acheprod.nam.nsroot.net
- Citigroup Inc. -
Issued by DigiCert SHA2 Extended Validation Server CA
About this certificate
This digital certificate with serial number 0b:61:3c:6f:17:3e:16:a3:f6:a3:7e:b2:e9:5e:3a:8d was issued on by DigiCert Inc.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Citigroup Inc.
Company registration number:
2154254
Organization: Citigroup Inc.
Organization unit: ACHU
Organization: Citigroup Inc.
Organization unit: ACHU
State / Province:
New York
Locality: New York
Country: US
Locality: New York
Country: US
DigiCert Inc
Organization:
DigiCert Inc
Organization unit: www.digicert.com
Organization unit: www.digicert.com
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 0b:61:3c:6f:17:3e:16:a3:f6:a3:7e:b2:e9:5e:3a:8dSerial Number (int): 15126386495007426608837384123245804173
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: 22:c6:ee:23:5b:25:ce:e3:88:bf:8f:6c:e1:be:da:f8:ae:f4:b6:3c
AuthorityKeyId: 3d:d3:50:a5:d6:a0:ad:ee:f3:4a:60:0a:65:d3:21:d4:f8:f8:d6:0f
Fingerprint (sha1): ae:21:7f:16:03:1e:53:dc:fe:3c:3a:67:41:77:61:67:10:0a:a3:9b
Fingerprint (sha256): 03:a3:76:e8:b0:cf:f8:c4:bf:75:3d:e7:52:78:c8:8f:a1:1d:1f:48:92:04:e5:61:99:5b:9f:84:93:be:a0:d1
Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt
Revocation information
OCSP Server: http://ocsp.digicert.comCRL Distribution Point: http://crl3.digicert.com/sha2-ev-server-g2.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ev-server-g2.crl
Check the revocation status for certificate acheprod.nam.nsroot.net
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for acheprod.nam.nsroot.net
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
acheprod.nam.nsroot.net
Other certificates including the domain name nsroot.net
(limited to 100 certificates)
server-7.goldpac.apac.nsroot.net
ecmsynd-uat.nam.nsroot.net
academy-ukr.apac.nsroot.net
cdasmwp15z1.nam.nsroot.net
GTUATORG01.nam.nsroot.net
cob.citibankchina.goldpac.apac.nsroot.net
sfnamuat.wlb2.nam.nsroot.net
ctrxemeauatj.eur.nsroot.net
CAPAMS2XMLSWDC-vip.nam.nsroot.net
vm-unam2-cimp00.nam.nsroot.net
citi.retail.ips-uat.ptnr-b-data.nam.nsroot.net
digitalopsuat.nam.nsroot.net
NAMLY13ENYUAT12.namuat.nsrootuat.dyn.nsroot.net
LyncProdDR.EUR.NSROOT.NET
ch2mwpiapp1.nam.nsroot.net
shim.citiprivatebankinviewqa.emea.privatebank.citibank.com
ch2swuiapp1.nam.nsroot.net
CTRXEUXDRDC70-vip.eur.nsroot.net
speengineuat.wlb3.nam.nsroot.net
MP01VIP2.MP01.MEX.NSROOT.NET
RSGDVIPA.apac.nsroot.net
ccfundnotifications.nam.nsroot.net
webfarm-staging.eur.nsroot.net
UFP1-CIPP01.nam.nsroot.net
LYNC10GTPST01.nam.nsroot.net
m4defdc-aes10-dl360g8.eur.nsroot.net
sbc0401aconp01v.nam.nsroot.net
indo-snok-cob.eur.nsroot.net
CAPAPACPNAXMLHKAST-vip.apac.nsroot.net
lync13pooldev2.namuat.nsrootuat.dyn.nsroot.net
lacbra001as0011.lac.nsroot.net
ccooprod.nam.nsroot.net
consumer.wlb2.nam.nsroot.net
CitiDirectPRODSSO.nam.nsroot.net
sydndm3u.aus.nsroot.net
ctrxnasf-PNA.wlb2.nam.nsroot.net
citi.p-fduc-data.sec.nam.nsroot.net
hcasbat_pkr.apac.nsroot.net
uat.realtime.grosspayment.gateway.citigroup.net
jfxlbeoluat.eur.nsroot.net
vtcgtdcuweb1.nam.nsroot.net
CAPAPACTPAXMLSGCT2-vip.apac.nsroot.net
tneu.nam.nsroot.net
clouddesktop-sgdc01-vip.apac.nsroot.net
speengineuat.wlb3.nam.nsroot.net
GTUATCXC01qmv75.nam.nsroot.net
CAPAMSUATXMLRUTH-vip.nam.nsroot.net
menaisrflxu.eur.nsroot.net
GTAEMF4_QM.DIT_qmv75.nam.nsroot.net
clouddesktop-sgdc01-vip.apac.nsroot.net
acheprod.nam.nsroot.net
vusmwdc-ica01-mpx8200-callback.nam.nsroot.net
yieldbook.nam.nsroot.net
tenb51-sit-gsrenapc.nam.nsroot.net
gtcrd-cblla01u.nam.nsroot.net
MessagingclientAceInternationalPR.lac.nsroot.net
apsgontw7w2307.apac.nsroot.net
aawebsocket-uat.wlb.nam.nsroot.net
imbdlpbuf-ru03.nam.nsroot.net
ctrxemeasf-U-PNA.wlb2.eur.nsroot.net
mdefdc-vcs01-vcsco.eur.nsroot.net
esbuat.emeaconsumer.citigroup.net
fxmmilnap1u.eur.nsroot.net
CTRXAPACXDSG7-vip.apac.nsroot.net
s3dev_hrss.nam.nsroot.net
ASUSMD831FIN9V.NAM.NSROOT.NET
imbtcrelay-ru03.nam.nsroot.net
ufcappln.apac.nsroot.net
RSGDVIPA.apac.nsroot.net
banamexsoaperf.banamex.com
devcitisource.nam.nsroot.net
icl-ironkey-va01.nam.nsroot.net
smcpint.ny.ssmb.com
imbtcrelay-gt03.nam.nsroot.net
Lync13ProdDR.apac.nsroot.net
CLOUDDESKTOP-GTDC01-vip.nam.nsroot.net
mgbrdc-pexv07-c220.eur.nsroot.net
www.bnepremium.lac.nsroot.net
RUS111W-MAN02-6509-TENGE2-4.nam.nsroot.net
bolsit.nam.nsroot.net
gmi-dev.nam.nsroot.net
LyncProdDR.EUR.NSROOT.NET
jfpprdhu-rbw-maint-svr1.eur.nsroot.net
TRADERECORDSINFOINDIA.ICG.CITIGROUP.NET
citibankdr.banctecportal.eur.nsroot.net
citisft-usrtdc-pr3-edge-g1.nam.nsroot.net
apacthdsibpm001.apac.nsroot.net
rgbrdc-b2b44-2911.eur.nsroot.net
SBC1802DCONP01V.nam.nsroot.net
digitalopsdev.nam.nsroot.net
uatndm.octopus.gcbhk.apac.nsroot.net
mdefdc-vcs02-vcsex.eur.nsroot.net
uat.eoscar3.nam.nsroot.net
sd-cd7f-c896.nam.nsroot.net
ctrxlatcts.wlb.lac.nsroot.net
apac.nsroot.net
latamesbsit-icg.nam.nsroot.net
CTRXAPACXDSG7-vip.apac.nsroot.net
gmi.nam.nsroot.net
m1gbrdc-svx01-aes.eur.nsroot.net
ecmsynd-uat.nam.nsroot.net
academy-ukr.apac.nsroot.net
cdasmwp15z1.nam.nsroot.net
GTUATORG01.nam.nsroot.net
cob.citibankchina.goldpac.apac.nsroot.net
sfnamuat.wlb2.nam.nsroot.net
ctrxemeauatj.eur.nsroot.net
CAPAMS2XMLSWDC-vip.nam.nsroot.net
vm-unam2-cimp00.nam.nsroot.net
citi.retail.ips-uat.ptnr-b-data.nam.nsroot.net
digitalopsuat.nam.nsroot.net
NAMLY13ENYUAT12.namuat.nsrootuat.dyn.nsroot.net
LyncProdDR.EUR.NSROOT.NET
ch2mwpiapp1.nam.nsroot.net
shim.citiprivatebankinviewqa.emea.privatebank.citibank.com
ch2swuiapp1.nam.nsroot.net
CTRXEUXDRDC70-vip.eur.nsroot.net
speengineuat.wlb3.nam.nsroot.net
MP01VIP2.MP01.MEX.NSROOT.NET
RSGDVIPA.apac.nsroot.net
ccfundnotifications.nam.nsroot.net
webfarm-staging.eur.nsroot.net
UFP1-CIPP01.nam.nsroot.net
LYNC10GTPST01.nam.nsroot.net
m4defdc-aes10-dl360g8.eur.nsroot.net
sbc0401aconp01v.nam.nsroot.net
indo-snok-cob.eur.nsroot.net
CAPAPACPNAXMLHKAST-vip.apac.nsroot.net
lync13pooldev2.namuat.nsrootuat.dyn.nsroot.net
lacbra001as0011.lac.nsroot.net
ccooprod.nam.nsroot.net
consumer.wlb2.nam.nsroot.net
CitiDirectPRODSSO.nam.nsroot.net
sydndm3u.aus.nsroot.net
ctrxnasf-PNA.wlb2.nam.nsroot.net
citi.p-fduc-data.sec.nam.nsroot.net
hcasbat_pkr.apac.nsroot.net
uat.realtime.grosspayment.gateway.citigroup.net
jfxlbeoluat.eur.nsroot.net
vtcgtdcuweb1.nam.nsroot.net
CAPAPACTPAXMLSGCT2-vip.apac.nsroot.net
tneu.nam.nsroot.net
clouddesktop-sgdc01-vip.apac.nsroot.net
speengineuat.wlb3.nam.nsroot.net
GTUATCXC01qmv75.nam.nsroot.net
CAPAMSUATXMLRUTH-vip.nam.nsroot.net
menaisrflxu.eur.nsroot.net
GTAEMF4_QM.DIT_qmv75.nam.nsroot.net
clouddesktop-sgdc01-vip.apac.nsroot.net
acheprod.nam.nsroot.net
vusmwdc-ica01-mpx8200-callback.nam.nsroot.net
yieldbook.nam.nsroot.net
tenb51-sit-gsrenapc.nam.nsroot.net
gtcrd-cblla01u.nam.nsroot.net
MessagingclientAceInternationalPR.lac.nsroot.net
apsgontw7w2307.apac.nsroot.net
aawebsocket-uat.wlb.nam.nsroot.net
imbdlpbuf-ru03.nam.nsroot.net
ctrxemeasf-U-PNA.wlb2.eur.nsroot.net
mdefdc-vcs01-vcsco.eur.nsroot.net
esbuat.emeaconsumer.citigroup.net
fxmmilnap1u.eur.nsroot.net
CTRXAPACXDSG7-vip.apac.nsroot.net
s3dev_hrss.nam.nsroot.net
ASUSMD831FIN9V.NAM.NSROOT.NET
imbtcrelay-ru03.nam.nsroot.net
ufcappln.apac.nsroot.net
RSGDVIPA.apac.nsroot.net
banamexsoaperf.banamex.com
devcitisource.nam.nsroot.net
icl-ironkey-va01.nam.nsroot.net
smcpint.ny.ssmb.com
imbtcrelay-gt03.nam.nsroot.net
Lync13ProdDR.apac.nsroot.net
CLOUDDESKTOP-GTDC01-vip.nam.nsroot.net
mgbrdc-pexv07-c220.eur.nsroot.net
www.bnepremium.lac.nsroot.net
RUS111W-MAN02-6509-TENGE2-4.nam.nsroot.net
bolsit.nam.nsroot.net
gmi-dev.nam.nsroot.net
LyncProdDR.EUR.NSROOT.NET
jfpprdhu-rbw-maint-svr1.eur.nsroot.net
TRADERECORDSINFOINDIA.ICG.CITIGROUP.NET
citibankdr.banctecportal.eur.nsroot.net
citisft-usrtdc-pr3-edge-g1.nam.nsroot.net
apacthdsibpm001.apac.nsroot.net
rgbrdc-b2b44-2911.eur.nsroot.net
SBC1802DCONP01V.nam.nsroot.net
digitalopsdev.nam.nsroot.net
uatndm.octopus.gcbhk.apac.nsroot.net
mdefdc-vcs02-vcsex.eur.nsroot.net
uat.eoscar3.nam.nsroot.net
sd-cd7f-c896.nam.nsroot.net
ctrxlatcts.wlb.lac.nsroot.net
apac.nsroot.net
latamesbsit-icg.nam.nsroot.net
CTRXAPACXDSG7-vip.apac.nsroot.net
gmi.nam.nsroot.net
m1gbrdc-svx01-aes.eur.nsroot.net
Certificate
The complete raw certificate details for acheprod.nam.nsroot.net in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF5jCCBM6gAwIBAgIQC2E8bxc+FqP2o36y6V46jTANBgkqhkiG9w0BAQsFADB1 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDMyMDAwMDAwMFoXDTIwMDUwMzEy MDAwMFowgd4xHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF EwcyMTU0MjU0MQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNV BAcTCE5ldyBZb3JrMRcwFQYDVQQKEw5DaXRpZ3JvdXAgSW5jLjENMAsGA1UECxME QUNIVTEgMB4GA1UEAxMXYWNoZXByb2QubmFtLm5zcm9vdC5uZXQwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCSXWzLKbhEcajdCj1pXDJYumiXTnOKBmb pJJoLdRK9piqIdEBNUh5egI5EKPF7acWFyCpF0XT7CslXHh6tvQQ1keF5rY+veMV MwrSNTNfpcmARKHz5x3jUspJtOEgqaLERd0BI3ghhdX/DWx2wkUGoGf/e5S8V8uu 2SOkTuxXXePenFhaex+6wC/S7VVQL1QEkFlftQ6SJGBreYi8k5qawagbKEOeffF+ VG9cwRM0D18q6i7qV0Ax1VdMOX7RRpOTzBJZmiwO5dOlwvMDIO+WJI+OrC/JRHOI bZxnHt59NNGD80vWJWPwSh89HkaDeDRlg6oTRE2k19qBVhJG8GD7AgMBAAGjggIG MIICAjAfBgNVHSMEGDAWgBQ901Cl1qCt7vNKYApl0yHU+PjWDzAdBgNVHQ4EFgQU IsbuI1slzuOIv49s4b7a+K70tjwwIgYDVR0RBBswGYIXYWNoZXByb2QubmFtLm5z cm9vdC5uZXQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr BgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5j b20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdp Y2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMEsGA1UdIAREMEIwNwYJYIZI AYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9D UFMwBwYFZ4EMAQEwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDov L29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5k aWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVy Q0EuY3J0MAkGA1UdEwQCMAAwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcN AQELBQADggEBAFeTYyl9Hd4MyNyX6PfVGi53bMXG+y8XJUODhvRWyyoicR2n3yQI Q92V7U2pL1ltUbui6Q0Amr8z4ZNqD8tdQCdh5oy2gZQt+uaBs813K/p4r79s6ir6 R8inWh3F0Ln831rE5DNPQ8B/+g2+i1f1umDp7r8LBojqkrvfawIqH5R9AdIqVWSI 420+ShjW1s4wJ7RolreQSJyuz159f9TRIcyjPQ/afI18mL8S5tCCW2fkvtwmHABM D6C3BS6WoZPYKEPTAvPMWseP+ivjmFvvWNWSMPakZMj1DRSOIcUQTQA5dbG8Tj+0 VVybsL+J6NIp6trHcRUfs0q807s800GTmBs= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkl1syym4RHGo3Qo9aVw yWLpol05zigZm6SSaC3USvaYqiHRATVIeXoCORCjxe2nFhcgqRdF0+wrJVx4erb0 ENZHhea2Pr3jFTMK0jUzX6XJgESh8+cd41LKSbThIKmixEXdASN4IYXV/w1sdsJF BqBn/3uUvFfLrtkjpE7sV13j3pxYWnsfusAv0u1VUC9UBJBZX7UOkiRga3mIvJOa msGoGyhDnn3xflRvXMETNA9fKuou6ldAMdVXTDl+0UaTk8wSWZosDuXTpcLzAyDv liSPjqwvyURziG2cZx7efTTRg/NL1iVj8EofPR5Gg3g0ZYOqE0RNpNfagVYSRvBg +wIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 15126386495007426608837384123245804173 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Extended Validation Server CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-03-20 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-05-03 12:00:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Private Organization' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Delaware' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '2154254' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Citigroup Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ACHU' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'acheprod.nam.nsroot.net' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24526455523753002696442820563554965827439990881725344388477262708575260247573995739482064211995113409004222849638065241196521868085949904005546386551287267405089074695273658622538603024646813137647606476881526893973167288736786527520925122694916090659318843905161394706771389546648755735794648734151591945880471927382245357448431631649849972309169249265105676762056414247662297473627147382364963046385848235192313177248716122012276969508363298927826708087240215756863841084154584532865956266057020751607729774805183744232483684705605617848712659305127121688130908143434732184563054922299191120541649500538538678051067 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 3dd350a5d6a0adeef34a600a65d321d4f8f8d60f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 22c6ee235b25cee388bf8f6ce1bedaf8aef4b63c . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (27 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'acheprod.nam.nsroot.net' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ev-server-g2.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ev-server-g2.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.2.1 (DigiCert EV policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (124 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00579363297d1dde0cc8dc97e8f7d51a2e776cc5c6fb2f1725438386f456cb2a22711da7df240843dd95ed4da92f596d51bba2e90d009abf33e1936a0fcb5d402761e68cb681942dfae681b3cd772bfa78afbf6cea2afa47c8a75a1dc5d0b9fcdf5ac4e4334f43c07ffa0dbe8b57f5ba60e9eebf0b0688ea92bbdf6b022a1f947d01d22a556488e36d3e4a18d6d6ce3027b46896b790489caecf5e7d7fd4d121cca33d0fda7c8d7c98bf12e6d0825b67e4bedc261c004c0fa0b7052e96a193d82843d302f3cc5ac78ffa2be3985bef58d59230f6a464c8f50d148e21c5104d003975b1bc4e3fb4555c9bb0bf89e8d229eadac771151fb34abcd3bb3cd34193981b