xat-gmsgroup-netxinvestor.bnymellon.com

- The Bank of New York Mellon -

Issued by DigiCert TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 02:1f:5b:af:3c:cb:07:7f:54:c4:45:27:25:8c:f5:85 was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

The Bank of New York Mellon

Organization: The Bank of New York Mellon
State / Province: Pennsylvania
Locality: Pittsburgh
Country: US

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 02:1f:5b:af:3c:cb:07:7f:54:c4:45:27:25:8c:f5:85
Serial Number (int): 2821276777201331636632151900463887749
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 4f:e0:92:c8:60:ff:a6:f3:a5:4a:46:da:4b:4d:59:13:01:ba:86:dd
AuthorityKeyId: b7:6b:a2:ea:a8:aa:84:8c:79:ea:b4:da:0f:98:b2:c5:95:76:b9:f4

Fingerprint (sha1): 12:99:2b:d0:41:68:84:f9:11:6b:12:58:ee:14:ef:48:68:cf:c1:5d
Fingerprint (sha256): 01:78:cb:f3:cd:a7:d4:8a:7d:59:f2:cb:22:92:25:f2:7a:ea:ba:23:2b:90:eb:9d:73:58:7d:f8:e5:25:54:db

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl

Check the revocation status for certificate xat-gmsgroup-netxinvestor.bnymellon.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for xat-gmsgroup-netxinvestor.bnymellon.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

xat-gmsgroup-netxinvestor.bnymellon.com
xat-gmsgroup-netxinvestor.qa.bnymellon.com

Other certificates including the domain name bnymellon.com

(limited to 100 certificates)
demo-directbizmonitor.qa.bnymellon.com
billpayadvantage.bnymellon.com
csd.bnymellon.com
M-DCAT.BNYMELLON.COM
supplier.qa.bnymellon.com
xat-res-netx360.bnymellon.com
connectfiletransfer.bnymellon.com
brms.bnymellon.com
dev-marketprofiles.bnymellon.com
*.bnymellon.com
wm-proxyin-uat.qa.bnymellon.com
lionremote-bxp2.qa.bnymellon.com
ecommerce.bnymellon.com
xat-sagepointfinancial-netxinvestor.bnymellon.com
xat-jefferies-netxinvestor.bnymellon.com
BENPAY.DEMO.BNYMELLON.COM
xuat-syndicatedcapital-netxinvestor.bnymellon.com
xuat-harris-netxinvestor.bnymellon.com
debitcard-api.bnymellon.com
uat-connectaisapp.bnymellon.com
cumulus-migration-for-michelle-dmz1.qa.bnymellon.com
iaw.bnymellon.com
ecommerce-dev.bnymellon.com
xat-searleco-netxinvestor.bnymellon.com
ppc.bnymellon.com
authenticate.bnymellon.com
xuat-henley-netxinvestor.bnymellon.com
xuat-juliusbaer-netxinvestor.bnymellon.com
jpass10.bnymellon.com
ae-routing-demo.qa.bnymellon.com
dcat-ciservices.qa.bnymellon.com
remote2.bnymellon.com
awh-ds.bnymellon.com
StructuredCreditConnection.BNYMellon.com
rj101nsgw.bnymellon.com
netxservices.bnymellon.com
remote.bnymellon.com
xat-test-netxinvestor.bnymellon.com
vdsna.bnymellon.com
gm-fxanalytics.bnymellon.com
design.dev.bnymellon.com
xat-gmers2-static.bnymellon.com
odb.bnymellon.com
topsdcat.bnymellon.com
m-privatebanking.bnymellon.com
wbcrparam.bnymellon.com
shaffi-testing5.qa.bnymellon.com
xat-wbcrparam.bnymellon.com
xat-app-liquiditydirect.bnymellon.com
esfsf.qa.bnymellon.com
ccenter.pershing.com
xat-tic-netxinvestor.bnymellon.com
QSEPROD.bnymellon.com
appstudio-api-legacy.bnymellon.com
compliance.bnymellon.com
cctcfindm.mar2020.bnymellon.com
fxanalytics-demo.bnymellon.com
xat-nexen.bnymellon.com
ngej1cs.bnymellon.com
connectais.qa.bnymellon.com
surpasisvc.bnymellon.com
SecuritiesDirectPlus-UAT.bnymellon.com
wca.bnymellon.com
dgtools-mapping.bnymellon.com
bpmconnect.bnymellon.com
fcs-dashboard-1.qa.bnymellon.com
xat-connectfiletransfer.bnymellon.com
eanalytics-demo.qa.bnymellon.com
IFXCLIENT2.DEV.BNYMELLON.COM
shareowners.bnymellon.com
marketplace.bnymellon.com
im.bnymellon.com
design.bnymellon.com
xat-gmsgroup-netxinvestor.bnymellon.com
xuat-saturna-netxinvestor.bnymellon.com
treasuryedge.bnymellon.com
my360-cata.qa.bnymellon.com
ddcship.bnymellon.com
im-user-service.bnymellon.com
xat-hewittfs-netxinvestor.bnymellon.com
firstcitizens-xat-netxinvestor.qa.bnymellon.com
ctdataservices.bnymellon.com
ers2-static.bnymellon.com
bnymdesktop.qa.bnymellon.com
fundadmin.bnymellon.com
structuredsolutions.bnymellon.com
ebi42.qa.bnymellon.com
wvr.bnymellon.com
lionremote-bxp.qa.bnymellon.com
filetransfer.qa.bnymellon.com
mobius.bnymellon.com
connectapp.bnymellon.com
xat-ssi-netxinvestor.bnymellon.com
fundpricing.qa.bnymellon.com
nexenapp.bnymellon.com
xuat-nmis-netxinvestor.bnymellon.com
bds-bdcdrin-xb.bnymellon.com
connectapp-dcat.bnymellon.com
ClientCentral.bnymellon.com
opd2.qa.bnymellon.com

Certificate

The complete raw certificate details for xat-gmsgroup-netxinvestor.bnymellon.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHHzCCBgegAwIBAgIQAh9brzzLB39UxEUnJYz1hTANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMjA3MjEwMDAwMDBa
Fw0yMzA4MjEyMzU5NTlaMIGRMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5
bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMSQwIgYDVQQKExtUaGUgQmFuayBv
ZiBOZXcgWW9yayBNZWxsb24xMDAuBgNVBAMTJ3hhdC1nbXNncm91cC1uZXR4aW52
ZXN0b3IuYm55bWVsbG9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOEA5UvBiUgeBjYOvtZUKGHsQTYJcOwaiOieklLehurdcYzqpnb9JKWSI9SW
WWMq0VOxdJU7wJE3HQQN1lGwjg8R5Hb1KWqSE3Oiu24wDRX2/gO0VNfu3aLV0CGo
TPiaeGNPauEr1INE295SebVwDBiEQCwysPD5VHPf3mqzozRbTys3QYmdQgCKRwi+
IlcCBc1k8AqOssqRYosjoPs6lP+JFEazqzroRLQg1IZ5bXRyCscN3lDtOgCRgJpj
ynTZw9cXz+7OuY6j57qzlssyBuSz3d3S99gzDXWbMlb4b+mmLQGulbnnvDzE9gqv
lfNtNMxfhchJkgtbmUtJHkZoTs0CAwEAAaOCA7IwggOuMB8GA1UdIwQYMBaAFLdr
ouqoqoSMeeq02g+YssWVdrn0MB0GA1UdDgQWBBRP4JLIYP+m86VKRtpLTVkTAbqG
3TBeBgNVHREEVzBVgid4YXQtZ21zZ3JvdXAtbmV0eGludmVzdG9yLmJueW1lbGxv
bi5jb22CKnhhdC1nbXNncm91cC1uZXR4aW52ZXN0b3IucWEuYm55bWVsbG9uLmNv
bTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MIGPBgNVHR8EgYcwgYQwQKA+oDyGOmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E
aWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwQKA+oDyGOmh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5j
cmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3
dy5kaWdpY2VydC5jb20vQ1BTMH8GCCsGAQUFBwEBBHMwcTAkBggrBgEFBQcwAYYY
aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkGCCsGAQUFBzAChj1odHRwOi8vY2Fj
ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTEu
Y3J0MAkGA1UdEwQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB1AOg+0No+
9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABgiEp8awAAAQDAEYwRAIgd63S
84fnJXc6C0LfYa3vOvq0PvNWMgN0vaeGi237iI0CIBvt32tUZEgKfQIeUdxwH72v
ekQorgwSAxtT4MKg3qzIAHYANc8ZG7+xbFe/D61MbULLu7YnICZR6j/hKu+oA8M7
1kwAAAGCISnxKQAABAMARzBFAiAmo1M+QCjUz31Aj23mgSvtxhtyn6/gUN95wHIR
yHrOnwIhAIDJFbtGgSqhpzxlPT3eirfLIkKtHhHt2XzCiYK8O8yxAHYArfe++nz/
EMiLnT2cHj4YarRnKV3PsQwkyoWGNOvcgooAAAGCISnxSAAABAMARzBFAiEA7F5k
P0rdTCZuALBXgKxEe2L1w3prvj/evF9TeakZMmMCIHmrR/DvNmmVaCK+7ZxlxA2/
id9l/4MvD1d+a103bNtpMA0GCSqGSIb3DQEBCwUAA4IBAQBFQK43uKmrBO9oWqFW
JUY5NuqlMtwrd/yQBB0T+0+zzhXN2aI08jGVi7T6uz5AI4nkrdIsLRqK9AWeghPU
JRc5wH7FdbiTcn25H78vKv2qYk2vCja8ozx4qYVdwU7ihBFH7bAxYHnzMyVo1SvA
TZb2QWbVuMbgugFdZs3ahhpMGfhiTj58mXwmZyoJKZ/991kKxMZw03RPCYZDF4xr
HEXfgOZ242USPbfjfykuOp+ZXkPT3Lzs91UGc9+AdNJhLqxFm3LlMuvlm90+urOo
aup9+9bsnyrGfjl99yJWwF4S/OX9++D/ROfr3CKB6613j/nhvTzi+N1HpCkEj/Pd
ND2A
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4QDlS8GJSB4GNg6+1lQo
YexBNglw7BqI6J6SUt6G6t1xjOqmdv0kpZIj1JZZYyrRU7F0lTvAkTcdBA3WUbCO
DxHkdvUpapITc6K7bjANFfb+A7RU1+7dotXQIahM+Jp4Y09q4SvUg0Tb3lJ5tXAM
GIRALDKw8PlUc9/earOjNFtPKzdBiZ1CAIpHCL4iVwIFzWTwCo6yypFiiyOg+zqU
/4kURrOrOuhEtCDUhnltdHIKxw3eUO06AJGAmmPKdNnD1xfP7s65jqPnurOWyzIG
5LPd3dL32DMNdZsyVvhv6aYtAa6Vuee8PMT2Cq+V8200zF+FyEmSC1uZS0keRmhO
zQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2821276777201331636632151900463887749
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-07-21 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-08-21 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Pennsylvania'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Pittsburgh'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'The Bank of New York Mellon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'xat-gmsgroup-netxinvestor.bnymellon.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28404060297180597606462652197373056001057267734107798486764612384991502045207599116400929958532522797625327322198008155786326871106103370974409681884236464678850794967402425788485237962745156940273194668956888283163013020407678792876812906804337473832612157158367023305680531009361309850494167728451431405848025137050076694844762292680967063872257068852751600914492444241374025857752834406768424694197978335444806595165919469206237628025188811534223050865876817954276554095353368724579638138284525079049583245179865827317725923151187101390000603060369495717207404533925830627848833891626276856867242511625017360928461
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							4fe092c860ffa6f3a54a46da4b4d591301ba86dd
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (87 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'xat-gmsgroup-netxinvestor.bnymellon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'xat-gmsgroup-netxinvestor.qa.bnymellon.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (115 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007500e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e000001822129f1ac0000040300463044022077add2f387e725773a0b42df61adef3afab43ef356320374bda7868b6dfb888d02201beddf6b5464480a7d021e51dc701fbdaf7a4428ae0c12031b53e0c2a0deacc800760035cf191bbfb16c57bf0fad4c6d42cbbbb627202651ea3fe12aefa803c33bd64c000001822129f1290000040300473045022026a3533e4028d4cf7d408f6de6812bedc61b729fafe050df79c07211c87ace9f02210080c915bb46812aa1a73c653d3dde8ab7cb2242ad1e11edd97cc28982bc3bccb1007600adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a000001822129f1480000040300473045022100ec5e643f4add4c266e00b05780ac447b62f5c37a6bbe3fdebc5f5379a9193263022079ab47f0ef3669956822beed9c65c40dbf89df65ff832f0f577e6b5d376cdb69
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004540ae37b8a9ab04ef685aa15625463936eaa532dc2b77fc90041d13fb4fb3ce15cdd9a234f231958bb4fabb3e402389e4add22c2d1a8af4059e8213d4251739c07ec575b893727db91fbf2f2afdaa624daf0a36bca33c78a9855dc14ee2841147edb0316079f3332568d52bc04d96f64166d5b8c6e0ba015d66cdda861a4c19f8624e3e7c997c26672a09299ffdf7590ac4c670d3744f098643178c6b1c45df80e676e365123db7e37f292e3a9f995e43d3dcbcecf7550673df8074d2612eac459b72e532ebe59bdd3ebab3a86aea7dfbd6ec9f2ac67e397df72256c05e12fce5fdfbe0ff44e7ebdc2281ebad778ff9e1bd3ce2f8dd47a429048ff3dd343d80