*.apps.eul.sncf.fr

- SOCIÉTÉ NATIONALE SNCF SA -

Issued by GeoTrust TLS RSA CA G1

About this certificate

This digital certificate with serial number 04:9b:03:0f:04:73:dd:ef:b6:4f:a0:f2:47:88:5a:14 was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

SOCIÉTÉ NATIONALE SNCF SA

Organization: SOCIÉTÉ NATIONALE SNCF SA
State / Province: Île-de-France
Locality: Saint-Denis
Country: FR

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 04:9b:03:0f:04:73:dd:ef:b6:4f:a0:f2:47:88:5a:14
Serial Number (int): 6121780033241825016456296955734678036
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 31:43:5f:99:6f:a9:48:6c:9e:4f:4e:25:86:89:84:13:ad:d6:98:6f
AuthorityKeyId: 94:4f:d4:5d:8b:e4:a4:e2:a6:80:fe:fd:d8:f9:00:ef:a3:be:02:57

Fingerprint (sha1): fd:4c:8c:68:9d:94:7b:29:14:ec:b0:b2:a4:79:da:c4:81:ab:ac:d0
Fingerprint (sha256): 03:4b:0c:72:79:88:04:1a:30:9e:e0:4d:2d:e2:2d:e2:a5:86:eb:ce:d9:e1:17:08:37:a6:99:97:ae:62:6b:a3

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl

Check the revocation status for certificate *.apps.eul.sncf.fr

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.apps.eul.sncf.fr

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.apps.eul.sncf.fr
apps.eul.sncf.fr

Other certificates including the domain name sncf.fr

(limited to 100 certificates)
pre-atlas-travaux.sso.reseau.sncf.fr
*.carmen.sncf.fr
octave-api-dev.sncf.fr
www.EME-portailSSO-sncf.com
*.apps.eul.sncf.fr
vdixenpilote.sncf.fr
cert00089-azurecdn.akamaized.net
formtractiontv.sncf.fr
*.sncfconnect.com
rhobs-archives-dev.sncf.fr
smartoffice.sncf.fr
seminaire-rh-2017.sncf.fr
seminaire-rh-2017.sncf.fr
postprod-pcs-reponse.reseau.sncf.fr
test-slan.sncf.fr
resultats-labo-paris.sncf.fr
cypres-api-int.sncf.fr
matomo.fd.sncf.fr
sncf.com
pmad.reseau.sncf.com
int.auth.sso.reseau.sncf.fr
sncf.com
mattv.sncf.fr
sts.commun.ad.sncf.fr
alerte-transilien.sncf.fr
dev-prospectus.sncf.fr
orion-connect-form.sncf.fr
accessibilite.sncf.com
sources.fd.sncf.fr
monacademie.sncf.fr
pdvf-rec.sncf.fr
cert00089-azurecdn.akamaized.net
robustest-cerbere.dgexsol.sncf.fr
postprod-fit.reseau.sncf.fr
s2if-gie.sncf.com
cert00089-azurecdn.akamaized.net
preprod-pcs-reponse.reseau.sncf.fr
mestrainsdhier.fd.sncf.fr
monacademie.sncf.fr
*.fret.sncf.com
localiter.sncf.fr
bonneannee.sncf.fr
test-slan.sncf.fr
catalogue-formation-fret.sncf.fr
resultats-labo-lyon.sncf.fr
preprod-apies-np.sncf.fr
netkin.eu
laboutiqueeco.sncf.fr
quizrh.sncf.fr
cashsolutions.sncf.fr
enquete-client.dgii.sncf.fr
form-papact.prevention.sncf.fr
*.ase-01-e2-pr.cloud.sncf.fr
poc.portail-citrix.reseau.sncf.fr
moter-recette.sncf.fr
netkin.eu
recette1.ticketing-sncf.vsct.fr
mon-assistant-visuel-int.sncf.fr
veillesst.prevention.sncf.fr
sncfcontact.sncf.fr
form.prevention.sncf.fr
www.srtpf.fr
siph.sso.reseau.sncf.fr
viveletrain-forumemploi.sncf.fr
www.tech.sncf.fr
declic-for.infra.sncf.fr
*.api-np.sncf.fr
*.accessly.divadigital.sncf.fr
int-auth.sso.reseau.sncf.fr
contact-contravention-integration.sncf.fr
recette1.ticketing-sncf.vsct.fr
diva.sncf.fr
dev-apies-np.sncf.fr
matomo.fd.sncf.fr
*.dashboardly.divadigital.sncf.fr
preprod-apies-np.sncf.fr
netkin.eu
hospitalite-france2019.sncf.fr
themis-regles-dev.sncf.fr
design-bootstrap.sncf.fr
mestrainsdhier.fd.sncf.fr
netkin.eu
g11-ref-optimum.sncf.fr
snr.infra.eva.sncf.fr
preprod-stockfds-webapi.prevention.sncf.fr
dev-salto-iamapp.sncf.fr
recette1.ticketing-sncf.vsct.fr
myuds.sncf.fr
*.staging.aks.eul.sncf.fr
ouranos-int.sncf.fr
laboutiqueeco.sncf.fr
oui.sncf
webstats.sncf.fr
cert00089-azurecdn.akamaized.net
e-logement.sncf.fr
rec-beb.basic-ng.exp.reseau.sncf.fr
*.sncfconnect.com
formation-dsdm.reseau.sncf.fr
banque-des-preuves-rse.sncf.fr
sources.fd.sncf.fr

Certificate

The complete raw certificate details for *.apps.eul.sncf.fr in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGKzCCBROgAwIBAgIQBJsDDwRz3e+2T6DyR4haFDANBgkqhkiG9w0BAQsFADBg
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZHZW9UcnVzdCBUTFMgUlNBIENBIEcx
MB4XDTIzMTIxNzAwMDAwMFoXDTI1MDExNjIzNTk1OVowfzELMAkGA1UEBhMCRlIx
FzAVBgNVBAgMDsOObGUtZGUtRnJhbmNlMRQwEgYDVQQHEwtTYWludC1EZW5pczEk
MCIGA1UECgwbU09DScOJVMOJIE5BVElPTkFMRSBTTkNGIFNBMRswGQYDVQQDDBIq
LmFwcHMuZXVsLnNuY2YuZnIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQDi2TTEZMnRBrrfkXX89E71zGixk23osUdnwEYD6E/2dFRJuOYKPRRL5VQimV11
UxhReWBML6+sIO9LMrg590sd/JaRsSYwqdjhR7760Z2VqyXwGg2NScn2zMTpJ6rX
Qp9Fj53XxlytyEoj6c2+kpMBWFMu71LgIJ7GZgO5asNsJgtrF7TwTwufHEOCVFed
VFZUvEHINaZ7J337/6XG8yAAvzoOM2toHhx1yJYEXCIgOybu4OJ1LO4aJhlkMCqC
5AFScaEw7PS+ulnLHSEJcGv1fQ0uEVOq9jB9Cmg9yDjSvsqlexqzGZB0nfCk9L7o
VAEZSFV2O8ZPV2rGaPj1UYLYkv5pG8b0JzG+9rMOTOGUSSkFzCts1+D28OzG78lT
TciXxoYF36ve3BIIbNzKgR1kOUu2UcBuVExqArvAAn9izHnN7psTrwBZj8gYWAb8
1IXo1NTRQggYDO6IWbDSI7hRakfiqRyfqSiTcaLHBDCZOr99Q5wMgAG3bpztyd5Q
o/Vq5mjzudIeQ6eAj7rEMcUrck1Qn1FCx+33mlFHOCQawdR7lWLLuDrOeEjM4VgU
N1q1GCALKdM+KB5u29FPsuS0bANeetbHGPwvR8/LBrNd+g/3Z16jf3IjLcQvyw8D
yD1yw0KxOMF/UHOOhwwGU20AgqsRWZjSlAWHljHUEX0moQIDAQABo4IBwDCCAbww
HwYDVR0jBBgwFoAUlE/UXYvkpOKmgP792PkA76O+AlcwHQYDVR0OBBYEFDFDX5lv
qUhsnk9OJYaJhBOt1phvMC8GA1UdEQQoMCaCEiouYXBwcy5ldWwuc25jZi5mcoIQ
YXBwcy5ldWwuc25jZi5mcjA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUF
BwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA/BgNVHR8EODA2MDSgMqAw
hi5odHRwOi8vY2RwLmdlb3RydXN0LmNvbS9HZW9UcnVzdFRMU1JTQUNBRzEuY3Js
MHYGCCsGAQUFBwEBBGowaDAmBggrBgEFBQcwAYYaaHR0cDovL3N0YXR1cy5nZW90
cnVzdC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNlcnRzLmdlb3RydXN0LmNv
bS9HZW9UcnVzdFRMU1JTQUNBRzEuY3J0MAwGA1UdEwEB/wQCMAAwEwYKKwYBBAHW
eQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAAu+m5waJRn7NzbFZM+Umm/i
07jg6abVG/XPTSAVw1cvLlyZFepx4Wss095Rw/khHXFLjW4RoURb/jkgNYv0Bheh
iuZm6p8tzaiRfvOmmi8cd5IYKatXNZpmgclO/MEGdB4j9nh9Dh1kK1+oMpOkbj7g
TVhd/L8g1rUQwnmAb0sNGFyAQq8ci+rBYy7JNLeQ7KauIhtsvJ+DLyidaeqBpbZr
QlPyVe2kwFw2zKD6rE2k9PyZfjZpuVwN8Bq1QVlWW6lTe9CpozmkvPZwjR+119UU
qr4XFsfPNaNOeftaw4Xf1IJ7BJYTqDTW7vsqRh1MbZh8m6NskKZelymO1d74Z8Q=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4tk0xGTJ0Qa635F1/PRO
9cxosZNt6LFHZ8BGA+hP9nRUSbjmCj0US+VUIplddVMYUXlgTC+vrCDvSzK4OfdL
HfyWkbEmMKnY4Ue++tGdlasl8BoNjUnJ9szE6Seq10KfRY+d18ZcrchKI+nNvpKT
AVhTLu9S4CCexmYDuWrDbCYLaxe08E8LnxxDglRXnVRWVLxByDWmeyd9+/+lxvMg
AL86DjNraB4cdciWBFwiIDsm7uDidSzuGiYZZDAqguQBUnGhMOz0vrpZyx0hCXBr
9X0NLhFTqvYwfQpoPcg40r7KpXsasxmQdJ3wpPS+6FQBGUhVdjvGT1dqxmj49VGC
2JL+aRvG9CcxvvazDkzhlEkpBcwrbNfg9vDsxu/JU03Il8aGBd+r3twSCGzcyoEd
ZDlLtlHAblRMagK7wAJ/Ysx5ze6bE68AWY/IGFgG/NSF6NTU0UIIGAzuiFmw0iO4
UWpH4qkcn6kok3GixwQwmTq/fUOcDIABt26c7cneUKP1auZo87nSHkOngI+6xDHF
K3JNUJ9RQsft95pRRzgkGsHUe5Viy7g6znhIzOFYFDdatRggCynTPigebtvRT7Lk
tGwDXnrWxxj8L0fPywazXfoP92deo39yIy3EL8sPA8g9csNCsTjBf1BzjocMBlNt
AIKrEVmY0pQFh5Yx1BF9JqECAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 6121780033241825016456296955734678036
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust TLS RSA CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-17 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-16 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Île-de-France'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Saint-Denis'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'SOCIÉTÉ NATIONALE SNCF SA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.apps.eul.sncf.fr'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 925460979943071744290958170585235661081722114353852842146400418203992081545659656580048784235067440596233704055440404703757415927785689813821017296903862485249822712653783939204966102862572341374476908756726508939112994635305546770264070667836410027490700175930127870502746738403957107171943796803429874048192109114767304672447480826387973947556815304962037550740161404325949549744239434769010602061895363567124994144581283057971722547911164201684339549782975559173047423849861743681467537522758821421413374133710618695535104055671324345623031463093579582667710643308907665918333975493240978828172261677341762711387166975029641011871880451214072282006327919173180195465751714711217618605355128003251962625433377448275965733195502610480426123622655996558284102158427861114598009923305023296263851680061137720406634687001731343281322925389709791549591261164303017620822738435455188666980946269648137666359084332442663373323442557218802490188778148118084165246300733169580224612465956689215982587972559294421280246978148691090223434898212711577812952456237206759094844541355286915309856323716703305536535002719575306072230073726610148432210940084461095442310566472097040513108951473461743705907687101243279179940034494307485179893851809
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 944fd45d8be4a4e2a680fefdd8f900efa3be0257
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							31435f996fa9486c9e4f4e2586898413add6986f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.apps.eul.sncf.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apps.eul.sncf.fr'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000bbe9b9c1a2519fb3736c564cf949a6fe2d3b8e0e9a6d51bf5cf4d2015c3572f2e5c9915ea71e16b2cd3de51c3f9211d714b8d6e11a1445bfe3920358bf40617a18ae666ea9f2dcda8917ef3a69a2f1c77921829ab57359a6681c94efcc106741e23f6787d0e1d642b5fa83293a46e3ee04d585dfcbf20d6b510c279806f4b0d185c8042af1c8beac1632ec934b790eca6ae221b6cbc9f832f289d69ea81a5b66b4253f255eda4c05c36cca0faac4da4f4fc997e3669b95c0df01ab54159565ba9537bd0a9a339a4bcf6708d1fb5d7d514aabe1716c7cf35a34e79fb5ac385dfd4827b049613a834d6eefb2a461d4c6d987c9ba36c90a65e97298ed5def867c4