www.usa.gov

- General Services Administration -

Issued by GeoTrust SSL CA - G3

About this certificate

This digital certificate with serial number 2d:06:62:0a:8e:0c:b2:4e:61:65:91:f2:62:e7:0d:7e was issued on by GeoTrust Inc..

With 23 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

General Services Administration

Organization: General Services Administration
State / Province: District Of Columbia
Locality: Washington
Country: US

GeoTrust Inc.

Organization: GeoTrust Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 2d:06:62:0a:8e:0c:b2:4e:61:65:91:f2:62:e7:0d:7e
Serial Number (int): 59848402103857426784351963376419016062
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: d2:6f:f7:96:f4:85:3f:72:3c:30:7d:23:da:85:78:9b:a3:7c:5a:7c

Fingerprint (sha1): db:0c:6a:54:8d:7d:9e:1a:8e:37:a4:43:dd:29:1a:61:b7:b8:bf:8b
Fingerprint (sha256): 00:84:2c:4e:49:8e:7f:88:cc:74:6e:16:99:b2:77:a7:5b:96:5e:9c:b3:53:60:3b:9b:c6:ba:cc:a6:fb:f1:93

Issuing Certificate URL: http://gn.symcb.com/gn.crt

Revocation information

OCSP Server: http://gn.symcd.com
CRL Distribution Point: http://gn.symcb.com/gn.crl

Check the revocation status for certificate www.usa.gov

23

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.usa.gov

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.citizenscience.gov
www.manufacturing.gov
www.christophercolumbusfoundation.gov
www.performance.gov
www.advisethepresident.archives.gov
advisethepresident.archives.gov
www.ussm.gov
federation-staging.data.gov
vocab.data.gov
federation.data.gov
labs-staging.data.gov
staging.vocab.data.gov
uat-www.gsa.gov
dec.dodea.edu
toy.dodea.edu
rtv.usa.gov
www.feedback.usa.gov
api.usa.gov
presidentialtransition.usa.gov
feedback.usa.gov
usa.gov
blog.usa.gov
www.usa.gov

Other certificates including the domain name usa.gov

(limited to 100 certificates)
answers.usa.gov
1.usa.gov
kids.usa.gov
www.gobierno.usa.gov
analytics.usa.gov
cms.usa.gov
www.usa.gov
demo2.search.usa.gov
guineapig.staging.search.usa.gov
www.usa.gov
1.usa.gov
i14y.seagull.staging.search.usa.gov
answers.usa.gov
sa66gl.wpc.edgecastcdn.net
answers.usa.gov
kibana.search.usa.gov
i14y.bird.staging.search.usa.gov
answers.usa.gov
search.usa.gov
go.usa.gov
api.usa.gov
i14y.seagull.staging.search.usa.gov
seagull.staging.search.usa.gov
sandpiper.staging.search.usa.gov
promotions.usa.gov
answers.usa.gov
1.usa.gov
1.usa.gov
hogfish.staging.search.usa.gov
usa.gov
vote.usa.gov
labs.usa.gov
answers.usa.gov
www.usa.gov
www.usa.gov
i14y.vanilla.staging.search.usa.gov
i14y.ox.staging.search.usa.gov
dachshund.staging.search.usa.gov
components.standards.usa.gov
bear.staging.search.usa.gov
redir.gsa.ctacdev.com
answers.usa.gov
i14y.bear.staging.search.usa.gov
1.usa.gov
secure0051.hubspot.com
www.usa.gov
*.sites.usa.gov
answers.usa.gov
beta.usa.gov
pusheen.staging.search.usa.gov
warthog.staging.search.usa.gov
components.standards.usa.gov
*.usa.gov
answers.usa.gov
answers.usa.gov
epa-notice.usa.gov
open.usa.gov
answers.usa.gov
sa66gl.wpc.edgecastcdn.net
i14y.usa.gov
open.usa.gov
i14y.dachshund.staging.search.usa.gov
sa10gl.wpc.edgecastcdn.net
lemonade.staging.search.usa.gov
labs.usa.gov
answers.usa.gov
i14y.luke.staging.search.usa.gov
www.my.usa.gov
panda.staging.search.usa.gov
answers.usa.gov
business.usa.gov
cms.usa.gov
goldfinch.staging.search.usa.gov
answers.usa.gov
gobierno.usa.gov
www.usa.gov
open.usa.gov
i14y.chinchilla.staging.search.usa.gov
answers.usa.gov
search.usa.gov
toothpick.staging.search.usa.gov
answers.usa.gov
sa55gl.wpc.edgecastcdn.net
lemonade.staging.search.usa.gov
i14y.hogfish.staging.search.usa.gov
open-staging.usa.gov
redir.gsa.ctacdev.com
i14y.auk.staging.search.usa.gov
i14y.hedgehog.staging.search.usa.gov
vote.usa.gov
www.usa.gov
search.usa.gov
porcupine.staging.search.usa.gov
answers.usa.gov
epa-notice.usa.gov
lets-encrypt.infr.search.usa.gov
toothpick.staging.search.usa.gov
snowflake.staging.search.usa.gov
i14y.dachshund.staging.search.usa.gov
sa159gl.wpc.edgecastcdn.net

Certificate

The complete raw certificate details for www.usa.gov in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIH1jCCBr6gAwIBAgIQLQZiCo4Msk5hZZHyYucNfjANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTYwNjA3MDAwMDAwWhcNMTcwNjA3MjM1
OTU5WjCBgTELMAkGA1UEBhMCVVMxHTAbBgNVBAgMFERpc3RyaWN0IE9mIENvbHVt
YmlhMRMwEQYDVQQHDApXYXNoaW5ndG9uMSgwJgYDVQQKDB9HZW5lcmFsIFNlcnZp
Y2VzIEFkbWluaXN0cmF0aW9uMRQwEgYDVQQDDAt3d3cudXNhLmdvdjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALDFkcjyIAOjLC0gCi6pbPVEvjvcASn3
GZx1D1OTs3EDiZiZrNHQ2mI9PPD+dgUVSkrAZ9NXlSJaEymLl5pCmvT2HIfUWDHn
fcbdh82AH4weBTHv2CdCctMS5eEZjSpqMr6MOteu3R2UbXAGwd+nRSbTbueVT9TB
+NYZWkwpf2RWb7FMHa71lLmUAAcm2rgZHv29IK/Sm7JfRNjD7Y7i+6GocB16UpD6
KCRRFfIc9tneEcx9bUbqsAwg+KpGkI2IvJv5ZqY5tZTTm0nMh9WzgmlU6Q6bQllv
FbP5P4XjfEQXVU2FuBqPQYGMWdoeAv7LPVqtwRlMwXpFKo7osaqpKCMCAwEAAaOC
BIQwggSAMIIB8gYDVR0RBIIB6TCCAeWCFnd3dy5jaXRpemVuc2NpZW5jZS5nb3aC
FXd3dy5tYW51ZmFjdHVyaW5nLmdvdoIld3d3LmNocmlzdG9waGVyY29sdW1idXNm
b3VuZGF0aW9uLmdvdoITd3d3LnBlcmZvcm1hbmNlLmdvdoIjd3d3LmFkdmlzZXRo
ZXByZXNpZGVudC5hcmNoaXZlcy5nb3aCH2FkdmlzZXRoZXByZXNpZGVudC5hcmNo
aXZlcy5nb3aCDHd3dy51c3NtLmdvdoIbZmVkZXJhdGlvbi1zdGFnaW5nLmRhdGEu
Z292gg52b2NhYi5kYXRhLmdvdoITZmVkZXJhdGlvbi5kYXRhLmdvdoIVbGFicy1z
dGFnaW5nLmRhdGEuZ292ghZzdGFnaW5nLnZvY2FiLmRhdGEuZ292gg91YXQtd3d3
LmdzYS5nb3aCDWRlYy5kb2RlYS5lZHWCDXRveS5kb2RlYS5lZHWCC3J0di51c2Eu
Z292ghR3d3cuZmVlZGJhY2sudXNhLmdvdoILYXBpLnVzYS5nb3aCHnByZXNpZGVu
dGlhbHRyYW5zaXRpb24udXNhLmdvdoIQZmVlZGJhY2sudXNhLmdvdoIHdXNhLmdv
doIMYmxvZy51c2EuZ292ggt3d3cudXNhLmdvdjAJBgNVHRMEAjAAMA4GA1UdDwEB
/wQEAwIFoDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vZ24uc3ltY2IuY29tL2du
LmNybDCBnQYDVR0gBIGVMIGSMIGPBgZngQwBAgIwgYQwPwYIKwYBBQUHAgEWM2h0
dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdh
bDBBBggrBgEFBQcCAjA1DDNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3Vy
Y2VzL3JlcG9zaXRvcnkvbGVnYWwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMB8GA1UdIwQYMBaAFNJv95b0hT9yPDB9I9qFeJujfFp8MFcGCCsGAQUFBwEB
BEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2duLnN5bWNkLmNvbTAmBggrBgEFBQcw
AoYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcnQwggEFBgorBgEEAdZ5AgQCBIH2
BIHzAPEAdgDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVUsANu9
AAAEAwBHMEUCIG+ZL7nzP+AqSfpnKgYofZLQz3KVlkY6FFa6ZASZM7V4AiEA8ZAL
vh50RUQ5HXqSMfwUGA++EB4ZCOIDJRv72PTx/HoAdwCkuQmQtBhYFIe7E6LMZ3AK
PDWYBPkb37jjd80OyA3cEAAAAVUsANv+AAAEAwBIMEYCIQCyV8rC04iKPArQILLa
aYUv01JHQprd18gfYvzjbie4VgIhAKvpacyNrLEfFEoa486ty9fW2JxxY8CMqAoW
aThlP2TBMA0GCSqGSIb3DQEBCwUAA4IBAQBQm9a8HWIWWFrjHqUQEt7fQHbkWhHZ
NYYFs38XrSEnVjprJlRJY8sGYOHepRO8XqleRAKXgH7VAT+x4TVQFPCp63YcGene
iAqxhywQefJDN4cxoodtoVjLRCgO6AJWGVpq2tBluAtP39dzwCor8FAyY8l+R18H
H1um/NVE1hQzuP0dltdpt2LPip3qJkKe7RpR0l0Rk6dT0Z/2Hxbo8PRqhj2Y9tRu
6uTCwPE7VKEQ05lWG6efAaNEqLiE1oSVSjck+Fk96MzWpzt6d6nL1K94vIlSUbfD
4suQVDLIWrOXXbxOPvKo1Ur2FRIwhvBDbU5d4rFy6e9tii/s9WsxuwHx
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMWRyPIgA6MsLSAKLqls
9US+O9wBKfcZnHUPU5OzcQOJmJms0dDaYj088P52BRVKSsBn01eVIloTKYuXmkKa
9PYch9RYMed9xt2HzYAfjB4FMe/YJ0Jy0xLl4RmNKmoyvow6167dHZRtcAbB36dF
JtNu55VP1MH41hlaTCl/ZFZvsUwdrvWUuZQABybauBke/b0gr9Kbsl9E2MPtjuL7
oahwHXpSkPooJFEV8hz22d4RzH1tRuqwDCD4qkaQjYi8m/lmpjm1lNObScyH1bOC
aVTpDptCWW8Vs/k/heN8RBdVTYW4Go9BgYxZ2h4C/ss9Wq3BGUzBekUqjuixqqko
IwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 59848402103857426784351963376419016062
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust SSL CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-06-07 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-06-07 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'District Of Columbia'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Washington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'General Services Administration'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'www.usa.gov'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22315366811970896933234029392334366220333150040245531338514457359937484149566700503129116785051355143604702681722423778759549120486164783490748926321866075080237087125157139627425694265427994068108845687879078912985843740123841567738501473099862277804103769709747378801094316174085956642943585425609417738954140148513908747248509448065854818631034487733373861978049009362817950258844662286727012302071394415174164562380361727266877132954153214428181772289805006235483418017793010394658588812795416985021411361356200574946928844668999727990222521994258960130588025786924892881675190230720866052557507130421742513236003
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (489 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citizenscience.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manufacturing.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.christophercolumbusfoundation.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.performance.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.advisethepresident.archives.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisethepresident.archives.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ussm.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'federation-staging.data.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vocab.data.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'federation.data.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'labs-staging.data.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.vocab.data.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat-www.gsa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dec.dodea.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'toy.dodea.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rtv.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.feedback.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'presidentialtransition.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'feedback.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blog.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.usa.gov'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (149 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d26ff796f4853f723c307d23da85789ba37c5a7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f1007600ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc000001552c00dbbd000004030047304502206f992fb9f33fe02a49fa672a06287d92d0cf729596463a1456ba64049933b578022100f1900bbe1e744544391d7a9231fc14180fbe101e1908e203251bfbd8f4f1fc7a007700a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10000001552c00dbfe0000040300483046022100b257cac2d3888a3c0ad020b2da69852fd35247429addd7c81f62fce36e27b856022100abe969cc8dacb11f144a1ae3ceadcbd7d6d89c7163c08ca80a166938653f64c1
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00509bd6bc1d6216585ae31ea51012dedf4076e45a11d9358605b37f17ad2127563a6b26544963cb0660e1dea513bc5ea95e440297807ed5013fb1e1355014f0a9eb761c19e9de880ab1872c1079f243378731a2876da158cb44280ee80256195a6adad065b80b4fdfd773c02a2bf0503263c97e475f071f5ba6fcd544d61433b8fd1d96d769b762cf8a9dea26429eed1a51d25d1193a753d19ff61f16e8f0f46a863d98f6d46eeae4c2c0f13b54a110d399561ba79f01a344a8b884d684954a3724f8593de8ccd6a73b7a77a9cbd4af78bc895251b7c3e2cb905432c85ab3975dbc4e3ef2a8d54af615123086f0436d4e5de2b172e9ef6d8a2fecf56b31bb01f1