tfs.niaid.nih.gov

- National Institutes of Health -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 7c:51:8c:a7:f3:c2:e0:2e:d2:38:c1:25:89:d1:b3:dd was issued on by Entrust, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

National Institutes of Health

Organization: National Institutes of Health
State / Province: Maryland
Locality: Rockville
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 7c:51:8c:a7:f3:c2:e0:2e:d2:38:c1:25:89:d1:b3:dd
Serial Number (int): 165247700366758988063369326079262176221
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 6a:9e:59:43:e5:30:fb:2a:ae:b3:c2:92:3b:d7:7b:66:9d:7b:b9:34
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 6d:9d:1d:8e:4f:69:8d:a9:ef:5d:06:e7:39:b0:50:f7:d0:c4:02:e7
Fingerprint (sha256): 01:b3:1b:c8:eb:a4:07:ee:d5:a3:d0:e3:0f:57:e3:25:fd:8d:ae:cd:1d:bb:b4:5b:a1:1e:06:ba:3c:38:1b:63

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate tfs.niaid.nih.gov

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for tfs.niaid.nih.gov

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

tfs.niaid.nih.gov

Other certificates including the domain name nih.gov

(limited to 100 certificates)
*.nihms.nih.gov
*.nei.nih.gov
*.niaid.nih.gov
dkgbt.niddk.nih.gov
soatest.ha.nih.gov
*.nlm.nih.gov
3dprintqa.niaid.nih.gov
www.niaaa.nih.gov
citrix.niehs.nih.gov
oma.od.nih.gov
drupal.nihlibrary.com
internet.csr.nih.gov
jamfdmz.niaaa.nih.gov
nei1.nih.gov
*.niams.nih.gov
biobeat.nigms.nih.gov
pots.nci.nih.gov
*.nlm.nih.gov
meetings.nigms.nih.gov
*.nlm.nih.gov
neidatacommons.nei.nih.gov
catalog.nei.nih.gov
devstageerawebserviceaccess.nichd.nih.gov
tls.automattic.com
assettrack.cc.nih.gov
mirror.nih.gov
sisterstudy.niehs.nih.gov
*.nci.nih.gov
3dprintqa.niaid.nih.gov
sbrblood.nhgri.nih.gov
*.apps.nciconnectstg.nci.nih.gov
excessproductcatalog.od.nih.gov
madb.nci.nih.gov
biomedicalresearchworkforce.nih.gov
intranet.cit.nih.gov
ai-cs105otdqa1.niaid.nih.gov
*.nci.nih.gov
obssr.od.nih.gov
posit-package-manager.niaid.nih.gov
myitsm.nih.gov
nihguide.od.nih.gov
2019-BTH-TIC-VPN-EG-03-A.NET.NIH.GOV
ucceventsupport.cit.nih.gov
APF-Access.niaid.nih.gov
etsplab.ninds.nih.gov
dev.radx-hub.nih.gov
www.safetytraining.nih.gov
recovery.nih.gov
*.niddk.nih.gov
sni.cloudflaressl.com
authproxy.ha.nih.gov
pdbp-dd-uat.cit.nih.gov
ai-appauthfoochiprd1.niaid.nih.gov
ncias-p595.nci.nih.gov
ccpharmrees.cc.nih.gov
parkinsontrial.ninds.nih.gov
jats.nlm.nih.gov
otds16-dev.niaid.nih.gov
www.smokefree.gov
intranet.nccih.nih.gov
intranet.nccam.nih.gov
fitbir-stage.cit.nih.gov
www.cc.nih.gov
cancergenome.nih.gov
aghealth.nci.nih.gov
ncif5-d013-v.nci.nih.gov
acdwg.od.nih.gov
activenav-dev.niaid.nih.gov
apps.cc.nih.gov
sptest.nibib.nih.gov
healthyeating.nhlbi.nih.gov
medialibrary.nei.nih.gov
*.nlm.nih.gov
salivaryproteome.nidcr.nih.gov
ncatswnspfpdv34.nih.gov
ocrtme.cc.nih.gov
itbweb.nhgri.nih.gov
pots.nia.nih.gov
dcb.cit.nih.gov
devwebeditor.nichd.nih.gov
tfs.niaid.nih.gov
toolkit.ncats.nih.gov
bricsguid.nia.nih.gov
nisc.nih.gov
pedmatch.nci.nih.gov
tls.automattic.com
eracert137.era.nih.gov
*.nlm.nih.gov
erss-vip.niaid.nih.gov
sa66gl.wpc.edgecastcdn.net
isupplierext.qa.nih.gov
oacu.od.nih.gov
videocast.niehs.nih.gov
depot.tbportals.niaid.nih.gov
ecollab.niaid.nih.gov
ccapps.cc.nih.gov
resresources.nci.nih.gov
rnai.nih.gov
authdev.ha.nih.gov
www.nigms.nih.gov

Certificate

The complete raw certificate details for tfs.niaid.nih.gov in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIQfFGMp/PC4C7SOMElidGz3TANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDA1MDIxMjU3MzlaFw0yNTA1MTMxMjU3MzhaMHgxCzAJBgNVBAYTAlVTMREwDwYD
VQQIEwhNYXJ5bGFuZDESMBAGA1UEBxMJUm9ja3ZpbGxlMSYwJAYDVQQKEx1OYXRp
b25hbCBJbnN0aXR1dGVzIG9mIEhlYWx0aDEaMBgGA1UEAxMRdGZzLm5pYWlkLm5p
aC5nb3YwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY6VGutomDdO+f
q6sK9a7KKpybA0LAGjTfkMRGlzs3VZ6ECaa1SN//0NCR6EQlL/th/Ira4L7MrZ5G
H8ax8VbIDoVYNBh1Ixx6sxZLtWqH2dANST0rMQrFbfpcugzbE9pdUenV/ErIj9t/
Hne2xQ7Y3M4xHOKDdhhvwlsnjtIOSstyc/nvbAcSbgx7/pbax1inEdrd9qpugTUR
6GsbSW/ZuA2ymYCgo+Xee4r2++dMzKopGqD2TCp4Pu2TGNrir0/UEf5I7m4IKoBb
PuFMK28Ro6MIgGVxDPglMdilcROPiolSOJfjLAmtXEz7hyQyhkkWSuLkrAP0xCJU
nnQIhEa9AgMBAAGjggFoMIIBZDAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRqnllD
5TD7Kq6zwpI713tmnXu5NDAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpM
vzBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1
c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1j
aGFpbjI1Ni5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0
Lm5ldC9sZXZlbDFrLmNybDAcBgNVHREEFTATghF0ZnMubmlhaWQubmloLmdvdjAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBMG
A1UdIAQMMAowCAYGZ4EMAQICMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3
DQEBCwUAA4IBAQBfaKjJO/6kUOYn1hWnK7JL0OaEuI2tukxZ0Eis2JYOSv6GA8H0
AiDMF3gdtKVmHeC58KLPJZ733ST/LCYZMAph71zCiHU3Ys3O3FL1ZnP4An6ZZuOo
DRuU+WXZnu8URtklO7ZZjikzdXk0+BK4JzVtpEmdZI/6wP649af4uEAPTeCFrazJ
E3GeGEEF9S3r/oB8OP61p+Rj0pFrb7R/p4QP/NcfwKo13dZaXvgMiPMvow9Utby1
0I0U2wESmCgfy2pNbsCWPlrISugE6sz+5rjwmPKYdH1MSsUMatD+DCXmdH/qPcQ4
HzcDCu6fKjQT1HXZqlMDuD75ps1tRQHxs/d7
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OlRrraJg3Tvn6urCvWu
yiqcmwNCwBo035DERpc7N1WehAmmtUjf/9DQkehEJS/7YfyK2uC+zK2eRh/GsfFW
yA6FWDQYdSMcerMWS7Vqh9nQDUk9KzEKxW36XLoM2xPaXVHp1fxKyI/bfx53tsUO
2NzOMRzig3YYb8JbJ47SDkrLcnP572wHEm4Me/6W2sdYpxHa3faqboE1EehrG0lv
2bgNspmAoKPl3nuK9vvnTMyqKRqg9kwqeD7tkxja4q9P1BH+SO5uCCqAWz7hTCtv
EaOjCIBlcQz4JTHYpXETj4qJUjiX4ywJrVxM+4ckMoZJFkri5KwD9MQiVJ50CIRG
vQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 165247700366758988063369326079262176221
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-02 12:57:39 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-13 12:57:38 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Maryland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Rockville'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'National Institutes of Health'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'tfs.niaid.nih.gov'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27382527795268861912712417082232506779997325709801934188300950306577308736322539307878273832999353038819012287655764102121042687722983047769033766113419902716231620916517474694920045648611282567322227692805692985191053353406241768305857969275009555801541107146150670705658737248824599714758844952444157543310219799357343110164496566107012284673971163271166375463404439863114453959119078793074436750423964641981486661586127467390838399470982981568977080226637051138273657577709899828850234041882956825005627081005495300209113061584439718205283377067194635181933264618344245955986571977886458683929589267688784153298621
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6a9e5943e530fb2aaeb3c2923bd77b669d7bb934
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (21 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tfs.niaid.nih.gov'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		005f68a8c93bfea450e627d615a72bb24bd0e684b88dadba4c59d048acd8960e4afe8603c1f40220cc17781db4a5661de0b9f0a2cf259ef7dd24ff2c2619300a61ef5cc288753762cdcedc52f56673f8027e9966e3a80d1b94f965d99eef1446d9253bb6598e2933757934f812b827356da4499d648ffac0feb8f5a7f8b8400f4de085adacc913719e184105f52debfe807c38feb5a7e463d2916b6fb47fa7840ffcd71fc0aa35ddd65a5ef80c88f32fa30f54b5bcb5d08d14db011298281fcb6a4d6ec0963e5ac84ae804eaccfee6b8f098f298747d4c4ac50c6ad0fe0c25e6747fea3dc4381f37030aee9f2a3413d475d9aa5303b83ef9a6cd6d4501f1b3f77b