ccib.mgh.harvard.edu

- President and Fellows of Harvard College -

Issued by InCommon RSA Server CA 2

About this certificate

This digital certificate with serial number bb:ff:d1:65:c9:50:29:ff:08:ef:94:1f:a2:60:c4:d8 was issued on by Internet2.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

President and Fellows of Harvard College

Organization: President and Fellows of Harvard College
State / Province: Massachusetts
Country: US

Internet2

Organization: Internet2
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): bb:ff:d1:65:c9:50:29:ff:08:ef:94:1f:a2:60:c4:d8
Serial Number (int): 249893917998660625779352860494206649560
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: a7:b7:f9:16:2f:9f:c2:6e:93:c4:32:e6:b5:ad:3f:43:73:9b:b1:11
AuthorityKeyId: ef:4c:00:92:a6:fb:76:2e:5e:95:e2:c9:5f:87:1b:19:d5:4d:e2:d9

Fingerprint (sha1): 54:7c:ee:80:c8:e2:12:86:d3:2b:fb:73:e9:31:00:e4:69:f0:ab:2e
Fingerprint (sha256): 00:a6:a8:4b:03:56:02:d8:97:8a:b8:b6:1f:b1:20:15:1e:48:20:94:c0:14:83:32:18:ca:4e:a2:7c:c1:4c:61

Issuing Certificate URL: http://crt.sectigo.com/InCommonRSAServerCA2.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/InCommonRSAServerCA2.crl

Check the revocation status for certificate ccib.mgh.harvard.edu

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ccib.mgh.harvard.edu

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ccib.mgh.harvard.edu

Other certificates including the domain name harvard.edu

(limited to 100 certificates)
*.meei.harvard.edu
www.nieman.harvard.edu
cds4.cvent.com
lee.hms.harvard.edu
cvvr.hms.harvard.edu
imperva.com
iqss-sid-env-uat.herokuapp.com
takesian.hms.harvard.edu
dssg.fas.harvard.edu
scorsese.wjh.harvard.edu
geodata-proxy.lib.harvard.edu
5769623379116032-fe2.pantheonsite.io
incapsula.com
zhanglab.tch.harvard.edu
tech.seas.harvard.edu
5762637883244544-fe3.pantheonsite.io
incapsula.com
getonline.harvard.edu
archives.harvard.edu
acquia-sites.com
hub.test.lxp.huit.harvard.edu
filetransfer.harvard.edu
www.datascience.harvard.edu
nlbsp.med.harvard.edu
alumni.dce-test.upstatement.dev
neprc-vpn.hms.harvard.edu
*.hmc.harvard.edu
docker.rc.fas.harvard.edu
webmail.hsl.harvard.edu
www.hup.harvard.edu
statuspage.io
it.uahs.arizona.edu
healthinnovationnetwork.harvard.edu
sfsportal.harvard.edu
termbill.harvard.edu
admissions.emeritus.org
ordlvapexd01.med.harvard.edu
incapsula.com
cluster3.technolutions.net
hhi.harvard.edu
rmfs-blog.rmf.harvard.edu
cluster.technolutions.net
sandbox-ak150.rc.hms.harvard.edu
jdcmoveit1.joslin.harvard.edu
giftshop.metalab.harvard.edu
forerun-beta.bidmc.harvard.edu
coreapitest.tch.harvard.edu
incapsula.com
cluster3.technolutions.net
cvvr.hms.harvard.edu
jenkins.tlt.harvard.edu
worldmap.harvard.edu
omero-dev.hms.harvard.edu
www.production.sid.hmdc.harvard.edu
email.med.harvard.edu
ccib.mgh.harvard.edu
5709068098338816-fe3.pantheonsite.io
sites.sph.harvard.edu
incapsula.com
db1.mgh.harvard.edu
peerprereview.iq.harvard.edu
incapsula.com
bonescan.bidmc.harvard.edu
*.wcfia.harvard.edu
teachingpost.hbsp.harvard.edu
canvas.hms.harvard.edu
5762637883244544-fe3.pantheonsite.io
p0-univad-dc6.university.harvard.edu
coptic.share.library.harvard.edu
gc.seas.harvard.edu
fugue.arp.harvard.edu
incapsula.com
incapsula.com
edportal.harvard.edu
p2m2a.dbmi.hms.harvard.edu
pilac.law.harvard.edu
5753952654065664-fe1.pantheonsite.io
bootcamp.extension.harvard.edu
vpn.harvard.edu
prostatus.whitepages.com
sni.cloudflaressl.com
iiif.lib.harvard.edu
hds.harvard.edu
rmfvpn.rmf.harvard.edu
incapsula.com
axistv.fas.harvard.edu
vector.meei.harvard.edu
mywellnetmobiletest.tch.harvard.edu
nautilus.gse.harvard.edu
countway.harvard.edu
eve.law.harvard.edu
dlabss.harvard.edu
mail.jbcc.harvard.edu
200.hls.harvard.edu
chsi.harvard.edu
hgc.harvard.edu
vpn.dce.harvard.edu
oi.mgh.harvard.edu
wagnerlab.tch.harvard.edu
bioinformatics.sph.harvard.edu

Certificate

The complete raw certificate details for ccib.mgh.harvard.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIH7DCCBlSgAwIBAgIRALv/0WXJUCn/CO+UH6JgxNgwDQYJKoZIhvcNAQEMBQAw
RDELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEhMB8GA1UEAxMYSW5D
b21tb24gUlNBIFNlcnZlciBDQSAyMB4XDTI0MDIwODAwMDAwMFoXDTI1MDIwNzIz
NTk1OVowdzELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxMTAv
BgNVBAoTKFByZXNpZGVudCBhbmQgRmVsbG93cyBvZiBIYXJ2YXJkIENvbGxlZ2Ux
HTAbBgNVBAMTFGNjaWIubWdoLmhhcnZhcmQuZWR1MIICIjANBgkqhkiG9w0BAQEF
AAOCAg8AMIICCgKCAgEAwpEZWzKdzjve8cmBIfXxL5J04v0HPAiqPzn6CUgePfq/
QJScKk8mnn+bxsnuBBeethQw8JAKa3NE8x9abu/LO5GKZn73t7x+weZ+aQm7VhPP
nTb25UM13jvs7QNRqoLOXPYEA0jaUr7rA6gVUsLcvrT+jgRVXawGUKAiAwsQwEl0
eboH9wwJ8AoQZPIcEhOHby6yjz/14DgdE+V5NqkmqqHGTRrSl82t3+GK8qD9kjJS
T4l5scJi5jolzwDqBHfKORB5g3cJb06x8cCBVGetswLuIiqdAo5GAqADnjEj4RLy
2bNVDJXJS/rICVaVruNyWduRHMuC1GktCNh6FGdHDwfxD28oNh09E1uKEzdWgnYT
+QxtLnzW7BYWUSfBe/X49y2bkckzB8mudzwf4fv6Pn2hOHrs1wOmAo5MTJYDkhqR
N6WEdd6l6pM9LzvnQmqP3Hf+5b9mFEeit3FxmGIV2iYTwgOD5ORFqdS5B/jg7jfr
KNsEtnhrmAQRXzJA6obKg2jI54aykkkjW6/THHc8RWRnoXwy0n9RUee4Qfv/UTco
WcyIow18HMdxihTA+SX8gdYjSxGF+l9uFox1/By9bwzSqjJ+Tws/3ehAmRzwiIMs
z8MoZ9BT3jVB7wKaCUy24kAD5PtNF9DzuqdlwkRTm5US7QLZs7zmI6YMPK9Ab9EC
AwEAAaOCAyQwggMgMB8GA1UdIwQYMBaAFO9MAJKm+3YuXpXiyV+HGxnVTeLZMB0G
A1UdDgQWBBSnt/kWL5/CbpPEMua1rT9Dc5uxETAOBgNVHQ8BAf8EBAMCBaAwDAYD
VR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0g
BEIwQDA0BgsrBgEEAbIxAQICZzAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3Rp
Z28uY29tL0NQUzAIBgZngQwBAgIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2Ny
bC5zZWN0aWdvLmNvbS9JbkNvbW1vblJTQVNlcnZlckNBMi5jcmwwcAYIKwYBBQUH
AQEEZDBiMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LnNlY3RpZ28uY29tL0luQ29t
bW9uUlNBU2VydmVyQ0EyLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2Vj
dGlnby5jb20wHwYDVR0RBBgwFoIUY2NpYi5tZ2guaGFydmFyZC5lZHUwggF/Bgor
BgEEAdZ5AgQCBIIBbwSCAWsBaQB2AM8RVu7VLnyv84db2Wkum+kacWdKsBfsrAHS
W3fOzDsIAAABjYmu4oQAAAQDAEcwRQIhAJgrVsWEJZgqM8NwkQT+Pso7Fk9nVC8d
7DF7hm0tHBXzAiA8toC0HA3ttl7PF2ztZt1onMJMlW1aUjlU2jKyY9vMhwB3AKLj
CuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAABjYmu4y0AAAQDAEgwRgIh
AIlOI7AhrDhbbjLXycIvAQZPfXwqkprg98YjDjdp854fAiEAzIYh3NVwwKXewsGC
dwGiQsHF430TZfDTSu1C+RTVa9sAdgBOdaMnXJoQwzhbbNTfP1LrHfDgjhuNacCx
+mSxYpo53wAAAY2JruK3AAAEAwBHMEUCIQDOrNDB+Pd4bTmBZQtzJo7rXfVwOqXC
8UkKhOSwHtn9TQIgX7E9vLQ1gGLTTXsMi0VyO4tyNYJt1PcXfTGvgVHbBmIwDQYJ
KoZIhvcNAQEMBQADggGBAFir6vZsiLz46AEgl9t3CBB7iFRtyuAN1cRbbO2bH1wJ
JDjCgV+0OrHY5D4snmjQ2FNf2LQG2+LwYt9Za1nhArE+SacoausnaOzHQosnKMpg
U0lQhEFTU9DBfGrYkYATy0O5PkUQzCk6FI240H8tPeu+nQ4LeILYMeBWBqJxBp1H
HQ+qhw2pisu9+NOgfOYtVFZimS28z3E6vWWQ6NYH5Ufjb7xcWLSsV0KuithBJgub
AGsRZ3oEhpHlnFfIrHak7WeKStdDsHA6PNUm8fCXpBTnYL33mjH+binpO0oJWwpa
0yPvBAI038IHPLyntgHQgsSEUEzHBIrzic6EPayL+z19t4IkREHeATfwhb+MUSCG
Wy+QIvgdAv7wPl+UluAcIvVVw0urwvBBoDxaKyCwoZ04ghhP8nHfLDAEANzSbV0d
vZv9tYZojFQuGgAtZzxLCypbknUfagQqZ4U4VEwiYn1VgMefXE/uxsUQnxsgO/7G
UMtKox+6P2zte41W/JMiqw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpEZWzKdzjve8cmBIfXx
L5J04v0HPAiqPzn6CUgePfq/QJScKk8mnn+bxsnuBBeethQw8JAKa3NE8x9abu/L
O5GKZn73t7x+weZ+aQm7VhPPnTb25UM13jvs7QNRqoLOXPYEA0jaUr7rA6gVUsLc
vrT+jgRVXawGUKAiAwsQwEl0eboH9wwJ8AoQZPIcEhOHby6yjz/14DgdE+V5Nqkm
qqHGTRrSl82t3+GK8qD9kjJST4l5scJi5jolzwDqBHfKORB5g3cJb06x8cCBVGet
swLuIiqdAo5GAqADnjEj4RLy2bNVDJXJS/rICVaVruNyWduRHMuC1GktCNh6FGdH
DwfxD28oNh09E1uKEzdWgnYT+QxtLnzW7BYWUSfBe/X49y2bkckzB8mudzwf4fv6
Pn2hOHrs1wOmAo5MTJYDkhqRN6WEdd6l6pM9LzvnQmqP3Hf+5b9mFEeit3FxmGIV
2iYTwgOD5ORFqdS5B/jg7jfrKNsEtnhrmAQRXzJA6obKg2jI54aykkkjW6/THHc8
RWRnoXwy0n9RUee4Qfv/UTcoWcyIow18HMdxihTA+SX8gdYjSxGF+l9uFox1/By9
bwzSqjJ+Tws/3ehAmRzwiIMsz8MoZ9BT3jVB7wKaCUy24kAD5PtNF9DzuqdlwkRT
m5US7QLZs7zmI6YMPK9Ab9ECAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 249893917998660625779352860494206649560
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA Server CA 2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-08 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-07 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Massachusetts'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'President and Fellows of Harvard College'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ccib.mgh.harvard.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 793763263530674519992950876555401131280151147492694985850011932259174319297880753961930662362157328638751402427201497969158995681916713352268720223232827033300953285609672755171385681633631425057552635520716044560743380711702917986153396507174702771181627816098442832515350984743830693415271555900975517729426052876127144664826535218452977191848905059656660888765441080117696023283724631765032796344722200309329251686493348326512933941643367292698347530457059306353009430221065964438499592288697517865453437410183246404608822850771028233989517218528207963782625944663945399754280855326188510353532000793188823853921932068317620849452170411083876013160647407992611433658675483832390967898435586272752510168201083844635911256351918584941943155282090144459547968838993572051862545995706577702403748596189972497405756736460432590983341100968392056580427878661673171056515444037279591106103755348898927156964308347375365238175833854179360142644626898186663864356410744899583503201734504229592135295636231522332883694730923178039254119215978425349262601859920876426331558500177021004468844743875968882479691782589883710685808287160033429749620250525666446140957875637990278606390807908959711716338873261562539774345253865466298805033922513
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ef4c0092a6fb762e5e95e2c95f871b19d54de2d9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a7b7f9162f9fc26e93c432e6b5ad3f43739bb111
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.103
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (57 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/InCommonRSAServerCA2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/InCommonRSAServerCA2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ccib.mgh.harvard.edu'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007600cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018d89aee2840000040300473045022100982b56c58425982a33c3709104fe3eca3b164f67542f1dec317b866d2d1c15f302203cb680b41c0dedb65ecf176ced66dd689cc24c956d5a523954da32b263dbcc87007700a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018d89aee32d0000040300483046022100894e23b021ac385b6e32d7c9c22f01064f7d7c2a929ae0f7c6230e3769f39e1f022100cc8621dcd570c0a5dec2c1827701a242c1c5e37d1365f0d34aed42f914d56bdb0076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d89aee2b70000040300473045022100ceacd0c1f8f7786d3981650b73268eeb5df5703aa5c2f1490a84e4b01ed9fd4d02205fb13dbcb4358062d34d7b0c8b45723b8b7235826dd4f7177d31af8151db0662
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (3072 bits)
		0058abeaf66c88bcf8e8012097db7708107b88546dcae00dd5c45b6ced9b1f5c092438c2815fb43ab1d8e43e2c9e68d0d8535fd8b406dbe2f062df596b59e102b13e49a7286aeb2768ecc7428b2728ca6053495084415353d0c17c6ad8918013cb43b93e4510cc293a148db8d07f2d3debbe9d0e0b7882d831e05606a271069d471d0faa870da98acbbdf8d3a07ce62d545662992dbccf713abd6590e8d607e547e36fbc5c58b4ac5742ae8ad841260b9b006b11677a048691e59c57c8ac76a4ed678a4ad743b0703a3cd526f1f097a414e760bdf79a31fe6e29e93b4a095b0a5ad323ef040234dfc2073cbca7b601d082c484504cc7048af389ce843dac8bfb3d7db782244441de0137f085bf8c5120865b2f9022f81d02fef03e5f9496e01c22f555c34babc2f041a03c5a2b20b0a19d3882184ff271df2c300400dcd26d5d1dbd9bfdb586688c542e1a002d673c4b0b2a5b92751f6a042a678538544c22627d5580c79f5c4feec6c5109f1b203bfec650cb4aa31fba3f6ced7b8d56fc9322ab