shield.stanford.edu

- Stanford University -

Issued by InCommon RSA Server CA

About this certificate

This digital certificate with serial number 43:f3:f4:a0:66:5b:97:71:26:60:c6:da:cf:bb:60:22 was issued on by Internet2.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Stanford University

Organization: Stanford University
Organization unit: Information Security Office
Address: 450 Serra Mall
Postal code: 94305
State / Province: CA
Locality: Stanford
Country: US

Internet2

Organization: Internet2
Organization unit: InCommon
State / Province: MI
Locality: Ann Arbor
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 43:f3:f4:a0:66:5b:97:71:26:60:c6:da:cf:bb:60:22
Serial Number (int): 90324965470340818304113992467857760290
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 5e:7a:66:96:83:6a:35:dd:71:97:5d:80:f0:78:ec:ad:8e:55:5b:da
AuthorityKeyId: 1e:05:a3:77:8f:6c:96:e2:5b:87:4b:a6:b4:86:ac:71:00:0c:e7:38

Fingerprint (sha1): 3a:9e:5a:79:ea:13:6e:b0:ad:20:00:23:06:98:56:e8:45:64:89:56
Fingerprint (sha256): 01:31:45:e3:ac:90:f4:2d:7d:9a:14:f2:64:10:f5:fb:e6:63:e4:86:32:a9:33:8f:f9:54:9a:b2:04:bb:f4:5e

Issuing Certificate URL: http://crt.usertrust.com/InCommonRSAServerCA_2.crt

Revocation information

OCSP Server: http://ocsp.usertrust.com
CRL Distribution Point: http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

Check the revocation status for certificate shield.stanford.edu

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for shield.stanford.edu

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

shield.stanford.edu

Other certificates including the domain name stanford.edu

(limited to 100 certificates)
ipython.stanford.edu
5692462144159744-fe3.pantheonsite.io
migrate-gsb.stanford.edu
bpp.stanford.edu
gsc.stanford.edu
polisci451.stanford.edu
smtp-auth.slac.stanford.edu
cs242.stanford.edu
cardinalrecovery.stanford.edu
proline.stanford.edu
bio-dap15.stanford.edu
5768310863953920-fe2.pantheonsite.io
shib-dr1.stanford.edu
sr-prime.stanford.edu
sul-bookdata-prod.stanford.edu
cegelski.stanford.edu
carpepm.almonds.com
stguwfaprd01.stanford.edu
firebaseapp.com
irt-dev.stanford.edu
us.prod.campusgroups.com
gsbphoto-dev.stanford.edu
research.esrg.stanford.edu
dinglab.stanford.edu
5686812383117312-fe3.pantheonsite.io
aegis.stanford.edu
www-prd.gsb.stanford.edu
fork-h08-31.stanford.edu
cs269q.stanford.edu
animaltraxuat.stanford.edu
mededmastery.stanford.edu
events.slac.stanford.edu
sul-hydra-etd-prod.stanford.edu
ccadmin.stanford.edu
5736754531270656-fe4.pantheonsite.io
5threunioncampaign.stanford.edu
cluster3.technolutions.net
ssi-server1.stanford.edu
firebaseapp.com
5702351037923328-fe2.pantheonsite.io
crypto.stanford.edu
ucdc.edu
cluster3.technolutions.net
aagsa.stanford.edu
stanford.edu
library.stanford.edu
roboticsclub.stanford.edu
helix.stanford.edu
eventviewer-test2.stanford.edu
www.straightlab.stanford.edu
us.prod.campusgroups.com
library-status.stanford.edu
aikido.stanford.edu
stanfordwho.stanford.edu
aplac.stanford.edu
facultybillets-dev.med.stanford.edu
www-group.slac.stanford.edu
pswebkdc.slac.stanford.edu
nartc.fcm.arizona.edu
www.dschool.stanford.edu
ci.med.stanford.edu
calendar.sdzsafaripark.org
www.launchpad.stanford.edu
lbre-authdev.stanford.edu
allencenter.stanford.edu
globalhealth.stanford.edu
*.stanford.edu
yuba.stanford.edu
migrate-gsb.stanford.edu
stanfordwho-test-stretch.stanford.edu
5652720409116672-fe3.pantheonsite.io
sul-dev-mdm.stanford.edu
vault.stanford.edu
suegenciadev.stanford.edu
epgy.stanford.edu
r8-web-prod.stanford.edu
www.dhometeam.stanford.edu
pascl.stanford.edu
gfxcourses.stanford.edu
apimetadata.stanford.edu
woodstock.stanford.edu
pacs.fairnorthdigital.com
shield.stanford.edu
suave.stanford.edu
fsi-backup1.stanford.edu
5731346630574080-fe3.pantheonsite.io
jimb.stanford.edu
jq01b160n4jace02a.stanford.edu
www-cdn.stanford.edu
banking-business-review.com
glast.slac.stanford.edu
swshumsci-prod.stanford.edu
5686683802533888-fe2.pantheonsite.io
reportmart3ye.stanford.edu
5768310863953920-fe2.pantheonsite.io
biochemistry.stanford.edu
cdn-test.battlefields.org
test.eis.uw.edu
modthought.stanford.edu
itarch.stanford.edu

Certificate

The complete raw certificate details for shield.stanford.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIQQ/P0oGZbl3EmYMbaz7tgIjANBgkqhkiG9w0BAQsFADB2
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xNTAxMjIwMDAwMDBaFw0xODAxMjEy
MzU5NTlaMIG4MQswCQYDVQQGEwJVUzEOMAwGA1UEERMFOTQzMDUxCzAJBgNVBAgT
AkNBMREwDwYDVQQHEwhTdGFuZm9yZDEXMBUGA1UECRMONDUwIFNlcnJhIE1hbGwx
HDAaBgNVBAoTE1N0YW5mb3JkIFVuaXZlcnNpdHkxJDAiBgNVBAsTG0luZm9ybWF0
aW9uIFNlY3VyaXR5IE9mZmljZTEcMBoGA1UEAxMTc2hpZWxkLnN0YW5mb3JkLmVk
dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYMzljkRYS89ulVgibh
q+7tZEIorTwp3kAogqTMSU2PCH+Lc8BUE1gfud97Pvkvte9ZsR+f0Zwbtza9D2AA
fBIYbvC3z6/UzwAMFII8YjV1wF+G8Pq9qPv4QCLqT8P4AAiomlBzkw+MYzq/aya9
NqtqSKR4OI3F9QGpoZ5n8DAj+c4oFTV6E1538Ih79QMbk49BteaB2QACEVn3iMiU
Gs2GdsPQgq0K87AaO4hhElGWiEuu3qrUiFgEXh2aRZ6z91bF/ODHLQBVsIaUdUtN
cEvzM1qVGDe4uGwG2YP1o7LgLZcW7qq0ZeBT5UwmMc1af6USp24G8m3rhdmaUfoH
FJcCAwEAAaOCAccwggHDMB8GA1UdIwQYMBaAFB4Fo3ePbJbiW4dLprSGrHEADOc4
MB0GA1UdDgQWBBReemaWg2o13XGXXYDweOytjlVb2jAOBgNVHQ8BAf8EBAMCBaAw
DAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwZwYD
VR0gBGAwXjBSBgwrBgEEAa4jAQQDAQEwQjBABggrBgEFBQcCARY0aHR0cHM6Ly93
d3cuaW5jb21tb24ub3JnL2NlcnQvcmVwb3NpdG9yeS9jcHNfc3NsLnBkZjAIBgZn
gQwBAgIwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC5pbmNvbW1vbi1yc2Eu
b3JnL0luQ29tbW9uUlNBU2VydmVyQ0EuY3JsMHUGCCsGAQUFBwEBBGkwZzA+Bggr
BgEFBQcwAoYyaHR0cDovL2NydC51c2VydHJ1c3QuY29tL0luQ29tbW9uUlNBU2Vy
dmVyQ0FfMi5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5j
b20wHgYDVR0RBBcwFYITc2hpZWxkLnN0YW5mb3JkLmVkdTANBgkqhkiG9w0BAQsF
AAOCAQEAJgs6lE4gvZvnXwMZ4ZVJohrpxdV3MoaCwzXblhAAWk1IdhPal+OIml0A
y9nT5A0qze1R8cXF31BywJll1CCVVgyDd2EdCVEVABBuCmq5JQbOz87ik2mk7BH0
HGt3VLzRbGCG52du8ruHAN7bKnUW01DzvaC2kil4d8MlWXCIjri3f/eneTlpYSor
RdYWoolmH+AS0MaulDVuqVpsadBC0q4KViIzSH8nC0un9RrI95zAQa7VoZ4m3h4F
9fTPoQqx135/gEuvE8CefD4JMbXisBTiVmgZ/RCBOzpariP13/6YpEwzjYr8uN2o
hVMkPw4TtPX7ZRZgT9BRMs5Nb4vcZg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgzOWORFhLz26VWCJuGr
7u1kQiitPCneQCiCpMxJTY8If4tzwFQTWB+533s++S+171mxH5/RnBu3Nr0PYAB8
Ehhu8LfPr9TPAAwUgjxiNXXAX4bw+r2o+/hAIupPw/gACKiaUHOTD4xjOr9rJr02
q2pIpHg4jcX1AamhnmfwMCP5zigVNXoTXnfwiHv1AxuTj0G15oHZAAIRWfeIyJQa
zYZ2w9CCrQrzsBo7iGESUZaIS67eqtSIWAReHZpFnrP3VsX84MctAFWwhpR1S01w
S/MzWpUYN7i4bAbZg/WjsuAtlxbuqrRl4FPlTCYxzVp/pRKnbgbybeuF2ZpR+gcU
lwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 90324965470340818304113992467857760290
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'MI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ann Arbor'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-01-22 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-01-21 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '94305'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Stanford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '450 Serra Mall'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Stanford University'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Information Security Office'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'shield.stanford.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25001499278875962077676591165537214205492142113502361068065503554114661339491117538410759721881565020415263760258419931587104938988167345783168131860029401824470085778491344639095695479349893213355640034598251465282571744052886589173419964053906615941765685118028579708820725958071567545303077995383568564715613008724378063734732766826143262745373513496730312574651443319718010093415599011079413524978594953373138248981779531826653340593864115532759843134079604724492889307430672627550313428550040396498932565002382103720011317064809074092600420205757629691872010230136262309006564427397762284107468575531748701967511
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1e05a3778f6c96e25b874ba6b486ac71000ce738
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5e7a6696836a35dd71975d80f078ecad8e555bda
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (96 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.incommon.org/cert/repository/cps_ssl.pdf'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.incommon-rsa.org/InCommonRSAServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.usertrust.com/InCommonRSAServerCA_2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.usertrust.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (23 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'shield.stanford.edu'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00260b3a944e20bd9be75f0319e19549a21ae9c5d577328682c335db9610005a4d487613da97e3889a5d00cbd9d3e40d2acded51f1c5c5df5072c09965d42095560c8377611d09511500106e0a6ab92506cecfcee29369a4ec11f41c6b7754bcd16c6086e7676ef2bb8700dedb2a7516d350f3bda0b692297877c3255970888eb8b77ff7a7793969612a2b45d616a289661fe012d0c6ae94356ea95a6c69d042d2ae0a562233487f270b4ba7f51ac8f79cc041aed5a19e26de1e05f5f4cfa10ab1d77e7f804baf13c09e7c3e0931b5e2b014e2566819fd10813b3a5aae23f5dffe98a44c338d8afcb8dda88553243f0e13b4f5fb6516604fd05132ce4d6f8bdc66