shib-dr1.stanford.edu

- Stanford University -

Issued by InCommon RSA Server CA

About this certificate

This digital certificate with serial number 03:20:4f:3b:89:a3:70:38:5c:02:ff:83:58:c7:4e:17 was issued on by Internet2.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Stanford University

Organization: Stanford University
Organization unit: Authentication and Collaboration Solutions
Address: 450 Serra Mall
Postal code: 94305
State / Province: CA
Locality: Stanford
Country: US

Internet2

Organization: Internet2
Organization unit: InCommon
State / Province: MI
Locality: Ann Arbor
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:20:4f:3b:89:a3:70:38:5c:02:ff:83:58:c7:4e:17
Serial Number (int): 4155444514245170125199157955129724439
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 97:6e:fa:b8:5a:c0:be:d8:71:d9:3c:0a:58:df:c7:73:be:04:45:7e
AuthorityKeyId: 1e:05:a3:77:8f:6c:96:e2:5b:87:4b:a6:b4:86:ac:71:00:0c:e7:38

Fingerprint (sha1): 02:1a:ed:d0:45:64:c6:3c:85:21:df:ac:be:80:42:13:74:7b:0f:b7
Fingerprint (sha256): 00:27:3a:1f:e9:0a:58:7c:a2:6e:79:45:4d:91:f8:ca:e6:b4:a0:3e:7b:19:73:c0:b0:1c:3f:55:5b:07:18:6b

Issuing Certificate URL: http://crt.usertrust.com/InCommonRSAServerCA_2.crt

Revocation information

OCSP Server: http://ocsp.usertrust.com
CRL Distribution Point: http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

Check the revocation status for certificate shib-dr1.stanford.edu

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for shib-dr1.stanford.edu

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

shib-dr1.stanford.edu

Other certificates including the domain name stanford.edu

(limited to 100 certificates)
ipython.stanford.edu
5692462144159744-fe3.pantheonsite.io
migrate-gsb.stanford.edu
bpp.stanford.edu
gsc.stanford.edu
polisci451.stanford.edu
smtp-auth.slac.stanford.edu
cs242.stanford.edu
cardinalrecovery.stanford.edu
proline.stanford.edu
bio-dap15.stanford.edu
5768310863953920-fe2.pantheonsite.io
shib-dr1.stanford.edu
sr-prime.stanford.edu
sul-bookdata-prod.stanford.edu
cegelski.stanford.edu
carpepm.almonds.com
stguwfaprd01.stanford.edu
firebaseapp.com
irt-dev.stanford.edu
us.prod.campusgroups.com
gsbphoto-dev.stanford.edu
research.esrg.stanford.edu
dinglab.stanford.edu
5686812383117312-fe3.pantheonsite.io
aegis.stanford.edu
www-prd.gsb.stanford.edu
fork-h08-31.stanford.edu
cs269q.stanford.edu
animaltraxuat.stanford.edu
mededmastery.stanford.edu
events.slac.stanford.edu
sul-hydra-etd-prod.stanford.edu
ccadmin.stanford.edu
5736754531270656-fe4.pantheonsite.io
5threunioncampaign.stanford.edu
cluster3.technolutions.net
ssi-server1.stanford.edu
firebaseapp.com
5702351037923328-fe2.pantheonsite.io
crypto.stanford.edu
ucdc.edu
cluster3.technolutions.net
aagsa.stanford.edu
stanford.edu
library.stanford.edu
roboticsclub.stanford.edu
helix.stanford.edu
eventviewer-test2.stanford.edu
www.straightlab.stanford.edu
us.prod.campusgroups.com
library-status.stanford.edu
aikido.stanford.edu
stanfordwho.stanford.edu
aplac.stanford.edu
facultybillets-dev.med.stanford.edu
www-group.slac.stanford.edu
pswebkdc.slac.stanford.edu
nartc.fcm.arizona.edu
www.dschool.stanford.edu
ci.med.stanford.edu
calendar.sdzsafaripark.org
www.launchpad.stanford.edu
lbre-authdev.stanford.edu
allencenter.stanford.edu
globalhealth.stanford.edu
*.stanford.edu
yuba.stanford.edu
migrate-gsb.stanford.edu
stanfordwho-test-stretch.stanford.edu
5652720409116672-fe3.pantheonsite.io
sul-dev-mdm.stanford.edu
vault.stanford.edu
suegenciadev.stanford.edu
epgy.stanford.edu
r8-web-prod.stanford.edu
www.dhometeam.stanford.edu
pascl.stanford.edu
gfxcourses.stanford.edu
apimetadata.stanford.edu
woodstock.stanford.edu
pacs.fairnorthdigital.com
shield.stanford.edu
suave.stanford.edu
fsi-backup1.stanford.edu
5731346630574080-fe3.pantheonsite.io
jimb.stanford.edu
jq01b160n4jace02a.stanford.edu
www-cdn.stanford.edu
banking-business-review.com
glast.slac.stanford.edu
swshumsci-prod.stanford.edu
5686683802533888-fe2.pantheonsite.io
reportmart3ye.stanford.edu
5768310863953920-fe2.pantheonsite.io
biochemistry.stanford.edu
cdn-test.battlefields.org
test.eis.uw.edu
modthought.stanford.edu
itarch.stanford.edu

Certificate

The complete raw certificate details for shib-dr1.stanford.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGlTCCBX2gAwIBAgIQAyBPO4mjcDhcAv+DWMdOFzANBgkqhkiG9w0BAQsFADB2
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xNzA3MDcwMDAwMDBaFw0yMDA3MDYy
MzU5NTlaMIHJMQswCQYDVQQGEwJVUzEOMAwGA1UEERMFOTQzMDUxCzAJBgNVBAgT
AkNBMREwDwYDVQQHEwhTdGFuZm9yZDEXMBUGA1UECRMONDUwIFNlcnJhIE1hbGwx
HDAaBgNVBAoTE1N0YW5mb3JkIFVuaXZlcnNpdHkxMzAxBgNVBAsTKkF1dGhlbnRp
Y2F0aW9uIGFuZCBDb2xsYWJvcmF0aW9uIFNvbHV0aW9uczEeMBwGA1UEAxMVc2hp
Yi1kcjEuc3RhbmZvcmQuZWR1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEAyM+zTOFLtu5dY13X714BFtjzU0LWQnkWDdEXzrKYApXpPV9MjsAqHF1TDPI3
TSdVGqDwckpv3/lu9iIn0GC6bJH5I1rbMn+t9Tq2B/QIRMhfhPxkE4gCEOYKu1ad
KwIaZ/iCSMSkM6gzYcPiVqxwURN9bkWc13ve6crj9mkQvOHwpvziu9v9KcHPnokV
190g9iWGTuUODDdmYKfa59essdWXorDJj3ARGoTZFfWFULGcbAXTlmP/viJDQYGH
YJtrWdXKnq/g+XV9daQ0BNw+EtO6iFI08hpNCIJNr+T+jz7AwP4y6a4GH6XmavMM
q4SC2cjFPu+dMHvyZz0LIP8TiQOWUuQAztpXB2EWkqBmydPGKxQrH9hvO2QSajGm
SlgB/AMjrQ3ueoRpAWSv8gq5kIX79dpxGlpuHe1ky7Xug3ZEBdnk7YPpryu9gMAi
+ZXqmg0Ol0DU9pMriLHWGZ7d0zAyictRAiTB+QrlyGhCE9Dkeq3VjYVBSeudQdPw
9N0OhYZRB4RMcacS0WdWpHpygbESLX7Dl64l8Pq2zs+deQuscS6Ay4dE3HzNfa/E
1BLCFLiyywheLH5geDqls3IafWGvyWNIEMDaVnbTT7PsrZpamvbRbbkgnxQ8zgDN
71fRPQgw5nVmxoDYsVpH5+uUldAvyERiYzkQtG7u9p2VJMUCAwEAAaOCAckwggHF
MB8GA1UdIwQYMBaAFB4Fo3ePbJbiW4dLprSGrHEADOc4MB0GA1UdDgQWBBSXbvq4
WsC+2HHZPApY38dzvgRFfjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwZwYDVR0gBGAwXjBSBgwrBgEE
Aa4jAQQDAQEwQjBABggrBgEFBQcCARY0aHR0cHM6Ly93d3cuaW5jb21tb24ub3Jn
L2NlcnQvcmVwb3NpdG9yeS9jcHNfc3NsLnBkZjAIBgZngQwBAgIwRAYDVR0fBD0w
OzA5oDegNYYzaHR0cDovL2NybC5pbmNvbW1vbi1yc2Eub3JnL0luQ29tbW9uUlNB
U2VydmVyQ0EuY3JsMHUGCCsGAQUFBwEBBGkwZzA+BggrBgEFBQcwAoYyaHR0cDov
L2NydC51c2VydHJ1c3QuY29tL0luQ29tbW9uUlNBU2VydmVyQ0FfMi5jcnQwJQYI
KwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wIAYDVR0RBBkwF4IV
c2hpYi1kcjEuc3RhbmZvcmQuZWR1MA0GCSqGSIb3DQEBCwUAA4IBAQBZB7M3VL53
++N5ulxoqP4Nn7q/SEQumyGd6Okb8pxZAIyP7WLL13L1R/m3a+kprHmK+LU1M6EH
xF2UvscaXN34WQD/dyLF3NSQUcosnJ3OTnxPo70FdGbsyoAJKsvgpaImUiS6GFDB
MM8Gf/ZBylyUKmZkNbLJ75G6xPAi4mqApuvw4JFaciYP+6OdgzvFotI8GU25XhFq
88sz/gMEagyQcwfKeAXqL42xcyAj2JNK5IHB3Vpa8v0KCSOcrNzGRQvoUflfKQDs
AFWOQN2jkmWmlDQHd7VoyW63xbD5ssVqX6WMu87iwJkiN0f6ErlQ+nozqw4kqqV4
oYbn8fNYaJ69
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyM+zTOFLtu5dY13X714B
FtjzU0LWQnkWDdEXzrKYApXpPV9MjsAqHF1TDPI3TSdVGqDwckpv3/lu9iIn0GC6
bJH5I1rbMn+t9Tq2B/QIRMhfhPxkE4gCEOYKu1adKwIaZ/iCSMSkM6gzYcPiVqxw
URN9bkWc13ve6crj9mkQvOHwpvziu9v9KcHPnokV190g9iWGTuUODDdmYKfa59es
sdWXorDJj3ARGoTZFfWFULGcbAXTlmP/viJDQYGHYJtrWdXKnq/g+XV9daQ0BNw+
EtO6iFI08hpNCIJNr+T+jz7AwP4y6a4GH6XmavMMq4SC2cjFPu+dMHvyZz0LIP8T
iQOWUuQAztpXB2EWkqBmydPGKxQrH9hvO2QSajGmSlgB/AMjrQ3ueoRpAWSv8gq5
kIX79dpxGlpuHe1ky7Xug3ZEBdnk7YPpryu9gMAi+ZXqmg0Ol0DU9pMriLHWGZ7d
0zAyictRAiTB+QrlyGhCE9Dkeq3VjYVBSeudQdPw9N0OhYZRB4RMcacS0WdWpHpy
gbESLX7Dl64l8Pq2zs+deQuscS6Ay4dE3HzNfa/E1BLCFLiyywheLH5geDqls3Ia
fWGvyWNIEMDaVnbTT7PsrZpamvbRbbkgnxQ8zgDN71fRPQgw5nVmxoDYsVpH5+uU
ldAvyERiYzkQtG7u9p2VJMUCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 4155444514245170125199157955129724439
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'MI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ann Arbor'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-07-07 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-07-06 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '94305'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Stanford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '450 Serra Mall'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Stanford University'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Authentication and Collaboration Solutions'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'shib-dr1.stanford.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 819238749820910595120860635126194308929264992363614710513008757983354149162164402569916623364575410312565060268685243620404628665932278879795821278885390409802962669451207698821841393542370564235288265076452684951891393765723927677372390896004965594971870428758773553958132465620624767441385317308378931331418790813595425318220247947450279817211466724499625142721952117802585731581687717518334152767438767449062436920667003275784851649585655109693196319270693508896746009473175438003459538654010823260536902643775691115921367358541224142870494875984146519335909815376308913998095019274748729752787266081586193539112665538980673200153025213125672716260930089180004419205253364375452039782717572345537087860489804984758047299538045291523891047189742104948747209366506505683623476890421039956330532775622915802895379010612914696584371908151840215652001083604760524949387008578377906317207331791070651332872518469354098571667211774266153766453537906487744297840030239770054364775604364040534783716432329196492754683191740143626850817749928910303308238578825553778385401333048328340252677929748124351695079852504839014847708251721570509583025825218391906742570093142163620428280126380453187524747530573270768048985777845095206224032769221
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1e05a3778f6c96e25b874ba6b486ac71000ce738
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							976efab85ac0bed871d93c0a58dfc773be04457e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (96 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.incommon.org/cert/repository/cps_ssl.pdf'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.incommon-rsa.org/InCommonRSAServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.usertrust.com/InCommonRSAServerCA_2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.usertrust.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'shib-dr1.stanford.edu'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		005907b33754be77fbe379ba5c68a8fe0d9fbabf48442e9b219de8e91bf29c59008c8fed62cbd772f547f9b76be929ac798af8b53533a107c45d94bec71a5cddf85900ff7722c5dcd49051ca2c9c9dce4e7c4fa3bd057466ecca80092acbe0a5a2265224ba1850c130cf067ff641ca5c942a666435b2c9ef91bac4f022e26a80a6ebf0e0915a72260ffba39d833bc5a2d23c194db95e116af3cb33fe03046a0c907307ca7805ea2f8db1732023d8934ae481c1dd5a5af2fd0a09239cacdcc6450be851f95f2900ec00558e40dda39265a694340777b568c96eb7c5b0f9b2c56a5fa58cbbcee2c099223747fa12b950fa7a33ab0e24aaa578a186e7f1f358689ebd