bbmsmerchant.blackbaud.com

- Blackbaud, Inc. -

Issued by GeoTrust TLS RSA CA G1

About this certificate

This digital certificate with serial number 06:bb:b4:3e:fe:00:78:47:d5:7b:f7:11:35:81:c8:0d was issued on by DigiCert Inc.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Blackbaud, Inc.

Organization: Blackbaud, Inc.
Organization unit: hosting
State / Province: South Carolina
Locality: Charleston
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 06:bb:b4:3e:fe:00:78:47:d5:7b:f7:11:35:81:c8:0d
Serial Number (int): 8949983311740001692724868132599089165
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 50:01:74:a2:d4:fd:3a:f4:29:c1:68:c4:67:f5:a4:e7:ae:25:e1:53
AuthorityKeyId: 94:4f:d4:5d:8b:e4:a4:e2:a6:80:fe:fd:d8:f9:00:ef:a3:be:02:57

Fingerprint (sha1): c2:e1:de:e5:0d:98:98:4e:e5:ec:23:30:a7:be:4a:7a:2f:03:49:e8
Fingerprint (sha256): 00:1e:00:32:46:8b:f9:0d:af:2a:21:a7:ae:0b:77:2a:66:89:31:e9:19:9b:c6:81:f3:39:4f:b6:a9:9a:06:ee

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl

Check the revocation status for certificate bbmsmerchant.blackbaud.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for bbmsmerchant.blackbaud.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

bbmsmerchant.blackbaud.com

Other certificates including the domain name blackbaud.com

(limited to 100 certificates)
s41afnx03web01.nxt.blackbaud.com
bbmsmerchant.blackbaud.com
statuspage.io
statuspage.io
japan-status.dialpad.com
cwp.status.symantec.com
statuspage.io
give.gf.blackbaud.com
analyze.test.fenxt.blackbaud.com
leapfrog-ssl-15.gcs-web.com
renewalrequest.blackbaud.com
statuspage.io
interactive-services.blackbaud.com
statuspage.io
*.sky.blackbaud.com
anyconnect-bne.blackbaud.com
statuspage.io
statuspage.io
mft-us.blackbaud.com
maintenance.blackbaud.com
statuspage.io
statuspage.io
statuspage.io
statuspage.io
sdr.sky.blackbaud.com
statuspage.io
etapestryimpact.blackbaud.com
champions.blackbaud.com
statuspage.io
statuspage.io
statuspage.io
statuspage.io
leapfrog-ssl-15.gcs-web.com
leapfrog-ssl-15.gcs-web.com
statuspage.io
statuspage.io
sapws.blackbaud.com
statuspage.io
s21afnx10web01.nxt.blackbaud.com
bbkb.blackbaud.com
statuspage.io
statuspage.io
statuspage.io
nonprofitcentral.blackbaud.com
statuspage.io
metrics.blackbaud.com
downloadmirror2.blackbaud.com
japan-status.dialpad.com
maintenance.blackbaud.com
octo.blackbaud.com
scanstore.blackbaud.com
statuspage.io
app.blackbaud.com
statuspage.io
statuspage.io
renxtimpact.blackbaud.com
statuspage.io
statuspage.io
guest-wireless.blackbaud.com
analyze.dev.fenxt.blackbaud.com
ncweb.blackbaud.com
japan-status.dialpad.com
statuspage.io
bbms.blackbaud.com
enterpriseprojects.blackbaud.com
statuspage.io
sapws.blackbaud.com
statuspage.io
maintenance.blackbaud.com
analytics-luminate.blackbaud.com
institute.blackbaud.com
statuspage.io
statuspage.io
statuspage.io
access.blackbaud.com
fenxtroi.blackbaud.com
statuspage.io
statuspage.io
statuspage.io
hello.blackbaud.com
leapfrog-ssl-15.gcs-web.com
internet.blackbaud.com
citrix.blackbaud.com
statuspage.io
www.blackbaud.com
statuspage.io
statuspage.io
s21afnx02web01.nxt.blackbaud.com
statuspage.io
statuspage.io
cwp.status.symantec.com
statuspage.io
statuspage.io
statuspage.io
ncweb.blackbaud.com
statuspage.io
*.volunteernetworkfundraising.blackbaud.com
statuspage.io
services.blackbaud.com
statuspage.io

Certificate

The complete raw certificate details for bbmsmerchant.blackbaud.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIQBru0Pv4AeEfVe/cRNYHIDTANBgkqhkiG9w0BAQsFADBg
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZHZW9UcnVzdCBUTFMgUlNBIENBIEcx
MB4XDTE4MTAyNTAwMDAwMFoXDTIwMTIyMzEyMDAwMFowgYwxCzAJBgNVBAYTAlVT
MRcwFQYDVQQIEw5Tb3V0aCBDYXJvbGluYTETMBEGA1UEBxMKQ2hhcmxlc3RvbjEY
MBYGA1UEChMPQmxhY2tiYXVkLCBJbmMuMRAwDgYDVQQLEwdob3N0aW5nMSMwIQYD
VQQDExpiYm1zbWVyY2hhbnQuYmxhY2tiYXVkLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAK/aO6e8n+IERetfLHDiNL7YFmsM2+y1oCGIw0OskYZt
O5x8kimDFR00nf2Otr75fnt0xWh1GQ2AiwDM3FUE1JUv4gMPsOrMmdenqaZ4U3gh
4EuEvzT2Es0rI/Za4pRnK6BwtgN7woQvbjKXdBkBzQRKC55idnAOQovJMXZWGHgb
+GTbf3UBuCvWx6Rcy2ba7cE4zMYcarbF21HPl0k2bqNWezypwC9he/X1yDUZreGT
BdtgYBXhUc3OKnuncxwIMssICov9NBjltjf6dNapeLZ293n8yL57j3bBuYZ+muq6
uhGyy9G3nNquXiL0hLR9Qb/wP6RDK9Eub+qQAp0BWOcCAwEAAaOCAcEwggG9MB8G
A1UdIwQYMBaAFJRP1F2L5KTipoD+/dj5AO+jvgJXMB0GA1UdDgQWBBRQAXSi1P06
9CnBaMRn9aTnriXhUzAlBgNVHREEHjAcghpiYm1zbWVyY2hhbnQuYmxhY2tiYXVk
LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9jZHAuZ2VvdHJ1c3QuY29tL0dl
b1RydXN0VExTUlNBQ0FHMS5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAo
BggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwB
AgIwdgYIKwYBBQUHAQEEajBoMCYGCCsGAQUFBzABhhpodHRwOi8vc3RhdHVzLmdl
b3RydXN0LmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL2NhY2VydHMuZ2VvdHJ1c3Qu
Y29tL0dlb1RydXN0VExTUlNBQ0FHMS5jcnQwCQYDVR0TBAIwADATBgorBgEEAdZ5
AgQDAQH/BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAY0dSqEy7XxKL/FVhOhFCccZB
Ecr5T3PLrjbn+hMlAHUwL+cnv4cp18b4XLO6L/PcZbJp2K8vgFIAcfQ6M9dK9OXX
pYvjmJbMsA1qHod8EILJ1SLyE8tW3K8eYz8cpOL5ewb5yZty+XqlOTPOwsgDHF0H
kf7gcokT4wrE73F5XzVCdrqP6cvMxnTwjUsTHgV56NkLXADQ9AiSfKDz7srPGnEc
ULGwEdIoPBdDXmV/Cy5xvP6fTZa+jNJCEM1YL0Ju2QSMDCOLjsHT4edDwXY3fddV
4dwYMtKVDJUbkTkbMq3nj2ddabBBeHfT4DT0F+vi+CjxPwnBQh3LIJm3MgfuyA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9o7p7yf4gRF618scOI0
vtgWawzb7LWgIYjDQ6yRhm07nHySKYMVHTSd/Y62vvl+e3TFaHUZDYCLAMzcVQTU
lS/iAw+w6syZ16eppnhTeCHgS4S/NPYSzSsj9lrilGcroHC2A3vChC9uMpd0GQHN
BEoLnmJ2cA5Ci8kxdlYYeBv4ZNt/dQG4K9bHpFzLZtrtwTjMxhxqtsXbUc+XSTZu
o1Z7PKnAL2F79fXINRmt4ZMF22BgFeFRzc4qe6dzHAgyywgKi/00GOW2N/p01ql4
tnb3efzIvnuPdsG5hn6a6rq6EbLL0bec2q5eIvSEtH1Bv/A/pEMr0S5v6pACnQFY
5wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 8949983311740001692724868132599089165
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust TLS RSA CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-10-25 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-12-23 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'South Carolina'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Charleston'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Blackbaud, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'hosting'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'bbmsmerchant.blackbaud.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22199318086126373439860170302005520263672413551706152000196770974778817598795754589958230435888787547939771563332956476200687355576941662165847220601314040895420620093949525193855627891750732713823131099219482268265207920865993892170381199783508687952856914959428760489225244566065341583341308013012248665104533861960018240949054730568556217760076203114075306835068481944913617399610461720081922757971728481941079656700455222311033608155408365019761982707638163081320299054491013904641196548480968903599219403203047215211254488710011222284824548851415558637986681590278886966189695690734346254865877257421347960740071
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 944fd45d8be4a4e2a680fefdd8f900efa3be0257
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							500174a2d4fd3af429c168c467f5a4e7ae25e153
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bbmsmerchant.blackbaud.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00634752a84cbb5f128bfc55613a114271c64111caf94f73cbae36e7fa13250075302fe727bf8729d7c6f85cb3ba2ff3dc65b269d8af2f80520071f43a33d74af4e5d7a58be39896ccb00d6a1e877c1082c9d522f213cb56dcaf1e633f1ca4e2f97b06f9c99b72f97aa53933cec2c8031c5d0791fee0728913e30ac4ef71795f354276ba8fe9cbccc674f08d4b131e0579e8d90b5c00d0f408927ca0f3eecacf1a711c50b1b011d2283c17435e657f0b2e71bcfe9f4d96be8cd24210cd582f426ed9048c0c238b8ec1d3e1e743c176377dd755e1dc1832d2950c951b91391b32ade78f675d69b0417877d3e034f417ebe2f828f13f09c1421dcb2099b73207eec8