iamservice.trendmicro.com

- Trend Micro Inc. -

Issued by AffirmTrust Certificate Authority - OV1

About this certificate

This digital certificate with serial number c2:fd:e3:c8:5a:36:b4:34:00:00:00:00:58:08:dc:40 was issued on by AffirmTrust.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Trend Micro Inc.

Organization: Trend Micro Inc.
State / Province: Texas
Locality: Irving
Country: US

AffirmTrust

Organization: AffirmTrust
Organization unit: See www.affirmtrust.com/repository
Country: CA

This certificate has expire since

Certificate Details

Serial Number (hex): c2:fd:e3:c8:5a:36:b4:34:00:00:00:00:58:08:dc:40
Serial Number (int): 259188502268015306378788394531688078400
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 31:6c:59:ce:c8:d0:f1:59:e9:42:fb:5d:f2:01:df:ec:0c:2b:b1:2c
AuthorityKeyId: fe:60:c3:0d:a4:a2:9d:21:4f:7a:78:4c:62:c5:db:14:fc:39:78:c4

Fingerprint (sha1): b3:ed:75:ae:f0:12:24:8a:9a:17:f6:cf:bb:34:51:95:28:13:4c:5c
Fingerprint (sha256): 03:12:82:55:28:8e:96:17:16:bd:dc:8f:aa:5d:d5:75:ee:8d:8b:bf:b7:11:f6:81:16:3f:f0:ec:98:f4:ca:14

Issuing Certificate URL: http://aia.affirmtrust.com/aftov1ca.crt

Revocation information

OCSP Server: http://ocsp.affirmtrust.com
CRL Distribution Point: http://crl.affirmtrust.com/crl/aftov1ca.crl

Check the revocation status for certificate iamservice.trendmicro.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for iamservice.trendmicro.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

iamservice.trendmicro.com

Other certificates including the domain name trendmicro.com

(limited to 100 certificates)
sec-adv.trendmicro.com
sls-xdrrxrs131test.dev-us-east-2.parsley.trendmicro.com
*.storage.trendmicro.com
*.trendmicro.com
tmx.trendmicro.com
int.sspm.trendmicro.com
prdu-selectsupportemea.trendmicro.com
vanity3.lithium.com
sam.trendmicro.com
*.trendmicro.com
*.etdl.trendmicro.com
xdr.nacloud.trendmicro.com
filestorage.sg-1.dev-cloudone.trendmicro.com
*.eks.trendmicro.com
file-uk.trendmicro.com
sec-adv-admin.trendmicro.com
twcommercial01.jenkinsci.trendmicro.com
vanity7.jiveon.com
*.p1rd1.sps-endpoint-beta.trendmicro.com
newsletters.trendmicro.com
p225b2.dev-us-east-2.parsley.trendmicro.com
renewonlinestg.trendmicro.com
audit.trend-us-1.cloudone.trendmicro.com
devops-jenkins-pci.luwak.trendmicro.com
doctorlevel.trendmicro.com
www.trendmicro.com
misp.research.trendmicro.com
*.prod-eu-central-1.wfxdr.trendmicro.com
stg.fbbot.tmcc.csoc.trendmicro.com
vault-stg.trendmicro.com
liberalapi-tmp.sdi.trendnet.org
tableau-consumer.trendmicro.com
documents.trendmicro.com
*.trendmicro.com
iotserver-staging.trendmicro.com
newsroom.trendmicro.com
*.iws.trendmicro.com
*.osscan.trendmicro.com
*.alpha.consumervpn.trendmicro.com
tmpn.trendmicro.com
*.auth.trendmicro.com
intsearch.trendmicro.com
vanity4.lithium.com
ocm-it.br.secops.trendmicro.com
*.dc1.beta.storage.trendmicro.com
trendeorders-emea-staging.trendmicro.com
*.giss.trendmicro.com
doctorone.baplsstage.trendmicro.com
*.appletuner.trendmicro.com
cloudresources.jp-1.cloudone.trendmicro.com
dashboard.app-protect.trendmicro.com
*.giss.trendmicro.com
*.login-stg.trendmicro.com
projects.us-1.cloudone.trendmicro.com
tmcc.trendmicro.com
accounts.trend-us-1.dev-cloudone.trendmicro.com
licenseupdate2.trendmicro.com
sdl-int.visionone.trendmicro.com
au-phase.activeupdate.trendmicro.com
sls-xdrrp190b8.dev-us-east-1.parsley.trendmicro.com
premiumservices.trendmicro.com
*.manage.trendmicro.com
cloudaccounts-ui-us.xdr.trendmicro.com
api.securityportal-stg.trendmicro.com
*.beta.consumervpn.trendmicro.com
go2.trendmicro.com
gpt-playground-plugin-jp.trendmicro.com
*.jarvis.trendmicro.com
projects.au-1.dev-cloudone.trendmicro.com
*.consumervpn.trendmicro.com
*.trendmicro.com
conformity.us-1.staging-cloudone.trendmicro.com
sslauto.itdev.trendmicro.com
dispatch01.trendmicro.com
iamservice.trendmicro.com
event-forwarder.ca-1.cloudone.trendmicro.com
siteseal01.trendmicro.com
cloudaccounts.in-1.cloudone.trendmicro.com
*.ml-tool.trendmicro.com
us.imhs-ws.trendmicro.com
*.trendmicro.com
corpit-dispatch.trendmicro.com
deepsecurity.trendmicro.com
artifactscan.us-1.cloudone.trendmicro.com
*.trendmicro.com
*.p1qa2.sps-endpoint-beta.trendmicro.com
*.isday.trendmicro.com
*.devhw.sps-endpoint-beta.trendmicro.com
drilsnr.trendmicro.com
workload.us-1.cloudone.trendmicro.com
jr.trendmicro.com
*.wfbs-svc.trendmicro.com
*.test.giss.trendmicro.com
rule.tip.trendmicro.com
*.giss.trendmicro.com
mcs.trendmicro.com
mktdatamart.trendmicro.com
filestorage.ca-1.cloudone.trendmicro.com
tsm.dev-cloudone.trendmicro.com
*.trendmicro.com

Certificate

The complete raw certificate details for iamservice.trendmicro.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHIDCCBgigAwIBAgIRAML948haNrQ0AAAAAFgI3EAwDQYJKoZIhvcNAQELBQAw
gYIxCzAJBgNVBAYTAkNBMRQwEgYDVQQKEwtBZmZpcm1UcnVzdDErMCkGA1UECxMi
U2VlIHd3dy5hZmZpcm10cnVzdC5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnQWZm
aXJtVHJ1c3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gT1YxMB4XDTE5MDQxMDAx
MzMxMFoXDTIxMDQxMDAyMDMwOFowbTELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRl
eGFzMQ8wDQYDVQQHEwZJcnZpbmcxGTAXBgNVBAoTEFRyZW5kIE1pY3JvIEluYy4x
IjAgBgNVBAMTGWlhbXNlcnZpY2UudHJlbmRtaWNyby5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCq03g+ITVwKAxtvi4jXXoKfTdFhmDd0fex9SV1
9qwND0lEORDcOMK3JONSl19urAVBpyvVSMlWGlGPRCpU4Xbg3FVQKl/2Gdv6leTr
dq3VdAi/F/wfX2DJBd2+ODUhSntNbAparRZer6r+F3zaYZHCXOGwXRlGa6dsE1Xw
2S0mjuwRUc6LdhLO1NUf/b6u/C/kuuJmHMxlTGTzMbXWluXyK3jRB7OnrKTu3vVo
D/pwazpkJPNKrpbP9dDeK/GkwihKw668kctekB13V+o1hnHoXEm6/VOF1AKRji+h
oQRoW0GDWk5HySJ+ZsoWfyUbdrUSNmKMa6Qt66jE6XdYmYGBAgMBAAGjggOjMIID
nzAkBgNVHREEHTAbghlpYW1zZXJ2aWNlLnRyZW5kbWljcm8uY29tMIIB9gYKKwYB
BAHWeQIEAgSCAeYEggHiAeAAdwCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/
XqCDDwAAAWoE/Bp4AAAEAwBIMEYCIQCHWc+92uemrENlhbir9/cp7Iby2KnhOOQU
Q1+dkjlb9AIhANCFUlI/C+r0JUu5DvvLpYSBhZiftKEmru0mFJ6IY6/mAHYAVYHU
whaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFqBPwaoQAABAMARzBFAiEA
vHjo8PqFHqrXt8LsOmmd6iUxb0V37DtQdDQfBQKiPe0CID3KKGFZ8UoaYv1TcQlp
1bQM2GLQ+O7E+sfFTc3G2HTnAHUAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SY
VdaJ0N0AAAFqBPwatAAABAMARjBEAiA1F5UaErAtk4fGlaMsbk4ZcXz30N8ZvYCP
LfLTrb2f2gIgN2lBWCtF2zYtUzoMzPnZdSjN00KVGDGa8ePzHP+O6m4AdgC72d+8
H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWoE/Bq2AAAEAwBHMEUCIQC6
AEwI0oZqcAK8lfXzJRNQ0hCk83+s4dg0Rd41epng1AIgF7EVaS4IeyNfid8ct+/j
/zUpkqRurWhIK+pohl2on7IwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAJBgNVHRMEAjAAMGwGCCsGAQUFBwEBBGAwXjAnBggr
BgEFBQcwAYYbaHR0cDovL29jc3AuYWZmaXJtdHJ1c3QuY29tMDMGCCsGAQUFBzAC
hidodHRwOi8vYWlhLmFmZmlybXRydXN0LmNvbS9hZnRvdjFjYS5jcnQwVwYDVR0g
BFAwTjBCBgorBgEEAYKPCQIFMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3LmFm
ZmlybXRydXN0LmNvbS9yZXBvc2l0b3J5MAgGBmeBDAECAjA8BgNVHR8ENTAzMDGg
L6AthitodHRwOi8vY3JsLmFmZmlybXRydXN0LmNvbS9jcmwvYWZ0b3YxY2EuY3Js
MB8GA1UdIwQYMBaAFP5gww2kop0hT3p4TGLF2xT8OXjEMB0GA1UdDgQWBBQxbFnO
yNDxWelC+13yAd/sDCuxLDANBgkqhkiG9w0BAQsFAAOCAQEASNg9mL1nRh5Cn0Pn
iS0sQ//vUpzp4CxqV5u/eoy+T42uavCzV++L+49KKPXq5ZWMoSu5PSONGF9CVARI
Ir/jJexcPCgufI0muQMsUnoqCjrEL9uQQzQy+ImETMY7XHWzJqys/GcI5Gvl0P+P
PQlESv2ruPS7Bwt/ggqYMHaJlL6BiDhpt0KxA2sK546DBhYvQimmcdg1yq14Kj26
9YysnIJYVvk2l5PakRxAZvLLh7KUYWE+crz9sqpobyueiFjTjuQw+hjrtjqApYBL
sgoVe+cKIlTCiTpo5xxX90NPoQXhB/tvpA7FBdbpZyG8bNBKxG3o2zkItbtCBUX3
S2dbzw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtN4PiE1cCgMbb4uI116
Cn03RYZg3dH3sfUldfasDQ9JRDkQ3DjCtyTjUpdfbqwFQacr1UjJVhpRj0QqVOF2
4NxVUCpf9hnb+pXk63at1XQIvxf8H19gyQXdvjg1IUp7TWwKWq0WXq+q/hd82mGR
wlzhsF0ZRmunbBNV8NktJo7sEVHOi3YSztTVH/2+rvwv5LriZhzMZUxk8zG11pbl
8it40Qezp6yk7t71aA/6cGs6ZCTzSq6Wz/XQ3ivxpMIoSsOuvJHLXpAdd1fqNYZx
6FxJuv1ThdQCkY4voaEEaFtBg1pOR8kifmbKFn8lG3a1EjZijGukLeuoxOl3WJmB
gQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 259188502268015306378788394531688078400
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'AffirmTrust'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.affirmtrust.com/repository'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'AffirmTrust Certificate Authority - OV1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-04-10 01:33:10 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-04-10 02:03:08 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Texas'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Irving'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Trend Micro Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'iamservice.trendmicro.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21564791438879473898864403060162405219086416243359648267123908278861510572167799468304022341025263610518678159657974476082319078895554375076566154948950519938320028757199947516586121756639533472367894304444923683620120728398210880648427117454817994254595547600829188619719731909485105447792308794578708026489367581773892260782187605464528124678071158529667553220628363131014311631656056739340497677355673135407379169896164509718921656078337744080899203704607918979128669970946839086032085565873477631477780742588046051862823696982352412056105683986057981951415101955285603643822455060839498284931043382351972817011073
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (29 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iamservice.trendmicro.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (486 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (482 bytes)
							01e00077008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016a04fc1a7800000403004830460221008759cfbddae7a6ac436585b8abf7f729ec86f2d8a9e138e414435f9d92395bf4022100d08552523f0beaf4254bb90efbcba5848185989fb4a126aeed26149e8863afe60076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000016a04fc1aa10000040300473045022100bc78e8f0fa851eaad7b7c2ec3a699dea25316f4577ec3b5074341f0502a23ded02203dca286159f14a1a62fd53710969d5b40cd862d0f8eec4fac7c54dcdc6d874e70075005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000016a04fc1ab4000004030046304402203517951a12b02d9387c695a32c6e4e19717cf7d0df19bd808f2df2d3adbd9fda0220376941582b45db362d533a0cccf9d97528cdd3429518319af1e3f31cff8eea6e007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016a04fc1ab60000040300473045022100ba004c08d2866a7002bc95f5f3251350d210a4f37face1d83445de357a99e0d4022017b115692e087b235f89df1cb7efe3ff352992a46ead68482bea68865da89fb2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (96 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.affirmtrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.affirmtrust.com/aftov1ca.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (80 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.34697.2.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.affirmtrust.com/repository'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (53 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.affirmtrust.com/crl/aftov1ca.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName fe60c30da4a29d214f7a784c62c5db14fc3978c4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							316c59cec8d0f159e942fb5df201dfec0c2bb12c
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0048d83d98bd67461e429f43e7892d2c43ffef529ce9e02c6a579bbf7a8cbe4f8dae6af0b357ef8bfb8f4a28f5eae5958ca12bb93d238d185f4254044822bfe325ec5c3c282e7c8d26b9032c527a2a0a3ac42fdb90433432f889844cc63b5c75b326acacfc6708e46be5d0ff8f3d09444afdabb8f4bb070b7f820a9830768994be81883869b742b1036b0ae78e8306162f4229a671d835caad782a3dbaf58cac9c825856f9369793da911c4066f2cb87b29461613e72bcfdb2aa686f2b9e8858d38ee430fa18ebb63a80a5804bb20a157be70a2254c2893a68e71c57f7434fa105e107fb6fa40ec505d6e96721bc6cd04ac46de8db3908b5bb420545f74b675bcf