becws-gov-us.microsoftonline.com

Issued by Microsoft IT TLS CA 1

About this certificate

This digital certificate with serial number 7b:00:03:21:28:bc:d0:e8:63:bc:40:2b:3c:00:00:00:03:21:28 was issued on by Microsoft Corporation.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

Certificate Subject

CN=becws-gov-us.microsoftonline.com

Microsoft Corporation

Organization: Microsoft Corporation
Organization unit: Microsoft IT
State / Province: Washington
Locality: Redmond
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 7b:00:03:21:28:bc:d0:e8:63:bc:40:2b:3c:00:00:00:03:21:28
Serial Number (int): 2742992724342412788852285052948014628734181672
Serial Number lenght: 151 bits, 19 octets

SubjectKeyId: d1:7d:21:37:68:91:85:71:ea:e5:5d:53:8a:21:af:e0:26:c8:92:ca
AuthorityKeyId: 58:88:9f:d6:dc:9c:48:22:b7:14:3e:ff:84:88:e8:e6:85:ff:fa:7d

Fingerprint (sha1): fb:2d:f9:89:e4:18:78:55:4b:a5:7c:57:69:cb:c2:48:5e:12:26:59
Fingerprint (sha256): 02:9e:5d:6f:f2:e5:70:d1:c0:21:8a:17:c5:05:6f:2c:ba:4d:32:3a:cb:de:11:5c:eb:8f:d6:40:8d:e5:88:52

Issuing Certificate URL: http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt

Revocation information

OCSP Server: http://ocsp.msocsp.com
CRL Distribution Point: http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl
CRL Distribution Point: http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl

Check the revocation status for certificate becws-gov-us.microsoftonline.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for becws-gov-us.microsoftonline.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

11 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

becws-gov-us.microsoftonline.com
becws.gov.us.microsoftonline.com

Other certificates including the domain name microsoftonline.com

(limited to 100 certificates)
syncservice.microsoftonline.com
atv300.microsoftonline.com
becws-gov-us.microsoftonline.com
*.certauth.login.microsoftonline.com
api.cp.microsoft.com
login.microsoftonline.com
cert.ccs.login.microsoftonline.com
outlook.com
stamp2.login.microsoftonline.com
graph.windows.net
login.windows.net
*.sharepoint.com
login.windows.net
tip.passwordreset.microsoftonline.com
syncservice.microsoftonline.com
*.sharepoint.emea.microsoftonline.com
*.segmentation.bdm.microsoftonline.com
graph.windows.net
graph.windows.net
graph.windows.net
outlook.com
mail.apac.microsoftonline.com
login.windows.net
becws-gov-us.microsoftonline.com
outlook.com
management.microsoftonline.com
graph.windows.net
login.windows.net
graph.windows.net
rps-prd.microsoftonline.com
akamai-san17.exacttarget.com
portal.office.com
graph.windows.net
adminwebservice.microsoftonline.com
CompanyManager.microsoftonline.com
g.msn.com
graph.windows.net
syncservice.microsoftonline.com
portal.office.com
login.windows.net
graph.windows.net
portal.office.com
login.windows.net
syncservice.ccsctp.com
dcscheduler.msogov.us.microsoftonline.com
graph.windows.net
provisioningapi.microsoftonline.com
syncservice.microsoftonline.com
ssprdataencrypt.microsoftonline.com
syncservice.eu.microsoftonline.com
login.windows.net
graph.windows.net
login.windows.net
outlook.com
migreports.microsoftonline.com
login.windows.net
companymanager.microsoftonline.com
graph.windows.net
CompanyManager.microsoftonline.com
*.certauth.login.microsoftonline.com
commerce.microsoftonline.com
stamp2.login.microsoftonline.com
graph.windows.net
login.windows.net
syncservice.ccsctp.com
outlook.com
outlook.com
stamp2.login.microsoftonline.com
stamp2.login.microsoftonline.com
graph.windows.net
portal.office.com
syncservice.ccsctp.com
graph.windows.net
syncservice.gov.us.microsoftonline.com
login.windows.net
companymanager.microsoftonline.com
syncservice.ccsctp.com
graph.windows.net
stamp2.login.microsoftonline.com
outlook.com
graph.windows.net
outlook.com
*.mail.emea.microsoftonline.com
stamp2.login.microsoftonline.com
syncservice.microsoftonline.com
portal.office.com
ccs.login.microsoftonline.com
outlook.com
outlook.com
graph.windows.net
ocpclient.microsoftonline.com
login.windows.net
graph.windows.net
stamp2.login.microsoftonline.com
login.windows.net
*.sharepoint.com
outlook.com
*.sharepoint.com
outlook.com
portal.office.com

Certificate

The complete raw certificate details for becws-gov-us.microsoftonline.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIII7TCCBtWgAwIBAgITewADISi80OhjvEArPAAAAAMhKDANBgkqhkiG9w0BAQsF
ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE
CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEw
HhcNMTgxMDEzMjI0NzM2WhcNMjAxMDEzMjI0NzM2WjArMSkwJwYDVQQDEyBiZWN3
cy1nb3YtdXMubWljcm9zb2Z0b25saW5lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL22ScFoq5Erauiw0EfgGBdEi/xhfrTlkX1NVBlGhYeqYRVB
MEjnhcTrbG6Ew9cHOXAsFlq/vPI1mLDIvYeWTBX1FHqic3eW7S43Dz8FMXPNexIM
T6pDeyPpdnn8Z4AaDHcN13V2r18mwQIkS9l4t14fmBpWlm1PL76Zo8ICMZnF2E7I
mxBSAuRR4dSXZBD/F2hqfPK3gh5tRhgV6EP/30r6xNrwI1i5f+WZpmYzg2htZp5y
Fum8wXujuMQ3S79+eHafPjBHsrX9hQvavJDNQYDQauYgkPq+ZYz+ws+JN5nTra4g
y39QqJkBtVc4S5WKbRGulM0xPippicbmg0iPa8cCAwEAAaOCBKcwggSjMIIB9QYK
KwYBBAHWeQIEAgSCAeUEggHhAd8AdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQ
lmQ2jh7RhQAAAWZvpkg0AAAEAwBHMEUCIQCxxWbE6z+V7Ii7gLai7q2RvANSCOmx
BqglfHOQf1jFKgIgcs4PnGPkaP9T7mrQjjrEeXQ2s41y4NEF/BqUbu5cU50AdgBV
gdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWZvpkgFAAAEAwBHMEUC
IF86kooqlp8rx4O/v7xKTwj7YshMDf4L62gHUVTV4dZcAiEA+NZokphYT+qmhxaY
LJdOhzVIvro4XFXcR513jv5g6xAAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jj
d80OyA3cEAAAAWZvpkgiAAAEAwBHMEUCIQC8xfyrWGKeZW2HraZQXWHldOLyGQdt
QHY4xyupPDPpDgIgYeQcRjY8fekuXMY7KH9h/+WTqo0xJ+fsBV1nPFmYd3gAdQDw
laRZ8gDRgkAQLS+TiI6tS/4dR+OZ4dA0prCoqo6ycwAAAWZvpkcGAAAEAwBGMEQC
IERmgqWSeFHw7xBZdzjlShvVSL2Ti33/q1/haylr2ho1AiAwVeBkmn9AS/Z7n4YF
/Lxw272ExrHI/i2RrFoS9M5KSjAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMC
MAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkB
gsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEG
CCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9N
aWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcnQwIgYIKwYBBQUHMAGGFmh0
dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFNF9ITdokYVx6uVdU4ohr+Am
yJLKMAsGA1UdDwQEAwIEsDBNBgNVHREERjBEgiBiZWN3cy1nb3YtdXMubWljcm9z
b2Z0b25saW5lLmNvbYIgYmVjd3MuZ292LnVzLm1pY3Jvc29mdG9ubGluZS5jb20w
gawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5j
b20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEu
Y3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWlj
cm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JsME0GA1UdIARGMEQwQgYJKwYB
BAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9w
a2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBRYiJ/W3JxIIrcUPv+EiOjmhf/6fTAd
BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIB
AEuB5k/T6yukhLsvpxAPK9crMao1NUANNgb7CQpNRN5v3NFybtSNPDNgOExiKzzQ
oohKhYjFo7c5wY3IXsmiR3LpdrrvLDyatWMLsAs6mmSYcwBmlJ7OybtfdXU1u1tX
9V689eCu6MiWcwlzFpP4ZU9/k3cg+Dl95TaDAM0WEfHYY2lzM0U0JYeCz3kFF+Y7
mXCwVA2VSrHwnKEPfVaMlih1KfZww7qr/woYITqEOm8SaIkjqmAT6gjS4jLrd1Vy
FhtV5FoC6kGWvEx8kq+pMIq1Kv0oZHxaw6W2D54+hwJ5nszQDL4DXIxXuYbo5h7e
Onl1+wLS61zbwjRkd5XREZQFYF7BpIuJPGwT5DuwyKVVDgr5S0PNepwWYEyWFtUD
ZrtXOwZDOy0bmKlrV2GHESQyhG7B0H6KdcjqSPL1Y8/c+nEgyRa1peLKl3lgBK6E
BoJkL9mtLzHHuE0rhT4Cf0+AZE7CZVAIDqZi2CSzeZen1n5D852TtHsWvzrfEZx+
ImFvRQAS3fpg3sHdvinLlWcuu+XUxwxM9umqJfVTEO5v+ZX455jTXMGtu2QV5Uv2
jqzEqgX6rxLG9VvPZdSlg7F4K2EDjVhSaOf17UiD4LYthR26kqjb/+aK40kYMz1+
o93CvpNvxTZF9s2iwFxj3tt+uBjhMyIttOgWsPb5c4Ia
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbZJwWirkStq6LDQR+AY
F0SL/GF+tOWRfU1UGUaFh6phFUEwSOeFxOtsboTD1wc5cCwWWr+88jWYsMi9h5ZM
FfUUeqJzd5btLjcPPwUxc817EgxPqkN7I+l2efxngBoMdw3XdXavXybBAiRL2Xi3
Xh+YGlaWbU8vvpmjwgIxmcXYTsibEFIC5FHh1JdkEP8XaGp88reCHm1GGBXoQ//f
SvrE2vAjWLl/5ZmmZjODaG1mnnIW6bzBe6O4xDdLv354dp8+MEeytf2FC9q8kM1B
gNBq5iCQ+r5ljP7Cz4k3mdOtriDLf1ComQG1VzhLlYptEa6UzTE+KmmJxuaDSI9r
xwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2742992724342412788852285052948014628734181672
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Washington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT TLS CA 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-10-13 22:47:36 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-10-13 22:47:36 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'becws-gov-us.microsoftonline.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23948929254593205031752437284008711749547891252385030136623074705990348333390777818478421355181090004671028351491617981882127834529906641511726418567462775292365591155539686795292288698093320563844472402147561759642616403595328779842848224840236146365985733053403417481043544010561874423205736260654397946451085126640532620702057239992944389722271031025776172504449566631831787421884211687862235193154100194127387979696259217571732623124995716837914904678021048328254049719007675181890594032757379715845983965224676715655079942429912187300234205493919155897711431948653220182275369965119326576159984255512978161363911
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (485 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (481 bytes)
							01df007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185000001666fa648340000040300473045022100b1c566c4eb3f95ec88bb80b6a2eead91bc035208e9b106a8257c73907f58c52a022072ce0f9c63e468ff53ee6ad08e3ac4797436b38d72e0d105fc1a946eee5c539d0076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c000001666fa64805000004030047304502205f3a928a2a969f2bc783bfbfbc4a4f08fb62c84c0dfe0beb68075154d5e1d65c022100f8d6689298584feaa68716982c974e873548beba385c55dc479d778efe60eb10007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10000001666fa648220000040300473045022100bcc5fcab58629e656d87ada6505d61e574e2f219076d407638c72ba93c33e90e022061e41c46363c7de92e5cc63b287f61ffe593aa8d3127e7ec055d673c59987778007500f095a459f200d18240102d2f93888ead4bfe1d47e399e1d034a6b0a8aa8eb273000001666fa6470600000403004630440220446682a5927851f0ef10597738e54a1bd548bd938b7dffab5fe16b296bda1a3502203055e0649a7f404bf67b9f8605fcbc70dbbd84c6b1c8fe2d91ac5a12f4ce4a4a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.16155509.8105089.5391003.2969441.12400096.221.9744322.5884410
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.msocsp.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d17d213768918571eae55d538a21afe026c892ca
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'becws-gov-us.microsoftonline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'becws.gov.us.microsoftonline.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (164 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.42.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pki/mscorp/cps'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 58889fd6dc9c4822b7143eff8488e8e685fffa7d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		004b81e64fd3eb2ba484bb2fa7100f2bd72b31aa3535400d3606fb090a4d44de6fdcd1726ed48d3c3360384c622b3cd0a2884a8588c5a3b739c18dc85ec9a24772e976baef2c3c9ab5630bb00b3a9a6498730066949ecec9bb5f757535bb5b57f55ebcf5e0aee8c8967309731693f8654f7f937720f8397de5368300cd1611f1d8636973334534258782cf790517e63b9970b0540d954ab1f09ca10f7d568c96287529f670c3baabff0a18213a843a6f12688923aa6013ea08d2e232eb775572161b55e45a02ea4196bc4c7c92afa9308ab52afd28647c5ac3a5b60f9e3e8702799eccd00cbe035c8c57b986e8e61ede3a7975fb02d2eb5cdbc234647795d1119405605ec1a48b893c6c13e43bb0c8a5550e0af94b43cd7a9c16604c9616d50366bb573b06433b2d1b98a96b576187112432846ec1d07e8a75c8ea48f2f563cfdcfa7120c916b5a5e2ca97796004ae840682642fd9ad2f31c7b84d2b853e027f4f80644ec26550080ea662d824b37997a7d67e43f39d93b47b16bf3adf119c7e22616f450012ddfa60dec1ddbe29cb95672ebbe5d4c70c4cf6e9aa25f55310ee6ff995f8e798d35cc1adbb6415e54bf68eacc4aa05faaf12c6f55bcf65d4a583b1782b61038d585268e7f5ed4883e0b62d851dba92a8dbffe68ae34918333d7ea3ddc2be936fc53645f6cda2c05c63dedb7eb818e133222db4e816b0f6f973821a