*.prod.lshop.expedia.com

- Expedia, Inc. -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number dc:9f:32:ed:76:d5:00:67:00:00:00:00:50:f4:3c:f4 was issued on by Entrust, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Expedia, Inc.

Organization: Expedia, Inc.
State / Province: Washington
Locality: Bellevue
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): dc:9f:32:ed:76:d5:00:67:00:00:00:00:50:f4:3c:f4
Serial Number (int): 293256767207519962354454382927680912628
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 23:d0:94:a9:5e:da:07:ee:65:d3:9a:a5:71:63:9e:a5:a3:9a:e2:d3
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): f6:c8:fd:fe:fd:2b:53:76:05:e1:c9:f0:26:c3:93:9a:4a:1c:69:42
Fingerprint (sha256): 00:c3:05:24:ff:7c:ac:75:96:7e:8f:8c:bb:2f:f5:d2:16:cd:e9:c1:b9:2c:17:2f:81:15:d4:52:d7:15:d7:af

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate *.prod.lshop.expedia.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.prod.lshop.expedia.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.prod.lshop.expedia.com
prod.lshop.expedia.com

Other certificates including the domain name expedia.com

(limited to 100 certificates)
*.us-west-2.prodp.mesop.expedia.com
summervibes2022.expedia.com
*.us-west-2.i.prod.lodgingshared.expedia.com
*.us-east-1.prod.bexgnautilus.expedia.com
*.us-west-2.i.prod.internationalisation.expedia.com
*.us-east-1.prod.lodgingshared.expedia.com
*.us-east-1.test.egtiger.expedia.com
trs-tilt.prod.expedia.com
portal-lambdas-us-west-2-main.prod.epsdecaf.expedia.com
*.test.expedia.com
www.expedia.com
*.hotelplanner.com
*.prod.lshop.expedia.com
*.prod.monitoring.expedia.com
*.test.air.expedia.com
datafeed.test.epsdecaf.expedia.com
linguo-lodging-v1-us-east-1.test.epsdecaf.expedia.com
mx1a.expedia.com
secure0024.hubspot.com
vap.expedia.com
*.test.ersappengg.expedia.com
mi.expedia.com
test.contracts.expedia.com
*.us-east-1.i.prod.ewsapi.expedia.com
thingstodo.expedia.com
*.us-east-1.i.prod.bexcruise.expedia.com
*.eweprod.expedia.com
atappdgeo.expedia.com
commission-payments-us-west-2.prod.epsdecaf.expedia.com
*.us-west-2.i.test.egtiger.expedia.com
efr-lab.expedia.com
*.test.searchdiscovery.expedia.com
*.origin.expedia.com
*.us-east-1.i.test.payments.expedia.com
*.us-west-2.i.prod.lodgingpartner.expedia.com
cpa.prod.nimbus.expedia.com
*.us-west-2.i.prodp.egailabspci.expedia.com
discoverbudapest.expedia.co.uk
*.us-east-1.prod.eguser.expedia.com
*.us-west-2.i.test.ewedatasci.expedia.com
leblancresorts.expedia.com
www.excellencegroup.expedia.com
*.prod.lodgingselect.expedia.com
outrigger.expedia.com
*.expedia.com
*.hotelplanner.com
secure0024.hubspot.com
csp.expedia.com
*.prod.monitoring.expedia.com
www.expedia.com
*.us-west-2.prod.merchandising.expedia.com
*.prod.dcs.expedia.com
*.us-west-2.i.prod.localexpert.expedia.com
eps-gateway-canary-us-east-1.prod.epsdecaf.expedia.com
test.egcontactcenter.expedia.com
ean-surenext-booking-service.i.prod.epsdecaf.expedia.com
*.prod.monitoring.expedia.com
jamf.expedia.com
*.test.tuesdaySegment.expedia.com
*.us-east-1.i.prod.lodgingpartner.expedia.com
cloudbees.vrbojenkins-gn.us-west-2.test.cicdtools.expedia.com
media.expedia.com
lab.vap.expedia.com
puntacana2023.expedia.com
mk.expedia.com
*.sem.prod.gmomarketingtech.expedia.com
*.hotelplanner.com
*.hotelplanner.com
www.goodday.expedia.com
*.us-west-2.i.test.eweflex.expedia.com
li.lisecurelink.com
forum.tools.expedia.com
partner-users-api-us-west-2-main.prod.epsdecaf.expedia.com
secure0024.hubspot.com
discoverpuntacana.expedia.com
www.expedia.com
*.test.piidataprotection.expedia.com
newsroom.expedia.com
*.test.lpsprojectping.expedia.com
www.cancun2023.expedia.com
*.us-west-2.prod.lodgingbooking.expedia.com
*.us-west-2.test.egtiger.expedia.com
houston.expedia.com
Hollandtripbuilder.expedia.de
eps-com-us-west-2.test.epsdecaf.expedia.com
bcexplorer.expedia.com.au
*.us-west-2.i.prod.lodgingshared.expedia.com
www.helpinghand.expedia.com
rateshop.expedia.com
*.test.securityplatform.expedia.com
jpmcpayout.payments.expedia.com
www.puntacana.expedia.com
lx.expedia.com
canaryislands.expedia.com
lab.vap.expedia.com
www.expedia.com
*.us-east-1.int.expedia.com
www.expedia.com
*.hotelplanner.com
japanelevated.expedia.com

Certificate

The complete raw certificate details for *.prod.lshop.expedia.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgIRANyfMu121QBnAAAAAFD0PPQwDQYJKoZIhvcNAQELBQAw
gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
MjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs
BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcN
MTkwNzExMTYyNTIwWhcNMjExMDA5MTY1NTE5WjBwMQswCQYDVQQGEwJVUzETMBEG
A1UECBMKV2FzaGluZ3RvbjERMA8GA1UEBxMIQmVsbGV2dWUxFjAUBgNVBAoTDUV4
cGVkaWEsIEluYy4xITAfBgNVBAMMGCoucHJvZC5sc2hvcC5leHBlZGlhLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO6NAHeG3AVtwhHhkeiTsGxy
qB6Z6eZACdC1Yje7ywPNz4i6ExiT3PQROVdWqJZpOcjD/OSFr6SObOe3ubJLoXql
/MErBQa/TiemL1kTxmNXjEvFsv4uiDeBxhN4sehbfSo7FFuhF3WdfgdUGyCGXM2g
ZefPZqkuf59a1M7sAvaGsQzpyapOFSb3LZAXixs9V8stzmoVy4sWdG2gKmR27Lkq
QlQ6GCE/Tn1VNcx1Uf6D7rPQeqaXqVyOpHIMQAJKVVQqIodNFrke6LobBrcYtBG5
meyYhuSrS6t4qVJDCcc60Ay/Fv8OO5NMNTmjadKQgD8KmSC0Aous1z/WGsTAe0UC
AwEAAaOCAbwwggG4MBMGCisGAQQB1nkCBAMBAf8EAgUAMDsGA1UdEQQ0MDKCGCou
cHJvZC5sc2hvcC5leHBlZGlhLmNvbYIWcHJvZC5sc2hvcC5leHBlZGlhLmNvbTAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDMG
A1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxay5j
cmwwSwYDVR0gBEQwQjA2BgpghkgBhvpsCgEFMCgwJgYIKwYBBQUHAgEWGmh0dHA6
Ly93d3cuZW50cnVzdC5uZXQvcnBhMAgGBmeBDAECAjBoBggrBgEFBQcBAQRcMFow
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMGCCsGAQUFBzAC
hidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1jaGFpbjI1Ni5jZXIwHwYDVR0j
BBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8wHQYDVR0OBBYEFCPQlKle2gfuZdOa
pXFjnqWjmuLTMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALCjL+3/xRdI
oJXV9PjYL2+NMeyZtdtjR32gLPx+SuK3uEQji37O2mVPTLK3xe91xKH9/llhgWE5
9yqUHPKA6IbImx0rTfcACKWgsVQA/I7J7Ubfb8Lamjg/IlsLvp9UUrMxap2aKmHt
BKS1UEVWjn9FLXyfpeIPx4cq8NWtSFuyVB16OhywPJxQLNQlm4rn9xY7XnS9TvEj
1At9oYWj32KumuKsyPMLMF3dKWAu1uKeXcp8/8q6per6parNwJdal2cezWwbbM2N
LUQx/P8w4psUipcwvNH1sZ/7eW2+uIMgOL7rLB91Ej4e6exVHEALymL5Tms8CiRx
a5ZWxOPglPY=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7o0Ad4bcBW3CEeGR6JOw
bHKoHpnp5kAJ0LViN7vLA83PiLoTGJPc9BE5V1aolmk5yMP85IWvpI5s57e5skuh
eqX8wSsFBr9OJ6YvWRPGY1eMS8Wy/i6IN4HGE3ix6Ft9KjsUW6EXdZ1+B1QbIIZc
zaBl589mqS5/n1rUzuwC9oaxDOnJqk4VJvctkBeLGz1Xyy3OahXLixZ0baAqZHbs
uSpCVDoYIT9OfVU1zHVR/oPus9B6ppepXI6kcgxAAkpVVCoih00WuR7ouhsGtxi0
EbmZ7JiG5KtLq3ipUkMJxzrQDL8W/w47k0w1OaNp0pCAPwqZILQCi6zXP9YaxMB7
RQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 293256767207519962354454382927680912628
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-11 16:25:20 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-10-09 16:55:19 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Washington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bellevue'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Expedia, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.prod.lshop.expedia.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30114247172695177543896531548601463433876816042509284369018784676748575865948205266891646730486381746113326323256362683985620327233326653134308679393132328573207277927670918230938008501841961620446983682400669616607692245935975467539264010817174605675291576166928474544716860512442890021844281050497170528784730239591306168331569477122707506397227462652742764101384488060645372176829218940146330466004631445010302288397517766144492125243255457226138070934125997100192755550133079561234689204518742487754941366769639839601081183655557242958830337554834366289499264790641558342899061418661293860602704353139251761675077
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prod.lshop.expedia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prod.lshop.expedia.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							23d094a95eda07ee65d39aa571639ea5a39ae2d3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b0a32fedffc51748a095d5f4f8d82f6f8d31ec99b5db63477da02cfc7e4ae2b7b844238b7eceda654f4cb2b7c5ef75c4a1fdfe5961816139f72a941cf280e886c89b1d2b4df70008a5a0b15400fc8ec9ed46df6fc2da9a383f225b0bbe9f5452b3316a9d9a2a61ed04a4b55045568e7f452d7c9fa5e20fc7872af0d5ad485bb2541d7a3a1cb03c9c502cd4259b8ae7f7163b5e74bd4ef123d40b7da185a3df62ae9ae2acc8f30b305ddd29602ed6e29e5dca7cffcabaa5eafaa5aacdc0975a97671ecd6c1b6ccd8d2d4431fcff30e29b148a9730bcd1f5b19ffb796dbeb8832038beeb2c1f75123e1ee9ec551c400bca62f94e6b3c0a24716b9656c4e3e094f6