usnconfig.net.rochester.edu

- University of Rochester -

Issued by InCommon RSA Server CA 2

About this certificate

This digital certificate with serial number 36:08:2e:04:91:31:96:96:e1:d2:15:9d:6c:86:36:08 was issued on by Internet2.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

University of Rochester

Organization: University of Rochester
State / Province: New York
Country: US

Internet2

Organization: Internet2
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 36:08:2e:04:91:31:96:96:e1:d2:15:9d:6c:86:36:08
Serial Number (int): 71820783499943428719242962640893785608
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 7e:0b:fc:35:65:18:f9:45:ed:ef:8a:12:ce:41:f4:3e:f9:91:78:39
AuthorityKeyId: ef:4c:00:92:a6:fb:76:2e:5e:95:e2:c9:5f:87:1b:19:d5:4d:e2:d9

Fingerprint (sha1): 81:e6:f5:09:36:59:e9:c5:cb:bc:9c:93:fe:8b:2a:be:81:f7:77:36
Fingerprint (sha256): 03:65:93:43:2b:c9:13:8f:96:bd:e9:6d:82:de:3a:67:a1:f2:75:4f:14:39:16:8d:25:bd:04:4d:40:3d:d6:97

Issuing Certificate URL: http://crt.sectigo.com/InCommonRSAServerCA2.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/InCommonRSAServerCA2.crl

Check the revocation status for certificate usnconfig.net.rochester.edu

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for usnconfig.net.rochester.edu

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

usnconfig.net.rochester.edu

Other certificates including the domain name rochester.edu

(limited to 100 certificates)
ertest-mctrain.urmc-sh.rochester.edu
sjelderk.digitalscholar.rochester.edu
*.givegab.com
us.prod.campusgroups.com
ercprd3-dr.urmc-sh.rochester.edu
lists.rochester.edu
mmolchan.digitalscholar.rochester.edu
sjelderk.digitalscholar.rochester.edu
caponech.dslab.digitalscholar.rochester.edu
cluster.technolutions.net
*.mc.rochester.edu
cluster3.technolutions.net
admissionwebdev.urmc.rochester.edu
tstuber.digitalscholar.rochester.edu
us.prod.campusgroups.com
fertilegroundroc.org
myidentity.rochester.edu
rna.urmc.rochester.edu
simonadm.rochester.edu
bis.urmc.rochester.edu
filemaker.ur.rochester.edu
corona-dmc-3.its.rochester.edu
rclomeka2.lib.rochester.edu
*.givegab.com
digitalelmina.org
msrl-gw.circ.rochester.edu
cvsnas4.cvs.rochester.edu
test.mcdonough.digitalscholar.rochester.edu
public-art.dslab.digitalscholar.rochester.edu
its-cyhy-up01.its.rochester.edu
swang.digitalscholar.rochester.edu
fogbugz.lle.rochester.edu
its-bblmap-ud02.its.rochester.edu
its-fmsweb-wp01.ur.rochester.edu
info.circ.rochester.edu
*.givegab.com
urspace.ur.rochester.edu
www.cse.rochester.edu
spoons.digitalscholar.rochester.edu
studentservices.ur.rochester.edu
healthlab.urmc.rochester.edu
cluster3.technolutions.net
*.givegab.com
khuskin.digitalscholar.rochester.edu
tstuber.digitalscholar.rochester.edu
tracker.ctcc.rochester.edu
dslab.digitalscholar.rochester.edu
itgovernance.ur.rochester.edu
s.patricksullivan.digitalscholar.rochester.edu
research.son.rochester.edu
wchui.digitalscholar.rochester.edu
illiad.lib.rochester.edu
its-uceapp-wq1.ur.rochester.edu
*.lle.rochester.edu
us.prod.campusgroups.com
son.rochester.edu
rochesteraliaspages-dev.ur.rochester.edu
ercd-epcs.urmc-sh.rochester.edu
wchui.digitalscholar.rochester.edu
arcgis.ur.rochester.edu
brainlabweb.urmc-sh.rochester.edu
yourhealth.rochester.edu
mulberry.lle.rochester.edu
cluster.technolutions.net
urwell.rochester.edu
usnconfig.net.rochester.edu
aths.digitalscholar.rochester.edu
its-uceapp-wt1.ur.rochester.edu
brainlabweb.urmc-sh.rochester.edu
voltage-pp-0000.ur.rochester.edu
cluster.technolutions.net
carolenasra.digitalscholar.rochester.edu
sbarrett.digitalscholar.rochester.edu
i2b2.urmc-sh.rochester.edu
helendavies.digitalscholar.rochester.edu
trials.ctcc.rochester.edu
tarmin2.circ.rochester.edu
uconnectlabs.com
pstestcont.acs.rochester.edu
cluster.technolutions.net
orbit.urmc.rochester.edu
sp-expcore01.urmc-sh.rochester.edu
connect.son.rochester.edu
its-cylancehybrid-ut1.ur.rochester.edu
lasso.rochester.edu
ucisarts.sa.digitalscholar.rochester.edu
idp.rochester.edu
*.givegab.com
*.givegab.com
rochestermd.urmc.rochester.edu
admissionsstage.urmc-sh.rochester.edu
www.cvs.rochester.edu
uofr.rochester.edu
urtransfer.ur.rochester.edu
totleben.digitalscholar.rochester.edu
its-bblmap-ud01.its.rochester.edu
spoons.digitalscholar.rochester.edu
tdzuba.digitalscholar.rochester.edu
us.prod.campusgroups.com
dev.lasso.rochester.edu

Certificate

The complete raw certificate details for usnconfig.net.rochester.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGdTCCBN2gAwIBAgIQNgguBJExlpbh0hWdbIY2CDANBgkqhkiG9w0BAQwFADBE
MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMSEwHwYDVQQDExhJbkNv
bW1vbiBSU0EgU2VydmVyIENBIDIwHhcNMjMxMjA2MDAwMDAwWhcNMjUwMTA1MjM1
OTU5WjBoMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxIDAeBgNVBAoT
F1VuaXZlcnNpdHkgb2YgUm9jaGVzdGVyMSQwIgYDVQQDExt1c25jb25maWcubmV0
LnJvY2hlc3Rlci5lZHUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCx
qZfv4UhcoNgfjMwh3q2zJpoDJbI5QejQPFCs7tx1bJP0Zq8jehQ04R4iSPa8fYEV
wuwpHJ+ymfJ2JvgN+A0v36peDSrBpZex1sBC2t5OmNJRkDZTziMq4D2BnX1KykYE
Bq5TWTNfO81fYPryNwl8E49aKlGZOmDZ97miW3Xskk/YXPJ3xuDc0w3aKOeX63pT
ihsFFEGOsVOL2UXpwK8PhBHOwgQMu4bxMEinRFnv6GE4zMCHfwIPpdRiEyafijU3
naFqD/TCw6opEU+SQms1QybmQDEF1Av//qgJV/+HMYlJZ1eEZVKqHgeqBV3SEyOg
Cq3mSGTIo/VjJexkJ+1n4luK3pG9O09OHXt3g2GC2FJVzKGnB058kYkmSwxPVF+X
ymaTT9Xq1u6U83IHXcPzQdD+z913ZTGdrGxGjns2VLn99JoViGK085MtWg2C8dEI
zQNuFVeVJvfnG08nYBUuXFHd0+6xlnJQDHOGUAP1i3zPovky3Wm0iESesuj0O8Tx
BwbLHl1UPo5pO0VIPA/Y4eu3piEeg7Wb2FFIfnkjhO5CydeYe63uGzk41N2CpzEV
FWaJcjg0Ncw3L5rfbj1i3rZqc6oTiItbQpp+eZfWsvSLY6Rr95O7j3Ss2StTqqAJ
fdkYo5KhaVsLPIZjXnBiNsKiuqrjUHKf0sLlt7WLkwIDAQABo4IBvTCCAbkwHwYD
VR0jBBgwFoAU70wAkqb7di5eleLJX4cbGdVN4tkwHQYDVR0OBBYEFH4L/DVlGPlF
7e+KEs5B9D75kXg5MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEB
AgJnMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeB
DAECAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnNlY3RpZ28uY29tL0lu
Q29tbW9uUlNBU2VydmVyQ0EyLmNybDBwBggrBgEFBQcBAQRkMGIwOwYIKwYBBQUH
MAKGL2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vSW5Db21tb25SU0FTZXJ2ZXJDQTIu
Y3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAmBgNVHREE
HzAdght1c25jb25maWcubmV0LnJvY2hlc3Rlci5lZHUwEwYKKwYBBAHWeQIEAwEB
/wQCBQAwDQYJKoZIhvcNAQEMBQADggGBAAOhuks7GK9/n5uGH1gsNOpHudmm48G0
JqZdIPhH6sf58uJqG/zXOvOXvlHQrNwiFDOQPp8B5+IzSIfxeo/q6g+G7z3DA/u0
0rq2iK6J/pv/Pxz5eUDu8xUPoIGaRWpacuXzCyYxvaL011qwo5SSZanhEFJlRMhj
OY5xHuCWOFwYYt6f6dMJ4QeT84/VXYgjIl79IV3FVsSXUhf1734XBjYF20C7QiZc
p8cZqCXUBC5gip/uio7TeymAVn2/xJ9tp6jxAEPoC994JjQiLclt5BOIeNha3gv4
dshod8ujbC6iUgpqKLLbHYQ3R1eeHPiKOuLYqEUFgaNKQiQPPz8pBIrde1D2WC0p
tANicpAIxoTQszd9eyTQ5h2zjl/X1DRVgXZC9DjQvV23OfMOv0Oq9qm4jAjfbZPN
+99DixbSBOJEVmsoErqKdkTTRV97TTL1eZqTQVZWK2Y5lq8sQUbAd7OCO3+8THbi
FU3jIsqBFzhaQnfYWvjGwjshpwRr7HOzzw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsamX7+FIXKDYH4zMId6t
syaaAyWyOUHo0DxQrO7cdWyT9GavI3oUNOEeIkj2vH2BFcLsKRyfspnydib4DfgN
L9+qXg0qwaWXsdbAQtreTpjSUZA2U84jKuA9gZ19SspGBAauU1kzXzvNX2D68jcJ
fBOPWipRmTpg2fe5olt17JJP2Fzyd8bg3NMN2ijnl+t6U4obBRRBjrFTi9lF6cCv
D4QRzsIEDLuG8TBIp0RZ7+hhOMzAh38CD6XUYhMmn4o1N52hag/0wsOqKRFPkkJr
NUMm5kAxBdQL//6oCVf/hzGJSWdXhGVSqh4HqgVd0hMjoAqt5khkyKP1YyXsZCft
Z+Jbit6RvTtPTh17d4NhgthSVcyhpwdOfJGJJksMT1Rfl8pmk0/V6tbulPNyB13D
80HQ/s/dd2UxnaxsRo57NlS5/fSaFYhitPOTLVoNgvHRCM0DbhVXlSb35xtPJ2AV
LlxR3dPusZZyUAxzhlAD9Yt8z6L5Mt1ptIhEnrLo9DvE8QcGyx5dVD6OaTtFSDwP
2OHrt6YhHoO1m9hRSH55I4TuQsnXmHut7hs5ONTdgqcxFRVmiXI4NDXMNy+a3249
Yt62anOqE4iLW0KafnmX1rL0i2Oka/eTu490rNkrU6qgCX3ZGKOSoWlbCzyGY15w
YjbCorqq41Byn9LC5be1i5MCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 71820783499943428719242962640893785608
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA Server CA 2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-06 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-05 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'University of Rochester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'usnconfig.net.rochester.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 724799660714111428917334323897462538614483920092917745106759835193811897773819387823205796709410068044628214222539238093892863986530675953319263149755054829204292573657265087872656649313368605917513412980443876149984404343932470203670379272191853882781509543316691440218799020814201013681485069982267466679042510118932250301577191887404929692307343486602481752573878968271897028986527855419329779021233352348017939427695766045096465338746306229278237273768709086026687156570596158346661792510196672374825357595003451147242980036314653059124516962997432702916264395905921665717388681071633058393770098336887110396684129718584095652724044381922235265594855798129538417893173112548684120992292092120744317825831489431171195801161103472640653902499289146678127978956913030488767356412139354389741368849233203706176744163742180282134805262022965222230530398556465931900212013114134328514202738335240487359915440150390991770509874961449693369153166034761747590005503538866529206893717462254370955440088285618758517828962010956041951184111744419930854092391782143477290624368000667432298841136277177739553118727413989683311805291119785715456378207359639923330303902791918925876634890851478615107161670366291840620025732497744609884067171219
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ef4c0092a6fb762e5e95e2c95f871b19d54de2d9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							7e0bfc356518f945edef8a12ce41f43ef9917839
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.103
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (57 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/InCommonRSAServerCA2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/InCommonRSAServerCA2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (31 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'usnconfig.net.rochester.edu'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (3072 bits)
		0003a1ba4b3b18af7f9f9b861f582c34ea47b9d9a6e3c1b426a65d20f847eac7f9f2e26a1bfcd73af397be51d0acdc221433903e9f01e7e2334887f17a8feaea0f86ef3dc303fbb4d2bab688ae89fe9bff3f1cf97940eef3150fa0819a456a5a72e5f30b2631bda2f4d75ab0a3949265a9e110526544c863398e711ee096385c1862de9fe9d309e10793f38fd55d8823225efd215dc556c4975217f5ef7e17063605db40bb42265ca7c719a825d4042e608a9fee8a8ed37b2980567dbfc49f6da7a8f10043e80bdf782634222dc96de4138878d85ade0bf876c86877cba36c2ea2520a6a28b2db1d843747579e1cf88a3ae2d8a8450581a34a42240f3f3f29048add7b50f6582d29b40362729008c684d0b3377d7b24d0e61db38e5fd7d43455817642f438d0bd5db739f30ebf43aaf6a9b88c08df6d93cdfbdf438b16d204e244566b2812ba8a7644d3455f7b4d32f5799a934156562b663996af2c4146c077b3823b7fbc4c76e2154de322ca8117385a4277d85af8c6c23b21a7046bec73b3cf