Your ASN.1 certid object doesn't look valid to me:
The example from draft-ietf-acme-ari-01 uses this payload:
MFswCwYJYIZIAWUDBAIBBCCeWLRusNLb++vmWOkxm34qDjTMWkc3utIhOMoMwKDqbgQg2iiKWySZrD+6c88HMZ6vhIHZPamChLlzGHeZ7pTS8jYCCD6jRWhlRB8c
which decodes to:
0 91: SEQUENCE {
2 11: SEQUENCE {
4 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
: }
15 32: OCTET STRING
: 9E 58 B4 6E B0 D2 DB FB EB E6 58 E9 31 9B 7E 2A
: 0E 34 CC 5A 47 37 BA D2 21 38 CA 0C C0 A0 EA 6E
49 32: OCTET STRING
: DA 28 8A 5B 24 99 AC 3F BA 73 CF 07 31 9E AF 84
: 81 D9 3D A9 82 84 B9 73 18 77 99 EE 94 D2 F2 36
83 8: INTEGER 3E A3 45 68 65 44 1F 1C
: }
Your payload
MGgwDQYJYIZIAWUDBAIBBQAEIOpkIqHI/Ls/OhlCdhE04lJbuQeWAJOnNXYBVVd5McY8BCDSVL7W2ZsvDB2XvGCxFyqANyOEGpzMnWghk6IzVt0J4QITAPq2fJCRPuOPeIQPmgxgZpHUYw==
decodes to:
0 104: SEQUENCE {
2 13: SEQUENCE {
4 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
15 0: NULL
: }
17 32: OCTET STRING
: EA 64 22 A1 C8 FC BB 3F 3A 19 42 76 11 34 E2 52
: 5B B9 07 96 00 93 A7 35 76 01 55 57 79 31 C6 3C
51 32: OCTET STRING
: D2 54 BE D6 D9 9B 2F 0C 1D 97 BC 60 B1 17 2A 80
: 37 23 84 1A 9C CC 9D 68 21 93 A2 33 56 DD 09 E1
85 19: INTEGER 00 FA B6 7C 90 91 3E E3 8F 78 84 0F 9A 0C 60 66 91 D4 63
: }
Which looks like there's an extra null byte there.