Here is the output of validation
# certutil -V -u V -d /etc/pki/pki-tomcat/alias -n 'Server-Cert cert-pki-ca' -e -f /etc/pki/pki-tomcat/alias/pwdfile.txt certutil: certificate is valid
And for the asn.1 of the Audit, OCSP, Subsystem, and RA certs
$ openssl asn1parse -inform pem -in audit.crt 37:d=5 hl=2 l= 3 prim: OBJECT :organizationName 42:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET 58:d=3 hl=2 l= 30 cons: SET 60:d=4 hl=2 l= 28 cons: SEQUENCE 62:d=5 hl=2 l= 3 prim: OBJECT :commonName 67:d=5 hl=2 l= 21 prim: UTF8STRING :Certificate Authority 90:d=2 hl=2 l= 30 cons: SEQUENCE 92:d=3 hl=2 l= 13 prim: UTCTIME :240403113826Z 107:d=3 hl=2 l= 13 prim: UTCTIME :340401113826Z 122:d=2 hl=2 l= 44 cons: SEQUENCE 124:d=3 hl=2 l= 23 cons: SET 126:d=4 hl=2 l= 21 cons: SEQUENCE 128:d=5 hl=2 l= 3 prim: OBJECT :organizationName 133:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET 149:d=3 hl=2 l= 17 cons: SET 151:d=4 hl=2 l= 15 cons: SEQUENCE 153:d=5 hl=2 l= 3 prim: OBJECT :commonName 158:d=5 hl=2 l= 8 prim: UTF8STRING :CA Audit
$ openssl asn1parse -inform pem -in subsystem.crt 37:d=5 hl=2 l= 3 prim: OBJECT :organizationName 42:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET 58:d=3 hl=2 l= 30 cons: SET 60:d=4 hl=2 l= 28 cons: SEQUENCE 62:d=5 hl=2 l= 3 prim: OBJECT :commonName 67:d=5 hl=2 l= 21 prim: UTF8STRING :Certificate Authority 90:d=2 hl=2 l= 30 cons: SEQUENCE 92:d=3 hl=2 l= 13 prim: UTCTIME :240403113547Z 107:d=3 hl=2 l= 13 prim: UTCTIME :340401113547Z 122:d=2 hl=2 l= 48 cons: SEQUENCE 124:d=3 hl=2 l= 23 cons: SET 126:d=4 hl=2 l= 21 cons: SEQUENCE 128:d=5 hl=2 l= 3 prim: OBJECT :organizationName 133:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET 149:d=3 hl=2 l= 21 cons: SET 151:d=4 hl=2 l= 19 cons: SEQUENCE 153:d=5 hl=2 l= 3 prim: OBJECT :commonName 158:d=5 hl=2 l= 12 prim: UTF8STRING :CA Subsystem
$ openssl asn1parse -inform pem -in ocsp.crt 37:d=5 hl=2 l= 3 prim: OBJECT :organizationName 42:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET 58:d=3 hl=2 l= 30 cons: SET 60:d=4 hl=2 l= 28 cons: SEQUENCE 62:d=5 hl=2 l= 3 prim: OBJECT :commonName 67:d=5 hl=2 l= 21 prim: UTF8STRING :Certificate Authority 90:d=2 hl=2 l= 30 cons: SEQUENCE 92:d=3 hl=2 l= 13 prim: UTCTIME :240403113248Z 107:d=3 hl=2 l= 13 prim: UTCTIME :340401113248Z 122:d=2 hl=2 l= 50 cons: SEQUENCE 124:d=3 hl=2 l= 23 cons: SET 126:d=4 hl=2 l= 21 cons: SEQUENCE 128:d=5 hl=2 l= 3 prim: OBJECT :organizationName 133:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET 149:d=3 hl=2 l= 23 cons: SET 151:d=4 hl=2 l= 21 cons: SEQUENCE 153:d=5 hl=2 l= 3 prim: OBJECT :commonName 158:d=5 hl=2 l= 14 prim: UTF8STRING :OCSP Subsystem
$ openssl asn1parse -inform pem -in ra-agent.pem 37:d=5 hl=2 l= 3 prim: OBJECT :organizationName 42:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET 58:d=3 hl=2 l= 30 cons: SET 60:d=4 hl=2 l= 28 cons: SEQUENCE 62:d=5 hl=2 l= 3 prim: OBJECT :commonName 67:d=5 hl=2 l= 21 prim: UTF8STRING :Certificate Authority 90:d=2 hl=2 l= 30 cons: SEQUENCE 92:d=3 hl=2 l= 13 prim: UTCTIME :240322132444Z 107:d=3 hl=2 l= 13 prim: UTCTIME :260312132444Z 122:d=2 hl=2 l= 42 cons: SEQUENCE 124:d=3 hl=2 l= 23 cons: SET 126:d=4 hl=2 l= 21 cons: SEQUENCE 128:d=5 hl=2 l= 3 prim: OBJECT :organizationName 133:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET 149:d=3 hl=2 l= 15 cons: SET 151:d=4 hl=2 l= 13 cons: SEQUENCE 153:d=5 hl=2 l= 3 prim: OBJECT :commonName 158:d=5 hl=2 l= 6 prim: PRINTABLESTRING :IPA RA
I tried a resubmit on the ra-agent cert with getcert and this was the result
Request ID '20190322032004': status: CA_UNREACHABLE ca-error: Error 35 connecting to https://ipa1-sea2.ipa.****.net:8443/ca/agent/ca/profileReview: SSL connect error. stuck: no