www.cms.gov

- Centers for Medicare & Medicaid Services -

Issued by GeoTrust SSL CA - G3

About this certificate

This digital certificate with serial number 62:33:4f:66:70:1b:12:51:4e:b8:9b:27:e9:9f:a2:1c was issued on Wednesday Jun 14, 2017 at 12:00AM by GeoTrust Inc..

With 35 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.

We have idenified some issues with this certificate:

Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

Centers for Medicare & Medicaid Services

Organization: Centers for Medicare & Medicaid Services
Organization unit: OIS

State / Province: Maryland
Locality: Baltimore
Country: US

GeoTrust Inc.

Organization: GeoTrust Inc.

Country: US

This certificate has expire since Saturday Nov 18, 2017 at 11:59PM UTC

Certificate Details

Serial Number (hex): 62:33:4f:66:70:1b:12:51:4e:b8:9b:27:e9:9f:a2:1c
Serial Number (int): 130530761153033345290129732229977317916
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: d2:6f:f7:96:f4:85:3f:72:3c:30:7d:23:da:85:78:9b:a3:7c:5a:7c

Fingerprint (sha1): da:b5:4b:bb:ac:ad:00:a8:ea:5b:3a:37:c1:de:7c:79:f8:86:90:e1
Fingerprint (sha256): 00:8c:93:3d:08:e2:d5:39:6d:e9:3c:f9:5b:0c:50:29:11:99:11:56:da:c4:5f:3d:5c:79:1d:22:b7:9a:e4:d0

Issuing Certificate URL: http://gn.symcb.com/gn.crt

Revocation information

OCSP Server: http://gn.symcd.com
CRL Distribution Point: http://gn.symcb.com/gn.crl

Check the revocation status for certificate www.cms.gov

35

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.cms.gov

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

Fully Qualified Domain Names

dnav.cms.gov

forms.cms.gov

cerrs.cms.gov

www.innovations.cms.gov

cms.hhs.gov

stream.launchdarkly.cms.gov

hios.cms.gov

questions.cms.gov

www.qualitypaymentprogram.cms.gov

forms-admin.cms.gov

cerrs-sts.cms.gov

hiosgateway.cms.gov

cerrsdws.cerrs.cms.gov

cerrs-cc.cms.gov

qualitypaymentprogram.cms.gov

cms.gov

cerrs-edt.cms.gov

qpp.cms.gov

cerrs-sp.cms.gov

events.launchdarkly.cms.gov

app.launchdarkly.cms.gov

innovation.cms.gov

cerrsngprod.cerrs.cms.gov

cerrs-ee.cms.gov

www.cms.hhs.gov

innovations.cms.gov

rbis.cms.gov

auth.cerrs.cms.gov

cerrs-tb.cms.gov

partnershipforpatients.cms.gov

www.qpp.cms.gov

www.innovation.cms.gov

cerrsngtraining.cerrs.cms.gov

maps.cms.gov

www.cms.gov

dnav.cms.gov
forms.cms.gov
cerrs.cms.gov
www.innovations.cms.gov
cms.hhs.gov
stream.launchdarkly.cms.gov
hios.cms.gov
questions.cms.gov
www.qualitypaymentprogram.cms.gov
forms-admin.cms.gov
cerrs-sts.cms.gov
hiosgateway.cms.gov
cerrsdws.cerrs.cms.gov
cerrs-cc.cms.gov
qualitypaymentprogram.cms.gov
cms.gov
cerrs-edt.cms.gov
qpp.cms.gov
cerrs-sp.cms.gov
events.launchdarkly.cms.gov
app.launchdarkly.cms.gov
innovation.cms.gov
cerrsngprod.cerrs.cms.gov
cerrs-ee.cms.gov
www.cms.hhs.gov
innovations.cms.gov
rbis.cms.gov
auth.cerrs.cms.gov
cerrs-tb.cms.gov
partnershipforpatients.cms.gov
www.qpp.cms.gov
www.innovation.cms.gov
cerrsngtraining.cerrs.cms.gov
maps.cms.gov
www.cms.gov

Other certificates including the domain name cms.gov

(limited to 100 certificates)

qpparimpl.cms.gov
meetings.cms.gov
qppcm-imp.cms.gov
eft1.feps.cms.gov
impl.qnetdashboard.cms.gov
sandbox.idp.idm.cms.gov
*.portalval.cms.gov
uat.cpms.cms.gov
clair-dev.west.cms.gov
mearis-impl.cms.gov
www.cms.gov
go.cms.gov
dev.pds.mps.cms.gov
cmsintranet.share-test.cms.gov
hpportal.cms.gov
impl.eft.feps.cms.gov
vpnextp1.cms.gov
owa.hhs.gov
soap.hets-270-271.cms.gov
cbt-imp.cms.gov
impl.eft.cloud.cms.gov
hiosvalgateway.cms.gov
its-status.colby.edu
www.cms.gov
www.qhpcertification.cms.gov
pm-prodp.insuranceoversight.cms.gov
eua.cms.gov
imp1bi.mlms.cms.gov
www.eacms.cms.gov
www.healthcare.gov
na21-1.cdn.salesforce-communities.com
testrailentdev.cms.gov
med.cms.hhs.gov
test2.cms.gov
sso.cms.gov
iqies.cms.gov
sg.test.vdc.midas.cms.gov
eidmi.cms.gov
imp.qlik.midas.cms.gov
imp.wcmsmedicaid.cms.gov
test.filecloud.cms.gov
HPMSDASHBOARD.CMS.GOV
search.usa.gov
masaws-l3-ws.cms.gov
hdt.cms.gov
med.cms.gov
maintenance.rapidcourt.com
www.mccm.cms.gov
hapg-dev-api.cms.gov
ns.cms.gov
mf.cms.gov
eidmhpd1.cms.gov
hics.cms.gov
cloud-marketplace.status.broadcom.com
ar.ocean.cms.gov
qppcm-imp.cms.gov
www2.cms.gov
test3-hcms-apigateway.cms.gov
val.cpi-iview.cms.gov
lifeline-auth-val.cms.gov
maistro.cms.gov
www.mccm.cms.gov
acoms-impl.cms.gov
macprodev1.cms.gov
qa.cms.gov
impl3.admin.gagateway.qnetmft.cms.gov
dns.sterda.com
dev.api-gateway.cms.gov
hglvdidr.cms.gov
prod-api.pdc.backends.cms.gov
4innovation-dev.west.cms.gov
akamaisecure7.qualtrics.com
www.healthcare.gov
test.qnetapi.cms.gov
rdradvcdat.cms.gov
meetings.cms.gov
mheiges-argocd.iqies.cms.gov
app-impl.mpsm.cms.gov
confluence.prodnr.cms.gov
reg.hcia.cms.gov
4innovation-impl.west.cms.gov
macprotest0.cms.gov
circle-sbx.west.cms.gov
hats2.cms.gov
www.cert.cms.gov
macprodev1.cms.gov
hiosvalgateway.cms.gov
akamaisecure7.qualtrics.com
beta.pecos.cms.gov
test.cms.gov
dev.vdc.midas.cms.gov
cmit.cms.gov
drfpval.cms.gov
impl.reg.idm.cms.gov
amimpedc3.cms.gov
appcontrol.status.symantec.com
www.bpci.cms.gov
imp.octopus.cms.gov
sandbox.bcda.cms.gov
www.healthcare.gov

Certificate

The complete raw certificate details for www.cms.gov in PEM and ASN.1 format.

Certificate (PEM)

Public Key (PEM)

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 130530761153033345290129732229977317916
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust SSL CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-06-14 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-11-18 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Maryland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Baltimore'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Centers for Medicare & Medicaid Services'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'OIS'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'www.cms.gov'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29430511659858738722709951221156014233434144373422213243783617355692401608667273846659821986102757244371470174677688037673462686019549839674446734388500401592991748016617736595805117439871805448568182790643595104667593677807403962226303075976500053852191797705795380884989856637710202630200920307809717778567378131427157587403753640792786684226292094517810391844394049561618913340705822893572633982527018462401508503432053198083603192099662122725292513719513850883230026761281410230220092042998339803679130572376270241993950215531123407907911102919339298661455202611445165819862161099361330038738865196786987518061183
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (717 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dnav.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'forms.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cerrs.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.innovations.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cms.hhs.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stream.launchdarkly.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hios.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'questions.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.qualitypaymentprogram.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'forms-admin.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cerrs-sts.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hiosgateway.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cerrsdws.cerrs.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cerrs-cc.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qualitypaymentprogram.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cerrs-edt.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qpp.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cerrs-sp.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'events.launchdarkly.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'app.launchdarkly.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'innovation.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cerrsngprod.cerrs.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cerrs-ee.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cms.hhs.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'innovations.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rbis.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'auth.cerrs.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cerrs-tb.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'partnershipforpatients.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.qpp.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.innovation.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cerrsngtraining.cerrs.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'maps.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cms.gov'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (149 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d26ff796f4853f723c307d23da85789ba37c5a7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f1007600ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc0000015ca5d4ca9a0000040300473045022100b36be236a718de38bbb3f49157e0275469e55728fefe709e628ae20a8dde7caf02200cbf1fad4b1d3a7b9e6a53c6e4656f15db30307046326ea6d91aed4cb5b65561007700a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000015ca5d4cacf00000403004830460221008e3e2cd6aec23055a2f2cc6ab3e921bd0f0947337c901a870208748dbf0564300221009994d39d1a390432a2145db729b5e682b0f8fc3143550ed570470fa48040ba4f
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000cbb4cd5b4b8dcaf0622d1eddd9643719d3aa145830bbdb72d351172221df41eb6d0d87d1f8d4d9681a6247ad39a9bb1f0bf39a4e1fcdfe89eee234f14d8446d3607ad1eda6cf84838840e5240e67d50d116af89289a50e18627e17b46e9cc262deb53f7b796100537364e7b6015db4faad201c8d4100eb781ccc5cfb552d67307c8d244a572c4a1ea37bd550d3b98ed8f441a6cfa1f7365bbe782523980d85bebdc86770bac2ce6cf2b172bf0ef1fc6ad5ab5f5d93adc84a748b04bb804867ae3861223aac63786cd61f4b3a02ded47ebf401310fd70fb56a9474dcfc95006be0284900b056e81c0041e5e0637f950c7c7390c29aeba8785f5049b78e7197d3