UFP1-CIPP01.nam.nsroot.net
- Citigroup Inc. -
Issued by Symantec Class 3 EV SSL CA - G3
About this certificate
This digital certificate with serial number 7a:a2:ce:36:68:65:50:96:df:7e:ae:90:4e:c6:c4:07 was issued on by Symantec Corporation.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
- Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)
Citigroup Inc.
Company registration number:
2154254
Organization: Citigroup Inc.
Organization unit: GVO
Organization: Citigroup Inc.
Organization unit: GVO
Address:
399 Park Avenue
Postal code: 10022
State / Province: New York
Locality: New York
Country: US
Postal code: 10022
State / Province: New York
Locality: New York
Country: US
Symantec Corporation
Organization:
Symantec Corporation
Organization unit: Symantec Trust Network
Organization unit: Symantec Trust Network
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 7a:a2:ce:36:68:65:50:96:df:7e:ae:90:4e:c6:c4:07Serial Number (int): 163011150063850429686103671519089968135
Serial Number lenght: 127 bits, 16 octets
SubjectKeyId:
AuthorityKeyId: 01:59:ab:e7:dd:3a:0b:59:a6:64:63:d6:cf:20:07:57:d5:91:e7:6a
Fingerprint (sha1): ae:1f:0d:7c:46:e7:0c:45:01:4b:81:24:3e:8b:b4:a3:9b:54:e2:14
Fingerprint (sha256): 01:f9:85:c3:d0:13:f0:b6:cd:0d:da:d0:70:d8:83:9b:ea:dc:f2:1d:2d:28:25:01:92:07:29:69:4f:c0:19:d4
Issuing Certificate URL: http://sr.symcb.com/sr.crt
Revocation information
OCSP Server: http://sr.symcd.comCRL Distribution Point: http://sr.symcb.com/sr.crl
Check the revocation status for certificate UFP1-CIPP01.nam.nsroot.net
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for UFP1-CIPP01.nam.nsroot.net
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
UFP1-CIPP01.nam.nsroot.net
Other certificates including the domain name nsroot.net
(limited to 100 certificates)
server-7.goldpac.apac.nsroot.net
ecmsynd-uat.nam.nsroot.net
academy-ukr.apac.nsroot.net
cdasmwp15z1.nam.nsroot.net
GTUATORG01.nam.nsroot.net
cob.citibankchina.goldpac.apac.nsroot.net
sfnamuat.wlb2.nam.nsroot.net
ctrxemeauatj.eur.nsroot.net
CAPAMS2XMLSWDC-vip.nam.nsroot.net
vm-unam2-cimp00.nam.nsroot.net
citi.retail.ips-uat.ptnr-b-data.nam.nsroot.net
digitalopsuat.nam.nsroot.net
NAMLY13ENYUAT12.namuat.nsrootuat.dyn.nsroot.net
LyncProdDR.EUR.NSROOT.NET
ch2mwpiapp1.nam.nsroot.net
shim.citiprivatebankinviewqa.emea.privatebank.citibank.com
ch2swuiapp1.nam.nsroot.net
CTRXEUXDRDC70-vip.eur.nsroot.net
speengineuat.wlb3.nam.nsroot.net
MP01VIP2.MP01.MEX.NSROOT.NET
RSGDVIPA.apac.nsroot.net
ccfundnotifications.nam.nsroot.net
webfarm-staging.eur.nsroot.net
UFP1-CIPP01.nam.nsroot.net
LYNC10GTPST01.nam.nsroot.net
m4defdc-aes10-dl360g8.eur.nsroot.net
sbc0401aconp01v.nam.nsroot.net
indo-snok-cob.eur.nsroot.net
CAPAPACPNAXMLHKAST-vip.apac.nsroot.net
lync13pooldev2.namuat.nsrootuat.dyn.nsroot.net
lacbra001as0011.lac.nsroot.net
ccooprod.nam.nsroot.net
consumer.wlb2.nam.nsroot.net
CitiDirectPRODSSO.nam.nsroot.net
sydndm3u.aus.nsroot.net
ctrxnasf-PNA.wlb2.nam.nsroot.net
citi.p-fduc-data.sec.nam.nsroot.net
hcasbat_pkr.apac.nsroot.net
uat.realtime.grosspayment.gateway.citigroup.net
jfxlbeoluat.eur.nsroot.net
vtcgtdcuweb1.nam.nsroot.net
CAPAPACTPAXMLSGCT2-vip.apac.nsroot.net
tneu.nam.nsroot.net
clouddesktop-sgdc01-vip.apac.nsroot.net
speengineuat.wlb3.nam.nsroot.net
GTUATCXC01qmv75.nam.nsroot.net
CAPAMSUATXMLRUTH-vip.nam.nsroot.net
menaisrflxu.eur.nsroot.net
GTAEMF4_QM.DIT_qmv75.nam.nsroot.net
clouddesktop-sgdc01-vip.apac.nsroot.net
acheprod.nam.nsroot.net
vusmwdc-ica01-mpx8200-callback.nam.nsroot.net
yieldbook.nam.nsroot.net
tenb51-sit-gsrenapc.nam.nsroot.net
gtcrd-cblla01u.nam.nsroot.net
MessagingclientAceInternationalPR.lac.nsroot.net
apsgontw7w2307.apac.nsroot.net
aawebsocket-uat.wlb.nam.nsroot.net
imbdlpbuf-ru03.nam.nsroot.net
ctrxemeasf-U-PNA.wlb2.eur.nsroot.net
mdefdc-vcs01-vcsco.eur.nsroot.net
esbuat.emeaconsumer.citigroup.net
fxmmilnap1u.eur.nsroot.net
CTRXAPACXDSG7-vip.apac.nsroot.net
s3dev_hrss.nam.nsroot.net
ASUSMD831FIN9V.NAM.NSROOT.NET
imbtcrelay-ru03.nam.nsroot.net
ufcappln.apac.nsroot.net
RSGDVIPA.apac.nsroot.net
banamexsoaperf.banamex.com
devcitisource.nam.nsroot.net
icl-ironkey-va01.nam.nsroot.net
smcpint.ny.ssmb.com
imbtcrelay-gt03.nam.nsroot.net
Lync13ProdDR.apac.nsroot.net
CLOUDDESKTOP-GTDC01-vip.nam.nsroot.net
mgbrdc-pexv07-c220.eur.nsroot.net
www.bnepremium.lac.nsroot.net
RUS111W-MAN02-6509-TENGE2-4.nam.nsroot.net
bolsit.nam.nsroot.net
gmi-dev.nam.nsroot.net
LyncProdDR.EUR.NSROOT.NET
jfpprdhu-rbw-maint-svr1.eur.nsroot.net
TRADERECORDSINFOINDIA.ICG.CITIGROUP.NET
citibankdr.banctecportal.eur.nsroot.net
citisft-usrtdc-pr3-edge-g1.nam.nsroot.net
apacthdsibpm001.apac.nsroot.net
rgbrdc-b2b44-2911.eur.nsroot.net
SBC1802DCONP01V.nam.nsroot.net
digitalopsdev.nam.nsroot.net
uatndm.octopus.gcbhk.apac.nsroot.net
mdefdc-vcs02-vcsex.eur.nsroot.net
uat.eoscar3.nam.nsroot.net
sd-cd7f-c896.nam.nsroot.net
ctrxlatcts.wlb.lac.nsroot.net
apac.nsroot.net
latamesbsit-icg.nam.nsroot.net
CTRXAPACXDSG7-vip.apac.nsroot.net
gmi.nam.nsroot.net
m1gbrdc-svx01-aes.eur.nsroot.net
ecmsynd-uat.nam.nsroot.net
academy-ukr.apac.nsroot.net
cdasmwp15z1.nam.nsroot.net
GTUATORG01.nam.nsroot.net
cob.citibankchina.goldpac.apac.nsroot.net
sfnamuat.wlb2.nam.nsroot.net
ctrxemeauatj.eur.nsroot.net
CAPAMS2XMLSWDC-vip.nam.nsroot.net
vm-unam2-cimp00.nam.nsroot.net
citi.retail.ips-uat.ptnr-b-data.nam.nsroot.net
digitalopsuat.nam.nsroot.net
NAMLY13ENYUAT12.namuat.nsrootuat.dyn.nsroot.net
LyncProdDR.EUR.NSROOT.NET
ch2mwpiapp1.nam.nsroot.net
shim.citiprivatebankinviewqa.emea.privatebank.citibank.com
ch2swuiapp1.nam.nsroot.net
CTRXEUXDRDC70-vip.eur.nsroot.net
speengineuat.wlb3.nam.nsroot.net
MP01VIP2.MP01.MEX.NSROOT.NET
RSGDVIPA.apac.nsroot.net
ccfundnotifications.nam.nsroot.net
webfarm-staging.eur.nsroot.net
UFP1-CIPP01.nam.nsroot.net
LYNC10GTPST01.nam.nsroot.net
m4defdc-aes10-dl360g8.eur.nsroot.net
sbc0401aconp01v.nam.nsroot.net
indo-snok-cob.eur.nsroot.net
CAPAPACPNAXMLHKAST-vip.apac.nsroot.net
lync13pooldev2.namuat.nsrootuat.dyn.nsroot.net
lacbra001as0011.lac.nsroot.net
ccooprod.nam.nsroot.net
consumer.wlb2.nam.nsroot.net
CitiDirectPRODSSO.nam.nsroot.net
sydndm3u.aus.nsroot.net
ctrxnasf-PNA.wlb2.nam.nsroot.net
citi.p-fduc-data.sec.nam.nsroot.net
hcasbat_pkr.apac.nsroot.net
uat.realtime.grosspayment.gateway.citigroup.net
jfxlbeoluat.eur.nsroot.net
vtcgtdcuweb1.nam.nsroot.net
CAPAPACTPAXMLSGCT2-vip.apac.nsroot.net
tneu.nam.nsroot.net
clouddesktop-sgdc01-vip.apac.nsroot.net
speengineuat.wlb3.nam.nsroot.net
GTUATCXC01qmv75.nam.nsroot.net
CAPAMSUATXMLRUTH-vip.nam.nsroot.net
menaisrflxu.eur.nsroot.net
GTAEMF4_QM.DIT_qmv75.nam.nsroot.net
clouddesktop-sgdc01-vip.apac.nsroot.net
acheprod.nam.nsroot.net
vusmwdc-ica01-mpx8200-callback.nam.nsroot.net
yieldbook.nam.nsroot.net
tenb51-sit-gsrenapc.nam.nsroot.net
gtcrd-cblla01u.nam.nsroot.net
MessagingclientAceInternationalPR.lac.nsroot.net
apsgontw7w2307.apac.nsroot.net
aawebsocket-uat.wlb.nam.nsroot.net
imbdlpbuf-ru03.nam.nsroot.net
ctrxemeasf-U-PNA.wlb2.eur.nsroot.net
mdefdc-vcs01-vcsco.eur.nsroot.net
esbuat.emeaconsumer.citigroup.net
fxmmilnap1u.eur.nsroot.net
CTRXAPACXDSG7-vip.apac.nsroot.net
s3dev_hrss.nam.nsroot.net
ASUSMD831FIN9V.NAM.NSROOT.NET
imbtcrelay-ru03.nam.nsroot.net
ufcappln.apac.nsroot.net
RSGDVIPA.apac.nsroot.net
banamexsoaperf.banamex.com
devcitisource.nam.nsroot.net
icl-ironkey-va01.nam.nsroot.net
smcpint.ny.ssmb.com
imbtcrelay-gt03.nam.nsroot.net
Lync13ProdDR.apac.nsroot.net
CLOUDDESKTOP-GTDC01-vip.nam.nsroot.net
mgbrdc-pexv07-c220.eur.nsroot.net
www.bnepremium.lac.nsroot.net
RUS111W-MAN02-6509-TENGE2-4.nam.nsroot.net
bolsit.nam.nsroot.net
gmi-dev.nam.nsroot.net
LyncProdDR.EUR.NSROOT.NET
jfpprdhu-rbw-maint-svr1.eur.nsroot.net
TRADERECORDSINFOINDIA.ICG.CITIGROUP.NET
citibankdr.banctecportal.eur.nsroot.net
citisft-usrtdc-pr3-edge-g1.nam.nsroot.net
apacthdsibpm001.apac.nsroot.net
rgbrdc-b2b44-2911.eur.nsroot.net
SBC1802DCONP01V.nam.nsroot.net
digitalopsdev.nam.nsroot.net
uatndm.octopus.gcbhk.apac.nsroot.net
mdefdc-vcs02-vcsex.eur.nsroot.net
uat.eoscar3.nam.nsroot.net
sd-cd7f-c896.nam.nsroot.net
ctrxlatcts.wlb.lac.nsroot.net
apac.nsroot.net
latamesbsit-icg.nam.nsroot.net
CTRXAPACXDSG7-vip.apac.nsroot.net
gmi.nam.nsroot.net
m1gbrdc-svx01-aes.eur.nsroot.net
Certificate
The complete raw certificate details for UFP1-CIPP01.nam.nsroot.net in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFoTCCBImgAwIBAgIQeqLONmhlUJbffq6QTsbEBzANBgkqhkiG9w0BAQsFADB3 MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTcwNTE2MDAwMDAwWhcNMTkwNjAz MjM1OTU5WjCCAQoxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIB AgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD VQQFEwcyMTU0MjU0MQswCQYDVQQGEwJVUzEOMAwGA1UEEQwFMTAwMjIxETAPBgNV BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECQwPMzk5IFBh cmsgQXZlbnVlMRcwFQYDVQQKDA5DaXRpZ3JvdXAgSW5jLjEMMAoGA1UECwwDR1ZP MSMwIQYDVQQDDBpVRlAxLUNJUFAwMS5uYW0ubnNyb290Lm5ldDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMxEDp8MCiVDK5u2pZ16jB6N3yIQ1F0xc9JH frT1YUfwBvu0IqA3xnxMKFZXn2093+SRi1VM2FC0IofUItsvMvUOCR/iBxy/FG+v j4/hlB9DvTg47QBWOOiYRnKIEfEBfRbpPUIabg0UPDNdOtV57WfUqFPQdnTuE18h jV8+8i9Mf1nhQZ7DrM61FuR/Xrk39Wh2FXbU9+XAYbwtJxZ3j143EWUsfZnl1jlb SU7SxcmRqrKMJsCQ8Ge6JkegfWBgEJTSWh7lGqDxU50ACBEAUshHclYex0GcVyup wqGLlZuV70xJLMsk6bIKSfCxYqtMpFGiKMDXOpilk7zpLeubD4MCAwEAAaOCAZIw ggGOMCUGA1UdEQQeMByCGlVGUDEtQ0lQUDAxLm5hbS5uc3Jvb3QubmV0MAkGA1Ud EwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF BQcDAjBvBgNVHSAEaDBmMFsGC2CGSAGG+EUBBxcGMEwwIwYIKwYBBQUHAgEWF2h0 dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5z eW1jYi5jb20vcnBhMAcGBWeBDAEBMB8GA1UdIwQYMBaAFAFZq+fdOgtZpmRj1s8g B1fVkedqMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3Iu Y3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NyLnN5bWNk LmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NyLnN5bWNiLmNvbS9zci5jcnQwEwYK KwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBABv/kzY8zxweVV+8 3eY7T3va9HAbnWSf7X6P6cX7Df0lmgFf65fQwp2iScBvOVw4cQGwtMHtleM1OS+m nRzHBTfFSph9YQe8yDfXABZ7XJWMhCGyfQRQoVH518qLZEfcVXli7JyuBe0g5pbg GcmjhNwHhR4zhbIzdkvVvoR8eAKrDwBszC+dreMAJMVjhrhDWnWmGvxMgR7xJG2R pCN8Y25pV3hiRcvuPtD9WHrycm+jE9aiXqacZwO4t0uSQvDsvobFlhxIeEVsxLrQ OfuFTeg9PM5ajHG79R1K/X8WlbRYJ6Xxca3NW3gZdfkDuR2C6lZWpiQKF59pEHAj AVoOIxg= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEQOnwwKJUMrm7alnXqM Ho3fIhDUXTFz0kd+tPVhR/AG+7QioDfGfEwoVlefbT3f5JGLVUzYULQih9Qi2y8y 9Q4JH+IHHL8Ub6+Pj+GUH0O9ODjtAFY46JhGcogR8QF9Fuk9QhpuDRQ8M1061Xnt Z9SoU9B2dO4TXyGNXz7yL0x/WeFBnsOszrUW5H9euTf1aHYVdtT35cBhvC0nFneP XjcRZSx9meXWOVtJTtLFyZGqsowmwJDwZ7omR6B9YGAQlNJaHuUaoPFTnQAIEQBS yEdyVh7HQZxXK6nCoYuVm5XvTEksyyTpsgpJ8LFiq0ykUaIowNc6mKWTvOkt65sP gwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 163011150063850429686103671519089968135 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Symantec Corporation' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Symantec Trust Network' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Symantec Class 3 EV SSL CA - G3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-05-16 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-03 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Delaware' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Private Organization' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '2154254' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '10022' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'New York' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'New York' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '399 Park Avenue' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Citigroup Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'GVO' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'UFP1-CIPP01.nam.nsroot.net' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25786174426975680644567194369510993630821209249363839419889735141354999935155067287134035103615214787028275126914080783461338632630129625374526985731358304164614762241637719590493556767139005965775326531829939384016702404670835247752888215741290062726049025525419752484219339015804507079715904566002378116840860162855298527169289732297764739597668337919392397568763574506967469820971790166943982335218582203689989930884142021649737078928205143982124543879676656638452068087726065987564855482095699798934937255405584896265519076222646997737610148697607900980618075518600188046753098926894151113424284812161406767665027 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'UFP1-CIPP01.nam.nsroot.net' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.113733.1.7.23.6 (VeriSign EV policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://d.symcb.com/cps' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://d.symcb.com/rpa' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0159abe7dd3a0b59a66463d6cf200757d591e76a . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sr.symcb.com/sr.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sr.symcd.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sr.symcb.com/sr.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 001bff93363ccf1c1e555fbcdde63b4f7bdaf4701b9d649fed7e8fe9c5fb0dfd259a015feb97d0c29da249c06f395c387101b0b4c1ed95e335392fa69d1cc70537c54a987d6107bcc837d700167b5c958c8421b27d0450a151f9d7ca8b6447dc557962ec9cae05ed20e696e019c9a384dc07851e3385b233764bd5be847c7802ab0f006ccc2f9dade30024c56386b8435a75a61afc4c811ef1246d91a4237c636e6957786245cbee3ed0fd587af2726fa313d6a25ea69c6703b8b74b9242f0ecbe86c5961c4878456cc4bad039fb854de83d3cce5a8c71bbf51d4afd7f1695b45827a5f171adcd5b781975f903b91d82ea5656a6240a179f69107023015a0e2318