cma.itunes.apple.com
- Apple Inc. -
Issued by Apple Public Server RSA CA 12 - G1
About this certificate
This digital certificate with serial number 68:54:b2:1e:85:bf:27:da:63:c2:9b:d5:66:89:81:2b was issued on by Apple Inc..
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Apple Inc.
Organization:
Apple Inc.
State / Province:
California
Country: US
Country: US
Apple Inc.
Organization:
Apple Inc.
State / Province:
California
Country: US
Country: US
This certificate will expire on
Certificate Details
Serial Number (hex): 68:54:b2:1e:85:bf:27:da:63:c2:9b:d5:66:89:81:2bSerial Number (int): 138679477184895101066714893971555451179
Serial Number lenght: 127 bits, 16 octets
SubjectKeyId: fa:8f:91:26:91:1d:bd:8c:89:c3:4b:1b:37:38:8e:35:31:88:b3:72
AuthorityKeyId: 1e:5c:17:91:05:57:02:fc:77:5c:e3:70:43:ec:6b:fd:dd:d2:d8:69
Fingerprint (sha1): 0f:d8:84:60:6a:5f:31:70:35:f2:a8:e1:7c:c7:4f:d7:a7:24:61:85
Fingerprint (sha256): 00:7f:8d:eb:65:52:f9:21:a9:a0:4e:3e:6b:18:41:02:24:79:57:02:d6:52:f4:cf:6a:fd:76:16:ca:a5:d5:7d
Issuing Certificate URL: http://certs.apple.com/apsrsa12g1.der
Revocation information
OCSP Server: http://ocsp.apple.com/ocsp03-apsrsa12g101CRL Distribution Point: http://crl.apple.com/apsrsa12g1.crl
Check the revocation status for certificate cma.itunes.apple.com
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for cma.itunes.apple.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
cma.itunes.apple.com
cma2.itunes.apple.com
cma2.itunes.apple.com
Other certificates including the domain name apple.com
(limited to 100 certificates)
itunes.apple.com
ja.ls.apple.com
origin-discussions2-us-dr-prz.apple.com
training.apple.com
reserves-prime.prz.apple.com
app001.apple.com
deployment-pv50.ls.apple.com
itunes.apple.com
reserve-prime.apple.com
gsp81-ssl-e1118.ls.apple.com
gsp102-ssl-e1502.ls.apple.com
api.searchads.apple.com
idmsa-uat.apple.com
webpay-sh-pilot.apple.com
mzstatic.com
store-029.blobstore.apple.com
beatsglobalquality-uat.corp.apple.com
rw.apple.com
stg-pod1-smp.corp.apple.com
gr-api-video-h-aapne1a.smoot.apple.com
web-ext-mmap-ce01.apple.com
assurance-jigglebilly.apple.com
usl-expe1405.apple.com
store-995.blobstore.apple.com
sapecc-prd-ext.sap.apple.com
swdlp.apple.com
gsx.apple.com
gsp-ssl-e1134.ls.apple.com
clx-dev.apple.com
noodle.apple.com
gsp11-ty21-dlb-2.ls.apple.com
mzuserxp.itunes.apple.com
gsp64-st14-ssl-dlb.ls.apple.com
gsp45-ssl-e1356.ls.apple.com
gsp12-st14-dlb-2.ls.apple.com
discussions-uat.apple.com
dc-portal.apple.com
supplier.apple.com
gsp48-kittyhawk-qs55-ssl.ls.apple.com
gsp81-ssl-e1502.ls.apple.com
gsp48-ssl-e691.ls.apple.com
mapsconnectapi.ls.apple.com
wdg01-uat.apple.com
wellnessclassic.apple.com
api-partner-connect-uat1.apple.com
people.apple.com
supplier-registration.apple.com
gsp60-ssl-e997.ls.apple.com
ssuat.apple.com
locate.apple.com
itunes.apple.com
suppliernet.apple.com
gsp79-am31-dlb.ls.apple.com
smp-device-qa3.apple.com
eurored3.apple.com
devcon-oomnshuttleist-test.apple.com
coreservices-e1506-ms11-bistunium-k8straefik.ls.apple.com
dmo-vip01-storeinfo.retailtech.apple.com
gsp70-ssl-e706.ls.apple.com
dinah05.corp.apple.com
gsp1-ssl.apple.com
gspe85-cn-ssl.ls.apple.com
vorpal-relay.apple.com
bswe.apple.com
cma.itunes.apple.com
gsp-ssl-apne1-ash.ls.apple.com
theloop-stage.apple.com
tokenvalidation.apple.com
linkmaker.itunes.apple.com
gsp70-ssl-e1633.ls.apple.com
gsp63-ms12-kittyhawk-ssl.ls.apple.com
gsp-ssl-sl61-ipv6.ls.apple.com
aws-onepulse.apple.com
nightcap-events.apple.com
argo-api.apple.com
gsp12-kh-st14-1.ls.apple.com
gsp59-ssl-e506.ls.apple.com
mr-apple-com2.apple.com
ocservice.apple.com
marketing.apple.com
ioss-callbackservices-qa3.apple.com
gsp19-kh-ms12.ls.apple.com
madeforipodandiphone.apple.com
gspe19-ssl.ls.apple.com
gsp19-1-kittyhawk-ci77-ssl.ls.apple.com
cs-integrations-stage.apple.com
gsp35-ty21-ssl.ls.apple.com
gbiportal-apps-external.apple.com
plmtest2.apple.com
gsp3-sy02-ssl.ls.apple.com
gspe35-ssl.ls.apple.com
gsp76-ty21-01.ls.apple.com
ne-access.apple.com
profilebroker.apple.com
axm-scim-qa12.apple.com
gsp95-hk02-stage-ssl.ls.apple.com
contactretail.apple.com
caffemacs-aa-prz.apple.com
bam.corp.apple.com
gsp45-ssl-e709.ls.apple.com
ja.ls.apple.com
origin-discussions2-us-dr-prz.apple.com
training.apple.com
reserves-prime.prz.apple.com
app001.apple.com
deployment-pv50.ls.apple.com
itunes.apple.com
reserve-prime.apple.com
gsp81-ssl-e1118.ls.apple.com
gsp102-ssl-e1502.ls.apple.com
api.searchads.apple.com
idmsa-uat.apple.com
webpay-sh-pilot.apple.com
mzstatic.com
store-029.blobstore.apple.com
beatsglobalquality-uat.corp.apple.com
rw.apple.com
stg-pod1-smp.corp.apple.com
gr-api-video-h-aapne1a.smoot.apple.com
web-ext-mmap-ce01.apple.com
assurance-jigglebilly.apple.com
usl-expe1405.apple.com
store-995.blobstore.apple.com
sapecc-prd-ext.sap.apple.com
swdlp.apple.com
gsx.apple.com
gsp-ssl-e1134.ls.apple.com
clx-dev.apple.com
noodle.apple.com
gsp11-ty21-dlb-2.ls.apple.com
mzuserxp.itunes.apple.com
gsp64-st14-ssl-dlb.ls.apple.com
gsp45-ssl-e1356.ls.apple.com
gsp12-st14-dlb-2.ls.apple.com
discussions-uat.apple.com
dc-portal.apple.com
supplier.apple.com
gsp48-kittyhawk-qs55-ssl.ls.apple.com
gsp81-ssl-e1502.ls.apple.com
gsp48-ssl-e691.ls.apple.com
mapsconnectapi.ls.apple.com
wdg01-uat.apple.com
wellnessclassic.apple.com
api-partner-connect-uat1.apple.com
people.apple.com
supplier-registration.apple.com
gsp60-ssl-e997.ls.apple.com
ssuat.apple.com
locate.apple.com
itunes.apple.com
suppliernet.apple.com
gsp79-am31-dlb.ls.apple.com
smp-device-qa3.apple.com
eurored3.apple.com
devcon-oomnshuttleist-test.apple.com
coreservices-e1506-ms11-bistunium-k8straefik.ls.apple.com
dmo-vip01-storeinfo.retailtech.apple.com
gsp70-ssl-e706.ls.apple.com
dinah05.corp.apple.com
gsp1-ssl.apple.com
gspe85-cn-ssl.ls.apple.com
vorpal-relay.apple.com
bswe.apple.com
cma.itunes.apple.com
gsp-ssl-apne1-ash.ls.apple.com
theloop-stage.apple.com
tokenvalidation.apple.com
linkmaker.itunes.apple.com
gsp70-ssl-e1633.ls.apple.com
gsp63-ms12-kittyhawk-ssl.ls.apple.com
gsp-ssl-sl61-ipv6.ls.apple.com
aws-onepulse.apple.com
nightcap-events.apple.com
argo-api.apple.com
gsp12-kh-st14-1.ls.apple.com
gsp59-ssl-e506.ls.apple.com
mr-apple-com2.apple.com
ocservice.apple.com
marketing.apple.com
ioss-callbackservices-qa3.apple.com
gsp19-kh-ms12.ls.apple.com
madeforipodandiphone.apple.com
gspe19-ssl.ls.apple.com
gsp19-1-kittyhawk-ci77-ssl.ls.apple.com
cs-integrations-stage.apple.com
gsp35-ty21-ssl.ls.apple.com
gbiportal-apps-external.apple.com
plmtest2.apple.com
gsp3-sy02-ssl.ls.apple.com
gspe35-ssl.ls.apple.com
gsp76-ty21-01.ls.apple.com
ne-access.apple.com
profilebroker.apple.com
axm-scim-qa12.apple.com
gsp95-hk02-stage-ssl.ls.apple.com
contactretail.apple.com
caffemacs-aa-prz.apple.com
bam.corp.apple.com
gsp45-ssl-e709.ls.apple.com
Certificate
The complete raw certificate details for cma.itunes.apple.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFHjCCBAagAwIBAgIQaFSyHoW/J9pjwpvVZomBKzANBgkqhkiG9w0BAQsFADBk MSswKQYDVQQDEyJBcHBsZSBQdWJsaWMgU2VydmVyIFJTQSBDQSAxMiAtIEcxMRMw EQYDVQQKEwpBcHBsZSBJbmMuMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQswCQYDVQQG EwJVUzAeFw0yMzExMjAxOTMwMTlaFw0yNDA1MTgxOTQwMTlaMFYxCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQKDApBcHBsZSBJbmMuMR0w GwYDVQQDDBRjbWEuaXR1bmVzLmFwcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAMPYvBGDbbGh9Va6HK9EVXBbuqNmxmTlnXfr6GCTQ1S81HNq B/Klx5TOl+gOg6LSVUsSXJHgorKjtBC7WlCPwdfVXdJ07xC+qFQLo4/kvvTt+CVG z65PvKRZHbniRFBn+E8S2Lu7+cBZE9q4bjBovZ+qd0rA8eHvk4zHqUZvl350eElz bilFeHgxahT6cQG/hBnSfi1BEgRA6qzkOeqXeEMttz/E+T+fe0DpZy8C2PJu5aAn UGdNmb1x+XOVNenMa2Q50cCmoGH21jH4zivjF2nI+I9/C5br+eH0XT/Baj/IH6JE xKhjS9YTvfcj2Z+Wl0DFk8z6kyFlWcEfQ1y3CRsCAwEAAaOCAdgwggHUMAwGA1Ud EwEB/wQCMAAwHwYDVR0jBBgwFoAUHlwXkQVXAvx3XONwQ+xr/d3S2GkweAYIKwYB BQUHAQEEbDBqMDEGCCsGAQUFBzAChiVodHRwOi8vY2VydHMuYXBwbGUuY29tL2Fw c3JzYTEyZzEuZGVyMDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5hcHBsZS5jb20v b2NzcDAzLWFwc3JzYTEyZzEwMTA2BgNVHREELzAtghRjbWEuaXR1bmVzLmFwcGxl LmNvbYIVY21hMi5pdHVuZXMuYXBwbGUuY29tMGIGA1UdIARbMFkwSQYGZ4EMAQIC MD8wPQYIKwYBBQUHAgEWMWh0dHBzOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0 ZWF1dGhvcml0eS9wdWJsaWMwDAYKKoZIhvdjZAULBDATBgNVHSUEDDAKBggrBgEF BQcDATA0BgNVHR8ELTArMCmgJ6AlhiNodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHNy c2ExMmcxLmNybDAdBgNVHQ4EFgQU+o+RJpEdvYyJw0sbNziONTGIs3IwDgYDVR0P AQH/BAQDAgWgMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IB AQAzveEyQgJDNZAAMnlfo16CtA0SUEjbg6Rz31lSwFmCpHudt955XfyR/Ztj7Qga +GzGts0lkPgxhCdpCDx27lPaB35MugFhNNnelA5POZX3XI/Bx8txMHn7bckLv36k flrf6LYyj4243C535iykft/EjePJ32MEbAwujq9N0heRuzyojtIafgjUdItwNYbF tTDmyA6BbvW07Ym7NPq4RgVVzqc2aQ9BobIz7yZXhpx6uyt0iktmGkI7Ze0u8CjK izjY8hrIPuFOC9izIIX5cq/KaFtOr89+wOl0pCLDgkeaAfcya/4IWLJ2fjc5G11H yrktLzO2R4+VKg6RXg4dD3FM -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9i8EYNtsaH1Vrocr0RV cFu6o2bGZOWdd+voYJNDVLzUc2oH8qXHlM6X6A6DotJVSxJckeCisqO0ELtaUI/B 19Vd0nTvEL6oVAujj+S+9O34JUbPrk+8pFkdueJEUGf4TxLYu7v5wFkT2rhuMGi9 n6p3SsDx4e+TjMepRm+XfnR4SXNuKUV4eDFqFPpxAb+EGdJ+LUESBEDqrOQ56pd4 Qy23P8T5P597QOlnLwLY8m7loCdQZ02ZvXH5c5U16cxrZDnRwKagYfbWMfjOK+MX acj4j38Lluv54fRdP8FqP8gfokTEqGNL1hO99yPZn5aXQMWTzPqTIWVZwR9DXLcJ GwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 138679477184895101066714893971555451179 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Apple Public Server RSA CA 12 - G1' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Apple Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-20 19:30:19 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-18 19:40:19 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'California' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Apple Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'cma.itunes.apple.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24723345303783539124010668784457794948448022742629990259596346966592249616868094978381341466050721317472282853366292695631948751010938989188279345075936070704030358478624467308972613294096376456658024210190249746956740266438524750332287761338380408950407556198497151157989364553853538281877406448125564634257984825479443068339844767181654455696398047643793441360096582244166793032650683281388162721795536714172898969816224691810241092667206066900402731968046525132735475644043703901927685718182783101477149737185473665236232244335339909840491327181956431106730101723369571438498519947221432989831580746228065134643483 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1e5c1791055702fc775ce37043ec6bfdddd2d869 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (108 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://certs.apple.com/apsrsa12g1.der' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.apple.com/ocsp03-apsrsa12g101' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (47 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cma.itunes.apple.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cma2.itunes.apple.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (91 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.apple.com/certificateauthority/public' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113635.100.5.11.4 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (45 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.apple.com/apsrsa12g1.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) fa8f9126911dbd8c89c34b1b37388e353188b372 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0033bde13242024335900032795fa35e82b40d125048db83a473df5952c05982a47b9db7de795dfc91fd9b63ed081af86cc6b6cd2590f831842769083c76ee53da077e4cba016134d9de940e4f3995f75c8fc1c7cb713079fb6dc90bbf7ea47e5adfe8b6328f8db8dc2e77e62ca47edfc48de3c9df63046c0c2e8eaf4dd21791bb3ca88ed21a7e08d4748b703586c5b530e6c80e816ef5b4ed89bb34fab8460555cea736690f41a1b233ef2657869c7abb2b748a4b661a423b65ed2ef028ca8b38d8f21ac83ee14e0bd8b32085f972afca685b4eafcf7ec0e974a422c382479a01f7326bfe0858b2767e37391b5d47cab92d2f33b6478f952a0e915e0e1d0f714c