1 2 3 4 5
basicConstraints = CA:true keyUsage = cRLSign, keyCertSign subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always