KPGEntrustTest-2.bestbuy.com

- Best Buy Co, Inc. -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number b9:26:e8:4f:ba:b9:65:35:00:00:00:00:50:f0:2d:04 was issued on by Entrust, Inc..

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Best Buy Co, Inc.

Organization: Best Buy Co, Inc.
State / Province: Minnesota
Locality: Richfield
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): b9:26:e8:4f:ba:b9:65:35:00:00:00:00:50:f0:2d:04
Serial Number (int): 246109198336674986791600585586905197828
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: fa:28:6f:a5:75:db:bd:cd:ad:3b:0b:c6:70:0a:47:36:b0:ec:08:49
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 27:6c:32:23:96:9b:70:18:2d:81:e9:9b:42:1d:c2:10:b7:25:3a:03
Fingerprint (sha256): 03:7a:fc:d7:6e:48:60:bf:80:03:18:51:52:a4:2a:4a:df:fa:26:a6:c4:cb:6c:f2:ac:d9:c9:35:98:b5:06:3c

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate KPGEntrustTest-2.bestbuy.com

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for KPGEntrustTest-2.bestbuy.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

KPGEntrustTest-2.bestbuy.com
KPGEntrustTest.bestbuy.com
KPGEntrustTest-3.bestbuy.com

Other certificates including the domain name bestbuy.com

(limited to 100 certificates)
san.bestbuy.com
attechapi-app-int-east.stage.browse.bestbuy.com
kibana.test.monitoring.bestbuy.com
bttnview-njs-int-east.test.browse.bestbuy.com
advsmlssrvc-app-int-west.prod.browse.bestbuy.com
swift1.prod.skyblue.bestbuy.com
access.bestbuy.com
addsource-app-int-east.prod.browse.bestbuy.com
pricevw-njs-ext-west.prod.browse.bestbuy.com
ofrsvapi-app-ext-east.test.browse.bestbuy.com
commerce-api.test.bestbuy.com
apid-app-west-int.prod.browse.bestbuy.com
identity-ingress-global.dev.gcp.bestbuy.com
apex-configservice-global.test.gcp.bestbuy.com
mexico-web-west.prod.browse.bestbuy.com
platmanpb-app-int-west.prod.browse.bestbuy.com
accessfedpl.bestbuy.com
lstsrvces-app-ext-east.test.browse.bestbuy.com
bestbuyconnect.com
drwsmpanntwlv-app-int-east.test.cgraph.bestbuy.com
priceviewn-app-ext-east.test.browse.bestbuy.com
profulfil-web-east.test.browse.bestbuy.com
bbytagservices.bestbuy.com
tableau-qa.na.bestbuy.com
dhodawkthrtne-app-int-east.prod.browse.bestbuy.com
marf-app-int-east.prod.browse.bestbuy.com
bryntstpplctn-app-int-east.prod.browse.bestbuy.com
trnrsksrv-app-int-west.prod.browse.bestbuy.com
airwatch-linux.bestbuy.com
ugc-slr-east.prod.browse.bestbuy.com
*.bestbuy.com
ordrhstrpblsh-app-int-west.prod.browse.bestbuy.com
leviathanapi-app-ext-east.stage.aws.bestbuy.com
aw.bestbuy.com
sherlock-core-stage.test.gcp.bestbuy.com
trk.email.bestbuy.com
sidcs-app-east.stage.browse.bestbuy.com
*.bestbuy.com
span-api-east-int.prod.browse.bestbuy.com
secure03.lithium.com
ggleassrt-app-int-east.stage.browse.bestbuy.com
fulfview-njs-int-east.test.browse.bestbuy.com
cartagg-app-int-east.test.browse.bestbuy.com
sercalendar-app-int-east.stage.browse.bestbuy.com
sentry-app-int-east.stage.cgraph.bestbuy.com
plt-images-ssl-pls.stage.bestbuy.com
psccreturns-app-int-east.stage.browse.bestbuy.com
remixslr-app-int-east.test.browse.bestbuy.com
sts.bestbuy.com
mexico-web-east.prod.browse.bestbuy.com
dhodawkthrtne-app-int-west.prod.browse.bestbuy.com
bttnstate-app-int-east.prod.browse.bestbuy.com
MPOSDEV.na.bestbuy.com
lstsrvces-app-ext-east.stage.browse.bestbuy.com
pdmpblshr-app-int-east.test.browse.bestbuy.com
appdirectory.bestbuy.com
drwsmpanmthrt-app-int-east.test.cgraph.bestbuy.com
payments-prod.actdvc.bestbuy.com
shipping-app-int-east.test.browse.bestbuy.com
images-ssl.bestbuy.com
mexco-njs-ext-west.prod.cgraph.bestbuy.com
ostmonitor-app-int-east.stage.browse.bestbuy.com
shipping-api-east-int.test.browse.bestbuy.com
hub.bestbuy.com
pl.bestbuy.com
dhdatrggerrex-app-int-west.prod.browse.bestbuy.com
ext.location-west.prod.browse.bestbuy.com
fulfview-njs-int-west.prod.browse.bestbuy.com
bestbuybusiness.com
actdvcs-app-east.test.browse.bestbuy.com
vpt-slr-int-east.stage.browse.bestbuy.com
ofrsvapi-app-int-east.prod.browse.bestbuy.com
csi-app-ext-west.prod.browse.bestbuy.com
cap-pt-spring-use.bestbuy.com
secure03.lithium.com
esd-pl1.bestbuy.com
aaa.bestbuy.com
vpt-slr-int-east.test.browse.bestbuy.com
pl.bestbuy.com
cfgread-app-west.prod.browse.bestbuy.com
dhdarelsrfdaf-app-ext-east.prod.browse.bestbuy.com
search-slr-east.stage.browse.bestbuy.com
solrindex-app-int-east.stage.browse.bestbuy.com
suggest-web-east.prod.browse.bestbuy.com
aquisview-njs-int-east.prod.browse.bestbuy.com
BBYSTAR-HP-DEV.bestbuy.com
jwaller-app-int-east.test.cgraph.bestbuy.com
carbonaggaws-njs-int-west.prod.cgraph.bestbuy.com
cx-ccai-dfcx-api-stage.prod.gcp.bestbuy.com
searchruleslr-app-int-west.prod.browse.bestbuy.com
pdmingest-app-int-west.prod.browse.bestbuy.com
scheddelvsrvc-app-ext-west.prod.browse.bestbuy.com
payments-stage.actdvc.bestbuy.com
epro-qa.bestbuybusiness.com
stscld-app-ext-east.prod.browse.bestbuy.com
pl.bestbuy.com
suggest-web-east-int.stage.browse.bestbuy.com
gglepaidm-app-int-east.test.browse.bestbuy.com
mytlc.bestbuy.com
zkagentsvc-app-int-east.test.browse.bestbuy.com

Certificate

The complete raw certificate details for KPGEntrustTest-2.bestbuy.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFojCCBIqgAwIBAgIRALkm6E+6uWU1AAAAAFDwLQQwDQYJKoZIhvcNAQELBQAw
gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
MjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs
BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcN
MTkwNDExMTUwODIxWhcNMjAwNDExMTUzODIwWjB4MQswCQYDVQQGEwJVUzESMBAG
A1UECBMJTWlubmVzb3RhMRIwEAYDVQQHEwlSaWNoZmllbGQxGjAYBgNVBAoTEUJl
c3QgQnV5IENvLCBJbmMuMSUwIwYDVQQDExxLUEdFbnRydXN0VGVzdC0yLmJlc3Ri
dXkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqA7Rs8fKnw9t
dauBb24+qC0P29+zAU2QKR1VOXaFfQzWU5IVHzqt/42lMeNmHc8n5LtFZSJ6mZeu
D+Jh2OG0elVTVze/qjD+4emfqtebPtYtp1NVGYIlLbx/5cxXuUVPunKl9qMbdbXt
bTe4+eo3Efcc4nEh18yuYlqhoHF7XmCI8usQWKdgovoD0oOEZ9ZNJyqjSsspmyo5
79eYKnIBM1fRxW//fKREzCIy0FrXQXR0oyRAN0AeWV98QHeNTGl3koC9aBfuojwG
MUgo4uKbOcMjBJzhZ7qNNGs0icEC9Zc7ulHsMj9hnSs1tMllAz4BlsdYs+x2NZPL
GfIMME/Q1QIDAQABo4IB4jCCAd4wEwYKKwYBBAHWeQIEAwEB/wQCBQAwYQYDVR0R
BFowWIIcS1BHRW50cnVzdFRlc3QtMi5iZXN0YnV5LmNvbYIaS1BHRW50cnVzdFRl
c3QuYmVzdGJ1eS5jb22CHEtQR0VudHJ1c3RUZXN0LTMuYmVzdGJ1eS5jb20wDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNV
HR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3Js
MEsGA1UdIAREMEIwNgYKYIZIAYb6bAoBBTAoMCYGCCsGAQUFBwIBFhpodHRwOi8v
d3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwBAgIwaAYIKwYBBQUHAQEEXDBaMCMG
CCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAzBggrBgEFBQcwAoYn
aHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hhaW4yNTYuY2VyMB8GA1UdIwQY
MBaAFIKicHTdvFM/z3vU981/p2DGCky/MB0GA1UdDgQWBBT6KG+lddu9za07C8Zw
Ckc2sOwISTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBkpuZWqPzJqMjC
rrwPylGUCVs7SND4yg+8FER9IOifJxbHgh+dQi6BYVZ1Bh2p07Zd3QWM16u9IEdl
42qSIu3+vCJeJi4C0T89yVYyiEdxDqWaPj2L9GPg7uc0M8aTttQB8fTr/H7ScGjF
CV9F9nh+eYtTRTDryvIxkagfd8L1aFXjtt2R1OK6RzQ5apEQ+4cBtirqCYr1PtLp
El0JcjZYxzcSKRdal8biUsxyGlc6i7nokMgy3N6r9Ezvex37RGpqwZ/0YxcokQHf
N6wpi6WbI6DfKsIH8aenatppmD21WwlZUkVoybscdc3hYgUbPmJfBoLqecNgaBFr
YDPbZZz5
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqA7Rs8fKnw9tdauBb24+
qC0P29+zAU2QKR1VOXaFfQzWU5IVHzqt/42lMeNmHc8n5LtFZSJ6mZeuD+Jh2OG0
elVTVze/qjD+4emfqtebPtYtp1NVGYIlLbx/5cxXuUVPunKl9qMbdbXtbTe4+eo3
Efcc4nEh18yuYlqhoHF7XmCI8usQWKdgovoD0oOEZ9ZNJyqjSsspmyo579eYKnIB
M1fRxW//fKREzCIy0FrXQXR0oyRAN0AeWV98QHeNTGl3koC9aBfuojwGMUgo4uKb
OcMjBJzhZ7qNNGs0icEC9Zc7ulHsMj9hnSs1tMllAz4BlsdYs+x2NZPLGfIMME/Q
1QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 246109198336674986791600585586905197828
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-04-11 15:08:21 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-04-11 15:38:20 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Minnesota'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Richfield'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Best Buy Co, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'KPGEntrustTest-2.bestbuy.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21215342829265090245751687355970695046372456043455625430171972470525371773971679621074355829312110784422702541072303609107665675459143264131488108998619112782706830219622360073001612958689781859369139379297459215175740881430815364134125062810666821463090943347122590061357450503470290220228110675135517037330207419499646934308004483364271575334431493722690723391987913252160051506737412595766793793227169414113542143659492246266772279671598486759473389869567484113302460139429526730469436375057960474717299694442302071766781333802426891727695855852441772460614536688727654165638930852000937526169230017884028515897557
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (90 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'KPGEntrustTest-2.bestbuy.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'KPGEntrustTest.bestbuy.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'KPGEntrustTest-3.bestbuy.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							fa286fa575dbbdcdad3b0bc6700a4736b0ec0849
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0064a6e656a8fcc9a8c8c2aebc0fca5194095b3b48d0f8ca0fbc14447d20e89f2716c7821f9d422e81615675061da9d3b65ddd058cd7abbd204765e36a9222edfebc225e262e02d13f3dc956328847710ea59a3e3d8bf463e0eee73433c693b6d401f1f4ebfc7ed27068c5095f45f6787e798b534530ebcaf23191a81f77c2f56855e3b6dd91d4e2ba4734396a9110fb8701b62aea098af53ed2e9125d09723658c7371229175a97c6e252cc721a573a8bb9e890c832dcdeabf44cef7b1dfb446a6ac19ff46317289101df37ac298ba59b23a0df2ac207f1a7a76ada69983db55b0959524568c9bb1c75cde162051b3e625f0682ea79c36068116b6033db659cf9