adp-ess.lilly.com

- Eli Lilly and Company -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 5a:c9:96:b1:2f:be:ea:03:23:66:4d:cd:18:9e:5c:f4 was issued on by Entrust, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Eli Lilly and Company

Organization: Eli Lilly and Company
State / Province: Indiana
Locality: Indianapolis
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 5a:c9:96:b1:2f:be:ea:03:23:66:4d:cd:18:9e:5c:f4
Serial Number (int): 120677227688809838149006644605972536564
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 05:21:ac:cf:7b:1b:d7:36:8f:67:f9:6b:3c:bf:ed:e2:56:71:39:ad
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): ba:e5:d4:ea:a1:2a:6b:f4:a5:29:8d:c7:48:01:b5:84:73:77:78:6a
Fingerprint (sha256): 00:92:a9:e5:44:55:e7:f6:aa:1f:d4:af:a8:6f:ab:2a:de:a8:bd:3d:da:01:57:27:f7:c3:d2:e7:ae:7a:6d:0d

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate adp-ess.lilly.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for adp-ess.lilly.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

adp-ess.lilly.com

Other certificates including the domain name lilly.com

(limited to 100 certificates)
asp-t.lilly.com
mi-lb-z1-v1.xh1.lilly.com
dev-element.lilly.com
connect.lilly.com
impact-qa.am.lilly.com
enginframe-t.am.lilly.com
Lyncpoolz1fe.rf.lilly.com
www.cialis.co.nz
www.lilly.net.br
adp-ess.lilly.com
chinalccp-q.lillyadmin.cn
SB-JPN-KOBE-02.rf.lilly.com
sappipci.d52.lilly.com
www.lilly.co.za
alscsoa-dr.am.lilly.com
credit360.xh1.lilly.com
artritrereumatoide.xh2.lilly.com
olumiantreview.lilly.com
ects-qatss.am.lilly.com
iwrstrans-qa.xh1.lilly.com
lillypad.lilly.com
MQZl4igel.am.lilly.com
heroku-to-aws-video.heroku-apps.lilly.com
mdutranslate.lilly.com
ct2-dev.lilly.com
sapepqci.d52.lilly.com
SBC-O365-USA-INDY-TEST-01.lilly.com
lillyscience.lilly.com
webtop.ema.lilly.com
SBCTEAMS-USA-INDY-01.XH1.lilly.com
image.partnerapp1.myworld.com
dctmlrlextadmin.am.lilly.com
chinagamification.xh3.lilly.com
leo-app-d.am.lilly.com
plmssd.am.lilly.com
elementadmin-qa.lilly.com
connect.lilly.com
*.paas.xh1.lilly.com
lilly.connect.lilly.com
bpmpc-z1-86.am.lilly.com
api.data-q.rids.lilly.com
srvstgweb.d52.lilly.com
odmdc-z1.am.lilly.com
review-2.data.lilly.com
chinami-d.xh3.lilly.com
srvbes.am.lilly.com
dmw.am.lilly.com
elancophotocontestportugal.xh2.lilly.com
SB-SLO-BRAT-01.rf.lilly.com
myequity.xh1.lilly.com
je3svr272.ap.lilly.com
SB-USA-WASH-01.RF.lilly.com
sbt-chi-suzh-01.ap.lilly.com
mail141qas1.am.lilly.com
lillyru-d.xh1.lilly.com
dmw-dev.am.lilly.com
lillyapp105-qa.am.lilly.com
reset-dc.xh1.lilly.com
lillyakademi.com
www.d-diabetes.com
www.supportservices.lilly.com
chinacmp.xh3.lilly.com
cst.lilly.com
www.36saat.com
ifolio.lilly.com
RWE.lilly.com
mydesktop.ap.lilly.com
www.lillyhcp.com
mail141qae2.xh1.lilly.com
lillyconnect-sa.com
rwe.lilly.com
lilly.com
osf.lilly.com
statsclstr4-2node.am.lilly.com
soag-z1-d.am.lilly.com
www.d-diabetes.com
EIPCC.am.lilly.com
iwrs.lilly.com
sac-test.lilly.com
pages.mc.lilly.com
www.lillypod.com.au
akamai-san35.exacttarget.com
image.partnerapp1.myworld.com
sail.am.lilly.com
try.connect.lilly.com
ics-mdit-ctsup-d.lilly.com
lillyakademi.com
insulinsimulator.lilly.com
sapsmqci.aws.lilly.com
workday.lilly.com
global-boilerplate-nuxt.heroku-apps.lilly.com
*.domino.aws.lilly.com
jarvispro.lilly.com
SB-PHI-MANI-01.rf.lilly.com
chinalccp-q-new.xh3.lilly.com
copay.lilly.com
leo-app-q.am.lilly.com
federate-qa.xh1.lilly.com
MQZWORKSPACE.am.lilly.com
ie2b2mestest-mfg.ema.lilly.com

Certificate

The complete raw certificate details for adp-ess.lilly.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIQWsmWsS++6gMjZk3NGJ5c9DANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDA1MTUwNDAwMjFaFw0yNTA2MTQwNDAwMjBaMHIxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIEwdJbmRpYW5hMRUwEwYDVQQHEwxJbmRpYW5hcG9saXMxHjAcBgNVBAoTFUVs
aSBMaWxseSBhbmQgQ29tcGFueTEaMBgGA1UEAxMRYWRwLWVzcy5saWxseS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2g42YLuwjyieuPAQZ7/m9
RgOc78PRptGLiB/7gPHZJdYfEPOSkrJc+lsNkWAe3kQLCi5JRW/XueMsStdSp6IO
dn9A0HzXafNSlEpfq7UizyBjylXPWwovfvqR2rdPP5sSw5oT4CE3ME7FJ5y0k2JW
DY62WpOW0sg+zDM5siBiS13vfO/s4Y1gH7f5whIyOvZPl4M5WRE4/60t4wNo3Vve
CGSukOk+iZRzX7L902waRWA2BxiTiPLoC2BATRi50byP8Nx/wm6C8yQ2uQzgL0dz
T9tMyeMQqvTOaCob5EH4iyTSygIykR85ZUbKWNOcfcKMjpQOPQVkQyZdgoh32vQr
AgMBAAGjggFoMIIBZDAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQFIazPexvXNo9n
+Ws8v+3iVnE5rTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzBoBggr
BgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0
MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1jaGFpbjI1
Ni5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9s
ZXZlbDFrLmNybDAcBgNVHREEFTATghFhZHAtZXNzLmxpbGx5LmNvbTAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBMGA1UdIAQM
MAowCAYGZ4EMAQICMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUA
A4IBAQDQJD8AWmozDpyI/s1i/iqrz9iUSV4p0Ci0KZOKi+MDplNffxjNgSo9ulWY
Isqdz4nshu8Qu3vCAqkb8WCJf4eRy+1vo/Viov8a9M/mSW7ta2kAqOO8NrmyiBAj
PFXG0NKuz7o1j9e0IOa4wUVhJUJ5BafAdfahqw5jJqGKNCqKlUxiWJK6EvvW7qpl
NCExc4CcMeOjClngGaAM7aCWbgFhZeI8J3IOmBMC1Dqb3BehzgGiR2bYYSi+YCNf
8woTKRMNPYv8lfsQ1s63FksZSNAYgHzm4/5oKhYq2LzoyaaOFv9dYzjGML6r/SOK
fQ5gWNn8BITtYFzTR8PfomnSPXZE
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoONmC7sI8onrjwEGe/5
vUYDnO/D0abRi4gf+4Dx2SXWHxDzkpKyXPpbDZFgHt5ECwouSUVv17njLErXUqei
DnZ/QNB812nzUpRKX6u1Is8gY8pVz1sKL376kdq3Tz+bEsOaE+AhNzBOxSectJNi
Vg2OtlqTltLIPswzObIgYktd73zv7OGNYB+3+cISMjr2T5eDOVkROP+tLeMDaN1b
3ghkrpDpPomUc1+y/dNsGkVgNgcYk4jy6AtgQE0YudG8j/Dcf8JugvMkNrkM4C9H
c0/bTMnjEKr0zmgqG+RB+Isk0soCMpEfOWVGyljTnH3CjI6UDj0FZEMmXYKId9r0
KwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 120677227688809838149006644605972536564
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-15 04:00:21 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-06-14 04:00:20 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Indiana'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Indianapolis'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Eli Lilly and Company'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'adp-ess.lilly.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23040242756885406470885836098115176284226918851940845507953075391959471870427761121822114520954608101782159743165890588303238057621690237997709187358298819127198518404074736141494099317391084638191024032744678127489334657916921728560347595430880464915085910854255669835467065815456006960214419398970086516636256200977193921926931670015998317983903901925770245465375402957323293986028923626387290458505413106690713736956414054723081218891876581417326716737536242782177318425726827223042909618005072688803695894716990029844122822292460129519427497243557767053681580680776726993975843158158566014751722470998668044071979
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							0521accf7b1bd7368f67f96b3cbfede2567139ad
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (21 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'adp-ess.lilly.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00d0243f005a6a330e9c88fecd62fe2aabcfd894495e29d028b429938a8be303a6535f7f18cd812a3dba559822ca9dcf89ec86ef10bb7bc202a91bf160897f8791cbed6fa3f562a2ff1af4cfe6496eed6b6900a8e3bc36b9b28810233c55c6d0d2aecfba358fd7b420e6b8c1456125427905a7c075f6a1ab0e6326a18a342a8a954c625892ba12fbd6eeaa6534213173809c31e3a30a59e019a00ceda0966e016165e23c27720e981302d43a9bdc17a1ce01a24766d86128be60235ff30a1329130d3d8bfc95fb10d6ceb7164b1948d018807ce6e3fe682a162ad8bce8c9a68e16ff5d6338c630beabfd238a7d0e6058d9fc0484ed605cd347c3dfa269d23d7644