creditscore.citi.com

- Citigroup Inc. -

Issued by Symantec Class 3 Extended Validation SHA256 SSL CA

About this certificate

This digital certificate with serial number 25:df:be:27:19:8b:6e:13:62:72:14:ee:09:81:21:3b was issued on by Symantec Corporation.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

Citigroup Inc.

Company registration number: 2154254
Organization: Citigroup Inc.
Organization unit: Citi Cards Internet Services
Address: 399 Park Avenue
Postal code: 10022
State / Province: New York
Locality: New York
Country: US

Symantec Corporation

Organization: Symantec Corporation
Organization unit: Symantec Trust Network
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 25:df:be:27:19:8b:6e:13:62:72:14:ee:09:81:21:3b
Serial Number (int): 50343174799123871484647946648262091067
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: b2:6d:e3:e4:14:0f:8c:3c:73:42:a6:5a:99:1a:d3:14:75:b6:86:db

Fingerprint (sha1): 1d:73:de:75:4c:67:96:57:c3:37:b8:1c:15:b7:c5:dc:cf:d3:c3:92
Fingerprint (sha256): 03:c1:23:0c:e5:50:fb:35:f1:56:e3:b7:fc:60:c1:fe:09:31:1a:ff:8c:e5:3d:c2:09:0c:4c:5c:cc:37:b6:97

Issuing Certificate URL: http://sh.symcb.com/sh.crt

Revocation information

OCSP Server: http://sh.symcd.com
CRL Distribution Point: http://sh.symcb.com/sh.crl

Check the revocation status for certificate creditscore.citi.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for creditscore.citi.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

creditscore.citi.com
www.creditscore.citi.com

Other certificates including the domain name citi.com

(limited to 100 certificates)
tv.citi.com
ibmwebspheremqaltophubqmsit.citi.com
ibmwebspheremqgtsitorg01.citi.com
consumersoa.citi.com
ibmwebspheremqmrntbc12.citi.com
www.citibank.com
ibmWebSphereMQCSGPP.citi.com
uat.citi.com
ibmwebspheremqswprdcol01.citi.com
uat.accountonline.com
mx-test.mail.citi.com
desktop.citi.com
ibmwebspheremqgtsgatewayqm2.citi.com
cardactivation.citi.com
Preview.online.citi.com
Financialtools.citi.com
mobilesoasit2.citi.com
friendlyusertest.creditcards.citi.com
soawebsocketuat.citi.com
www.privatebank.citibank.com
ibmwebspheremqgtprdfus17.citi.com
efdissecuresignuat.citi.com
LyncProdDR.EUR.NSROOT.NET
ibmwebspheremqmrnpbc45.citi.com
citicards.citi.com
expresswaye02.emealabs.citi.com
www.uat.payment.citi.com
security1.citi.com
ibmwebspheremqmdltbc04.citi.com.citi.com
supplierportal.uattec.citi.com
extracash.citi.com
ibmwebspheremqgtprdca04.citi.com
chat.online.citi.com
mailir.citi.com
ibmwebspheremqswprdmob02.citi.com
ibmwebspheremqswprdbby05.citi.com
concierge.citi.com
paymentexchange.cte.transactionservices.citi.com
businesspopmoney.citi.com
citiconnectbeneficiaryadvising.citi.com
approvepay.citi.com
ibmWebSphereMQSP02P.citi.com
www.citibank.co.uk
sit7.online.citi.com
citiconnectbeneficiaryadvising.citi.com
locationtracker.citi.com
ibmwebspheremqmdlpbc03.citi.com
ibmwebspheremqmrnpbc30.citi.com
uat.approvepay.citi.com
vmr.emealabs.citi.com
supplierportal.uat.citi.com
ibmwebspheremqmdlpbc31.citi.com
survey.emailapps.emea.citi.com
ibmWebSphereMQCSGDU.citi.com
wiresuat2.citi.com
www.privatebank.citibank.com
citifundremoteaccess.transactionservices.citi.com
www.retailservicescommercial.citi.com
uat.citi.com
icg.citi.com
paymentexchange.cte.transactionservices.citi.com
ibmwebspheremqfpsnam_prod.citi.com
uat.remoteoffice.citigroup.com
ibmwebspheremqrd03u.citi.com
sip.citi.com
creditscore.citi.com
ibmwebspheremqmdlpbc43.citi.com
wiresuat1.citi.com
uat.citi.com
ibmwebspheremqgtaemf4qm.sit.citi.com
presentandpay.citi.com
www.identityprotection.citi.com
mobilesoaaspac.citi.com
mobileservices.nam.citiprivatebank.citi.com
aspac.api2s.citi.com
eur.vmr.citi.com
www.paymentaidplus.citi.com
m.partner.citi.com
mobilesoaaspac2.citi.com
dit01.creditcards.citi.com
businessaccess.citibank.citigroup.com
ir.citi.com
aspac.api.citi.com
mobilesoaaspac2.citi.com
soawebsocketsit.citi.com
ibmwebspheremqnaissc2p.citi.com
reset.uat.citi.com
ibmwebspheremqswlodcol01.citi.com
ibmwebspheremqgtprdorg02.citi.com
uat.citigoldlounges.citi.com
ibmwebspheremqicgqm1.qc1.citi.com
ibmwebspheremqmdlpbc48.citi.com
uat.citigoldlounges.citi.com
lync13poolnamdev1.namdev.nsrootdev.net
uat.ir.citi.com
sit15.accountonline.citi.com
metrics1.citi.com
citipaymentexchange.citi.com
ibmwebspheremqgtlodrpl01.citi.com
myassetbasedlending.citi.com

Certificate

The complete raw certificate details for creditscore.citi.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHSjCCBjKgAwIBAgIQJd++JxmLbhNichTuCYEhOzANBgkqhkiG9w0BAQsFADCB
ijELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w
HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTswOQYDVQQDEzJTeW1hbnRl
YyBDbGFzcyAzIEV4dGVuZGVkIFZhbGlkYXRpb24gU0hBMjU2IFNTTCBDQTAeFw0x
NzA2MDYwMDAwMDBaFw0xOTAyMjYyMzU5NTlaMIIBHTETMBEGCysGAQQBgjc8AgED
EwJVUzEZMBcGCysGAQQBgjc8AgECDAhEZWxhd2FyZTEdMBsGA1UEDxMUUHJpdmF0
ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUTBzIxNTQyNTQxCzAJBgNVBAYTAlVTMQ4w
DAYDVQQRDAUxMDAyMjERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZ
b3JrMRgwFgYDVQQJDA8zOTkgUGFyayBBdmVudWUxFzAVBgNVBAoMDkNpdGlncm91
cCBJbmMuMSUwIwYDVQQLDBxDaXRpIENhcmRzIEludGVybmV0IFNlcnZpY2VzMR0w
GwYDVQQDDBRjcmVkaXRzY29yZS5jaXRpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKrrwbXt3C7KMuJQ366g/KO60EsgY0zROH7DEyjW+p6KNcv8
dqvv7+kREI1iCLb9wLqRL9C5MtT8u5jwuz6gNglYv/ECIv0hSlD+cTys8IuwclfC
gdbnDK1x1IAohmAJ0NTI1FLiTCgQsIP12gD0yt62WzQ5d9+1mhKqPbwyfOPCIa2o
FhRsRe/cnGHuVpETSXG6wNYSmQrcb4J99N4NgQ0EGC2XOhpCcZs/rrZG2Z/Qc993
XgaGwL4vfsT/gg9DUclFR7tK8UeXnWb4Ao42Pham3YcNdZGLcALWjsk6u3+AOBBa
oPb+brLINRS5ThuewtkNJlZ6WXbDvytHnkACmS0CAwEAAaOCAxQwggMQMDkGA1Ud
EQQyMDCCFGNyZWRpdHNjb3JlLmNpdGkuY29tghh3d3cuY3JlZGl0c2NvcmUuY2l0
aS5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMG8GA1UdIARoMGYwWwYLYIZIAYb4RQEHFwYwTDAjBggr
BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwX
aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwBwYFZ4EMAQEwHwYDVR0jBBgwFoAUsm3j
5BQPjDxzQqZamRrTFHW2htswKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NoLnN5
bWNiLmNvbS9zaC5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRw
Oi8vc2guc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2guc3ltY2IuY29t
L3NoLmNydDCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcA3esdK3oNT6Ygi4Gt
gWhwfi6OnQHVXIiNPRHEzbbsvswAAAFcfsHEOwAABAMASDBGAiEA7FgAh2CPk0eV
/b0BNq7UttQuWbTxJC2EJ/TeUEMSL1YCIQDopWLe5kqdUMFtifANFiGilDJvsHve
K5dwI8C77O93MwB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAAB
XH7BxHIAAAQDAEcwRQIgWNc5b87VwljJzrFlOBeeHOhIt2Qr9xQIXVXl+hNRSuoC
IQCqTI4h92hcYh8yYgyJ70jCF9JuQ9rZxSYN5+ZBbi+53QB2AO5Lvbd1zmC64UJp
H6vhnmajD35fsHLYgwDEe4l6qP3LAAABXH7BxNMAAAQDAEcwRQIhAL0lc9tZ90yo
5cwG1BjjRYGkyguTleWZBDysEVobyvwJAiA1BHeF0AMwWw+nrjbhMSiP4qXFBmKh
nABYGZZWdu9xrzANBgkqhkiG9w0BAQsFAAOCAQEAX89XBFEhUlMmCBKlPo99KMBf
BiAZpWZex2S8Ppe9i0LtFcwXPJVRUN/mF8G8BnKRiSgt8taM7INzvNXlrVTbsLvS
fctZo3LFyAh86URZWCcw3MGslmEXAseyKFJFZyKvwEOIBo+cLvZkAFnaVxCmSkOY
g0O2k3BewjfvTpGWqYYVp//nUZpf1AymB7y4Iij7NPFA9768IqUXnfPE9p83+Rgy
w9qyHQWj/7GT5xiNYy55Vgwxd4bNqxGQ3QHm6vs5JWhjdJzlt47RTP0OmyhGL6DD
9dji8ui2brH3XQsdu9fFJDvVVSqevv4He8RGQdRCXVlExEf7ioXwMtxxmwOnvg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquvBte3cLsoy4lDfrqD8
o7rQSyBjTNE4fsMTKNb6noo1y/x2q+/v6REQjWIItv3AupEv0Lky1Py7mPC7PqA2
CVi/8QIi/SFKUP5xPKzwi7ByV8KB1ucMrXHUgCiGYAnQ1MjUUuJMKBCwg/XaAPTK
3rZbNDl337WaEqo9vDJ848IhragWFGxF79ycYe5WkRNJcbrA1hKZCtxvgn303g2B
DQQYLZc6GkJxmz+utkbZn9Bz33deBobAvi9+xP+CD0NRyUVHu0rxR5edZvgCjjY+
Fqbdhw11kYtwAtaOyTq7f4A4EFqg9v5ussg1FLlOG57C2Q0mVnpZdsO/K0eeQAKZ
LQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 50343174799123871484647946648262091067
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Symantec Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Symantec Trust Network'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Symantec Class 3 Extended Validation SHA256 SSL CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-06-06 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-02-26 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Delaware'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '2154254'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '10022'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '399 Park Avenue'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Citigroup Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Citi Cards Internet Services'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'creditscore.citi.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21576767797175210903850395399025062188411678223630435234498311251491331655599780100755843315454684426090613913905630044881477419391493360949982925757162792533458755804127492275547963953240099422059910958649840181493477287587829039258916906044301196378418084848870683810274044107765371757048187716528929029646763889328587363520377779777491281977967780600167495415040093420545431416317348767813303118411582938286542037885800471012515799727556803945323403473715677827230089411955305606443250774558289627088352340316636352373627842165492556756766331537330866576290609075293451933822312105734546044534631109443266969508141
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'creditscore.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.creditscore.citi.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.113733.1.7.23.6 (VeriSign EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://d.symcb.com/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://d.symcb.com/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName b26de3e4140f8c3c7342a65a991ad31475b686db
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sh.symcb.com/sh.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sh.symcd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sh.symcb.com/sh.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007700ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc0000015c7ec1c43b0000040300483046022100ec580087608f934795fdbd0136aed4b6d42e59b4f1242d8427f4de5043122f56022100e8a562dee64a9d50c16d89f00d1621a294326fb07bde2b977023c0bbecef7733007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000015c7ec1c4720000040300473045022058d7396fced5c258c9ceb16538179e1ce848b7642bf714085d55e5fa13514aea022100aa4c8e21f7685c621f32620c89ef48c217d26e43dad9c5260de7e6416e2fb9dd007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000015c7ec1c4d30000040300473045022100bd2573db59f74ca8e5cc06d418e34581a4ca0b9395e599043cac115a1bcafc09022035047785d003305b0fa7ae36e131288fe2a5c50662a19c005819965676ef71af
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		005fcf570451215253260812a53e8f7d28c05f062019a5665ec764bc3e97bd8b42ed15cc173c955150dfe617c1bc06729189282df2d68cec8373bcd5e5ad54dbb0bbd27dcb59a372c5c8087ce94459582730dcc1ac96611702c7b22852456722afc04388068f9c2ef6640059da5710a64a43988343b693705ec237ef4e9196a98615a7ffe7519a5fd40ca607bcb82228fb34f140f7bebc22a5179df3c4f69f37f91832c3dab21d05a3ffb193e7188d632e79560c317786cdab1190dd01e6eafb39256863749ce5b78ed14cfd0e9b28462fa0c3f5d8e2f2e8b66eb1f75d0b1dbbd7c5243bd5552a9ebefe077bc44641d4425d5944c447fb8a85f032dc719b03a7be