vpnportal.davita.com

- DaVita Inc. -

Issued by Entrust Certification Authority - L1C

About this certificate

This digital certificate with serial number 4c:1a:dd:eb was issued on by Entrust, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

DaVita Inc.

Organization: DaVita Inc.
Organization unit: IT
State / Province: California
Locality: El Segundo
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: www.entrust.net/rpa is incorporated by reference
Organization unit: (c) 2009 Entrust, Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 4c:1a:dd:eb
Serial Number (int): 1276829163
Serial Number lenght: 31 bits, 4 octets

SubjectKeyId: 2b:ef:de:ca:10:0d:6e:13:86:47:ef:f9:e0:e8:56:c6:24:4c:03:17
AuthorityKeyId: 1e:f1:ab:89:06:f8:49:0f:01:33:77:ee:14:7a:ee:19:7c:93:28:4d

Fingerprint (sha1): a0:cb:09:ed:d0:13:94:73:b2:fe:03:ba:b4:58:24:3a:21:e8:9e:c3
Fingerprint (sha256): 00:97:6d:36:55:c6:e9:bb:fd:bd:68:fc:85:e1:9a:ef:98:ca:cb:e6:48:91:0a:d5:6d:1c:39:8e:e7:4c:88:9b

Issuing Certificate URL: http://aia.entrust.net/l1c-chain.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1c.crl

Check the revocation status for certificate vpnportal.davita.com

0

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for vpnportal.davita.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA1 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

8 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

This certificate doesn't contain any subject alternative names.

Other certificates including the domain name davita.com

(limited to 100 certificates)
vpnportal.davita.com
tacomavpn.davita.com
falcon.davita.com
ourcommunity.davita.com
bcc2.talentera.com
pressreleases.davita.com
bcc2.talentera.com
leapfrog-ssl-22.gcs-web.com
bcc2.talentera.com
isevpn.davita.com
emailmktg.davita.com
falconmobile.davita.com
vpnportal.davita.com
bcc2.talentera.com
davita.com
aslax.davita.com
davita.com
tmcentral.davita.com
*.reportsnp.davita.com
dsp.davita.com
clearpass.davita.com
bcc2.talentera.com
bcc2.talentera.com
falcondialysisqa.davita.com
falconbiebf.davita.com
bcc2.talentera.com
app.clinicalstudybiling.davita.com
bcc2.talentera.com
*.artifactory.davita.com
app.hrm.epe.davita.com
perf.physician-np.davita.com
brand.davita.com
DEN3T1CEXPCA01.davita.com
sso.starpoint.davita.com
support.cdnetworks.net
bcc2.talentera.com
bcc2.talentera.com
dsp.davita.com
app.physportalqa.davita.com
bcc2.talentera.com
tacomavpn.davita.com
bcc2.talentera.com
ola10.davita.com
bcc2.talentera.com
fe.paapp.davita.com
leapfrog-ssl-22.gcs-web.com
bcc2.talentera.com
redwoods.davita.com
ola10.davita.com
*.physiciansolutions.davita.com
bcc2.talentera.com
bcc2.talentera.com
5720147234914304-fe1.pantheonsite.io
5659118702428160-fe2.pantheonsite.io
prod.middleware.davita.com
bcc2.talentera.com
bcc2.talentera.com
denver.davita.com
*.intranet.davita.com
dsp.davita.com
help.oneviewdps.davita.com
bcc2.talentera.com
leapfrog-ssl-22.gcs-web.com
pressreleases.davita.com
www.davita.com
bcc2.talentera.com
api.piet-app.davita.com
bcc2.talentera.com
prod-podservice.rx-np.davita.com
feat-logging-test.ogb-np.davita.com
w3mail.davita.com
drvpn.davita.com
denver.davita.com
falcongithub.davita.com
5720147234914304-fe1.pantheonsite.io
bcc2.talentera.com
licensepartners.davita.com
backend-04c53-ckd.patient-np.davita.com
careers.davita.com
bcc2.talentera.com
seavpn.davita.com
davita.com
vertex-dev3.davita.com
leapfrog-ssl-22.gcs-web.com
apps.stagemcp.davita.com
bcc2.talentera.com
bcc2.talentera.com
backend-e26b1-upp-admin.patient-np.davita.com
bcc2.talentera.com
netmri.davita.com
adfs.davita.com
sharedapp.davita.com
den4-clinic-raduis1.davita.com
xenweb.davita.com
jobs.davita.com
vault-cassandra.davita.com
bcc2.talentera.com
netmri.davita.com
den3-lancopesmc.davita.com
*.davita.com

Certificate

The complete raw certificate details for vpnportal.davita.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIETBrd6zANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMTA4MDEyMzQyNTFaFw0xMzA3MjEw
NDU4NTZaMHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYD
VQQHEwpFbCBTZWd1bmRvMRQwEgYDVQQKEwtEYVZpdGEgSW5jLjELMAkGA1UECxMC
SVQxHTAbBgNVBAMTFHZwbnBvcnRhbC5kYXZpdGEuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEArMD/SnBDoUZA8+8Do05kYCO2q4iGJL1RR/Df3m7W
YoIUk1t+Gg+JsuqqrJ47yK1OPP+JaeDKLNkVs41iuplx7EVyR0uFv91RHBv8bsjn
lNbVxr7+TrGWYF0hQee8gjFClekIToGVSmNNXQvwRkPs0TaSXYitvM+lfiX6PFqc
qBwuiMDizdQxJxLoxVtC97uY2+svw5nNC4AjAln0ixx68hxkjBMB76+vL40DrLuJ
VXjY8pxYqjlHOjLMxmziqh9G5vm5PMyumZb3MRPKSi1hacoW862hmP30QIS4HnD5
ybD0SGU85iPELNnXuP4wrCKPfX0RzhHn/xhUYwsOlWVO0QIDAQABo4IBTzCCAUsw
CwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMDMGA1UdHwQsMCowKKAm
oCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxYy5jcmwwZQYIKwYBBQUH
AQEEWTBXMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAwBggr
BgEFBQcwAoYkaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWMtY2hhaW4uY2VyMEAG
A1UdIAQ5MDcwNQYJKoZIhvZ9B0sCMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cu
ZW50cnVzdC5uZXQvcnBhMB8GA1UdIwQYMBaAFB7xq4kG+EkPATN37hR67hl8kyhN
MB0GA1UdDgQWBBQr797KEA1uE4ZH7/ng6FbGJEwDFzAJBgNVHRMEAjAAMA0GCSqG
SIb3DQEBBQUAA4IBAQA7cv2UGvrEijeKOZDiiJwC9j8b/7S3oORRAMloO0y/zW4X
wB+v8CMFrdzjc1o0c7P9NXFJrdWylv609DVig95qJEUuteJkJcGlCzKjsiAP9yKj
9EXtUSTWlgUhj1SwgzLbNGlQ2KAHZZTXcF6bMG7kcC2pERtIfuO2p2SJ44vBs9qa
WLG+Sjq9NwMQw2uwGnhkD8eSaKXLcIPBNYpgWXrCZWbHPNQC7OZc79XoeA7Yqx1Q
CLNZYnOlpQ/FDAANl/+0dqAEwBCft2gRlYxP8OprtWGtQjtqDhLyPqJisu48YhlJ
I8Ax+sZGuzZDLtPf2yhGO0BFIKgxOfvH9v7Hgnj2
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMD/SnBDoUZA8+8Do05k
YCO2q4iGJL1RR/Df3m7WYoIUk1t+Gg+JsuqqrJ47yK1OPP+JaeDKLNkVs41iuplx
7EVyR0uFv91RHBv8bsjnlNbVxr7+TrGWYF0hQee8gjFClekIToGVSmNNXQvwRkPs
0TaSXYitvM+lfiX6PFqcqBwuiMDizdQxJxLoxVtC97uY2+svw5nNC4AjAln0ixx6
8hxkjBMB76+vL40DrLuJVXjY8pxYqjlHOjLMxmziqh9G5vm5PMyumZb3MRPKSi1h
acoW862hmP30QIS4HnD5ybD0SGU85iPELNnXuP4wrCKPfX0RzhHn/xhUYwsOlWVO
0QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1276829163
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.entrust.net/rpa is incorporated by reference'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2009 Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1C'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2011-08-01 23:42:51 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2013-07-21 04:58:56 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'El Segundo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DaVita Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'vpnportal.davita.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21808158935126228730263621158185850145235299571826884616638398090504724965490949010188837798073470165479273270117299517137966083924397333542220241501889356985606876395647001263389922383267854944415999150294255883200066815517606868114685968491144433691393055173084493489122833877430227975870865565285844523825272431169480939065194869310488609495046280136170952506893564523472221781325178706264813961628912095428858226001088693470703737625610593366171501218761398083768002575715273185733834447229729979255490894305351249462248790220088491995581441568434743311425245205540243943665103915733006324476534709154011815431889
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1c.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (89 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1c-chain.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (57 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113533.7.75.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1ef1ab8906f8490f013377ee147aee197c93284d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							2befdeca100d6e138647eff9e0e856c6244c0317
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003b72fd941afac48a378a3990e2889c02f63f1bffb4b7a0e45100c9683b4cbfcd6e17c01faff02305addce3735a3473b3fd357149add5b296feb4f4356283de6a24452eb5e26425c1a50b32a3b2200ff722a3f445ed5124d69605218f54b08332db346950d8a0076594d7705e9b306ee4702da9111b487ee3b6a76489e38bc1b3da9a58b1be4a3abd370310c36bb01a78640fc79268a5cb7083c1358a60597ac26566c73cd402ece65cefd5e8780ed8ab1d5008b3596273a5a50fc50c000d97ffb476a004c0109fb76811958c4ff0ea6bb561ad423b6a0e12f23ea262b2ee3c62194923c031fac646bb36432ed3dfdb28463b404520a83139fbc7f6fec78278f6