Working with ASIC-E containers

eID Easy offers two libraries that provide tools for working with .asiceopen in new window containers:

  1. PHP: https://github.com/eideasy/eideasy-php/blob/master/src/Signatures/Asice.phpopen in new window
  2. Client side javascript: https://eideasy-browser-js.docs.eideasy.com/open in new window

If you wish to implement your own .asice handling functionality, then proceed to the next sections of this guide.

Terms

XAdES (XML Advanced Electronic Signatures)

eIDASopen in new window compliant flexible digital signature format in XML. Specifies the signed files (either by reference or by including the full file contents in XML) and the corresponding signees. A timestamp and an OCSPopen in new window might also be included. More info here https://en.wikipedia.org/wiki/XAdESopen in new window

ASIC-E (.asice, .scs, .bdoc, .adoc, .edoc, .ddoc)

An extremely useful digital signature packaging format that allows to add all the signed files and XAdES digital signatures together into one single digital signature container. You can read more about the ASIC-E format here: https://en.wikipedia.org/wiki/Associated_Signature_Containersopen in new window

The main advantage of .asice digital signatures over digitally signed PDF-s (CAdES, PAdES, PKCS7) is that you can sign any file format and many files at once.

The flexibility of ASIC-E and XAdES is a double-edged blade though - there's huge variety of different implementations. For example, even in the three small Baltic countries there are already more than 4 slightly different ASIC formats in use:

  • the Estonian .bdoc and .ddoc
  • the Latvian .edoc
  • the Lithuanian .adoc

Inspecting an ASIC-E container

You can use DigiDoc4 app to open and inspect .asice files. If DigiDoc4 shows the signatures as valid then you can be sure that any EU government institution will also accept this .asice container and signatures.

You can get DigiDoc4 from the following sources:

Creating a signed .asice container

.asice containers are pretty much just plain old ZIPopen in new window files albeit with a specific structure and contents. The common file structure of an .asice container looks like this:

mimetype
META-INF
|── manifest.xml
└── signatures0.xml
small.pdf
test.txt
  • file "mimetype" – Should be first entry in the ZIP and its content should be "application/vnd.etsi.asic-e+zip". Should be the first entry in the .asice digital signature container.
  • folder "META-INF" – This folder contains XAdES digital signatures
  • file "META-INF/manifest.xml" – This file contains the list of signed files
  • files "META-INF/signaturesXXX.xml" – This file represents a XAdES digital signature. Prefix must be "signatures" and XXX in this case is the unique signature ID. For example signatures0.xml or signaturesid-120675d44e5cd16c3009517417dd24e4.xml
  • The files referenced by manifest.xml in the root folder (in this example small.pdf and test.txt).

Now all you need to do is to put all of these files into one folder, zip it together and change the file extension to .asice like this: my-signed-container.asice.

You can take a look at these code bases for inspiration:

For reference a sample signed .asice container can be downloaded from hereopen in new window.

If DigiDoc4 app throws an error similar to this: "An error occurred while opening the document. ASiContainer.cpp:312 Failed to read mimetype". Then the mimetype is probably not the first entry in the zip file. Try some other ZIP client that might allow you to rearrange files inside the zip file or create the ZIP programmatically.

Examples

META-INF/manifest.xml

Assuming we are signing 2 files, test.txt and small.pdf, the manifest.xml will look like this:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<manifest:manifest xmlns:manifest="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0">
  <manifest:file-entry manifest:full-path="/" manifest:media-type="application/vnd.etsi.asic-e+zip"/>
  <manifest:file-entry manifest:full-path="test.txt" manifest:media-type="text/plain"/>
  <manifest:file-entry manifest:full-path="small.pdf" manifest:media-type="application/pdf"/>
</manifest:manifest>

META-INF/signaturesXXX.xml

Your META-INF/signaturesXXX.xml might look something like this:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<asic:XAdESSignatures xmlns:asic="http://uri.etsi.org/02918/v1.2.1#">
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="id-120675d44e5cd16c3009517417dd24e4">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
            <ds:Reference Id="r-id-120675d44e5cd16c3009517417dd24e4-1" URI="test.txt">
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>GJShnIW6FTrL90OsTkP8AEyJFgSyb4xp4eg+oq/HxI8=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference Id="r-id-120675d44e5cd16c3009517417dd24e4-2" URI="small.pdf">
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>rSsPezgyGh+H1zfsH743n9KUdaytnHsBqqC6D8rjlLk=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference Type="http://uri.etsi.org/01903#SignedProperties"
                          URI="#xades-id-120675d44e5cd16c3009517417dd24e4">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>b5yDRdMcGySK2ldJNeid/9NcFTlgRT39D2bnIgjHjK8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue Id="value-id-120675d44e5cd16c3009517417dd24e4">
            vR6ryvzNadabxX73Svoq+tv3h1DYJpk+JWBXeYAJyjWPNaEOOAda9aW06em3NNatqRGctOGnjMIbRE15N2KV274zaoURZNanqzIHXPct+OIKbbydopwKAuElVshIPPvR
        </ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>
                    MIIFwDCCA6igAwIBAgIQOMm/0JR7zi1aArcEgjE3PTANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxFzAVBgNVBAMMDkVTVEVJRC1TSyAyMDE1MB4XDTE3MTEwODA3NDkyNFoXDTIyMTAxMjIwNTk1OVowgZIxCzAJBgNVBAYTAkVFMQ8wDQYDVQQKDAZFU1RFSUQxGjAYBgNVBAsMEWRpZ2l0YWwgc2lnbmF0dXJlMSAwHgYDVQQDDBdQQUxBLE1BUkdVUywzODExMjA4NjAyNzENMAsGA1UEBAwEUEFMQTEPMA0GA1UEKgwGTUFSR1VTMRQwEgYDVQQFEwszODExMjA4NjAyNzB2MBAGByqGSM49AgEGBSuBBAAiA2IABCTuoJqEhmBs+VgHmY4IBMHgzzDWRwePn4L7icr8/9OJaVpW76AsmlEsq2cya49XsiYCy8GTtoek+/Yd/3W8yqlAdwEvLeOJHBFwIOcm408/QfgQlBF7WQpg0bTpymsIKKOCAewwggHoMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgZAMFQGA1UdIARNMEswPgYJKwYBBAHOHwEBMDEwLwYIKwYBBQUHAgEWI2h0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvb3JpdW0vQ1BTMAkGBwQAi+xAAQIwHQYDVR0OBBYEFFA+4NEGEp+075jA1gabUPt0yHAPMIGKBggrBgEFBQcBAwR+MHwwCAYGBACORgEBMAgGBgQAjkYBBDBRBgYEAI5GAQUwRzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3ItdXNlLW9mLWNlcnRpZmljYXRlcy8TAkVOMBMGBgQAjkYBBjAJBgcEAI5GAQYBMB8GA1UdIwQYMBaAFLOriLyZ1WKkhSoIzbQdcjuDckdRMGoGCCsGAQUFBwEBBF4wXDAnBggrBgEFBQcwAYYbaHR0cDovL2FpYS5zay5lZS9lc3RlaWQyMDE1MDEGCCsGAQUFBzAChiVodHRwOi8vYy5zay5lZS9FU1RFSUQtU0tfMjAxNS5kZXIuY3J0MDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly93d3cuc2suZWUvY3Jscy9lc3RlaWQvZXN0ZWlkMjAxNS5jcmwwDQYJKoZIhvcNAQELBQADggIBAAsPR6S9fyeZ9T8mCpidsx7tIhjRwZ+rkJnB849B2J+tv59yxSA98xV+/cgNnJXTfMmfHuzxdwlifTbWqcSvHsGqMs6BjPX5c4MJlJS+z47HffRpKI1wthctyAlHKIzG+hA2CTlHZBwQ00v4bdjhBFrEam5gAgkjnw3E5iqwLNwxWanqvm/pHyYKDTsCCuag4TgeMDUvkMS3ZeYBbJUAcFg7UXk1nInDR1tZ8E1dAvVScYYkieTiOXNNG61znhP8TF1IQieq0+oP6c6MAsFGYgXJXIef0vx1bYuV9gr416aoQ4IHoFZvYXdM2FwLRkA7gg+d4lcTG7XM9hBUf3a8rwF26WTbY7pnEvLd5oi8m3fzjdvdgwhCYRstXKSPSCUbCB8EnQWoYDWcrycioRCv071HUjey2a2qMmki3e5In7W/ezCBnBV/38Hx8N4zJIt7UlOUs9RsQd28OL+xrB7ufZ+qQxFFKU+9ozT8W1EDBD0cXA+GS6B06Lb4NVN/0kcqw12rAMgglWN+ZDKU2tXdQlkCTbkMdt794zf0CNqW0DbYJoPXfOgxX13A7bNHmB9WgbCcDEginZi4j56I0zr7gkZ/Qzw5/rv5mxcYBZcuPtGeYPbCgE7LJKffYnUS667XLKxMZg4eJyG5jAOlpm4gvLw1bOeEQk477uarpTtTfkfg
                </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
        <ds:Object>
            <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#"
                                        Target="#id-120675d44e5cd16c3009517417dd24e4">
                <xades:SignedProperties Id="xades-id-120675d44e5cd16c3009517417dd24e4">
                    <xades:SignedSignatureProperties>
                        <xades:SigningTime>2020-12-28T15:23:49Z</xades:SigningTime>
                        <xades:SigningCertificateV2>
                            <xades:Cert>
                                <xades:CertDigest>
                                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                                    <ds:DigestValue>
                                        eqGnRs8YAtlVft1jCPcMio22fVFnVK8dzwyXLpt4AzT12NvdyDwaLozW97HZ+sA/wvPrTLwloFtaoOWYqS63AA==
                                    </ds:DigestValue>
                                </xades:CertDigest>
                                <xades:IssuerSerialV2>
                                    MHswZ6RlMGMxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEXMBUGA1UEAwwORVNURUlELVNLIDIwMTUCEDjJv9CUe84tWgK3BIIxNz0=
                                </xades:IssuerSerialV2>
                            </xades:Cert>
                        </xades:SigningCertificateV2>
                    </xades:SignedSignatureProperties>
                    <xades:SignedDataObjectProperties>
                        <xades:DataObjectFormat ObjectReference="#r-id-120675d44e5cd16c3009517417dd24e4-1">
                            <xades:MimeType>text/plain</xades:MimeType>
                        </xades:DataObjectFormat>
                        <xades:DataObjectFormat ObjectReference="#r-id-120675d44e5cd16c3009517417dd24e4-2">
                            <xades:MimeType>application/pdf</xades:MimeType>
                        </xades:DataObjectFormat>
                    </xades:SignedDataObjectProperties>
                </xades:SignedProperties>
                <xades:UnsignedProperties>
                    <xades:UnsignedSignatureProperties>
                        <xades:SignatureTimeStamp Id="TS-751d0b8f-ea0b-47c6-afcb-0ca82a1f7bc6">
                            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            <xades:EncapsulatedTimeStamp Id="ETS-751d0b8f-ea0b-47c6-afcb-0ca82a1f7bc6">
                                MIIIRgYJKoZIhvcNAQcCoIIINzCCCDMCAQMxDzANBglghkgBZQMEAgMFADCB9AYLKoZIhvcNAQkQAQSggeQEgeEwgd4CAQEGBgQAj2cBATAxMA0GCWCGSAFlAwQCAQUABCBTDZW6hmZGrTfA2PSxKBNk+xzYGutnvrhJAaP+eAyhSwIIea1bXI6X7VQYDzIwMjAxMjI4MTUyMzU2WjADAgEBoH6kfDB6MScwJQYDVQQDDB5TSyBUSU1FU1RBTVBJTkcgQVVUSE9SSVRZIDIwMjAxFzAVBgNVBGEMDk5UUkVFLTEwNzQ3MDEzMQwwCgYDVQQLDANUU0ExGzAZBgNVBAoMElNLIElEIFNvbHV0aW9ucyBBUzELMAkGA1UEBhMCRUWgggQaMIIEFjCCAv6gAwIBAgIQYjZ9dFrZQ6tdpFC5Xj/6bjANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMB4XDTE5MTIzMTIyMDAwMFoXDTI0MTIzMTIyMDAwMFowejEnMCUGA1UEAwweU0sgVElNRVNUQU1QSU5HIEFVVEhPUklUWSAyMDIwMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEMMAoGA1UECwwDVFNBMRswGQYDVQQKDBJTSyBJRCBTb2x1dGlvbnMgQVMxCzAJBgNVBAYTAkVFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdOHoO/xEAXVYd6m64QhKHoNZhT5L+wEkO59DH4K8lW1r//kEJusfY60zDY8o9s96HYACcQOR9Yltg3T3neqRZJ5GEPt5uFzCWzuSdyxIWMacxu/sSYaln4bqbCd97ML4qVdvwPGLNGRu8Utuy0JyhyuoBICHUcgyw1O2ATlc+95zdhGvKq15gazGXTpVUYgLpInkChp1ojZCv/WFdKN3dNGB5tqn3xsdfUfGDWxe4gLFFLeXjxo0pT2Y+5hJF1+r+PllZRnu1LKXEcrHxeyyZ+KL6wSLUyvfxZ++5hd0wR1pCnVgZ+hfYaGZ+YGRJXtiIA8DFqeKZ6qAhA8a6v99QIDAQABo4GcMIGZMA4GA1UdDwEB/wQEAwIGwDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUqD4KKP6RKqGdYfXNlT35pc1GkjEwHwYDVR0jBBgwFoAUEvJaPupWHL/NBqzx8SXJqUvUFJkwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vYWlhLnNrLmVlL0NBMA0GCSqGSIb3DQEBCwUAA4IBAQAJ06Qp/kiOhcNbEsDUVGfLuVycKjEbrGGMWnAj18S08aWx7ijXtDD9mY5CxtRUl9IbjB/eyl/Rt8RDVURtIioiNckkxC/bOHxiCj2WNCvRxo8GT/qn4M1vV/Sy8vwx/ZlYsZrlRnuo7/dqPsQyxIgRGbUp12bVKO4KQb4DNOcA6KDwcPd2zv4nBT/4XW7qD07spW9LPVKEvsOU1MV1tznjD0lC5ZL67FdB8kKEJCbbNfqVLVBOYjBopct5qzTLLPB5LTmV8I281XzTEqeFxbFy+wo7VOT6K36OYSd+9CnPn2M/l6VfrSCi3OvaWcq+lggGR1kQzDsS4lN1JoyZqd39MYIDBjCCAwICAQEwgYkwdTELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxKDAmBgNVBAMMH0VFIENlcnRpZmljYXRpb24gQ2VudHJlIFJvb3QgQ0ExGDAWBgkqhkiG9w0BCQEWCXBraUBzay5lZQIQYjZ9dFrZQ6tdpFC5Xj/6bjANBglghkgBZQMEAgMFAKCCAU0wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0yMDEyMjgxNTIzNTZaME8GCSqGSIb3DQEJBDFCBECzIzbtcKwdrvZfIWa/7dhcnvAjYXOXTLrSW+rLb8zCYCyX22v91DvaUNIYt9ogscePPFH8DX52CWYjnPiKfeesMIG/BgsqhkiG9w0BCRACDDGBrzCBrDCBqTCBpgQUHLMJmQCz8y/M0+v/p7XW5B0BxdUwgY0weaR3MHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUCEGI2fXRa2UOrXaRQuV4/+m4wDQYJKoZIhvcNAQENBQAEggEAlaJkoii6TffPsqsjCFlpKN9pkSi4URsYbMNx9ZmO79oJhBJx6CrOejwO+QNC400tWtsPNfRoAnPHsr29KuNBVg2T5NO45AUmiD6BhjacBPe6lY1v8n3NdwsLYUaXa687SO7dS+9GawZShnG3tc32sqkQzDa2891zljVOgEkomig3RL0Mwm74ugwd0ctt3eV5kcQ7wDLca733V2tyEnTCuBOsb/cXVekCOdj8bD/DmLScnLPbNWJCYYz2ZB81qXXdvr8SNiWP10rXIxV374x1sV3UKyUQ4j0aBsrQjO/YIBbjGm/n4laJYD4LDfWWKEJjTumIcgm4YmFnLXB8Qusvbg==
                            </xades:EncapsulatedTimeStamp>
                        </xades:SignatureTimeStamp>
                        <xades:CertificateValues>
                            <xades:EncapsulatedX509Certificate>
                                MIIEFjCCAv6gAwIBAgIQYjZ9dFrZQ6tdpFC5Xj/6bjANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMB4XDTE5MTIzMTIyMDAwMFoXDTI0MTIzMTIyMDAwMFowejEnMCUGA1UEAwweU0sgVElNRVNUQU1QSU5HIEFVVEhPUklUWSAyMDIwMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEMMAoGA1UECwwDVFNBMRswGQYDVQQKDBJTSyBJRCBTb2x1dGlvbnMgQVMxCzAJBgNVBAYTAkVFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdOHoO/xEAXVYd6m64QhKHoNZhT5L+wEkO59DH4K8lW1r//kEJusfY60zDY8o9s96HYACcQOR9Yltg3T3neqRZJ5GEPt5uFzCWzuSdyxIWMacxu/sSYaln4bqbCd97ML4qVdvwPGLNGRu8Utuy0JyhyuoBICHUcgyw1O2ATlc+95zdhGvKq15gazGXTpVUYgLpInkChp1ojZCv/WFdKN3dNGB5tqn3xsdfUfGDWxe4gLFFLeXjxo0pT2Y+5hJF1+r+PllZRnu1LKXEcrHxeyyZ+KL6wSLUyvfxZ++5hd0wR1pCnVgZ+hfYaGZ+YGRJXtiIA8DFqeKZ6qAhA8a6v99QIDAQABo4GcMIGZMA4GA1UdDwEB/wQEAwIGwDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUqD4KKP6RKqGdYfXNlT35pc1GkjEwHwYDVR0jBBgwFoAUEvJaPupWHL/NBqzx8SXJqUvUFJkwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vYWlhLnNrLmVlL0NBMA0GCSqGSIb3DQEBCwUAA4IBAQAJ06Qp/kiOhcNbEsDUVGfLuVycKjEbrGGMWnAj18S08aWx7ijXtDD9mY5CxtRUl9IbjB/eyl/Rt8RDVURtIioiNckkxC/bOHxiCj2WNCvRxo8GT/qn4M1vV/Sy8vwx/ZlYsZrlRnuo7/dqPsQyxIgRGbUp12bVKO4KQb4DNOcA6KDwcPd2zv4nBT/4XW7qD07spW9LPVKEvsOU1MV1tznjD0lC5ZL67FdB8kKEJCbbNfqVLVBOYjBopct5qzTLLPB5LTmV8I281XzTEqeFxbFy+wo7VOT6K36OYSd+9CnPn2M/l6VfrSCi3OvaWcq+lggGR1kQzDsS4lN1JoyZqd39
                            </xades:EncapsulatedX509Certificate>
                            <xades:EncapsulatedX509Certificate>
                                MIIGcDCCBVigAwIBAgIQRUgJC4ec7yFWcqzT3mwbWzANBgkqhkiG9w0BAQwFADB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMCAXDTE1MTIxNzEyMzg0M1oYDzIwMzAxMjE3MjM1OTU5WjBjMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxFzAVBgNVBAMMDkVTVEVJRC1TSyAyMDE1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0oH61NDxbdW9k8nLA1qGaL4B7vydod2Ewp/STBZB3wEtIJCLdkpEsS8pXfFiRqwDVsgGGbu+Q99trlb5LI7yi7rIkRov5NftBdSNPSU5rAhYPQhvZZQgOwRaHa5Ey+BaLJHmLqYQS9hQvQsCYyws+xVvNFUpK0pGD64iycqdMuBl/nWq3fLuZppwBh0VFltm4nhr/1S0R9TRJpqFUGbGr4OK/DwebQ5PjhdS40gCUNwmC7fPQ4vIH+x+TCk2aG+u3MoAz0IrpVWqiwzG/vxreuPPAkgXeFCeYf6fXLsGz4WivsZFbph2pMjELu6sltlBXfAG3fGv43t91VXicyzR/eT5dsB+zFsW1sHV+1ONPr+qzgDxCH2cmuqoZNfIIq+buob3eA8ee+XpJKJQr+1qGrmhggjvAhc7m6cU4x/QfxwRYhIVNhJf+sKVThkQhbJ9XxuKk3c18wymwL1mpDD0PIGJqlssMeiuJ4IzagFbgESGNDUd4icm0hQT8CmQeUm1GbWeBYseqPhMQX97QFBLXJLVy2SCyoAz7Bq1qA43++EcibN+yBc1nQs2Zoq8ck9MK0bCxDMeUkQUz6VeQGp69ImOQrsw46qTz0mtdQrMSbnkXCuLan5dPm284J9HmaqiYi6j6KLcZ2NkUnDQFesBVlMEm+fHa2iR6lnAFYZ06UECAwEAAaOCAgowggIGMB8GA1UdIwQYMBaAFBLyWj7qVhy/zQas8fElyalL1BSZMB0GA1UdDgQWBBSzq4i8mdVipIUqCM20HXI7g3JHUTAOBgNVHQ8BAf8EBAMCAQYwdwYDVR0gBHAwbjAIBgYEAI96AQIwCQYHBACL7EABAjAwBgkrBgEEAc4fAQEwIzAhBggrBgEFBQcCARYVaHR0cHM6Ly93d3cuc2suZWUvQ1BTMAsGCSsGAQQBzh8BAjALBgkrBgEEAc4fAQMwCwYJKwYBBAHOHwEEMBIGA1UdEwEB/wQIMAYBAf8CAQAwQQYDVR0eBDowOKE2MASCAiIiMAqHCAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCcGA1UdJQQgMB4GCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwQwfAYIKwYBBQUHAQEEcDBuMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5zay5lZS9DQTBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5zay5lZS9jZXJ0cy9FRV9DZXJ0aWZpY2F0aW9uX0NlbnRyZV9Sb290X0NBLmRlci5jcnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvZWVjY3JjYS5jcmwwDQYJKoZIhvcNAQEMBQADggEBAHRWDGI3P00r2sOnlvLHKk9eE7X93eT+4e5TeaQsOpE5zQRUTtshxN8Bnx2ToQ9rgi18q+MwXm2f0mrGakYYG0bix7ZgDQvCMD/kuRYmwLGdfsTXwh8KuL6uSHF+U/ZTss6qG7mxCHG9YvebkN5Yj/rYRvZ9/uJ9rieByxw4wo7b19p22PXkAkXP5y3+qK/Oet98lqwI97kJhiS2zxFYRk+dXbazmoVHnozYKmsZaSUvoYNNH19tpS7BLdsgi9KpbvQLb5ywIMq9ut3+b2Xvzq8yzmHMFtLIJ6Afu1jJpqD82BUAFcvi5vhnP8M7b974R18WCOpgNQvXDI+2/8ZINeU=
                            </xades:EncapsulatedX509Certificate>
                            <xades:EncapsulatedX509Certificate>
                                MIIFPTCCAyWgAwIBAgIQDBSj4ibugKJfkf0PJv5snDANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxFzAVBgNVBAMMDkVTVEVJRC1TSyAyMDE1MB4XDTIwMTEzMDIxMDAwMFoXDTIxMDEwNDIxMDAwMFowdjExMC8GA1UEAwwoRVNURUlELVNLIDIwMTUgQUlBIE9DU1AgUkVTUE9OREVSIDIwMjAxMjEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxGzAZBgNVBAoMElNLIElEIFNvbHV0aW9ucyBBUzELMAkGA1UEBhMCRUUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChLU5fu/KXBsqG2Cmm0aD65mh5THRt8zpPahMXHq/imRdqeYcZH6PWoUqZrTlVOq1IAL2fDmqufAp5A08DT9mw/dYOEMafjqLZ8R3CZw5jSEDFJBaqtAg2Ne4mAXlc8EnojsofrOuxISD0oItNrbTVE3LFnfGPsNm0TxJPSt6Z6m+7UecX6h9S3tBL52DlPD8AKtm7llBUklhnARC6sc7edz6B5qtCze1MywzQj1Ghm5UpvDyz+V7N/LkqbRqvngygIz0+xksU2pzsC7eT+bNf0F2KxVkdUTh0YWp2wEKO3XbCqd/2ZrK0Xk7xQiZ60pcQQuVyCmTKnkw40lECAaTTAgMBAAGjgdkwgdYwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBRH2UG6rBrCTTuv27rwSOc3Alc8PjAfBgNVHSMEGDAWgBSzq4i8mdVipIUqCM20HXI7g3JHUTBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAKGMWh0dHBzOi8vc2suZWUvdXBsb2FkL2ZpbGVzL0VTVEVJRC1TS18yMDE1LmRlci5jcnQwDAYDVR0TAQH/BAIwADAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3DQEBCwUAA4ICAQA8K94P2I900VVBtDySl8FvqWzAnzZYBa3ZRavucbcKz9igK0tevGqf7ApGGFOofz9UPiRajtFWXs1wfu1TbUVH1P1aZTO4Y701WGoz5QCzDsukYm8ybBuAL1AdyI6aKzSbZ6g2qDTxQfsR/9d9FpyJsy8vN+C0dztyLudDuHHMbTnK9QxERbeLgUKblC8BRSVNc7NU37JanGpbtr2+kvG8Y1nRdB9R3KC/PSun+DzyxseE5Un0tExDRge0AaiWb7bjD4khhGXYF9z7Eu913k5BobtJEwd449Dsa+edTyOVHVS5aQvobkaywTPO+1kl6TppE9WM5BMkwSVqQCQO/h1XRMYQhwsAAT6tPiK6tCQR889U7XBictq1PkigxWmFWAZ28bPkDDZLBzidAYvRHC9grdhRgTM88fQ9zYrv6JJuAYBjScbr2xn8nc6W7+/S5hj8nim5cl1HrDWrI9GF+CCvOJdER3QhDdIYlEs6F0+sG+SIDRsQcHyXN4I7fzWb+eVs8Bxl9oWub7kq5OX144AhCA3/IyjYAyZL90gx7e4vsgelS6BH3X+a+0Eimq0u519RiJSHMK5JLY+45icqg8ij4NCNh26/zHoQpMnA0Q4sSY1QG5LWn+lNnTpaHZbz89Ay7WIIn0t5yVKLp/QMrrRd8y9YsnBG61hRMp/KFiLs+Q==
                            </xades:EncapsulatedX509Certificate>
                            <xades:EncapsulatedX509Certificate>
                                MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEyMTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUyeuuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvObntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIwWFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/dMtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGVv9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQGE5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5uuSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/vGVCJYMzpJJUPwssd8m92kMfMdcGWxZ0=
                            </xades:EncapsulatedX509Certificate>
                        </xades:CertificateValues>
                        <xades:RevocationValues>
                            <xades:OCSPValues>
                                <xades:EncapsulatedOCSPValue>
                                    MIIHlgoBAKCCB48wggeLBgkrBgEFBQcwAQEEggd8MIIHeDCCAReheDB2MTEwLwYDVQQDDChFU1RFSUQtU0sgMjAxNSBBSUEgT0NTUCBSRVNQT05ERVIgMjAyMDEyMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMQswCQYDVQQGEwJFRRgPMjAyMDEyMjgxNTIzNThaMIGFMIGCMEkwCQYFKw4DAhoFAAQU/ycPpUs92lD7/iLb2ohCQQ7zE+4EFLOriLyZ1WKkhSoIzbQdcjuDckdRAhA4yb/QlHvOLVoCtwSCMTc9gAAYDzIwMjAxMjI4MTUyMzU4WqEiMCAwHgYJKwYBBQUHMAEGBBEYDzIwMTUxMjE3MTIzODQzWqECMAAwDQYJKoZIhvcNAQELBQADggEBAHDwPukBrxWXHXbGsRAfZlvqjN9ctrUlEQOTxISwSvpYJlhxPOQySeqMeB3ZLaa6Q2g6vjYYznPFUQMsPdiVRQ4GDEH6RPk4L7ZLoMygRdAJJR4J+seItjIrmw8lUjc6kcE817G/+TU3iNyk4U8TUeDLsa1kgiZF4xigW76tjyg85JdUXqTOvuXkuTduWLeAsFWxv496DeVTDLutblzmidn99TrR+7Bitw1cz0Os4ItsdD06WuETa5XRk51KsD1e1fcL96NExsIq8g415KtdPT68l97AGOtBMht8KtxU9zBhOJRfLzbEzl953mRsGrfIQbl8STtlqXSORTtwplkq3KmgggVFMIIFQTCCBT0wggMloAMCAQICEAwUo+Im7oCiX5H9Dyb+bJwwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxFzAVBgNVBGEMDk5UUkVFLTEwNzQ3MDEzMRcwFQYDVQQDDA5FU1RFSUQtU0sgMjAxNTAeFw0yMDExMzAyMTAwMDBaFw0yMTAxMDQyMTAwMDBaMHYxMTAvBgNVBAMMKEVTVEVJRC1TSyAyMDE1IEFJQSBPQ1NQIFJFU1BPTkRFUiAyMDIwMTIxFzAVBgNVBGEMDk5UUkVFLTEwNzQ3MDEzMRswGQYDVQQKDBJTSyBJRCBTb2x1dGlvbnMgQVMxCzAJBgNVBAYTAkVFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoS1OX7vylwbKhtgpptGg+uZoeUx0bfM6T2oTFx6v4pkXanmHGR+j1qFKma05VTqtSAC9nw5qrnwKeQNPA0/ZsP3WDhDGn46i2fEdwmcOY0hAxSQWqrQINjXuJgF5XPBJ6I7KH6zrsSEg9KCLTa201RNyxZ3xj7DZtE8ST0remepvu1HnF+ofUt7QS+dg5Tw/ACrZu5ZQVJJYZwEQurHO3nc+gearQs3tTMsM0I9RoZuVKbw8s/lezfy5Km0ar54MoCM9PsZLFNqc7Au3k/mzX9BdisVZHVE4dGFqdsBCjt12wqnf9maytF5O8UImetKXEELlcgpkyp5MONJRAgGk0wIDAQABo4HZMIHWMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCTAdBgNVHQ4EFgQUR9lBuqwawk07r9u68EjnNwJXPD4wHwYDVR0jBBgwFoAUs6uIvJnVYqSFKgjNtB1yO4NyR1EwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzAChjFodHRwczovL3NrLmVlL3VwbG9hZC9maWxlcy9FU1RFSUQtU0tfMjAxNS5kZXIuY3J0MAwGA1UdEwEB/wQCMAAwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAgEAPCveD9iPdNFVQbQ8kpfBb6lswJ82WAWt2UWr7nG3Cs/YoCtLXrxqn+wKRhhTqH8/VD4kWo7RVl7NcH7tU21FR9T9WmUzuGO9NVhqM+UAsw7LpGJvMmwbgC9QHciOmis0m2eoNqg08UH7Ef/XfRacibMvLzfgtHc7ci7nQ7hxzG05yvUMREW3i4FCm5QvAUUlTXOzVN+yWpxqW7a9vpLxvGNZ0XQfUdygvz0rp/g88sbHhOVJ9LRMQ0YHtAGolm+24w+JIYRl2Bfc+xLvdd5OQaG7SRMHeOPQ7GvnnU8jlR1UuWkL6G5GssEzzvtZJek6aRPVjOQTJMElakAkDv4dV0TGEIcLAAE+rT4iurQkEfPPVO1wYnLatT5IoMVphVgGdvGz5Aw2Swc4nQGL0RwvYK3YUYEzPPH0Pc2K7+iSbgGAY0nG69sZ/J3Olu/v0uYY/J4puXJdR6w1qyPRhfggrziXREd0IQ3SGJRLOhdPrBvkiA0bEHB8lzeCO381m/nlbPAcZfaFrm+5KuTl9eOAIQgN/yMo2AMmS/dIMe3uL7IHpUugR91/mvtBIpqtLudfUYiUhzCuSS2PuOYnKoPIo+DQjYduv8x6EKTJwNEOLEmNUBuS1p/pTZ06Wh2W8/PQMu1iCJ9LeclSi6f0DK60XfMvWLJwRutYUTKfyhYi7Pk=
                                </xades:EncapsulatedOCSPValue>
                            </xades:OCSPValues>
                        </xades:RevocationValues>
                    </xades:UnsignedSignatureProperties>
                </xades:UnsignedProperties>
            </xades:QualifyingProperties>
        </ds:Object>
    </ds:Signature>
</asic:XAdESSignatures>
Last Updated: