AC CAIXA - WebTrust for CA Report-Management Assertion

Prévia do material em texto

PKI Consulting 
Av. Borges de Medeiros, 2500/1402 
Praia de Belas - Porto Alegre - RS 90110.150 
Fone: (51) 3398 5740 
www.pkiconsulting.com 
 
 
 
Independent Assurance Report 
 
To the Management of CAIXA ECONÔMICA FEDERAL – Certificate Authority: 
 
Scope 
We have been engaged, in a reasonable assurance engagement, to report on CAIXA 
ECONÔMICA FEDERAL (CAIXA-CA) management’s assertion, that for its Certification 
Authority (CA) services in Brazil for AC CAIXA and the subordinated CAs presented in the 
appendix A, during the period January 1st 2018 through December 31th 2018, CAIXA-CA has: 
• disclosed its Business, Key Life Cycle Management, Certificate Life Cycle Management, 
and CA Environmental Control practices in its: 
o Certification Practice Statement 
• maintained effective controls to provide reasonable assurance that: 
o CAIXA-CA’s Certification Practice Statement is consistent with its Certificate Policy 
o CAIXA-CA provides its services in accordance with its Certificate Policy and 
Certification Practice Statement 
• maintained effective controls to provide reasonable assurance that: 
o The integrity of keys and certificates it manages is established and protected 
throughout their life cycles; 
o The integrity of subscriber keys and certificates it manages is established and 
protected throughout their life cycles; 
o The Subscriber information is properly authenticated (for the registration activities 
performed by CAIXA-CA); and 
o Subordinate CA certificate requests are accurate, authenticated, and approved 
• maintained effective controls to provide reasonable assurance that: 
o Logical and physical access to CA systems and data was restricted to authorized 
individuals; 
o The continuity of key and certificate management operations was maintained; and 
o CA systems development, maintenance and operations were properly authorized 
and performed to maintain CA systems integrity. 
in accordance with the WebTrust Services Principles and Criteria for Certification Authorities, 
Version 2.1 
CAIXA-CA makes use of external registration authorities for specific subscriber registration 
activities as disclosed in CAIXA-CA’s business practices. Our procedures did not extend to 
the controls exercised by these external registration authorities. 
CAIXA-CA does not escrow its CA keys, does not provide subscriber key generation 
services, and does not provide certificate suspension services. Accordingly, our procedures 
did not extend to controls that would address those criteria. 
 
Certification authority’s responsibilities 
CAIXA-CA’s management is responsible for its assertion, including the fairness of its 
presentation, and the provision of its described services in accordance with the WebTrust 
Services Principles and Criteria for Certification Authorities, Version 2.1 
 
 
 
https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/principles-and-criteria-for-certification-authorities-v2-1.pdf?la=en&hash=7E2A90C62FA0BB6ED1580E8AA08405AF9346E85A
https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/principles-and-criteria-for-certification-authorities-v2-1.pdf?la=en&hash=7E2A90C62FA0BB6ED1580E8AA08405AF9346E85A
https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/principles-and-criteria-for-certification-authorities-v2-1.pdf?la=en&hash=7E2A90C62FA0BB6ED1580E8AA08405AF9346E85A
https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/principles-and-criteria-for-certification-authorities-v2-1.pdf?la=en&hash=7E2A90C62FA0BB6ED1580E8AA08405AF9346E85A
https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/principles-and-criteria-for-certification-authorities-v2-1.pdf?la=en&hash=7E2A90C62FA0BB6ED1580E8AA08405AF9346E85A
https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/principles-and-criteria-for-certification-authorities-v2-1.pdf?la=en&hash=7E2A90C62FA0BB6ED1580E8AA08405AF9346E85A
http://certificadodigital.caixa.gov.br/documentos/dpcac-caixa.pdf
 
PKI Consulting 
Av. Borges de Medeiros, 2500/1402 
Praia de Belas - Porto Alegre - RS 90110.150 
Fone: (51) 3398 5740 
www.pkiconsulting.com 
 
Our independence and quality control 
We have complied with the independence and other ethical requirements of the Code of 
Ethics for Professional Accountants issued by the International Ethics Standards Board for 
Accountants, which is founded on fundamental principles of integrity, objectivity, professional 
competence and due care confidentiality and professional behavior. 
The firm applies International Standard on Quality Control 1, and accordingly maintains a 
comprehensive system of quality control including documented policies and procedures 
regarding compliance with ethical requirements, professional standards and applicable legal 
and regulatory requirements. 
 
Auditor’s responsibilities 
Our responsibility is to express an opinion on management’s assertion based on our 
procedures. 
We conducted our procedures in accordance with International Standard on Assurance 
Engagements 3000, Assurance Engagements Other than Audits or Reviews of Historical 
Financial Information, issued by the International Auditing and Assurance Standards Board. 
This standard requires that we plan and perform our procedures to obtain reasonable 
assurance about whether, in all material respects, management’s assertion is fairly stated, 
and, accordingly, included: 
1. obtaining an understanding of CAIXA-CA’s key and certificate life cycle management 
business practices and its controls over key and certificate integrity, over the 
authenticity and privacy of subscriber and relying party information, over the 
continuity of key and certificate life cycle management operations, and over 
development, maintenance, and operation of systems integrity; 
2. selectively testing transactions executed in accordance with disclosed key and 
certificate life cycle management business practices; 
3. testing and evaluating the operating effectiveness of the controls; and, 
4. performing such other procedures as we considered necessary in the circumstances. 
We believe that our examination provides a reasonable basis for our opinion. 
CAIXA-CA’s makes use of external registration authorities for specific subscriber registration 
activities as disclosed in CAIXA-CA’s business practices. Our examination did not extend to 
the controls exercised by the external registration authorities. 
We believe that the evidence we have obtained is sufficient and appropriate to provide a 
basis for our opinion. 
 
Relative effectiveness of controls 
The relative effectiveness and significance of specific controls at CAIXA-CA and their effect 
on assessments of control risk for subscribers and relying parties are dependent on their 
interaction with the controls and other factors present at individual subscriber and relying 
party locations. We have performed no procedures to evaluate the effectiveness of controls 
at individual subscriber and relying party locations. 
 
Inherent limitations 
Because of the nature and inherent limitations of controls, CAIXA-CA’s ability to meet the 
aforementioned criteria may be affected. For example, controls may not prevent, or detect 
and correct, error, fraud, unauthorized access to systems and information or failure to comply 
with internal and external policies or requirements. Also, the projection of any conclusions 
based on our findings to future periods is subject to the risk that changes may alter the validity 
of such conclusions. 
 
PKI Consulting 
Av. Borges de Medeiros, 2500/1402 
Praia de Belas - Porto Alegre - RS 90110.150 
Fone: (51) 3398 5740 
www.pkiconsulting.com 
 
 
Emphasis on Matters 
CAIXA ECONÔMICA FEDERAL (CAIXA-CA) has reported a control deficiency on 
management’s assertion. For this deficiency, we performed additional procedures and were 
able to obtainreasonable assurance that the risks associated were mitigated during the audit 
period. 
 
Observation Relevant Webtrust Criteria Mitigating Procedure 
The CA did not perform 
integrated control of 
cryptographic media 
inventory at all 
distribution points 
(RAs) 
5.3 If the CA (or RA) distributes 
subscriber key pairs and certificates 
using Integrated Circuit Cards 
(ICCs), the CA (or RA) maintains 
controls to provide reasonable 
assurance that: 
• ICC procurement, preparation 
and personalization are securely 
controlled by the CA (or RA or 
card bureau); 
• ICC Application Data File (ADF) 
preparation is securely controlled 
by the CA (or RA); 
• ICC usage is enabled by the CA 
(or RA or card bureau) prior to 
ICC issuance; 
• ICC deactivation and reactivation 
are securely controlled by the CA 
(or RA); 
• ICCs are securely stored and 
distributed by the CA (or RA or 
card bureau); 
• ICCs are securely replaced by 
the CA (or RA or card bureau); 
and 
• ICCs returned to the CA (or RA 
or card bureau) are securely 
terminated. 
 
During the audit, an 
inventory procedure 
was implemented that 
allows an unified view 
of where the media are 
situated, from 
acquisition to 
distribution, including 
in RAs. 
The CA did not 
consider systems 
development personnel 
as having a trusted 
role. 
 
3.3 The CA maintains controls to 
provide reasonable assurance that 
personnel and employment practices 
enhance and support the 
trustworthiness of the CA’s 
operations. 
 
 
During the audit, CA 
included the 
developers of CA 
systems in the Trust 
Role Holders list. The 
CA included all their 
names in the 
Responsibility Matrix 
and made the 
necessary procedures, 
such as background 
checks, signature of a 
confidentiality (non-
disclosure) agreement 
and other controls 
 
PKI Consulting 
Av. Borges de Medeiros, 2500/1402 
Praia de Belas - Porto Alegre - RS 90110.150 
Fone: (51) 3398 5740 
www.pkiconsulting.com 
 
No mechanisms were 
in place to prevent 
obvious and weak 
passwords and to set 
minimum password 
length and password 
expiration on CA 
access control servers 
at both the main site 
and the contingency 
site 
3.6.6 Users are required to follow 
defined policies and procedures in 
the selection and use of passwords. 
 
during the audit 
CAIXA-CA corrected 
the problem and 
provided evidence that 
the control was 
implemented on 
access control servers 
at both the main site 
and the contingency 
site. 
 
Opinion 
In our opinion, through the period January 1st 2018 to December 31th 2018, CAIXA-CA 
management’s assertion, as referred to above, is fairly stated, in all material respects, in 
accordance with WebTrust Services Principles and Criteria for Certification Authorities, 
Version 2.1 
This report does not include any representation as to the quality of CAIXA-CA's services 
beyond those covered by the WebTrust Services Principles and Criteria for Certification 
Authorities, Version 2.1 criteria nor the suitability of any of CAIXA-CA's services for any 
customer's intended purpose. 
 
Use of the WebTrust seal 
CAIXA-CA’s use of the WebTrust for Certification Authorities Seal constitutes a symbolic 
representation of the contents of this report and it is not intended, nor should it be construed, 
to update this report or provide any additional assurance. 
 
Porto Alegre, RS, Brazil, August, 29th 2019 
 
 
 
 
João Ivonir Moreira 
CRC/RS-025692/O-4 
PKI Contabilidade e Auditoria Ltda. 
CNPJ 18.885.468/0001-76 – CRC/RS-007849/O 
https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/principles-and-criteria-for-certification-authorities-v2-1.pdf?la=en&hash=7E2A90C62FA0BB6ED1580E8AA08405AF9346E85A
https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/principles-and-criteria-for-certification-authorities-v2-1.pdf?la=en&hash=7E2A90C62FA0BB6ED1580E8AA08405AF9346E85A
https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/principles-and-criteria-for-certification-authorities-v2-1.pdf?la=en&hash=7E2A90C62FA0BB6ED1580E8AA08405AF9346E85A
https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/principles-and-criteria-for-certification-authorities-v2-1.pdf?la=en&hash=7E2A90C62FA0BB6ED1580E8AA08405AF9346E85A
 
 
 
CAIXA ECONÕMICA FEDERAL (CAIXA-CA) Management’s Assertion 
 
CAIXA ECONÕMICA FEDERAL (CAIXA-CA) operates Certification Authority (CA) services 
for AC CAIXA and the subordinated CAs presented in the appendix A, and provides the 
following CA services: 
• Subscriber registration 
• Certificate renewal 
• Certificate issuance 
• Certificate distribution 
• Certificate revocation 
• Certificate status information processing (using CRL repository) 
The management of CAIXA-CA is responsible for establishing and maintaining effective 
controls over its CA operations, including its CA business practices disclosure, CA business 
practices management, CA environmental controls, CA key lifecycle management controls, 
subscriber key lifecycle management controls, certificate lifecycle management controls, and 
subordinate CA certificate lifecycle management controls. These controls contain monitoring 
mechanisms, and actions are taken to correct deficiencies identified. 
There are inherent limitations in any controls, including the possibility of human error, and 
the circumvention or overriding of controls. Accordingly, even effective controls can only 
provide reasonable assurance with respect to CAIXA-CA’s Certification Authority operations. 
Furthermore, because of changes in conditions, the effectiveness of controls may vary over 
time. 
CAIXA-CA management has assessed its disclosures of its certificate practices and controls 
over its CA services. During our assessment, we noted the following observation that caused 
the relevant criteria to not be met: 
 
Observation Relevant Webtrust Criteria 
The CA did not 
perform integrated 
control of 
cryptographic 
media inventory at 
all distribution 
points (RAs) 
5.3 If the CA (or RA) distributes subscriber key pairs and certificates 
using Integrated Circuit Cards (ICCs), the CA (or RA) maintains 
controls to provide reasonable assurance that: 
• ICC procurement, preparation and personalization are securely 
controlled by the CA (or RA or card bureau); 
• ICC Application Data File (ADF) preparation is securely controlled 
by the CA (or RA); 
• ICC usage is enabled by the CA (or RA or card bureau) prior to 
ICC issuance; 
• ICC deactivation and reactivation are securely controlled by the 
CA (or RA); 
• ICCs are securely stored and distributed by the CA (or RA or card 
bureau); 
• ICCs are securely replaced by the CA (or RA or card bureau); 
and 
• ICCs returned to the CA (or RA or card bureau) are securely 
terminated. 
The CA did not 
consider systems 
development 
personnel as 
having a trusted 
role. 
3.3 The CA maintains controls to provide reasonable assurance that 
personnel and employment practices enhance and support the 
trustworthiness of the CA’s operations. 
 
 
 
 
 
Based on the assessment, CAIXA-CA’s management opinion, except for the matters 
described in the preceding table, in providing its Certification Authority (CA) services in Brazil, 
through the period January 1st 2018 to December 31th 2018, CAIXA-CA has: 
• disclosed its Business, Key Life Cycle Management, Certificate Life Cycle Management, 
and CA Environmental Control practices in its: 
o Certification Practice Statement 
o Certificate Policy 
• maintained effective controls to provide reasonable assurance that: 
o CAIXA-CA’s Certification Practice Statement is consistent with its Certificate Policy 
o CAIXA-CA provides its services in accordance with its Certificate Policy and 
Certification Practice Statement 
• maintained effective controls to provide reasonable assurance that: 
o The integrity of keys and certificates it manages is established and protected 
throughouttheir life cycles; 
o The integrity of subscriber keys and certificates it manages is established and 
protected throughout their life cycles; 
o The Subscriber information is properly authenticated (for the registration activities 
performed by CAIXA-CA); and 
o Subordinate CA certificate requests are accurate, authenticated, and approved 
• maintained effective controls to provide reasonable assurance that: 
o Logical and physical access to CA systems and data was restricted to authorized 
individuals; 
o The continuity of key and certificate management operations was maintained; and 
o CA systems development, maintenance and operations were properly authorized 
and performed to maintain CA systems integrity. 
in accordance with the WebTrust Services Principles and Criteria for Certification Authorities, 
Version 2.1, including the following: 
CA Business Practices Disclosure 
• Certification Practice Statement 
• Certificate Policy Management 
CA Business Practices Management 
• Certificate Policy Management 
• Certification Practice Statement Management 
• CP and CPS Consistency 
CA Environmental Controls 
• Security Management 
• Asset Classification and Management 
• Personnel Security 
• Physical and Environmental Security 
• Operations Management 
• System Access Management 
• Systems Development and Maintenance 
• Business Continuity Management 
• Monitoring and Compliance 
• Audit Logging 
CA Key Lifecycle Management Controls 
• CA Key Generation 
• CA Key Storage, Backup, and Recovery 
• CA Public Key Distribution 
• CA Key Usage 
• CA Key Life Cycle Management Controls 
• CA Key Archival and Destruction 
• CA Key Compromise 
https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/principles-and-criteria-for-certification-authorities-v2-1.pdf?la=en&hash=7E2A90C62FA0BB6ED1580E8AA08405AF9346E85A
https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/principles-and-criteria-for-certification-authorities-v2-1.pdf?la=en&hash=7E2A90C62FA0BB6ED1580E8AA08405AF9346E85A
 
 
• CA Cryptographic Hardware Life Cycle Management 
• CA-Key Escrow 
Certificate Life Cycle Management Controls 
• Subscriber registration 
• Certificate renewal 
• Certificate issuance 
• Certificate distribution 
• Certificate revocation 
• Certificate status information processing (using CRL repository) 
 
Porto Alegre, RS, Brazil, August, 29th 2019 
 
 
____________________________________________ 
Renan Correia Martino 
Legal Representative 
CAIXA ECONÕMICA FEDERAL – Certificate Autority 
 
 
APPENDIX A 
CA # Cert 
# 
Subject Issuer Serial Key 
Algorithm 
Key 
Size 
Digest 
Algorith
m 
Not 
Before 
Not After SKI SHA256 
Fingerprint 
AC Caixa 1 CN = AC CAIXA v2 
OU = Autoridade 
Certificadora Raiz 
Brasileira v2 
O = ICP-Brasil 
C = BR 
 
CN = Autoridade 
Certificadora Raiz 
Brasileira v2 
OU = Instituto Nacional 
de Tecnologia da 
Informacao - ITI 
O = ICP-Brasil 
C = BR 
 
11 rsaEncrypt
ion 
 
4096 sha512Wit
hRSAEncr
yption 
December 
02, 2011 
12:16:53 
December 
02, 2021 
12:16:53 
0F 50 24 31 
E4 BA BC B1 
99 49 26 35 
ED 0E D0 75 
FE 9C 9F 55 
DD DB 68 36 53 
A8 1A 56 3E 3F 
F4 05 EC D2 EE 
6F 8E 1D 10 53 
E5 B1 E0 7B 89 
58 B0 7E 90 9C 
71 F9 
 
AC Caixa SPB 1 CN = AC CAIXA SPB 
OU = Caixa Economica 
Federal 
OU = CSPB-5 
O = ICP-Brasil 
C = BR 
 
CN = AC CAIXA v2 
OU = Autoridade 
Certificadora Raiz 
Brasileira v2 
O = ICP-Brasil 
C = BR 
 
313594
386650
957950 
rsaEncryptio
n 
4096 sha512Wit
hRSAEncr
yption 
January 19, 
2015 
19:57:33 
December 
02, 2021 
12:16:53 
23 2D E9 F3 
9B 6D D7 27 
19 78 C1 7C 
25 6B 42 52 
AD 25 1F D4 
 
CE 59 88 F4 9D 
36 7F 85 B2 40 
D7 27 37 C3 C8 
3A 80 CC 74 76 
95 44 5D DB 4F 
1E 3B A7 3A C2 
7E 71 
 
AC CAIXA PJ 1 CN = AC CAIXA PJ v2 
OU = Caixa Economica 
Federal 
O = ICP-Brasil 
C = BR 
 
CN = AC CAIXA v2 
OU = Autoridade 
Certificadora Raiz 
Brasileira v2 
O = ICP-Brasil 
C = BR 
 
329385
515060
728042
1 
rsaEncryptio
n 
4096 sha512Wit
hRSAEncr
yption 
December 
23, 2011 
13:55:36 
December 
21, 2019 
13:55:36 
4F 4D 0D 01 
9C 6A 69 DB 
70 09 A4 DE 
33 AE F6 7C 
92 9E 35 C2 
42 8D B2 B5 BA 
DD 1F 24 6B B6 
58 75 B1 1D C8 
E1 FE E7 EB 78 
E7 BC FB 47 F1 
AA EE C9 3A 68 
BB 70 
AC CAIXA PJ 2 CN = AC CAIXA PJ 1v2 
OU = Caixa Economica 
Federal 
O = ICP-Brasil 
C = BR 
CN = AC CAIXA v2 
OU = Autoridade 
Certificadora Raiz 
Brasileira v2 
O = ICP-Brasil 
C = BR 
 
586602
254205
472411
1 
rsaEncryptio
n 
 
4096 sha512Wit
hRSAEncr
yption 
January 25, 
2019 
12:30:48 
December 
02, 2021 
12:16:53 
A5 24 EE B0 
16 BF C0 88 
8C 22 5A C8 
11 A2 A0 B1 
3E 0A 29 17 
1A 2C F1 8A C0 
1D 24 56 80 BF 
7E 66 FF 3E C3 
E3 B1 FA 72 25 
7B A9 E9 D7 CE 
1B E1 3B E5 E4 
C2 23 
 
AC CAIXA PF 1 CN = AC CAIXA PF v2 
OU = Caixa Economica 
Federal 
O = ICP-Brasil 
CN = AC CAIXA v2 
OU = Autoridade 
Certificadora Raiz 
Brasileira v2 
294947
675887
743919
2 
rsaEncryptio
n 
 
4096 sha512Wit
hRSAEncr
yption 
December 
23, 2011 
13:52:58 
December 
21, 2019 
13:52:58 
9E 2A D6 41 
57 00 AF 5B 
ED 07 F8 D0 
5C 8E F3 6D 
E6 E5 0C 1A 
36 FB EA 32 05 
52 2A EC 99 3F 
9F 53 7B 7D 14 
26 9B E0 C2 8A 
CE F5 D2 0B 60 
 
CA # Cert 
# 
Subject Issuer Serial Key 
Algorithm 
Key 
Size 
Digest 
Algorith
m 
Not 
Before 
Not After SKI SHA256 
Fingerprint 
C = BR O = ICP-Brasil 
C = BR 
 
C6 CE 3E C1 C6 
79 BF 
AC CAIXA PF 2 CN = AC CAIXA PF 1v2 
OU = Caixa Economica 
Federal 
O = ICP-Brasil 
C = BR 
CN = AC CAIXA v2 
OU = Autoridade 
Certificadora Raiz 
Brasileira v2 
O = ICP-Brasil 
C = BR 
 
232564
455653
156020
6 
rsaEncryptio
n 
 
4096 sha512Wit
hRSAEncr
yption 
January 25, 
2019 
12:28:23 
December 
02, 2021 
12:16:53 
51 78 58 D2 
1D 70 E4 13 
FE 34 8E 60 
47 D6 58 7E 
92 69 E3 0F 
53 D7 BD E7 64 
1E B8 D9 AF 09 
4E 88 87 16 C3 
FF C9 89 C6 89 
90 FC C2 26 F2 
CC D0 65 BD 33 
99 FC 
 
AC CAIXA 
JUS 
1 CN = AC CAIXA-JUS v2 
OU = Autoridade 
Certificadora da Justica - 
AC-JUS 
O = ICP-Brasil 
C = BR 
CN = Autoridade 
Certificadora da 
Justica v4 
OU = Autoridade 
Certificadora Raiz 
Brasileira v2 
O = ICP-Brasil 
C = BR 
3 rsaEncryptio
n 
 
4096 sha512Wit
hRSAEncr
yption 
December 
28, 2011 
13:03:21 
December 
28, 2019 
13:03:21 
D4 B1 C3 29 
49 97 AD 4E 
66 36 DB E9 
4E 00 4A 6A 
D8 C3 DA C4 
65 35 BF 55 C3 
F5 E5 34 1A 7E 
D5 87 4B 40 E5 
23 B4 78 56 F5 23 
AF 7C 60 A3 87 
E4 99 61 5A 40 
B4 
 
AC CAIXA PJ 
SSL 
1 CN = AC CAIXA PJ SSL 
v2 
OU = Caixa Economica 
Federal 
O = ICP-Brasil 
C = BR 
 
CN = AC CAIXA v2 
OU = Autoridade 
Certificadora Raiz 
Brasileira v2 
O = ICP-Brasil 
C = BR 
 
276103
480557
687450
9 
rsaEncryptio
n 
4096 sha512Wit
hRSAEncr
yption 
March 17, 
2017 
19:39:15 
March 16, 
2020 
19:39:15 
F3 D5 F2 51 
C2 EC 69 3D 
DA 05 EB 56 
B1 F3 71 82 
AC 2B 82 E4 
AF 95 3E 1A CD 
B9 55 AD AD DC 
8E EF BA 68 AC 
C5 C3 9F 3D 4D 
4D 88 36 A4 F4 
2A B3 E7 A0 0B 
AA AD 
 
		2019-08-29T10:39:04-0300
	JOAO IVONIR MOREIRA:18835759072
		2019-09-02T19:18:23-0300
	RENAN CORREIA MARTINO:99602741104