*.dns.icann.org
- Internet Corporation for Assigned Names and Numbers -
Issued by DigiCert SHA2 High Assurance Server CA
About this certificate
This digital certificate with serial number 0c:33:ac:6d:89:52:53:27:fe:3d:80:e2:12:90:ad:c3 was issued on by DigiCert Inc.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Internet Corporation for Assigned Names and Numbers
Organization:
Internet Corporation for Assigned Names and Numbers
Organization unit: DNS Engineering
Organization unit: DNS Engineering
State / Province:
California
Locality: Los Angeles
Country: US
Locality: Los Angeles
Country: US
DigiCert Inc
Organization:
DigiCert Inc
Organization unit: www.digicert.com
Organization unit: www.digicert.com
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 0c:33:ac:6d:89:52:53:27:fe:3d:80:e2:12:90:ad:c3Serial Number (int): 16219040342024779782920168290187783619
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: ca:4f:19:bd:bc:27:c9:49:6c:cb:ae:91:f8:2c:ff:06:d2:42:3d:d5
AuthorityKeyId: 51:68:ff:90:af:02:07:75:3c:cc:d9:65:64:62:a2:12:b8:59:72:3b
Fingerprint (sha1): 7c:f8:d4:fe:b0:dd:61:3b:61:09:e4:ad:ba:b7:dc:16:df:37:94:2a
Fingerprint (sha256): 03:be:59:5d:29:bc:4c:3c:31:90:bc:79:4e:78:2a:bf:1b:42:55:09:9b:7c:1e:28:d0:2b:97:b9:c8:62:fc:3c
Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt
Revocation information
OCSP Server: http://ocsp.digicert.comCRL Distribution Point: http://crl3.digicert.com/sha2-ha-server-g3.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ha-server-g3.crl
Check the revocation status for certificate *.dns.icann.org
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.dns.icann.org
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.dns.icann.org
dns.icann.org
dns.icann.org
Other certificates including the domain name icann.org
(limited to 100 certificates)
st.icann.org
67.schedule.icann.org
ithi.research.icann.org
69.schedule.icann.org
rfc-annotations.research.icann.org
68.schedule.icann.org
download.research.icann.org
ithi.research.icann.org
ithi.research.icann.org
portal.sloanps.com
*.dev.icann.org
st.icann.org
members.icann.org
63.schedule.icann.org
ithi.research.icann.org
xn--mgbag5a2flx.icann.org
*.dns.icann.org
vanity6.jiveon.com
www.lroot.icann.org
redirects.icann.org
62.schedule.icann.org
ithi.research.icann.org
ombudsman.icann.org
schedule.icann.org
xn--mgbag5a2flx.icann.org
singapore41.icann.org
67.schedule.icann.org
archive.icann.org
eaitestbed.icann.org
vanity6.jiveon.com
ithi.research.icann.org
participate.icann.org
singapore41.icann.org
moodlerooms.com
moodlerooms.com
learn-ar.icann.org
atlarge.cdn.icann.org
ithi.research.icann.org
members.icann.org
redirects.icann.org
autogestion.venamcham.org
marketo.icann.org
www.lroot.icann.org
rfc-annotations.research.icann.org
icann.com
newsalerts.icann.org
62.schedule.icann.org
st.icann.org
download.research.icann.org
moodlerooms.com
icann.org
access.icann.org
ithi.research.icann.org
aso.icann.org
66.schedule.icann.org
owa.icann.org
vanity6.jiveon.com
*.jiveon.com
clearpass.icann.org
vanity6.jiveon.com
go.icann.org
st.icann.org
download.research.icann.org
dns-demographics.icann.org
observatory.research.icann.org
rfc-annotations.research.icann.org
icann.jobs
ombudsman.icann.org
observatory.research.icann.org
icann.jobs
singapore41.icann.org
ombudsman.icann.org
epa.cheggindia.com
go.icann.org
observatory.research.icann.org
singapore41.icann.org
download.research.icann.org
members.icann.org
xn--mgbag5a2flx.icann.org
st.icann.org
access.icann.org
icann.com
71.schedule.icann.org
go.icann.org
63.schedule.icann.org
ithi.research.icann.org
66.schedule.icann.org
redirects.icann.org
www.afralo.org
moodlerooms.com
64.schedule.icann.org
www.lroot.icann.org
magnitude.research.icann.org
events.icann.org
71.schedule.icann.org
download.research.icann.org
singapore41.icann.org
download.research.icann.org
magnitude.research.icann.org
www.lroot.icann.org
67.schedule.icann.org
ithi.research.icann.org
69.schedule.icann.org
rfc-annotations.research.icann.org
68.schedule.icann.org
download.research.icann.org
ithi.research.icann.org
ithi.research.icann.org
portal.sloanps.com
*.dev.icann.org
st.icann.org
members.icann.org
63.schedule.icann.org
ithi.research.icann.org
xn--mgbag5a2flx.icann.org
*.dns.icann.org
vanity6.jiveon.com
www.lroot.icann.org
redirects.icann.org
62.schedule.icann.org
ithi.research.icann.org
ombudsman.icann.org
schedule.icann.org
xn--mgbag5a2flx.icann.org
singapore41.icann.org
67.schedule.icann.org
archive.icann.org
eaitestbed.icann.org
vanity6.jiveon.com
ithi.research.icann.org
participate.icann.org
singapore41.icann.org
moodlerooms.com
moodlerooms.com
learn-ar.icann.org
atlarge.cdn.icann.org
ithi.research.icann.org
members.icann.org
redirects.icann.org
autogestion.venamcham.org
marketo.icann.org
www.lroot.icann.org
rfc-annotations.research.icann.org
icann.com
newsalerts.icann.org
62.schedule.icann.org
st.icann.org
download.research.icann.org
moodlerooms.com
icann.org
access.icann.org
ithi.research.icann.org
aso.icann.org
66.schedule.icann.org
owa.icann.org
vanity6.jiveon.com
*.jiveon.com
clearpass.icann.org
vanity6.jiveon.com
go.icann.org
st.icann.org
download.research.icann.org
dns-demographics.icann.org
observatory.research.icann.org
rfc-annotations.research.icann.org
icann.jobs
ombudsman.icann.org
observatory.research.icann.org
icann.jobs
singapore41.icann.org
ombudsman.icann.org
epa.cheggindia.com
go.icann.org
observatory.research.icann.org
singapore41.icann.org
download.research.icann.org
members.icann.org
xn--mgbag5a2flx.icann.org
st.icann.org
access.icann.org
icann.com
71.schedule.icann.org
go.icann.org
63.schedule.icann.org
ithi.research.icann.org
66.schedule.icann.org
redirects.icann.org
www.afralo.org
moodlerooms.com
64.schedule.icann.org
www.lroot.icann.org
magnitude.research.icann.org
events.icann.org
71.schedule.icann.org
download.research.icann.org
singapore41.icann.org
download.research.icann.org
magnitude.research.icann.org
www.lroot.icann.org
Certificate
The complete raw certificate details for *.dns.icann.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGlDCCBXygAwIBAgIQDDOsbYlSUyf+PYDiEpCtwzANBgkqhkiG9w0BAQsFADBw MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA5MzAwMDAwMDBaFw0xNzEwMDQxMjAwMDBa MIGqMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxML TG9zIEFuZ2VsZXMxPDA6BgNVBAoTM0ludGVybmV0IENvcnBvcmF0aW9uIGZvciBB c3NpZ25lZCBOYW1lcyBhbmQgTnVtYmVyczEYMBYGA1UECxMPRE5TIEVuZ2luZWVy aW5nMRgwFgYDVQQDDA8qLmRucy5pY2Fubi5vcmcwggIiMA0GCSqGSIb3DQEBAQUA A4ICDwAwggIKAoICAQDiYxzXGqvsn9fnL1MFtsH2m2qt7S1aVGacxhEArwEtyGfj A+obyw5MB//LMpXX2b7L6pLUkQWOIAQ7henMSaMJMgRp2XyGotiJhVp+7Z7DbxsW PJWyYXaSL91Zrx+iwrsnrID/Uy9L2uAmb/AdmQUxP0NMaf44VrKu91vqP31Tj1n9 tLlzf9gIJtSY9KmfVQvs9IGdj5CbxpzI4d1LXwMk4Ks3Xetn9KvpNALVuyx2c+pl bCZlXOXf+a8PmuepbR6ZIbQnmWLGAMIJBIQ57NBMnzTpRvhq/pz9icyEpA7fmtmJ 9Gz6uhMU1ma1Rr707FNZoaU/6ONM9XqTFLOKUyOa201277lhOPZp26oJqqvo/6Vf oeEJzJX5PRIlnnbxLfvjbR3IshQRnLvViefHPIyO2W31IP/pgwnjbWIAArsWy9zf KjM1pskrdmXltalPsMZeko3UiWLxjU1P7tW25CrShjGaRt1AOwwy6qm4ocsH0T+m bC/z4n8dywPffrbX4ajHyGE/jb9u/JRrJiTSiJaOgLY4SMGXqBMVJxL/0v4O0MUH AUC3M5q89HTWxYg2NbtrICPUbhumi5v/5uc+J9jf5FJX2juAln3GBupz7wBQXfIn wMqG/5logJzWTx+qIdX/MufRwm2K6MplgNSLTtQQkaGeq8fnOXJfszLSFo5VrQID AQABo4IB7TCCAekwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYD VR0OBBYEFMpPGb28J8lJbMuukfgs/wbSQj3VMCkGA1UdEQQiMCCCDyouZG5zLmlj YW5uLm9yZ4INZG5zLmljYW5uLm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9j cmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMy5jcmwwNKAyoDCGLmh0 dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMy5jcmwwQgYD VR0gBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cu ZGlnaWNlcnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhho dHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNl cnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVy Q0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAGebUvi/pQEu Z0DOAZTp+cK52FadOCYs4TbCYZswDT+6njfH6xuXihQihan5kM9xVCrh6tu8X5NJ uhfShGoeTZ991HyiCpwoH2fTsSLsh33+/XjZjh251QJiwqUIJPbf5cGkyF5Hef8V 9qUbR7w/N/0jTE8sQCW+CUfHflRsLLkb9U5ztvFFJ4VB5FfddgNB3tuZ8igj3wS0 DY5Tkh9x3lVaKTq1FEotNd9yLNVvbWMO9geqJIVqag82q8DMSeMbOVnrtjofaOyi E65d3tN2coxCiN4O9NRUMx2YKK4EIK6GcEHs2j4C6unNdczARYvoT+ycYKCPpNjv BHxJqitIh5U= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4mMc1xqr7J/X5y9TBbbB 9ptqre0tWlRmnMYRAK8BLchn4wPqG8sOTAf/yzKV19m+y+qS1JEFjiAEO4XpzEmj CTIEadl8hqLYiYVafu2ew28bFjyVsmF2ki/dWa8fosK7J6yA/1MvS9rgJm/wHZkF MT9DTGn+OFayrvdb6j99U49Z/bS5c3/YCCbUmPSpn1UL7PSBnY+Qm8acyOHdS18D JOCrN13rZ/Sr6TQC1bssdnPqZWwmZVzl3/mvD5rnqW0emSG0J5lixgDCCQSEOezQ TJ806Ub4av6c/YnMhKQO35rZifRs+roTFNZmtUa+9OxTWaGlP+jjTPV6kxSzilMj mttNdu+5YTj2aduqCaqr6P+lX6HhCcyV+T0SJZ528S37420dyLIUEZy71YnnxzyM jtlt9SD/6YMJ421iAAK7Fsvc3yozNabJK3Zl5bWpT7DGXpKN1Ili8Y1NT+7VtuQq 0oYxmkbdQDsMMuqpuKHLB9E/pmwv8+J/HcsD33621+Gox8hhP42/bvyUayYk0oiW joC2OEjBl6gTFScS/9L+DtDFBwFAtzOavPR01sWINjW7ayAj1G4bpoub/+bnPifY 3+RSV9o7gJZ9xgbqc+8AUF3yJ8DKhv+ZaICc1k8fqiHV/zLn0cJtiujKZYDUi07U EJGhnqvH5zlyX7My0haOVa0CAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 16219040342024779782920168290187783619 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 High Assurance Server CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2014-09-30 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-10-04 12:00:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Los Angeles' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet Corporation for Assigned Names and Numbers' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DNS Engineering' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.dns.icann.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 923579029544937867398129927996904011147514929084691857154133595185822425683542856555002600728438539511723515133617191628074668896532542840454143487658364568659302287512692239594738257388457104504985881238976823689956532810641514628293866989262547635711531794292456719245822672831586670015336452976781204006114909364213641911367743331312659853583283959483641219485182108830083628311501154771149617044165441334049583412763866864585037832110276117478994712263287821898098967450076627177822135974569509085401410375116333632841516849788217314955737780442295981046566733548236181019878716881107359120451720847474426164386722989672590442141722559378720854845434605197464883229719520906039346604421909766296760499085507126083537601795820205033084494815533318759625940295264097449727805219035081074936738466995940892763521791666735382330722657485307167735718206274229107291934489197296147833737614908662470556882801336845383875830637225507435427226743514883345396227617844796751863877911864481947826609596499820785474538538175137875955201919692245977534906038952647247962483496621551729394361871872111359048941465392062570503326085742824752328206333851335659876073816489357703969434436681349581887813653597884091065854359863392781746528212397 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 5168ff90af0207753cccd9656462a212b859723b . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) ca4f19bdbc27c9496ccbae91f82cff06d2423dd5 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.dns.icann.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dns.icann.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ha-server-g3.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ha-server-g3.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (59 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00679b52f8bfa5012e6740ce0194e9f9c2b9d8569d38262ce136c2619b300d3fba9e37c7eb1b978a142285a9f990cf71542ae1eadbbc5f9349ba17d2846a1e4d9f7dd47ca20a9c281f67d3b122ec877dfefd78d98e1db9d50262c2a50824f6dfe5c1a4c85e4779ff15f6a51b47bc3f37fd234c4f2c4025be0947c77e546c2cb91bf54e73b6f145278541e457dd760341dedb99f22823df04b40d8e53921f71de555a293ab5144a2d35df722cd56f6d630ef607aa24856a6a0f36abc0cc49e31b3959ebb63a1f68eca213ae5dded376728c4288de0ef4d454331d9828ae0420ae867041ecda3e02eae9cd75ccc0458be84fec9c60a08fa4d8ef047c49aa2b488795