checkout.klarna.com

- Klarna Bank AB -

Issued by DigiCert TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 0b:c6:d8:2c:da:1d:3b:a2:53:82:70:a1:27:cf:d1:f5 was issued on by DigiCert Inc.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Klarna Bank AB

Organization: Klarna Bank AB
Locality: Stockholm
Country: SE

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0b:c6:d8:2c:da:1d:3b:a2:53:82:70:a1:27:cf:d1:f5
Serial Number (int): 15653967285640582464667917026145063413
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 36:d0:51:38:eb:35:bf:29:c1:55:d1:81:fe:44:b5:7b:8d:8f:2f:18
AuthorityKeyId: b7:6b:a2:ea:a8:aa:84:8c:79:ea:b4:da:0f:98:b2:c5:95:76:b9:f4

Fingerprint (sha1): 87:25:a3:3b:bb:cf:e8:2f:7a:2c:5f:c1:09:d2:eb:8c:37:22:ff:87
Fingerprint (sha256): 00:0e:29:04:14:1e:f6:20:05:fd:23:9a:3c:77:f9:ac:57:e3:98:db:fe:e2:f5:0b:d7:3c:93:b7:3e:26:f4:42

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1.crl

Check the revocation status for certificate checkout.klarna.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for checkout.klarna.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA512 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

checkout.klarna.com

Other certificates including the domain name klarna.com

(limited to 100 certificates)
checkout.klarna.com
guidelines.klarna.com
online.playground.eu1.kred.klarna.net
adltrust.kinnser.com
*.production.us1.core-banking.klarna.net
adltrust.kinnser.com
twentythree4.map.fastly.net
www.klarna.com
brand.klarna.com
klarna-payments-oc.klarna.com
*.playground.ap1.meta.klarna.net
api.klarna.com
connected-card-transaction-listener-us.klarna.com
*.production.eu1.on-demand.klarna.net
*.nonprod.us1.klapp.klarna.net
*.production.c2c.klarna.net
adltrust.kinnser.com
vs-alldoors-frontend-env2.nonprod.eu1.vs-qa.klarna.net
integration-static-legal.production.us1.cdn.klarna.net
*.msat.production.klarna.com
shop.klarna.com
orders.playground.portal.klarna.com
*.production.us1.scheme.klarna.net
savings.klarna.com
skv-api.playground.klarna.com
adltrust.kinnser.com
seniorshopping.klarna.com
acmatic-dns-validation.sandbox.eu1.core-platform.klarna.net
checkout-eu.klarna.com
il-na.klarna.com
restapi.klarna.com
statuspage.io
statuspage.io
*.msat.production.klarna.com
statuspage.io
*.playground.eu1.pgw.klarna.net
*.playground.us1.custom-solutions.klarna.net
adltrust.kinnser.com
*.playground.eu1.file-transfer.klarna.net
cards-oc.klarna.com
api-oc.klarna.com
*.playground.eu1.kred.klarna.net
credit-eu.klarna.com
twentythree4.map.fastly.net
merchantdesignlab.klarna.com
adltrust.kinnser.com
klarna-payments-eu.klarna.com
download.virtual-shopping.klarna.com
csg.status.forcepoint.com
outages.discovery.wisc.edu
dc-api-eu.playground.klarna.com
outages.discovery.wisc.edu
outages.discovery.wisc.edu
csg.status.forcepoint.com
ablink.staging-e.klarna.com
partnerportal.klarna.com
signicat.klarna.com
login.klarna.com
download.virtual-shopping.klarna.com
login.playground.klarna.com
www.klarna.com
cards-eu.klarna.com
*.production.c2c.klarna.net
*.production.c2c.klarna.net
www.klarna.com
system.production.us1.direct-debit.klarna.net
eu.portal.klarna.com
cards-eu.klarna.com
www.klarna.com
cards.playground.klarna.com
*.production.ap1.cobrowse.klarna.net
*.playground.c2c.klarna.net
topup.klarna.com
cms.nonprod.us1.klarna-web.klarna.net
api.staging.us.portal.klarna.com
tripsfe.production.us1.trips-platform-fe.klarna.net
www.gsuite.klarna.com
*.production.eu1.pgw.klarna.net
payment.sofort.klarna.com
*.production.eu1.meta.klarna.net
go.klarna.com
api-na-2.playground.klarna.com
l.klarna.com
salesloft-us.klarna.com
adltrust.kinnser.com
app-api.playground.klarna.com
salesloft-us.klarna.com
credit-na.klarna.com

facetoface.playground.klarna.com
*.nonprod.us1.klapp.klarna.net
klarna.com
*.production.us1.js.klarna.net
*.production.ap1.cobrowse.klarna.net
api.ident.playground.klarna.com
articles.klarna.com
*.playground.eu1.buybutton.klarna.net
settlements.playground.portal.klarna.com
insights.klarna.com
hytalestatus.io

Certificate

The complete raw certificate details for checkout.klarna.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGKDCCBRCgAwIBAgIQC8bYLNodO6JTgnChJ8/R9TANBgkqhkiG9w0BAQ0FADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMTAxMjEwMDAwMDBa
Fw0yMjAxMjUyMzU5NTlaMFgxCzAJBgNVBAYTAlNFMRIwEAYDVQQHEwlTdG9ja2hv
bG0xFzAVBgNVBAoTDktsYXJuYSBCYW5rIEFCMRwwGgYDVQQDExNjaGVja291dC5r
bGFybmEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4W/G+QT
1aEyxL8gc5/KQsRbRxNq6zEq9zxJ5otjyUaEs+3YUDBPwtpYDSPlX8dw5lxYjtgN
+iFpfn5SHVuslIAsiIgTmGhgBz9zqVqMsK/vGaG1WBhx4Q7S/n233jQLiHazp59D
AAwy90CzfxnVOznxdse39d3rf6Ah+6WcNI6lRBeEj89m7Episz/FngVoqNjm5ALX
HaLr5A5TqPxmt1VQEVnQVEwl5riVVaLjqhka3fAhpOTVA6jOjtkzuUU4EwmlpxMm
arMxE75VfOiCdRcHbUbW3bhH1L0xgZJsks5K45vpdi61Qdg5SEsbTFdp6awX+1NF
pGCwwvMZL/6jDwIDAQABo4IC9TCCAvEwHwYDVR0jBBgwFoAUt2ui6qiqhIx56rTa
D5iyxZV2ufQwHQYDVR0OBBYEFDbQUTjrNb8pwVXRgf5EtXuNjy8YMB4GA1UdEQQX
MBWCE2NoZWNrb3V0LmtsYXJuYS5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBiwYDVR0fBIGDMIGAMD6gPKA6hjhodHRw
Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0Ex
LmNybDA+oDygOoY4aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExT
UlNBU0hBMjU2MjAyMENBMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggr
BgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMH0GCCsGAQUFBwEB
BHEwbzAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEcGCCsG
AQUFBzAChjtodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNS
U0FTSEEyNTYyMDIwQ0ExLmNydDAMBgNVHRMBAf8EAjAAMIIBAwYKKwYBBAHWeQIE
AgSB9ASB8QDvAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF3
JBiwiAAABAMARjBEAiAxMSxsu6Uzv71aUNjRRkhF2gjvBP8IyLogLy/1bCK1VgIg
MjkwZ6+sl869v+qH2B+s5186GfwmkEXpLz8rbaOlYyUAdgAiRUUHWVUkVpY/oS/x
922G4CMmY63AS39dxoNcbuIPAgAAAXckGLDHAAAEAwBHMEUCIQCwg//633NmmSpW
wkhLCSRgLPeO3WRnKRMt23wWRyCoWgIgF0cnqJvpRyWtROCCfgN3aMAGrhTp6cbx
t7BvGZq8vv0wDQYJKoZIhvcNAQENBQADggEBADZV8CixEZTzkf/F41OeFs7dC6im
jIX22SMcDvLkVr4Trbl36OjDa2GsMn+3+3jlxm1Q2u5AukfnrQMjolb3v5s5GW87
fuzeoP+K73Vw81VtrUZH48JngL9Md7qfS0Ahvd3BR48qXprvpGpK0wMhOS50/gJW
g9VkrYQBYQDwqGtIZKMuMDyLXvM93bl4sp/Xdc0LCcdnBPtkV4dDAxej1euqby8N
7l3Wqp4XN+hoIW7Vz58Va20Nn+VmhqfBRUFh2aDV1CX4G1zLduF4zmBOA1Lb3Rzw
hW3CBoFMwBrjtJDUlee0/cL2cgfOPDuKkTtGaKZKxhaVubPon/HzGDi0LTg=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4W/G+QT1aEyxL8gc5/K
QsRbRxNq6zEq9zxJ5otjyUaEs+3YUDBPwtpYDSPlX8dw5lxYjtgN+iFpfn5SHVus
lIAsiIgTmGhgBz9zqVqMsK/vGaG1WBhx4Q7S/n233jQLiHazp59DAAwy90CzfxnV
Oznxdse39d3rf6Ah+6WcNI6lRBeEj89m7Episz/FngVoqNjm5ALXHaLr5A5TqPxm
t1VQEVnQVEwl5riVVaLjqhka3fAhpOTVA6jOjtkzuUU4EwmlpxMmarMxE75VfOiC
dRcHbUbW3bhH1L0xgZJsks5K45vpdi61Qdg5SEsbTFdp6awX+1NFpGCwwvMZL/6j
DwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15653967285640582464667917026145063413
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.13 (sha512WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-01-21 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-01-25 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Stockholm'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Klarna Bank AB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'checkout.klarna.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25187375555025174904047454758126435978826903583520029924597777597952082358501290681251997769898538290055675503238232933650969883639577622169930881617288317849207991996894730140436615758554726190763568274539887448285765567469422987551977566517521327159816756716576735731949749228720016637911407407018323707347886356636834938304123376591331508155709539933684461779118988445188162839409322598313114712360961548120727412644429652442614783495043382387990305937289202646946427718383673277700861135118643309475183450601047099365910765696774183156062105159843190732508403720449344136258385704059876104751756357714660890157839
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							36d05138eb35bf29c155d181fe44b57b8d8f2f18
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (23 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'checkout.klarna.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (131 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (113 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef0075002979bef09e393921f056739f63a577e5be577d9c600af8f94d5d265c255dc784000001772418b0880000040300463044022031312c6cbba533bfbd5a50d8d1464845da08ef04ff08c8ba202f2ff56c22b556022032393067afac97cebdbfea87d81face75f3a19fc269045e92f3f2b6da3a563250076002245450759552456963fa12ff1f76d86e0232663adc04b7f5dc6835c6ee20f02000001772418b0c70000040300473045022100b083fffadf7366992a56c2484b0924602cf78edd646729132ddb7c164720a85a0220174727a89be94725ad44e0827e037768c006ae14e9e9c6f1b7b06f199abcbefd
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.13 (sha512WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003655f028b11194f391ffc5e3539e16cedd0ba8a68c85f6d9231c0ef2e456be13adb977e8e8c36b61ac327fb7fb78e5c66d50daee40ba47e7ad0323a256f7bf9b39196f3b7eecdea0ff8aef7570f3556dad4647e3c26780bf4c77ba9f4b4021bdddc1478f2a5e9aefa46a4ad30321392e74fe025683d564ad84016100f0a86b4864a32e303c8b5ef33dddb978b29fd775cd0b09c76704fb645787430317a3d5ebaa6f2f0dee5dd6aa9e1737e868216ed5cf9f156b6d0d9fe56686a7c1454161d9a0d5d425f81b5ccb76e178ce604e0352dbdd1cf0856dc206814cc01ae3b490d495e7b4fdc2f67207ce3c3b8a913b4668a64ac61695b9b3e89ff1f31838b42d38