gpvpn.palantir.com

- Palantir Technologies Inc. -

Issued by DigiCert SHA2 High Assurance Server CA

About this certificate

This digital certificate with serial number 07:77:65:14:2b:dc:09:38:a4:d5:1a:32:4e:69:09:7e was issued on by DigiCert Inc.

With 7 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Palantir Technologies Inc.

Organization: Palantir Technologies Inc.
State / Province: California
Locality: Palo Alto
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 07:77:65:14:2b:dc:09:38:a4:d5:1a:32:4e:69:09:7e
Serial Number (int): 9924529418167137350947847752167000446
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 56:7b:80:b5:06:cd:cd:a1:e6:d8:70:e8:a9:b4:4b:94:ff:86:1a:0e
AuthorityKeyId: 51:68:ff:90:af:02:07:75:3c:cc:d9:65:64:62:a2:12:b8:59:72:3b

Fingerprint (sha1): 0b:88:b7:52:e5:6a:c8:4c:ca:97:9d:52:db:b1:53:bb:67:4a:ef:88
Fingerprint (sha256): 01:0b:c2:28:3f:38:cc:a3:04:db:49:7b:05:18:cc:ae:75:f6:7f:3b:a5:3c:ca:52:42:d4:f6:62:ea:e6:e4:71

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/sha2-ha-server-g6.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ha-server-g6.crl

Check the revocation status for certificate gpvpn.palantir.com

7

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for gpvpn.palantir.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

gpvpn.palantir.com
vpn-eastus.palantir.com
vpn-westus.palantir.com
vpn-uk.palantir.com
vpn-au.palantir.com
vpn-de.palantir.com
vpn-jp.palantir.com

Other certificates including the domain name palantir.com

(limited to 100 certificates)
amkstatus.nhn.no
e.ssl.fastly.net
impact.palantir.com
amkstatus.nhn.no
gear.palantir.com
gpvpn.palantir.com
sj-ravpn.palantir.com
canada.status.coconutsoftware.com
foundry-usc-1.status.palantir.com
training.palantir.com
PALANTIR TECHNOLOGIES
amkstatus.nhn.no
gpvpn.palantir.com
canada.status.coconutsoftware.com
gerrit-tr.palantir.com
canada.status.coconutsoftware.com
appstatus.motorolasolutions.com
athena.palantir.com
amkstatus.nhn.no
guestwifi.palantir.com
cds2.cvent.com
canada.status.coconutsoftware.com
palantir.com
edge-eu-a.palantir.com
www.palantir.com
foundry-usz-1.status.palantir.com
amkstatus.nhn.no
*.e.ssl.fastly.net
appstatus.motorolasolutions.com
devzone.palantir.com
appstatus.motorolasolutions.com
joyride-disp.palantir.com
files.palantir.com
gpvpn.palantir.com
blog.palantir.com
amkstatus.nhn.no
canada.status.coconutsoftware.com
*.e.ssl.fastly.net
amkstatus.nhn.no
foundry-usc-1.status.palantir.com
canada.status.coconutsoftware.com
cds2.cvent.com
foundry-usc-1.status.palantir.com
appstatus.motorolasolutions.com
canada.status.coconutsoftware.com
*.e.ssl.fastly.net
appstatus.motorolasolutions.com
regalia.palantir.com
Palantir Technologies Inc.
gpvpn.palantir.com
foundry-usc-1.status.palantir.com
dc-ravpn.palantir.com
info.palantir.com
foundry-usc-1.status.palantir.com
joyride.palantir.com
cds2.cvent.com
go.palantir.com
esentry.mi.palantir.com
appstatus.motorolasolutions.com
files.palantir.com
appstatus.motorolasolutions.com
edge-usw-a.palantir.com
canada.status.coconutsoftware.com
amkstatus.nhn.no
cds2.cvent.com
legal.palantir.com
palantir.com
amkstatus.nhn.no
foundry-usc-1.status.palantir.com
appstatus.motorolasolutions.com
*.e.ssl.fastly.net
gear.palantir.com
regalia.palantir.com
resources.palantir.com
foundry-usc-1.status.palantir.com
regalia.palantir.com
*.e.ssl.fastly.net
foundry-usz-1.status.palantir.com
cds2.cvent.com
foundry-usc-1.status.palantir.com
learning.palantir.com
PALANTIR TECHNOLOGIES
learn.palantir.com
plgpvpn.palantir.com
canada.status.coconutsoftware.com
mobile-gpvpn.palantir.com
amkstatus.nhn.no
foundry-usz-1.status.palantir.com
dns-vetting1.map.fastly.net
canada.status.coconutsoftware.com
cds2.cvent.com
*.e.ssl.fastly.net
*.e.ssl.fastly.net
canada.status.coconutsoftware.com
cds2.cvent.com
foundry-usz-1.status.palantir.com
*.e.ssl.fastly.net
gear.palantir.com
appstatus.motorolasolutions.com
foundry-usz-1.status.palantir.com

Certificate

The complete raw certificate details for gpvpn.palantir.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIH8DCCBtigAwIBAgIQB3dlFCvcCTik1RoyTmkJfjANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0yMDEwMDcwMDAwMDBaFw0yMTEwMTIxMjAwMDBa
MHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlQ
YWxvIEFsdG8xIzAhBgNVBAoTGlBhbGFudGlyIFRlY2hub2xvZ2llcyBJbmMuMRsw
GQYDVQQDExJncHZwbi5wYWxhbnRpci5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQD1i2stWAuEUXx/SHy7hSqJFD6aqc4Mzg9I7kXSVa4ODLgc9OZK
CMAo0DBTwUN8n3tVqwc2XQcJdrGRQwWr3MOEDb3ZuxgKUeK/gj5pS4xt7AlO+BOd
Q6OQ3R68ZMsRjW9TCDMUwW21672zANzk4Z7u0gtC2iDcQtf4NS2371Yer/so2S8/
ewCmqU8rIZ6KpZkBBgtEJl9O7mYwJW/iiZsRtwk0BGh5k6chAx5JKJAccwYSEL7x
O58A3qnVVU1UYBS1taz6z/vlqnBfqchEs4RmjnakbPbBxQveczuD1LsqnzxtPCJJ
3gvgBf3bwlqsK7xM5TTMLJ8nvryrR8uXw/BF5969siutZX9V8aB9cv9jgCIxXysh
6OjlQA9WrJr1bh+sggYGXZhvTwmriHTPS4jx0mf7GfWdh5lHR8a6a7QiuF7p59/h
6XOprGVFC+YMnfbHjRUBknhrQ1Aojyyd1l6iWX3JcYWF/4DCR9caKa3v+5khWYRp
a1cXxyVBJyPOv+BNU8LpuuZrXVrhVJuOp9+ltrQOX1BGi4BDuYHJ24T8U0HCw/e+
cEoC9o+U0ZwRnNHddq73YJC+wThoZMrfpcVDVcfXxd53k+49l6jkhgJexBSW7/N/
9KMeNYREhpx5nHlFdIHDQvVM5KoD8R+OrZFiNL6y1Cu6gCVdUfAPNaspFwIDAQAB
o4IDfDCCA3gwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0O
BBYEFFZ7gLUGzc2h5thw6Km0S5T/hhoOMIGlBgNVHREEgZ0wgZqCEmdwdnBuLnBh
bGFudGlyLmNvbYIXdnBuLWVhc3R1cy5wYWxhbnRpci5jb22CF3Zwbi13ZXN0dXMu
cGFsYW50aXIuY29tghN2cG4tdWsucGFsYW50aXIuY29tghN2cG4tYXUucGFsYW50
aXIuY29tghN2cG4tZGUucGFsYW50aXIuY29tghN2cG4tanAucGFsYW50aXIuY29t
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
dQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTIt
aGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29t
L3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAq
MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeB
DAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k
aWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0
LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1Ud
EwEB/wQCMAAwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgD2XJQv0XcwIhRUGAgw
lFaO400TGTO/3wwvIAvMTvFk4wAAAXUE0lMLAAAEAwBHMEUCIQDbouCwRi7QVtle
/+BURi17kxdkb99wICE2+PHOCgHwpQIgLIE55qs4hb2um5lymiObtIctNwS0lrBb
LTE/xWHs2T8AdgBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXUE
0lNSAAAEAwBHMEUCIQC45V5M1kOi6dolxPeezRV7p6o4JDgCjuO9i+Ty0EGBHgIg
XR7zvxIjwmmj0vXIqF14ZW8oIX7ml7IrYX35NXDb9Z0wDQYJKoZIhvcNAQELBQAD
ggEBAGqh2UrYBKNcFM28hxfqIg4fEeRjlpvzNneSOIzOXyp+SvV+yZ60q8K5Xq+6
CM2o8L/OhfeSeL4qwTYuXV7PgmTVTD/Rd5NkVpLZTczwkfL3yP7+T0JpMcofuU8l
21QjOcvA700xPbUaLgQlrdksg3t4stpAefRnehr+he8zbOx/n+rM6jz+C/LlJMez
L7qdkNAfn0iWq3ylH+RapGtUbL9xW8qWLgLZoaf+01pbcSS+AjAwscJYh8DrR0rA
9a/QuNTZxqbHTCSawV0Tt6uZzVsZ4U90UtBYi4+olO3Cxr/BR4Dx94xqPF/cgl6Q
1S0hGwBbl9y5oE6MvQK8MFsABuo=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9YtrLVgLhFF8f0h8u4Uq
iRQ+mqnODM4PSO5F0lWuDgy4HPTmSgjAKNAwU8FDfJ97VasHNl0HCXaxkUMFq9zD
hA292bsYClHiv4I+aUuMbewJTvgTnUOjkN0evGTLEY1vUwgzFMFtteu9swDc5OGe
7tILQtog3ELX+DUtt+9WHq/7KNkvP3sApqlPKyGeiqWZAQYLRCZfTu5mMCVv4omb
EbcJNARoeZOnIQMeSSiQHHMGEhC+8TufAN6p1VVNVGAUtbWs+s/75apwX6nIRLOE
Zo52pGz2wcUL3nM7g9S7Kp88bTwiSd4L4AX928JarCu8TOU0zCyfJ768q0fLl8Pw
RefevbIrrWV/VfGgfXL/Y4AiMV8rIejo5UAPVqya9W4frIIGBl2Yb08Jq4h0z0uI
8dJn+xn1nYeZR0fGumu0Irhe6eff4elzqaxlRQvmDJ32x40VAZJ4a0NQKI8sndZe
oll9yXGFhf+AwkfXGimt7/uZIVmEaWtXF8clQScjzr/gTVPC6brma11a4VSbjqff
pba0Dl9QRouAQ7mByduE/FNBwsP3vnBKAvaPlNGcEZzR3Xau92CQvsE4aGTK36XF
Q1XH18Xed5PuPZeo5IYCXsQUlu/zf/SjHjWERIaceZx5RXSBw0L1TOSqA/Efjq2R
YjS+stQruoAlXVHwDzWrKRcCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 9924529418167137350947847752167000446
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 High Assurance Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-10-07 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-10-12 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Palo Alto'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Palantir Technologies Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'gpvpn.palantir.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 1001734587726904351808917140702541591904495842348351376386778893390667031030928380394500453369312868692976405017297359545137592798227181104905456366942508636426411276178359771261604991913050551130668661889195898960473746898044620485548111374420674353677098225242717121853801865090697892000577401085195313883129747597087211978799259297168113693314628621893336431829513203620121773704094296993129252370452736129404916233786216120998738602345426260748180089045594194282802586784716363850869031727730450857319691290540681958520512512910174843068109007855296177383631511921655274586590141113628668805553382999093522558988208075744361991313483578112023077517182959756353636724752595559006979764433695528479566201196268743301408472540884892720104794930391684679042906671619372735002959860324016236324952937173202631060230770495143397031989442753881702135815607137031335557204649901631767351373487769892818025476248540425811002015026366102794427683380049803361767053499158677368775698418644689294333317798631280441655615400720407244915566215814745309623239738951635913036487455898022004200309810318517044989527989012064905846792266450330886062769168327799739424718524490946491439307512713786249551406701290240146620138384794101758533858699543
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 5168ff90af0207753cccd9656462a212b859723b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							567b80b506cdcda1e6d870e8a9b44b94ff861a0e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (157 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gpvpn.palantir.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vpn-eastus.palantir.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vpn-westus.palantir.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vpn-uk.palantir.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vpn-au.palantir.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vpn-de.palantir.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vpn-jp.palantir.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e30000017504d2530b0000040300473045022100dba2e0b0462ed056d95effe054462d7b9317646fdf70202136f8f1ce0a01f0a502202c8139e6ab3885bdae9b99729a239bb4872d3704b496b05b2d313fc561ecd93f0076005cdc4392fee6ab4544b15e9ad456e61037fbd5fa47dca17394b25ee6f6c70eca0000017504d253520000040300473045022100b8e55e4cd643a2e9da25c4f79ecd157ba7aa382438028ee3bd8be4f2d041811e02205d1ef3bf1223c269a3d2f5c8a85d78656f28217ee697b22b617df93570dbf59d
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		006aa1d94ad804a35c14cdbc8717ea220e1f11e463969bf3367792388cce5f2a7e4af57ec99eb4abc2b95eafba08cda8f0bfce85f79278be2ac1362e5d5ecf8264d54c3fd17793645692d94dccf091f2f7c8fefe4f426931ca1fb94f25db542339cbc0ef4d313db51a2e0425add92c837b78b2da4079f4677a1afe85ef336cec7f9feaccea3cfe0bf2e524c7b32fba9d90d01f9f4896ab7ca51fe45aa46b546cbf715bca962e02d9a1a7fed35a5b7124be023030b1c25887c0eb474ac0f5afd0b8d4d9c6a6c74c249ac15d13b7ab99cd5b19e14f7452d0588b8fa894edc2c6bfc14780f1f78c6a3c5fdc825e90d52d211b005b97dcb9a04e8cbd02bc305b0006ea