Currently used MAC protection algorithm (OID 1.2.840.113549.2.9) in CMPv2 IR message may cause rejection of CMPv2 IR message in case CMPv2 server checks protection bits.
So it should be changed to SHA-1 as described in RFC4210.
Additionally number of iteration for such algorithm should be decreased from random between 1000-6000 to 1000-2000.