*.returnmailservices.ricoh-usa.com

- Ricoh USA, Inc. -

Issued by AffirmTrust Certificate Authority - OV1

About this certificate

This digital certificate with serial number 23:b4:60:29:59:b0:91:7a:00:00:00:00:58:08:49:bf was issued on by AffirmTrust.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Ricoh USA, Inc.

Organization: Ricoh USA, Inc.
State / Province: New Jersey
Locality: West Caldwell
Country: US

AffirmTrust

Organization: AffirmTrust
Organization unit: See www.affirmtrust.com/repository
Country: CA

This certificate has expire since

Certificate Details

Serial Number (hex): 23:b4:60:29:59:b0:91:7a:00:00:00:00:58:08:49:bf
Serial Number (int): 47459543674442561981961955664349120959
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: a9:5b:4b:e9:72:ee:73:b7:29:a9:79:a9:3b:16:a7:6a:90:df:f0:6a
AuthorityKeyId: fe:60:c3:0d:a4:a2:9d:21:4f:7a:78:4c:62:c5:db:14:fc:39:78:c4

Fingerprint (sha1): 06:ab:e5:c2:21:14:e7:1a:a4:db:9d:fb:24:84:9b:ae:a0:7b:a6:b4
Fingerprint (sha256): 03:3f:5b:e6:9c:f7:cf:7a:c0:d1:b4:08:21:14:e1:37:64:7d:05:8d:5b:06:0f:ed:f2:3b:e7:41:33:14:9b:11

Issuing Certificate URL: http://aia.affirmtrust.com/aftov1ca.crt

Revocation information

OCSP Server: http://ocsp.affirmtrust.com
CRL Distribution Point: http://crl.affirmtrust.com/crl/aftov1ca.crl

Check the revocation status for certificate *.returnmailservices.ricoh-usa.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.returnmailservices.ricoh-usa.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.returnmailservices.ricoh-usa.com
returnmailservices.ricoh-usa.com

Other certificates including the domain name ricoh-usa.com

(limited to 100 certificates)
*.ricoh-usa.com
ssl1.ricoh-usa.com
adaptiveformstest.ricoh-usa.com
boulder-ssl1.ricoh-usa.com
*.returnmailservices.ricoh-usa.com
support.rpp.ricoh-usa.com
*.ricoh-usa.com
storefront.ricoh-usa.com
cs2.ricoh-usa.com
mdm.ricoh-usa.com
xen.ricoh-usa.com
*.ricoh-usa.com
*.ricoh-usa.com
events.ricoh-usa.com
rworld-test.ricoh-usa.com
portal.ricoh-usa.com
UCAAS2-CTPC1-01.ricoh-usa.com
UCAAS11-CTPC1-01.dev.ricoh-usa.com
mdm.ricoh-usa.com
rworld-test.ricoh-usa.com
mobileha.ricoh-usa.com
support.rpp.ricoh-usa.com
sts.ricoh-usa.com
UCAAS11-CUCPUB2-01.dev.ricoh-usa.com
newsroom.ricoh-usa.com
pb1.ricoh-usa.com
sts.dev.ricoh-usa.com
ucaas11-cup1-01.dev.ricoh-usa.com
*.ricoh-usa.com
ricohaps.ricoh-usa.com
boulder-ssl2.ricoh-usa.com
sts.ricoh-usa.com
sts.preprod.ricoh-usa.com
newsroom.ricoh-usa.com
*.awsdev.ricoh-usa.com
UCAAS2-UCMPUB2-01-ms.ricoh-usa.com
*.Ricoh-usa.com
jobs.ricoh-usa.com
*.ricoh-usa.com
UCAAS1-CTPC1-01.ricoh-usa.com
*.ricoh-usa.com
cs3.ricoh-usa.com
tec.ricoh-usa.com
cs3.ricoh-usa.com
rworld-test.ricoh-usa.com
*.ricoh-usa.com
rscc.ricoh-usa.com
thedocshop.ricoh-usa.com
events.ricoh-usa.com
sts.dev.ricoh-usa.com
iapoc.intelligentdelivery.ricoh-usa.com
*.ricoh-usa.com
ricohspha.ricoh-usa.com
ctpat.ricoh-usa.com
rworld-test.ricoh-usa.com
mobile3.ricoh-usa.com
*.Ricoh-usa.com
sts.ricoh-usa.com
PhishReporter.ricoh-usa.com
solutionfinder.ricoh-usa.com
*.ricoh-usa.com
ddpe.ricoh-usa.com
*.ricoh-usa.com
asklola.ricoh-usa.com
GA16ARTDEV01.ricoh-usa.com
*.ricoh-usa.com
lpo.ricoh-usa.com
mobile.ricoh-usa.com
comms.ricoh-usa.com
my.ricoh-usa.com
ssl1.ricoh-usa.com
sts.ricoh-usa.com
UCAAS2-CUCPUB2-01-ms.ricoh-usa.com
adaptiveformsdev.ricoh-usa.com
UCAAS11-VCSE-01B.dev.ricoh-usa.com
newsroom.ricoh-usa.com
ssl2.ricoh-usa.com
images.learn.ricoh-usa.com
sts.ricoh-usa.com
UCAAS2-UCMPUB2-01.ricoh-usa.com
ddpe.ricoh-usa.com
sts.preprod.ricoh-usa.com
portal.ricoh-usa.com
ssl2.ricoh-usa.com
UCAAS2-CUP2-01-ms.ricoh-usa.com
mobileha.ricoh-usa.com
UCAAS11-VCSE1-01A.dev.ricoh-usa.com
ucaas11-cucpub1-01-ms.dev.ricoh-usa.com
*.ricoh-usa.com
portal.ricoh-usa.com
gitcloud.awsdev.ricoh-usa.com
*.ricoh-usa.com
rworld.ricoh-usa.com
mobilepoc.ricoh-usa.com
my.ricoh-usa.com
rworld-test.ricoh-usa.com
xenapp.ricoh-usa.com
rworld.ricoh-usa.com
ssl2.ricoh-usa.com
*.ricoh-usa.com

Certificate

The complete raw certificate details for *.returnmailservices.ricoh-usa.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHXjCCBkagAwIBAgIQI7RgKVmwkXoAAAAAWAhJvzANBgkqhkiG9w0BAQsFADCB
gjELMAkGA1UEBhMCQ0ExFDASBgNVBAoTC0FmZmlybVRydXN0MSswKQYDVQQLEyJT
ZWUgd3d3LmFmZmlybXRydXN0LmNvbS9yZXBvc2l0b3J5MTAwLgYDVQQDEydBZmZp
cm1UcnVzdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBPVjEwHhcNMTgwMzIzMDQy
NzA5WhcNMjAwMzIzMDQ1NzA4WjCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5l
dyBKZXJzZXkxFjAUBgNVBAcTDVdlc3QgQ2FsZHdlbGwxGDAWBgNVBAoTD1JpY29o
IFVTQSwgSW5jLjErMCkGA1UEAwwiKi5yZXR1cm5tYWlsc2VydmljZXMucmljb2gt
dXNhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMrFbEMDUCvS
XjkAIt9M20h24NImHveMO34uBxrXDX/bafRwRUJYQpCD8UaM4E1w7vTJ9BZdXoRX
r0dlLzL6tuLm9MwIrq22vQRbXjFzVdN4ELzzwdh1kJ3nt63Ab3DVCPF8dwMv6Hcs
pyc0s8CK6oVdafD38MiFzcIx/oMPSMikqieuMeGA5XvFqZ9PukswouNjcN5jwTqj
V6xhmI7DFQziQO1qdpYN+4NphlLWnXgcXETY6ctnbnxBXEGA8bAKyC9txCRcxKO7
81UEt9hBGbOWg7xjlK/iz3GbxyLuPZ4aCDBg1n/Nre+aZOS13cCs1Q1o8w4CzCFK
sRsvsW27pWUCAwEAAaOCA80wggPJME8GA1UdEQRIMEaCIioucmV0dXJubWFpbHNl
cnZpY2VzLnJpY29oLXVzYS5jb22CIHJldHVybm1haWxzZXJ2aWNlcy5yaWNvaC11
c2EuY29tMIIB9QYKKwYBBAHWeQIEAgSCAeUEggHhAd8AdgDuS723dc5guuFCaR+r
4Z5mow9+X7By2IMAxHuJeqj9ywAAAWJRN7+8AAAEAwBHMEUCIH9nWMaiaU60H+y7
vMTwsbegI9F0BZmpzYtKhncZiqHpAiEAlR8oeRHdIIH01pHhPQ49tXrKNI/upkEz
2u6Ry1TKmsQAdgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWJR
N8KnAAAEAwBHMEUCIQCKYeKNyehm0brs2NO9sfC1HLL8uZ0g33hYBcFuNdLLVQIg
ItMBBgmKwEC702ZDJ8FxZA2f/KCtXGT9hHWGvBh2sq8AdQBWFAaaL9fC7NP14b1E
sj7HRna5vJkRXMDvlJhV1onQ3QAAAWJRN8QnAAAEAwBGMEQCIHwsC6rWWc7WVw7D
zJ118QEFhRfbLlXVxdhevK6phda/AiBSykGOjSYL63DRycDqwd1VpELgaB8Vcgp6
ohackUHKpQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABYlE3
xYEAAAQDAEcwRQIgdw2v8Jr2HGLCdF6BnDFQztZ0vNivWBti9vjfuTBy83QCIQD1
4r0JoXZHrYGFF3wdnurMbkWO4FAiahQlDYEjVMnBoDAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAkGA1UdEwQCMAAwbAYIKwYB
BQUHAQEEYDBeMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5hZmZpcm10cnVzdC5j
b20wMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuYWZmaXJtdHJ1c3QuY29tL2FmdG92
MWNhLmNydDBXBgNVHSAEUDBOMEIGCisGAQQBgo8JAgUwNDAyBggrBgEFBQcCARYm
aHR0cHM6Ly93d3cuYWZmaXJtdHJ1c3QuY29tL3JlcG9zaXRvcnkwCAYGZ4EMAQIC
MDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuYWZmaXJtdHJ1c3QuY29tL2Ny
bC9hZnRvdjFjYS5jcmwwHwYDVR0jBBgwFoAU/mDDDaSinSFPenhMYsXbFPw5eMQw
HQYDVR0OBBYEFKlbS+ly7nO3Kal5qTsWp2qQ3/BqMA0GCSqGSIb3DQEBCwUAA4IB
AQCVigwZ0YZJLHtF+F8CVfT5ShLGxG+4WJsYZUXY29lje3zsz7xQp0atPPI3p/V1
YpsiQ8qLEAa3McwzbL8DRGYEoqpZuMTYRq9C7WFYnQg+LCotHfkjxyh/7NdL38bW
FOeEXCqsDgT63BypaaN8xn6uWKZWxp/tGnLeeWIk6f46U6s6VRoV32bxoj5Q/4IN
G/X+yI8yXO6p6MQ5vhYaijuuxoLw0DJ75teM5BWUkdz1Z/DQVBtS6Rrli9Dbhkja
EClapYuX8KaHE2YcDJu8DXY6w7aS8EJ+7AncSbgehJ6wXyOmIGrnCX74dssNgqje
9aUe0KprdhLBaBaM1QOa0Tvx
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysVsQwNQK9JeOQAi30zb
SHbg0iYe94w7fi4HGtcNf9tp9HBFQlhCkIPxRozgTXDu9Mn0Fl1ehFevR2UvMvq2
4ub0zAiurba9BFteMXNV03gQvPPB2HWQnee3rcBvcNUI8Xx3Ay/odyynJzSzwIrq
hV1p8PfwyIXNwjH+gw9IyKSqJ64x4YDle8Wpn0+6SzCi42Nw3mPBOqNXrGGYjsMV
DOJA7Wp2lg37g2mGUtadeBxcRNjpy2dufEFcQYDxsArIL23EJFzEo7vzVQS32EEZ
s5aDvGOUr+LPcZvHIu49nhoIMGDWf82t75pk5LXdwKzVDWjzDgLMIUqxGy+xbbul
ZQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 47459543674442561981961955664349120959
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'AffirmTrust'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.affirmtrust.com/repository'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'AffirmTrust Certificate Authority - OV1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-03-23 04:27:09 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-23 04:57:08 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New Jersey'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'West Caldwell'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ricoh USA, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.returnmailservices.ricoh-usa.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25597490462309765019259005200868943497951884616192054965110341064767804344540942419689641194140749290260956651614532493733418216320612412143444438764459209541554696010083263062361701748699926854338998478353056434582516854606256326393161605296797484322119560736335533523833202338748774389257658130671246022800014179307890078625857943724421079615640292909947792353936945494712897483521038786329963893001042125136224756486000605029410238874090426529302534969122541239196400342039693733441387399880322739411782781372265677551489346020945400371976064521104919846306522623977236168053642945230687807839237587900458778469733
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (72 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.returnmailservices.ricoh-usa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'returnmailservices.ricoh-usa.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (485 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (481 bytes)
							01df007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb000001625137bfbc000004030047304502207f6758c6a2694eb41fecbbbcc4f0b1b7a023d1740599a9cd8b4a8677198aa1e9022100951f287911dd2081f4d691e13d0e3db57aca348feea64133daee91cb54ca9ac40076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d913000001625137c2a700000403004730450221008a61e28dc9e866d1baecd8d3bdb1f0b51cb2fcb99d20df785805c16e35d2cb55022022d30106098ac040bbd3664327c171640d9ffca0ad5c64fd847586bc1876b2af0075005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd000001625137c427000004030046304402207c2c0baad659ced6570ec3cc9d75f101058517db2e55d5c5d85ebcaea985d6bf022052ca418e8d260beb70d1c9c0eac1dd55a442e0681f15720a7aa2169c9141caa5007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10000001625137c58100000403004730450220770daff09af61c62c2745e819c3150ced674bcd8af581b62f6f8dfb93072f374022100f5e2bd09a17647ad8185177c1d9eeacc6e458ee050226a14250d812354c9c1a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (96 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.affirmtrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.affirmtrust.com/aftov1ca.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (80 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.34697.2.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.affirmtrust.com/repository'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (53 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.affirmtrust.com/crl/aftov1ca.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName fe60c30da4a29d214f7a784c62c5db14fc3978c4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a95b4be972ee73b729a979a93b16a76a90dff06a
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00958a0c19d186492c7b45f85f0255f4f94a12c6c46fb8589b186545d8dbd9637b7ceccfbc50a746ad3cf237a7f575629b2243ca8b1006b731cc336cbf03446604a2aa59b8c4d846af42ed61589d083e2c2a2d1df923c7287fecd74bdfc6d614e7845c2aac0e04fadc1ca969a37cc67eae58a656c69fed1a72de796224e9fe3a53ab3a551a15df66f1a23e50ff820d1bf5fec88f325ceea9e8c439be161a8a3baec682f0d0327be6d78ce4159491dcf567f0d0541b52e91ae58bd0db8648da10295aa58b97f0a68713661c0c9bbc0d763ac3b692f0427eec09dc49b81e849eb05f23a6206ae7097ef876cb0d82a8def5a51ed0aa6b7612c168168cd5039ad13bf1