prod-cryptoservicev2-biz-live.pmt.aksp.azure.kp.org
- Kaiser Foundation Health Plan, Inc. -
Issued by Sectigo RSA Organization Validation Secure Server CA
About this certificate
This digital certificate with serial number d4:a8:2f:3d:3e:62:e2:9a:48:be:ea:9f:ea:3b:10:d3 was issued on by Sectigo Limited.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Kaiser Foundation Health Plan, Inc.
Organization:
Kaiser Foundation Health Plan, Inc.
State / Province:
California
Country: US
Country: US
Sectigo Limited
Organization:
Sectigo Limited
State / Province:
Greater Manchester
Locality: Salford
Country: GB
Locality: Salford
Country: GB
This certificate will expire on
Certificate Details
Serial Number (hex): d4:a8:2f:3d:3e:62:e2:9a:48:be:ea:9f:ea:3b:10:d3Serial Number (int): 282669599104112916535945967689736589523
Serial Number lenght: 128 bits, 16 octets
SubjectKeyId: 5c:5e:b9:19:3f:6f:df:35:ec:58:db:6d:e3:0c:45:21:bb:26:70:f9
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb
Fingerprint (sha1): 1c:fc:bc:53:67:5e:c7:33:01:2a:bc:6a:af:9d:1f:14:e8:5d:63:4a
Fingerprint (sha256): 00:1d:7c:5b:69:48:35:51:07:bb:e2:a9:7a:62:49:3b:8e:95:5c:c8:68:08:cb:3e:b6:1e:83:5c:b0:eb:2f:5e
Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt
Revocation information
OCSP Server: http://ocsp.sectigo.comCRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl
Check the revocation status for certificate prod-cryptoservicev2-biz-live.pmt.aksp.azure.kp.org
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for prod-cryptoservicev2-biz-live.pmt.aksp.azure.kp.org
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
prod-cryptoservicev2-biz-live.pmt.aksp.azure.kp.org
dr-cryptoservicev2-biz-test.pmt.aksp.azure.kp.org
dr-cryptoservicev2-biz-test.pmt.aksp.azure.kp.org
Other certificates including the domain name kp.org
(limited to 100 certificates)
idm-uat.kp.org
nplms.kp.org
national-implantregistries.kaiserpermanente.org
cl.kp.org
paultestcertone.venafi-qa.kp.org
kplocator.kp.org
cnndcsqlp040.nndc.kp.org
ive-crdc.kp.org
opscpos01102.appl.kp.org
prod-cryptoservicev2-biz-live.pmt.aksp.azure.kp.org
physiciancareers-ncal.kp.org
kpfaxwebdev.appl.kp.org
epiclink-oh.kp.org
cnndcappgrp080.ccst.kp.org
opncpos02447.appl.kp.org
kpwapdcdrvpn.appl.kp.org
opscpos01152.appl.kp.org
cnndcsmrp216.nndc.kp.org
finesse-amcimc2.appl.kp.org
digiphobcs.appl.kp.org
lzpoc.kp.org
opncpos02447.appl.kp.org
tpmghr.kp.org
digitalproductroadmaptool.kp.org
cnqmsiarc.appl.kp.org
cscdcimppm01.crdc.kp.org
onelinkinfo.kp.org
fs010.kaiserpermanente.org
test1.uat.kp.org
venafipatchninecsorp.venafi-qa.kp.org
essearch.tro-splunk.kp.org
radiator-dev.appl.kp.org
nps-dev.appl.kp.org
dev-personalcondtest-biz-live.cd.aksnp.azure.kp.org
residency.kp.org
ivvpexip.appl.kp.org
csbdc-vmax0247-emgmt1.bcdc.kp.org
myit-ws-xm.kp.org
kpgadatamart.ga.kp.org
finesse-amcimc1.appl.kp.org
tpmghcm-rpt.appl.kp.org
copdf-temp.ssdc.kp.org
afl-wa.appl.kp.org
czapwb8.crdc.kp.org
opscpos01147.appl.kp.org
onelinktax.appl.kp.org
csc2cwn00000309.cloud.kp.org
staffprovider-qa-appl.wa.kp.org
kphccaboodlesdscprodsdmdr.appl.kp.org
czapwb7.crdc.kp.org
ncalethics.kp.org
opcopos03023.appl.kp.org
myit-xm-uat.kp.org
ncalethics.kp.org
webforms-qa.appl.kp.org
nw-inventrix-prod.appl.kp.org
kpschedule.kp.org
appsdev.kp.org
hits-dev.appl.kp.org
test1csr.md.uat.kp.org
coats-uat.kp.org
api-services-pp.kp.org
scpmghcmrpt.kp.org
singledomain5.demo.kp.org
vcoltme21.ntwk.kp.org
downey-physicianpeersurvey.appl.kp.org
apps.kp.org
ndc1ctxnsa.nndc.kp.org
*.clm1-ezp.kp.org
*.sts.ext-svc-bmxp.appl.kp.org
dev-tasktracker-bff-live.memb.aksnp.azure.kp.org
*.kpvv.int-svc.bmxnp.appl.kp.org
mobileiron50.kp.org
mobileiron13.kp.org
wdcvnx5400-mgm3.wpoc.kp.org
econsult-dev.kp.org
opnwpos04079.appl.kp.org
ccsp.appl.kp.org
aaccesp.kp.org
prod-npl.eglb.kp.org
izadap8.ivdc.kp.org
securemail.kp.org
opncpos02125.appl.kp.org
aperturepatchsixninegfgnj.venafi-qa.kp.org
velocity-preprod-intranet.crdc.kp.org
bookingservice-p1.kpaths.appl.kp.org
cnlenam3900303.len.ca.kp.org
riverside-isite.appl.kp.org
pdasweb-uat-tmp.appl.kp.org
prod-kpdfeaturestoreui-biz-live.daml.aksp.azure.kp.org
kpa-prod.kaiserpermanente.org
violenceprevention.kp.org
csc2cwn00000330.cloud.kp.org
hp-mbr-admn-crdc.kp.org
scpmghcmint.kp.org
onelinkppt-uat.appl.kp.org
downey-isitepics.appl.kp.org
opscpos01069.appl.kp.org
csidcwvzp537.ccst.kp.org
aperturepatchsixninegjgfj.venafi-qa.kp.org
nplms.kp.org
national-implantregistries.kaiserpermanente.org
cl.kp.org
paultestcertone.venafi-qa.kp.org
kplocator.kp.org
cnndcsqlp040.nndc.kp.org
ive-crdc.kp.org
opscpos01102.appl.kp.org
prod-cryptoservicev2-biz-live.pmt.aksp.azure.kp.org
physiciancareers-ncal.kp.org
kpfaxwebdev.appl.kp.org
epiclink-oh.kp.org
cnndcappgrp080.ccst.kp.org
opncpos02447.appl.kp.org
kpwapdcdrvpn.appl.kp.org
opscpos01152.appl.kp.org
cnndcsmrp216.nndc.kp.org
finesse-amcimc2.appl.kp.org
digiphobcs.appl.kp.org
lzpoc.kp.org
opncpos02447.appl.kp.org
tpmghr.kp.org
digitalproductroadmaptool.kp.org
cnqmsiarc.appl.kp.org
cscdcimppm01.crdc.kp.org
onelinkinfo.kp.org
fs010.kaiserpermanente.org
test1.uat.kp.org
venafipatchninecsorp.venafi-qa.kp.org
essearch.tro-splunk.kp.org
radiator-dev.appl.kp.org
nps-dev.appl.kp.org
dev-personalcondtest-biz-live.cd.aksnp.azure.kp.org
residency.kp.org
ivvpexip.appl.kp.org
csbdc-vmax0247-emgmt1.bcdc.kp.org
myit-ws-xm.kp.org
kpgadatamart.ga.kp.org
finesse-amcimc1.appl.kp.org
tpmghcm-rpt.appl.kp.org
copdf-temp.ssdc.kp.org
afl-wa.appl.kp.org
czapwb8.crdc.kp.org
opscpos01147.appl.kp.org
onelinktax.appl.kp.org
csc2cwn00000309.cloud.kp.org
staffprovider-qa-appl.wa.kp.org
kphccaboodlesdscprodsdmdr.appl.kp.org
czapwb7.crdc.kp.org
ncalethics.kp.org
opcopos03023.appl.kp.org
myit-xm-uat.kp.org
ncalethics.kp.org
webforms-qa.appl.kp.org
nw-inventrix-prod.appl.kp.org
kpschedule.kp.org
appsdev.kp.org
hits-dev.appl.kp.org
test1csr.md.uat.kp.org
coats-uat.kp.org
api-services-pp.kp.org
scpmghcmrpt.kp.org
singledomain5.demo.kp.org
vcoltme21.ntwk.kp.org
downey-physicianpeersurvey.appl.kp.org
apps.kp.org
ndc1ctxnsa.nndc.kp.org
*.clm1-ezp.kp.org
*.sts.ext-svc-bmxp.appl.kp.org
dev-tasktracker-bff-live.memb.aksnp.azure.kp.org
*.kpvv.int-svc.bmxnp.appl.kp.org
mobileiron50.kp.org
mobileiron13.kp.org
wdcvnx5400-mgm3.wpoc.kp.org
econsult-dev.kp.org
opnwpos04079.appl.kp.org
ccsp.appl.kp.org
aaccesp.kp.org
prod-npl.eglb.kp.org
izadap8.ivdc.kp.org
securemail.kp.org
opncpos02125.appl.kp.org
aperturepatchsixninegfgnj.venafi-qa.kp.org
velocity-preprod-intranet.crdc.kp.org
bookingservice-p1.kpaths.appl.kp.org
cnlenam3900303.len.ca.kp.org
riverside-isite.appl.kp.org
pdasweb-uat-tmp.appl.kp.org
prod-kpdfeaturestoreui-biz-live.daml.aksp.azure.kp.org
kpa-prod.kaiserpermanente.org
violenceprevention.kp.org
csc2cwn00000330.cloud.kp.org
hp-mbr-admn-crdc.kp.org
scpmghcmint.kp.org
onelinkppt-uat.appl.kp.org
downey-isitepics.appl.kp.org
opscpos01069.appl.kp.org
csidcwvzp537.ccst.kp.org
aperturepatchsixninegjgfj.venafi-qa.kp.org
Certificate
The complete raw certificate details for prod-cryptoservicev2-biz-live.pmt.aksp.azure.kp.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF8DCCBNigAwIBAgIRANSoLz0+YuKaSL7qn+o7ENMwDQYJKoZIhvcNAQELBQAw gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE9MDsGA1UE AxM0U2VjdGlnbyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl cnZlciBDQTAeFw0yMzEyMDUwMDAwMDBaFw0yNTAxMDMyMzU5NTlaMIGOMQswCQYD VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEsMCoGA1UEChMjS2Fpc2VyIEZv dW5kYXRpb24gSGVhbHRoIFBsYW4sIEluYy4xPDA6BgNVBAMTM3Byb2QtY3J5cHRv c2VydmljZXYyLWJpei1saXZlLnBtdC5ha3NwLmF6dXJlLmtwLm9yZzCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAPJcR2IU26ZUc0H7iaU9JVZHlKdaTv/f 9lQFyFplpvc6vmHFF4yagZ8kEgsMxJSzjcI0/JnGWdPLv1rTZPrzvy9xLGXnNKpS wGZdVd36iAHPZj5T3NqkkumRC4qdHrdu3agJ0Qh7bdFh5vUEu+wSROp2QZL4t/F3 CxXE6yx2u/IAIYJlQ9JCbWI+LLVMadu/XflS/k1oMhjLeZ1FYfurvlLI+GpFPTgh AnankR4RT4LX/JrpID6HofLK1R1tTYzB6Fcfj+CE6dKID14+WulfYqqKpKoi7KQf wsxnElbSDr4ytBaJj+zaPQQfXPkzRDioVCukxpSdrkLpY1M00r8teeMCAwEAAaOC Aj4wggI6MB8GA1UdIwQYMBaAFBfZ1iUnZ/kxwklD2TA2RIxsqU/rMB0GA1UdDgQW BBRcXrkZP2/fNexY223jDEUhuyZw+TAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/ BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSgYDVR0gBEMwQTA1 BgwrBgEEAbIxAQIBAwQwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNv bS9DUFMwCAYGZ4EMAQICMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwuc2Vj dGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVT ZXJ2ZXJDQS5jcmwwgYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0cDov L2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlv blNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2Vj dGlnby5jb20wEwYKKwYBBAHWeQIEAwEB/wQCBQAwcQYDVR0RBGowaIIzcHJvZC1j cnlwdG9zZXJ2aWNldjItYml6LWxpdmUucG10LmFrc3AuYXp1cmUua3Aub3JngjFk ci1jcnlwdG9zZXJ2aWNldjItYml6LXRlc3QucG10LmFrc3AuYXp1cmUua3Aub3Jn MA0GCSqGSIb3DQEBCwUAA4IBAQAN18Jk2zI2MY6SB63iJVp3+KqUOjc61doc5iGK 88KVkmFyazK2BFycQLWHVzbvih+gr0Hcye6O9NWZGWtNngFvsaOwPwj1U+CHiGmT B/TgjARjg+a54bAbR5Zx+U5xvqBpNUgC3U54lz3XEEga1jW7zY2nrHXgVEbRONt/ 1m+HMU5Oy/azdkGjPr4tBTWDc5DWQfaEu0JxU4TUfGmkVUy+YurtiKWk5Bq9O4a3 s3zit3WWt+kG/GeZ8xIddDFHt8Wvlyv706gDMHI+wwY/lignWwxS2pFnVbNFvWrR 5Wf4VkHGQuTTh7rSbmIYohPuUlmAt87VIU1VX3JaBA5hvJU/ -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8lxHYhTbplRzQfuJpT0l VkeUp1pO/9/2VAXIWmWm9zq+YcUXjJqBnyQSCwzElLONwjT8mcZZ08u/WtNk+vO/ L3EsZec0qlLAZl1V3fqIAc9mPlPc2qSS6ZELip0et27dqAnRCHtt0WHm9QS77BJE 6nZBkvi38XcLFcTrLHa78gAhgmVD0kJtYj4stUxp279d+VL+TWgyGMt5nUVh+6u+ Usj4akU9OCECdqeRHhFPgtf8mukgPoeh8srVHW1NjMHoVx+P4ITp0ogPXj5a6V9i qoqkqiLspB/CzGcSVtIOvjK0FomP7No9BB9c+TNEOKhUK6TGlJ2uQuljUzTSvy15 4wIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 282669599104112916535945967689736589523 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-05 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-03 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Kaiser Foundation Health Plan, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'prod-cryptoservicev2-biz-live.pmt.aksp.azure.kp.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30595174193936942296493720462352743082862741991529207841100643542361308030144875197535681995666656842411007651812195437902999357352418923062805921523651530240669065594892050096504630158071025226731803225448775056452227786983111281439622308406930011902544559843451335810016977534370907197322284089674990925408677919246437867603068015690853413111502487319732591529464588733141389392421337730002673475830731031265695874933588139738424781989445463287998053528504968228325425757586205916824202829140940712672040868774203436953589499575487565410991027346370840817343525488887903055576516534134887305730268471444904321317347 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 5c5eb9193f6fdf35ec58db6de30c4521bb2670f9 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prod-cryptoservicev2-biz-live.pmt.aksp.azure.kp.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dr-cryptoservicev2-biz-test.pmt.aksp.azure.kp.org' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 000dd7c264db3236318e9207ade2255a77f8aa943a373ad5da1ce6218af3c2959261726b32b6045c9c40b5875736ef8a1fa0af41dcc9ee8ef4d599196b4d9e016fb1a3b03f08f553e08788699307f4e08c046383e6b9e1b01b479671f94e71bea069354802dd4e78973dd710481ad635bbcd8da7ac75e05446d138db7fd66f87314e4ecbf6b37641a33ebe2d0535837390d641f684bb42715384d47c69a4554cbe62eaed88a5a4e41abd3b86b7b37ce2b77596b7e906fc6799f3121d743147b7c5af972bfbd3a80330723ec3063f9628275b0c52da916755b345bd6ad1e567f85641c642e4d387bad26e6218a213ee525980b7ced5214d555f725a040e61bc953f