ais-hummingbird-upscf-nprod.pfizer.com

- Pfizer, Inc -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 09:2c:9a:64:9d:3f:45:32:d9:fd:c8:ef:14:5e:69:f3 was issued on by Entrust, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Pfizer, Inc

Organization: Pfizer, Inc
State / Province: Connecticut
Locality: Groton
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 09:2c:9a:64:9d:3f:45:32:d9:fd:c8:ef:14:5e:69:f3
Serial Number (int): 12194644486400624705388003735398935027
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 3f:0e:d6:42:c1:ad:c6:32:71:e3:2f:75:9e:67:6a:0c:1f:79:a7:49
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): d2:d8:41:ae:b9:37:e9:82:b0:fe:e3:4c:ad:cb:eb:2c:4e:19:6d:13
Fingerprint (sha256): 02:9a:16:9c:18:b9:de:f0:a6:83:c1:91:f7:a1:72:5f:2a:25:cb:68:2f:a9:f6:37:6b:d0:07:52:19:dd:91:20

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate ais-hummingbird-upscf-nprod.pfizer.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ais-hummingbird-upscf-nprod.pfizer.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ais-hummingbird-upscf-nprod.pfizer.com

Other certificates including the domain name pfizer.com

(limited to 100 certificates)
artifactory.pfizer.com
som-bc-drp-04.pfizer.com
*.us.digitalpfizer.com
www.pfizer.com
sni.cloudflaressl.com
cdeportalapi.pfizer.com
imsws.pfizer.com
*.us3.digitalpfizer.com
rdctest.pfizer.com
pfizer.com
datacloudm.pfizer.com
domains.pfizer.com
pharmatictur.pfizer.com
logonv2dmz.pfizer.com
*.eu2.digitalpfizer.com
maintenance.pfizer.com
*.sf4.digitalpfizer.com
*.eu.digitalpfizer.com
canvas-webbuilder-qa04.pfizer.com
mmstatus.pfizer.com
stgfederate.pfizer.com
boxinterface.pfizer.com
partnerportal.pfizer.com
sni.cloudflaressl.com
*.apac3.digitalpfizer.com
amrvwp000005418.amer.pfizer.com
epp-stg.pfizer.com
devfederate.pfizer.com
sni.cloudflaressl.com
sni.cloudflaressl.com
gbi-bti-sdc-es-prod.pfizer.com
sni.cloudflaressl.com
CLM-API-2.Pfizer.com
groxs40a.pfizer.com
sni.cloudflaressl.com
sni.cloudflaressl.com
*.eu2.digitalpfizer.com
azpksim.pfizer.com
*.sf3.digitalpfizer.com
startrak-dr.pfizer.com
sni.cloudflaressl.com
aribaprime-dr-new.pfizer.com
ais-hummingbird-upscf-nprod.pfizer.com
ariba-stg.pfizer.com
sni.cloudflaressl.com
lshdev2-cal.pfizer.com
gbi-insightsnow-api.pfizer.com
epartner.pfizer.com
uc17.janrainengage.com
sni.cloudflaressl.com
sni.cloudflaressl.com
ebusiness-bi.pfizer.com
*.us2.digitalpfizer.com
*.us8.digitalpfizer.com
e1.pfizer.com
www.primehemophilia.pfizer.com
promosprime.pfizer.com
ariba.pfizer.com
promos-ppd.pfizer.com
sni.cloudflaressl.com
xeljanz.pca.pfizer.com
sni.cloudflaressl.com
sdctst.pfizer.com
*.sf3.digitalpfizer.com
cdn.digitalpfizer.com
sdc20_dev.pfizer.com
sni.cloudflaressl.com
*.opx.janrain.ws
*.sf3.digitalpfizer.com
sni.cloudflaressl.com
amrsomw1527.amer.pfizer.com
*.eu.digitalpfizer.com
cvs.pfizer.com
spotfirebi7sbx.pfizer.com
tie.pfizer.com
sni.cloudflaressl.com
pfizergardens.com
sni.cloudflaressl.com
sni.cloudflaressl.com
secxs40a
*.pfizergardens.com
apsis.pfizer.com
uc18.janrainengage.com
*.eu6.digitalpfizer.com
sni.cloudflaressl.com
datacloudmdr.pfizer.com
pfizer.com
pxedpass.pfizer.com
rdcext.pfizer.com
myservicepartner.pfizer.com
san-11-s51.tlsprovisioning.exacttarget.com
pwondemand.pfizer.com
impalastg.pfizer.com
*.apac3.digitalpfizer.com
artifactory.pfizer.com
sni.cloudflaressl.com
devfederate.pfizer.com
sni.cloudflaressl.com
onetimesetupsom.pfizer.com
sni.cloudflaressl.com

Certificate

The complete raw certificate details for ais-hummingbird-upscf-nprod.pfizer.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgIQCSyaZJ0/RTLZ/cjvFF5p8zANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDAyMTYxOTEwMzBaFw0yNTAyMTYxOTEwMjlaMHsxCzAJBgNVBAYTAlVTMRQwEgYD
VQQIEwtDb25uZWN0aWN1dDEPMA0GA1UEBxMGR3JvdG9uMRQwEgYDVQQKEwtQZml6
ZXIsIEluYzEvMC0GA1UEAxMmYWlzLWh1bW1pbmdiaXJkLXVwc2NmLW5wcm9kLnBm
aXplci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7fchbdoHo
5UjbbHAO8Bz0a7OvCFoQVp4cFe8Hir5Cd4V4vGCblXX7E4Lhuv+tI1lIPvNCI01X
HcWOd745kDiiRgcrVTj87p4IsxciTkJpBFd0hVXLpEfRGh83UYgiEmCZi4diHtCL
adhaGzZTSGOCPOzujzHvr1iKhF7/Fx/2RCEVBLyzy2QnqEpT9VUqOOKV8V72IT4f
oVEw50PZtC6ej90CJvA8uAVOipIQOon8KkJdc9FArkV+AkSEI9avg/6C4+JEfqLM
sI0+vqFKm5wsLOAV6wxRAxdV+2Nbm+uV3gAXYD+toR8voiUY2VRQD0NCgc64yA1k
gV0RKi7XPaADAgMBAAGjggF9MIIBeTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQ/
DtZCwa3GMnHjL3WeZ2oMH3mnSTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dg
xgpMvzBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVu
dHJ1c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wx
ay1jaGFpbjI1Ni5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRy
dXN0Lm5ldC9sZXZlbDFrLmNybDAxBgNVHREEKjAogiZhaXMtaHVtbWluZ2JpcmQt
dXBzY2YtbnByb2QucGZpemVyLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMBMGA1UdIAQMMAowCAYGZ4EMAQICMBMGCisG
AQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQDSzJAg6zeHqlqXP+6/
NSf2XmRAs2rWOBBvB/HF4nxHt2q19PIv0P4VnN/5F90OtPhINlhs6Egd3qCBcnk6
U9f8x4r6u0OZq4iU7WPcVBGjNHUnw3prc07nrDtkdngOvg1UAt0zixAvs3d/rENU
/g5ht/1Jx5XQu9yYztVPvy4Ug3e8VQCGGe8WW6A5DD8vma+0SuOv+B2GBferDbBO
J7eGMhIBrheR2elgU09G/AOMb5Ux+HaUC1VcLr7fZUi9muYjCbjgqMOLba1yGj0P
cYJ5tuO7D4hFF69aayIKomp4a/OP6MYGL5DFnFw3s38Iivqd7dAgc/omdKHfaRqY
MqQe
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu33IW3aB6OVI22xwDvAc
9GuzrwhaEFaeHBXvB4q+QneFeLxgm5V1+xOC4br/rSNZSD7zQiNNVx3Fjne+OZA4
okYHK1U4/O6eCLMXIk5CaQRXdIVVy6RH0RofN1GIIhJgmYuHYh7Qi2nYWhs2U0hj
gjzs7o8x769YioRe/xcf9kQhFQS8s8tkJ6hKU/VVKjjilfFe9iE+H6FRMOdD2bQu
no/dAibwPLgFToqSEDqJ/CpCXXPRQK5FfgJEhCPWr4P+guPiRH6izLCNPr6hSpuc
LCzgFesMUQMXVftjW5vrld4AF2A/raEfL6IlGNlUUA9DQoHOuMgNZIFdESou1z2g
AwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 12194644486400624705388003735398935027
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-16 19:10:30 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-16 19:10:29 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Connecticut'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Groton'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Pfizer, Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ais-hummingbird-upscf-nprod.pfizer.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23668588762935704678071047223070320359921726584176242336927609125172787608936805559707055206033813945628954492228123265165890068717393831488328353395863470789893449961072644379763727156529719495125472189800531561031676888203508721461989071259571960718832984575954487584460903009172439873033691550074688265872478160178619344672877762981603253758547867712541016926297639615889394954304985954276433917377856366222231047047891442326706400970465725685431144410972773094546204266507472841365429281381210097080292482667452476795114134847363177572345968051294230505501317328416025718684823477493000836715417321620024760049667
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3f0ed642c1adc63271e32f759e676a0c1f79a749
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (42 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ais-hummingbird-upscf-nprod.pfizer.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00d2cc9020eb3787aa5a973feebf3527f65e6440b36ad638106f07f1c5e27c47b76ab5f4f22fd0fe159cdff917dd0eb4f84836586ce8481ddea08172793a53d7fcc78afabb4399ab8894ed63dc5411a3347527c37a6b734ee7ac3b6476780ebe0d5402dd338b102fb3777fac4354fe0e61b7fd49c795d0bbdc98ced54fbf2e148377bc55008619ef165ba0390c3f2f99afb44ae3aff81d8605f7ab0db04e27b786321201ae1791d9e960534f46fc038c6f9531f876940b555c2ebedf6548bd9ae62309b8e0a8c38b6dad721a3d0f718279b6e3bb0f884517af5a6b220aa26a786bf38fe8c6062f90c59c5c37b37f088afa9dedd02073fa2674a1df691a9832a41e