nyt.net
Issued by Thawte TLS RSA CA G1
About this certificate
This digital certificate with serial number 0f:0b:52:c0:d4:c2:ea:53:8a:6d:e2:84:32:3c:25:0e was issued on by DigiCert Inc.
With 14 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=nyt.net
DigiCert Inc
Organization:
DigiCert Inc
Organization unit: www.digicert.com
Organization unit: www.digicert.com
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 0f:0b:52:c0:d4:c2:ea:53:8a:6d:e2:84:32:3c:25:0eSerial Number (int): 19997213637458783639140543050391758094
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: 34:91:34:ad:4f:3d:10:a2:7d:de:ef:7e:cc:88:c4:e0:81:5d:5b:09
AuthorityKeyId: a5:8c:fe:32:cc:eb:0f:2c:d4:19:c6:08:b8:00:24:88:5d:c3:c5:b7
Fingerprint (sha1): 1a:8e:79:4f:04:4d:bd:0b:3a:47:c3:f2:f9:ae:c9:cd:37:91:e8:cc
Fingerprint (sha256): 03:a7:da:8e:c5:a0:e9:23:6b:f2:3a:02:18:74:24:52:f5:94:9d:99:b7:fb:cc:1c:f9:54:73:2e:7d:d2:4f:92
Issuing Certificate URL: http://cacerts.thawte.com/ThawteTLSRSACAG1.crt
Revocation information
OCSP Server: http://status.thawte.comCRL Distribution Point: http://cdp.thawte.com/ThawteTLSRSACAG1.crl
Check the revocation status for certificate nyt.net
14
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for nyt.net
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
nyt.net
*.nyt.net
*.prd.nyt.net
*.prd.cdg1.nyt.net
*.prd.chs1.nyt.net
*.prd.hkg1.nyt.net
*.prd.iad1.nyt.net
*.prd.lga1.nyt.net
*.prd.lhr1.nyt.net
*.prd.nycp.nyt.net
*.prd.orf1.nyt.net
*.prd.pdx1.nyt.net
*.awsma.nyt.net
*.infrasv-shared-prd.awsma.nyt.net
*.nyt.net
*.prd.nyt.net
*.prd.cdg1.nyt.net
*.prd.chs1.nyt.net
*.prd.hkg1.nyt.net
*.prd.iad1.nyt.net
*.prd.lga1.nyt.net
*.prd.lhr1.nyt.net
*.prd.nycp.nyt.net
*.prd.orf1.nyt.net
*.prd.pdx1.nyt.net
*.awsma.nyt.net
*.infrasv-shared-prd.awsma.nyt.net
Other certificates including the domain name nyt.net
(limited to 100 certificates)
*.mx.us-west-2.dv-shared-stg.awsma.nyt.net
gai.rd.nyt.net
k0dvb.dv-dns.nyti.snd.nyt.net
sharedui.tech.nyt.net
hybrid-renderer.news.sbx.nyt.net
*.twistlock.us-east1-01.prd.dvsp-gcp.nyt.net
*.dv-prd.us-east-1-01.dev.dvsp.nyt.net
*.kube-system.us-west1-01.stg.dvsp-gcp.nyt.net
*.b2b.us-east-1-01.stg.dvsp.nyt.net
*.content-tagging.us-west-2-01.stg.dvsp.nyt.net
misp.infosec-prd.awsma.nyt.net
ic-slackbot-prd.dv-prd.awsma.nyt.net
midmirror.stg.nyt.net
tech.nyt.net
jks-messaging-sub.messaging-dev.awsma.nyt.net
newsdev.nyt.net
nn-audience-api.messaging-dev.awsma.nyt.net
appcatalog.dev.nyt.net
commerce.commerce-dev.awsma.nyt.net
ckraken.auth.prd.nyt.net
*.dv-engagements-lab.us-east1-01.stg.dvsp-gcp.nyt.net
gmax.tech.nyt.net
*.payflow.us-east-1-01.stg.dvsp.nyt.net
*.twistlock.us-east1-01.sbx.dvsp-gcp.nyt.net
identity.tech.nyt.net
news.sbx.nyt.net
hybrid-renderer.news.sbx.nyt.net
assets.nyt.net
ad-docs.nyt.net
slackapp.dev.nyt.net
*.account.us-east-1.dv-shared-prd.awsma.nyt.net
autoreplyslackbot.dv-demo-lab.awsma.nyt.net
hybrid-renderer.news.sbx.nyt.net
*.account.us-west-2.dv-shared-stg.awsma.nyt.net
httpbin-us-east1.news.stg.nyt.net
account-fe.account.nyti.stg.nyt.net
hyphen.dev.nyt.net
zuo-grandcentral-stg-lb.spg-dev.awsma.nyt.net
features.tech.nyt.net
twistlock-dev.devsecops.dv.nyt.net
*.kube-public.us-east1-01.dev.dvsp-gcp.nyt.net
*.dv-dev.us-east-1.dv-shared-dev.awsma.nyt.net
app-platforms.tech.nyt.net
nss-console-prd.nyt.net
*.data-collections.us-east-1.dv-shared-prd.awsma.nyt.net
*.dv-dns.us-east-1-01.sbx.dvsp.nyt.net
amp-docs.tech.nyt.net
*.kube-node-lease.us-west1-01.dev.dvsp-gcp.nyt.net
hyphen.tech.nyt.net
platform-stela.nyt.net
photo.nyt.net
pdf-invoices-bff.account.nyti.nyt.net
video-thumbnails.prd.nyt.net
nyt.net
*.auth-dev.us-west-2.dv-shared-dev.awsma.nyt.net
webgl.rd.nyt.net
edge.games.nyti.nyt.net
puzzles.dev.nyt.net
targeting.tech.nyt.net
activate-access-bff.account.nyti.stg.nyt.net
esx03-c01.prd.orf1.nyt.net
*.audio.us-east1-01.dev.dvsp-gcp.nyt.net
reader-revenue.tech.nyt.net
triage.dev.care-dev.awsma.nyt.net
mwcm-pub-lab-dev.growth-mc.nyti.stg.nyt.net
dossier.stg.nyt.net
*.games.us-east-1.dv-shared-dev.awsma.nyt.net
graphql-android.samizdat.nyti.nyt.net
lt0959-audience-api-rpc.messaging-dev.awsma.nyt.net
js1-messaging-sub-rpc.messaging-dev.awsma.nyt.net
p1-dev.dv.nyt.net
weddings-api.stg.nyt.net
*.tarplat.us-east1-01.dev.dvsp-gcp.nyt.net
meter.nyt.net
reactivation-dp.account.nyti.nyt.net
NYHQ-TEL-EXPWYC.lga2.nyt.net
user-attribute.auth.nyti.dev.nyt.net
leaderboards.games.sbx.nyt.net
hybrid-renderer.news.sbx.nyt.net
wit.nyt.net
cookies.games.dev.nyt.net
*.messaging.dv-shared-dev.awsma.nyt.net
lire-ui.auth.nyti.stg.nyt.net
hybrid-renderer.news.sbx.nyt.net
du-bot-newsroom.dev.nyt.net
esx01-c01.stg.lga1.nyt.net
puzzles.dev.nyt.net
static.auth.stg.nyt.net
annotations.rd.nyt.net
srlt3-push-send-service.messaging-dev.awsma.nyt.net
weddings-api-internal.stg.nyt.net
activate-access-bff-dev.nyt.net
jobs-dev.dv.nyt.net
climate.rd.nyt.net
workdayuserguides.nyt.net
grc.nyt.net
me12-audience-api-rpc.messaging-dev.awsma.nyt.net
frm01.nyt.net
*.wirecutter.us-east-1.dv-shared-stg.awsma.nyt.net
webgl-dev.rd.nyt.net
gai.rd.nyt.net
k0dvb.dv-dns.nyti.snd.nyt.net
sharedui.tech.nyt.net
hybrid-renderer.news.sbx.nyt.net
*.twistlock.us-east1-01.prd.dvsp-gcp.nyt.net
*.dv-prd.us-east-1-01.dev.dvsp.nyt.net
*.kube-system.us-west1-01.stg.dvsp-gcp.nyt.net
*.b2b.us-east-1-01.stg.dvsp.nyt.net
*.content-tagging.us-west-2-01.stg.dvsp.nyt.net
misp.infosec-prd.awsma.nyt.net
ic-slackbot-prd.dv-prd.awsma.nyt.net
midmirror.stg.nyt.net
tech.nyt.net
jks-messaging-sub.messaging-dev.awsma.nyt.net
newsdev.nyt.net
nn-audience-api.messaging-dev.awsma.nyt.net
appcatalog.dev.nyt.net
commerce.commerce-dev.awsma.nyt.net
ckraken.auth.prd.nyt.net
*.dv-engagements-lab.us-east1-01.stg.dvsp-gcp.nyt.net
gmax.tech.nyt.net
*.payflow.us-east-1-01.stg.dvsp.nyt.net
*.twistlock.us-east1-01.sbx.dvsp-gcp.nyt.net
identity.tech.nyt.net
news.sbx.nyt.net
hybrid-renderer.news.sbx.nyt.net
assets.nyt.net
ad-docs.nyt.net
slackapp.dev.nyt.net
*.account.us-east-1.dv-shared-prd.awsma.nyt.net
autoreplyslackbot.dv-demo-lab.awsma.nyt.net
hybrid-renderer.news.sbx.nyt.net
*.account.us-west-2.dv-shared-stg.awsma.nyt.net
httpbin-us-east1.news.stg.nyt.net
account-fe.account.nyti.stg.nyt.net
hyphen.dev.nyt.net
zuo-grandcentral-stg-lb.spg-dev.awsma.nyt.net
features.tech.nyt.net
twistlock-dev.devsecops.dv.nyt.net
*.kube-public.us-east1-01.dev.dvsp-gcp.nyt.net
*.dv-dev.us-east-1.dv-shared-dev.awsma.nyt.net
app-platforms.tech.nyt.net
nss-console-prd.nyt.net
*.data-collections.us-east-1.dv-shared-prd.awsma.nyt.net
*.dv-dns.us-east-1-01.sbx.dvsp.nyt.net
amp-docs.tech.nyt.net
*.kube-node-lease.us-west1-01.dev.dvsp-gcp.nyt.net
hyphen.tech.nyt.net
platform-stela.nyt.net
photo.nyt.net
pdf-invoices-bff.account.nyti.nyt.net
video-thumbnails.prd.nyt.net
nyt.net
*.auth-dev.us-west-2.dv-shared-dev.awsma.nyt.net
webgl.rd.nyt.net
edge.games.nyti.nyt.net
puzzles.dev.nyt.net
targeting.tech.nyt.net
activate-access-bff.account.nyti.stg.nyt.net
esx03-c01.prd.orf1.nyt.net
*.audio.us-east1-01.dev.dvsp-gcp.nyt.net
reader-revenue.tech.nyt.net
triage.dev.care-dev.awsma.nyt.net
mwcm-pub-lab-dev.growth-mc.nyti.stg.nyt.net
dossier.stg.nyt.net
*.games.us-east-1.dv-shared-dev.awsma.nyt.net
graphql-android.samizdat.nyti.nyt.net
lt0959-audience-api-rpc.messaging-dev.awsma.nyt.net
js1-messaging-sub-rpc.messaging-dev.awsma.nyt.net
p1-dev.dv.nyt.net
weddings-api.stg.nyt.net
*.tarplat.us-east1-01.dev.dvsp-gcp.nyt.net
meter.nyt.net
reactivation-dp.account.nyti.nyt.net
NYHQ-TEL-EXPWYC.lga2.nyt.net
user-attribute.auth.nyti.dev.nyt.net
leaderboards.games.sbx.nyt.net
hybrid-renderer.news.sbx.nyt.net
wit.nyt.net
cookies.games.dev.nyt.net
*.messaging.dv-shared-dev.awsma.nyt.net
lire-ui.auth.nyti.stg.nyt.net
hybrid-renderer.news.sbx.nyt.net
du-bot-newsroom.dev.nyt.net
esx01-c01.stg.lga1.nyt.net
puzzles.dev.nyt.net
static.auth.stg.nyt.net
annotations.rd.nyt.net
srlt3-push-send-service.messaging-dev.awsma.nyt.net
weddings-api-internal.stg.nyt.net
activate-access-bff-dev.nyt.net
jobs-dev.dv.nyt.net
climate.rd.nyt.net
workdayuserguides.nyt.net
grc.nyt.net
me12-audience-api-rpc.messaging-dev.awsma.nyt.net
frm01.nyt.net
*.wirecutter.us-east-1.dv-shared-stg.awsma.nyt.net
webgl-dev.rd.nyt.net
Certificate
The complete raw certificate details for nyt.net in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHDDCCBfSgAwIBAgIQDwtSwNTC6lOKbeKEMjwlDjANBgkqhkiG9w0BAQsFADBe MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRUaGF3dGUgVExTIFJTQSBDQSBHMTAe Fw0yNDAzMjkwMDAwMDBaFw0yNTA0MjkyMzU5NTlaMBIxEDAOBgNVBAMTB255dC5u ZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQLT7Zd8Ro5WrXIrId 9ZpL5ImfpWinZ3R1TA3Pndxun6/W8FvCdEoMMlRsrLzY0i23V+0sDvPQs6c8uk26 E6IPP5IR86z26gDrYsoLO9+ZYMgcVUf8Avd/dyygc+mHuYFV18MasIO0VIA27GI4 ZNgX8Qh6HOHbD5GTSR1ppefIuebi7CvLn0VkZQLmBkJpXp0LmuMiSDtEyCapZzIq LOlG042rz6Scd1hk4Rj41BddHrlcKYOehPlvStlspHY9pQXsTCMBO1mzcJhN3kGd QuezK7tcF1bituQrH/bpcUFAii80GmUw9j2N3Hf7mHsdqK6CwkpoXLt13HcgDMRK ZXivAgMBAAGjggQQMIIEDDAfBgNVHSMEGDAWgBSljP4yzOsPLNQZxgi4ACSIXcPF tzAdBgNVHQ4EFgQUNJE0rU89EKJ93u9+zIjE4IFdWwkwggEZBgNVHREEggEQMIIB DIIHbnl0Lm5ldIIJKi5ueXQubmV0gg0qLnByZC5ueXQubmV0ghIqLnByZC5jZGcx Lm55dC5uZXSCEioucHJkLmNoczEubnl0Lm5ldIISKi5wcmQuaGtnMS5ueXQubmV0 ghIqLnByZC5pYWQxLm55dC5uZXSCEioucHJkLmxnYTEubnl0Lm5ldIISKi5wcmQu bGhyMS5ueXQubmV0ghIqLnByZC5ueWNwLm55dC5uZXSCEioucHJkLm9yZjEubnl0 Lm5ldIISKi5wcmQucGR4MS5ueXQubmV0gg8qLmF3c21hLm55dC5uZXSCIiouaW5m cmFzdi1zaGFyZWQtcHJkLmF3c21hLm55dC5uZXQwPgYDVR0gBDcwNTAzBgZngQwB AgEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4G A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYD VR0fBDQwMjAwoC6gLIYqaHR0cDovL2NkcC50aGF3dGUuY29tL1RoYXd0ZVRMU1JT QUNBRzEuY3JsMHAGCCsGAQUFBwEBBGQwYjAkBggrBgEFBQcwAYYYaHR0cDovL3N0 YXR1cy50aGF3dGUuY29tMDoGCCsGAQUFBzAChi5odHRwOi8vY2FjZXJ0cy50aGF3 dGUuY29tL1RoYXd0ZVRMU1JTQUNBRzEuY3J0MAwGA1UdEwEB/wQCMAAwggF/Bgor BgEEAdZ5AgQCBIIBbwSCAWsBaQB3AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6 ZLFimjnfAAABjotH5lcAAAQDAEgwRgIhAIb0ADSQKgBxkpgsoCLvnaUaPHcm5Zm4 o7XFkn64CsckAiEA7VtJwfudFm8ZgusWJHEdo+a3iBEr3dETrMyco3gOGYwAdwB9 WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAAAY6LR+aUAAAEAwBIMEYC IQDri2YLayC16lu7bq1t4dDA/FxFw0uyVd0Pu4pc9/KeEwIhALxGNGDDI6SRBSN0 AXrq0f4Go+8/AFzEC4xgtLepYuMCAHUA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6 hzId/R43jlAAAAGOi0fmqAAABAMARjBEAiBp+PdoqLBI2/fYgkk+XPbdwPn1EQxB ts8rtkhCZODy5wIgE6ZRJtU5o/wQn8kT/R5tHCxkUzrAA77RMOGiamttOwwwDQYJ KoZIhvcNAQELBQADggEBAH52EwxaPL8PsAIcJANMqXVI9MBCWbKmiBnwYF97UtFj 7aXSlVnrChIi6p9ZPZVHytDz7waGf1JW+7avTQHm2Ou2ZnUYO7oMCVJ0tTnnAZ/M jYx+T+2czVZBg/A8gzxsJmTAqXU0xOHxZZmsbcOlTBLEnb0O6Zq80ehnuYjtMNQj QiRjLaK7krfLLu25mvbZ0z4Ys8wr5QldSjQpctJxs+vaL/ctKE6VE3vY8Px8aE/q 7kq0/M5cYMqDk/sf3u5BO57HoL6HaV/4dXUwYnJDlBY61tgzx7nHXKK0cOX2P7ao opn5awXE5s10iAzWrRdyQTca+CFOFWaX41JY75uIIWU= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkC0+2XfEaOVq1yKyHfWa S+SJn6Vop2d0dUwNz53cbp+v1vBbwnRKDDJUbKy82NItt1ftLA7z0LOnPLpNuhOi Dz+SEfOs9uoA62LKCzvfmWDIHFVH/AL3f3csoHPph7mBVdfDGrCDtFSANuxiOGTY F/EIehzh2w+Rk0kdaaXnyLnm4uwry59FZGUC5gZCaV6dC5rjIkg7RMgmqWcyKizp RtONq8+knHdYZOEY+NQXXR65XCmDnoT5b0rZbKR2PaUF7EwjATtZs3CYTd5BnULn syu7XBdW4rbkKx/26XFBQIovNBplMPY9jdx3+5h7HaiugsJKaFy7ddx3IAzESmV4 rwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 19997213637458783639140543050391758094 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte TLS RSA CA G1' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-29 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-29 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nyt.net' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 18200627305577315029850020897501205745090455489318803472362421418925646778235920909744030692835431023146396559125229108887112934266080453654111461183827486750166652275120781407841400624023970785111836110380648900218295852103245791368429605003897646954635074896167432979079271004286381340983067580536057592127126362549315976441875960403273645093184768592545646834284617108067022619688746563641798392225280750988692487245188365456121760427591591563812538037417040266062426211032260123233326049122298789834464183163524091546885290168298841355619131122083584515704070031035817313404925909514158770248592180732935004321967 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a58cfe32cceb0f2cd419c608b80024885dc3c5b7 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 349134ad4f3d10a27ddeef7ecc88c4e0815d5b09 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (272 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nyt.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.nyt.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd.nyt.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd.cdg1.nyt.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd.chs1.nyt.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd.hkg1.nyt.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd.iad1.nyt.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd.lga1.nyt.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd.lhr1.nyt.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd.nycp.nyt.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd.orf1.nyt.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd.pdx1.nyt.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.awsma.nyt.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.infrasv-shared-prd.awsma.nyt.net' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteTLSRSACAG1.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteTLSRSACAG1.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes) 01690077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018e8b47e657000004030048304602210086f40034902a007192982ca022ef9da51a3c7726e599b8a3b5c5927eb80ac724022100ed5b49c1fb9d166f1982eb1624711da3e6b788112bddd113accc9ca3780e198c0077007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018e8b47e6940000040300483046022100eb8b660b6b20b5ea5bbb6ead6de1d0c0fc5c45c34bb255dd0fbb8a5cf7f29e13022100bc463460c323a491052374017aead1fe06a3ef3f005cc40b8c60b4b7a962e302007500e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018e8b47e6a80000040300463044022069f8f768a8b048dbf7d882493e5cf6ddc0f9f5110c41b6cf2bb6484264e0f2e7022013a65126d539a3fc109fc913fd1e6d1c2c64533ac003bed130e1a26a6b6d3b0c . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 007e76130c5a3cbf0fb0021c24034ca97548f4c04259b2a68819f0605f7b52d163eda5d29559eb0a1222ea9f593d9547cad0f3ef06867f5256fbb6af4d01e6d8ebb66675183bba0c095274b539e7019fcc8d8c7e4fed9ccd564183f03c833c6c2664c0a97534c4e1f16599ac6dc3a54c12c49dbd0ee99abcd1e867b988ed30d4234224632da2bb92b7cb2eedb99af6d9d33e18b3cc2be5095d4a342972d271b3ebda2ff72d284e95137bd8f0fc7c684feaee4ab4fcce5c60ca8393fb1fdeee413b9ec7a0be87695ff875753062724394163ad6d833c7b9c75ca2b470e5f63fb6a8a299f96b05c4e6cd74880cd6ad177241371af8214e156697e35258ef9b882165