pauth-citi.ms.gxs.com

- Open Text Corporation -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 27:d9:76:cf:36:eb:e1:ad:f6:c6:0f:e7:92:b6:af:95 was issued on by Sectigo Limited.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Open Text Corporation

Organization: Open Text Corporation
Organization unit: Business Networks
Organization unit: Hosted by Open Text Corporation
Organization unit: EliteSSL
Address: 275 Frank Tompa Dr
Postal code: N2L 0A1
State / Province: Ontario
Locality: Waterloo
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): 27:d9:76:cf:36:eb:e1:ad:f6:c6:0f:e7:92:b6:af:95
Serial Number (int): 52969029995474001827956860348735598485
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 19:9f:91:f5:7b:5c:c8:0b:6e:9f:5e:a7:c2:3d:56:40:96:27:0c:e9
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 19:f4:07:76:20:0d:6c:48:51:46:46:f5:14:d1:a2:a9:75:8f:a4:4e
Fingerprint (sha256): 03:a7:2d:28:4e:16:32:ec:a5:f5:76:92:61:dc:94:b5:3c:df:b5:ec:a2:4c:96:ef:0b:dd:d6:7f:8e:b4:a3:7a

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate pauth-citi.ms.gxs.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for pauth-citi.ms.gxs.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

pauth-citi.ms.gxs.com
www.pauth-citi.ms.gxs.com

Other certificates including the domain name gxs.com

(limited to 100 certificates)
betagrid-eu.gxs.com
peztrade.ms.gxs.com
bsmg-nesao.ms.gxs.com
web-modp.p12smgws.tgms.gxs.com
pbwipap.eu.gxs.com
test.b2b.rbs.gxs.com
stpws-uat.gxs.com
web.smg.ms1.eu.gxs.com
viewsslt.dcts.us.gxs.com
as2bizlinkp12.ics.eu.gxs.com
vpn-prep-ftf.cp.gxs.com
www.gxs.com
viewssl.dcts.us.gxs.com
smg.ms.gxs.com
ws-vpn-pe2-ftf.cp.gxs.com
bas2-jpn.ms.gxs.com
pauth-citi.ms.gxs.com
elitelibrary-pre.ypa.us.gxs.com
pci.betagrid.eu.gxs.com
pweb-nesam.ms.gxs.com
p12ftps.tgms.gxs.com
b2b2-ca.rbs.gxs.com
b2b.rbs.gxs.com
as2bizlinkp11.tgms.gxs.com
elitelibrary.ypa.us.gxs.com
naesb.peco.us.gxs.com
as2b.bmomft.gxs.com
www.gxs.com
*.gxs.com
*.gxs.com
b2b.accessbulkchannel.abnamro.gxs.com
account.rs.gxs.com
as2p.bmomft.gxs.com
p10csrrest.tgms.gxs.com
uweb-citi.ms.gxs.com
p11csrrest.tgms.gxs.com
bronet-jpctr.ms.gxs.com
viewssl-test.dcts.us.gxs.com
b11csrrest.tgms.gxs.com
b10csrrest-d.tgms.gxs.com
crm-adamdev.internal.gxs.com
cas2-citi.ms.gxs.com
gxs.com
ROSETTANET_PREPROD.ECSC.US.GXS.COM
b10ftps.tgms.gxs.com
pweb-nesrt.ms.gxs.com
elitelibrary-pre.ypa.us.gxs.com
pciportal.gxs.com
bizlinkp11.tgms.gxs.com
discover-wam-cert.dfs.eu.gxs.com
pweb-citi.ms.gxs.com
nestlemobile.gxs.com
*.rs.cp.gxs.com
beta.mercportals.db.eu.gxs.com
dcts.staging.glaxo.eu.gxs.com
wam.ypima.us.gxs.com
bdcts01.eu.gxs.com
vpn-prod-ftf.cp.gxs.com
ssl2.tradinggrid.gxs.com
viewssl-test.dcts.us.gxs.com
icnet.gxs.com
novartis.gxs.com
intel.ma.smg.tradinggrid.gxs.com
bizlinkb.nestlemft.gxs.com
bizlinkb10.tgms.gxs.com
bdcts01.eu.gxs.com
bweb.smg.ms.eu.gxs.com
beta-smg-ca.tradinggrid.gxs.com
cataloguebeta.gxs.com
staging.dafne.eu.gxs.com
staging.oilex.eu.gxs.com
impmq.gxs.com
orderapp.ms.gxs.com
bweb-jpctr.ms.gxs.com
betagrid.gxs.com
as2bizlinkp12.tgms.gxs.com
b12csrrest-d.tgms.gxs.com
b12oftp.tgms.gxs.com
b11csrrest-d.tgms.gxs.com
as2b.nestlemft.gxs.com
vendorportal.gxs.com
ebics.baml.gxs.com
lv.gxs.com
as2bizlinkp11.tgms.gxs.com
p14ronet.ms.gxs.com
as2.rbs.gxs.com
as2bizlinkp12.ics.eu.gxs.com
campbells.gxs.com
vendorportal.gxs.com
lvbeta.gxs.com
as2.rbs.gxs.com
*.gxs.com
viewssl.dcts.us.gxs.com
pbwipap.eu.gxs.com
www.arla.eu.gxs.com
test.ebics.rbs.gxs.com
bizlinkb12.ics.eu.gxs.com
as2sslauthtgbizp12.app.gxs.com
rdgw.opentext.com
nestlemobile.gxs.com

Certificate

The complete raw certificate details for pauth-citi.ms.gxs.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHkzCCBnugAwIBAgIQJ9l2zzbr4a32xg/nkravlTANBgkqhkiG9w0BAQsFADCB
lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD
EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy
dmVyIENBMB4XDTE5MTAyMjAwMDAwMFoXDTIyMDEwMzIzNTk1OVowgfoxCzAJBgNV
BAYTAkNBMRAwDgYDVQQREwdOMkwgMEExMRAwDgYDVQQIEwdPbnRhcmlvMREwDwYD
VQQHEwhXYXRlcmxvbzEbMBkGA1UECRMSMjc1IEZyYW5rIFRvbXBhIERyMR4wHAYD
VQQKExVPcGVuIFRleHQgQ29ycG9yYXRpb24xGjAYBgNVBAsTEUJ1c2luZXNzIE5l
dHdvcmtzMSgwJgYDVQQLEx9Ib3N0ZWQgYnkgT3BlbiBUZXh0IENvcnBvcmF0aW9u
MREwDwYDVQQLEwhFbGl0ZVNTTDEeMBwGA1UEAxMVcGF1dGgtY2l0aS5tcy5neHMu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6I9+1KGGw87yKnq
I0PSs2FoByUURON/UiMZl1bGWYvydy+YrrQf8ybfC7mKQJG/fVHyoW4wMuxFokO5
EA7zZtRCzN3Jo8AtFNOFTHpZAFTNAybdJyyQk127AKAR2JJCtCgKni2Zb+TIwSdB
KprNcnGoGlS6nikrHN5IF2CJoWW3eoTDABIuY8zmTApcN1YDduXBua+2gFRzDTu3
JFue3yic+B9vR1crnboe1dVpQUwxfJ6Jv70AztpIjzyOyO7N0Ec91q2gFXjCLjc4
gsM1qLu4qHJccY0UOEpEVtQ01EDLVUQVy5ODhhTlHgX6+UY78m2YABl+s2teETnG
JO4raQIDAQABo4IDdjCCA3IwHwYDVR0jBBgwFoAUF9nWJSdn+THCSUPZMDZEjGyp
T+swHQYDVR0OBBYEFBmfkfV7XMgLbp9ep8I9VkCWJwzpMA4GA1UdDwEB/wQEAwIF
oDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBK
BgNVHSAEQzBBMDUGDCsGAQQBsjEBAgEDBDAlMCMGCCsGAQUFBwIBFhdodHRwczov
L3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0
cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRh
dGlvblNlY3VyZVNlcnZlckNBLmNybDCBigYIKwYBBQUHAQEEfjB8MFUGCCsGAQUF
BzAChklodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FPcmdhbml6YXRp
b25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRw
Oi8vb2NzcC5zZWN0aWdvLmNvbTA7BgNVHREENDAyghVwYXV0aC1jaXRpLm1zLmd4
cy5jb22CGXd3dy5wYXV0aC1jaXRpLm1zLmd4cy5jb20wggF/BgorBgEEAdZ5AgQC
BIIBbwSCAWsBaQB2AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw/m1HAAAB
bfNXvVMAAAQDAEcwRQIhALu2R2y58lvl7aR8QTeci0JQRZdC50XIYFYHa70ICseC
AiBhlF062h75ckQbZI+AcsbvDdwz2ZMyaQtH7wzP+4xl6AB2AFWB1MIWkDYBSuoL
m1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABbfNXvRUAAAQDAEcwRQIhAI/+QWlbbsi2
QTqNBtN7j7XgEnT2L7zfUbMVNq+t4ZOiAiBqu5cOAxAtqzRrqbJxNsQsrHi7ISzf
q1mGxVzvrG/0jQB3ACJFRQdZVSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAAB
bfNXvpMAAAQDAEgwRgIhAO6iofWbGoaEpcsgenVmVAoJgrSs0+smVKX7OmyD+ec8
AiEAqKox/BYOjiWmVEwUb8wO8en3QaSGoHAiE3elFzyNHQ8wDQYJKoZIhvcNAQEL
BQADggEBACXeawmUi6Q2WJAcPoi0pbTylXw2/UB2WLaFJLQkl3hzxikGW40/jy80
Q29BrpMd8gWMZ2dHnT+OK/kkVVPeansizm6hYXpEYk5BLN92Bv355348bBebtyqk
wZxm/6tul2t1Lq308zaZQpTeLkFS45WzUE4EBBh5ZaBXpp3zqmqX1ozy/2XggQbp
ZdhdeERgncNKpsCdLQt3ccYtBujq28NaF8QNKb7clBCGEmCK4Mtss5TkELZIDgCK
ps3wcQdRCXGNcBnfEBggql9x+95wU35HeF/pL2u//lothqHWmnJyqB+YqTOACE+y
jPeof2Wo0LWdYby8DZF9tn3CxhMcZtQ=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6I9+1KGGw87yKnqI0PS
s2FoByUURON/UiMZl1bGWYvydy+YrrQf8ybfC7mKQJG/fVHyoW4wMuxFokO5EA7z
ZtRCzN3Jo8AtFNOFTHpZAFTNAybdJyyQk127AKAR2JJCtCgKni2Zb+TIwSdBKprN
cnGoGlS6nikrHN5IF2CJoWW3eoTDABIuY8zmTApcN1YDduXBua+2gFRzDTu3JFue
3yic+B9vR1crnboe1dVpQUwxfJ6Jv70AztpIjzyOyO7N0Ec91q2gFXjCLjc4gsM1
qLu4qHJccY0UOEpEVtQ01EDLVUQVy5ODhhTlHgX6+UY78m2YABl+s2teETnGJO4r
aQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 52969029995474001827956860348735598485
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-22 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-01-03 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'N2L 0A1'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Waterloo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '275 Frank Tompa Dr'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Open Text Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Business Networks'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Hosted by Open Text Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'EliteSSL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'pauth-citi.ms.gxs.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22676661158196793025273088726626998578293322380530928701953926613420092480875155591467891058365439666841430057220374590239108623642640026070963823699082732341593166151166033294127186599736110242754174099459222817321908662955021781900058347100624338754554788495958986047194636358769701795011695225023518957001541976368141925183934566390477887418335470316959468653276344792159853665015207218201112341518027132420157777801186976357012792753589043599313822680028550945718036367911128688769618012537828766011027162219433154211275167598831079120348637813829241033488198477174814098424867336151821182468484840583934191217513
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							199f91f57b5cc80b6e9f5ea7c23d564096270ce9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pauth-citi.ms.gxs.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.pauth-citi.ms.gxs.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							016900760046a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d470000016df357bd530000040300473045022100bbb6476cb9f25be5eda47c41379c8b4250459742e745c86056076bbd080ac782022061945d3ada1ef972441b648f8072c6ef0ddc33d99332690b47ef0ccffb8c65e80076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000016df357bd1500000403004730450221008ffe41695b6ec8b6413a8d06d37b8fb5e01274f62fbcdf51b31536afade193a202206abb970e03102dab346ba9b27136c42cac78bb212cdfab5986c55cefac6ff48d0077002245450759552456963fa12ff1f76d86e0232663adc04b7f5dc6835c6ee20f020000016df357be930000040300483046022100eea2a1f59b1a8684a5cb207a7566540a0982b4acd3eb2654a5fb3a6c83f9e73c022100a8aa31fc160e8e25a6544c146fcc0ef1e9f741a486a070221377a5173c8d1d0f
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0025de6b09948ba43658901c3e88b4a5b4f2957c36fd407658b68524b424977873c629065b8d3f8f2f34436f41ae931df2058c6767479d3f8e2bf9245553de6a7b22ce6ea1617a44624e412cdf7606fdf9e77e3c6c179bb72aa4c19c66ffab6e976b752eadf4f336994294de2e4152e395b3504e0404187965a057a69df3aa6a97d68cf2ff65e08106e965d85d7844609dc34aa6c09d2d0b7771c62d06e8eadbc35a17c40d29bedc94108612608ae0cb6cb394e410b6480e008aa6cdf071075109718d7019df101820aa5f71fbde70537e47785fe92f6bbffe5a2d86a1d69a7272a81f98a93380084fb28cf7a87f65a8d0b59d61bcbc0d917db67dc2c6131c66d4