\xc9\x37\xe6\x1a\x0d\xac\x89\x48\x5b\xcc\x83\x36\xc2\xf5\x46\x5c\x59\x82\x56\xb4\xd5\xfe\x23\xb4\xd8\x54\x1c\x44\xab\xc4\xa7\xe5\x14\xce\x3c\x41\x61\x7c\x43\xe6\xcd\xc4\x81\x09\x8b\x24\xfb\x54\x25\xd6\x16\xa8\x96\x0c\x67\x07\x6f\xb3\x50\x47\xe3\x1c\x24\x28\xdd\x2a\x98\xa4\x61\xfe\xdb\xea\x12\x37\xbc\x01\x1a\x34\x85\xbd\x6e\x4f\xe7\x91\x72\x07\x44\x85\x1e\x58\xca\x54\x44\xdd\xf7\xac\xb9\xcb\x89\x21\x72\xdb\x8f\xc0\x69\x29\x97\x2a\xa3\xae\x18\x23\x97\x1c\x41\x2a\x8b\x7c\x2a\xc1\x7c\x90\xe8\xa9\x28\xc0\xd3\x91\xc6\xad\x28\x87\x40\x68\xb5\xff\xec\xa7\xd2\xd3\x38\x18\x9c\xd3\x7d\x69\x5d\xf0\xc6\xa5\x1e\x24\x1b\xa3\x47\xfc\x69\x07\x68\xe7\xe4\x9a\xb4\xed\x0f\xa1\x87\x87\x02\xce\x87\xd2\x48\x4e\xe1\xbc\xff\xcb\xf1\x72\x92\x44\x64\x03\x25\xea\xde\x5b\x6e\x9f\xc9\xf2\x4e\xac\xdd\xc7", + ["TURKTRUST Certificate Services Provider Root 2"] = "\x30\x82\x04\x3c\x30\x82\x03\x24\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xbe\x31\x3f\x30\x3d\x06\x03\x55\x04\x03\x0c\x36\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0f\x30\x0d\x06\x03\x55\x04\x07\x0c\x06\x41\x6e\x6b\x61\x72\x61\x31\x5d\x30\x5b\x06\x03\x55\x04\x0a\x0c\x54\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x42\x69\x6c\x67\x69\x20\xc4\xb0\x6c\x65\x74\x69\xc5\x9f\x69\x6d\x20\x76\x65\x20\x42\x69\x6c\x69\xc5\x9f\x69\x6d\x20\x47\xc3\xbc\x76\x65\x6e\x6c\x69\xc4\x9f\x69\x20\x48\x69\x7a\x6d\x65\x74\x6c\x65\x72\x69\x20\x41\x2e\xc5\x9e\x2e\x20\x28\x63\x29\x20\x4b\x61\x73\xc4\xb1\x6d\x20\x32\x30\x30\x35\x30\x1e\x17\x0d\x30\x35\x31\x31\x30\x37\x31\x30\x30\x37\x35\x37\x5a\x17\x0d\x31\x35\x30\x39\x31\x36\x31\x30\x30\x37\x35\x37\x5a\x30\x81\xbe\x31\x3f\x30\x3d\x06\x03\x55\x04\x03\x0c\x36\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0f\x30\x0d\x06\x03\x55\x04\x07\x0c\x06\x41\x6e\x6b\x61\x72\x61\x31\x5d\x30\x5b\x06\x03\x55\x04\x0a\x0c\x54\x54\xc3\x9c\x52\x4b\x54\x52\x55\x53\x54\x20\x42\x69\x6c\x67\x69\x20\xc4\xb0\x6c\x65\x74\x69\xc5\x9f\x69\x6d\x20\x76\x65\x20\x42\x69\x6c\x69\xc5\x9f\x69\x6d\x20\x47\xc3\xbc\x76\x65\x6e\x6c\x69\xc4\x9f\x69\x20\x48\x69\x7a\x6d\x65\x74\x6c\x65\x72\x69\x20\x41\x2e\xc5\x9e\x2e\x20\x28\x63\x29\x20\x4b\x61\x73\xc4\xb1\x6d\x20\x32\x30\x30\x35\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa9\x36\x7e\xc3\x91\x43\x4c\xc3\x19\x98\x08\xc8\xc7\x58\x7b\x4f\x16\x8c\xa5\xce\x49\x01\x1f\x73\x0e\xac\x75\x13\xa6\xfa\x9e\x2c\x20\xde\xd8\x90\x0e\x0a\xd1\x69\xd2\x27\xfb\xaa\x77\x9f\x27\x52\x25\xe2\xcb\x5d\xd8\xd8\x83\x50\x17\x7d\x8a\xb5\x82\x3f\x04\x8e\xb4\xd5\xf0\x49\xa7\x64\xb7\x1e\x2e\x5f\x20\x9c\x50\x75\x4f\xaf\xe1\xb5\x41\x14\xf4\x98\x92\x88\xc7\xe5\xe5\x64\x47\x61\x47\x79\xfd\xc0\x51\xf1\xc1\x99\xe7\xdc\xce\x6a\xfb\xaf\xb5\x01\x30\xdc\x46\x1c\xef\x8a\xec\x95\xef\xdc\xff\xaf\x10\x1c\xeb\x9d\xd8\xb0\xaa\x6a\x85\x18\x0d\x17\xc9\x3e\xbf\xf1\x9b\xd0\x09\x89\x42\xfd\xa0\x42\xb4\x9d\x89\x51\x55\x29\xcf\x1b\x70\xbc\x84\x54\xad\xc1\x13\x1f\x98\xf4\x2e\x76\x60\x8b\x5d\x3f\x9a\xad\xca\x0c\xbf\xa7\x56\x5b\x8f\x77\xb8\xd5\x9e\x79\x49\x92\x3f\xe0\xf1\x97\x24\x7a\x6c\x9b\x17\x0f\x6d\xef\x53\x98\x91\x2b\xe4\x0f\xbe\x59\x79\x07\x78\xbb\x97\x95\xf4\x9f\x69\xd4\x58\x87\x0a\xa9\xe3\xcc\xb6\x58\x19\x9f\x26\x21\xb1\xc4\x59\x8d\xb2\x41\x75\xc0\xad\x69\xce\x9c\x00\x08\xf2\x36\xff\x3e\xf0\xa1\x0f\x1a\xac\x14\xfd\xa6\x60\x0f\x02\x03\x01\x00\x01\xa3\x43\x30\x41\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xd9\x37\xb3\x4e\x05\xfd\xd9\xcf\x9f\x12\x16\xae\xb6\x89\x2f\xeb\x25\x3a\x88\x1c\x30\x0f\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x05\x03\x03\x07\x06\x00\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x72\x60\x96\xb7\xc9\xdc\xd8\x29\x5e\x23\x85\x5f\xb2\xb3\x2d\x76\xfb\x88\xd7\x17\xfe\x7b\x6d\x45\xb8\xf6\x85\x6c\x9f\x22\xfc\x2a\x10\x22\xec\xaa\xb9\x30\xf6\xab\x58\xd6\x39\x10\x31\x99\x29\x00\xbd\x89\x66\x41\xfb\x74\xde\x91\xc1\x18\x0b\x9f\xb5\x61\xcb\x9d\x3a\xbe\xf5\xa8\x94\xa3\x22\x55\x6e\x17\x49\xff\xd2\x29\xf1\x38\x26\x5d\xef\xa5\xaa\x3a\xf9\x71\x7b\xe6\xda\x58\x1d\xd3\x74\xc2\x01\xfa\x3e\x69\x58\x5f\xad\xcb\x68\xbe\x14\x2e\x9b\x6c\xc0\xb6\xdc\xa0\x26\xfa\x77\x1a\xe2\x24\xda\x1a\x37\xe0\x67\xad\xd1\x73\x83\x0d\xa5\x1a\x1d\x6e\x12\x92\x7e\x84\x62\x00\x17\xbd\xbc\x25\x18\x57\xf2\xd7\xa9\x6f\x59\x88\xbc\x34\xb7\x2e\x85\x78\x9d\x96\xdc\x14\xc3\x2c\x8a\x52\x9b\x96\x8c\x52\x66\x3d\x86\x16\x8b\x47\xb8\x51\x09\x8c\xea\x7d\xcd\x88\x72\xb3\x60\x33\xb1\xf0\x0a\x44\xef\x0f\xf5\x09\x37\x88\x24\x0e\x2c\x6b\x20\x3a\xa2\xfa\x11\xf2\x40\x35\x9c\x44\x68\x63\x3b\xac\x33\x6f\x63\xbc\x2c\xbb\xf2\xd2\xcb\x76\x7d\x7d\x88\xd8\x1d\xc8\x05\x1d\x6e\xbc\x94\xa9\x66\x8c\x77\x71\xc7\xfa\x91\xfa\x2f\x51\x9e\xe9\x39\x52\xb6\xe7\x04\x42", + ["SwissSign Gold CA - G2"] = "\x30\x82\x05\xba\x30\x82\x03\xa2\xa0\x03\x02\x01\x02\x02\x09\x00\xbb\x40\x1c\x43\xf5\x5e\x4f\xb0\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x41\x47\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x47\x6f\x6c\x64\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x1e\x17\x0d\x30\x36\x31\x30\x32\x35\x30\x38\x33\x30\x33\x35\x5a\x17\x0d\x33\x36\x31\x30\x32\x35\x30\x38\x33\x30\x33\x35\x5a\x30\x45\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x41\x47\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x47\x6f\x6c\x64\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xaf\xe4\xee\x7e\x8b\x24\x0e\x12\x6e\xa9\x50\x2d\x16\x44\x3b\x92\x92\x5c\xca\xb8\x5d\x84\x92\x42\x13\x2a\xbc\x65\x57\x82\x40\x3e\x57\x24\xcd\x50\x8b\x25\x2a\xb7\x6f\xfc\xef\xa2\xd0\xc0\x1f\x02\x24\x4a\x13\x96\x8f\x23\x13\xe6\x28\x58\x00\xa3\x47\xc7\x06\xa7\x84\x23\x2b\xbb\xbd\x96\x2b\x7f\x55\xcc\x8b\xc1\x57\x1f\x0e\x62\x65\x0f\xdd\x3d\x56\x8a\x73\xda\xae\x7e\x6d\xba\x81\x1c\x7e\x42\x8c\x20\x35\xd9\x43\x4d\x84\xfa\x84\xdb\x52\x2c\xf3\x0e\x27\x77\x0b\x6b\xbf\x11\x2f\x72\x78\x9f\x2e\xd8\x3e\xe6\x18\x37\x5a\x2a\x72\xf9\xda\x62\x90\x92\x95\xca\x1f\x9c\xe9\xb3\x3c\x2b\xcb\xf3\x01\x13\xbf\x5a\xcf\xc1\xb5\x0a\x60\xbd\xdd\xb5\x99\x64\x53\xb8\xa0\x96\xb3\x6f\xe2\x26\x77\x91\x8c\xe0\x62\x10\x02\x9f\x34\x0f\xa4\xd5\x92\x33\x51\xde\xbe\x8d\xba\x84\x7a\x60\x3c\x6a\xdb\x9f\x2b\xec\xde\xde\x01\x3f\x6e\x4d\xe5\x50\x86\xcb\xb4\xaf\xed\x44\x40\xc5\xca\x5a\x8c\xda\xd2\x2b\x7c\xa8\xee\xbe\xa6\xe5\x0a\xaa\x0e\xa5\xdf\x05\x52\xb7\x55\xc7\x22\x5d\x32\x6a\x97\x97\x63\x13\xdb\xc9\xdb\x79\x36\x7b\x85\x3a\x4a\xc5\x52\x89\xf9\x24\xe7\x9d\x77\xa9\x82\xff\x55\x1c\xa5\x71\x69\x2b\xd1\x02\x24\xf2\xb3\x26\xd4\x6b\xda\x04\x55\xe5\xc1\x0a\xc7\x6d\x30\x37\x90\x2a\xe4\x9e\x14\x33\x5e\x16\x17\x55\xc5\x5b\xb5\xcb\x34\x89\x92\xf1\x9d\x26\x8f\xa1\x07\xd4\xc6\xb2\x78\x50\xdb\x0c\x0c\x0b\x7c\x0b\x8c\x41\xd7\xb9\xe9\xdd\x8c\x88\xf7\xa3\x4d\xb2\x32\xcc\xd8\x17\xda\xcd\xb7\xce\x66\x9d\xd4\xfd\x5e\xff\xbd\x97\x3e\x29\x75\xe7\x7e\xa7\x62\x58\xaf\x25\x34\xa5\x41\xc7\x3d\xbc\x0d\x50\xca\x03\x03\x0f\x08\x5a\x1f\x95\x73\x78\x62\xbf\xaf\x72\x14\x69\x0e\xa5\xe5\x03\x0e\x78\x8e\x26\x28\x42\xf0\x07\x0b\x62\x20\x10\x67\x39\x46\xfa\xa9\x03\xcc\x04\x38\x7a\x66\xef\x20\x83\xb5\x8c\x4a\x56\x8e\x91\x00\xfc\x8e\x5c\x82\xde\x88\xa0\xc3\xe2\x68\x6e\x7d\x8d\xef\x3c\xdd\x65\xf4\x5d\xac\x51\xef\x24\x80\xae\xaa\x56\x97\x6f\xf9\xad\x7d\xda\x61\x3f\x98\x77\x3c\xa5\x91\xb6\x1c\x8c\x26\xda\x65\xa2\x09\x6d\xc1\xe2\x54\xe3\xb9\xca\x4c\x4c\x80\x8f\x77\x7b\x60\x9a\x1e\xdf\xb6\xf2\x48\x1e\x0e\xba\x4e\x54\x6d\x98\xe0\xe1\xa2\x1a\xa2\x77\x50\xcf\xc4\x63\x92\xec\x47\x19\x9d\xeb\xe6\x6b\xce\xc1\x02\x03\x01\x00\x01\xa3\x81\xac\x30\x81\xa9\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x5b\x25\x7b\x96\xa4\x65\x51\x7e\xb8\x39\xf3\xc0\x78\x66\x5e\xe8\x3a\xe7\xf0\xee\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x5b\x25\x7b\x96\xa4\x65\x51\x7e\xb8\x39\xf3\xc0\x78\x66\x5e\xe8\x3a\xe7\xf0\xee\x30\x46\x06\x03\x55\x1d\x20\x04\x3f\x30\x3d\x30\x3b\x06\x09\x60\x85\x74\x01\x59\x01\x02\x01\x01\x30\x2e\x30\x2c\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x20\x68\x74\x74\x70\x3a\x2f\x2f\x72\x65\x70\x6f\x73\x69\x74\x6f\x72\x79\x2e\x73\x77\x69\x73\x73\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x27\xba\xe3\x94\x7c\xf1\xae\xc0\xde\x17\xe6\xe5\xd8\xd5\xf5\x54\xb0\x83\xf4\xbb\xcd\x5e\x05\x7b\x4f\x9f\x75\x66\xaf\x3c\xe8\x56\x7e\xfc\x72\x78\x38\x03\xd9\x2b\x62\x1b\x00\xb9\xf8\xe9\x60\xcd\xcc\xce\x51\x8a\xc7\x50\x31\x6e\xe1\x4a\x7e\x18\x2f\x69\x59\xb6\x3d\x64\x81\x2b\xe3\x83\x84\xe6\x22\x87\x8e\x7d\xe0\xee\x02\x99\x61\xb8\x1e\xf4\xb8\x2b\x88\x12\x16\x84\xc2\x31\x93\x38\x96\x31\xa6\xb9\x3b\x53\x3f\xc3\x24\x93\x56\x5b\x69\x92\xec\xc5\xc1\xbb\x38\x00\xe3\xec\x17\xa9\xb8\xdc\xc7\x7c\x01\x83\x9f\x32\x47\xba\x52\x22\x34\x1d\x32\x7a\x09\x56\xa7\x7c\x25\x36\xa9\x3d\x4b\xda\xc0\x82\x6f\x0a\xbb\x12\xc8\x87\x4b\x27\x11\xf9\x1e\x2d\xc7\x93\x3f\x9e\xdb\x5f\x26\x6b\x52\xd9\x2e\x8a\xf1\x14\xc6\x44\x8d\x15\xa9\xb7\xbf\xbd\xde\xa6\x1a\xee\xae\x2d\xfb\x48\x77\x17\xfe\xbb\xec\xaf\x18\xf5\x2a\x51\xf0\x39\x84\x97\x95\x6c\x6e\x1b\xc3\x2b\xc4\x74\x60\x79\x25\xb0\x0a\x27\xdf\xdf\x5e\xd2\x39\xcf\x45\x7d\x42\x4b\xdf\xb3\x2c\x1e\xc5\xc6\x5d\xca\x55\x3a\xa0\x9c\x69\x9a\x8f\xda\xef\xb2\xb0\x3c\x9f\x87\x6c\x12\x2b\x65\x70\x15\x52\x31\x1a\x24\xcf\x6f\x31\x23\x50\x1f\x8c\x4f\x8f\x23\xc3\x74\x41\x63\x1c\x55\xa8\x14\xdd\x3e\xe0\x51\x50\xcf\xf1\x1b\x30\x56\x0e\x92\xb0\x82\x85\xd8\x83\xcb\x22\x64\xbc\x2d\xb8\x25\xd5\x54\xa2\xb8\x06\xea\xad\x92\xa4\x24\xa0\xc1\x86\xb5\x4a\x13\x6a\x47\xcf\x2e\x0b\x56\x95\x54\xcb\xce\x9a\xdb\x6a\xb4\xa6\xb2\xdb\x41\x08\x86\x27\x77\xf7\x6a\xa0\x42\x6c\x0b\x38\xce\xd7\x75\x50\x32\x92\xc2\xdf\x2b\x30\x22\x48\xd0\xd5\x41\x38\x25\x5d\xa4\xe9\x5d\x9f\xc6\x94\x75\xd0\x45\xfd\x30\x97\x43\x8f\x90\xab\x0a\xc7\x86\x73\x60\x4a\x69\x2d\xde\xa5\x78\xd7\x06\xda\x6a\x9e\x4b\x3e\x77\x3a\x20\x13\x22\x01\xd0\xbf\x68\x9e\x63\x60\x6b\x35\x4d\x0b\x6d\xba\xa1\x3d\xc0\x93\xe0\x7f\x23\xb3\x55\xad\x72\x25\x4e\x46\xf9\xd2\x16\xef\xb0\x64\xc1\x01\x9e\xe9\xca\xa0\x6a\x98\x0e\xcf\xd8\x60\xf2\x2f\x49\xb8\xe4\x42\xe1\x38\x35\x16\xf4\xc8\x6e\x4f\xf7\x81\x56\xe8\xba\xa3\xbe\x23\xaf\xae\xfd\x6f\x03\xe0\x02\x3b\x30\x76\xfa\x1b\x6d\x41\xcf\x01\xb1\xe9\xb8\xc9\x66\xf4\xdb\x26\xf3\x3a\xa4\x74\xf2\x49\x24\x5b\xc9\xb0\xd0\x57\xc1\xfa\x3e\x7a\xe1\x97\xc9", + ["SwissSign Silver CA - G2"] = "\x30\x82\x05\xbd\x30\x82\x03\xa5\xa0\x03\x02\x01\x02\x02\x08\x4f\x1b\xd4\x2f\x54\xbb\x2f\x4b\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x47\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x41\x47\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x53\x69\x6c\x76\x65\x72\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x1e\x17\x0d\x30\x36\x31\x30\x32\x35\x30\x38\x33\x32\x34\x36\x5a\x17\x0d\x33\x36\x31\x30\x32\x35\x30\x38\x33\x32\x34\x36\x5a\x30\x47\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x41\x47\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x53\x77\x69\x73\x73\x53\x69\x67\x6e\x20\x53\x69\x6c\x76\x65\x72\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xc4\xf1\x87\x7f\xd3\x78\x31\xf7\x38\xc9\xf8\xc3\x99\x43\xbc\xc7\xf7\xbc\x37\xe7\x4e\x71\xba\x4b\x8f\xa5\x73\x1d\x5c\x6e\x98\xae\x03\x57\xae\x38\x37\x43\x2f\x17\x3d\x1f\xc8\xce\x68\x10\xc1\x78\xae\x19\x03\x2b\x10\xfa\x2c\x79\x83\xf6\xe8\xb9\x68\xb9\x55\xf2\x04\x44\xa7\x39\xf9\xfc\x04\x8b\x1e\xf1\xa2\x4d\x27\xf9\x61\x7b\xba\xb7\xe5\xa2\x13\xb6\xeb\x61\x3e\xd0\x6c\xd1\xe6\xfb\xfa\x5e\xed\x1d\xb4\x9e\xa0\x35\x5b\xa1\x92\xcb\xf0\x49\x92\xfe\x85\x0a\x05\x3e\xe6\xd9\x0b\xe2\x4f\xbb\xdc\x95\x37\xfc\x91\xe9\x32\x35\x22\xd1\x1f\x3a\x4e\x27\x85\x9d\xb0\x15\x94\x32\xda\x61\x0d\x47\x4d\x60\x42\xae\x92\x47\xe8\x83\x5a\x50\x58\xe9\x8a\x8b\xb9\x5d\xa1\xdc\xdd\x99\x4a\x1f\x36\x67\xbb\x48\xe4\x83\xb6\x37\xeb\x48\x3a\xaf\x0f\x67\x8f\x17\x07\xe8\x04\xca\xef\x6a\x31\x87\xd4\xc0\xb6\xf9\x94\x71\x7b\x67\x64\xb8\xb6\x91\x4a\x42\x7b\x65\x2e\x30\x6a\x0c\xf5\x90\xee\x95\xe6\xf2\xcd\x82\xec\xd9\xa1\x4a\xec\xf6\xb2\x4b\xe5\x45\x85\xe6\x6d\x78\x93\x04\x2e\x9c\x82\x6d\x36\xa9\xc4\x31\x64\x1f\x86\x83\x0b\x2a\xf4\x35\x0a\x78\xc9\x55\xcf\x41\xb0\x47\xe9\x30\x9f\x99\xbe\x61\xa8\x06\x84\xb9\x28\x7a\x5f\x38\xd9\x1b\xa9\x38\xb0\x83\x7f\x73\xc1\xc3\x3b\x48\x2a\x82\x0f\x21\x9b\xb8\xcc\xa8\x35\xc3\x84\x1b\x83\xb3\x3e\xbe\xa4\x95\x69\x01\x3a\x89\x00\x78\x04\xd9\xc9\xf4\x99\x19\xab\x56\x7e\x5b\x8b\x86\x39\x15\x91\xa4\x10\x2c\x09\x32\x80\x60\xb3\x93\xc0\x2a\xb6\x18\x0b\x9d\x7e\x8d\x49\xf2\x10\x4a\x7f\xf9\xd5\x46\x2f\x19\x92\xa3\x99\xa7\x26\xac\xbb\x8c\x3c\xe6\x0e\xbc\x47\x07\xdc\x73\x51\xf1\x70\x64\x2f\x08\xf9\xb4\x47\x1d\x30\x6c\x44\xea\x29\x37\x85\x92\x68\x66\xbc\x83\x38\xfe\x7b\x39\x2e\xd3\x50\xf0\x1f\xfb\x5e\x60\xb6\xa9\xa6\xfa\x27\x41\xf1\x9b\x18\x72\xf2\xf5\x84\x74\x4a\xc9\x67\xc4\x54\xae\x48\x64\xdf\x8c\xd1\x6e\xb0\x1d\xe1\x07\x8f\x08\x1e\x99\x9c\x71\xe9\x4c\xd8\xa5\xf7\x47\x12\x1f\x74\xd1\x51\x9e\x86\xf3\xc2\xa2\x23\x40\x0b\x73\xdb\x4b\xa6\xe7\x73\x06\x8c\xc1\xa0\xe9\xc1\x59\xac\x46\xfa\xe6\x2f\xf8\xcf\x71\x9c\x46\x6d\xb9\xc4\x15\x8d\x38\x79\x03\x45\x48\xef\xc4\x5d\xd7\x08\xee\x87\x39\x22\x86\xb2\x0d\x0f\x58\x43\xf7\x71\xa9\x48\x2e\xfd\xea\xd6\x1f\x02\x03\x01\x00\x01\xa3\x81\xac\x30\x81\xa9\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x17\xa0\xcd\xc1\xe4\x41\xb6\x3a\x5b\x3b\xcb\x45\x9d\xbd\x1c\xc2\x98\xfa\x86\x58\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x17\xa0\xcd\xc1\xe4\x41\xb6\x3a\x5b\x3b\xcb\x45\x9d\xbd\x1c\xc2\x98\xfa\x86\x58\x30\x46\x06\x03\x55\x1d\x20\x04\x3f\x30\x3d\x30\x3b\x06\x09\x60\x85\x74\x01\x59\x01\x03\x01\x01\x30\x2e\x30\x2c\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x20\x68\x74\x74\x70\x3a\x2f\x2f\x72\x65\x70\x6f\x73\x69\x74\x6f\x72\x79\x2e\x73\x77\x69\x73\x73\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x73\xc6\x81\xe0\x27\xd2\x2d\x0f\xe0\x95\x30\xe2\x9a\x41\x7f\x50\x2c\x5f\x5f\x62\x61\xa9\x86\x6a\x69\x18\x0c\x74\x49\xd6\x5d\x84\xea\x41\x52\x18\x6f\x58\xad\x50\x56\x20\x6a\xc6\xbd\x28\x69\x58\x91\xdc\x91\x11\x35\xa9\x3a\x1d\xbc\x1a\xa5\x60\x9e\xd8\x1f\x7f\x45\x91\x69\xd9\x7e\xbb\x78\x72\xc1\x06\x0f\x2a\xce\x8f\x85\x70\x61\xac\xa0\xcd\x0b\xb8\x39\x29\x56\x84\x32\x4e\x86\xbb\x3d\xc4\x2a\xd9\xd7\x1f\x72\xee\xfe\x51\xa1\x22\x41\xb1\x71\x02\x63\x1a\x82\xb0\x62\xab\x5e\x57\x12\x1f\xdf\xcb\xdd\x75\xa0\xc0\x5d\x79\x90\x8c\x1b\xe0\x50\xe6\xde\x31\xfe\x98\x7b\x70\x5f\xa5\x90\xd8\xad\xf8\x02\xb6\x6f\xd3\x60\xdd\x40\x4b\x22\xc5\x3d\xad\x3a\x7a\x9f\x1a\x1a\x47\x91\x79\x33\xba\x82\xdc\x32\x69\x03\x96\x6e\x1f\x4b\xf0\x71\xfe\xe3\x67\x72\xa0\xb1\xbf\x5c\x8b\xe4\xfa\x99\x22\xc7\x84\xb9\x1b\x8d\x23\x97\x3f\xed\x25\xe0\xcf\x65\xbb\xf5\x61\x04\xef\xdd\x1e\xb2\x5a\x41\x22\x5a\xa1\x9f\x5d\x2c\xe8\x5b\xc9\x6d\xa9\x0c\x0c\x78\xaa\x60\xc6\x56\x8f\x01\x5a\x0c\x68\xbc\x69\x19\x79\xc4\x1f\x7e\x97\x05\xbf\xc5\xe9\x24\x51\x5e\xd4\xd5\x4b\x53\xed\xd9\x23\x5a\x36\x03\x65\xa3\xc1\x03\xad\x41\x30\xf3\x46\x1b\x85\x90\xaf\x65\xb5\xd5\xb1\xe4\x16\x5b\x78\x75\x1d\x97\x7a\x6d\x59\xa9\x2a\x8f\x7b\xde\xc3\x87\x89\x10\x99\x49\x73\x78\xc8\x3d\xbd\x51\x35\x74\x2a\xd5\xf1\x7e\x69\x1b\x2a\xbb\x3b\xbd\x25\xb8\x9a\x5a\x3d\x72\x61\x90\x66\x87\xee\x0c\xd6\x4d\xd4\x11\x74\x0b\x6a\xfe\x0b\x03\xfc\xa3\x55\x57\x89\xfe\x4a\xcb\xae\x5b\x17\x05\xc8\xf2\x8d\x23\x31\x53\x38\xd2\x2d\x6a\x3f\x82\xb9\x8d\x08\x6a\xf7\x5e\x41\x74\x6e\xc3\x11\x7e\x07\xac\x29\x60\x91\x3f\x38\xca\x57\x10\x0d\xbd\x30\x2f\xc7\xa5\xe6\x41\xa0\xda\xae\x05\x87\x9a\xa0\xa4\x65\x6c\x4c\x09\x0c\x89\xba\xb8\xd3\xb9\xc0\x93\x8a\x30\xfa\x8d\xe5\x9a\x6b\x15\x01\x4e\x67\xaa\xda\x62\x56\x3e\x84\x08\x66\xd2\xc4\x36\x7d\xa7\x3e\x10\xfc\x88\xe0\xd4\x80\xe5\x00\xbd\xaa\xf3\x4e\x06\xa3\x7a\x6a\xf9\x62\x72\xe3\x09\x4f\xeb\x9b\x0e\x01\x23\xf1\x9f\xbb\x7c\xdc\xdc\x6c\x11\x97\x25\xb2\xf2\xb4\x63\x14\xd2\x06\x2a\x67\x8c\x83\xf5\xce\xea\x07\xd8\x9a\x6a\x1e\xec\xe4\x0a\xbb\x2a\x4c\xeb\x09\x60\x39\xce\xca\x62\xd8\x2e\x6e", + ["GeoTrust Primary Certification Authority"] = "\x30\x82\x03\x7c\x30\x82\x02\x64\xa0\x03\x02\x01\x02\x02\x10\x18\xac\xb5\x6a\xfd\x69\xb6\x15\x3a\x63\x6c\xaf\xda\xfa\xc4\xa1\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x58\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x31\x30\x2f\x06\x03\x55\x04\x03\x13\x28\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x36\x31\x31\x32\x37\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5a\x30\x58\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x31\x30\x2f\x06\x03\x55\x04\x03\x13\x28\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbe\xb8\x15\x7b\xff\xd4\x7c\x7d\x67\xad\x83\x64\x7b\xc8\x42\x53\x2d\xdf\xf6\x84\x08\x20\x61\xd6\x01\x59\x6a\x9c\x44\x11\xaf\xef\x76\xfd\x95\x7e\xce\x61\x30\xbb\x7a\x83\x5f\x02\xbd\x01\x66\xca\xee\x15\x8d\x6f\xa1\x30\x9c\xbd\xa1\x85\x9e\x94\x3a\xf3\x56\x88\x00\x31\xcf\xd8\xee\x6a\x96\x02\xd9\xed\x03\x8c\xfb\x75\x6d\xe7\xea\xb8\x55\x16\x05\x16\x9a\xf4\xe0\x5e\xb1\x88\xc0\x64\x85\x5c\x15\x4d\x88\xc7\xb7\xba\xe0\x75\xe9\xad\x05\x3d\x9d\xc7\x89\x48\xe0\xbb\x28\xc8\x03\xe1\x30\x93\x64\x5e\x52\xc0\x59\x70\x22\x35\x57\x88\x8a\xf1\x95\x0a\x83\xd7\xbc\x31\x73\x01\x34\xed\xef\x46\x71\xe0\x6b\x02\xa8\x35\x72\x6b\x97\x9b\x66\xe0\xcb\x1c\x79\x5f\xd8\x1a\x04\x68\x1e\x47\x02\xe6\x9d\x60\xe2\x36\x97\x01\xdf\xce\x35\x92\xdf\xbe\x67\xc7\x6d\x77\x59\x3b\x8f\x9d\xd6\x90\x15\x94\xbc\x42\x34\x10\xc1\x39\xf9\xb1\x27\x3e\x7e\xd6\x8a\x75\xc5\xb2\xaf\x96\xd3\xa2\xde\x9b\xe4\x98\xbe\x7d\xe1\xe9\x81\xad\xb6\x6f\xfc\xd7\x0e\xda\xe0\x34\xb0\x0d\x1a\x77\xe7\xe3\x08\x98\xef\x58\xfa\x9c\x84\xb7\x36\xaf\xc2\xdf\xac\xd2\xf4\x10\x06\x70\x71\x35\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x2c\xd5\x50\x41\x97\x15\x8b\xf0\x8f\x36\x61\x5b\x4a\xfb\x6b\xd9\x99\xc9\x33\x92\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5a\x70\x7f\x2c\xdd\xb7\x34\x4f\xf5\x86\x51\xa9\x26\xbe\x4b\xb8\xaa\xf1\x71\x0d\xdc\x61\xc7\xa0\xea\x34\x1e\x7a\x77\x0f\x04\x35\xe8\x27\x8f\x6c\x90\xbf\x91\x16\x24\x46\x3e\x4a\x4e\xce\x2b\x16\xd5\x0b\x52\x1d\xfc\x1f\x67\xa2\x02\x45\x31\x4f\xce\xf3\xfa\x03\xa7\x79\x9d\x53\x6a\xd9\xda\x63\x3a\xf8\x80\xd7\xd3\x99\xe1\xa5\xe1\xbe\xd4\x55\x71\x98\x35\x3a\xbe\x93\xea\xae\xad\x42\xb2\x90\x6f\xe0\xfc\x21\x4d\x35\x63\x33\x89\x49\xd6\x9b\x4e\xca\xc7\xe7\x4e\x09\x00\xf7\xda\xc7\xef\x99\x62\x99\x77\xb6\x95\x22\x5e\x8a\xa0\xab\xf4\xb8\x78\x98\xca\x38\x19\x99\xc9\x72\x9e\x78\xcd\x4b\xac\xaf\x19\xa0\x73\x12\x2d\xfc\xc2\x41\xba\x81\x91\xda\x16\x5a\x31\xb7\xf9\xb4\x71\x80\x12\x48\x99\x72\x73\x5a\x59\x53\xc1\x63\x52\x33\xed\xa7\xc9\xd2\x39\x02\x70\xfa\xe0\xb1\x42\x66\x29\xaa\x9b\x51\xed\x30\x54\x22\x14\x5f\xd9\xab\x1d\xc1\xe4\x94\xf0\xf8\xf5\x2b\xf7\xea\xca\x78\x46\xd6\xb8\x91\xfd\xa6\x0d\x2b\x1a\x14\x01\x3e\x80\xf0\x42\xa0\x95\x07\x5e\x6d\xcd\xcc\x4b\xa4\x45\x8d\xab\x12\xe8\xb3\xde\x5a\xe5\xa0\x7c\xe8\x0f\x22\x1d\x5a\xe9\x59", + ["thawte Primary Root CA"] = "\x30\x82\x04\x20\x30\x82\x03\x08\xa0\x03\x02\x01\x02\x02\x10\x34\x4e\xd5\x57\x20\xd5\xed\xec\x49\xf4\x2f\xce\x37\xdb\x2b\x6d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xa9\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x38\x30\x36\x06\x03\x55\x04\x0b\x13\x2f\x28\x63\x29\x20\x32\x30\x30\x36\x20\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x31\x31\x31\x37\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xa9\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x38\x30\x36\x06\x03\x55\x04\x0b\x13\x2f\x28\x63\x29\x20\x32\x30\x30\x36\x20\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xac\xa0\xf0\xfb\x80\x59\xd4\x9c\xc7\xa4\xcf\x9d\xa1\x59\x73\x09\x10\x45\x0c\x0d\x2c\x6e\x68\xf1\x6c\x5b\x48\x68\x49\x59\x37\xfc\x0b\x33\x19\xc2\x77\x7f\xcc\x10\x2d\x95\x34\x1c\xe6\xeb\x4d\x09\xa7\x1c\xd2\xb8\xc9\x97\x36\x02\xb7\x89\xd4\x24\x5f\x06\xc0\xcc\x44\x94\x94\x8d\x02\x62\x6f\xeb\x5a\xdd\x11\x8d\x28\x9a\x5c\x84\x90\x10\x7a\x0d\xbd\x74\x66\x2f\x6a\x38\xa0\xe2\xd5\x54\x44\xeb\x1d\x07\x9f\x07\xba\x6f\xee\xe9\xfd\x4e\x0b\x29\xf5\x3e\x84\xa0\x01\xf1\x9c\xab\xf8\x1c\x7e\x89\xa4\xe8\xa1\xd8\x71\x65\x0d\xa3\x51\x7b\xee\xbc\xd2\x22\x60\x0d\xb9\x5b\x9d\xdf\xba\xfc\x51\x5b\x0b\xaf\x98\xb2\xe9\x2e\xe9\x04\xe8\x62\x87\xde\x2b\xc8\xd7\x4e\xc1\x4c\x64\x1e\xdd\xcf\x87\x58\xba\x4a\x4f\xca\x68\x07\x1d\x1c\x9d\x4a\xc6\xd5\x2f\x91\xcc\x7c\x71\x72\x1c\xc5\xc0\x67\xeb\x32\xfd\xc9\x92\x5c\x94\xda\x85\xc0\x9b\xbf\x53\x7d\x2b\x09\xf4\x8c\x9d\x91\x1f\x97\x6a\x52\xcb\xde\x09\x36\xa4\x77\xd8\x7b\x87\x50\x44\xd5\x3e\x6e\x29\x69\xfb\x39\x49\x26\x1e\x09\xa5\x80\x7b\x40\x2d\xeb\xe8\x27\x85\xc9\xfe\x61\xfd\x7e\xe6\x7c\x97\x1d\xd5\x9d\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x7b\x5b\x45\xcf\xaf\xce\xcb\x7a\xfd\x31\x92\x1a\x6a\xb6\xf3\x46\xeb\x57\x48\x50\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x79\x11\xc0\x4b\xb3\x91\xb6\xfc\xf0\xe9\x67\xd4\x0d\x6e\x45\xbe\x55\xe8\x93\xd2\xce\x03\x3f\xed\xda\x25\xb0\x1d\x57\xcb\x1e\x3a\x76\xa0\x4c\xec\x50\x76\xe8\x64\x72\x0c\xa4\xa9\xf1\xb8\x8b\xd6\xd6\x87\x84\xbb\x32\xe5\x41\x11\xc0\x77\xd9\xb3\x60\x9d\xeb\x1b\xd5\xd1\x6e\x44\x44\xa9\xa6\x01\xec\x55\x62\x1d\x77\xb8\x5c\x8e\x48\x49\x7c\x9c\x3b\x57\x11\xac\xad\x73\x37\x8e\x2f\x78\x5c\x90\x68\x47\xd9\x60\x60\xe6\xfc\x07\x3d\x22\x20\x17\xc4\xf7\x16\xe9\xc4\xd8\x72\xf9\xc8\x73\x7c\xdf\x16\x2f\x15\xa9\x3e\xfd\x6a\x27\xb6\xa1\xeb\x5a\xba\x98\x1f\xd5\xe3\x4d\x64\x0a\x9d\x13\xc8\x61\xba\xf5\x39\x1c\x87\xba\xb8\xbd\x7b\x22\x7f\xf6\xfe\xac\x40\x79\xe5\xac\x10\x6f\x3d\x8f\x1b\x79\x76\x8b\xc4\x37\xb3\x21\x18\x84\xe5\x36\x00\xeb\x63\x20\x99\xb9\xe9\xfe\x33\x04\xbb\x41\xc8\xc1\x02\xf9\x44\x63\x20\x9e\x81\xce\x42\xd3\xd6\x3f\x2c\x76\xd3\x63\x9c\x59\xdd\x8f\xa6\xe1\x0e\xa0\x2e\x41\xf7\x2e\x95\x47\xcf\xbc\xfd\x33\xf3\xf6\x0b\x61\x7e\x7e\x91\x2b\x81\x47\xc2\x27\x30\xee\xa7\x10\x5d\x37\x8f\x5c\x39\x2b\xe4\x04\xf0\x7b\x8d\x56\x8c\x68", + ["VeriSign Class 3 Public Primary Certification Authority - G5"] = "\x30\x82\x04\xd3\x30\x82\x03\xbb\xa0\x03\x02\x01\x02\x02\x10\x18\xda\xd1\x9e\x26\x7d\xe8\xbb\x4a\x21\x58\xcd\xcc\x6b\x3b\x4a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x32\x30\x30\x36\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x35\x30\x1e\x17\x0d\x30\x36\x31\x31\x30\x38\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x32\x30\x30\x36\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x35\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xaf\x24\x08\x08\x29\x7a\x35\x9e\x60\x0c\xaa\xe7\x4b\x3b\x4e\xdc\x7c\xbc\x3c\x45\x1c\xbb\x2b\xe0\xfe\x29\x02\xf9\x57\x08\xa3\x64\x85\x15\x27\xf5\xf1\xad\xc8\x31\x89\x5d\x22\xe8\x2a\xaa\xa6\x42\xb3\x8f\xf8\xb9\x55\xb7\xb1\xb7\x4b\xb3\xfe\x8f\x7e\x07\x57\xec\xef\x43\xdb\x66\x62\x15\x61\xcf\x60\x0d\xa4\xd8\xde\xf8\xe0\xc3\x62\x08\x3d\x54\x13\xeb\x49\xca\x59\x54\x85\x26\xe5\x2b\x8f\x1b\x9f\xeb\xf5\xa1\x91\xc2\x33\x49\xd8\x43\x63\x6a\x52\x4b\xd2\x8f\xe8\x70\x51\x4d\xd1\x89\x69\x7b\xc7\x70\xf6\xb3\xdc\x12\x74\xdb\x7b\x5d\x4b\x56\xd3\x96\xbf\x15\x77\xa1\xb0\xf4\xa2\x25\xf2\xaf\x1c\x92\x67\x18\xe5\xf4\x06\x04\xef\x90\xb9\xe4\x00\xe4\xdd\x3a\xb5\x19\xff\x02\xba\xf4\x3c\xee\xe0\x8b\xeb\x37\x8b\xec\xf4\xd7\xac\xf2\xf6\xf0\x3d\xaf\xdd\x75\x91\x33\x19\x1d\x1c\x40\xcb\x74\x24\x19\x21\x93\xd9\x14\xfe\xac\x2a\x52\xc7\x8f\xd5\x04\x49\xe4\x8d\x63\x47\x88\x3c\x69\x83\xcb\xfe\x47\xbd\x2b\x7e\x4f\xc5\x95\xae\x0e\x9d\xd4\xd1\x43\xc0\x67\x73\xe3\x14\x08\x7e\xe5\x3f\x9f\x73\xb8\x33\x0a\xcf\x5d\x3f\x34\x87\x96\x8a\xee\x53\xe8\x25\x15\x02\x03\x01\x00\x01\xa3\x81\xb2\x30\x81\xaf\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x6d\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x0c\x04\x61\x30\x5f\xa1\x5d\xa0\x5b\x30\x59\x30\x57\x30\x55\x16\x09\x69\x6d\x61\x67\x65\x2f\x67\x69\x66\x30\x21\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14\x8f\xe5\xd3\x1a\x86\xac\x8d\x8e\x6b\xc3\xcf\x80\x6a\xd4\x48\x18\x2c\x7b\x19\x2e\x30\x25\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x6c\x6f\x67\x6f\x2e\x76\x65\x72\x69\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x76\x73\x6c\x6f\x67\x6f\x2e\x67\x69\x66\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x7f\xd3\x65\xa7\xc2\xdd\xec\xbb\xf0\x30\x09\xf3\x43\x39\xfa\x02\xaf\x33\x31\x33\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x93\x24\x4a\x30\x5f\x62\xcf\xd8\x1a\x98\x2f\x3d\xea\xdc\x99\x2d\xbd\x77\xf6\xa5\x79\x22\x38\xec\xc4\xa7\xa0\x78\x12\xad\x62\x0e\x45\x70\x64\xc5\xe7\x97\x66\x2d\x98\x09\x7e\x5f\xaf\xd6\xcc\x28\x65\xf2\x01\xaa\x08\x1a\x47\xde\xf9\xf9\x7c\x92\x5a\x08\x69\x20\x0d\xd9\x3e\x6d\x6e\x3c\x0d\x6e\xd8\xe6\x06\x91\x40\x18\xb9\xf8\xc1\xed\xdf\xdb\x41\xaa\xe0\x96\x20\xc9\xcd\x64\x15\x38\x81\xc9\x94\xee\xa2\x84\x29\x0b\x13\x6f\x8e\xdb\x0c\xdd\x25\x02\xdb\xa4\x8b\x19\x44\xd2\x41\x7a\x05\x69\x4a\x58\x4f\x60\xca\x7e\x82\x6a\x0b\x02\xaa\x25\x17\x39\xb5\xdb\x7f\xe7\x84\x65\x2a\x95\x8a\xbd\x86\xde\x5e\x81\x16\x83\x2d\x10\xcc\xde\xfd\xa8\x82\x2a\x6d\x28\x1f\x0d\x0b\xc4\xe5\xe7\x1a\x26\x19\xe1\xf4\x11\x6f\x10\xb5\x95\xfc\xe7\x42\x05\x32\xdb\xce\x9d\x51\x5e\x28\xb6\x9e\x85\xd3\x5b\xef\xa5\x7d\x45\x40\x72\x8e\xb7\x0e\x6b\x0e\x06\xfb\x33\x35\x48\x71\xb8\x9d\x27\x8b\xc4\x65\x5f\x0d\x86\x76\x9c\x44\x7a\xf6\x95\x5c\xf6\x5d\x32\x08\x33\xa4\x54\xb6\x18\x3f\x68\x5c\xf2\x42\x4a\x85\x38\x54\x83\x5f\xd1\xe8\x2c\xf2\xac\x11\xd6\xa8\xed\x63\x6a", + ["SecureTrust CA"] = "\x30\x82\x03\xb8\x30\x82\x02\xa0\xa0\x03\x02\x01\x02\x02\x10\x0c\xf0\x8e\x5c\x08\x16\xa5\xad\x42\x7f\xf0\xeb\x27\x18\x59\xd0\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x48\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x13\x17\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x6f\x72\x70\x6f\x72\x61\x74\x69\x6f\x6e\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x31\x31\x30\x37\x31\x39\x33\x31\x31\x38\x5a\x17\x0d\x32\x39\x31\x32\x33\x31\x31\x39\x34\x30\x35\x35\x5a\x30\x48\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x13\x17\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x6f\x72\x70\x6f\x72\x61\x74\x69\x6f\x6e\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xab\xa4\x81\xe5\x95\xcd\xf5\xf6\x14\x8e\xc2\x4f\xca\xd4\xe2\x78\x95\x58\x9c\x41\xe1\x0d\x99\x40\x24\x17\x39\x91\x33\x66\xe9\xbe\xe1\x83\xaf\x62\x5c\x89\xd1\xfc\x24\x5b\x61\xb3\xe0\x11\x11\x41\x1c\x1d\x6e\xf0\xb8\xbb\xf8\xde\xa7\x81\xba\xa6\x48\xc6\x9f\x1d\xbd\xbe\x8e\xa9\x41\x3e\xb8\x94\xed\x29\x1a\xd4\x8e\xd2\x03\x1d\x03\xef\x6d\x0d\x67\x1c\x57\xd7\x06\xad\xca\xc8\xf5\xfe\x0e\xaf\x66\x25\x48\x04\x96\x0b\x5d\xa3\xba\x16\xc3\x08\x4f\xd1\x46\xf8\x14\x5c\xf2\xc8\x5e\x01\x99\x6d\xfd\x88\xcc\x86\xa8\xc1\x6f\x31\x42\x6c\x52\x3e\x68\xcb\xf3\x19\x34\xdf\xbb\x87\x18\x56\x80\x26\xc4\xd0\xdc\xc0\x6f\xdf\xde\xa0\xc2\x91\x16\xa0\x64\x11\x4b\x44\xbc\x1e\xf6\xe7\xfa\x63\xde\x66\xac\x76\xa4\x71\xa3\xec\x36\x94\x68\x7a\x77\xa4\xb1\xe7\x0e\x2f\x81\x7a\xe2\xb5\x72\x86\xef\xa2\x6b\x8b\xf0\x0f\xdb\xd3\x59\x3f\xba\x72\xbc\x44\x24\x9c\xe3\x73\xb3\xf7\xaf\x57\x2f\x42\x26\x9d\xa9\x74\xba\x00\x52\xf2\x4b\xcd\x53\x7c\x47\x0b\x36\x85\x0e\x66\xa9\x08\x97\x16\x34\x57\xc1\x66\xf7\x80\xe3\xed\x70\x54\xc7\x93\xe0\x2e\x28\x15\x59\x87\xba\xbb\x02\x03\x01\x00\x01\xa3\x81\x9d\x30\x81\x9a\x30\x13\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x14\x02\x04\x06\x1e\x04\x00\x43\x00\x41\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x42\x32\xb6\x16\xfa\x04\xfd\xfe\x5d\x4b\x7a\xc3\xfd\xf7\x4c\x40\x1d\x5a\x43\xaf\x30\x34\x06\x03\x55\x1d\x1f\x04\x2d\x30\x2b\x30\x29\xa0\x27\xa0\x25\x86\x23\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x73\x65\x63\x75\x72\x65\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x2f\x53\x54\x43\x41\x2e\x63\x72\x6c\x30\x10\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x15\x01\x04\x03\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x30\xed\x4f\x4a\xe1\x58\x3a\x52\x72\x5b\xb5\xa6\xa3\x65\x18\xa6\xbb\x51\x3b\x77\xe9\x9d\xea\xd3\x9f\x5c\xe0\x45\x65\x7b\x0d\xca\x5b\xe2\x70\x50\xb2\x94\x05\x14\xae\x49\xc7\x8d\x41\x07\x12\x73\x94\x7e\x0c\x23\x21\xfd\xbc\x10\x7f\x60\x10\x5a\x72\xf5\x98\x0e\xac\xec\xb9\x7f\xdd\x7a\x6f\x5d\xd3\x1c\xf4\xff\x88\x05\x69\x42\xa9\x05\x71\xc8\xb7\xac\x26\xe8\x2e\xb4\x8c\x6a\xff\x71\xdc\xb8\xb1\xdf\x99\xbc\x7c\x21\x54\x2b\xe4\x58\xa2\xbb\x57\x29\xae\x9e\xa9\xa3\x19\x26\x0f\x99\x2e\x08\xb0\xef\xfd\x69\xcf\x99\x1a\x09\x8d\xe3\xa7\x9f\x2b\xc9\x36\x34\x7b\x24\xb3\x78\x4c\x95\x17\xa4\x06\x26\x1e\xb6\x64\x52\x36\x5f\x60\x67\xd9\x9c\xc5\x05\x74\x0b\xe7\x67\x23\xd2\x08\xfc\x88\xe9\xae\x8b\x7f\xe1\x30\xf4\x37\x7e\xfd\xc6\x32\xda\x2d\x9e\x44\x30\x30\x6c\xee\x07\xde\xd2\x34\xfc\xd2\xff\x40\xf6\x4b\xf4\x66\x46\x06\x54\xa6\xf2\x32\x0a\x63\x26\x30\x6b\x9b\xd1\xdc\x8b\x47\xba\xe1\xb9\xd5\x62\xd0\xa2\xa0\xf4\x67\x05\x78\x29\x63\x1a\x6f\x04\xd6\xf8\xc6\x4c\xa3\x9a\xb1\x37\xb4\x8d\xe5\x28\x4b\x1d\x9e\x2c\xc2\xb8\x68\xbc\xed\x02\xee\x31", + ["Secure Global CA"] = "\x30\x82\x03\xbc\x30\x82\x02\xa4\xa0\x03\x02\x01\x02\x02\x10\x07\x56\x22\xa4\xe8\xd4\x8a\x89\x4d\xf4\x13\xc8\xf0\xf8\xea\xa5\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x13\x17\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x6f\x72\x70\x6f\x72\x61\x74\x69\x6f\x6e\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x65\x63\x75\x72\x65\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x31\x31\x30\x37\x31\x39\x34\x32\x32\x38\x5a\x17\x0d\x32\x39\x31\x32\x33\x31\x31\x39\x35\x32\x30\x36\x5a\x30\x4a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x13\x17\x53\x65\x63\x75\x72\x65\x54\x72\x75\x73\x74\x20\x43\x6f\x72\x70\x6f\x72\x61\x74\x69\x6f\x6e\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x53\x65\x63\x75\x72\x65\x20\x47\x6c\x6f\x62\x61\x6c\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xaf\x35\x2e\xd8\xac\x6c\x55\x69\x06\x71\xe5\x13\x68\x24\xb3\x4f\xd8\xcc\x21\x47\xf8\xf1\x60\x38\x89\x89\x03\xe9\xbd\xea\x5e\x46\x53\x09\xdc\x5c\xf5\x5a\xe8\xf7\x45\x2a\x02\xeb\x31\x61\xd7\x29\x33\x4c\xce\xc7\x7c\x0a\x37\x7e\x0f\xba\x32\x98\xe1\x1d\x97\xaf\x8f\xc7\xdc\xc9\x38\x96\xf3\xdb\x1a\xfc\x51\xed\x68\xc6\xd0\x6e\xa4\x7c\x24\xd1\xae\x42\xc8\x96\x50\x63\x2e\xe0\xfe\x75\xfe\x98\xa7\x5f\x49\x2e\x95\xe3\x39\x33\x64\x8e\x1e\xa4\x5f\x90\xd2\x67\x3c\xb2\xd9\xfe\x41\xb9\x55\xa7\x09\x8e\x72\x05\x1e\x8b\xdd\x44\x85\x82\x42\xd0\x49\xc0\x1d\x60\xf0\xd1\x17\x2c\x95\xeb\xf6\xa5\xc1\x92\xa3\xc5\xc2\xa7\x08\x60\x0d\x60\x04\x10\x96\x79\x9e\x16\x34\xe6\xa9\xb6\xfa\x25\x45\x39\xc8\x1e\x65\xf9\x93\xf5\xaa\xf1\x52\xdc\x99\x98\x3d\xa5\x86\x1a\x0c\x35\x33\xfa\x4b\xa5\x04\x06\x15\x1c\x31\x80\xef\xaa\x18\x6b\xc2\x7b\xd7\xda\xce\xf9\x33\x20\xd5\xf5\xbd\x6a\x33\x2d\x81\x04\xfb\xb0\x5c\xd4\x9c\xa3\xe2\x5c\x1d\xe3\xa9\x42\x75\x5e\x7b\xd4\x77\xef\x39\x54\xba\xc9\x0a\x18\x1b\x12\x99\x49\x2f\x88\x4b\xfd\x50\x62\xd1\x73\xe7\x8f\x7a\x43\x02\x03\x01\x00\x01\xa3\x81\x9d\x30\x81\x9a\x30\x13\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x14\x02\x04\x06\x1e\x04\x00\x43\x00\x41\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xaf\x44\x04\xc2\x41\x7e\x48\x83\xdb\x4e\x39\x02\xec\xec\x84\x7a\xe6\xce\xc9\xa4\x30\x34\x06\x03\x55\x1d\x1f\x04\x2d\x30\x2b\x30\x29\xa0\x27\xa0\x25\x86\x23\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x73\x65\x63\x75\x72\x65\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x2f\x53\x47\x43\x41\x2e\x63\x72\x6c\x30\x10\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x15\x01\x04\x03\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x63\x1a\x08\x40\x7d\xa4\x5e\x53\x0d\x77\xd8\x7a\xae\x1f\x0d\x0b\x51\x16\x03\xef\x18\x7c\xc8\xe3\xaf\x6a\x58\x93\x14\x60\x91\xb2\x84\xdc\x88\x4e\xbe\x39\x8a\x3a\xf3\xe6\x82\x89\x5d\x01\x37\xb3\xab\x24\xa4\x15\x0e\x92\x35\x5a\x4a\x44\x5e\x4e\x57\xfa\x75\xce\x1f\x48\xce\x66\xf4\x3c\x40\x26\x92\x98\x6c\x1b\xee\x24\x46\x0c\x17\xb3\x52\xa5\xdb\xa5\x91\x91\xcf\x37\xd3\x6f\xe7\x27\x08\x3a\x4e\x19\x1f\x3a\xa7\x58\x5c\x17\xcf\x79\x3f\x8b\xe4\xa7\xd3\x26\x23\x9d\x26\x0f\x58\x69\xfc\x47\x7e\xb2\xd0\x8d\x8b\x93\xbf\x29\x4f\x43\x69\x74\x76\x67\x4b\xcf\x07\x8c\xe6\x02\xf7\xb5\xe1\xb4\x43\xb5\x4b\x2d\x14\x9f\xf9\xdc\x26\x0d\xbf\xa6\x47\x74\x06\xd8\x88\xd1\x3a\x29\x30\x84\xce\xd2\x39\x80\x62\x1b\xa8\xc7\x57\x49\xbc\x6a\x55\x51\x67\x15\x4a\xbe\x35\x07\xe4\xd5\x75\x98\x37\x79\x30\x14\xdb\x29\x9d\x6c\xc5\x69\xcc\x47\x55\xa2\x30\xf7\xcc\x5c\x7f\xc2\xc3\x98\x1c\x6b\x4e\x16\x80\xeb\x7a\x78\x65\x45\xa2\x00\x1a\xaf\x0c\x0d\x55\x64\x34\x48\xb8\x92\xb9\xf1\xb4\x50\x29\xf2\x4f\x23\x1f\xda\x6c\xac\x1f\x44\xe1\xdd\x23\x78\x51\x5b\xc7\x16", + ["COMODO Certification Authority"] = "\x30\x82\x04\x1d\x30\x82\x03\x05\xa0\x03\x02\x01\x02\x02\x10\x4e\x81\x2d\x8a\x82\x65\xe0\x0b\x02\xee\x3e\x35\x02\x46\xe5\x3d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x81\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x13\x11\x43\x4f\x4d\x4f\x44\x4f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1e\x43\x4f\x4d\x4f\x44\x4f\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x36\x31\x32\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x39\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\x81\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x13\x11\x43\x4f\x4d\x4f\x44\x4f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1e\x43\x4f\x4d\x4f\x44\x4f\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xd0\x40\x8b\x8b\x72\xe3\x91\x1b\xf7\x51\xc1\x1b\x54\x04\x98\xd3\xa9\xbf\xc1\xe6\x8a\x5d\x3b\x87\xfb\xbb\x88\xce\x0d\xe3\x2f\x3f\x06\x96\xf0\xa2\x29\x50\x99\xae\xdb\x3b\xa1\x57\xb0\x74\x51\x71\xcd\xed\x42\x91\x4d\x41\xfe\xa9\xc8\xd8\x6a\x86\x77\x44\xbb\x59\x66\x97\x50\x5e\xb4\xd4\x2c\x70\x44\xcf\xda\x37\x95\x42\x69\x3c\x30\xc4\x71\xb3\x52\xf0\x21\x4d\xa1\xd8\xba\x39\x7c\x1c\x9e\xa3\x24\x9d\xf2\x83\x16\x98\xaa\x16\x7c\x43\x9b\x15\x5b\xb7\xae\x34\x91\xfe\xd4\x62\x26\x18\x46\x9a\x3f\xeb\xc1\xf9\xf1\x90\x57\xeb\xac\x7a\x0d\x8b\xdb\x72\x30\x6a\x66\xd5\xe0\x46\xa3\x70\xdc\x68\xd9\xff\x04\x48\x89\x77\xde\xb5\xe9\xfb\x67\x6d\x41\xe9\xbc\x39\xbd\x32\xd9\x62\x02\xf1\xb1\xa8\x3d\x6e\x37\x9c\xe2\x2f\xe2\xd3\xa2\x26\x8b\xc6\xb8\x55\x43\x88\xe1\x23\x3e\xa5\xd2\x24\x39\x6a\x47\xab\x00\xd4\xa1\xb3\xa9\x25\xfe\x0d\x3f\xa7\x1d\xba\xd3\x51\xc1\x0b\xa4\xda\xac\x38\xef\x55\x50\x24\x05\x65\x46\x93\x34\x4f\x2d\x8d\xad\xc6\xd4\x21\x19\xd2\x8e\xca\x05\x61\x71\x07\x73\x47\xe5\x8a\x19\x12\xbd\x04\x4d\xce\x4e\x9c\xa5\x48\xac\xbb\x26\xf7\x02\x03\x01\x00\x01\xa3\x81\x8e\x30\x81\x8b\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x0b\x58\xe5\x8b\xc6\x4c\x15\x37\xa4\x40\xa9\x30\xa9\x21\xbe\x47\x36\x5a\x56\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x49\x06\x03\x55\x1d\x1f\x04\x42\x30\x40\x30\x3e\xa0\x3c\xa0\x3a\x86\x38\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f\x63\x61\x2e\x63\x6f\x6d\x2f\x43\x4f\x4d\x4f\x44\x4f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3e\x98\x9e\x9b\xf6\x1b\xe9\xd7\x39\xb7\x78\xae\x1d\x72\x18\x49\xd3\x87\xe4\x43\x82\xeb\x3f\xc9\xaa\xf5\xa8\xb5\xef\x55\x7c\x21\x52\x65\xf9\xd5\x0d\xe1\x6c\xf4\x3e\x8c\x93\x73\x91\x2e\x02\xc4\x4e\x07\x71\x6f\xc0\x8f\x38\x61\x08\xa8\x1e\x81\x0a\xc0\x2f\x20\x2f\x41\x8b\x91\xdc\x48\x45\xbc\xf1\xc6\xde\xba\x76\x6b\x33\xc8\x00\x2d\x31\x46\x4c\xed\xe7\x9d\xcf\x88\x94\xff\x33\xc0\x56\xe8\x24\x86\x26\xb8\xd8\x38\x38\xdf\x2a\x6b\xdd\x12\xcc\xc7\x3f\x47\x17\x4c\xa2\xc2\x06\x96\x09\xd6\xdb\xfe\x3f\x3c\x46\x41\xdf\x58\xe2\x56\x0f\x3c\x3b\xc1\x1c\x93\x35\xd9\x38\x52\xac\xee\xc8\xec\x2e\x30\x4e\x94\x35\xb4\x24\x1f\x4b\x78\x69\xda\xf2\x02\x38\xcc\x95\x52\x93\xf0\x70\x25\x59\x9c\x20\x67\xc4\xee\xf9\x8b\x57\x61\xf4\x92\x76\x7d\x3f\x84\x8d\x55\xb7\xe8\xe5\xac\xd5\xf1\xf5\x19\x56\xa6\x5a\xfb\x90\x1c\xaf\x93\xeb\xe5\x1c\xd4\x67\x97\x5d\x04\x0e\xbe\x0b\x83\xa6\x17\x83\xb9\x30\x12\xa0\xc5\x33\x15\x05\xb9\x0d\xfb\xc7\x05\x76\xe3\xd8\x4a\x8d\xfc\x34\x17\xa3\xc6\x21\x28\xbe\x30\x45\x31\x1e\xc7\x78\xbe\x58\x61\x38\xac\x3b\xe2\x01\x65", + ["DigiNotar Root CA"] = "\x30\x82\x05\x8a\x30\x82\x03\x72\xa0\x03\x02\x01\x02\x02\x10\x0c\x76\xda\x9c\x91\x0c\x4e\x2c\x9e\xfe\x15\xd0\x58\x93\x3c\x4c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4c\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x13\x09\x44\x69\x67\x69\x4e\x6f\x74\x61\x72\x31\x1a\x30\x18\x06\x03\x55\x04\x03\x13\x11\x44\x69\x67\x69\x4e\x6f\x74\x61\x72\x20\x52\x6f\x6f\x74\x20\x43\x41\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x64\x69\x67\x69\x6e\x6f\x74\x61\x72\x2e\x6e\x6c\x30\x1e\x17\x0d\x30\x37\x30\x35\x31\x36\x31\x37\x31\x39\x33\x36\x5a\x17\x0d\x32\x35\x30\x33\x33\x31\x31\x38\x31\x39\x32\x31\x5a\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4c\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x13\x09\x44\x69\x67\x69\x4e\x6f\x74\x61\x72\x31\x1a\x30\x18\x06\x03\x55\x04\x03\x13\x11\x44\x69\x67\x69\x4e\x6f\x74\x61\x72\x20\x52\x6f\x6f\x74\x20\x43\x41\x31\x20\x30\x1e\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x11\x69\x6e\x66\x6f\x40\x64\x69\x67\x69\x6e\x6f\x74\x61\x72\x2e\x6e\x6c\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xac\xb0\x58\xc1\x00\xbd\xd8\x21\x08\x0b\x2b\x9a\xfe\x6e\x56\x30\x05\x9f\x1b\x77\x90\x10\x41\x5c\xc3\x0d\x87\x11\x77\x8e\x81\xf1\xca\x7c\xe9\x8c\x6a\xed\x38\x74\x35\xbb\xda\xdf\xf9\xbb\xc0\x09\x37\xb4\x96\x73\x81\x7d\x33\x1a\x98\x39\xf7\x93\x6f\x95\x7f\x3d\xb9\xb1\x75\x87\xba\x51\x48\xe8\x8b\x70\x3e\x95\x04\xc5\xd8\xb6\xc3\x16\xd9\x88\xb0\xb1\x87\x1d\x70\xda\x86\xb4\x0f\x14\x8b\x7a\xcf\x10\xd1\x74\x36\xa2\x12\x7b\x77\x86\x4a\x79\xe6\x7b\xdf\x02\x11\x68\xa5\x4e\x86\xae\x34\x58\x9b\x24\x13\x78\x56\x22\x25\x1e\x01\x8b\x4b\x51\x71\xfb\x82\xcc\x59\x96\x69\x88\x5a\x68\x53\xc5\xb9\x0d\x02\x37\xcb\x4b\xbc\x66\x4a\x90\x7e\x2a\x0b\x05\x07\xed\x16\x5f\x55\x90\x75\xd8\x46\xc9\x1b\x83\xe2\x08\xbe\xf1\x23\xcc\x99\x1d\xd6\x2a\x0f\x83\x20\x15\x58\x27\x82\x2e\xfa\xe2\x22\xc2\x49\xb1\xb9\x01\x81\x6a\x9d\x6d\x9d\x40\x77\x68\x76\x4e\x21\x2a\x6d\x84\x40\x85\x4e\x76\x99\x7c\x82\xf3\xf3\xb7\x02\x59\xd4\x26\x01\x1b\x8e\xdf\xad\x53\x06\xd1\xae\x18\xdd\xe2\xb2\x3a\xcb\xd7\x88\x38\x8e\xac\x5b\x29\xb9\x19\xd3\x98\xf9\x18\x03\xcf\x48\x82\x86\x66\x0b\x1b\x69\x0f\xc9\xeb\x38\x88\x7a\x26\x1a\x05\x4c\x92\xd7\x24\xd4\x96\xf2\xac\x52\x2d\xa3\x47\xd5\x52\xf6\x3f\xfe\xce\x84\x06\x70\xa6\xaa\x3e\xa2\xf2\xb6\x56\x34\x18\x57\xa2\xe4\x81\x6d\xe7\xca\xf0\x6a\xd3\xc7\x91\x6b\x02\x83\x41\x7c\x15\xef\x6b\x9a\x64\x5e\xe3\xd0\x3c\xe5\xb1\xeb\x7b\x5d\x86\xfb\xcb\xe6\x77\x49\xcd\xa3\x65\xdc\xf7\xb9\x9c\xb8\xe4\x0b\x5f\x93\xcf\xcc\x30\x1a\x32\x1c\xce\x1c\x63\x95\xa5\xf9\xea\xe1\x74\x8b\x9e\xe9\x2b\xa9\x30\x7b\xa0\x18\x1f\x0e\x18\x0b\xe5\x5b\xa9\xd3\xd1\x6c\x1e\x07\x67\x8f\x91\x4b\xa9\x8a\xbc\xd2\x66\xaa\x93\x01\x88\xb2\x91\xfa\x31\x5c\xd5\xa6\xc1\x52\x08\x09\xcd\x0a\x63\xa2\xd3\x22\xa6\xe8\xa1\xd9\x39\x06\x97\xf5\x6e\x8d\x02\x90\x8c\x14\x7b\x3f\x80\xcd\x1b\x9c\xba\xc4\x58\x72\x23\xaf\xb6\x56\x9f\xc6\x7a\x42\x33\x29\x07\x3f\x82\xc9\xe6\x1f\x05\x0d\xcd\x4c\x28\x36\x8b\xd3\xc8\x3e\x1c\xc6\x88\xef\x5e\xee\x89\x64\xe9\x1d\xeb\xda\x89\x7e\x32\xa6\x69\xd1\xdd\xcc\x88\x9f\xd1\xd0\xc9\x66\x21\xdc\x06\x67\xc5\x94\x7a\x9a\x6d\x62\x4c\x7d\xcc\xe0\x64\x80\xb2\x9e\x47\x8e\xa3\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x88\x68\xbf\xe0\x8e\x35\xc4\x3b\x38\x6b\x62\xf7\x28\x3b\x84\x81\xc8\x0c\xd7\x4d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x3b\x02\x8d\xcb\x3c\x30\xe8\x6e\xa0\xad\xf2\x73\xb3\x5f\x9e\x25\x13\x04\x05\xd3\xf6\xe3\x8b\xbb\x0b\x79\xce\x53\xde\xe4\x96\xc5\xd1\xaf\x73\xbc\xd5\xc3\xd0\x40\x55\x7c\x40\x7f\xcd\x1b\x5f\x09\xd5\xf2\x7c\x9f\x68\x1d\xbb\x5d\xce\x7a\x39\xc2\x8c\xd6\x98\x7b\xc5\x83\x55\xa8\xd5\x7d\x40\xca\xe0\x1e\xf7\x89\x5e\x63\x5d\xa1\x13\xc2\x5d\x8a\xb6\x8a\x7c\x00\xf3\x23\xc3\xed\x85\x5f\x71\x76\xf0\x68\x63\xaa\x45\x21\x39\x48\x61\x78\x36\xdc\xf1\x43\x93\xd4\x25\xc7\xf2\x80\x65\xe1\x53\x02\x75\x51\xfc\x7a\x3a\xef\x37\xab\x84\x28\x57\x0c\xd8\xd4\xd4\x99\x56\x6c\xe3\xa2\xfe\x59\x84\xb4\x31\xe8\x33\xf8\x64\x94\x94\x51\x97\xab\x39\xc5\x4b\xed\xda\xdd\x80\x0b\x6f\x7c\x29\x0d\xc4\x8e\x8a\x72\x0d\xe7\x53\x14\xb2\x60\x41\x3d\x84\x91\x31\x68\x3d\x27\x44\xdb\xe5\xde\xf4\xfa\x63\x45\xc8\x4c\x3e\x98\xf5\x3f\x41\xba\x4e\xcb\x37\x0d\xba\x66\x98\xf1\xdd\xcb\x9f\x5c\xf7\x54\x36\x82\x6b\x2c\xbc\x13\x61\x97\x42\xf8\x78\xbb\xcc\xc8\xa2\x9f\xca\xf0\x68\xbd\x6b\x1d\xb2\xdf\x8d\x6f\x07\x9d\xda\x8e\x67\xc7\x47\x1e\xca\xb9\xbf\x2a\x42\x91\xb7\x63\x53\x66\xf1\x42\xa3\xe1\xf4\x5a\x4d\x58\x6b\xb5\xe4\xa4\x33\xad\x5c\x70\x1d\xdc\xe0\xf2\xeb\x73\x14\x91\x9a\x03\xc1\xea\x00\x65\xbc\x07\xfc\xcf\x12\x11\x22\x2c\xae\xa0\xbd\x3a\xe0\xa2\x2a\xd8\x59\xe9\x29\xd3\x18\x35\xa4\xac\x11\x5f\x19\xb5\xb5\x1b\xff\x22\x4a\x5c\xc6\x7a\xe4\x17\xef\x20\xa9\xa7\xf4\x3f\xad\x8a\xa7\x9a\x04\x25\x9d\x0e\xca\x37\xe6\x50\xfd\x8c\x42\x29\x04\x9a\xec\xb9\xcf\x4b\x72\xbd\xe2\x08\x36\xaf\x23\x2f\x62\xe5\xca\x01\xd3\x70\xdb\x7c\x82\x23\x2c\x16\x31\x0c\xc6\x36\x07\x90\x7a\xb1\x1f\x67\x58\xc4\x3b\x58\x59\x89\xb0\x8c\x8c\x50\xb3\xd8\x86\xcb\x68\xa3\xc4\x0a\xe7\x69\x4b\x20\xce\xc1\x1e\x56\x4b\x95\xa9\x23\x68\xd8\x30\xd8\xc3\xeb\xb0\x55\x51\xcd\xe5\xfd\x2b\xb8\xf5\xbb\x11\x9f\x53\x54\xf6\x34\x19\x8c\x79\x09\x36\xca\x61\x17\x25\x17\x0b\x82\x98\x73\x0c\x77\x74\xc3\xd5\x0d\xc7\xa8\x12\x4c\xc7\xa7\x54\x71\x47\x2e\x2c\x1a\x7d\xc9\xe3\x2b\x3b\x48\xde\x27\x84\xa7\x63\x36\xb3\x7d\x8f\xa0\x64\x39\x24\x0d\x3d\x7b\x87\xaf\x66\x5c\x74\x1b\x4b\x73\xb2\xe5\x8c\xf0\x86\x99\xb8\xe5\xc5\xdf\x84\xc1\xb7\xeb", + ["Network Solutions Certificate Authority"] = "\x30\x82\x03\xe6\x30\x82\x02\xce\xa0\x03\x02\x01\x02\x02\x10\x57\xcb\x33\x6f\xc2\x5c\x16\xe6\x47\x16\x17\xe3\x90\x31\x68\xe0\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x62\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1f\x06\x03\x55\x04\x0a\x13\x18\x4e\x65\x74\x77\x6f\x72\x6b\x20\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x20\x4c\x2e\x4c\x2e\x43\x2e\x31\x30\x30\x2e\x06\x03\x55\x04\x03\x13\x27\x4e\x65\x74\x77\x6f\x72\x6b\x20\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x36\x31\x32\x30\x31\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x39\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x62\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x21\x30\x1f\x06\x03\x55\x04\x0a\x13\x18\x4e\x65\x74\x77\x6f\x72\x6b\x20\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x20\x4c\x2e\x4c\x2e\x43\x2e\x31\x30\x30\x2e\x06\x03\x55\x04\x03\x13\x27\x4e\x65\x74\x77\x6f\x72\x6b\x20\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xe4\xbc\x7e\x92\x30\x6d\xc6\xd8\x8e\x2b\x0b\xbc\x46\xce\xe0\x27\x96\xde\xde\xf9\xfa\x12\xd3\x3c\x33\x73\xb3\x04\x2f\xbc\x71\x8c\xe5\x9f\xb6\x22\x60\x3e\x5f\x5d\xce\x09\xff\x82\x0c\x1b\x9a\x51\x50\x1a\x26\x89\xdd\xd5\x61\x5d\x19\xdc\x12\x0f\x2d\x0a\xa2\x43\x5d\x17\xd0\x34\x92\x20\xea\x73\xcf\x38\x2c\x06\x26\x09\x7a\x72\xf7\xfa\x50\x32\xf8\xc2\x93\xd3\x69\xa2\x23\xce\x41\xb1\xcc\xe4\xd5\x1f\x36\xd1\x8a\x3a\xf8\x8c\x63\xe2\x14\x59\x69\xed\x0d\xd3\x7f\x6b\xe8\xb8\x03\xe5\x4f\x6a\xe5\x98\x63\x69\x48\x05\xbe\x2e\xff\x33\xb6\xe9\x97\x59\x69\xf8\x67\x19\xae\x93\x61\x96\x44\x15\xd3\x72\xb0\x3f\xbc\x6a\x7d\xec\x48\x7f\x8d\xc3\xab\xaa\x71\x2b\x53\x69\x41\x53\x34\xb5\xb0\xb9\xc5\x06\x0a\xc4\xb0\x45\xf5\x41\x5d\x6e\x89\x45\x7b\x3d\x3b\x26\x8c\x74\xc2\xe5\xd2\xd1\x7d\xb2\x11\xd4\xfb\x58\x32\x22\x9a\x80\xc9\xdc\xfd\x0c\xe9\x7f\x5e\x03\x97\xce\x3b\x00\x14\x87\x27\x70\x38\xa9\x8e\x6e\xb3\x27\x76\x98\x51\xe0\x05\xe3\x21\xab\x1a\xd5\x85\x22\x3c\x29\xb5\x9a\x16\xc5\x80\xa8\xf4\xbb\x6b\x30\x8f\x2f\x46\x02\xa2\xb1\x0c\x22\xe0\xd3\x02\x03\x01\x00\x01\xa3\x81\x97\x30\x81\x94\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x21\x30\xc9\xfb\x00\xd7\x4e\x98\xda\x87\xaa\x2a\xd0\xa7\x2e\xb1\x40\x31\xa7\x4c\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x52\x06\x03\x55\x1d\x1f\x04\x4b\x30\x49\x30\x47\xa0\x45\xa0\x43\x86\x41\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x6e\x65\x74\x73\x6f\x6c\x73\x73\x6c\x2e\x63\x6f\x6d\x2f\x4e\x65\x74\x77\x6f\x72\x6b\x53\x6f\x6c\x75\x74\x69\x6f\x6e\x73\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x2e\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xbb\xae\x4b\xe7\xb7\x57\xeb\x7f\xaa\x2d\xb7\x73\x47\x85\x6a\xc1\xe4\xa5\x1d\xe4\xe7\x3c\xe9\xf4\x59\x65\x77\xb5\x7a\x5b\x5a\x8d\x25\x36\xe0\x7a\x97\x2e\x38\xc0\x57\x60\x83\x98\x06\x83\x9f\xb9\x76\x7a\x6e\x50\xe0\xba\x88\x2c\xfc\x45\xcc\x18\xb0\x99\x95\x51\x0e\xec\x1d\xb8\x88\xff\x87\x50\x1c\x82\xc2\xe3\xe0\x32\x80\xbf\xa0\x0b\x47\xc8\xc3\x31\xef\x99\x67\x32\x80\x4f\x17\x21\x79\x0c\x69\x5c\xde\x5e\x34\xae\x02\xb5\x26\xea\x50\xdf\x7f\x18\x65\x2c\xc9\xf2\x63\xe1\xa9\x07\xfe\x7c\x71\x1f\x6b\x33\x24\x6a\x1e\x05\xf7\x05\x68\xc0\x6a\x12\xcb\x2e\x5e\x61\xcb\xae\x28\xd3\x7e\xc2\xb4\x66\x91\x26\x5f\x3c\x2e\x24\x5f\xcb\x58\x0f\xeb\x28\xec\xaf\x11\x96\xf3\xdc\x7b\x6f\xc0\xa7\x88\xf2\x53\x77\xb3\x60\x5e\xae\xae\x28\xda\x35\x2c\x6f\x34\x45\xd3\x26\xe1\xde\xec\x5b\x4f\x27\x6b\x16\x7c\xbd\x44\x04\x18\x82\xb3\x89\x79\x17\x10\x71\x3d\x7a\xa2\x16\x4e\xf5\x01\xcd\xa4\x6c\x65\x68\xa1\x49\x76\x5c\x43\xc9\xd8\xbc\x36\x67\x6c\xa5\x94\xb5\xd4\xcc\xb9\xbd\x6a\x35\x56\x21\xde\xd8\xc3\xeb\xfb\xcb\xa4\x60\x4c\xb0\x55\xa0\xa0\x7b\x57\xb2", + ["WellsSecure Public Root Certificate Authority"] = "\x30\x82\x04\xbd\x30\x82\x03\xa5\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x0c\x17\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x57\x65\x6c\x6c\x73\x53\x65\x63\x75\x72\x65\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x0c\x13\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x42\x61\x6e\x6b\x20\x4e\x41\x31\x36\x30\x34\x06\x03\x55\x04\x03\x0c\x2d\x57\x65\x6c\x6c\x73\x53\x65\x63\x75\x72\x65\x20\x50\x75\x62\x6c\x69\x63\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x37\x31\x32\x31\x33\x31\x37\x30\x37\x35\x34\x5a\x17\x0d\x32\x32\x31\x32\x31\x34\x30\x30\x30\x37\x35\x34\x5a\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x0c\x17\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x57\x65\x6c\x6c\x73\x53\x65\x63\x75\x72\x65\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x0c\x13\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x42\x61\x6e\x6b\x20\x4e\x41\x31\x36\x30\x34\x06\x03\x55\x04\x03\x0c\x2d\x57\x65\x6c\x6c\x73\x53\x65\x63\x75\x72\x65\x20\x50\x75\x62\x6c\x69\x63\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xee\x6f\xb4\xbd\x79\xe2\x8f\x08\x21\x9e\x38\x04\x41\x25\xef\xab\x5b\x1c\x53\x92\xac\x6d\x9e\xdd\xc2\xc4\x2e\x45\x94\x03\x35\x88\x67\x74\x57\xe3\xdf\x8c\xb8\xa7\x76\x8f\x3b\xf7\xa8\xc4\xdb\x29\x63\x0e\x91\x68\x36\x8a\x97\x8e\x8a\x71\x68\x09\x07\xe4\xe8\xd4\x0e\x4f\xf8\xd6\x2b\x4c\xa4\x16\xf9\xef\x43\x98\x8f\xb3\x9e\x52\xdf\x6d\x91\x39\x8f\x38\xbd\x77\x8b\x43\x63\xeb\xb7\x93\xfc\x30\x4c\x1c\x01\x93\xb6\x13\xfb\xf7\xa1\x1f\xbf\x25\xe1\x74\x37\x2c\x1e\xa4\x5e\x3c\x68\xf8\x4b\xbf\x0d\xb9\x1e\x2e\x36\xe8\xa9\xe4\xa7\xf8\x0f\xcb\x82\x75\x7c\x35\x2d\x22\xd6\xc2\xbf\x0b\xf3\xb4\xfc\x6c\x95\x61\x1e\x57\xd7\x04\x81\x32\x83\x52\x79\xe6\x83\x63\xcf\xb7\xcb\x63\x8b\x11\xe2\xbd\x5e\xeb\xf6\x8d\xed\x95\x72\x28\xb4\xac\x12\x62\xe9\x4a\x33\xe6\x83\x32\xae\x05\x75\x95\xbd\x84\x95\xdb\x2a\x5c\x9b\x8e\x2e\x0c\xb8\x81\x2b\x41\xe6\x38\x56\x9f\x49\x9b\x6c\x76\xfa\x8a\x5d\xf7\x01\x79\x81\x7c\xc1\x83\x40\x05\xfe\x71\xfd\x0c\x3f\xcc\x4e\x60\x09\x0e\x65\x47\x10\x2f\x01\xc0\x05\x3f\x8f\xf8\xb3\x41\xef\x5a\x42\x7e\x59\xef\xd2\x97\x0c\x65\x02\x03\x01\x00\x01\xa3\x82\x01\x34\x30\x82\x01\x30\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x39\x06\x03\x55\x1d\x1f\x04\x32\x30\x30\x30\x2e\xa0\x2c\xa0\x2a\x86\x28\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x70\x6b\x69\x2e\x77\x65\x6c\x6c\x73\x66\x61\x72\x67\x6f\x2e\x63\x6f\x6d\x2f\x77\x73\x70\x72\x63\x61\x2e\x63\x72\x6c\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc6\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x26\x95\x19\x10\xd9\xe8\xa1\x97\x91\xff\xdc\x19\xd9\xb5\x04\x3e\xd2\x73\x0a\x6a\x30\x81\xb2\x06\x03\x55\x1d\x23\x04\x81\xaa\x30\x81\xa7\x80\x14\x26\x95\x19\x10\xd9\xe8\xa1\x97\x91\xff\xdc\x19\xd9\xb5\x04\x3e\xd2\x73\x0a\x6a\xa1\x81\x8b\xa4\x81\x88\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x20\x30\x1e\x06\x03\x55\x04\x0a\x0c\x17\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x57\x65\x6c\x6c\x73\x53\x65\x63\x75\x72\x65\x31\x1c\x30\x1a\x06\x03\x55\x04\x0b\x0c\x13\x57\x65\x6c\x6c\x73\x20\x46\x61\x72\x67\x6f\x20\x42\x61\x6e\x6b\x20\x4e\x41\x31\x36\x30\x34\x06\x03\x55\x04\x03\x0c\x2d\x57\x65\x6c\x6c\x73\x53\x65\x63\x75\x72\x65\x20\x50\x75\x62\x6c\x69\x63\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x82\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xb9\x15\xb1\x44\x91\xcc\x23\xc8\x2b\x4d\x77\xe3\xf8\x9a\x7b\x27\x0d\xcd\x72\xbb\x99\x00\xca\x7c\x66\x19\x50\xc6\xd5\x98\xed\xab\xbf\x03\x5a\xe5\x4d\xe5\x1e\xc8\x4f\x71\x97\x86\xd5\xe3\x1d\xfd\x90\xc9\x3c\x75\x77\x57\x7a\x7d\xf8\xde\xf4\xd4\xd5\xf7\x95\xe6\x74\x6e\x1d\x3c\xae\x7c\x9d\xdb\x02\x03\x05\x2c\x71\x4b\x25\x3e\x07\xe3\x5e\x9a\xf5\x66\x17\x29\x88\x1a\x38\x9f\xcf\xaa\x41\x03\x84\x97\x6b\x93\x38\x7a\xca\x30\x44\x1b\x24\x44\x33\xd0\xe4\xd1\xdc\x28\x38\xf4\x13\x43\x35\x35\x29\x63\xa8\x7c\xa2\xb5\xad\x38\xa4\xed\xad\xfd\xc6\x9a\x1f\xff\x97\x73\xfe\xfb\xb3\x35\xa7\x93\x86\xc6\x76\x91\x00\xe6\xac\x51\x16\xc4\x27\x32\x5c\xdb\x73\xda\xa5\x93\x57\x8e\x3e\x6d\x35\x26\x08\x59\xd5\xe7\x44\xd7\x76\x20\x63\xe7\xac\x13\x67\xc3\x6d\xb1\x70\x46\x7c\xd5\x96\x11\x3d\x89\x6f\x5d\xa8\xa1\xeb\x8d\x0a\xda\xc3\x1d\x33\x6c\xa3\xea\x67\x19\x9a\x99\x7f\x4b\x3d\x83\x51\x2a\x1d\xca\x2f\x86\x0c\xa2\x7e\x10\x2d\x2b\xd4\x16\x95\x0b\x07\xaa\x2e\x14\x92\x49\xb7\x29\x6f\xd8\x6d\x31\x7d\xf5\xfc\xa1\x10\x07\x87\xce\x2f\x59\xdc\x3e\x58\xdb", + ["COMODO ECC Certification Authority"] = "\x30\x82\x02\x89\x30\x82\x02\x0f\xa0\x03\x02\x01\x02\x02\x10\x1f\x47\xaf\xaa\x62\x00\x70\x50\x54\x4c\x01\x9e\x9b\x63\x99\x2a\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x13\x11\x43\x4f\x4d\x4f\x44\x4f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x2b\x30\x29\x06\x03\x55\x04\x03\x13\x22\x43\x4f\x4d\x4f\x44\x4f\x20\x45\x43\x43\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x38\x30\x33\x30\x36\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5a\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x13\x11\x43\x4f\x4d\x4f\x44\x4f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x2b\x30\x29\x06\x03\x55\x04\x03\x13\x22\x43\x4f\x4d\x4f\x44\x4f\x20\x45\x43\x43\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x76\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04\x00\x22\x03\x62\x00\x04\x03\x47\x7b\x2f\x75\xc9\x82\x15\x85\xfb\x75\xe4\x91\x16\xd4\xab\x62\x99\xf5\x3e\x52\x0b\x06\xce\x41\x00\x7f\x97\xe1\x0a\x24\x3c\x1d\x01\x04\xee\x3d\xd2\x8d\x09\x97\x0c\xe0\x75\xe4\xfa\xfb\x77\x8a\x2a\xf5\x03\x60\x4b\x36\x8b\x16\x23\x16\xad\x09\x71\xf4\x4a\xf4\x28\x50\xb4\xfe\x88\x1c\x6e\x3f\x6c\x2f\x2f\x09\x59\x5b\xa5\x5b\x0b\x33\x99\xe2\xc3\x3d\x89\xf9\x6a\x2c\xef\xb2\xd3\x06\xe9\xa3\x42\x30\x40\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x75\x71\xa7\x19\x48\x19\xbc\x9d\x9d\xea\x41\x47\xdf\x94\xc4\x48\x77\x99\xd3\x79\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x03\x68\x00\x30\x65\x02\x31\x00\xef\x03\x5b\x7a\xac\xb7\x78\x0a\x72\xb7\x88\xdf\xff\xb5\x46\x14\x09\x0a\xfa\xa0\xe6\x7d\x08\xc6\x1a\x87\xbd\x18\xa8\x73\xbd\x26\xca\x60\x0c\x9d\xce\x99\x9f\xcf\x5c\x0f\x30\xe1\xbe\x14\x31\xea\x02\x30\x14\xf4\x93\x3c\x49\xa7\x33\x7a\x90\x46\x47\xb3\x63\x7d\x13\x9b\x4e\xb7\x6f\x18\x37\x80\x53\xfe\xdd\x20\xe0\x35\x9a\x36\xd1\xc7\x01\xb9\xe6\xdc\xdd\xf3\xff\x1d\x2c\x3a\x16\x57\xd9\x92\x39\xd6", + ["IGC/A"] = "\x30\x82\x04\x02\x30\x82\x02\xea\xa0\x03\x02\x01\x02\x02\x05\x39\x11\x45\x10\x94\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x0f\x30\x0d\x06\x03\x55\x04\x08\x13\x06\x46\x72\x61\x6e\x63\x65\x31\x0e\x30\x0c\x06\x03\x55\x04\x07\x13\x05\x50\x61\x72\x69\x73\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x50\x4d\x2f\x53\x47\x44\x4e\x31\x0e\x30\x0c\x06\x03\x55\x04\x0b\x13\x05\x44\x43\x53\x53\x49\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x49\x47\x43\x2f\x41\x31\x23\x30\x21\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x14\x69\x67\x63\x61\x40\x73\x67\x64\x6e\x2e\x70\x6d\x2e\x67\x6f\x75\x76\x2e\x66\x72\x30\x1e\x17\x0d\x30\x32\x31\x32\x31\x33\x31\x34\x32\x39\x32\x33\x5a\x17\x0d\x32\x30\x31\x30\x31\x37\x31\x34\x32\x39\x32\x32\x5a\x30\x81\x85\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x0f\x30\x0d\x06\x03\x55\x04\x08\x13\x06\x46\x72\x61\x6e\x63\x65\x31\x0e\x30\x0c\x06\x03\x55\x04\x07\x13\x05\x50\x61\x72\x69\x73\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x50\x4d\x2f\x53\x47\x44\x4e\x31\x0e\x30\x0c\x06\x03\x55\x04\x0b\x13\x05\x44\x43\x53\x53\x49\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x49\x47\x43\x2f\x41\x31\x23\x30\x21\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x14\x69\x67\x63\x61\x40\x73\x67\x64\x6e\x2e\x70\x6d\x2e\x67\x6f\x75\x76\x2e\x66\x72\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb2\x1f\xd1\xd0\x62\xc5\x33\x3b\xc0\x04\x86\x88\xb3\xdc\xf8\x88\xf7\xfd\xdf\x43\xdf\x7a\x8d\x9a\x49\x5c\xf6\x4e\xaa\xcc\x1c\xb9\xa1\xeb\x27\x89\xf2\x46\xe9\x3b\x4a\x71\xd5\x1d\x8e\x2d\xcf\xe6\xad\xab\x63\x50\xc7\x54\x0b\x6e\x12\xc9\x90\x36\xc6\xd8\x2f\xda\x91\xaa\x68\xc5\x72\xfe\x17\x0a\xb2\x17\x7e\x79\xb5\x32\x88\x70\xca\x70\xc0\x96\x4a\x8e\xe4\x55\xcd\x1d\x27\x94\xbf\xce\x72\x2a\xec\x5c\xf9\x73\x20\xfe\xbd\xf7\x2e\x89\x67\xb8\xbb\x47\x73\x12\xf7\xd1\x35\x69\x3a\xf2\x0a\xb9\xae\xff\x46\x42\x46\xa2\xbf\xa1\x85\x1a\xf9\xbf\xe4\xff\x49\x85\xf7\xa3\x70\x86\x32\x1c\x5d\x9f\x60\xf7\xa9\xad\xa5\xff\xcf\xd1\x34\xf9\x7d\x5b\x17\xc6\xdc\xd6\x0e\x28\x6b\xc2\xdd\xf1\xf5\x33\x68\x9d\x4e\xfc\x87\x7c\x36\x12\xd6\xa3\x80\xe8\x43\x0d\x55\x61\x94\xea\x64\x37\x47\xea\x77\xca\xd0\xb2\x58\x05\xc3\x5d\x7e\xb1\xa8\x46\x90\x31\x56\xce\x70\x2a\x96\xb2\x30\xb8\x77\xe6\x79\xc0\xbd\x29\x3b\xfd\x94\x77\x4c\xbd\x20\xcd\x41\x25\xe0\x2e\xc7\x1b\xbb\xee\xa4\x04\x41\xd2\x5d\xad\x12\x6a\x8a\x9b\x47\xfb\xc9\xdd\x46\x40\xe1\x9d\x3c\x33\xd0\xb5\x02\x03\x01\x00\x01\xa3\x77\x30\x75\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x46\x30\x15\x06\x03\x55\x1d\x20\x04\x0e\x30\x0c\x30\x0a\x06\x08\x2a\x81\x7a\x01\x79\x01\x01\x01\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa3\x05\x2f\x18\x60\x50\xc2\x89\x0a\xdd\x2b\x21\x4f\xff\x8e\x4e\xa8\x30\x31\x36\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xa3\x05\x2f\x18\x60\x50\xc2\x89\x0a\xdd\x2b\x21\x4f\xff\x8e\x4e\xa8\x30\x31\x36\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x05\xdc\x26\xd8\xfa\x77\x15\x44\x68\xfc\x2f\x66\x3a\x74\xe0\x5d\xe4\x29\xff\x06\x07\x13\x84\x4a\xab\xcf\x6d\xa0\x1f\x51\x94\xf8\x49\xcb\x74\x36\x14\xbc\x15\xdd\xdb\x89\x2f\xdd\x8f\xa0\x5d\x7c\xf5\x12\xeb\x9f\x9e\x38\xa4\x47\xcc\xb3\x96\xd9\xbe\x9c\x25\xab\x03\x7e\x33\x0f\x95\x81\x0d\xfd\x16\xe0\x88\xbe\x37\xf0\x6c\x5d\xd0\x31\x9b\x32\x2b\x5d\x17\x65\x93\x98\x60\xbc\x6e\x8f\xb1\xa8\x3c\x1e\xd9\x1c\xf3\xa9\x26\x42\xf9\x64\x1d\xc2\xe7\x92\xf6\xf4\x1e\x5a\xaa\x19\x52\x5d\xaf\xe8\xa2\xf7\x60\xa0\xf6\x8d\xf0\x89\xf5\x6e\xe0\x0a\x05\x01\x95\xc9\x8b\x20\x0a\xba\x5a\xfc\x9a\x2c\x3c\xbd\xc3\xb7\xc9\x5d\x78\x25\x05\x3f\x56\x14\x9b\x0c\xda\xfb\x3a\x48\xfe\x97\x69\x5e\xca\x10\x86\xf7\x4e\x96\x04\x08\x4d\xec\xb0\xbe\x5d\xdc\x3b\x8e\x4f\xc1\xfd\x9a\x36\x34\x9a\x4c\x54\x7e\x17\x03\x48\x95\x08\x11\x1c\x07\x6f\x85\x08\x7e\x5d\x4d\xc4\x9d\xdb\xfb\xae\xce\xb2\xd1\xb3\xb8\x83\x6c\x1d\xb2\xb3\x79\xf1\xd8\x70\x99\x7e\xf0\x13\x02\xce\x5e\xdd\x51\xd3\xdf\x36\x81\xa1\x1b\x78\x2f\x71\xb3\xf1\x59\x4c\x46\x18\x28\xab\x85\xd2\x60\x56\x5a", + ["Security Communication EV RootCA1"] = "\x30\x82\x03\x7d\x30\x82\x02\x65\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x60\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x25\x30\x23\x06\x03\x55\x04\x0a\x13\x1c\x53\x45\x43\x4f\x4d\x20\x54\x72\x75\x73\x74\x20\x53\x79\x73\x74\x65\x6d\x73\x20\x43\x4f\x2e\x2c\x4c\x54\x44\x2e\x31\x2a\x30\x28\x06\x03\x55\x04\x0b\x13\x21\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6f\x6d\x6d\x75\x6e\x69\x63\x61\x74\x69\x6f\x6e\x20\x45\x56\x20\x52\x6f\x6f\x74\x43\x41\x31\x30\x1e\x17\x0d\x30\x37\x30\x36\x30\x36\x30\x32\x31\x32\x33\x32\x5a\x17\x0d\x33\x37\x30\x36\x30\x36\x30\x32\x31\x32\x33\x32\x5a\x30\x60\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x25\x30\x23\x06\x03\x55\x04\x0a\x13\x1c\x53\x45\x43\x4f\x4d\x20\x54\x72\x75\x73\x74\x20\x53\x79\x73\x74\x65\x6d\x73\x20\x43\x4f\x2e\x2c\x4c\x54\x44\x2e\x31\x2a\x30\x28\x06\x03\x55\x04\x0b\x13\x21\x53\x65\x63\x75\x72\x69\x74\x79\x20\x43\x6f\x6d\x6d\x75\x6e\x69\x63\x61\x74\x69\x6f\x6e\x20\x45\x56\x20\x52\x6f\x6f\x74\x43\x41\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbc\x7f\xec\x57\x9b\x24\xe0\xfe\x9c\xba\x42\x79\xa9\x88\x8a\xfa\x80\xe0\xf5\x07\x29\x43\xea\x8e\x0a\x34\x36\x8d\x1c\xfa\xa7\xb5\x39\x78\xff\x97\x75\xf7\x2f\xe4\xaa\x6b\x04\x84\x44\xca\xa6\xe2\x68\x8e\xfd\x55\x50\x62\x0f\xa4\x71\x0e\xce\x07\x38\x2d\x42\x85\x50\xad\x3c\x96\x6f\x8b\xd5\xa2\x0e\xcf\xde\x49\x89\x3d\xd6\x64\x2e\x38\xe5\x1e\x6c\xb5\x57\x8a\x9e\xef\x48\x0e\xcd\x7a\x69\x16\x87\x44\xb5\x90\xe4\x06\x9d\xae\xa1\x04\x97\x58\x79\xef\x20\x4a\x82\x6b\x8c\x22\xbf\xec\x1f\x0f\xe9\x84\x71\xed\xf1\x0e\xe4\xb8\x18\x13\xcc\x56\x36\x5d\xd1\x9a\x1e\x51\x6b\x39\x6e\x60\x76\x88\x34\x0b\xf3\xb3\xd1\xb0\x9d\xca\x61\xe2\x64\x1d\xc1\x46\x07\xb8\x63\xdd\x1e\x33\x65\xb3\x8e\x09\x55\x52\x3d\xb5\xbd\xff\x07\xeb\xad\x61\x55\x18\x2c\xa9\x69\x98\x4a\xaa\x40\xc5\x33\x14\x65\x74\x00\xf9\x91\xde\xaf\x03\x48\xc5\x40\x54\xdc\x0f\x84\x90\x68\x20\xc5\x92\x96\xdc\x2e\xe5\x02\x45\xaa\xc0\x5f\x54\xf8\x6d\xea\x49\xcf\x5d\x6c\x4b\xaf\xef\x9a\xc2\x56\x5c\xc6\x35\x56\x42\x6a\x30\x5f\xc2\xab\xf6\xe2\x3d\x3f\xb3\xc9\x11\x8f\x31\x4c\xd7\x9f\x49\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x35\x4a\xf5\x4d\xaf\x3f\xd7\x82\x38\xac\xab\x71\x65\x17\x75\x8c\x9d\x55\x93\xe6\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xa8\x87\xe9\xec\xf8\x40\x67\x5d\xc3\xc1\x66\xc7\x40\x4b\x97\xfc\x87\x13\x90\x5a\xc4\xef\xa0\xca\x5f\x8b\xb7\xa7\xb7\xf1\xd6\xb5\x64\xb7\x8a\xb3\xb8\x1b\xcc\xda\xfb\xac\x66\x88\x41\xce\xe8\xfc\xe4\xdb\x1e\x88\xa6\xed\x27\x50\x1b\x02\x30\x24\x46\x79\xfe\x04\x87\x70\x97\x40\x73\xd1\xc0\xc1\x57\x19\x9a\x69\xa5\x27\x99\xab\x9d\x62\x84\xf6\x51\xc1\x2c\xc9\x23\x15\xd8\x28\xb7\xab\x25\x13\xb5\x46\xe1\x86\x02\xff\x26\x8c\xc4\x88\x92\x1d\x56\xfe\x19\x67\xf2\x55\xe4\x80\xa3\x6b\x9c\xab\x77\xe1\x51\x71\x0d\x20\xdb\x10\x9a\xdb\xbd\x76\x79\x07\x77\x99\x28\xad\x9a\x5e\xda\xb1\x4f\x44\x2c\x35\x8e\xa5\x96\xc7\xfd\x83\xf0\x58\xc6\x79\xd6\x98\x7c\xa8\x8d\xfe\x86\x3e\x07\x16\x92\xe1\x7b\xe7\x1d\xec\x33\x76\x7e\x42\x2e\x4a\x85\xf9\x91\x89\x68\x84\x03\x81\xa5\x9b\x9a\xbe\xe3\x37\xc5\x54\xab\x56\x3b\x18\x2d\x41\xa4\x0c\xf8\x42\xdb\x99\xa0\xe0\x72\x6f\xbb\x5d\xe1\x16\x4f\x53\x0a\x64\xf9\x4e\xf4\xbf\x4e\x54\xbd\x78\x6c\x88\xea\xbf\x9c\x13\x24\xc2\x70\x69\xa2\x7f\x0f\xc8\x3c\xad\x08\xc9\xb0\x98\x40\xa3\x2a\xe7\x88\x83\xed\x77\x8f\x74", + ["OISTE WISeKey Global Root GA CA"] = "\x30\x82\x03\xf1\x30\x82\x02\xd9\xa0\x03\x02\x01\x02\x02\x10\x41\x3d\x72\xc7\xf4\x6b\x1f\x81\x43\x7d\xf1\xd2\x28\x54\xdf\x9a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x8a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x57\x49\x53\x65\x4b\x65\x79\x31\x1b\x30\x19\x06\x03\x55\x04\x0b\x13\x12\x43\x6f\x70\x79\x72\x69\x67\x68\x74\x20\x28\x63\x29\x20\x32\x30\x30\x35\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x4f\x49\x53\x54\x45\x20\x46\x6f\x75\x6e\x64\x61\x74\x69\x6f\x6e\x20\x45\x6e\x64\x6f\x72\x73\x65\x64\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1f\x4f\x49\x53\x54\x45\x20\x57\x49\x53\x65\x4b\x65\x79\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x20\x47\x41\x20\x43\x41\x30\x1e\x17\x0d\x30\x35\x31\x32\x31\x31\x31\x36\x30\x33\x34\x34\x5a\x17\x0d\x33\x37\x31\x32\x31\x31\x31\x36\x30\x39\x35\x31\x5a\x30\x81\x8a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x57\x49\x53\x65\x4b\x65\x79\x31\x1b\x30\x19\x06\x03\x55\x04\x0b\x13\x12\x43\x6f\x70\x79\x72\x69\x67\x68\x74\x20\x28\x63\x29\x20\x32\x30\x30\x35\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x4f\x49\x53\x54\x45\x20\x46\x6f\x75\x6e\x64\x61\x74\x69\x6f\x6e\x20\x45\x6e\x64\x6f\x72\x73\x65\x64\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1f\x4f\x49\x53\x54\x45\x20\x57\x49\x53\x65\x4b\x65\x79\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x20\x47\x41\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xcb\x4f\xb3\x00\x9b\x3d\x36\xdd\xf9\xd1\x49\x6a\x6b\x10\x49\x1f\xec\xd8\x2b\xb2\xc6\xf8\x32\x81\x29\x43\x95\x4c\x9a\x19\x23\x21\x15\x45\xde\xe3\xc8\x1c\x51\x55\x5b\xae\x93\xe8\x37\xff\x2b\x6b\xe9\xd4\xea\xbe\x2a\xdd\xa8\x51\x2b\xd7\x66\xc3\x61\x5c\x60\x02\xc8\xf5\xce\x72\x7b\x3b\xb8\xf2\x4e\x65\x08\x9a\xcd\xa4\x6a\x19\xc1\x01\xbb\x73\xa6\xd7\xf6\xc3\xdd\xcd\xbc\xa4\x8b\xb5\x99\x61\xb8\x01\xa2\xa3\xd4\x4d\xd4\x05\x3d\x91\xad\xf8\xb4\x08\x71\x64\xaf\x70\xf1\x1c\x6b\x7e\xf6\xc3\x77\x9d\x24\x73\x7b\xe4\x0c\x8c\xe1\xd9\x36\xe1\x99\x8b\x05\x99\x0b\xed\x45\x31\x09\xca\xc2\x00\xdb\xf7\x72\xa0\x96\xaa\x95\x87\xd0\x8e\xc7\xb6\x61\x73\x0d\x76\x66\x8c\xdc\x1b\xb4\x63\xa2\x9f\x7f\x93\x13\x30\xf1\xa1\x27\xdb\xd9\xff\x2c\x55\x88\x91\xa0\xe0\x4f\x07\xb0\x28\x56\x8c\x18\x1b\x97\x44\x8e\x89\xdd\xe0\x17\x6e\xe7\x2a\xef\x8f\x39\x0a\x31\x84\x82\xd8\x40\x14\x49\x2e\x7a\x41\xe4\xa7\xfe\xe3\x64\xcc\xc1\x59\x71\x4b\x2c\x21\xa7\x5b\x7d\xe0\x1d\xd1\x2e\x81\x9b\xc3\xd8\x68\xf7\xbd\x96\x1b\xac\x70\xb1\x16\x14\x0b\xdb\x60\xb9\x26\x01\x05\x02\x03\x01\x00\x01\xa3\x51\x30\x4f\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\x86\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xb3\x03\x7e\xae\x36\xbc\xb0\x79\xd1\xdc\x94\x26\xb6\x11\xbe\x21\xb2\x69\x86\x94\x30\x10\x06\x09\x2b\x06\x01\x04\x01\x82\x37\x15\x01\x04\x03\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4b\xa1\xff\x0b\x87\x6e\xb3\xf9\xc1\x43\xb1\x48\xf3\x28\xc0\x1d\x2e\xc9\x09\x41\xfa\x94\x00\x1c\xa4\xa4\xab\x49\x4f\x8f\x3d\x1e\xef\x4d\x6f\xbd\xbc\xa4\xf6\xf2\x26\x30\xc9\x10\xca\x1d\x88\xfb\x74\x19\x1f\x85\x45\xbd\xb0\x6c\x51\xf9\x36\x7e\xdb\xf5\x4c\x32\x3a\x41\x4f\x5b\x47\xcf\xe8\x0b\x2d\xb6\xc4\x19\x9d\x74\xc5\x47\xc6\x3b\x6a\x0f\xac\x14\xdb\x3c\xf4\x73\x9c\xa9\x05\xdf\x00\xdc\x74\x78\xfa\xf8\x35\x60\x59\x02\x13\x18\x7c\xbc\xfb\x4d\xb0\x20\x6d\x43\xbb\x60\x30\x7a\x67\x33\x5c\xc5\x99\xd1\xf8\x2d\x39\x52\x73\xfb\x8c\xaa\x97\x25\x5c\x72\xd9\x08\x1e\xab\x4e\x3c\xe3\x81\x31\x9f\x03\xa6\xfb\xc0\xfe\x29\x88\x55\xda\x84\xd5\x50\x03\xb6\xe2\x84\xa3\xa6\x36\xaa\x11\x3a\x01\xe1\x18\x4b\xd6\x44\x68\xb3\x3d\xf9\x53\x74\x84\xb3\x46\x91\x46\x96\x00\xb7\x80\x2c\xb6\xe1\xe3\x10\xe2\xdb\xa2\xe7\x28\x8f\x01\x96\x62\x16\x3e\x00\xe3\x1c\xa5\x36\x81\x18\xa2\x4c\x52\x76\xc0\x11\xa3\x6e\xe6\x1d\xba\xe3\x5a\xbe\x36\x53\xc5\x3e\x75\x8f\x86\x69\x29\x58\x53\xb5\x9c\xbb\x6f\x9f\x5c\xc5\x18\xec\xdd\x2f\xe1\x98\xc9\xfc\xbe\xdf\x0a\x0d", + ["Microsec e-Szigno Root CA"] = "\x30\x82\x07\xa8\x30\x82\x06\x90\xa0\x03\x02\x01\x02\x02\x11\x00\xcc\xb8\xe7\xbf\x4e\x29\x1a\xfd\xa2\xdc\x66\xa5\x1c\x2c\x0f\x11\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x72\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x4c\x74\x64\x2e\x31\x14\x30\x12\x06\x03\x55\x04\x0b\x13\x0b\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x43\x41\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x1e\x17\x0d\x30\x35\x30\x34\x30\x36\x31\x32\x32\x38\x34\x34\x5a\x17\x0d\x31\x37\x30\x34\x30\x36\x31\x32\x32\x38\x34\x34\x5a\x30\x72\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x4c\x74\x64\x2e\x31\x14\x30\x12\x06\x03\x55\x04\x0b\x13\x0b\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x43\x41\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x52\x6f\x6f\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xed\xc8\x00\xd5\x81\x7b\xcd\x38\x00\x47\xcc\xdb\x84\xc1\x21\x69\x2c\x74\x90\x0c\x21\xd9\x53\x87\xed\x3e\x43\x44\x53\xaf\xab\xf8\x80\x9b\x3c\x78\x8d\xd4\x8d\xae\xb8\xef\xd3\x11\xdc\x81\xe6\xcf\x3b\x96\x8c\xd6\x6f\x15\xc6\x77\x7e\xa1\x2f\xe0\x5f\x92\xb6\x27\xd7\x76\x9a\x1d\x43\x3c\xea\xd9\xec\x2f\xee\x39\xf3\x6a\x67\x4b\x8b\x82\xcf\x22\xf8\x65\x55\xfe\x2c\xcb\x2f\x7d\x48\x7a\x3d\x75\xf9\xaa\xa0\x27\xbb\x78\xc2\x06\xca\x51\xc2\x7e\x66\x4b\xaf\xcd\xa2\xa7\x4d\x02\x82\x3f\x82\xac\x85\xc6\xe1\x0f\x90\x47\x99\x94\x0a\x71\x72\x93\x2a\xc9\xa6\xc0\xbe\x3c\x56\x4c\x73\x92\x27\xf1\x6b\xb5\xf5\xfd\xfc\x30\x05\x60\x92\xc6\xeb\x96\x7e\x01\x91\xc2\x69\xb1\x1e\x1d\x7b\x53\x45\xb8\xdc\x41\x1f\xc9\x8b\x71\xd6\x54\x14\xe3\x8b\x54\x78\x3f\xbe\xf4\x62\x3b\x5b\xf5\xa3\xec\xd5\x92\x74\xe2\x74\x30\xef\x01\xdb\xe1\xd4\xab\x99\x9b\x2a\x6b\xf8\xbd\xa6\x1c\x86\x23\x42\x5f\xec\x49\xde\x9a\x8b\x5b\xf4\x72\x3a\x40\xc5\x49\x3e\xa5\xbe\x8e\xaa\x71\xeb\x6c\xfa\xf5\x1a\xe4\x6a\xfd\x7b\x7d\x55\x40\xef\x58\x6e\xe6\xd9\xd5\xbc\x24\xab\xc1\xef\xb7\x02\x03\x01\x00\x01\xa3\x82\x04\x37\x30\x82\x04\x33\x30\x67\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x01\x04\x5b\x30\x59\x30\x28\x06\x08\x2b\x06\x01\x05\x05\x07\x30\x01\x86\x1c\x68\x74\x74\x70\x73\x3a\x2f\x2f\x72\x63\x61\x2e\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x2f\x6f\x63\x73\x70\x30\x2d\x06\x08\x2b\x06\x01\x05\x05\x07\x30\x02\x86\x21\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x2f\x52\x6f\x6f\x74\x43\x41\x2e\x63\x72\x74\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x82\x01\x73\x06\x03\x55\x1d\x20\x04\x82\x01\x6a\x30\x82\x01\x66\x30\x82\x01\x62\x06\x0c\x2b\x06\x01\x04\x01\x81\xa8\x18\x02\x01\x01\x01\x30\x82\x01\x50\x30\x28\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x1c\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x2f\x53\x5a\x53\x5a\x2f\x30\x82\x01\x22\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x82\x01\x14\x1e\x82\x01\x10\x00\x41\x00\x20\x00\x74\x00\x61\x00\x6e\x00\xfa\x00\x73\x00\xed\x00\x74\x00\x76\x00\xe1\x00\x6e\x00\x79\x00\x20\x00\xe9\x00\x72\x00\x74\x00\x65\x00\x6c\x00\x6d\x00\x65\x00\x7a\x00\xe9\x00\x73\x00\xe9\x00\x68\x00\x65\x00\x7a\x00\x20\x00\xe9\x00\x73\x00\x20\x00\x65\x00\x6c\x00\x66\x00\x6f\x00\x67\x00\x61\x00\x64\x00\xe1\x00\x73\x00\xe1\x00\x68\x00\x6f\x00\x7a\x00\x20\x00\x61\x00\x20\x00\x53\x00\x7a\x00\x6f\x00\x6c\x00\x67\x00\xe1\x00\x6c\x00\x74\x00\x61\x00\x74\x00\xf3\x00\x20\x00\x53\x00\x7a\x00\x6f\x00\x6c\x00\x67\x00\xe1\x00\x6c\x00\x74\x00\x61\x00\x74\x00\xe1\x00\x73\x00\x69\x00\x20\x00\x53\x00\x7a\x00\x61\x00\x62\x00\xe1\x00\x6c\x00\x79\x00\x7a\x00\x61\x00\x74\x00\x61\x00\x20\x00\x73\x00\x7a\x00\x65\x00\x72\x00\x69\x00\x6e\x00\x74\x00\x20\x00\x6b\x00\x65\x00\x6c\x00\x6c\x00\x20\x00\x65\x00\x6c\x00\x6a\x00\xe1\x00\x72\x00\x6e\x00\x69\x00\x3a\x00\x20\x00\x68\x00\x74\x00\x74\x00\x70\x00\x3a\x00\x2f\x00\x2f\x00\x77\x00\x77\x00\x77\x00\x2e\x00\x65\x00\x2d\x00\x73\x00\x7a\x00\x69\x00\x67\x00\x6e\x00\x6f\x00\x2e\x00\x68\x00\x75\x00\x2f\x00\x53\x00\x5a\x00\x53\x00\x5a\x00\x2f\x30\x81\xc8\x06\x03\x55\x1d\x1f\x04\x81\xc0\x30\x81\xbd\x30\x81\xba\xa0\x81\xb7\xa0\x81\xb4\x86\x21\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x2f\x52\x6f\x6f\x74\x43\x41\x2e\x63\x72\x6c\x86\x81\x8e\x6c\x64\x61\x70\x3a\x2f\x2f\x6c\x64\x61\x70\x2e\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x2f\x43\x4e\x3d\x4d\x69\x63\x72\x6f\x73\x65\x63\x25\x32\x30\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x25\x32\x30\x52\x6f\x6f\x74\x25\x32\x30\x43\x41\x2c\x4f\x55\x3d\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x25\x32\x30\x43\x41\x2c\x4f\x3d\x4d\x69\x63\x72\x6f\x73\x65\x63\x25\x32\x30\x4c\x74\x64\x2e\x2c\x4c\x3d\x42\x75\x64\x61\x70\x65\x73\x74\x2c\x43\x3d\x48\x55\x3f\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x52\x65\x76\x6f\x63\x61\x74\x69\x6f\x6e\x4c\x69\x73\x74\x3b\x62\x69\x6e\x61\x72\x79\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x81\x96\x06\x03\x55\x1d\x11\x04\x81\x8e\x30\x81\x8b\x81\x10\x69\x6e\x66\x6f\x40\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\xa4\x77\x30\x75\x31\x23\x30\x21\x06\x03\x55\x04\x03\x0c\x1a\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x65\x2d\x53\x7a\x69\x67\x6e\xc3\xb3\x20\x52\x6f\x6f\x74\x20\x43\x41\x31\x16\x30\x14\x06\x03\x55\x04\x0b\x0c\x0d\x65\x2d\x53\x7a\x69\x67\x6e\xc3\xb3\x20\x48\x53\x5a\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x4b\x66\x74\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x30\x81\xac\x06\x03\x55\x1d\x23\x04\x81\xa4\x30\x81\xa1\x80\x14\xc7\xa0\x49\x75\x16\x61\x84\xdb\x31\x4b\x84\xd2\xf1\x37\x40\x90\xef\x4e\xdc\xf7\xa1\x76\xa4\x74\x30\x72\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x13\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x4c\x74\x64\x2e\x31\x14\x30\x12\x06\x03\x55\x04\x0b\x13\x0b\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x43\x41\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x52\x6f\x6f\x74\x20\x43\x41\x82\x11\x00\xcc\xb8\xe7\xbf\x4e\x29\x1a\xfd\xa2\xdc\x66\xa5\x1c\x2c\x0f\x11\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc7\xa0\x49\x75\x16\x61\x84\xdb\x31\x4b\x84\xd2\xf1\x37\x40\x90\xef\x4e\xdc\xf7\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xd3\x13\x9c\x66\x63\x59\x2e\xca\x5c\x70\x0c\xfc\x83\xbc\x55\xb1\xf4\x8e\x07\x6c\x66\x27\xce\xc1\x3b\x20\xa9\x1c\xbb\x46\x54\x70\xee\x5a\xcc\xa0\x77\xea\x68\x44\x27\xeb\xf2\x29\xdd\x77\xa9\xd5\xfb\xe3\xd4\xa7\x04\xc4\x95\xb8\x0b\xe1\x44\x68\x60\x07\x43\x30\x31\x42\x61\xe5\xee\xd9\xe5\x24\xd5\x1b\xdf\xe1\x4a\x1b\xaa\x9f\xc7\x5f\xf8\x7a\x11\xea\x13\x93\x00\xca\x8a\x58\xb1\xee\xed\x0e\x4d\xb4\xd7\xa8\x36\x26\x7c\xe0\x3a\xc1\xd5\x57\x82\xf1\x75\xb6\xfd\x89\x5f\xda\xf3\xa8\x38\x9f\x35\x06\x08\xce\x22\x95\xbe\xcd\xd5\xfc\xbe\x5b\xde\x79\x6b\xdc\x7a\xa9\x65\x66\xbe\xb1\x25\x5a\x5f\xed\x7e\xd3\xac\x46\x6d\x4c\xf4\x32\x87\xb4\x20\x04\xe0\x6c\x78\xb0\x77\xd1\x85\x46\x4b\xa6\x12\xb7\x75\xe8\x4a\xc9\x56\x6c\xd7\x92\xab\x9d\xf5\x49\x38\xd2\x4f\x53\xe3\x55\x90\x11\xdb\x98\x96\xc6\x49\xf2\x3e\xf4\x9f\x1b\xe0\xf7\x88\xdc\x25\x62\x99\x44\xd8\x73\xbf\x3f\x30\xf3\x0c\x37\x3e\xd4\xc2\x28\x80\x73\xb1\x01\xb7\x9d\x5a\x96\x14\x01\x4b\xa9\x11\x9d\x29\x6a\x2e\xd0\x5d\x81\xc0\xcf\xb2\x20\x43\xc7\x03\xe0\x37\x4e\x5d\x0a\xdc\x59\x20\x25", + ["Certigna"] = "\x30\x82\x03\xa8\x30\x82\x02\x90\xa0\x03\x02\x01\x02\x02\x09\x00\xfe\xdc\xe3\x01\x0f\xc9\x48\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x34\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x44\x68\x69\x6d\x79\x6f\x74\x69\x73\x31\x11\x30\x0f\x06\x03\x55\x04\x03\x0c\x08\x43\x65\x72\x74\x69\x67\x6e\x61\x30\x1e\x17\x0d\x30\x37\x30\x36\x32\x39\x31\x35\x31\x33\x30\x35\x5a\x17\x0d\x32\x37\x30\x36\x32\x39\x31\x35\x31\x33\x30\x35\x5a\x30\x34\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x44\x68\x69\x6d\x79\x6f\x74\x69\x73\x31\x11\x30\x0f\x06\x03\x55\x04\x03\x0c\x08\x43\x65\x72\x74\x69\x67\x6e\x61\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc8\x68\xf1\xc9\xd6\xd6\xb3\x34\x75\x26\x82\x1e\xec\xb4\xbe\xea\x5c\xe1\x26\xed\x11\x47\x61\xe1\xa2\x7c\x16\x78\x40\x21\xe4\x60\x9e\x5a\xc8\x63\xe1\xc4\xb1\x96\x92\xff\x18\x6d\x69\x23\xe1\x2b\x62\xf7\xdd\xe2\x36\x2f\x91\x07\xb9\x48\xcf\x0e\xec\x79\xb6\x2c\xe7\x34\x4b\x70\x08\x25\xa3\x3c\x87\x1b\x19\xf2\x81\x07\x0f\x38\x90\x19\xd3\x11\xfe\x86\xb4\xf2\xd1\x5e\x1e\x1e\x96\xcd\x80\x6c\xce\x3b\x31\x93\xb6\xf2\xa0\xd0\xa9\x95\x12\x7d\xa5\x9a\xcc\x6b\xc8\x84\x56\x8a\x33\xa9\xe7\x22\x15\x53\x16\xf0\xcc\x17\xec\x57\x5f\xe9\xa2\x0a\x98\x09\xde\xe3\x5f\x9c\x6f\xdc\x48\xe3\x85\x0b\x15\x5a\xa6\xba\x9f\xac\x48\xe3\x09\xb2\xf7\xf4\x32\xde\x5e\x34\xbe\x1c\x78\x5d\x42\x5b\xce\x0e\x22\x8f\x4d\x90\xd7\x7d\x32\x18\xb3\x0b\x2c\x6a\xbf\x8e\x3f\x14\x11\x89\x20\x0e\x77\x14\xb5\x3d\x94\x08\x87\xf7\x25\x1e\xd5\xb2\x60\x00\xec\x6f\x2a\x28\x25\x6e\x2a\x3e\x18\x63\x17\x25\x3f\x3e\x44\x20\x16\xf6\x26\xc8\x25\xae\x05\x4a\xb4\xe7\x63\x2c\xf3\x8c\x16\x53\x7e\x5c\xfb\x11\x1a\x08\xc1\x46\x62\x9f\x22\xb8\xf1\xc2\x8d\x69\xdc\xfa\x3a\x58\x06\xdf\x02\x03\x01\x00\x01\xa3\x81\xbc\x30\x81\xb9\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x1a\xed\xfe\x41\x39\x90\xb4\x24\x59\xbe\x01\xf2\x52\xd5\x45\xf6\x5a\x39\xdc\x11\x30\x64\x06\x03\x55\x1d\x23\x04\x5d\x30\x5b\x80\x14\x1a\xed\xfe\x41\x39\x90\xb4\x24\x59\xbe\x01\xf2\x52\xd5\x45\xf6\x5a\x39\xdc\x11\xa1\x38\xa4\x36\x30\x34\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x46\x52\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x44\x68\x69\x6d\x79\x6f\x74\x69\x73\x31\x11\x30\x0f\x06\x03\x55\x04\x03\x0c\x08\x43\x65\x72\x74\x69\x67\x6e\x61\x82\x09\x00\xfe\xdc\xe3\x01\x0f\xc9\x48\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x85\x03\x1e\x92\x71\xf6\x42\xaf\xe1\xa3\x61\x9e\xeb\xf3\xc0\x0f\xf2\xa5\xd4\xda\x95\xe6\xd6\xbe\x68\x36\x3d\x7e\x6e\x1f\x4c\x8a\xef\xd1\x0f\x21\x6d\x5e\xa5\x52\x63\xce\x12\xf8\xef\x2a\xda\x6f\xeb\x37\xfe\x13\x02\xc7\xcb\x3b\x3e\x22\x6b\xda\x61\x2e\x7f\xd4\x72\x3d\xdd\x30\xe1\x1e\x4c\x40\x19\x8c\x0f\xd7\x9c\xd1\x83\x30\x7b\x98\x59\xdc\x7d\xc6\xb9\x0c\x29\x4c\xa1\x33\xa2\xeb\x67\x3a\x65\x84\xd3\x96\xe2\xed\x76\x45\x70\x8f\xb5\x2b\xde\xf9\x23\xd6\x49\x6e\x3c\x14\xb5\xc6\x9f\x35\x1e\x50\xd0\xc1\x8f\x6a\x70\x44\x02\x62\xcb\xae\x1d\x68\x41\xa7\xaa\x57\xe8\x53\xaa\x07\xd2\x06\xf6\xd5\x14\x06\x0b\x91\x03\x75\x2c\x6c\x72\xb5\x61\x95\x9a\x0d\x8b\xb9\x0d\xe7\xf5\xdf\x54\xcd\xde\xe6\xd8\xd6\x09\x08\x97\x63\xe5\xc1\x2e\xb0\xb7\x44\x26\xc0\x26\xc0\xaf\x55\x30\x9e\x3b\xd5\x36\x2a\x19\x04\xf4\x5c\x1e\xff\xcf\x2c\xb7\xff\xd0\xfd\x87\x40\x11\xd5\x11\x23\xbb\x48\xc0\x21\xa9\xa4\x28\x2d\xfd\x15\xf8\xb0\x4e\x2b\xf4\x30\x5b\x21\xfc\x11\x91\x34\xbe\x41\xef\x7b\x9d\x97\x75\xff\x97\x95\xc0\x96\x58\x2f\xea\xbb\x46\xd7\xbb\xe4\xd9\x2e", + ["AC Ra\xC3\xADz Certic\xC3\xA1mara S.A."] = "\x30\x82\x06\x66\x30\x82\x04\x4e\xa0\x03\x02\x01\x02\x02\x0f\x07\x7e\x52\x93\x7b\xe0\x15\xe3\x57\xf0\x69\x8c\xcb\xec\x0c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4f\x31\x47\x30\x45\x06\x03\x55\x04\x0a\x0c\x3e\x53\x6f\x63\x69\x65\x64\x61\x64\x20\x43\x61\x6d\x65\x72\x61\x6c\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\xc3\xb3\x6e\x20\x44\x69\x67\x69\x74\x61\x6c\x20\x2d\x20\x43\x65\x72\x74\x69\x63\xc3\xa1\x6d\x61\x72\x61\x20\x53\x2e\x41\x2e\x31\x23\x30\x21\x06\x03\x55\x04\x03\x0c\x1a\x41\x43\x20\x52\x61\xc3\xad\x7a\x20\x43\x65\x72\x74\x69\x63\xc3\xa1\x6d\x61\x72\x61\x20\x53\x2e\x41\x2e\x30\x1e\x17\x0d\x30\x36\x31\x31\x32\x37\x32\x30\x34\x36\x32\x39\x5a\x17\x0d\x33\x30\x30\x34\x30\x32\x32\x31\x34\x32\x30\x32\x5a\x30\x7b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4f\x31\x47\x30\x45\x06\x03\x55\x04\x0a\x0c\x3e\x53\x6f\x63\x69\x65\x64\x61\x64\x20\x43\x61\x6d\x65\x72\x61\x6c\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\xc3\xb3\x6e\x20\x44\x69\x67\x69\x74\x61\x6c\x20\x2d\x20\x43\x65\x72\x74\x69\x63\xc3\xa1\x6d\x61\x72\x61\x20\x53\x2e\x41\x2e\x31\x23\x30\x21\x06\x03\x55\x04\x03\x0c\x1a\x41\x43\x20\x52\x61\xc3\xad\x7a\x20\x43\x65\x72\x74\x69\x63\xc3\xa1\x6d\x61\x72\x61\x20\x53\x2e\x41\x2e\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xab\x6b\x89\xa3\x53\xcc\x48\x23\x08\xfb\xc3\xcf\x51\x96\x08\x2e\xb8\x08\x7a\x6d\x3c\x90\x17\x86\xa9\xe9\xed\x2e\x13\x34\x47\xb2\xd0\x70\xdc\xc9\x3c\xd0\x8d\xca\xee\x4b\x17\xab\xd0\x85\xb0\xa7\x23\x04\xcb\xa8\xa2\xfc\xe5\x75\xdb\x40\xca\x62\x89\x8f\x50\x9e\x01\x3d\x26\x5b\x18\x84\x1c\xcb\x7c\x37\xb7\x7d\xec\xd3\x7f\x73\x19\xb0\x6a\xb2\xd8\x88\x8a\x2d\x45\x74\xa8\xf7\xb3\xb8\xc0\xd4\xda\xcd\x22\x89\x74\x4d\x5a\x15\x39\x73\x18\x74\x4f\xb5\xeb\x99\xa7\xc1\x1e\x88\xb4\xc2\x93\x90\x63\x97\xf3\xa7\xa7\x12\xb2\x09\x22\x07\x33\xd9\x91\xcd\x0e\x9c\x1f\x0e\x20\xc7\xee\xbb\x33\x8d\x8f\xc2\xd2\x58\xa7\x5f\xfd\x65\x37\xe2\x88\xc2\xd8\x8f\x86\x75\x5e\xf9\x2d\xa7\x87\x33\xf2\x78\x37\x2f\x8b\xbc\x1d\x86\x37\x39\xb1\x94\xf2\xd8\xbc\x4a\x9c\x83\x18\x5a\x06\xfc\xf3\xd4\xd4\xba\x8c\x15\x09\x25\xf0\xf9\xb6\x8d\x04\x7e\x17\x12\x33\x6b\x57\x48\x4c\x4f\xdb\x26\x1e\xeb\xcc\x90\xe7\x8b\xf9\x68\x7c\x70\x0f\xa3\x2a\xd0\x3a\x38\xdf\x37\x97\xe2\x5b\xde\x80\x61\xd3\x80\xd8\x91\x83\x42\x5a\x4c\x04\x89\x68\x11\x3c\xac\x5f\x68\x80\x41\xcc\x60\x42\xce\x0d\x5a\x2a\x0c\x0f\x9b\x30\xc0\xa6\xf0\x86\xdb\xab\x49\xd7\x97\x6d\x48\x8b\xf9\x03\xc0\x52\x67\x9b\x12\xf7\xc2\xf2\x2e\x98\x65\x42\xd9\xd6\x9a\xe3\xd0\x19\x31\x0c\xad\x87\xd5\x57\x02\x7a\x30\xe8\x86\x26\xfb\x8f\x23\x8a\x54\x87\xe4\xbf\x3c\xee\xeb\xc3\x75\x48\x5f\x1e\x39\x6f\x81\x62\x6c\xc5\x2d\xc4\x17\x54\x19\xb7\x37\x8d\x9c\x37\x91\xc8\xf6\x0b\xd5\xea\x63\x6f\x83\xac\x38\xc2\xf3\x3f\xde\x9a\xfb\xe1\x23\x61\xf0\xc8\x26\xcb\x36\xc8\xa1\xf3\x30\x8f\xa4\xa3\xa2\xa1\xdd\x53\xb3\xde\xf0\x9a\x32\x1f\x83\x91\x79\x30\xc1\xa9\x1f\x53\x9b\x53\xa2\x15\x53\x3f\xdd\x9d\xb3\x10\x3b\x48\x7d\x89\x0f\xfc\xed\x03\xf5\xfb\x25\x64\x75\x0e\x17\x19\x0d\x8f\x00\x16\x67\x79\x7a\x40\xfc\x2d\x59\x07\xd9\x90\xfa\x9a\xad\x3d\xdc\x80\x8a\xe6\x5c\x35\xa2\x67\x4c\x11\x6b\xb1\xf8\x80\x64\x00\x2d\x6f\x22\x61\xc5\xac\x4b\x26\xe5\x5a\x10\x82\x9b\xa4\x83\x7b\x34\xf7\x9e\x89\x91\x20\x97\x8e\xb7\x42\xc7\x66\xc3\xd0\xe9\xa4\xd6\xf5\x20\x8d\xc4\xc3\x95\xac\x44\x0a\x9d\x5b\x73\x3c\x26\x3d\x2f\x4a\xbe\xa7\xc9\xa7\x10\x1e\xfb\x9f\x50\x69\xf3\x02\x03\x01\x00\x01\xa3\x81\xe6\x30\x81\xe3\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xd1\x09\xd0\xe9\xd7\xce\x79\x74\x54\xf9\x3a\x30\xb3\xf4\x6d\x2c\x03\x03\x1b\x68\x30\x81\xa0\x06\x03\x55\x1d\x20\x04\x81\x98\x30\x81\x95\x30\x81\x92\x06\x04\x55\x1d\x20\x00\x30\x81\x89\x30\x2b\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x1f\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x63\x65\x72\x74\x69\x63\x61\x6d\x61\x72\x61\x2e\x63\x6f\x6d\x2f\x64\x70\x63\x2f\x30\x5a\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x4e\x1a\x4c\x4c\x69\x6d\x69\x74\x61\x63\x69\x6f\x6e\x65\x73\x20\x64\x65\x20\x67\x61\x72\x61\x6e\x74\xed\x61\x73\x20\x64\x65\x20\x65\x73\x74\x65\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x64\x6f\x20\x73\x65\x20\x70\x75\x65\x64\x65\x6e\x20\x65\x6e\x63\x6f\x6e\x74\x72\x61\x72\x20\x65\x6e\x20\x6c\x61\x20\x44\x50\x43\x2e\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x5c\x94\xb5\xb8\x45\x91\x4d\x8e\x61\x1f\x03\x28\x0f\x53\x7c\xe6\xa4\x59\xa9\xb3\x8a\x7a\xc5\xb0\xff\x08\x7c\x2c\xa3\x71\x1c\x21\x13\x67\xa1\x95\x12\x40\x35\x83\x83\x8f\x74\xdb\x33\x5c\xf0\x49\x76\x0a\x81\x52\xdd\x49\xd4\x9a\x32\x33\xef\x9b\xa7\xcb\x75\xe5\x7a\xcb\x97\x12\x90\x5c\xba\x7b\xc5\x9b\xdf\xbb\x39\x23\xc8\xff\x98\xce\x0a\x4d\x22\x01\x48\x07\x7e\x8a\xc0\xd5\x20\x42\x94\x44\xef\xbf\x77\xa2\x89\x67\x48\x1b\x40\x03\x05\xa1\x89\xec\xcf\x62\xe3\x3d\x25\x76\x66\xbf\x26\xb7\xbb\x22\xbe\x6f\xff\x39\x57\x74\xba\x7a\xc9\x01\x95\xc1\x95\x51\xe8\xab\x2c\xf8\xb1\x86\x20\xe9\x3f\xcb\x35\x5b\xd2\x17\xe9\x2a\xfe\x83\x13\x17\x40\xee\x88\x62\x65\x5b\xd5\x3b\x60\xe9\x7b\x3c\xb8\xc9\xd5\x7f\x36\x02\x25\xaa\x68\xc2\x31\x15\xb7\x30\x65\xeb\x7f\x1d\x48\x79\xb1\xcf\x39\xe2\x42\x80\x16\xd3\xf5\x93\x23\xfc\x4c\x97\xc9\x5a\x37\x6c\x7c\x22\xd8\x4a\xcd\xd2\x8e\x36\x83\x39\x91\x90\x10\xc8\xf1\xc9\x35\x7e\x3f\xb8\xd3\x81\xc6\x20\x64\x1a\xb6\x50\xc2\x21\xa4\x78\xdc\xd0\x2f\x3b\x64\x93\x74\xf0\x96\x90\xf1\xef\xfb\x09\x5a\x34\x40\x96\xf0\x36\x12\xc1\xa3\x74\x8c\x93\x7e\x41\xde\x77\x8b\xec\x86\xd9\xd2\x0f\x3f\x2d\xd1\xcc\x40\xa2\x89\x66\x48\x1e\x20\xb3\x9c\x23\x59\x73\xa9\x44\x73\xbc\x24\x79\x90\x56\x37\xb3\xc6\x29\x7e\xa3\x0f\xf1\x29\x39\xef\x7e\x5c\x28\x32\x70\x35\xac\xda\xb8\xc8\x75\x66\xfc\x9b\x4c\x39\x47\x8e\x1b\x6f\x9b\x4d\x02\x54\x22\x33\xef\x61\xba\x9e\x29\x84\xef\x4e\x4b\x33\x47\x76\x97\x6a\xcb\x7e\x5f\xfd\x15\xa6\x9e\x42\x43\x5b\x66\x5a\x8a\x88\x0d\xf7\x16\xb9\x3f\x51\x65\x2b\x66\x6a\x8b\xd1\x38\x52\xa2\xd6\x46\x11\xfa\xfc\x9a\x1c\x74\x9e\x8f\x97\x0b\x02\x4f\x64\xc6\xf5\x68\xd3\x4b\x2d\xff\xa4\x37\x1e\x8b\x3f\xbf\x44\xbe\x61\x46\xa1\x84\x3d\x08\x27\x4c\x81\x20\x77\x89\x08\xea\x67\x40\x5e\x6c\x08\x51\x5f\x34\x5a\x8c\x96\x68\xcd\xd7\xf7\x89\xc2\x1c\xd3\x32\x00\xaf\x52\xcb\xd3\x60\x5b\x2a\x3a\x47\x7e\x6b\x30\x33\xa1\x62\x29\x7f\x4a\xb9\xe1\x2d\xe7\x14\x23\x0e\x0e\x18\x47\xe1\x79\xfc\x15\x55\xd0\xb1\xfc\x25\x71\x63\x75\x33\x1c\x23\x2b\xaf\x5c\xd9\xed\x47\x77\x60\x0e\x3b\x0f\x1e\xd2\xc0\xdc\x64\x05\x89\xfc\x78\xd6\x5c\x2c\x26\x43\xa9", + ["TC TrustCenter Class 2 CA II"] = "\x30\x82\x04\xaa\x30\x82\x03\x92\xa0\x03\x02\x01\x02\x02\x0e\x2e\x6a\x00\x01\x00\x02\x1f\xd7\x52\x21\x2c\x11\x5c\x3b\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x76\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1c\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x20\x49\x49\x30\x1e\x17\x0d\x30\x36\x30\x31\x31\x32\x31\x34\x33\x38\x34\x33\x5a\x17\x0d\x32\x35\x31\x32\x33\x31\x32\x32\x35\x39\x35\x39\x5a\x30\x76\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1c\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x20\x49\x49\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xab\x80\x87\x9b\x8e\xf0\xc3\x7c\x87\xd7\xe8\x24\x82\x11\xb3\x3c\xdd\x43\x62\xee\xf8\xc3\x45\xda\xe8\xe1\xa0\x5f\xd1\x2a\xb2\xea\x93\x68\xdf\xb4\xc8\xd6\x43\xe9\xc4\x75\x59\x7f\xfc\xe1\x1d\xf8\x31\x70\x23\x1b\x88\x9e\x27\xb9\x7b\xfd\x3a\xd2\xc9\xa9\xe9\x14\x2f\x90\xbe\x03\x52\xc1\x49\xcd\xf6\xfd\xe4\x08\x66\x0b\x57\x8a\xa2\x42\xa0\xb8\xd5\x7f\x69\x5c\x90\x32\xb2\x97\x0d\xca\x4a\xdc\x46\x3e\x02\x55\x89\x53\xe3\x1a\x5a\xcb\x36\xc6\x07\x56\xf7\x8c\xcf\x11\xf4\x4c\xbb\x30\x70\x04\x95\xa5\xf6\x39\x8c\xfd\x73\x81\x08\x7d\x89\x5e\x32\x1e\x22\xa9\x22\x45\x4b\xb0\x66\x2e\x30\xcc\x9f\x65\xfd\xfc\xcb\x81\xa9\xf1\xe0\x3b\xaf\xa3\x86\xd1\x89\xea\xc4\x45\x79\x50\x5d\xae\xe9\x21\x74\x92\x4d\x8b\x59\x82\x8f\x94\xe3\xe9\x4a\xf1\xe7\x49\xb0\x14\xe3\xf5\x62\xcb\xd5\x72\xbd\x1f\xb9\xd2\x9f\xa0\xcd\xa8\xfa\x01\xc8\xd9\x0d\xdf\xda\xfc\x47\x9d\xb3\xc8\x54\xdf\x49\x4a\xf1\x21\xa9\xfe\x18\x4e\xee\x48\xd4\x19\xbb\xef\x7d\xe4\xe2\x9d\xcb\x5b\xb6\x6e\xff\xe3\xcd\x5a\xe7\x74\x82\x05\xba\x80\x25\x38\xcb\xe4\x69\x9e\xaf\x41\xaa\x1a\x84\xf5\x02\x03\x01\x00\x01\xa3\x82\x01\x34\x30\x82\x01\x30\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xe3\xab\x54\x4c\x80\xa1\xdb\x56\x43\xb7\x91\x4a\xcb\xf3\x82\x7a\x13\x5c\x08\xab\x30\x81\xed\x06\x03\x55\x1d\x1f\x04\x81\xe5\x30\x81\xe2\x30\x81\xdf\xa0\x81\xdc\xa0\x81\xd9\x86\x35\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x2f\x63\x72\x6c\x2f\x76\x32\x2f\x74\x63\x5f\x63\x6c\x61\x73\x73\x5f\x32\x5f\x63\x61\x5f\x49\x49\x2e\x63\x72\x6c\x86\x81\x9f\x6c\x64\x61\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x2f\x43\x4e\x3d\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x25\x32\x30\x43\x6c\x61\x73\x73\x25\x32\x30\x32\x25\x32\x30\x43\x41\x25\x32\x30\x49\x49\x2c\x4f\x3d\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x25\x32\x30\x47\x6d\x62\x48\x2c\x4f\x55\x3d\x72\x6f\x6f\x74\x63\x65\x72\x74\x73\x2c\x44\x43\x3d\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2c\x44\x43\x3d\x64\x65\x3f\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x52\x65\x76\x6f\x63\x61\x74\x69\x6f\x6e\x4c\x69\x73\x74\x3f\x62\x61\x73\x65\x3f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8c\xd7\xdf\x7e\xee\x1b\x80\x10\xb3\x83\xf5\xdb\x11\xea\x6b\x4b\xa8\x92\x18\xd9\xf7\x07\x39\xf5\x2c\xbe\x06\x75\x7a\x68\x53\x15\x1c\xea\x4a\xed\x5e\xfc\x23\xb2\x13\xa0\xd3\x09\xff\xf6\xf6\x2e\x6b\x41\x71\x79\xcd\xe2\x6d\xfd\xae\x59\x6b\x85\x1d\xb8\x4e\x22\x9a\xed\x66\x39\x6e\x4b\x94\xe6\x55\xfc\x0b\x1b\x8b\x77\xc1\x53\x13\x66\x89\xd9\x28\xd6\x8b\xf3\x45\x4a\x63\xb7\xfd\x7b\x0b\x61\x5d\xb8\x6d\xbe\xc3\xdc\x5b\x79\xd2\xed\x86\xe5\xa2\x4d\xbe\x5e\x74\x7c\x6a\xed\x16\x38\x1f\x7f\x58\x81\x5a\x1a\xeb\x32\x88\x2d\xb2\xf3\x39\x77\x80\xaf\x5e\xb6\x61\x75\x29\xdb\x23\x4d\x88\xca\x50\x28\xcb\x85\xd2\xd3\x10\xa2\x59\x6e\xd3\x93\x54\x00\x7a\xa2\x46\x95\x86\x05\x9c\xa9\x19\x98\xe5\x31\x72\x0c\x00\xe2\x67\xd9\x40\xe0\x24\x33\x7b\x6f\x2c\xb9\x5c\xab\x65\x9d\x2c\xac\x76\xea\x35\x99\xf5\x97\xb9\x0f\x24\xec\xc7\x76\x21\x28\x65\xae\x57\xe8\x07\x88\x75\x4a\x56\xa0\xd2\x05\x3a\xa4\xe6\x8d\x92\x88\x2c\xf3\xf2\xe1\xc1\xc6\x61\xdb\x41\xc5\xc7\x9b\xf7\x0e\x1a\x51\x45\xc2\x61\x6b\xdc\x64\x27\x17\x8c\x5a\xb7\xda\x74\x28\xcd\x97\xe4\xbd", + ["TC TrustCenter Class 3 CA II"] = "\x30\x82\x04\xaa\x30\x82\x03\x92\xa0\x03\x02\x01\x02\x02\x0e\x4a\x47\x00\x01\x00\x02\xe5\xa0\x5d\xd6\x3f\x00\x51\xbf\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x76\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1c\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x20\x49\x49\x30\x1e\x17\x0d\x30\x36\x30\x31\x31\x32\x31\x34\x34\x31\x35\x37\x5a\x17\x0d\x32\x35\x31\x32\x33\x31\x32\x32\x35\x39\x35\x39\x5a\x30\x76\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x13\x19\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x31\x25\x30\x23\x06\x03\x55\x04\x03\x13\x1c\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x20\x49\x49\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb4\xe0\xbb\x51\xbb\x39\x5c\x8b\x04\xc5\x4c\x79\x1c\x23\x86\x31\x10\x63\x43\x55\x27\x3f\xc6\x45\xc7\xa4\x3d\xec\x09\x0d\x1a\x1e\x20\xc2\x56\x1e\xde\x1b\x37\x07\x30\x22\x2f\x6f\xf1\x06\xf1\xab\xad\xd6\xc8\xab\x61\xa3\x2f\x43\xc4\xb0\xb2\x2d\xfc\xc3\x96\x69\x7b\x7e\x8a\xe4\xcc\xc0\x39\x12\x90\x42\x60\xc9\xcc\x35\x68\xee\xda\x5f\x90\x56\x5f\xcd\x1c\x4d\x5b\x58\x49\xeb\x0e\x01\x4f\x64\xfa\x2c\x3c\x89\x58\xd8\x2f\x2e\xe2\xb0\x68\xe9\x22\x3b\x75\x89\xd6\x44\x1a\x65\xf2\x1b\x97\x26\x1d\x28\x6d\xac\xe8\xbd\x59\x1d\x2b\x24\xf6\xd6\x84\x03\x66\x88\x24\x00\x78\x60\xf1\xf8\xab\xfe\x02\xb2\x6b\xfb\x22\xfb\x35\xe6\x16\xd1\xad\xf6\x2e\x12\xe4\xfa\x35\x6a\xe5\x19\xb9\x5d\xdb\x3b\x1e\x1a\xfb\xd3\xff\x15\x14\x08\xd8\x09\x6a\xba\x45\x9d\x14\x79\x60\x7d\xaf\x40\x8a\x07\x73\xb3\x93\x96\xd3\x74\x34\x8d\x3a\x37\x29\xde\x5c\xec\xf5\xee\x2e\x31\xc2\x20\xdc\xbe\xf1\x4f\x7f\x23\x52\xd9\x5b\xe2\x64\xd9\x9c\xaa\x07\x08\xb5\x45\xbd\xd1\xd0\x31\xc1\xab\x54\x9f\xa9\xd2\xc3\x62\x60\x03\xf1\xbb\x39\x4a\x92\x4a\x3d\x0a\xb9\x9d\xc5\xa0\xfe\x37\x02\x03\x01\x00\x01\xa3\x82\x01\x34\x30\x82\x01\x30\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xd4\xa2\xfc\x9f\xb3\xc3\xd8\x03\xd3\x57\x5c\x07\xa4\xd0\x24\xa7\xc0\xf2\x00\xd4\x30\x81\xed\x06\x03\x55\x1d\x1f\x04\x81\xe5\x30\x81\xe2\x30\x81\xdf\xa0\x81\xdc\xa0\x81\xd9\x86\x35\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x2f\x63\x72\x6c\x2f\x76\x32\x2f\x74\x63\x5f\x63\x6c\x61\x73\x73\x5f\x33\x5f\x63\x61\x5f\x49\x49\x2e\x63\x72\x6c\x86\x81\x9f\x6c\x64\x61\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2e\x64\x65\x2f\x43\x4e\x3d\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x25\x32\x30\x43\x6c\x61\x73\x73\x25\x32\x30\x33\x25\x32\x30\x43\x41\x25\x32\x30\x49\x49\x2c\x4f\x3d\x54\x43\x25\x32\x30\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x25\x32\x30\x47\x6d\x62\x48\x2c\x4f\x55\x3d\x72\x6f\x6f\x74\x63\x65\x72\x74\x73\x2c\x44\x43\x3d\x74\x72\x75\x73\x74\x63\x65\x6e\x74\x65\x72\x2c\x44\x43\x3d\x64\x65\x3f\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x52\x65\x76\x6f\x63\x61\x74\x69\x6f\x6e\x4c\x69\x73\x74\x3f\x62\x61\x73\x65\x3f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x36\x60\xe4\x70\xf7\x06\x20\x43\xd9\x23\x1a\x42\xf2\xf8\xa3\xb2\xb9\x4d\x8a\xb4\xf3\xc2\x9a\x55\x31\x7c\xc4\x3b\x67\x9a\xb4\xdf\x4d\x0e\x8a\x93\x4a\x17\x8b\x1b\x8d\xca\x89\xe1\xcf\x3a\x1e\xac\x1d\xf1\x9c\x32\xb4\x8e\x59\x76\xa2\x41\x85\x25\x37\xa0\x13\xd0\xf5\x7c\x4e\xd5\xea\x96\xe2\x6e\x72\xc1\xbb\x2a\xfe\x6c\x6e\xf8\x91\x98\x46\xfc\xc9\x1b\x57\x5b\xea\xc8\x1a\x3b\x3f\xb0\x51\x98\x3c\x07\xda\x2c\x59\x01\xda\x8b\x44\xe8\xe1\x74\xfd\xa7\x68\xdd\x54\xba\x83\x46\xec\xc8\x46\xb5\xf8\xaf\x97\xc0\x3b\x09\x1c\x8f\xce\x72\x96\x3d\x33\x56\x70\xbc\x96\xcb\xd8\xd5\x7d\x20\x9a\x83\x9f\x1a\xdc\x39\xf1\xc5\x72\xa3\x11\x03\xfd\x3b\x42\x52\x29\xdb\xe8\x01\xf7\x9b\x5e\x8c\xd6\x8d\x86\x4e\x19\xfa\xbc\x1c\xbe\xc5\x21\xa5\x87\x9e\x78\x2e\x36\xdb\x09\x71\xa3\x72\x34\xf8\x6c\xe3\x06\x09\xf2\x5e\x56\xa5\xd3\xdd\x98\xfa\xd4\xe6\x06\xf4\xf0\xb6\x20\x63\x4b\xea\x29\xbd\xaa\x82\x66\x1e\xfb\x81\xaa\xa7\x37\xad\x13\x18\xe6\x92\xc3\x81\xc1\x33\xbb\x88\x1e\xa1\xe7\xe2\xb4\xbd\x31\x6c\x0e\x51\x3d\x6f\xfb\x96\x56\x80\xe2\x36\x17\xd1\xdc\xe4", + ["TC TrustCenter Universal CA I"] = "\x30\x82\x03\xdd\x30\x82\x02\xc5\xa0\x03\x02\x01\x02\x02\x0e\x1d\xa2\x00\x01\x00\x02\xec\xb7\x60\x80\x78\x8d\xb6\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x79\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0b\x13\x1b\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1d\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x20\x49\x30\x1e\x17\x0d\x30\x36\x30\x33\x32\x32\x31\x35\x35\x34\x32\x38\x5a\x17\x0d\x32\x35\x31\x32\x33\x31\x32\x32\x35\x39\x35\x39\x5a\x30\x79\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0b\x13\x1b\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1d\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x20\x49\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa4\x77\x23\x96\x44\xaf\x90\xf4\x31\xa7\x10\xf4\x26\x87\x9c\xf3\x38\xd9\x0f\x5e\xde\xcf\x41\xe8\x31\xad\xc6\x74\x91\x24\x96\x78\x1e\x09\xa0\x9b\x9a\x95\x4a\x4a\xf5\x62\x7c\x02\xa8\xca\xac\xfb\x5a\x04\x76\x39\xde\x5f\xf1\xf9\xb3\xbf\xf3\x03\x58\x55\xd2\xaa\xb7\xe3\x04\x22\xd1\xf8\x94\xda\x22\x08\x00\x8d\xd3\x7c\x26\x5d\xcc\x77\x79\xe7\x2c\x78\x39\xa8\x26\x73\x0e\xa2\x5d\x25\x69\x85\x4f\x55\x0e\x9a\xef\xc6\xb9\x44\xe1\x57\x3d\xdf\x1f\x54\x22\xe5\x6f\x65\xaa\x33\x84\x3a\xf3\xce\x7a\xbe\x55\x97\xae\x8d\x12\x0f\x14\x33\xe2\x50\x70\xc3\x49\x87\x13\xbc\x51\xde\xd7\x98\x12\x5a\xef\x3a\x83\x33\x92\x06\x75\x8b\x92\x7c\x12\x68\x7b\x70\x6a\x0f\xb5\x9b\xb6\x77\x5b\x48\x59\x9d\xe4\xef\x5a\xad\xf3\xc1\x9e\xd4\xd7\x45\x4e\xca\x56\x34\x21\xbc\x3e\x17\x5b\x6f\x77\x0c\x48\x01\x43\x29\xb0\xdd\x3f\x96\x6e\xe6\x95\xaa\x0c\xc0\x20\xb6\xfd\x3e\x36\x27\x9c\xe3\x5c\xcf\x4e\x81\xdc\x19\xbb\x91\x90\x7d\xec\xe6\x97\x04\x1e\x93\xcc\x22\x49\xd7\x97\x86\xb6\x13\x0a\x3c\x43\x23\x77\x7e\xf0\xdc\xe6\xcd\x24\x1f\x3b\x83\x9b\x34\x3a\x83\x34\xe3\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x92\xa4\x75\x2c\xa4\x9e\xbe\x81\x44\xeb\x79\xfc\x8a\xc5\x95\xa5\xeb\x10\x75\x73\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x92\xa4\x75\x2c\xa4\x9e\xbe\x81\x44\xeb\x79\xfc\x8a\xc5\x95\xa5\xeb\x10\x75\x73\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x28\xd2\xe0\x86\xd5\xe6\xf8\x7b\xf0\x97\xdc\x22\x6b\x3b\x95\x14\x56\x0f\x11\x30\xa5\x9a\x4f\x3a\xb0\x3a\xe0\x06\xcb\x65\xf5\xed\xc6\x97\x27\xfe\x25\xf2\x57\xe6\x5e\x95\x8c\x3e\x64\x60\x15\x5a\x7f\x2f\x0d\x01\xc5\xb1\x60\xfd\x45\x35\xcf\xf0\xb2\xbf\x06\xd9\xef\x5a\xbe\xb3\x62\x21\xb4\xd7\xab\x35\x7c\x53\x3e\xa6\x27\xf1\xa1\x2d\xda\x1a\x23\x9d\xcc\xdd\xec\x3c\x2d\x9e\x27\x34\x5d\x0f\xc2\x36\x79\xbc\xc9\x4a\x62\x2d\xed\x6b\xd9\x7d\x41\x43\x7c\xb6\xaa\xca\xed\x61\xb1\x37\x82\x15\x09\x1a\x8a\x16\x30\xd8\xec\xc9\xd6\x47\x72\x78\x4b\x10\x46\x14\x8e\x5f\x0e\xaf\xec\xc7\x2f\xab\x10\xd7\xb6\xf1\x6e\xec\x86\xb2\xc2\xe8\x0d\x92\x73\xdc\xa2\xf4\x0f\x3a\xbf\x61\x23\x10\x89\x9c\x48\x40\x6e\x70\x00\xb3\xd3\xba\x37\x44\x58\x11\x7a\x02\x6a\x88\xf0\x37\x34\xf0\x19\xe9\xac\xd4\x65\x73\xf6\x69\x8c\x64\x94\x3a\x79\x85\x29\xb0\x16\x2b\x0c\x82\x3f\x06\x9c\xc7\xfd\x10\x2b\x9e\x0f\x2c\xb6\x9e\xe3\x15\xbf\xd9\x36\x1c\xba\x25\x1a\x52\x3d\x1a\xec\x22\x0c\x1c\xe0\xa4\xa2\x3d\xf0\xe8\x39\xcf\x81\xc0\x7b\xed\x5d\x1f\x6f\xc5\xd0\x0b\xd7\x98", + ["Deutsche Telekom Root CA 2"] = "\x30\x82\x03\x9f\x30\x82\x02\x87\xa0\x03\x02\x01\x02\x02\x01\x26\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x71\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6c\x65\x6b\x6f\x6d\x20\x41\x47\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x54\x2d\x54\x65\x6c\x65\x53\x65\x63\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6e\x74\x65\x72\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6c\x65\x6b\x6f\x6d\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x30\x1e\x17\x0d\x39\x39\x30\x37\x30\x39\x31\x32\x31\x31\x30\x30\x5a\x17\x0d\x31\x39\x30\x37\x30\x39\x32\x33\x35\x39\x30\x30\x5a\x30\x71\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6c\x65\x6b\x6f\x6d\x20\x41\x47\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x54\x2d\x54\x65\x6c\x65\x53\x65\x63\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6e\x74\x65\x72\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1a\x44\x65\x75\x74\x73\x63\x68\x65\x20\x54\x65\x6c\x65\x6b\x6f\x6d\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xab\x0b\xa3\x35\xe0\x8b\x29\x14\xb1\x14\x85\xaf\x3c\x10\xe4\x39\x6f\x35\x5d\x4a\xae\xdd\xea\x61\x8d\x95\x49\xf4\x6f\x64\xa3\x1a\x60\x66\xa4\xa9\x40\x22\x84\xd9\xd4\xa5\xe5\x78\x93\x0e\x68\x01\xad\xb9\x4d\x5c\x3a\xce\xd3\xb8\xa8\x42\x40\xdf\xcf\xa3\xba\x82\x59\x6a\x92\x1b\xac\x1c\x9a\xda\x08\x2b\x25\x27\xf9\x69\x23\x47\xf1\xe0\xeb\x2c\x7a\x9b\xf5\x13\x02\xd0\x7e\x34\x7c\xc2\x9e\x3c\x00\x59\xab\xf5\xda\x0c\xf5\x32\x3c\x2b\xac\x50\xda\xd6\xc3\xde\x83\x94\xca\xa8\x0c\x99\x32\x0e\x08\x48\x56\x5b\x6a\xfb\xda\xe1\x58\x58\x01\x49\x5f\x72\x41\x3c\x15\x06\x01\x8e\x5d\xad\xaa\xb8\x93\xb4\xcd\x9e\xeb\xa7\xe8\x6a\x2d\x52\x34\xdb\x3a\xef\x5c\x75\x51\xda\xdb\xf3\x31\xf9\xee\x71\x98\x32\xc4\x54\x15\x44\x0c\xf9\x9b\x55\xed\xad\xdf\x18\x08\xa0\xa3\x86\x8a\x49\xee\x53\x05\x8f\x19\x4c\xd5\xde\x58\x79\x9b\xd2\x6a\x1c\x42\xab\xc5\xd5\xa7\xcf\x68\x0f\x96\xe4\xe1\x61\x98\x76\x61\xc8\x91\x7c\xd6\x3e\x00\xe2\x91\x50\x87\xe1\x9d\x0a\xe6\xad\x97\xd2\x1d\xc6\x3a\x7d\xcb\xbc\xda\x03\x34\xd5\x8e\x5b\x01\xf5\x6a\x07\xb7\x16\xb6\x6e\x4a\x7f\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x31\xc3\x79\x1b\xba\xf5\x53\xd7\x17\xe0\x89\x7a\x2d\x17\x6c\x0a\xb3\x2b\x9d\x33\x30\x0f\x06\x03\x55\x1d\x13\x04\x08\x30\x06\x01\x01\xff\x02\x01\x05\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x94\x64\x59\xad\x39\x64\xe7\x29\xeb\x13\xfe\x5a\xc3\x8b\x13\x57\xc8\x04\x24\xf0\x74\x77\xc0\x60\xe3\x67\xfb\xe9\x89\xa6\x83\xbf\x96\x82\x7c\x6e\xd4\xc3\x3d\xef\x9e\x80\x6e\xbb\x29\xb4\x98\x7a\xb1\x3b\x54\xeb\x39\x17\x47\x7e\x1a\x8e\x0b\xfc\x1f\x31\x59\x31\x04\xb2\xce\x17\xf3\x2c\xc7\x62\x36\x55\xe2\x22\xd8\x89\x55\xb4\x98\x48\xaa\x64\xfa\xd6\x1c\x36\xd8\x44\x78\x5a\x5a\x23\x3a\x57\x97\xf5\x7a\x30\x4f\xae\x9f\x6a\x4c\x4b\x2b\x8e\xa0\x03\xe3\x3e\xe0\xa9\xd4\xd2\x7b\xd2\xb3\xa8\xe2\x72\x3c\xad\x9e\xff\x80\x59\xe4\x9b\x45\xb4\xf6\x3b\xb0\xcd\x39\x19\x98\x32\xe5\xea\x21\x61\x90\xe4\x31\x21\x8e\x34\xb1\xf7\x2f\x35\x4a\x85\x10\xda\xe7\x8a\x37\x21\xbe\x59\x63\xe0\xf2\x85\x88\x31\x53\xd4\x54\x14\x85\x70\x79\xf4\x2e\x06\x77\x27\x75\x2f\x1f\xb8\x8a\xf9\xfe\xc5\xba\xd8\x36\xe4\x83\xec\xe7\x65\xb7\xbf\x63\x5a\xf3\x46\xaf\x81\x94\x37\xd4\x41\x8c\xd6\x23\xd6\x1e\xcf\xf5\x68\x1b\x44\x63\xa2\x5a\xba\xa7\x35\x59\xa1\xe5\x70\x05\x9b\x0e\x23\x57\x99\x94\x0a\x6d\xba\x39\x63\x28\x86\x92\xf3\x18\x84\xd8\xfb\xd1\xcf\x05\x56\x64\x57", + ["ComSign Secured CA"] = "\x30\x82\x03\xab\x30\x82\x02\x93\xa0\x03\x02\x01\x02\x02\x11\x00\xc7\x28\x47\x09\xb3\xb8\x6c\x45\x8c\x1d\xfa\x24\xf5\x36\x4e\xe9\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3c\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6f\x6d\x53\x69\x67\x6e\x20\x53\x65\x63\x75\x72\x65\x64\x20\x43\x41\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x43\x6f\x6d\x53\x69\x67\x6e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4c\x30\x1e\x17\x0d\x30\x34\x30\x33\x32\x34\x31\x31\x33\x37\x32\x30\x5a\x17\x0d\x32\x39\x30\x33\x31\x36\x31\x35\x30\x34\x35\x36\x5a\x30\x3c\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x43\x6f\x6d\x53\x69\x67\x6e\x20\x53\x65\x63\x75\x72\x65\x64\x20\x43\x41\x31\x10\x30\x0e\x06\x03\x55\x04\x0a\x13\x07\x43\x6f\x6d\x53\x69\x67\x6e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4c\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc6\xb5\x68\x5f\x1d\x94\x15\xc3\xa4\x08\x55\x2d\xe3\xa0\x57\x7a\xef\xe9\x74\x2a\xbb\xb9\x7c\x57\x49\x1a\x11\x5e\x4f\x29\x87\x0c\x48\xd6\x6a\xe7\x8f\xd4\x7e\x57\x24\xb9\x06\x89\xe4\x1c\x3c\xea\xac\xe3\xda\x21\x80\x73\x21\x0a\xef\x79\x98\x6c\x1f\x08\xff\xa1\x50\x7d\xf2\x98\x1b\xc9\x54\x6f\x3e\xa5\x28\xec\x21\x04\x0f\x45\xbb\x07\x3d\xa1\xc0\xfa\x2a\x98\x1d\x4e\x06\x93\xfb\xf5\x88\x3b\xab\x5f\xcb\x16\xbf\xe6\xf3\x9e\x4a\x87\xed\x19\xea\xc2\x9f\x43\xe4\xf1\x81\xa5\x7f\x10\x4f\x3e\xd1\x4a\x62\xad\x53\x1b\xcb\x83\xff\x07\x65\xa5\x92\x2d\x66\xa9\x5b\xb8\x5a\xf4\x1d\xb4\x21\x91\x4a\x17\x7b\x9e\x32\xfe\x56\x24\x39\xb2\x54\x84\x43\xf5\x84\xc2\xd8\xbc\x41\x90\xcc\x9d\xd6\x68\xda\xe9\x82\x50\xa9\x3b\x68\xcf\xb5\x5d\x02\x94\x60\x16\xb1\x43\xd9\x43\x5d\xdd\x5d\x87\x6e\xea\xbb\xb3\xc9\x6b\xf6\x03\x94\x09\x70\xde\x16\x11\x7a\x2b\xe8\x76\x8f\x49\x10\x98\x77\xb9\x63\x5c\x8b\x33\x97\x75\xf6\x0b\x8c\xb2\xab\x5b\xde\x74\x20\x25\x3f\xe3\xf3\x11\xf9\x87\x68\x86\x35\x71\xc3\x1d\x8c\x2d\xeb\xe5\x1a\xac\x0f\x73\xd5\x82\x59\x40\x80\xd3\x02\x03\x01\x00\x01\xa3\x81\xa7\x30\x81\xa4\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x44\x06\x03\x55\x1d\x1f\x04\x3d\x30\x3b\x30\x39\xa0\x37\xa0\x35\x86\x33\x68\x74\x74\x70\x3a\x2f\x2f\x66\x65\x64\x69\x72\x2e\x63\x6f\x6d\x73\x69\x67\x6e\x2e\x63\x6f\x2e\x69\x6c\x2f\x63\x72\x6c\x2f\x43\x6f\x6d\x53\x69\x67\x6e\x53\x65\x63\x75\x72\x65\x64\x43\x41\x2e\x63\x72\x6c\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xc1\x4b\xed\x70\xb6\xf7\x3e\x7c\x00\x3b\x00\x8f\xc7\x3e\x0e\x45\x9f\x1e\x5d\xec\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc1\x4b\xed\x70\xb6\xf7\x3e\x7c\x00\x3b\x00\x8f\xc7\x3e\x0e\x45\x9f\x1e\x5d\xec\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x16\xcf\xee\x92\x13\x50\xab\x7b\x14\x9e\x33\xb6\x42\x20\x6a\xd4\x15\xbd\x09\xab\xfc\x72\xe8\xef\x47\x7a\x90\xac\x51\xc1\x64\x4e\xe9\x88\xbd\x43\x45\x81\xe3\x66\x23\x3f\x12\x86\x4d\x19\xe4\x05\xb0\xe6\x37\xc2\x8d\xda\x06\x28\xc9\x0f\x89\xa4\x53\xa9\x75\x3f\xb0\x96\xfb\xab\x4c\x33\x55\xf9\x78\x26\x46\x6f\x1b\x36\x98\xfb\x42\x76\xc1\x82\xb9\x8e\xde\xfb\x45\xf9\x63\x1b\x62\x3b\x39\x06\xca\x77\x7a\xa8\x3c\x09\xcf\x6c\x36\x3d\x0f\x0a\x45\x4b\x69\x16\x1a\x45\x7d\x33\x03\x65\xf9\x52\x71\x90\x26\x95\xac\x4c\x0c\xf5\x8b\x93\x3f\xcc\x75\x74\x85\x98\xba\xff\x62\x7a\x4d\x1f\x89\xfe\xae\xbd\x94\x00\x99\xbf\x11\xa5\xdc\xe0\x79\xc5\x16\x0b\x7d\x02\x61\x1d\xea\x85\xf9\x02\x15\x4f\xe7\x5a\x89\x4e\x14\x6f\xe3\x37\x4b\x85\xf5\xc1\x3c\x61\xe0\xfd\x05\x41\xb2\x92\x7f\xc3\x1d\xa0\xd0\xae\x52\x64\x60\x6b\x18\xc6\x26\x9c\xd8\xf5\x64\xe4\x36\x1a\x62\x9f\x8a\x0f\x3e\xff\x6d\x4e\x19\x56\x4e\x20\x91\x6c\x9f\x34\x33\x3a\x34\x57\x50\x3a\x6f\x81\x5e\x06\xc6\xf5\x3e\x7c\x4e\x8e\x2b\xce\x65\x06\x2e\x5d\xd2\x2a\x53\x74\x5e\xd3\x6e\x27\x9e\x8f", + ["Cybertrust Global Root"] = "\x30\x82\x03\xa1\x30\x82\x02\x89\xa0\x03\x02\x01\x02\x02\x0b\x04\x00\x00\x00\x00\x01\x0f\x85\xaa\x2d\x48\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3b\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x13\x0f\x43\x79\x62\x65\x72\x74\x72\x75\x73\x74\x2c\x20\x49\x6e\x63\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x43\x79\x62\x65\x72\x74\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x30\x1e\x17\x0d\x30\x36\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5a\x17\x0d\x32\x31\x31\x32\x31\x35\x30\x38\x30\x30\x30\x30\x5a\x30\x3b\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x13\x0f\x43\x79\x62\x65\x72\x74\x72\x75\x73\x74\x2c\x20\x49\x6e\x63\x31\x1f\x30\x1d\x06\x03\x55\x04\x03\x13\x16\x43\x79\x62\x65\x72\x74\x72\x75\x73\x74\x20\x47\x6c\x6f\x62\x61\x6c\x20\x52\x6f\x6f\x74\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xf8\xc8\xbc\xbd\x14\x50\x66\x13\xff\xf0\xd3\x79\xec\x23\xf2\xb7\x1a\xc7\x8e\x85\xf1\x12\x73\xa6\x19\xaa\x10\xdb\x9c\xa2\x65\x74\x5a\x77\x3e\x51\x7d\x56\xf6\xdc\x23\xb6\xd4\xed\x5f\x58\xb1\x37\x4d\xd5\x49\x0e\x6e\xf5\x6a\x87\xd6\xd2\x8c\xd2\x27\xc6\xe2\xff\x36\x9f\x98\x65\xa0\x13\x4e\xc6\x2a\x64\x9b\xd5\x90\x12\xcf\x14\x06\xf4\x3b\xe3\xd4\x28\xbe\xe8\x0e\xf8\xab\x4e\x48\x94\x6d\x8e\x95\x31\x10\x5c\xed\xa2\x2d\xbd\xd5\x3a\x6d\xb2\x1c\xbb\x60\xc0\x46\x4b\x01\xf5\x49\xae\x7e\x46\x8a\xd0\x74\x8d\xa1\x0c\x02\xce\xee\xfc\xe7\x8f\xb8\x6b\x66\xf3\x7f\x44\x00\xbf\x66\x25\x14\x2b\xdd\x10\x30\x1d\x07\x96\x3f\x4d\xf6\x6b\xb8\x8f\xb7\x7b\x0c\xa5\x38\xeb\xde\x47\xdb\xd5\x5d\x39\xfc\x88\xa7\xf3\xd7\x2a\x74\xf1\xe8\x5a\xa2\x3b\x9f\x50\xba\xa6\x8c\x45\x35\xc2\x50\x65\x95\xdc\x63\x82\xef\xdd\xbf\x77\x4d\x9c\x62\xc9\x63\x73\x16\xd0\x29\x0f\x49\xa9\x48\xf0\xb3\xaa\xb7\x6c\xc5\xa7\x30\x39\x40\x5d\xae\xc4\xe2\x5d\x26\x53\xf0\xce\x1c\x23\x08\x61\xa8\x94\x19\xba\x04\x62\x40\xec\x1f\x38\x70\x77\x12\x06\x71\xa7\x30\x18\x5d\x25\x27\xa5\x02\x03\x01\x00\x01\xa3\x81\xa5\x30\x81\xa2\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xb6\x08\x7b\x0d\x7a\xcc\xac\x20\x4c\x86\x56\x32\x5e\xcf\xab\x6e\x85\x2d\x70\x57\x30\x3f\x06\x03\x55\x1d\x1f\x04\x38\x30\x36\x30\x34\xa0\x32\xa0\x30\x86\x2e\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x32\x2e\x70\x75\x62\x6c\x69\x63\x2d\x74\x72\x75\x73\x74\x2e\x63\x6f\x6d\x2f\x63\x72\x6c\x2f\x63\x74\x2f\x63\x74\x72\x6f\x6f\x74\x2e\x63\x72\x6c\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xb6\x08\x7b\x0d\x7a\xcc\xac\x20\x4c\x86\x56\x32\x5e\xcf\xab\x6e\x85\x2d\x70\x57\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x56\xef\x0a\x23\xa0\x54\x4e\x95\x97\xc9\xf8\x89\xda\x45\xc1\xd4\xa3\x00\x25\xf4\x1f\x13\xab\xb7\xa3\x85\x58\x69\xc2\x30\xad\xd8\x15\x8a\x2d\xe3\xc9\xcd\x81\x5a\xf8\x73\x23\x5a\xa7\x7c\x05\xf3\xfd\x22\x3b\x0e\xd1\x06\xc4\xdb\x36\x4c\x73\x04\x8e\xe5\xb0\x22\xe4\xc5\xf3\x2e\xa5\xd9\x23\xe3\xb8\x4e\x4a\x20\xa7\x6e\x02\x24\x9f\x22\x60\x67\x7b\x8b\x1d\x72\x09\xc5\x31\x5c\xe9\x79\x9f\x80\x47\x3d\xad\xa1\x0b\x07\x14\x3d\x47\xff\x03\x69\x1a\x0c\x0b\x44\xe7\x63\x25\xa7\x7f\xb2\xc9\xb8\x76\x84\xed\x23\xf6\x7d\x07\xab\x45\x7e\xd3\xdf\xb3\xbf\xe9\x8a\xb6\xcd\xa8\xa2\x67\x2b\x52\xd5\xb7\x65\xf0\x39\x4c\x63\xa0\x91\x79\x93\x52\x0f\x54\xdd\x83\xbb\x9f\xd1\x8f\xa7\x53\x73\xc3\xcb\xff\x30\xec\x7c\x04\xb8\xd8\x44\x1f\x93\x5f\x71\x09\x22\xb7\x6e\x3e\xea\x1c\x03\x4e\x9d\x1a\x20\x61\xfb\x81\x37\xec\x5e\xfc\x0a\x45\xab\xd7\xe7\x17\x55\xd0\xa0\xea\x60\x9b\xa6\xf6\xe3\x8c\x5b\x29\xc2\x06\x60\x14\x9d\x2d\x97\x4c\xa9\x93\x15\x9d\x61\xc4\x01\x5f\x48\xd6\x58\xbd\x56\x31\x12\x4e\x11\xc8\x21\xe0\xb3\x11\x91\x65\xdb\xb4\xa6\x88\x38\xce\x55", + ["ePKI Root Certification Authority"] = "\x30\x82\x05\xb0\x30\x82\x03\x98\xa0\x03\x02\x01\x02\x02\x10\x15\xc8\xbd\x65\x47\x5c\xaf\xb8\x97\x00\x5e\xe4\x06\xd2\xbc\x9d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x5e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x23\x30\x21\x06\x03\x55\x04\x0a\x0c\x1a\x43\x68\x75\x6e\x67\x68\x77\x61\x20\x54\x65\x6c\x65\x63\x6f\x6d\x20\x43\x6f\x2e\x2c\x20\x4c\x74\x64\x2e\x31\x2a\x30\x28\x06\x03\x55\x04\x0b\x0c\x21\x65\x50\x4b\x49\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x34\x31\x32\x32\x30\x30\x32\x33\x31\x32\x37\x5a\x17\x0d\x33\x34\x31\x32\x32\x30\x30\x32\x33\x31\x32\x37\x5a\x30\x5e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x57\x31\x23\x30\x21\x06\x03\x55\x04\x0a\x0c\x1a\x43\x68\x75\x6e\x67\x68\x77\x61\x20\x54\x65\x6c\x65\x63\x6f\x6d\x20\x43\x6f\x2e\x2c\x20\x4c\x74\x64\x2e\x31\x2a\x30\x28\x06\x03\x55\x04\x0b\x0c\x21\x65\x50\x4b\x49\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xe1\x25\x0f\xee\x8d\xdb\x88\x33\x75\x67\xcd\xad\x1f\x7d\x3a\x4e\x6d\x9d\xd3\x2f\x14\xf3\x63\x74\xcb\x01\x21\x6a\x37\xea\x84\x50\x07\x4b\x26\x5b\x09\x43\x6c\x21\x9e\x6a\xc8\xd5\x03\xf5\x60\x69\x8f\xcc\xf0\x22\xe4\x1f\xe7\xf7\x6a\x22\x31\xb7\x2c\x15\xf2\xe0\xfe\x00\x6a\x43\xff\x87\x65\xc6\xb5\x1a\xc1\xa7\x4c\x6d\x22\x70\x21\x8a\x31\xf2\x97\x74\x89\x09\x12\x26\x1c\x9e\xca\xd9\x12\xa2\x95\x3c\xda\xe9\x67\xbf\x08\xa0\x64\xe3\xd6\x42\xb7\x45\xef\x97\xf4\xf6\xf5\xd7\xb5\x4a\x15\x02\x58\x7d\x98\x58\x4b\x60\xbc\xcd\xd7\x0d\x9a\x13\x33\x53\xd1\x61\xf9\x7a\xd5\xd7\x78\xb3\x9a\x33\xf7\x00\x86\xce\x1d\x4d\x94\x38\xaf\xa8\xec\x78\x51\x70\x8a\x5c\x10\x83\x51\x21\xf7\x11\x3d\x34\x86\x5e\xe5\x48\xcd\x97\x81\x82\x35\x4c\x19\xec\x65\xf6\x6b\xc5\x05\xa1\xee\x47\x13\xd6\xb3\x21\x27\x94\x10\x0a\xd9\x24\x3b\xba\xbe\x44\x13\x46\x30\x3f\x97\x3c\xd8\xd7\xd7\x6a\xee\x3b\x38\xe3\x2b\xd4\x97\x0e\xb9\x1b\xe7\x07\x49\x7f\x37\x2a\xf9\x77\x78\xcf\x54\xed\x5b\x46\x9d\xa3\x80\x0e\x91\x43\xc1\xd6\x5b\x5f\x14\xba\x9f\xa6\x8d\x24\x47\x40\x59\xbf\x72\x38\xb2\x36\x6c\x37\xff\x99\xd1\x5d\x0e\x59\x0a\xab\x69\xf7\xc0\xb2\x04\x45\x7a\x54\x00\xae\xbe\x53\xf6\xb5\xe7\xe1\xf8\x3c\xa3\x31\xd2\xa9\xfe\x21\x52\x64\xc5\xa6\x67\xf0\x75\x07\x06\x94\x14\x81\x55\xc6\x27\xe4\x01\x8f\x17\xc1\x6a\x71\xd7\xbe\x4b\xfb\x94\x58\x7d\x7e\x11\x33\xb1\x42\xf7\x62\x6c\x18\xd6\xcf\x09\x68\x3e\x7f\x6c\xf6\x1e\x8f\x62\xad\xa5\x63\xdb\x09\xa7\x1f\x22\x42\x41\x1e\x6f\x99\x8a\x3e\xd7\xf9\x3f\x40\x7a\x79\xb0\xa5\x01\x92\xd2\x9d\x3d\x08\x15\xa5\x10\x01\x2d\xb3\x32\x76\xa8\x95\x0d\xb3\x7a\x9a\xfb\x07\x10\x78\x11\x6f\xe1\x8f\xc7\xba\x0f\x25\x1a\x74\x2a\xe5\x1c\x98\x41\x99\xdf\x21\x87\xe8\x95\x06\x6a\x0a\xb3\x6a\x47\x76\x65\xf6\x3a\xcf\x8f\x62\x17\x19\x7b\x0a\x28\xcd\x1a\xd2\x83\x1e\x21\xc7\x2c\xbf\xbe\xff\x61\x68\xb7\x67\x1b\xbb\x78\x4d\x8d\xce\x67\xe5\xe4\xc1\x8e\xb7\x23\x66\xe2\x9d\x90\x75\x34\x98\xa9\x36\x2b\x8a\x9a\x94\xb9\x9d\xec\xcc\x8a\xb1\xf8\x25\x89\x5c\x5a\xb6\x2f\x8c\x1f\x6d\x79\x24\xa7\x52\x68\xc3\x84\x35\xe2\x66\x8d\x63\x0e\x25\x4d\xd5\x19\xb2\xe6\x79\x37\xa7\x22\x9d\x54\x31\x02\x03\x01\x00\x01\xa3\x6a\x30\x68\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x1e\x0c\xf7\xb6\x67\xf2\xe1\x92\x26\x09\x45\xc0\x55\x39\x2e\x77\x3f\x42\x4a\xa2\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x39\x06\x04\x67\x2a\x07\x00\x04\x31\x30\x2f\x30\x2d\x02\x01\x00\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x30\x07\x06\x05\x67\x2a\x03\x00\x00\x04\x14\x45\xb0\xc2\xc7\x0a\x56\x7c\xee\x5b\x78\x0c\x95\xf9\x18\x53\xc1\xa6\x1c\xd8\x10\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x09\xb3\x83\x53\x59\x01\x3e\x95\x49\xb9\xf1\x81\xba\xf9\x76\x20\x23\xb5\x27\x60\x74\xd4\x6a\x99\x34\x5e\x6c\x00\x53\xd9\x9f\xf2\xa6\xb1\x24\x07\x44\x6a\x2a\xc6\xa5\x8e\x78\x12\xe8\x47\xd9\x58\x1b\x13\x2a\x5e\x79\x9b\x9f\x0a\x2a\x67\xa6\x25\x3f\x06\x69\x56\x73\xc3\x8a\x66\x48\xfb\x29\x81\x57\x74\x06\xca\x9c\xea\x28\xe8\x38\x67\x26\x2b\xf1\xd5\xb5\x3f\x65\x93\xf8\x36\x5d\x8e\x8d\x8d\x40\x20\x87\x19\xea\xef\x27\xc0\x3d\xb4\x39\x0f\x25\x7b\x68\x50\x74\x55\x9c\x0c\x59\x7d\x5a\x3d\x41\x94\x25\x52\x08\xe0\x47\x2c\x15\x31\x19\xd5\xbf\x07\x55\xc6\xbb\x12\xb5\x97\xf4\x5f\x83\x85\xba\x71\xc1\xd9\x6c\x81\x11\x76\x0a\x0a\xb0\xbf\x82\x97\xf7\xea\x3d\xfa\xfa\xec\x2d\xa9\x28\x94\x3b\x56\xdd\xd2\x51\x2e\xae\xc0\xbd\x08\x15\x8c\x77\x52\x34\x96\xd6\x9b\xac\xd3\x1d\x8e\x61\x0f\x35\x7b\x9b\xae\x39\x69\x0b\x62\x60\x40\x20\x36\x8f\xaf\xfb\x36\xee\x2d\x08\x4a\x1d\xb8\xbf\x9b\x5c\xf8\xea\xa5\x1b\xa0\x73\xa6\xd8\xf8\x6e\xe0\x33\x04\x5f\x68\xaa\x27\x87\xed\xd9\xc1\x90\x9c\xed\xbd\xe3\x6a\x35\xaf\x63\xdf\xab\x18\xd9\xba\xe6\xe9\x4a\xea\x50\x8a\x0f\x61\x93\x1e\xe2\x2d\x19\xe2\x30\x94\x35\x92\x5d\x0e\xb6\x07\xaf\x19\x80\x8f\x47\x90\x51\x4b\x2e\x4d\xdd\x85\xe2\xd2\x0a\x52\x0a\x17\x9a\xfc\x1a\xb0\x50\x02\xe5\x01\xa3\x63\x37\x21\x4c\x44\xc4\x9b\x51\x99\x11\x0e\x73\x9c\x06\x8f\x54\x2e\xa7\x28\x5e\x44\x39\x87\x56\x2d\x37\xbd\x85\x44\x94\xe1\x0c\x4b\x2c\x9c\xc3\x92\x85\x34\x61\xcb\x0f\xb8\x9b\x4a\x43\x52\xfe\x34\x3a\x7d\xb8\xe9\x29\xdc\x76\xa9\xc8\x30\xf8\x14\x71\x80\xc6\x1e\x36\x48\x74\x22\x41\x5c\x87\x82\xe8\x18\x71\x8b\x41\x89\x44\xe7\x7e\x58\x5b\xa8\xb8\x8d\x13\xe9\xa7\x6c\xc3\x47\xed\xb3\x1a\x9d\x62\xae\x8d\x82\xea\x94\x9e\xdd\x59\x10\xc3\xad\xdd\xe2\x4d\xe3\x31\xd5\xc7\xec\xe8\xf2\xb0\xfe\x92\x1e\x16\x0a\x1a\xfc\xd9\xf3\xf8\x27\xb6\xc9\xbe\x1d\xb4\x6c\x64\x90\x7f\xf4\xe4\xc4\x5b\xd7\x37\xae\x42\x0e\xdd\xa4\x1a\x6f\x7c\x88\x54\xc5\x16\x6e\xe1\x7a\x68\x2e\xf8\x3a\xbf\x0d\xa4\x3c\x89\x3b\x78\xa7\x4e\x63\x83\x04\x21\x08\x67\x8d\xf2\x82\x49\xd0\x5b\xfd\xb1\xcd\x0f\x83\x84\xd4\x3e\x20\x85\xf7\x4a\x3d\x2b\x9c\xfd\x2a\x0a\x09\x4d\xea\x81\xf8\x11\x9c", + ["T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3"] = "\x30\x82\x05\x17\x30\x82\x03\xff\xa0\x03\x02\x01\x02\x02\x01\x11\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x82\x01\x2b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x18\x30\x16\x06\x03\x55\x04\x07\x0c\x0f\x47\x65\x62\x7a\x65\x20\x2d\x20\x4b\x6f\x63\x61\x65\x6c\x69\x31\x47\x30\x45\x06\x03\x55\x04\x0a\x0c\x3e\x54\xc3\xbc\x72\x6b\x69\x79\x65\x20\x42\x69\x6c\x69\x6d\x73\x65\x6c\x20\x76\x65\x20\x54\x65\x6b\x6e\x6f\x6c\x6f\x6a\x69\x6b\x20\x41\x72\x61\xc5\x9f\x74\xc4\xb1\x72\x6d\x61\x20\x4b\x75\x72\x75\x6d\x75\x20\x2d\x20\x54\xc3\x9c\x42\xc4\xb0\x54\x41\x4b\x31\x48\x30\x46\x06\x03\x55\x04\x0b\x0c\x3f\x55\x6c\x75\x73\x61\x6c\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x76\x65\x20\x4b\x72\x69\x70\x74\x6f\x6c\x6f\x6a\x69\x20\x41\x72\x61\xc5\x9f\x74\xc4\xb1\x72\x6d\x61\x20\x45\x6e\x73\x74\x69\x74\xc3\xbc\x73\xc3\xbc\x20\x2d\x20\x55\x45\x4b\x41\x45\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x0c\x1a\x4b\x61\x6d\x75\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x73\x79\x6f\x6e\x20\x4d\x65\x72\x6b\x65\x7a\x69\x31\x4a\x30\x48\x06\x03\x55\x04\x03\x0c\x41\x54\xc3\x9c\x42\xc4\xb0\x54\x41\x4b\x20\x55\x45\x4b\x41\x45\x20\x4b\xc3\xb6\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x20\x2d\x20\x53\xc3\xbc\x72\xc3\xbc\x6d\x20\x33\x30\x1e\x17\x0d\x30\x37\x30\x38\x32\x34\x31\x31\x33\x37\x30\x37\x5a\x17\x0d\x31\x37\x30\x38\x32\x31\x31\x31\x33\x37\x30\x37\x5a\x30\x82\x01\x2b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x18\x30\x16\x06\x03\x55\x04\x07\x0c\x0f\x47\x65\x62\x7a\x65\x20\x2d\x20\x4b\x6f\x63\x61\x65\x6c\x69\x31\x47\x30\x45\x06\x03\x55\x04\x0a\x0c\x3e\x54\xc3\xbc\x72\x6b\x69\x79\x65\x20\x42\x69\x6c\x69\x6d\x73\x65\x6c\x20\x76\x65\x20\x54\x65\x6b\x6e\x6f\x6c\x6f\x6a\x69\x6b\x20\x41\x72\x61\xc5\x9f\x74\xc4\xb1\x72\x6d\x61\x20\x4b\x75\x72\x75\x6d\x75\x20\x2d\x20\x54\xc3\x9c\x42\xc4\xb0\x54\x41\x4b\x31\x48\x30\x46\x06\x03\x55\x04\x0b\x0c\x3f\x55\x6c\x75\x73\x61\x6c\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x76\x65\x20\x4b\x72\x69\x70\x74\x6f\x6c\x6f\x6a\x69\x20\x41\x72\x61\xc5\x9f\x74\xc4\xb1\x72\x6d\x61\x20\x45\x6e\x73\x74\x69\x74\xc3\xbc\x73\xc3\xbc\x20\x2d\x20\x55\x45\x4b\x41\x45\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x0c\x1a\x4b\x61\x6d\x75\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x73\x79\x6f\x6e\x20\x4d\x65\x72\x6b\x65\x7a\x69\x31\x4a\x30\x48\x06\x03\x55\x04\x03\x0c\x41\x54\xc3\x9c\x42\xc4\xb0\x54\x41\x4b\x20\x55\x45\x4b\x41\x45\x20\x4b\xc3\xb6\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x20\x2d\x20\x53\xc3\xbc\x72\xc3\xbc\x6d\x20\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x8a\x6d\x4b\xff\x10\x88\x3a\xc3\xf6\x7e\x94\xe8\xea\x20\x64\x70\xae\x21\x81\xbe\x3a\x7b\x3c\xdb\xf1\x1d\x52\x7f\x59\xfa\xf3\x22\x4c\x95\xa0\x90\xbc\x48\x4e\x11\xab\xfb\xb7\xb5\x8d\x7a\x83\x28\x8c\x26\x46\xd8\x4e\x95\x40\x87\x61\x9f\xc5\x9e\x6d\x81\x87\x57\x6c\x8a\x3b\xb4\x66\xea\xcc\x40\xfc\xe3\xaa\x6c\xb2\xcb\x01\xdb\x32\xbf\xd2\xeb\x85\xcf\xa1\x0d\x55\xc3\x5b\x38\x57\x70\xb8\x75\xc6\x79\xd1\x14\x30\xed\x1b\x58\x5b\x6b\xef\x35\xf2\xa1\x21\x4e\xc5\xce\x7c\x99\x5f\x6c\xb9\xb8\x22\x93\x50\xa7\xcd\x4c\x70\x6a\xbe\x6a\x05\x7f\x13\x9c\x2b\x1e\xea\xfe\x47\xce\x04\xa5\x6f\xac\x93\x2e\x7c\x2b\x9f\x9e\x79\x13\x91\xe8\xea\x9e\xca\x38\x75\x8e\x62\xb0\x95\x93\x2a\xe5\xdf\xe9\x5e\x97\x6e\x20\x5f\x5f\x84\x7a\x44\x39\x19\x40\x1c\xba\x55\x2b\xfb\x30\xb2\x81\xef\x84\xe3\xdc\xec\x98\x38\x39\x03\x85\x08\xa9\x54\x03\x05\x29\xf0\xc9\x8f\x8b\xea\x0b\x86\x65\x19\x11\xd3\xe9\x09\x23\xde\x68\x93\x03\xc9\x36\x1c\x21\x6e\xce\x8c\x66\xf1\x99\x30\xd8\xd7\xb3\xc3\x1d\xf8\x81\x2e\xa8\xbd\x82\x0b\x66\xfe\x82\xcb\xe1\xe0\x1a\x82\xc3\x40\x81\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xbd\x88\x87\xc9\x8f\xf6\xa4\x0a\x0b\xaa\xeb\xc5\xfe\x91\x23\x9d\xab\x4a\x8a\x32\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x1d\x7c\xfa\x49\x8f\x34\xe9\xb7\x26\x92\x16\x9a\x05\x74\xe7\x4b\xd0\x6d\x39\x6c\xc3\x26\xf6\xce\xb8\x31\xbc\xc4\xdf\xbc\x2a\xf8\x37\x91\x18\xdc\x04\xc8\x64\x99\x2b\x18\x6d\x80\x03\x59\xc9\xae\xf8\x58\xd0\x3e\xed\xc3\x23\x9f\x69\x3c\x86\x38\x1c\x9e\xef\xda\x27\x78\xd1\x84\x37\x71\x8a\x3c\x4b\x39\xcf\x7e\x45\x06\xd6\x2d\xd8\x8a\x4d\x78\x12\xd6\xad\xc2\xd3\xcb\xd2\xd0\x41\xf3\x26\x36\x4a\x9b\x95\x6c\x0c\xee\xe5\xd1\x43\x27\x66\xc1\x88\xf7\x7a\xb3\x20\x6c\xea\xb0\x69\x2b\xc7\x20\xe8\x0c\x03\xc4\x41\x05\x99\xe2\x3f\xe4\x6b\xf8\xa0\x86\x81\xc7\x84\xc6\x1f\xd5\x4b\x81\x12\xb2\x16\x21\x2c\x13\xa1\x80\xb2\x5e\x0c\x4a\x13\x9e\x20\xd8\x62\x40\xab\x90\xea\x64\x4a\x2f\xac\x0d\x01\x12\x79\x45\xa8\x2f\x87\x19\x68\xc8\xe2\x85\xc7\x30\xb2\x75\xf9\x38\x3f\xb2\xc0\x93\xb4\x6b\xe2\x03\x44\xce\x67\xa0\xdf\x89\xd6\xad\x8c\x76\xa3\x13\xc3\x94\x61\x2b\x6b\xd9\x6c\xc1\x07\x0a\x22\x07\x85\x6c\x85\x24\x46\xa9\xbe\x3f\x8b\x78\x84\x82\x7e\x24\x0c\x9d\xfd\x81\x37\xe3\x25\xa8\xed\x36\x4e\x95\x2c\xc9\x9c\x90\xda\xec\xa9\x42\x3c\xad\xb6\x02", + ["Buypass Class 2 CA 1"] = "\x30\x82\x03\x53\x30\x82\x02\x3b\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4f\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2d\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x20\x31\x30\x1e\x17\x0d\x30\x36\x31\x30\x31\x33\x31\x30\x32\x35\x30\x39\x5a\x17\x0d\x31\x36\x31\x30\x31\x33\x31\x30\x32\x35\x30\x39\x5a\x30\x4b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4f\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2d\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6c\x61\x73\x73\x20\x32\x20\x43\x41\x20\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x8b\x3c\x07\x45\xd8\xf6\xdf\xe6\xc7\xca\xba\x8d\x43\xc5\x47\x8d\xb0\x5a\xc1\x38\xdb\x92\x84\x1c\xaf\x13\xd4\x0f\x6f\x36\x46\x20\xc4\x2e\xcc\x71\x70\x34\xa2\x34\xd3\x37\x2e\xd8\xdd\x3a\x77\x2f\xc0\xeb\x29\xe8\x5c\xd2\xb5\xa9\x91\x34\x87\x22\x59\xfe\xcc\xdb\xe7\x99\xaf\x96\xc1\xa8\xc7\x40\xdd\xa5\x15\x8c\x6e\xc8\x7c\x97\x03\xcb\xe6\x20\xf2\xd7\x97\x5f\x31\xa1\x2f\x37\xd2\xbe\xee\xbe\xa9\xad\xa8\x4c\x9e\x21\x66\x43\x3b\xa8\xbc\xf3\x09\xa3\x38\xd5\x59\x24\xc1\xc2\x47\x76\xb1\x88\x5c\x82\x3b\xbb\x2b\xa6\x04\xd7\x8c\x07\x8f\xcd\xd5\x41\x1d\xf0\xae\xb8\x29\x2c\x94\x52\x60\x34\x94\x3b\xda\xe0\x38\xd1\x9d\x33\x3e\x15\xf4\x93\x32\xc5\x00\xda\xb5\x29\x66\x0e\x3a\x78\x0f\x21\x52\x5f\x02\xe5\x92\x7b\x25\xd3\x92\x1e\x2f\x15\x9d\x81\xe4\x9d\x8e\xe8\xef\x89\xce\x14\x4c\x54\x1d\x1c\x81\x12\x4d\x70\xa8\xbe\x10\x05\x17\x7e\x1f\xd1\xb8\x57\x55\xed\xcd\xbb\x52\xc2\xb0\x1e\x78\xc2\x4d\x36\x68\xcb\x56\x26\xc1\x52\xc1\xbd\x76\xf7\x58\xd5\x72\x7e\x1f\x44\x76\xbb\x00\x89\x1d\x16\x9d\x51\x35\xef\x4d\xc2\x56\xef\x6b\xe0\x8c\x3b\x0d\xe9\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x3f\x8d\x9a\x59\x8b\xfc\x7b\x7b\x9c\xa3\xaf\x38\xb0\x39\xed\x90\x71\x80\xd6\xc8\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x15\x1a\x7e\x13\x8a\xb9\xe8\x07\xa3\x4b\x27\x32\xb2\x40\x91\xf2\x21\xd1\x64\x85\xbe\x63\x6a\xd2\xcf\x81\xc2\x15\xd5\x7a\x7e\x0c\x29\xac\x37\x1e\x1c\x7c\x76\x52\x95\xda\xb5\x7f\x23\xa1\x29\x77\x65\xc9\x32\x9d\xa8\x2e\x56\xab\x60\x76\xce\x16\xb4\x8d\x7f\x78\xc0\xd5\x99\x51\x83\x7f\x5e\xd9\xbe\x0c\xa8\x50\xed\x22\xc7\xad\x05\x4c\x76\xfb\xed\xee\x1e\x47\x64\xf6\xf7\x27\x7d\x5c\x28\x0f\x45\xc5\x5c\x62\x5e\xa6\x9a\x91\x91\xb7\x53\x17\x2e\xdc\xad\x60\x9d\x96\x64\x39\xbd\x67\x68\xb2\xae\x05\xcb\x4d\xe7\x5f\x1f\x57\x86\xd5\x20\x9c\x28\xfb\x6f\x13\x38\xf5\xf6\x11\x92\xf6\x7d\x99\x5e\x1f\x0c\xe8\xab\x44\x24\x29\x72\x40\x3d\x36\x52\xaf\x8c\x58\x90\x73\xc1\xec\x61\x2c\x79\xa1\xec\x87\xb5\x3f\xda\x4d\xd9\x21\x00\x30\xde\x90\xda\x0e\xd3\x1a\x48\xa9\x3e\x85\x0b\x14\x8b\x8c\xbc\x41\x9e\x6a\xf7\x0e\x70\xc0\x35\xf7\x39\xa2\x5d\x66\xd0\x7b\x59\x9f\xa8\x47\x12\x9a\x27\x23\xa4\x2d\x8e\x27\x83\x92\x20\xa1\xd7\x15\x7f\xf1\x2e\x18\xee\xf4\x48\x7f\x2f\x7f\xf1\xa1\x18\xb5\xa1\x0b\x94\xa0\x62\x20\x32\x9c\x1d\xf6\xd4\xef\xbf\x4c\x88\x68", + ["Buypass Class 3 CA 1"] = "\x30\x82\x03\x53\x30\x82\x02\x3b\xa0\x03\x02\x01\x02\x02\x01\x02\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4f\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2d\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x20\x31\x30\x1e\x17\x0d\x30\x35\x30\x35\x30\x39\x31\x34\x31\x33\x30\x33\x5a\x17\x0d\x31\x35\x30\x35\x30\x39\x31\x34\x31\x33\x30\x33\x5a\x30\x4b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4f\x31\x1d\x30\x1b\x06\x03\x55\x04\x0a\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2d\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x1d\x30\x1b\x06\x03\x55\x04\x03\x0c\x14\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x43\x41\x20\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa4\x8e\xd7\x74\xd9\x29\x64\xde\x5f\x1f\x87\x80\x91\xea\x4e\x39\xe6\x19\xc6\x44\x0b\x80\xd5\x0b\xaf\x53\x07\x8b\x12\xbd\xe6\x67\xf0\x02\xb1\x89\xf6\x60\x8a\xc4\x5b\xb0\x42\xd1\xc0\x21\xa8\xcb\xe1\x9b\xef\x64\x51\xb6\xa7\xcf\x15\xf5\x74\x80\x68\x04\x90\xa0\x58\xa2\xe6\x74\xa6\x53\x53\x55\x48\x63\x3f\x92\x56\xdd\x24\x4e\x8e\xf8\xba\x2b\xff\xf3\x34\x8a\x9e\x28\xd7\x34\x9f\xac\x2f\xd6\x0f\xf1\xa4\x2f\xbd\x52\xb2\x49\x85\x6d\x39\x35\xf0\x44\x30\x93\x46\x24\xf3\xb6\xe7\x53\xfb\xbc\x61\xaf\xa9\xa3\x14\xfb\xc2\x17\x17\x84\x6c\xe0\x7c\x88\xf8\xc9\x1c\x57\x2c\xf0\x3d\x7e\x94\xbc\x25\x93\x84\xe8\x9a\x00\x9a\x45\x05\x42\x57\x80\xf4\x4e\xce\xd9\xae\x39\xf6\xc8\x53\x10\x0c\x65\x3a\x47\x7b\x60\xc2\xd6\xfa\x91\xc9\xc6\x71\x6c\xbd\x91\x87\x3c\x91\x86\x49\xab\xf3\x0f\xa0\x6c\x26\x76\x5e\x1c\xac\x9b\x71\xe5\x8d\xbc\x9b\x21\x1e\x9c\xd6\x38\x7e\x24\x80\x15\x31\x82\x96\xb1\x49\xd3\x62\x37\x5b\x88\x0c\x0a\x62\x34\xfe\xa7\x48\x7e\x99\xb1\x30\x8b\x90\x37\x95\x1c\xa8\x1f\xa5\x2c\x8d\xf4\x55\xc8\xdb\xdd\x59\x0a\xc2\xad\x78\xa0\xf4\x8b\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x38\x14\xe6\xc8\xf0\xa9\xa4\x03\xf4\x4e\x3e\x22\xa3\x5b\xf2\xd6\xe0\xad\x40\x74\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x01\x67\xa3\x8c\xc9\x25\x3d\x13\x63\x5d\x16\x6f\xec\xa1\x3e\x09\x5c\x91\x15\x2a\x2a\xd9\x80\x21\x4f\x05\xdc\xbb\xa5\x89\xab\x13\x33\x2a\x9e\x38\xb7\x8c\x6f\x02\x72\x63\xc7\x73\x77\x1e\x09\x06\xba\x3b\x28\x7b\xa4\x47\xc9\x61\x6b\x08\x08\x20\xfc\x8a\x05\x8a\x1f\xbc\xba\xc6\xc2\xfe\xcf\x6e\xec\x13\x33\x71\x67\x2e\x69\xfa\xa9\x2c\x3f\x66\xc0\x12\x59\x4d\x0b\x54\x02\x92\x84\xbb\xdb\x12\xef\x83\x70\x70\x78\xc8\x53\xfa\xdf\xc6\xc6\xff\xdc\x88\x2f\x07\xc0\x49\x9d\x32\x57\x60\xd3\xf2\xf6\x99\x29\x5f\xe7\xaa\x01\xcc\xac\x33\xa8\x1c\x0a\xbb\x91\xc4\x03\xa0\x6f\xb6\x34\xf9\x86\xd3\xb3\x76\x54\x98\xf4\x4a\x81\xb3\x53\x9d\x4d\x40\xec\xe5\x77\x13\x45\xaf\x5b\xaa\x1f\xd8\x2f\x4c\x82\x7b\xfe\x2a\xc4\x58\xbb\x4f\xfc\x9e\xfd\x03\x65\x1a\x2a\x0e\xc3\xa5\x20\x16\x94\x6b\x79\xa6\xa2\x12\xb4\xbb\x1a\xa4\x23\x7a\x5f\xf0\xae\x84\x24\xe4\xf3\x2b\xfb\x8a\x24\xa3\x27\x98\x65\xda\x30\x75\x76\xfc\x19\x91\xe8\xdb\xeb\x9b\x3f\x32\xbf\x40\x97\x07\x26\xba\xcc\xf3\x94\x85\x4a\x7a\x27\x93\xcf\x90\x42\xd4\xb8\x5b\x16\xa6\xe7\xcb\x40\x03\xdd\x79", + ["EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1"] = "\x30\x82\x05\xe7\x30\x82\x03\xcf\xa0\x03\x02\x01\x02\x02\x08\x4c\xaf\x73\x42\x1c\x8e\x74\x02\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\x80\x31\x38\x30\x36\x06\x03\x55\x04\x03\x0c\x2f\x45\x42\x47\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x31\x37\x30\x35\x06\x03\x55\x04\x0a\x0c\x2e\x45\x42\x47\x20\x42\x69\x6c\x69\xc5\x9f\x69\x6d\x20\x54\x65\x6b\x6e\x6f\x6c\x6f\x6a\x69\x6c\x65\x72\x69\x20\x76\x65\x20\x48\x69\x7a\x6d\x65\x74\x6c\x65\x72\x69\x20\x41\x2e\xc5\x9e\x2e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x30\x1e\x17\x0d\x30\x36\x30\x38\x31\x37\x30\x30\x32\x31\x30\x39\x5a\x17\x0d\x31\x36\x30\x38\x31\x34\x30\x30\x33\x31\x30\x39\x5a\x30\x81\x80\x31\x38\x30\x36\x06\x03\x55\x04\x03\x0c\x2f\x45\x42\x47\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\xc4\x9f\x6c\x61\x79\xc4\xb1\x63\xc4\xb1\x73\xc4\xb1\x31\x37\x30\x35\x06\x03\x55\x04\x0a\x0c\x2e\x45\x42\x47\x20\x42\x69\x6c\x69\xc5\x9f\x69\x6d\x20\x54\x65\x6b\x6e\x6f\x6c\x6f\x6a\x69\x6c\x65\x72\x69\x20\x76\x65\x20\x48\x69\x7a\x6d\x65\x74\x6c\x65\x72\x69\x20\x41\x2e\xc5\x9e\x2e\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xee\xa0\x84\x61\xd0\x3a\x6a\x66\x10\x32\xd8\x31\x38\x7f\xa7\xa7\xe5\xfd\xa1\xe1\xfb\x97\x77\xb8\x71\x96\xe8\x13\x96\x46\x83\x4f\xb6\xf2\x5f\x72\x56\x6e\x13\x60\xa5\x01\x91\xe2\x5b\xc5\xcd\x57\x1f\x77\x63\x51\xff\x2f\x3d\xdb\xb9\x3f\xaa\xa9\x35\xe7\x79\xd0\xf5\xd0\x24\xb6\x21\xea\xeb\x23\x94\xfe\x29\xbf\xfb\x89\x91\x0c\x64\x9a\x05\x4a\x2b\xcc\x0c\xee\xf1\x3d\x9b\x82\x69\xa4\x4c\xf8\x9a\x6f\xe7\x22\xda\x10\xba\x5f\x92\xfc\x18\x27\x0a\xa8\xaa\x44\xfa\x2e\x2c\xb4\xfb\x46\x9a\x08\x03\x83\x72\xab\x88\xe4\x6a\x72\xc9\xe5\x65\x1f\x6e\x2a\x0f\x9d\xb3\xe8\x3b\xe4\x0c\x6e\x7a\xda\x57\xfd\xd7\xeb\x79\x8b\x5e\x20\x06\xd3\x76\x0b\x6c\x02\x95\xa3\x96\xe4\xcb\x76\x51\xd1\x28\x9d\xa1\x1a\xfc\x44\xa2\x4d\xcc\x7a\x76\xa8\x0d\x3d\xbf\x17\x4f\x22\x88\x50\xfd\xae\xb6\xec\x90\x50\x4a\x5b\x9f\x95\x41\xaa\xca\x0f\xb2\x4a\xfe\x80\x99\x4e\xa3\x46\x15\xab\xf8\x73\x42\x6a\xc2\x66\x76\xb1\x0a\x26\x15\xdd\x93\x92\xec\xdb\xa9\x5f\x54\x22\x52\x91\x70\x5d\x13\xea\x48\xec\x6e\x03\x6c\xd9\xdd\x6c\xfc\xeb\x0d\x03\xff\xa6\x83\x12\x9b\xf1\xa9\x93\x0f\xc5\x26\x4c\x31\xb2\x63\x99\x61\x72\xe7\x2a\x64\x99\xd2\xb8\xe9\x75\xe2\x7c\xa9\xa9\x9a\x1a\xaa\xc3\x56\xdb\x10\x9a\x3c\x83\x52\xb6\x7b\x96\xb7\xac\x87\x77\xa8\xb9\xf2\x67\x0b\x94\x43\xb3\xaf\x3e\x73\xfa\x42\x36\xb1\x25\xc5\x0a\x31\x26\x37\x56\x67\xba\xa3\x0b\x7d\xd6\xf7\x89\xcd\x67\xa1\xb7\x3a\x1e\x66\x4f\xf6\xa0\x55\x14\x25\x4c\x2c\x33\x0d\xa6\x41\x8c\xbd\x04\x31\x6a\x10\x72\x0a\x9d\x0e\x2e\x76\xbd\x5e\xf3\x51\x89\x8b\xa8\x3f\x55\x73\xbf\xdb\x3a\xc6\x24\x05\x96\x92\x48\xaa\x4b\x8d\x2a\x03\xe5\x57\x91\x10\xf4\x6a\x28\x15\x6e\x47\x77\x84\x5c\x51\x74\x9f\x19\xe9\xe6\x1e\x63\x16\x39\xe3\x11\x15\xe3\x58\x1a\x44\xbd\xcb\xc4\x6c\x66\xd7\x84\x06\xdf\x30\xf4\x37\xa2\x43\x22\x79\xd2\x10\x6c\xdf\xbb\xe6\x13\x11\xfc\x9d\x84\x0a\x13\x7b\xf0\x3b\xd0\xfc\xa3\x0a\xd7\x89\xea\x96\x7e\x8d\x48\x85\x1e\x64\x5f\xdb\x54\xa2\xac\xd5\x7a\x02\x79\x6b\xd2\x8a\xf0\x67\xda\x65\x72\x0d\x14\x70\xe4\xe9\x8e\x78\x8f\x32\x74\x7c\x57\xf2\xd6\xd6\xf4\x36\x89\x1b\xf8\x29\x6c\x8b\xb9\xf6\x97\xd1\xa4\x2e\xaa\xbe\x0b\x19\xc2\x45\xe9\x70\x5d\x02\x03\x00\x9d\xd9\xa3\x63\x30\x61\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xe7\xce\xc6\x4f\xfc\x16\x67\x96\xfa\x4a\xa3\x07\xc1\x04\xa7\xcb\x6a\xde\xda\x47\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xe7\xce\xc6\x4f\xfc\x16\x67\x96\xfa\x4a\xa3\x07\xc1\x04\xa7\xcb\x6a\xde\xda\x47\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x9b\x98\x9a\x5d\xbe\xf3\x28\x23\x76\xc6\x6c\xf7\x7f\xe6\x40\x9e\xc0\x36\xdc\x95\x0d\x1d\xad\x15\xc5\x36\xd8\xd5\x39\xef\xf2\x1e\x22\x5e\xb3\x82\xb4\x5d\xbb\x4c\x1a\xca\x92\x0d\xdf\x47\x24\x1e\xb3\x24\xda\x91\x88\xe9\x83\x70\xdd\x93\xd7\xe9\xba\xb3\xdf\x16\x5a\x3e\xde\xe0\xc8\xfb\xd3\xfd\x6c\x29\xf8\x15\x46\xa0\x68\x26\xcc\x93\x52\xae\x82\x01\x93\x90\xca\x77\xca\x4d\x49\xef\xe2\x5a\xd9\x2a\xbd\x30\xce\x4c\xb2\x81\xb6\x30\xce\x59\x4f\xda\x59\x1d\x6a\x7a\xa4\x45\xb0\x82\x26\x81\x86\x76\xf5\xf5\x10\x00\xb8\xee\xb3\x09\xe8\x4f\x87\x02\x07\xae\x24\x5c\xf0\x5f\xac\x0a\x30\xcc\x8a\x40\xa0\x73\x04\xc1\xfb\x89\x24\xf6\x9a\x1c\x5c\xb7\x3c\x0a\x67\x36\x05\x08\x31\xb3\xaf\xd8\x01\x68\x2a\xe0\x78\x8f\x74\xde\xb8\x51\xa4\x8c\x6c\x20\x3d\xa2\xfb\xb3\xd4\x09\xfd\x7b\xc2\x80\xaa\x93\x6c\x29\x98\x21\xa8\xbb\x16\xf3\xa9\x12\x5f\x74\xb5\x87\x98\xf2\x95\x26\xdf\x34\xef\x8a\x53\x91\x88\x5d\x1a\x94\xa3\x3f\x7c\x22\xf8\xd7\x88\xba\xa6\x8c\x96\xa8\x3d\x52\x34\x62\x9f\x00\x1e\x54\x55\x42\x67\xc6\x4d\x46\x8f\xbb\x14\x45\x3d\x0a\x96\x16\x8e\x10\xa1\x97\x99\xd5\xd3\x30\x85\xcc\xde\xb4\x72\xb7\xbc\x8a\x3c\x18\x29\x68\xfd\xdc\x71\x07\xee\x24\x39\x6a\xfa\xed\xa5\xac\x38\x2f\xf9\x1e\x10\x0e\x06\x71\x1a\x10\x4c\xfe\x75\x7e\xff\x1e\x57\x39\x42\xca\xd7\xe1\x15\xa1\x56\x55\x59\x1b\xd1\xa3\xaf\x11\xd8\x4e\xc3\xa5\x2b\xef\x90\xbf\xc0\xec\x82\x13\x5b\x8d\xd6\x72\x2c\x93\x4e\x8f\x6a\x29\xdf\x85\x3c\xd3\x0d\xe0\xa2\x18\x12\xcc\x55\x2f\x47\xb7\xa7\x9b\x02\xfe\x41\xf6\x88\x4c\x6d\xda\xa9\x01\x47\x83\x64\x27\x62\x10\x82\xd6\x12\x7b\x5e\x03\x1f\x34\xa9\xc9\x91\xfe\xaf\x5d\x6d\x86\x27\xb7\x23\xaa\x75\x18\xca\x20\xe7\xb0\x0f\xd7\x89\x0e\xa6\x67\x22\x63\xf4\x83\x41\x2b\x06\x4b\xbb\x58\xd5\xd1\xd7\xb7\xb9\x10\x63\xd8\x89\x4a\xb4\xaa\xdd\x16\x63\xf5\x6e\xbe\x60\xa1\xf8\xed\xe8\xd6\x90\x4f\x1a\xc6\xc5\xa0\x29\xd3\xa7\x21\xa8\xf5\x5a\x3c\xf7\xc7\x49\xa2\x21\x9a\x4a\x95\x52\x20\x96\x72\x9a\x66\xcb\xf7\xd2\x86\x43\x7c\x22\xbe\x96\xf9\xbd\x01\xa8\x47\xdd\xe5\x3b\x40\xf9\x75\x2b\x9b\x2b\x46\x64\x86\x8d\x1e\xf4\x8f\xfb\x07\x77\xd0\xea\x49\xa2\x1c\x8d\x52\x14\xa6\x0a\x93", + ["certSIGN ROOT CA"] = "\x30\x82\x03\x38\x30\x82\x02\x20\xa0\x03\x02\x01\x02\x02\x06\x20\x06\x05\x16\x70\x02\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x3b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x52\x4f\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x13\x08\x63\x65\x72\x74\x53\x49\x47\x4e\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x63\x65\x72\x74\x53\x49\x47\x4e\x20\x52\x4f\x4f\x54\x20\x43\x41\x30\x1e\x17\x0d\x30\x36\x30\x37\x30\x34\x31\x37\x32\x30\x30\x34\x5a\x17\x0d\x33\x31\x30\x37\x30\x34\x31\x37\x32\x30\x30\x34\x5a\x30\x3b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x52\x4f\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x13\x08\x63\x65\x72\x74\x53\x49\x47\x4e\x31\x19\x30\x17\x06\x03\x55\x04\x0b\x13\x10\x63\x65\x72\x74\x53\x49\x47\x4e\x20\x52\x4f\x4f\x54\x20\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb7\x33\xb9\x7e\xc8\x25\x4a\x8e\xb5\xdb\xb4\x28\x1b\xaa\x57\x90\xe8\xd1\x22\xd3\x64\xba\xd3\x93\xe8\xd4\xac\x86\x61\x40\x6a\x60\x57\x68\x54\x84\x4d\xbc\x6a\x54\x02\x05\xff\xdf\x9b\x9a\x2a\xae\x5d\x07\x8f\x4a\xc3\x28\x7f\xef\xfb\x2b\xfa\x79\xf1\xc7\xad\xf0\x10\x53\x24\x90\x8b\x66\xc9\xa8\x88\xab\xaf\x5a\xa3\x00\xe9\xbe\xba\x46\xee\x5b\x73\x7b\x2c\x17\x82\x81\x5e\x62\x2c\xa1\x02\x65\xb3\xbd\xc5\x2b\x00\x7e\xc4\xfc\x03\x33\x57\x0d\xed\xe2\xfa\xce\x5d\x45\xd6\x38\xcd\x35\xb6\xb2\xc1\xd0\x9c\x81\x4a\xaa\xe4\xb2\x01\x5c\x1d\x8f\x5f\x99\xc4\xb1\xad\xdb\x88\x21\xeb\x90\x08\x82\x80\xf3\x30\xa3\x43\xe6\x90\x82\xae\x55\x28\x49\xed\x5b\xd7\xa9\x10\x38\x0e\xfe\x8f\x4c\x5b\x9b\x46\xea\x41\xf5\xb0\x08\x74\xc3\xd0\x88\x33\xb6\x7c\xd7\x74\xdf\xdc\x84\xd1\x43\x0e\x75\x39\xa1\x25\x40\x28\xea\x78\xcb\x0e\x2c\x2e\x39\x9d\x8c\x8b\x6e\x16\x1c\x2f\x26\x82\x10\xe2\xe3\x65\x94\x0a\x04\xc0\x5e\xf7\x5d\x5b\xf8\x10\xe2\xd0\xba\x7a\x4b\xfb\xde\x37\x00\x00\x1a\x5b\x28\xe3\xd2\x9c\x73\x3e\x32\x87\x98\xa1\xc9\x51\x2f\xd7\xde\xac\x33\xb3\x4f\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc6\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xe0\x8c\x9b\xdb\x25\x49\xb3\xf1\x7c\x86\xd6\xb2\x42\x87\x0b\xd0\x6b\xa0\xd9\xe4\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3e\xd2\x1c\x89\x2e\x35\xfc\xf8\x75\xdd\xe6\x7f\x65\x88\xf4\x72\x4c\xc9\x2c\xd7\x32\x4e\xf3\xdd\x19\x79\x47\xbd\x8e\x3b\x5b\x93\x0f\x50\x49\x24\x13\x6b\x14\x06\x72\xef\x09\xd3\xa1\xa1\xe3\x40\x84\xc9\xe7\x18\x32\x74\x3c\x48\x6e\x0f\x9f\x4b\xd4\xf7\x1e\xd3\x93\x86\x64\x54\x97\x63\x72\x50\xd5\x55\xcf\xfa\x20\x93\x02\xa2\x9b\xc3\x23\x93\x4e\x16\x55\x76\xa0\x70\x79\x6d\xcd\x21\x1f\xcf\x2f\x2d\xbc\x19\xe3\x88\x31\xf8\x59\x1a\x81\x09\xc8\x97\xa6\x74\xc7\x60\xc4\x5b\xcc\x57\x8e\xb2\x75\xfd\x1b\x02\x09\xdb\x59\x6f\x72\x93\x69\xf7\x31\x41\xd6\x88\x38\xbf\x87\xb2\xbd\x16\x79\xf9\xaa\xe4\xbe\x88\x25\xdd\x61\x27\x23\x1c\xb5\x31\x07\x04\x36\xb4\x1a\x90\xbd\xa0\x74\x71\x50\x89\x6d\xbc\x14\xe3\x0f\x86\xae\xf1\xab\x3e\xc7\xa0\x09\xcc\xa3\x48\xd1\xe0\xdb\x64\xe7\x92\xb5\xcf\xaf\x72\x43\x70\x8b\xf9\xc3\x84\x3c\x13\xaa\x7e\x92\x9b\x57\x53\x93\xfa\x70\xc2\x91\x0e\x31\xf9\x9b\x67\x5d\xe9\x96\x38\x5e\x5f\xb3\x73\x4e\x88\x15\x67\xde\x9e\x76\x10\x62\x20\xbe\x55\x69\x95\x43\x00\x39\x4d\xf6\xee\xb0\x5a\x4e\x49\x44\x54\x58\x5f\x42\x83", + ["CNNIC ROOT"] = "\x30\x82\x03\x55\x30\x82\x02\x3d\xa0\x03\x02\x01\x02\x02\x04\x49\x33\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x32\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4e\x31\x0e\x30\x0c\x06\x03\x55\x04\x0a\x13\x05\x43\x4e\x4e\x49\x43\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x43\x4e\x4e\x49\x43\x20\x52\x4f\x4f\x54\x30\x1e\x17\x0d\x30\x37\x30\x34\x31\x36\x30\x37\x30\x39\x31\x34\x5a\x17\x0d\x32\x37\x30\x34\x31\x36\x30\x37\x30\x39\x31\x34\x5a\x30\x32\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4e\x31\x0e\x30\x0c\x06\x03\x55\x04\x0a\x13\x05\x43\x4e\x4e\x49\x43\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x43\x4e\x4e\x49\x43\x20\x52\x4f\x4f\x54\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xd3\x35\xf7\x3f\x73\x77\xad\xe8\x5b\x73\x17\xc2\xd1\x6f\xed\x55\xbc\x6e\xea\xe8\xa4\x79\xb2\x6c\xc3\xa3\xef\xe1\x9f\xb1\x3b\x48\x85\xf5\x9a\x5c\x21\x22\x10\x2c\xc5\x82\xce\xda\xe3\x9a\x6e\x37\xe1\x87\x2c\xdc\xb9\x0c\x5a\xba\x88\x55\xdf\xfd\xaa\xdb\x1f\x31\xea\x01\xf1\xdf\x39\x01\xc1\x13\xfd\x48\x52\x21\xc4\x55\xdf\xda\xd8\xb3\x54\x76\xba\x74\xb1\xb7\x7d\xd7\xc0\xe8\xf6\x59\xc5\x4d\xc8\xbd\xad\x1f\x14\xda\xdf\x58\x44\x25\x32\x19\x2a\xc7\x7e\x7e\x8e\xae\x38\xb0\x30\x7b\x47\x72\x09\x31\xf0\x30\xdb\xc3\x1b\x76\x29\xbb\x69\x76\x4e\x57\xf9\x1b\x64\xa2\x93\x56\xb7\x6f\x99\x6e\xdb\x0a\x04\x9c\x11\xe3\x80\x1f\xcb\x63\x94\x10\x0a\xa9\xe1\x64\x82\x31\xf9\x8c\x27\xed\xa6\x99\x00\xf6\x70\x93\x18\xf8\xa1\x34\x86\xa3\xdd\x7a\xc2\x18\x79\xf6\x7a\x65\x35\xcf\x90\xeb\xbd\x33\x93\x9f\x53\xab\x73\x3b\xe6\x9b\x34\x20\x2f\x1d\xef\xa9\x1d\x63\x1a\xa0\x80\xdb\x03\x2f\xf9\x26\x1a\x86\xd2\x8d\xbb\xa9\xbe\x52\x3a\x87\x67\x48\x0d\xbf\xb4\xa0\xd8\x26\xbe\x23\x5f\x73\x37\x7f\x26\xe6\x92\x04\xa3\x7f\xcf\x20\xa7\xb7\xf3\x3a\xca\xcb\x99\xcb\x02\x03\x01\x00\x01\xa3\x73\x30\x71\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x65\xf2\x31\xad\x2a\xf7\xf7\xdd\x52\x96\x0a\xc7\x02\xc1\x0e\xef\xa6\xd5\x3b\x11\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\xfe\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x65\xf2\x31\xad\x2a\xf7\xf7\xdd\x52\x96\x0a\xc7\x02\xc1\x0e\xef\xa6\xd5\x3b\x11\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4b\x35\xee\xcc\xe4\xae\xbf\xc3\x6e\xad\x9f\x95\x3b\x4b\x3f\x5b\x1e\xdf\x57\x29\xa2\x59\xca\x38\xe2\xb9\x1a\xff\x9e\xe6\x6e\x32\xdd\x1e\xae\xea\x35\xb7\xf5\x93\x91\x4e\xda\x42\xe1\xc3\x17\x60\x50\xf2\xd1\x5c\x26\xb9\x82\xb7\xea\x6d\xe4\x9c\x84\xe7\x03\x79\x17\xaf\x98\x3d\x94\xdb\xc7\xba\x00\xe7\xb8\xbf\x01\x57\xc1\x77\x45\x32\x0c\x3b\xf1\xb4\x1c\x08\xb0\xfd\x51\xa0\xa1\xdd\x9a\x1d\x13\x36\x9a\x6d\xb7\xc7\x3c\xb9\xe1\xc5\xd9\x17\xfa\x83\xd5\x3d\x15\xa0\x3c\xbb\x1e\x0b\xe2\xc8\x90\x3f\xa8\x86\x0c\xfc\xf9\x8b\x5e\x85\xcb\x4f\x5b\x4b\x62\x11\x47\xc5\x45\x7c\x05\x2f\x41\xb1\x9e\x10\x69\x1b\x99\x96\xe0\x55\x79\xfb\x4e\x86\x99\xb8\x94\xda\x86\x38\x6a\x93\xa3\xe7\xcb\x6e\xe5\xdf\xea\x21\x55\x89\x9c\x7d\x7d\x7f\x98\xf5\x00\x89\xee\xe3\x84\xc0\x5c\x96\xb5\xc5\x46\xea\x46\xe0\x85\x55\xb6\x1b\xc9\x12\xd6\xc1\xcd\xcd\x80\xf3\x02\x01\x3c\xc8\x69\xcb\x45\x48\x63\xd8\x94\xd0\xec\x85\x0e\x3b\x4e\x11\x65\xf4\x82\x8c\xa6\x3d\xae\x2e\x22\x94\x09\xc8\x5c\xea\x3c\x81\x5d\x16\x2a\x03\x97\x16\x55\x09\xdb\x8a\x41\x82\x9e\x66\x9b\x11", + ["ApplicationCA - Japanese Government"] = "\x30\x82\x03\xa0\x30\x82\x02\x88\xa0\x03\x02\x01\x02\x02\x01\x31\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x43\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x4a\x61\x70\x61\x6e\x65\x73\x65\x20\x47\x6f\x76\x65\x72\x6e\x6d\x65\x6e\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0b\x13\x0d\x41\x70\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x43\x41\x30\x1e\x17\x0d\x30\x37\x31\x32\x31\x32\x31\x35\x30\x30\x30\x30\x5a\x17\x0d\x31\x37\x31\x32\x31\x32\x31\x35\x30\x30\x30\x30\x5a\x30\x43\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x4a\x61\x70\x61\x6e\x65\x73\x65\x20\x47\x6f\x76\x65\x72\x6e\x6d\x65\x6e\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0b\x13\x0d\x41\x70\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x43\x41\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa7\x6d\xe0\x74\x4e\x87\x8f\xa5\x06\xde\x68\xa2\xdb\x86\x99\x4b\x64\x0d\x71\xf0\x0a\x05\x9b\x8e\xaa\xe1\xcc\x2e\xd2\x6a\x3b\xc1\x7a\xb4\x97\x61\x8d\x8a\xbe\xc6\x9a\x9c\x06\xb4\x86\x51\xe4\x37\x0e\x74\x78\x7e\x5f\x8a\x7f\x94\xa4\xd7\x47\x08\xfd\x50\x5a\x56\xe4\x68\xac\x28\x73\xa0\x7b\xe9\x7f\x18\x92\x40\x4f\x2d\x9d\xf5\xae\x44\x48\x73\x36\x06\x9e\x64\x2c\x3b\x34\x23\xdb\x5c\x26\xe4\x71\x79\x8f\xd4\x6e\x79\x22\xb9\x93\xc1\xca\xcd\xc1\x56\xed\x88\x6a\xd7\xa0\x39\x21\x04\x57\x2c\xa2\xf5\xbc\x47\x41\x4f\x5e\x34\x22\x95\xb5\x1f\x29\x6d\x5e\x4a\xf3\x4d\x72\xbe\x41\x56\x20\x87\xfc\xe9\x50\x47\xd7\x30\x14\xee\x5c\x8c\x55\xba\x59\x8d\x87\xfc\x23\xde\x93\xd0\x04\x8c\xfd\xef\x6d\xbd\xd0\x7a\xc9\xa5\x3a\x6a\x72\x33\xc6\x4a\x0d\x05\x17\x2a\x2d\x7b\xb1\xa7\xd8\xd6\xf0\xbe\xf4\x3f\xea\x0e\x28\x6d\x41\x61\x23\x76\x78\xc3\xb8\x65\xa4\xf3\x5a\xae\xcc\xc2\xaa\xd9\xe7\x58\xde\xb6\x7e\x9d\x85\x6e\x9f\x2a\x0a\x6f\x9f\x03\x29\x30\x97\x28\x1d\xbc\xb7\xcf\x54\x29\x4e\x51\x31\xf9\x27\xb6\x28\x26\xfe\xa2\x63\xe6\x41\x16\xf0\x33\x98\x47\x02\x03\x01\x00\x01\xa3\x81\x9e\x30\x81\x9b\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x54\x5a\xcb\x26\x3f\x71\xcc\x94\x46\x0d\x96\x53\xea\x6b\x48\xd0\x93\xfe\x42\x75\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x59\x06\x03\x55\x1d\x11\x04\x52\x30\x50\xa4\x4e\x30\x4c\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x18\x30\x16\x06\x03\x55\x04\x0a\x0c\x0f\xe6\x97\xa5\xe6\x9c\xac\xe5\x9b\xbd\xe6\x94\xbf\xe5\xba\x9c\x31\x23\x30\x21\x06\x03\x55\x04\x0b\x0c\x1a\xe3\x82\xa2\xe3\x83\x97\xe3\x83\xaa\xe3\x82\xb1\xe3\x83\xbc\xe3\x82\xb7\xe3\x83\xa7\xe3\x83\xb3\x43\x41\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x39\x6a\x44\x76\x77\x38\x3a\xec\xa3\x67\x46\x0f\xf9\x8b\x06\xa8\xfb\x6a\x90\x31\xce\x7e\xec\xda\xd1\x89\x7c\x7a\xeb\x2e\x0c\xbd\x99\x32\xe7\xb0\x24\xd6\xc3\xff\xf5\xb2\x88\x09\x87\x2c\xe3\x54\xe1\xa3\xa6\xb2\x08\x0b\xc0\x85\xa8\xc8\xd2\x9c\x71\xf6\x1d\x9f\x60\xfc\x38\x33\x13\xe1\x9e\xdc\x0b\x5f\xda\x16\x50\x29\x7b\x2f\x70\x91\x0f\x99\xba\x34\x34\x8d\x95\x74\xc5\x7e\x78\xa9\x66\x5d\xbd\xca\x21\x77\x42\x10\xac\x66\x26\x3d\xde\x91\xab\xfd\x15\xf0\x6f\xed\x6c\x5f\x10\xf8\xf3\x16\xf6\x03\x8a\x8f\xa7\x12\x11\x0c\xcb\xfd\x3f\x79\xc1\x9c\xfd\x62\xee\xa3\xcf\x54\x0c\xd1\x2b\x5f\x17\x3e\xe3\x3e\xbf\xc0\x2b\x3e\x09\x9b\xfe\x88\xa6\x7e\xb4\x92\x17\xfc\x23\x94\x81\xbd\x6e\xa7\xc5\x8c\xc2\xeb\x11\x45\xdb\xf8\x41\xc9\x96\x76\xea\x70\x5f\x79\x12\x6b\xe4\xa3\x07\x5a\x05\xef\x27\x49\xcf\x21\x9f\x8a\x4c\x09\x70\x66\xa9\x26\xc1\x2b\x11\x4e\x33\xd2\x0e\xfc\xd6\x6c\xd2\x0e\x32\x64\x68\xff\xad\x05\x78\x5f\x03\x1d\xa8\xe3\x90\xac\x24\xe0\x0f\x40\xa7\x4b\xae\x8b\x28\xb7\x82\xca\x18\x07\xe6\xb7\x5b\x74\xe9\x20\x19\x7f\xb2\x1b\x89\x54", + ["GeoTrust Primary Certification Authority - G3"] = "\x30\x82\x03\xfe\x30\x82\x02\xe6\xa0\x03\x02\x01\x02\x02\x10\x15\xac\x6e\x94\x19\xb2\x79\x4b\x41\xf6\x27\xa9\xc3\x18\x0f\x1f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x81\x98\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x39\x30\x37\x06\x03\x55\x04\x0b\x13\x30\x28\x63\x29\x20\x32\x30\x30\x38\x20\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x33\x30\x1e\x17\x0d\x30\x38\x30\x34\x30\x32\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x31\x32\x30\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\x98\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x39\x30\x37\x06\x03\x55\x04\x0b\x13\x30\x28\x63\x29\x20\x32\x30\x30\x38\x20\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xdc\xe2\x5e\x62\x58\x1d\x33\x57\x39\x32\x33\xfa\xeb\xcb\x87\x8c\xa7\xd4\x4a\xdd\x06\x88\xea\x64\x8e\x31\x98\xa5\x38\x90\x1e\x98\xcf\x2e\x63\x2b\xf0\x46\xbc\x44\xb2\x89\xa1\xc0\x28\x0c\x49\x70\x21\x95\x9f\x64\xc0\xa6\x93\x12\x02\x65\x26\x86\xc6\xa5\x89\xf0\xfa\xd7\x84\xa0\x70\xaf\x4f\x1a\x97\x3f\x06\x44\xd5\xc9\xeb\x72\x10\x7d\xe4\x31\x28\xfb\x1c\x61\xe6\x28\x07\x44\x73\x92\x22\x69\xa7\x03\x88\x6c\x9d\x63\xc8\x52\xda\x98\x27\xe7\x08\x4c\x70\x3e\xb4\xc9\x12\xc1\xc5\x67\x83\x5d\x33\xf3\x03\x11\xec\x6a\xd0\x53\xe2\xd1\xba\x36\x60\x94\x80\xbb\x61\x63\x6c\x5b\x17\x7e\xdf\x40\x94\x1e\xab\x0d\xc2\x21\x28\x70\x88\xff\xd6\x26\x6c\x6c\x60\x04\x25\x4e\x55\x7e\x7d\xef\xbf\x94\x48\xde\xb7\x1d\xdd\x70\x8d\x05\x5f\x88\xa5\x9b\xf2\xc2\xee\xea\xd1\x40\x41\x6d\x62\x38\x1d\x56\x06\xc5\x03\x47\x51\x20\x19\xfc\x7b\x10\x0b\x0e\x62\xae\x76\x55\xbf\x5f\x77\xbe\x3e\x49\x01\x53\x3d\x98\x25\x03\x76\x24\x5a\x1d\xb4\xdb\x89\xea\x79\xe5\xb6\xb3\x3b\x3f\xba\x4c\x28\x41\x7f\x06\xac\x6a\x8e\xc1\xd0\xf6\x05\x1d\x7d\xe6\x42\x86\xe3\xa5\xd5\x47\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xc4\x79\xca\x8e\xa1\x4e\x03\x1d\x1c\xdc\x6b\xdb\x31\x5b\x94\x3e\x3f\x30\x7f\x2d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x2d\xc5\x13\xcf\x56\x80\x7b\x7a\x78\xbd\x9f\xae\x2c\x99\xe7\xef\xda\xdf\x94\x5e\x09\x69\xa7\xe7\x6e\x68\x8c\xbd\x72\xbe\x47\xa9\x0e\x97\x12\xb8\x4a\xf1\x64\xd3\x39\xdf\x25\x34\xd4\xc1\xcd\x4e\x81\xf0\x0f\x04\xc4\x24\xb3\x34\x96\xc6\xa6\xaa\x30\xdf\x68\x61\x73\xd7\xf9\x8e\x85\x89\xef\x0e\x5e\x95\x28\x4a\x2a\x27\x8f\x10\x8e\x2e\x7c\x86\xc4\x02\x9e\xda\x0c\x77\x65\x0e\x44\x0d\x92\xfd\xfd\xb3\x16\x36\xfa\x11\x0d\x1d\x8c\x0e\x07\x89\x6a\x29\x56\xf7\x72\xf4\xdd\x15\x9c\x77\x35\x66\x57\xab\x13\x53\xd8\x8e\xc1\x40\xc5\xd7\x13\x16\x5a\x72\xc7\xb7\x69\x01\xc4\x7a\xb1\x83\x01\x68\x7d\x8d\x41\xa1\x94\x18\xc1\x25\x5c\xfc\xf0\xfe\x83\x02\x87\x7c\x0d\x0d\xcf\x2e\x08\x5c\x4a\x40\x0d\x3e\xec\x81\x61\xe6\x24\xdb\xca\xe0\x0e\x2d\x07\xb2\x3e\x56\xdc\x8d\xf5\x41\x85\x07\x48\x9b\x0c\x0b\xcb\x49\x3f\x7d\xec\xb7\xfd\xcb\x8d\x67\x89\x1a\xab\xed\xbb\x1e\xa3\x00\x08\x08\x17\x2a\x82\x5c\x31\x5d\x46\x8a\x2d\x0f\x86\x9b\x74\xd9\x45\xfb\xd4\x40\xb1\x7a\xaa\x68\x2d\x86\xb2\x99\x22\xe1\xc1\x2b\xc7\x9c\xf8\xf3\x5f\xa8\x82\x12\xeb\x19\x11\x2d", + ["thawte Primary Root CA - G2"] = "\x30\x82\x02\x88\x30\x82\x02\x0d\xa0\x03\x02\x01\x02\x02\x10\x35\xfc\x26\x5c\xd9\x84\x4f\xc9\x3d\x26\x3d\x57\x9b\xae\xd7\x56\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x30\x81\x84\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x31\x38\x30\x36\x06\x03\x55\x04\x0b\x13\x2f\x28\x63\x29\x20\x32\x30\x30\x37\x20\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1b\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x1e\x17\x0d\x30\x37\x31\x31\x30\x35\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5a\x30\x81\x84\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x31\x38\x30\x36\x06\x03\x55\x04\x0b\x13\x2f\x28\x63\x29\x20\x32\x30\x30\x37\x20\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1b\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x76\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04\x00\x22\x03\x62\x00\x04\xa2\xd5\x9c\x82\x7b\x95\x9d\xf1\x52\x78\x87\xfe\x8a\x16\xbf\x05\xe6\xdf\xa3\x02\x4f\x0d\x07\xc6\x00\x51\xba\x0c\x02\x52\x2d\x22\xa4\x42\x39\xc4\xfe\x8f\xea\xc9\xc1\xbe\xd4\x4d\xff\x9f\x7a\x9e\xe2\xb1\x7c\x9a\xad\xa7\x86\x09\x73\x87\xd1\xe7\x9a\xe3\x7a\xa5\xaa\x6e\xfb\xba\xb3\x70\xc0\x67\x88\xa2\x35\xd4\xa3\x9a\xb1\xfd\xad\xc2\xef\x31\xfa\xa8\xb9\xf3\xfb\x08\xc6\x91\xd1\xfb\x29\x95\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x9a\xd8\x00\x30\x00\xe7\x6b\x7f\x85\x18\xee\x8b\xb6\xce\x8a\x0c\xf8\x11\xe1\xbb\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x03\x69\x00\x30\x66\x02\x31\x00\xdd\xf8\xe0\x57\x47\x5b\xa7\xe6\x0a\xc3\xbd\xf5\x80\x8a\x97\x35\x0d\x1b\x89\x3c\x54\x86\x77\x28\xca\xa1\xf4\x79\xde\xb5\xe6\x38\xb0\xf0\x65\x70\x8c\x7f\x02\x54\xc2\xbf\xff\xd8\xa1\x3e\xd9\xcf\x02\x31\x00\xc4\x8d\x94\xfc\xdc\x53\xd2\xdc\x9d\x78\x16\x1f\x15\x33\x23\x53\x52\xe3\x5a\x31\x5d\x9d\xca\xae\xbd\x13\x29\x44\x0d\x27\x5b\xa8\xe7\x68\x9c\x12\xf7\x58\x3f\x2e\x72\x02\x57\xa3\x8f\xa1\x14\x2e", + ["thawte Primary Root CA - G3"] = "\x30\x82\x04\x2a\x30\x82\x03\x12\xa0\x03\x02\x01\x02\x02\x10\x60\x01\x97\xb7\x46\xa7\xea\xb4\xb4\x9a\xd6\x4b\x2f\xf7\x90\xfb\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x81\xae\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x38\x30\x36\x06\x03\x55\x04\x0b\x13\x2f\x28\x63\x29\x20\x32\x30\x30\x38\x20\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1b\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x47\x33\x30\x1e\x17\x0d\x30\x38\x30\x34\x30\x32\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x31\x32\x30\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xae\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x31\x28\x30\x26\x06\x03\x55\x04\x0b\x13\x1f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6f\x6e\x31\x38\x30\x36\x06\x03\x55\x04\x0b\x13\x2f\x28\x63\x29\x20\x32\x30\x30\x38\x20\x74\x68\x61\x77\x74\x65\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x24\x30\x22\x06\x03\x55\x04\x03\x13\x1b\x74\x68\x61\x77\x74\x65\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x47\x33\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xb2\xbf\x27\x2c\xfb\xdb\xd8\x5b\xdd\x78\x7b\x1b\x9e\x77\x66\x81\xcb\x3e\xbc\x7c\xae\xf3\xa6\x27\x9a\x34\xa3\x68\x31\x71\x38\x33\x62\xe4\xf3\x71\x66\x79\xb1\xa9\x65\xa3\xa5\x8b\xd5\x8f\x60\x2d\x3f\x42\xcc\xaa\x6b\x32\xc0\x23\xcb\x2c\x41\xdd\xe4\xdf\xfc\x61\x9c\xe2\x73\xb2\x22\x95\x11\x43\x18\x5f\xc4\xb6\x1f\x57\x6c\x0a\x05\x58\x22\xc8\x36\x4c\x3a\x7c\xa5\xd1\xcf\x86\xaf\x88\xa7\x44\x02\x13\x74\x71\x73\x0a\x42\x59\x02\xf8\x1b\x14\x6b\x42\xdf\x6f\x5f\xba\x6b\x82\xa2\x9d\x5b\xe7\x4a\xbd\x1e\x01\x72\xdb\x4b\x74\xe8\x3b\x7f\x7f\x7d\x1f\x04\xb4\x26\x9b\xe0\xb4\x5a\xac\x47\x3d\x55\xb8\xd7\xb0\x26\x52\x28\x01\x31\x40\x66\xd8\xd9\x24\xbd\xf6\x2a\xd8\xec\x21\x49\x5c\x9b\xf6\x7a\xe9\x7f\x55\x35\x7e\x96\x6b\x8d\x93\x93\x27\xcb\x92\xbb\xea\xac\x40\xc0\x9f\xc2\xf8\x80\xcf\x5d\xf4\x5a\xdc\xce\x74\x86\xa6\x3e\x6c\x0b\x53\xca\xbd\x92\xce\x19\x06\x72\xe6\x0c\x5c\x38\x69\xc7\x04\xd6\xbc\x6c\xce\x5b\xf6\xf7\x68\x9c\xdc\x25\x15\x48\x88\xa1\xe9\xa9\xf8\x98\x9c\xe0\xf3\xd5\x31\x28\x61\x11\x6c\x67\x96\x8d\x39\x99\xcb\xc2\x45\x24\x39\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xad\x6c\xaa\x94\x60\x9c\xed\xe4\xff\xfa\x3e\x0a\x74\x2b\x63\x03\xf7\xb6\x59\xbf\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x1a\x40\xd8\x95\x65\xac\x09\x92\x89\xc6\x39\xf4\x10\xe5\xa9\x0e\x66\x53\x5d\x78\xde\xfa\x24\x91\xbb\xe7\x44\x51\xdf\xc6\x16\x34\x0a\xef\x6a\x44\x51\xea\x2b\x07\x8a\x03\x7a\xc3\xeb\x3f\x0a\x2c\x52\x16\xa0\x2b\x43\xb9\x25\x90\x3f\x70\xa9\x33\x25\x6d\x45\x1a\x28\x3b\x27\xcf\xaa\xc3\x29\x42\x1b\xdf\x3b\x4c\xc0\x33\x34\x5b\x41\x88\xbf\x6b\x2b\x65\xaf\x28\xef\xb2\xf5\xc3\xaa\x66\xce\x7b\x56\xee\xb7\xc8\xcb\x67\xc1\xc9\x9c\x1a\x18\xb8\xc4\xc3\x49\x03\xf1\x60\x0e\x50\xcd\x46\xc5\xf3\x77\x79\xf7\xb6\x15\xe0\x38\xdb\xc7\x2f\x28\xa0\x0c\x3f\x77\x26\x74\xd9\x25\x12\xda\x31\xda\x1a\x1e\xdc\x29\x41\x91\x22\x3c\x69\xa7\xbb\x02\xf2\xb6\x5c\x27\x03\x89\xf4\x06\xea\x9b\xe4\x72\x82\xe3\xa1\x09\xc1\xe9\x00\x19\xd3\x3e\xd4\x70\x6b\xba\x71\xa6\xaa\x58\xae\xf4\xbb\xe9\x6c\xb6\xef\x87\xcc\x9b\xbb\xff\x39\xe6\x56\x61\xd3\x0a\xa7\xc4\x5c\x4c\x60\x7b\x05\x77\x26\x7a\xbf\xd8\x07\x52\x2c\x62\xf7\x70\x63\xd9\x39\xbc\x6f\x1c\xc2\x79\xdc\x76\x29\xaf\xce\xc5\x2c\x64\x04\x5e\x88\x36\x6e\x31\xd4\x40\x1a\x62\x34\x36\x3f\x35\x01\xae\xac\x63\xa0", + ["GeoTrust Primary Certification Authority - G2"] = "\x30\x82\x02\xae\x30\x82\x02\x35\xa0\x03\x02\x01\x02\x02\x10\x3c\xb2\xf4\x48\x0a\x00\xe2\xfe\xeb\x24\x3b\x5e\x60\x3e\xc3\x6b\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x30\x81\x98\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x39\x30\x37\x06\x03\x55\x04\x0b\x13\x30\x28\x63\x29\x20\x32\x30\x30\x37\x20\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x32\x30\x1e\x17\x0d\x30\x37\x31\x31\x30\x35\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5a\x30\x81\x98\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x31\x39\x30\x37\x06\x03\x55\x04\x0b\x13\x30\x28\x63\x29\x20\x32\x30\x30\x37\x20\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d\x47\x65\x6f\x54\x72\x75\x73\x74\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x32\x30\x76\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04\x00\x22\x03\x62\x00\x04\x15\xb1\xe8\xfd\x03\x15\x43\xe5\xac\xeb\x87\x37\x11\x62\xef\xd2\x83\x36\x52\x7d\x45\x57\x0b\x4a\x8d\x7b\x54\x3b\x3a\x6e\x5f\x15\x02\xc0\x50\xa6\xcf\x25\x2f\x7d\xca\x48\xb8\xc7\x50\x63\x1c\x2a\x21\x08\x7c\x9a\x36\xd8\x0b\xfe\xd1\x26\xc5\x58\x31\x30\x28\x25\xf3\x5d\x5d\xa3\xb8\xb6\xa5\xb4\x92\xed\x6c\x2c\x9f\xeb\xdd\x43\x89\xa2\x3c\x4b\x48\x91\x1d\x50\xec\x26\xdf\xd6\x60\x2e\xbd\x21\xa3\x42\x30\x40\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x15\x5f\x35\x57\x51\x55\xfb\x25\xb2\xad\x03\x69\xfc\x01\xa3\xfa\xbe\x11\x55\xd5\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x03\x67\x00\x30\x64\x02\x30\x64\x96\x59\xa6\xe8\x09\xde\x8b\xba\xfa\x5a\x88\x88\xf0\x1f\x91\xd3\x46\xa8\xf2\x4a\x4c\x02\x63\xfb\x6c\x5f\x38\xdb\x2e\x41\x93\xa9\x0e\xe6\x9d\xdc\x31\x1c\xb2\xa0\xa7\x18\x1c\x79\xe1\xc7\x36\x02\x30\x3a\x56\xaf\x9a\x74\x6c\xf6\xfb\x83\xe0\x33\xd3\x08\x5f\xa1\x9c\xc2\x5b\x9f\x46\xd6\xb6\xcb\x91\x06\x63\xa2\x06\xe7\x33\xac\x3e\xa8\x81\x12\xd0\xcb\xba\xd0\x92\x0b\xb6\x9e\x96\xaa\x04\x0f\x8a", + ["VeriSign Universal Root Certification Authority"] = "\x30\x82\x04\xb9\x30\x82\x03\xa1\xa0\x03\x02\x01\x02\x02\x10\x40\x1a\xc4\x64\x21\xb3\x13\x21\x03\x0e\xbb\xe4\x12\x1a\xc5\x1d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x81\xbd\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x32\x30\x30\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x38\x30\x36\x06\x03\x55\x04\x03\x13\x2f\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x30\x38\x30\x34\x30\x32\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x37\x31\x32\x30\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xbd\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x32\x30\x30\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x38\x30\x36\x06\x03\x55\x04\x03\x13\x2f\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x52\x6f\x6f\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc7\x61\x37\x5e\xb1\x01\x34\xdb\x62\xd7\x15\x9b\xff\x58\x5a\x8c\x23\x23\xd6\x60\x8e\x91\xd7\x90\x98\x83\x7a\xe6\x58\x19\x38\x8c\xc5\xf6\xe5\x64\x85\xb4\xa2\x71\xfb\xed\xbd\xb9\xda\xcd\x4d\x00\xb4\xc8\x2d\x73\xa5\xc7\x69\x71\x95\x1f\x39\x3c\xb2\x44\x07\x9c\xe8\x0e\xfa\x4d\x4a\xc4\x21\xdf\x29\x61\x8f\x32\x22\x61\x82\xc5\x87\x1f\x6e\x8c\x7c\x5f\x16\x20\x51\x44\xd1\x70\x4f\x57\xea\xe3\x1c\xe3\xcc\x79\xee\x58\xd8\x0e\xc2\xb3\x45\x93\xc0\x2c\xe7\x9a\x17\x2b\x7b\x00\x37\x7a\x41\x33\x78\xe1\x33\xe2\xf3\x10\x1a\x7f\x87\x2c\xbe\xf6\xf5\xf7\x42\xe2\xe5\xbf\x87\x62\x89\x5f\x00\x4b\xdf\xc5\xdd\xe4\x75\x44\x32\x41\x3a\x1e\x71\x6e\x69\xcb\x0b\x75\x46\x08\xd1\xca\xd2\x2b\x95\xd0\xcf\xfb\xb9\x40\x6b\x64\x8c\x57\x4d\xfc\x13\x11\x79\x84\xed\x5e\x54\xf6\x34\x9f\x08\x01\xf3\x10\x25\x06\x17\x4a\xda\xf1\x1d\x7a\x66\x6b\x98\x60\x66\xa4\xd9\xef\xd2\x2e\x82\xf1\xf0\xef\x09\xea\x44\xc9\x15\x6a\xe2\x03\x6e\x33\xd3\xac\x9f\x55\x00\xc7\xf6\x08\x6a\x94\xb9\x5f\xdc\xe0\x33\xf1\x84\x60\xf9\x5b\x27\x11\xb4\xfc\x16\xf2\xbb\x56\x6a\x80\x25\x8d\x02\x03\x01\x00\x01\xa3\x81\xb2\x30\x81\xaf\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x6d\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x0c\x04\x61\x30\x5f\xa1\x5d\xa0\x5b\x30\x59\x30\x57\x30\x55\x16\x09\x69\x6d\x61\x67\x65\x2f\x67\x69\x66\x30\x21\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14\x8f\xe5\xd3\x1a\x86\xac\x8d\x8e\x6b\xc3\xcf\x80\x6a\xd4\x48\x18\x2c\x7b\x19\x2e\x30\x25\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x6c\x6f\x67\x6f\x2e\x76\x65\x72\x69\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x76\x73\x6c\x6f\x67\x6f\x2e\x67\x69\x66\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xb6\x77\xfa\x69\x48\x47\x9f\x53\x12\xd5\xc2\xea\x07\x32\x76\x07\xd1\x97\x07\x19\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x4a\xf8\xf8\xb0\x03\xe6\x2c\x67\x7b\xe4\x94\x77\x63\xcc\x6e\x4c\xf9\x7d\x0e\x0d\xdc\xc8\xb9\x35\xb9\x70\x4f\x63\xfa\x24\xfa\x6c\x83\x8c\x47\x9d\x3b\x63\xf3\x9a\xf9\x76\x32\x95\x91\xb1\x77\xbc\xac\x9a\xbe\xb1\xe4\x31\x21\xc6\x81\x95\x56\x5a\x0e\xb1\xc2\xd4\xb1\xa6\x59\xac\xf1\x63\xcb\xb8\x4c\x1d\x59\x90\x4a\xef\x90\x16\x28\x1f\x5a\xae\x10\xfb\x81\x50\x38\x0c\x6c\xcc\xf1\x3d\xc3\xf5\x63\xe3\xb3\xe3\x21\xc9\x24\x39\xe9\xfd\x15\x66\x46\xf4\x1b\x11\xd0\x4d\x73\xa3\x7d\x46\xf9\x3d\xed\xa8\x5f\x62\xd4\xf1\x3f\xf8\xe0\x74\x57\x2b\x18\x9d\x81\xb4\xc4\x28\xda\x94\x97\xa5\x70\xeb\xac\x1d\xbe\x07\x11\xf0\xd5\xdb\xdd\xe5\x8c\xf0\xd5\x32\xb0\x83\xe6\x57\xe2\x8f\xbf\xbe\xa1\xaa\xbf\x3d\x1d\xb5\xd4\x38\xea\xd7\xb0\x5c\x3a\x4f\x6a\x3f\x8f\xc0\x66\x6c\x63\xaa\xe9\xd9\xa4\x16\xf4\x81\xd1\x95\x14\x0e\x7d\xcd\x95\x34\xd9\xd2\x8f\x70\x73\x81\x7b\x9c\x7e\xbd\x98\x61\xd8\x45\x87\x98\x90\xc5\xeb\x86\x30\xc6\x35\xbf\xf0\xff\xc3\x55\x88\x83\x4b\xef\x05\x92\x06\x71\xf2\xb8\x98\x93\xb7\xec\xcd\x82\x61\xf1\x38\xe6\x4f\x97\x98\x2a\x5a\x8d", + ["VeriSign Class 3 Public Primary Certification Authority - G4"] = "\x30\x82\x03\x84\x30\x82\x03\x0a\xa0\x03\x02\x01\x02\x02\x10\x2f\x80\xfe\x23\x8c\x0e\x22\x0f\x48\x67\x12\x28\x91\x87\xac\xb3\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x32\x30\x30\x37\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x34\x30\x1e\x17\x0d\x30\x37\x31\x31\x30\x35\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x33\x38\x30\x31\x31\x38\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xca\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x32\x30\x30\x37\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3c\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x34\x30\x76\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04\x00\x22\x03\x62\x00\x04\xa7\x56\x7a\x7c\x52\xda\x64\x9b\x0e\x2d\x5c\xd8\x5e\xac\x92\x3d\xfe\x01\xe6\x19\x4a\x3d\x14\x03\x4b\xfa\x60\x27\x20\xd9\x83\x89\x69\xfa\x54\xc6\x9a\x18\x5e\x55\x2a\x64\xde\x06\xf6\x8d\x4a\x3b\xad\x10\x3c\x65\x3d\x90\x88\x04\x89\xe0\x30\x61\xb3\xae\x5d\x01\xa7\x7b\xde\x7c\xb2\xbe\xca\x65\x61\x00\x86\xae\xda\x8f\x7b\xd0\x89\xad\x4d\x1d\x59\x9a\x41\xb1\xbc\x47\x80\xdc\x9e\x62\xc3\xf9\xa3\x81\xb2\x30\x81\xaf\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x6d\x06\x08\x2b\x06\x01\x05\x05\x07\x01\x0c\x04\x61\x30\x5f\xa1\x5d\xa0\x5b\x30\x59\x30\x57\x30\x55\x16\x09\x69\x6d\x61\x67\x65\x2f\x67\x69\x66\x30\x21\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14\x8f\xe5\xd3\x1a\x86\xac\x8d\x8e\x6b\xc3\xcf\x80\x6a\xd4\x48\x18\x2c\x7b\x19\x2e\x30\x25\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x6c\x6f\x67\x6f\x2e\x76\x65\x72\x69\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x76\x73\x6c\x6f\x67\x6f\x2e\x67\x69\x66\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xb3\x16\x91\xfd\xee\xa6\x6e\xe4\xb5\x2e\x49\x8f\x87\x78\x81\x80\xec\xe5\xb1\xb5\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04\x03\x03\x03\x68\x00\x30\x65\x02\x30\x66\x21\x0c\x18\x26\x60\x5a\x38\x7b\x56\x42\xe0\xa7\xfc\x36\x84\x51\x91\x20\x2c\x76\x4d\x43\x3d\xc4\x1d\x84\x23\xd0\xac\xd6\x7c\x35\x06\xce\xcd\x69\xbd\x90\x0d\xdb\x6c\x48\x42\x1d\x0e\xaa\x42\x02\x31\x00\x9c\x3d\x48\x39\x23\x39\x58\x1a\x15\x12\x59\x6a\x9e\xef\xd5\x59\xb2\x1d\x52\x2c\x99\x71\xcd\xc7\x29\xdf\x1b\x2a\x61\x7b\x71\xd1\xde\xf3\xc0\xe5\x0d\x3a\x4a\xaa\x2d\xa7\xd8\x86\x2a\xdd\x2e\x10", + ["NetLock Arany (Class Gold) FÅ‘tanúsítvány"] = "\x30\x82\x04\x15\x30\x82\x02\xfd\xa0\x03\x02\x01\x02\x02\x06\x49\x41\x2c\xe4\x00\x10\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x81\xa7\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x0c\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x0c\x0c\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x0b\x0c\x2e\x54\x61\x6e\xc3\xba\x73\xc3\xad\x74\x76\xc3\xa1\x6e\x79\x6b\x69\x61\x64\xc3\xb3\x6b\x20\x28\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x29\x31\x35\x30\x33\x06\x03\x55\x04\x03\x0c\x2c\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x41\x72\x61\x6e\x79\x20\x28\x43\x6c\x61\x73\x73\x20\x47\x6f\x6c\x64\x29\x20\x46\xc5\x91\x74\x61\x6e\xc3\xba\x73\xc3\xad\x74\x76\xc3\xa1\x6e\x79\x30\x1e\x17\x0d\x30\x38\x31\x32\x31\x31\x31\x35\x30\x38\x32\x31\x5a\x17\x0d\x32\x38\x31\x32\x30\x36\x31\x35\x30\x38\x32\x31\x5a\x30\x81\xa7\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x0c\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x0c\x0c\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x4b\x66\x74\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x0b\x0c\x2e\x54\x61\x6e\xc3\xba\x73\xc3\xad\x74\x76\xc3\xa1\x6e\x79\x6b\x69\x61\x64\xc3\xb3\x6b\x20\x28\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x29\x31\x35\x30\x33\x06\x03\x55\x04\x03\x0c\x2c\x4e\x65\x74\x4c\x6f\x63\x6b\x20\x41\x72\x61\x6e\x79\x20\x28\x43\x6c\x61\x73\x73\x20\x47\x6f\x6c\x64\x29\x20\x46\xc5\x91\x74\x61\x6e\xc3\xba\x73\xc3\xad\x74\x76\xc3\xa1\x6e\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc4\x24\x5e\x73\xbe\x4b\x6d\x14\xc3\xa1\xf4\xe3\x97\x90\x6e\xd2\x30\x45\x1e\x3c\xee\x67\xd9\x64\xe0\x1a\x8a\x7f\xca\x30\xca\x83\xe3\x20\xc1\xe3\xf4\x3a\xd3\x94\x5f\x1a\x7c\x5b\x6d\xbf\x30\x4f\x84\x27\xf6\x9f\x1f\x49\xbc\xc6\x99\x0a\x90\xf2\x0f\xf5\x7f\x43\x84\x37\x63\x51\x8b\x7a\xa5\x70\xfc\x7a\x58\xcd\x8e\x9b\xed\xc3\x46\x6c\x84\x70\x5d\xda\xf3\x01\x90\x23\xfc\x4e\x30\xa9\x7e\xe1\x27\x63\xe7\xed\x64\x3c\xa0\xb8\xc9\x33\x63\xfe\x16\x90\xff\xb0\xb8\xfd\xd7\xa8\xc0\xc0\x94\x43\x0b\xb6\xd5\x59\xa6\x9e\x56\xd0\x24\x1f\x70\x79\xaf\xdb\x39\x54\x0d\x65\x75\xd9\x15\x41\x94\x01\xaf\x5e\xec\xf6\x8d\xf1\xff\xad\x64\xfe\x20\x9a\xd7\x5c\xeb\xfe\xa6\x1f\x08\x64\xa3\x8b\x76\x55\xad\x1e\x3b\x28\x60\x2e\x87\x25\xe8\xaa\xaf\x1f\xc6\x64\x46\x20\xb7\x70\x7f\x3c\xde\x48\xdb\x96\x53\xb7\x39\x77\xe4\x1a\xe2\xc7\x16\x84\x76\x97\x5b\x2f\xbb\x19\x15\x85\xf8\x69\x85\xf5\x99\xa7\xa9\xf2\x34\xa7\xa9\xb6\xa6\x03\xfc\x6f\x86\x3d\x54\x7c\x76\x04\x9b\x6b\xf9\x40\x5d\x00\x34\xc7\x2e\x99\x75\x9d\xe5\x88\x03\xaa\x4d\xf8\x03\xd2\x42\x76\xc0\x1b\x02\x03\x00\xa8\x8b\xa3\x45\x30\x43\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x04\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xcc\xfa\x67\x93\xf0\xb6\xb8\xd0\xa5\xc0\x1e\xf3\x53\xfd\x8c\x53\xdf\x83\xd7\x96\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\xab\x7f\xee\x1c\x16\xa9\x9c\x3c\x51\x00\xa0\xc0\x11\x08\x05\xa7\x99\xe6\x6f\x01\x88\x54\x61\x6e\xf1\xb9\x18\xad\x4a\xad\xfe\x81\x40\x23\x94\x2f\xfb\x75\x7c\x2f\x28\x4b\x62\x24\x81\x82\x0b\xf5\x61\xf1\x1c\x6e\xb8\x61\x38\xeb\x81\xfa\x62\xa1\x3b\x5a\x62\xd3\x94\x65\xc4\xe1\xe6\x6d\x82\xf8\x2f\x25\x70\xb2\x21\x26\xc1\x72\x51\x1f\x8c\x2c\xc3\x84\x90\xc3\x5a\x8f\xba\xcf\xf4\xa7\x65\xa5\xeb\x98\xd1\xfb\x05\xb2\x46\x75\x15\x23\x6a\x6f\x85\x63\x30\x80\xf0\xd5\x9e\x1f\x29\x1c\xc2\x6c\xb0\x50\x59\x5d\x90\x5b\x3b\xa8\x0d\x30\xcf\xbf\x7d\x7f\xce\xf1\x9d\x83\xbd\xc9\x46\x6e\x20\xa6\xf9\x61\x51\xba\x21\x2f\x7b\xbe\xa5\x15\x63\xa1\xd4\x95\x87\xf1\x9e\xb9\xf3\x89\xf3\x3d\x85\xb8\xb8\xdb\xbe\xb5\xb9\x29\xf9\xda\x37\x05\x00\x49\x94\x03\x84\x44\xe7\xbf\x43\x31\xcf\x75\x8b\x25\xd1\xf4\xa6\x64\xf5\x92\xf6\xab\x05\xeb\x3d\xe9\xa5\x0b\x36\x62\xda\xcc\x06\x5f\x36\x8b\xb6\x5e\x31\xb8\x2a\xfb\x5e\xf6\x71\xdf\x44\x26\x9e\xc4\xe6\x0d\x91\xb4\x2e\x75\x95\x80\x51\x6a\x4b\x30\xa6\xb0\x62\xa1\x93\xf1\x9b\xd8\xce\xc4\x63\x75\x3f\x59\x47\xb1", + ["Staat der Nederlanden Root CA - G2"] = "\x30\x82\x05\xca\x30\x82\x03\xb2\xa0\x03\x02\x01\x02\x02\x04\x00\x98\x96\x8c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x5a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4c\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x0c\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x31\x2b\x30\x29\x06\x03\x55\x04\x03\x0c\x22\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x1e\x17\x0d\x30\x38\x30\x33\x32\x36\x31\x31\x31\x38\x31\x37\x5a\x17\x0d\x32\x30\x30\x33\x32\x35\x31\x31\x30\x33\x31\x30\x5a\x30\x5a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4e\x4c\x31\x1e\x30\x1c\x06\x03\x55\x04\x0a\x0c\x15\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x31\x2b\x30\x29\x06\x03\x55\x04\x03\x0c\x22\x53\x74\x61\x61\x74\x20\x64\x65\x72\x20\x4e\x65\x64\x65\x72\x6c\x61\x6e\x64\x65\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x47\x32\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xc5\x59\xe7\x6f\x75\xaa\x3e\x4b\x9c\xb5\xb8\xac\x9e\x0b\xe4\xf9\xd9\xca\xab\x5d\x8f\xb5\x39\x10\x82\xd7\xaf\x51\xe0\x3b\xe1\x00\x48\x6a\xcf\xda\xe1\x06\x43\x11\x99\xaa\x14\x25\x12\xad\x22\xe8\x00\x6d\x43\xc4\xa9\xb8\xe5\x1f\x89\x4b\x67\xbd\x61\x48\xef\xfd\xd2\xe0\x60\x88\xe5\xb9\x18\x60\x28\xc3\x77\x2b\xad\xb0\x37\xaa\x37\xde\x64\x59\x2a\x46\x57\xe4\x4b\xb9\xf8\x37\x7c\xd5\x36\xe7\x80\xc1\xb6\xf3\xd4\x67\x9b\x96\xe8\xce\xd7\xc6\x0a\x53\xd0\x6b\x49\x96\xf3\xa3\x0b\x05\x77\x48\xf7\x25\xe5\x70\xac\x30\x14\x20\x25\xe3\x7f\x75\x5a\xe5\x48\xf8\x4e\x7b\x03\x07\x04\xfa\x82\x61\x87\x6e\xf0\x3b\xc4\xa4\xc7\xd0\xf5\x74\x3e\xa5\x5d\x1a\x08\xf2\x9b\x25\xd2\xf6\xac\x04\x26\x3e\x55\x3a\x62\x28\xa5\x7b\xb2\x30\xaf\xf8\x37\xc2\xd1\xba\xd6\x38\xfd\xf4\xef\x49\x30\x37\x99\x26\x21\x48\x85\x01\xa9\xe5\x16\xe7\xdc\x90\x55\xdf\x0f\xe8\x38\xcd\x99\x37\x21\x4f\x5d\xf5\x22\x6f\x6a\xc5\x12\x16\x60\x17\x55\xf2\x65\x66\xa6\xa7\x30\x91\x38\xc1\x38\x1d\x86\x04\x84\xba\x1a\x25\x78\x5e\x9d\xaf\xcc\x50\x60\xd6\x13\x87\x52\xed\x63\x1f\x6d\x65\x7d\xc2\x15\x18\x74\xca\xe1\x7e\x64\x29\x8c\x72\xd8\x16\x13\x7d\x0b\x49\x4a\xf1\x28\x1b\x20\x74\x6b\xc5\x3d\xdd\xb0\xaa\x48\x09\x3d\x2e\x82\x94\xcd\x1a\x65\xd9\x2b\x88\x9a\x99\xbc\x18\x7e\x9f\xee\x7d\x66\x7c\x3e\xbd\x94\xb8\x81\xce\xcd\x98\x30\x78\xc1\x6f\x67\xd0\xbe\x5f\xe0\x68\xed\xde\xe2\xb1\xc9\x2c\x59\x78\x92\xaa\xdf\x2b\x60\x63\xf2\xe5\x5e\xb9\xe3\xca\xfa\x7f\x50\x86\x3e\xa2\x34\x18\x0c\x09\x68\x28\x11\x1c\xe4\xe1\xb9\x5c\x3e\x47\xba\x32\x3f\x18\xcc\x5b\x84\xf5\xf3\x6b\x74\xc4\x72\x74\xe1\xe3\x8b\xa0\x4a\xbd\x8d\x66\x2f\xea\xad\x35\xda\x20\xd3\x88\x82\x61\xf0\x12\x22\xb6\xbc\xd0\xd5\xa4\xec\xaf\x54\x88\x25\x24\x3c\xa7\x6d\xb1\x72\x29\x3f\x3e\x57\xa6\x7f\x55\xaf\x6e\x26\xc6\xfe\xe7\xcc\x40\x5c\x51\x44\x81\x0a\x78\xde\x4a\xce\x55\xbf\x1d\xd5\xd9\xb7\x56\xef\xf0\x76\xff\x0b\x79\xb5\xaf\xbd\xfb\xa9\x69\x91\x46\x97\x68\x80\x14\x36\x1d\xb3\x7f\xbb\x29\x98\x36\xa5\x20\xfa\x82\x60\x62\x33\xa4\xec\xd6\xba\x07\xa7\x6e\xc5\xcf\x14\xa6\xe7\xd6\x92\x34\xd8\x81\xf5\xfc\x1d\x5d\xaa\x5c\x1e\xf6\xa3\x4d\x3b\xb8\xf7\x39\x02\x03\x01\x00\x01\xa3\x81\x97\x30\x81\x94\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x52\x06\x03\x55\x1d\x20\x04\x4b\x30\x49\x30\x47\x06\x04\x55\x1d\x20\x00\x30\x3f\x30\x3d\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x31\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x70\x6b\x69\x6f\x76\x65\x72\x68\x65\x69\x64\x2e\x6e\x6c\x2f\x70\x6f\x6c\x69\x63\x69\x65\x73\x2f\x72\x6f\x6f\x74\x2d\x70\x6f\x6c\x69\x63\x79\x2d\x47\x32\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x91\x68\x32\x87\x15\x1d\x89\xe2\xb5\xf1\xac\x36\x28\x34\x8d\x0b\x7c\x62\x88\xeb\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x02\x01\x00\xa8\x41\x4a\x67\x2a\x92\x81\x82\x50\x6e\xe1\xd7\xd8\xb3\x39\x3b\xf3\x02\x15\x09\x50\x51\xef\x2d\xbd\x24\x7b\x88\x86\x3b\xf9\xb4\xbc\x92\x09\x96\xb9\xf6\xc0\xab\x23\x60\x06\x79\x8c\x11\x4e\x51\xd2\x79\x80\x33\xfb\x9d\x48\xbe\xec\x41\x43\x81\x1f\x7e\x47\x40\x1c\xe5\x7a\x08\xca\xaa\x8b\x75\xad\x14\xc4\xc2\xe8\x66\x3c\x82\x07\xa7\xe6\x27\x82\x5b\x18\xe6\x0f\x6e\xd9\x50\x3e\x8a\x42\x18\x29\xc6\xb4\x56\xfc\x56\x10\xa0\x05\x17\xbd\x0c\x23\x7f\xf4\x93\xed\x9c\x1a\x51\xbe\xdd\x45\x41\xbf\x91\x24\xb4\x1f\x8c\xe9\x5f\xcf\x7b\x21\x99\x9f\x95\x9f\x39\x3a\x46\x1c\x6c\xf9\xcd\x7b\x9c\x90\xcd\x28\xa9\xc7\xa9\x55\xbb\xac\x62\x34\x62\x35\x13\x4b\x14\x3a\x55\x83\xb9\x86\x8d\x92\xa6\xc6\xf4\x07\x25\x54\xcc\x16\x57\x12\x4a\x82\x78\xc8\x14\xd9\x17\x82\x26\x2d\x5d\x20\x1f\x79\xae\xfe\xd4\x70\x16\x16\x95\x83\xd8\x35\x39\xff\x52\x5d\x75\x1c\x16\xc5\x13\x55\xcf\x47\xcc\x75\x65\x52\x4a\xde\xf0\xb0\xa7\xe4\x0a\x96\x0b\xfb\xad\xc2\xe2\x25\x84\xb2\xdd\xe4\xbd\x7e\x59\x6c\x9b\xf0\xf0\xd8\xe7\xca\xf2\xe9\x97\x38\x7e\x89\xbe\xcc\xfb\x39\x17\x61\x3f\x72\xdb\x3a\x91\xd8\x65\x01\x19\x1d\xad\x50\xa4\x57\x0a\x7c\x4b\xbc\x9c\x71\x73\x2a\x45\x51\x19\x85\xcc\x8e\xfd\x47\xa7\x74\x95\x1d\xa8\xd1\xaf\x4e\x17\xb1\x69\x26\xc2\xaa\x78\x57\x5b\xc5\x4d\xa7\xe5\x9e\x05\x17\x94\xca\xb2\x5f\xa0\x49\x18\x8d\x34\xe9\x26\x6c\x48\x1e\xaa\x68\x92\x05\xe1\x82\x73\x5a\x9b\xdc\x07\x5b\x08\x6d\x7d\x9d\xd7\x8d\x21\xd9\xfc\x14\x20\xaa\xc2\x45\xdf\x3f\xe7\x00\xb2\x51\xe4\xc2\xf8\x05\xb9\x79\x1a\x8c\x34\xf3\x9e\x5b\xe4\x37\x5b\x6b\x4a\xdf\x2c\x57\x8a\x40\x5a\x36\xba\xdd\x75\x44\x08\x37\x42\x70\x0c\xfe\xdc\x5e\x21\xa0\xa3\x8a\xc0\x90\x9c\x68\xda\x50\xe6\x45\x10\x47\x78\xb6\x4e\xd2\x65\xc9\xc3\x37\xdf\xe1\x42\x63\xb0\x57\x37\x45\x2d\x7b\x8a\x9c\xbf\x05\xea\x65\x55\x33\xf7\x39\x10\xc5\x28\x2a\x21\x7a\x1b\x8a\xc4\x24\xf9\x3f\x15\xc8\x9a\x15\x20\xf5\x55\x62\x96\xed\x6d\x93\x50\xbc\xe4\xaa\x78\xad\xd9\xcb\x0a\x65\x87\xa6\x66\xc1\xc4\x81\xa3\x77\x3a\x58\x1e\x0b\xee\x83\x8b\x9d\x1e\xd2\x52\xa4\xcc\x1d\x6f\xb0\x98\x6d\x94\x31\xb5\xf8\x71\x0a\xdc\xb9\xfc\x7d\x32\x60\xe6\xeb\xaf\x8a\x01", + ["CA Disig"] = "\x30\x82\x04\x0f\x30\x82\x02\xf7\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x4a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4b\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0a\x42\x72\x61\x74\x69\x73\x6c\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a\x44\x69\x73\x69\x67\x20\x61\x2e\x73\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x03\x13\x08\x43\x41\x20\x44\x69\x73\x69\x67\x30\x1e\x17\x0d\x30\x36\x30\x33\x32\x32\x30\x31\x33\x39\x33\x34\x5a\x17\x0d\x31\x36\x30\x33\x32\x32\x30\x31\x33\x39\x33\x34\x5a\x30\x4a\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4b\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0a\x42\x72\x61\x74\x69\x73\x6c\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a\x44\x69\x73\x69\x67\x20\x61\x2e\x73\x2e\x31\x11\x30\x0f\x06\x03\x55\x04\x03\x13\x08\x43\x41\x20\x44\x69\x73\x69\x67\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x92\xf6\x31\xc1\x7d\x88\xfd\x99\x01\xa9\xd8\x7b\xf2\x71\x75\xf1\x31\xc6\xf3\x75\x66\xfa\x51\x28\x46\x84\x97\x78\x34\xbc\x6c\xfc\xbc\x45\x59\x88\x26\x18\x4a\xc4\x37\x1f\xa1\x4a\x44\xbd\xe3\x71\x04\xf5\x44\x17\xe2\x3f\xfc\x48\x58\x6f\x5c\x9e\x7a\x09\xba\x51\x37\x22\x23\x66\x43\x21\xb0\x3c\x64\xa2\xf8\x6a\x15\x0e\x3f\xeb\x51\xe1\x54\xa9\xdd\x06\x99\xd7\x9a\x3c\x54\x8b\x39\x03\x3f\x0f\xc5\xce\xc6\xeb\x83\x72\x02\xa8\x1f\x71\xf3\x2d\xf8\x75\x08\xdb\x62\x4c\xe8\xfa\xce\xf9\xe7\x6a\x1f\xb6\x6b\x35\x82\xba\xe2\x8f\x16\x92\x7d\x05\x0c\x6c\x46\x03\x5d\xc0\xed\x69\xbf\x3a\xc1\x8a\xa0\xe8\x8e\xd9\xb9\x45\x28\x87\x08\xec\xb4\xca\x15\xbe\x82\xdd\xb5\x44\x8b\x2d\xad\x86\x0c\x68\x62\x6d\x85\x56\xf2\xac\x14\x63\x3a\xc6\xd1\x99\xac\x34\x78\x56\x4b\xcf\xb6\xad\x3f\x8c\x8a\xd7\x04\xe5\xe3\x78\x4c\xf5\x86\xaa\xf5\x8f\xfa\x3d\x6c\x71\xa3\x2d\xca\x67\xeb\x68\x7b\x6e\x33\xa9\x0c\x82\x28\xa8\x4c\x6a\x21\x40\x15\x20\x0c\x26\x5b\x83\xc2\xa9\x16\x15\xc0\x24\x82\x5d\x2b\x16\xad\xca\x63\xf6\x74\x00\xb0\xdf\x43\xc4\x10\x60\x56\x67\x63\x45\x02\x03\x01\x00\x01\xa3\x81\xff\x30\x81\xfc\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x8d\xb2\x49\x68\x9d\x72\x08\x25\xb9\xc0\x27\xf5\x50\x93\x56\x48\x46\x71\xf9\x8f\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x36\x06\x03\x55\x1d\x11\x04\x2f\x30\x2d\x81\x13\x63\x61\x6f\x70\x65\x72\x61\x74\x6f\x72\x40\x64\x69\x73\x69\x67\x2e\x73\x6b\x86\x16\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x64\x69\x73\x69\x67\x2e\x73\x6b\x2f\x63\x61\x30\x66\x06\x03\x55\x1d\x1f\x04\x5f\x30\x5d\x30\x2d\xa0\x2b\xa0\x29\x86\x27\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x64\x69\x73\x69\x67\x2e\x73\x6b\x2f\x63\x61\x2f\x63\x72\x6c\x2f\x63\x61\x5f\x64\x69\x73\x69\x67\x2e\x63\x72\x6c\x30\x2c\xa0\x2a\xa0\x28\x86\x26\x68\x74\x74\x70\x3a\x2f\x2f\x63\x61\x2e\x64\x69\x73\x69\x67\x2e\x73\x6b\x2f\x63\x61\x2f\x63\x72\x6c\x2f\x63\x61\x5f\x64\x69\x73\x69\x67\x2e\x63\x72\x6c\x30\x1a\x06\x03\x55\x1d\x20\x04\x13\x30\x11\x30\x0f\x06\x0d\x2b\x81\x1e\x91\x93\xe6\x0a\x00\x00\x00\x01\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x5d\x34\x74\x61\x4c\xaf\x3b\xd8\xff\x9f\x6d\x58\x36\x1c\x3d\x0b\x81\x0d\x12\x2b\x46\x10\x80\xfd\xe7\x3c\x27\xd0\x7a\xc8\xa9\xb6\x7e\x74\x30\x33\xa3\x3a\x8a\x7b\x74\xc0\x79\x79\x42\x93\x6d\xff\xb1\x29\x14\x82\xab\x21\x8c\x2f\x17\xf9\x3f\x26\x2f\xf5\x59\xc6\xef\x80\x06\xb7\x9a\x49\x29\xec\xce\x7e\x71\x3c\x6a\x10\x41\xc0\xf6\xd3\x9a\xb2\x7c\x5a\x91\x9c\xc0\xac\x5b\xc8\x4d\x5e\xf7\xe1\x53\xff\x43\x77\xfc\x9e\x4b\x67\x6c\xd7\xf3\x83\xd1\xa0\xe0\x7f\x25\xdf\xb8\x98\x0b\x9a\x32\x38\x6c\x30\xa0\xf3\xff\x08\x15\x33\xf7\x50\x4a\x7b\x3e\xa3\x3e\x20\xa9\xdc\x2f\x56\x80\x0a\xed\x41\x50\xb0\xc9\xf4\xec\xb2\xe3\x26\x44\x00\x0e\x6f\x9e\x06\xbc\x22\x96\x53\x70\x65\xc4\x50\x0a\x46\x6b\xa4\x2f\x27\x81\x12\x27\x13\x5f\x10\xa1\x76\xce\x8a\x7b\x37\xea\xc3\x39\x61\x03\x95\x98\x3a\xe7\x6c\x88\x25\x08\xfc\x79\x68\x0d\x87\x7d\x62\xf8\xb4\x5f\xfb\xc5\xd8\x4c\xbd\x58\xbc\x3f\x43\x5b\xd4\x1e\x01\x4d\x3c\x63\xbe\x23\xef\x8c\xcd\x5a\x50\xb8\x68\x54\xf9\x0a\x99\x33\x11\x00\xe1\x9e\xc2\x46\x77\x82\xf5\x59\x06\x8c\x21\x4c\x87\x09\xcd\xe5\xa8", + ["Juur-SK"] = "\x30\x82\x04\xe6\x30\x82\x03\xce\xa0\x03\x02\x01\x02\x02\x04\x3b\x8e\x4b\xfc\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x5d\x31\x18\x30\x16\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x09\x70\x6b\x69\x40\x73\x6b\x2e\x65\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x45\x31\x22\x30\x20\x06\x03\x55\x04\x0a\x13\x19\x41\x53\x20\x53\x65\x72\x74\x69\x66\x69\x74\x73\x65\x65\x72\x69\x6d\x69\x73\x6b\x65\x73\x6b\x75\x73\x31\x10\x30\x0e\x06\x03\x55\x04\x03\x13\x07\x4a\x75\x75\x72\x2d\x53\x4b\x30\x1e\x17\x0d\x30\x31\x30\x38\x33\x30\x31\x34\x32\x33\x30\x31\x5a\x17\x0d\x31\x36\x30\x38\x32\x36\x31\x34\x32\x33\x30\x31\x5a\x30\x5d\x31\x18\x30\x16\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x09\x70\x6b\x69\x40\x73\x6b\x2e\x65\x65\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x45\x31\x22\x30\x20\x06\x03\x55\x04\x0a\x13\x19\x41\x53\x20\x53\x65\x72\x74\x69\x66\x69\x74\x73\x65\x65\x72\x69\x6d\x69\x73\x6b\x65\x73\x6b\x75\x73\x31\x10\x30\x0e\x06\x03\x55\x04\x03\x13\x07\x4a\x75\x75\x72\x2d\x53\x4b\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\x81\x71\x36\x3e\x33\x07\xd6\xe3\x30\x8d\x13\x7e\x77\x32\x46\xcb\xcf\x19\xb2\x60\x31\x46\x97\x86\xf4\x98\x46\xa4\xc2\x65\x45\xcf\xd3\x40\x7c\xe3\x5a\x22\xa8\x10\x78\x33\xcc\x88\xb1\xd3\x81\x4a\xf6\x62\x17\x7b\x5f\x4d\x0a\x2e\xd0\xcf\x8b\x23\xee\x4f\x02\x4e\xbb\xeb\x0e\xca\xbd\x18\x63\xe8\x80\x1c\x8d\xe1\x1c\x8d\x3d\xe0\xff\x5b\x5f\xea\x64\xe5\x97\xe8\x3f\x99\x7f\x0c\x0a\x09\x33\x00\x1a\x53\xa7\x21\xe1\x38\x4b\xd6\x83\x1b\xad\xaf\x64\xc2\xf9\x1c\x7a\x8c\x66\x48\x4d\x66\x1f\x18\x0a\xe2\x3e\xbb\x1f\x07\x65\x93\x85\xb9\x1a\xb0\xb9\xc4\xfb\x0d\x11\xf6\xf5\xd6\xf9\x1b\xc7\x2c\x2b\xb7\x18\x51\xfe\xe0\x7b\xf6\xa8\x48\xaf\x6c\x3b\x4f\x2f\xef\xf8\xd1\x47\x1e\x26\x57\xf0\x51\x1d\x33\x96\xff\xef\x59\x3d\xda\x4d\xd1\x15\x34\xc7\xea\x3f\x16\x48\x7b\x91\x1c\x80\x43\x0f\x3d\xb8\x05\x3e\xd1\xb3\x95\xcd\xd8\xca\x0f\xc2\x43\x67\xdb\xb7\x93\xe0\x22\x82\x2e\xbe\xf5\x68\x28\x83\xb9\xc1\x3b\x69\x7b\x20\xda\x4e\x9c\x6d\xe1\xba\xcd\x8f\x7a\x6c\xb0\x09\x22\xd7\x8b\x0b\xdb\x1c\xd5\x5a\x26\x5b\x0d\xc0\xea\xe5\x60\xd0\x9f\xfe\x35\xdf\x3f\x02\x03\x01\x00\x01\xa3\x82\x01\xac\x30\x82\x01\xa8\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x82\x01\x16\x06\x03\x55\x1d\x20\x04\x82\x01\x0d\x30\x82\x01\x09\x30\x82\x01\x05\x06\x0a\x2b\x06\x01\x04\x01\xce\x1f\x01\x01\x01\x30\x81\xf6\x30\x81\xd0\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x81\xc3\x1e\x81\xc0\x00\x53\x00\x65\x00\x65\x00\x20\x00\x73\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x6b\x00\x61\x00\x61\x00\x74\x00\x20\x00\x6f\x00\x6e\x00\x20\x00\x76\x00\xe4\x00\x6c\x00\x6a\x00\x61\x00\x73\x00\x74\x00\x61\x00\x74\x00\x75\x00\x64\x00\x20\x00\x41\x00\x53\x00\x2d\x00\x69\x00\x73\x00\x20\x00\x53\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x74\x00\x73\x00\x65\x00\x65\x00\x72\x00\x69\x00\x6d\x00\x69\x00\x73\x00\x6b\x00\x65\x00\x73\x00\x6b\x00\x75\x00\x73\x00\x20\x00\x61\x00\x6c\x00\x61\x00\x6d\x00\x2d\x00\x53\x00\x4b\x00\x20\x00\x73\x00\x65\x00\x72\x00\x74\x00\x69\x00\x66\x00\x69\x00\x6b\x00\x61\x00\x61\x00\x74\x00\x69\x00\x64\x00\x65\x00\x20\x00\x6b\x00\x69\x00\x6e\x00\x6e\x00\x69\x00\x74\x00\x61\x00\x6d\x00\x69\x00\x73\x00\x65\x00\x6b\x00\x73\x30\x21\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x15\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x73\x6b\x2e\x65\x65\x2f\x63\x70\x73\x2f\x30\x2b\x06\x03\x55\x1d\x1f\x04\x24\x30\x22\x30\x20\xa0\x1e\xa0\x1c\x86\x1a\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x73\x6b\x2e\x65\x65\x2f\x6a\x75\x75\x72\x2f\x63\x72\x6c\x2f\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x04\xaa\x7a\x47\xa3\xe4\x89\xaf\x1a\xcf\x0a\x40\xa7\x18\x3f\x6f\xef\xe9\x7d\xbe\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x04\xaa\x7a\x47\xa3\xe4\x89\xaf\x1a\xcf\x0a\x40\xa7\x18\x3f\x6f\xef\xe9\x7d\xbe\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xe6\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7b\xc1\x18\x94\x53\xa2\x09\xf3\xfe\x26\x67\x9a\x50\xe4\xc3\x05\x2f\x2b\x35\x78\x91\x4c\x7c\xa8\x11\x11\x79\x4c\x49\x59\xac\xc8\xf7\x85\x65\x5c\x46\xbb\x3b\x10\xa0\x02\xaf\xcd\x4f\xb5\xcc\x36\x2a\xec\x5d\xfe\xef\xa0\x91\xc9\xb6\x93\x6f\x7c\x80\x54\xec\xc7\x08\x70\x0d\x8e\xfb\x82\xec\x2a\x60\x78\x69\x36\x36\xd1\xc5\x9c\x8b\x69\xb5\x40\xc8\x94\x65\x77\xf2\x57\x21\x66\x3b\xce\x85\x40\xb6\x33\x63\x1a\xbf\x79\x1e\xfc\x5c\x1d\xd3\x1d\x93\x1b\x8b\x0c\x5d\x85\xbd\x99\x30\x32\x18\x09\x91\x52\xe9\x7c\xa1\xba\xff\x64\x92\x9a\xec\xfe\x35\xee\x8c\x2f\xae\xfc\x20\x86\xec\x4a\xde\x1b\x78\x32\x37\xa6\x81\xd2\x9d\xaf\x5a\x12\x16\xca\x99\x5b\xfc\x6f\x6d\x0e\xc5\xa0\x1e\x86\xc9\x91\xd0\x5c\x98\x82\x5f\x63\x0c\x8a\x5a\xab\xd8\x95\xa6\xcc\xcb\x8a\xd6\xbf\x64\x4b\x8e\xca\x8a\xb2\xb0\xe9\x21\x32\x9e\xaa\xa8\x85\x98\x34\x81\x39\x21\x3b\xa8\x3a\x52\x32\x3d\xf6\x6b\x37\x86\x06\x5a\x15\x98\xdc\xf0\x11\x66\xfe\x34\x20\xb7\x03\xf4\x41\x10\x7d\x39\x84\x79\x96\x72\x63\xb6\x96\x02\xe5\x6b\xb9\xad\x19\x4d\xbb\xc6\x44\xdb\x36\xcb\x2a\x9c\x8e", + ["Hongkong Post Root CA 1"] = "\x30\x82\x03\x30\x30\x82\x02\x18\xa0\x03\x02\x01\x02\x02\x02\x03\xe8\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x47\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x4b\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x48\x6f\x6e\x67\x6b\x6f\x6e\x67\x20\x50\x6f\x73\x74\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x48\x6f\x6e\x67\x6b\x6f\x6e\x67\x20\x50\x6f\x73\x74\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x31\x30\x1e\x17\x0d\x30\x33\x30\x35\x31\x35\x30\x35\x31\x33\x31\x34\x5a\x17\x0d\x32\x33\x30\x35\x31\x35\x30\x34\x35\x32\x32\x39\x5a\x30\x47\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x4b\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x13\x0d\x48\x6f\x6e\x67\x6b\x6f\x6e\x67\x20\x50\x6f\x73\x74\x31\x20\x30\x1e\x06\x03\x55\x04\x03\x13\x17\x48\x6f\x6e\x67\x6b\x6f\x6e\x67\x20\x50\x6f\x73\x74\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xac\xff\x38\xb6\xe9\x66\x02\x49\xe3\xa2\xb4\xe1\x90\xf9\x40\x8f\x79\xf9\xe2\xbd\x79\xfe\x02\xbd\xee\x24\x92\x1d\x22\xf6\xda\x85\x72\x69\xfe\xd7\x3f\x09\xd4\xdd\x91\xb5\x02\x9c\xd0\x8d\x5a\xe1\x55\xc3\x50\x86\xb9\x29\x26\xc2\xe3\xd9\xa0\xf1\x69\x03\x28\x20\x80\x45\x22\x2d\x56\xa7\x3b\x54\x95\x56\x22\x59\x1f\x28\xdf\x1f\x20\x3d\x6d\xa2\x36\xbe\x23\xa0\xb1\x6e\xb5\xb1\x27\x3f\x39\x53\x09\xea\xab\x6a\xe8\x74\xb2\xc2\x65\x5c\x8e\xbf\x7c\xc3\x78\x84\xcd\x9e\x16\xfc\xf5\x2e\x4f\x20\x2a\x08\x9f\x77\xf3\xc5\x1e\xc4\x9a\x52\x66\x1e\x48\x5e\xe3\x10\x06\x8f\x22\x98\xe1\x65\x8e\x1b\x5d\x23\x66\x3b\xb8\xa5\x32\x51\xc8\x86\xaa\xa1\xa9\x9e\x7f\x76\x94\xc2\xa6\x6c\xb7\x41\xf0\xd5\xc8\x06\x38\xe6\xd4\x0c\xe2\xf3\x3b\x4c\x6d\x50\x8c\xc4\x83\x27\xc1\x13\x84\x59\x3d\x9e\x75\x74\xb6\xd8\x02\x5e\x3a\x90\x7a\xc0\x42\x36\x72\xec\x6a\x4d\xdc\xef\xc4\x00\xdf\x13\x18\x57\x5f\x26\x78\xc8\xd6\x0a\x79\x77\xbf\xf7\xaf\xb7\x76\xb9\xa5\x0b\x84\x17\x5d\x10\xea\x6f\xe1\xab\x95\x11\x5f\x6d\x3c\xa3\x5c\x4d\x83\x5b\xf2\xb3\x19\x8a\x80\x8b\x0b\x87\x02\x03\x01\x00\x01\xa3\x26\x30\x24\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x03\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc6\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x0e\x46\xd5\x3c\xae\xe2\x87\xd9\x5e\x81\x8b\x02\x98\x41\x08\x8c\x4c\xbc\xda\xdb\xee\x27\x1b\x82\xe7\x6a\x45\xec\x16\x8b\x4f\x85\xa0\xf3\xb2\x70\xbd\x5a\x96\xba\xca\x6e\x6d\xee\x46\x8b\x6e\xe7\x2a\x2e\x96\xb3\x19\x33\xeb\xb4\x9f\xa8\xb2\x37\xee\x98\xa8\x97\xb6\x2e\xb6\x67\x27\xd4\xa6\x49\xfd\x1c\x93\x65\x76\x9e\x42\x2f\xdc\x22\x6c\x9a\x4f\xf2\x5a\x15\x39\xb1\x71\xd7\x2b\x51\xe8\x6d\x1c\x98\xc0\xd9\x2a\xf4\xa1\x82\x7b\xd5\xc9\x41\xa2\x23\x01\x74\x38\x55\x8b\x0f\xb9\x2e\x67\xa2\x20\x04\x37\xda\x9c\x0b\xd3\x17\x21\xe0\x8f\x97\x79\x34\x6f\x84\x48\x02\x20\x33\x1b\xe6\x34\x44\x9f\x91\x70\xf4\x80\x5e\x84\x43\xc2\x29\xd2\x6c\x12\x14\xe4\x61\x8d\xac\x10\x90\x9e\x84\x50\xbb\xf0\x96\x6f\x45\x9f\x8a\xf3\xca\x6c\x4f\xfa\x11\x3a\x15\x15\x46\xc3\xcd\x1f\x83\x5b\x2d\x41\x12\xed\x50\x67\x41\x13\x3d\x21\xab\x94\x8a\xaa\x4e\x7c\xc1\xb1\xfb\xa7\xd6\xb5\x27\x2f\x97\xab\x6e\xe0\x1d\xe2\xd1\x1c\x2c\x1f\x44\xe2\xfc\xbe\x91\xa1\x9c\xfb\xd6\x29\x53\x73\x86\x9f\x53\xd8\x43\x0e\x5d\xd6\x63\x82\x71\x1d\x80\x74\xca\xf6\xe2\x02\x6b\xd9\x5a", + ["SecureSign RootCA11"] = "\x30\x82\x03\x6d\x30\x82\x02\x55\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x58\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x2b\x30\x29\x06\x03\x55\x04\x0a\x13\x22\x4a\x61\x70\x61\x6e\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x2c\x20\x49\x6e\x63\x2e\x31\x1c\x30\x1a\x06\x03\x55\x04\x03\x13\x13\x53\x65\x63\x75\x72\x65\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x43\x41\x31\x31\x30\x1e\x17\x0d\x30\x39\x30\x34\x30\x38\x30\x34\x35\x36\x34\x37\x5a\x17\x0d\x32\x39\x30\x34\x30\x38\x30\x34\x35\x36\x34\x37\x5a\x30\x58\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4a\x50\x31\x2b\x30\x29\x06\x03\x55\x04\x0a\x13\x22\x4a\x61\x70\x61\x6e\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x73\x2c\x20\x49\x6e\x63\x2e\x31\x1c\x30\x1a\x06\x03\x55\x04\x03\x13\x13\x53\x65\x63\x75\x72\x65\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x43\x41\x31\x31\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xfd\x77\xaa\xa5\x1c\x90\x05\x3b\xcb\x4c\x9b\x33\x8b\x5a\x14\x45\xa4\xe7\x90\x16\xd1\xdf\x57\xd2\x21\x10\xa4\x17\xfd\xdf\xac\xd6\x1f\xa7\xe4\xdb\x7c\xf7\xec\xdf\xb8\x03\xda\x94\x58\xfd\x5d\x72\x7c\x8c\x3f\x5f\x01\x67\x74\x15\x96\xe3\x02\x3c\x87\xdb\xae\xcb\x01\x8e\xc2\xf3\x66\xc6\x85\x45\xf4\x02\xc6\x3a\xb5\x62\xb2\xaf\xfa\x9c\xbf\xa4\xe6\xd4\x80\x30\x98\xf3\x0d\xb6\x93\x8f\xa9\xd4\xd8\x36\xf2\xb0\xfc\x8a\xca\x2c\xa1\x15\x33\x95\x31\xda\xc0\x1b\xf2\xee\x62\x99\x86\x63\x3f\xbf\xdd\x93\x2a\x83\xa8\x76\xb9\x13\x1f\xb7\xce\x4e\x42\x85\x8f\x22\xe7\x2e\x1a\xf2\x95\x09\xb2\x05\xb5\x44\x4e\x77\xa1\x20\xbd\xa9\xf2\x4e\x0a\x7d\x50\xad\xf5\x05\x0d\x45\x4f\x46\x71\xfd\x28\x3e\x53\xfb\x04\xd8\x2d\xd7\x65\x1d\x4a\x1b\xfa\xcf\x3b\xb0\x31\x9a\x35\x6e\xc8\x8b\x06\xd3\x00\x91\xf2\x94\x08\x65\x4c\xb1\x34\x06\x00\x7a\x89\xe2\xf0\xc7\x03\x59\xcf\xd5\xd6\xe8\xa7\x32\xb3\xe6\x98\x40\x86\xc5\xcd\x27\x12\x8b\xcc\x7b\xce\xb7\x11\x3c\x62\x60\x07\x23\x3e\x2b\x40\x6e\x94\x80\x09\x6d\xb6\xb3\x6f\x77\x6f\x35\x08\x50\xfb\x02\x87\xc5\x3e\x89\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x5b\xf8\x4d\x4f\xb2\xa5\x86\xd4\x3a\xd2\xf1\x63\x9a\xa0\xbe\x09\xf6\x57\xb7\xde\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xa0\xa1\x38\x16\x66\x2e\xa7\x56\x1f\x21\x9c\x06\xfa\x1d\xed\xb9\x22\xc5\x38\x26\xd8\x4e\x4f\xec\xa3\x7f\x79\xde\x46\x21\xa1\x87\x77\x8f\x07\x08\x9a\xb2\xa4\xc5\xaf\x0f\x32\x98\x0b\x7c\x66\x29\xb6\x9b\x7d\x25\x52\x49\x43\xab\x4c\x2e\x2b\x6e\x7a\x70\xaf\x16\x0e\xe3\x02\x6c\xfb\x42\xe6\x18\x9d\x45\xd8\x55\xc8\xe8\x3b\xdd\xe7\xe1\xf4\x2e\x0b\x1c\x34\x5c\x6c\x58\x4a\xfb\x8c\x88\x50\x5f\x95\x1c\xbf\xed\xab\x22\xb5\x65\xb3\x85\xba\x9e\x0f\xb8\xad\xe5\x7a\x1b\x8a\x50\x3a\x1d\xbd\x0d\xbc\x7b\x54\x50\x0b\xb9\x42\xaf\x55\xa0\x18\x81\xad\x65\x99\xef\xbe\xe4\x9c\xbf\xc4\x85\xab\x41\xb2\x54\x6f\xdc\x25\xcd\xed\x78\xe2\x8e\x0c\x8d\x09\x49\xdd\x63\x7b\x5a\x69\x96\x02\x21\xa8\xbd\x52\x59\xe9\x7d\x35\xcb\xc8\x52\xca\x7f\x81\xfe\xd9\x6b\xd3\xf7\x11\xed\x25\xdf\xf8\xe7\xf9\xa4\xfa\x72\x97\x84\x53\x0d\xa5\xd0\x32\x18\x51\x76\x59\x14\x6c\x0f\xeb\xec\x5f\x80\x8c\x75\x43\x83\xc3\x85\x98\xff\x4c\x9e\x2d\x0d\xe4\x77\x83\x93\x4e\xb5\x96\x07\x8b\x28\x13\x9b\x8c\x19\x8d\x41\x27\x49\x40\xee\xde\xe6\x23\x44\x39\xdc\xa1\x22\xd6\xba\x03\xf2", + ["ACEDICOM Root"] = "\x30\x82\x05\xb5\x30\x82\x03\x9d\xa0\x03\x02\x01\x02\x02\x08\x61\x8d\xc7\x86\x3b\x01\x82\x05\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x44\x31\x16\x30\x14\x06\x03\x55\x04\x03\x0c\x0d\x41\x43\x45\x44\x49\x43\x4f\x4d\x20\x52\x6f\x6f\x74\x31\x0c\x30\x0a\x06\x03\x55\x04\x0b\x0c\x03\x50\x4b\x49\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x0c\x06\x45\x44\x49\x43\x4f\x4d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x30\x1e\x17\x0d\x30\x38\x30\x34\x31\x38\x31\x36\x32\x34\x32\x32\x5a\x17\x0d\x32\x38\x30\x34\x31\x33\x31\x36\x32\x34\x32\x32\x5a\x30\x44\x31\x16\x30\x14\x06\x03\x55\x04\x03\x0c\x0d\x41\x43\x45\x44\x49\x43\x4f\x4d\x20\x52\x6f\x6f\x74\x31\x0c\x30\x0a\x06\x03\x55\x04\x0b\x0c\x03\x50\x4b\x49\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x0c\x06\x45\x44\x49\x43\x4f\x4d\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xff\x92\x95\xe1\x68\x06\x76\xb4\x2c\xc8\x58\x48\xca\xfd\x80\x54\x29\x55\x63\x24\xff\x90\x65\x9b\x10\x75\x7b\xc3\x6a\xdb\x62\x02\x01\xf2\x18\x86\xb5\x7c\x5a\x38\xb1\xe4\x58\xb9\xfb\xd3\xd8\x2d\x9f\xbd\x32\x37\xbf\x2c\x15\x6d\xbe\xb5\xf4\x21\xd2\x13\x91\xd9\x07\xad\x01\x05\xd6\xf3\xbd\x77\xce\x5f\x42\x81\x0a\xf9\x6a\xe3\x83\x00\xa8\x2b\x2e\x55\x13\x63\x81\xca\x47\x1c\x7b\x5c\x16\x57\x7a\x1b\x83\x60\x04\x3a\x3e\x65\xc3\xcd\x01\xde\xde\xa4\xd6\x0c\xba\x8e\xde\xd9\x04\xee\x17\x56\x22\x9b\x8f\x63\xfd\x4d\x16\x0b\xb7\x7b\x77\x8c\xf9\x25\xb5\xd1\x6d\x99\x12\x2e\x4f\x1a\xb8\xe6\xea\x04\x92\xae\x3d\x11\xb9\x51\x42\x3d\x87\xb0\x31\x85\xaf\x79\x5a\x9c\xfe\xe7\x4e\x5e\x92\x4f\x43\xfc\xab\x3a\xad\xa5\x12\x26\x66\xb9\xe2\x0c\xd7\x98\xce\xd4\x58\xa5\x95\x40\x0a\xb7\x44\x9d\x13\x74\x2b\xc2\xa5\xeb\x22\x15\x98\x10\xd8\x8b\xc5\x04\x9f\x1d\x8f\x60\xe5\x06\x1b\x9b\xcf\xb9\x79\xa0\x3d\xa2\x23\x3f\x42\x3f\x6b\xfa\x1c\x03\x7b\x30\x8d\xce\x6c\xc0\xbf\xe6\x1b\x5f\xbf\x67\xb8\x84\x19\xd5\x15\xef\x7b\xcb\x90\x36\x31\x62\xc9\xbc\x02\xab\x46\x5f\x9b\xfe\x1a\x68\x94\x34\x3d\x90\x8e\xad\xf6\xe4\x1d\x09\x7f\x4a\x88\x38\x3f\xbe\x67\xfd\x34\x96\xf5\x1d\xbc\x30\x74\xcb\x38\xee\xd5\x6c\xab\xd4\xfc\xf4\x00\xb7\x00\x5b\x85\x32\x16\x76\x33\xe9\xd8\xa3\x99\x9d\x05\x00\xaa\x16\xe6\xf3\x81\x7d\x6f\x7d\xaa\x86\x6d\xad\x15\x74\xd3\xc4\xa2\x71\xaa\xf4\x14\x7d\xe7\x32\xb8\x1f\xbc\xd5\xf1\x4e\xbd\x6f\x17\x02\x39\xd7\x0e\x95\x42\x3a\xc7\x00\x3e\xe9\x26\x63\x11\xea\x0b\xd1\x4a\xff\x18\x9d\xb2\xd7\x7b\x2f\x3a\xd9\x96\xfb\xe8\x1e\x92\xae\x13\x55\xc8\xd9\x27\xf6\xdc\x48\x1b\xb0\x24\xc1\x85\xe3\x77\x9d\x9a\xa4\xf3\x0c\x11\x1d\x0d\xc8\xb4\x14\xee\xb5\x82\x57\x09\xbf\x20\x58\x7f\x2f\x22\x23\xd8\x70\xcb\x79\x6c\xc9\x4b\xf2\xa9\x2a\xc8\xfc\x87\x2b\xd7\x1a\x50\xf8\x27\xe8\x2f\x43\xe3\x3a\xbd\xd8\x57\x71\xfd\xce\xa6\x52\x5b\xf9\xdd\x4d\xed\xe5\xf6\x6f\x89\xed\xbb\x93\x9c\x76\x21\x75\xf0\x92\x4c\x29\xf7\x2f\x9c\x01\x2e\xfe\x50\x46\x9e\x64\x0c\x14\xb3\x07\x5b\xc5\xc2\x73\x6c\xf1\x07\x5c\x45\x24\x14\x35\xae\x83\xf1\x6a\x4d\x89\x7a\xfa\xb3\xd8\x2d\x66\xf0\x36\x87\xf5\x2b\x53\x02\x03\x01\x00\x01\xa3\x81\xaa\x30\x81\xa7\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xa6\xb3\xe1\x2b\x2b\x49\xb6\xd7\x73\xa1\xaa\x94\xf5\x01\xe7\x73\x65\x4c\xac\x50\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x86\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xa6\xb3\xe1\x2b\x2b\x49\xb6\xd7\x73\xa1\xaa\x94\xf5\x01\xe7\x73\x65\x4c\xac\x50\x30\x44\x06\x03\x55\x1d\x20\x04\x3d\x30\x3b\x30\x39\x06\x04\x55\x1d\x20\x00\x30\x31\x30\x2f\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x61\x63\x65\x64\x69\x63\x6f\x6d\x2e\x65\x64\x69\x63\x6f\x6d\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6d\x2f\x64\x6f\x63\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\xce\x2c\x0b\x52\x51\x62\x26\x7d\x0c\x27\x83\x8f\xc5\xf6\xda\xa0\x68\x7b\x4f\x92\x5e\xea\xa4\x73\x32\x11\x53\x44\xb2\x44\xcb\x9d\xec\x0f\x79\x42\xb3\x10\xa6\xc7\x0d\x9d\xcb\xb6\xfa\x3f\x3a\x7c\xea\xbf\x88\x53\x1b\x3c\xf7\x82\xfa\x05\x35\x33\xe1\x35\xa8\x57\xc0\xe7\xfd\x8d\x4f\x3f\x93\x32\x4f\x78\x66\x03\x77\x07\x58\xe9\x95\xc8\x7e\x3e\xd0\x79\x00\x8c\xf2\x1b\x51\x33\x9b\xbc\x94\xe9\x3a\x7b\x6e\x52\x2d\x32\x9e\x23\xa4\x45\xfb\xb6\x2e\x13\xb0\x8b\x18\xb1\xdd\xce\xd5\x1d\xa7\x42\x7f\x55\xbe\xfb\x5b\xbb\x47\xd4\xfc\x24\xcd\x04\xae\x96\x05\x15\xd6\xac\xce\x30\xf3\xca\x0b\xc5\xba\xe2\x22\xe0\xa6\xad\x22\xe4\x02\xee\x74\x11\x7f\x4c\xff\x78\x1d\x35\xda\xe6\x02\x34\xeb\x18\x12\x61\x77\x06\x09\x16\x63\xea\x18\xad\xa2\x87\x1f\xf2\xc7\x80\x09\x09\x75\x4e\x10\xa8\x8f\x3d\x86\xb8\x75\x11\xc0\x24\x62\x8a\x96\x7b\x4a\x45\xe9\xec\x59\xc5\xbe\x6b\x83\xe6\xe1\xe8\xac\xb5\x30\x1e\xfe\x05\x07\x80\xf9\xe1\x23\x0d\x50\x8f\x05\x98\xff\x2c\x5f\xe8\x3b\xb6\xad\xcf\x81\xb5\x21\x87\xca\x08\x2a\x23\x27\x30\x20\x2b\xcf\xed\x94\x5b\xac\xb2\x7a\xd2\xc7\x28\xa1\x8a\x0b\x9b\x4d\x4a\x2c\x6d\x85\x3f\x09\x72\x3c\x67\xe2\xd9\xdc\x07\xba\xeb\x65\x7b\x5a\x01\x63\xd6\x90\x5b\x4f\x17\x66\x3d\x7f\x0b\x19\xa3\x93\x63\x10\x52\x2a\x9f\x14\x16\x58\xe2\xdc\xa5\xf4\xa1\x16\x8b\x0e\x91\x8b\x81\xca\x9b\x59\xfa\xd8\x6b\x91\x07\x65\x55\x5f\x52\x1f\xaf\x3a\xfb\x90\xdd\x69\xa5\x5b\x9c\x6d\x0e\x2c\xb6\xfa\xce\xac\xa5\x7c\x32\x4a\x67\x40\xdc\x30\x34\x23\xdd\xd7\x04\x23\x66\xf0\xfc\x55\x80\xa7\xfb\x66\x19\x82\x35\x67\x62\x70\x39\x5e\x6f\xc7\xea\x90\x40\x44\x08\x1e\xb8\xb2\xd6\xdb\xee\x59\xa7\x0d\x18\x79\x34\xbc\x54\x18\x5e\x53\xca\x34\x51\xed\x45\x0a\xe6\x8e\xc7\x82\x36\x3e\xa7\x38\x63\xa9\x30\x2c\x17\x10\x60\x92\x9f\x55\x87\x12\x59\x10\xc2\x0f\x67\x69\x11\xcc\x4e\x1e\x7e\x4a\x9a\xad\xaf\x40\xa8\x75\xac\x56\x90\x74\xb8\xa0\x9c\xa5\x79\x6f\xdc\xe9\x1a\xc8\x69\x05\xe9\xba\xfa\x03\xb3\x7c\xe4\xe0\x4e\xc2\xce\x9d\xe8\xb6\x46\x0d\x6e\x7e\x57\x3a\x67\x94\xc2\xcb\x1f\x9c\x77\x4a\x67\x4e\x69\x86\x43\x93\x38\xfb\xb6\xdb\x4f\x83\x91\xd4\x60\x7e\x4b\x3e\x2b\x38\x07\x55\x98\x5e\xa4", + ["Verisign Class 3 Public Primary Certification Authority"] = "\x30\x82\x02\x3c\x30\x82\x01\xa5\x02\x10\x3c\x91\x31\xcb\x1f\xf6\xd0\x1b\x0e\x9a\xb8\xd0\x44\xbf\x12\xbe\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x0b\x13\x2e\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x1e\x17\x0d\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x38\x30\x38\x30\x32\x32\x33\x35\x39\x35\x39\x5a\x30\x5f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x37\x30\x35\x06\x03\x55\x04\x0b\x13\x2e\x43\x6c\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xc9\x5c\x59\x9e\xf2\x1b\x8a\x01\x14\xb4\x10\xdf\x04\x40\xdb\xe3\x57\xaf\x6a\x45\x40\x8f\x84\x0c\x0b\xd1\x33\xd9\xd9\x11\xcf\xee\x02\x58\x1f\x25\xf7\x2a\xa8\x44\x05\xaa\xec\x03\x1f\x78\x7f\x9e\x93\xb9\x9a\x00\xaa\x23\x7d\xd6\xac\x85\xa2\x63\x45\xc7\x72\x27\xcc\xf4\x4c\xc6\x75\x71\xd2\x39\xef\x4f\x42\xf0\x75\xdf\x0a\x90\xc6\x8e\x20\x6f\x98\x0f\xf8\xac\x23\x5f\x70\x29\x36\xa4\xc9\x86\xe7\xb1\x9a\x20\xcb\x53\xa5\x85\xe7\x3d\xbe\x7d\x9a\xfe\x24\x45\x33\xdc\x76\x15\xed\x0f\xa2\x71\x64\x4c\x65\x2e\x81\x68\x45\xa7\x02\x03\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x10\x72\x52\xa9\x05\x14\x19\x32\x08\x41\xf0\xc5\x6b\x0a\xcc\x7e\x0f\x21\x19\xcd\xe4\x67\xdc\x5f\xa9\x1b\xe6\xca\xe8\x73\x9d\x22\xd8\x98\x6e\x73\x03\x61\x91\xc5\x7c\xb0\x45\x40\x6e\x44\x9d\x8d\xb0\xb1\x96\x74\x61\x2d\x0d\xa9\x45\xd2\xa4\x92\x2a\xd6\x9a\x75\x97\x6e\x3f\x53\xfd\x45\x99\x60\x1d\xa8\x2b\x4c\xf9\x5e\xa7\x09\xd8\x75\x30\xd7\xd2\x65\x60\x3d\x67\xd6\x48\x55\x75\x69\x3f\x91\xf5\x48\x0b\x47\x69\x22\x69\x82\x96\xbe\xc9\xc8\x38\x86\x4a\x7a\x2c\x73\x19\x48\x69\x4e\x6b\x7c\x65\xbf\x0f\xfc\x70\xce\x88\x90", + ["Microsec e-Szigno Root CA 2009"] = "\x30\x82\x04\x0a\x30\x82\x02\xf2\xa0\x03\x02\x01\x02\x02\x09\x00\xc2\x7e\x43\x04\x4e\x47\x3f\x19\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x0c\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x0c\x0d\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x4c\x74\x64\x2e\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0c\x1e\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x30\x30\x39\x31\x1f\x30\x1d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x10\x69\x6e\x66\x6f\x40\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x30\x1e\x17\x0d\x30\x39\x30\x36\x31\x36\x31\x31\x33\x30\x31\x38\x5a\x17\x0d\x32\x39\x31\x32\x33\x30\x31\x31\x33\x30\x31\x38\x5a\x30\x81\x82\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0f\x06\x03\x55\x04\x07\x0c\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0a\x0c\x0d\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x4c\x74\x64\x2e\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0c\x1e\x4d\x69\x63\x72\x6f\x73\x65\x63\x20\x65\x2d\x53\x7a\x69\x67\x6e\x6f\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x32\x30\x30\x39\x31\x1f\x30\x1d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x10\x69\x6e\x66\x6f\x40\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xe9\xf8\x8f\xf3\x63\xad\xda\x86\xd8\xa7\xe0\x42\xfb\xcf\x91\xde\xa6\x26\xf8\x99\xa5\x63\x70\xad\x9b\xae\xca\x33\x40\x7d\x6d\x96\x6e\xa1\x0e\x44\xee\xe1\x13\x9d\x94\x42\x52\x9a\xbd\x75\x85\x74\x2c\xa8\x0e\x1d\x93\xb6\x18\xb7\x8c\x2c\xa8\xcf\xfb\x5c\x71\xb9\xda\xec\xfe\xe8\x7e\x8f\xe4\x2f\x1d\xb2\xa8\x75\x87\xd8\xb7\xa1\xe5\x3b\xcf\x99\x4a\x46\xd0\x83\x19\x7d\xc0\xa1\x12\x1c\x95\x6d\x4a\xf4\xd8\xc7\xa5\x4d\x33\x2e\x85\x39\x40\x75\x7e\x14\x7c\x80\x12\x98\x50\xc7\x41\x67\xb8\xa0\x80\x61\x54\xa6\x6c\x4e\x1f\xe0\x9d\x0e\x07\xe9\xc9\xba\x33\xe7\xfe\xc0\x55\x28\x2c\x02\x80\xa7\x19\xf5\x9e\xdc\x55\x53\x03\x97\x7b\x07\x48\xff\x99\xfb\x37\x8a\x24\xc4\x59\xcc\x50\x10\x63\x8e\xaa\xa9\x1a\xb0\x84\x1a\x86\xf9\x5f\xbb\xb1\x50\x6e\xa4\xd1\x0a\xcc\xd5\x71\x7e\x1f\xa7\x1b\x7c\xf5\x53\x6e\x22\x5f\xcb\x2b\xe6\xd4\x7c\x5d\xae\xd6\xc2\xc6\x4c\xe5\x05\x01\xd9\xed\x57\xfc\xc1\x23\x79\xfc\xfa\xc8\x24\x83\x95\xf3\xb5\x6a\x51\x01\xd0\x77\xd6\xe9\x12\xa1\xf9\x1a\x83\xfb\x82\x1b\xb9\xb0\x97\xf4\x76\x06\x33\x43\x49\xa0\xff\x0b\xb5\xfa\xb5\x02\x03\x01\x00\x01\xa3\x81\x80\x30\x7e\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xcb\x0f\xc6\xdf\x42\x43\xcc\x3d\xcb\xb5\x48\x23\xa1\x1a\x7a\xa6\x2a\xbb\x34\x68\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\xcb\x0f\xc6\xdf\x42\x43\xcc\x3d\xcb\xb5\x48\x23\xa1\x1a\x7a\xa6\x2a\xbb\x34\x68\x30\x1b\x06\x03\x55\x1d\x11\x04\x14\x30\x12\x81\x10\x69\x6e\x66\x6f\x40\x65\x2d\x73\x7a\x69\x67\x6e\x6f\x2e\x68\x75\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\xc9\xd1\x0e\x5e\x2e\xd5\xcc\xb3\x7c\x3e\xcb\xfc\x3d\xff\x0d\x28\x95\x93\x04\xc8\xbf\xda\xcd\x79\xb8\x43\x90\xf0\xa4\xbe\xef\xf2\xef\x21\x98\xbc\xd4\xd4\x5d\x06\xf6\xee\x42\xec\x30\x6c\xa0\xaa\xa9\xca\xf1\xaf\x8a\xfa\x3f\x0b\x73\x6a\x3e\xea\x2e\x40\x7e\x1f\xae\x54\x61\x79\xeb\x2e\x08\x37\xd7\x23\xf3\x8c\x9f\xbe\x1d\xb1\xe1\xa4\x75\xdb\xa0\xe2\x54\x14\xb1\xba\x1c\x29\xa4\x18\xf6\x12\xba\xa2\x14\x14\xe3\x31\x35\xc8\x40\xff\xb7\xe0\x05\x76\x57\xc1\x1c\x59\xf2\xf8\xbf\xe4\xed\x25\x62\x5c\x84\xf0\x7e\x7e\x1f\xb3\xbe\xf9\xb7\x21\x11\xcc\x03\x01\x56\x70\xa7\x10\x92\x1e\x1b\x34\x81\x1e\xad\x9c\x1a\xc3\x04\x3c\xed\x02\x61\xd6\x1e\x06\xf3\x5f\x3a\x87\xf2\x2b\xf1\x45\x87\xe5\x3d\xac\xd1\xc7\x57\x84\xbd\x6b\xae\xdc\xd8\xf9\xb6\x1b\x62\x70\x0b\x3d\x36\xc9\x42\xf2\x32\xd7\x7a\x61\xe6\xd2\xdb\x3d\xcf\xc8\xa9\xc9\x9b\xdc\xdb\x58\x44\xd7\x6f\x38\xaf\x7f\x78\xd3\xa3\xad\x1a\x75\xba\x1c\xc1\x36\x7c\x8f\x1e\x6d\x1c\xc3\x75\x46\xae\x35\x05\xa6\xf6\x5c\x3d\x21\xee\x56\xf0\xc9\x82\x22\x2d\x7a\x54\xab\x70\xc3\x7d\x22\x65\x82\x70\x96", + ["E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi"] = "\x30\x82\x03\xb6\x30\x82\x02\x9e\xa0\x03\x02\x01\x02\x02\x10\x44\x99\x8d\x3c\xc0\x03\x27\xbd\x9c\x76\x95\xb9\xea\xdb\xac\xb5\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x75\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x28\x30\x26\x06\x03\x55\x04\x0a\x13\x1f\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x42\x69\x6c\x67\x69\x20\x47\x75\x76\x65\x6e\x6c\x69\x67\x69\x20\x41\x2e\x53\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x03\x13\x33\x65\x2d\x47\x75\x76\x65\x6e\x20\x4b\x6f\x6b\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\x67\x6c\x61\x79\x69\x63\x69\x73\x69\x30\x1e\x17\x0d\x30\x37\x30\x31\x30\x34\x31\x31\x33\x32\x34\x38\x5a\x17\x0d\x31\x37\x30\x31\x30\x34\x31\x31\x33\x32\x34\x38\x5a\x30\x75\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x28\x30\x26\x06\x03\x55\x04\x0a\x13\x1f\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x42\x69\x6c\x67\x69\x20\x47\x75\x76\x65\x6e\x6c\x69\x67\x69\x20\x41\x2e\x53\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x03\x13\x33\x65\x2d\x47\x75\x76\x65\x6e\x20\x4b\x6f\x6b\x20\x45\x6c\x65\x6b\x74\x72\x6f\x6e\x69\x6b\x20\x53\x65\x72\x74\x69\x66\x69\x6b\x61\x20\x48\x69\x7a\x6d\x65\x74\x20\x53\x61\x67\x6c\x61\x79\x69\x63\x69\x73\x69\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc3\x12\x20\x9e\xb0\x5e\x00\x65\x8d\x4e\x46\xbb\x80\x5c\xe9\x2c\x06\x97\xd5\xf3\x72\xc9\x70\xb9\xe7\x4b\x65\x80\xc1\x4b\xbe\x7e\x3c\xd7\x54\x31\x94\xde\xd5\x12\xba\x53\x16\x02\xea\x58\x63\xef\x5b\xd8\xf3\xed\x2a\x1a\xaa\x71\x48\xa3\xdc\x10\x2d\x5f\x5f\xeb\x5c\x4b\x9c\x96\x08\x42\x25\x28\x11\xcc\x8a\x5a\x62\x01\x50\xd5\xeb\x09\x53\x2f\xf8\xc3\x8f\xfe\xb3\xfc\xfd\x9d\xa2\xe3\x5f\x7d\xbe\xed\x0b\xe0\x60\xeb\x69\xec\x33\xed\xd8\x8d\xfb\x12\x49\x83\x00\xc9\x8b\x97\x8c\x3b\x73\x2a\x32\xb3\x12\xf7\xb9\x4d\xf2\xf4\x4d\x6d\xc7\xe6\xd6\x26\x37\x08\xf2\xd9\xfd\x6b\x5c\xa3\xe5\x48\x5c\x58\xbc\x42\xbe\x03\x5a\x81\xba\x1c\x35\x0c\x00\xd3\xf5\x23\x7e\x71\x30\x08\x26\x38\xdc\x25\x11\x47\x2d\xf3\xba\x23\x10\xa5\xbf\xbc\x02\xf7\x43\x5e\xc7\xfe\xb0\x37\x50\x99\x7b\x0f\x93\xce\xe6\x43\x2c\xc3\x7e\x0d\xf2\x1c\x43\x66\x60\xcb\x61\x31\x47\x87\xa3\x4f\xae\xbd\x56\x6c\x4c\xbc\xbc\xf8\x05\xca\x64\xf4\xe9\x34\xa1\x2c\xb5\x73\xe1\xc2\x3e\xe8\xc8\xc9\x34\x25\x08\x5c\xf3\xed\xa6\xc7\x94\x9f\xad\x88\x43\x25\xd7\xe1\x39\x60\xfe\xac\x39\x59\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x9f\xee\x44\xb3\x94\xd5\xfa\x91\x4f\x2e\xd9\x55\x9a\x04\x56\xdb\x2d\xc4\xdb\xa5\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7f\x5f\xb9\x53\x5b\x63\x3d\x75\x32\xe7\xfa\xc4\x74\x1a\xcb\x46\xdf\x46\x69\x1c\x52\xcf\xaa\x4f\xc2\x68\xeb\xff\x80\xa9\x51\xe8\x3d\x62\x77\x89\x3d\x0a\x75\x39\xf1\x6e\x5d\x17\x87\x6f\x68\x05\xc1\x94\x6c\xd9\x5d\xdf\xda\xb2\x59\xcb\xa5\x10\x8a\xca\xcc\x39\xcd\x9f\xeb\x4e\xde\x52\xff\x0c\xf0\xf4\x92\xa9\xf2\x6c\x53\xab\x9b\xd2\x47\xa0\x1f\x74\xf7\x9b\x9a\xf1\x2f\x15\x9f\x7a\x64\x30\x18\x07\x3c\x2a\x0f\x67\xca\xfc\x0f\x89\x61\x9d\x65\xa5\x3c\xe5\xbc\x13\x5b\x08\xdb\xe3\xff\xed\xbb\x06\xbb\x6a\x06\xb1\x7a\x4f\x65\xc6\x82\xfd\x1e\x9c\x8b\xb5\x0d\xee\x48\xbb\xb8\xbd\xaa\x08\xb4\xfb\xa3\x7c\xcb\x9f\xcd\x90\x76\x5c\x86\x96\x78\x57\x0a\x66\xf9\x58\x1a\x9d\xfd\x97\x29\x60\xde\x11\xa6\x90\x1c\x19\x1c\xee\x01\x96\x22\x34\x34\x2e\x91\xf9\xb7\xc4\x27\xd1\x7b\xe6\xbf\xfb\x80\x44\x5a\x16\xe5\xeb\xe0\xd4\x0a\x38\xbc\xe4\x91\xe3\xd5\xeb\x5c\xc1\xac\xdf\x1b\x6a\x7c\x9e\xe5\x75\xd2\xb6\x97\x87\xdb\xcc\x87\x2b\x43\x3a\x84\x08\xaf\xab\x3c\xdb\xf7\x3c\x66\x31\x86\xb0\x9d\x53\x79\xed\xf8\x23\xde\x42\xe3\x2d\x82\xf1\x0f\xe5\xfa\x97", + ["GlobalSign Root CA - R3"] = "\x30\x82\x03\x5f\x30\x82\x02\x47\xa0\x03\x02\x01\x02\x02\x0b\x04\x00\x00\x00\x00\x01\x21\x58\x53\x08\xa2\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x4c\x31\x20\x30\x1e\x06\x03\x55\x04\x0b\x13\x17\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x52\x33\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x30\x1e\x17\x0d\x30\x39\x30\x33\x31\x38\x31\x30\x30\x30\x30\x30\x5a\x17\x0d\x32\x39\x30\x33\x31\x38\x31\x30\x30\x30\x30\x30\x5a\x30\x4c\x31\x20\x30\x1e\x06\x03\x55\x04\x0b\x13\x17\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x43\x41\x20\x2d\x20\x52\x33\x31\x13\x30\x11\x06\x03\x55\x04\x0a\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x47\x6c\x6f\x62\x61\x6c\x53\x69\x67\x6e\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xcc\x25\x76\x90\x79\x06\x78\x22\x16\xf5\xc0\x83\xb6\x84\xca\x28\x9e\xfd\x05\x76\x11\xc5\xad\x88\x72\xfc\x46\x02\x43\xc7\xb2\x8a\x9d\x04\x5f\x24\xcb\x2e\x4b\xe1\x60\x82\x46\xe1\x52\xab\x0c\x81\x47\x70\x6c\xdd\x64\xd1\xeb\xf5\x2c\xa3\x0f\x82\x3d\x0c\x2b\xae\x97\xd7\xb6\x14\x86\x10\x79\xbb\x3b\x13\x80\x77\x8c\x08\xe1\x49\xd2\x6a\x62\x2f\x1f\x5e\xfa\x96\x68\xdf\x89\x27\x95\x38\x9f\x06\xd7\x3e\xc9\xcb\x26\x59\x0d\x73\xde\xb0\xc8\xe9\x26\x0e\x83\x15\xc6\xef\x5b\x8b\xd2\x04\x60\xca\x49\xa6\x28\xf6\x69\x3b\xf6\xcb\xc8\x28\x91\xe5\x9d\x8a\x61\x57\x37\xac\x74\x14\xdc\x74\xe0\x3a\xee\x72\x2f\x2e\x9c\xfb\xd0\xbb\xbf\xf5\x3d\x00\xe1\x06\x33\xe8\x82\x2b\xae\x53\xa6\x3a\x16\x73\x8c\xdd\x41\x0e\x20\x3a\xc0\xb4\xa7\xa1\xe9\xb2\x4f\x90\x2e\x32\x60\xe9\x57\xcb\xb9\x04\x92\x68\x68\xe5\x38\x26\x60\x75\xb2\x9f\x77\xff\x91\x14\xef\xae\x20\x49\xfc\xad\x40\x15\x48\xd1\x02\x31\x61\x19\x5e\xb8\x97\xef\xad\x77\xb7\x64\x9a\x7a\xbf\x5f\xc1\x13\xef\x9b\x62\xfb\x0d\x6c\xe0\x54\x69\x16\xa9\x03\xda\x6e\xe9\x83\x93\x71\x76\xc6\x69\x85\x82\x17\x02\x03\x01\x00\x01\xa3\x42\x30\x40\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x8f\xf0\x4b\x7f\xa8\x2e\x45\x24\xae\x4d\x50\xfa\x63\x9a\x8b\xde\xe2\xdd\x1b\xbc\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x4b\x40\xdb\xc0\x50\xaa\xfe\xc8\x0c\xef\xf7\x96\x54\x45\x49\xbb\x96\x00\x09\x41\xac\xb3\x13\x86\x86\x28\x07\x33\xca\x6b\xe6\x74\xb9\xba\x00\x2d\xae\xa4\x0a\xd3\xf5\xf1\xf1\x0f\x8a\xbf\x73\x67\x4a\x83\xc7\x44\x7b\x78\xe0\xaf\x6e\x6c\x6f\x03\x29\x8e\x33\x39\x45\xc3\x8e\xe4\xb9\x57\x6c\xaa\xfc\x12\x96\xec\x53\xc6\x2d\xe4\x24\x6c\xb9\x94\x63\xfb\xdc\x53\x68\x67\x56\x3e\x83\xb8\xcf\x35\x21\xc3\xc9\x68\xfe\xce\xda\xc2\x53\xaa\xcc\x90\x8a\xe9\xf0\x5d\x46\x8c\x95\xdd\x7a\x58\x28\x1a\x2f\x1d\xde\xcd\x00\x37\x41\x8f\xed\x44\x6d\xd7\x53\x28\x97\x7e\xf3\x67\x04\x1e\x15\xd7\x8a\x96\xb4\xd3\xde\x4c\x27\xa4\x4c\x1b\x73\x73\x76\xf4\x17\x99\xc2\x1f\x7a\x0e\xe3\x2d\x08\xad\x0a\x1c\x2c\xff\x3c\xab\x55\x0e\x0f\x91\x7e\x36\xeb\xc3\x57\x49\xbe\xe1\x2e\x2d\x7c\x60\x8b\xc3\x41\x51\x13\x23\x9d\xce\xf7\x32\x6b\x94\x01\xa8\x99\xe7\x2c\x33\x1f\x3a\x3b\x25\xd2\x86\x40\xce\x3b\x2c\x86\x78\xc9\x61\x2f\x14\xba\xee\xdb\x55\x6f\xdf\x84\xee\x05\x09\x4d\xbd\x28\xd8\x72\xce\xd3\x62\x50\x65\x1e\xeb\x92\x97\x83\x31\xd9\xb3\xb5\xca\x47\x58\x3f\x5f", + ["TC TrustCenter Universal CA III"] = "\x30\x82\x03\xe1\x30\x82\x02\xc9\xa0\x03\x02\x01\x02\x02\x0e\x63\x25\x00\x01\x00\x02\x14\x8d\x33\x15\x02\xe4\x6c\xf4\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x7b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0b\x13\x1b\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1f\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x20\x49\x49\x49\x30\x1e\x17\x0d\x30\x39\x30\x39\x30\x39\x30\x38\x31\x35\x32\x37\x5a\x17\x0d\x32\x39\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a\x30\x7b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1c\x30\x1a\x06\x03\x55\x04\x0a\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x47\x6d\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0b\x13\x1b\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1f\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6e\x74\x65\x72\x20\x55\x6e\x69\x76\x65\x72\x73\x61\x6c\x20\x43\x41\x20\x49\x49\x49\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xc2\xda\x9c\x62\xb0\xb9\x71\x12\xb0\x0b\xc8\x1a\x57\xb2\xae\x83\x14\x99\xb3\x34\x4b\x9b\x90\xa2\xc5\xe7\xe7\x2f\x02\xa0\x4d\x2d\xa4\xfa\x85\xda\x9b\x25\x85\x2d\x40\x28\x20\x6d\xea\xe0\xbd\xb1\x48\x83\x22\x29\x44\x9f\x4e\x83\xee\x35\x51\x13\x73\x74\xd5\xbc\xf2\x30\x66\x94\x53\xc0\x40\x36\x2f\x0c\x84\x65\xce\x0f\x6e\xc2\x58\x93\xe8\x2c\x0b\x3a\xe9\xc1\x8e\xfb\xf2\x6b\xca\x3c\xe2\x9c\x4e\x8e\xe4\xf9\x7d\xd3\x27\x9f\x1b\xd5\x67\x78\x87\x2d\x7f\x0b\x47\xb3\xc7\xe8\xc9\x48\x7c\xaf\x2f\xcc\x0a\xd9\x41\xef\x9f\xfe\x9a\xe1\xb2\xae\xf9\x53\xb5\xe5\xe9\x46\x9f\x60\xe3\xdf\x8d\xd3\x7f\xfb\x96\x7e\xb3\xb5\x72\xf8\x4b\xad\x08\x79\xcd\x69\x89\x40\x27\xf5\x2a\xc1\xad\x43\xec\xa4\x53\xc8\x61\xb6\xf7\xd2\x79\x2a\x67\x18\x76\x48\x6d\x5b\x25\x01\xd1\x26\xc5\xb7\x57\x69\x23\x15\x5b\x61\x8a\xad\xf0\x1b\x2d\xd9\xaf\x5c\xf1\x26\x90\x69\xa9\xd5\x0c\x40\xf5\x33\x80\x43\x8f\x9c\xa3\x76\x2a\x45\xb4\xaf\xbf\x7f\x3e\x87\x3f\x76\xc5\xcd\x2a\xde\x20\xc5\x16\x58\xcb\xf9\x1b\xf5\x0f\xcb\x0d\x11\x52\x64\xb8\xd2\x76\x62\x77\x83\xf1\x58\x9f\xff\x02\x03\x01\x00\x01\xa3\x63\x30\x61\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x56\xe7\xe1\x5b\x25\x43\x80\xe0\xf6\x8c\xe1\x71\xbc\x8e\xe5\x80\x2f\xc4\x48\xe2\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x56\xe7\xe1\x5b\x25\x43\x80\xe0\xf6\x8c\xe1\x71\xbc\x8e\xe5\x80\x2f\xc4\x48\xe2\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x83\xc7\xaf\xea\x7f\x4d\x0a\x3c\x39\xb1\x68\xbe\x7b\x6d\x89\x2e\xe9\xb3\x09\xe7\x18\x57\x8d\x85\x9a\x17\xf3\x76\x42\x50\x13\x0f\xc7\x90\x6f\x33\xad\xc5\x49\x60\x2b\x6c\x49\x58\x19\xd4\xe2\xbe\xb7\xbf\xab\x49\xbc\x94\xc8\xab\xbe\x28\x6c\x16\x68\xe0\xc8\x97\x46\x20\xa0\x68\x67\x60\x88\x39\x20\x51\xd8\x68\x01\x11\xce\xa7\xf6\x11\x07\xf6\xec\xec\xac\x1a\x1f\xb2\x66\x6e\x56\x67\x60\x7a\x74\x5e\xc0\x6d\x97\x36\xae\xb5\x0d\x5d\x66\x73\xc0\x25\x32\x45\xd8\x4a\x06\x07\x8f\xc4\xb7\x07\xb1\x4d\x06\x0d\xe1\xa5\xeb\xf4\x75\xca\xba\x9c\xd0\xbd\xb3\xd3\x32\x24\x4c\xee\x7e\xe2\x76\x04\x4b\x49\x53\xd8\xf2\xe9\x54\x33\xfc\xe5\x71\x1f\x3d\x14\x5c\x96\x4b\xf1\x3a\xf2\x00\xbb\x6c\xb4\xfa\x96\x55\x08\x88\x09\xc1\xcc\x91\x19\x29\xb0\x20\x2d\xff\xcb\x38\xa4\x40\xe1\x17\xbe\x79\x61\x80\xff\x07\x03\x86\x4c\x4e\x7b\x06\x9f\x11\x86\x8d\x89\xee\x27\xc4\xdb\xe2\xbc\x19\x8e\x0b\xc3\xc3\x13\xc7\x2d\x03\x63\x3b\xd3\xe8\xe4\xa2\x2a\xc2\x82\x08\x94\x16\x54\xf0\xef\x1f\x27\x90\x25\xb8\x0d\x0e\x28\x1b\x47\x77\x47\xbd\x1c\xa8\x25\xf1\x94\xb4\x66", + ["Autoridad de Certificacion Firmaprofesional CIF A62634068"] = "\x30\x82\x06\x14\x30\x82\x03\xfc\xa0\x03\x02\x01\x02\x02\x08\x53\xec\x3b\xee\xfb\xb2\x48\x5f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x51\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x42\x30\x40\x06\x03\x55\x04\x03\x0c\x39\x41\x75\x74\x6f\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6f\x6e\x20\x46\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x30\x1e\x17\x0d\x30\x39\x30\x35\x32\x30\x30\x38\x33\x38\x31\x35\x5a\x17\x0d\x33\x30\x31\x32\x33\x31\x30\x38\x33\x38\x31\x35\x5a\x30\x51\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x42\x30\x40\x06\x03\x55\x04\x03\x0c\x39\x41\x75\x74\x6f\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6f\x6e\x20\x46\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xca\x96\x6b\x8e\xea\xf8\xfb\xf1\xa2\x35\xe0\x7f\x4c\xda\xe0\xc3\x52\xd7\x7d\xb6\x10\xc8\x02\x5e\xb3\x43\x2a\xc4\x4f\x6a\xb2\xca\x1c\x5d\x28\x9a\x78\x11\x1a\x69\x59\x57\xaf\xb5\x20\x42\xe4\x8b\x0f\xe6\xdf\x5b\xa6\x03\x92\x2f\xf5\x11\xe4\x62\xd7\x32\x71\x38\xd9\x04\x0c\x71\xab\x3d\x51\x7e\x0f\x07\xdf\x63\x05\x5c\xe9\xbf\x94\x6f\xc1\x29\x82\xc0\xb4\xda\x51\xb0\xc1\x3c\xbb\xad\x37\x4a\x5c\xca\xf1\x4b\x36\x0e\x24\xab\xbf\xc3\x84\x77\xfd\xa8\x50\xf4\xb1\xe7\xc6\x2f\xd2\x2d\x59\x8d\x7a\x0a\x4e\x96\x69\x52\x02\xaa\x36\x98\xec\xfc\xfa\x14\x83\x0c\x37\x1f\xc9\x92\x37\x7f\xd7\x81\x2d\xe5\xc4\xb9\xe0\x3e\x34\xfe\x67\xf4\x3e\x66\xd1\xd3\xf4\x40\xcf\x5e\x62\x34\x0f\x70\x06\x3e\x20\x18\x5a\xce\xf7\x72\x1b\x25\x6c\x93\x74\x14\x93\xa3\x73\xb1\x0e\xaa\x87\x10\x23\x59\x5f\x20\x05\x19\x47\xed\x68\x8e\x92\x12\xca\x5d\xfc\xd6\x2b\xb2\x92\x3c\x20\xcf\xe1\x5f\xaf\x20\xbe\xa0\x76\x7f\x76\xe5\xec\x1a\x86\x61\x33\x3e\xe7\x7b\xb4\x3f\xa0\x0f\x8e\xa2\xb9\x6a\x6f\xb9\x87\x26\x6f\x41\x6c\x88\xa6\x50\xfd\x6a\x63\x0b\xf5\x93\x16\x1b\x19\x8f\xb2\xed\x9b\x9b\xc9\x90\xf5\x01\x0c\xdf\x19\x3d\x0f\x3e\x38\x23\xc9\x2f\x8f\x0c\xd1\x02\xfe\x1b\x55\xd6\x4e\xd0\x8d\x3c\xaf\x4f\xa4\xf3\xfe\xaf\x2a\xd3\x05\x9d\x79\x08\xa1\xcb\x57\x31\xb4\x9c\xc8\x90\xb2\x67\xf4\x18\x16\x93\x3a\xfc\x47\xd8\xd1\x78\x96\x31\x1f\xba\x2b\x0c\x5f\x5d\x99\xad\x63\x89\x5a\x24\x20\x76\xd8\xdf\xfd\xab\x4e\xa6\x22\xaa\x9d\x5e\xe6\x27\x8a\x7d\x68\x29\xa3\xe7\x8a\xb8\xda\x11\xbb\x17\x2d\x99\x9d\x13\x24\x46\xf7\xc5\xe2\xd8\x9f\x8e\x7f\xc7\x8f\x74\x6d\x5a\xb2\xe8\x72\xf5\xac\xee\x24\x10\xad\x2f\x14\xda\xff\x2d\x9a\x46\x71\x47\xbe\x42\xdf\xbb\x01\xdb\xf4\x7f\xd3\x28\x8f\x31\x59\x5b\xd3\xc9\x02\xa6\xb4\x52\xca\x6e\x97\xfb\x43\xc5\x08\x26\x6f\x8a\xf4\xbb\xfd\x9f\x28\xaa\x0d\xd5\x45\xf3\x13\x3a\x1d\xd8\xc0\x78\x8f\x41\x67\x3c\x1e\x94\x64\xae\x7b\x0b\xc5\xe8\xd9\x01\x88\x39\x1a\x97\x86\x64\x41\xd5\x3b\x87\x0c\x6e\xfa\x0f\xc6\xbd\x48\x14\xbf\x39\x4d\xd4\x9e\x41\xb6\x8f\x96\x1d\x63\x96\x93\xd9\x95\x06\x78\x31\x68\x9e\x37\x06\x3b\x80\x89\x45\x61\x39\x23\xc7\x1b\x44\xa3\x15\xe5\x1c\xf8\x92\x30\xbb\x02\x03\x01\x00\x01\xa3\x81\xef\x30\x81\xec\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x01\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x65\xcd\xeb\xab\x35\x1e\x00\x3e\x7e\xd5\x74\xc0\x1c\xb4\x73\x47\x0e\x1a\x64\x2f\x30\x81\xa6\x06\x03\x55\x1d\x20\x04\x81\x9e\x30\x81\x9b\x30\x81\x98\x06\x04\x55\x1d\x20\x00\x30\x81\x8f\x30\x2f\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x66\x69\x72\x6d\x61\x70\x72\x6f\x66\x65\x73\x69\x6f\x6e\x61\x6c\x2e\x63\x6f\x6d\x2f\x63\x70\x73\x30\x5c\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30\x50\x1e\x4e\x00\x50\x00\x61\x00\x73\x00\x65\x00\x6f\x00\x20\x00\x64\x00\x65\x00\x20\x00\x6c\x00\x61\x00\x20\x00\x42\x00\x6f\x00\x6e\x00\x61\x00\x6e\x00\x6f\x00\x76\x00\x61\x00\x20\x00\x34\x00\x37\x00\x20\x00\x42\x00\x61\x00\x72\x00\x63\x00\x65\x00\x6c\x00\x6f\x00\x6e\x00\x61\x00\x20\x00\x30\x00\x38\x00\x30\x00\x31\x00\x37\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x17\x7d\xa0\xf9\xb4\xdd\xc5\xc5\xeb\xad\x4b\x24\xb5\xa1\x02\xab\xdd\xa5\x88\x4a\xb2\x0f\x55\x4b\x2b\x57\x8c\x3b\xe5\x31\xdd\xfe\xc4\x32\xf1\xe7\x5b\x64\x96\x36\x32\x18\xec\xa5\x32\x77\xd7\xe3\x44\xb6\xc0\x11\x2a\x80\xb9\x3d\x6a\x6e\x7c\x9b\xd3\xad\xfc\xc3\xd6\xa3\xe6\x64\x29\x7c\xd1\xe1\x38\x1e\x82\x2b\xff\x27\x65\xaf\xfb\x16\x15\xc4\x2e\x71\x84\xe5\xb5\xff\xfa\xa4\x47\xbd\x64\x32\xbb\xf6\x25\x84\xa2\x27\x42\xf5\x20\xb0\xc2\x13\x10\x11\xcd\x10\x15\xba\x42\x90\x2a\xd2\x44\xe1\x96\x26\xeb\x31\x48\x12\xfd\x2a\xda\xc9\x06\xcf\x74\x1e\xa9\x4b\xd5\x87\x28\xf9\x79\x34\x92\x3e\x2e\x44\xe8\xf6\x8f\x4f\x8f\x35\x3f\x25\xb3\x39\xdc\x63\x2a\x90\x6b\x20\x5f\xc4\x52\x12\x4e\x97\x2c\x2a\xac\x9d\x97\xde\x48\xf2\xa3\x66\xdb\xc2\xd2\x83\x95\xa6\x66\xa7\x9e\x25\x0f\xe9\x0b\x33\x91\x65\x0a\x5a\xc3\xd9\x54\x12\xdd\xaf\xc3\x4e\x0e\x1f\x26\x5e\x0d\xdc\xb3\x8d\xec\xd5\x81\x70\xde\xd2\x4f\x24\x05\xf3\x6c\x4e\xf5\x4c\x49\x66\x8d\xd1\xff\xd2\x0b\x25\x41\x48\xfe\x51\x84\xc6\x42\xaf\x80\x04\xcf\xd0\x7e\x64\x49\xe4\xf2\xdf\xa2\xec\xb1\x4c\xc0\x2a\x1d\xe7\xb4\xb1\x65\xa2\xc4\xbc\xf1\x98\xf4\xaa\x70\x07\x63\xb4\xb8\xda\x3b\x4c\xfa\x40\x22\x30\x5b\x11\xa6\xf0\x05\x0e\xc6\x02\x03\x48\xab\x86\x9b\x85\xdd\xdb\xdd\xea\xa2\x76\x80\x73\x7d\xf5\x9c\x04\xc4\x45\x8d\xe7\xb9\x1c\x8b\x9e\xea\xd7\x75\xd1\x72\xb1\xde\x75\x44\xe7\x42\x7d\xe2\x57\x6b\x7d\xdc\x99\xbc\x3d\x83\x28\xea\x80\x93\x8d\xc5\x4c\x65\xc1\x70\x81\xb8\x38\xfc\x43\x31\xb2\xf6\x03\x34\x47\xb2\xac\xfb\x22\x06\xcb\x1e\xdd\x17\x47\x1c\x5f\x66\xb9\xd3\x1a\xa2\xda\x11\xb1\xa4\xbc\x23\xc9\xe4\xbe\x87\xff\xb9\x94\xb6\xf8\x5d\x20\x4a\xd4\x5f\xe7\xbd\x68\x7b\x65\xf2\x15\x1e\xd2\x3a\xa9\x2d\xe9\xd8\x6b\x24\xac\x97\x58\x44\x47\xad\x59\x18\xf1\x21\x65\x70\xde\xce\x34\x60\xa8\x40\xf1\xf3\x3c\xa4\xc3\x28\x23\x8c\xfe\x27\x33\x43\x40\xa0\x17\x3c\xeb\xea\x3b\xb0\x72\xa6\xa3\xb9\x4a\x4b\x5e\x16\x48\xf4\xb2\xbc\xc8\x8c\x92\xc5\x9d\x9f\xac\x72\x36\xbc\x34\x80\x34\x6b\xa9\x8b\x92\xc0\xb8\x17\xed\xec\x76\x53\xf5\x24\x01\x8c\xb3\x22\xe8\x4b\x7c\x55\xc6\x9d\xfa\xa3\x14\xbb\x65\x85\x6e\x6e\x4f\x12\x7e\x0a\x3c\x9d\x95", + ["Izenpe.com"] = "\x30\x82\x05\xf1\x30\x82\x03\xd9\xa0\x03\x02\x01\x02\x02\x10\x00\xb0\xb7\x5a\x16\x48\x5f\xbf\xe1\xcb\xf5\x8b\xd7\x19\xe6\x7d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x38\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x0c\x0b\x49\x5a\x45\x4e\x50\x45\x20\x53\x2e\x41\x2e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x0c\x0a\x49\x7a\x65\x6e\x70\x65\x2e\x63\x6f\x6d\x30\x1e\x17\x0d\x30\x37\x31\x32\x31\x33\x31\x33\x30\x38\x32\x38\x5a\x17\x0d\x33\x37\x31\x32\x31\x33\x30\x38\x32\x37\x32\x35\x5a\x30\x38\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0a\x0c\x0b\x49\x5a\x45\x4e\x50\x45\x20\x53\x2e\x41\x2e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x0c\x0a\x49\x7a\x65\x6e\x70\x65\x2e\x63\x6f\x6d\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xc9\xd3\x7a\xca\x0f\x1e\xac\xa7\x86\xe8\x16\x65\x6a\xb1\xc2\x1b\x45\x32\x71\x95\xd9\xfe\x10\x5b\xcc\xaf\xe7\xa5\x79\x01\x8f\x89\xc3\xca\xf2\x55\x71\xf7\x77\xbe\x77\x94\xf3\x72\xa4\x2c\x44\xd8\x9e\x92\x9b\x14\x3a\xa1\xe7\x24\x90\x0a\x0a\x56\x8e\xc5\xd8\x26\x94\xe1\xd9\x48\xe1\x2d\x3e\xda\x0a\x72\xdd\xa3\x99\x15\xda\x81\xa2\x87\xf4\x7b\x6e\x26\x77\x89\x58\xad\xd6\xeb\x0c\xb2\x41\x7a\x73\x6e\x6d\xdb\x7a\x78\x41\xe9\x08\x88\x12\x7e\x87\x2e\x66\x11\x63\x6c\x54\xfb\x3c\x9d\x72\xc0\xbc\x2e\xff\xc2\xb7\xdd\x0d\x76\xe3\x3a\xd7\xf7\xb4\x68\xbe\xa2\xf5\xe3\x81\x6e\xc1\x46\x6f\x5d\x8d\xe0\x4d\xc6\x54\x55\x89\x1a\x33\x31\x0a\xb1\x57\xb9\xa3\x8a\x98\xc3\xec\x3b\x34\xc5\x95\x41\x69\x7e\x75\xc2\x3c\x20\xc5\x61\xba\x51\x47\xa0\x20\x90\x93\xa1\x90\x4b\xf3\x4e\x7c\x85\x45\x54\x9a\xd1\x05\x26\x41\xb0\xb5\x4d\x1d\x33\xbe\xc4\x03\xc8\x25\x7c\xc1\x70\xdb\x3b\xf4\x09\x2d\x54\x27\x48\xac\x2f\xe1\xc4\xac\x3e\xc8\xcb\x92\x4c\x53\x39\x37\x23\xec\xd3\x01\xf9\xe0\x09\x44\x4d\x4d\x64\xc0\xe1\x0d\x5a\x87\x22\xbc\xad\x1b\xa3\xfe\x26\xb5\x15\xf3\xa7\xfc\x84\x19\xe9\xec\xa1\x88\xb4\x44\x69\x84\x83\xf3\x89\xd1\x74\x06\xa9\xcc\x0b\xd6\xc2\xde\x27\x85\x50\x26\xca\x17\xb8\xc9\x7a\x87\x56\x2c\x1a\x01\x1e\x6c\xbe\x13\xad\x10\xac\xb5\x24\xf5\x38\x91\xa1\xd6\x4b\xda\xf1\xbb\xd2\xde\x47\xb5\xf1\xbc\x81\xf6\x59\x6b\xcf\x19\x53\xe9\x8d\x15\xcb\x4a\xcb\xa9\x6f\x44\xe5\x1b\x41\xcf\xe1\x86\xa7\xca\xd0\x6a\x9f\xbc\x4c\x8d\x06\x33\x5a\xa2\x85\xe5\x90\x35\xa0\x62\x5c\x16\x4e\xf0\xe3\xa2\xfa\x03\x1a\xb4\x2c\x71\xb3\x58\x2c\xde\x7b\x0b\xdb\x1a\x0f\xeb\xde\x21\x1f\x06\x77\x06\x03\xb0\xc9\xef\x99\xfc\xc0\xb9\x4f\x0b\x86\x28\xfe\xd2\xb9\xea\xe3\xda\xa5\xc3\x47\x69\x12\xe0\xdb\xf0\xf6\x19\x8b\xed\x7b\x70\xd7\x02\xd6\xed\x87\x18\x28\x2c\x04\x24\x4c\x77\xe4\x48\x8a\x1a\xc6\x3b\x9a\xd4\x0f\xca\xfa\x75\xd2\x01\x40\x5a\x8d\x79\xbf\x8b\xcf\x4b\xcf\xaa\x16\xc1\x95\xe4\xad\x4c\x8a\x3e\x17\x91\xd4\xb1\x62\xe5\x82\xe5\x80\x04\xa4\x03\x7e\x8d\xbf\xda\x7f\xa2\x0f\x97\x4f\x0c\xd3\x0d\xfb\xd7\xd1\xe5\x72\x7e\x1c\xc8\x77\xff\x5b\x9a\x0f\xb7\xae\x05\x46\xe5\xf1\xa8\x16\xec\x47\xa4\x17\x02\x03\x01\x00\x01\xa3\x81\xf6\x30\x81\xf3\x30\x81\xb0\x06\x03\x55\x1d\x11\x04\x81\xa8\x30\x81\xa5\x81\x0f\x69\x6e\x66\x6f\x40\x69\x7a\x65\x6e\x70\x65\x2e\x63\x6f\x6d\xa4\x81\x91\x30\x81\x8e\x31\x47\x30\x45\x06\x03\x55\x04\x0a\x0c\x3e\x49\x5a\x45\x4e\x50\x45\x20\x53\x2e\x41\x2e\x20\x2d\x20\x43\x49\x46\x20\x41\x30\x31\x33\x33\x37\x32\x36\x30\x2d\x52\x4d\x65\x72\x63\x2e\x56\x69\x74\x6f\x72\x69\x61\x2d\x47\x61\x73\x74\x65\x69\x7a\x20\x54\x31\x30\x35\x35\x20\x46\x36\x32\x20\x53\x38\x31\x43\x30\x41\x06\x03\x55\x04\x09\x0c\x3a\x41\x76\x64\x61\x20\x64\x65\x6c\x20\x4d\x65\x64\x69\x74\x65\x72\x72\x61\x6e\x65\x6f\x20\x45\x74\x6f\x72\x62\x69\x64\x65\x61\x20\x31\x34\x20\x2d\x20\x30\x31\x30\x31\x30\x20\x56\x69\x74\x6f\x72\x69\x61\x2d\x47\x61\x73\x74\x65\x69\x7a\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x1d\x1c\x65\x0e\xa8\xf2\x25\x7b\xb4\x91\xcf\xe4\xb1\xb1\xe6\xbd\x55\x74\x6c\x05\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x02\x01\x00\x78\xa6\x0c\x16\x4a\x9f\x4c\x88\x3a\xc0\xcb\x0e\xa5\x16\x7d\x9f\xb9\x48\x5f\x18\x8f\x0d\x62\x36\xf6\xcd\x19\x6b\xac\xab\xd5\xf6\x91\x7d\xae\x71\xf3\x3f\xb3\x0e\x78\x85\x9b\x95\xa4\x27\x21\x47\x42\x4a\x7c\x48\x3a\xf5\x45\x7c\xb3\x0c\x8e\x51\x78\xac\x95\x13\xde\xc6\xfd\x7d\xb8\x1a\x90\x4c\xab\x92\x03\xc7\xed\x42\x01\xce\x0f\xd8\xb1\xfa\xa2\x92\xe1\x60\x6d\xae\x7a\x6b\x09\xaa\xc6\x29\xee\x68\x49\x67\x30\x80\x24\x7a\x31\x16\x39\x5b\x7e\xf1\x1c\x2e\xdd\x6c\x09\xad\xf2\x31\xc1\x82\x4e\xb9\xbb\xf9\xbe\xbf\x2a\x85\x3f\xc0\x40\xa3\x3a\x59\xfc\x59\x4b\x3c\x28\x24\xdb\xb4\x15\x75\xae\x0d\x88\xba\x2e\x73\xc0\xbd\x58\x87\xe5\x42\xf2\xeb\x5e\xee\x1e\x30\x22\x99\xcb\x37\xd1\xc4\x21\x6c\x81\xec\xbe\x6d\x26\xe6\x1c\xe4\x42\x20\x9e\x47\xb0\xac\x83\x59\x70\x2c\x35\xd6\xaf\x36\x34\xb4\xcd\x3b\xf8\x32\xa8\xef\xe3\x78\x89\xfb\x8d\x45\x2c\xda\x9c\xb8\x7e\x40\x1c\x61\xe7\x3e\xa2\x92\x2c\x4b\xf2\xcd\xfa\x98\xb6\x29\xff\xf3\xf2\x7b\xa9\x1f\x2e\xa0\x93\x57\x2b\xde\x85\x03\xf9\x69\x37\xcb\x9e\x78\x6a\x05\xb4\xc5\x31\x78\x89\xec\x7a\xa7\x85\xe1\xb9\x7b\x3c\xde\xbe\x1e\x79\x84\xce\x9f\x70\x0e\x59\xc2\x35\x2e\x90\x2a\x31\xd9\xe4\x45\x7a\x41\xa4\x2e\x13\x9b\x34\x0e\x66\x7b\x49\xab\x64\x97\xd0\x46\xc3\x79\x9d\x72\x50\x63\xa6\x98\x5b\x06\xbd\x48\x6d\xd8\x39\x83\x70\xe8\x35\xf0\x05\xd1\xaa\xbc\xe3\xdb\xc8\x02\xea\x7c\xfd\x82\xda\xc2\x5b\x52\x35\xae\x98\x3a\xad\xba\x35\x93\x23\xa7\x1f\x48\xdd\x35\x46\x98\xb2\x10\x68\xe4\xa5\x31\xc2\x0a\x58\x2e\x19\x81\x10\xc9\x50\x75\xfc\xea\x5a\x16\xce\x11\xd7\xee\xef\x50\x88\x2d\x61\xff\x3f\x42\x73\x05\x94\x43\xd5\x8e\x3c\x4e\x01\x3a\x19\xa5\x1f\x46\x4e\x77\xd0\x5d\xe5\x81\x22\x21\x87\xfe\x94\x7d\x84\xd8\x93\xad\xd6\x68\x43\x48\xb2\xdb\xeb\x73\x24\xe7\x91\x7f\x54\xa4\xb6\x80\x3e\x9d\xa3\x3c\x4c\x72\xc2\x57\xc4\xa0\xd4\xcc\x38\x27\xce\xd5\x06\x9e\xa2\x48\xd9\xe9\x9f\xce\x82\x70\x36\x93\x9a\x3b\xdf\x96\x21\xe3\x59\xb7\x0c\xda\x91\x37\xf0\xfd\x59\x5a\xb3\x99\xc8\x69\x6c\x43\x26\x01\x35\x63\x60\x55\x89\x03\x3a\x75\xd8\xba\x4a\xd9\x54\xff\xee\xde\x80\xd8\x2d\xd1\x38\xd5\x5e\x2d\x0b\x98\x7d\x3e\x6c\xdb\xfc\x26\x88\xc7", + ["Chambers of Commerce Root - 2008"] = "\x30\x82\x07\x4f\x30\x82\x05\x37\xa0\x03\x02\x01\x02\x02\x09\x00\xa3\xda\x42\x7e\xa4\xb1\xae\xda\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xae\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3a\x4d\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6e\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x2f\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x2e\x41\x2e\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x20\x6f\x66\x20\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x20\x2d\x20\x32\x30\x30\x38\x30\x1e\x17\x0d\x30\x38\x30\x38\x30\x31\x31\x32\x32\x39\x35\x30\x5a\x17\x0d\x33\x38\x30\x37\x33\x31\x31\x32\x32\x39\x35\x30\x5a\x30\x81\xae\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3a\x4d\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6e\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x2f\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x2e\x41\x2e\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x20\x6f\x66\x20\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x20\x2d\x20\x32\x30\x30\x38\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xaf\x00\xcb\x70\x37\x2b\x80\x5a\x4a\x3a\x6c\x78\x94\x7d\xa3\x7f\x1a\x1f\xf6\x35\xd5\xbd\xdb\xcb\x0d\x44\x72\x3e\x26\xb2\x90\x52\xba\x63\x3b\x28\x58\x6f\xa5\xb3\x6d\x94\xa6\xf3\xdd\x64\x0c\x55\xf6\xf6\xe7\xf2\x22\x22\x80\x5e\xe1\x62\xc6\xb6\x29\xe1\x81\x6c\xf2\xbf\xe5\x7d\x32\x6a\x54\xa0\x32\x19\x59\xfe\x1f\x8b\xd7\x3d\x60\x86\x85\x24\x6f\xe3\x11\xb3\x77\x3e\x20\x96\x35\x21\x6b\xb3\x08\xd9\x70\x2e\x64\xf7\x84\x92\x53\xd6\x0e\xb0\x90\x8a\x8a\xe3\x87\x8d\x06\xd3\xbd\x90\x0e\xe2\x99\xa1\x1b\x86\x0e\xda\x9a\x0a\xbb\x0b\x61\x50\x06\x52\xf1\x9e\x7f\x76\xec\xcb\x0f\xd0\x1e\x0d\xcf\x99\x30\x3d\x1c\xc4\x45\x10\x58\xac\xd6\xd3\xe8\xd7\xe5\xea\xc5\x01\x07\x77\xd6\x51\xe6\x03\x7f\x8a\x48\xa5\x4d\x68\x75\xb9\xe9\xbc\x9e\x4e\x19\x71\xf5\x32\x4b\x9c\x6d\x60\x19\x0b\xfb\xcc\x9d\x75\xdc\xbf\x26\xcd\x8f\x93\x78\x39\x79\x73\x5e\x25\x0e\xca\x5c\xeb\x77\x12\x07\xcb\x64\x41\x47\x72\x93\xab\x50\xc3\xeb\x09\x76\x64\x34\xd2\x39\xb7\x76\x11\x09\x0d\x76\x45\xc4\xa9\xae\x3d\x6a\xaf\xb5\x7d\x65\x2f\x94\x58\x10\xec\x5c\x7c\xaf\x7e\xe2\xb6\x18\xd9\xd0\x9b\x4e\x5a\x49\xdf\xa9\x66\x0b\xcc\x3c\xc6\x78\x7c\xa7\x9c\x1d\xe3\xce\x8e\x53\xbe\x05\xde\x60\x0f\x6b\xe5\x1a\xdb\x3f\xe3\xe1\x21\xc9\x29\xc1\xf1\xeb\x07\x9c\x52\x1b\x01\x44\x51\x3c\x7b\x25\xd7\xc4\xe5\x52\x54\x5d\x25\x07\xca\x16\x20\xb8\xad\xe4\x41\xee\x7a\x08\xfe\x99\x6f\x83\xa6\x91\x02\xb0\x6c\x36\x55\x6a\xe7\x7d\xf5\x96\xe6\xca\x81\xd6\x97\xf1\x94\x83\xe9\xed\xb0\xb1\x6b\x12\x69\x1e\xac\xfb\x5d\xa9\xc5\x98\xe9\xb4\x5b\x58\x7a\xbe\x3d\xa2\x44\x3a\x63\x59\xd4\x0b\x25\xde\x1b\x4f\xbd\xe5\x01\x9e\xcd\xd2\x29\xd5\x9f\x17\x19\x0a\x6f\xbf\x0c\x90\xd3\x09\x5f\xd9\xe3\x8a\x35\xcc\x79\x5a\x4d\x19\x37\x92\xb7\xc4\xc1\xad\xaf\xf4\x79\x24\x9a\xb2\x01\x0b\xb1\xaf\x5c\x96\xf3\x80\x32\xfb\x5c\x3d\x98\xf1\xa0\x3f\x4a\xde\xbe\xaf\x94\x2e\xd9\x55\x9a\x17\x6e\x60\x9d\x63\x6c\xb8\x63\xc9\xae\x81\x5c\x18\x35\xe0\x90\xbb\xbe\x3c\x4f\x37\x22\xb9\x7e\xeb\xcf\x9e\x77\x21\xa6\x3d\x38\x81\xfb\x48\xda\x31\x3d\x2b\xe3\x89\xf5\xd0\xb5\xbd\x7e\xe0\x50\xc4\x12\x89\xb3\x23\x9a\x10\x31\x85\xdb\xae\x6f\xef\x38\x33\x18\x76\x11\x02\x03\x01\x00\x01\xa3\x82\x01\x6c\x30\x82\x01\x68\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x0c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xf9\x24\xac\x0f\xb2\xb5\xf8\x79\xc0\xfa\x60\x88\x1b\xc4\xd9\x4d\x02\x9e\x17\x19\x30\x81\xe3\x06\x03\x55\x1d\x23\x04\x81\xdb\x30\x81\xd8\x80\x14\xf9\x24\xac\x0f\xb2\xb5\xf8\x79\xc0\xfa\x60\x88\x1b\xc4\xd9\x4d\x02\x9e\x17\x19\xa1\x81\xb4\xa4\x81\xb1\x30\x81\xae\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3a\x4d\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6e\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x2f\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x2e\x41\x2e\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x20\x6f\x66\x20\x43\x6f\x6d\x6d\x65\x72\x63\x65\x20\x52\x6f\x6f\x74\x20\x2d\x20\x32\x30\x30\x38\x82\x09\x00\xa3\xda\x42\x7e\xa4\xb1\xae\xda\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x3d\x06\x03\x55\x1d\x20\x04\x36\x30\x34\x30\x32\x06\x04\x55\x1d\x20\x00\x30\x2a\x30\x28\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x1c\x68\x74\x74\x70\x3a\x2f\x2f\x70\x6f\x6c\x69\x63\x79\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x90\x12\xaf\x22\x35\xc2\xa3\x39\xf0\x2e\xde\xe9\xb5\xe9\x78\x7c\x48\xbe\x3f\x7d\x45\x92\x5e\xe9\xda\xb1\x19\xfc\x16\x3c\x9f\xb4\x5b\x66\x9e\x6a\xe7\xc3\xb9\x5d\x88\xe8\x0f\xad\xcf\x23\x0f\xde\x25\x3a\x5e\xcc\x4f\xa5\xc1\xb5\x2d\xac\x24\xd2\x58\x07\xde\xa2\xcf\x69\x84\x60\x33\xe8\x10\x0d\x13\xa9\x23\xd0\x85\xe5\x8e\x7b\xa6\x9e\x3d\x72\x13\x72\x33\xf5\xaa\x7d\xc6\x63\x1f\x08\xf4\xfe\x01\x7f\x24\xcf\x2b\x2c\x54\x09\xde\xe2\x2b\x6d\x92\xc6\x39\x4f\x16\xea\x3c\x7e\x7a\x46\xd4\x45\x6a\x46\xa8\xeb\x75\x82\x56\xa7\xab\xa0\x7c\x68\x13\x33\xf6\x9d\x30\xf0\x6f\x27\x39\x24\x23\x2a\x90\xfd\x90\x29\x35\xf2\x93\xdf\x34\xa5\xc6\xf7\xf8\xef\x8c\x0f\x62\x4a\x7c\xae\xd3\xf5\x54\xf8\x8d\xb6\x9a\x56\x87\x16\x82\x3a\x33\xab\x5a\x22\x08\xf7\x82\xba\xea\x2e\xe0\x47\x9a\xb4\xb5\x45\xa3\x05\x3b\xd9\xdc\x2e\x45\x40\x3b\xea\xdc\x7f\xe8\x3b\xeb\xd1\xec\x26\xd8\x35\xa4\x30\xc5\x3a\xac\x57\x9e\xb3\x76\xa5\x20\x7b\xf9\x1e\x4a\x05\x62\x01\xa6\x28\x75\x60\x97\x92\x0d\x6e\x3e\x4d\x37\x43\x0d\x92\x15\x9c\x18\x22\xcd\x51\x99\xa0\x29\x1a\x3c\x5f\x8a\x32\x33\x5b\x30\xc7\x89\x2f\x47\x98\x0f\xa3\x03\xc6\xf6\xf1\xac\xdf\x32\xf0\xd9\x81\x1a\xe4\x9c\xbd\xf6\x80\x14\xf0\xd1\x2c\xb9\x85\xf5\xd8\xa3\xb1\xc8\xa5\x21\xe5\x1c\x13\x97\xee\x0e\xbd\xdf\x29\xa9\xef\x34\x53\x5b\xd3\xe4\x6a\x13\x84\x06\xb6\x32\x02\xc4\x52\xae\x22\xd2\xdc\xb2\x21\x42\x1a\xda\x40\xf0\x29\xc9\xec\x0a\x0c\x5c\xe2\xd0\xba\xcc\x48\xd3\x37\x0a\xcc\x12\x0a\x8a\x79\xb0\x3d\x03\x7f\x69\x4b\xf4\x34\x20\x7d\xb3\x34\xea\x8e\x4b\x64\xf5\x3e\xfd\xb3\x23\x67\x15\x0d\x04\xb8\xf0\x2d\xc1\x09\x51\x3c\xb2\x6c\x15\xf0\xa5\x23\xd7\x83\x74\xe4\xe5\x2e\xc9\xfe\x98\x27\x42\xc6\xab\xc6\x9e\xb0\xd0\x5b\x38\xa5\x9b\x50\xde\x7e\x18\x98\xb5\x45\x3b\xf6\x79\xb4\xe8\xf7\x1a\x7b\x06\x83\xfb\xd0\x8b\xda\xbb\xc7\xbd\x18\xab\x08\x6f\x3c\x80\x6b\x40\x3f\x19\x19\xba\x65\x8a\xe6\xbe\xd5\x5c\xd3\x36\xd7\xef\x40\x52\x24\x60\x38\x67\x04\x31\xec\x8f\xf3\x82\xc6\xde\xb9\x55\xf3\x3b\x31\x91\x5a\xdc\xb5\x08\x15\xad\x76\x25\x0a\x0d\x7b\x2e\x87\xe2\x0c\xa6\x06\xbc\x26\x10\x6d\x37\x9d\xec\xdd\x78\x8c\x7c\x80\xc5\xf0\xd9\x77\x48\xd0", + ["Global Chambersign Root - 2008"] = "\x30\x82\x07\x49\x30\x82\x05\x31\xa0\x03\x02\x01\x02\x02\x09\x00\xc9\xcd\xd3\xe9\xd5\x7d\x23\xce\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xac\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3a\x4d\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6e\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x2f\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x2e\x41\x2e\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1e\x47\x6c\x6f\x62\x61\x6c\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x2d\x20\x32\x30\x30\x38\x30\x1e\x17\x0d\x30\x38\x30\x38\x30\x31\x31\x32\x33\x31\x34\x30\x5a\x17\x0d\x33\x38\x30\x37\x33\x31\x31\x32\x33\x31\x34\x30\x5a\x30\x81\xac\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3a\x4d\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6e\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x2f\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x2e\x41\x2e\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1e\x47\x6c\x6f\x62\x61\x6c\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x2d\x20\x32\x30\x30\x38\x30\x82\x02\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x00\x30\x82\x02\x0a\x02\x82\x02\x01\x00\xc0\xdf\x56\xd3\xe4\x3a\x9b\x76\x45\xb4\x13\xdb\xff\xc1\xb6\x19\x8b\x37\x41\x18\x95\x52\x47\xeb\x17\x9d\x29\x88\x8e\x35\x6c\x06\x32\x2e\x47\x62\xf3\x49\x04\xbf\x7d\x44\x36\xb1\x71\xcc\xbd\x5a\x09\x73\xd5\xd9\x85\x44\xff\x91\x57\x25\xdf\x5e\x36\x8e\x70\xd1\x5c\x71\x43\x1d\xd9\xda\xef\x5c\xd2\xfb\x1b\xbd\x3a\xb5\xcb\xad\xa3\xcc\x44\xa7\x0d\xae\x21\x15\x3f\xb9\x7a\x5b\x92\x75\xd8\xa4\x12\x38\x89\x19\x8a\xb7\x80\xd2\xe2\x32\x6f\x56\x9c\x91\xd6\x88\x10\x0b\xb3\x74\x64\x92\x74\x60\xf3\xf6\xcf\x18\x4f\x60\xb2\x23\xd0\xc7\x3b\xce\x61\x4b\x99\x8f\xc2\x0c\xd0\x40\xb2\x98\xdc\x0d\xa8\x4e\xa3\xb9\x0a\xae\x60\xa0\xad\x45\x52\x63\xba\x66\xbd\x68\xe0\xf9\xbe\x1a\xa8\x81\xbb\x1e\x41\x78\x75\xd3\xc1\xfe\x00\x55\xb0\x87\x54\xe8\x27\x90\x35\x1d\x4c\x33\xad\x97\xfc\x97\x2e\x98\x84\xbf\x2c\xc9\xa3\xbf\xd1\x98\x11\x14\xed\x63\xf8\xca\x98\x88\x58\x17\x99\xed\x45\x03\x97\x7e\x3c\x86\x1e\x88\x8c\xbe\xf2\x91\x84\x8f\x65\x34\xd8\x00\x4c\x7d\xb7\x31\x17\x5a\x29\x7a\x0a\x18\x24\x30\xa3\x37\xb5\x7a\xa9\x01\x7d\x26\xd6\xf9\x0e\x8e\x59\xf1\xfd\x1b\x33\xb5\x29\x3b\x17\x3b\x41\xb6\x21\xdd\xd4\xc0\x3d\xa5\x9f\x9f\x1f\x43\x50\xc9\xbb\xbc\x6c\x7a\x97\x98\xee\xcd\x8c\x1f\xfb\x9c\x51\xae\x8b\x70\xbd\x27\x9f\x71\xc0\x6b\xac\x7d\x90\x66\xe8\xd7\x5d\x3a\x0d\xb0\xd5\xc2\x8d\xd5\xc8\x9d\x9d\xc1\x6d\xd0\xd0\xbf\x51\xe4\xe3\xf8\xc3\x38\x36\xae\xd6\xa7\x75\xe6\xaf\x84\x43\x5d\x93\x92\x0c\x6a\x07\xde\x3b\x1d\x98\x22\xd6\xac\xc1\x35\xdb\xa3\xa0\x25\xff\x72\xb5\x76\x1d\xde\x6d\xe9\x2c\x66\x2c\x52\x84\xd0\x45\x92\xce\x1c\xe5\xe5\x33\x1d\xdc\x07\x53\x54\xa3\xaa\x82\x3b\x9a\x37\x2f\xdc\xdd\xa0\x64\xe9\xe6\xdd\xbd\xae\xfc\x64\x85\x1d\x3c\xa7\xc9\x06\xde\x84\xff\x6b\xe8\x6b\x1a\x3c\xc5\xa2\xb3\x42\xfb\x8b\x09\x3e\x5f\x08\x52\xc7\x62\xc4\xd4\x05\x71\xbf\xc4\x64\xe4\xf8\xa1\x83\xe8\x3e\x12\x9b\xa8\x1e\xd4\x36\x4d\x2f\x71\xf6\x8d\x28\xf6\x83\xa9\x13\xd2\x61\xc1\x91\xbb\x48\xc0\x34\x8f\x41\x8c\x4b\x4c\xdb\x69\x12\xff\x50\x94\x9c\x20\x83\x59\x73\xed\x7c\xa1\xf2\xf1\xfd\xdd\xf7\x49\xd3\x43\x58\xa0\x56\x63\xca\x3d\x3d\xe5\x35\x56\x59\xe9\x0e\xca\x20\xcc\x2b\x4b\x93\x29\x0f\x02\x03\x01\x00\x01\xa3\x82\x01\x6a\x30\x82\x01\x66\x30\x12\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x08\x30\x06\x01\x01\xff\x02\x01\x0c\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\xb9\x09\xca\x9c\x1e\xdb\xd3\x6c\x3a\x6b\xae\xed\x54\xf1\x5b\x93\x06\x35\x2e\x5e\x30\x81\xe1\x06\x03\x55\x1d\x23\x04\x81\xd9\x30\x81\xd6\x80\x14\xb9\x09\xca\x9c\x1e\xdb\xd3\x6c\x3a\x6b\xae\xed\x54\xf1\x5b\x93\x06\x35\x2e\x5e\xa1\x81\xb2\xa4\x81\xaf\x30\x81\xac\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3a\x4d\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6e\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x2f\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1b\x30\x19\x06\x03\x55\x04\x0a\x13\x12\x41\x43\x20\x43\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x20\x53\x2e\x41\x2e\x31\x27\x30\x25\x06\x03\x55\x04\x03\x13\x1e\x47\x6c\x6f\x62\x61\x6c\x20\x43\x68\x61\x6d\x62\x65\x72\x73\x69\x67\x6e\x20\x52\x6f\x6f\x74\x20\x2d\x20\x32\x30\x30\x38\x82\x09\x00\xc9\xcd\xd3\xe9\xd5\x7d\x23\xce\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x3d\x06\x03\x55\x1d\x20\x04\x36\x30\x34\x30\x32\x06\x04\x55\x1d\x20\x00\x30\x2a\x30\x28\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x01\x16\x1c\x68\x74\x74\x70\x3a\x2f\x2f\x70\x6f\x6c\x69\x63\x79\x2e\x63\x61\x6d\x65\x72\x66\x69\x72\x6d\x61\x2e\x63\x6f\x6d\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x80\x88\x7f\x70\xde\x92\x28\xd9\x05\x94\x46\xff\x90\x57\xa9\xf1\x2f\xdf\x1a\x0d\x6b\xfa\x7c\x0e\x1c\x49\x24\x79\x27\xd8\x46\xaa\x6f\x29\x59\x52\x88\x70\x12\xea\xdd\x3d\xf5\x9b\x53\x54\x6f\xe1\x60\xa2\xa8\x09\xb9\xec\xeb\x59\x7c\xc6\x35\xf1\xdc\x18\xe9\xf1\x67\xe5\xaf\xba\x45\xe0\x09\xde\xca\x44\x0f\xc2\x17\x0e\x77\x91\x45\x7a\x33\x5f\x5f\x96\x2c\x68\x8b\xc1\x47\x8f\x98\x9b\x3d\xc0\xec\xcb\xf5\xd5\x82\x92\x84\x35\xd1\xbe\x36\x38\x56\x72\x31\x5b\x47\x2d\xaa\x17\xa4\x63\x51\xeb\x0a\x01\xad\x7f\xec\x75\x9e\xcb\xa1\x1f\xf1\x7f\x12\xb1\xb9\xe4\x64\x7f\x67\xd6\x23\x2a\xf4\xb8\x39\x5d\x98\xe8\x21\xa7\xe1\xbd\x3d\x42\x1a\x74\x9a\x70\xaf\x68\x6c\x50\x5d\x49\xcf\xff\xfb\x0e\x5d\xe6\x2c\x47\xd7\x81\x3a\x59\x00\xb5\x73\x6b\x63\x20\xf6\x31\x45\x08\x39\x0e\xf4\x70\x7e\x40\x70\x5a\x3f\xd0\x6b\x42\xa9\x74\x3d\x28\x2f\x02\x6d\x75\x72\x95\x09\x8d\x48\x63\xc6\xc6\x23\x57\x92\x93\x5e\x35\xc1\x8d\xf9\x0a\xf7\x2c\x9d\x62\x1c\xf6\xad\x7c\xdd\xa6\x31\x1e\xb6\xb1\xc7\x7e\x85\x26\xfa\xa4\x6a\xb5\xda\x63\x30\xd1\xef\x93\x37\xb2\x66\x2f\x7d\x05\xf7\xe7\xb7\x4b\x98\x94\x35\xc0\xd9\x3a\x29\xc1\x9d\xb2\x50\x33\x1d\x4a\xa9\x5a\xa6\xc9\x03\xef\xed\xf4\xe7\xa8\x6e\x8a\xb4\x57\x84\xeb\xa4\x3f\xd0\xee\xaa\xaa\x87\x5b\x63\xe8\x93\xe2\x6b\xa8\xd4\xb8\x72\x78\x6b\x1b\xed\x39\xe4\x5d\xcb\x9b\xaa\x87\xd5\x4f\x4e\x00\xfe\xd9\x6a\x9f\x3c\x31\x0f\x28\x02\x01\x7d\x98\xe8\xa7\xb0\xa2\x64\x9e\x79\xf8\x48\xf2\x15\xa9\xcc\xe6\xc8\x44\xeb\x3f\x78\x99\xf2\x7b\x71\x3e\x3c\xf1\x98\xa7\xc5\x18\x12\x3f\xe6\xbb\x28\x33\x42\xe9\x45\x0a\x7c\x6d\xf2\x86\x79\x2f\xc5\x82\x19\x7d\x09\x89\x7c\xb2\x54\x76\x88\xae\xde\xc1\xf3\xcc\xe1\x6e\xdb\x31\xd6\x93\xae\x99\xa0\xef\x25\x6a\x73\x98\x89\x5b\x3a\x2e\x13\x88\x1e\xbf\xc0\x92\x94\x34\x1b\xe3\x27\xb7\x8b\x1e\x6f\x42\xff\xe7\xe9\x37\x9b\x50\x1d\x2d\xa2\xf9\x02\xee\xcb\x58\x58\x3a\x71\xbc\x68\xe3\xaa\xc1\xaf\x1c\x28\x1f\xa2\xdc\x23\x65\x3f\x81\xea\xae\x99\xd3\xd8\x30\xcf\x13\x0d\x4f\x15\xc9\x84\xbc\xa7\x48\x2d\xf8\x30\x23\x77\xd8\x46\x4b\x79\x6d\xf6\x8c\xed\x3a\x7f\x60\x11\x78\xf4\xe9\x9b\xae\xd5\x54\xc0\x74\x80\xd1\x0b\x42\x9f\xc1", +}; diff --git a/policy/ssl.bro b/policy/ssl.bro index 6a347a14cc..9b40a736b9 100644 --- a/policy/ssl.bro +++ b/policy/ssl.bro @@ -1,17 +1,7 @@ -# $Id: ssl.bro 5988 2008-07-19 07:02:12Z vern $ +@load conn-id +@load ssl-mozilla-CAs -@load notice -@load conn -@load weird -@load ssl-ciphers -@load ssl-errors - -global ssl_log = open_log_file("ssl") &redef; - -redef enum Notice += { - SSL_X509Violation, # blanket X509 error - SSL_SessConIncon, # session data not consistent with connection -}; +global ssl_log = open_log_file("ssl") &raw_output &redef; const SSLv2 = 0x0002; @@ -22,36 +12,36 @@ const TLSv11 = 0x0302; # If true, Bro stores the client and server cipher specs and performs # additional tests. This costs an extra amount of memory (normally # only for a short time) but enables detecting of non-intersecting -# cipher sets, for example. -const ssl_compare_cipherspecs = T &redef; - -# Whether to analyze certificates seen in SSL connections. -const ssl_analyze_certificates = T &redef; - -# If we analyze SSL certificates, we can choose to store them. -const ssl_store_certificates = T &redef; - -# Path where we dump the certificates into. If it's empty, -# use the current directory. -const ssl_store_cert_path = "certs" &redef; - -# If we analyze SSL certificates, we can choose to verify them. -const ssl_verify_certificates = T &redef; - -# This is the path where OpenSSL looks after the trusted certificates. -# If empty, the default path will be used. -const x509_trusted_cert_path = "" &redef; - -# Whether to store key-material exchanged in the handshaking phase. -const ssl_store_key_material = F &redef; - -# Report weak/unknown ciphers in CLIENT_HELLO, SSLv2 SERVER_HELLO. -const ssl_report_client_weak = F &redef; -const ssl_report_client_unknown = F &redef; -const ssl_report_server_weak = F &redef; - -# Log all ciphers. -const ssl_log_ciphers = T &redef; +## cipher sets, for example. +#const ssl_compare_cipherspecs = T &redef; +# +## Whether to analyze certificates seen in SSL connections. +#const ssl_analyze_certificates = T &redef; +# +## If we analyze SSL certificates, we can choose to store them. +#const ssl_store_certificates = T &redef; +# +## Path where we dump the certificates into. If it's empty, +## use the current directory. +#const ssl_store_cert_path = "certs" &redef; +# +## If we analyze SSL certificates, we can choose to verify them. +#const ssl_verify_certificates = T &redef; +# +## This is the path where OpenSSL looks after the trusted certificates. +## If empty, the default path will be used. +#const x509_trusted_cert_path = "" &redef; +# +## Whether to store key-material exchanged in the handshaking phase. +#const ssl_store_key_material = F &redef; +# +## Report weak/unknown ciphers in CLIENT_HELLO, SSLv2 SERVER_HELLO. +#const ssl_report_client_weak = F &redef; +#const ssl_report_client_unknown = F &redef; +#const ssl_report_server_weak = F &redef; +# +## Log all ciphers. +#const ssl_log_ciphers = T &redef; # NOTE: this is a 'local' port format for your site # --- well-known ports for ssl --------- @@ -75,139 +65,9 @@ global ssl_ports = { } &redef; redef dpd_config += { - [[ANALYZER_SSL, ANALYZER_SSL_BINPAC]] = [$ports = ssl_ports] + [[ANALYZER_SSL]] = [$ports = ssl_ports] }; -# --- Weak Cipher Demo ------------- - -const myWeakCiphers: set[count] = { - SSLv20_CK_RC4_128_EXPORT40_WITH_MD5, - SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5, - SSLv20_CK_DES_64_CBC_WITH_MD5, - - TLS_NULL_WITH_NULL_NULL, - TLS_RSA_WITH_NULL_MD5, - TLS_RSA_WITH_NULL_SHA, - TLS_RSA_EXPORT_WITH_RC4_40_MD5, - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_RSA_WITH_DES_CBC_SHA, - - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, - TLS_DH_DSS_WITH_DES_CBC_SHA, - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_DH_RSA_WITH_DES_CBC_SHA, - TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - TLS_DHE_DSS_WITH_DES_CBC_SHA, - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_DHE_RSA_WITH_DES_CBC_SHA, - - TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, - TLS_DH_ANON_WITH_RC4_128_MD5, - TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, - TLS_DH_ANON_WITH_DES_CBC_SHA, - TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, -}; - -const x509_ignore_errors: set[int] = { - X509_V_OK, - # X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE -}; - -const x509_hot_errors: set[int] = { - X509_V_ERR_CRL_SIGNATURE_FAILURE, - X509_V_ERR_CERT_NOT_YET_VALID, - X509_V_ERR_CERT_HAS_EXPIRED, - X509_V_ERR_CERT_REVOKED, - X509_V_ERR_SUBJECT_ISSUER_MISMATCH, - # X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE # for testing -}; - -redef Weird::weird_action += { - [["SSLv2: Unknown CIPHER-SPEC in CLIENT-HELLO!", - "SSLv2: Client has CipherSpecs > MAX_CIPHERSPEC_SIZE", - "unexpected_SSLv3_record", - "SSLv3_data_without_full_handshake"]] = Weird::WEIRD_IGNORE -}; - - -global SSL_cipherCount: table[count] of count &default = 0; - -type ssl_connection_info: record { - id: count; # the log identifier number - connection_id: conn_id; # IP connection information - version: string; # version assosciated with connection - client_cert: X509; - server_cert: X509; - id_index: string; # index for associated SSL_sessionID - handshake_cipher: string; # agreed-upon cipher for session/conn. -}; - -# SSL_sessionID index - used to track version assosciated with a session id. -type SSL_sessionID_record: record { - num_reuse: count; - id: SSL_sessionID; # literal session ID - - # everything below is an example of session vs connection monitoring. - version: string; # version assosciated with session id - client_cert: X509; - server_cert: X509; - handshake_cipher: string; -}; - -global ssl_connections: table[conn_id] of ssl_connection_info; -global ssl_sessionIDs: table[string] of SSL_sessionID_record - &read_expire = 2 hrs; -global ssl_connection_id = 0; - -# Used when there's no issuer/subject/cipher. -const NONE = ""; - -# --- SSL helper functions --------- -function new_ssl_connection(c: connection) - { - local conn = c$id; - local new_id = ++ssl_connection_id; - - local info: ssl_connection_info; - info$id = new_id; - info$id_index = md5_hash(info$id); - info$version = ""; - info$client_cert$issuer = NONE; - info$client_cert$subject = NONE; - info$server_cert$issuer = NONE; - info$server_cert$subject = NONE; - info$handshake_cipher = NONE; - info$connection_id = conn; - - ssl_connections[conn] = info; - append_addl(c, fmt("#%d", new_id)); - - print ssl_log, fmt("%.6f #%d %s start", - network_time(), new_id, id_string(conn)); - } - -function new_sessionID_record(session: SSL_sessionID) - { - local info: SSL_sessionID_record; - - info$num_reuse = 1; - info$client_cert$issuer = NONE; - info$client_cert$subject = NONE; - info$server_cert$issuer = NONE; - info$server_cert$subject = NONE; - info$handshake_cipher = NONE; - - local index = md5_hash(session); - ssl_sessionIDs[index] = info; - } - -function ssl_get_cipher_name(cipherSuite: count): string - { - return cipherSuite in ssl_cipher_desc ? - ssl_cipher_desc[cipherSuite] : "UNKNOWN"; - } - function ssl_get_version_string(version: count): string { if ( version == SSLv2 ) @@ -222,315 +82,510 @@ function ssl_get_version_string(version: count): string return "?.?"; } -function ssl_con2str(c: connection): string +event ssl_client_hello(c: connection, version: count, possible_ts: time, session_id: string, ciphers: count_set) { - return fmt("%s:%s -> %s:%s", - c$id$orig_h, c$id$orig_p, c$id$resp_h, c$id$resp_p); + print ssl_log, cat_sep("\t", "\\N", network_time(), id_string(c$id), + "Client Hello", + ssl_get_version_string(version), + fmt("0x%s", bytestring_to_hexstr(session_id)), + fmt("%D", possible_ts)); } -function lookup_ssl_conn(c: connection, func: string, log_if_new: bool) +event ssl_extension(c: connection, code: count, val: string) { - if ( c$id !in ssl_connections ) - { - new_ssl_connection(c); - - if ( log_if_new ) - print ssl_log, - fmt("%.6f #%d creating new SSL connection in %s", - network_time(), ssl_connections[c$id]$id, func); - } + if ( code == 0 ) + print ssl_log, cat_sep("\t", "\\N", network_time(), id_string(c$id), + "ssl_extension", "server_name", sub(val, /^...../, "")); } -event ssl_conn_weak(name: string, c: connection) +event ssl_server_hello(c: connection, version: count, possible_ts: time, session_id: string, cipher: count, comp_method: count) { - lookup_ssl_conn(c, "ssl_conn_weak", T); - print ssl_log, fmt("%.6f #%d %s", - network_time(), ssl_connections[c$id]$id, name); + print ssl_log, cat_sep("\t", "\\N", network_time(), id_string(c$id), + "Server Hello", + ssl_get_version_string(version), + fmt("0x%s", bytestring_to_hexstr(session_id)), + fmt("%D", possible_ts)); } -# --- SSL events ------------------- - -event ssl_certificate_seen(c: connection, is_server: bool) +event ssl_established(c: connection) { - # Called whenever there's an certificate to analyze. - # we could do something here, like... - - # if ( c$id$orig_h in hostsToIgnore ) - # { - # ssl_store_certificates = F; - # ssl_verify_certificates = F; - # } - # else - # { - # ssl_store_certificates = T; - # ssl_verify_certificates = T; - # } + print ssl_log, cat_sep("\t", "\\N", network_time(), id_string(c$id), + "SSL session established"); } -event ssl_certificate(c: connection, cert: X509, is_server: bool) +event x509_certificate(c: connection, cert: X509, is_server: bool, chain_idx: count, chain_len: count, der_cert: string) { - local direction = is_local_addr(c$id$orig_h) ? "client" : "server"; - - lookup_ssl_conn(c, "ssl_certificate", T); - local conn = ssl_connections[c$id]; - - if( direction == "client" ) - conn$client_cert = cert; - else - { - conn$server_cert = cert; - - # We have not filled in the field for the master session - # for this connection. Do it now, but only if this is not a - # SSLv2 connection (no session information in that case). - if ( conn$id_index in ssl_sessionIDs && - ssl_sessionIDs[conn$id_index]$server_cert$subject == NONE ) - ssl_sessionIDs[conn$id_index]$server_cert$subject = - cert$subject; - } - - print ssl_log, fmt("%.6f #%d X.509 %s issuer %s", - network_time(), conn$id, direction, cert$issuer); - - print ssl_log, fmt("%.6f #%d X.509 %s subject %s", - network_time(), conn$id, direction, cert$subject); + print ssl_log, cat_sep("\t", "\\N", network_time(), id_string(c$id), + "X509 certificate", chain_idx, + cert$subject, cert$issuer, + fmt("%D", cert$not_valid_before), + fmt("%D", cert$not_valid_after)); } -event ssl_conn_attempt(c: connection, version: count, - ciphers: cipher_suites_list) +event x509_cert_body(c: connection, cert: string) { - lookup_ssl_conn(c, "ssl_conn_attempt", F); - local conn = ssl_connections[c$id]; - local version_string = ssl_get_version_string(version); + print ssl_log, cat_sep("\t", "\\N", network_time(), id_string(c$id), + "X509 certificate body", fmt("0x%s", bytestring_to_hexstr(cert))); - print ssl_log, fmt("%.6f #%d SSL connection attempt %s", - network_time(), conn$id, version_string); - - conn$version = version_string; - - for ( cs in ciphers ) - { # display a list of the cipher suites - # Demo: report clients who support weak ciphers. - if ( ssl_report_client_weak && cs in myWeakCiphers ) - event ssl_conn_weak( - fmt("SSL client supports weak cipher: %s (0x%x)", - ssl_get_cipher_name(cs), cs), c); - - # Demo: report unknown ciphers. - if ( ssl_report_client_unknown && cs !in ssl_cipher_desc ) - event ssl_conn_weak( - fmt("SSL: unknown cipher-spec: %s (0x%x)", - ssl_get_cipher_name(cs), cs), c); - - if ( ssl_log_ciphers ) - print ssl_log, fmt("%.6f #%d client cipher %s (0x%x)", - network_time(), conn$id, - ssl_get_cipher_name(cs), cs); - } } -event ssl_conn_server_reply(c: connection, version: count, - ciphers: cipher_suites_list) - { - lookup_ssl_conn(c, "ssl_conn_server_reply", T); +## Old Code Below here!!!! - local conn = ssl_connections[c$id]; - local version_string = ssl_get_version_string(version); +## --- Weak Cipher Demo ------------- +# +#const myWeakCiphers: set[count] = { +# SSLv20_CK_RC4_128_EXPORT40_WITH_MD5, +# SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5, +# SSLv20_CK_DES_64_CBC_WITH_MD5, +# +# TLS_NULL_WITH_NULL_NULL, +# TLS_RSA_WITH_NULL_MD5, +# TLS_RSA_WITH_NULL_SHA, +# TLS_RSA_EXPORT_WITH_RC4_40_MD5, +# TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, +# TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, +# TLS_RSA_WITH_DES_CBC_SHA, +# +# TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, +# TLS_DH_DSS_WITH_DES_CBC_SHA, +# TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, +# TLS_DH_RSA_WITH_DES_CBC_SHA, +# TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, +# TLS_DHE_DSS_WITH_DES_CBC_SHA, +# TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, +# TLS_DHE_RSA_WITH_DES_CBC_SHA, +# +# TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, +# TLS_DH_ANON_WITH_RC4_128_MD5, +# TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, +# TLS_DH_ANON_WITH_DES_CBC_SHA, +# TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, +#}; +# +#const x509_ignore_errors: set[int] = { +# X509_V_OK, +# # X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE +#}; +# +#const x509_hot_errors: set[int] = { +# X509_V_ERR_CRL_SIGNATURE_FAILURE, +# X509_V_ERR_CERT_NOT_YET_VALID, +# X509_V_ERR_CERT_HAS_EXPIRED, +# X509_V_ERR_CERT_REVOKED, +# X509_V_ERR_SUBJECT_ISSUER_MISMATCH, +# # X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE # for testing +#}; +# +#redef Weird::weird_action += { +# [["SSLv2: Unknown CIPHER-SPEC in CLIENT-HELLO!", +# "SSLv2: Client has CipherSpecs > MAX_CIPHERSPEC_SIZE", +# "unexpected_SSLv3_record", +# "SSLv3_data_without_full_handshake"]] = Weird::WEIRD_IGNORE +#}; - print ssl_log, fmt("%.6f #%d SSL connection server reply, %s", - network_time(), conn$id, version_string); - conn$version = version_string; +#global SSL_cipherCount: table[count] of count &default = 0; +# +#type ssl_connection_info: record { +# id: count; # the log identifier number +# connection_id: conn_id; # IP connection information +# version: string; # version assosciated with connection +# client_cert: X509; +# server_cert: X509; +# id_index: string; # index for associated SSL_sessionID +# handshake_cipher: string; # agreed-upon cipher for session/conn. +#}; - for ( cs in ciphers ) - { - # Demo: report servers who support weak ciphers. - if ( ssl_report_server_weak && version == SSLv2 && - cs in myWeakCiphers ) - event ssl_conn_weak( - fmt("SSLv2 server supports weak cipher: %s (0x%x)", - ssl_get_cipher_name(cs), cs), c); +# SSL_sessionID index - used to track version assosciated with a session id. +#type SSL_sessionID_record: record { +# num_reuse: count; +# id: string; # literal session ID +# +# # everything below is an example of session vs connection monitoring. +# version: string; # version assosciated with session id +# client_cert: X509; +# server_cert: X509; +# handshake_cipher: string; +#}; +# +#global ssl_connections: table[conn_id] of ssl_connection_info; +#global ssl_sessionIDs: table[string] of SSL_sessionID_record +# &read_expire = 2 hrs; +#global ssl_connection_id = 0; +# +## Used when there's no issuer/subject/cipher. +#const NONE = ""; +# +## --- SSL helper functions --------- +#function new_ssl_connection(c: connection) +# { +# local conn = c$id; +# local new_id = ++ssl_connection_id; +# +# local info: ssl_connection_info; +# info$id = new_id; +# info$id_index = md5_hash(info$id); +# info$version = ""; +# info$client_cert$issuer = NONE; +# info$client_cert$subject = NONE; +# info$server_cert$issuer = NONE; +# info$server_cert$subject = NONE; +# info$handshake_cipher = NONE; +# info$connection_id = conn; +# +# ssl_connections[conn] = info; +# append_addl(c, fmt("#%d", new_id)); +# +# print ssl_log, fmt("%.6f #%d %s start", +# network_time(), new_id, id_string(conn)); +# } +# +#function new_sessionID_record(session: string) +# { +# local info: SSL_sessionID_record; +# +# info$num_reuse = 1; +# info$client_cert$issuer = NONE; +# info$client_cert$subject = NONE; +# info$server_cert$issuer = NONE; +# info$server_cert$subject = NONE; +# info$handshake_cipher = NONE; +# +# local index = md5_hash(session); +# ssl_sessionIDs[index] = info; +# } +# +#function ssl_get_cipher_name(cipherSuite: count): string +# { +# return cipherSuite in ssl_cipher_desc ? +# ssl_cipher_desc[cipherSuite] : "UNKNOWN"; +# } +# +#function ssl_get_version_string(version: count): string +# { +# if ( version == SSLv2 ) +# return "SSL version 2"; +# else if ( version == SSLv3 ) +# return "SSL version 3"; +# else if ( version == TLSv10 ) +# return "TLS version 1.0"; +# else if ( version == TLSv11 ) +# return "TLS version 1.1"; +# else +# return "?.?"; +# } +# +#function ssl_con2str(c: connection): string +# { +# return fmt("%s:%s -> %s:%s", +# c$id$orig_h, c$id$orig_p, c$id$resp_h, c$id$resp_p); +# } +# +#function lookup_ssl_conn(c: connection, func: string, log_if_new: bool) +# { +# if ( c$id !in ssl_connections ) +# { +# new_ssl_connection(c); +# +# if ( log_if_new ) +# print ssl_log, +# fmt("%.6f #%d creating new SSL connection in %s", +# network_time(), ssl_connections[c$id]$id, func); +# } +# } - if ( ssl_log_ciphers ) - print ssl_log, fmt("%.6f #%d server cipher %s (0x%x)", - network_time(), conn$id, - ssl_get_cipher_name(cs), cs); - } - } - -event ssl_conn_established(c: connection, version: count, cipher_suite: count) - { - lookup_ssl_conn(c, "ssl_conn_established", T); - - local conn = ssl_connections[c$id]; - local version_string = ssl_get_version_string(version); - - print ssl_log, - fmt("%.6f #%d handshake finished, %s", - network_time(), conn$id, version_string); - - if ( cipher_suite in myWeakCiphers ) - event ssl_conn_weak(fmt("%.6f #%d weak cipher: %s (0x%x)", - network_time(), conn$id, - ssl_get_cipher_name(cipher_suite), cipher_suite), c); - - if ( ssl_log_ciphers ) - print ssl_log, fmt("%.6f #%d connection cipher %s (0x%x)", - network_time(), conn$id, - ssl_get_cipher_name(cipher_suite), cipher_suite); - - ++SSL_cipherCount[cipher_suite]; - - # This should be the version identified with the session, unless - # there is some renegotiation. That will be caught later. - conn$version = version_string; - } - -event process_X509_extensions(c: connection, ex: X509_extension) - { - lookup_ssl_conn(c, "process_X509_extensions", T); - local conn = ssl_connections[c$id]; - - local msg = fmt("%.6f #%d X.509 extensions: ", network_time(), conn$id); - for ( i in ex ) - msg = fmt("%s, %s", msg, ex[i]); - - print ssl_log, msg; - } - -event ssl_session_insertion(c: connection, id: SSL_sessionID) - { - local idd = c$id; - - if ( idd !in ssl_connections) - { - new_ssl_connection(c); - - print ssl_log, - fmt("%.6f #%d creating new SSL connection in ssl_session_insertion", - network_time(), ssl_connections[c$id]$id); - - # None of the conn$object values will exist, so we leave this - # to prevent needless crashing. - return; - } - - local conn = ssl_connections[idd]; - local id_index = md5_hash(id); - - # If there is no session with thIS id we create (a typical) one, - # otherwise we move on. - if ( id_index !in ssl_sessionIDs ) - { - new_sessionID_record(id); - - local session = ssl_sessionIDs[id_index]; - session$version = conn$version; - session$client_cert$subject = conn$client_cert$subject; - session$server_cert$subject = conn$server_cert$subject; - session$handshake_cipher = conn$handshake_cipher; - session$id = id; - - conn$id_index = id_index; - } - - else - { # should we ever get here? - session = ssl_sessionIDs[id_index]; - conn$id_index = id_index; - } - } - -event ssl_conn_reused(c: connection, session_id: SSL_sessionID) - { - lookup_ssl_conn(c, "ssl_conn_reused", T); - local conn = ssl_connections[c$id]; - local id_index = md5_hash(session_id); - - print ssl_log, fmt("%.6f #%d reusing former SSL session: %s", - network_time(), conn$id, id_index); - - # We cannot track sessions with SSLv2. - if ( conn$version == ssl_get_version_string(SSLv2) ) - return; - - if ( id_index !in ssl_sessionIDs ) - { - new_sessionID_record(session_id); - local session = ssl_sessionIDs[id_index]; - session$version = conn$version; - session$client_cert$subject = conn$client_cert$subject; - session$server_cert$subject = conn$server_cert$subject; - session$id = session_id; - } - else - session = ssl_sessionIDs[id_index]; - - ++session$num_reuse; - - # At this point, the connection values have been set. We can then - # compare session and connection values with some confidence. - if ( session$version != conn$version || - session$handshake_cipher != conn$handshake_cipher ) - { - NOTICE([$note=SSL_SessConIncon, $conn=c, - $msg="session violation"]); - ++c$hot; - } - } - -event ssl_X509_error(c: connection, err: int, err_string: string) - { - if ( err in x509_ignore_errors ) - return; - - lookup_ssl_conn(c, "ssl_X509_error", T); - local conn = ssl_connections[c$id]; - local error = - err in x509_errors ? x509_errors[err] : "unknown X.509 error"; - - local severity = "warning"; - if ( err in x509_hot_errors ) - { - NOTICE([$note=SSL_X509Violation, $conn=c, $msg=error]); - ++c$hot; - severity = "error"; - } - - print ssl_log, - fmt("%.6f #%d X.509 %s %s (%s)", - network_time(), conn$id, severity, error, err_string); - } - -event connection_state_remove(c: connection) - { - delete ssl_connections[c$id]; - } - -event bro_init() - { - if ( ssl_store_cert_path != "" ) - # The event engine will generate a run-time if this fails for - # reasons other than that the directory already exists. - mkdir(ssl_store_cert_path); - } - -event bro_done() - { - print ssl_log, "Cipher suite statistics: "; - for ( i in SSL_cipherCount ) - print ssl_log, fmt("%s (0x%x): %d", ssl_get_cipher_name(i), i, - SSL_cipherCount[i]); - - print ssl_log, ("count session ID"); - print ssl_log, ("----- ---------------------------------"); - for ( j in ssl_sessionIDs ) - if ( ssl_sessionIDs[j]$server_cert$subject != NONE ) - { - print ssl_log, - fmt("(%s) %s %s", - ssl_sessionIDs[j]$num_reuse, - ssl_sessionIDs[j]$server_cert$subject, - j); - } - } +#event ssl_conn_weak(name: string, c: connection) +# { +# lookup_ssl_conn(c, "ssl_conn_weak", T); +# print ssl_log, fmt("%.6f #%d %s", +# network_time(), ssl_connections[c$id]$id, name); +# } +# +## --- SSL events ------------------- +# +#event ssl_certificate_seen(c: connection, is_server: bool) +# { +# print "ssl_certificate_seen"; +# # Called whenever there's an certificate to analyze. +# # we could do something here, like... +# +# # if ( c$id$orig_h in hostsToIgnore ) +# # { +# # ssl_store_certificates = F; +# # ssl_verify_certificates = F; +# # } +# # else +# # { +# # ssl_store_certificates = T; +# # ssl_verify_certificates = T; +# # } +# } +# +#event ssl_certificate(c: connection, cert: X509, is_server: bool) +# { +# print "ssl cert!"; +# local direction = is_local_addr(c$id$orig_h) ? "client" : "server"; +# +# lookup_ssl_conn(c, "ssl_certificate", T); +# local conn = ssl_connections[c$id]; +# +# if( direction == "client" ) +# conn$client_cert = cert; +# else +# { +# conn$server_cert = cert; +# +# # We have not filled in the field for the master session +# # for this connection. Do it now, but only if this is not a +# # SSLv2 connection (no session information in that case). +# if ( conn$id_index in ssl_sessionIDs && +# ssl_sessionIDs[conn$id_index]$server_cert$subject == NONE ) +# ssl_sessionIDs[conn$id_index]$server_cert$subject = +# cert$subject; +# } +# +# print ssl_log, fmt("%.6f #%d X.509 %s issuer %s", +# network_time(), conn$id, direction, cert$issuer); +# +# print ssl_log, fmt("%.6f #%d X.509 %s subject %s", +# network_time(), conn$id, direction, cert$subject); +# } +# +#event ssl_conn_attempt(c: connection, version: count, +# ciphers: CipherSuitesList) +# { +# lookup_ssl_conn(c, "ssl_conn_attempt", F); +# local conn = ssl_connections[c$id]; +# local version_string = ssl_get_version_string(version); +# +# print ssl_log, fmt("%.6f #%d SSL connection attempt %s", +# network_time(), conn$id, version_string); +# +# conn$version = version_string; +# +# for ( cs in ciphers ) +# { # display a list of the cipher suites +# # Demo: report clients who support weak ciphers. +# if ( ssl_report_client_weak && cs in myWeakCiphers ) +# event ssl_conn_weak( +# fmt("SSL client supports weak cipher: %s (0x%x)", +# ssl_get_cipher_name(cs), cs), c); +# +# # Demo: report unknown ciphers. +# if ( ssl_report_client_unknown && cs !in ssl_cipher_desc ) +# event ssl_conn_weak( +# fmt("SSL: unknown cipher-spec: %s (0x%x)", +# ssl_get_cipher_name(cs), cs), c); +# +# if ( ssl_log_ciphers ) +# print ssl_log, fmt("%.6f #%d client cipher %s (0x%x)", +# network_time(), conn$id, +# ssl_get_cipher_name(cs), cs); +# } +# } +# +#event ssl_conn_server_reply(c: connection, version: count, +# ciphers: CipherSuitesList) +# { +# lookup_ssl_conn(c, "ssl_conn_server_reply", T); +# +# local conn = ssl_connections[c$id]; +# local version_string = ssl_get_version_string(version); +# +# print ssl_log, fmt("%.6f #%d SSL connection server reply, %s", +# network_time(), conn$id, version_string); +# +# conn$version = version_string; +# +# for ( cs in ciphers ) +# { +# # Demo: report servers who support weak ciphers. +# if ( ssl_report_server_weak && version == SSLv2 && +# cs in myWeakCiphers ) +# event ssl_conn_weak( +# fmt("SSLv2 server supports weak cipher: %s (0x%x)", +# ssl_get_cipher_name(cs), cs), c); +# +# if ( ssl_log_ciphers ) +# print ssl_log, fmt("%.6f #%d server cipher %s (0x%x)", +# network_time(), conn$id, +# ssl_get_cipher_name(cs), cs); +# } +# } +# +#event ssl_conn_established(c: connection, version: count, cipher_suite: count) +# { +# lookup_ssl_conn(c, "ssl_conn_established", T); +# +# local conn = ssl_connections[c$id]; +# local version_string = ssl_get_version_string(version); +# +# print ssl_log, +# fmt("%.6f #%d handshake finished, %s", +# network_time(), conn$id, version_string); +# +# if ( cipher_suite in myWeakCiphers ) +# event ssl_conn_weak(fmt("%.6f #%d weak cipher: %s (0x%x)", +# network_time(), conn$id, +# ssl_get_cipher_name(cipher_suite), cipher_suite), c); +# +# if ( ssl_log_ciphers ) +# print ssl_log, fmt("%.6f #%d connection cipher %s (0x%x)", +# network_time(), conn$id, +# ssl_get_cipher_name(cipher_suite), cipher_suite); +# +# ++SSL_cipherCount[cipher_suite]; +# +# # This should be the version identified with the session, unless +# # there is some renegotiation. That will be caught later. +# conn$version = version_string; +# } +# +#event process_X509_extensions(c: connection, ex: X509_extension) +# { +# lookup_ssl_conn(c, "process_X509_extensions", T); +# local conn = ssl_connections[c$id]; +# +# local msg = fmt("%.6f #%d X.509 extensions: ", network_time(), conn$id); +# for ( i in ex ) +# msg = fmt("%s, %s", msg, ex[i]); +# +# print ssl_log, msg; +# } +# +#event ssl_session_insertion(c: connection, id: string) +# { +# local idd = c$id; +# +# if ( idd !in ssl_connections) +# { +# new_ssl_connection(c); +# +# print ssl_log, +# fmt("%.6f #%d creating new SSL connection in ssl_session_insertion", +# network_time(), ssl_connections[c$id]$id); +# +# # None of the conn$object values will exist, so we leave this +# # to prevent needless crashing. +# return; +# } +# +# local conn = ssl_connections[idd]; +# local id_index = md5_hash(id); +# +# # If there is no session with thIS id we create (a typical) one, +# # otherwise we move on. +# if ( id_index !in ssl_sessionIDs ) +# { +# new_sessionID_record(id); +# +# local session = ssl_sessionIDs[id_index]; +# session$version = conn$version; +# session$client_cert$subject = conn$client_cert$subject; +# session$server_cert$subject = conn$server_cert$subject; +# session$handshake_cipher = conn$handshake_cipher; +# session$id = id; +# +# conn$id_index = id_index; +# } +# +# else +# { # should we ever get here? +# session = ssl_sessionIDs[id_index]; +# conn$id_index = id_index; +# } +# } +# +#event ssl_conn_reused(c: connection, session_id: string) +# { +# lookup_ssl_conn(c, "ssl_conn_reused", T); +# local conn = ssl_connections[c$id]; +# local id_index = md5_hash(session_id); +# +# print ssl_log, fmt("%.6f #%d reusing former SSL session: %s", +# network_time(), conn$id, id_index); +# +# # We cannot track sessions with SSLv2. +# if ( conn$version == ssl_get_version_string(SSLv2) ) +# return; +# +# if ( id_index !in ssl_sessionIDs ) +# { +# new_sessionID_record(session_id); +# local session = ssl_sessionIDs[id_index]; +# session$version = conn$version; +# session$client_cert$subject = conn$client_cert$subject; +# session$server_cert$subject = conn$server_cert$subject; +# session$id = session_id; +# } +# else +# session = ssl_sessionIDs[id_index]; +# +# ++session$num_reuse; +# +# # At this point, the connection values have been set. We can then +# # compare session and connection values with some confidence. +# if ( session$version != conn$version || +# session$handshake_cipher != conn$handshake_cipher ) +# { +# NOTICE([$note=SSL_SessConIncon, $conn=c, +# $msg="session violation"]); +# ++c$hot; +# } +# } +# +#event ssl_X509_error(c: connection, err: int, err_string: string) +# { +# if ( err in x509_ignore_errors ) +# return; +# +# lookup_ssl_conn(c, "ssl_X509_error", T); +# local conn = ssl_connections[c$id]; +# local error = +# err in x509_errors ? x509_errors[err] : "unknown X.509 error"; +# +# local severity = "warning"; +# if ( err in x509_hot_errors ) +# { +# NOTICE([$note=SSL_X509Violation, $conn=c, $msg=error]); +# ++c$hot; +# severity = "error"; +# } +# +# print ssl_log, +# fmt("%.6f #%d X.509 %s %s (%s)", +# network_time(), conn$id, severity, error, err_string); +# } +# +#event connection_state_remove(c: connection) +# { +# delete ssl_connections[c$id]; +# } +# +#event bro_init() +# { +# if ( ssl_store_cert_path != "" ) +# # The event engine will generate a run-time if this fails for +# # reasons other than that the directory already exists. +# mkdir(ssl_store_cert_path); +# } +# +#event bro_done() +# { +# print ssl_log, "Cipher suite statistics: "; +# for ( i in SSL_cipherCount ) +# print ssl_log, fmt("%s (0x%x): %d", ssl_get_cipher_name(i), i, +# SSL_cipherCount[i]); +# +# print ssl_log, ("count session ID"); +# print ssl_log, ("----- ---------------------------------"); +# for ( j in ssl_sessionIDs ) +# if ( ssl_sessionIDs[j]$server_cert$subject != NONE ) +# { +# print ssl_log, +# fmt("(%s) %s %s", +# ssl_sessionIDs[j]$num_reuse, +# ssl_sessionIDs[j]$server_cert$subject, +# j); +# } +# } diff --git a/src/Analyzer.cc b/src/Analyzer.cc index ace543544f..44b87d4aa5 100644 --- a/src/Analyzer.cc +++ b/src/Analyzer.cc @@ -34,7 +34,6 @@ #include "Portmap.h" #include "POP3.h" #include "SSH.h" -#include "SSLProxy.h" #include "SSL-binpac.h" #include "Syslog-binpac.h" #include "ConnSizeAnalyzer.h" @@ -118,8 +117,6 @@ const Analyzer::Config Analyzer::analyzer_configs[] = { SMTP_Analyzer::Available, 0, false }, { AnalyzerTag::SSH, "SSH", SSH_Analyzer::InstantiateAnalyzer, SSH_Analyzer::Available, 0, false }, - { AnalyzerTag::SSL, "SSL", SSLProxy_Analyzer::InstantiateAnalyzer, - SSLProxy_Analyzer::Available, 0, false }, { AnalyzerTag::Telnet, "TELNET", Telnet_Analyzer::InstantiateAnalyzer, Telnet_Analyzer::Available, 0, false }, @@ -138,7 +135,7 @@ const Analyzer::Config Analyzer::analyzer_configs[] = { { AnalyzerTag::RPC_UDP_BINPAC, "RPC_UDP_BINPAC", RPC_UDP_Analyzer_binpac::InstantiateAnalyzer, RPC_UDP_Analyzer_binpac::Available, 0, false }, - { AnalyzerTag::SSL_BINPAC, "SSL_BINPAC", + { AnalyzerTag::SSL, "SSL", SSL_Analyzer_binpac::InstantiateAnalyzer, SSL_Analyzer_binpac::Available, 0, false }, { AnalyzerTag::SYSLOG_BINPAC, "SYSLOG_BINPAC", @@ -176,7 +173,6 @@ const Analyzer::Config Analyzer::analyzer_configs[] = { { AnalyzerTag::Contents_SMB, "CONTENTS_SMB", 0, 0, 0, false }, { AnalyzerTag::Contents_RPC, "CONTENTS_RPC", 0, 0, 0, false }, { AnalyzerTag::Contents_NFS, "CONTENTS_NFS", 0, 0, 0, false }, - { AnalyzerTag::Contents_SSL, "CONTENTS_SSL", 0, 0, 0, false }, }; AnalyzerTimer::~AnalyzerTimer() diff --git a/src/AnalyzerTags.h b/src/AnalyzerTags.h index 2ea752036e..947ba7dc74 100644 --- a/src/AnalyzerTags.h +++ b/src/AnalyzerTags.h @@ -31,12 +31,11 @@ namespace AnalyzerTag { DCE_RPC, DNS, Finger, FTP, Gnutella, HTTP, Ident, IRC, Login, NCP, NetbiosSSN, NFS, NTP, POP3, Portmapper, Rlogin, RPC, Rsh, SMB, SMTP, SSH, - SSL, Telnet, // Application-layer analyzers, binpac-generated. DHCP_BINPAC, DNS_TCP_BINPAC, DNS_UDP_BINPAC, - HTTP_BINPAC, RPC_UDP_BINPAC, SSL_BINPAC, SYSLOG_BINPAC, + HTTP_BINPAC, RPC_UDP_BINPAC, SSL, SYSLOG_BINPAC, // Other File, Backdoor, InterConn, SteppingStone, TCPStats, @@ -47,7 +46,6 @@ namespace AnalyzerTag { Contents, ContentLine, NVT, Zip, Contents_DNS, Contents_NCP, Contents_NetbiosSSN, Contents_Rlogin, Contents_Rsh, Contents_DCE_RPC, Contents_SMB, Contents_RPC, Contents_NFS, - Contents_SSL, // End-marker. LastAnalyzer }; diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 24b359a4a6..e4c1d16376 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -199,8 +199,6 @@ binpac_target(smb.pac smb-protocol.pac smb-pipe.pac smb-mailslot.pac) binpac_target(ssl.pac ssl-defs.pac ssl-protocol.pac ssl-analyzer.pac) -binpac_target(ssl-record-layer.pac - ssl-defs.pac ssl.pac) binpac_target(syslog.pac syslog-protocol.pac syslog-analyzer.pac) @@ -243,16 +241,6 @@ set(dns_SRCS nb_dns.c) set_source_files_properties(nb_dns.c PROPERTIES COMPILE_FLAGS -fno-strict-aliasing) -set(openssl_SRCS - X509.cc - SSLCiphers.cc - SSLInterpreter.cc - SSLProxy.cc - SSLv2.cc - SSLv3.cc - SSLv3Automaton.cc -) - if (USE_NMALLOC) set(malloc_SRCS malloc.c) endif () diff --git a/src/NetVar.cc b/src/NetVar.cc index 506aad59d9..db16d714b8 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -18,6 +18,7 @@ RecordType* pcap_packet; RecordType* signature_state; EnumType* transport_proto; TableType* string_set; +TableType* count_set; RecordType* net_stats; @@ -201,8 +202,6 @@ StringVal* ssl_private_key; StringVal* ssl_passphrase; StringVal* x509_crl_file; -TableType* x509_extension; -TableType* SSL_sessionID; Val* profiling_file; double profiling_interval; @@ -373,10 +372,7 @@ void init_net_var() x509_trusted_cert_path = opt_internal_string("X509_trusted_cert_path"); ssl_store_cert_path = opt_internal_string("ssl_store_cert_path"); x509_type = internal_type("X509")->AsRecordType(); - cipher_suites_list = internal_type("cipher_suites_list")->AsTableType(); x509_crl_file = opt_internal_string("X509_crl_file"); - x509_extension = internal_type("X509_extension")->AsTableType(); - SSL_sessionID = internal_type("SSL_sessionID")->AsTableType(); non_analyzed_lifetime = opt_internal_double("non_analyzed_lifetime"); tcp_inactivity_timeout = opt_internal_double("tcp_inactivity_timeout"); diff --git a/src/NetVar.h b/src/NetVar.h index a178ab6874..a3c0d8a33e 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -21,6 +21,7 @@ extern RecordType* SYN_packet; extern RecordType* pcap_packet; extern EnumType* transport_proto; extern TableType* string_set; +extern TableType* count_set; extern RecordType* net_stats; @@ -61,11 +62,8 @@ extern int ssl_store_key_material; extern int ssl_max_cipherspec_size; extern StringVal* ssl_store_cert_path; extern StringVal* x509_trusted_cert_path; -extern TableType* cipher_suites_list; extern RecordType* x509_type; extern StringVal* x509_crl_file; -extern TableType* x509_extension; -extern TableType* SSL_sessionID; extern double non_analyzed_lifetime; extern double tcp_inactivity_timeout; diff --git a/src/SSL-binpac.cc b/src/SSL-binpac.cc index 551861aaee..e1b8147e0c 100644 --- a/src/SSL-binpac.cc +++ b/src/SSL-binpac.cc @@ -1,5 +1,3 @@ -// $Id:$ - #include "SSL-binpac.h" #include "TCP_Reassembler.h" #include "util.h" @@ -8,13 +6,10 @@ bool SSL_Analyzer_binpac::warnings_generated = false; SSL_Analyzer_binpac::SSL_Analyzer_binpac(Connection* c) -: TCP_ApplicationAnalyzer(AnalyzerTag::SSL_BINPAC, c) +: TCP_ApplicationAnalyzer(AnalyzerTag::SSL, c) { - ssl = new binpac::SSL::SSLAnalyzer; - ssl->set_bro_analyzer(this); - - records = new binpac::SSLRecordLayer::SSLRecordLayerAnalyzer; - records->set_ssl_analyzer(ssl); + interp = new binpac::SSL::SSLAnalyzer; + interp->set_bro_analyzer(this); if ( ! warnings_generated ) generate_warnings(); @@ -22,23 +17,21 @@ SSL_Analyzer_binpac::SSL_Analyzer_binpac(Connection* c) SSL_Analyzer_binpac::~SSL_Analyzer_binpac() { - delete records; - delete ssl; + delete interp; } void SSL_Analyzer_binpac::Done() { TCP_ApplicationAnalyzer::Done(); - records->FlowEOF(true); - records->FlowEOF(false); + interp->FlowEOF(true); + interp->FlowEOF(false); } void SSL_Analyzer_binpac::EndpointEOF(TCP_Reassembler* endp) { TCP_ApplicationAnalyzer::EndpointEOF(endp); - records->FlowEOF(endp->IsOrig()); - ssl->FlowEOF(endp->IsOrig()); + interp->FlowEOF(endp->IsOrig()); } void SSL_Analyzer_binpac::DeliverStream(int len, const u_char* data, bool orig) @@ -50,13 +43,13 @@ void SSL_Analyzer_binpac::DeliverStream(int len, const u_char* data, bool orig) if ( TCP()->IsPartial() ) return; - records->NewData(orig, data, data + len); + interp->NewData(orig, data, data + len); } void SSL_Analyzer_binpac::Undelivered(int seq, int len, bool orig) { TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); - records->NewGap(orig, len); + interp->NewGap(orig, len); } void SSL_Analyzer_binpac::warn_(const char* msg) diff --git a/src/SSL-binpac.h b/src/SSL-binpac.h index 79b8b4d7fa..7adbd42784 100644 --- a/src/SSL-binpac.h +++ b/src/SSL-binpac.h @@ -1,12 +1,9 @@ -// $Id:$ - #ifndef ssl_binpac_h #define ssl_binpac_h #include "TCP.h" #include "ssl_pac.h" -#include "ssl-record-layer_pac.h" class SSL_Analyzer_binpac : public TCP_ApplicationAnalyzer { public: @@ -23,11 +20,9 @@ public: static bool Available() { - return FLAGS_use_binpac && - (ssl_certificate_seen || ssl_certificate || - ssl_conn_attempt || ssl_conn_server_reply || - ssl_conn_established || ssl_conn_reused || - ssl_conn_alert); + return ( ssl_client_hello || ssl_server_hello || + ssl_established || ssl_extension || ssl_alert || + x509_certificate || x509_extension || x509_error ); } static bool warnings_generated; @@ -35,8 +30,7 @@ public: static void generate_warnings(); protected: - binpac::SSLRecordLayer::SSLRecordLayerAnalyzer* records; - binpac::SSL::SSLAnalyzer* ssl; + binpac::SSL::SSLAnalyzer* interp; }; #endif diff --git a/src/SSLCiphers.cc b/src/SSLCiphers.cc deleted file mode 100644 index 267e8998e3..0000000000 --- a/src/SSLCiphers.cc +++ /dev/null @@ -1,1073 +0,0 @@ -// $Id: SSLCiphers.cc 1678 2005-11-08 19:16:37Z vern $ - -#include "SSLCiphers.h" - -PDict(SSL_CipherSpec) SSL_CipherSpecDict; - -// --- definitions for ssl cipher handling ------------------------------------ - -SSL_CipherSpec SSL_CipherSpecs[] = { - // --- SSL 2.0 cipher specs - { SSL_CK_RC4_128_WITH_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv20, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 128 - }, - { SSL_CK_RC4_128_EXPORT40_WITH_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv20, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 88, - 40, - 128 - }, - { SSL_CK_RC2_128_CBC_WITH_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_RC2, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 128 - }, - { SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv20, - SSL_CIPHER_RC2, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 88, - 40, - 128 - }, - { SSL_CK_IDEA_128_CBC_WITH_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_IDEA, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 128 - }, - { SSL_CK_DES_64_CBC_WITH_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_DES, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 64, - 128 - }, - { SSL_CK_DES_192_EDE3_CBC_WITH_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_3DES, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 192, - 128 - }, - { SSL_CK_RC4_64_WITH_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv20, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 64, - 128 - }, - // --- SSL 3.0 / 3.1 cipher specs - { TLS_NULL_WITH_NULL_NULL, - SSL_CIPHER_TYPE_NULL, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_NULL, - SSL_KEY_EXCHANGE_NULL, - 0, - 0, - 0 - }, - { TLS_RSA_WITH_NULL_MD5, - SSL_CIPHER_TYPE_NULL, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 0, - 128 - }, - { TLS_RSA_WITH_NULL_SHA, - SSL_CIPHER_TYPE_NULL, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 0, - 160 - }, - { TLS_RSA_EXPORT_WITH_RC4_40_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA_EXPORT, - 0, - 40, - 128 - }, - { TLS_RSA_WITH_RC4_128_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 128 - }, - { TLS_RSA_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 160 - }, - { TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC2, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA_EXPORT, - 0, - 40, - 128 - }, - { TLS_RSA_WITH_IDEA_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_IDEA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 160 - }, - { TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES40, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA_EXPORT, - 0, - 40, - 160 - }, - { TLS_RSA_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 56, - 160 - }, - { TLS_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 168, - 160 - }, - { TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES40, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS_EXPORT, - 0, - 40, - 160 - }, - { TLS_DH_DSS_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 56, - 160 - }, - { TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 168, - 160 - }, - { TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES40, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA_EXPORT, - 0, - 168, - 160 - }, - { TLS_DH_RSA_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 56, - 160 - }, - { TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 168, - 160 - }, - { TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES40, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS_EXPORT, - 0, - 40, - 160 - }, - { TLS_DHE_DSS_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 56, - 160 - }, - { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 168, - 160 - }, - { TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES40, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA_EXPORT, - 0, - 40, - 160 - }, - { TLS_DHE_RSA_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 56, - 160 - }, - { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 168, - 160 - }, - { TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_DH_anon_EXPORT, - 0, - 40, - 128 - }, - { TLS_DH_anon_WITH_RC4_128_MD5, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 128, - 128 - }, - { TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES40, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 40, - 160 - }, - { TLS_DH_anon_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 56, - 160 - }, - { TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 168, - 160 - }, - { SSL_FORTEZZA_KEA_WITH_NULL_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_FORTEZZA_KEA, - 0, - 0, - 160 - }, - { SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30, - SSL_CIPHER_FORTEZZA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_FORTEZZA_KEA, - 0, - 96, - 160 - }, - - { SSL_RSA_WITH_RC2_CBC_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_RC2, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 56, - 160 - }, - { SSL_RSA_WITH_IDEA_CBC_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_IDEA, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 160 - }, - { SSL_RSA_WITH_DES_CBC_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_DES, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 56, - 160 - }, - { SSL_RSA_WITH_3DES_EDE_CBC_MD5, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv20, - SSL_CIPHER_3DES, - SSL_MAC_MD5, - SSL_KEY_EXCHANGE_RSA, - 0, - 168, - 160 - }, - - // --- special SSLv3 FIPS ciphers - { SSL_RSA_FIPS_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 56, - 160 - }, - { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 168, - 160 - }, - // --- new 56 bit export ciphers - { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA_EXPORT1024, - 0, - 56, - 160 - }, - { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA_EXPORT1024, - 0, - 56, - 160 - }, - { TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024, - 0, - 56, - 160 - }, - { TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024, - 0, - 56, - 160 - }, - { TLS_DHE_DSS_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_STREAM, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 128, - 160 - }, - // --- new AES ciphers - { TLS_RSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 160 - }, - { TLS_DH_DSS_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 128, - 160 - }, - { TLS_DH_RSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 128, - 160 - }, - { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 128, - 160 - }, - { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 128, - 160 - }, - { TLS_DH_anon_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 128, - 160 - }, - { TLS_RSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 256, - 160 - }, - { TLS_DH_DSS_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 256, - 160 - }, - { TLS_DH_RSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 256, - 160 - }, - { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 256, - 160 - }, - { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 256, - 160 - }, - { TLS_DH_anon_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 256, - 160 - }, - { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 160 - }, - { TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 128, - 160 - }, - { TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 128, - 160 - }, - { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 128, - 160 - }, - { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 128, - 160 - }, - { TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 128, - 160 - }, - { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 256, - 160 - }, - { TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 256, - 160 - }, - { TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 256, - 160 - }, - { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 256, - 160 - }, - { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 256, - 160 - }, - { TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_CAMELLIA, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 256, - 160 - }, - { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - 168, - 160 - }, - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - 128, - 160 - }, - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - 256, - 160 - }, - { TLS_ECDHE_ECDSA_WITH_NULL_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - 0, - 160 - }, - { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_ECDSA, - 0, - 128, - 160 - }, - { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_RSA, - 0, - 168, - 160 - }, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_RSA, - 0, - 128, - 160 - }, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_RSA, - 0, - 256, - 160 - }, - { TLS_ECDHE_RSA_WITH_NULL_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_RSA, - 0, - 0, - 160 - }, - { TLS_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDHE_RSA, - 0, - 128, - 160 - }, - { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ECDSA, - 0, - 168, - 160 - }, - { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ECDSA, - 0, - 128, - 160 - }, - { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ECDSA, - 0, - 256, - 160 - }, - { TLS_ECDH_ECDSA_WITH_NULL_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ECDSA, - 0, - 0, - 160 - }, - { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_ECDSA, - 0, - 128, - 160 - }, - { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_RSA, - 0, - 168, - 160 - }, - { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_RSA, - 0, - 128, - 160 - }, - { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_RSA, - 0, - 256, - 160 - }, - { TLS_ECDH_RSA_WITH_NULL_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_RSA, - 0, - 0, - 160 - }, - { TLS_ECDH_RSA_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_RSA, - 0, - 128, - 160 - }, - { TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_3DES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_anon, - 0, - 168, - 160 - }, - { TLS_ECDH_anon_WITH_AES_128_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_anon, - 0, - 128, - 160 - }, - { TLS_ECDH_anon_WITH_AES_256_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_AES, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_anon, - 0, - 256, - 160 - }, - { TLS_ECDH_anon_WITH_NULL_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_anon, - 0, - 0, - 160 - }, - { TLS_ECDH_anon_WITH_RC4_128_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_RC4, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_ECDH_anon, - 0, - 128, - 160 - }, - { TLS_RSA_WITH_SEED_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_SEED, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_RSA, - 0, - 128, - 160 - }, - { TLS_DH_DSS_WITH_SEED_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_SEED, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_DSS, - 0, - 128, - 160 - }, - { TLS_DH_RSA_WITH_SEED_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_SEED, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_RSA, - 0, - 128, - 160 - }, - { TLS_DHE_DSS_WITH_SEED_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_SEED, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_DSS, - 0, - 128, - 160 - }, - { TLS_DHE_RSA_WITH_SEED_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_SEED, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DHE_RSA, - 0, - 128, - 160 - }, - { TLS_DH_anon_WITH_SEED_CBC_SHA, - SSL_CIPHER_TYPE_BLOCK, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_SEED, - SSL_MAC_SHA, - SSL_KEY_EXCHANGE_DH_anon, - 0, - 128, - 160 - }, - - { TLS_EMPTY_RENEGOTIATION_INFO_SCSV, - SSL_CIPHER_TYPE_NULL, - SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, - SSL_CIPHER_NULL, - SSL_MAC_NULL, - SSL_KEY_EXCHANGE_NULL, - 0, - 0, - 0 - }, - - -}; - -const uint SSL_CipherSpecs_Count = - sizeof(SSL_CipherSpecs) / sizeof(SSL_CipherSpec); diff --git a/src/SSLCiphers.h b/src/SSLCiphers.h deleted file mode 100644 index 12b3ecc0aa..0000000000 --- a/src/SSLCiphers.h +++ /dev/null @@ -1,367 +0,0 @@ -// $Id: SSLCiphers.h 1678 2005-11-08 19:16:37Z vern $ - -#ifndef SSL_CIPHERS_H -#define SSL_CIPHERS_H - -#include "Dict.h" - -// --- definitions for sslv3x cipher handling --------------------------------- - -/*! - * In SSLv2, a cipher spec consists of three bytes. - */ -enum SSLv2_CipherSpec { - // --- standard SSLv2 ciphers - SSL_CK_RC4_128_WITH_MD5 = 0x010080, - SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080, - SSL_CK_RC2_128_CBC_WITH_MD5 = 0x030080, - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080, - SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x050080, - SSL_CK_DES_64_CBC_WITH_MD5 = 0x060040, - SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0, - SSL_CK_RC4_64_WITH_MD5 = 0x080080 -}; - - -/*! - * In SSLv3x, a cipher spec consists of two bytes. - */ -enum SSL3_1_CipherSpec { - // --- standard SSLv3x ciphers - TLS_NULL_WITH_NULL_NULL = 0x0000, - TLS_RSA_WITH_NULL_MD5 = 0x0001, - TLS_RSA_WITH_NULL_SHA = 0x0002, - TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003, - TLS_RSA_WITH_RC4_128_MD5 = 0x0004, - TLS_RSA_WITH_RC4_128_SHA = 0x0005, - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006, - TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007, - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008, - TLS_RSA_WITH_DES_CBC_SHA = 0x0009, - TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B, - TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C, - TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E, - TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F, - TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, - TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011, - TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012, - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014, - TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, - TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017, - TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018, - TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019, - TLS_DH_anon_WITH_DES_CBC_SHA = 0x001A, - TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B, - // --- special SSLv3 ciphers - SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C, - SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D, - //SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x001E, - // -- RFC 2712 (ciphers not fully described in SSLCiphers.cc) - TLS_KRB5_WITH_DES_CBC_SHA = 0x001E, - TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F, - TLS_KRB5_WITH_RC4_128_SHA = 0x0020, - TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021, - TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022, - TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023, - TLS_KRB5_WITH_RC4_128_MD5 = 0x0024, - TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025, - TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026, - TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027, - TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028, - TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029, - TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A, - TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B, - - // --- new AES ciphers - TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, - TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030, - TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, - TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034, - TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, - TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, - TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, - TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A, - TLS_RSA_WITH_NULL_SHA256 = 0x003B, - TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, - TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, - TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E, - TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040, - // -- RFC 4132 - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041, - TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042, - TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043, - TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044, - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045, - TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046, - // -- Non-RFC. Widely deployed implementation (ciphers not fully described in SSLCiphers.cc) - TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060, - TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061, - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062, - TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063, - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064, - TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065, - TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066, - // -- RFC 5246 (ciphers not fully described in SSLCiphers.cc) - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067, - TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068, - TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, - TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C, - TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D, - // -- RFC 5932 - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084, - TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085, - TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086, - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087, - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088, - TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089, - // -- RFC 4279 (ciphers not fully described in SSLCiphers.cc) - TLS_PSK_WITH_RC4_128_SHA = 0x008A, - TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B, - TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C, - TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D, - TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E, - TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F, - TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090, - TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091, - TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092, - TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093, - TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094, - TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095, - // -- RFC 4162 - TLS_RSA_WITH_SEED_CBC_SHA = 0x0096, - TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097, - TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098, - TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099, - TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A, - TLS_DH_anon_WITH_SEED_CBC_SHA = 0x009B, - // -- RFC 5288 (ciphers not fully described in SSLCiphers.cc) - TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C, - TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D, - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E, - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F, - TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0, - TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1, - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2, - TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3, - TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4, - TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5, - TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6, - TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7, - // -- RFC 5487 (ciphers not fully described in SSLCiphers.cc) - TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8, - TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9, - TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA, - TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB, - TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC, - TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD, - TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE, - TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF, - TLS_PSK_WITH_NULL_SHA256 = 0x00B0, - TLS_PSK_WITH_NULL_SHA384 = 0x00B1, - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2, - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3, - TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4, - TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5, - TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6, - TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7, - TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8, - TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9, - // -- RFC 5932 (ciphers not fully described in SSLCiphers.cc) - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA, - TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB, - TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC, - TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD, - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE, - TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF, - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0, - TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1, - TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2, - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3, - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4, - TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5, - // -- RFC 4492 - TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001, - TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002, - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005, - TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006, - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007, - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A, - TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B, - TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C, - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E, - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F, - TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010, - TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011, - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, - TLS_ECDH_anon_WITH_NULL_SHA = 0xC015, - TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016, - TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017, - TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018, - TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019, - // -- RFC 5054 (ciphers not fully described in SSLCiphers.cc) - TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A, - TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B, - TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C, - TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D, - TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E, - TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F, - TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020, - TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021, - TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022, - // -- RFC 5289 (ciphers not fully described in SSLCiphers.cc) - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029, - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A, - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C, - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D, - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030, - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031, - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032, - // -- RFC 5489 (ciphers not fully described in SSLCiphers.cc) - TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033, - TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034, - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035, - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036, - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037, - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038, - TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039, - TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A, - TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B, - - // --- special SSLv3 FIPS ciphers - SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE, - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF, - SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1, - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0, - - // Tags for SSL 2 cipher kinds which are not specified for SSL 3. - SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80, - SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81, - SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82, - SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83, - - TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF, -}; - -enum SSL_CipherType { - SSL_CIPHER_TYPE_STREAM, - SSL_CIPHER_TYPE_BLOCK, - SSL_CIPHER_TYPE_NULL -}; - -enum SSL_BulkCipherAlgorithm { - SSL_CIPHER_NULL, - SSL_CIPHER_RC4, - SSL_CIPHER_RC2, - SSL_CIPHER_DES, - SSL_CIPHER_3DES, - SSL_CIPHER_DES40, - SSL_CIPHER_FORTEZZA, - SSL_CIPHER_IDEA, - SSL_CIPHER_AES, - SSL_CIPHER_CAMELLIA, - SSL_CIPHER_SEED, -}; - -enum SSL_MACAlgorithm { - SSL_MAC_NULL, - SSL_MAC_MD5, - SSL_MAC_SHA -}; - -enum SSL_KeyExchangeAlgorithm { - SSL_KEY_EXCHANGE_NULL, - SSL_KEY_EXCHANGE_RSA, - SSL_KEY_EXCHANGE_RSA_EXPORT, - SSL_KEY_EXCHANGE_DH, - SSL_KEY_EXCHANGE_DH_DSS, - SSL_KEY_EXCHANGE_DH_DSS_EXPORT, - SSL_KEY_EXCHANGE_DH_RSA, - SSL_KEY_EXCHANGE_DH_RSA_EXPORT, - SSL_KEY_EXCHANGE_DHE_DSS, - SSL_KEY_EXCHANGE_DHE_DSS_EXPORT, - SSL_KEY_EXCHANGE_DHE_RSA, - SSL_KEY_EXCHANGE_DHE_RSA_EXPORT, - SSL_KEY_EXCHANGE_DH_anon, - SSL_KEY_EXCHANGE_DH_anon_EXPORT, - SSL_KEY_EXCHANGE_FORTEZZA_KEA, - // --- new 56 bit export ciphers - SSL_KEY_EXCHANGE_RSA_EXPORT1024, - SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024, - // -- Elliptic Curve key change algorithms (rfc4492) - SSL_KEY_EXCHANGE_ECDH_ECDSA, - SSL_KEY_EXCHANGE_ECDHE_ECDSA, - SSL_KEY_EXCHANGE_ECDH_RSA, - SSL_KEY_EXCHANGE_ECDHE_RSA, - SSL_KEY_EXCHANGE_ECDH_anon, -}; - -#if 0 -struct SSL_CipherSpecImprove { - uint32 identifier; - - // SSL_CipherType cipherType; - SSL_BulkCipherAlgorithm encryptionAlgorithm; - SSL_BulkCipherAlgorithm authenticationAlgorithm; - SSL_BulkCipherAlgorithm keyAlgorithm; - SSL_MACAlgorithm macAlgorithm; - - int clearkeySize; - int encryptedkeySize; - uint32 flags; // IsExportable IsSSLv2 IsSSLv30 IsSSLv31 - const char* fullName = "TLS_WITH_NULL_NULL"; - -}; -#endif - -struct SSL_CipherSpec { - uint32 identifier; ///< type code of the CIPHER-SPEC (2 or 3 Bytes) - - SSL_CipherType cipherType; - uint32 flags; - SSL_BulkCipherAlgorithm bulkCipherAlgorithm; - SSL_MACAlgorithm macAlgorithm; - SSL_KeyExchangeAlgorithm keyExchangeAlgorithm; - - int clearKeySize; ///< size in bits of plaintext part of master key - int encryptedKeySize; ///< size in bits of encrypted part of master key - int hashSize; -}; - -const uint32 SSL_FLAG_EXPORT = 0x0001; ///< set if exportable cipher -const uint32 SSL_FLAG_SSLv20 = 0x0002; ///< set if cipher defined for SSLv20 -const uint32 SSL_FLAG_SSLv30 = 0x0004; ///< set if cipher defined for SSLv30 -const uint32 SSL_FLAG_SSLv31 = 0x0008; ///< set if cipher defined for SSLv31 - -declare(PDict, SSL_CipherSpec); -extern PDict(SSL_CipherSpec) SSL_CipherSpecDict; -extern SSL_CipherSpec SSL_CipherSpecs[]; -extern const uint SSL_CipherSpecs_Count; - -#endif diff --git a/src/SSLDefines.h b/src/SSLDefines.h deleted file mode 100644 index 331a03157a..0000000000 --- a/src/SSLDefines.h +++ /dev/null @@ -1,48 +0,0 @@ -// $Id: SSLDefines.h 80 2004-07-14 20:15:50Z jason $ - -// Defines the states and transitions in the ssl-protocol-machine. - -#ifndef SSL_DEFINES_H -#define SSL_DEFINES_H - -const int SSL3_1_NUM_STATES = 20; -enum SSL3_1_States { - SSL3_1_STATE_ERROR = 0, - SSL3_1_STATE_INIT = 1, - SSL3_1_STATE_SERVER_HELLO_REQ_SENT = 2, - SSL3_1_STATE_CLIENT_HELLO_SENT = 3, - SSL3_1_STATE_SERVER_HELLO_SENT = 4, - SSL3_1_STATE_SERVER_CERT_SENT = 5, - SSL3_1_STATE_SERVER_KEY_EXCHANGE_SENT = 6, - SSL3_1_STATE_SERVER_CERT_REQ_SENT = 7, - SSL3_1_STATE_SERVER_HELLO_DONE_SENT_A = 8, - SSL3_1_STATE_SERVER_HELLO_DONE_SENT_B = 9, - SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_A = 10, - SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_B = 11, - SSL3_1_STATE_CLIENT_CERT_SENT = 12, - SSL3_1_STATE_CLIENT_CERT_VERIFY_SENT = 13, - SSL3_1_STATE_CLIENT_FIN_SENT_A = 14, - SSL3_1_STATE_SERVER_FIN_SENT_A = 15, - SSL3_1_STATE_CLIENT_FIN_SENT_B = 16, - SSL3_1_STATE_SERVER_FIN_SENT_B = 17, - SSL3_1_STATE_HS_FIN_A = 18, - SSL3_1_STATE_HS_FIN_B = 19 -}; - -const int SSL3_1_NUM_TRANS = 11; -enum SSL_3_1_Transitions { - SSL3_1_TRANS_SERVER_HELLO_REQ = 0, - SSL3_1_TRANS_CLIENT_HELLO = 1, - SSL3_1_TRANS_SERVER_HELLO = 2, - SSL3_1_TRANS_SERVER_CERT = 3, - SSL3_1_TRANS_SERVER_KEY_EXCHANGE = 4, - SSL3_1_TRANS_SERVER_CERT_REQ = 5, - SSL3_1_TRANS_SERVER_HELLO_DONE = 6, - SSL3_1_TRANS_CLIENT_CERT = 3, - SSL3_1_TRANS_CLIENT_KEY_EXCHANGE = 7, - SSL3_1_TRANS_CLIENT_CERT_VERIFY = 8, - SSL3_1_TRANS_CLIENT_FIN = 9, - SSL3_1_TRANS_SERVER_FIN = 10 -}; - -#endif diff --git a/src/SSLInterpreter.cc b/src/SSLInterpreter.cc deleted file mode 100644 index 7e185c9e7f..0000000000 --- a/src/SSLInterpreter.cc +++ /dev/null @@ -1,553 +0,0 @@ -// $Id: SSLInterpreter.cc 5988 2008-07-19 07:02:12Z vern $ - -#include "SSLInterpreter.h" -#include "SSLv2.h" - -#include "X509.h" - -#include -#include -#include - -declare(PDict, CertStore); -PDict(CertStore) cert_states; - -// --- Initalization of static variables -------------------------------------- - -uint32 SSL_Interpreter::analyzedCertificates = 0; -uint32 SSL_Interpreter::verifiedCertificates = 0; -uint32 SSL_Interpreter::failedCertificates = 0; -uint32 SSL_Interpreter::certificateChains = 0; - -// --- SSL_Interpreter -------------------------------------------------------- - -/*! - * The constructor. - * - * \param proxy Pointer to the SSLProxy_Analyzer which created this instance. - */ -SSL_Interpreter::SSL_Interpreter(SSLProxy_Analyzer* proxy) - { - this->proxy = proxy; - } - -/*! - * The destructor. - */ -SSL_Interpreter::~SSL_Interpreter() - { - delete orig; - delete resp; - } - -/*! - * Analogous to TCP_Connection::Init(), this method calls - * BuildInterpreterEndpoints() to create the corresponding endpoints. - */ -void SSL_Interpreter::Init() - { - BuildInterpreterEndpoints(); - orig->SetPeer(resp); - resp->SetPeer(orig); - } - -/*! - * This method analyzes a given certificate (chain), using the OpenSSL library. - * - * \param s Pointer to the SSL_InterpreterEndpoint which received the - * cerificate (chain). - * \param data Pointer to the data block which contains the certificate (chain). - * \param length Size of the data block. - * \param type the certificate type - * \param isChain false if data is pointing to a single certificate, - * true if data is pointing to a certificate chain - * mod by scott in: - * uint32 ip_address = *(s->proxyEndpoint->Endpoint()->dst_addr); - * uint16 port = (uint16) s->proxyEndpoint->Endpoint()->conn->RespPort(); - * inserting endpoint - */ -void SSL_Interpreter::analyzeCertificate(SSL_InterpreterEndpoint* s, - const u_char* data, int length, uint8 type, bool isChain) - { - // See if we should continue with this certificate. - if ( ssl_certificate_seen ) - { - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(new Val(! s->IsOrig(), TYPE_BOOL)); - proxy->ConnectionEvent(ssl_certificate_seen, vl); - } - - ++analyzedCertificates; - - const u_char* pCert = data; - uint32 certLength = length; - uint certCount = 0; - - if ( isChain ) - { - ++certificateChains; - - // Sum of all cert sizes has to match certListLength. - int tempLength = 0; - while ( tempLength < length ) - { - ++certCount; - uint32 certLength = - uint32((data[tempLength + 0] << 16) | - data[tempLength + 1] << 8) | - data[tempLength + 2]; - - tempLength += certLength + 3; - } - - if ( tempLength > length ) - { - Weird( "SSLv3x: sum of size of certificates doesn't match size of certificate chain" ); - return; - } - - // Get the first certificate. - pCert = data + 3; - certLength = uint32((data[0] << 16) | data[1] << 8) | data[2]; - } - - // Create a hashsum of the current certificate. - hash_t hashsum = HashKey::HashBytes(pCert, certLength); - - if ( ! proxy->TCP() ) - return; - - TCP_Endpoint* endp = s->IsOrig() ? proxy->TCP()->Orig() : proxy->TCP()->Resp(); - - // Check if we've seen a certificate from this addr/port before. - uint8 key[6]; - // ### Won't work for IPv6. - uint32 ip_address = *(endp->dst_addr); - uint16 port = uint16(proxy->Conn()->RespPort()); - memcpy(key, &ip_address, 4); - memcpy(&key[4], &port, 2); - - HashKey h(key, sizeof(key)); - CertStore* pCertState = 0; - pCertState = (CertStore*) cert_states.Lookup(&h); - if ( ! pCertState ) - { // new address - pCertState = new CertStore(ip_address, port, hashsum, certLength); - cert_states.Insert(&h, pCertState); - } - else - { - // We've seen this address/certificate before. Check if - // certificate changed. - if ( ! pCertState->isSameCert(hashsum, certLength) ) - { - // This shouldn't happen; ### make a stronger error. - Weird("SSL: Certificate changed for this ip+port !!!"); - - // Update status. - ++pCertState->changes; - pCertState->certHash = hashsum; - pCertState->certSize = certLength; - pCertState->isValid = -1; - } - else - { // cert didn't change - if ( pCertState->isValid == 0 ) - { - // This is an invalid cert, but we - // warned before. - } - - // Save time - don't analyze it any further. - return; - } - } - - // Certificate verification. - if ( ssl_verify_certificates != 0 ) - { - ++verifiedCertificates; - int invalid = 0; - switch ( type ) { - case SSLv2_CT_X509_CERTIFICATE: - if ( ! isChain ) - invalid = X509_Cert::verify(s->GetProxyEndpoint(), - pCert, certLength); - else - invalid = X509_Cert::verifyChain(s->GetProxyEndpoint(), - data, length); - break; - - default: - Weird("SSL: Unknown CERTIFICATE-TYPE!"); - invalid = 1; // quick 'n dirty :) - break; - } - - if ( invalid ) - { - proxy->Weak("SSL: Certificate check FAILED!"); - pCertState->isValid = 0; - ++failedCertificates; - } - else - pCertState->isValid = 1; - } - - // Store the certificate. - if ( ssl_store_certificates != 0 ) - { - // Let's hope the address is currently in network byte order! - in_addr addr; - addr.s_addr = ip_address; - char* pDummy = inet_ntoa(addr); - char sFileName[PATH_MAX]; - - if ( ssl_store_cert_path && - ssl_store_cert_path->AsString()->Len() > 0 ) - { - const BroString* pString = ssl_store_cert_path->AsString(); - safe_snprintf(sFileName, PATH_MAX, "%s/cert.%s-server-c%i.der", - pString->Bytes(), pDummy, pCertState->changes); - } - else - safe_snprintf(sFileName, PATH_MAX, "cert.%s-server-c%i.der", - pDummy, pCertState->changes); - - FILE* certFile = fopen(sFileName, "wb"); - if ( ! certFile ) - { - Weird(fmt("SSL_Interpreter::analyzeCertificate(): Error opening '%s'!\n", sFileName)); - return; - } - - fwrite(pCert, 1, certLength, certFile); - fclose(certFile); - } - - // TODO: test if cert is valid for the address we got it from. - } - - -/*! - * \return the originating SSL_InterpreterEndpoint - */ -SSL_InterpreterEndpoint* SSL_Interpreter::Orig() const - { - return orig; - } - -/*! - * \return the responding SSL_InterpreterEndpoint - */ -SSL_InterpreterEndpoint* SSL_Interpreter::Resp() const - { - return resp; - } - -/*! - * \param p Pointer to an SSL_InterpreterEndpoint to test - * - * \return true if p is the originating SSL_InterpreterEndpoint, - * false otherwise - */ -int SSL_Interpreter::Is_Orig(SSL_InterpreterEndpoint* p) const - { - return p == orig; - } - -/*! - * \return the responding SSL_InterpreterEndpoint - */ -SSLProxy_Analyzer* SSL_Interpreter::Proxy() const - { - return proxy; - } - -/*! - * This methods prints a string into the "weird" log file. - * - * \param name String to log into the "weird" file. - */ -void SSL_Interpreter::Weird(const char* name) const - { - proxy->Weird(name); - } - -/*! - * Prints some counters. - */ -void SSL_Interpreter::printStats() - { - printf("SSL_Interpreter:\n"); - printf("analyzedCertificates = %u\n", analyzedCertificates); - printf("verifiedCertificates = %u\n", verifiedCertificates); - printf("failedCertificates = %u\n", failedCertificates); - printf("certificateChains = %u\n", certificateChains); - } - -/*! - * Wrapper function for the event ssl_conn_attempt. - * - * \param sslVersion the SSL version for which the event occured - * - * \see SSLProxy_Analyzer::SSL_Versions - */ -void SSL_Interpreter::fire_ssl_conn_attempt(uint16 sslVersion, - TableVal* currentCipherSuites) - { - EventHandlerPtr event = ssl_conn_attempt; - if ( event ) - { - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(new Val(sslVersion, TYPE_INT)); - vl->append(currentCipherSuites); - - proxy->ConnectionEvent(event, vl); - } - } - -/*! - * Wrapper function for the event ssl_conn_server_reply. - * - * \param sslVersion the SSL version for which the event occured - * - * \see SSLProxy_Analyzer::SSL_Versions - */ -void SSL_Interpreter::fire_ssl_conn_server_reply(uint16 sslVersion, - TableVal* currentCipherSuites) - { - EventHandlerPtr event = ssl_conn_server_reply; - if ( event ) - { - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(new Val(sslVersion, TYPE_INT)); - vl->append(currentCipherSuites); - - proxy->ConnectionEvent(event, vl); - } - } - -/*! - * Wrapper function for the event ssl_conn_established. - * - * \param sslVersion the SSL version for which the event occured - * \param cipherSuite constant indicating the used SSL cipher suite - * - * \see SSLProxy_Analyzer::SSL_Versions, SSLv2_CipherSpecs and SSL3_1_CipherSpec. - */ -void SSL_Interpreter::fire_ssl_conn_established(uint16 sslVersion, - uint32 cipherSuite) - { - EventHandlerPtr event = ssl_conn_established; - if ( event ) - { - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(new Val(sslVersion, TYPE_INT)); - vl->append(new Val(cipherSuite, TYPE_COUNT)); - - proxy->ConnectionEvent(event, vl); - } - - } - -/*! - * Wrapper function for the event ssl_conn_reused - * - * \param pData Pointer to a SSL_DataBlock which contains the SSL session ID - * of the originating ssl session. - */ -void SSL_Interpreter::fire_ssl_conn_reused(const SSL_DataBlock* pData) - { - EventHandlerPtr event = ssl_conn_reused; - if ( event ) - { - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(MakeSessionID(pData->data, pData->len)); - proxy->ConnectionEvent(event, vl); - } - } - -/*! - * Wrapper function for the event ssl_conn_alert - * - * \param sslVersion the SSL version for which the event occured - * \param level constant indicating the level of severity - * \param description constant indicating the type of alert/error - * - * \see SSLProxy_Analyzer::SSL_Versions, SSL3x_AlertLevel, SSL3_1_AlertDescription - * and SSLv2_ErrorCodes. - */ -void SSL_Interpreter::fire_ssl_conn_alert(uint16 sslVersion, uint16 level, - uint16 description) - { - if ( ssl_conn_alert ) - { - EventHandlerPtr event = ssl_conn_alert; - if ( event ) - { - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(new Val(sslVersion, TYPE_INT)); - vl->append(new Val(level, TYPE_COUNT)); - vl->append(new Val(description, TYPE_COUNT)); - - proxy->ConnectionEvent(event, vl); - } - } - } - -// Generate a session ID table. Returns an empty table -// if len is zero. -TableVal* SSL_Interpreter::MakeSessionID(const u_char* data, int len) - { - TableVal* sessionIDTable = new TableVal(SSL_sessionID); - - if ( ! len ) - return sessionIDTable; - - for ( int i = 0; i < len; i += 4 ) - { - uint32 temp = (data[i] << 24) | (data[i + 1] << 16) | - (data[i + 2] << 8) | data[i + 3]; - - Val* index = new Val(i / 4, TYPE_COUNT); - - sessionIDTable->Assign(index, new Val(temp, TYPE_COUNT)); - - Unref(index); - } - - return sessionIDTable; - } - - -//--- SSL_InterpreterEndpoint ------------------------------------------------- - -/*! - * The constructor. - * - * \param interpreter Pointer to the instance of an SSL_Interpreter to which - * this endpoint belongs to. - * \param is_orig true if this endpoint is the originator of the connection, - * false otherwise - * SC: an adjustment was made here since the endpoints are now assosciated with - * TCP_Contents base objects rather than TCP_Endpoint. - */ -SSL_InterpreterEndpoint::SSL_InterpreterEndpoint(SSL_Interpreter* arg_interpreter, - bool arg_is_orig ) - { - interpreter = arg_interpreter; - is_orig = arg_is_orig; - proxyEndpoint = new Contents_SSL(interpreter->Proxy()->Conn(), is_orig); - ourProxyEndpoint = true; - } - -/*! - * The destructor. - */ -SSL_InterpreterEndpoint::~SSL_InterpreterEndpoint() - { - SetProxyEndpoint(0); - } - -/*! - * \return true if there's currently data pending for this endpoint, - * false otherwise - */ -bool SSL_InterpreterEndpoint::isDataPending() - { - return proxyEndpoint->isDataPending(); - } - -/*! - * Sets the peer of this endpoint. - * - * \param p Pointer to an interpreter endpoint which will be set as the peer - * of this endpoint. - */ -void SSL_InterpreterEndpoint::SetPeer(SSL_InterpreterEndpoint* p) - { - peer = p; - } - -/*! - * Sets the proxy endpoint of this endpoint. - * - * \param p Pointer to a Contents_SSL analyzer which will be set as the proxy endpoint - * of this endpoint. - */ -void SSL_InterpreterEndpoint::SetProxyEndpoint(Contents_SSL* p) - { - if ( ourProxyEndpoint ) - { - proxyEndpoint->Done(); - delete proxyEndpoint; - ourProxyEndpoint = false; - } - - proxyEndpoint = p; - } - -/*! - * \return is_orig true if this endpoint is the originator of the connection, - * false otherwise - */ -int SSL_InterpreterEndpoint::IsOrig() const - { - return is_orig; - } - -/*! - * \return the peer of this endpoint - */ -SSL_InterpreterEndpoint* SSL_InterpreterEndpoint::Peer() const - { - return peer; - } - -/*! - * \return the interpreter of this endpoint - */ -SSL_Interpreter* SSL_InterpreterEndpoint::Interpreter() const - { - return interpreter; - } - -// --- CertStore -------------------------------------------------------------- - -/* - * The constructor. - * - * \param ip ip adress where this certificate came from - * \param port port number where this certificate came from - * \param hash hahssum for this certificate - * \param size of this certificate in bytes - */ -CertStore::CertStore(uint32 ip, uint32 arg_port, hash_t hash, int size) - { - ip_addr = ip; - certHash = hash; - certSize = size; - isValid = -1; - changes = 0; - port = arg_port; - } - -/* - * This method can be used to compare certificates by certain criterias. - * - * \param hash hashsum of the certificate to compare - * \param size size of the certificate to compare - * - * \return true if the criterias match, false otherwise - */ -bool CertStore::isSameCert(hash_t hash, int length) - { - return hash == certHash && length == certSize; - } diff --git a/src/SSLInterpreter.h b/src/SSLInterpreter.h deleted file mode 100644 index 27ef2500d5..0000000000 --- a/src/SSLInterpreter.h +++ /dev/null @@ -1,142 +0,0 @@ -// $Id: SSLInterpreter.h 5988 2008-07-19 07:02:12Z vern $ - -#ifndef sslinterpreter_h -#define sslinterpreter_h - -#include "util.h" -#include "SSLProxy.h" - -// --- forward declarations ---------------------------------------------------- - -class SSLProxy_Analyzer; -class Contents_SSL; -class SSL_InterpreterEndpoint; -class SSL_DataBlock; - -// --- SSL_Interpreter -------------------------------------------------------- - -/*! - * \brief This class is the abstract base-class for the different ssl - * interpreters used for the different ssl versions. - * - * Since there is currently no support in Bro for a change of the connection - * type (IMAP -> TLS, for example), we decided not to inherit from the class - * Connection. This way, we can easily switch to SSLv3x after we've seen (and - * analyzed) a SSLv2 client hello record with a version number > SSLv2. - * - * There currently two (non-abstract) interpreters: SSLv2_Interpreter and - * SSLv3_Interpreter. The first one supports SSL 2.0, the second one supports - * both SSL 3.0 and SSL 3.1/TLS 1.0. - * - * See SSLProxy_Analyzer for additional information. - */ -class SSL_Interpreter { -public: - SSL_Interpreter(SSLProxy_Analyzer* proxy); - virtual ~SSL_Interpreter(); - - static uint32 analyzedCertificates; ///< how often analyzeCertificate() has been called - static uint32 verifiedCertificates; ///< how many certificates have actually been verified - static uint32 failedCertificates; ///< how many certificates have failed verification - static uint32 certificateChains; ///< counter for certificate chains - - // In order to initialize the correct SSL_InterpreterEndpoints, - // override it in the corresponding subclass. - virtual void BuildInterpreterEndpoints() = 0; - virtual void Init(); - - SSL_InterpreterEndpoint* Orig() const; - SSL_InterpreterEndpoint* Resp() const; - SSLProxy_Analyzer* Proxy() const; - int Is_Orig(SSL_InterpreterEndpoint* p) const; - - virtual void analyzeCertificate(SSL_InterpreterEndpoint* s, - const u_char* data, int length, - uint8 type, bool isChain); - - void Weird(const char* name) const; - - static void printStats(); - - void fire_ssl_conn_attempt(uint16 sslVersion, - TableVal* currentCipherSuites); - void fire_ssl_conn_server_reply(uint16 sslVersion, - TableVal* currentCipherSuites); - void fire_ssl_conn_established(uint16 sslVersion, uint32 cipherSuite); - void fire_ssl_conn_reused(const SSL_DataBlock* pData); - void fire_ssl_conn_alert(uint16 sslVersion, uint16 level, - uint16 description); - -protected: - TableVal* MakeSessionID(const u_char* data, int len); - - SSLProxy_Analyzer* proxy; - SSL_InterpreterEndpoint* orig; - SSL_InterpreterEndpoint* resp; -}; - -// --- SSL_InterpreterEndpoint ------------------------------------------------ - -/*! - * \brief This abstract class represents the SSL_InterpreterEndpoints for the - * SSL_Interpreter. - * - * The key-method is Deliver() which receives the ssl records - * from the SSLProxy_Analyzer. So overwrite the Deliver()-method and do - * whatever analysis on the record content (and/or pass it to the corresponding - * SSL_Interpreter). - */ -class SSL_InterpreterEndpoint { -public: - SSL_InterpreterEndpoint(SSL_Interpreter* interpreter, bool is_orig); - virtual ~SSL_InterpreterEndpoint(); - - /**This method is called by corresponding SSLProxy_Analyzer and - * delivers the data. - * @param t time, when the segment was received by bro (?) - * @param len length of TCP-Segment - * @param data content of TCP-Segment - */ - virtual void Deliver(int len, const u_char* data) = 0; - bool isDataPending(); - void SetPeer(SSL_InterpreterEndpoint* p); - int IsOrig() const; - SSL_InterpreterEndpoint* Peer() const; - SSL_Interpreter* Interpreter() const; - - Contents_SSL* GetProxyEndpoint() { return proxyEndpoint; } - - void SetProxyEndpoint(Contents_SSL* proxyEndpoint); - -protected: - SSL_Interpreter* interpreter; ///< Pointer to the SSL_Interpreter to which this endpoint belongs to - SSL_InterpreterEndpoint* peer; ///< Pointer to the peer of this endpoint - Contents_SSL* proxyEndpoint; ///< Pointer to the corresponding Contents_SSL - bool ourProxyEndpoint; // true if we need to delete the proxyEndpoint - int is_orig; ///< true if this endpoint is the originator of the connection, false otherwise -}; - -// --- class CertStore -------------------------------------------------------- -/*! - * \brief This class is used to store some information about a X509 certificate. - * - * To save memory, we only store some characteristic criterias about a - * certificate, that's currently it's size and a hashsum. - * - * \note This class is currently experimental. - */ -class CertStore { -public: - uint32 ip_addr; ///< ip address where this certificate is from - uint32 port; ///< port number where this certificate is from - - int certSize; ///< size of the certificate in bytes - hash_t certHash; ///< hashsum obver the entire certificate - int isValid; ///< boolean value indicating if the certificate is valid - int changes; ///< counter for how often this certificate has changed for the above ip + port number - - CertStore(uint32 ip, uint32 port, hash_t hash, int size); - bool isSameCert(hash_t hash, int length); -}; - -#endif diff --git a/src/SSLProxy.cc b/src/SSLProxy.cc deleted file mode 100644 index 85fd29898f..0000000000 --- a/src/SSLProxy.cc +++ /dev/null @@ -1,830 +0,0 @@ -// $Id: SSLProxy.cc 6008 2008-07-23 00:24:22Z vern $ - -#include "SSLProxy.h" -#include "SSLv3.h" -#include "SSLv2.h" - -// --- Initalization of static variables -------------------------------------- - -uint SSLProxy_Analyzer::totalPackets = 0; -uint SSLProxy_Analyzer::totalRecords = 0; -uint SSLProxy_Analyzer::nonSSLConnections = 0; - -// --- SSL_DataBlock -------------------------------------------------------- - -/*! - * This constructor will allocate a block of data on the heap. If min_len is - * given, it will determine the minimum size of the new block. The data block - * referenced by data will be then be copied into the new block. - * - * \param data Pointer to the data which will be copied into the newly - * allocated heap block. - * \param len Length of the data block to copy. - * \param min_len The minimum size of data to allocate on the heap, can be omitted. - */ - -SSL_DataBlock::SSL_DataBlock(const u_char* arg_data, int len, int min_len) - { - // For performance reasons, we allocate at least min_len. - if ( len < min_len ) - { - data = new u_char[min_len]; - size = min_len; - } - else - { - data = new u_char[len]; - this->size = len; - } - - memcpy(data, arg_data, len); - this->len = len; - next = 0; - } - -/*! - * This is an experimental function which will print the contents of the - * internal data block in a human-readable fashion to a stream. - * - * \param stream The stream for printing the data block to. - */ - -void SSL_DataBlock::toStream(FILE* stream) const - { - if ( len <= 0 ) - return; - - int idx; - for ( idx = 0; idx < len-1; ++idx ) - fprintf(stream, "%02X:", data[idx]); - - fprintf(stream, "%02X", data[idx]); - } - -/*! - * This is an experimental function which will print the contents of the - * internal data block in a human-readable fashion to a string. - * - * \return A string which has to be freed by the caller. - */ - -char* SSL_DataBlock::toString() const - { - if ( len <= 0 ) - { - // Currently, we return an empty string if data block is empty. - char* pDummy = new char[1]; - pDummy[0] = '\0'; - return pDummy; - } - - char* pString = new char[len*3]; - char* pItx = pString; - - int idx; - for ( idx = 0; idx < len-1; ++idx ) - { - sprintf(pItx, "%02X:", data[idx]); - pItx += 3; - } - - sprintf(pItx, "%02X", data[idx]); - - return pString; - } - -// --- SSL_RecordBuilder ------------------------------------------------------ - -uint SSL_RecordBuilder::maxAllocCount = 0; -uint SSL_RecordBuilder::maxFragmentCount = 0; -uint SSL_RecordBuilder::fragmentedHeaders = 0; - -/*! - * The constructor takes an Contents_SSL as parameter. Whenever a SSL - * record has been reassembled, the DoDeliver() function of this - * Contents_SSL will be called. - * - * \param sslEndpoint The Contents_SSL to which this instance of - * SSL_RecordBuilder is bound. - */ - -SSL_RecordBuilder::SSL_RecordBuilder(Contents_SSL* arg_sslEndpoint) - { - head = tail = 0; - currentSize = 0; - expectedSize = -1; // -1 means we don't know yet - hasPendingData = false; - fragmentCounter = 0; - neededSize = 5; // we need at least 5 bytes to determine version - - sslEndpoint = arg_sslEndpoint; - } - -/*! - * The destructor frees the chain of SSL_DataBlocks. - */ - -SSL_RecordBuilder::~SSL_RecordBuilder() - { - // Free the data chain. - SSL_DataBlock* idx = head; - SSL_DataBlock* rm; - - while ( idx ) - { - rm = idx; - idx = idx->next; - delete rm; - } - } - -/*! - * This function is the main entry point of the class. Call it with a segment - * of data to process. - * - * \param data pointer to a data segment that will be reassembled - * \param length length of the data segment to be reassembled - * - * \return true if succesfull, false otherwise - */ - -bool SSL_RecordBuilder::addSegment(const u_char* data, int length) - { - while ( length > 0 ) - { - if ( ! head ) - { - // This is the first fragment of a SSLv2 record, - // so we analyze the header. - - // Special case: SSL header has been fragmented. - if ( length < neededSize ) - { - // We can't determine the record size yet, - // so we just add this stuff. - ++fragmentedHeaders; - head = tail = new SSL_DataBlock(data, length, - MIN_ALLOC_SIZE); - currentSize += length; - expectedSize = -1; // special meaning - break; - } - - // Get the expected length of this record. - if ( ! computeExpectedSize(data, length) ) - return false; - - if ( neededSize > expectedSize ) - { - sslEndpoint->Weird("SSL_RecordBuilder::addSegment neededSize > expectedSize"); - return false; - } - - if ( tail != 0 ) - { - sslEndpoint->Parent()->Weird("SSL_RecordBuilder::addSegment tail != 0"); - return false; - } - - if ( length > expectedSize ) - { - // No fragmentation -> no memory-reallocation. - // We have additional data pending. - hasPendingData = true; - sslEndpoint->DoDeliver(expectedSize, data); - length -= expectedSize; - data += expectedSize; - expectedSize = -1; - } - - else if ( length == expectedSize ) - { - // No fragmentation -> no memory-reallocation. - // No additional data pending. - hasPendingData = false; - sslEndpoint->DoDeliver(expectedSize, data); - length -= expectedSize; - data += expectedSize; - expectedSize = -1; - break; - } - else - - { - // First fragment of a record. - head = tail = new SSL_DataBlock(data, length, - MIN_ALLOC_SIZE); - currentSize += length; - break; - } - - continue; - } - - // ! head. - // We already have some data, so add the current - // segment special case. - if ( expectedSize < 0 ) - { - // We don't know the expected size of - // this record yet. - if ( currentSize + length < neededSize ) - { - // We still can't determine the expected size, - // so we just add the current fragment. - addData(data, length); - break; - } - - // Now we can determine the expected size the - // header has been fragmented, so we have to - // reassemble it. - uint8 Header[neededSize]; - memcpy(Header, head->data, head->len); - memcpy(Header + head->len, data, neededSize - head->len); - if ( ! computeExpectedSize(Header, neededSize) ) - { - // Since neededSize <= MIN_ALLOC_SIZE, - // we free only head. - delete head; - head = tail = 0; - return false; - } - - if ( neededSize > expectedSize ) - { - sslEndpoint->Parent()->Weird("SSL_RecordBuilder::addSegment neededSize > expectedSize"); - return false; - } - - // No break, go on with this packet. - } - - if ( currentSize + length == expectedSize ) - { // this is exactly the last segment of the record - hasPendingData = false; - - // Create a continuous data structure and call - // DoDeliver(). - u_char* pBlock = assembleBlocks(data, length); - sslEndpoint->DoDeliver(expectedSize, pBlock); - delete [] pBlock; - expectedSize = -1; - break; - } - - else if ( currentSize + length < expectedSize ) - { // another (middle) segment - if ( length <= MIN_FRAGMENT_SIZE ) - sslEndpoint->Parent()->Weird("SSLProxy: Excessive small TCP Segment!"); - addData(data, length); - break; - } - - else - { - // This is the last fragment of the current record, - // but there's more data in this segment. - int deltaSize = expectedSize - currentSize; - hasPendingData = true; - - // Create a continuous data structure and call - // DoDeliver(). - u_char* pBlock = assembleBlocks(data, deltaSize); - sslEndpoint->DoDeliver(expectedSize, pBlock); - delete [] pBlock; - expectedSize = -1; - - // Process the rest. - length -= deltaSize; - data += deltaSize; - } - } // while - - return true; - } - -/*! - * This function is called internally by addSegment(), and add's a new SSL - * record fragment to the internally used list of SSL_DataBlocks. Note that - * the data will be copied! - * - * \param data pointer to the data that will be added - * \param length length of the data that will be added - */ - -inline void SSL_RecordBuilder::addData(const u_char* data, int length) - { - ++fragmentCounter; - - // Check if there's some space left in the last datablock. - int bytesLeft = tail->size - tail->len; - if ( bytesLeft > 0 ) - { - // There's some space left in the last data block. - if ( bytesLeft >= length ) - { - // We can store all bytes in the last data block. - memcpy(tail->data + tail->len, data, length); - tail->len += length; - currentSize += length; - } - else - { - // We cannot store all bytes in the last data block, - // so we also need to add a new one. - memcpy(tail->data + tail->len, data, bytesLeft); - tail->len = tail->size; - currentSize += length; - - data += bytesLeft; - length -= bytesLeft; - - tail->next = new SSL_DataBlock(data, length, MIN_ALLOC_SIZE); - tail = tail->next; - } - } - - else - { - // Last data block is full. - tail->next = new SSL_DataBlock(data, length, MIN_ALLOC_SIZE); - tail = tail->next; - currentSize += length; - } - } - -/*! - * This function is called internally by addSegment(), whenever a SSL record - * has been fully received. It creates a single data block from the list of - * SSL record fragments while freeing them. - * - * \param data pointer to the last SSL record fragment - * \param length size of the last SSL record fragment - * - * \return pointer to a data block which contains the reassembled SSL record - */ - -u_char* SSL_RecordBuilder::assembleBlocks(const u_char* data, int length) - { - // We don't store the last SSL record fragment in a DataBlock, - // instead we get it directly as parameter. - u_char* dataptr = new u_char[currentSize + length]; - u_char* nextseg = dataptr; - - SSL_DataBlock* idx = head; - SSL_DataBlock* rm; - uint allocCounter = 0; - - while ( idx ) - { - ++allocCounter; - memcpy(nextseg, idx->data, idx->len); - nextseg += idx->len; - rm = idx; - idx = idx->next; - delete rm; - } - - // The last fragment isn't stored in a datablock. - memcpy(nextseg, data, length); - - // The first and last fragments aren't counted. - fragmentCounter += 2; - - // Update statistics. - if ( allocCounter > maxAllocCount ) - maxAllocCount = allocCounter; - - if ( fragmentCounter > maxFragmentCount ) - maxFragmentCount = fragmentCounter; - - fragmentCounter = 0; - currentSize = 0; - head = tail = 0; - - return dataptr; - } - -/*! - * This method is called internally by computeExpectedSize(), when the SSL - * record format has not been determined yet. It tries to do so by using - * heuristics, since there's no definitive way to distinguish SSLv2 vs. SSLv3 - * record headers. - * - * \param data pointer to a data block containing the SSL record to analyze - * \param length length of the SSL record to analyze, has to be >= neededSize! - * - * \return - * - 2 for SSLv2 record format - * - 3 for SSLv3 record format - * - -1 if an error occurred - */ - -int SSL_RecordBuilder::analyzeSSLRecordFormat(const u_char* data, int length) - { - // We have to use heuristics for this one. - - if ( length < neededSize ) - { - sslEndpoint->Parent()->Weird("SSLProxy: analyzeSSLRecordFormat length < neededSize"); - return -1; - } - - bool found_ssl3x = 0; - bool found_ssl2x = 0; - - // SSLv3x-check. - SSL3_1_ContentType ct = SSL3_1_ContentType(uint8(*data)); - switch ( ct ) { - case SSL3_1_TYPE_CHANGE_CIPHER_SPEC: - case SSL3_1_TYPE_ALERT: - case SSL3_1_TYPE_HANDSHAKE: - case SSL3_1_TYPE_APPLICATION_DATA: - { - sslEndpoint->sslVersion = ((data[1]) << 8) | data[2]; - uint16 v = sslEndpoint->sslVersion; - if ( v == uint16(SSLProxy_Analyzer::SSLv30) || - v == uint16(SSLProxy_Analyzer::SSLv31) ) - found_ssl3x = true; - break; - } - } - - // SSLv2 check. - // We look for CLIENT-HELLOs, SERVER-HELLOs and ERRORs. - const u_char* pContents = data; - uint offset = 0; - uint16 size = 0; - if ( (data[0] & 0x80) > 0 ) - { // we have a two-byte record header - offset = 2; - size = (((data[0] & 0x7f) << 8) | data[1]) + 2; - } - else - { // we have a three-byte record header - offset = 3; - size = (((data[0] & 0x3f) << 8) | data[1]) + 3; - } - pContents += offset; - - switch ( SSLv2_MessageTypes(pContents[0]) ) { - case SSLv2_MT_ERROR: - if ( size == SSLv2_ERROR_RECORD_SIZE + offset) - { - found_ssl2x = true; - sslEndpoint->sslVersion = - uint16(SSLProxy_Analyzer::SSLv20); - } - break; - - case SSLv2_MT_CLIENT_HELLO: - { - sslEndpoint->sslVersion = - uint16(pContents[1] << 8) | pContents[2]; - uint16 v = sslEndpoint->sslVersion; - - if ( v == SSLProxy_Analyzer::SSLv20 || - v == SSLProxy_Analyzer::SSLv30 || - v == SSLProxy_Analyzer::SSLv31 ) - found_ssl2x = true; - break; - } - - case SSLv2_MT_SERVER_HELLO: - { - sslEndpoint->sslVersion = - uint16(pContents[3] << 8) | pContents[4]; - uint16 v = sslEndpoint->sslVersion; - - if ( v == SSLProxy_Analyzer::SSLv20 || - v == SSLProxy_Analyzer::SSLv30 || - v == SSLProxy_Analyzer::SSLv31 ) - found_ssl2x = true; - break; - } - - default: - break; - } - - // Consistency checks. - if ( (found_ssl3x || found_ssl2x) == false ) - { - sslEndpoint->Parent()->Weird("SSLProxy: Could not determine SSL version!"); - return -1; - } - - if ( (found_ssl3x && found_ssl2x) == true ) - { - sslEndpoint->Parent()->Weird("SSLProxy: Found ambigous SSL version!"); - return -1; - } - - if ( found_ssl2x ) - return 2; - else - return 3; - } - -/*! - * This method is called internally by addSegment() to determine the expected - * size of a SSL record. - * - * \param data pointer to the SSL record to analyze - * \param length length of the SSL record to analyze - * - * \return true if succesfull, false otherwise - */ - -bool SSL_RecordBuilder::computeExpectedSize(const u_char* data, int length) - { - if ( sslEndpoint->sslRecordVersion < 0 ) - { - // We don't know the ssl record format yet, so we try - // to find out. - sslEndpoint->sslRecordVersion = - analyzeSSLRecordFormat(data, length); - - if ( sslEndpoint->sslRecordVersion != 2 && - sslEndpoint->sslRecordVersion != 3 ) - // We could not determine the ssl record version. - return false; - } - - // Get the expected length of this record. - if ( sslEndpoint->sslRecordVersion == 2 ) - { - if ( (data[0] & 0x80) > 0 ) - // We have a two-byte record header. - expectedSize = (((data[0] & 0x7f) << 8) | data[1]) + 2; - else - // We have a three-byte record header. - expectedSize = (((data[0] & 0x3f) << 8) | data[1]) + 3; - } - - else if ( sslEndpoint->sslRecordVersion == 3 ) - expectedSize = ((data[3] << 8) | data[4]) + 5; - - if ( expectedSize < neededSize ) - { - // This should never happen (otherwise: UNTESTED). - sslEndpoint->Parent()->Weird( "SSLProxy: expectedSize < neededSize in RecordBuilder!" ); - return false; - } - - return true; - } - - -// --- SSL_Connection_Proxy --------------------------------------------------- - -bool SSLProxy_Analyzer::bInited = false; - -SSLProxy_Analyzer::SSLProxy_Analyzer(Connection* conn) -: TCP_ApplicationAnalyzer(AnalyzerTag::SSL, conn) - { - sSLv2Interpreter = new SSLv2_Interpreter(this); - sSLv3xInterpreter = new SSLv3_Interpreter(this); - sSLInterpreter = 0; - bPassThrough = false; - if ( ! bInited ) - { - BuildCipherDict(); - bInited = true; - } - - AddSupportAnalyzer(sslpeo = new Contents_SSL(conn, true)); - AddSupportAnalyzer(sslper = new Contents_SSL(conn, false)); - } - -SSLProxy_Analyzer::~SSLProxy_Analyzer() - { - delete sSLv2Interpreter; - delete sSLv3xInterpreter; - } - -void SSLProxy_Analyzer::Init() - { - TCP_ApplicationAnalyzer::Init(); - - sSLv2Interpreter->Init(); - sSLv3xInterpreter->Init(); - - sSLv2Interpreter->Orig() - ->SetProxyEndpoint(sSLv3xInterpreter->Orig()->GetProxyEndpoint()); - sSLv2Interpreter->Resp() - ->SetProxyEndpoint(sSLv3xInterpreter->Resp()->GetProxyEndpoint()); - } - -void SSLProxy_Analyzer::BuildCipherDict() - { - for ( uint idx = 0; idx < SSL_CipherSpecs_Count; ++idx ) - { - HashKey h(static_cast(SSL_CipherSpecs[idx].identifier)); - SSL_CipherSpecDict.Insert(&h, &SSL_CipherSpecs[idx]); - } - } - -void SSLProxy_Analyzer::NewSSLRecord(Contents_SSL* endp, - int len, const u_char* data) - { - // This is to extract only SSLv2 traffic. - if ( recordSSLv2Traffic ) - { - uint16 sslVersion = 0; - if ( (data[0] & 0x80) > 0 ) - // We have a two-byte record header. - sslVersion = (data[3] << 8) | data[4]; - else - // We have a three-byte record header. - sslVersion = (data[4] << 8) | data[5]; - - if ( ! endp->IsSSLv2Record() || - sslVersion != SSLProxy_Analyzer::SSLv20 ) - { - SetSkip(1); - Conn()->SetRecordPackets(0); - Conn()->SetRecordContents(0); - // FIXME: Could do memory cleanup here. - } - else - // No analysis - only recording. - SetSkip(1); - - return; - } - - if ( bPassThrough ) - { - DoDeliver(len, data, endp->IsOrig()); - return; - } - - if ( ! endp->IsSSLv2Record() ) - { - // It's TLS or SSLv3, so we are done ... - sSLInterpreter = sSLv3xInterpreter; - bPassThrough = true; - // Tell the other record builder we have SSLv3x. - endp->sslRecordVersion = 3; - DoDeliver(len, data, endp->IsOrig()); - } - - else - { // we have a SSLv2 record ... - sSLInterpreter = sSLv2Interpreter; - - // Check whether it's the first or second we've seen ... - if ( sslpeo->VersionRecognized() && - sslper->VersionRecognized() ) - { - // Second record we've seen. - // O.K. Both endpoints recognized the version. - // So this needs to be an SSLv2-Connection ... - bPassThrough = true; - DoDeliver(len, data, endp->IsOrig()); - } - - // First record we see. - // The next one may be SSLv2 or SSLv3x, - // we don't know yet ... - else if ( endp->sslVersion == SSLv20 ) - { - // The client supports only SSLv2, so we're done. - bPassThrough = true; - endp->sslRecordVersion = 2; - endp->sslVersion = SSLv20; - DoDeliver(len, data, endp->IsOrig()); - } - - else - { - bPassThrough = false; - DoDeliver(len, data, endp->IsOrig()); - - // Transfer the state of the SSLv2-Interpreter - // to the state of the SSLv3x-Interpreter ... - if ( ((SSLv2_Interpreter*) sSLInterpreter)->ConnState() == CLIENT_HELLO_SEEN ) - ((SSLv3_Interpreter*) sSLv3xInterpreter)->SetState(SSL3_1_STATE_CLIENT_HELLO_SENT); - } - } - } - -void SSLProxy_Analyzer::DoDeliver(int len, const u_char* data, bool orig) - { - if ( orig ) - sSLInterpreter->Orig()->Deliver(len, data); - else - sSLInterpreter->Resp()->Deliver(len, data); - } - -void SSLProxy_Analyzer::printStats() - { - printf("SSLProxy_Analyzer::totalPackets = %u\n", totalPackets); - printf("SSLProxy_Analyzer::totalRecords = %u\n", totalRecords); - printf("SSLProxy_Analyzer::nonSSLConnections = %u\n", nonSSLConnections); - } - - -void SSLProxy_Analyzer::Weak(const char* name) - { - if ( ssl_conn_weak ) - Event(ssl_conn_weak, name); - } - -// --- Contents_SSL ------------------------------------------------------ - -/*! - * mod Contents_SSL::Contents_SSL( TCP_Endpoint* arg_endpt, int stop_on_gap ) - * : TCP_Contents( arg_conn, stop_on_gap, punt_on_partial ) - */ - -Contents_SSL::Contents_SSL(Connection* conn, bool orig) -: TCP_SupportAnalyzer(AnalyzerTag::Contents_SSL, conn, orig) - { - sslRecordBuilder = new SSL_RecordBuilder(this); - bVersionRecognized = false; - bIsSSLv2Record = false; - - sslRecordVersion = -1; // -1 means we don't know yet - sslVersion = 0; // 0 means we don't know yet - } - -Contents_SSL::~Contents_SSL() - { - delete sslRecordBuilder; - } - -bool Contents_SSL::isDataPending() - { - return sslRecordBuilder->isDataPending(); - } - -void Contents_SSL::DeliverStream(int len, const u_char* data, bool orig) - { - TCP_SupportAnalyzer::DeliverStream(len, data, orig); - - TCP_Analyzer* tcp = static_cast(Parent())->TCP(); - assert(tcp); - - if ( tcp->HadGap(orig) || tcp->IsPartial() ) - return; - - ++SSLProxy_Analyzer::totalPackets; - - TCP_Endpoint* endp = orig ? tcp->Orig() : tcp->Resp(); - -#if 0 - // FIXME: What's this??? - int ack = endp->AckSeq() - endp->StartSeq(); - int top_seq = seq + len; - - if ( top_seq <= ack ) - // There is no new data in this packet. - return; -#endif - - if ( len <= 0 ) - return; - - // No further processing if we have a partial connection. - if ( endp->state == TCP_ENDPOINT_PARTIAL || - endp->peer->state == TCP_ENDPOINT_PARTIAL ) - { - Parent()->SetSkip(1); - Conn()->SetRecordPackets(0); - return; - } - - if ( ! sslRecordBuilder->addSegment(data, len) ) - { - // The RecordBuilder failed to determine the SSL record version, - // so we can't analyze this connection any further. - ++SSLProxy_Analyzer::nonSSLConnections; - Parent()->Weird("SSL: Skipping connection (not an SSL connection?!)!"); - Parent()->SetSkip(1); - Conn()->SetRecordPackets(0); - } - } - -// Called by the RecordBuilder with a complete SSL record. -void Contents_SSL::DoDeliver(int len, const u_char* data) - { - ++SSLProxy_Analyzer::totalRecords; - - bIsSSLv2Record = sslRecordVersion == 2; - bVersionRecognized = true; - - ((SSLProxy_Analyzer*) Parent())->NewSSLRecord(this, len, data); - } - -bool Contents_SSL::IsSSLv2Record() - { - return bIsSSLv2Record; - } - -bool Contents_SSL::VersionRecognized() - { - return bVersionRecognized; - } diff --git a/src/SSLProxy.h b/src/SSLProxy.h deleted file mode 100644 index e2d2567d52..0000000000 --- a/src/SSLProxy.h +++ /dev/null @@ -1,287 +0,0 @@ -// $Id: SSLProxy.h 5952 2008-07-13 19:45:15Z vern $ - -#ifndef SSLPROXY_H -#define SSLPROXY_H - -#include "TCP.h" -#include "SSLInterpreter.h" -#include "binpac_bro.h" - -// --- forward declarations --------------------------------------------------- - -class SSL_Interpreter; -class SSL_RecordBuilder; -class Contents_SSL; - -// --- class SSL_DataBlock ---------------------------------------------------- - -/*! - * \brief This class is used to store a block of data on the heap, which is - * allocated and copied by the constructor, and freed by the destructor. - * - * It is mainly used by the SSL_RecordBuilder to store the received data. To - * reduce heap operations (HeapOps), which can be quite expensive, it is - * possible to let the constructor allocate a minimum heap block size. The - * class members keep track of how much data has been allocated and how much of - * it has been used. Plus, there's a pointer to the next SSL_DataBlock, for - * easy creation of a single-linked list. - */ - -class SSL_DataBlock { -public: - SSL_DataBlock(const u_char* data, int len, int min_len = 0); - - int len; ///< The used size of the reserved heap block. - int size; ///< The allocated size of the reserved heap block. - u_char* data; ///< Pointer to the allocated heap block. - SSL_DataBlock* next; ///< Pointer to the next SSL_Datablock in the chain. - - /*! - * The destructor will free the allocated data block. - */ - ~SSL_DataBlock() { delete [] data; } - - void toStream(FILE* stream) const; - char* toString() const; -}; - -// --- class SSL_RecordBuilder ------------------------------------------------ - -/*! - * \brief This class is used to reassemble SSL records from a stream of data. - * - * It supports both SSLv2 and SSLv3 record formats at the same time. The record - * builder has been designed to be robust, efficient and hard to attack. To add - * a segments of data, call addSegment(). Whenever a SSL record has been - * reassembled, the DoDeliver() function of the corresponding Contents_SSL - * will be called. - * - * Two forms of attack have been taken into consideration: - * -# The "fake size" attack, where the actual size of the SSL record is much - * smaller then the size given in the record header. This way, an attacker - * could force Bro to allocate a huge amount of memory and make it crash. - * -# The "small fragment" attack, where an attacker sends huge SSL records - * in very small (1 byte or so) TCP segments. This could lead to a huge - * amount of very small memory blocks allocated by Bro. After the last byte - * of an SSL record has been received, all allocated blocks have to be - * freed. Freeing something like 32K blocks of memory can be quite expensive, - * so packet drops may occur, which could prevent Bro from detecting an - * attacker. - * - * The current implementation always allocates a minimum size of data on the - * heap, which is MIN_ALLOC_SIZE. The processed SSL record fragments are stored - * in a single-linked list of type SSL_DataBlock. - * - * The following assumptions are made: - * - neededSize <= min( expectedSize ) - * - neededSize <= MIN_ALLOC_SIZE, so the data needed to determine the SSL - * record version fits in one SSL_DataBlock - */ - -class SSL_RecordBuilder { -public: - SSL_RecordBuilder(Contents_SSL* sslEndpoint); - ~SSL_RecordBuilder(); - - static const uint MIN_ALLOC_SIZE = 16; ///< min. size of memory to alloc - static const int MIN_FRAGMENT_SIZE = 100; ///< min. size of a middle TCP Segment - static uint maxAllocCount; ///< max. number of allocated data blocks for an instance of a reassembler - static uint maxFragmentCount; ///< max. number of fragments for a ssl record - static uint fragmentedHeaders; ///< counter for the number of fragmented headers (header=neededSize) - - bool addSegment(const u_char* data, int length); - - /*! - * Calls this method to see if there's currently data in the - * record builder pending. - * \return true if there's data pending, false otherwise - */ - bool isDataPending() { return hasPendingData; }; - -protected: - u_char* assembleBlocks(const u_char* data, int length); - int analyzeSSLRecordFormat(const u_char* data, int length); - bool computeExpectedSize (const u_char* data, int length); - void addData(const u_char* data, int length); - - SSL_DataBlock* head; ///< pointer to the first element in the linked list of SSL_DataBlocks - SSL_DataBlock* tail; ///< pointer to the last element in the linked list of SSL_DataBlocks - Contents_SSL* sslEndpoint; ///< pointer to the containing Contents_SSL - int expectedSize; ///< expected size of SSLv2 record including header - int currentSize; ///< current bytes stored in data blocks (that is, processed size of actual record) - int neededSize; ///< min. size in bytes so that the length of the current record can be determinded - bool hasPendingData; ///< true if there's data following in the current tcp segment - uint fragmentCounter; ///< counter for the number of tcp segments for the current record -}; - - -// --- class SSLProxy_Analyzer ---------------------------------------------- - -/** This class represents an SSL_Connection with two SSL_ConnectionEndpoints. - * Note, that this class acts as a proxy, because there are different versions - * of the SSL protocol in use and you don't know in advance which SSL version - * really will be used. This depends on the first two messages of the SSL handshake - * process. Because Bro offers no possibility for switching connections we - * decided only to inherit this proxy from TCP_Connection. - * The different SSL versions are implemented in classed derived from - * SSL_Interpreter/SSL_InterpreterEndpoint and so, we can easily switch the flow - * of data to the appropriate SSL Interpreter. - * Currently, we support SSL Version 2.0 and 3.0/3.1(TLS)(@see SSLv2_Interpreter and @see - * SSLv3_Interpreter). - * This class holds an instance of both SSLv2- and SSLv3_Interpreter. The version - * of the SSL that is used for a connection is negotiated within the first - * two records (SSL messages): client hello and server hello. - * So after scanning this two records (which is mainly done in @see SSL_RecordBuilder and - * @see Contents_SSL) and determing the versions, it is clear which - * SSL version will be used for the succeding SSL records. From now - * on, they can be directly passed through to the appropriate SSL_Interpreter. - * - * FIXME: Now we have a dynamic analyzer framework so this could be restructured. - */ -class SSLProxy_Analyzer: public TCP_ApplicationAnalyzer { -public: - SSLProxy_Analyzer(Connection* conn); - virtual ~SSLProxy_Analyzer(); - - static uint totalPackets; ///< counter for total ssl packets seen - static uint totalRecords; ///< counter for total ssl records seen - static uint nonSSLConnections; ///< counter for connections where we couldn't reassemble a ssl record - - static const bool recordSSLv2Traffic = false; ///< if true, only recording of SSLv2 connections is done (no analysis) - - static bool bInited; - - enum SSL_Versions { - SSLv20 = 0x0002, - SSLv30 = 0x0300, - SSLv31 = 0x0301 // = TLS 1.0 - }; - - /* This method is called from the corresponding Contents_SSL to - * deliver the data to the SSL_ProxyConnection. It decides which - * SSL_Interpreter (Version 2 or Version 3x) gets the record or - * directly passes it through, if it's already clear which version - * this SSL connection uses. - * @param endp the sending endpoint - * @param len length of SSL record - * @param data the SSL record - * - * SC mod - pass a TCP_Contents rather than endpoint in terms of an actual - * Contents_SSL. There is much less overall work to do since we - * have already done the assosciation. - */ - void NewSSLRecord(Contents_SSL* endp, int len, const u_char* data); - - // Initialises the SSLv2- and SSLv3_Interpreters. - virtual void Init(); - - // This method is used for passing messages to Bro that contain - // information about weaknesses in the choosen SSL encryption - // (short keys, unverifyable certificates, ...) - // @param name the name of the weakness. - void Weak(const char* name); - - static Analyzer* InstantiateAnalyzer(Connection* conn) - { return new SSLProxy_Analyzer(conn); } - - static bool Available() - { - return (ssl_certificate_seen || ssl_certificate || - ssl_conn_attempt || ssl_conn_server_reply || - ssl_conn_established || ssl_conn_reused || - ssl_conn_alert) - && ! FLAGS_use_binpac; - } - - static void printStats(); - -protected: - bool bPassThrough; ///< whether it is clear which SSL version the connection will use - - SSL_Interpreter* sSLv2Interpreter; ///< Interpreter for SSL version 2 - SSL_Interpreter* sSLv3xInterpreter; ///< Interpreter for SSL version 3.0 and 3.1 - SSL_Interpreter* sSLInterpreter; ///< Pointer to the interpreter currently in use - - Contents_SSL* sslpeo; - Contents_SSL* sslper; - - /** Internally called from this class Deliver()-method. - * It delivers the data to the correct corresponding - * SSL_InterpreterEndpoint. - * @param endp the sending endpoint - * @param t time, when the segment was received by bro (not used) - * @param seq relative sequenze number (from Endpoint::start_seq) (not used) - * @param len length of SSL record - * @param data the SSL record - */ - void DoDeliver(int len, const u_char* data, bool orig); - - // Initialises the dictionary where the SSL cipher specs are stored. - // It needs only to be called once for a whole bro. @see SSLDefines.h - void BuildCipherDict(); -}; - -// --- class Contents_SSL ------------------------------------------------ - -/** This class represents an endpoint of a SSLProxy_Analyzer. - * It receives the new data (TCP segments) within the Deliver()-method, does - * some basic checks on the segment and passes it on to the SSL_RecordBuilder, - * which reassembles the segments into SSL records and determines the - * versions of the records. If the SSL_RecordBuilder was able to determine - * the versions of the records it delivers the reassembled records back tho this - * Contents_SSL by calling the DoDeliver()-method. - * The Contents_SSL then hands the record over to the corresponding - * SSLProxy_Analyzer by invoking it's NewSSLRecord()-method. - * - * SC mod: change class Contents_SSL: public TCP_EndpointContents - * to class Contents_SSL: public TCP_Contents - * this is done since the class uses the Deliver() method to take care of data. - * - */ -class Contents_SSL: public TCP_SupportAnalyzer { -public: - /* The constructor builds up and initialises the Contents_SSL. - * @param conn the corresponding Connection - * @param whether this is the originator - */ - Contents_SSL(Connection* conn, bool orig); - ~Contents_SSL(); - - int sslRecordVersion; ///< record version of the first SSL record seen (set by SSLProxy_Analyzer and SSL_RecordBuilder) - uint16 sslVersion; ///< SSL version of the SSL record seen (set by SSL_RecordBuilder) - - /** Via this method, this Contents_SSL receives the - * TCP segments. - * @param len length of TCP-Segment - * @param data content of TCP-Segment - * @param orig whether sending endpoint is originator - */ - virtual void DeliverStream(int len, const u_char* data, bool orig); - - /** This method is called by the corresponding SSL_RecordBuilder - * upon delivering a new reassembled SSL record. - * @param len the length of the record - * @param data the record - */ - void DoDeliver(int len, const u_char* data); - - /* @return whether we have already seen the first record of the connection of this endpoint yet - */ - bool VersionRecognized(); - - /* @return whether the first record was of SSL version 2.0 - */ - bool IsSSLv2Record(); - - /* @return whether the corresponding SSL_RecordBuilder has pending data - */ - bool isDataPending(); // should be inline - - SSL_RecordBuilder* sslRecordBuilder; - -protected: - bool bVersionRecognized; ///< False, if we haven't seen the first record of the connection of this endpoint yet - bool bIsSSLv2Record; ///< Was the first record of SSL version 2.0 -}; - -#endif diff --git a/src/SSLv2.cc b/src/SSLv2.cc deleted file mode 100644 index 0252e4cb15..0000000000 --- a/src/SSLv2.cc +++ /dev/null @@ -1,946 +0,0 @@ -// $Id: SSLv2.cc 5988 2008-07-19 07:02:12Z vern $ - -#include "SSLv2.h" -#include "SSLv3.h" - -// --- Initalization of static variables -------------------------------------- - -uint SSLv2_Interpreter::totalConnections = 0; -uint SSLv2_Interpreter::analyzedConnections = 0; -uint SSLv2_Interpreter::openedConnections = 0; -uint SSLv2_Interpreter::failedConnections = 0; -uint SSLv2_Interpreter::weirdConnections = 0; -uint SSLv2_Interpreter::totalRecords = 0; -uint SSLv2_Interpreter::clientHelloRecords = 0; -uint SSLv2_Interpreter::serverHelloRecords = 0; -uint SSLv2_Interpreter::clientMasterKeyRecords = 0; -uint SSLv2_Interpreter::errorRecords = 0; - - -// --- SSLv2_Interpreter ------------------------------------------------------- - -/*! - * The Constructor. - * - * \param proxy Pointer to the SSLProxy_Analyzer who created this instance. - */ -SSLv2_Interpreter::SSLv2_Interpreter(SSLProxy_Analyzer* proxy) -: SSL_Interpreter(proxy) - { - ++totalConnections; - records = 0; - bAnalyzedCounted = false; - connState = START; - - pServerCipherSpecs = 0; - pClientCipherSpecs = 0; - bClientWantsCachedSession = false; - usedCipherSpec = (SSLv2_CipherSpec) 0; - - pConnectionId = 0; - pChallenge = 0; - pSessionId = 0; - pMasterClearKey = 0; - pMasterEncryptedKey = 0; - pClientReadKey = 0; - pServerReadKey = 0; - } - -/*! - * The Destructor. - */ -SSLv2_Interpreter::~SSLv2_Interpreter() - { - if ( connState != CLIENT_MASTERKEY_SEEN && - connState != CACHED_SESSION && - connState != START && // we only complain if we saw some data - connState != ERROR_SEEN ) - ++failedConnections; - - if ( connState != CLIENT_MASTERKEY_SEEN && connState != CACHED_SESSION ) - ++weirdConnections; - - delete pServerCipherSpecs; - delete pClientCipherSpecs; - delete pConnectionId; - delete pChallenge; - delete pSessionId; - delete pMasterClearKey; - delete pMasterEncryptedKey; - delete pClientReadKey; - delete pServerReadKey; - } - -/*! - * This method implements SSL_Interpreter::BuildInterpreterEndpoints() - */ -void SSLv2_Interpreter::BuildInterpreterEndpoints() - { - orig = new SSLv2_Endpoint(this, 1); - resp = new SSLv2_Endpoint(this, 0); - } - -/*! - * This method prints some counters. - */ -void SSLv2_Interpreter::printStats() - { - printf("SSLv2:\n"); - printf("totalConnections = %u\n", totalConnections); - printf("analyzedConnections = %u\n", analyzedConnections); - printf("openedConnections = %u\n", openedConnections); - printf("failedConnections = %u\n", failedConnections); - printf("weirdConnections = %u\n", weirdConnections); - - printf("totalRecords = %u\n", totalRecords); - printf("clientHelloRecords = %u\n", clientHelloRecords); - printf("serverHelloRecords = %u\n", serverHelloRecords); - printf("clientMasterKeyRecords = %u\n", clientMasterKeyRecords); - printf("errorRecords = %u\n", errorRecords); - - printf("SSL_RecordBuilder::maxAllocCount = %u\n", SSL_RecordBuilder::maxAllocCount); - printf("SSL_RecordBuilder::maxFragmentCount = %u\n", SSL_RecordBuilder::maxFragmentCount); - printf("SSL_RecordBuilder::fragmentedHeaders = %u\n", SSL_RecordBuilder::fragmentedHeaders); - } - -/*! - * \return the current state of the ssl connection - */ -SSLv2_States SSLv2_Interpreter::ConnState() - { - return connState; - } - -/*! - * This method is called by SSLv2_Endpoint::Deliver(). It is the main entry - * point of this class. The header of the given SSLV2 record is analyzed and - * its contents are then passed to the corresponding analyzer method. After - * the record has been analyzed, the ssl connection state is updated. - * - * \param s Pointer to the endpoint which sent the record - * \param length length of SSLv2 record - * \param data pointer to SSLv2 record to analyze - */ -void SSLv2_Interpreter::NewSSLRecord(SSL_InterpreterEndpoint* s, - int length, const u_char* data) - { - ++records; - ++totalRecords; - - if ( ! bAnalyzedCounted ) - { - ++analyzedConnections; - bAnalyzedCounted = true; - } - - // We should see a maximum of 4 cleartext records. - if ( records == 5 ) - { // so this should never happen - Weird("SSLv2: Saw more than 4 records, skipping connection..."); - proxy->SetSkip(1); - return; - } - - // SSLv2 record header analysis - uint32 recordLength = 0; // data length of SSLv2 record - bool isEscape = false; - uint8 padding = 0; - const u_char* contents; - - if ( (data[0] & 0x80) > 0 ) - { // we have a two-byte record header - recordLength = ((data[0] & 0x7f) << 8) | data[1]; - contents = data + 2; - if ( recordLength + 2 != uint32(length) ) - { - // This should never happen, otherwise - // we have a bug in the SSL_RecordBuilder. - Weird("SSLv2: FATAL: recordLength doesn't match data block length!"); - connState = ERROR_REQUIRED; - proxy->SetSkip(1); - return; - } - } - else - { // We have a three-byte record header. - recordLength = ((data[0] & 0x3f) << 8) | data[1]; - isEscape = (data[0] & 0x40) != 0; - padding = data[2]; - contents = data + 3; - if ( recordLength + 3 != uint32(length) ) - { - // This should never happen, otherwise - // we have a bug in the SSL_RecordBuilder. - Weird("SSLv2: FATAL: recordLength doesn't match data block length!"); - connState = ERROR_REQUIRED; - proxy->SetSkip(1); - return; - } - - if ( padding == 0 && ! isEscape ) - Weird("SSLv2: 3 Byte record header, but no escape, no padding!"); - } - - if ( recordLength == 0 ) - { - Weird("SSLv2: Record length is zero (no record data)!"); - return; - } - - if ( isEscape ) - Weird("SSLv2: Record has escape bit set (security escape)!"); - - if ( padding > 0 && connState != CACHED_SESSION && - connState != CLIENT_MASTERKEY_SEEN ) - Weird("SSLv2 record with padding > 0 in cleartext!"); - - // MISSING: - // A final consistency check is done when a block cipher is used - // and the protocol is using encryption. The amount of data present - // in a record (RECORD-LENGTH))must be a multiple of the cipher's - // block size. If the received record is not a multiple of the - // cipher's block size then the record is considered damaged, and it - // is to be treated as if an "I/O Error" had occurred (i.e. an - // unrecoverable error is asserted and the connection is closed). - - switch ( connState ) { - case START: - // Only CLIENT-HELLLOs allowed here. - if ( contents[0] != SSLv2_MT_CLIENT_HELLO ) - { - Weird("SSLv2: First packet is not a CLIENT-HELLO!"); - analyzeRecord(s, recordLength, contents); - connState = ERROR_REQUIRED; - } - else - connState = ClientHelloRecord(s, recordLength, contents); - break; - - case CLIENT_HELLO_SEEN: - // Only SERVER-HELLOs or ERRORs allowed here. - if ( contents[0] == SSLv2_MT_SERVER_HELLO ) - connState = ServerHelloRecord(s, recordLength, contents); - else if ( contents[0] == SSLv2_MT_ERROR ) - connState = ErrorRecord(s, recordLength, contents); - else - { - Weird("SSLv2: State violation in CLIENT_HELLO_SEEN!"); - analyzeRecord(s, recordLength, contents); - connState = ERROR_REQUIRED; - } - break; - - case NEW_SESSION: - // We expect a client master key. - if ( contents[0] == SSLv2_MT_CLIENT_MASTER_KEY ) - connState = ClientMasterKeyRecord(s, recordLength, contents); - else if ( contents[0] == SSLv2_MT_ERROR ) - connState = ErrorRecord(s, recordLength, contents); - else - { - Weird("SSLv2: State violation in NEW_SESSION or encrypted record!"); - analyzeRecord(s, recordLength, contents); - connState = ERROR_REQUIRED; - } - - delete pServerCipherSpecs; - pServerCipherSpecs = 0; - break; - - case CACHED_SESSION: - delete pServerCipherSpecs; - pServerCipherSpecs = 0; - // No break here. - - case CLIENT_MASTERKEY_SEEN: - // If no error record, no further analysis. - if ( contents[0] == SSLv2_MT_ERROR && - recordLength == SSLv2_ERROR_RECORD_SIZE ) - connState = ErrorRecord(s, recordLength, contents); - else - { - // So we finished the cleartext handshake. - // Skip all further data. - - proxy->SetSkip(1); - ++openedConnections; - } - break; - - case ERROR_REQUIRED: - if ( contents[0] == SSLv2_MT_ERROR ) - connState = ErrorRecord(s, recordLength, contents); - else - { - // We lost tracking: this should not happen. - Weird("SSLv2: State inconsistency in ERROR_REQUIRED (lost tracking!)!"); - analyzeRecord(s, recordLength, contents); - connState = ERROR_REQUIRED; - } - break; - - case ERROR_SEEN: - // We don't have recoverable errors in cleartext phase, - // so we shouldn't see anymore packets. - Weird("SSLv2: Traffic after error record!"); - analyzeRecord(s, recordLength, contents); - break; - - default: - internal_error("SSLv2: unknown state"); - break; - } - } - -/*! - * This method is called whenever the connection tracking failed. It calls - * the corresponding analyzer method for the given SSLv2 record, but does not - * update the ssl connection state. - * - * \param s Pointer to the endpoint which sent the record - * \param length length of SSLv2 record - * \param data pointer to SSLv2 record to analyze - */ -void SSLv2_Interpreter::analyzeRecord(SSL_InterpreterEndpoint* s, - int length, const u_char* data) - { - switch ( data[0] ) { - case SSLv2_MT_ERROR: - ErrorRecord(s, length, data); - break; - - case SSLv2_MT_CLIENT_HELLO: - ClientHelloRecord(s, length, data); - break; - - case SSLv2_MT_CLIENT_MASTER_KEY: - ClientMasterKeyRecord(s, length, data); - break; - - case SSLv2_MT_SERVER_HELLO: - ServerHelloRecord(s, length, data); - break; - - case SSLv2_MT_CLIENT_FINISHED: - case SSLv2_MT_SERVER_VERIFY: - case SSLv2_MT_SERVER_FINISHED: - case SSLv2_MT_REQUEST_CERTIFICATE: - case SSLv2_MT_CLIENT_CERTIFICATE: - Weird("SSLv2: Encrypted record type seems to be in cleartext"); - break; - - default: - // Unknown record type. - Weird("SSLv2: Unknown record type or encrypted record"); - break; - } - } - -/*! - * This method analyses a SSLv2 CLIENT-HELLO record. - * - * \param s Pointer to the endpoint which sent the record - * \param length length of SSLv2 CLIENT-HELLO record - * \param data pointer to SSLv2 CLIENT-HELLO record to analyze - * - * \return the updated state of the current ssl connection - */ -SSLv2_States SSLv2_Interpreter::ClientHelloRecord(SSL_InterpreterEndpoint* s, - int recordLength, const u_char* recordData) - { - // This method gets the record's data (without the header). - ++clientHelloRecords; - - if ( s != orig ) - Weird("SSLv2: CLIENT-HELLO record from server!"); - - // There should not be any pending data in the SSLv2 reassembler, - // because the client should wait for a server response. - if ( ((SSLv2_Endpoint*) s)->isDataPending() ) - Weird("SSLv2: Pending data in SSL_RecordBuilder after CLIENT-HELLO!"); - - // Client hello minimum header size check. - if ( recordLength < SSLv2_CLIENT_HELLO_HEADER_SIZE ) - { - Weird("SSLv2: CLIENT-HELLO is too small!"); - return ERROR_REQUIRED; - } - - // Extract the data of the client hello header. - SSLv2_ClientHelloHeader ch; - ch.clientVersion = uint16(recordData[1] << 8) | recordData[2]; - ch.cipherSpecLength = uint16(recordData[3] << 8) | recordData[4]; - ch.sessionIdLength = uint16(recordData[5] << 8) | recordData[6]; - ch.challengeLength = uint16(recordData[7] << 8) | recordData[8]; - - if ( ch.clientVersion != SSLProxy_Analyzer::SSLv20 && - ch.clientVersion != SSLProxy_Analyzer::SSLv30 && - ch.clientVersion != SSLProxy_Analyzer::SSLv31 ) - { - Weird("SSLv2: Unsupported SSL-Version in CLIENT-HELLO"); - return ERROR_REQUIRED; - } - - if ( ch.challengeLength + ch.cipherSpecLength + ch.sessionIdLength + - SSLv2_CLIENT_HELLO_HEADER_SIZE != recordLength ) - { - Weird("SSLv2: Size inconsistency in CLIENT-HELLO"); - return ERROR_REQUIRED; - } - - // The CIPHER-SPECS-LENGTH must be > 0 and a multiple of 3. - if ( ch.cipherSpecLength == 0 || ch.cipherSpecLength % 3 != 0 ) - { - Weird("SSLv2: Nonconform CIPHER-SPECS-LENGTH in CLIENT-HELLO."); - return ERROR_REQUIRED; - } - - // The SESSION-ID-LENGTH must either be zero or 16. - if ( ch.sessionIdLength != 0 && ch.sessionIdLength != 16 ) - Weird("SSLv2: Nonconform SESSION-ID-LENGTH in CLIENT-HELLO."); - - if ( (ch.challengeLength < 16) || (ch.challengeLength > 32)) - Weird("SSLv2: Nonconform CHALLENGE-LENGTH in CLIENT-HELLO."); - - const u_char* ptr = recordData; - ptr += SSLv2_CLIENT_HELLO_HEADER_SIZE + ch.cipherSpecLength; - - pSessionId = new SSL_DataBlock(ptr, ch.sessionIdLength); - - // If decrypting, store the challenge. - if ( ssl_store_key_material && ch.challengeLength <= 32 ) - pChallenge = new SSL_DataBlock(ptr, ch.challengeLength); - - bClientWantsCachedSession = ch.sessionIdLength != 0; - - TableVal* currentCipherSuites = - analyzeCiphers(s, ch.cipherSpecLength, - recordData + SSLv2_CLIENT_HELLO_HEADER_SIZE); - - fire_ssl_conn_attempt(ch.clientVersion, currentCipherSuites); - - return CLIENT_HELLO_SEEN; - } - -/*! - * This method analyses a SSLv2 SERVER-HELLO record. - * - * \param s Pointer to the endpoint which sent the record - * \param length length of SSLv2 SERVER-HELLO record - * \param data pointer to SSLv2 SERVER-HELLO record to analyze - * - * \return the updated state of the current ssl connection - */ -SSLv2_States SSLv2_Interpreter::ServerHelloRecord(SSL_InterpreterEndpoint* s, - int recordLength, const u_char* recordData) - { - ++serverHelloRecords; - TableVal* currentCipherSuites = NULL; - - if ( s != resp ) - Weird("SSLv2: SERVER-HELLO from client!"); - - if ( recordLength < SSLv2_SERVER_HELLO_HEADER_SIZE ) - { - Weird("SSLv2: SERVER-HELLO is too small!"); - return ERROR_REQUIRED; - } - - // Extract the data of the client hello header. - SSLv2_ServerHelloHeader sh; - sh.sessionIdHit = recordData[1]; - sh.certificateType = recordData[2]; - sh.serverVersion = uint16(recordData[3] << 8) | recordData[4]; - sh.certificateLength = uint16(recordData[5] << 8) | recordData[6]; - sh.cipherSpecLength = uint16(recordData[7] << 8) | recordData[8]; - sh.connectionIdLength = uint16(recordData[9] << 8) | recordData[10]; - - if ( sh.serverVersion != SSLProxy_Analyzer::SSLv20 ) - { - Weird("SSLv2: Unsupported SSL-Version in SERVER-HELLO"); - return ERROR_REQUIRED; - } - - if ( sh.certificateLength + sh.cipherSpecLength + - sh.connectionIdLength + - SSLv2_SERVER_HELLO_HEADER_SIZE != recordLength ) - { - Weird("SSLv2: Size inconsistency in SERVER-HELLO"); - return ERROR_REQUIRED; - } - - // The length of the CONNECTION-ID must be between 16 and 32 bytes. - if ( sh.connectionIdLength < 16 || sh.connectionIdLength > 32 ) - Weird("SSLv2: Nonconform CONNECTION-ID-LENGTH in SERVER-HELLO"); - - // If decrypting, store the connection ID. - if ( ssl_store_key_material && sh.connectionIdLength <= 32 ) - { - const u_char* ptr = recordData; - - ptr += SSLv2_SERVER_HELLO_HEADER_SIZE + sh.cipherSpecLength + - sh.certificateLength; - - pConnectionId = new SSL_DataBlock(ptr, sh.connectionIdLength); - } - - if ( sh.sessionIdHit == 0 ) - { - // Generating reusing-connection event. - EventHandlerPtr event = ssl_session_insertion; - - if ( event ) - { - TableVal* sessionIDTable = - MakeSessionID( - recordData + - SSLv2_SERVER_HELLO_HEADER_SIZE + - sh.certificateLength + - sh.cipherSpecLength, - sh.connectionIdLength); - - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(sessionIDTable); - - proxy->ConnectionEvent(ssl_session_insertion, vl); - } - } - - SSLv2_States nextState; - - if ( sh.sessionIdHit != 0 ) - { // we're using a cached session - - // There should not be any pending data in the SSLv2 - // reassembler, because the server should wait for a - // client response. - if ( ((SSLv2_Endpoint*) s)->isDataPending() ) - { - // But turns out some SSL Implementations do this - // when using a cached session. - } - - // Consistency check for SESSION-ID-HIT. - if ( ! bClientWantsCachedSession ) - Weird("SSLv2: SESSION-ID hit in SERVER-HELLO, but no SESSION-ID in CLIENT-HELLO!"); - - // If the SESSION-ID-HIT flag is non-zero then the - // CERTIFICATE-TYPE, CERTIFICATE-LENGTH and - // CIPHER-SPECS-LENGTH fields will be zero. - if ( sh.certificateType != 0 || sh.certificateLength != 0 || - sh.cipherSpecLength != 0 ) - Weird("SSLv2: SESSION-ID-HIT, but session data in SERVER-HELLO"); - - // Generate reusing-connection event. - if ( pSessionId ) - { - fire_ssl_conn_reused(pSessionId); - delete pSessionId; - pSessionId = 0; - } - - nextState = CACHED_SESSION; - } - else - { // we're starting a new session - - // There should not be any pending data in the SSLv2 - // reassembler, because the server should wait for - // a client response. - if ( ((SSLv2_Endpoint*) s)->isDataPending() ) - Weird("SSLv2: Pending data in SSL_RecordBuilder after SERVER-HELLO (new session)!"); - - // TODO: check certificate length ??? - if ( sh.certificateLength == 0 ) - Weird("SSLv2: No certificate in SERVER-HELLO!"); - - // The CIPHER-SPECS-LENGTH must be > zero and a multiple of 3. - if ( sh.cipherSpecLength == 0 ) - Weird("SSLv2: No CIPHER-SPECS in SERVER-HELLO!"); - - if ( sh.cipherSpecLength % 3 != 0 ) - { - Weird("SSLv2: Nonconform CIPHER-SPECS-LENGTH in SERVER-HELLO"); - return ERROR_REQUIRED; - } - - const u_char* ptr = recordData; - ptr += sh.certificateLength + SSLv2_SERVER_HELLO_HEADER_SIZE; - currentCipherSuites = analyzeCiphers(s, sh.cipherSpecLength, ptr); - - nextState = NEW_SESSION; - } - - // Check if at least one cipher is supported by the client. - if ( pClientCipherSpecs && pServerCipherSpecs ) - { - bool bFound = false; - for ( int i = 0; i < pClientCipherSpecs->len; i += 3 ) - { - for ( int j = 0; j < pServerCipherSpecs->len; j += 3 ) - { - if ( memcmp(pClientCipherSpecs + i, - pServerCipherSpecs + j, 3) == 0 ) - { - bFound = true; - i = pClientCipherSpecs->len; - break; - } - } - } - - if ( ! bFound ) - { - Weird("SSLv2: Client's and server's CIPHER-SPECS don't match!"); - nextState = ERROR_REQUIRED; - } - - delete pClientCipherSpecs; - pClientCipherSpecs = 0; - } - - // Certificate analysis. - if ( sh.certificateLength > 0 && ssl_analyze_certificates != 0 ) - { - analyzeCertificate(s, recordData + SSLv2_SERVER_HELLO_HEADER_SIZE, - sh.certificateLength, sh.certificateType, false); - } - - if ( nextState == NEW_SESSION ) - // generate server-reply event - fire_ssl_conn_server_reply(sh.serverVersion, currentCipherSuites); - - else if ( nextState == CACHED_SESSION ) - { // generate server-reply event - fire_ssl_conn_server_reply(sh.serverVersion, currentCipherSuites); - // Generate a connection-established event with a dummy - // cipher suite, since we can't remember session information - // (yet). - // Note: A new session identifier is sent encrypted in SSLv2! - fire_ssl_conn_established(sh.serverVersion, 0xABCD); - } - else - // Unref, since the table is not delivered to any event. - Unref(currentCipherSuites); - - return nextState; - } - -/*! - * This method analyses a SSLv2 CLIENT-MASTER-KEY record. - * - * \param s Pointer to the endpoint which sent the record - * \param length length of SSLv2 CLIENT-MASTER-KEY record - * \param data pointer to SSLv2 CLIENT-MASTER-KEY record to analyze - * - * \return the updated state of the current ssl connection - */ -SSLv2_States SSLv2_Interpreter:: - ClientMasterKeyRecord(SSL_InterpreterEndpoint* s, int recordLength, - const u_char* recordData) - { - ++clientMasterKeyRecords; - SSLv2_States nextState = CLIENT_MASTERKEY_SEEN; - - if ( s != orig ) - Weird("SSLv2: CLIENT-MASTER-KEY from server!"); - - if ( recordLength < SSLv2_CLIENT_MASTER_KEY_HEADER_SIZE ) - { - Weird("SSLv2: CLIENT-MASTER-KEY is too small!"); - return ERROR_REQUIRED; - } - - // Extract the data of the client master key header. - SSLv2_ClientMasterKeyHeader cmk; - cmk.cipherKind = - ((recordData[1] << 16) | recordData[2] << 8) | recordData[3]; - cmk.clearKeyLength = uint16(recordData[4] << 8) | recordData[5]; - cmk.encryptedKeyLength = uint16(recordData[6] << 8) | recordData[7]; - cmk.keyArgLength = uint16(recordData[8] << 8) | recordData[9]; - - if ( cmk.clearKeyLength + cmk.encryptedKeyLength + cmk.keyArgLength + - SSLv2_CLIENT_MASTER_KEY_HEADER_SIZE != recordLength ) - { - Weird("SSLv2: Size inconsistency in CLIENT-MASTER-KEY"); - return ERROR_REQUIRED; - } - - // Check if cipher is supported by the server. - if ( pServerCipherSpecs ) - { - bool bFound = false; - for ( int i = 0; i < pServerCipherSpecs->len; i += 3 ) - { - uint32 cipherSpec = - ((pServerCipherSpecs->data[i] << 16) | - pServerCipherSpecs->data[i+1] << 8) | - pServerCipherSpecs->data[i+2]; - - if ( cmk.cipherKind == cipherSpec ) - { - bFound = true; - break; - } - } - - if ( ! bFound ) - { - Weird("SSLv2: Client chooses unadvertised cipher in CLIENT-MASTER-KEY!"); - nextState = ERROR_REQUIRED; - } - else - nextState = CLIENT_MASTERKEY_SEEN; - - delete pServerCipherSpecs; - pServerCipherSpecs = 0; - } - - // TODO: check if cipher has been advertised before. - - SSL_CipherSpec* pCipherSpecTemp = 0; - - HashKey h(static_cast(cmk.cipherKind)); - pCipherSpecTemp = (SSL_CipherSpec*) SSL_CipherSpecDict.Lookup(&h); - if ( ! pCipherSpecTemp || ! (pCipherSpecTemp->flags & SSL_FLAG_SSLv20) ) - Weird("SSLv2: Unknown CIPHER-SPEC in CLIENT-MASTER-KEY!"); - else - { // check for conistency of clearKeyLength - if ( cmk.clearKeyLength * 8 != pCipherSpecTemp->clearKeySize ) - { - Weird("SSLv2: Inconsistency of clearKeyLength in CLIENT-MASTER-KEY!"); - // nextState = ERROR_REQUIRED; - } - - // TODO: check for consistency of encryptedKeyLength. - // TODO: check for consistency of keyArgLength. -// switch ( cmk.cipherKind ) -// { -// case SSL_CK_RC4_128_WITH_MD5: -// case SSL_CK_RC4_128_EXPORT40_WITH_MD5: -// if ( cmk.keyArgLength != 0 ) -// { -// Weird("SSLv2: Inconsistency of keyArgLength in CLIENT-MASTER-KEY!"); -// //nextState = ERROR_REQUIRED; -// } -// break; -// case SSL_CK_DES_64_CBC_WITH_MD5: -// case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5: -// case SSL_CK_RC2_128_CBC_WITH_MD5: -// case SSL_CK_IDEA_128_CBC_WITH_MD5: -// case SSL_CK_DES_192_EDE3_CBC_WITH_MD5: -// if ( cmk.keyArgLength != 8 ) -// { -// Weird("SSLv2: Inconsistency of keyArgLength in CLIENT-MASTER-KEY!"); -// } -// break; -// } - } - - // Remember the used cipher spec. - usedCipherSpec = SSLv2_CipherSpec(cmk.cipherKind); - - // If decrypting, store the clear key part of the master key. - if ( ssl_store_key_material /* && cmk.clearKeyLength == 11 */ ) - { - pMasterClearKey = - new SSL_DataBlock((recordData + SSLv2_CLIENT_MASTER_KEY_HEADER_SIZE), cmk.clearKeyLength); - - pMasterEncryptedKey = - new SSL_DataBlock((recordData + SSLv2_CLIENT_MASTER_KEY_HEADER_SIZE + cmk.clearKeyLength ), cmk.encryptedKeyLength); - } - - if ( nextState == CLIENT_MASTERKEY_SEEN ) - fire_ssl_conn_established(SSLProxy_Analyzer::SSLv20, - cmk.cipherKind); - - return nextState; - } - - -/*! - * This method analyses a SSLv2 ERROR record. - * - * \param s Pointer to the endpoint which sent the record - * \param length length of SSLv2 ERROR record - * \param data pointer to SSLv2 ERROR record to analyze - * - * \return the updated state of the current ssl connection - */ -SSLv2_States SSLv2_Interpreter::ErrorRecord(SSL_InterpreterEndpoint* s, - int recordLength, const u_char* recordData) - { - ++errorRecords; - - if ( unsigned(recordLength) != SSLv2_ERROR_RECORD_SIZE ) - { - Weird("SSLv2: Size mismatch in Error Record!"); - return ERROR_REQUIRED; - } - - SSLv2_ErrorRecord er; - er.errorCode = (recordData[1] << 8) | recordData[2]; - SSL3x_AlertLevel al = SSL3x_AlertLevel(255); - - switch ( er.errorCode ) { - case SSLv2_PE_NO_CIPHER: - // The client doesn't support a cipher which the server - // supports. Only from client to server and not recoverable! - al = SSL3x_ALERT_LEVEL_FATAL; - break; - - case SSLv2_PE_NO_CERTIFICATE: - if ( s == orig ) - // from client to server: not recoverable - al = SSL3x_ALERT_LEVEL_FATAL; - else - // from server to client: recoverable - al = SSL3x_ALERT_LEVEL_WARNING; - break; - - case SSLv2_PE_BAD_CERTIFICATE: - if ( s == orig ) - // from client to server: not recoverable - al = SSL3x_ALERT_LEVEL_FATAL; - else - // from server to client: recoverable - al = SSL3x_ALERT_LEVEL_WARNING; - break; - - case SSLv2_PE_UNSUPPORTED_CERTIFICATE_TYPE: - if ( s == orig ) - // from client to server: not recoverable - al = SSL3x_ALERT_LEVEL_FATAL; - else - // from server to client: recoverable - al = SSL3x_ALERT_LEVEL_WARNING; - break; - - default: - al = SSL3x_ALERT_LEVEL_FATAL; - break; - } - - fire_ssl_conn_alert(SSLProxy_Analyzer::SSLv20, al, er.errorCode); - - return ERROR_SEEN; - } - -/*! - * This method analyses a set of SSLv2 cipher suites. - * - * \param s Pointer to the endpoint which sent the cipher suites - * \param length length of cipher suites - * \param data pointer to cipher suites to analyze - * - * \return a pointer to a Bro TableVal (of type cipher_suites_list) which contains - * the cipher suites list of the current analyzed record - */ -TableVal* SSLv2_Interpreter::analyzeCiphers(SSL_InterpreterEndpoint* s, - int length, const u_char* data) - { - if ( length > MAX_CIPHERSPEC_SIZE ) - { - if ( s == orig ) - Weird("SSLv2: Client has CipherSpecs > MAX_CIPHERSPEC_SIZE"); - else - Weird("SSLv2: Server has CipherSpecs > MAX_CIPHERSPEC_SIZE"); - } - else - { // cipher specs are not too big - if ( ssl_compare_cipherspecs ) - { // store cipher specs for state analysis - if ( s == resp ) - pServerCipherSpecs = - new SSL_DataBlock(data, length); - else - pClientCipherSpecs = - new SSL_DataBlock(data, length); - } - } - - const u_char* pCipher = data; - bool bExtractCipherSuite = false; - TableVal* pCipherTable = 0; - - // We only extract the cipher suite when the corresponding - // ssl events are defined (otherwise we do work for nothing - // and suffer a memory leak). - // FIXME: This check needs to be done only once! - if ( (s == orig && ssl_conn_attempt) || - (s == resp && ssl_conn_server_reply) ) - { - pCipherTable = new TableVal(cipher_suites_list); - bExtractCipherSuite = true; - } - - for ( int i = 0; i < length; i += 3 ) - { - SSL_CipherSpec* pCurrentCipherSpec; - uint32 cipherSpecID = - ((pCipher[0] << 16) | pCipher[1] << 8) | pCipher[2]; - - // Check for unknown cipher specs. - HashKey h(static_cast(cipherSpecID)); - pCurrentCipherSpec = - (SSL_CipherSpec*) SSL_CipherSpecDict.Lookup(&h); - - if ( ! pCurrentCipherSpec ) - { - if ( s == orig ) - Weird("SSLv2: Unknown CIPHER-SPEC in CLIENT-HELLO!"); - else - Weird("SSLv2: Unknown CIPHER-SPEC in SERVER-HELLO!"); - } - - if ( bExtractCipherSuite ) - { - Val* index = new Val(cipherSpecID, TYPE_COUNT); - pCipherTable->Assign(index, 0); - Unref(index); - } - - pCipher += 3; - } - - return pCipherTable; - } - -// --- SSLv2_EndPoint --------------------------------------------------------- - -/*! - * The constructor. - * - * \param interpreter Pointer to the SSLv2 interpreter to whom this endpoint belongs to - * \param is_orig true if this is the originating endpoint of the ssl connection, - * false otherwise - */ -SSLv2_Endpoint::SSLv2_Endpoint(SSLv2_Interpreter* interpreter, int is_orig) -: SSL_InterpreterEndpoint(interpreter, is_orig) - { - sentRecords = 0; - } - -/*! - * The destructor. - */ -SSLv2_Endpoint::~SSLv2_Endpoint() - { - } - -/*! - * This method is called by the SSLProxy_Analyzer with a complete reassembled - * SSLv2 record. It passes the record to SSLv2_Interpreter::NewSSLRecord(). - * - * \param t reserved (always zero) - * \param seq reserved (always zero) - * \param len length of the data block containing the ssl record - * \param data pointer to the data block containing the ssl record - */ -void SSLv2_Endpoint::Deliver(int len, const u_char* data) - { - ++((SSLv2_Endpoint*)peer)->sentRecords; - - ((SSLv2_Interpreter*)interpreter)->NewSSLRecord(this, len, data); - } diff --git a/src/SSLv2.h b/src/SSLv2.h deleted file mode 100644 index d4719a20c6..0000000000 --- a/src/SSLv2.h +++ /dev/null @@ -1,239 +0,0 @@ -// $Id: SSLv2.h 3526 2006-09-12 07:32:21Z vern $ - -#ifndef SSLV2_H -#define SSLV2_H - -#include "SSLInterpreter.h" -#include "SSLCiphers.h" - -// --- constants for SSLv2 --------------------------------------------------- - -/*! - * In SSLv2, each record is of a special message type. Note that the message - * type is encrypted if the record has been encrypted, so we can determine - * the message type only if we have a cleartext record. - */ -enum SSLv2_MessageTypes { - SSLv2_MT_ERROR = 0, ///< can be in cleartext or encrypted - SSLv2_MT_CLIENT_HELLO = 1, ///< always in cleartext - SSLv2_MT_CLIENT_MASTER_KEY = 2, ///< always in cleartext - SSLv2_MT_CLIENT_FINISHED = 3, ///< always encrypted - SSLv2_MT_SERVER_HELLO = 4, ///< always in cleartext - SSLv2_MT_SERVER_VERIFY = 5, ///< always encrypted - SSLv2_MT_SERVER_FINISHED = 6, ///< always encrypted - SSLv2_MT_REQUEST_CERTIFICATE = 7, ///< always encrypted - SSLv2_MT_CLIENT_CERTIFICATE = 8, ///< always encrypted -}; - -// Certificate Type Codes. -// -// Authentication Type Codes -// #define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 -// Upper/Lower Bounds -// #define SSL_MAX_MASTER_KEY_LENGTH_IN_BITS 256 -// #define SSL_MAX_SESSION_ID_LENGTH_IN_BYTES 16 -// #define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES 64 -// #define SSL_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767 -// #define SSL_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 - -const uint8 SSLv2_CT_X509_CERTIFICATE = 0x01; - -/*! - * Error codes used in the error record. - */ -enum SSLv2_ErrorCodes { - SSLv2_PE_NO_CIPHER = 0x0001, - SSLv2_PE_NO_CERTIFICATE = 0x0002, - SSLv2_PE_BAD_CERTIFICATE = 0x0004, - SSLv2_PE_UNSUPPORTED_CERTIFICATE_TYPE = 0x0006 -}; - -// --- structs ---------------------------------------------------------------- - -const int SSLv2_CLIENT_HELLO_HEADER_SIZE = 9; -struct SSLv2_ClientHelloHeader { - uint8 messageType; - uint16 clientVersion; - uint16 cipherSpecLength; - uint16 sessionIdLength; - uint16 challengeLength; -}; - -const int SSLv2_SERVER_HELLO_HEADER_SIZE = 11; -struct SSLv2_ServerHelloHeader { - uint8 messageType; - uint8 sessionIdHit; - uint8 certificateType; - uint16 serverVersion; - uint16 certificateLength; - uint16 cipherSpecLength; - uint16 connectionIdLength; -}; - -const int SSLv2_CLIENT_MASTER_KEY_HEADER_SIZE = 10; -struct SSLv2_ClientMasterKeyHeader { - uint8 messageType; - uint32 cipherKind; // caution: is an uint24 - uint16 clearKeyLength; - uint16 encryptedKeyLength; - uint16 keyArgLength; -}; - -const unsigned int SSLv2_ERROR_RECORD_SIZE = 3; -struct SSLv2_ErrorRecord { - uint8 messageType; - uint16 errorCode; -}; - -const unsigned int SSLv2_CLIENT_FINISHED_HEADER_SIZE = 1; -struct SSLv2_ClientFinished { - uint8 messageType; - //char CONNECTION-ID[N-1] -}; - -struct SSLv2_ServerVerify { - uint8 messageType; - //char CHALLENGE-DATA[N-1] -}; - -struct SSLv2_ServerFinished { - uint8 messageType; - //char SESSION-ID-DATA[N-1] -}; - -// MISSING: -// CLIENT-CERTIFICATE -// REQUEST-CERTIFICATE - -/*! - * States used by the internal SSLv2 automaton. - */ -enum SSLv2_States { - START, ///< start state, no data seen yet - CLIENT_HELLO_SEEN, ///< client hello flew by - NEW_SESSION, ///< server hello with sessionIdHit == 0 seen - CACHED_SESSION, ///< server hello with sessionIdHit != 0 seen - CLIENT_MASTERKEY_SEEN, ///< we saw a client master key record - ERROR_SEEN, ///< we saw an error record - ERROR_REQUIRED ///< one of our critical checks failed, so we think we should see an error record -}; - - -// --- forward declarations --------------------------------------------------- - -class SSLv2_Interpreter; -class SSLv2_Endpoint; -class SSLv2_Record; -class SSL_DataBlock; -class SSL_RecordBuilder; - -// --- class SSLv2_Interpreter ------------------------------------------------ - -/*! - * \brief This class is used to analyze SSLv2 connections. - * - * Since there's currently no support for decrypting ssl connections, analysis - * stops when a connection switches to encrypted communication. - * The interpreter does several checks, both record- and connection-orientated. - * - * The record checks mainly consist of consistency checks, where the correct - * use of the SSL 2.0 specification is checked. Furthermore, the CIPHER-SPECS - * of the client and the server can be compared to detect non-intersecting sets. - * - * The connection check monitors the handshaking process for invalid transitions, - * until the end of the cleartext phase. - * - * Several events are thrown for BroScript, including client connection attempt, - * server reply, ssl connection establishment/reuse of former connection, proposed - * cipher suites and certificates seen. - * - * \see SSLv2_Endpoint - */ -class SSLv2_Interpreter : public SSL_Interpreter { -public: - SSLv2_Interpreter(SSLProxy_Analyzer* proxy); - ~SSLv2_Interpreter(); - - void NewSSLRecord(SSL_InterpreterEndpoint* s, int length, const u_char* data); - void analyzeRecord(SSL_InterpreterEndpoint* s, int length, const u_char* data); - SSLv2_States ClientHelloRecord(SSL_InterpreterEndpoint* s, - int recordLength, - const u_char* recordData); - SSLv2_States ServerHelloRecord(SSL_InterpreterEndpoint* s, - int recordLength, const u_char* recordData); - SSLv2_States ClientMasterKeyRecord(SSL_InterpreterEndpoint* s, - int recordLength, - const u_char* recordData); - SSLv2_States ErrorRecord(SSL_InterpreterEndpoint* s, - int recordLength, - const u_char* recordData); - - TableVal* analyzeCiphers(SSL_InterpreterEndpoint* s, - int length, const u_char* data); - SSLv2_States ConnState(); - - static void printStats(); - -#define MAX_CIPHERSPEC_SIZE ssl_max_cipherspec_size - - // Global connection counters. - static uint totalConnections; ///< counter for total sslv2 connections - static uint analyzedConnections; ///< counter for analyzed (=not partial) connections - static uint openedConnections; ///< counter for SSLv2 connections with complete handshake - static uint failedConnections; ///< counter for SSLv2 connections with failed but correct handshake - static uint weirdConnections; ///< counter for SSLv2 connections with failed and weird handshake - - // Global record counters. - static uint totalRecords; ///< counter for total SSLv2 records seen - static uint clientHelloRecords; ///< counter for SSLv2 CLIENT-HELLOs seen - static uint serverHelloRecords; ///< counter for SSLv2 SERVER-HELLOs seen - static uint clientMasterKeyRecords; ///< counter for SSLv2 CLIENT-MASTER-KEYSs seen - static uint errorRecords; ///< counter for SSLv2 ERRORs seen - - // Counters for this instance. - uint32 records; ///< counter for SSLv2 records of this connection - SSLv2_States connState; ///< state of connection - - bool bAnalyzedCounted; ///< flag for counting analyzedConnections - - // FIXME: this should be states. - bool bClientWantsCachedSession; ///< true if the client wants a cached session, false otherwise - - -protected: - void BuildInterpreterEndpoints(); - - SSL_DataBlock* pClientCipherSpecs; ///< the CIPHER-SPECs from the client - SSL_DataBlock* pServerCipherSpecs; ///< the CIPHER-SPECs from the server - SSLv2_CipherSpec usedCipherSpec; ///< the used CIPHER-SPEC for this connection - - // Currently experimental: - SSL_DataBlock* pConnectionId; // 16 <= ConnectionId <= 32 - SSL_DataBlock* pChallenge; // 16 <= Challenge <= 32 - SSL_DataBlock* pSessionId; // has to be 16 Bytes - SSL_DataBlock* pMasterClearKey; - SSL_DataBlock* pMasterEncryptedKey; - SSL_DataBlock* pClientReadKey; - SSL_DataBlock* pServerReadKey; -}; - -// --- class SSLv2_Endpoint --------------------------------------------------- - -/*! - * \brief This class represents an endpoint of an SSLv2 connection. - * - * Fully reassembled SSLv2 records are passed to its Deliver() function. - * There, some counters are updated and the record is then passed to - * SSLv2_Interpreter::NewSSLRecord(). - */ -class SSLv2_Endpoint: public SSL_InterpreterEndpoint { -public: - SSLv2_Endpoint(SSLv2_Interpreter* interpreter, int is_orig); - virtual ~SSLv2_Endpoint(); - - void Deliver(int len, const u_char* data); - - uint32 sentRecords; ///< counter for sent records of this endpoint -}; - -#endif diff --git a/src/SSLv3.cc b/src/SSLv3.cc deleted file mode 100644 index bebc7a076f..0000000000 --- a/src/SSLv3.cc +++ /dev/null @@ -1,1471 +0,0 @@ -// $Id: SSLv3.cc 5988 2008-07-19 07:02:12Z vern $ - -#include "SSLv3.h" -#include "SSLCiphers.h" - -// --- Initalization of static variables -------------------------------------- - -bool SSLv3_Interpreter::bInited = false; - -uint SSLv3_Interpreter::totalConnections = 0; -uint SSLv3_Interpreter::openedConnections = 0; -uint SSLv3_Interpreter::totalRecords = 0; -uint SSLv3_Interpreter::handshakeRecords = 0; -uint SSLv3_Interpreter::clientHelloRecords = 0; -uint SSLv3_Interpreter::serverHelloRecords = 0; -uint SSLv3_Interpreter::alertRecords = 0; -uint SSLv3_Interpreter::changeCipherRecords = 0; - - -// ---SSLv3_Interpreter-------------------------------------------------------- - -// Initialize static: -SSLv3_Automaton SSLv3_Interpreter::sslAutomaton(SSL3_1_NUM_STATES, - SSL3_1_NUM_TRANS, SSL3_1_STATE_ERROR); - -SSLv3_Interpreter::SSLv3_Interpreter(SSLProxy_Analyzer* proxy) -: SSL_Interpreter(proxy) - { - pCipherSuite = 0; - cipherSuiteIdentifier = 0; - pClientCipherSpecs = 0; - clientSessionID = 0; - serverSessionID = 0; - clientRandom = 0; - serverRandom = 0; - serverRSApars = 0; - serverDHPars = 0; - encryptedPreSecret = 0; - clientDHpublic = 0; - // keyXAlgorithm = SSL_KEY_EXCHANGE_NULL; - change_cipher_client_seen = false; - change_cipher_server_seen = false; - fin_client_seen = false; - fin_server_seen = false; - helloRequestValid = true; - - if ( ! bInited ) - { - BuildAutomaton(); - // BuildCipherDict(); - bInited = true; - } - - currentState = SSL3_1_STATE_INIT; - ++totalConnections; - } - -SSLv3_Interpreter::~SSLv3_Interpreter() - { - delete pClientCipherSpecs; - delete clientSessionID; - delete serverSessionID; - - if ( ssl_store_key_material ) - { - if ( clientRandom ) - delete clientRandom->random_bytes; - delete clientRandom; - if ( serverRandom ) - delete serverRandom->random_bytes; - delete serverRandom; - delete serverRSApars; - delete serverDHPars; - delete encryptedPreSecret; - delete clientDHpublic; - } - } - -void SSLv3_Interpreter::BuildInterpreterEndpoints() - { - orig = new SSLv3_Endpoint(this, 1); - resp = new SSLv3_Endpoint(this, 0); - } - -void SSLv3_Interpreter::BuildAutomaton() - { - sslAutomaton.addTrans(SSL3_1_STATE_INIT, SSL3_1_TRANS_SERVER_HELLO_REQ, - SSL3_1_STATE_SERVER_HELLO_REQ_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_REQ_SENT, - SSL3_1_TRANS_CLIENT_HELLO, SSL3_1_STATE_CLIENT_HELLO_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_INIT, SSL3_1_TRANS_CLIENT_HELLO, - SSL3_1_STATE_CLIENT_HELLO_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_HELLO_SENT, - SSL3_1_TRANS_SERVER_HELLO, SSL3_1_STATE_SERVER_HELLO_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_SENT, - SSL3_1_TRANS_SERVER_CERT, SSL3_1_STATE_SERVER_CERT_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_SENT, - SSL3_1_TRANS_SERVER_KEY_EXCHANGE, - SSL3_1_STATE_SERVER_KEY_EXCHANGE_SENT); - - // Server key-exchange and/or server requests cert from client. - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_CERT_SENT, - SSL3_1_TRANS_SERVER_KEY_EXCHANGE, - SSL3_1_STATE_SERVER_KEY_EXCHANGE_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_KEY_EXCHANGE_SENT, - SSL3_1_TRANS_SERVER_HELLO_DONE, - SSL3_1_STATE_SERVER_HELLO_DONE_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_KEY_EXCHANGE_SENT, - SSL3_1_TRANS_SERVER_CERT_REQ, - SSL3_1_STATE_SERVER_CERT_REQ_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_CERT_SENT, - SSL3_1_TRANS_SERVER_CERT_REQ, - SSL3_1_STATE_SERVER_CERT_REQ_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_CERT_REQ_SENT, - SSL3_1_TRANS_SERVER_HELLO_DONE, - SSL3_1_STATE_SERVER_HELLO_DONE_SENT_B); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_DONE_SENT_B, - SSL3_1_TRANS_CLIENT_CERT, SSL3_1_STATE_CLIENT_CERT_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_CERT_SENT, - SSL3_1_TRANS_CLIENT_KEY_EXCHANGE, - SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_B); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_B, - SSL3_1_TRANS_CLIENT_CERT_VERIFY, - SSL3_1_STATE_CLIENT_CERT_VERIFY_SENT); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_B, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_CLIENT_FIN_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_CERT_VERIFY_SENT, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_CLIENT_FIN_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_FIN_SENT_A, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_HS_FIN_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_B, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_SERVER_FIN_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_CERT_VERIFY_SENT, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_SERVER_FIN_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_FIN_SENT_A, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_HS_FIN_A); - - // Server hello done after server cert sent. - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_CERT_SENT, - SSL3_1_TRANS_SERVER_HELLO_DONE, - SSL3_1_STATE_SERVER_HELLO_DONE_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_DONE_SENT_A, - SSL3_1_TRANS_CLIENT_KEY_EXCHANGE, - SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_A, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_CLIENT_FIN_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_KEY_EXCHANGE_SENT_A, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_SERVER_FIN_SENT_A); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_FIN_SENT_A, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_HS_FIN_A); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_FIN_SENT_A, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_HS_FIN_A); - - // When reestablishing a session: - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_SENT, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_CLIENT_FIN_SENT_B); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_HELLO_SENT, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_SERVER_FIN_SENT_B); - - sslAutomaton.addTrans(SSL3_1_STATE_CLIENT_FIN_SENT_B, - SSL3_1_TRANS_SERVER_FIN, SSL3_1_STATE_HS_FIN_B); - - sslAutomaton.addTrans(SSL3_1_STATE_SERVER_FIN_SENT_B, - SSL3_1_TRANS_CLIENT_FIN, SSL3_1_STATE_HS_FIN_B); - - sslAutomaton.setStartState(SSL3_1_STATE_INIT); - } - -void SSLv3_Interpreter::printStats() - { - printf( "SSLv3x:\n" ); - printf( "Note: Because handshake messages may be coalesced into a \n"); - printf( " single SSLv3x record, the number of total messages for SSLv3x plus \n"); - printf( " the number of total records seen for SSLv3 won't match \n"); - printf( " SSLProxy_Analyzer::totalRecords! \n"); - printf( "total connections = %u\n", totalConnections ); - printf( "opened connections (complete handshake) = %u\n", openedConnections ); - - printf( "total messages seen = %u\n", totalRecords ); - printf( "handshake messages seen = %u\n", handshakeRecords ); - printf( "alert records seen = %u\n", alertRecords ); - printf( "change cipher records seen = %u\n", changeCipherRecords ); - printf( "client hello messages seen = %u\n", clientHelloRecords ); - printf( "server hello messages seen = %u\n", serverHelloRecords ); - } - -int SSLv3_Interpreter::HandshakeType2Trans(int type) - { - switch ( SSL3_1_HandshakeType(type) ) { - case SSL3_1_HELLO_REQUEST: return SSL3_1_TRANS_SERVER_HELLO_REQ; - case SSL3_1_CLIENT_HELLO: return SSL3_1_TRANS_CLIENT_HELLO; - case SSL3_1_SERVER_HELLO: return SSL3_1_TRANS_SERVER_HELLO; - - case SSL3_1_CERTIFICATE: - // Client- and server certificate handshake records lead - // to the same transition in the SSL automaton - // (see SSLDefines.h) - return SSL3_1_TRANS_SERVER_CERT; - - case SSL3_1_SERVER_KEY_EXCHANGE: return SSL3_1_TRANS_SERVER_KEY_EXCHANGE; - case SSL3_1_CERTIFICATE_REQUEST: return SSL3_1_TRANS_SERVER_CERT_REQ; - case SSL3_1_SERVER_HELLO_DONE: return SSL3_1_TRANS_SERVER_HELLO_DONE; - case SSL3_1_CERTIFICATE_VERIFY: return SSL3_1_TRANS_CLIENT_CERT_VERIFY; - case SSL3_1_CLIENT_KEY_EXCHANGE: return SSL3_1_TRANS_CLIENT_KEY_EXCHANGE; - - case SSL3_1_FINISHED: - // Client- and server certificate handshake records lead - // to the same transition in the SSL automaton - // (see SSLDefines.h) - return SSL3_1_TRANS_CLIENT_FIN; - default: - return -1; - } - } - -void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec) - { - ++SSLv3_Interpreter::totalRecords; - ++SSLv3_Interpreter::handshakeRecords; - - TableVal* currentCipherSuites = 0; - - // First: consistency checks. - // Special treatment for finished messages, because they are - // already encrypted (encrypted handshake message). - if ( (change_cipher_client_seen && (rec->endp)->IsOrig() && - ! fin_client_seen) || - (change_cipher_server_seen && ! rec->endp->IsOrig() && - ! fin_server_seen) ) - { - // no checks can be performed due encryption... - } - else - { - SSL3_1_HandshakeType ht = SSL3_1_HandshakeType(rec->type); - switch ( ht ) { - case SSL3_1_HELLO_REQUEST: - if ( rec->length != 0 ) - Weird("SSLv3x: Hello request too long!"); - if ( ! helloRequestValid ) - Weird("SSLv3x: Received hello request during handshake!"); - // There should only be sent one hello request at a - // time. - helloRequestValid = false; - break; - - case SSL3_1_CLIENT_HELLO: - { - ++SSLv3_Interpreter::clientHelloRecords; - - // During the handshaking phase, we don't want any - // more hello requests. - helloRequestValid = false; - - if ( rec->checkClientHello() == 0 ) - return; - - const u_char* pTemp = rec->data; - uint8 sessionIDLength = uint8(pTemp[38]); - clientSessionID = - new SSL_DataBlock((pTemp + 39), sessionIDLength); - uint16 cipherSuiteLength = - uint16(pTemp[39 + sessionIDLength] << 8 ) | - pTemp[40 + sessionIDLength]; - - currentCipherSuites = - analyzeCiphers(rec->endp, cipherSuiteLength, - rec->data + 41 + sessionIDLength, - rec->sslVersion); - - if ( ssl_store_key_material ) - { - clientRandom = new SSLv3x_Random(); - clientRandom->random_bytes = 0; - clientRandom->gmt_unix_time = - uint32(((pTemp[6] << 24) | - pTemp[7] << 16) | - pTemp[8] << 8) | pTemp[9]; - - clientRandom->random_bytes = - new SSL_DataBlock(pTemp + 10, 28); - } - break; - } - - case SSL3_1_SERVER_HELLO: - { - ++SSLv3_Interpreter::serverHelloRecords; - if ( rec->checkServerHello() == 0) - return; - - const u_char* pTemp = rec->data; - uint8 sessionIDLength = uint8(pTemp[38]); - serverSessionID = - new SSL_DataBlock(pTemp + 39, sessionIDLength); - currentCipherSuites = - analyzeCiphers(rec->endp, 2, - rec->data + 39 + sessionIDLength, - rec->sslVersion); - - // Check whether the cipher suite the server choose - // was included in the cipher suites the client - // anounced. - if ( pClientCipherSpecs && pCipherSuite ) - { - bool bFound = false; - uint16 tempClientCipher; - for ( int i = 0; i < pClientCipherSpecs->len; - i += 2 ) - { - tempClientCipher = - (pClientCipherSpecs->data[i] << 8) | - pClientCipherSpecs->data[i+1]; - - if ( tempClientCipher == - pCipherSuite->identifier ) - { - bFound = true; - i = pClientCipherSpecs->len; - } - } - - if ( ! bFound ) - Weird("SSLv3x: Server choosed cipher spec that client didn't anounce!"); - - delete pClientCipherSpecs; - pClientCipherSpecs = 0; - } - - if ( ssl_store_key_material ) - { - serverRandom = new SSLv3x_Random(); - serverRandom->gmt_unix_time = - uint32(((pTemp[6] << 8) | - pTemp[7] << 8) | - pTemp[8] << 8) | pTemp[9]; - serverRandom->random_bytes = - new SSL_DataBlock(pTemp + 10, 28); - } - - // Insert session injection into here. - - if ( ! ssl_session_insertion ) - break; // in place of below - - TableVal* sessionIDTable = - serverSessionID ? - MakeSessionID(serverSessionID->data, - serverSessionID->len) : - MakeSessionID(0, 0); - - val_list* vl = new val_list; - vl->append(proxy->BuildConnVal()); - vl->append(sessionIDTable); - - proxy->ConnectionEvent(ssl_session_insertion, vl); - break; - } - - case SSL3_1_CERTIFICATE: - { - const u_char* pData = rec->data; - uint32 certListLength = - uint32((pData[4] << 16) | - pData[5] << 8) | pData[6]; - - // Sum of all cert sizes has to match - // certListLength. - uint tempLength = 0; - uint certCount = 0; - while ( tempLength < certListLength ) - { - if ( tempLength + 3 <= certListLength ) - { - ++certCount; - uint32 certLength = - uint32((pData[tempLength + 7] << 16) | pData[tempLength + 8] << 8) | pData[tempLength + 9]; - tempLength += certLength + 3; - } - else - { - Weird("SSLv3x: Corrupt length field in certificate list!"); - return; - } - } - - if ( tempLength > certListLength ) - { - Weird("SSLv3x: sum of size of certificates doesn't match size of certificate chain"); - return; - } - - SSL_InterpreterEndpoint* pEp = - (SSL_InterpreterEndpoint*) rec->endp; - - if ( certCount == 0 ) - { - // we don't have a certificate, but this is valid - // according to RFC2246 - if ( rec->endp->IsOrig() ) - { - Weird("SSLv3x: Client certificate is missing!"); - break; - } - else - { - Weird("SSLv3x: Server certificate is missing!"); - break; - } - } - - if ( certCount > 1 ) - { // we have a chain - analyzeCertificate(pEp, - rec->data + 7, - certListLength, 1, true); - } - else - { - // We have a single certificate. - // FIXME. - analyzeCertificate(pEp, - rec->data + 10, - certListLength-3, 1, false); - } - - break; - } - - case SSL3_1_SERVER_KEY_EXCHANGE: - { - /* - switch (cipherSuite) - { - // It would be necessary to have the RSA key length - // out of the server's certificate. If the cipher suite - // is EXPORT, than a RSA key length larger than 512 bits - // is not allowed for encryption and thus, the server needs - // to send a key-exchange-message in order to negotiate the - // pre-master secret (see rfc 2246 page 39) - case TLS_RSA_WITH_NULL_MD5: - case TLS_RSA_WITH_NULL_SHA: - // case TLS_RSA_EXPORT_WITH_RC4_40_MD5: //see comment above - case TLS_RSA_WITH_RC4_128_MD5: - case TLS_RSA_WITH_RC4_128_SHA: - // case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5: //see comment above - case TLS_RSA_WITH_IDEA_CBC_SHA: - // case TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: //see comment above - case TLS_RSA_WITH_DES_CBC_SHA: - case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - case TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: - case TLS_DH_DSS_WITH_DES_CBC_SHA: - case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: - case TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: - case TLS_DH_RSA_WITH_DES_CBC_SHA: - case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: - { - Weird("SSLv3x: Sending server-key-exchange not allowed for this cipher suite!"); - return; - break; - } - default: - break; - } - */ - - if ( ! pCipherSuite ) - // If we have an unknown CIPHER-SPEC, - // we can't do our weird checks. - break; - - SSL_KeyExchangeAlgorithm keyXAlgorithm = - pCipherSuite->keyExchangeAlgorithm; - - if ( keyXAlgorithm == SSL_KEY_EXCHANGE_RSA || - keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || - keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA ) - { - Weird("SSLv3x: Sending server-key-exchange not allowed for this cipher suite!"); - return; - - } - // FIXME: check where DHE_RSA etc. belongs to - const u_char* pTemp = rec->data; - if ( ssl_store_key_material ) - { - if ( keyXAlgorithm == SSL_KEY_EXCHANGE_RSA || - keyXAlgorithm == SSL_KEY_EXCHANGE_RSA || - keyXAlgorithm == SSL_KEY_EXCHANGE_RSA_EXPORT1024 ) - { // some weird checks - if ( rec->length < 2 ) - { - Weird("SSLv3x: server-key-exchange empty!"); - return; - } - - uint16 modulusLength = uint16(pTemp[4] << 8 ) | pTemp[5]; - if ( modulusLength + 4 > rec->length ) - { - Weird("SSLv3x: Corrupt length fields in server-key-exchange!"); - break; - } - - uint16 exponentLength = uint16(pTemp[6 + modulusLength] << 8 ) | pTemp[7 + modulusLength]; - if ( modulusLength + exponentLength + 4 > rec->length ) - { - Weird("SSLv3x: Corrupt length fields in server-key-exchange!"); - return; - } - - serverRSApars = - new SSLv3x_ServerRSAParams; - serverRSApars->rsa_modulus = - new SSL_DataBlock(pTemp + 6, modulusLength); - serverRSApars->rsa_exponent = - new SSL_DataBlock( pTemp + 8 + modulusLength, exponentLength); - } - else - { - if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 ) - { - if ( rec->length < 2 ) - { - Weird("SSLv3x: server-key-exchange empty!"); - return; - } - - uint16 dh_pLength = (uint16) (pTemp[4] << 8 ) | pTemp[5]; - if ( dh_pLength + 4 > rec->length ) - { - Weird("SSLv3x: Corrupt length fields in server-key-exchange!"); - break; - } - - uint16 dh_gLength = uint16(pTemp[6 + dh_pLength] << 8 ) | pTemp[7 + dh_pLength]; - uint16 dh_YsLength = uint16(pTemp[8 + dh_pLength + dh_gLength] << 8 ) | pTemp[9 + dh_pLength + dh_gLength]; - if ( dh_pLength + dh_gLength + dh_YsLength + 6 > rec->length ) - { - Weird("SSLv3x: Corrupt length fields in server-key-exchange!"); - printf("xxx %u > %u \n", (dh_pLength + dh_gLength + dh_YsLength + 6), rec->length); - return; - } - - serverDHPars = new SSLv3x_ServerDHParams; - serverDHPars->dh_p = new SSL_DataBlock(pTemp + 6 , dh_pLength); - serverDHPars->dh_g = new SSL_DataBlock(pTemp + 8 + dh_pLength, dh_gLength); - serverDHPars->dh_Ys = new SSL_DataBlock(pTemp + 10 + dh_pLength + dh_gLength, dh_YsLength); - } - } - } - break; - } - - case SSL3_1_CERTIFICATE_REQUEST: - { - // Only if server not anonymous - /* - switch (cipherSuite) - { - case TLS_NULL_WITH_NULL_NULL: - case TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: - case TLS_DH_anon_WITH_RC4_128_MD5: - case TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: - case TLS_DH_anon_WITH_DES_CBC_SHA: - case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: - { - Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!"); - break; - } - default: - { - break; - } - } - */ - - if ( ! pCipherSuite ) - { - // if we have an unknown CIPHER-SPEC, - // we can't do our weird checks. - break; - } - - if ( pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon || pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT ) - Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!"); - - // FIXME: Insert weird checks! - break; - } - - case SSL3_1_SERVER_HELLO_DONE: - { - if ( rec->length != 0 ) - Weird("SSLv3x: Server hello too long!"); - break; - } - - case SSL3_1_CLIENT_KEY_EXCHANGE: - { - if ( ! pCipherSuite ) - // if we have an unknown CIPHER-SPEC, - // we can't do our weird checks - break; - - const u_char* pTemp = rec->data; - if ( ssl_store_key_material ) - { - SSL_KeyExchangeAlgorithm keyXAlgorithm = - pCipherSuite->keyExchangeAlgorithm; - - if ( keyXAlgorithm == SSL_KEY_EXCHANGE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA ) - { - encryptedPreSecret = - new SSLv3x_EncryptedPremasterSecret; - encryptedPreSecret->encryptedSecret = - new SSL_DataBlock( pTemp + 4, rec->length); - } - else - { - if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 ) - { - if ( rec->length < 2 ) - { - // This can happen (see RFC 2246, p. 45). - return; - } - - uint16 DHpublicLength = - uint16(pTemp[4] << 8) | pTemp[5]; - if ( DHpublicLength + 2 < rec->length ) - { - Weird("SSLv3x: Corrupt length fields in client-key-exchange!"); - return; - } - - clientDHpublic = new SSLv3x_ClientDHPublic; - clientDHpublic->dh_Yc = new SSL_DataBlock(pTemp + 6, DHpublicLength); - } - } - - } - break; - } - - case SSL3_1_CERTIFICATE_VERIFY: - { - // FIXME: Insert Weird checks! - break; - } - - case SSL3_1_FINISHED: - { - // We won't get here, because finished messages - // are already encrypted, so we can't get - // the content type of this handshake-message... - break; - } - - default: - { - if ( currentState == SSL3_1_STATE_SERVER_FIN_SENT_A || - currentState == SSL3_1_STATE_CLIENT_FIN_SENT_B ) - { - Weird("SSLv3x: Handshake message (unknown type) after finished message!"); - return; - } - else - { - Weird("SSLv3x: Invalid HandshakeType! Maybe finished message without predecessing change-cipher-message!"); - return; } - } - } - } - - int oldState = currentState; - bool alreadySwitchedState = false; - - // First: Special handling of finished messages. They must be - // sent immediately after a change cipher message - already encrypted. - // from client? - if ( rec->endp->IsOrig() && change_cipher_client_seen ) - { - if ( ! fin_client_seen ) - { - // This must be a (valid) client finished. - // We assume it to be one, because the predecessing - // message was a change cipher. - fin_client_seen = true; - change_cipher_client_seen = false; - alreadySwitchedState = true; - currentState = sslAutomaton.getNextState(currentState, - SSL3_1_TRANS_CLIENT_FIN); - } - else - { - // We already saw a client finished (should not be - // possible). - Weird("SSLv3x: Already received client finished message!"); - currentState = sslAutomaton.getNextState(currentState, - SSL3_1_TRANS_CLIENT_FIN); - fin_client_seen = true; - change_cipher_client_seen = false; - alreadySwitchedState = true; - } - } - - // from server - else if ( ! rec->endp->IsOrig() && change_cipher_server_seen ) - { - if ( ! fin_server_seen ) - { - // This must be a (valid) server finished. - // We assume it to be one, because the predecessing - // message was a change cipher. - fin_server_seen = true; - change_cipher_server_seen = false; - alreadySwitchedState = true; - currentState = sslAutomaton.getNextState(currentState, - SSL3_1_TRANS_SERVER_FIN); - } - else - { - // We already saw a server-finished (should not be - // possible). - Weird("SSLv3x: Already received server finished message!"); - currentState = sslAutomaton.getNextState(currentState, - SSL3_1_TRANS_SERVER_FIN); - alreadySwitchedState = true; - fin_server_seen = true; - change_cipher_server_seen = false; - } - } - - if ( ! alreadySwitchedState ) - { - // Check whether we are already finished with the - // handshaking process... - switch ( currentState ) { - case SSL3_1_STATE_HS_FIN_A: - case SSL3_1_STATE_HS_FIN_B: - Weird("SSLv3x: Received handshake message after finishing handshake!"); - break; - - default: - // It's a "normal" handshake message... - currentState = sslAutomaton.getNextState(currentState, - HandshakeType2Trans(rec->type)); - break; - } - } - - if ( currentState == SSL3_1_STATE_ERROR ) - { - // proxy->SetSkip(1); - } - - // Only if we changed the currentState, we need to call GenerateEvents - // because event generation in GenerateEvents() is based on - // currentState. - if ( oldState != currentState ) - GenerateEvents(rec, currentCipherSuites); - else - Unref(currentCipherSuites); - } - -void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_AlertRecord* rec) - { - ++SSLv3_Interpreter::totalRecords; - ++SSLv3_Interpreter::alertRecords; - - // First: consistency-checks. - // Only if handshake not already finished. - // Otherwise alerts may be encrypted, so we could do nothing... - if ( currentState == SSL3_1_STATE_SERVER_FIN_SENT_A || - currentState == SSL3_1_STATE_CLIENT_FIN_SENT_B || - currentState == SSL3_1_STATE_CLIENT_FIN_SENT_A || - currentState == SSL3_1_STATE_SERVER_FIN_SENT_B || - currentState == SSL3_1_STATE_HS_FIN_A || - currentState == SSL3_1_STATE_HS_FIN_B || - change_cipher_client_seen || change_cipher_server_seen ) - return; - - if ( rec->level != SSL3x_ALERT_LEVEL_WARNING && - rec->level != SSL3x_ALERT_LEVEL_FATAL ) - Weird("SSLv3x: Unknown ssl alert level"); - - SSL3_1_AlertDescription ad = SSL3_1_AlertDescription(rec->description); - switch ( ad ) { - case SSL3_1_CLOSE_NOTIFY: - case SSL3_1_UNEXPECTED_MESSAGE: - case SSL3_1_BAD_RECORD_MAC: - case SSL3_1_DECRYPTION_FAILED: - case SSL3_1_RECORD_OVERFLOW: - case SSL3_1_DECOMPRESSION_FAILURE: - case SSL3_1_HANDSHAKE_FAILURE: - break; - - case SSL3_0_NO_CERTIFICATE: - // This may happen ONLY in SSLv3.0 when the server sends - // a certificate request but the client has none. - if ( rec->sslVersion == SSLProxy_Analyzer::SSLv30 ) - currentState = SSL3_1_STATE_SERVER_HELLO_DONE_SENT_A; - else - Weird("SSLv3x: No certificate alert not defined for SSL 3.1!"); - break; - - case SSL3_1_BAD_CERTIFICATE: - case SSL3_1_UNSUPPORTED_CERTIFICATE: - case SSL3_1_CERTIFICATE_REVOKED: - case SSL3_1_CERTIFICATE_EXPIRED: - case SSL3_1_CERTIFICATE_UNKNOWN: - case SSL3_1_ILLEGAL_PARAMETER: - case SSL3_1_UNKNOWN_CA: - case SSL3_1_ACCESS_DENIED: - case SSL3_1_DECODE_ERROR: - case SSL3_1_DECRYPT_ERROR: - case SSL3_1_EXPORT_RESTRICTION: - case SSL3_1_PROTOCOL_VERSION: - case SSL3_1_INSUFFICIENT_SECURITY: - case SSL3_1_INTERNAL_ERROR: - case SSL3_1_USER_CANCELED: - case SSL3_1_NO_RENEGOTIATION: - break; - - default: - Weird(" SSLv3x: Unknown ssl alert description!" ); - break; - } - - if ( rec->level == 2 ) - // Fatal alert! - currentState = SSL3_1_STATE_INIT; - - if ( rec->level == 1 && ad == SSL3_1_CLOSE_NOTIFY ) - currentState = SSL3_1_STATE_INIT; - - fire_ssl_conn_alert(rec->sslVersion, rec->level, rec->description); - } - -void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_ChangeCipherRecord* rec) - { - ++SSLv3_Interpreter::totalRecords; - ++SSLv3_Interpreter::changeCipherRecords; - - if ( rec->type != 1 ) - Weird("SSLv3x: Unknown change cipher type!"); - if ( rec->recordLength != 1 ) - Weird("SSLv3x: Change cipher message too long!"); - - // After receiving a change cipher spec message, the next message sent - // MUST be a finished message. So we set the appropriate flag: - // change_cipher_client/server_seen. - if ( rec->endp->IsOrig()) - { - if ( change_cipher_client_seen ) - Weird("SSLv3x: Received multiple change cipher message from client!"); - change_cipher_client_seen = true; - fin_client_seen = false; - } - else - { - if ( change_cipher_server_seen ) - Weird("SSLv3x: Received multiple change cipher message from server!"); - change_cipher_server_seen = true; - fin_server_seen = false; - } - - if ( currentState == SSL3_1_STATE_ERROR ) - { - // proxy->SetSkip(1); - } - - // We don't need a GenerateEvents here, because we didn't change - // the currentState of the SSL automaton. (Event generation - // in GenerateEvents() is done based on currentState.) - // GenerateEvents(rec); - } - -void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_ApplicationRecord* rec) - { - ++SSLv3_Interpreter::totalRecords; - - if ( currentState == SSL3_1_STATE_HS_FIN_A || - currentState == SSL3_1_STATE_HS_FIN_B ) - // O.K., sending application data is valid - // this was the last record we analyzed... - proxy->SetSkip(1); - else - { - // Sending application data now is not valid, so the SSL - // connection is probably already established and we - // didn't get the handshake. - Weird("SSLv3_data_without_full_handshake"); - currentState = SSL3_1_STATE_ERROR; - GenerateEvents(rec, 0); - } - } - -TableVal* SSLv3_Interpreter::analyzeCiphers(const SSLv3_Endpoint* s, int length, - const u_char* data, uint16 version) - { - int is_orig = (SSL_InterpreterEndpoint*) s == orig; - - const u_char* pCipher = data; - SSL_CipherSpec* pCipherSuiteTemp = 0; - uint16 cipherSuite; - for ( int i = 0; i < length; i += 2 ) - { - cipherSuite = uint16(pCipher[0+i] << 8) | pCipher[1+i]; - HashKey h(static_cast(cipherSuite)); - - pCipherSuiteTemp = - (SSL_CipherSpec*) SSL_CipherSpecDict.Lookup(&h); - if ( ! pCipherSuiteTemp ) - { - if ( is_orig ) - proxy->Weird("SSLv3x: Unknown CIPHER-SPEC in CLIENT-HELLO"); - else - proxy->Weird("SSLv3x: Unknown CIPHER-SPEC in SERVER-HELLO"); - } - } - - // Store server's cipher specs. - if ( ! is_orig ) - { - pCipherSuite = pCipherSuiteTemp; - if ( ! pCipherSuite ) - { - // Special case: we store the identifier directly - // for unknown cipher-specs. - cipherSuiteIdentifier = - uint16(pCipher[0] << 8) | pCipher[1]; - } - } - - if ( ssl_compare_cipherspecs && length <= ssl_max_cipherspec_size ) - { - // Store cipher specs for analysis: was the choosen - // server cipher suite announced by the client? - if ( is_orig ) - { - pClientCipherSpecs = - new SSL_DataBlock(data, length); - } - } - - if ( (! is_orig && ssl_conn_server_reply) || - (is_orig && ssl_conn_attempt) ) - { - TableVal* pCipherTable = new TableVal(cipher_suites_list); - for ( int i = 0; i < length; i += 2 ) - { - uint32 cipherSpec = (pCipher[0] << 8) | pCipher[1]; - Val* index = new Val(cipherSpec, TYPE_COUNT); - pCipherTable->Assign(index, 0); - Unref(index); - pCipher += 2; - } - - return pCipherTable; - } - - else - return 0; - } - -void SSLv3_Interpreter::GenerateEvents(SSLv3_Record* rec, TableVal* curCipherSuites) - { - if ( curCipherSuites && - currentState != SSL3_1_STATE_CLIENT_HELLO_SENT && - currentState != SSL3_1_STATE_SERVER_HELLO_SENT ) - // Unref here, since the events won't do so in this case. - Unref(curCipherSuites); - - switch ( currentState ) { - case SSL3_1_STATE_CLIENT_HELLO_SENT: - fire_ssl_conn_attempt(rec->sslVersion, curCipherSuites); - break; - - case SSL3_1_STATE_SERVER_HELLO_SENT: - fire_ssl_conn_server_reply(rec->sslVersion, curCipherSuites); - break; - - case SSL3_1_STATE_HS_FIN_A: - case SSL3_1_STATE_HS_FIN_B: - ++SSLv3_Interpreter::openedConnections; - fire_ssl_conn_established(rec->sslVersion, - pCipherSuite ? - pCipherSuite->identifier : 0); - - // We finished handshake. Skip all further data. - proxy->SetSkip(1); - helloRequestValid = true; - break; - - case SSL3_1_STATE_SERVER_FIN_SENT_B: - // First, check for session-ID match. - if ( clientSessionID && serverSessionID && - memcmp(clientSessionID->data, serverSessionID->data, - clientSessionID->len) != 0 ) - Weird("SSLv3x: Reusing session but session ID mismatch!"); - fire_ssl_conn_reused(serverSessionID); - break; - - case SSL3_1_STATE_ERROR: - Weird("unexpected_SSLv3_record"); - proxy->SetSkip(1); - } - } - -void SSLv3_Interpreter::SetState(int i) - { - if ( i >= 0 && i < SSL3_1_NUM_STATES ) - currentState = i; - } - -// ---SSLv3_Endpoint-------------------------------------------------------------- - -SSLv3_Endpoint::SSLv3_Endpoint(SSL_Interpreter* interpreter, int is_orig) -: SSL_InterpreterEndpoint(interpreter, is_orig) - { - sslVersion = 0; - } - -SSLv3_Endpoint::~SSLv3_Endpoint() - { - } - -void SSLv3_Endpoint::Deliver(int len, const u_char* data) - { - if ( SSL3_1_LENGTHOFFSET + sizeof(uint16) <= unsigned(len) ) - { - currentMessage_length = - uint16(data[SSL3_1_LENGTHOFFSET] << 8) | - data[SSL3_1_LENGTHOFFSET+1]; - - // ### where does this magic number come from? - if ( currentMessage_length > 18432 ) - interpreter->Weird("SSLv3x: Message length too long!"); - } - else - { - interpreter->Weird("SSLv3x: Could not determine message length!"); - return; - } - - if ( currentMessage_length + 2 + SSL3_1_LENGTHOFFSET != len ) - { - // This should never happen; otherwise there is a bug in the - // SSL_RecordBuilder. - interpreter->Weird("SSLv3x: FATAL: recordLength doesn't match data block length!"); - interpreter->Proxy()->SetSkip(1); - return; - } - - ProcessMessage(data, len); - } - -void SSLv3_Endpoint::ProcessMessage(const u_char* data, int len) - { - SSL3_1_ContentType ct = ExtractContentType(data, len); - if ( ! ExtractVersion(data, len) ) - return; - - switch ( ct ) { - case SSL3_1_TYPE_CHANGE_CIPHER_SPEC: - { - SSLv3_ChangeCipherRecord* rec = new - SSLv3_ChangeCipherRecord(data + SSL3_1_HEADERLENGTH, - len - SSL3_1_HEADERLENGTH, sslVersion, this); - - // Multiple handshake messages may be coalesced into - // a single record. - rec->Deliver((SSLv3_Interpreter*) interpreter); - Unref(rec); - break; - } - - case SSL3_1_TYPE_ALERT: - { - SSLv3_AlertRecord* rec = new - SSLv3_AlertRecord(data + SSL3_1_HEADERLENGTH, - len - SSL3_1_HEADERLENGTH, sslVersion, this); - rec->Deliver((SSLv3_Interpreter*) interpreter); - Unref(rec); - break; - } - - case SSL3_1_TYPE_HANDSHAKE: - { - SSLv3_HandshakeRecord* rec = - new SSLv3_HandshakeRecord(data + SSL3_1_HEADERLENGTH, - len - SSL3_1_HEADERLENGTH, sslVersion, this); - rec->Deliver((SSLv3_Interpreter*) interpreter); - Unref(rec); - break; - } - - case SSL3_1_TYPE_APPLICATION_DATA: - { - SSLv3_ApplicationRecord* rec = - new SSLv3_ApplicationRecord(data + SSL3_1_HEADERLENGTH, - len - SSL3_1_HEADERLENGTH, sslVersion, this); - rec->Deliver((SSLv3_Interpreter*) interpreter); - Unref(rec); - break; - } - - default: - { - interpreter->Weird("SSLv3x: Could not determine content type!"); - break; - } - } - } - -SSL3_1_ContentType SSLv3_Endpoint::ExtractContentType(const u_char* data, - int len) - { - return SSL3_1_ContentType(uint8(*(data + SSL3_1_CONTENTTYPEOFFSET))); - } - -int SSLv3_Endpoint::ExtractVersion(const u_char* data, int len) - { - sslVersion = uint16(data[SSL3_1_VERSIONTYPEOFFSET] << 8) | - data[SSL3_1_VERSIONTYPEOFFSET + 1]; - - if ( sslVersion != SSLProxy_Analyzer::SSLv30 && - sslVersion != SSLProxy_Analyzer::SSLv31 ) - { - interpreter->Weird("SSLv3x: Unsupported SSL-Version (not SSLv3x)!"); - return 0; - } - else - return 1; - } - -// ---SSLv3_Record---------------------------------------------------------------- - -SSLv3_Record::SSLv3_Record(const u_char* data, int len, - uint16 version, SSLv3_Endpoint const* e) - { - recordLength = len; - sslVersion = version; - endp = e; - this->data = data; - } - -SSLv3_Record::~SSLv3_Record() - { - // The memory for data is deleted after processing the ssl record - // in the common ssl reassembler. - } - -void SSLv3_Record::Describe(ODesc* d) const - { - d->Add("sslrecord"); - } - -SSLv3_Endpoint const* SSLv3_Record::GetEndpoint() const - { - return endp; - } - -const u_char* SSLv3_Record::GetData() const - { - return data; - } - -int SSLv3_Record::ExtractInt24(const u_char* data, int len, int offset) - { - if ( offset + int(sizeof(unsigned long)) - 1 > len) - return 0; - - uint32 val; - - val = 0; - val = uint32(*(data + offset + 2)); - val |= uint32(*(data + offset + 1)) << 8; - val |= uint32(*(data + offset)) << 16; - - return val; - } - -int SSLv3_Record::GetRecordLength() const - { - return recordLength; - } - -SSLv3_HandshakeRecord::SSLv3_HandshakeRecord(const u_char* data, int len, - uint16 version, SSLv3_Endpoint const* e) -: SSLv3_Record(data, len, version, e) - { - // Don't analyze encrypted client handshake messages. - if ( e->IsOrig() && - ((SSLv3_Interpreter*) e->Interpreter())->change_cipher_client_seen && - ! ((SSLv3_Interpreter*) e->Interpreter())->fin_client_seen ) - { - type = 255; - length = 0; - next = 0; - return; - } - - // Don't analyze encrypted server handshake messages. - if ( ! e->IsOrig() && - ((SSLv3_Interpreter*) e->Interpreter())->change_cipher_server_seen && - ! ((SSLv3_Interpreter*) e->Interpreter())->fin_server_seen ) - { - type = 255; - length = 0; - next = 0; - return; - } - - type = uint8(*(this->data)); - length = ExtractInt24(data, len, 1); - - if ( length == 0 ) // this is a special case to deal with 0 length certs - next = 0; - else if ( length + 4 < len ) - next = new SSLv3_HandshakeRecord(data + length + 4, - len - (length + 4), version, e); - else if ( length + 4 > len ) - { - e->Interpreter()->Weird("SSLv3x: Handshake-header-length inconsistent (too big)"); - next = 0; - } - else - next = 0; - } - -SSLv3_HandshakeRecord::~SSLv3_HandshakeRecord() - { - if ( next ) - { - delete next; - } - } - -void SSLv3_HandshakeRecord::Deliver(SSLv3_Interpreter* conn) - { - SSLv3_HandshakeRecord* it = this; - while ( it != 0) - { - conn->DeliverSSLv3_Record(it); - it = it->GetNext(); - } - } - -int SSLv3_HandshakeRecord::GetType() const - { - return type; - } - -int SSLv3_HandshakeRecord::GetLength() const - { - return length; - } - -SSLv3_HandshakeRecord* SSLv3_HandshakeRecord::GetNext() - { - return next; - } - -int SSLv3_HandshakeRecord::checkClientHello() - { - if ( recordLength < 42 ) - { - endp->Interpreter()->Weird("SSLv3x: Client hello too small!"); - return 0; - } - - uint16 version = uint16(data[4] << 8 ) | data[5]; - if ( version != SSLProxy_Analyzer::SSLv30 && - version != SSLProxy_Analyzer::SSLv31 ) - endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Client hello!"); - - uint16 offset = 38; - uint8 sessionIDLength = uint8(data[offset]); - offset += (1 + sessionIDLength); - if ( sessionIDLength > 32 ) - { - endp->Interpreter()->Weird("SSLv3x: SessionID too long in Client hello!"); - return 0; - } - - uint16 cipherSuiteLength = - uint16(data[offset] << 8) | data[offset+1]; - offset += (2 + cipherSuiteLength); - if ( cipherSuiteLength < 2 ) - endp->Interpreter()->Weird("SSLv3x: CipherSuite length too small!"); - - if ( offset > recordLength ) - { - endp->Interpreter()->Weird("SSLv3x: Client hello too small, corrupt length fields!"); - return 0; - } - - uint8 compressionMethodLength = uint8(data[offset]); - offset += (1 + compressionMethodLength); - if ( compressionMethodLength < 1 ) - endp->Interpreter()->Weird("SSLv3x: CompressionMethod length too small!"); - - if ( offset < length ) - { - uint16 sslExtensionsLength = - uint16(data[offset] << 8) | data[offset+1]; - offset += 2; - if ( sslExtensionsLength < 4 ) - endp->Interpreter()->Weird("SSLv3x: Extensions length too small!"); - - // TODO: extract SSL extensions here - - offset += sslExtensionsLength; - if ( offset != length+4 ) - { - endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Client hello!"); - return 0; - } - } - - return 1; - } - -int SSLv3_HandshakeRecord::checkServerHello() - { - if ( recordLength < 42 ) - { - endp->Interpreter()->Weird("SSLv3x: Server hello too small!"); - return 0; - } - - uint16 version = uint16(data[4] << 8) | data[5]; - if ( version != SSLProxy_Analyzer::SSLv30 && - version != SSLProxy_Analyzer::SSLv31 ) - endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Server hello!"); - - uint16 offset = 38; - uint8 sessionIDLength = uint8(data[offset]); - if ( sessionIDLength > 32 ) - { - endp->Interpreter()->Weird("SSLv3x: SessionID too long in Server hello!"); - return 0; - } - offset += (1 + sessionIDLength); - - offset += 3; // account for cipher and compression method - if ( offset < length ) - { - uint16 sslExtensionsLength = - uint16(data[offset] << 8) | data[offset+1]; - offset += 2; - if ( sslExtensionsLength < 4 ) - endp->Interpreter()->Weird("SSLv3x: Extensions length too small!"); - - // TODO: extract SSL extensions here - offset += sslExtensionsLength; - - if ( offset != length+4 ) - { - endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Server hello!"); - return 0; - } - - return 0; - } - - return 1; - } - -SSLv3_AlertRecord::SSLv3_AlertRecord(const u_char* data, int len, - uint16 version, SSLv3_Endpoint const* e) -: SSLv3_Record(data, len, version, e) - { - if ( len < 2 ) - { - e->Interpreter()->Weird("SSLv3x: Alert header length too small!"); - level = 255; - description = 255; - } - - // No further consistency-check, because alerts may be - // already encrypted. - level = uint8(*((this->data) + SSL3_1_ALERT_LEVEL_OFFSET)); - description = uint8(*((this->data) + SSL3_1_ALERT_DESCRIPTION_OFFSET)); - } - -SSLv3_AlertRecord::~SSLv3_AlertRecord() - { - } - -int SSLv3_AlertRecord::GetDescription() const - { - return description; - } - -int SSLv3_AlertRecord::GetLevel() const - { - return level; - } - -void SSLv3_AlertRecord::Deliver(SSLv3_Interpreter* conn) - { - conn->DeliverSSLv3_Record(this); - } - -SSLv3_ChangeCipherRecord::SSLv3_ChangeCipherRecord(const u_char* data, int len, - uint16 version, SSLv3_Endpoint const* e) -: SSLv3_Record(data, len, version, e) - { - if ( len < 1 ) - { - e->Interpreter()->Weird("SSLv3x: Change cipher header length too small!"); - type = 255; - } - else - type = uint8(*((this->data) + SSL3_1_CHANGE_CIPHER_TYPE_OFFSET)); - } - -SSLv3_ChangeCipherRecord::~SSLv3_ChangeCipherRecord() - { - } - -int SSLv3_ChangeCipherRecord::GetType() const - { - return type; - } - -void SSLv3_ChangeCipherRecord::Deliver(SSLv3_Interpreter* conn) - { - conn->DeliverSSLv3_Record(this); - } - -SSLv3_ApplicationRecord::SSLv3_ApplicationRecord(const u_char* data, int len, uint16 version, SSLv3_Endpoint const* e) -: SSLv3_Record(data, len, version, e) - { - } - -SSLv3_ApplicationRecord::~SSLv3_ApplicationRecord() - { - } - -void SSLv3_ApplicationRecord::Deliver(SSLv3_Interpreter* conn) - { - conn->DeliverSSLv3_Record(this); - } diff --git a/src/SSLv3.h b/src/SSLv3.h deleted file mode 100644 index c3c3f4634e..0000000000 --- a/src/SSLv3.h +++ /dev/null @@ -1,590 +0,0 @@ -// $Id: SSLv3.h 3526 2006-09-12 07:32:21Z vern $ - -#ifndef sslv3_h -#define sslv3_h - -#include "SSLInterpreter.h" -#include "SSLProxy.h" -#include "SSLv3Automaton.h" -#include "SSLDefines.h" - -// Offsets in SSL record layer header. -const int SSL3_1_CONTENTTYPEOFFSET = 0; -const int SSL3_1_VERSIONTYPEOFFSET = 1; -const int SSL3_1_LENGTHOFFSET = 3; -const int SSL3_1_HEADERLENGTH = 5; - -// --- forward declarations --------------------------------------------------- - -class SSL_Interpreter; -class SSL_InterpreterEndpoint; -class SSLProxy_Analyzer; -class SSLv3_Endpoint; -class SSLv3_Record; -class SSLv3_HandshakeRecord; -class SSLv3_AlertRecord; -class SSLv3_ApplicationRecord; -class SSLv3_ChangeCipherRecord; -class CertStore; -struct SSL_CipherSpec; - -// --- enums for SSLv3.0/3.1 message handling --------------------------------- - -enum SSL3_1_ContentType { - SSL3_1_TYPE_CHANGE_CIPHER_SPEC = 20, - SSL3_1_TYPE_ALERT = 21, - SSL3_1_TYPE_HANDSHAKE = 22, - SSL3_1_TYPE_APPLICATION_DATA = 23 -}; - -enum SSL3_1_HandshakeType { - SSL3_1_HELLO_REQUEST = 0, - SSL3_1_CLIENT_HELLO = 1, - SSL3_1_SERVER_HELLO = 2, - SSL3_1_CERTIFICATE = 11, - SSL3_1_SERVER_KEY_EXCHANGE = 12, - SSL3_1_CERTIFICATE_REQUEST = 13, - SSL3_1_SERVER_HELLO_DONE = 14, - SSL3_1_CERTIFICATE_VERIFY = 15, - SSL3_1_CLIENT_KEY_EXCHANGE = 16, - SSL3_1_FINISHED = 20 -}; - -enum SSL3_1_AlertDescription { - SSL3_1_CLOSE_NOTIFY = 0, - SSL3_1_UNEXPECTED_MESSAGE = 10, - SSL3_1_BAD_RECORD_MAC = 20, - SSL3_1_DECRYPTION_FAILED = 21, - SSL3_1_RECORD_OVERFLOW = 22, - SSL3_1_DECOMPRESSION_FAILURE = 30, - SSL3_1_HANDSHAKE_FAILURE = 40, - SSL3_0_NO_CERTIFICATE = 41, - SSL3_1_BAD_CERTIFICATE = 42, - SSL3_1_UNSUPPORTED_CERTIFICATE = 43, - SSL3_1_CERTIFICATE_REVOKED = 44, - SSL3_1_CERTIFICATE_EXPIRED = 45, - SSL3_1_CERTIFICATE_UNKNOWN = 46, - SSL3_1_ILLEGAL_PARAMETER = 47, - SSL3_1_UNKNOWN_CA = 48, - SSL3_1_ACCESS_DENIED = 49, - SSL3_1_DECODE_ERROR = 50, - SSL3_1_DECRYPT_ERROR = 51, - SSL3_1_EXPORT_RESTRICTION = 60, - SSL3_1_PROTOCOL_VERSION = 70, - SSL3_1_INSUFFICIENT_SECURITY = 71, - SSL3_1_INTERNAL_ERROR = 80, - SSL3_1_USER_CANCELED = 90, - SSL3_1_NO_RENEGOTIATION = 100 -}; - -enum SSL3x_AlertLevel { - SSL3x_ALERT_LEVEL_WARNING = 1, - SSL3x_ALERT_LEVEL_FATAL = 2 -}; - -// --- structs ---------------------------------------------------------------- - -struct SSLv3x_Random { - uint32 gmt_unix_time; - SSL_DataBlock* random_bytes; // 28-bytes -}; - -struct SSLv3x_ServerRSAParams { - SSL_DataBlock* rsa_modulus; // <1..2^16-1> - SSL_DataBlock* rsa_exponent; // <1..2^16-1> -}; - -struct SSLv3x_ServerDHParams{ - SSL_DataBlock* dh_p; // <1..2^16-1> - SSL_DataBlock* dh_g; // <1..2^16-1> - SSL_DataBlock* dh_Ys; // <1..2^16-1> -}; - -struct SSLv3x_EncryptedPremasterSecret{ - SSL_DataBlock* encryptedSecret; -}; - -struct SSLv3x_ClientDHPublic{ - SSL_DataBlock* dh_Yc; // <1..2^16-1> -}; - -// ---------------------------------------------------------------------------- - -/** - * Class SSLv3_Interpreter is the implementation for a SSLv3.0/SSLv3.1 connection - * interpreter (derived from the abstract class SSL_Interpreter). - * - * The corresponding SSLProxy_Analyzer creates an instance of this class and - * properly initialises the corresponding SSLv3_Endpoints by calling the - * SSL_Interpreter's Init() method which then invokes the BuildInterpreterEndpoints() method - * (of the SSLv3_Interpreter) which causes the SSLv3_Endpoints to be created properly. - * - * The SSLv3_Interpreter receives the four various SSLv3_Records: - * - SSLv3_HandshakeRecord - * - SSLv3_AlertRecord - * - SSLv3_ChangeCipherRecord - * - SSLv3_ApplicationRecord - * via the DeliverSSLv3_Record() methods from the two corresponding SSLv3_Endpoints - * (which get fed by the SSLProxy_Analyzer). - * - * There is one global static SSLv3_Automaton which describes the possible transitions - * in the SSLv3.0/SSLv3.1 state machine for the handshaking phase. This automaton - * is initialised once, when Bro sees the first SSL connection. By the attribute - * currentState every instance of SSLv3_Interpreter holds the automaton state it - * is currently in and so is able - * to track the correctness of the SSL handshaking process. It weird-checks and verifies - * all arriving SSL records up to the point where handshaking is finished or an - * error occures caused by weird SSL records or not allowed transitions in the - * state machine. Information that was negotiated between the client and server - * during the handshaking phase is/may also be stored. That is: - * - used SSL version - * - negotiated cipher suite - * - session ID - * - client/server random - * - key exchange algorithms - * - cryptographic parameters - * - encrypted pre-master secret - * - * The certificates are verified using the analyzeCertificate() method of the - * SSL_Interpreter class. - * Events for Bro scripting are thrown for client connection attempt, server reply, - * ssl connection establishment/reuse of former connection, proposed cipher suites and - * seen certificates. - * - * @see SSLv3_Endpoint - */ -class SSLv3_Interpreter : public SSL_Interpreter { -public: - /** The constructor takes the SSLProxy_Analyzer as argument, - * that created this SSLv3_Interpreter. - * - * @param proxy the creating SSL_ConectionProxy - */ - SSLv3_Interpreter(SSLProxy_Analyzer* proxy); - ~SSLv3_Interpreter(); - - /** Delivers an SSLv3_HandshakeRecord to the SSLv3_Interpreter. - * The record gets verified and it is checked whether it is allowed - * in the current phase of the handshaking process. - * - * @param rec the SSLv3_HandshakeRecord - */ - void DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec); - - /** Delivers an SSLv3_AlertRecord to the SSLv3_Interpreter. - * The record gets verified and weird checked. - * - * @param rec the SSLv3_AlertRecord - */ - void DeliverSSLv3_Record(SSLv3_AlertRecord* rec); - - /** Delivers an SSLv3_ChangeCipherRecord to the SSLv3_Interpreter. - * The record gets verified and weird checked. If a change cipher - * record is received the next record from this endpoint needs - * to be a finished message. - * - * @param rec the SSLv3_ChangeCipherRecord - */ - void DeliverSSLv3_Record(SSLv3_ChangeCipherRecord* rec); - - /** Delivers a SSLv3_ApplicationRecord to the SSLv3_Interpreter. - * It is checked, whether handshaking phase is already finished - * and sending application data is valid (the normal case is, - * that after finishing the handshaking phase, all further data - * is skipped). - * - * @param rec the SSLv3_AlertRecord - */ - void DeliverSSLv3_Record(SSLv3_ApplicationRecord* rec); - - /** This method sets the currentState variable of this SSLv3_Interpreter - * and so sets the SSLv3.0/SSLv3.1 state machine to the state passed - * as parameter.It is invoked in the SSLProxy_Analyzer to enable - * this SSLv3_Interpreter to start work without having seen the first - * handshake record. This happens, when the client hello is sent in - * SSLv2 format and processed by the SSLv2_Interpreter but the further - * SSL connection taking place as a SSLv3.0/SSLv3.1 session. - * - * @param i the new state of the sslAutomaton - */ - void SetState(int i); - - static void printStats(); - - // Total SSLv3x connections. - static uint totalConnections; - - // Total SSLv3x connections with complete handshake. - static uint openedConnections; - - static uint totalRecords; ///< counter for total SSLv3x records seen - static uint handshakeRecords; ///< counter for SSLv3x handshake records seen - static uint clientHelloRecords; ///< counter for SSLv3x client hellos seen - static uint serverHelloRecords; ///< counter for SSLv3x server hellos seen - static uint alertRecords; ///< counter for SSLv3x alert records seen - static uint changeCipherRecords; ///< counter for SSLv3x change cipher records seen - - /**Flags for handling the change-cipher-messages and fin-handshake- - * messages - */ - bool change_cipher_client_seen; ///< whether a client change cipher record was seen - bool change_cipher_server_seen; ///< whether a server change cipher record was seen - bool fin_client_seen; ///< whether a client finished handshake message was seen (must immediately follow the client change cipher) - bool fin_server_seen; ///< whether a server finished handshake message was seen (must immediately follow the server change cipher) - -protected: - static SSLv3_Automaton sslAutomaton; ///< represents the SSLv3.0/SSLv3.1 automaton - static bool bInited; ///< whether the automaton is already initialised (has to be only done once) - int currentState; ///< the current state of the SSL automaton in this SSLv3_Interpreter instance - - // uint16 cipherSuite; ///< the cipher spec client and server agreed upon - SSL_DataBlock* pClientCipherSpecs; ///< the CIPHER-SPECs from the client - SSL_CipherSpec* pCipherSuite; ///< pointer to the cipher spec definition client and server agreed upon - uint32 cipherSuiteIdentifier; ///< only used for unknown cipher-specs - SSL_DataBlock* clientSessionID; ///< the session ID of the client hello record - SSL_DataBlock* serverSessionID; ///< the session ID for this SSL session - - /**Attributes for cryptographic computations*/ - SSLv3x_Random* clientRandom; - SSLv3x_Random* serverRandom; - //SSL_KeyExchangeAlgorithm keyXAlgorithm; - SSLv3x_ServerRSAParams* serverRSApars; - SSLv3x_ServerDHParams* serverDHPars; - SSLv3x_EncryptedPremasterSecret* encryptedPreSecret; - SSLv3x_ClientDHPublic* clientDHpublic; - - bool helloRequestValid; ///< Whether sending a hello request is valid (normally after handshaking phase) - - /** This method builds the corresponding SSLv3_Endpoints for this SSLv3_Interpreter. - * It is called in the SSL_Interpreter's Init() method. - */ - void BuildInterpreterEndpoints(); - - /** This method initialises the SSL state automaton; sets the states and transitions. - * It needs only to be called once for a whole bro. @see SSLDefines.h - */ - void BuildAutomaton(); - - /** This helper method translates the handshake types included in the SSL handshake - * records to the corresponding transition of the SSL automaton. It is invoked within - * the DeliverSSLv3_Record(SSLv3_HandshakeRecord*) method. - * - * @param type the handshake type of the handshake record - */ - int HandshakeType2Trans(int type); - - /** This method is used for event generation during the handshaking phase and - * generates the connection-attempt, server-reply, connection-established, connection-reused - * events dependant on the currentState of the SSL Automaton. - * It calls the appropriate fire_* methods of the SSL_Interpreter for this. - * The method is called within the the DeliverSSLv3_Record() methods. - * - * @param rec the SSLv3_Record which is currently processed - */ - void GenerateEvents(SSLv3_Record* rec, TableVal* curCipherSuites); - - /** This method analyzes the cipher suites the client and server offer - * each other during handshaking phase. It checks, whether it's a 'common' - * cipher suite and sets the pCipherSuite attribute according to the - * cipher suite client and server agreed on. - * - * @param s the SSLv3_Endpoint which sent the SSL record with the cipher suite(s) to be analyzed - * @param length length of data - * @param data pointer to where the cipher suites can be found - * @param version SSL version of the SSL record that contained the cipher suite(s) - * @return a pointer to a Bro TableVal (of type cipher_suites_list) which contains - * the cipher suites list of the current analyzed record - */ - TableVal* analyzeCiphers(const SSLv3_Endpoint* s, int length, const u_char* data, uint16 version); - -}; - -// ---------------------------------------------------------------------------- - -/** Class SSLv3_Endpoint is the implementation for SSLv3.0/SSLv3.1 connection - * endpoints (derived from the abstract class SSL_InterpreterEndpoint). - * - * A SSLv3_Endpoint gets completely reassembled ssl records via the method - * Deliver(), which is invoked in this Endpoint's corresponding SSLProxy_Analyzer. - * The defragmentation and reassembling already took place in the - * SSLProxy_Analyzer's SSL_RecordBuilder. - * The Deliver()-method does some basic weird checks and then calls - * ProcessMessage() which determines the content type of the ssl record - * and, dependant on that, creates an instance of the appropriate SSLv3_Record. - * This is passed on to this endpoint's corresponding SSLv3_Interpreter via - * the DeliverSSLv3_Record()-method. - */ -class SSLv3_Endpoint : public SSL_InterpreterEndpoint { -public: - /** The constructor takes the corresponding SSL_Interpreter as argument. - * is_orig sets this endpoint as originator of the connection (1), and - * responder otherwise (0). - * - * @param interpreter the SSL_Interpreter this endpoint is bound to. - * @param is_orig whether this endpoint is the originator (1) of the - * connection or not (0). - */ - SSLv3_Endpoint(SSL_Interpreter* interpreter, int is_orig); - virtual ~SSLv3_Endpoint(); - - /** This method is invoked by this endpoint's corresponding - * SSLProxy_Analyzer and receives completely reassembled SSL - * records (by the data argument). - * - * @param t time is always 0 (former: when the segment was received - * by bro (?)) - * @param len length of SSL record - * @param data content of SSL record - */ - void Deliver(int len, const u_char* data); - -protected: - uint16 sslVersion; ///< holds the version of the just delivered SSL record - uint16 currentMessage_length; ///< the length of the just delivered SSL record - - /** This method extracts the content type of the SSL record passed - * in the first parameter. - * - * @param data the SSL record - * @param len length of the record - * @return SSL3_1_ContentType of SSL record - */ - SSL3_1_ContentType ExtractContentType(const u_char* data, int len); - - /** This method determines the version of the SSL record passed to it. - * It sets the field sslVersion of this endpoint an is called within - * the method ProcessMessage(). - * - * @param data the SSL record - * @param len length of the record - * @return 0 if version is NOT 3.0/3.1, 1 otherwise - */ - int ExtractVersion(const u_char* data, int len); - - /** This method processes a complete SSL record. It - * determines the content type of the SSL record - * (handshake, alert, change-cipher-spec, application), - * cuts away the SSL record layer header and generates - * the appropriate SSLv3_Record. Then it calls the SSLv3_Record's - * Deliver() method, which manages the delivery of the record - * to the corresponding SSLv3_Interpreter - * - * @param data the complete SSL record - * @param len data's (record's) length - */ - void ProcessMessage(const u_char* data, int len); -}; - -// ---------------------------------------------------------------------------- - -// Offsets are now relative to the end of the SSL record layer header -#define SSL3_1_CHANGE_CIPHER_TYPE_OFFSET (SSL3_1_HEADERLENGTH - 5) -#define SSL3_1_ALERT_LEVEL_OFFSET (SSL3_1_HEADERLENGTH - 5) -#define SSL3_1_ALERT_DESCRIPTION_OFFSET (SSL3_1_HEADERLENGTH - 4) -#define SSL3_1_SESSION_ID_LENGTH_OFFSET 38 -#define SSL3_1_SESSION_ID_OFFSET 39 - -/** This class is an abstract base class for the four different - * SSLv3.0/SSLv3.1 record types (handshake, alert, change-cipher-spec, - * application). - * - * It contains a pointer to the data of the SSL record without - * the SSL record layer header, it's length and the version information, which - * was present in the now cut away SSL record layer header. - * - * (Note: the version field of the SSL record layer header may differ from - * the version of the record format that was used when sending the record. - * (e.g. a client may send a SSLv2 record including - * a version field containing 3.1 (for SSLv3.1) to show, that he supports - * version 3.1.)) - * - * Every subclass of SSLv3_Record implements the Deliver() method, which - * manages the delivery of the record to the corresponding SSLv3_Interpreter. - * Instances of SSLv3_Record (resp. it's subclasses) are created within - * the ProcessMessage() method of a SSLv3_Endpoint. - * */ -class SSLv3_Record : public BroObj{ -public: - /** The constructor gets a pointer to the SSL record without the - * record layer header, it's length, the version information - * contained in the record layer header and a pointer to the - * SSLv3_Endpoint that created this instance of SSLv3_Record. - * - * @param data pointer to the SSL record without record layer header - * @param data's length - * @param version version information contained in the SSL record layer header - * @param e the SSLv3_Endpoint that created this instance - */ - SSLv3_Record(const u_char* data, int len, uint16 version, - SSLv3_Endpoint const* e); - ~SSLv3_Record(); - - void Describe(ODesc* d) const; - - int GetRecordLength() const; - const u_char* GetData() const; - uint16 GetVersion() const; - SSLv3_Endpoint const* GetEndpoint() const; - - /** This abstract method is implemented by the various SSLv3_Record - * subclasses for handshake, alert, change cipher spec and application - * records. It manages the delivery of the SSLv3_Record to the - * SSLv3_Interpreter passed as argument. - * SSLv3_Records are created within the ProcessMessage() method of the - * SSLv3_Endpoint which then calls the just created SSLv3_Records - * Deliver() method with it's corresponding SSLv3_Interpreter as - * argument which then receives the (evtl. preprocessed) SSLv3_Record - * (via the method(s) DeliverSSLv3_Record()). - * - * @param conn the SSLv3_Interpreter to which this SSLv3_Record should be deliverd - */ - virtual void Deliver(SSLv3_Interpreter* conn) =0; - - /** Helper function that converts from 24-bit big endian integer - * starting at offset to 32 bit integer in little endian format. - * - * @param data the ssl-record - * @param len length of data (record) - * @param offset where the 24 bit big endian starts - * @return 32 bit little endian - */ - int ExtractInt24(const u_char* data, int len, int offset); - - int recordLength; ///< total length of the SSL record without the record layer header - const u_char* data; ///< pointer to the SSL record without the record layer header - SSLv3_Endpoint const* endp; ///< pointer to the SSLv3_Endpoint that created this instance of SSLv3_Record - uint16 sslVersion; ///< version information of the SSL record layer header -}; - -// ---------------------------------------------------------------------------- - -/* This class represents a handshake record used in SSLv3.0/SSLv3.1. - * - * Handshake records in SSLv3.0/SSLv3.1 need a special treatment, - * because it is possible that multiple handshake messages are coalesced into - * a single SSLv3.0/SSLv3.1 record. - * I think, this only can happen to - * handshake records (even RFC2246 page 16 generally talks about all - * messages of a same content type), because only handshake records - * have got an own length descriptor within and thus make de-coalescing - * possible. - * So when generating a new instance of a SSLv3_HandshakeRecord, it is checked whether there - * are more handshake records within data. - * If so, they are put apart and linked together to a chain by using - * the next-pointer. - * The Deliver() method takes this into account and delivers every single - * handshake record one by one to the SSLv3_Interpreter. - */ -class SSLv3_HandshakeRecord : public SSLv3_Record{ -public: - SSLv3_HandshakeRecord(const u_char* data, int len, uint16 version, - SSLv3_Endpoint const* e); - ~SSLv3_HandshakeRecord(); - - int GetType() const; - int GetLength() const; - - /** This method delivers the SSLv3_HandshakeRecord(s) to the - * SSLv3_Interpreter passed as argument. The method follows - * the next-pointer and delivers every SSLv3_HandshakeRecord - * contained in this list to the SSLv3_Interpreter. - * - * @param conn the SSLv3_Interpreter to which this SSLv3_HandshakeRecord should be deliverd - */ - void Deliver(SSLv3_Interpreter* conn); - - /* This method is invoked within the SSLv3_Interpreter and does lots of - * weird and consistency checks on a client hello SSL handshake record. - * - * @return 0 if further processing of this client hello is not - * possible due to inconsistency and 1 otherwise. - */ - int checkClientHello(); - - /* This method is invoked within the SSLv3_Interpreter and does lots of - * weird and consistency checks on a server hello SSL handshake record. - * - * @return 0 if further processing of this server hello is not - * possible due to inconsistency and 1 otherwise. - */ - int checkServerHello(); - - int type; ///< holds the handshake type of the handshake record (first byte) - int length; ///< holds the length of this handshake record (which is needed due to coalesced handshake messages) - -private: - SSLv3_HandshakeRecord* next; ///< pointer to the next ssl handshake record if they are coalesced into a single record - - SSLv3_HandshakeRecord* GetNext(); -}; - -// ---------------------------------------------------------------------------- - -/** This class represents an alert record used in SSLv3.0/SSLv3.1. - * - * description holds the SSL alert description and level the alert level. - */ -class SSLv3_AlertRecord : public SSLv3_Record { -public: - SSLv3_AlertRecord(const u_char* data, int len, uint16 version, - SSLv3_Endpoint const* e); - ~SSLv3_AlertRecord(); - - int GetDescription() const; - int GetLevel() const; - - /** This method delivers the SSLv3_AlertRecord to the SSLv3_Interpreter passed as - * argument. - * - * @param conn the SSLv3_Interpreter to which this SSLv3_AlertRecord should be deliverd - */ - void Deliver(SSLv3_Interpreter* conn); - - int description; ///< holds the alert description - int level; ///< holds the alert level -}; - -// ---------------------------------------------------------------------------- - -/** This class represents a change cipher record used in SSLv3.0/SSLv3.1. - * - * type holds the change cipher type used (currently only 1 is valid (rfc 2246)) - */ -class SSLv3_ChangeCipherRecord : public SSLv3_Record{ -public: - SSLv3_ChangeCipherRecord(const u_char* data, int len, uint16 version, - SSLv3_Endpoint const* e); - ~SSLv3_ChangeCipherRecord(); - int GetType() const; - - /** This method delivers the SSLv3_ChangeCipherRecord to the - * SSLv3_Interpreter passed as argument. - * - * @param conn the SSLv3_Interpreter to which this - * SSLv3_ChangeCipherRecord should be delivered - */ - void Deliver(SSLv3_Interpreter* conn); - - int type; ///< holds the change cipher type -}; - -// ---------------------------------------------------------------------------- - -/** This class represents an application record used in SSLv3.0/SSLv3.1. - */ -class SSLv3_ApplicationRecord : public SSLv3_Record { -public: - SSLv3_ApplicationRecord(const u_char* data, int len, uint16 version, - SSLv3_Endpoint const* e); - ~SSLv3_ApplicationRecord(); - - /** This method delivers the SSLv3_ApplicationRecord to the - * SSLv3_Interpreter passed as argument. - * - * @param conn the SSLv3_Interpreter to which this - * SSLv3_ApplicationRecord should be deliverd - */ - void Deliver(SSLv3_Interpreter* conn); -}; - -#endif diff --git a/src/SSLv3Automaton.cc b/src/SSLv3Automaton.cc deleted file mode 100644 index a79c81bd7c..0000000000 --- a/src/SSLv3Automaton.cc +++ /dev/null @@ -1,83 +0,0 @@ -// $Id: SSLv3Automaton.cc 80 2004-07-14 20:15:50Z jason $ - -// ---SSLv3_Automaton---------------------------------------------------------- - -#include "SSLv3Automaton.h" - -SSLv3_Automaton::SSLv3_Automaton(int arg_num_states, int num_trans, - int error_state) - { - num_states = arg_num_states; - states = new SSLv3_State*[num_states]; - for ( int i = 0; i < num_states; ++i ) - states[i] = new SSLv3_State(num_trans, error_state); - } - -SSLv3_Automaton::~SSLv3_Automaton() - { - for ( int i = 0; i < num_states; ++i ) - delete states[i]; - delete [] states; - } - -void SSLv3_Automaton::Describe(ODesc* d) const - { - d->Add("sslAutomaton"); - } - -void SSLv3_Automaton::setStartState(int state) - { - if ( state < num_states ) - startState = state; - } - -void SSLv3_Automaton::addTrans(int state1, int trans, int state2) - { - if ( state1 < num_states && state2 < num_states ) - states[state1]->addTrans(trans, state2); - } - -int SSLv3_Automaton::getNextState(int state, int trans) - { - if ( state < num_states ) - return states[state]->getNextState(trans); - else - return 0; - } - -int SSLv3_Automaton::getStartState() - { - if (startState >= 0) - return startState; - else - return -1; - } - -// ---SSLv3_State-------------------------------------------------------------- - -SSLv3_State::SSLv3_State(int num_trans, int error_state) - { - this->num_trans = num_trans; - transitions = new int[num_trans]; - for ( int i = 0; i < num_trans; ++i ) - transitions[i] = error_state; - } - -SSLv3_State::~SSLv3_State() - { - delete [] transitions; - } - -void SSLv3_State::addTrans(int trans, int state) - { - if ( trans < num_trans ) - transitions[trans] = state; - } - -int SSLv3_State::getNextState(int trans) - { - if ( trans < num_trans ) - return transitions[trans]; - else - return 0; - } diff --git a/src/SSLv3Automaton.h b/src/SSLv3Automaton.h deleted file mode 100644 index f581edbde2..0000000000 --- a/src/SSLv3Automaton.h +++ /dev/null @@ -1,107 +0,0 @@ -// $Id: SSLv3Automaton.h 80 2004-07-14 20:15:50Z jason $ - -#ifndef ssl_v3_automaton_h -#define ssl_v3_automaton_h - -#include "Obj.h" -#include "SSLDefines.h" - -class SSLv3_State; - -/** Class SSLv3_Automaton is there for holding the transitions of a state machine. - * The States are simply Integer Constants >= 0. Same for the transitions. - * The SSLv3_Automaton holds a pointer to an array of pointers to the - * states of the automaton. The array is indexed by the integer that - * represents the corresponding state. - * By default, the automaton is initialized with every transition leading to - * the error_state. - * By calling addTrans() (done in the SSLv3_Interpreter's BuildAutomaton()-method) - * the proper transitions for the SSL automaton are created. - * When calling getNextState(state, trans), you get the next state of the - * automaton, according to state and trans. - * */ -class SSLv3_Automaton : public BroObj { -public: - /* The constructor initialises the states 2-dim. array - * (which's size depends on num_states and num_trans). - * By default, every transition from every state leads to the error_state. - * @param num_states how many states the automaton has - * @param num_trans how many different transitions the automaton has - * @param error_state which Integer the error_state has - */ - SSLv3_Automaton(int num_states, int num_trans, int error_state); - ~SSLv3_Automaton(); - void Describe(ODesc* d) const; - - /* Sets the start state of the automaton. - * @param state the start state - */ - void setStartState(int state); - - /* This method is used for building up the automaton and defining - * from which state you get to which state which what transition. - * @param state1 the state from which the transition starts - * @param trans the transition itself - * @param to which state the transition leads - */ - void addTrans(int state1, int trans, int state2); - - /* Used for determinig into which state the automaton gets by using the - * given transition in the given state. - * @param state the state from which the transition starts - * @param trans the transition itself - * @return the state to which the transition leads - */ - int getNextState(int state, int trans); - int getStartState(); - int OutRef() - { - return RefCnt(); - } - -protected: - int num_states; ///< how many states the automaton has - SSLv3_State** states; ///< the pointer to the array of pointers that holds the states - int startState; ///< the start state of the automaton - -}; - -// ---------------------------------------------------------------------------- - -/** This class represents a state of the SSLv3_Automaton. - * It holds a pointer to an array of integers, which corresponds to the - * succeeding states of this state when "taking" a transition. - * The transition array is indexed by the integer-values corresponding to - * the transitions of the automaton. - * */ -class SSLv3_State { -public: - /* The constructor initialises the state. By default, every transition - * of the automaton leads to the error_state. - * @param num_trans how many different transitions the automaton has - * @param error_state how many different transitions the automaton has - */ - SSLv3_State(int num_trans, int error_state); - ~SSLv3_State(); - - /* This method is used for building up the automaton and is invoked by - * the SSLv3_Automaton's addTrans()-method. It defines the successing state - * of the automaton by taking the transition trans in this state. - * @param trans the transition, - * @param that leads to the state - */ - void addTrans(int trans, int state); - - /* Used for determinig into which state the automaton gets by using the - * given transition in the this state. - * @param trans which transition is to be taken - * @return the resulting state of the automaton - */ - int getNextState(int trans); - -protected: - int num_trans; ///< how many transitions the automaton has - int* transitions; ///< the array of successing states of this state by taking the transition that indexes this array -}; - -#endif diff --git a/src/X509.cc b/src/X509.cc deleted file mode 100644 index 9de73d2a9d..0000000000 --- a/src/X509.cc +++ /dev/null @@ -1,265 +0,0 @@ -// $Id: X509.cc 6724 2009-06-07 09:23:03Z vern $ - -#include - -#include "X509.h" -#include "config.h" - -// ### NOTE: while d2i_X509 does not take a const u_char** pointer, -// here we assume d2i_X509 does not write to , so it is safe to -// convert data to a non-const pointer. Could some X509 guru verify -// this? - -X509* d2i_X509_(X509** px, const u_char** in, int len) - { -#ifdef OPENSSL_D2I_X509_USES_CONST_CHAR - return d2i_X509(px, in, len); -#else - return d2i_X509(px, (u_char**)in, len); -#endif - } - -X509_STORE* X509_Cert::ctx = 0; -X509_LOOKUP* X509_Cert::lookup = 0; -X509_STORE_CTX X509_Cert::csc; -bool X509_Cert::bInited = false; - -// TODO: Check if Key < 768 Bits => Weakness! -// FIXME: Merge verify and verifyChain. - -void X509_Cert::sslCertificateEvent(Contents_SSL* e, X509* pCert) - { - EventHandlerPtr event = ssl_certificate; - if ( ! event ) - return; - - char tmp[256]; - RecordVal* pX509Cert = new RecordVal(x509_type); - - X509_NAME_oneline(X509_get_issuer_name(pCert), tmp, sizeof tmp); - pX509Cert->Assign(0, new StringVal(tmp)); - X509_NAME_oneline(X509_get_subject_name(pCert), tmp, sizeof tmp); - pX509Cert->Assign(1, new StringVal(tmp)); - pX509Cert->Assign(2, new AddrVal(e->Conn()->OrigAddr())); - - val_list* vl = new val_list; - vl->append(e->BuildConnVal()); - vl->append(pX509Cert); - vl->append(new Val(e->IsOrig(), TYPE_BOOL)); - - e->Conn()->ConnectionEvent(event, e, vl); - } - -void X509_Cert::sslCertificateError(Contents_SSL* e, int error_numbe) - { - Val* err_str = new StringVal(X509_verify_cert_error_string(csc.error)); - val_list* vl = new val_list; - - vl->append(e->BuildConnVal()); - vl->append(new Val(csc.error, TYPE_INT)); - vl->append(err_str); - - e->Conn()->ConnectionEvent(ssl_X509_error, e, vl); - } - -int X509_Cert::init() - { -#if 0 - OpenSSL_add_all_algorithms(); -#endif - - ctx = X509_STORE_new(); - int flag = 0; - int ret = 0; - - if ( x509_trusted_cert_path && - x509_trusted_cert_path->AsString()->Len() > 0 ) - { // add the path(s) for the local CA's certificates - const BroString* pString = x509_trusted_cert_path->AsString(); - - lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); - if ( ! lookup ) - { - fprintf(stderr, "X509_Cert::init(): initing lookup failed\n"); - flag = 1; - } - - int i = X509_LOOKUP_add_dir(lookup, - (const char*) pString->Bytes(), - X509_FILETYPE_PEM); - if ( ! i ) - { - fprintf( stderr, "X509_Cert::init(): error adding lookup directory\n" ); - ret = 0; - } - } - else - { - printf("X509: Using the default trusted cert path.\n"); - X509_STORE_set_default_paths(ctx); - } - - // Add crl functionality - will only add if defined and - // X509_STORE_add_lookup was successful. - if ( ! flag && x509_crl_file && x509_crl_file->AsString()->Len() > 0 ) - { - const BroString* rString = x509_crl_file->AsString(); - - if ( X509_load_crl_file(lookup, (const char*) rString->Bytes(), - X509_FILETYPE_PEM) != 1 ) - { - fprintf(stderr, "X509_Cert::init(): error reading CRL file\n"); - ret = 1; - } - -#if 0 - // Note, openssl version must be > 0.9.7(a). - X509_STORE_set_flags(ctx, - X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); -#endif - } - - bInited = true; - return ret; - } - -int X509_Cert::verify(Contents_SSL* e, const u_char* data, uint32 len) - { - if ( ! bInited ) - init(); - - X509* pCert = d2i_X509_(NULL, &data, len); - if ( ! pCert ) - { - // 5 = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY - sslCertificateError(e, 5); - return -1; - } - - sslCertificateEvent(e, pCert); - - X509_STORE_CTX_init(&csc, ctx, pCert, 0); - X509_STORE_CTX_set_time(&csc, 0, (time_t) network_time); - int i = X509_verify_cert(&csc); - X509_STORE_CTX_cleanup(&csc); - int ret = 0; - - int ext = X509_get_ext_count(pCert); - - if ( ext > 0 ) - { - TableVal* x509ex = new TableVal(x509_extension); - val_list* vl = new val_list; - char buf[256]; - - for ( int k = 0; k < ext; ++k ) - { - X509_EXTENSION* ex = X509_get_ext(pCert, k); - ASN1_OBJECT* obj = X509_EXTENSION_get_object(ex); - i2t_ASN1_OBJECT(buf, sizeof(buf), obj); - - Val* index = new Val(k+1, TYPE_COUNT); - Val* value = new StringVal(strlen(buf), buf); - x509ex->Assign(index, value); - Unref(index); - // later we can do critical extensions like: - // X509_EXTENSION_get_critical(ex); - } - - vl->append(e->BuildConnVal()); - vl->append(x509ex); - e->Conn()->ConnectionEvent(process_X509_extensions, e, vl); - } - - if ( ! i ) - { - sslCertificateError(e, csc.error); - ret = csc.error; - } - else - ret = 0; - - delete pCert; - return ret; - } - -int X509_Cert::verifyChain(Contents_SSL* e, const u_char* data, uint32 len) - { - if ( ! bInited ) - init(); - - // Gets an ssl3x cert chain (could be one single cert, too, - // but in chain format). - - // Init the stack. - STACK_OF(X509)* untrustedCerts = sk_X509_new_null(); - if ( ! untrustedCerts ) - { - // Internal error allocating stack of untrusted certs. - // 11 = X509_V_ERR_OUT_OF_MEM - sslCertificateError(e, 11); - return -1; - } - - // NOT AGAIN!!! - // Extract certificates and put them into an OpenSSL Stack. - uint tempLength = 0; - int certCount = 0; - X509* pCert = 0; // base cert, this one is to be verified - - while ( tempLength < len ) - { - ++certCount; - uint32 certLength = - uint32((data[tempLength + 0] << 16) | - data[tempLength + 1] << 8) | - data[tempLength + 2]; - - // Points to current cert. - const u_char* pCurrentCert = &data[tempLength+3]; - - X509* pTemp = d2i_X509_(0, &pCurrentCert, certLength); - if ( ! pTemp ) - { // error is somewhat of a misnomer - // 5 = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY - sslCertificateError(e, 5); - //FIXME: free ptrs - return -1; - } - - if ( certCount == 1 ) - // The first certificate goes directly into the ctx. - pCert = pTemp; - else - // The remaining certificates (if any) are put into - // the list of untrusted certificates - sk_X509_push(untrustedCerts, pTemp); - - tempLength += certLength + 3; - } - - sslCertificateEvent(e, pCert); - - X509_STORE_CTX_init(&csc, ctx, pCert, untrustedCerts); - X509_STORE_CTX_set_time(&csc, 0, (time_t) network_time); - int i = X509_verify_cert(&csc); - X509_STORE_CTX_cleanup(&csc); - //X509_STORE_CTX_free(&csc); - int ret = 0; - - if ( ! i ) - { - sslCertificateError(e, csc.error); - ret = csc.error; - } - else - ret = 0; - - delete pCert; - // Free the stack, incuding. contents. - - // FIXME: could this break Bro's memory tracking? - sk_X509_pop_free(untrustedCerts, X509_free); - - return ret; - } diff --git a/src/X509.h b/src/X509.h deleted file mode 100644 index 284fd3512c..0000000000 --- a/src/X509.h +++ /dev/null @@ -1,33 +0,0 @@ -// $Id: X509.h 3526 2006-09-12 07:32:21Z vern $ - -#ifndef X509_H -#define X509_H - -#include -#include -#include - -#include "SSLProxy.h" - -class X509_Cert { -public: - static X509_STORE* ctx; - static X509_LOOKUP* lookup; - static X509_STORE_CTX csc; - static bool bInited; - - // Initializes the OpenSSL library, which is used for verify(). - static int init(); - - // Wrapper for X.509 error event. - static void sslCertificateError(Contents_SSL* e, int error_numbe); - - // Retrieves a DER-encoded X.509 certificate. Returns 0 on failure. - static int verify(Contents_SSL* e, const u_char* data, uint32 len); - static int verifyChain(Contents_SSL* e, const u_char* data, uint32 len); - - // Wrapper for the ssl_certificate event. - static void sslCertificateEvent(Contents_SSL* e, X509* pCert); -}; - -#endif diff --git a/src/bro.bif b/src/bro.bif index 014120828e..7f83e16784 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -486,15 +486,15 @@ function to_count%(str: string%): count %{ const char* s = str->CheckString(); char* end_s; - + uint64 u = (uint64) strtoll(s, &end_s, 10); - + if ( s[0] == '\0' || end_s[0] != '\0' ) { builtin_run_time("bad conversion to count", @ARG@[0]); u = 0; } - + return new Val(u, TYPE_COUNT); %} @@ -556,7 +556,7 @@ function to_addr%(ip: string%): addr delete [] s; return ret; %} - + function count_to_v4_addr%(ip: count%): addr %{ if ( ip > 4294967295 ) @@ -564,7 +564,7 @@ function count_to_v4_addr%(ip: count%): addr builtin_run_time("conversion of non-IPv4 count to addr", @ARG@[0]); return new AddrVal(uint32(0)); } - + return new AddrVal(htonl(uint32(ip))); %} @@ -3348,3 +3348,112 @@ function bro_has_ipv6%(%) : bool return new Val(0, TYPE_BOOL); #endif %} + + +%%{ +#include +#include +#include + +// This is the indexed map of X509 certificate stores. +static map x509_stores; + +// ### NOTE: while d2i_X509 does not take a const u_char** pointer, +// here we assume d2i_X509 does not write to , so it is safe to +// convert data to a non-const pointer. Could some X509 guru verify +// this? + +X509* d2i_X509_(X509** px, const u_char** in, int len) + { +#ifdef OPENSSL_D2I_X509_USES_CONST_CHAR + return d2i_X509(px, in, len); +#else + return d2i_X509(px, (u_char**)in, len); +#endif + } + +%%} + + +function x509_verify%(der_cert: string, cert_stack: string_vec, root_certs: table_string_of_string%): count + %{ + X509_STORE* ctx = 0; + int i = 0; + + // If this certificate store was built previously, just reuse the old one. + BroString* s = convert_index_to_string(root_certs); + if ( x509_stores.count(*s) > 0 ) + ctx = x509_stores[*s]; + + if ( ! ctx ) // lookup to see if we have this one built already! + { + ctx = X509_STORE_new(); + TableVal* root_certs2 = root_certs->AsTableVal(); + ListVal* idxs = root_certs2->ConvertToPureList(); + + // Build the validation store + for ( i = 0; i < idxs->Length(); ++i ) + { + Val* key = idxs->Index(i); + StringVal *sv = root_certs2->Lookup(key)->AsStringVal(); + const uint8* data = sv->Bytes(); + X509* x = d2i_X509_(NULL, &data, sv->Len()); + if ( ! x ) + { + builtin_run_time(fmt("Root CA error: %s", ERR_error_string(ERR_peek_last_error(),NULL))); + return new Val((uint64) ERR_get_error(), TYPE_COUNT); + } + X509_STORE_add_cert(ctx, x); + } + + // Save the newly constructed certificate store into the cacheing map. + x509_stores[*s] = ctx; + } + + STACK_OF(X509)* untrusted_certs = sk_X509_new_null(); + if ( ! untrusted_certs ) + { + builtin_run_time(fmt("Untrusted certificate stack initialization error: %s", ERR_error_string(ERR_peek_last_error(),NULL))); + return new Val((uint64) ERR_get_error(), TYPE_COUNT); + } + + VectorVal *cert_stack_vec = cert_stack->AsVectorVal(); + for ( i = 0; i < (int) cert_stack_vec->Size(); ++i ) + { + StringVal *sv = cert_stack_vec->Lookup(i)->AsStringVal(); + const uint8 *data = sv->Bytes(); + X509* x = d2i_X509_(NULL, &data, sv->Len()); + if ( ! x ) + { + builtin_run_time(fmt("Untrusted certificate stack creation error: %s", ERR_error_string(ERR_peek_last_error(),NULL))); + return new Val((uint64) ERR_get_error(), TYPE_COUNT); + } + sk_X509_push(untrusted_certs, x); + } + + const uint8 *cert_data = der_cert->Bytes(); + + X509_STORE_CTX csc; + X509* cert = d2i_X509_(NULL, &cert_data, der_cert->Len()); + if ( ! cert ) + { + builtin_run_time(fmt("Certificate error: %s", ERR_error_string(ERR_peek_last_error(),NULL))); + return new Val((uint64) ERR_get_error(), TYPE_COUNT); + } + + X509_STORE_CTX_init(&csc, ctx, cert, untrusted_certs); + X509_STORE_CTX_set_time(&csc, 0, (time_t) network_time); + + int result = X509_verify_cert(&csc); + X509_STORE_CTX_cleanup(&csc); + + if ( untrusted_certs ) + sk_X509_pop_free(untrusted_certs, X509_free); + + return new Val((uint64) csc.error, TYPE_COUNT); + %} + +function x509_err2str%(err_num: count%): string + %{ + return new StringVal(X509_verify_cert_error_string(err_num)); + %} diff --git a/src/event.bif b/src/event.bif index d38963d8d1..786e04588a 100644 --- a/src/event.bif +++ b/src/event.bif @@ -265,19 +265,15 @@ event http_stats%(c: connection, stats: http_stats_rec%); event ssh_client_version%(c: connection, version: string%); event ssh_server_version%(c: connection, version: string%); -event ssl_certificate_seen%(c: connection, is_server: bool%); -event ssl_certificate%(c: connection, cert: X509, is_server: bool%); -event ssl_conn_attempt%(c: connection, version: count, ciphers: cipher_suites_list%); -event ssl_conn_server_reply%(c: connection, version: count, ciphers: cipher_suites_list%); -event ssl_conn_established%(c: connection, version: count, cipher_suite: count%); -event ssl_conn_reused%(c: connection, session_id: SSL_sessionID%); -event ssl_conn_alert%(c: connection, version: count, level: count, - description: count%); -event ssl_conn_weak%(name: string, c: connection%); +event ssl_client_hello%(c: connection, version: count, possible_ts: time, session_id: string, ciphers: count_set%); +event ssl_server_hello%(c: connection, version: count, possible_ts: time, session_id: string, cipher: count, comp_method: count%); +event ssl_extension%(c: connection, code: count, val: string%); +event ssl_established%(c: connection%); +event ssl_alert%(c: connection, level: count, desc: count%); -event ssl_session_insertion%(c: connection, id: SSL_sessionID%); -event process_X509_extensions%(c: connection, ex: X509_extension%); -event ssl_X509_error%(c: connection, err: int, err_string: string%); +event x509_certificate%(c: connection, cert: X509, is_server: bool, chain_idx: count, chain_len: count, der_cert: string%); +event x509_extension%(c: connection, data: string%); +event x509_error%(c: connection, err: count%); event stp_create_endp%(c: connection, e: int, is_orig: bool%); event stp_resume_endp%(e: int%); diff --git a/src/ssl-analyzer.pac b/src/ssl-analyzer.pac index 9c899ff2b6..7e0c3199b3 100644 --- a/src/ssl-analyzer.pac +++ b/src/ssl-analyzer.pac @@ -1,5 +1,3 @@ -# $Id:$ - # Analyzer for SSL (Bro-specific part). %extern{ @@ -11,8 +9,7 @@ #include "util.h" #include -#include -#include "X509.h" +#include %} @@ -46,22 +43,20 @@ %} -function to_table_val(data : uint8[]) : TableVal +function to_string_val(data : uint8[]) : StringVal %{ - TableVal* tv = new TableVal(SSL_sessionID); - for ( unsigned int i = 0; i < data->size(); i += 4 ) - { - uint32 temp = 0; - for ( unsigned int j = 0; j < 4; ++j ) - if ( i + j < data->size() ) - temp |= (*data)[i + j] << (24 - 8 * j); + assert(data->size() <= 32); - Val* idx = new Val(i / 4, TYPE_COUNT); - tv->Assign(idx, new Val((*data)[i], TYPE_COUNT)); - Unref(idx); + char tmp[32]; + memset(tmp, 0, sizeof(tmp)); + + if ( data ) + { + for ( unsigned int i = data->size(); i > 0; --i ) + tmp[i-1] = (*data)[i-1]; } - return tv; + return new StringVal(32, tmp); %} function version_ok(vers : uint16) : bool @@ -83,7 +78,7 @@ function convert_ciphers_uint24(ciph : uint24[]) : int[] vector* newciph = new vector(); std::transform(ciph->begin(), ciph->end(), - std::back_inserter(*newciph), to_int()); + std::back_inserter(*newciph), to_int()); return newciph; %} @@ -93,7 +88,7 @@ function convert_ciphers_uint16(ciph : uint16[]) : int[] vector* newciph = new vector(); std::copy(ciph->begin(), ciph->end(), - std::back_inserter(*newciph)); + std::back_inserter(*newciph)); return newciph; %} @@ -101,23 +96,10 @@ function convert_ciphers_uint16(ciph : uint16[]) : int[] refine analyzer SSLAnalyzer += { %member{ Analyzer* bro_analyzer_; - - vector* client_session_id_; - vector* advertised_ciphers_; - int version_; - int cipher_; %} %init{ bro_analyzer_ = 0; - - client_session_id_ = 0; - advertised_ciphers_ = new vector; - version_ = -1; - cipher_ = -1; - - if ( ! X509_Cert::bInited ) - X509_Cert::init(); %} %eof{ @@ -128,11 +110,6 @@ refine analyzer SSLAnalyzer += { %} %cleanup{ - delete client_session_id_; - client_session_id_ = 0; - - delete advertised_ciphers_; - advertised_ciphers_ = 0; %} function bro_analyzer() : Analyzer @@ -145,282 +122,203 @@ refine analyzer SSLAnalyzer += { bro_analyzer_ = a; %} - function check_cipher(cipher : int) : bool - %{ - if ( ! ssl_compare_cipherspecs ) - return true; - - if ( std::find(advertised_ciphers_->begin(), - advertised_ciphers_->end(), cipher) == - advertised_ciphers_->end() ) - { - bro_analyzer()->ProtocolViolation("chosen cipher not advertised before"); - return false; - } - - return true; - %} - - function certificate_error(err_num : int) : void - %{ - StringVal* err_str = - new StringVal(X509_verify_cert_error_string(err_num)); - BifEvent::generate_ssl_X509_error(bro_analyzer_, bro_analyzer_->Conn(), - err_num, err_str); - %} - - function proc_change_cipher_spec(msg : ChangeCipherSpec) : bool + function proc_change_cipher_spec(rec: SSLRecord) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected ChangeCipherSpec from %s at state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); return true; %} - function proc_application_data(msg : ApplicationData) : bool + function proc_application_data(rec: SSLRecord) : bool %{ if ( state_ != STATE_CONN_ESTABLISHED ) bro_analyzer()->ProtocolViolation(fmt("unexpected ApplicationData from %s at state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); return true; %} - function proc_alert(level : int, description : int) : bool + function proc_alert(rec: SSLRecord, level : int, desc : int) : bool %{ - BifEvent::generate_ssl_conn_alert(bro_analyzer_, bro_analyzer_->Conn(), - current_record_version_, level, - description); + BifEvent::generate_ssl_alert(bro_analyzer_, bro_analyzer_->Conn(), + level, desc); return true; %} - function proc_client_hello(version : uint16, session_id : uint8[], - csuits : int[]) : bool + function proc_client_hello(rec: SSLRecord, + version : uint16, ts : double, + session_id : uint8[], + cipher_suites : int[]) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected client hello message from %s in state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); if ( ! version_ok(version) ) bro_analyzer()->ProtocolViolation(fmt("unsupported client SSL version 0x%04x", version)); - delete client_session_id_; - client_session_id_ = new vector(*session_id); - - TableVal* cipher_table = new TableVal(cipher_suites_list); - for ( unsigned int i = 0; i < csuits->size(); ++i ) + if ( ssl_client_hello ) { - Val* ciph = new Val((*csuits)[i], TYPE_COUNT); - cipher_table->Assign(ciph, 0); - Unref(ciph); - } + BroType* count_t = base_type(TYPE_COUNT); + TypeList* set_index = new TypeList(count_t); + set_index->Append(count_t); + SetType* s = new SetType(set_index, 0); + TableVal* cipher_set = new TableVal(s); + for ( unsigned int i = 0; i < cipher_suites->size(); ++i ) + { + Val* ciph = new Val((*cipher_suites)[i], TYPE_COUNT); + cipher_set->Assign(ciph, 0); + Unref(ciph); + } - BifEvent::generate_ssl_conn_attempt(bro_analyzer_, bro_analyzer_->Conn(), - version, cipher_table); - - if ( ssl_compare_cipherspecs ) - { - delete advertised_ciphers_; - advertised_ciphers_ = csuits; + BifEvent::generate_ssl_client_hello(bro_analyzer_, bro_analyzer_->Conn(), + version, ts, + to_string_val(session_id), + cipher_set); } - else - delete csuits; return true; %} - function proc_server_hello(version : uint16, session_id : uint8[], - ciphers : int[], v2_sess_hit : int) : bool + function proc_server_hello(rec: SSLRecord, + version : uint16, ts : double, + session_id : uint8[], + cipher_suite : uint16, + comp_method : uint8) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected server hello message from %s in state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); if ( ! version_ok(version) ) bro_analyzer()->ProtocolViolation(fmt("unsupported server SSL version 0x%04x", version)); - version_ = version; - - TableVal* chosen_ciphers = new TableVal(cipher_suites_list); - for ( unsigned int i = 0; i < ciphers->size(); ++i ) + if ( ssl_server_hello ) { - Val* ciph = new Val((*ciphers)[i], TYPE_COUNT); - chosen_ciphers->Assign(ciph, 0); - Unref(ciph); - } - - BifEvent::generate_ssl_conn_server_reply(bro_analyzer_, - bro_analyzer_->Conn(), - version_, chosen_ciphers); - - if ( v2_sess_hit < 0 ) - { // this is SSLv3 - cipher_ = (*ciphers)[0]; - check_cipher(cipher_); - TableVal* tv = to_table_val(session_id); - if ( client_session_id_ && - *client_session_id_ == *session_id ) - BifEvent::generate_ssl_conn_reused(bro_analyzer_, - bro_analyzer_->Conn(), tv); - else - BifEvent::generate_ssl_session_insertion(bro_analyzer_, - bro_analyzer_->Conn(), tv); - - delete ciphers; - } - - else if ( v2_sess_hit > 0 ) - { // this is SSLv2 and a session hit - if ( client_session_id_ ) - { - TableVal* tv = to_table_val(client_session_id_); - BifEvent::generate_ssl_conn_reused(bro_analyzer_, - bro_analyzer_->Conn(), tv); - } - - // We don't know the chosen cipher, as there is - // no session storage. - BifEvent::generate_ssl_conn_established(bro_analyzer_, + BifEvent::generate_ssl_server_hello(bro_analyzer_, bro_analyzer_->Conn(), - version_, 0xffffffff); - delete ciphers; - } - - else - { - // This is SSLv2; we have to set advertised - // ciphers to server ciphers. - if ( ssl_compare_cipherspecs ) - { - delete advertised_ciphers_; - advertised_ciphers_ = ciphers; - } + version, ts, + to_string_val(session_id), + cipher_suite, comp_method); } bro_analyzer()->ProtocolConfirmation(); return true; %} - function proc_certificate(certificates : bytestring[]) : bool + function proc_ssl_extension(type: int, data: bytestring) : bool + %{ + if ( ssl_extension ) + BifEvent::generate_ssl_extension(bro_analyzer_, + bro_analyzer_->Conn(), type, + new StringVal(data.length(), (const char*) data.data())); + return true; + %} + + function proc_certificate(rec: SSLRecord, certificates : bytestring[]) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected certificate message from %s in state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); - if ( ! ssl_analyze_certificates ) - return true; if ( certificates->size() == 0 ) return true; - BifEvent::generate_ssl_certificate_seen(bro_analyzer_, - bro_analyzer_->Conn(), - ! current_record_is_orig_); + STACK_OF(X509)* untrusted_certs = 0; - const bytestring& cert = (*certificates)[0]; - const uint8* data = cert.data(); - - X509* pCert = d2i_X509_binpac(NULL, &data, cert.length()); - if ( ! pCert ) + if ( x509_certificate ) { - // X509_V_UNABLE_TO_DECRYPT_CERT_SIGNATURE - certificate_error(4); - return false; - } - - RecordVal* pX509Cert = new RecordVal(x509_type); - - char tmp[256]; - X509_NAME_oneline(X509_get_issuer_name(pCert), tmp, sizeof tmp); - pX509Cert->Assign(0, new StringVal(tmp)); - X509_NAME_oneline(X509_get_subject_name(pCert), tmp, sizeof tmp); - - pX509Cert->Assign(1, new StringVal(tmp)); - pX509Cert->Assign(2, new AddrVal(bro_analyzer_->Conn()->OrigAddr())); - - BifEvent::generate_ssl_certificate(bro_analyzer_, bro_analyzer_->Conn(), - pX509Cert, current_record_is_orig_); - - if ( X509_get_ext_count(pCert) > 0 ) - { - TableVal* x509ex = new TableVal(x509_extension); - - for ( int k = 0; k < X509_get_ext_count(pCert); ++k ) + X509* pCert = 0; + for ( unsigned int i = 0; i < certificates->size(); ++i ) { - X509_EXTENSION* ex = X509_get_ext(pCert, k); - ASN1_OBJECT* obj = X509_EXTENSION_get_object(ex); - - char buf[256]; - i2t_ASN1_OBJECT(buf, sizeof(buf), obj); - Val* index = new Val(k+1, TYPE_COUNT); - Val* value = new StringVal(strlen(buf), buf); - x509ex->Assign(index, value); - Unref(index); - } - - BifEvent::generate_process_X509_extensions(bro_analyzer_, - bro_analyzer_->Conn(), x509ex); - } - - if ( ssl_verify_certificates ) - { - STACK_OF(X509)* untrusted_certs = 0; - if ( certificates->size() > 1 ) - { - untrusted_certs = sk_X509_new_null(); - if ( ! untrusted_certs ) + const bytestring& cert = (*certificates)[i]; + const uint8* data = cert.data(); + X509* pTemp = d2i_X509_binpac(NULL, &data, cert.length()); + if ( ! pTemp ) { - // X509_V_ERR_OUT_OF_MEM; - certificate_error(17); + BifEvent::generate_x509_error(bro_analyzer_, bro_analyzer_->Conn(), + ERR_get_error()); return false; } - for ( unsigned int i = 1; - i < certificates->size(); ++i ) - { - const bytestring& temp = - (*certificates)[i]; - const uint8* tdata = temp.data(); - X509* pTemp = d2i_X509_binpac(NULL, - &tdata, temp.length()); - if ( ! pTemp ) - { - // X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT - certificate_error(2); - return false; - } + RecordVal* pX509Cert = new RecordVal(x509_type); + char tmp[256]; + BIO *bio = BIO_new(BIO_s_mem()); - sk_X509_push(untrusted_certs, pTemp); + pX509Cert->Assign(0, new Val((uint64) X509_get_version(pTemp), TYPE_COUNT)); + i2a_ASN1_INTEGER(bio, X509_get_serialNumber(pTemp)); + int len = BIO_read(bio, &(*tmp), sizeof tmp); + pX509Cert->Assign(1, new StringVal(len, tmp)); + + X509_NAME_print_ex(bio, X509_get_subject_name(pTemp), 0, XN_FLAG_RFC2253); + len = BIO_gets(bio, &(*tmp), sizeof tmp); + pX509Cert->Assign(2, new StringVal(len, tmp)); + X509_NAME_print_ex(bio, X509_get_issuer_name(pTemp), 0, XN_FLAG_RFC2253); + len = BIO_gets(bio, &(*tmp), sizeof tmp); + pX509Cert->Assign(3, new StringVal(len, tmp)); + BIO_free(bio); + + pX509Cert->Assign(4, new Val(get_time_from_asn1(X509_get_notBefore(pTemp)), TYPE_TIME)); + pX509Cert->Assign(5, new Val(get_time_from_asn1(X509_get_notAfter(pTemp)), TYPE_TIME)); + StringVal* der_cert = new StringVal(cert.length(), (const char*) cert.data()); + + BifEvent::generate_x509_certificate(bro_analyzer_, bro_analyzer_->Conn(), + pX509Cert, + ! ${rec.is_orig}, + i, certificates->size(), + der_cert); + + // Are there any X509 extensions? + if ( x509_extension && X509_get_ext_count(pTemp) > 0 ) + { + BroType* count_t = base_type(TYPE_COUNT); + TypeList* set_index = new TypeList(count_t); + set_index->Append(count_t); + SetType* s = new SetType(set_index, 0); + TableVal* x509ex = new TableVal(s); + int num_ext = X509_get_ext_count(pTemp); + for ( int k = 0; k < num_ext; ++k ) + { + char *pBuffer = 0; + int length = 0; + + X509_EXTENSION* ex = X509_get_ext(pTemp, k); + if (ex) + { + ASN1_STRING *pString = X509_EXTENSION_get_data(ex); + length = ASN1_STRING_to_UTF8((unsigned char**)&pBuffer, pString); + //i2t_ASN1_OBJECT(&pBuffer, length, obj) + + // -1 indicates an error. + if ( length < 0 ) + continue; + + StringVal* value = new StringVal(length, pBuffer); + BifEvent::generate_x509_extension(bro_analyzer_, + bro_analyzer_->Conn(), value); + OPENSSL_free(pBuffer); + } + } } } - - X509_STORE_CTX csc; - X509_STORE_CTX_init(&csc, X509_Cert::ctx, - pCert, untrusted_certs); - X509_STORE_CTX_set_time(&csc, 0, time_t(network_time())); - if (! X509_verify_cert(&csc)) - certificate_error(csc.error); - X509_STORE_CTX_cleanup(&csc); - - sk_X509_pop_free(untrusted_certs, X509_free); } - - X509_free(pCert); - return true; + return true; %} - function proc_v2_certificate(cert : bytestring) : bool + function proc_v2_certificate(rec: SSLRecord, cert : bytestring) : bool %{ vector* cert_list = new vector(1,cert); - bool ret = proc_certificate(cert_list); + bool ret = proc_certificate(rec, cert_list); delete cert_list; return ret; %} - function proc_v3_certificate(cl : CertificateList) : bool + function proc_v3_certificate(rec: SSLRecord, cl : CertificateList) : bool %{ vector* certs = cl->val(); vector* cert_list = new vector(); @@ -428,65 +326,61 @@ refine analyzer SSLAnalyzer += { std::transform(certs->begin(), certs->end(), std::back_inserter(*cert_list), extract_certs()); - bool ret = proc_certificate(cert_list); + bool ret = proc_certificate(rec, cert_list); delete cert_list; return ret; %} - function proc_v2_client_master_key(cipher : int) : bool + function proc_v2_client_master_key(rec: SSLRecord, cipher_kind: int) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected v2 client master key message from %s in state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); - check_cipher(cipher); - BifEvent::generate_ssl_conn_established(bro_analyzer_, - bro_analyzer_->Conn(), version_, cipher); + BifEvent::generate_ssl_established(bro_analyzer_, + bro_analyzer_->Conn()); return true; %} - function proc_unknown_handshake(msg_type : int) : bool + function proc_unknown_handshake(hs: Handshake, is_orig: bool) : bool %{ bro_analyzer()->ProtocolViolation(fmt("unknown handshake message (%d) from %s", - msg_type, orig_label(current_record_is_orig_).c_str())); + ${hs.msg_type}, orig_label(is_orig).c_str())); return true; %} - function proc_handshake(msg : Handshake) : bool + function proc_handshake(hs: Handshake, is_orig: bool) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected Handshake message %s from %s in state %s", - handshake_type_label(msg->msg_type()).c_str(), - orig_label(current_record_is_orig_).c_str(), + handshake_type_label(${hs.msg_type}).c_str(), + orig_label(is_orig).c_str(), state_label(old_state_).c_str())); return true; %} - function proc_unknown_record(msg : UnknownRecord) : bool + function proc_unknown_record(rec: SSLRecord) : bool %{ bro_analyzer()->ProtocolViolation(fmt("unknown SSL record type (%d) from %s", - current_record_type_, - orig_label(current_record_is_orig_).c_str())); + ${rec.content_type}, + orig_label(${rec.is_orig}).c_str())); return true; %} - function proc_ciphertext_record(msg : CiphertextRecord) : bool + function proc_ciphertext_record(rec : SSLRecord) : bool %{ if ( state_ == STATE_TRACK_LOST ) bro_analyzer()->ProtocolViolation(fmt("unexpected ciphertext record from %s in state %s", - orig_label(current_record_is_orig_).c_str(), + orig_label(${rec.is_orig}).c_str(), state_label(old_state_).c_str())); - if ( state_ == STATE_CONN_ESTABLISHED && - old_state_ == STATE_COMM_ENCRYPTED ) - { - BifEvent::generate_ssl_conn_established(bro_analyzer_, - bro_analyzer_->Conn(), - version_, cipher_); - } + else if ( state_ == STATE_CONN_ESTABLISHED && + old_state_ == STATE_COMM_ENCRYPTED ) + BifEvent::generate_ssl_established(bro_analyzer_, + bro_analyzer_->Conn()); return true; %} @@ -494,72 +388,80 @@ refine analyzer SSLAnalyzer += { }; refine typeattr ChangeCipherSpec += &let { - proc : bool = $context.analyzer.proc_change_cipher_spec(this) + proc : bool = $context.analyzer.proc_change_cipher_spec(rec) &requires(state_changed); }; refine typeattr Alert += &let { - proc : bool = $context.analyzer.proc_alert(level, description); + proc : bool = $context.analyzer.proc_alert(rec, level, description); }; refine typeattr V2Error += &let { - proc : bool = $context.analyzer.proc_alert(-1, error_code); + proc : bool = $context.analyzer.proc_alert(rec, -1, error_code); }; refine typeattr ApplicationData += &let { - proc : bool = $context.analyzer.proc_application_data(this); + proc : bool = $context.analyzer.proc_application_data(rec); }; refine typeattr ClientHello += &let { - proc : bool = $context.analyzer.proc_client_hello(client_version, + proc : bool = $context.analyzer.proc_client_hello(rec, client_version, + gmt_unix_time, session_id, convert_ciphers_uint16(csuits)) &requires(state_changed); }; refine typeattr V2ClientHello += &let { - proc : bool = $context.analyzer.proc_client_hello(client_version, + proc : bool = $context.analyzer.proc_client_hello(rec, client_version, 0, session_id, convert_ciphers_uint24(ciphers)) &requires(state_changed); }; refine typeattr ServerHello += &let { - proc : bool = $context.analyzer.proc_server_hello(server_version, - session_id, convert_ciphers_uint16(cipher_suite), -1) + proc : bool = $context.analyzer.proc_server_hello(rec, server_version, + gmt_unix_time, session_id, cipher_suite, + compression_method) &requires(state_changed); }; refine typeattr V2ServerHello += &let { - proc : bool = $context.analyzer.proc_server_hello(server_version, 0, - convert_ciphers_uint24(ciphers), session_id_hit) + proc : bool = $context.analyzer.proc_server_hello(rec, server_version, 0, 0, + convert_ciphers_uint24(ciphers)[0], 0) &requires(state_changed); - cert : bool = $context.analyzer.proc_v2_certificate(cert_data) + cert : bool = $context.analyzer.proc_v2_certificate(rec, cert_data) &requires(proc); }; refine typeattr Certificate += &let { - proc : bool = $context.analyzer.proc_v3_certificate(certificates) + proc : bool = $context.analyzer.proc_v3_certificate(rec, certificates) &requires(state_changed); }; refine typeattr V2ClientMasterKey += &let { - proc : bool = $context.analyzer.proc_v2_client_master_key(to_int()(cipher_kind)) + proc : bool = $context.analyzer.proc_v2_client_master_key(rec, to_int()(cipher_kind)) &requires(state_changed); }; refine typeattr UnknownHandshake += &let { - proc : bool = $context.analyzer.proc_unknown_handshake(msg_type); + proc : bool = $context.analyzer.proc_unknown_handshake(hs, is_orig); }; refine typeattr Handshake += &let { - proc : bool = $context.analyzer.proc_handshake(this); + proc : bool = $context.analyzer.proc_handshake(this, rec.is_orig); }; refine typeattr UnknownRecord += &let { - proc : bool = $context.analyzer.proc_unknown_record(this); + proc : bool = $context.analyzer.proc_unknown_record(rec); }; refine typeattr CiphertextRecord += &let { - proc : bool = $context.analyzer.proc_ciphertext_record(this) - &requires(state_changed); + proc : bool = $context.analyzer.proc_ciphertext_record(rec); +} + +refine typeattr SSLExtension += &let { + proc : bool = $context.analyzer.proc_ssl_extension(type, data); }; + + + diff --git a/src/ssl-protocol.pac b/src/ssl-protocol.pac index a0121c2496..d8a8c79745 100644 --- a/src/ssl-protocol.pac +++ b/src/ssl-protocol.pac @@ -1,5 +1,3 @@ -# $Id:$ - # Analyzer for SSL messages (general part). # To be used in conjunction with an SSL record-layer analyzer. # Separation is necessary due to possible fragmentation of SSL records. @@ -26,6 +24,57 @@ type uint24 = record { extern type to_int; +type SSLRecord(is_orig: bool) = record { + head0 : uint8; + head1 : uint8; + head2 : uint8; + head3 : uint8; + head4 : uint8; + rec : RecordText(this, is_orig) &requires(content_type), &restofdata; +} &length = length+5, &byteorder=bigendian, + &let { + version : int = + $context.analyzer.determine_ssl_version(head0, head1, head2); + + content_type : int = case version of { + UNKNOWN_VERSION -> 0; + SSLv20 -> head2+300; + default -> head0; + }; + + length : int = case version of { + UNKNOWN_VERSION -> 0; + SSLv20 -> (((head0 & 0x7f) << 8) | head1) - 3; + default -> (head3 << 8) | head4; + }; +}; + +type RecordText(rec: SSLRecord, is_orig: bool) = case $context.analyzer.state() of { + STATE_ABBREV_SERVER_ENCRYPTED, STATE_CLIENT_ENCRYPTED, + STATE_COMM_ENCRYPTED, STATE_CONN_ESTABLISHED + -> ciphertext : CiphertextRecord(rec, is_orig); + default + -> plaintext : PlaintextRecord(rec, is_orig); +}; + +type PlaintextRecord(rec: SSLRecord, is_orig: bool) = case rec.content_type of { + CHANGE_CIPHER_SPEC -> ch_cipher : ChangeCipherSpec(rec); + ALERT -> alert : Alert(rec); + HANDSHAKE -> handshake : Handshake(rec)[]; + APPLICATION_DATA -> app_data : ApplicationData(rec); + V2_ERROR -> v2_error : V2Error(rec); + V2_CLIENT_HELLO -> v2_client_hello : V2ClientHello(rec); + V2_CLIENT_MASTER_KEY -> v2_client_master_key : V2ClientMasterKey(rec); + V2_SERVER_HELLO -> v2_server_hello : V2ServerHello(rec); + default -> unknown_record : UnknownRecord(rec); +}; + +type SSLExtension = record { + type: uint16; + data_len: uint16; + data: bytestring &length=data_len; +}; + ###################################################################### # state management according to Section 7.3. in spec ###################################################################### @@ -99,6 +148,104 @@ enum AnalyzerState { { return string(is_orig ? "originator" :"responder"); } + + double get_time_from_asn1(const ASN1_TIME * atime) + { + time_t lResult = 0; + + char lBuffer[24]; + char * pBuffer = lBuffer; + + size_t lTimeLength = atime->length; + char * pString = (char *) atime->data; + + if ( atime->type == V_ASN1_UTCTIME ) + { + if ( lTimeLength < 11 || lTimeLength > 17 ) + return 0; + + memcpy(pBuffer, pString, 10); + pBuffer += 10; + pString += 10; + } + else + { + if ( lTimeLength < 13 ) + return 0; + + memcpy(pBuffer, pString, 12); + pBuffer += 12; + pString += 12; + } + + if ((*pString == 'Z') || (*pString == '-') || (*pString == '+')) + { + *(pBuffer++) = '0'; + *(pBuffer++) = '0'; + } + else + { + *(pBuffer++) = *(pString++); + *(pBuffer++) = *(pString++); + + // Skip any fractional seconds... + if (*pString == '.') + { + pString++; + while ((*pString >= '0') && (*pString <= '9')) + pString++; + } + } + + *(pBuffer++) = 'Z'; + *(pBuffer++) = '\0'; + + time_t lSecondsFromUTC; + + if ( *pString == 'Z' ) + lSecondsFromUTC = 0; + + else + { + if ((*pString != '+') && (pString[5] != '-')) + return 0; + + lSecondsFromUTC = ((pString[1]-'0') * 10 + (pString[2]-'0')) * 60; + lSecondsFromUTC += (pString[3]-'0') * 10 + (pString[4]-'0'); + + if (*pString == '-') + lSecondsFromUTC = -lSecondsFromUTC; + } + + tm lTime; + lTime.tm_sec = ((lBuffer[10] - '0') * 10) + (lBuffer[11] - '0'); + lTime.tm_min = ((lBuffer[8] - '0') * 10) + (lBuffer[9] - '0'); + lTime.tm_hour = ((lBuffer[6] - '0') * 10) + (lBuffer[7] - '0'); + lTime.tm_mday = ((lBuffer[4] - '0') * 10) + (lBuffer[5] - '0'); + lTime.tm_mon = (((lBuffer[2] - '0') * 10) + (lBuffer[3] - '0')) - 1; + lTime.tm_year = ((lBuffer[0] - '0') * 10) + (lBuffer[1] - '0'); + + if ( lTime.tm_year < 50 ) + lTime.tm_year += 100; // RFC 2459 + + lTime.tm_wday = 0; + lTime.tm_yday = 0; + lTime.tm_isdst = 0; // No DST adjustment requested + + lResult = mktime(&lTime); + + if ( lResult ) + { + if ( 0 != lTime.tm_isdst ) + lResult -= 3600; // mktime may adjust for DST (OS dependent) + + lResult += lSecondsFromUTC; + } + else + lResult = 0; + + return lResult; + } %} ###################################################################### @@ -115,7 +262,9 @@ enum HandshakeType { SERVER_HELLO_DONE = 14, CERTIFICATE_VERIFY = 15, CLIENT_KEY_EXCHANGE = 16, - FINISHED = 20 + FINISHED = 20, + CERTIFICATE_URL = 21, # RFC 3546 + CERTIFICATE_STATUS = 22, # RFC 3546 }; %code{ @@ -132,6 +281,8 @@ enum HandshakeType { case CERTIFICATE_VERIFY: return string("CERTIFICATE_VERIFY"); case CLIENT_KEY_EXCHANGE: return string("CLIENT_KEY_EXCHANGE"); case FINISHED: return string("FINISHED"); + case CERTIFICATE_URL: return string("CERTIFICATE_URL"); + case CERTIFICATE_STATUS: return string("CERTIFICATE_STATUS"); default: return string(fmt("UNKNOWN (%d)", type)); } } @@ -142,23 +293,25 @@ enum HandshakeType { # V3 Change Cipher Spec Protocol (7.1.) ###################################################################### -type ChangeCipherSpec = record { +type ChangeCipherSpec(rec: SSLRecord) = record { type : uint8; } &length = 1, &let { state_changed : bool = - $context.analyzer.transition(STATE_CLIENT_FINISHED, - STATE_COMM_ENCRYPTED, false) || - $context.analyzer.transition(STATE_IN_SERVER_HELLO, - STATE_ABBREV_SERVER_ENCRYPTED, false) || - $context.analyzer.transition(STATE_CLIENT_KEY_NO_CERT, - STATE_CLIENT_ENCRYPTED, true) || - $context.analyzer.transition(STATE_CLIENT_CERT_VERIFIED, - STATE_CLIENT_ENCRYPTED, true) || - $context.analyzer.transition(STATE_CLIENT_KEY_WITH_CERT, - STATE_CLIENT_ENCRYPTED, true) || - $context.analyzer.transition(STATE_ABBREV_SERVER_FINISHED, - STATE_COMM_ENCRYPTED, true) || - $context.analyzer.lost_track(); + $context.analyzer.transition(STATE_CLIENT_FINISHED, + STATE_COMM_ENCRYPTED, rec.is_orig, false) || + $context.analyzer.transition(STATE_IN_SERVER_HELLO, + STATE_ABBREV_SERVER_ENCRYPTED, rec.is_orig, false) || + $context.analyzer.transition(STATE_CLIENT_KEY_NO_CERT, + STATE_CLIENT_ENCRYPTED, rec.is_orig, true) || + $context.analyzer.transition(STATE_CLIENT_CERT_VERIFIED, + STATE_CLIENT_ENCRYPTED, rec.is_orig, true) || + #$context.analyzer.transition(STATE_CLIENT_CERT, + # STATE_CLIENT_ENCRYPTED, rec.is_orig, true) || + $context.analyzer.transition(STATE_CLIENT_KEY_WITH_CERT, + STATE_CLIENT_ENCRYPTED, rec.is_orig, true) || + $context.analyzer.transition(STATE_ABBREV_SERVER_FINISHED, + STATE_COMM_ENCRYPTED, rec.is_orig, true) || + $context.analyzer.lost_track(); }; @@ -166,19 +319,19 @@ type ChangeCipherSpec = record { # V3 Alert Protocol (7.2.) ###################################################################### -type Alert = record { +type Alert(rec: SSLRecord) = record { level : uint8; description: uint8; -} &length = 2; +}; ###################################################################### # V2 Error Records (SSLv2 2.7.) ###################################################################### -type V2Error = record { +type V2Error(rec: SSLRecord) = record { error_code : uint16; -} &length = 2; +}; ###################################################################### @@ -187,9 +340,7 @@ type V2Error = record { # Application data should always be encrypted, so we should not # reach this point. -type ApplicationData = empty &let { - discard: bool = $context.flow.discard_data(); -}; +type ApplicationData(rec: SSLRecord) = empty; ###################################################################### # Handshake Protocol (7.4.) @@ -200,7 +351,7 @@ type ApplicationData = empty &let { ###################################################################### # Hello Request is empty -type HelloRequest = empty &let { +type HelloRequest(rec: SSLRecord) = empty &let { hr: bool = $context.analyzer.set_hello_requested(true); }; @@ -209,7 +360,7 @@ type HelloRequest = empty &let { # V3 Client Hello (7.4.1.2.) ###################################################################### -type ClientHello = record { +type ClientHello(rec: SSLRecord) = record { client_version : uint16; gmt_unix_time : uint32; random_bytes : bytestring &length = 28 &transient; @@ -219,12 +370,16 @@ type ClientHello = record { csuits : uint16[csuit_len/2]; cmeth_len : uint8 &check(cmeth_len > 0); cmeths : uint8[cmeth_len]; + # This weirdness is to deal with the possible existence or absence + # of the following fields. + ext_len: uint16[] &until($element == 0 || $element != 0); + extensions : SSLExtension[] &until($input.length() == 0); } &let { state_changed : bool = $context.analyzer.transition(STATE_INITIAL, - STATE_CLIENT_HELLO_RCVD, true) || + STATE_CLIENT_HELLO_RCVD, rec.is_orig, true) || ($context.analyzer.hello_requested() && - $context.analyzer.transition(STATE_ANY, STATE_CLIENT_HELLO_RCVD, true)) || + $context.analyzer.transition(STATE_ANY, STATE_CLIENT_HELLO_RCVD, rec.is_orig, true)) || $context.analyzer.lost_track(); }; @@ -233,7 +388,7 @@ type ClientHello = record { # V2 Client Hello (SSLv2 2.5.) ###################################################################### -type V2ClientHello = record { +type V2ClientHello(rec: SSLRecord) = record { client_version : uint16; csuit_len : uint16; session_len : uint16; @@ -244,9 +399,9 @@ type V2ClientHello = record { } &length = 8 + csuit_len + session_len + chal_len, &let { state_changed : bool = $context.analyzer.transition(STATE_INITIAL, - STATE_CLIENT_HELLO_RCVD, true) || + STATE_CLIENT_HELLO_RCVD, rec.is_orig, true) || ($context.analyzer.hello_requested() && - $context.analyzer.transition(STATE_ANY, STATE_CLIENT_HELLO_RCVD, true)) || + $context.analyzer.transition(STATE_ANY, STATE_CLIENT_HELLO_RCVD, rec.is_orig, true)) || $context.analyzer.lost_track(); }; @@ -255,18 +410,18 @@ type V2ClientHello = record { # V3 Server Hello (7.4.1.3.) ###################################################################### -type ServerHello = record { +type ServerHello(rec: SSLRecord) = record { server_version : uint16; gmt_unix_time : uint32; random_bytes : bytestring &length = 28 &transient; session_len : uint8; session_id : uint8[session_len]; - cipher_suite : uint16[1]; + cipher_suite : uint16; compression_method : uint8; } &let { state_changed : bool = $context.analyzer.transition(STATE_CLIENT_HELLO_RCVD, - STATE_IN_SERVER_HELLO, false) || + STATE_IN_SERVER_HELLO, rec.is_orig, false) || $context.analyzer.lost_track(); }; @@ -275,7 +430,7 @@ type ServerHello = record { # V2 Server Hello (SSLv2 2.6.) ###################################################################### -type V2ServerHello = record { +type V2ServerHello(rec: SSLRecord) = record { session_id_hit : uint8; cert_type : uint8; server_version : uint16; @@ -289,9 +444,9 @@ type V2ServerHello = record { state_changed : bool = (session_id_hit > 0 ? $context.analyzer.transition(STATE_CLIENT_HELLO_RCVD, - STATE_CONN_ESTABLISHED, false) : + STATE_CONN_ESTABLISHED, rec.is_orig, false) : $context.analyzer.transition(STATE_CLIENT_HELLO_RCVD, - STATE_V2_CL_MASTER_KEY_EXPECTED, false)) || + STATE_V2_CL_MASTER_KEY_EXPECTED, rec.is_orig, false)) || $context.analyzer.lost_track(); }; @@ -307,15 +462,15 @@ type X509Certificate = record { type CertificateList = X509Certificate[] &until($input.length() == 0); -type Certificate = record { +type Certificate(rec: SSLRecord) = record { length : uint24; certificates : CertificateList &length = to_int()(length); } &let { state_changed : bool = $context.analyzer.transition(STATE_IN_SERVER_HELLO, - STATE_IN_SERVER_HELLO, false) || + STATE_IN_SERVER_HELLO, rec.is_orig, false) || $context.analyzer.transition(STATE_SERVER_HELLO_DONE, - STATE_CLIENT_CERT, true) || + STATE_CLIENT_CERT, rec.is_orig, true) || $context.analyzer.lost_track(); }; @@ -325,12 +480,12 @@ type Certificate = record { ###################################################################### # For now ignore details; just eat up complete message -type ServerKeyExchange = record { - cont : bytestring &restofdata &transient; +type ServerKeyExchange(rec: SSLRecord) = record { + key : bytestring &restofdata; } &let { state_changed : bool = $context.analyzer.transition(STATE_IN_SERVER_HELLO, - STATE_IN_SERVER_HELLO, false) || + STATE_IN_SERVER_HELLO, rec.is_orig, false) || $context.analyzer.lost_track(); }; @@ -340,12 +495,12 @@ type ServerKeyExchange = record { ###################################################################### # For now, ignore Certificate Request Details; just eat up message. -type CertificateRequest = record { +type CertificateRequest(rec: SSLRecord) = record { cont : bytestring &restofdata &transient; } &let { state_changed : bool = $context.analyzer.transition(STATE_IN_SERVER_HELLO, - STATE_IN_SERVER_HELLO, false) || + STATE_IN_SERVER_HELLO, rec.is_orig, false) || $context.analyzer.lost_track(); }; @@ -355,10 +510,10 @@ type CertificateRequest = record { ###################################################################### # Server Hello Done is empty -type ServerHelloDone = empty &let { +type ServerHelloDone(rec: SSLRecord) = empty &let { state_changed : bool = $context.analyzer.transition(STATE_IN_SERVER_HELLO, - STATE_SERVER_HELLO_DONE, false) || + STATE_SERVER_HELLO_DONE, rec.is_orig, false) || $context.analyzer.lost_track(); }; @@ -377,14 +532,16 @@ type ServerHelloDone = empty &let { # For now ignore details of ClientKeyExchange (most of it is # encrypted anyway); just eat up message. -type ClientKeyExchange = record { +type ClientKeyExchange(rec: SSLRecord) = record { cont : bytestring &restofdata &transient; } &let { state_changed : bool = $context.analyzer.transition(STATE_SERVER_HELLO_DONE, - STATE_CLIENT_KEY_NO_CERT, true) || + STATE_CLIENT_KEY_NO_CERT, rec.is_orig, true) || $context.analyzer.transition(STATE_CLIENT_CERT, - STATE_CLIENT_KEY_WITH_CERT, true) || + STATE_CLIENT_KEY_WITH_CERT, rec.is_orig, true) || + $context.analyzer.transition(STATE_CLIENT_CERT, + STATE_CLIENT_KEY_WITH_CERT, rec.is_orig, true) || $context.analyzer.lost_track(); }; @@ -392,7 +549,7 @@ type ClientKeyExchange = record { # V2 Client Master Key (SSLv2 2.5.) ###################################################################### -type V2ClientMasterKey = record { +type V2ClientMasterKey(rec: SSLRecord) = record { cipher_kind : uint24; cl_key_len : uint16; en_key_len : uint16; @@ -403,7 +560,7 @@ type V2ClientMasterKey = record { } &length = 9 + cl_key_len + en_key_len + key_arg_len, &let { state_changed : bool = $context.analyzer.transition(STATE_V2_CL_MASTER_KEY_EXPECTED, - STATE_CONN_ESTABLISHED, true) || + STATE_CONN_ESTABLISHED, rec.is_orig, true) || $context.analyzer.lost_track(); }; @@ -413,12 +570,12 @@ type V2ClientMasterKey = record { ###################################################################### # For now, ignore Certificate Verify; just eat up the message. -type CertificateVerify = record { +type CertificateVerify(rec: SSLRecord) = record { cont : bytestring &restofdata &transient; } &let { state_changed : bool = $context.analyzer.transition(STATE_CLIENT_KEY_WITH_CERT, - STATE_CLIENT_CERT_VERIFIED, true) || + STATE_CLIENT_CERT_VERIFIED, rec.is_orig, true) || $context.analyzer.lost_track(); }; @@ -427,35 +584,40 @@ type CertificateVerify = record { # V3 Finished (7.4.9.) ###################################################################### -# The Finished messages are always sent after encryption is in effect, -# so we will not be able to read those message +# The finished messages are always sent after encryption is in effect, +# so we will not be able to read those message. ###################################################################### # V3 Handshake Protocol (7.) ###################################################################### -type UnknownHandshake(msg_type : uint8) = record { +type UnknownHandshake(hs: Handshake, is_orig: bool) = record { cont : bytestring &restofdata &transient; } &let { - state_changed : bool = $context.analyzer.lost_track(); + # TODO: an unknown handshake could just be an encrypted handshake + # before a server sends the change cipher spec message. + # I have no clue why this happens, but it does seem to happen. + # This should be solved in a different way eventually. + #state_changed : bool = $context.analyzer.lost_track(); }; -type Handshake = record { + +type Handshake(rec: SSLRecord) = record { msg_type : uint8; length : uint24; body : case msg_type of { - HELLO_REQUEST -> hello_request : HelloRequest; - CLIENT_HELLO -> client_hello : ClientHello; - SERVER_HELLO -> server_hello : ServerHello; - CERTIFICATE -> certificate : Certificate; - SERVER_KEY_EXCHANGE -> server_key_exchange : ServerKeyExchange; - CERTIFICATE_REQUEST -> certificate_request : CertificateRequest; - SERVER_HELLO_DONE -> server_hello_done : ServerHelloDone; - CERTIFICATE_VERIFY -> certificate_verify : CertificateVerify; - CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange; - default -> unknown_handshake : UnknownHandshake(msg_type); + HELLO_REQUEST -> hello_request : HelloRequest(rec); + CLIENT_HELLO -> client_hello : ClientHello(rec); + SERVER_HELLO -> server_hello : ServerHello(rec); + CERTIFICATE -> certificate : Certificate(rec); + SERVER_KEY_EXCHANGE -> server_key_exchange : ServerKeyExchange(rec); + CERTIFICATE_REQUEST -> certificate_request : CertificateRequest(rec); + SERVER_HELLO_DONE -> server_hello_done : ServerHelloDone(rec); + CERTIFICATE_VERIFY -> certificate_verify : CertificateVerify(rec); + CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange(rec); + default -> unknown_handshake : UnknownHandshake(this, rec.is_orig); }; } &length = 4 + to_int()(length); @@ -464,40 +626,26 @@ type Handshake = record { # Fragmentation (6.2.1.) ###################################################################### -type UnknownRecord = record { - cont : empty; +type UnknownRecord(rec: SSLRecord) = record { + cont : bytestring &restofdata &transient; } &let { - discard : bool = $context.flow.discard_data(); state_changed : bool = $context.analyzer.lost_track(); }; -type PlaintextRecord = case $context.analyzer.current_record_type() of { - CHANGE_CIPHER_SPEC -> ch_cipher : ChangeCipherSpec; - ALERT -> alert : Alert; - HANDSHAKE -> handshakes : Handshake; - APPLICATION_DATA -> app_data : ApplicationData; - V2_ERROR -> v2_error : V2Error; - V2_CLIENT_HELLO -> v2_client_hello : V2ClientHello; - V2_CLIENT_MASTER_KEY -> v2_client_master_key : V2ClientMasterKey; - V2_SERVER_HELLO -> v2_server_hello : V2ServerHello; - UNKNOWN_OR_V2_ENCRYPTED -> unknown_record : UnknownRecord; -}; - -type CiphertextRecord = empty &let { - discard : bool = $context.flow.discard_data(); +type CiphertextRecord(rec: SSLRecord, is_orig: bool) = empty &let { state_changed : bool = $context.analyzer.transition(STATE_ABBREV_SERVER_ENCRYPTED, - STATE_ABBREV_SERVER_FINISHED, false) || + STATE_ABBREV_SERVER_FINISHED, rec.is_orig, false) || $context.analyzer.transition(STATE_CLIENT_ENCRYPTED, - STATE_CLIENT_FINISHED, true) || + STATE_CLIENT_FINISHED, rec.is_orig, true) || $context.analyzer.transition(STATE_COMM_ENCRYPTED, - STATE_CONN_ESTABLISHED, false) || + STATE_CONN_ESTABLISHED, rec.is_orig, false) || $context.analyzer.transition(STATE_COMM_ENCRYPTED, - STATE_CONN_ESTABLISHED, true) || + STATE_CONN_ESTABLISHED, rec.is_orig, true) || $context.analyzer.transition(STATE_CONN_ESTABLISHED, - STATE_CONN_ESTABLISHED, false) || + STATE_CONN_ESTABLISHED, rec.is_orig, false) || $context.analyzer.transition(STATE_CONN_ESTABLISHED, - STATE_CONN_ESTABLISHED, true) || + STATE_CONN_ESTABLISHED, rec.is_orig, true) || $context.analyzer.lost_track(); }; @@ -506,15 +654,9 @@ type CiphertextRecord = empty &let { # initial datatype for binpac ###################################################################### -type SSLPDU = case $context.analyzer.state() of { - STATE_ABBREV_SERVER_ENCRYPTED, STATE_CLIENT_ENCRYPTED, - STATE_COMM_ENCRYPTED, STATE_CONN_ESTABLISHED - -> ciphertext : CiphertextRecord; - default - -> plaintext : PlaintextRecord; -} &byteorder = bigendian, &let { - consumed : bool = $context.flow.consume_data(); -}; +type SSLPDU(is_orig: bool) = record { + records : SSLRecord(is_orig)[] &until($element == 0); +} &byteorder = bigendian; ###################################################################### @@ -526,60 +668,48 @@ analyzer SSLAnalyzer { downflow = SSLFlow(false); %member{ - int current_record_type_; - int current_record_version_; - int current_record_length_; - bool current_record_is_orig_; int state_; int old_state_; bool hello_requested_; %} %init{ - current_record_type_ = -1; - current_record_version_ = -1; - current_record_length_ = -1; - current_record_is_orig_ = false; state_ = STATE_INITIAL; old_state_ = STATE_INITIAL; hello_requested_ = false; %} - function current_record_type() : int - %{ return current_record_type_; %} - function current_record_version() : int - %{ return current_record_version_; %} - function current_record_length() : int - %{ return current_record_length_; %} - function current_record_is_orig() : bool - %{ return current_record_is_orig_; %} - - function next_record(rec : const_bytestring, type : int, - version : int, is_orig : bool) : bool + function determine_ssl_version(head0 : uint8, head1 : uint8, + head2 : uint8) : int %{ - current_record_type_ = type; - current_record_version_ = version; - current_record_length_ = rec.length(); - current_record_is_orig_ = is_orig; + if ( head0 >= 20 && head0 <= 23 && + head1 == 0x03 && head2 < 0x03 ) + // This is most probably SSL version 3. + return (head1 << 8) | head2; - NewData(is_orig, rec.begin(), rec.end()); + else if ( head0 >= 128 && head2 < 5 && head2 != 3 ) + // Not very strong evidence, but we suspect + // this to be SSLv2. + return SSLv20; - return true; + else + return UNKNOWN_VERSION; %} function state() : int %{ return state_; %} function old_state() : int %{ return old_state_; %} function transition(olds : AnalyzerState, news : AnalyzerState, - is_orig : bool) : bool + current_record_is_orig : bool, is_orig : bool) : bool %{ if ( (olds != STATE_ANY && olds != state_) || - current_record_is_orig_ != is_orig ) + current_record_is_orig != is_orig ) return false; old_state_ = state_; state_ = news; + //printf("transitioning from %s to %s\n", state_label(old_state()).c_str(), state_label(state()).c_str()); return true; %} @@ -602,29 +732,3 @@ analyzer SSLAnalyzer { return val; %} }; - - -###################################################################### -# binpac flow for SSL -###################################################################### - -flow SSLFlow(is_orig : bool) { - flowunit = SSLPDU withcontext(connection, this); - - function discard_data() : bool - %{ - flow_buffer_->DiscardData(); - return true; - %} - - function data_available() : bool - %{ - return flow_buffer_->data_available(); - %} - - function consume_data() : bool - %{ - flow_buffer_->NewFrame(0, false); - return true; - %} -}; diff --git a/src/ssl-record-layer.pac b/src/ssl-record-layer.pac deleted file mode 100644 index ad6c4ca260..0000000000 --- a/src/ssl-record-layer.pac +++ /dev/null @@ -1,141 +0,0 @@ -# $Id:$ - -# binpac analyzer representing the SSLv3 record layer -# -# This additional layering in the analyzer hierarchy is necessary due to -# fragmentation that can be introduced in the SSL record layer. - -%include binpac.pac -%include bro.pac - -analyzer SSLRecordLayer withcontext { - analyzer : SSLRecordLayerAnalyzer; - flow : SSLRecordLayerFlow; -}; - -%include ssl-defs.pac - -%extern{ -#include "ssl_pac.h" -using binpac::SSL::SSLAnalyzer; -%} - -extern type const_bytestring; - - -type SSLPDU = record { - head0 : uint8; - head1 : uint8; - head2 : uint8; - head3 : uint8; - head4 : uint8; - fragment : bytestring &restofdata; -} &length = 5 + length, &byteorder = bigendian, &let { - version : int = - $context.analyzer.determine_ssl_version(head0, head1, head2); - - length : int = case version of { - UNKNOWN_VERSION -> 0; - SSLv20 -> (((head0 & 0x7f) << 8) | head1) - 3; - default -> (head3 << 8) | head4; - }; - - fw : bool = case version of { - UNKNOWN_VERSION -> - $context.analyzer.forward_record(const_bytestring(), - UNKNOWN_OR_V2_ENCRYPTED, UNKNOWN_VERSION, - $context.flow.is_orig) - && $context.flow.discard_data(); - - SSLv20 -> $context.analyzer.forward_v2_record(head2, head3, head4, - fragment, $context.flow.is_orig); - default -> $context.analyzer.forward_record(fragment, head0, - (head1 << 8) | head2, $context.flow.is_orig); - }; -}; - -# binpac-specific definitions - -analyzer SSLRecordLayerAnalyzer { - upflow = SSLRecordLayerFlow(true); - downflow = SSLRecordLayerFlow(false); - - %member{ - SSLAnalyzer* ssl_analyzer_; - - int ssl_version_; - int record_length_; - %} - - %init{ - ssl_analyzer_ = 0; - ssl_version_ = UNKNOWN_VERSION; - record_length_ = 0; - %} - - %eof{ - ssl_analyzer_->FlowEOF(true); - ssl_analyzer_->FlowEOF(false); - %} - - function set_ssl_analyzer(a : SSLAnalyzer) : void - %{ ssl_analyzer_ = a; %} - - function ssl_version() : int %{ return ssl_version_; %} - function record_length() : int %{ return record_length_; %} - - function determine_ssl_version(head0 : uint8, head1 : uint8, - head2 : uint8) : int - %{ - if ( head0 >= 20 && head0 <= 23 && - head1 == 0x03 && head2 < 0x03 ) - // This is most probably SSL version 3. - ssl_version_ = (head1 << 8) | head2; - - else if ( head0 >= 128 && head2 < 5 && head2 != 3 ) - // Not very strong evidence, but we suspect - // this to be SSLv2. - ssl_version_ = SSLv20; - - else - ssl_version_ = UNKNOWN_VERSION; - - return ssl_version_; - %} - - function forward_record(fragment : const_bytestring, type : int, - version : uint16, is_orig : bool) : bool - %{ - return ssl_analyzer_->next_record(fragment, type, - version, is_orig); - %} - - function forward_v2_record(b1 : uint8, b2 : uint8, b3 : uint8, - fragment : const_bytestring, - is_orig : bool) : bool - %{ - uint8* buffer = new uint8[2 + fragment.length()]; - - // Byte 1 is the record type. - buffer[0] = b2; - buffer[1] = b3; - - memcpy(buffer + 2, fragment.begin(), fragment.length()); - const_bytestring bs(buffer, 2 + fragment.length()); - - bool ret = ssl_analyzer_->next_record(bs, 300 + b1, SSLv20, - is_orig); - delete [] buffer; - return ret; - %} -}; - -flow SSLRecordLayerFlow(is_orig : bool) { - flowunit = SSLPDU withcontext(connection, this); - - function discard_data() : bool - %{ - flow_buffer_->DiscardData(); - return true; - %} -}; diff --git a/src/ssl.pac b/src/ssl.pac index f2cd92eedf..4d40493784 100644 --- a/src/ssl.pac +++ b/src/ssl.pac @@ -15,8 +15,10 @@ analyzer SSL withcontext { flow : SSLFlow; }; - -%include ssl-defs.pac - %include ssl-protocol.pac %include ssl-analyzer.pac +%include ssl-defs.pac + +flow SSLFlow(is_orig : bool) { + flowunit = SSLPDU(is_orig) withcontext(connection, this); +};