client.hip.live.com

Issued by Microsoft IT TLS CA 2

About this certificate

This digital certificate with serial number 20:00:02:2a:30:d3:49:32:df:0b:a1:ea:28:00:00:00:02:2a:30 was issued on by Microsoft Corporation.

With 18 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

Certificate Subject

CN=client.hip.live.com

Microsoft Corporation

Organization: Microsoft Corporation
Organization unit: Microsoft IT
State / Province: Washington
Locality: Redmond
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 20:00:02:2a:30:d3:49:32:df:0b:a1:ea:28:00:00:00:02:2a:30
Serial Number (int): 713624582998805242408338225030579165511952944
Serial Number lenght: 150 bits, 19 octets

SubjectKeyId: e6:2c:ac:96:35:d3:00:6b:15:e5:1d:3a:41:8b:61:bc:84:25:86:48
AuthorityKeyId: 91:9e:3b:44:6c:3d:57:9c:42:77:2a:34:d7:4f:d1:cc:4a:97:2c:da

Fingerprint (sha1): 69:24:85:c3:fd:82:28:db:86:31:1a:82:a6:61:35:47:81:62:da:8e
Fingerprint (sha256): 02:9f:28:1d:84:1c:a8:6a:bf:3d:b6:0a:bc:f4:fa:2f:70:0a:6c:f8:b6:43:0b:bc:99:9e:13:d8:8a:26:cb:b9

Issuing Certificate URL: http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%202.crt

Revocation information

OCSP Server: http://ocsp.msocsp.com
CRL Distribution Point: http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%202.crl
CRL Distribution Point: http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%202.crl

Check the revocation status for certificate client.hip.live.com

18

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for client.hip.live.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

client.hip.live.com
partner.hip.live.com
hip-wu-prod.cloudapp.net
hip-scu-prod.cloudapp.net
*.partner.hip.live.com
*.p.partner.hip.live.com
*.client.hip.live.com
*.p.client.hip.live.com
hip-eu1-prod.cloudapp.net
hip-ncu-prod.cloudapp.net
hipipv6-wu-prod.cloudapp.net
hipipv6-scu-prod.cloudapp.net
hipipv6-eu1-prod.cloudapp.net
hipipv6-ncu-prod.cloudapp.net
*.hipipv4.partner.hip.live.com
*.hipipv4.p.partner.hip.live.com
*.hipipv4.client.hip.live.com
*.hipipv4.p.client.hip.live.com

Other certificates including the domain name live.com

(limited to 100 certificates)
client.hip.live.com
config.edog.officeapps.live.com
outlook-fd-0009.live.com
sa5gl.wpc.edgecastcdn.net
ssl.chinanetcenter.com
officeapps.live.com
odc.edog.officeapps.live.com
blu196.mail.live.com
reporting.fss.live.com
sdx.microsoft.com
*.gateway.messenger.live.com
mrodevicemgr.edog.officeapps.live.com
storage.live.com
settings.familysafety.microsoft.com
sa9gl.wpc.edgecastcdn.net
login.live.com
outlook.com
images.partner.windowsphone.com
graph.windows.net
odc.officeapps.live.com
account.microsoft.com
teamsopenaisvc.prod.teams.live.com
*.ra.live.com
hololens-surfacehub-prod.auth.partner.hip.live.com
groups.prod.teams.live.com
ssw.live.com
ssl.chinanetcenter.com
present.edog.officeapps.live.com
ssl.chinanetcenter.com
ssl.chinanetcenter.com
fpt.microsoft.com
config.edog.officeapps.live.com
graph.windows.net
chatsvcagg.teams.microsoft.com
graph.windows.net
store.office.com
graph.windows.net
outlook-fd-0007.live.com
storage.live.com
outlook.com
fpt.microsoft.com
pptcts.officeapps.live.com
outlook-fd-0009.live.com
client.hip.live.com
uci.edog.officeapps.live.com
outlook.com
graph.windows.net
support.office.com
mail.live.com
graph.windows.net
wordwrs.edog.officeapps.live.com
*.domains.live.com
sa167gl.wpc.edgecastcdn.net
sa54gl.wpc.edgecastcdn.net
middletier.prod.teams.live.com
pptmobius.officeapps.live.com
*.vo.msecnd.net
virtualearth.at
excelcs.officeapps.live.com
sendersupport.olc.protection.outlook.com
login.live-int.com
middletier.nonprod.teams.live.com
wordcs.edog.officeapps.live.com
graph.windows.net
g.msn.com
imgw.live.com
graph.windows.net
login.live-int.com
groups.prod.teams.live.com
outlook.live.com
*.maps.live.com
c2rsetup.edog.officeapps.live.com
profile-df.live.com
storage.live.com
shim.hip.live.com
outlook-fd-0009.live.com
account.live.com
www.multimap.com
graph.windows.net
client.hip.live.com
*.storage.msn.com
notifsvc.nonprod.teams.live.com
outlook.com
groups.prod.teams.live.com
ocws.officeapps.live.com
designerapp.officeapps.live.com
graph.windows.net
login.live.com
sa146gl.wpc.edgecastcdn.net
support.office.com
pptwrs.officeapps.live.com
config.officeapps.live.com
login.live.com
authsvc.nonprod.teams.live.com
outlook.com
mail.live.com
sa54gl.wpc.edgecastcdn.net
uci.officeapps.live.com
account.live.com
d.sfx-df.ms

Certificate

The complete raw certificate details for client.hip.live.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIInjCCBoagAwIBAgITIAACKjDTSTLfC6HqKAAAAAIqMDANBgkqhkiG9w0BAQsF
ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE
CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDIw
HhcNMTgwMjI4MTc1MjU1WhcNMjAwMjI4MTc1MjU1WjAeMRwwGgYDVQQDExNjbGll
bnQuaGlwLmxpdmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
u1wecOLbRCw24NLjAchA5Ja4Rd5lxdy4PIHoCfVh2mPupT9kl2D0Gjx/nZvWpQbE
iawFRzh5FxQtb5schQphsfMV2dxSngIxNvFogeKpQ/KpYokwSvuHtWFHhWkz8P+Q
eBBBOr5WLZu2RJUFH6yNCthuy4xCQ3BmRGQ8kLT6qf9fx04jcLoaU7mTX4w/mSOP
I+i9MS4TSwRSsFcNBhX6RK4jafoHLnj5+bGCZLKKi7ppf3IEVvVhzO7gqNppcUv7
wXVOgHRcPJexek+6uPxHRz4fxpsQMnK2aWL6VgLKJCRwgQqyliuxlHwNL6mfCM80
gSn5gZCLkzmPU9JXxrVidQIDAQABo4IEZTCCBGEwHQYDVR0OBBYEFOYsrJY10wBr
FeUdOkGLYbyEJYZIMAsGA1UdDwQEAwIEsDAfBgNVHSMEGDAWgBSRnjtEbD1XnEJ3
KjTXT9HMSpcs2jCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwu
bWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRM
UyUyMENBJTIwMi5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNj
b3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMi5jcmwwgYUGCCsG
AQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29t
L3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDIuY3J0MCIG
CCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMD4GCSsGAQQBgjcVBwQx
MC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIB
GzAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwTQYDVR0gBEYwRDBCBgkr
BgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29t
L3BraS9tc2NvcnAvY3BzMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYI
KwYBBQUHAwEwggICBgNVHREEggH5MIIB9YITY2xpZW50LmhpcC5saXZlLmNvbYIU
cGFydG5lci5oaXAubGl2ZS5jb22CGGhpcC13dS1wcm9kLmNsb3VkYXBwLm5ldIIZ
aGlwLXNjdS1wcm9kLmNsb3VkYXBwLm5ldIIWKi5wYXJ0bmVyLmhpcC5saXZlLmNv
bYIYKi5wLnBhcnRuZXIuaGlwLmxpdmUuY29tghUqLmNsaWVudC5oaXAubGl2ZS5j
b22CFyoucC5jbGllbnQuaGlwLmxpdmUuY29tghloaXAtZXUxLXByb2QuY2xvdWRh
cHAubmV0ghloaXAtbmN1LXByb2QuY2xvdWRhcHAubmV0ghxoaXBpcHY2LXd1LXBy
b2QuY2xvdWRhcHAubmV0gh1oaXBpcHY2LXNjdS1wcm9kLmNsb3VkYXBwLm5ldIId
aGlwaXB2Ni1ldTEtcHJvZC5jbG91ZGFwcC5uZXSCHWhpcGlwdjYtbmN1LXByb2Qu
Y2xvdWRhcHAubmV0gh4qLmhpcGlwdjQucGFydG5lci5oaXAubGl2ZS5jb22CICou
aGlwaXB2NC5wLnBhcnRuZXIuaGlwLmxpdmUuY29tgh0qLmhpcGlwdjQuY2xpZW50
LmhpcC5saXZlLmNvbYIfKi5oaXBpcHY0LnAuY2xpZW50LmhpcC5saXZlLmNvbTAN
BgkqhkiG9w0BAQsFAAOCAgEAT9xJnnFMcO3PFWHxSVTl6dgvgtzFCjCbkJugQzQf
ZmBe9xMxwu0mkHEPTnF6nMphfcFC7eDPPGv1SjycsuA2A73RpgVZxd4Tq6a7cAbk
knjja8gSYqH/wufGAvFNiglUYjtmDoRtwWDGLZzBulC6TMA+UQkevhdySu0BV7D0
gF4/m4rayOn/2lWcL9emhEiNMST41OCwhmyquGgKiOQ2Ts1bBPLJFh85Empor0P1
03BRtrQSyxB9bssdUUlN1UuYaNwAL5J2qRAKy19deYQI6mwPHhtz3Vpp2HRoE6rx
GBm1MmGT/0mc3lXHWgWiYeVkCnoF5wHN5hM8VvUrgiY4PXnKnJDNhKJpeMCsCErY
qntsRMllQnFp5CMQ/KFxEJ5l9zXgm2PPrtPVSCZxDAH7NrSiLqDTNkR7fRvK5NkF
4m94k4NsIyNMxF8c7vDAKUl7F80m4aBuYv3vvk7ay7ksYyPhfKB3ReZvUrAantDY
MtYmT49W9mCXsK3o53C5H+XQef53pgaovaeP6F+rrQb7Zwu6creVTu5cJiw+axn5
ro7nSRBTZia9gQ95ZHOsKOZM7/eJt7CgLdcu8dYiHFZKaseTCo44BvNMhLi3IjbA
RvB5yF3a1UYHWVG3NKHf2Ce5PPfnaJ+hFGyUYIbbk+H77fKjQFQeGNbrAqH6zTwy
PA4=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1wecOLbRCw24NLjAchA
5Ja4Rd5lxdy4PIHoCfVh2mPupT9kl2D0Gjx/nZvWpQbEiawFRzh5FxQtb5schQph
sfMV2dxSngIxNvFogeKpQ/KpYokwSvuHtWFHhWkz8P+QeBBBOr5WLZu2RJUFH6yN
Cthuy4xCQ3BmRGQ8kLT6qf9fx04jcLoaU7mTX4w/mSOPI+i9MS4TSwRSsFcNBhX6
RK4jafoHLnj5+bGCZLKKi7ppf3IEVvVhzO7gqNppcUv7wXVOgHRcPJexek+6uPxH
Rz4fxpsQMnK2aWL6VgLKJCRwgQqyliuxlHwNL6mfCM80gSn5gZCLkzmPU9JXxrVi
dQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 713624582998805242408338225030579165511952944
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Washington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT TLS CA 2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-02-28 17:52:55 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-02-28 17:52:55 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'client.hip.live.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23651988556209556157628006672424057140655654919520028651252438547153132944325140826390813979555704398992011794621127991047780419229698759661576430511730263115018213432558950262819511786181774151090911434651848392421936664561414106673743934946898311325117594860737205530082473064402939119719922810931093053740309707218771698644433857796808939065189216530989437442363506707566759474626294293803080073590559155780425712298575399105071829004043545520036785956078920622259094154707751126818998484803773514359034026810642310141524505640746406514388207015362576881620036416296222778139680985236314658201244612342038901645941
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e62cac9635d3006b15e51d3a418b61bc84258648
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 919e3b446c3d579c42772a34d74fd1cc4a972cda
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (164 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%202.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%202.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%202.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.msocsp.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.16155509.8105089.5391003.2969441.12400096.221.9744322.5884410
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.42.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pki/mscorp/cps'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (505 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'client.hip.live.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'partner.hip.live.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hip-wu-prod.cloudapp.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hip-scu-prod.cloudapp.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.partner.hip.live.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.p.partner.hip.live.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.client.hip.live.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.p.client.hip.live.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hip-eu1-prod.cloudapp.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hip-ncu-prod.cloudapp.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hipipv6-wu-prod.cloudapp.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hipipv6-scu-prod.cloudapp.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hipipv6-eu1-prod.cloudapp.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hipipv6-ncu-prod.cloudapp.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hipipv4.partner.hip.live.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hipipv4.p.partner.hip.live.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hipipv4.client.hip.live.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hipipv4.p.client.hip.live.com'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		004fdc499e714c70edcf1561f14954e5e9d82f82dcc50a309b909ba043341f66605ef71331c2ed2690710f4e717a9cca617dc142ede0cf3c6bf54a3c9cb2e03603bdd1a60559c5de13aba6bb7006e49278e36bc81262a1ffc2e7c602f14d8a0954623b660e846dc160c62d9cc1ba50ba4cc03e51091ebe17724aed0157b0f4805e3f9b8adac8e9ffda559c2fd7a684488d3124f8d4e0b0866caab8680a88e4364ecd5b04f2c9161f39126a68af43f5d37051b6b412cb107d6ecb1d51494dd54b9868dc002f9276a9100acb5f5d798408ea6c0f1e1b73dd5a69d8746813aaf11819b5326193ff499cde55c75a05a261e5640a7a05e701cde6133c56f52b8226383d79ca9c90cd84a26978c0ac084ad8aa7b6c44c965427169e42310fca171109e65f735e09b63cfaed3d54826710c01fb36b4a22ea0d336447b7d1bcae4d905e26f7893836c23234cc45f1ceef0c029497b17cd26e1a06e62fdefbe4edacbb92c6323e17ca07745e66f52b01a9ed0d832d6264f8f56f66097b0ade8e770b91fe5d079fe77a606a8bda78fe85fabad06fb670bba72b7954eee5c262c3e6b19f9ae8ee74910536626bd810f796473ac28e64ceff789b7b0a02dd72ef1d6221c564a6ac7930a8e3806f34c84b8b72236c046f079c85ddad546075951b734a1dfd827b93cf7e7689fa1146c946086db93e1fbedf2a340541e18d6eb02a1facd3c323c0e