nextgenerationsupplychains.live.ft.com
Issued by R3
About this certificate
This digital certificate with serial number 04:2c:41:a0:23:84:c2:ae:dd:1b:c9:9a:5e:3c:b2:e8:2f:f4 was issued on by Let's Encrypt.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=nextgenerationsupplychains.live.ft.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 04:2c:41:a0:23:84:c2:ae:dd:1b:c9:9a:5e:3c:b2:e8:2f:f4Serial Number (int): 363508799179188369151888286196114529988596
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 1b:f7:c8:41:3b:31:53:55:b3:67:c4:1a:6f:96:53:45:ac:01:48:cb
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 4d:82:64:94:00:ed:50:bf:47:c7:ba:59:82:71:2a:25:54:52:e4:b9
Fingerprint (sha256): 02:00:90:55:f9:88:6d:98:f2:4b:d9:23:98:b5:2a:0f:0c:01:ac:bc:2a:7f:1b:cd:fe:15:7f:1d:00:5a:80:3d
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate nextgenerationsupplychains.live.ft.com
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for nextgenerationsupplychains.live.ft.com
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
nextgenerationsupplychains.live.ft.com
Other certificates including the domain name ft.com
(limited to 100 certificates)
f4.shared.global.fastly.net
datasovereigntyandthecloud.live.ft.com
h2.shared.global.fastly.net
globalcarbonforum.live.ft.com
dns-vetting1c.map.fastly.net
e.ssl.fastly.net
ft-nbh-ise-01.osb.ft.com
cryptowinter.live.ft.com
o2.shared.global.fastly.net
dns-vetting2.map.fastly.net
email.newsletters.ft.com
akamaisecure3.qualtrics.com
dns-vetting1-mims-pawel.map.fastly.net
www.digitaldialoguesbroadcast.live.ft.com
o2.shared.global.fastly.net
h2.shared.global.fastly.net
netzero-newyork.live.ft.com
futurecitiessingapore.live.ft.com
artificialintelligence.live.ft.com
int-ic.glb.ft.com
o2.shared.global.fastly.net
r.ssl.fastly.net
www.lantern.ft.com
dns-vetting1f.map.fastly.net
h2.shared.global.fastly.net
luxuryglobal.live.ft.com
energydecadeofdelivery.live.ft.com
dns-vetting1-mims-pawel.map.fastly.net
h2.shared.global.fastly.net
dns-vetting1g.map.fastly.net
dns-vetting1d.map.fastly.net
forums.ft.com
discoverb2b.ft.com
dns-vetting1d.map.fastly.net
marketingservices.ft.com
santander.ft.com
etnotalks.live.ft.com
education.ft.com
www.ftbroadcast2.live.ft.com
luxuryglobal2021.live.ft.com
dns-vetting1-mims-pawel.map.fastly.net
intelligentbusiness2020.live.ft.com
f3.shared.global.fastly.net
changes.in.ft.com
banking.live.ft.com
dns-vetting1f.map.fastly.net
commoditiesglobal.live.ft.com
nextgenerationsupplychains.live.ft.com
e1p-internal-sandbox.mrooms.net
intelligentdocumentprocessing.live.ft.com
futurecitieslondon.live.ft.com
dns-vetting1.map.fastly.net
indiainvestment.live.ft.com
pharma2022.live.ft.com
o2.shared.global.fastly.net
intelligentdocumentprocessing.live.ft.com
dns-vetting1h.map.fastly.net
heroku-ft-app-remove-long-pres-aiiucp.apps.in.ft.com
pharmaanalytics.live.ft.com
f4.shared.global.fastly.net
dns-vetting1g.map.fastly.net
o2.shared.global.fastly.net
leveragingdigitisation.live.ft.com
womeneurope2024.live.ft.com
dns-vetting1.map.fastly.net
futurecitiesjohannesburg.live.ft.com
industrialinnovation-europe.live.ft.com
climatecapitalfinance.live.ft.com
about.ft.com
r.ssl.fastly.net
eff22.live.ft.com
mai.live.ft.com
asiagreentech2023.live.ft.com
www.ft.com
ft.map.fastly.net
*.memb.ft.com
e1p-internal-sandbox.mrooms.net
scienceatstake.com
ft.com
dns-vetting1g.map.fastly.net
r.ssl.fastly.net
o2.shared.global.fastly.net
dns-vetting1e.map.fastly.net
dns-vetting2.map.fastly.net
operationalefficiency.live.ft.com
api.workfit.com
sendgrid.trytuesday.com
zenith.ft.com
dns-vetting1e.map.fastly.net
heroku-ft-app-at-4199-remove-c-f4qu5g.apps.in.ft.com
h2.shared.global.fastly.net
dns-vetting1g.map.fastly.net
retirementstrategies.live.ft.com
acceleratingequality.live.ft.com
santander.ft.com
i.subs.ft.com
corporatesustainabilityai.live.ft.com
inboundjapan.live.ft.com
o2.shared.global.fastly.net
r.ssl.fastly.net
datasovereigntyandthecloud.live.ft.com
h2.shared.global.fastly.net
globalcarbonforum.live.ft.com
dns-vetting1c.map.fastly.net
e.ssl.fastly.net
ft-nbh-ise-01.osb.ft.com
cryptowinter.live.ft.com
o2.shared.global.fastly.net
dns-vetting2.map.fastly.net
email.newsletters.ft.com
akamaisecure3.qualtrics.com
dns-vetting1-mims-pawel.map.fastly.net
www.digitaldialoguesbroadcast.live.ft.com
o2.shared.global.fastly.net
h2.shared.global.fastly.net
netzero-newyork.live.ft.com
futurecitiessingapore.live.ft.com
artificialintelligence.live.ft.com
int-ic.glb.ft.com
o2.shared.global.fastly.net
r.ssl.fastly.net
www.lantern.ft.com
dns-vetting1f.map.fastly.net
h2.shared.global.fastly.net
luxuryglobal.live.ft.com
energydecadeofdelivery.live.ft.com
dns-vetting1-mims-pawel.map.fastly.net
h2.shared.global.fastly.net
dns-vetting1g.map.fastly.net
dns-vetting1d.map.fastly.net
forums.ft.com
discoverb2b.ft.com
dns-vetting1d.map.fastly.net
marketingservices.ft.com
santander.ft.com
etnotalks.live.ft.com
education.ft.com
www.ftbroadcast2.live.ft.com
luxuryglobal2021.live.ft.com
dns-vetting1-mims-pawel.map.fastly.net
intelligentbusiness2020.live.ft.com
f3.shared.global.fastly.net
changes.in.ft.com
banking.live.ft.com
dns-vetting1f.map.fastly.net
commoditiesglobal.live.ft.com
nextgenerationsupplychains.live.ft.com
e1p-internal-sandbox.mrooms.net
intelligentdocumentprocessing.live.ft.com
futurecitieslondon.live.ft.com
dns-vetting1.map.fastly.net
indiainvestment.live.ft.com
pharma2022.live.ft.com
o2.shared.global.fastly.net
intelligentdocumentprocessing.live.ft.com
dns-vetting1h.map.fastly.net
heroku-ft-app-remove-long-pres-aiiucp.apps.in.ft.com
pharmaanalytics.live.ft.com
f4.shared.global.fastly.net
dns-vetting1g.map.fastly.net
o2.shared.global.fastly.net
leveragingdigitisation.live.ft.com
womeneurope2024.live.ft.com
dns-vetting1.map.fastly.net
futurecitiesjohannesburg.live.ft.com
industrialinnovation-europe.live.ft.com
climatecapitalfinance.live.ft.com
about.ft.com
r.ssl.fastly.net
eff22.live.ft.com
mai.live.ft.com
asiagreentech2023.live.ft.com
www.ft.com
ft.map.fastly.net
*.memb.ft.com
e1p-internal-sandbox.mrooms.net
scienceatstake.com
ft.com
dns-vetting1g.map.fastly.net
r.ssl.fastly.net
o2.shared.global.fastly.net
dns-vetting1e.map.fastly.net
dns-vetting2.map.fastly.net
operationalefficiency.live.ft.com
api.workfit.com
sendgrid.trytuesday.com
zenith.ft.com
dns-vetting1e.map.fastly.net
heroku-ft-app-at-4199-remove-c-f4qu5g.apps.in.ft.com
h2.shared.global.fastly.net
dns-vetting1g.map.fastly.net
retirementstrategies.live.ft.com
acceleratingequality.live.ft.com
santander.ft.com
i.subs.ft.com
corporatesustainabilityai.live.ft.com
inboundjapan.live.ft.com
o2.shared.global.fastly.net
r.ssl.fastly.net
Certificate
The complete raw certificate details for nextgenerationsupplychains.live.ft.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGGDCCBQCgAwIBAgISBCxBoCOEwq7dG8maXjyy6C/0MA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDA0MTIwNzQzNTBaFw0yNDA3MTEwNzQzNDlaMDExLzAtBgNVBAMT Jm5leHRnZW5lcmF0aW9uc3VwcGx5Y2hhaW5zLmxpdmUuZnQuY29tMIICIjANBgkq hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArMN9Y1NGaxQ90ZOzOC1EwtL0G4hit5Ce BBhXMJ8rse33U4ucmtnUhXceF2TkGtRpdUrE0z3muzoGgxgoKzpQPdk1BC3cgBhi B+WLqWhnxYIk4zaN6bqe0HA2abHZCE+Sti1t7KmJP9w8dR7M/zb9aBrFFGF/2qO3 I+5XdeKzM91BQuC8azG7u5Aq2FvtD6NwQsYG5GtzK7FYctyZjbuFa1m+IUst34tM UHuH5OaFl1OjtqS3rKnBCjSt4Sf9wNFyosOoJuddt2H518lx8vkpJSay2SJipMCl 96eVq8emUfFWFBX12ctaPQx0aOVBBR3CnRCuZpkwagm+62FP8Ihc8et/YjTExrtZ c2jeRicmL2dYL+byjXUWnBD3cIEfgIIyOjux7WVhHRxF57fIRBExiNrRZN7uyyaw EpmvDRsU6LZUENcOb+NV/2MHCSV7n/sb45FjIBMm+2vIFpGd3kTkAERZzEMgp/u5 2ZwRESObYodHEtQDn17e7yGK2TtUtsBHGvrQgu5jupmPFHfb5Nz/qrHxxYQnWUWu T6P6B+kVk2QhSSWL7iA95ActjzAt38GiOhMotxaWD3/TmePZbW7sVD0CQp+51wZB jdLJqy93ERV1r4k/7C0g4XrCT7TgS8RaTkp5djozHOLm+/qIokBHK2Q88AY6hHr0 MmyQt4bTt7kCAwEAAaOCAicwggIjMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUG/fI QTsxU1WzZ8Qab5ZTRawBSMswHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsU wsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5j ci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wMQYDVR0R BCowKIImbmV4dGdlbmVyYXRpb25zdXBwbHljaGFpbnMubGl2ZS5mdC5jb20wEwYD VR0gBAwwCjAIBgZngQwBAgEwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQA7U3d1 Pi25gE6LMFsG/kA7Z9hPw/THvQANLXJv4frUFwAAAY7RejXdAAAEAwBGMEQCIBYF wf3ovMLEy00nPbKfx0E5L52VMptnDu0Sm38Tlmb/AiAR0gchD4ouEgnf3Eie5ifD 8DryEaa4K/xdlXqCP0Vs0wB2AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s5 2IRzAAABjtF6Nd0AAAQDAEcwRQIgKPcFi7o5T1VjId7JqeAVc4v5qE3jRatMFp17 DVcEOp4CIQDYwQbRVglMMNxnaelxKWeaGKpM5oSDYoQjtNa3uviOLzANBgkqhkiG 9w0BAQsFAAOCAQEAFT3nXVepgxe+JjxaOTxg+AnOpDxzD2qkSucr2r41btyB+IrT HSKcrmLt7gYozvZQhU84sE9IlxGPqWI732z81zchLRtCAx+3MFZNsYyCDqATqIRl ug/y62wUBanTr5G9P2dAldg154fT4ZA4IpUL9FhYPL4nNB+2u5O3AuJrxzRlK1Ou v8BkudDvZUu8mgEes1nsTpg/VtopTTHF6ByA1M+4Q4RMC2ifxYkEYtbRr4ugIhBg mY10TjcpLdr4X//PX9jbjNiLRKJMJ8F9AS8Dc9Abg7oT6CmR5m6/ck1cLRQuTHvu eVJPs5pBpwwt0FZ/RNkdnLVGxvM8c5YqzA7q1Q== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArMN9Y1NGaxQ90ZOzOC1E wtL0G4hit5CeBBhXMJ8rse33U4ucmtnUhXceF2TkGtRpdUrE0z3muzoGgxgoKzpQ Pdk1BC3cgBhiB+WLqWhnxYIk4zaN6bqe0HA2abHZCE+Sti1t7KmJP9w8dR7M/zb9 aBrFFGF/2qO3I+5XdeKzM91BQuC8azG7u5Aq2FvtD6NwQsYG5GtzK7FYctyZjbuF a1m+IUst34tMUHuH5OaFl1OjtqS3rKnBCjSt4Sf9wNFyosOoJuddt2H518lx8vkp JSay2SJipMCl96eVq8emUfFWFBX12ctaPQx0aOVBBR3CnRCuZpkwagm+62FP8Ihc 8et/YjTExrtZc2jeRicmL2dYL+byjXUWnBD3cIEfgIIyOjux7WVhHRxF57fIRBEx iNrRZN7uyyawEpmvDRsU6LZUENcOb+NV/2MHCSV7n/sb45FjIBMm+2vIFpGd3kTk AERZzEMgp/u52ZwRESObYodHEtQDn17e7yGK2TtUtsBHGvrQgu5jupmPFHfb5Nz/ qrHxxYQnWUWuT6P6B+kVk2QhSSWL7iA95ActjzAt38GiOhMotxaWD3/TmePZbW7s VD0CQp+51wZBjdLJqy93ERV1r4k/7C0g4XrCT7TgS8RaTkp5djozHOLm+/qIokBH K2Q88AY6hHr0MmyQt4bTt7kCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 363508799179188369151888286196114529988596 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-12 07:43:50 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-11 07:43:49 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nextgenerationsupplychains.live.ft.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 704814126535442531110009807259876283227518834652791786463931368927752852536225764372238626112730861416120341351956392138437130901573302412704230116209986688497822369100917986611403977650573773354615490054713578756292065055920965407723454829695041030557301372236697915686287828177343063074096884130280143105541869787524076480201873406363662160140360905533846731681422734112365392527898510827118338265074623954303291527182290684789969495737450296741564307637844378783975163563152428241156589387325932237295039508157098048974423048719186896383345796583534552174424654673458266214159898566186144485204470356950992473422723407143775400662350928045480409731012124294952148497054171541284148432323455366640272597702698575450051834472675554366594586603429277781169396855642044066446182994364459192602413301403779925263259042139021144189239844446652802441151958983692851498523933647701823555548013714095252298624325268283153664228495724989437634795927956988913638031535272427666869855313054872052364465710094751957857143401551345430902659714815097317481910792057982640086560523560331604526855465648344048115930223175996953973939305957710340208570833999386610799613827011276247009584907813082778131841735512006210855709871875346593568781481913 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 1bf7c8413b315355b367c41a6f965345ac0148cb . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (42 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nextgenerationsupplychains.live.ft.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes) 00ef0075003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018ed17a35dd000004030046304402201605c1fde8bcc2c4cb4d273db29fc741392f9d95329b670eed129b7f139666ff022011d207210f8a2e1209dfdc489ee627c3f03af211a6b82bfc5d957a823f456cd300760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018ed17a35dd0000040300473045022028f7058bba394f556321dec9a9e015738bf9a84de345ab4c169d7b0d57043a9e022100d8c106d156094c30dc6769e97129679a18aa4ce68483628423b4d6b7baf88e2f . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00153de75d57a98317be263c5a393c60f809cea43c730f6aa44ae72bdabe356edc81f88ad31d229cae62edee0628cef650854f38b04f4897118fa9623bdf6cfcd737212d1b42031fb730564db18c820ea013a88465ba0ff2eb6c1405a9d3af91bd3f674095d835e787d3e1903822950bf458583cbe27341fb6bb93b702e26bc734652b53aebfc064b9d0ef654bbc9a011eb359ec4e983f56da294d31c5e81c80d4cfb843844c0b689fc5890462d6d1af8ba0221060998d744e37292ddaf85fffcf5fd8db8cd88b44a24c27c17d012f0373d01b83ba13e82991e66ebf724d5c2d142e4c7bee79524fb39a41a70c2dd0567f44d91d9cb546c6f33c73962acc0eead5