sslvpn.unch.unc.edu

- UNC Health Care -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 0f:95:b7:57:62:0c:90:e1:00:00:00:00:50:e7:3c:fb was issued on by Entrust, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

UNC Health Care

Organization: UNC Health Care
State / Province: North Carolina
Locality: Chapel Hill
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0f:95:b7:57:62:0c:90:e1:00:00:00:00:50:e7:3c:fb
Serial Number (int): 20715790772847756650511244942610218235
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: c4:41:3c:a4:63:38:32:40:aa:fa:3b:86:4a:35:1b:38:b0:b7:c8:c1
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 1a:4d:33:56:da:e3:9b:0a:e1:1b:7f:53:6c:6a:29:3e:9f:cc:86:4e
Fingerprint (sha256): 01:31:62:ae:6a:e5:bf:54:4c:c9:4f:66:8c:51:64:ad:de:fe:1d:ad:96:ba:bd:92:44:4e:ed:89:cf:8e:62:8b

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate sslvpn.unch.unc.edu

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for sslvpn.unch.unc.edu

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

sslvpn.unch.unc.edu

Other certificates including the domain name unc.edu

(limited to 100 certificates)
rd-staging.tracs.unc.edu
sogar.oasis.unc.edu
*.sog.unc.edu
janchambers.sites.oasis.unc.edu
medialaw.unc.edu
canons.sog.unc.edu
*.onlinemba.unc.edu
image.20210408.094303.s11.et.yellsatcloud.com
symposium.kenan-flagler.unc.edu
5657535201673216-fe3.pantheonsite.io
gala.ovcsa.unc.edu
dev.infoporte.unc.edu
it.uahs.arizona.edu
ISEMMDCPAN.unch.unc.edu
epid-practicum.sph.unc.edu
ib-ipam2.net.unc.edu
www.makeathon.unc.edu
5635093192245248-fe3.pantheonsite.io
cluster3.technolutions.net
hope.haven.sites.oasis.unc.edu
canons.sog.unc.edu
bootcamp.unc.edu
docimage-iie1.unch.unc.edu
apps.hpdp.unc.edu
tbicenter.unc.edu
advice.unch.unc.edu
stories.unc.edu
ALLSCRIPTSHM-JH.unch.unc.edu
cciprinting.unc.edu
streetfilms.org
blogs.kenan-flagler.unc.edu
theancientway.jomc.unc.edu
nccriminallaw.sog.unc.edu
zachboyd.sites.oasis.unc.edu
gelmore.sites.oasis.unc.edu
compgen.unc.edu
campusrec.unc.edu
*.prospectsandbox.oasis.unc.edu
sslvpn.unch.unc.edu
admin.fpc.unc.edu
caoma.unch.unc.edu
contracts.unc.edu
f5m5.net.unc.edu
5659313586569216-fe4.pantheonsite.io
watsona.sites.oasis.unc.edu
bdv.unch.unc.edu
outlook.unc.edu
k2.shared.global.fastly.net
san-13-s10.tlsprovisioning.exacttarget.com
entsysmon.its.unc.edu
watsona.sites.oasis.unc.edu
itsstatus.unc.edu
nlp-ssl.cs.unc.edu
cluster3.technolutions.net
chancellorsawards.unc.edu
cfk.unc.edu
*.web.unc.edu
fpgservicedesk.ad.unc.edu
epss.unch.unc.edu
cluster2.technolutions.net
advise.alumni.unc.edu
*.fpg.unc.edu
miforms.bioinf.unc.edu
webmail.campus-services.unc.edu
loyola.sites.oasis.unc.edu
emch.sites.oasis.unc.edu
impsci.tracs.unc.edu
gaa.dev.unc.edu
paintrials.unc.edu
adamhochberg.com
epicreport2.unch.unc.edu
p2c.police.unc.edu
itsstatus.unc.edu
applynow.kenan-flagler.unc.edu
apps.fo.unc.edu
5709198289534976-fe4.pantheonsite.io
mobile.uncaa.unc.edu
fms.fammed.unc.edu
dataverse-test.irss.unc.edu
cah.fammed.unc.edu
courses.sph.unc.edu
pml.unc.edu
bomgar.unc.edu
beingthere.cs.unc.edu
*.onlinemph.unc.edu
devservices.unc.edu
portaltest.chs.unc.edu
oisvcse.med.unc.edu
dare-idrac.unlisted.med.unc.edu
san-13-s11.tlsprovisioning.exacttarget.com
unc.edu
carolinawomenlead.unc.edu
emch.sites.oasis.unc.edu
mycarolina.unc.edu
spotsdev.unc.edu
helpme.unch.unc.edu
cryoweb-test.med.unc.edu
kfbs.dev.unc.edu
abl.bme.unc.edu
connect.eship.unc.edu

Certificate

The complete raw certificate details for sslvpn.unch.unc.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHyDCCBrCgAwIBAgIQD5W3V2IMkOEAAAAAUOc8+zANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0x
ODA5MDcxMjE5MDJaFw0xOTA5MDcxMjQ5MDBaMHQxCzAJBgNVBAYTAlVTMRcwFQYD
VQQIEw5Ob3J0aCBDYXJvbGluYTEUMBIGA1UEBxMLQ2hhcGVsIEhpbGwxGDAWBgNV
BAoTD1VOQyBIZWFsdGggQ2FyZTEcMBoGA1UEAxMTc3NsdnBuLnVuY2gudW5jLmVk
dTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALgIgWEPf9kF/UgMdC40
lGXJYnKhVKl8SQaZehyzlnRN+69OdhHgqkmgN4YcnOXYrwtPWwA91wth1E6m/kA6
rh1XZfWNv8Lsfjk4kTq+kboudxWK2ttWYoWhDhrVa7PMIi24JqADEPWNRC04C45u
vu5gkO1OUBo+Re0gsoLyf2UIUs9JZ/vNj4pyYZjVb58BXivdlzDA/6k1Wl//hoee
wMeiw4YLngOXA4siXFuHbYjEmE5DtJcADNEzCc+gOMo0Dmmz4pjsR3+loTZDv02o
6RmmcGX2ih3gLGC0p/lDZCVoT6cRSq/l9dBOT08/uRHgs/aQUF9bbTQPKpr4Jq1Z
mNXUQzAmGArbrwUm0hYVZY/eb1CPGtnycdEtvQkhzxz6VOUkV1tPBiossJ66iJSv
Pc71p00MtAkOFC/B/OByItuuPG96+FX6+lF5l8sktJHLhERJr+PnL5fqL10Crykp
BpoolfshMHFW+tb+Eqe4yjqA+HiKw+wuBXIxHl6doA33UKbPmeuKm2AnJtFrFVub
UHkyhzdxYlesWtzX0dKg7ZBr56Z7tYjDFU2y7o42uNOpFkX9jDB4GzdPnH1X8leI
22z6TErdSqTNAXuKHnMmRFDJJfYQr02TsMEVmKpUQUoQrPgvtuyIWTUivydhLbM8
SV8IxWuSYDb6E2B2m4tdrhPdAgMBAAGjggMNMIIDCTAeBgNVHREEFzAVghNzc2x2
cG4udW5jaC51bmMuZWR1MIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgCHdb/n
WXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWW0FCEvAAAEAwBHMEUCIQDt
PA80WjNfNJP8tkhkgG65ZP7KbFqXWP+mhwOUS7MpgwIgYy1knARCfhRvYsayyTUb
cq7aLnX97eVJmrSQ6DYDBakAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6od
BxPTDAAAAWW0FCFfAAAEAwBHMEUCICpU11Lqj3M4ZwGttaYYRNR/uhSsjnsa9IEM
9B4rMyVKAiEA9iVk795hC4wqLsRS+bRlMmgvE5mpS7a2sDmiNJ5uxOYAdwCkuQmQ
tBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWW0FCFFAAAEAwBIMEYCIQDE
AOCMP7D42OHCfLYez5aGN5AsnseCYJhOLw+1KUeOZgIhALefjFJpi3l2GmAdzHvc
z6X0FnUo7egNLohqS9jGLqQmMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5l
bnRydXN0Lm5ldC9sZXZlbDFrLmNybDBLBgNVHSAERDBCMDYGCmCGSAGG+mwKAQUw
KDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EM
AQICMGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50
cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFr
LWNoYWluMjU2LmNlcjAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAd
BgNVHQ4EFgQUxEE8pGM4MkCq+juGSjUbOLC3yMEwCQYDVR0TBAIwADANBgkqhkiG
9w0BAQsFAAOCAQEAJG9exz6Wv2DE+1vv3pNK3abb0SCR9SKbsNMGgLRbkKnrD20c
7hjlMOFqU52uLVpST95nhA9YfSG6fiFul+zQktNbM+/6h4u8qXRAU96VlylZPeNQ
oSByroHdVNoQ0GqG1O7OkK9LDlfKIkQ+QRVdQ/WqpLqPP+he7NyVayvNAUKLfyc4
UKcBOQV5qGZNMu7qCve3CSsqPGeDRxq0x31cbm7U0qIAE+5QtjxZnKOD1pL/Edhh
9Hw7SmTgwR6v/mtk4idMHVqLIVQ4WHFny5eUVL8LqDly5YUJSXG0FqC/Hl5hWXdW
qUI+Rb3dSukd1+iG+qOBcEtUdI922CKOiAeuEA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuAiBYQ9/2QX9SAx0LjSU
ZclicqFUqXxJBpl6HLOWdE37r052EeCqSaA3hhyc5divC09bAD3XC2HUTqb+QDqu
HVdl9Y2/wux+OTiROr6Rui53FYra21ZihaEOGtVrs8wiLbgmoAMQ9Y1ELTgLjm6+
7mCQ7U5QGj5F7SCygvJ/ZQhSz0ln+82PinJhmNVvnwFeK92XMMD/qTVaX/+Gh57A
x6LDhgueA5cDiyJcW4dtiMSYTkO0lwAM0TMJz6A4yjQOabPimOxHf6WhNkO/Tajp
GaZwZfaKHeAsYLSn+UNkJWhPpxFKr+X10E5PTz+5EeCz9pBQX1ttNA8qmvgmrVmY
1dRDMCYYCtuvBSbSFhVlj95vUI8a2fJx0S29CSHPHPpU5SRXW08GKiywnrqIlK89
zvWnTQy0CQ4UL8H84HIi2648b3r4Vfr6UXmXyyS0kcuEREmv4+cvl+ovXQKvKSkG
miiV+yEwcVb61v4Sp7jKOoD4eIrD7C4FcjEeXp2gDfdQps+Z64qbYCcm0WsVW5tQ
eTKHN3FiV6xa3NfR0qDtkGvnpnu1iMMVTbLujja406kWRf2MMHgbN0+cfVfyV4jb
bPpMSt1KpM0Be4oecyZEUMkl9hCvTZOwwRWYqlRBShCs+C+27IhZNSK/J2EtszxJ
XwjFa5JgNvoTYHabi12uE90CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 20715790772847756650511244942610218235
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-09-07 12:19:02 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-09-07 12:49:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'North Carolina'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Chapel Hill'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'UNC Health Care'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'sslvpn.unch.unc.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 750790051299876331416907724724401921410087526127246973183804528251498813076346044460551479630311467132515754643907548128189195832191439936755936080055056132587880073810023875824937516449239460906055229028129114396197364748346681899927040047681438220545833464694861340382906382705060961797724492333066013393718237888718173918928204230278837554660279513584302904689326830778840160759151493856341619543180323398815251087446379013487098308995388234872464354057264682666536653884264270170852820360479786581215087641928538599816276219602298554428654557725614228620401435240708198938806539550055034906353905591567998472117089818888922632067595459898527291356337527834594591153133795587612537876421765106412626614680826167513429394553109072441633770828634071778667966833710396533427117849429590965246843108106238031157502686266893050990721533647450155211900986647059643939433052340000106326265637225219239164256338681274793261262645303955928675575320023147596052819267628129431471480371334035732474718635854795666758464712490653427750983856420424068556086143600341091864651972611911286508319861094690713934916638936644296803156392155925531899134191385360319440926385718784373385452844182331785594558582733170910219335244136566205944926442461
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (23 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sslvpn.unch.unc.edu'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN asn1: syntax error: invalid boolean
false
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:3|t:26|false]  
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:3|t:19|false]  
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:0|false] reserved for BER 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:0|false] reserved for BER 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							c4413ca463383240aafa3b864a351b38b0b7c8c1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00246f5ec73e96bf60c4fb5befde934adda6dbd12091f5229bb0d30680b45b90a9eb0f6d1cee18e530e16a539dae2d5a524fde67840f587d21ba7e216e97ecd092d35b33effa878bbca9744053de959729593de350a12072ae81dd54da10d06a86d4eece90af4b0e57ca22443e41155d43f5aaa4ba8f3fe85eecdc956b2bcd01428b7f273850a701390579a8664d32eeea0af7b7092b2a3c6783471ab4c77d5c6e6ed4d2a20013ee50b63c599ca383d692ff11d861f47c3b4a64e0c11eaffe6b64e2274c1d5a8b215438587167cb979454bf0ba83972e585094971b416a0bf1e5e61597756a9423e45bddd4ae91dd7e886faa381704b54748f76d8228e8807ae10