LAMPS S. Turner Internet-Draft sn3rd Intended status: Standards Track P. Kampanakis Expires: 15 June 2025 J. Massimo AWS B. Westerbaan Cloudflare 12 December 2024 Internet X.509 Public Key Infrastructure - Algorithm Identifiers for the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) draft-ietf-lamps-kyber-certificates-latest Abstract The Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) is a quantum-resistant key-encapsulation mechanism (KEM). This document describes the conventions for using the ML-KEM in X.509 Public Key Infrastructure. The conventions for the subject public keys and private keys are also described. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://lamps- wg.github.io/kyber-certificates/#go.draft-ietf-lamps-kyber- certificates.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber- certificates/. Discussion of this document takes place on the Limited Additional Mechanisms for PKIX and SMIME (lamps) Working Group mailing list (mailto:spasm@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/spasm/. Subscribe at https://www.ietf.org/mailman/listinfo/spasm/. Source for this draft and an issue tracker can be found at https://github.com/lamps-wg/kyber-certificates. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 15 June 2025. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction 1.1. Applicability Statement 2. Conventions and Definitions 3. Algorithm Identifiers 4. Subject Public Key Fields 5. Private Key Format 6. Security Considerations 7. IANA Considerations 8. References 8.1. Normative References 8.2. Informative References Appendix A. ASN.1 Module Appendix B. Security Strengths Appendix C. Examples C.1. Example Private Key C.2. Example Public Key C.3. Example Certificates Acknowledgments Authors' Addresses 1. Introduction The Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) standardized in [FIPS203] is a quantum-resistant key-encapsulation mechanism (KEM) standardized by the US National Institute of Standards and Technology (NIST) PQC Project [NIST-PQC]. Prior to standardization, the earlier versions of the mechanism were known as Kyber. ML-KEM and Kyber are not compatible. This document specifies the use of ML-KEM in Public Key Infrastructure X.509 (PKIX) certificates [RFC5280] at three security levels: ML-KEM-512, ML-KEM- 768, and ML-KEM-1024, using object identifiers assigned by NIST. The private key format is also specified. 1.1. Applicability Statement ML-KEM certificates are used in protocols where the public key is used to generate and encapsulate a shared secret used to derive a symmetric key used to encrypt a payload; see [I-D.ietf-lamps-cms-kyber]. To be used in TLS, ML-KEM certificates could only be used as end-entity identity certificates and would require significant updates to the protocol; see [I-D.celi-wiggers-tls-authkem]. 2. Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Algorithm Identifiers The AlgorithmIdentifier type is defined in [RFC5912] as follows: AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::= SEQUENCE { algorithm ALGORITHM-TYPE.&id({AlgorithmSet}), parameters ALGORITHM-TYPE. &Params({AlgorithmSet}{@algorithm}) OPTIONAL } | NOTE: The above syntax is from [RFC5912] and is compatible with | the 2021 ASN.1 syntax [X680]. See [RFC5280] for the 1988 ASN.1 | syntax. The fields in AlgorithmIdentifier have the following meanings: * algorithm identifies the cryptographic algorithm with an object identifier. * parameters, which are optional, are the associated parameters for the algorithm identifier in the algorithm field. The AlgorithmIdentifier for a ML-KEM public key MUST use one of the id-alg-ml-kem object identifiers listed below, based on the security level. The parameters field of the AlgorithmIdentifier for the ML- KEM public key MUST be absent. When any of the ML-KEM AlgorithmIdentifier appears in the SubjectPublicKeyInfo field of an X.509 certificate, the key usage certificate extension MUST only contain keyEncipherment Section 4.2.1.3 of [RFC5280]. nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) } kems OBJECT IDENTIFIER ::= { nistAlgorithms 4 } id-alg-ml-kem-512 OBJECT IDENTIFIER ::= { kems 1 } id-alg-ml-kem-768 OBJECT IDENTIFIER ::= { kems 2 } id-alg-ml-kem-1024 OBJECT IDENTIFIER ::= { kems 3 } pk-ml-kem-512 PUBLIC-KEY ::= { IDENTIFIER id-alg-ml-kem-512 -- KEY no ASN.1 wrapping -- PARAMS ARE absent CERT-KEY-USAGE { keyEncipherment } --- PRIVATE-KEY no ASN.1 wrapping -- } pk-ml-kem-768 PUBLIC-KEY ::= { IDENTIFIER id-alg-ml-kem-768 -- KEY no ASN.1 wrapping -- PARAMS ARE absent CERT-KEY-USAGE { keyEncipherment } --- PRIVATE-KEY no ASN.1 wrapping -- } pk-ml-kem-1024 PUBLIC-KEY ::= { IDENTIFIER id-alg-ml-kem-1024 -- KEY no ASN.1 wrapping -- PARAMS ARE absent CERT-KEY-USAGE { keyEncipherment } --- PRIVATE-KEY no ASN.1 wrapping -- } ML-KEM-PublicKey ::= OCTET STRING ML-KEM-PrivateKey ::= OCTET STRING No additional encoding of the ML-KEM public key value is applied in the SubjectPublicKeyInfo field of an X.509 certificate [RFC5280]. However, whenever the ML-KEM public key value appears outside of a certificate, it MAY be encoded as an OCTET STRING. No additional encoding of the ML-KEM private key value is applied in the PrivateKeyInfo field of an Asymmetric Key Package [RFC5958]. However, whenever the ML-KEM private key value appears outside of a Asymmetric Key Package, it MAY be encoded as an OCTET STRING. 4. Subject Public Key Fields In the X.509 certificate, the subjectPublicKeyInfo field has the SubjectPublicKeyInfo type, which has the following ASN.1 syntax: SubjectPublicKeyInfo {PUBLIC-KEY: IOSet} ::= SEQUENCE { algorithm AlgorithmIdentifier {PUBLIC-KEY, {IOSet}}, subjectPublicKey BIT STRING } | NOTE: The above syntax is from [RFC5912] and is compatible with | the 2021 ASN.1 syntax [X680]. See [RFC5280] for the 1988 ASN.1 | syntax. The fields in SubjectPublicKeyInfo have the following meaning: * algorithm is the algorithm identifier and parameters for the public key (see above). * subjectPublicKey contains the byte stream of the public key. Appendix C.2 contains examples for ML-KEM public keys encoded using the textual encoding defined in [RFC7468]. 5. Private Key Format In short, an ML-KEM private key is encoded by storing its 64-octet seed in the privateKey field as follows. [FIPS203] specifies two formats for an ML-KEM private key: a 64-octet seed and an (expanded) private key, which is referred to as the decapsulation key. The expanded private key (and public key) is computed from the seed using ML-KEM.KeyGen_internal(d,z) (algorithm 16) using the first 32 octets as _d_ and the remaining 32 octets as _z_. A keypair is generated by sampling 64 octets uniformly at random for the seed (private key) from a cryptographically secure pseudorandom number generator (CSPRNGs). The public key can then be computed using ML-KEM.KeyGen_internal(d,z) as described earlier. "Asymmetric Key Packages" [RFC5958] describes how to encode a private key in a structure that both identifies what algorithm the private key is for and allows for the public key and additional attributes about the key to be included as well. For illustration, the ASN.1 structure OneAsymmetricKey is replicated below. OneAsymmetricKey ::= SEQUENCE { version Version, privateKeyAlgorithm SEQUENCE { algorithm PUBLIC-KEY.&id({PublicKeySet}), parameters PUBLIC-KEY.&Params({PublicKeySet} {@privateKeyAlgorithm.algorithm}) OPTIONAL} privateKey OCTET STRING (CONTAINING PUBLIC-KEY.&PrivateKey({PublicKeySet} {@privateKeyAlgorithm.algorithm})), attributes [0] Attributes OPTIONAL, ..., [[2: publicKey [1] BIT STRING (CONTAINING PUBLIC-KEY.&Params({PublicKeySet} {@privateKeyAlgorithm.algorithm}) OPTIONAL, ... } | NOTE: The above syntax is from [RFC5958] and is compatible with | the 2021 ASN.1 syntax [X680]. When used in a OneAsymmetricKey type, the privateKey OCTET STRING contains the raw octet string encoding of the 64-octet seed. The publicKey field SHOULD be omitted because the public key can be computed as noted earlier in this section. Appendix C.1 contains examples for ML-KEM private keys encoded using the textual encoding defined in [RFC7468]. 6. Security Considerations The Security Considerations section of [RFC5280] applies to this specification as well. Protection of the private-key information, i.e., the seed, is vital to public-key cryptography. Disclosure of the private-key material to another entity can lead to masquerades. For ML-KEM specific security considerations refer to [I-D.sfluhrer-cfrg-ml-kem-security-considerations]. The generation of private keys relies on random numbers. The use of inadequate pseudo-random number generators (PRNGs) to generate these values can result in little or no security. An attacker may find it much easier to reproduce the PRNG environment that produced the keys, searching the resulting small set of possibilities, rather than brute force searching the whole key space. The generation of quality random numbers is difficult, and [RFC4086] offers important guidance in this area. ML-KEM key generation as standardized in [FIPS203] has specific requirements around randomness generation, described in section 3.3, 'Randomness generation'. Key formats have implications on KEM binding properties, initially formalized in [CDM23]. Per the analysis of the final [FIPS203] in [KEMMY24], a compliant instantiation of ML-KEM is LEAK-BIND-K-PK- secure and LEAK-BIND-K-CT-secure when using the expanded key format, but not MAL-BIND-K-PK-secure nor MAL-BIND-K-CT-secure. This means that the computed shared secret binds to the encapsulation key used to compute it against a malicious adversary that has access to leaked, honestly-generated key material but is not capable of manufacturing maliciously generated keypairs. This binding to the encapsulation key broadly protects against re-encapsulation attacks but not completely. Using the 64-byte seed format provides a step up in binding security by mitigating an attack enabled by the hash of the public encapsulation key stored in the expanded private decapsulation key format, providing MAL-BIND-K-CT security and LEAK-BIND-K-PK security. 7. IANA Considerations For the ASN.1 Module in Appendix A, IANA is requested to assign an object identifier (OID) for the module identifier (TBD) with a Description of "id-mod-x509-ml-kem-2024". The OID for the module should be allocated in the "SMI Security for PKIX Module Identifier" registry (1.3.6.1.5.5.7.0). 8. References 8.1. Normative References [FIPS203] "Module-lattice-based key-encapsulation mechanism standard", National Institute of Standards and Technology (U.S.), DOI 10.6028/nist.fips.203, August 2024, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, . [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, DOI 10.17487/RFC5912, June 2010, . [RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, DOI 10.17487/RFC5958, August 2010, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC9629] Housley, R., Gray, J., and T. Okubo, "Using Key Encapsulation Mechanism (KEM) Algorithms in the Cryptographic Message Syntax (CMS)", RFC 9629, DOI 10.17487/RFC9629, August 2024, . [X680] ITU-T, "Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation", ITU-T Recommendation X.680, ISO/IEC 8824-1:2021, February 2021, . [X690] ITU-T, "Information technology - Abstract Syntax Notation One (ASN.1): ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)", ITU-T Recommendation X.690, ISO/IEC 8825-1:2021, February 2021, . 8.2. Informative References [CDM23] Cremers, C., Dax, A., and N. Medinger, "Keeping Up with the KEMs: Stronger Security Notions for KEMs and automated analysis of KEM-based protocols", 2023, . [I-D.celi-wiggers-tls-authkem] Wiggers, T., Celi, S., Schwabe, P., Stebila, D., and N. Sullivan, "KEM-based Authentication for TLS 1.3", Work in Progress, Internet-Draft, draft-celi-wiggers-tls-authkem- 04, 17 October 2024, . [I-D.ietf-lamps-cms-kyber] Prat, J., Ounsworth, M., and D. Van Geest, "Use of ML-KEM in the Cryptographic Message Syntax (CMS)", Work in Progress, Internet-Draft, draft-ietf-lamps-cms-kyber-06, 11 December 2024, . [I-D.ietf-lamps-dilithium-certificates] Massimo, J., Kampanakis, P., Turner, S., and B. Westerbaan, "Internet X.509 Public Key Infrastructure: Algorithm Identifiers for ML-DSA", Work in Progress, Internet-Draft, draft-ietf-lamps-dilithium-certificates- 05, 4 November 2024, . [I-D.sfluhrer-cfrg-ml-kem-security-considerations] Fluhrer, S., Dang, Q., Mattsson, J. P., Milner, K., and D. Shiu, "ML-KEM Security Considerations", Work in Progress, Internet-Draft, draft-sfluhrer-cfrg-ml-kem-security- considerations-02, 19 November 2024, . [KEMMY24] Schmieg, S., "Unbindable Kemmy Schmidt: ML-KEM is neither MAL-BIND-K-CT nor MAL-BIND-K-PK", 2024, . [NIST-PQC] National Institute of Standards and Technology (NIST), "Post-Quantum Cryptography Project", 20 December 2016, . [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, "Randomness Requirements for Security", BCP 106, RFC 4086, DOI 10.17487/RFC4086, June 2005, . [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, April 2015, . Appendix A. ASN.1 Module This appendix includes the ASN.1 module [X680] for the ML-KEM. Note that as per [RFC5280], certificates use the Distinguished Encoding Rules; see [X690]. This module imports objects from [RFC5912] and [RFC9629]. X509-ML-KEM-2024 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-x509-ml-kem-2024(TBD) } DEFINITIONS IMPLICIT TAGS ::= BEGIN EXPORTS ALL; IMPORTS PUBLIC-KEY FROM AlgorithmInformation-2009 -- [RFC 5912] { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58) } KEM-ALGORITHM FROM KEMAlgorithmInformation-2023 -- [RFC 9629] { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-kemAlgorithmInformation-2023(109) }; -- -- ML-KEM Identifiers -- nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) } kems OBJECT IDENTIFIER ::= { nistAlgorithms 4 } id-alg-ml-kem-512 OBJECT IDENTIFIER ::= { kems 1 } id-alg-ml-kem-768 OBJECT IDENTIFIER ::= { kems 2 } id-alg-ml-kem-1024 OBJECT IDENTIFIER ::= { kems 3 } -- -- Public Key Algorithms -- -- To use the following with the PKIX1Explicit-2009 [RFC5912], replace -- the PublicKeyAlgorithms therein with the following: -- -- PublicKeyAlgorithms PUBLIC-KEY ::= { -- PKIXAlgs-2009.PublicKeys, -- ..., -- PKIX1-PSS-OAEP-Algorithms-2009.PublicKeys, -- X509-ML-KEM-2024.PublicKeys } -- -- Public Key (pk-) Algorithms -- PublicKeys PUBLIC-KEY ::= { -- This expands PublicKeys from RFC 5912 pk-ml-kem-512 | pk-ml-kem-768 | pk-ml-kem-1024, ... } -- -- ML-KEM Public Keys -- pk-ml-kem-512 PUBLIC-KEY ::= { IDENTIFIER id-alg-ml-kem-512 -- KEY no ASN.1 wrapping -- PARAMS ARE absent CERT-KEY-USAGE { keyEncipherment } --- PRIVATE-KEY no ASN.1 wrapping -- } pk-ml-kem-768 PUBLIC-KEY ::= { IDENTIFIER id-alg-ml-kem-768 -- KEY no ASN.1 wrapping -- PARAMS ARE absent CERT-KEY-USAGE { keyEncipherment } --- PRIVATE-KEY no ASN.1 wrapping -- } pk-ml-kem-1024 PUBLIC-KEY ::= { IDENTIFIER id-alg-ml-kem-1024 -- KEY no ASN.1 wrapping -- PARAMS ARE absent CERT-KEY-USAGE { keyEncipherment } --- PRIVATE-KEY no ASN.1 wrapping -- } END Appendix B. Security Strengths Instead of defining the strength of a quantum algorithm in a traditional manner using the imprecise notion of bits of security, NIST has defined security levels by picking a reference scheme, which NIST expects to offer notable levels of resistance to both quantum and classical attack. To wit, a KEM algorithm that achieves NIST PQC security must require computational resources to break IND-CCA2 security comparable or greater than that required for key search on AES-128, AES-192, and AES-256 for Levels 1, 3, and 5, respectively. Levels 2 and 4 use collision search for SHA-256 and SHA-384 as reference. | TODO: what should go in this table? +=======+===============+=============+========+============+====+ | Level | Parameter Set | Encap. Key | Decap. | Ciphertext | SS | | | | | Key | | | +=======+===============+=============+========+============+====+ | 1 | ML-KEM-512 | 800 | 1632 | 768 | 32 | +-------+---------------+-------------+--------+------------+----+ | 3 | ML-KEM-768 | 1184 | 2400 | 1952 | 32 | +-------+---------------+-------------+--------+------------+----+ | 5 | ML-KEM-1024 | 1568 | 3168 | 2592 | 32 | +-------+---------------+-------------+--------+------------+----+ Table 1: ML-KEM security strengths Appendix C. Examples This appendix contains examples of ML-KEM public keys, private keys and certificates. C.1. Example Private Key The following is an example of a ML-KEM-512 private key with hex seed 0001…3f: -----BEGIN PRIVATE KEY----- MFICAQAwCwYJYIZIAWUDBAQBBEAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob HB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/ -----END PRIVATE KEY----- SEQUENCE { INTEGER { 0 } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.1 } } OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516 1718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536 3738393a3b3c3d3e3f` } } The following is an example of a ML-KEM-768 private key from the same seed. -----BEGIN PRIVATE KEY----- MFICAQAwCwYJYIZIAWUDBAQCBEAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob HB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/ -----END PRIVATE KEY----- SEQUENCE { INTEGER { 0 } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.2 } } OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516 1718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536 3738393a3b3c3d3e3f` } } The following is an example of a ML-KEM-1024 private key from the same seed. -----BEGIN PRIVATE KEY----- MFICAQAwCwYJYIZIAWUDBAQDBEAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob HB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/ -----END PRIVATE KEY----- SEQUENCE { INTEGER { 0 } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.3 } } OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516 1718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536 3738393a3b3c3d3e3f` } } | NOTE: The private key is the seed and all three examples keys | use the same seed; therefore, the private above are the same | except for the OID used to represent the ML-KEM algorithm's | security strength. C.2. Example Public Key The following is the ML-KEM-512 public key corresponding to the private key in the previous section. -----BEGIN PUBLIC KEY----- MIIDMjALBglghkgBZQMEBAEDggMhADmVgV5ZfRBDVc8pqlMzyTJRhp1bzb5IcST2 Ari2pmwWxHYWSK12XPXYAGtRXpBafwrAdrDGLvoygVPnylcBaZ8TBfHmvG+QsOSb aTUSts6ZKouAFt38GmYsfj+WGcvYad13GvMIlszVkYrGy3dGbF53mZbWf/mqvJdQ Pyx7fi0ADYZFD7GAfKTKvaRlgloxx4mht6SRqzhydl0yDQtxkg+iE8lAk0Frg7gS Tmn2XmLLUADcw3qpoP/3OXDEdy81fSQYnKb1MFVowOI3ajdipoxgXlY8XSCVcuD8 dTLKKUcpU1VntfxBPF6HktJGRTbMgI+YrddGZPFBVm+QFqkKVBgpqYoEZM5BqLtE wtT6PCwglGByjvFKGnxMm5jRIgO0zDUpFgqasteDj3/2tTrgWqMafWRrevpsRZMl JqPDdVYZvplMIRwqMcBbNEeDbLIVC+GCna5rBMVTXP9Ubjkrp5dBFyD5JPSQpaxU lfITVtVQt4KmTBaItrZVvMeEIZekNML2Vjtbfwmni8xIgjJ4NWHRb0y6tnVUAAUH gVcMZmBLgXrRJSKUc26LAYYaS1p0UZuLb+UUiaUHI5Llh2JscTd2V10zgGocjicy r5fCaA9RZmMxxOuLvAQxxPloMtrxs8RVKPuhU/bHixwZhwKUfM0zdyekb7U7oR3l y0GRNGhZUWy2rXJADzzyCbI2rvNaWArIfrPjD6/WaXPKin3SZ1r0H3oXthQzzRr4 D3cIhp9mVIhJeYCxrBCgzctjagDthoGzXkKRJMqANQcluF+DperDpKPMFgCQPmUp NWC5szblrw1SnawaBIEZMCy3qbzBELlIUb8CEX8ZncSFqFK3Rz8JuDGmgx1bVMC3 kNIlz2u5LZRiomzbM92lEjx6rw4moLg2Ve6ii/OoB0clAY/WuuS2Ac9huqtxp6PT UZejQ+dLSicsEl1UCJZCbYW3lY07OKa6mH7DciXHtEzbEt3kU5tKsII2NoPwS/eg nMXEHf6DChsWLgsyQzQ2LwhKFEZ3IzRLrdAA+NjFN8SPmY8FMHzr0e3guBw7xZoG WhttY7Js -----END PUBLIC KEY----- SEQUENCE { SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.1 } } BIT_STRING { `00` `3995815e597d104355cf29aa5333c93251869d5bcdb e487124f602b8b6a66c16c4761648ad765cf5d8006b515e905a7f0ac076b0c62 efa328153e7ca5701699f1305f1e6bc6f90b0e49b693512b6ce992a8b8016ddf c1a662c7e3f9619cbd869dd771af30896ccd5918ac6cb77466c5e779996d67ff 9aabc97503f2c7b7e2d000d86450fb1807ca4cabda465825a31c789a1b7a491a b3872765d320d0b71920fa213c94093416b83b8124e69f65e62cb5000dcc37aa 9a0fff73970c4772f357d24189ca6f5305568c0e2376a3762a68c605e563c5d2 09572e0fc7532ca294729535567b5fc413c5e8792d2464536cc808f98add7466 4f141566f9016a90a541829a98a0464ce41a8bb44c2d4fa3c2c209460728ef14 a1a7c4c9b98d12203b4cc3529160a9ab2d7838f7ff6b53ae05aa31a7d646b7af a6c45932526a3c3755619be994c211c2a31c05b3447836cb2150be1829dae6b0 4c5535cff546e392ba797411720f924f490a5ac5495f21356d550b782a64c168 8b6b655bcc7842197a434c2f6563b5b7f09a78bcc488232783561d16f4cbab67 55400050781570c66604b817ad1252294736e8b01861a4b5a74519b8b6fe5148 9a5072392e587626c713776575d33806a1c8e2732af97c2680f51666331c4eb8 bbc0431c4f96832daf1b3c45528fba153f6c78b1c198702947ccd337727a46fb 53ba11de5cb4191346859516cb6ad72400f3cf209b236aef35a580ac87eb3e30 fafd66973ca8a7dd2675af41f7a17b61433cd1af80f7708869f665488497980b 1ac10a0cdcb636a00ed8681b35e429124ca80350725b85f83a5eac3a4a3cc160 0903e65293560b9b336e5af0d529dac1a048119302cb7a9bcc110b94851bf021 17f199dc485a852b7473f09b831a6831d5b54c0b790d225cf6bb92d9462a26cd b33dda5123c7aaf0e26a0b83655eea28bf3a8074725018fd6bae4b601cf61baa b71a7a3d35197a343e74b4a272c125d540896426d85b7958d3b38a6ba987ec37 225c7b44cdb12dde4539b4ab082363683f04bf7a09cc5c41dfe830a1b162e0b3 24334362f084a14467723344badd000f8d8c537c48f998f05307cebd1ede0b81 c3bc59a065a1b6d63b26c` } } The following is the ML-KEM-768 public key corresponding to the private key in the previous section. -----BEGIN PUBLIC KEY----- MIIEsjALBglghkgBZQMEBAIDggShACmKoQ1CPI3aBp0CvFnmzfA6CWuLPaTKubgM pKFJB2cszvHsT68jSgvFt+nUc/KzEzs7JqHRdctnp4BZGWmcAvdlMbmcX4kYBwS7 TKRTXFuJcmecZgoHxeUUuHAJyGLrj1FXaV77P8QKne9rgcHMAqJJrk8JStDZvTSF wcHGgIBSCnyMYyAyzuc4FU5cUXbAfaVgJHdqQw/nbqz2ZaP3uDIQIhW8gvEJOcg1 VwQzao+sHYHkuwSFql18dNa1m75cXpcqDYusQRtVtdVVfNaAoaj3G064a8SMmgUJ cxpUvZ1ykLJ5Y+Q3Lcmxmc/crAsBrNKKYjlREuTENkjWIsSMgjTQFEDozDdskn8j pa/JrAR0xmInTkJFJchVLs47P+JlFt6QG8fVFb3olVjmJslcgLkzQvgBAATznmxs lIccXjRMqzlmyDX5qWpZr9McQChrOLHBp4RwurlHUYk0RTzoZzapGfH1ptUQqG9U VPw5gMtcdlvSvV97NrFBDWY1yM60fE3aDXaijqyTnHHDAkgEhmxxYmZYRCFjwsIh F+UKzvzmN4qYVlIwKk7wws4Mxxa3eW4ray43d9+hrD2iWaMbWptTD4y2OKgaYqww GEmrr5WnMBvaMAaJCb/bfmfbzLs4pVUaJbGjoPaFdIrVdT2IgPABbGJ0hhZjhMVX H+I2WQA2TQODEeLYdds2ZoaTK17GAkMKNp6Hpu9cM4eGZXglvUwFes65I+sJNeaQ XmO0ztf4CFenc91ksVDSZhLqmsEgUtsgF78YQ8y0sygbaQ3HKK36hcACgbjjwJKH M1+Fa0/CiS9povV5Ia2gGRTECYhmLVd2lmKnhjUbm2ZJPat5WU2YbeIQDWW6D/Tq WLgVONJKRDWiWPrCVASqf0H2WLE4UGXhWNy2ARVzJyD0BFmqrBXkBpU6kKxSmX0c zQcAYO/GXbnmUzVEZ/rVbscTyG51QMQjrPJmn1L6b0rGiI2HHvPoR8ApqKr7uS4X skqgebH0GbphdbRCr7EZCdSla3CgM1soc5IYqnyTSOLDwvPrPRWkHmQXwN2Uv+sh QZsxGnuxOhgLvoMyGKmmsXRHzIXyJYWVh6cwdwSay8/UTQ8CVDjhXRU4Jw1Ybhv4 MZKpRZz2PA6XL4UpdnmDHs8SFQmFHLg0D28Qew+hoO/Rs2qBibwIXE9ct4TlU/Qb kY+AOXzhlW94W+43fKmqi+aZitowwmt8PYxrVSVMyWIDsgxCruCsTh67QI5JqeP4 edCrB4XrcCVCXRMFoimcAV4SDRY7DhlJTOVyU9AkbRgnRcuBl6t0OLPBu3lyvsWj BuujVnhVwBRpn+9lrlTHcKDYXBhADPZCrtxmB3e6SxOFAr1aeBL2IfhKSClrmN1D IrbxWCi4qPDgCoukSlPDqLFDVxsHQKvVZ9rxzenHnCBLbV4lnRdmoxu7y05qBc9F AhdrMBwcL0Ekd1AVe87IXoCbMKTWDXdHzdD1uZqoyCaYdRd5OqqAgKCxJKhVjfcr vje3X07btr6CFtbGM/srIoDiURPYaV5DSBw+6zl+sZJQUim2eiAeqJPD4ssy2ovD QvpN6gV4 -----END PUBLIC KEY----- SEQUENCE { SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.2 } } BIT_STRING { `00` `298aa10d423c8dda069d02bc59e6cdf03a096b8b3da 4cab9b80ca4a14907672ccef1ec4faf234a0bc5b7e9d473f2b3133b3b26a1d17 5cb67a7805919699c02f76531b99c5f89180704bb4ca4535c5b8972679c660a0 7c5e514b87009c862eb8f5157695efb3fc40a9def6b81c1cc02a249ae4f094ad 0d9bd3485c1c1c68080520a7c8c632032cee738154e5c5176c07da56024776a4 30fe76eacf665a3f7b832102215bc82f10939c8355704336a8fac1d81e4bb048 5aa5d7c74d6b59bbe5c5e972a0d8bac411b55b5d5557cd680a1a8f71b4eb86bc 48c9a0509731a54bd9d7290b27963e4372dc9b199cfdcac0b01acd28a6239511 2e4c43648d622c48c8234d01440e8cc376c927f23a5afc9ac0474c662274e424 525c8552ece3b3fe26516de901bc7d515bde89558e626c95c80b93342f801000 4f39e6c6c94871c5e344cab3966c835f9a96a59afd31c40286b38b1c1a78470b ab947518934453ce86736a919f1f5a6d510a86f5454fc3980cb5c765bd2bd5f7 b36b1410d6635c8ceb47c4dda0d76a28eac939c71c3024804866c71626658442 163c2c22117e50acefce6378a985652302a4ef0c2ce0cc716b7796e2b6b2e377 7dfa1ac3da259a31b5a9b530f8cb638a81a62ac301849abaf95a7301bda30068 909bfdb7e67dbccbb38a5551a25b1a3a0f685748ad5753d8880f0016c6274861 66384c5571fe2365900364d038311e2d875db366686932b5ec602430a369e87a 6ef5c338786657825bd4c057aceb923eb0935e6905e63b4ced7f80857a773dd6 4b150d26612ea9ac12052db2017bf1843ccb4b3281b690dc728adfa85c00281b 8e3c09287335f856b4fc2892f69a2f57921ada01914c40988662d57769662a78 6351b9b66493dab79594d986de2100d65ba0ff4ea58b81538d24a4435a258fac 25404aa7f41f658b1385065e158dcb60115732720f40459aaac15e406953a90a c52997d1ccd070060efc65db9e653354467fad56ec713c86e7540c423acf2669 f52fa6f4ac6888d871ef3e847c029a8aafbb92e17b24aa079b1f419ba6175b44 2afb11909d4a56b70a0335b28739218aa7c9348e2c3c2f3eb3d15a41e6417c0d d94bfeb21419b311a7bb13a180bbe833218a9a6b17447cc85f225859587a7307 7049acbcfd44d0f025438e15d1538270d586e1bf83192a9459cf63c0e972f852 97679831ecf121509851cb8340f6f107b0fa1a0efd1b36a8189bc085c4f5cb78 4e553f41b918f80397ce1956f785bee377ca9aa8be6998ada30c26b7c3d8c6b5 5254cc96203b20c42aee0ac4e1ebb408e49a9e3f879d0ab0785eb7025425d130 5a2299c015e120d163b0e19494ce57253d0246d182745cb8197ab7438b3c1bb7 972bec5a306eba3567855c014699fef65ae54c770a0d85c18400cf642aedc660 777ba4b138502bd5a7812f621f84a48296b98dd4322b6f15828b8a8f0e00a8ba 44a53c3a8b143571b0740abd567daf1cde9c79c204b6d5e259d1766a31bbbcb4 e6a05cf4502176b301c1c2f41247750157bcec85e809b30a4d60d7747cdd0f5b 99aa8c826987517793aaa8080a0b124a8558df72bbe37b75f4edbb6be8216d6c 633fb2b2280e25113d8695e43481c3eeb397eb192505229b67a201ea893c3e2c b32da8bc342fa4dea0578` } } The following is the ML-KEM-1024 public key corresponding to the private key in the previous section. -----BEGIN PUBLIC KEY----- MIIGMjALBglghkgBZQMEBAMDggYhAEuUwpRQERGRgjs1FMmsHqPZglzLhjk6LfsE ZU+iGS03v60cSXxlAu7lyoCnO/zguvWlSohYWkATl6PSMvQmp6+wgrwhpEMXCQ6q x1ksLqiKZTxEkeoZOTEzX1LpiaPEzFbZxVNzLVfEcPtBq3WbZdLQREU4L82cTjRK ESj6nhHgQ1jhku0BSyMjKn7isi4jcX9EER7jNXU5nDdkbamBPsmyEq/pTl3FwjMK cpTMH0I0ptP7tPFoWriJLASssXzRwXDXsGEbanF2x5TMjGf1X8kjwq0gMQDzZZkY gsMCQ9d4E4Q7XsfJZAMiY3BgkuzwDHUWvmTkWYykImwGm7XmfkF1zyKGyN1cSIps WGHzG6oL0CaUcOi1Ud07zTjIbBL5zbF2x33ItsAqcB9HiQLIVT9pTA2CcntMSlws EEEhKqEnSAi4IRGzd+x1IU6bGXj3YATUE52YYT9LjpjSCve1NAc6UJqVm3p1ZPm0 DKIYv2GCkyCoUCAXlU0yjXrGx2nsKXAHVuewaFs0DV4RgFlQSkmppQoQGY6xCleE Z460J9e0uruVUpM7BiiXlz4TGOrwoOrDdYSmVAGxcD4EKszYN1MUg/JBytzRwdN4 EZ5pRCnbGZrIkeTFNDdXCFuzrng2ZzUMRFjZdnLoYegLHSZ5UQ6jpvI2DHekaULH oGpVTSKAgMhLR67xTbF2IMsWwGqzChvkzacIK+n4fpwhHEaRY0mluo6qUgHHKUo8 CIW1O2V0UhCIJexkbJCgRhIyTufQMa/lNDEyy+9ntu+xpewoCbdzU4znez2LBOsL PCJWAR5McWwZqLoHUr9xSSEXZJ8GFcMpD8KaRv3kvVLbkobWAziCRCWcFaesK2QK YMwDN2pYQaP7ikc1aPqbGiZyFfNMAWl7Dw5icXXXIQW3cHwpueYUvcM6b2yBipU3 C0J4gte0dnlqnsbrmTJ0zZsjkagrpF4zk9Lprpchyp1sG5iLWCdxP5CmWF3pQzUo wCsDzhC7X3IBOND7tMMMEma5GOUpJd/hezf5XSK8pU9HWRmshZCYwPDQisWHXvKb Vv0UHm7xX3AKC2bzlZXFiBdzc8RmmyG8Bx5MOqXwtKMbYljzXaJKw80px/IJJBDF B4NVsTj7U6a5rm4LnAgkPnuqRcRzduuMfxPUz1Gqc2+jFUDJJB83DaVEv5+cKNml fi8qfKlaTktGbmQas7zHat8ROdVnpvErUvOmXn7AquJryqjFWDOwTlmZjryaGTD7 ttIjPFPSwfi5UY48Lec6Gd7ms4Clsylxz2ThKf1sH6bnXUojRQHpZt06VAr1yPTz SmtKJT7ihJJWbV5nxvVYVfywUG+wbBVnRNmgOjGib6lMrRTxV7fzA9B6acdzdo/L TQecCQWXA6DDqU3kuZ6jovFlg9D5Fwo5UNsHtPC8MIApJ/n3lhtiWYkmNqlQKicF MDY3eZ3TRNpFHBz3v2eEDOsweauMa4wZJ/ZAU8YSRQxFyeYDvBZmbllrNHHhA7bx VEdCTRcCIEgRH/vTfhxnD2TxS4p7MrlMGkm0XdL8OM1SidkQrWNgLPXhMELGSsZ5 e4n7VRrQjgWpLSAMzLfnEu8jyTEss1DwKatTfihzR/0wdawQkGp4PxxsB8y4j0Ei jEvhxkD3kLXDpdXTynkklddLxGFWJljAesYAJ2uSSrW8m+HwSUy3b4L0YKdICXJm M4HhaZlgYdeZhZ7FTU9cpcQRwB2xWXsWWXdmneE6koo0r7rCWP6oxHZCOclCHcMR m/W0dpkgaXgyexxTRe90anmDhB8FbiU0EAqyTU6au9CxfGqVvUw8DkD2nhYSrO6y i5kIbJURbnIEJziTOQv0a4mbNihrDr8ZR7uYhPcyyifagrGbXcDMf4iFcUkQiIsj EMT5MZ1BCzTmQzuQA+IXa7mVJXRWEG6JUhY7i6WSUwzFqgrrQ605j+npe6pSPXpE MWd8PTrwcZ5HXbhcqVr1CJvqvrBbL6q0iWumD4HIhHKle0aoKIJqDN+0RvgYkYLS v16sTsHMXer1mcihPkgjVAbRf/3cg0S2xmmEqGiqkvoCInoIaVDrDIcB7VjcYod2 uYOILhF1 -----END PUBLIC KEY----- SEQUENCE { SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.3 } } BIT_STRING { `00` `4b94c29450111191823b3514c9ac1ea3d9825ccb863 93a2dfb04654fa2192d37bfad1c497c6502eee5ca80a73bfce0baf5a54a88585 a401397a3d232f426a7afb082bc21a44317090eaac7592c2ea88a653c4491ea1 93931335f52e989a3c4cc56d9c553732d57c470fb41ab759b65d2d04445382fc d9c4e344a1128fa9e11e04358e192ed014b23232a7ee2b22e23717f44111ee33 575399c37646da9813ec9b212afe94e5dc5c2330a7294cc1f4234a6d3fbb4f16 85ab8892c04acb17cd1c170d7b0611b6a7176c794cc8c67f55fc923c2ad20310 0f365991882c30243d77813843b5ec7c964032263706092ecf00c7516be64e45 98ca4226c069bb5e67e4175cf2286c8dd5c488a6c5861f31baa0bd0269470e8b 551dd3bcd38c86c12f9cdb176c77dc8b6c02a701f478902c8553f694c0d82727 b4c4a5c2c1041212aa1274808b82111b377ec75214e9b1978f76004d4139d986 13f4b8e98d20af7b534073a509a959b7a7564f9b40ca218bf61829320a850201 7954d328d7ac6c769ec29700756e7b0685b340d5e118059504a49a9a50a10198 eb10a5784678eb427d7b4babb9552933b062897973e1318eaf0a0eac37584a65 401b1703e042accd837531483f241cadcd1c1d378119e694429db199ac891e4c 5343757085bb3ae783667350c4458d97672e861e80b1d2679510ea3a6f2360c7 7a46942c7a06a554d228080c84b47aef14db17620cb16c06ab30a1be4cda7082 be9f87e9c211c46916349a5ba8eaa5201c7294a3c0885b53b657452108825ec6 46c90a04612324ee7d031afe5343132cbef67b6efb1a5ec2809b773538ce77b3 d8b04eb0b3c2256011e4c716c19a8ba0752bf71492117649f0615c3290fc29a4 6fde4bd52db9286d603388244259c15a7ac2b640a60cc03376a5841a3fb8a473 568fa9b1a267215f34c01697b0f0e627175d72105b7707c29b9e614bdc33a6f6 c818a95370b427882d7b476796a9ec6eb993274cd9b2391a82ba45e3393d2e9a e9721ca9d6c1b988b5827713f90a6585de9433528c02b03ce10bb5f720138d0f bb4c30c1266b918e52925dfe17b37f95d22bca54f475919ac859098c0f0d08ac 5875ef29b56fd141e6ef15f700a0b66f39595c588177373c4669b21bc071e4c3 aa5f0b4a31b6258f35da24ac3cd29c7f2092410c5078355b138fb53a6b9ae6e0 b9c08243e7baa45c47376eb8c7f13d4cf51aa736fa31540c9241f370da544bf9 f9c28d9a57e2f2a7ca95a4e4b466e641ab3bcc76adf1139d567a6f12b52f3a65 e7ec0aae26bcaa8c55833b04e59998ebc9a1930fbb6d2233c53d2c1f8b9518e3 c2de73a19dee6b380a5b32971cf64e129fd6c1fa6e75d4a234501e966dd3a540 af5c8f4f34a6b4a253ee28492566d5e67c6f55855fcb0506fb06c156744d9a03 a31a26fa94cad14f157b7f303d07a69c773768fcb4d079c09059703a0c3a94de 4b99ea3a2f16583d0f9170a3950db07b4f0bc30802927f9f7961b6259892636a 9502a2705303637799dd344da451c1cf7bf67840ceb3079ab8c6b8c1927f6405 3c612450c45c9e603bc16666e596b3471e103b6f15447424d17022048111ffbd 37e1c670f64f14b8a7b32b94c1a49b45dd2fc38cd5289d910ad63602cf5e1304 2c64ac6797b89fb551ad08e05a92d200cccb7e712ef23c9312cb350f029ab537 e287347fd3075ac10906a783f1c6c07ccb88f41228c4be1c640f790b5c3a5d5d 3ca792495d74bc461562658c07ac600276b924ab5bc9be1f0494cb76f82f460a 7480972663381e169996061d799859ec54d4f5ca5c411c01db1597b165977669 de13a928a34afbac258fea8c4764239c9421dc3119bf5b47699206978327b1c5 345ef746a7983841f056e2534100ab24d4e9abbd0b17c6a95bd4c3c0e40f69e1 612aceeb28b99086c95116e7204273893390bf46b899b36286b0ebf1947bb988 4f732ca27da82b19b5dc0cc7f8885714910888b2310c4f9319d410b34e6433b9 003e2176bb995257456106e8952163b8ba592530cc5aa0aeb43ad398fe9e97ba a523d7a4431677c3d3af0719e475db85ca95af5089beabeb05b2faab4896ba60 f81c88472a57b46a828826a0cdfb446f8189182d2bf5eac4ec1cc5deaf599c8a 13e48235406d17ffddc8344b6c66984a868aa92fa02227a086950eb0c8701ed5 8dc628776b983882e1175` } } The following example, in addition to encoding the ML-KEM-768 private key, has an attribute included as well as the public key: -----BEGIN PRIVATE KEY----- TODO insert example private key with attribute -----END PRIVATE KEY------- C.3. Example Certificates The following is the ML-KEM-512 certificate that corresponding to the public key in the previous section signed with the ML-DSA-44 private key from [I-D.ietf-lamps-dilithium-certificates]. -----BEGIN CERTIFICATE----- MIINpDCCBBqgAwIBAgIUFZ/+byL9XMQsUk32/V4o0N44808wCwYJYIZIAWUDBAMR MCIxDTALBgNVBAoTBElFVEYxETAPBgNVBAMTCExBTVBTIFdHMB4XDTIwMDIwMzA0 MzIxMFoXDTQwMDEyOTA0MzIxMFowIjENMAsGA1UEChMESUVURjERMA8GA1UEAxMI TEFNUFMgV0cwggMyMAsGCWCGSAFlAwQEAQOCAyEAOZWBXll9EENVzymqUzPJMlGG nVvNvkhxJPYCuLambBbEdhZIrXZc9dgAa1FekFp/CsB2sMYu+jKBU+fKVwFpnxMF 8ea8b5Cw5JtpNRK2zpkqi4AW3fwaZix+P5YZy9hp3Xca8wiWzNWRisbLd0ZsXneZ ltZ/+aq8l1A/LHt+LQANhkUPsYB8pMq9pGWCWjHHiaG3pJGrOHJ2XTINC3GSD6IT yUCTQWuDuBJOafZeYstQANzDeqmg//c5cMR3LzV9JBicpvUwVWjA4jdqN2KmjGBe VjxdIJVy4Px1MsopRylTVWe1/EE8XoeS0kZFNsyAj5it10Zk8UFWb5AWqQpUGCmp igRkzkGou0TC1Po8LCCUYHKO8UoafEybmNEiA7TMNSkWCpqy14OPf/a1OuBaoxp9 ZGt6+mxFkyUmo8N1Vhm+mUwhHCoxwFs0R4NsshUL4YKdrmsExVNc/1RuOSunl0EX IPkk9JClrFSV8hNW1VC3gqZMFoi2tlW8x4Qhl6Q0wvZWO1t/CaeLzEiCMng1YdFv TLq2dVQABQeBVwxmYEuBetElIpRzbosBhhpLWnRRm4tv5RSJpQcjkuWHYmxxN3ZX XTOAahyOJzKvl8JoD1FmYzHE64u8BDHE+Wgy2vGzxFUo+6FT9seLHBmHApR8zTN3 J6RvtTuhHeXLQZE0aFlRbLatckAPPPIJsjau81pYCsh+s+MPr9Zpc8qKfdJnWvQf ehe2FDPNGvgPdwiGn2ZUiEl5gLGsEKDNy2NqAO2GgbNeQpEkyoA1ByW4X4Ol6sOk o8wWAJA+ZSk1YLmzNuWvDVKdrBoEgRkwLLepvMEQuUhRvwIRfxmdxIWoUrdHPwm4 MaaDHVtUwLeQ0iXPa7ktlGKibNsz3aUSPHqvDiaguDZV7qKL86gHRyUBj9a65LYB z2G6q3Gno9NRl6ND50tKJywSXVQIlkJthbeVjTs4prqYfsNyJce0TNsS3eRTm0qw gjY2g/BL96CcxcQd/oMKGxYuCzJDNDYvCEoURncjNEut0AD42MU3xI+ZjwUwfOvR 7eC4HDvFmgZaG21jsmyjUjBQMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUDsWS pZcefo2geKhuRnTy+xH26NcwHwYDVR0jBBgwFoAUMpoHsfq7SPUqMJ8RoYmPhI4j Iv8wCwYJYIZIAWUDBAMRA4IJdQDcV8LA/De8Ss6UL3tMcHXKc0iTXaBPPLyoCimW KG/BhZ299qdyg6Qv/hWMxXfuQLvBIJUiE9boIUvDJH1Bv5q+wBXDM4Pcb585a972 fB7Lj7rTYwGezp4QRGsn4bMOUHtOS/9MaD9LAw8XlEDSl69KgN+jN+Cak+PS1Q3O u+TpeM2fo304+3vTfHlNiePSNOqkd1pzs2nwVIbQGIWctpF1rIHC7NJ/XOO3ZsN3 Cr758OLyAotCdGCRnj16Fhxh1rJ976b6y+Yo96CDMgl22lYPJoihlBekuKc4ugkE g4vJEwAtPlMoaogn7XJcWkKIhGKp1M7nG9KvgQxCRvIfRURuDyHaiOAkOayK+Hp6 4AV02pbYX/w1X9bW1KOeId42EUQpF2iFu3ilOJi1JmMFyMP8lZZYq/8fPv3KGZPF YJpd6yaA7ReIQaNiFgCMqx7nw/Zti7sa2a5dor3YqYRjZ8UlJUuYUKxNDde/u46W mIEGSYcynpOiEYbyeWmXW4ye7qhT1Q7bmFPV8Mjzn3rXytzUzUZfrK8j9cHxAozY sF7RDuBmauliYfV1jaroCcHrohVTnSSiSMQKV4q6HjKPIpf4qENs4SVh9xkWXdbB OaiGgFhsI+sxlDGPRwbKrj6gVcbyFuJIPRL1LylJ2qFXzpzHyfAS3fHFvgv+S0AJ DnfNk3OcT7G9jQhESQOkTXA4LqxPI+0c6asvauXlICnN8RdOjraY4+DQL8cYidEi SAnXsOKNSzj+b225zdPvfBB/4eJTtV7VdnQOhETJErofxEWbpA8zobl/+bu2smdY Pg1a83hwVo+HxfkSz1iHW9WT9+iwhnm28RqzLdmmzZGJSfgEFkADriwXUEr+LIkX 0xeMGvyXxdxv9S6Y6y+n0Al0ql0tzGviVoDqA0xNLU+Mupou5ftDTJj7U1oxIUHj HlFeE06+JRoTPbDcl+cBil31SlxuZ1u7cOE33nbPOw0jWDXeA8M5uE3aMQah5VRf tZXmdijH4zEN1/++Q5oJAF1SCTsnTkZ0lk3ZlIfpO0H1sJpINzLlBO04dLlQx2Nc NFIExuPsVO7kW1rDLqkh8srBKrdUa/8ngD3kppXW7iaBhSnUE0N6lrwi5g/fJbNU H0W7r0b31u0KDQ8cNKlK8PZL5pu/ulJTGZ5Dz4HORwVt2aXQojZfGQ0rashKxes8 F+Ewgse7NUAt3HqX94+0SWpfpNCVlZknK5XfhZJV08XVZ2TkTDoJ6aBLqua/a5Xg jWTwroAJuB84jx2B1eCeYxjt+3cEaB274XU++H6m5kP/1QtJ3L1r545NaRQAylZF MwCtCTVyAavhrTcrQwhl8rVGAKOlXaCfHSln8y9u26qMHeL9BIP7JeMeZxCYQQ5b QxN0WvGmK11W6XG2CTc0qQ0RdUOvfrXTfl5A+I6DS4T2Z26APgkoq2JSQihO3JEg S7zknl2NoAummhweGU/qSPzX+4/KlxwcCCs8mD8ZkkwhdB5poU4uTES/eCO+rrm3 wxLmiIcv2RwNdN8bRkxm35SQCCfc6riit4AxkaRKz5b27FWedfkH9bOgQaQGxm/v 5IwGHsFGeQFJyV1pNvo0aB9vvMTL3VZOsoXooxrdlc0kv7jJ9Q6eF8ZAFYXvxnaS D+/OsH1b1+6WCVZIDRzRsMauvaifYUZNMQQ/CKSkDkFPjBDY5Xca9yZkGl+S+Pzz 7ODu6y3lvvUk+V6sPKEAS4ejZOocriV75SPfz0WlRZoljJXOm3tKCo6L2e56ntVs hRiIBaLG5stQf2EihTSZUf21zNjb15E7KcdbTtr8TE0iJAuVYxBtNRWsVhExOMO/ QqXWnHL015pv8Dubwt6iDr8ObCDNOItPtszlNjCz4yN51aGTrHGZ0CJcbcUWqxOm W1wrQmnYWUaz1eDahmbnowXshqI8RcGqvzUlZ0/g6nEbAJZgbk7jozC1VlwOKMM4 erhkw5mrrpicX3cvP3wl3JyhB6vbAfK4XQH3CfrnK12BhpgG0+9V5DKxTL02f+5m ckJI9cZqSYx8rhlDlNbR33kSOY0Ba2RwvmMxhdypd38l5S8oSwTRu5eJ4VrrSeeM wiW3gIxLA+o+SD2iFKyafsWLeu+Axx5/HlIVB+g82dGKkZrrESEvO9LpdlaS+AMW 9BccbDD2SGE2UZKlK4zx2QwYvnFG/ZDRjmvQV0dQOxiy0j2l7WHmbedlTTUUd5FU 0cfSG+cJHnToa/VRU4mDHvFpnV+AF0dA1s0oemhN5vOqhDzHnKasFFpUDH88mS7K gbXELYiHTQEB/s/Hr0crjwVQQCbJFe4bBJzhcnwuOcdNUKLmF7MidvoyKYYu20oE P6F0/RoDwS2FW3RyrKeSzlLWnuarfTq84iMaPgKrOl8XNfaSgGRsG3kxGe0s3rVs iwzaO8THoCLp6WpEebfucmSCMXtKfVG/28u/dvQkz1D0oqTcWqhQiDLqZI3HjdDr io44DARVGKAsEvq75Jq91GXP+1R8yejpP1lZU4onX1i0E8DMuVEU85JN+kFXbS83 6nZHmYhgwj93IvetNiK5cJs2M19LnJj5GrONmPMizoXCIBjzDx0MO/3CoRF5achF p598lYloyvlS1VYhwmLrpFmz0BB9OEepvdq0ZX11XM532I6WIF4lAUh0YEx1FInO XJ74LC2uMxa92W6nceJAjiraJKhi4VnURhPa7MUt/2oA5WY8zzmVGn94UlPsEmPj /nl7vXBVLb9Nojt9AkIO637bT+1wszCvOH8nelnzNDsCBi9B8+mdgzizEN08UKSk dCaNbCB86LVeo+umyY5abmgr2NOI7XaSTqWMs7ezemR5AkIUka35LgVIKvZw2WEz G3KxZImSviV+XMsakqGTdXof7k1usEcmbJ/EJLi9ecaxMZKuLjT9sFtNo8uvE/m1 1pf4bGnGXgBERGpZsqnm+JNxDDTbD1WntdPpyeF8/6iXd/eNiHboV830Olj0dXJ4 YbTrQBcWbfUeZ8+8gGJ0bgshMtPCrOdYVMAfWfcu7DyFi0tQdtS1pmo5Co+OwLxe IyKgwlIYOghCE3r6SBCrx0+sTP0sixV5Refu2JIBkjoywPavmK3+109l1F0BkzST fQ1pAwENGx0oLVFdZHB1f4CSlZaiq8Te7AtOfX6Qtba4w8bP1+j2FSVCWGt4goSv s7TAwcrR1drv9BRiaH2qytnr8PcAAAAAAAAAAAAAAAAAAAAAFSM2QA== -----END CERTIFICATE----- SEQUENCE { SEQUENCE { [0] { INTEGER { 2 } } INTEGER { `159ffe6f22fd5cc42c524df6fd5e28d0de38f34f` } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } } SEQUENCE { SET { SEQUENCE { # organizationName OBJECT_IDENTIFIER { 2.5.4.10 } PrintableString { "IETF" } } } SET { SEQUENCE { # commonName OBJECT_IDENTIFIER { 2.5.4.3 } PrintableString { "LAMPS WG" } } } } SEQUENCE { UTCTime { "200203043210Z" } UTCTime { "400129043210Z" } } SEQUENCE { SET { SEQUENCE { # organizationName OBJECT_IDENTIFIER { 2.5.4.10 } PrintableString { "IETF" } } } SET { SEQUENCE { # commonName OBJECT_IDENTIFIER { 2.5.4.3 } PrintableString { "LAMPS WG" } } } } SEQUENCE { SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.1 } } BIT_STRING { `00` `3995815e597d104355cf29aa5333c93251869d5 bcdbe487124f602b8b6a66c16c4761648ad765cf5d8006b515e905a7f0ac076b 0c62efa328153e7ca5701699f1305f1e6bc6f90b0e49b693512b6ce992a8b801 6ddfc1a662c7e3f9619cbd869dd771af30896ccd5918ac6cb77466c5e779996d 67ff9aabc97503f2c7b7e2d000d86450fb1807ca4cabda465825a31c789a1b7a 491ab3872765d320d0b71920fa213c94093416b83b8124e69f65e62cb5000dcc 37aa9a0fff73970c4772f357d24189ca6f5305568c0e2376a3762a68c605e563 c5d209572e0fc7532ca294729535567b5fc413c5e8792d2464536cc808f98add 74664f141566f9016a90a541829a98a0464ce41a8bb44c2d4fa3c2c209460728 ef14a1a7c4c9b98d12203b4cc3529160a9ab2d7838f7ff6b53ae05aa31a7d646 b7afa6c45932526a3c3755619be994c211c2a31c05b3447836cb2150be1829da e6b04c5535cff546e392ba797411720f924f490a5ac5495f21356d550b782a64 c1688b6b655bcc7842197a434c2f6563b5b7f09a78bcc488232783561d16f4cb ab6755400050781570c66604b817ad1252294736e8b01861a4b5a74519b8b6fe 51489a5072392e587626c713776575d33806a1c8e2732af97c2680f51666331c 4eb8bbc0431c4f96832daf1b3c45528fba153f6c78b1c198702947ccd337727a 46fb53ba11de5cb4191346859516cb6ad72400f3cf209b236aef35a580ac87eb 3e30fafd66973ca8a7dd2675af41f7a17b61433cd1af80f7708869f665488497 980b1ac10a0cdcb636a00ed8681b35e429124ca80350725b85f83a5eac3a4a3c c1600903e65293560b9b336e5af0d529dac1a048119302cb7a9bcc110b94851b f02117f199dc485a852b7473f09b831a6831d5b54c0b790d225cf6bb92d9462a 26cdb33dda5123c7aaf0e26a0b83655eea28bf3a8074725018fd6bae4b601cf6 1baab71a7a3d35197a343e74b4a272c125d540896426d85b7958d3b38a6ba987 ec37225c7b44cdb12dde4539b4ab082363683f04bf7a09cc5c41dfe830a1b162 e0b324334362f084a14467723344badd000f8d8c537c48f998f05307cebd1ede 0b81c3bc59a065a1b6d63b26c` } } [3] { SEQUENCE { SEQUENCE { # keyUsage OBJECT_IDENTIFIER { 2.5.29.15 } BOOLEAN { TRUE } OCTET_STRING { BIT_STRING { b`001` } } } SEQUENCE { # subjectKeyIdentifier OBJECT_IDENTIFIER { 2.5.29.14 } OCTET_STRING { OCTET_STRING { `0ec592a5971e7e8da078a86e4674f2fb11f6 e8d7` } } } SEQUENCE { # authorityKeyIdentifier OBJECT_IDENTIFIER { 2.5.29.35 } OCTET_STRING { SEQUENCE { [0 PRIMITIVE] { `329a07b1fabb48f52a309f11a1898f848 e2322ff` } } } } } } } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } } BIT_STRING { `00` `dc57c2c0fc37bc4ace942f7b4c7075ca7348935da04 f3cbca80a2996286fc1859dbdf6a77283a42ffe158cc577ee40bbc120952213d 6e8214bc3247d41bf9abec015c33383dc6f9f396bdef67c1ecb8fbad363019ec e9e10446b27e1b30e507b4e4bff4c683f4b030f179440d297af4a80dfa337e09 a93e3d2d50dcebbe4e978cd9fa37d38fb7bd37c794d89e3d234eaa4775a73b36 9f05486d018859cb69175ac81c2ecd27f5ce3b766c3770abef9f0e2f2028b427 460919e3d7a161c61d6b27defa6facbe628f7a083320976da560f2688a19417a 4b8a738ba0904838bc913002d3e53286a8827ed725c5a42888462a9d4cee71bd 2af810c4246f21f45446e0f21da88e02439ac8af87a7ae00574da96d85ffc355 fd6d6d4a39e21de36114429176885bb78a53898b5266305c8c3fc959658abff1 f3efdca1993c5609a5deb2680ed178841a36216008cab1ee7c3f66d8bbb1ad9a e5da2bdd8a9846367c525254b9850ac4d0dd7bfbb8e969881064987329e93a21 186f27969975b8c9eeea853d50edb9853d5f0c8f39f7ad7cadcd4cd465facaf2 3f5c1f1028cd8b05ed10ee0666ae96261f5758daae809c1eba215539d24a248c 40a578aba1e328f2297f8a8436ce12561f719165dd6c139a88680586c23eb319 4318f4706caae3ea055c6f216e2483d12f52f2949daa157ce9cc7c9f012ddf1c 5be0bfe4b40090e77cd93739c4fb1bd8d08444903a44d70382eac4f23ed1ce9a b2f6ae5e52029cdf1174e8eb698e3e0d02fc71889d1224809d7b0e28d4b38fe6 f6db9cdd3ef7c107fe1e253b55ed576740e8444c912ba1fc4459ba40f33a1b97 ff9bbb6b267583e0d5af37870568f87c5f912cf58875bd593f7e8b08679b6f11 ab32dd9a6cd918949f804164003ae2c17504afe2c8917d3178c1afc97c5dc6ff 52e98eb2fa7d00974aa5d2dcc6be25680ea034c4d2d4f8cba9a2ee5fb434c98f b535a312141e31e515e134ebe251a133db0dc97e7018a5df54a5c6e675bbb70e 137de76cf3b0d235835de03c339b84dda3106a1e5545fb595e67628c7e3310dd 7ffbe439a09005d52093b274e4674964dd99487e93b41f5b09a483732e504ed3 874b950c7635c345204c6e3ec54eee45b5ac32ea921f2cac12ab7546bff27803 de4a695d6ee26818529d413437a96bc22e60fdf25b3541f45bbaf46f7d6ed0a0 d0f1c34a94af0f64be69bbfba5253199e43cf81ce47056dd9a5d0a2365f190d2 b6ac84ac5eb3c17e13082c7bb35402ddc7a97f78fb4496a5fa4d0959599272b9 5df859255d3c5d56764e44c3a09e9a04baae6bf6b95e08d64f0ae8009b81f388 f1d81d5e09e6318edfb7704681dbbe1753ef87ea6e643ffd50b49dcbd6be78e4 d691400ca56453300ad09357201abe1ad372b430865f2b54600a3a55da09f1d2 967f32f6edbaa8c1de2fd0483fb25e31e671098410e5b4313745af1a62b5d56e 971b6093734a90d117543af7eb5d37e5e40f88e834b84f6676e803e0928ab625 242284edc91204bbce49e5d8da00ba69a1c1e194fea48fcd7fb8fca971c1c082 b3c983f19924c21741e69a14e2e4c44bf7823beaeb9b7c312e688872fd91c0d7 4df1b464c66df94900827dceab8a2b7803191a44acf96f6ec559e75f907f5b3a 041a406c66fefe48c061ec146790149c95d6936fa34681f6fbcc4cbdd564eb28 5e8a31add95cd24bfb8c9f50e9e17c6401585efc676920fefceb07d5bd7ee960 956480d1cd1b0c6aebda89f61464d31043f08a4a40e414f8c10d8e5771af7266 41a5f92f8fcf3ece0eeeb2de5bef524f95eac3ca1004b87a364ea1cae257be52 3dfcf45a5459a258c95ce9b7b4a0a8e8bd9ee7a9ed56c85188805a2c6e6cb507 f612285349951fdb5ccd8dbd7913b29c75b4edafc4c4d22240b9563106d3515a c56113138c3bf42a5d69c72f4d79a6ff03b9bc2dea20ebf0e6c20cd388b4fb6c ce53630b3e32379d5a193ac7199d0225c6dc516ab13a65b5c2b4269d85946b3d 5e0da8666e7a305ec86a23c45c1aabf3525674fe0ea711b0096606e4ee3a330b 5565c0e28c3387ab864c399abae989c5f772f3f7c25dc9ca107abdb01f2b85d0 1f709fae72b5d81869806d3ef55e432b14cbd367fee66724248f5c66a498c7ca e194394d6d1df7912398d016b6470be633185dca9777f25e52f284b04d1bb978 9e15aeb49e78cc225b7808c4b03ea3e483da214ac9a7ec58b7aef80c71e7f1e5 21507e83cd9d18a919aeb11212f3bd2e9765692f80316f4171c6c30f64861365 192a52b8cf1d90c18be7146fd90d18e6bd05747503b18b2d23da5ed61e66de76 54d3514779154d1c7d21be7091e74e86bf5515389831ef1699d5f80174740d6c d287a684de6f3aa843cc79ca6ac145a540c7f3c992eca81b5c42d88874d0101f ecfc7af472b8f05504026c915ee1b049ce1727c2e39c74d50a2e617b32276fa3 229862edb4a043fa174fd1a03c12d855b7472aca792ce52d69ee6ab7d3abce22 31a3e02ab3a5f1735f69280646c1b793119ed2cdeb56c8b0cda3bc4c7a022e9e 96a4479b7ee726482317b4a7d51bfdbcbbf76f424cf50f4a2a4dc5aa8508832e a648dc78dd0eb8a8e380c045518a02c12fabbe49abdd465cffb547cc9e8e93f5 959538a275f58b413c0ccb95114f3924dfa41576d2f37ea7647998860c23f772 2f7ad3622b9709b36335f4b9c98f91ab38d98f322ce85c22018f30f1d0c3bfdc 2a1117969c845a79f7c958968caf952d55621c262eba459b3d0107d3847a9bdd ab4657d755cce77d88e96205e25014874604c751489ce5c9ef82c2dae3316bdd 96ea771e2408e2ada24a862e159d44613daecc52dff6a00e5663ccf39951a7f7 85253ec1263e3fe797bbd70552dbf4da23b7d02420eeb7edb4fed70b330af387 f277a59f3343b02062f41f3e99d8338b310dd3c50a4a474268d6c207ce8b55ea 3eba6c98e5a6e682bd8d388ed76924ea58cb3b7b37a647902421491adf92e054 82af670d961331b72b1648992be257e5ccb1a92a193757a1fee4d6eb047266c9 fc424b8bd79c6b13192ae2e34fdb05b4da3cbaf13f9b5d697f86c69c65e00444 46a59b2a9e6f893710c34db0f55a7b5d3e9c9e17cffa89777f78d8876e857cdf 43a58f475727861b4eb4017166df51e67cfbc8062746e0b2132d3c2ace75854c 01f59f72eec3c858b4b5076d4b5a66a390a8f8ec0bc5e2322a0c252183a08421 37afa4810abc74fac4cfd2c8b157945e7eed89201923a32c0f6af98adfed74f6 5d45d019334937d0d6903010d1b1d282d515d6470757f80929596a2abc4deec0 b4e7d7e90b5b6b8c3c6cfd7e8f6152542586b788284afb3b4c0c1cad1d5daeff 41462687daacad9ebf0f70000000000000000000000000000000015233640` } } The following is the ML-KEM-768 certificate that corresponding to the public key in the previous section signed with the ML-DSA-65 private key from [I-D.ietf-lamps-dilithium-certificates]. -----BEGIN CERTIFICATE----- MIISnTCCBZqgAwIBAgIUFZ/+byL9XMQsUk32/V4o0N44808wCwYJYIZIAWUDBAMS MCIxDTALBgNVBAoTBElFVEYxETAPBgNVBAMTCExBTVBTIFdHMB4XDTIwMDIwMzA0 MzIxMFoXDTQwMDEyOTA0MzIxMFowIjENMAsGA1UEChMESUVURjERMA8GA1UEAxMI TEFNUFMgV0cwggSyMAsGCWCGSAFlAwQEAgOCBKEAKYqhDUI8jdoGnQK8WebN8DoJ a4s9pMq5uAykoUkHZyzO8exPryNKC8W36dRz8rMTOzsmodF1y2engFkZaZwC92Ux uZxfiRgHBLtMpFNcW4lyZ5xmCgfF5RS4cAnIYuuPUVdpXvs/xAqd72uBwcwCokmu TwlK0Nm9NIXBwcaAgFIKfIxjIDLO5zgVTlxRdsB9pWAkd2pDD+durPZlo/e4MhAi FbyC8Qk5yDVXBDNqj6wdgeS7BIWqXXx01rWbvlxelyoNi6xBG1W11VV81oChqPcb TrhrxIyaBQlzGlS9nXKQsnlj5DctybGZz9ysCwGs0opiOVES5MQ2SNYixIyCNNAU QOjMN2ySfyOlr8msBHTGYidOQkUlyFUuzjs/4mUW3pAbx9UVveiVWOYmyVyAuTNC +AEABPOebGyUhxxeNEyrOWbINfmpalmv0xxAKGs4scGnhHC6uUdRiTRFPOhnNqkZ 8fWm1RCob1RU/DmAy1x2W9K9X3s2sUENZjXIzrR8TdoNdqKOrJOcccMCSASGbHFi ZlhEIWPCwiEX5QrO/OY3iphWUjAqTvDCzgzHFrd5bitrLjd336GsPaJZoxtam1MP jLY4qBpirDAYSauvlacwG9owBokJv9t+Z9vMuzilVRolsaOg9oV0itV1PYiA8AFs YnSGFmOExVcf4jZZADZNA4MR4th12zZmhpMrXsYCQwo2noem71wzh4ZleCW9TAV6 zrkj6wk15pBeY7TO1/gIV6dz3WSxUNJmEuqawSBS2yAXvxhDzLSzKBtpDccorfqF wAKBuOPAkoczX4VrT8KJL2mi9XkhraAZFMQJiGYtV3aWYqeGNRubZkk9q3lZTZht 4hANZboP9OpYuBU40kpENaJY+sJUBKp/QfZYsThQZeFY3LYBFXMnIPQEWaqsFeQG lTqQrFKZfRzNBwBg78ZdueZTNURn+tVuxxPIbnVAxCOs8mafUvpvSsaIjYce8+hH wCmoqvu5LheySqB5sfQZumF1tEKvsRkJ1KVrcKAzWyhzkhiqfJNI4sPC8+s9FaQe ZBfA3ZS/6yFBmzEae7E6GAu+gzIYqaaxdEfMhfIlhZWHpzB3BJrLz9RNDwJUOOFd FTgnDVhuG/gxkqlFnPY8DpcvhSl2eYMezxIVCYUcuDQPbxB7D6Gg79GzaoGJvAhc T1y3hOVT9BuRj4A5fOGVb3hb7jd8qaqL5pmK2jDCa3w9jGtVJUzJYgOyDEKu4KxO HrtAjkmp4/h50KsHhetwJUJdEwWiKZwBXhINFjsOGUlM5XJT0CRtGCdFy4GXq3Q4 s8G7eXK+xaMG66NWeFXAFGmf72WuVMdwoNhcGEAM9kKu3GYHd7pLE4UCvVp4EvYh +EpIKWuY3UMitvFYKLio8OAKi6RKU8OosUNXGwdAq9Vn2vHN6cecIEttXiWdF2aj G7vLTmoFz0UCF2swHBwvQSR3UBV7zshegJswpNYNd0fN0PW5mqjIJph1F3k6qoCA oLEkqFWN9yu+N7dfTtu2voIW1sYz+ysigOJRE9hpXkNIHD7rOX6xklBSKbZ6IB6o k8PiyzLai8NC+k3qBXijUjBQMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUQry1 oWf6MwRJYS29gYcFanUY94cwHwYDVR0jBBgwFoAUGwVj480zRhScjJ688jsKTlqQ DuowCwYJYIZIAWUDBAMSA4IM7gDya3x1P7gnc/43+gwI1bbPyLFhkbPTUdbp8wrj S6y1IBreYKD5+OSNsHx1sQ+vThL20hYZunwSyzM3ud/UFZJcpTYE3hLIqWYYlFfD KXc9OUYfL4xYtwY9L7NuV9GitoPOZqXGxC8uFBcCPtgXnKKm+2VcUcp3WAdgnW6T ohOKPc1JMN1ElgywyAeUKGyVu26WhQxltO/tD9NyWjjx88GJQB0EAhd+CUx2gJoG 71QWYaHKKKY2Ap66VvNY8EwfG8xHfd1agWXl+dR7OldlYHAflSrZyczt/m97CBfT gz0q59YrtpgFC6A8f27DOns49/pcvFrFvnqbrB6olgn4g95w9a+zTjK+0LEOLuZ7 coxK7G52UM4+zm89rgiV6Lf57E+gq6PIg6VJQzWeNlii8vK2c4D9+ru9DWxrQYIp lO011cW7q37cw1UenD7ouG6zd0Rgq5LIaoeQgwngLFoAEGl213xGJ7nFmPKweq6m jEWArh8WFdQS8xaArVxh16Qhijpk9aIMRXP8kv7x8ORXIOQkfE2zVQnnjMt7zTO7 YbKY0ujPJwEga8UsP95V3ApLLNc4S9EIm/URSL9i1eA5Yf0/7qZub4512LN3tH9f QGr96wtIGKmMmD/M/ON86GXWRMvQW8w3DSgi73RuM5WH+IVZ8kRgdwx6ff/Flbd3 PXXmxziQd6JdOIDn2JeTaEfZd6MxJ8juknEQTotIzOhSNJ08zcQqkCu0OQIcNMaK vzbzEDP+VbiIGxL6n7Y3JRnp+ACA2pWbB5lUl7Ex2OMCO9zrGAL5f98+5RFId7Mz 2gQOah/y2FFHVw72TB3XFzyPuThiTSeXW/sQUMkvGXcb6cgUA25Umuq+tvKuktLt H7Rrj13+g+cSgkDMKpHPx2aVTaZ3hchDqQhplLu8adVkjaXldrrU/le3JYUwZCsL 4ZCbWfEZeRgq7rVirSSEm8U1psE5mFZ0LqewLz87FKIYmTFVY25Xew+T4O/BC35P k3xp5pP99ShC+0o0YyStQziC2PmNNzjm6xHGYAYas7gyfpqVz93ooN5lg9uMTnLs SdAD/jsumB9nLGFPJ9tNYmL6AbnlBZiBwg2oSuIlSUBTCMFmbt+4QvsgeqjHx7nQ Z+oc8x7D3tSiVcf+sTICFRO6br2FF2PHDlTvKudW6ziFLsYWkkNK4K68p4GO983H R8pd0uXyhICMHSgriODpHmbTvyV2Vzh9+AKCt8PLiixeKzBL0Q6A2lquMk+cJP8f Q4QJL/TbUJ1B0yy1GVy6oToID+zM7ZUwI85VEqBnwWqA/UU3pggJg1CjItGrgM9x fGkPVjPZ9IjadgB0tgfHZ97gW6YiocaXmu6rrYF6rxYkWDaww9Uq8CQsrv7YRb2Q OeLCem1jyo/98YeMxVxBXZtAqMfgbAd2f0pa9Y3u84OBvdLNIyHXDWgmIhHG4uy1 6JO6OxdU9qoEyw3s/8hCAQbQZfEHTsTTbR+ij35PCZHfYOZiFUZozMCSslHSrbIc +hmjd5slvDnbuxwCnhJX5dOnWRQtWzbUg4kJFwSven+MCQ6d8CS6RZbEHOwvCD4B qIHUaR1+lT9bW8kynPMZk6GdKCvyAEVnf9ka4mIiJrzycqBwwdOTlfKsESviE2yd 9YyBF3adS6eOKiuE71HJ7h1gnpxQJLtrC0q4y4Rmh9arwDb5nQ7QrF4mG+jUMFLL sR8jd+/QHGmpZ5qhUfxyti2qQOteGjDlXtA2guahqCSX71GUpXLTY3VYisnWzoM/ xdoMhKy+maEJ1mOeyrPnmOXh/mxLWpwcN42QH3u+iktGa66LKNwk5P4+1aSjV62k 6jWvWAF6bSgr7hhffyt8Nr70HklYQg3NZpo5ivpzYzCJ6r5dm0yuL6pxJg098RYu 3CfyjyOHB/FVhx+e9ADQ1I/NbkGyDvIj/AqD0TLbG9AyXU968SP3AEmedi3IZLGO EtA373hLW/rnVCa15+3rcLcQACfJwv8VwbIpeZSBh7fZ26KcR2Rj0vV7Qn786ZbK 6aG9SlHpRCsV6hiQdsCYr1k+X0a7wrRr80fHrCd07vqG/hl4dbFu/IhMeQ243K6n 3FTnHclYDoKaUQCmlOfgp9/3djAb/rOVwiPMoXkVS8JAJPa3gazejnITG+W209T1 ukA+AYvpAR2qd1ysBjZnZxbEswAWKk2z6O/056/F1AQaIVRgKBIYzuwE1lLNLNV4 OgLUZ791oEfjVx/1QqhgLBd3pY/U3535OlM8lCURjdMo0EuxsrIY3AxDQHdnSTsw EzE6ZDFLCFEKEEw/iVJul8qKUtFuoqsQMX51A2L1AosbaPzawY6RU2/BWFqew2A4 K5Wm5YDwilHYlpBy3+F1ByNUI5+ayXMFwQi0dqpD6QXpuRm38Ze+qy2YKtaAljeJ xfcJjdIrx2LiAvKGHO6yMb+JVGliBZr38wS5fJX3sZY1gWE3uG82qMo9ft5ovmoE ZMMb4GSBfX8WTyncPmO/t7/wv+JbVP/Hx0yv/7WWVY1pPoC6boEtY4YrIHve7lxv S8NSixJ8ESLzffJZTGc9D/tDM6FRHobUZItSoFZwHpGGbfOrOD1Q8mWaVj2OxXh7 nlWrKX+WSZX59sR+Ez4eHejnNXFT2FGWrUfK05+0YooTn/4jZE/u8X9tSf/HJkKb NyKoDeJ9lwf60iJFbQNf1zXVc0U3I9y833CvUz3V1XKZoZ6AQXcc5NW+lNpj0CPD 3Z3tjwYGIdpQopZW6qYk66yektO780fYKdqG3W+0QvFmV25DjKx0DcNXDgs6AXn8 Dehq70ogiRaqisQuXE0+Qy9MdXwx/9ytN6m3Th25dNg7PPKuPugbFAg3ev+RuPv0 a3BwLozRyAIp5VGuG7Iu0E80kAXQixkN3YQpcWhXTsJBfsrFyUVJLejYgX0Xmkj+ +2pf4+9IRf2nAwqcYRZylt1N0/x2/vVy7pz57NIoWGsQ9Vy8HcgK/rus1PWRhN36 ic5IoCgko/ctVpKZfX3Rhhm4qjWXEgzsiMj8/RhbKC2m/MobcCNCQUK26fwetMri Sq62x3XTyaI4HU5kCQUdXcuaa13UvmFxNKqhKqJSYopCOk+2tP49qewc4dPKebbc qYF8kVhpJB5cwifB3ieaRjU66PaTX2AwZNa0k3XrXmql9pQ6h6K7QJ+DucAJn1n0 FH0XElKBX2ebUC9luqUjHRKeJW/FDZEijj9ez8ssGMD4Elcut/qM1hNh1GB0hDN1 x8yE3KNwHJfs9bQxphoRYnw78rINuwUU9Yild15XLEa9CzUvwmOcwQXku/X4aVPv 0qsUnF414LGeySk/8XUcJewV/u9EdIm1XvL77iifRaV9CeRu4yEYPn737QCW7j+F Ex4WrWbokI54n+SeBuvZ6Jfs/12lPjFVIsD9MM+YaIVA2846cVJ0Idc+o7MGXK5e 6p/2PjlRktXrYPVHrIRP3Ouc2js0IBEK6STubJFbSnAHTSRQqmcxph1BXLf6A1dd 7dt7R7tKbepBxWKYq5liC9Rqq2oatrbMARH59EWscoEAzZP0L0rio1KPknvM0ZBI ibiszAb7sqkh7Hq7EoicirdXTjItOitSQWshGiuiKVqCE0jANM7lFhfO63XsFo7G GuOuqQKDJTx+8F5qHs2s7yC4uZDDmMx+pZ36J6Mae5CcyeXVQDgkBZdU47tVCeB0 7WqaXFAdbJTKVwEkG3PSg9qp8SoDL6c9eQye/Hk1Z/vmf1tYHoPg8iJpx0iD/dEk /73iGZEAr7U7NM/ldcDxCXO1mfBNSmixq6zp5jJEH9TCo+usT0dQKGW0N1zPyDrH 0qHWt1xSO0G6FPK4zTyEY/84z+ecXFvxxynXLYYCm5kEhK06PYiVY5OKOaBe9vma qS66MzHNpfjNblJfG9O/HeiJLJ3vV7/F3U/kfxs3PStrMgoXMRt1KBrmIBB3F1xE 5WCaEONmuYSmJMZPbdkB+7rEsbC4v1cnyE0800BAGNYpVyPyTYbfPBthNEmYsBIV KSYuVQ1259Ju69UE22dqnXnorsCZCXWEpmcmRO8/Gvb0Y7OYFWltDeGLFJRbJ4av 5dtNm2ZH53uLPi3aYsZU9cyfxh7AcbKSfQlRSVKCj6o0BQ3ZvmBPPOvcsUbUU5oo FgCPOse60fvnKhEEO9zEnuU3RObcQPkDQRmMQ3OhibiGzOEOaU6PCEVJ3P+N+lJm /0M2lNaYgaks0kmKoYdEmpLdmdGSCCB6HJ+nIIlwodrM0wK9SZUqkd+kFoGvGf7+ XkFvmlJbGn4UCaaHOUaDZsFBMiAcMAAcPv9FIM+A9NIjbC2imd0TJf+tLf6tLA6P gFHtzTF9yuL8FSI+bbLr9go0PG2SnqPM4RQha4s2OoOvtNkQI2Smvu0AAAAAAAAA AAAAAAAAAAAAAAAFDBUZHyU= -----END CERTIFICATE----- SEQUENCE { SEQUENCE { [0] { INTEGER { 2 } } INTEGER { `159ffe6f22fd5cc42c524df6fd5e28d0de38f34f` } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.18 } } SEQUENCE { SET { SEQUENCE { # organizationName OBJECT_IDENTIFIER { 2.5.4.10 } PrintableString { "IETF" } } } SET { SEQUENCE { # commonName OBJECT_IDENTIFIER { 2.5.4.3 } PrintableString { "LAMPS WG" } } } } SEQUENCE { UTCTime { "200203043210Z" } UTCTime { "400129043210Z" } } SEQUENCE { SET { SEQUENCE { # organizationName OBJECT_IDENTIFIER { 2.5.4.10 } PrintableString { "IETF" } } } SET { SEQUENCE { # commonName OBJECT_IDENTIFIER { 2.5.4.3 } PrintableString { "LAMPS WG" } } } } SEQUENCE { SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.2 } } BIT_STRING { `00` `298aa10d423c8dda069d02bc59e6cdf03a096b8 b3da4cab9b80ca4a14907672ccef1ec4faf234a0bc5b7e9d473f2b3133b3b26a 1d175cb67a7805919699c02f76531b99c5f89180704bb4ca4535c5b8972679c6 60a07c5e514b87009c862eb8f5157695efb3fc40a9def6b81c1cc02a249ae4f0 94ad0d9bd3485c1c1c68080520a7c8c632032cee738154e5c5176c07da560247 76a430fe76eacf665a3f7b832102215bc82f10939c8355704336a8fac1d81e4b b0485aa5d7c74d6b59bbe5c5e972a0d8bac411b55b5d5557cd680a1a8f71b4eb 86bc48c9a0509731a54bd9d7290b27963e4372dc9b199cfdcac0b01acd28a623 95112e4c43648d622c48c8234d01440e8cc376c927f23a5afc9ac0474c662274 e424525c8552ece3b3fe26516de901bc7d515bde89558e626c95c80b93342f80 10004f39e6c6c94871c5e344cab3966c835f9a96a59afd31c40286b38b1c1a78 470bab947518934453ce86736a919f1f5a6d510a86f5454fc3980cb5c765bd2b d5f7b36b1410d6635c8ceb47c4dda0d76a28eac939c71c3024804866c7162665 8442163c2c22117e50acefce6378a985652302a4ef0c2ce0cc716b7796e2b6b2 e3777dfa1ac3da259a31b5a9b530f8cb638a81a62ac301849abaf95a7301bda3 0068909bfdb7e67dbccbb38a5551a25b1a3a0f685748ad5753d8880f0016c627 486166384c5571fe2365900364d038311e2d875db366686932b5ec602430a369 e87a6ef5c338786657825bd4c057aceb923eb0935e6905e63b4ced7f80857a77 3dd64b150d26612ea9ac12052db2017bf1843ccb4b3281b690dc728adfa85c00 281b8e3c09287335f856b4fc2892f69a2f57921ada01914c40988662d5776966 2a786351b9b66493dab79594d986de2100d65ba0ff4ea58b81538d24a4435a25 8fac25404aa7f41f658b1385065e158dcb60115732720f40459aaac15e406953 a90ac52997d1ccd070060efc65db9e653354467fad56ec713c86e7540c423acf 2669f52fa6f4ac6888d871ef3e847c029a8aafbb92e17b24aa079b1f419ba617 5b442afb11909d4a56b70a0335b28739218aa7c9348e2c3c2f3eb3d15a41e641 7c0dd94bfeb21419b311a7bb13a180bbe833218a9a6b17447cc85f225859587a 73077049acbcfd44d0f025438e15d1538270d586e1bf83192a9459cf63c0e972 f85297679831ecf121509851cb8340f6f107b0fa1a0efd1b36a8189bc085c4f5 cb784e553f41b918f80397ce1956f785bee377ca9aa8be6998ada30c26b7c3d8 c6b55254cc96203b20c42aee0ac4e1ebb408e49a9e3f879d0ab0785eb7025425 d1305a2299c015e120d163b0e19494ce57253d0246d182745cb8197ab7438b3c 1bb7972bec5a306eba3567855c014699fef65ae54c770a0d85c18400cf642aed c660777ba4b138502bd5a7812f621f84a48296b98dd4322b6f15828b8a8f0e00 a8ba44a53c3a8b143571b0740abd567daf1cde9c79c204b6d5e259d1766a31bb bcb4e6a05cf4502176b301c1c2f41247750157bcec85e809b30a4d60d7747cdd 0f5b99aa8c826987517793aaa8080a0b124a8558df72bbe37b75f4edbb6be821 6d6c633fb2b2280e25113d8695e43481c3eeb397eb192505229b67a201ea893c 3e2cb32da8bc342fa4dea0578` } } [3] { SEQUENCE { SEQUENCE { # keyUsage OBJECT_IDENTIFIER { 2.5.29.15 } BOOLEAN { TRUE } OCTET_STRING { BIT_STRING { b`001` } } } SEQUENCE { # subjectKeyIdentifier OBJECT_IDENTIFIER { 2.5.29.14 } OCTET_STRING { OCTET_STRING { `42bcb5a167fa330449612dbd8187056a7518 f787` } } } SEQUENCE { # authorityKeyIdentifier OBJECT_IDENTIFIER { 2.5.29.35 } OCTET_STRING { SEQUENCE { [0 PRIMITIVE] { `1b0563e3cd3346149c8c9ebcf23b0a4e5 a900eea` } } } } } } } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.18 } } BIT_STRING { `00` `f26b7c753fb82773fe37fa0c08d5b6cfc8b16191b3d 351d6e9f30ae34bacb5201ade60a0f9f8e48db07c75b10faf4e12f6d21619ba7 c12cb3337b9dfd415925ca53604de12c8a966189457c329773d39461f2f8c58b 7063d2fb36e57d1a2b683ce66a5c6c42f2e1417023ed8179ca2a6fb655c51ca7 75807609d6e93a2138a3dcd4930dd44960cb0c80794286c95bb6e96850c65b4e fed0fd3725a38f1f3c189401d0402177e094c76809a06ef541661a1ca28a6360 29eba56f358f04c1f1bcc477ddd5a8165e5f9d47b3a576560701f952ad9c9cce dfe6f7b0817d3833d2ae7d62bb698050ba03c7f6ec33a7b38f7fa5cbc5ac5be7 a9bac1ea89609f883de70f5afb34e32bed0b10e2ee67b728c4aec6e7650ce3ec e6f3dae0895e8b7f9ec4fa0aba3c883a54943359e3658a2f2f2b67380fdfabbb d0d6c6b41822994ed35d5c5bbab7edcc3551e9c3ee8b86eb3774460ab92c86a8 7908309e02c5a00106976d77c4627b9c598f2b07aaea68c4580ae1f1615d412f 31680ad5c61d7a4218a3a64f5a20c4573fc92fef1f0e45720e4247c4db35509e 78ccb7bcd33bb61b298d2e8cf2701206bc52c3fde55dc0a4b2cd7384bd1089bf 51148bf62d5e03961fd3feea66e6f8e75d8b377b47f5f406afdeb0b4818a98c9 83fccfce37ce865d644cbd05bcc370d2822ef746e339587f88559f24460770c7 a7dffc595b7773d75e6c7389077a25d3880e7d897936847d977a33127c8ee927 1104e8b48cce852349d3ccdc42a902bb439021c34c68abf36f31033fe55b8881 b12fa9fb6372519e9f80080da959b07995497b131d8e3023bdceb1802f97fdf3 ee5114877b333da040e6a1ff2d85147570ef64c1dd7173c8fb938624d27975bf b1050c92f19771be9c814036e549aeabeb6f2ae92d2ed1fb46b8f5dfe83e7128 240cc2a91cfc766954da67785c843a9086994bbbc69d5648da5e576bad4fe57b 7258530642b0be1909b59f11979182aeeb562ad24849bc535a6c1399856742ea 7b02f3f3b14a218993155636e577b0f93e0efc10b7e4f937c69e693fdf52842f b4a346324ad433882d8f98d3738e6eb11c660061ab3b8327e9a95cfdde8a0de6 583db8c4e72ec49d003fe3b2e981f672c614f27db4d6262fa01b9e5059881c20 da84ae22549405308c1666edfb842fb207aa8c7c7b9d067ea1cf31ec3ded4a25 5c7feb132021513ba6ebd851763c70e54ef2ae756eb38852ec61692434ae0aeb ca7818ef7cdc747ca5dd2e5f284808c1d282b88e0e91e66d3bf257657387df80 282b7c3cb8a2c5e2b304bd10e80da5aae324f9c24ff1f4384092ff4db509d41d 32cb5195cbaa13a080feccced953023ce5512a067c16a80fd4537a608098350a 322d1ab80cf717c690f5633d9f488da760074b607c767dee05ba622a1c6979ae eabad817aaf16245836b0c3d52af0242caefed845bd9039e2c27a6d63ca8ffdf 1878cc55c415d9b40a8c7e06c07767f4a5af58deef38381bdd2cd2321d70d682 62211c6e2ecb5e893ba3b1754f6aa04cb0decffc8420106d065f1074ec4d36d1 fa28f7e4f0991df60e662154668ccc092b251d2adb21cfa19a3779b25bc39dbb b1c029e1257e5d3a759142d5b36d48389091704af7a7f8c090e9df024ba4596c 41cec2f083e01a881d4691d7e953f5b5bc9329cf31993a19d282bf20045677fd 91ae2622226bcf272a070c1d39395f2ac112be2136c9df58c8117769d4ba78e2 a2b84ef51c9ee1d609e9c5024bb6b0b4ab8cb846687d6abc036f99d0ed0ac5e2 61be8d43052cbb11f2377efd01c69a9679aa151fc72b62daa40eb5e1a30e55ed 03682e6a1a82497ef5194a572d36375588ac9d6ce833fc5da0c84acbe99a109d 6639ecab3e798e5e1fe6c4b5a9c1c378d901f7bbe8a4b466bae8b28dc24e4fe3 ed5a4a357ada4ea35af58017a6d282bee185f7f2b7c36bef41e4958420dcd669 a398afa73633089eabe5d9b4cae2faa71260d3df1162edc27f28f238707f1558 71f9ef400d0d48fcd6e41b20ef223fc0a83d132db1bd0325d4f7af123f700499 e762dc864b18e12d037ef784b5bfae75426b5e7edeb70b7100027c9c2ff15c1b 22979948187b7d9dba29c476463d2f57b427efce996cae9a1bd4a51e9442b15e a189076c098af593e5f46bbc2b46bf347c7ac2774eefa86fe197875b16efc884 c790db8dcaea7dc54e71dc9580e829a5100a694e7e0a7dff776301bfeb395c22 3cca179154bc24024f6b781acde8e72131be5b6d3d4f5ba403e018be9011daa7 75cac0636676716c4b300162a4db3e8eff4e7afc5d4041a215460281218ceec0 4d652cd2cd5783a02d467bf75a047e3571ff542a8602c1777a58fd4df9df93a5 33c9425118dd328d04bb1b2b218dc0c43407767493b3013313a64314b08510a1 04c3f89526e97ca8a52d16ea2ab10317e750362f5028b1b68fcdac18e91536fc 1585a9ec360382b95a6e580f08a51d8969072dfe175072354239f9ac97305c10 8b476aa43e905e9b919b7f197beab2d982ad680963789c5f7098dd22bc762e20 2f2861ceeb231bf89546962059af7f304b97c95f7b19635816137b86f36a8ca3 d7ede68be6a0464c31be064817d7f164f29dc3e63bfb7bff0bfe25b54ffc7c74 cafffb596558d693e80ba6e812d63862b207bdeee5c6f4bc3528b127c1122f37 df2594c673d0ffb4333a1511e86d4648b52a056701e91866df3ab383d50f2659 a563d8ec5787b9e55ab297f964995f9f6c47e133e1e1de8e7357153d85196ad4 7cad39fb4628a139ffe23644feef17f6d49ffc726429b3722a80de27d9707fad 222456d035fd735d573453723dcbcdf70af533dd5d57299a19e8041771ce4d5b e94da63d023c3dd9ded8f060621da50a29656eaa624ebac9e92d3bbf347d829d a86dd6fb442f166576e438cac740dc3570e0b3a0179fc0de86aef4a208916aa8 ac42e5c4d3e432f4c757c31ffdcad37a9b74e1db974d83b3cf2ae3ee81b14083 77aff91b8fbf46b70702e8cd1c80229e551ae1bb22ed04f349005d08b190ddd8 4297168574ec2417ecac5c945492de8d8817d179a48fefb6a5fe3ef4845fda70 30a9c61167296dd4dd3fc76fef572ee9cf9ecd228586b10f55cbc1dc80afebba cd4f59184ddfa89ce48a02824a3f72d5692997d7dd18619b8aa3597120cec88c 8fcfd185b282da6fcca1b7023424142b6e9fc1eb4cae24aaeb6c775d3c9a2381 d4e6409051d5dcb9a6b5dd4be617134aaa12aa252628a423a4fb6b4fe3da9ec1 ce1d3ca79b6dca9817c915869241e5cc227c1de279a46353ae8f6935f603064d 6b49375eb5e6aa5f6943a87a2bb409f83b9c0099f59f4147d171252815f679b5 02f65baa5231d129e256fc50d91228e3f5ecfcb2c18c0f812572eb7fa8cd6136 1d46074843375c7cc84dca3701c97ecf5b431a61a11627c3bf2b20dbb0514f58 8a5775e572c46bd0b352fc2639cc105e4bbf5f86953efd2ab149c5e35e0b19ec 9293ff1751c25ec15feef447489b55ef2fbee289f45a57d09e46ee321183e7ef 7ed0096ee3f85131e16ad66e8908e789fe49e06ebd9e897ecff5da53e315522c 0fd30cf98688540dbce3a71527421d73ea3b3065cae5eea9ff63e395192d5eb6 0f547ac844fdceb9cda3b3420110ae924ee6c915b4a70074d2450aa6731a61d4 15cb7fa03575deddb7b47bb4a6dea41c56298ab99620bd46aab6a1ab6b6cc011 1f9f445ac728100cd93f42f4ae2a3528f927bccd1904889b8accc06fbb2a921e c7abb12889c8ab7574e322d3a2b52416b211a2ba2295a821348c034cee51617c eeb75ec168ec61ae3aea90283253c7ef05e6a1ecdacef20b8b990c398cc7ea59 dfa27a31a7b909cc9e5d5403824059754e3bb5509e074ed6a9a5c501d6c94ca5 701241b73d283daa9f12a032fa73d790c9efc793567fbe67f5b581e83e0f2226 9c74883fdd124ffbde2199100afb53b34cfe575c0f10973b599f04d4a68b1aba ce9e632441fd4c2a3ebac4f47502865b4375ccfc83ac7d2a1d6b75c523b41ba1 4f2b8cd3c8463ff38cfe79c5c5bf1c729d72d86029b990484ad3a3d889563938 a39a05ef6f99aa92eba3331cda5f8cd6e525f1bd3bf1de8892c9def57bfc5dd4 fe47f1b373d2b6b320a17311b75281ae6201077175c44e5609a10e366b984a62 4c64f6dd901fbbac4b1b0b8bf5727c84d3cd3404018d6295723f24d86df3c1b6 1344998b0121529262e550d76e7d26eebd504db676a9d79e8aec099097584a66 72644ef3f1af6f463b39815696d0de18b14945b2786afe5db4d9b6647e77b8b3 e2dda62c654f5cc9fc61ec071b2927d09514952828faa34050dd9be604f3cebd cb146d4539a2816008f3ac7bad1fbe72a11043bdcc49ee53744e6dc40f903411 98c4373a189b886cce10e694e8f084549dcff8dfa5266ff433694d69881a92cd 2498aa187449a92dd99d19208207a1c9fa7208970a1daccd302bd49952a91dfa 41681af19fefe5e416f9a525b1a7e1409a68739468366c14132201c30001c3ef f4520cf80f4d2236c2da299dd1325ffad2dfead2c0e8f8051edcd317dcae2fc1 5223e6db2ebf60a343c6d929ea3cce114216b8b363a83afb4d9102364a6beed0 00000000000000000000000000000000000050c15191f25` } } The following is the ML-KEM-1024 certificate that corresponding to the public key in the previous section signed with the ML-DSA-87 private key from [I-D.ietf-lamps-dilithium-certificates]. -----BEGIN CERTIFICATE----- MIIZQzCCBxqgAwIBAgIUFZ/+byL9XMQsUk32/V4o0N44808wCwYJYIZIAWUDBAMT MCIxDTALBgNVBAoTBElFVEYxETAPBgNVBAMTCExBTVBTIFdHMB4XDTIwMDIwMzA0 MzIxMFoXDTQwMDEyOTA0MzIxMFowIjENMAsGA1UEChMESUVURjERMA8GA1UEAxMI TEFNUFMgV0cwggYyMAsGCWCGSAFlAwQEAwOCBiEAS5TClFAREZGCOzUUyaweo9mC XMuGOTot+wRlT6IZLTe/rRxJfGUC7uXKgKc7/OC69aVKiFhaQBOXo9Iy9Canr7CC vCGkQxcJDqrHWSwuqIplPESR6hk5MTNfUumJo8TMVtnFU3MtV8Rw+0GrdZtl0tBE RTgvzZxONEoRKPqeEeBDWOGS7QFLIyMqfuKyLiNxf0QRHuM1dTmcN2RtqYE+ybIS r+lOXcXCMwpylMwfQjSm0/u08WhauIksBKyxfNHBcNewYRtqcXbHlMyMZ/VfySPC rSAxAPNlmRiCwwJD13gThDtex8lkAyJjcGCS7PAMdRa+ZORZjKQibAabteZ+QXXP IobI3VxIimxYYfMbqgvQJpRw6LVR3TvNOMhsEvnNsXbHfci2wCpwH0eJAshVP2lM DYJye0xKXCwQQSEqoSdICLghEbN37HUhTpsZePdgBNQTnZhhP0uOmNIK97U0BzpQ mpWbenVk+bQMohi/YYKTIKhQIBeVTTKNesbHaewpcAdW57BoWzQNXhGAWVBKSaml ChAZjrEKV4RnjrQn17S6u5VSkzsGKJeXPhMY6vCg6sN1hKZUAbFwPgQqzNg3UxSD 8kHK3NHB03gRnmlEKdsZmsiR5MU0N1cIW7OueDZnNQxEWNl2cuhh6AsdJnlRDqOm 8jYMd6RpQsegalVNIoCAyEtHrvFNsXYgyxbAarMKG+TNpwgr6fh+nCEcRpFjSaW6 jqpSAccpSjwIhbU7ZXRSEIgl7GRskKBGEjJO59Axr+U0MTLL72e277Gl7CgJt3NT jOd7PYsE6ws8IlYBHkxxbBmougdSv3FJIRdknwYVwykPwppG/eS9UtuShtYDOIJE JZwVp6wrZApgzAM3alhBo/uKRzVo+psaJnIV80wBaXsPDmJxddchBbdwfCm55hS9 wzpvbIGKlTcLQniC17R2eWqexuuZMnTNmyORqCukXjOT0umulyHKnWwbmItYJ3E/ kKZYXelDNSjAKwPOELtfcgE40Pu0wwwSZrkY5Skl3+F7N/ldIrylT0dZGayFkJjA 8NCKxYde8ptW/RQebvFfcAoLZvOVlcWIF3NzxGabIbwHHkw6pfC0oxtiWPNdokrD zSnH8gkkEMUHg1WxOPtTprmubgucCCQ+e6pFxHN264x/E9TPUapzb6MVQMkkHzcN pUS/n5wo2aV+Lyp8qVpOS0ZuZBqzvMdq3xE51Wem8StS86ZefsCq4mvKqMVYM7BO WZmOvJoZMPu20iM8U9LB+LlRjjwt5zoZ3uazgKWzKXHPZOEp/WwfpuddSiNFAelm 3TpUCvXI9PNKa0olPuKEklZtXmfG9VhV/LBQb7BsFWdE2aA6MaJvqUytFPFXt/MD 0Hppx3N2j8tNB5wJBZcDoMOpTeS5nqOi8WWD0PkXCjlQ2we08LwwgCkn+feWG2JZ iSY2qVAqJwUwNjd5ndNE2kUcHPe/Z4QM6zB5q4xrjBkn9kBTxhJFDEXJ5gO8FmZu WWs0ceEDtvFUR0JNFwIgSBEf+9N+HGcPZPFLinsyuUwaSbRd0vw4zVKJ2RCtY2As 9eEwQsZKxnl7iftVGtCOBaktIAzMt+cS7yPJMSyzUPApq1N+KHNH/TB1rBCQang/ HGwHzLiPQSKMS+HGQPeQtcOl1dPKeSSV10vEYVYmWMB6xgAna5JKtbyb4fBJTLdv gvRgp0gJcmYzgeFpmWBh15mFnsVNT1ylxBHAHbFZexZZd2ad4TqSijSvusJY/qjE dkI5yUIdwxGb9bR2mSBpeDJ7HFNF73RqeYOEHwVuJTQQCrJNTpq70LF8apW9TDwO QPaeFhKs7rKLmQhslRFucgQnOJM5C/RriZs2KGsOvxlHu5iE9zLKJ9qCsZtdwMx/ iIVxSRCIiyMQxPkxnUELNOZDO5AD4hdruZUldFYQbolSFjuLpZJTDMWqCutDrTmP 6el7qlI9ekQxZ3w9OvBxnkdduFypWvUIm+q+sFsvqrSJa6YPgciEcqV7RqgogmoM 37RG+BiRgtK/XqxOwcxd6vWZyKE+SCNUBtF//dyDRLbGaYSoaKqS+gIieghpUOsM hwHtWNxih3a5g4guEXWjUjBQMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQU2oIY LDnr2zUNkE7kvFB7cgQ/+iMwHwYDVR0jBBgwFoAUiYhnULV8JNs/wBLmHt5ZdTM3 N08wCwYJYIZIAWUDBAMTA4ISFAB0Ilvfx69mChnV48hOgGE9RRQLmMKyjFn4sKDx FO8grAAsxKw9hdEkv+TKqayLkCkxeDnhL/HIOnDRXxZ9iVUMcCUrhcerYIIZiUeu CJYYHAk0Wv/eQF+qzT3UNREKdljBD7rlem7wRC7oT6vf304BFsDOQmL3yL3gh8hI ycxU5SMh3dH6Gj1wSug91LVBV/QhLebDixXuKOe/q5dyNQRk1lI4im5ysGCkGzdq UZuanqBYvvE0c1dvvgeG9+qV9ARQOxmOaKYQMENVVA9HbzGV66GUrR19jK9z1bRI OSzFCba83oGHKyC9bHCLfvtXFXRxNVlDHGk7dRm2dAOds/iWJL4cu/M2O8rWaxIt ypfeieyKbr6CQjGzWqQ5lNYC3piMO9Byl6QxvZqBPhFeLbXYc3ZFhk250oz7m+LF DpHX0+uf4SROW51EDoo3gN3hQPp9usgYQcfprP/SpxGmxJ03GaHv/tFF/pEwCAT+ sGPjYGsT14KVNG//guI4cHs9pE6s5Y8lslD1AUjFg8VQlIqF2JCPnaOGyagdEem3 mazLJ0y2KCnFMhqp3oGaVWXC2LSwyOLe0XKeJWRbuvXQ4Wl81OItyLX86fjol8bO nCG83V3w4L3Omizd9SdnBtd6uv+1S6oxEvNcs7+pw6TN/6EuUaRPhi/jYr8Zpplq JfsCOUoLs6hJLjrD5QMmCCxYCrV76ea6Moyyr1/0mfElOkkTLMLzKN5p4vqPEdAd N5vDAT8g4Yn0MsRPqqK0pXyUA7Ax9ISGuQebeF9rBEtoEIG+bq4wXBWxmG2gQ3Ki ctNDS5LUZS23n85pZ8t002IX6fXD3JYtn4UMJEjbSh3+s6WY3A1qG00bLJL4chIq +G8mBAZm0/e0Kxb+H7Y1tWZnTe+pi08fKwRcPTEdHXLKU8bS53e3A851y8cNrGs0 dNHaDQHjcboFgDhXS4geBY6iwzHGdmfDKcA5mxURP+XUgG6HBLuCYCmx0S5OzP+F ZY+bChnR7z0j8bTl4YOOIiaHyh2CW8frGsIlw1tBINezLWa7sr+4rx6C1CK0F2J/ IdYIdEMLiL8Yx85wL0q0EufDoc/HPQRe3hDDtYsex3RMr83osZI+okf+3vtMoLv3 CJxyZIp8Di65SuZRHZ5KNW/DGFWGAobRHbS6Va37KTjzysg1VsdM6wqcIYFvOMV/ mvUVJ2MbXSawQuwKVMjYeibT8n55S9iL7mcfnivLgl7QNO86vaks8ZRpnZEA+FVS QiS0K9eZnBTI7L4bzJKZHgTg0tcd13qZXZtUpQdXxquS63o0lDZs7k5iKx7Xt3Pz T1f2y5ADQIrSPJ9Ytw71TubGotB39vkiqwvrF2fl7n/Ia8aEHp3k6x1OUbOcQ7G7 PW+sE2mdgy+2FcSlyomFXDent9ayH135V2k87/YYwtJjt2rFMSRogut01AtKJ/On C1E2X5s5U9FXmeuy1ss/U6zHZ+VEiSSZlBu1ej6/yrsCAsu03/HepXMfbh4NuB4X yUTGRYg4rF12nH8ah9Er33b4iYM6zf5JVPRPba+6oDjQHYAjvD+gRF9D5t64PcaQ JAA381HRYqtigLpS1NaAD2bUvg2JYsZEkymXs1w+iG8aLBcakJpqmwKazFczcpZJ nAfhVAopjRQTyGxyslH+01Kd4ZUiP4LKZCkNrQjsNspIHIaAPMp0kL/FA03tfGwe sZvcvlnJYD7PIrwxCWdIFW24A6yaGKg4xE1NO9oJQWLRNDDY6IyOYf9jw4YNlcG5 wsJ5IsbUcUckGOPHiRx9IHSiOFewb5KWjQUN79wA9/w1SWToG2fUSrfUSNhEvsV5 F+As9EcQvgVGtINulzWWHxfCGbfVHZ8EO35xQG077xcEGMhMz9eNWQR8GdQOLy2k QjNlZV9U9pKa5CcVjkBRHPpfsFOMT4qHW6Arv6VoNcTwUuobFtl6DYWTeU/qrmN3 e5gM176CKneRS8IoDF8nZeCDCeHAD17g4V9UUKNaeHaVQZ4elvvVwPhZvdrTGoIp +VZrYIJqltUCZwvBvsxy6ILzZHCGTLTQwWaHSiaRLVKUPVymXVBnzj2cReDb4pk8 /bQu/03ZSquOub6PTV/8U7ejb4fXXa6TEWQa2Sao7ziqYIUTfwoPzNfvz4eLFMPw j7USnBXe8mV+MOgL2ncK7aobOIyfPwal5IEAA5ovPmY63T1JQGdAoumKTO7NOVb5 hR/fXq25OrWf77Df3vlNdi5n1GC7UFXN2FdJ4wJl3X8my5L3sVOtzAWKMAqBLbqN cKFKxMvbYI6gBT79Vm9f4LgwGEf9lFQUk3ysP/uQFwURGGglzPN4GmIrNHPNx5yB bUU74kQ8d5KOYmP09S6gyxVd17nau6i4BkxwA69HnIS7RDXfg7kFnrnNvk0ySHFb a8YmLTK4n5HEO2KRSoayIjMq5j7CvTZZag/emL3dSdFsNsnqJclUl5RImlXg5xnv nf5x+lXcx7IZ3fBau3yE001C4W+ljlh9EzaRqTt0vT2JuJ/Mn4iRws/a7CYdX3+L FINsrgkOJwbgUOFZGG/LShXe1OjPxbVnE0TMl35QqC6tYyY+57lqb1cBc3+ZPmTc Q7yOeHfGAhdI7aYRV8Gqt2nx8ZwuhCJRuuxWGYjbpx9StbbVeSmQyQODoUUeXvBR 7DjFqKVRz3CXFW0j8SMRJiXCk8pQb3J+cbyA2AuXJkBlkIYswLVgH2NT3onbnhO6 0YbkUiv7d8AARktu1VHDpJWr5JgMSQ05k5b2rqKD0CPHWphapFFyEDBESeLLmnUH WXf0aNl7VrYrXYRzEXzUGDf61yUJbBw9gTLMDC8WGHl/NPth57aZ1Ao/IB8Ir3z2 vXABqKz3Byk8klGzEa37tist+sZjN87DhKGjAUcolgoOn8F9p+SAwnLVLMhBo+Yi Fpu5hwAIggzYhC+fgH17Oz8m8SEL+o6LUoAtleMZPQCgbSb88CvBZPHBPa3l6+qF cORCrafkR7eKWUBCcJejSzUvap2ViqDSnerLHl0cppKvL0B9Jf++DO5RARKhTLdL BKCHsfGVWJh+cpePHdMM0Kzax5K46RjbKrK0v7qD5oHfHQOI6RV3oJ/SXuZr5HRq jHgy6quxwksp5w1il324kdoQ+VzaVHNbd7Oyngk8hM1RC2/HVyE/8xJjlZUxMolx /D460FpuXdxyuYg7Z46sHNv1o3O7sRiOFXJfOH9wVb6H4PAo3T8kK1HASaA4fXq1 lj4NGV4eSD0bxDNJv+7uywbUTTKzy5ObF4swVgkfQHtRkGoXZwSTkIGnGw+bwOwO GIz2W0T4YZVwbHs6gChn7cCQnqUmrFH+wZn54qY5FDX9ZyGsP2qxeb5zh7GtZx4T WjcEkEok2O2YwvteSxYUPM/5lkol5edy9e5kua8YKEEFue04CghZv37ROQnh5+/s NFZooNTzP7iPDcYuPMYSCpbowrVaRRxu7A3+IK37n9gkB9NMXT4xXizv79ey3gO9 xrk+2aa8GTC4JEXM3EUjiLIhlQ/GFLk6xPi0y9/dX4txmRzGi6DEyi6yfpog2xho 56zUqHZ2qcKBmEyrKzd99JmDe3Riw9C0Lci3SzKP1DvNQktDerm5TkyhJbOQl5Y5 fjkksJjUdEvWOGysJHx7GlUZRGPytXgTuXKEZ6oMObXt6+/lQFdB4117dsamPdl+ IXyc9FxgwMCyaECP72CuvJwCNRrPEIxlRJAaMPYhalgltqGGFm8vDhyKgfbAyhIv OrkH6/7oOY8V/9SS6XtRIZD8WpLsxIKhB+spvtFSA3mkgLOw+Vx46CtV+91f5rJd HcDAqOMl/KebHbt0gTKiIncx4ICUS3OcTmF5MEhSxwBHqTGeF2u6w62h9jlpp+JD m34hh9A1gH3OwsnBGcBMxb6H23iXNGYZYyWyneIluQTvRT0CnKra8hgm8ONjXK6F N8BZepxBL1Bu7TQIH1iYUW5LnQzIEm6eIf/iaUz6S4RRT042Cek8YWWpkhAf4ko0 0syLPVpPPxSZMpj2rUKmyOiPxLtHeVhE1QHeUS9YqkjEH9W31g68lzI/1OwIAPmX 8/0W2ehncAXZzcvaqKn3sVF0ntfY6zexcvkWKnQntyrVik6feikCRDym5CguxGzv leBp4PVF9kMJ+lbRTCgvu+rAu70sm7HRYkbtvUQzdAkdIQYNGYa5Ah9+y/oI0vy1 C4Yz5c5D4XLN6lomHL/N/e2A6RPwCa4i5BdVDButLBAiXg8QLeicikPLxmnzVJdV hat/2VgWDPmrW2hOfHgka+S4muOUcxHkLLKz4vIy4H6aUztSnjod5P/03JrQOm8q iBzhOYA9tzOKxNOn8SxlWlJHhT8vb7KX3pT9dKmWqfTPn5gYlnT8rexudJkcX0pY Qm9cLNKThdRAwP/t7Yk9evt6qh7g///JMZjKMIHtPE+mL5m/xiBjGNiA1JkV5/vl 55tWqRGoJMv0qgcPvM9IKvUMk65x2gjH5os1fuV52BgVOpcwhbLJEmHG4wd/IEo9 GrW7rFFGL4vyUNhxxXsmAsfhYsoSRR/s3GlX1FwPDxqUw+VS2duVCHYvKDBsZaLP Ergt6fDalHKZVTnI2tVGNH3fFpAmBC5V8Iq8thzK4fRK2yF8nGP4HYSWNqQc2P5o hB8wvEofpGjitBdNqlujkBMcNsLPPk9ZnUmQ3/erzFw34b0jTMUBrsfleaG2Kf1S 9CG6YUiULoMoRh8cPSSrvaGCxfNx9M/WkaI8JvDsEL19ASBYqu3bOV2bCutPgbfP Bd1C6N8fNNzJ7hPSVAqz980TtfmgK+dj4NqhEw5AaVxy4+9IVGt6JhYAT8F//ATK xfAe44nD1Bj8UGN+seYwEk7dKaCd703yP6CNu9447k/3xkvtwcwtL40Kqmza6913 B64HvQ2GjSaOdIAkaPq1ACy+2OI+S1kIvOTKBemHF3KMJf02+1ZdAhwJ4uJSnGDi uVT8svHM779FgIUMZjOmdE8dI7jpRKsw3czgucG2r/EPYRVa1B8cQd9iq8Xw1/Ce 7CbgROAqmfboMupDgA+QEV9Nf2aAwqQTEs6yG5saOtoNiCULXwNmh18RPWhZhKqm voXPxnZyZ2VsN3jlcFB2WG5lngf+r//d32QX8ptGQHmETXxIvMmRG2p2TS7PAthx T45SNsbL5jNQFysjJQWTlGGYGjNGQJHtqhmiIwpUICoJNymGfYEkrg84QKo7+NdX xZFd7HAAw9MdSl1tvkLX+uiFzl+2d/d+SvAxHD3qDitg/90tUDLAoAxmaYO3lmFy kTuJUMVJLhkavp3LC2Q5K+mgevqlnw4h+sw2lY0a7RVLLnHc6/FVi/sC/Smu1u8u 019R3unx8faluUtqsRvlxAjtH1feQdIApy5FFp5m8t+Ixpe1QipBTN3Aa+g3bph0 hWw7u9JgPOja0lIJDDyGwWhyv4iCsII1OSKhHdLn3U34BCQ8nTY2DPqvojpRKg7u PVnSPpbAdLnfSU3Z+x4eQZiZLKQ8LwcOnU6+J8S2Mneboj4t8chpblbFqXEX2GDy jE6JffIAEtZan8bJyuD9lNJgr4raeyt2rqRLmpoY1Emk5HSioIjsgUTu92FeMp/b YWP6Fc/rXHoYl5xR5kUW4BtiB+592H/XdJzPHJQx2kjzS4gh1NH5s0yENMOWYTar 0HJecZth4BF3SNDzElWcOvGWnMQj/fpkHgAq+aqXa2UCd4P/FaEXVUOuxy+vnHwe qqigp/mWD19+DiTyv7WEe+o/AomHctLyigGFlR2zs3yLXSwNnDJ6YANpgMlEspwS 3ToM7PbcVC9vDfjKhGdAhvdVT1lr7IU0fYeMVppE6HkoKS6tbsokb9qtbvtvWCfz I6342qm7BW6/SiZEx/Sl/DzF8qA3eLHM0xFR2kvHsn+5AB5ucy2ZOJF2W9XuwYSU BPoRrmdIWKQYC8/MD5PtZMqUoEGvHl6jFpfbO6+RP6NakpA+q4Tl4xuDNyeKqOdD 9+XdE3acWR/r+JseircGaBDDkpjBElcYgZuLfqKrx1+G5i6t6gWopcNtLmVcuAWv HVT854OIkNIUoqfnESODrczb3C5kjJ230df4V156qMbJBwwcJFtzf5ObyO3ycnd/ kNggIp4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIDxcdKS4x -----END CERTIFICATE----- SEQUENCE { SEQUENCE { [0] { INTEGER { 2 } } INTEGER { `159ffe6f22fd5cc42c524df6fd5e28d0de38f34f` } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.19 } } SEQUENCE { SET { SEQUENCE { # organizationName OBJECT_IDENTIFIER { 2.5.4.10 } PrintableString { "IETF" } } } SET { SEQUENCE { # commonName OBJECT_IDENTIFIER { 2.5.4.3 } PrintableString { "LAMPS WG" } } } } SEQUENCE { UTCTime { "200203043210Z" } UTCTime { "400129043210Z" } } SEQUENCE { SET { SEQUENCE { # organizationName OBJECT_IDENTIFIER { 2.5.4.10 } PrintableString { "IETF" } } } SET { SEQUENCE { # commonName OBJECT_IDENTIFIER { 2.5.4.3 } PrintableString { "LAMPS WG" } } } } SEQUENCE { SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.3 } } BIT_STRING { `00` `4b94c29450111191823b3514c9ac1ea3d9825cc b86393a2dfb04654fa2192d37bfad1c497c6502eee5ca80a73bfce0baf5a54a8 8585a401397a3d232f426a7afb082bc21a44317090eaac7592c2ea88a653c449 1ea193931335f52e989a3c4cc56d9c553732d57c470fb41ab759b65d2d044453 82fcd9c4e344a1128fa9e11e04358e192ed014b23232a7ee2b22e23717f44111 ee33575399c37646da9813ec9b212afe94e5dc5c2330a7294cc1f4234a6d3fbb 4f1685ab8892c04acb17cd1c170d7b0611b6a7176c794cc8c67f55fc923c2ad2 03100f365991882c30243d77813843b5ec7c964032263706092ecf00c7516be6 4e4598ca4226c069bb5e67e4175cf2286c8dd5c488a6c5861f31baa0bd026947 0e8b551dd3bcd38c86c12f9cdb176c77dc8b6c02a701f478902c8553f694c0d8 2727b4c4a5c2c1041212aa1274808b82111b377ec75214e9b1978f76004d4139 d98613f4b8e98d20af7b534073a509a959b7a7564f9b40ca218bf61829320a85 02017954d328d7ac6c769ec29700756e7b0685b340d5e118059504a49a9a50a1 0198eb10a5784678eb427d7b4babb9552933b062897973e1318eaf0a0eac3758 4a65401b1703e042accd837531483f241cadcd1c1d378119e694429db199ac89 1e4c5343757085bb3ae783667350c4458d97672e861e80b1d2679510ea3a6f23 60c77a46942c7a06a554d228080c84b47aef14db17620cb16c06ab30a1be4cda 7082be9f87e9c211c46916349a5ba8eaa5201c7294a3c0885b53b65745210882 5ec646c90a04612324ee7d031afe5343132cbef67b6efb1a5ec2809b773538ce 77b3d8b04eb0b3c2256011e4c716c19a8ba0752bf71492117649f0615c3290fc 29a46fde4bd52db9286d603388244259c15a7ac2b640a60cc03376a5841a3fb8 a473568fa9b1a267215f34c01697b0f0e627175d72105b7707c29b9e614bdc33 a6f6c818a95370b427882d7b476796a9ec6eb993274cd9b2391a82ba45e3393d 2e9ae9721ca9d6c1b988b5827713f90a6585de9433528c02b03ce10bb5f72013 8d0fbb4c30c1266b918e52925dfe17b37f95d22bca54f475919ac859098c0f0d 08ac5875ef29b56fd141e6ef15f700a0b66f39595c588177373c4669b21bc071 e4c3aa5f0b4a31b6258f35da24ac3cd29c7f2092410c5078355b138fb53a6b9a e6e0b9c08243e7baa45c47376eb8c7f13d4cf51aa736fa31540c9241f370da54 4bf9f9c28d9a57e2f2a7ca95a4e4b466e641ab3bcc76adf1139d567a6f12b52f 3a65e7ec0aae26bcaa8c55833b04e59998ebc9a1930fbb6d2233c53d2c1f8b95 18e3c2de73a19dee6b380a5b32971cf64e129fd6c1fa6e75d4a234501e966dd3 a540af5c8f4f34a6b4a253ee28492566d5e67c6f55855fcb0506fb06c156744d 9a03a31a26fa94cad14f157b7f303d07a69c773768fcb4d079c09059703a0c3a 94de4b99ea3a2f16583d0f9170a3950db07b4f0bc30802927f9f7961b6259892 636a9502a2705303637799dd344da451c1cf7bf67840ceb3079ab8c6b8c1927f 64053c612450c45c9e603bc16666e596b3471e103b6f15447424d17022048111 ffbd37e1c670f64f14b8a7b32b94c1a49b45dd2fc38cd5289d910ad63602cf5e 13042c64ac6797b89fb551ad08e05a92d200cccb7e712ef23c9312cb350f029a b537e287347fd3075ac10906a783f1c6c07ccb88f41228c4be1c640f790b5c3a 5d5d3ca792495d74bc461562658c07ac600276b924ab5bc9be1f0494cb76f82f 460a7480972663381e169996061d799859ec54d4f5ca5c411c01db1597b16597 7669de13a928a34afbac258fea8c4764239c9421dc3119bf5b47699206978327 b1c5345ef746a7983841f056e2534100ab24d4e9abbd0b17c6a95bd4c3c0e40f 69e1612aceeb28b99086c95116e7204273893390bf46b899b36286b0ebf1947b b9884f732ca27da82b19b5dc0cc7f8885714910888b2310c4f9319d410b34e64 33b9003e2176bb995257456106e8952163b8ba592530cc5aa0aeb43ad398fe9e 97baa523d7a4431677c3d3af0719e475db85ca95af5089beabeb05b2faab4896 ba60f81c88472a57b46a828826a0cdfb446f8189182d2bf5eac4ec1cc5deaf59 9c8a13e48235406d17ffddc8344b6c66984a868aa92fa02227a086950eb0c870 1ed58dc628776b983882e1175` } } [3] { SEQUENCE { SEQUENCE { # keyUsage OBJECT_IDENTIFIER { 2.5.29.15 } BOOLEAN { TRUE } OCTET_STRING { BIT_STRING { b`001` } } } SEQUENCE { # subjectKeyIdentifier OBJECT_IDENTIFIER { 2.5.29.14 } OCTET_STRING { OCTET_STRING { `da82182c39ebdb350d904ee4bc507b72043f fa23` } } } SEQUENCE { # authorityKeyIdentifier OBJECT_IDENTIFIER { 2.5.29.35 } OCTET_STRING { SEQUENCE { [0 PRIMITIVE] { `89886750b57c24db3fc012e61ede59753 337374f` } } } } } } } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.19 } } BIT_STRING { `00` `74225bdfc7af660a19d5e3c84e80613d45140b98c2b 28c59f8b0a0f114ef20ac002cc4ac3d85d124bfe4caa9ac8b9029317839e12ff 1c83a70d15f167d89550c70252b85c7ab6082198947ae0896181c09345affde4 05faacd3dd435110a7658c10fbae57a6ef0442ee84fabdfdf4e0116c0ce4262f 7c8bde087c848c9cc54e52321ddd1fa1a3d704ae83dd4b54157f4212de6c38b1 5ee28e7bfab9772350464d652388a6e72b060a41b376a519b9a9ea058bef1347 3576fbe0786f7ea95f404503b198e68a610304355540f476f3195eba194ad1d7 d8caf73d5b448392cc509b6bcde81872b20bd6c708b7efb571574713559431c6 93b7519b674039db3f89624be1cbbf3363bcad66b122dca97de89ec8a6ebe824 231b35aa43994d602de988c3bd07297a431bd9a813e115e2db5d8737645864db 9d28cfb9be2c50e91d7d3eb9fe1244e5b9d440e8a3780dde140fa7dbac81841c 7e9acffd2a711a6c49d3719a1effed145fe91300804feb063e3606b13d782953 46fff82e238707b3da44eace58f25b250f50148c583c550948a85d8908f9da38 6c9a81d11e9b799accb274cb62829c5321aa9de819a5565c2d8b4b0c8e2ded17 29e25645bbaf5d0e1697cd4e22dc8b5fce9f8e897c6ce9c21bcdd5df0e0bdce9 a2cddf5276706d77abaffb54baa3112f35cb3bfa9c3a4cdffa12e51a44f862fe 362bf19a6996a25fb02394a0bb3a8492e3ac3e50326082c580ab57be9e6ba328 cb2af5ff499f1253a49132cc2f328de69e2fa8f11d01d379bc3013f20e189f43 2c44faaa2b4a57c9403b031f48486b9079b785f6b044b681081be6eae305c15b 1986da04372a272d3434b92d4652db79fce6967cb74d36217e9f5c3dc962d9f8 50c2448db4a1dfeb3a598dc0d6a1b4d1b2c92f872122af86f26040666d3f7b42 b16fe1fb635b566674defa98b4f1f2b045c3d311d1d72ca53c6d2e777b703ce7 5cbc70dac6b3474d1da0d01e371ba058038574b881e058ea2c331c67667c329c 0399b15113fe5d4806e8704bb826029b1d12e4eccff85658f9b0a19d1ef3d23f 1b4e5e1838e222687ca1d825bc7eb1ac225c35b4120d7b32d66bbb2bfb8af1e8 2d422b417627f21d60874430b88bf18c7ce702f4ab412e7c3a1cfc73d045ede1 0c3b58b1ec7744cafcde8b1923ea247fedefb4ca0bbf7089c72648a7c0e2eb94 ae6511d9e4a356fc31855860286d11db4ba55adfb2938f3cac83556c74ceb0a9 c21816f38c57f9af51527631b5d26b042ec0a54c8d87a26d3f27e794bd88bee6 71f9e2bcb825ed034ef3abda92cf194699d9100f855524224b42bd7999c14c8e cbe1bcc92991e04e0d2d71dd77a995d9b54a50757c6ab92eb7a3494366cee4e6 22b1ed7b773f34f57f6cb9003408ad23c9f58b70ef54ee6c6a2d077f6f922ab0 beb1767e5ee7fc86bc6841e9de4eb1d4e51b39c43b1bb3d6fac13699d832fb61 5c4a5ca89855c37a7b7d6b21f5df957693ceff618c2d263b76ac531246882eb7 4d40b4a27f3a70b51365f9b3953d15799ebb2d6cb3f53acc767e544892499941 bb57a3ebfcabb0202cbb4dff1dea5731f6e1e0db81e17c944c6458838ac5d769 c7f1a87d12bdf76f889833acdfe4954f44f6dafbaa038d01d8023bc3fa0445f4 3e6deb83dc690240037f351d162ab6280ba52d4d6800f66d4be0d8962c644932 997b35c3e886f1a2c171a909a6a9b029acc57337296499c07e1540a298d1413c 86c72b251fed3529de195223f82ca64290dad08ec36ca481c86803cca7490bfc 5034ded7c6c1eb19bdcbe59c9603ecf22bc31096748156db803ac9a18a838c44 d4d3bda094162d13430d8e88c8e61ff63c3860d95c1b9c2c27922c6d47147241 8e3c7891c7d2074a23857b06f92968d050defdc00f7fc354964e81b67d44ab7d 448d844bec57917e02cf44710be0546b4836e9735961f17c219b7d51d9f043b7 e71406d3bef170418c84ccfd78d59047c19d40e2f2da4423365655f54f6929ae 427158e40511cfa5fb0538c4f8a875ba02bbfa56835c4f052ea1b16d97a0d859 3794feaae63777b980cd7be822a77914bc2280c5f2765e08309e1c00f5ee0e15 f5450a35a787695419e1e96fbd5c0f859bddad31a8229f9566b60826a96d5026 70bc1becc72e882f36470864cb4d0c166874a26912d52943d5ca65d5067ce3d9 c45e0dbe2993cfdb42eff4dd94aab8eb9be8f4d5ffc53b7a36f87d75dae93116 41ad926a8ef38aa6085137f0a0fccd7efcf878b14c3f08fb5129c15def2657e3 0e80bda770aedaa1b388c9f3f06a5e48100039a2f3e663add3d49406740a2e98 a4ceecd3956f9851fdf5eadb93ab59fefb0dfdef94d762e67d460bb5055cdd85 749e30265dd7f26cb92f7b153adcc058a300a812dba8d70a14ac4cbdb608ea00 53efd566f5fe0b8301847fd945414937cac3ffb90170511186825ccf3781a622 b3473cdc79c816d453be2443c77928e6263f4f52ea0cb155dd7b9dabba8b8064 c7003af479c84bb4435df83b9059eb9cdbe4d3248715b6bc6262d32b89f91c43 b62914a86b222332ae63ec2bd36596a0fde98bddd49d16c36c9ea25c95497944 89a55e0e719ef9dfe71fa55dcc7b219ddf05abb7c84d34d42e16fa58e587d133 691a93b74bd3d89b89fcc9f8891c2cfdaec261d5f7f8b14836cae090e2706e05 0e159186fcb4a15ded4e8cfc5b5671344cc977e50a82ead63263ee7b96a6f570 1737f993e64dc43bc8e7877c6021748eda61157c1aab769f1f19c2e842251bae c561988dba71f52b5b6d5792990c90383a1451e5ef051ec38c5a8a551cf70971 56d23f123112625c293ca506f727e71bc80d80b9726406590862cc0b5601f635 3de89db9e13bad186e4522bfb77c000464b6ed551c3a495abe4980c490d39939 6f6aea283d023c75a985aa4517210304449e2cb9a75075977f468d97b56b62b5 d8473117cd41837fad725096c1c3d8132cc0c2f1618797f34fb61e7b699d40a3 f201f08af7cf6bd7001a8acf707293c9251b311adfbb62b2dfac66337cec384a 1a3014728960a0e9fc17da7e480c272d52cc841a3e622169bb9870008820cd88 42f9f807d7b3b3f26f1210bfa8e8b52802d95e3193d00a06d26fcf02bc164f1c 13dade5ebea8570e442ada7e447b78a5940427097a34b352f6a9d958aa0d29de acb1e5d1ca692af2f407d25ffbe0cee510112a14cb74b04a087b1f19558987e7 2978f1dd30cd0acdac792b8e918db2ab2b4bfba83e681df1d0388e91577a09fd 25ee66be4746a8c7832eaabb1c24b29e70d62977db891da10f95cda54735b77b 3b29e093c84cd510b6fc757213ff31263959531328971fc3e3ad05a6e5ddc72b 9883b678eac1cdbf5a373bbb1188e15725f387f7055be87e0f028dd3f242b51c 049a0387d7ab5963e0d195e1e483d1bc43349bfeeeecb06d44d32b3cb939b178 b3056091f407b51906a176704939081a71b0f9bc0ec0e188cf65b44f86195706 c7b3a802867edc0909ea526ac51fec199f9e2a6391435fd6721ac3f6ab179be7 387b1ad671e135a3704904a24d8ed98c2fb5e4b16143ccff9964a25e5e772f5e e64b9af18284105b9ed380a0859bf7ed13909e1e7efec345668a0d4f33fb88f0 dc62e3cc6120a96e8c2b55a451c6eec0dfe20adfb9fd82407d34c5d3e315e2ce fefd7b2de03bdc6b93ed9a6bc1930b82445ccdc452388b221950fc614b93ac4f 8b4cbdfdd5f8b71991cc68ba0c4ca2eb27e9a20db1868e7acd4a87676a9c2819 84cab2b377df499837b7462c3d0b42dc8b74b328fd43bcd424b437ab9b94e4ca 125b3909796397e3924b098d4744bd6386cac247c7b1a55194463f2b57813b97 28467aa0c39b5edebefe5405741e35d7b76c6a63dd97e217c9cf45c60c0c0b26 8408fef60aebc9c02351acf108c6544901a30f6216a5825b6a186166f2f0e1c8 a81f6c0ca122f3ab907ebfee8398f15ffd492e97b512190fc5a92ecc482a107e b29bed1520379a480b3b0f95c78e82b55fbdd5fe6b25d1dc0c0a8e325fca79b1 dbb748132a2227731e080944b739c4e6179304852c70047a9319e176bbac3ada 1f63969a7e2439b7e2187d035807dcec2c9c119c04cc5be87db7897346619632 5b29de225b904ef453d029caadaf21826f0e3635cae8537c0597a9c412f506ee d34081f5898516e4b9d0cc8126e9e21ffe2694cfa4b84514f4e3609e93c6165a 992101fe24a34d2cc8b3d5a4f3f14993298f6ad42a6c8e88fc4bb47795844d50 1de512f58aa48c41fd5b7d60ebc97323fd4ec0800f997f3fd16d9e8677005d9c dcbdaa8a9f7b151749ed7d8eb37b172f9162a7427b72ad58a4e9f7a2902443ca 6e4282ec46cef95e069e0f545f64309fa56d14c282fbbeac0bbbd2c9bb1d1624 6edbd443374091d21060d1986b9021f7ecbfa08d2fcb50b8633e5ce43e172cde a5a261cbfcdfded80e913f009ae22e417550c1bad2c10225e0f102de89c8a43c bc669f354975585ab7fd958160cf9ab5b684e7c78246be4b89ae3947311e42cb 2b3e2f232e07e9a533b529e3a1de4fff4dc9ad03a6f2a881ce139803db7338ac 4d3a7f12c655a5247853f2f6fb297de94fd74a996a9f4cf9f98189674fcadec6 e74991c5f4a58426f5c2cd29385d440c0ffeded893d7afb7aaa1ee0ffffc9319 8ca3081ed3c4fa62f99bfc6206318d880d49915e7fbe5e79b56a911a824cbf4a a070fbccf482af50c93ae71da08c7e68b357ee579d818153a973085b2c91261c 6e3077f204a3d1ab5bbac51462f8bf250d871c57b2602c7e162ca12451fecdc6 957d45c0f0f1a94c3e552d9db9508762f28306c65a2cf12b82de9f0da9472995 539c8dad546347ddf169026042e55f08abcb61ccae1f44adb217c9c63f81d849 636a41cd8fe68841f30bc4a1fa468e2b4174daa5ba390131c36c2cf3e4f599d4 990dff7abcc5c37e1bd234cc501aec7e579a1b629fd52f421ba6148942e83284 61f1c3d24abbda182c5f371f4cfd691a23c26f0ec10bd7d012058aaeddb395d9 b0aeb4f81b7cf05dd42e8df1f34dcc9ee13d2540ab3f7cd13b5f9a02be763e0d aa1130e40695c72e3ef48546b7a2616004fc17ffc04cac5f01ee389c3d418fc5 0637eb1e630124edd29a09def4df23fa08dbbde38ee4ff7c64bedc1cc2d2f8d0 aaa6cdaebdd7707ae07bd0d868d268e74802468fab5002cbed8e23e4b5908bce 4ca05e98717728c25fd36fb565d021c09e2e2529c60e2b954fcb2f1ccefbf458 0850c6633a6744f1d23b8e944ab30ddcce0b9c1b6aff10f61155ad41f1c41df6 2abc5f0d7f09eec26e044e02a99f6e832ea43800f90115f4d7f6680c2a41312c eb21b9b1a3ada0d88250b5f0366875f113d685984aaa6be85cfc6767267656c3 778e5705076586e659e07feafffdddf6417f29b464079844d7c48bcc9911b6a7 64d2ecf02d8714f8e5236c6cbe63350172b232505939461981a33464091edaa1 9a2230a54202a093729867d8124ae0f3840aa3bf8d757c5915dec7000c3d31d4 a5d6dbe42d7fae885ce5fb677f77e4af0311c3dea0e2b60ffdd2d5032c0a00c6 66983b7966172913b8950c5492e191abe9dcb0b64392be9a07afaa59f0e21fac c36958d1aed154b2e71dcebf1558bfb02fd29aed6ef2ed35f51dee9f1f1f6a5b 94b6ab11be5c408ed1f57de41d200a72e45169e66f2df88c697b5422a414cddc 06be8376e9874856c3bbbd2603ce8dad252090c3c86c16872bf8882b08235392 2a11dd2e7dd4df804243c9d36360cfaafa23a512a0eee3d59d23e96c074b9df4 94dd9fb1e1e4198992ca43c2f070e9d4ebe27c4b632779ba23e2df1c8696e56c 5a97117d860f28c4e897df20012d65a9fc6c9cae0fd94d260af8ada7b2b76aea 44b9a9a18d449a4e474a2a088ec8144eef7615e329fdb6163fa15cfeb5c7a189 79c51e64516e01b6207ee7dd87fd7749ccf1c9431da48f34b8821d4d1f9b34c8 434c3966136abd0725e719b61e0117748d0f312559c3af1969cc423fdfa641e0 02af9aa976b65027783ff15a1175543aec72faf9c7c1eaaa8a0a7f9960f5f7e0 e24f2bfb5847bea3f02898772d2f28a0185951db3b37c8b5d2c0d9c327a60036 980c944b29c12dd3a0cecf6dc542f6f0df8ca84674086f7554f596bec85347d8 78c569a44e87928292ead6eca246fdaad6efb6f5827f323adf8daa9bb056ebf4 a2644c7f4a5fc3cc5f2a03778b1ccd31151da4bc7b27fb9001e6e732d9938917 65bd5eec1849404fa11ae674858a4180bcfcc0f93ed64ca94a041af1e5ea3169 7db3baf913fa35a92903eab84e5e31b8337278aa8e743f7e5dd13769c591febf 89b1e8ab7066810c39298c1125718819b8b7ea2abc75f86e62eadea05a8a5c36 d2e655cb805af1d54fce7838890d214a2a7e7112383adccdbdc2e648c9db7d1d 7f8575e7aa8c6c9070c1c245b737f939bc8edf272777f90d820229e000000000 000000000000000000000000000000000000000000004080f171d292e31` } } Acknowledgments TODO acknowledge. Authors' Addresses Sean Turner sn3rd Email: sean@sn3rd.com Panos Kampanakis AWS Email: kpanos@amazon.com Jake Massimo AWS Email: jakemas@amazon.com Bas Westerbaan Cloudflare Email: bas@westerbaan.name