remote.na.avivainvestors.com

- Aviva PLC -

Issued by Sectigo RSA Extended Validation Secure Server CA

About this certificate

This digital certificate with serial number 49:c0:9c:4a:30:23:1a:2e:0c:4f:45:3c:a9:5c:bb:0d was issued on by Sectigo Limited.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Aviva PLC

Company registration number: 02468686
Organization: Aviva PLC
Organization unit: Investors
Organization unit: Hosted by AVIVA CENTRAL SERVICES UK LIMITED
Organization unit: COMODO EV SSL
Address: 1 Undershaft
Address: St Helens
Postal code: EC3P 3DQ
State / Province: London
Locality: London
Country: GB

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): 49:c0:9c:4a:30:23:1a:2e:0c:4f:45:3c:a9:5c:bb:0d
Serial Number (int): 98033734622817457848879749488904551181
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: aa:c3:d5:2e:a5:ac:1e:f7:7d:02:d3:bf:37:f8:a0:6d:d2:87:f0:ee
AuthorityKeyId: 2c:69:ff:80:c9:87:90:ae:34:e1:b4:e7:4c:93:85:99:40:e9:a7:b2

Fingerprint (sha1): dc:e5:d3:fd:59:d0:05:e9:5f:4e:92:88:cc:ec:f8:5f:6c:0e:85:9c
Fingerprint (sha256): 02:7e:42:d8:5c:7e:74:bc:88:db:8e:09:53:f6:48:19:7f:ad:da:3f:64:17:2f:57:e8:60:43:0e:cf:9e:f4:9d

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAExtendedValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAExtendedValidationSecureServerCA.crl

Check the revocation status for certificate remote.na.avivainvestors.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for remote.na.avivainvestors.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

remote.na.avivainvestors.com
www.remote.na.avivainvestors.com

Other certificates including the domain name avivainvestors.com

(limited to 100 certificates)
f6.shared.global.fastly.net
www.eserve.avivaservices.co.uk
cert06.uk.aviva.com
f6.shared.global.fastly.net
cert11.uk.aviva.com
remote.na.avivainvestors.com
avivainvestors.com
cert06.uk.aviva.com
cert06.uk.aviva.com
securelogin.avivainvestors.com
cert06.uk.aviva.com
cert01.tmp.aviva.com
ibmwebspheremqukjpmb1p.avivainvestors.com
apps.avivainvestors.com
np-cert02.uk.aviva.com
avivainvestors.com
tw.avivainvestors.com
vault.uk.avivainvestors.com
digital-investor-web-app.prod.kea.ifdsfs.com
f6.shared.global.fastly.net
f6.shared.global.fastly.net
digital-investor-web-app.prod.kea.ifdsfs.com
t.notifications.avivainvestors.com
f6.shared.global.fastly.net
avivainvestors.com
cert03.uk.aviva.com
avivainvestors.com
cert01.tmp.aviva.com
f6.shared.global.fastly.net
alb.investors-qliksense.dev.aws-euw1-np.avivacloud.com
avivainvestors.com
avivainvestors.com

f6.shared.global.fastly.net
remote.na.avivainvestors.com
f6.shared.global.fastly.net
fpcidc01.avivagroup.com
avivainvestors.com
f6.shared.global.fastly.net
tw.avivainvestors.com
tw.avivainvestors.com
digital-investor-web-app.prod.kea.ifdsfs.com

www.avivainvestors.com
reach.uk.avivainvestors.com
cert06.uk.aviva.com
np-cert02.uk.aviva.com

avivainvestors.com
f6.shared.global.fastly.net
digital-investor-web-app.prod.kea.ifdsfs.com

f6.shared.global.fastly.net
ibmwebspheremqukextb1p.avivainvestors.com
f6.shared.global.fastly.net
digital-investor-web-app.prod.kea.ifdsfs.com
digital-investor-web-app.prod.kea.ifdsfs.com
tw.avivainvestors.com
cert03.uk.aviva.com
np-cert02.uk.aviva.com
f6.shared.global.fastly.net
f6.shared.global.fastly.net
f6.shared.global.fastly.net
f6.shared.global.fastly.net
sam.uk.avivainvestors.com
f6.shared.global.fastly.net
f6.shared.global.fastly.net
f6.shared.global.fastly.net
digital-investor-web-app.prod.kea.ifdsfs.com
f6.shared.global.fastly.net
www.avivainvestors.com
avivainvestors.com
at.avivainvestors.com
digital-investor-web-app.prod.kea.ifdsfs.com
f6.shared.global.fastly.net
mail.sg.avivainvestors.com
appsstage.avivainvestors.com
avivainvestors.com
ibmwebspheremqukjpmb1u.avivainvestors.com
avivainvestors.com
f6.shared.global.fastly.net
digital-investor-web-app.prod.kea.ifdsfs.com
f6.shared.global.fastly.net
np-cert02.uk.aviva.com
ibmwebspheremqukextb1p.avivainvestors.com
f6.shared.global.fastly.net
fplidc01.avivagroup.com

f6.shared.global.fastly.net
avivainvestors.com
cert01.tmp.aviva.com
cert01.tmp.aviva.com
tw.avivainvestors.com
f6.shared.global.fastly.net
www.aviva.co.uk
avivainvestors.com

f6.shared.global.fastly.net
remote.na.avivainvestors.com
f6.shared.global.fastly.net

Certificate

The complete raw certificate details for remote.na.avivainvestors.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHcTCCBlmgAwIBAgIQScCcSjAjGi4MT0U8qVy7DTANBgkqhkiG9w0BAQsFADCB
kTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTkwNwYDVQQD
EzBTZWN0aWdvIFJTQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
Q0EwHhcNMTkwNjI3MDAwMDAwWhcNMjAwNjI2MjM1OTU5WjCCAVExETAPBgNVBAUT
CDAyNDY4Njg2MRMwEQYLKwYBBAGCNzwCAQMTAkdCMR0wGwYDVQQPExRQcml2YXRl
IE9yZ2FuaXphdGlvbjELMAkGA1UEBhMCR0IxETAPBgNVBBETCEVDM1AgM0RRMQ8w
DQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxvbmRvbjEVMBMGA1UECRMMMSBVbmRl
cnNoYWZ0MRIwEAYDVQQJEwlTdCBIZWxlbnMxEjAQBgNVBAoTCUF2aXZhIFBMQzES
MBAGA1UECxMJSW52ZXN0b3JzMTQwMgYDVQQLEytIb3N0ZWQgYnkgQVZJVkEgQ0VO
VFJBTCBTRVJWSUNFUyBVSyBMSU1JVEVEMRYwFAYDVQQLEw1DT01PRE8gRVYgU1NM
MSUwIwYDVQQDExxyZW1vdGUubmEuYXZpdmFpbnZlc3RvcnMuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq67IkQZyzjxQTqpjf1OS8YBiPZtZaWMT
xLFjZnx6QuDaUnX3QI3jZKXhAbyOqfCPqM29Q3kVCsSbfJwG/6f724AamJdyw7l+
HcpsW8bJAHIzwNOUSdjQZMhsWbQLZA+fSUmxx/A9mfV4f/wqVBCnB/EGzIiMGXFx
OP4u0ZYvXD21liinF8RorWodQQ1mYu4H0VL26ZTRfPc15fL0TiXW+MvfsGFma5kc
BwbbPOxJ/UmWp//OOp5y/RKaLz5/T3oYSCCdWXLXf95WLdnj5D0wZkVzUv6Ymo3u
9okz2N0PpqIh6HQ8rOEAWEjre7Bl0JSLOf8EUJvreJ+Wvjkj+Vkb4QIDAQABo4ID
ADCCAvwwHwYDVR0jBBgwFoAULGn/gMmHkK404bTnTJOFmUDpp7IwHQYDVR0OBBYE
FKrD1S6lrB73fQLTvzf4oG3Sh/DuMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBAMDUG
DCsGAQQBsjEBAgEFATAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29t
L0NQUzAHBgVngQwBATBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLnNlY3Rp
Z28uY29tL1NlY3RpZ29SU0FFeHRlbmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJD
QS5jcmwwgYYGCCsGAQUFBwEBBHoweDBRBggrBgEFBQcwAoZFaHR0cDovL2NydC5z
ZWN0aWdvLmNvbS9TZWN0aWdvUlNBRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2Vy
dmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTBJ
BgNVHREEQjBAghxyZW1vdGUubmEuYXZpdmFpbnZlc3RvcnMuY29tgiB3d3cucmVt
b3RlLm5hLmF2aXZhaW52ZXN0b3JzLmNvbTCCAQQGCisGAQQB1nkCBAIEgfUEgfIA
8AB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABa5hNmUkAAAQD
AEcwRQIgZqjLmB5lnk1wRRG5zLXrvDHlAeNx7K25lOAAsLWYbHYCIQCdpAC9vgdV
lmK+rUyvPk9+/h+iHniyeOhW8VVDSV98LAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZ
AsEAKQaNsgiaN9kTAAABa5hNmckAAAQDAEcwRQIgcCVC6ZK95rC/3ycoYRIXo8OA
xVBmwIGen31yNFhCit8CIQD3BvAZDkdoC4Jb7EfxmxwZa8UHEszuZs3vcfG8dXIB
PzANBgkqhkiG9w0BAQsFAAOCAQEAfBORSlDx2VlrCdTpARPX7qE140dl1C40ezeo
cXoNlQIfPKf/gS9cRfUJmcHhKc2zrwDVc4SGlXHrQ/Zh27ShlE2vfNM2hiHx0zUy
s4KF4N6vP7K66h/HR+5iKliJ+6YrqJCE/Dtss/FLDK+OGMOSeIDqyU5thz7jXaNk
M/cdNAslMS5BzvDUIoNwGjIF8msqN3dfqYpZ8H5zqGaJ2zb1MGOebe9dVJNzmMsP
I7P+B2JSyMXpsgd0twuL4ewasBwM/g3KIAjFCiQL8wKMi3r9iW6WApOJuRm+TuPv
li0cLTzAKUCPG5fm/710FouTYk7xLrsNFfzgl3IHbrW9KQATTw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq67IkQZyzjxQTqpjf1OS
8YBiPZtZaWMTxLFjZnx6QuDaUnX3QI3jZKXhAbyOqfCPqM29Q3kVCsSbfJwG/6f7
24AamJdyw7l+HcpsW8bJAHIzwNOUSdjQZMhsWbQLZA+fSUmxx/A9mfV4f/wqVBCn
B/EGzIiMGXFxOP4u0ZYvXD21liinF8RorWodQQ1mYu4H0VL26ZTRfPc15fL0TiXW
+MvfsGFma5kcBwbbPOxJ/UmWp//OOp5y/RKaLz5/T3oYSCCdWXLXf95WLdnj5D0w
ZkVzUv6Ymo3u9okz2N0PpqIh6HQ8rOEAWEjre7Bl0JSLOf8EUJvreJ+Wvjkj+Vkb
4QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 98033734622817457848879749488904551181
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Extended Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-27 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-06-26 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '02468686'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'EC3P 3DQ'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'London'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'London'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '1 Undershaft'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'St Helens'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Aviva PLC'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Investors'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Hosted by AVIVA CENTRAL SERVICES UK LIMITED'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'COMODO EV SSL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'remote.na.avivainvestors.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21672939087062045423352907365443610169818482623316318128191373899888084259561032155293772204455869222091491113722621324484838538897557929445284078868646431578575424844440391129786445463453779970129141736475049877638171471470787416799972910754573120734521474098319103350708942982870729647244108808481107968743527653403593081221887632228816602099345373346240294285628473501484187335394699848954148577752275431536013240855357021234264187243056851067844344451351073435610865941525800758747256174795908742715721617062742206326679815981768982298727451638092365277314119977647245547626887341624800673119805765140748114140129
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 2c69ff80c98790ae34e1b4e74c93859940e9a7b2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							aac3d52ea5ac1ef77d02d3bf37f8a06dd287f0ee
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.5.1 (Comodo EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAExtendedValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (122 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAExtendedValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'remote.na.avivainvestors.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.remote.na.avivainvestors.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000016b984d99490000040300473045022066a8cb981e659e4d704511b9ccb5ebbc31e501e371ecadb994e000b0b5986c760221009da400bdbe07559662bead4caf3e4f7efe1fa21e78b278e856f15543495f7c2c0076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000016b984d99c900000403004730450220702542e992bde6b0bfdf2728611217a3c380c55066c0819e9f7d723458428adf022100f706f0190e47680b825bec47f19b1c196bc50712ccee66cdef71f1bc7572013f
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		007c13914a50f1d9596b09d4e90113d7eea135e34765d42e347b37a8717a0d95021f3ca7ff812f5c45f50999c1e129cdb3af00d57384869571eb43f661dbb4a1944daf7cd3368621f1d33532b38285e0deaf3fb2baea1fc747ee622a5889fba62ba89084fc3b6cb3f14b0caf8e18c3927880eac94e6d873ee35da36433f71d340b25312e41cef0d42283701a3205f26b2a37775fa98a59f07e73a86689db36f530639e6def5d54937398cb0f23b3fe076252c8c5e9b20774b70b8be1ec1ab01c0cfe0dca2008c50a240bf3028c8b7afd896e96029389b919be4ee3ef962d1c2d3cc029408f1b97e6ffbd74168b93624ef12ebb0d15fce09772076eb5bd2900134f