mrdivee2-02.netlab.roche.com

Issued by GeoTrust RSA CA 2018

About this certificate

This digital certificate with serial number 03:01:e4:c3:89:30:2b:ce:12:3c:dd:e5:26:96:b6:36 was issued on by DigiCert Inc.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=mrdivee2-02.netlab.roche.com

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:01:e4:c3:89:30:2b:ce:12:3c:dd:e5:26:96:b6:36
Serial Number (int): 3997516165552286956710430753676506678
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 64:66:af:af:77:f6:c0:22:fa:65:21:30:2c:9c:69:16:42:2c:3c:cd
AuthorityKeyId: 90:58:ff:b0:9c:75:a8:51:54:77:b1:ed:f2:a3:43:16:38:9e:6c:c5

Fingerprint (sha1): 78:af:90:0c:d8:a9:2c:ee:e6:4a:55:3a:d8:92:14:79:d1:b9:e6:bb
Fingerprint (sha256): 02:45:17:a0:6a:ea:bd:45:1b:13:44:ec:24:11:10:c8:31:60:3a:83:a7:ec:b3:e6:48:91:a4:ed:98:1e:5a:b3

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustRSACA2018.crl

Check the revocation status for certificate mrdivee2-02.netlab.roche.com

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for mrdivee2-02.netlab.roche.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

mrdivee2-02.netlab.roche.com
glomra.netlab.roche.com
netlab.roche.com
mrdivee2.netlab.roche.com

Other certificates including the domain name roche.com

(limited to 100 certificates)
involve.roche.com
www.hpv16and18.com
easydrive-uat.roche.com
advancedanalytics.roche.com
main.rhelp.roche.com
sni.cloudflaressl.com
magentocloud28.map.fastly.net
rbalvprexd0.bas.roche.com
cieas01.roche.com
harmonytest.de
sequencing.roche.com
esource.roche.com
e-medical.roche.com
esource.roche.com
coaguchek.com
rsmsourcing.roche.com
deimos.roche.com
cert2.roche.com
sni.cloudflaressl.com
cdn.appstore.gene.com
shpivee1-01.roche.com
eews-dev.roche.com
myaccess.roche.com
ican.roche.com
sni.cloudflaressl.com
sni.cloudflaressl.com
cert3.roche.com
sni.cloudflaressl.com
sni.cloudflaressl.com
mrdivee2-02.netlab.roche.com
rodip.roche.com
nsrdcongresses.roche.com
rbavxsentry11.bas.roche.com
mobilesolution-dev.roche.com
wamua.roche.com
dialog-62-test.roche.com
rocheggcpac.roche.com
san-003.ceros.com
video.hive.roche.com
sni.cloudflaressl.com
rssg.roche.com
mftemeaext.roche.com
anadisuat01.sc1.roche.com
careers.roche.com
flow.roche.com
cert3.roche.com
sni.cloudflaressl.com
misp.roche.com
cert2.roche.com
careers.roche.com
api.rockwizz.roche.com
bitbucket-nala-qa.roche.com
careers.roche.com
wamdev.roche.com
sonar-dev-old.roche.com
diauxhub.roche.com
careers.roche.com
globalfms.roche.com
san-003.ceros.com
sc1lvflexq2.sc1.roche.com
easydrive-dev.roche.com
send-tst.roche.com
indigrow.roche.com
careers.roche.com
careers.roche.com
env5-remotedashboard.roche.com
mrd25.me
cert2.roche.com
*.esrv-hub-uat.roche.com
sb.eu.phcaa.science.roche.com
san-003.ceros.com
extaccess-nala.roche.com
magentocloud28.map.fastly.net
go.roche.com
magentocloud32.map.fastly.net
sni.cloudflaressl.com
ssl882748.cloudflaressl.com
sni.cloudflaressl.com
esrv-marketplace-dev.roche.com
careers.roche.com
imcore.roche.com
booster.roche.com
sni.cloudflaressl.com
akamai-san195.exacttarget.com
raumbuch.roche.com
pitas01.roche.com
sni.cloudflaressl.com
c1edb.roche.com
magentocloud45.map.fastly.net
shpivee1-01.roche.com
hpv16and18.com
hivemind.roche.com
searchsquad.roche.com
cferondanetrochedia-qa.roche.com
esign.roche.com
diaitsupport.roche.com
sni.cloudflaressl.com
magentocloud32.map.fastly.net
r32web.sap.roche.com
apis.cwp.roche.com

Certificate

The complete raw certificate details for mrdivee2-02.netlab.roche.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGGDCCBQCgAwIBAgIQAwHkw4kwK84SPN3lJpa2NjANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe
Fw0xODAyMjAwMDAwMDBaFw0yMDAyMjAxMjAwMDBaMCcxJTAjBgNVBAMTHG1yZGl2
ZWUyLTAyLm5ldGxhYi5yb2NoZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQC65ydHYT4bwMf85GDdg23pyexPXsHule05LJloZT9kK6M4csUez8NZ
oLdzjsI5vMb8pUzS6SK9JHTwCa5LLQiHHNsSu/h0US2DByEaUt/biUQMA1sjfPXD
4pjCHDMkmYHLmrLio/7bsIVheMDP8TN6YyEb5XWWOrf9KRRgdSEy8rW1E3FLh9hF
uzszObgsAQJ2yPDzCUe7kbt6U7zNvE0963w1cEhYr/HLE2cVdPpQzkeBwkFjF5KR
Umj7B3jFhZV00gkEgbH+HVKC90K0PZAwpBeFpWkThk56eTiwLAfkL30BNRGc2ad/
oxMcBFylWF987/GE7AjpFqvqQuaIxbzJH8Tpzx0r0lHz6fGUpCn/CYlYMQALOPuL
hwWmnzjm8NNcOXITb9psgV1aBBD2dV6CXhyzrBqmtY81jTQ+T4EGTk4e1zq7Xpbi
iovyTORQA7kP8vDJYOjr1l4sx5Ca7XTskFg/K9PTlwLvlU47CahaVVYsXcQtTbMM
xRuBSISfbBOU+GArYsy0FUNxewZhj/xfG3mifmL4p/5VNgJgGA2Gql+kIs4TSJZ4
PIx4JqIk5xLE46/bM58M0hoLEZ0BC08kO1/LrPW09OEiWBDZJPKo7xDcTs9K35XX
ZZU201yJRD7BlvW9DVNz7R25yyzXUDwb+fZaXA1X66t9OBHvuXAqtQIDAQABo4IC
BzCCAgMwHwYDVR0jBBgwFoAUkFj/sJx1qFFUd7Ht8qNDFjiebMUwHQYDVR0OBBYE
FGRmr6939sAi+mUhMCycaRZCLDzNMG0GA1UdEQRmMGSCHG1yZGl2ZWUyLTAyLm5l
dGxhYi5yb2NoZS5jb22CF2dsb21yYS5uZXRsYWIucm9jaGUuY29tghBuZXRsYWIu
cm9jaGUuY29tghltcmRpdmVlMi5uZXRsYWIucm9jaGUuY29tMA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPgYDVR0fBDcwNTAz
oDGgL4YtaHR0cDovL2NkcC5nZW90cnVzdC5jb20vR2VvVHJ1c3RSU0FDQTIwMTgu
Y3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAECMCowKAYIKwYBBQUHAgEWHGh0dHBz
Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIBMHUGCCsGAQUFBwEBBGkw
ZzAmBggrBgEFBQcwAYYaaHR0cDovL3N0YXR1cy5nZW90cnVzdC5jb20wPQYIKwYB
BQUHMAKGMWh0dHA6Ly9jYWNlcnRzLmdlb3RydXN0LmNvbS9HZW9UcnVzdFJTQUNB
MjAxOC5jcnQwCQYDVR0TBAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG
9w0BAQsFAAOCAQEABb6eRIWZ0YY6s8UMgMqvzaVyaYwTW6OZe93MIavKPhnpoOhm
itGqucbwS+j9FQ6JZ3Uhb1p+IHbkQmCXHyRILp1nXjYxmKfXllm7qZc+WHE0m7Lk
kLedJnZJDBvvQXLDKjCmzNEv0VBV4eSHKDbBORMNqyKLYZjmZbNAr+lXdjrYvQpX
uW7LSGwoSDmVSrg2pnQFxMTTwtJDITaF+BLU1mDkqfB6d1Epzs4jnrQTuMIfx2J4
eoIy4jgEqJRhQmpPzBpvwp7xE0HdXR7g/2FqtPDhKDUKrWXppA0n5Ke6x1TzTp1z
sd8K9yznY/zhc0Ha2yg1IXYBW3JBZ1d7bFUAOQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuucnR2E+G8DH/ORg3YNt
6cnsT17B7pXtOSyZaGU/ZCujOHLFHs/DWaC3c47CObzG/KVM0ukivSR08AmuSy0I
hxzbErv4dFEtgwchGlLf24lEDANbI3z1w+KYwhwzJJmBy5qy4qP+27CFYXjAz/Ez
emMhG+V1ljq3/SkUYHUhMvK1tRNxS4fYRbs7Mzm4LAECdsjw8wlHu5G7elO8zbxN
Pet8NXBIWK/xyxNnFXT6UM5HgcJBYxeSkVJo+wd4xYWVdNIJBIGx/h1SgvdCtD2Q
MKQXhaVpE4ZOenk4sCwH5C99ATURnNmnf6MTHARcpVhffO/xhOwI6Rar6kLmiMW8
yR/E6c8dK9JR8+nxlKQp/wmJWDEACzj7i4cFpp845vDTXDlyE2/abIFdWgQQ9nVe
gl4cs6waprWPNY00Pk+BBk5OHtc6u16W4oqL8kzkUAO5D/LwyWDo69ZeLMeQmu10
7JBYPyvT05cC75VOOwmoWlVWLF3ELU2zDMUbgUiEn2wTlPhgK2LMtBVDcXsGYY/8
Xxt5on5i+Kf+VTYCYBgNhqpfpCLOE0iWeDyMeCaiJOcSxOOv2zOfDNIaCxGdAQtP
JDtfy6z1tPThIlgQ2STyqO8Q3E7PSt+V12WVNtNciUQ+wZb1vQ1Tc+0ducss11A8
G/n2WlwNV+urfTgR77lwKrUCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 3997516165552286956710430753676506678
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-02-20 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-02-20 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'mrdivee2-02.netlab.roche.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 762497483102583914847134826820675986823684860275504438328231042283517214663062322413059485404814788622763400865204699563310454120110636423719843044267097973442362218258280947404797313231459256166555037271979581955273197124322950275058427825199525659903503566046940724252836592787913669086306941224750697596512012711124663112233806372735024091581985847108243295966875556775110805097099577866155905722771235188011994270655892036363122353205382525418074884599799907599148192158021077133374263844450264939089592310411640138458703793875319080716395167732811525233955024516839269843246214588730380700420647332354640133372432106963197428736271374311145794867633511973686410954448903541229246992701636763082538567582285761299036945472351757918693998803380027791009103144654300673169698682026005274787316279998009647351373747576168142893849907122917468486357352802765803718493987958878938962977406674674112506270329004237171693880616434050275897803770625773771320850112751493440067090354763769681727281039986815591184394608814377129740741486587732644963859538842942203948768253508710817812960526188144547588341128748937910361270375204686210380207903905280409433351224480004105455354027681846986714506008532557977597137494834667542785261841077
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9058ffb09c75a8515477b1edf2a34316389e6cc5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6466afaf77f6c022fa6521302c9c6916422c3ccd
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (102 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mrdivee2-02.netlab.roche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'glomra.netlab.roche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'netlab.roche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mrdivee2.netlab.roche.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0005be9e448599d1863ab3c50c80caafcda572698c135ba3997bddcc21abca3e19e9a0e8668ad1aab9c6f04be8fd150e896775216f5a7e2076e44260971f24482e9d675e363198a7d79659bba9973e5871349bb2e490b79d2676490c1bef4172c32a30a6ccd12fd15055e1e4872836c139130dab228b6198e665b340afe957763ad8bd0a57b96ecb486c284839954ab836a67405c4c4d3c2d243213685f812d4d660e4a9f07a775129cece239eb413b8c21fc762787a8232e23804a89461426a4fcc1a6fc29ef11341dd5d1ee0ff616ab4f0e128350aad65e9a40d27e4a7bac754f34e9d73b1df0af72ce763fce17341dadb28352176015b724167577b6c550039