ahssqld08d.ahs.state.vt.us

- State of Vermont -

Issued by GlobalSign Organization Validation CA - SHA256 - G2

About this certificate

This digital certificate with serial number 4a:a3:05:a3:d3:73:9f:06:64:76:e0:87 was issued on by GlobalSign nv-sa.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

State of Vermont

Organization: State of Vermont
State / Province: Vermont
Locality: Montpelier
Country: US

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 4a:a3:05:a3:d3:73:9f:06:64:76:e0:87
Serial Number (int): 23098972269265114818122539143
Serial Number lenght: 95 bits, 12 octets

SubjectKeyId: 3a:76:ad:13:5b:0a:62:5a:ea:2c:83:0a:db:80:04:9d:19:d5:78:01
AuthorityKeyId: 96:de:61:f1:bd:1c:16:29:53:1c:c0:cc:7d:3b:83:00:40:e6:1a:7c

Fingerprint (sha1): 48:73:e4:c4:f4:b2:9f:0c:11:19:31:f5:78:01:60:c5:69:99:ac:a3
Fingerprint (sha256): 02:d8:71:8e:d5:50:a6:1e:4a:dd:bc:f2:3d:1e:4b:8f:6b:d3:0a:b1:f9:f5:df:69:9a:ab:e6:00:4d:6c:0e:52

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt

Revocation information

OCSP Server: http://ocsp2.globalsign.com/gsorganizationvalsha2g2
CRL Distribution Point: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

Check the revocation status for certificate ahssqld08d.ahs.state.vt.us

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ahssqld08d.ahs.state.vt.us

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ahssqld08d.ahs.state.vt.us

Other certificates including the domain name state.vt.us

(limited to 100 certificates)
erecruit.per.state.vt.us
gfs.dps.state.vt.us
ibi-montpelier-1.infosec.state.vt.us
anrmaps.vermont.gov
incapsula.com
nws.vdh.state.vt.us
vtmapir-admin.dvha.ahs.state.vt.us
incapsula.com
vjiss2.dps.state.vt.us
ahssqld08d.ahs.state.vt.us
vtcnp.doe.state.vt.us
devcms.sec.state.vt.us
incapsula.com
wave.ed.state.vt.us
tvie2140.infosec.state.vt.us
www.sec.state.vt.us
selfserve.education.state.vt.us
incapsula.com
docstar.dps.state.vt.us
www.sec.state.vt.us
nextest.dps.state.vt.us
www.ahsnet.ahs.state.vt.us
telecomservices.dii.state.vt.us
incapsula.com
citrix.ahs.state.vt.us
cag.state.vt.us
OBWFE2-TEST.ahs.state.vt.us
incapsula.com
incapsula.com
incapsula.com
dpsgisweb2.dps.state.vt.us
trader.administration.sec.state.vt.us
incapsula.com
ent-footprints.state.vt.us
incapsula.com
panopticon.infosec.state.vt.us
incapsula.com
fsdnet.ahs.state.vt.us
vepards.dps.state.vt.us
incapsula.com
OBWFEAPP5.ahs.state.vt.us
vepardswb2.dps.state.vt.us
www.sec.state.vt.us
view.leg.state.vt.us
incapsula.com
ahs-obwfeapp4-test.ahs.state.vt.us
obwfeapp7.ahs.state.vt.us
nws.vdh.state.vt.us
anrmaps.vermont.gov
incapsula.com
fsdnet.ahs.state.vt.us
fsdnet.ahs.state.vt.us
pike.atg.state.vt.us
nws.vdh.state.vt.us
*.vttaxnet.tax.state.vt.us
www.sec.state.vt.us
ftp2.tre.state.vt.us
incapsula.com
vtdpscrimentel.dps.state.vt.us
VEMservices.dps.state.vt.us
analytics.dps.state.vt.us
incapsula.com
DMVCIS01.aot.state.vt.us
citrix.labor.state.vt.us
*.erp.state.vt.us
secure.atg.state.vt.us
www.sec.state.vt.us
nws.vdh.state.vt.us
adfs.vtransweb.aot.state.vt.us
incapsula.com
slog-dvha.ahs.state.vt.us
incapsula.com
jury.eservices.crt.state.vt.us
vjiss2.dps.state.vt.us
incapsula.com
aotadfs.dps.state.vt.us
infoonmycase.ahs.state.vt.us
vepardscopweb.dps.state.vt.us
nomos.dps.state.vt.us
www.sec.state.vt.us
publicportal.courts.vt.gov
www.aot.state.vt.us
OBWFEAPP3.ahs.state.vt.us
anrnode.anr.state.vt.us
incapsula.com
ftp2.tre.state.vt.us
incapsula.com
mybenefits.ahs.state.vt.us
incapsula.com
www.brightfutures.dcf.state.vt.us
incapsula.com
anrnode.anr.state.vt.us
*.erp.state.vt.us
secure.education.state.vt.us
quick.ahs.state.vt.us
*.erp.state.vt.us
incapsula.com
cms.sec.state.vt.us
agocapcomplaint.atg.state.vt.us
alfresco.sec.state.vt.us

Certificate

The complete raw certificate details for ahssqld08d.ahs.state.vt.us in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgIMSqMFo9NznwZkduCHMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTgxMjAzMTkwMTEwWhcNMjAxMjAzMTkwMTEwWjB0MQswCQYDVQQGEwJV
UzEQMA4GA1UECBMHVmVybW9udDETMBEGA1UEBxMKTW9udHBlbGllcjEZMBcGA1UE
ChMQU3RhdGUgb2YgVmVybW9udDEjMCEGA1UEAxMaYWhzc3FsZDA4ZC5haHMuc3Rh
dGUudnQudXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFwAIGXMbK
7Re6s6vq5vTInSTkzW+KQ3f4MDWOxgUBeNMCA1ZxqPCsGnl+g2H4ZpGshO59tXP3
6oDCRMeZ/n/mTyYsCxHcAQEcnxTo7gksITGN8E8Ktj5dz30XY8yeLpmS4oH9Yrk+
7kmWAF07FKHj9MWyYiPY68sQHEm5MrFJJJ/j1ys5FarT5wGroBuj4CIQx393NFu1
v5MeKucdRUXG1IKAY8ZLdDg9waZioKsrVlsnZHa5BrLlOkAcH4utQBEIuzhc3RbC
C+ycsY9UkCmw67ho8OaCAJY2g0IHI4zR4UeVt2DUod2nd8KnWFBcEVXPIbF/75oR
U/wv1S1Hkq/HAgMBAAGjggIAMIIB/DAOBgNVHQ8BAf8EBAMCBaAwgaAGCCsGAQUF
BwEBBIGTMIGQME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24u
Y29tL2NhY2VydC9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMnIxLmNydDA/BggrBgEF
BQcwAYYzaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9u
dmFsc2hhMmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEW
Jmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAEC
AjAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuZ2xvYmFs
c2lnbi5jb20vZ3MvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIuY3JsMCUGA1UdEQQe
MByCGmFoc3NxbGQwOGQuYWhzLnN0YXRlLnZ0LnVzMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUOnatE1sKYlrqLIMK24AEnRnVeAEwHwYD
VR0jBBgwFoAUlt5h8b0cFilTHMDMfTuDAEDmGnwwEwYKKwYBBAHWeQIEAwEB/wQC
BQAwDQYJKoZIhvcNAQELBQADggEBAHFlUsiP7NZ0pzoyBq4jqN+hDWMce7gdheFH
Fa6I0qcNEd+2JcVc79x6Z73jcnaLwVFCsZNk7/Jm3VW7OzbG3G1/h1O3wrO6g5za
dUMJLqfTwHay5MovGulcULSCEhHjKoC62LKLzEGifTBBZG25uHHzUV4odRLm6Ivv
4ns5IbJqb1ixtXEXQXVmyiEtkL2IMEC/N9PTBMnCiP1jGrju5B8rcdf+HsmidfXA
1uXWPmSrMNUCvFQKvARDzYNyE2QsVtcMIK8gfap7HeC+fz8zVaJQNDGI3oTSZmAD
rfioe/DxbkHfGBC7BNx18ya7fQ3lJ4EL0YQaQeldvBKhyvCV+uU=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcACBlzGyu0XurOr6ub0
yJ0k5M1vikN3+DA1jsYFAXjTAgNWcajwrBp5foNh+GaRrITufbVz9+qAwkTHmf5/
5k8mLAsR3AEBHJ8U6O4JLCExjfBPCrY+Xc99F2PMni6ZkuKB/WK5Pu5JlgBdOxSh
4/TFsmIj2OvLEBxJuTKxSSSf49crORWq0+cBq6Abo+AiEMd/dzRbtb+THirnHUVF
xtSCgGPGS3Q4PcGmYqCrK1ZbJ2R2uQay5TpAHB+LrUARCLs4XN0WwgvsnLGPVJAp
sOu4aPDmggCWNoNCByOM0eFHlbdg1KHdp3fCp1hQXBFVzyGxf++aEVP8L9UtR5Kv
xwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 23098972269265114818122539143
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign Organization Validation CA - SHA256 - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-12-03 19:01:10 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-12-03 19:01:10 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Vermont'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Montpelier'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'State of Vermont'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ahssqld08d.ahs.state.vt.us'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24963628707398664081473873647968970258297311197770146509308693070395361448349377245781541340862674755499737301195889333367625525084762613044615373246411124180224913122132400121472826731016984407222502784382574177264557967303259421606179564494039380684743695672696614697385748111924231116278240621214097558433537711028664116758591386927274942425124287448212783401539011657542507331206640743760853999113636742352794237114060666190533249939238494350579320087324842049138381265494935337829311884190024562955743783685135610826235782912544639328521112649200770127110638033443020718573597640664072010403670094246495405649863
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (147 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsorganizationvalsha2g2'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ahssqld08d.ahs.state.vt.us'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3a76ad135b0a625aea2c830adb80049d19d57801
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 96de61f1bd1c1629531cc0cc7d3b830040e61a7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00716552c88fecd674a73a3206ae23a8dfa10d631c7bb81d85e14715ae88d2a70d11dfb625c55cefdc7a67bde372768bc15142b19364eff266dd55bb3b36c6dc6d7f8753b7c2b3ba839cda7543092ea7d3c076b2e4ca2f1ae95c50b4821211e32a80bad8b28bcc41a27d3041646db9b871f3515e287512e6e88befe27b3921b26a6f58b1b57117417566ca212d90bd883040bf37d3d304c9c288fd631ab8eee41f2b71d7fe1ec9a275f5c0d6e5d63e64ab30d502bc540abc0443cd837213642c56d70c20af207daa7b1de0be7f3f3355a250343188de84d2666003adf8a87bf0f16e41df1810bb04dc75f326bb7d0de527810bd1841a41e95dbc12a1caf095fae5