*.swissinstitute.net

- Martin Maugeais -

Issued by StartCom Class 2 Primary Intermediate Server CA

About this certificate

This digital certificate with serial number 07:ac:e2:35:87:6b:db was issued on by StartCom Ltd..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificate with an RSA key contains invalid key usage(s): KeyUsageKeyAgreement Key usage values digitalSignature, nonRepudiation, keyEncipherment, and dataEncipherment may only be present in an end entity certificate with an RSA key (RFC 3279: 2.3.1)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Compliant certificates SHOULD NOT use the noticeRef option (RFC 5280: 4.2.1.4)
  • Compliant certificates should use the utf8string encoding for explicitText (RFC 6818: 3)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

Martin Maugeais

Organization: Martin Maugeais
State / Province: New York
Locality: Brooklyn
Country: US

StartCom Ltd.

Organization: StartCom Ltd.
Organization unit: Secure Digital Certificate Signing
Country: IL

This certificate has expire since

Certificate Details

Serial Number (hex): 07:ac:e2:35:87:6b:db
Serial Number (int): 2160412397628379
Serial Number lenght: 51 bits, 7 octets

SubjectKeyId: 49:3a:f9:5d:be:6f:9d:ad:f1:66:1b:5b:6d:b3:8f:c4:97:1a:dc:c9
AuthorityKeyId: 11:db:23:45:fd:54:cc:6a:71:6f:84:8a:03:d7:be:f7:01:2f:26:86

Fingerprint (sha1): e6:b4:53:e6:d3:b9:8b:f6:f5:a8:87:55:28:34:4b:4f:1a:0c:08:09
Fingerprint (sha256): 00:18:2c:dd:5f:7a:6b:a5:8d:19:56:dd:87:30:f3:ee:e5:0d:81:38:e4:8a:b8:c8:f3:97:69:4c:bf:80:6b:b0

Issuing Certificate URL: http://aia.startssl.com/certs/sub.class2.server.ca.crt

Revocation information

OCSP Server: http://ocsp.startssl.com/sub/class2/server/ca
CRL Distribution Point: http://crl.startssl.com/crt2-crl.crl

Check the revocation status for certificate *.swissinstitute.net

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.swissinstitute.net

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment
Key Agreement

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.swissinstitute.net
swissinstitute.net

Other certificates including the domain name swissinstitute.net

(limited to 100 certificates)
*.swissinstitute.net
swissinstitute.net
sni181092.cloudflaressl.com
www.swissinstitute.net
sni181092.cloudflaressl.com
swissinstitute.net
swissinstitute.net
sni181092.cloudflaressl.com
swissinstitute.net
swissinstitute.net
swissinstitute.net
sni181092.cloudflaressl.com
*.swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net
sni181092.cloudflaressl.com
swissinstitute.net
sni181092.cloudflaressl.com
swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net
sni181092.cloudflaressl.com
swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net
swissinstitute.net

Certificate

The complete raw certificate details for *.swissinstitute.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHoTCCBomgAwIBAgIHB6ziNYdr2zANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UE
BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBE
aWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENs
YXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4XDTE1MDcxNjA2
MTQwN1oXDTE3MDcxNTIyNTUxNlowgZkxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhO
ZXcgWW9yazERMA8GA1UEBxMIQnJvb2tseW4xGDAWBgNVBAoTD01hcnRpbiBNYXVn
ZWFpczEdMBsGA1UEAxQUKi5zd2lzc2luc3RpdHV0ZS5uZXQxKzApBgkqhkiG9w0B
CQEWHHdlYm1hc3RlckBzd2lzc2luc3RpdHV0ZS5uZXQwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQDRaHLmFyBuH2/hwNlDbCRAjQchwWYJ/Nu2wuX3LGfk
jb+6SCYgoou8dZZSKr6Y54uCwmLtFkHocqW9P2b5swQb8iHUVSlzElmqzSi0gg5w
piV1uJiQXET8znuWpFbiNL4ImZOwm/AkzPmgLH0C8AHeg3COomIe8RbRDSXMeF1J
kI2R/YqGjF6sj5VuoI33p5J+j2qhHMJRK0kXtutftxsWs7PKsYWBXTnKZZP7v7e6
9GR/IRL36VNY02j38m7tvTp4yTn3sQJSLcbcGa2y8zYslCl2ZGHghWLTy9X2ZD2c
sqV8rC+4emttM0g9zGgQF3zBGZ1n4kjn+LZzsx9NqJTHIdHQ9HgvAGT4OV3fOUz1
TAT14V4OzTx1wlA16JFqy07dTeFdoH/tdniVbrJaeuZyInWg4ijIc8lImp+JwR8X
dvtOjgHqr7xyUJLOFSm++qD2hB+60lCRiJrTZFBd8qgB/EHtthyzJV23lbqzHtZ7
Uc2qws2zrYswaWEOGqXqNPZFIHtpWM4A7fPxN4jnDuXSya85cHnDjYFBZtpZJHdr
4G1rXHHgbJkUo9rqdw0LsjoAF6JPbBpjKqa10/NU5lx6rOGgWmq8ljlcf/ezFp1p
iToXf+wNnhOhsmNu+TbWpTsSgM9Hic42UZO1vpiBHM4CbdkPP3qeSSbiRfD2t6jM
KwIDAQABo4IC9zCCAvMwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0lBBYw
FAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBRJOvldvm+drfFmG1tts4/E
lxrcyTAfBgNVHSMEGDAWgBQR2yNF/VTManFvhIoD1773AS8mhjAzBgNVHREELDAq
ghQqLnN3aXNzaW5zdGl0dXRlLm5ldIISc3dpc3NpbnN0aXR1dGUubmV0MIIBVgYD
VR0gBIIBTTCCAUkwCAYGZ4EMAQICMIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsG
AQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3Bggr
BgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAD
AgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29yZGluZyB0byB0
aGUgQ2xhc3MgMiBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRD
b20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVy
cG9zZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRp
b25zLjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9j
cnQyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0dHA6
Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL3NlcnZlci9jYTBCBggrBgEF
BQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5z
ZXJ2ZXIuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t
LzANBgkqhkiG9w0BAQsFAAOCAQEAXv8se5XvoxytZdIQlIui9K7Z5bvO5tfeqi/c
TsTHlqFIP+1vBUvhkZE8yBMhpF2Cmtq5kDjsZiUeaMcZznAP43zU7ruGHrX14tQQ
nhtSdphVD/jovejrN6hIc0ENKV7lnHTUjJJh3auP65c5D09gtSAQSFCpNBkL5RuA
m6gz8cXaNckLi3TKy5Zb0lYZWAT2eFiMg+xbkAl1bX1WsqmibKvqetdrMh3EkaVR
nKxW2XMtouIpDT/IXtCSd/IOIoLBzkNWZZXK1zedLBFB4e84On3hU1aJpP+3UeVm
sCe/Em3mQRwKxf2bbr6gPq4Cd63DMfIKkdS4dgZAp3DiGwRuIA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0Why5hcgbh9v4cDZQ2wk
QI0HIcFmCfzbtsLl9yxn5I2/ukgmIKKLvHWWUiq+mOeLgsJi7RZB6HKlvT9m+bME
G/Ih1FUpcxJZqs0otIIOcKYldbiYkFxE/M57lqRW4jS+CJmTsJvwJMz5oCx9AvAB
3oNwjqJiHvEW0Q0lzHhdSZCNkf2KhoxerI+VbqCN96eSfo9qoRzCUStJF7brX7cb
FrOzyrGFgV05ymWT+7+3uvRkfyES9+lTWNNo9/Ju7b06eMk597ECUi3G3BmtsvM2
LJQpdmRh4IVi08vV9mQ9nLKlfKwvuHprbTNIPcxoEBd8wRmdZ+JI5/i2c7MfTaiU
xyHR0PR4LwBk+Dld3zlM9UwE9eFeDs08dcJQNeiRastO3U3hXaB/7XZ4lW6yWnrm
ciJ1oOIoyHPJSJqficEfF3b7To4B6q+8clCSzhUpvvqg9oQfutJQkYia02RQXfKo
AfxB7bYcsyVdt5W6sx7We1HNqsLNs62LMGlhDhql6jT2RSB7aVjOAO3z8TeI5w7l
0smvOXB5w42BQWbaWSR3a+Bta1xx4GyZFKPa6ncNC7I6ABeiT2waYyqmtdPzVOZc
eqzhoFpqvJY5XH/3sxadaYk6F3/sDZ4TobJjbvk21qU7EoDPR4nONlGTtb6YgRzO
Am3ZDz96nkkm4kXw9reozCsCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2160412397628379
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Ltd.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Secure Digital Certificate Signing'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Class 2 Primary Intermediate Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-07-16 06:14:07 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-07-15 22:55:16 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Brooklyn'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Martin Maugeais'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String '*.swissinstitute.net'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.9.1 (emailAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String '[email protected]'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 854310118117750503403149851936269760796765333537706450433799335917657267316666201964137242543075791306018640050116761240066013396884422911988441194766726018488284191214436696143271270123253467422559898243898141701757519847611988133054297023307812469772242457245978452943184398331622637883740951536084307210190160151719725367115306342409292742743831088843020935451307478488404762718152954042012438325971824057595572863888640742194758184234134338583262787345242276719063110201870267134540816044112650922933662613192667689264697454685176773253052865862161790187966906122490510340479078283928457201198876783716166001230764409083931244879188421371914016046670567233593630787665163342107479146820450814100978241040521635122946961416641238225056319519229695247291824665538664864557013168433796022466895323261380746212106384041211241694337337185482471263634457650004622414715133795239492909307061601668476832438994469600484775289004833257841648578299356651108208342327080751702644525036352734474409135363214107590637344754162306963584512812029482071369658731533367309706011780415396023660418585145106692448226499282996318079508517534556139977854389667731078108250190964713099647147268259543340563693986901496635918124005524954726974857202731
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (5 bits)
							03a8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							493af95dbe6f9dadf1661b5b6db38fc4971adcc9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 11db2345fd54cc6a716f848a03d7bef7012f2686
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.swissinstitute.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'swissinstitute.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (333 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.23223.1.2.3
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.startssl.com/policy.pdf'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'StartCom Certification Authority'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:26|false] VisibleString, ISO646String [84 104 105 115 32 99 101 114 116 105 102 105 99 97 116 101 32 119 97 115 32 105 115 115 117 101 100 32 97 99 99 111 114 100 105 110 103 32 116 111 32 116 104 101 32 67 108 97 115 115 32 50 32 86 97 108 105 100 97 116 105 111 110 32 114 101 113 117 105 114 101 109 101 110 116 115 32 111 102 32 116 104 101 32 83 116 97 114 116 67 111 109 32 67 65 32 112 111 108 105 99 121 44 32 114 101 108 105 97 110 99 101 32 111 110 108 121 32 102 111 114 32 116 104 101 32 105 110 116 101 110 100 101 100 32 112 117 114 112 111 115 101 32 105 110 32 99 111 109 112 108 105 97 110 99 101 32 111 102 32 116 104 101 32 114 101 108 121 105 110 103 32 112 97 114 116 121 32 111 98 108 105 103 97 116 105 111 110 115 46]
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (46 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.startssl.com/crt2-crl.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (129 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.startssl.com/sub/class2/server/ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.startssl.com/certs/sub.class2.server.ca.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.18 (issuerAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.startssl.com/'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		005eff2c7b95efa31cad65d210948ba2f4aed9e5bbcee6d7deaa2fdc4ec4c796a1483fed6f054be191913cc81321a45d829adab99038ec66251e68c719ce700fe37cd4eebb861eb5f5e2d4109e1b527698550ff8e8bde8eb37a84873410d295ee59c74d48c9261ddab8feb97390f4f60b520104850a934190be51b809ba833f1c5da35c90b8b74cacb965bd256195804f678588c83ec5b9009756d7d56b2a9a26cabea7ad76b321dc491a5519cac56d9732da2e2290d3fc85ed09277f20e2282c1ce43566595cad7379d2c1141e1ef383a7de1535689a4ffb751e566b027bf126de6411c0ac5fd9b6ebea03eae0277adc331f20a91d4b8760640a770e21b046e20