sapmiidev.illumina.com

- Illumina Inc -

Issued by HydrantID Server CA O1

About this certificate

This digital certificate with serial number 40:01:8d:8f:13:b3:0a:bb:3c:63:c0:94:45:0e:39:17 was issued on by IdenTrust.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Illumina Inc

Organization: Illumina Inc
State / Province: California
Locality: San Diego
Country: US

IdenTrust

Organization: IdenTrust
Organization unit: HydrantID Trusted Certificate Service
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 40:01:8d:8f:13:b3:0a:bb:3c:63:c0:94:45:0e:39:17
Serial Number (int): 85078655182571168704676313609685317911
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: ae:dc:11:a9:f9:7a:75:0c:27:80:12:7d:3d:66:17:bf:c4:b2:ea:14
AuthorityKeyId: 89:b8:9b:b6:9e:ed:fb:b0:c6:bd:0d:ec:67:4e:3c:a3:92:9d:2d:f9

Fingerprint (sha1): b7:e2:76:6d:74:71:ba:2b:cb:70:9d:be:0a:cc:33:84:c0:f6:94:7b
Fingerprint (sha256): 01:67:66:de:22:5b:c1:88:b8:f6:3d:fe:e3:09:f5:d6:5b:b4:2e:06:44:9c:76:cf:dc:46:cb:c0:11:e5:20:d2

Issuing Certificate URL: http://validation.identrust.com/certs/hydrantidcaO1.p7c

Revocation information

OCSP Server: http://commercial.ocsp.identrust.com
CRL Distribution Point: http://validation.identrust.com/crl/hydrantidcao1.crl

Check the revocation status for certificate sapmiidev.illumina.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for sapmiidev.illumina.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

sapmiidev.illumina.com
sapmii2dev.illumina.com

Other certificates including the domain name illumina.com

(limited to 100 certificates)
secure07.stage.lithium.com
ussd-prd-arcp01.illumina.com
ussd-sbx-zpac06.illumina.com
sapgtsprd.illumina.com
lims-rc.illumina.com
dev.rancherpd.illumina.com
dev-prdt.illumina.com
ipp-dev.illumina.com
sgnt-dev-zpac04.illumina.com
lab.adamshealthnetwork.org
instrument-scheduler.ils.illumina.com
sapmiidev.illumina.com
tableausbx.illumina.com
adm-fab-san-prd.illumina.com
prdt.illumina.com
devchat-bluejeans-service.aws-prod.illumina.com
incapsula.com
vault.oad.illumina.com
cpc-jenkins.ep-np.illumina.com
incapsula.com
cds1.cvent.com
grr.illumina.com
ussd-prd-dswb03.illumina.com
gokpi.illumina.com
eventregistration.illumina.com
tst2.etpsolr.illumina.com
*.subscription.illumina.com
supportassets.illumina.com
ontology.testing-domain.illumina.com
*.iron-tst.illumina.com
rancher-vye.aws-dev.illumina.com
UKCH-PRD-SNMD02.illumina.com
*.cloud-test.illumina.com
sso.login.illumina.com
www.alexhang.com
cds1.cvent.com
www.illumina.com
api.sequencing-design.designstudio-staging.illumina.com
tierboard-dev.illumina.com
wgs-preprod.illumina.com
controlmdev.illumina.com
*.docker.illumina.com
cds1.cvent.com
api-tst.add.illumina.com
expwy.apac.illumina.com
components.illumina.com
use1.deso-prod.cpo.illumina.com
www.providerportal.ils.illumina.com
othrys.olympia.k8s.backend-dev-aws.illumina.com
software.radiance-design.illumina.com
finvivirstatus.mambu.com
secure07.stage.lithium.com
tls.automattic.com
*.cloud-test.illumina.com
ipp.illumina.com
softwaredownloads.illumina.com
ussd-dev-zpac04.illumina.com
ussd-ftp.illumina.com
company.ensvee.com
ussd-dev-smap01.illumina.com
ussd-tst-etpw01.illumina.com
ussd-prd-hpad03.illumina.com
vaultdev.illumina.com
ashg2020.illumina.com
*.basespace.illumina.com
*.rancher-dev.illumina.com
cds1.cvent.com
inotifications-dev.illumina.com
sapeccprd.illumina.com
finvivirstatus.mambu.com
hub-dev.illumina.com
solr-ldap-service.illumina.com
login.illumina.com
incapsula.com
usma-prd-rdgw01.illumina.com
cds1.cvent.com
blog.infra.illumina.com
rancher-thtf.aws-dev.illumina.com
*.cloud-naboo.illumina.com
myaccess-sbx.illumina.com
secure07.stage.lithium.com
ussd-prd-clms02.illumina.com
platform.illumina.com
rancher-test.aws-prod.illumina.com
ukga-prd-hpov03.illumina.com
esb13-n1.illumina.com
incapsula.com
secure07.stage.lithium.com
finvivirstatus.mambu.com
*.testing-domain.illumina.com
*.ca.basespace.illumina.com
*.oad-aws.illumina.com
ussd-prd-snmd04.illumina.com
ussd-prd-okta01.illumina.com
secure07.stage.lithium.com
delivery-api-bssh.ils.illumina.com
cds1.cvent.com
ussd-prd-sfdcspkl.illumina.com
blog.arwinstrating.com
splunkes.illumina.com

Certificate

The complete raw certificate details for sapmiidev.illumina.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIQQAGNjxOzCrs8Y8CURQ45FzANBgkqhkiG9w0BAQsFADBy
MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MS4wLAYDVQQLEyVIeWRy
YW50SUQgVHJ1c3RlZCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlMR8wHQYDVQQDExZIeWRy
YW50SUQgU2VydmVyIENBIE8xMB4XDTI0MDIwOTE4MTQwOVoXDTI1MDMwNTE4MTMw
OVowbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcT
CVNhbiBEaWVnbzEVMBMGA1UEChMMSWxsdW1pbmEgSW5jMR8wHQYDVQQDExZzYXBt
aWlkZXYuaWxsdW1pbmEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw0xxTg0NRBSFSPYnUEfpJFJDYccOifxe+7T9JrEZsEtGtMo2azvalosW4acS
+adaB+GLRtIkYwuQywjcnatJirBUMyXb0Rr8O5LGPH8okzzVBLnM+u/vo6A1VZZd
e1/szgmB8xHdGgc2gwvcd/WPPhwUKtj+NLTjynMTULy67AG18FFqqDuVGMLZjFx+
hs5Oh7vmTvEAMID0RA7F9fZcSLkGAwc71uXFKfqcKX7oR5NBHMypIQeb2iCkXtHw
onvinqO8lnS0VQOcOX5iGmHaJ13hUxOkC12jeG6nF3ne+EPXUyR0UIRpsPsiMlj4
Dfd0HDK94hjw8xMBAgmUOud8OwIDAQABo4IBtzCCAbMwDgYDVR0PAQH/BAQDAgWg
MIGFBggrBgEFBQcBAQR5MHcwMAYIKwYBBQUHMAGGJGh0dHA6Ly9jb21tZXJjaWFs
Lm9jc3AuaWRlbnRydXN0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL3ZhbGlkYXRp
b24uaWRlbnRydXN0LmNvbS9jZXJ0cy9oeWRyYW50aWRjYU8xLnA3YzAfBgNVHSME
GDAWgBSJuJu2nu37sMa9DexnTjyjkp0t+TAhBgNVHSAEGjAYMAgGBmeBDAECAjAM
BgpghkgBhvkvAAYDMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly92YWxpZGF0aW9u
LmlkZW50cnVzdC5jb20vY3JsL2h5ZHJhbnRpZGNhbzEuY3JsMDoGA1UdEQQzMDGC
FnNhcG1paWRldi5pbGx1bWluYS5jb22CF3NhcG1paTJkZXYuaWxsdW1pbmEuY29t
MB0GA1UdDgQWBBSu3BGp+Xp1DCeAEn09Zhe/xLLqFDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQEL
BQADggEBAEM7sMmMsl2JRonCXGKh4huWzSpP9QgqJixjQxZ8ZTkSp6f6NFIi3lrh
RBJT3nIAvVon+vTiBRsrzTCDtS+jpyMk7pxp/ScnM40LhvoOrIJUyrd99S3eRtMJ
KTZmZ/1W7gUSESVPXcqjt7kCWGDf59a8iwzfVaIUJjHm4tG4QEiXEablgoLpWnh7
L/QFCY5s61kjqi9/AsnmOFVHaqLTgUEnSHmnEbeCzP49tAeA4S3htO2o++jqaQQp
1DiE4YnDhGf3YyMrjG5F0jFdGvNgmnSySsmpRfRm10NGBGKGbBbXx1ks0qd9/OOf
wd3Ey34XX/JA5TZvdHR5CkGPnytS5zo=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0xxTg0NRBSFSPYnUEfp
JFJDYccOifxe+7T9JrEZsEtGtMo2azvalosW4acS+adaB+GLRtIkYwuQywjcnatJ
irBUMyXb0Rr8O5LGPH8okzzVBLnM+u/vo6A1VZZde1/szgmB8xHdGgc2gwvcd/WP
PhwUKtj+NLTjynMTULy67AG18FFqqDuVGMLZjFx+hs5Oh7vmTvEAMID0RA7F9fZc
SLkGAwc71uXFKfqcKX7oR5NBHMypIQeb2iCkXtHwonvinqO8lnS0VQOcOX5iGmHa
J13hUxOkC12jeG6nF3ne+EPXUyR0UIRpsPsiMlj4Dfd0HDK94hjw8xMBAgmUOud8
OwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 85078655182571168704676313609685317911
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IdenTrust'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'HydrantID Trusted Certificate Service'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'HydrantID Server CA O1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-09 18:14:09 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-05 18:13:09 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'San Diego'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illumina Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'sapmiidev.illumina.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24654164717988598872865534899266595669220090914676844511573885399916729590822691567808638676152966998826295956479649093705003389507057758923854260392649372825474469643731890568445116500233426036311201014385530161240592704821916682597737543045164094308871157475743741061161537519070423771200294255361518486816456675661834740784900499268917080760463840049108151451721164108392565363967600002190537703484092447870001041813551124232669187123417675587448212536529908271797521496928581847552978833777709341759408557709433768247584744778289092255205448137910387554468435804867224887118438125112656597858718204675806007360571
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://commercial.ocsp.identrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://validation.identrust.com/certs/hydrantidcaO1.p7c'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 89b89bb69eedfbb0c6bd0dec674e3ca3929d2df9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.113839.0.6.3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (63 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://validation.identrust.com/crl/hydrantidcao1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (51 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sapmiidev.illumina.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sapmii2dev.illumina.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							aedc11a9f97a750c2780127d3d6617bfc4b2ea14
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00433bb0c98cb25d894689c25c62a1e21b96cd2a4ff5082a262c6343167c653912a7a7fa345222de5ae1441253de7200bd5a27faf4e2051b2bcd3083b52fa3a72324ee9c69fd2727338d0b86fa0eac8254cab77df52dde46d30929366667fd56ee051211254f5dcaa3b7b9025860dfe7d6bc8b0cdf55a2142631e6e2d1b840489711a6e58282e95a787b2ff405098e6ceb5923aa2f7f02c9e63855476aa2d38141274879a711b782ccfe3db40780e12de1b4eda8fbe8ea690429d43884e189c38467f763232b8c6e45d2315d1af3609a74b24ac9a945f466d743460462866c16d7c7592cd2a77dfce39fc1ddc4cb7e175ff240e5366f7474790a418f9f2b52e73a