citi.p-fduc-data.sec.nam.nsroot.net
- Citigroup Inc. -
Issued by DigiCert SHA2 Extended Validation Server CA
About this certificate
This digital certificate with serial number 04:f6:8c:69:4e:32:7a:9f:41:ca:4d:66:7b:6c:cf:33 was issued on by DigiCert Inc.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Citigroup Inc.
Company registration number:
2154254
Organization: Citigroup Inc.
Organization unit: Citi Cards
Organization: Citigroup Inc.
Organization unit: Citi Cards
State / Province:
New York
Locality: New York
Country: US
Locality: New York
Country: US
DigiCert Inc
Organization:
DigiCert Inc
Organization unit: www.digicert.com
Organization unit: www.digicert.com
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:f6:8c:69:4e:32:7a:9f:41:ca:4d:66:7b:6c:cf:33Serial Number (int): 6597064890841662443378081571520958259
Serial Number lenght: 123 bits, 16 octets
SubjectKeyId: 36:80:31:20:1c:97:2f:c4:38:71:54:de:35:3f:95:63:73:fa:8c:76
AuthorityKeyId: 3d:d3:50:a5:d6:a0:ad:ee:f3:4a:60:0a:65:d3:21:d4:f8:f8:d6:0f
Fingerprint (sha1): 17:08:c9:97:e7:74:d7:61:56:bc:d2:60:a0:e1:55:ea:a4:e1:ca:73
Fingerprint (sha256): 02:73:88:1f:b8:3c:28:51:76:51:4d:0a:5e:d0:10:aa:f3:81:66:05:24:54:30:39:a0:7d:b2:9b:59:61:90:39
Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt
Revocation information
OCSP Server: http://ocsp.digicert.comCRL Distribution Point: http://crl3.digicert.com/sha2-ev-server-g2.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ev-server-g2.crl
Check the revocation status for certificate citi.p-fduc-data.sec.nam.nsroot.net
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for citi.p-fduc-data.sec.nam.nsroot.net
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
citi.p-fduc-data.sec.nam.nsroot.net
Other certificates including the domain name nsroot.net
(limited to 100 certificates)
server-7.goldpac.apac.nsroot.net
ecmsynd-uat.nam.nsroot.net
academy-ukr.apac.nsroot.net
cdasmwp15z1.nam.nsroot.net
GTUATORG01.nam.nsroot.net
cob.citibankchina.goldpac.apac.nsroot.net
sfnamuat.wlb2.nam.nsroot.net
ctrxemeauatj.eur.nsroot.net
CAPAMS2XMLSWDC-vip.nam.nsroot.net
vm-unam2-cimp00.nam.nsroot.net
citi.retail.ips-uat.ptnr-b-data.nam.nsroot.net
digitalopsuat.nam.nsroot.net
NAMLY13ENYUAT12.namuat.nsrootuat.dyn.nsroot.net
LyncProdDR.EUR.NSROOT.NET
ch2mwpiapp1.nam.nsroot.net
shim.citiprivatebankinviewqa.emea.privatebank.citibank.com
ch2swuiapp1.nam.nsroot.net
CTRXEUXDRDC70-vip.eur.nsroot.net
speengineuat.wlb3.nam.nsroot.net
MP01VIP2.MP01.MEX.NSROOT.NET
RSGDVIPA.apac.nsroot.net
ccfundnotifications.nam.nsroot.net
webfarm-staging.eur.nsroot.net
UFP1-CIPP01.nam.nsroot.net
LYNC10GTPST01.nam.nsroot.net
m4defdc-aes10-dl360g8.eur.nsroot.net
sbc0401aconp01v.nam.nsroot.net
indo-snok-cob.eur.nsroot.net
CAPAPACPNAXMLHKAST-vip.apac.nsroot.net
lync13pooldev2.namuat.nsrootuat.dyn.nsroot.net
lacbra001as0011.lac.nsroot.net
ccooprod.nam.nsroot.net
consumer.wlb2.nam.nsroot.net
CitiDirectPRODSSO.nam.nsroot.net
sydndm3u.aus.nsroot.net
ctrxnasf-PNA.wlb2.nam.nsroot.net
citi.p-fduc-data.sec.nam.nsroot.net
hcasbat_pkr.apac.nsroot.net
uat.realtime.grosspayment.gateway.citigroup.net
jfxlbeoluat.eur.nsroot.net
vtcgtdcuweb1.nam.nsroot.net
CAPAPACTPAXMLSGCT2-vip.apac.nsroot.net
tneu.nam.nsroot.net
clouddesktop-sgdc01-vip.apac.nsroot.net
speengineuat.wlb3.nam.nsroot.net
GTUATCXC01qmv75.nam.nsroot.net
CAPAMSUATXMLRUTH-vip.nam.nsroot.net
menaisrflxu.eur.nsroot.net
GTAEMF4_QM.DIT_qmv75.nam.nsroot.net
clouddesktop-sgdc01-vip.apac.nsroot.net
acheprod.nam.nsroot.net
vusmwdc-ica01-mpx8200-callback.nam.nsroot.net
yieldbook.nam.nsroot.net
tenb51-sit-gsrenapc.nam.nsroot.net
gtcrd-cblla01u.nam.nsroot.net
MessagingclientAceInternationalPR.lac.nsroot.net
apsgontw7w2307.apac.nsroot.net
aawebsocket-uat.wlb.nam.nsroot.net
imbdlpbuf-ru03.nam.nsroot.net
ctrxemeasf-U-PNA.wlb2.eur.nsroot.net
mdefdc-vcs01-vcsco.eur.nsroot.net
esbuat.emeaconsumer.citigroup.net
fxmmilnap1u.eur.nsroot.net
CTRXAPACXDSG7-vip.apac.nsroot.net
s3dev_hrss.nam.nsroot.net
ASUSMD831FIN9V.NAM.NSROOT.NET
imbtcrelay-ru03.nam.nsroot.net
ufcappln.apac.nsroot.net
RSGDVIPA.apac.nsroot.net
banamexsoaperf.banamex.com
devcitisource.nam.nsroot.net
icl-ironkey-va01.nam.nsroot.net
smcpint.ny.ssmb.com
imbtcrelay-gt03.nam.nsroot.net
Lync13ProdDR.apac.nsroot.net
CLOUDDESKTOP-GTDC01-vip.nam.nsroot.net
mgbrdc-pexv07-c220.eur.nsroot.net
www.bnepremium.lac.nsroot.net
RUS111W-MAN02-6509-TENGE2-4.nam.nsroot.net
bolsit.nam.nsroot.net
gmi-dev.nam.nsroot.net
LyncProdDR.EUR.NSROOT.NET
jfpprdhu-rbw-maint-svr1.eur.nsroot.net
TRADERECORDSINFOINDIA.ICG.CITIGROUP.NET
citibankdr.banctecportal.eur.nsroot.net
citisft-usrtdc-pr3-edge-g1.nam.nsroot.net
apacthdsibpm001.apac.nsroot.net
rgbrdc-b2b44-2911.eur.nsroot.net
SBC1802DCONP01V.nam.nsroot.net
digitalopsdev.nam.nsroot.net
uatndm.octopus.gcbhk.apac.nsroot.net
mdefdc-vcs02-vcsex.eur.nsroot.net
uat.eoscar3.nam.nsroot.net
sd-cd7f-c896.nam.nsroot.net
ctrxlatcts.wlb.lac.nsroot.net
apac.nsroot.net
latamesbsit-icg.nam.nsroot.net
CTRXAPACXDSG7-vip.apac.nsroot.net
gmi.nam.nsroot.net
m1gbrdc-svx01-aes.eur.nsroot.net
ecmsynd-uat.nam.nsroot.net
academy-ukr.apac.nsroot.net
cdasmwp15z1.nam.nsroot.net
GTUATORG01.nam.nsroot.net
cob.citibankchina.goldpac.apac.nsroot.net
sfnamuat.wlb2.nam.nsroot.net
ctrxemeauatj.eur.nsroot.net
CAPAMS2XMLSWDC-vip.nam.nsroot.net
vm-unam2-cimp00.nam.nsroot.net
citi.retail.ips-uat.ptnr-b-data.nam.nsroot.net
digitalopsuat.nam.nsroot.net
NAMLY13ENYUAT12.namuat.nsrootuat.dyn.nsroot.net
LyncProdDR.EUR.NSROOT.NET
ch2mwpiapp1.nam.nsroot.net
shim.citiprivatebankinviewqa.emea.privatebank.citibank.com
ch2swuiapp1.nam.nsroot.net
CTRXEUXDRDC70-vip.eur.nsroot.net
speengineuat.wlb3.nam.nsroot.net
MP01VIP2.MP01.MEX.NSROOT.NET
RSGDVIPA.apac.nsroot.net
ccfundnotifications.nam.nsroot.net
webfarm-staging.eur.nsroot.net
UFP1-CIPP01.nam.nsroot.net
LYNC10GTPST01.nam.nsroot.net
m4defdc-aes10-dl360g8.eur.nsroot.net
sbc0401aconp01v.nam.nsroot.net
indo-snok-cob.eur.nsroot.net
CAPAPACPNAXMLHKAST-vip.apac.nsroot.net
lync13pooldev2.namuat.nsrootuat.dyn.nsroot.net
lacbra001as0011.lac.nsroot.net
ccooprod.nam.nsroot.net
consumer.wlb2.nam.nsroot.net
CitiDirectPRODSSO.nam.nsroot.net
sydndm3u.aus.nsroot.net
ctrxnasf-PNA.wlb2.nam.nsroot.net
citi.p-fduc-data.sec.nam.nsroot.net
hcasbat_pkr.apac.nsroot.net
uat.realtime.grosspayment.gateway.citigroup.net
jfxlbeoluat.eur.nsroot.net
vtcgtdcuweb1.nam.nsroot.net
CAPAPACTPAXMLSGCT2-vip.apac.nsroot.net
tneu.nam.nsroot.net
clouddesktop-sgdc01-vip.apac.nsroot.net
speengineuat.wlb3.nam.nsroot.net
GTUATCXC01qmv75.nam.nsroot.net
CAPAMSUATXMLRUTH-vip.nam.nsroot.net
menaisrflxu.eur.nsroot.net
GTAEMF4_QM.DIT_qmv75.nam.nsroot.net
clouddesktop-sgdc01-vip.apac.nsroot.net
acheprod.nam.nsroot.net
vusmwdc-ica01-mpx8200-callback.nam.nsroot.net
yieldbook.nam.nsroot.net
tenb51-sit-gsrenapc.nam.nsroot.net
gtcrd-cblla01u.nam.nsroot.net
MessagingclientAceInternationalPR.lac.nsroot.net
apsgontw7w2307.apac.nsroot.net
aawebsocket-uat.wlb.nam.nsroot.net
imbdlpbuf-ru03.nam.nsroot.net
ctrxemeasf-U-PNA.wlb2.eur.nsroot.net
mdefdc-vcs01-vcsco.eur.nsroot.net
esbuat.emeaconsumer.citigroup.net
fxmmilnap1u.eur.nsroot.net
CTRXAPACXDSG7-vip.apac.nsroot.net
s3dev_hrss.nam.nsroot.net
ASUSMD831FIN9V.NAM.NSROOT.NET
imbtcrelay-ru03.nam.nsroot.net
ufcappln.apac.nsroot.net
RSGDVIPA.apac.nsroot.net
banamexsoaperf.banamex.com
devcitisource.nam.nsroot.net
icl-ironkey-va01.nam.nsroot.net
smcpint.ny.ssmb.com
imbtcrelay-gt03.nam.nsroot.net
Lync13ProdDR.apac.nsroot.net
CLOUDDESKTOP-GTDC01-vip.nam.nsroot.net
mgbrdc-pexv07-c220.eur.nsroot.net
www.bnepremium.lac.nsroot.net
RUS111W-MAN02-6509-TENGE2-4.nam.nsroot.net
bolsit.nam.nsroot.net
gmi-dev.nam.nsroot.net
LyncProdDR.EUR.NSROOT.NET
jfpprdhu-rbw-maint-svr1.eur.nsroot.net
TRADERECORDSINFOINDIA.ICG.CITIGROUP.NET
citibankdr.banctecportal.eur.nsroot.net
citisft-usrtdc-pr3-edge-g1.nam.nsroot.net
apacthdsibpm001.apac.nsroot.net
rgbrdc-b2b44-2911.eur.nsroot.net
SBC1802DCONP01V.nam.nsroot.net
digitalopsdev.nam.nsroot.net
uatndm.octopus.gcbhk.apac.nsroot.net
mdefdc-vcs02-vcsex.eur.nsroot.net
uat.eoscar3.nam.nsroot.net
sd-cd7f-c896.nam.nsroot.net
ctrxlatcts.wlb.lac.nsroot.net
apac.nsroot.net
latamesbsit-icg.nam.nsroot.net
CTRXAPACXDSG7-vip.apac.nsroot.net
gmi.nam.nsroot.net
m1gbrdc-svx01-aes.eur.nsroot.net
Certificate
The complete raw certificate details for citi.p-fduc-data.sec.nam.nsroot.net in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGBDCCBOygAwIBAgIQBPaMaU4yep9Byk1me2zPMzANBgkqhkiG9w0BAQsFADB1 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDExODAwMDAwMFoXDTE5MDExOTEy MDAwMFowgfAxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF EwcyMTU0MjU0MQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNV BAcTCE5ldyBZb3JrMRcwFQYDVQQKEw5DaXRpZ3JvdXAgSW5jLjETMBEGA1UECxMK Q2l0aSBDYXJkczEsMCoGA1UEAxMjY2l0aS5wLWZkdWMtZGF0YS5zZWMubmFtLm5z cm9vdC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdiguiU7AM vdQfsf8wOiO2Ilrj7kkgGzbzyijgJp0JDOKavMgbJ9acoMB4F7pO+4lWVRn71As8 cw3VJaZRDBVnVOk15nDhijKTFBzgiaJo0FMzYrYZC1QDhlytLT93JUNp24LLvpwx l1K7P1R3TIqLp768Lpc1SoFm98CXOeijBD+11GL8CZiolXoGmxdF24/FiafCLxbk FJ57F+NB18czRdtd79q3pVzedey30zqLd9+H07WBNWgBTKvdPKfqGebDLz9gHRMP g98xvv+uETFxDO4Gg6bC21uTDbCzEhonX5m+UkLCwxiyTpFqDqOhbLyKQCx2y3uY g7NqqtYNC1J7AgMBAAGjggISMIICDjAfBgNVHSMEGDAWgBQ901Cl1qCt7vNKYApl 0yHU+PjWDzAdBgNVHQ4EFgQUNoAxIByXL8Q4cVTeNT+VY3P6jHYwLgYDVR0RBCcw JYIjY2l0aS5wLWZkdWMtZGF0YS5zZWMubmFtLm5zcm9vdC5uZXQwDgYDVR0PAQH/ BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBs MDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXIt ZzIuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1ldi1z ZXJ2ZXItZzIuY3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUH AgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwgYgGCCsG AQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t MFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl cnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0EuY3J0MAkGA1UdEwQCMAAw EwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAGEMsBIcKLiY 9N4Qyb8UsYhEz76TYzaj6AkGA6jbflvFUX+HSjWks1YJ3Ykr6isz+OeYIYq5DjCS vxtukpmswoW52carD2nh1muSCfJ9672lV3Vyex/ZWyNNAzjUWkvKX4JfAOUowxSG xIOHJBth2Y4sNyvJajBgprMtGji37Sz1HvjmSq7crnVNSg3YictsDMBTDxt6fDLq M/KBe9UGhCH1JWlbQuArZsx2JlozsI15H1/KhCiwJX8WFodOEXRMNZCYQtYCiEty krk1xkKw2wg0ooHqwkm78h8EA3yp92hMnJYY6lFqG9QOtob1Knd5HPhEzzQ7iW7B 5CDMRSJ0hT4= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYoLolOwDL3UH7H/MDoj tiJa4+5JIBs288oo4CadCQzimrzIGyfWnKDAeBe6TvuJVlUZ+9QLPHMN1SWmUQwV Z1TpNeZw4YoykxQc4ImiaNBTM2K2GQtUA4ZcrS0/dyVDaduCy76cMZdSuz9Ud0yK i6e+vC6XNUqBZvfAlznoowQ/tdRi/AmYqJV6BpsXRduPxYmnwi8W5BSeexfjQdfH M0XbXe/at6Vc3nXst9M6i3ffh9O1gTVoAUyr3Tyn6hnmwy8/YB0TD4PfMb7/rhEx cQzuBoOmwttbkw2wsxIaJ1+ZvlJCwsMYsk6Rag6joWy8ikAsdst7mIOzaqrWDQtS ewIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 6597064890841662443378081571520958259 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Extended Validation Server CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-01-18 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-01-19 12:00:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Private Organization' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Delaware' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '2154254' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Citigroup Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Citi Cards' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'citi.p-fduc-data.sec.nam.nsroot.net' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19887486626033139096166199231201728994289255578542799403049256316201056567659010223653010925896670114255344420030738815607733268067972164268923481430592907596497639908020494557926994001812052640942423123277325539265293982771203715477757198100447196212395516201638570196407706010029175791911290646456808543720066942642282886392652931100025716192133550600840159072679476299047854700279221677586912588044263698537049512717777156302860490458584120440895371459818434418280308863490721864921040685808617527060027325873658476538374230015500121953644448602127061608891381668759240124491915176500747324308831064694216658211451 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 3dd350a5d6a0adeef34a600a65d321d4f8f8d60f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 368031201c972fc4387154de353f956373fa8c76 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citi.p-fduc-data.sec.nam.nsroot.net' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ev-server-g2.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ev-server-g2.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.2.1 (DigiCert EV policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (124 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00610cb0121c28b898f4de10c9bf14b18844cfbe936336a3e8090603a8db7e5bc5517f874a35a4b35609dd892bea2b33f8e798218ab90e3092bf1b6e9299acc285b9d9c6ab0f69e1d66b9209f27debbda55775727b1fd95b234d0338d45a4bca5f825f00e528c31486c48387241b61d98e2c372bc96a3060a6b32d1a38b7ed2cf51ef8e64aaedcae754d4a0dd889cb6c0cc0530f1b7a7c32ea33f2817bd5068421f525695b42e02b66cc76265a33b08d791f5fca8428b0257f1616874e11744c35909842d602884b7292b935c642b0db0834a281eac249bbf21f04037ca9f7684c9c9618ea516a1bd40eb686f52a77791cf844cf343b896ec1e420cc452274853e