CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client
Authentication
This can be reproduced with an OpenSSL command line like this,
assuming kx3-by-root-ca.crt is the certificate file:
openssl x509 -in kx3-by-root-ca.crt -noout -text
Appendix E: Certificate Requirements
211