+ ((www @) :tlsa (:https (:service-certificate-constraint
+ :certificate :sha-256
+ #p"certs/http-server-www#1.cert")))
+ (git :tlsa (:https (:trust-anchor-assertion
+ :certificate :sha-256
+ #p"certs/distorted-ca.cert")))
+ (www-cache :tlsa (3127 (:trust-anchor-assertion
+ :certificate :sha-256
+ #p"certs/distorted-ca.cert")))
+ (mail :tlsa ((:smtp :submission :imap) (:trust-anchor-assertion
+ :certificate :sha-256
+ #p"certs/distorted-ca.cert")))