sail.am.lilly.com

- Eli Lilly and Company -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 04:47:16:47:2d:e6:d9:a6:37:35:fe:03:17:4c:f8:d3 was issued on by Entrust, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Eli Lilly and Company

Organization: Eli Lilly and Company
State / Province: Indiana
Locality: Indianapolis
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 04:47:16:47:2d:e6:d9:a6:37:35:fe:03:17:4c:f8:d3
Serial Number (int): 5686016912512361302894746348320258259
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: b5:b3:71:43:1e:71:b6:97:4a:28:d1:13:80:88:0f:b4:ba:e6:e7:74
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 02:f1:86:d1:9e:8d:b0:ed:6a:82:0b:52:52:8c:d4:4c:d3:d0:89:6e
Fingerprint (sha256): 04:04:ba:be:7b:75:49:af:f6:c0:11:67:8b:c8:2f:d0:27:bd:21:e2:6a:fa:04:90:54:e3:9b:07:73:e5:f5:d0

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate sail.am.lilly.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for sail.am.lilly.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

sail.am.lilly.com

Other certificates including the domain name lilly.com

(limited to 100 certificates)
asp-t.lilly.com
mi-lb-z1-v1.xh1.lilly.com
dev-element.lilly.com
connect.lilly.com
impact-qa.am.lilly.com
enginframe-t.am.lilly.com
Lyncpoolz1fe.rf.lilly.com
www.cialis.co.nz
www.lilly.net.br
adp-ess.lilly.com
chinalccp-q.lillyadmin.cn
SB-JPN-KOBE-02.rf.lilly.com
sappipci.d52.lilly.com
www.lilly.co.za
alscsoa-dr.am.lilly.com
credit360.xh1.lilly.com
artritrereumatoide.xh2.lilly.com
olumiantreview.lilly.com
ects-qatss.am.lilly.com
iwrstrans-qa.xh1.lilly.com
lillypad.lilly.com
MQZl4igel.am.lilly.com
heroku-to-aws-video.heroku-apps.lilly.com
mdutranslate.lilly.com
ct2-dev.lilly.com
sapepqci.d52.lilly.com
SBC-O365-USA-INDY-TEST-01.lilly.com
lillyscience.lilly.com
webtop.ema.lilly.com
SBCTEAMS-USA-INDY-01.XH1.lilly.com
image.partnerapp1.myworld.com
dctmlrlextadmin.am.lilly.com
chinagamification.xh3.lilly.com
leo-app-d.am.lilly.com
plmssd.am.lilly.com
elementadmin-qa.lilly.com
connect.lilly.com
*.paas.xh1.lilly.com
lilly.connect.lilly.com
bpmpc-z1-86.am.lilly.com
api.data-q.rids.lilly.com
srvstgweb.d52.lilly.com
odmdc-z1.am.lilly.com
review-2.data.lilly.com
chinami-d.xh3.lilly.com
srvbes.am.lilly.com
dmw.am.lilly.com
elancophotocontestportugal.xh2.lilly.com
SB-SLO-BRAT-01.rf.lilly.com
myequity.xh1.lilly.com
je3svr272.ap.lilly.com
SB-USA-WASH-01.RF.lilly.com
sbt-chi-suzh-01.ap.lilly.com
mail141qas1.am.lilly.com
lillyru-d.xh1.lilly.com
dmw-dev.am.lilly.com
lillyapp105-qa.am.lilly.com
reset-dc.xh1.lilly.com
lillyakademi.com
www.d-diabetes.com
www.supportservices.lilly.com
chinacmp.xh3.lilly.com
cst.lilly.com
www.36saat.com
ifolio.lilly.com
RWE.lilly.com
mydesktop.ap.lilly.com
www.lillyhcp.com
mail141qae2.xh1.lilly.com
lillyconnect-sa.com
rwe.lilly.com
lilly.com
osf.lilly.com
statsclstr4-2node.am.lilly.com
soag-z1-d.am.lilly.com
www.d-diabetes.com
EIPCC.am.lilly.com
iwrs.lilly.com
sac-test.lilly.com
pages.mc.lilly.com
www.lillypod.com.au
akamai-san35.exacttarget.com
image.partnerapp1.myworld.com
sail.am.lilly.com
try.connect.lilly.com
ics-mdit-ctsup-d.lilly.com
lillyakademi.com
insulinsimulator.lilly.com
sapsmqci.aws.lilly.com
workday.lilly.com
global-boilerplate-nuxt.heroku-apps.lilly.com
*.domino.aws.lilly.com
jarvispro.lilly.com
SB-PHI-MANI-01.rf.lilly.com
chinalccp-q-new.xh3.lilly.com
copay.lilly.com
leo-app-q.am.lilly.com
federate-qa.xh1.lilly.com
MQZWORKSPACE.am.lilly.com
ie2b2mestest-mfg.ema.lilly.com

Certificate

The complete raw certificate details for sail.am.lilly.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIQBEcWRy3m2aY3Nf4DF0z40zANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDA1MTcwNDAwMjBaFw0yNTA2MTYwNDAwMTlaMHIxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIEwdJbmRpYW5hMRUwEwYDVQQHEwxJbmRpYW5hcG9saXMxHjAcBgNVBAoTFUVs
aSBMaWxseSBhbmQgQ29tcGFueTEaMBgGA1UEAxMRc2FpbC5hbS5saWxseS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ3Ld5Or9EPUulPylRhAJO
7Wqpfo5m71dpQtmGG8EJQRvzBu7wstAnpyySrmn3QNC8HjiEuWVbruKUNIG3J/ps
h47rQApYPqAX8x8ve44IF5xXqj4LqidBCKs//CFdvL5KrLXxR6oMe2ImKEXriy7k
POgb3l21hw/zWfXUcir+sxhkWQFIMRei34FrL9fE+uh+sBYXoUeEBajEnbniIesa
c+olUkjIiHNM9DhiI8CrzK5AyVwygaxDqMpN7qjf2TcpeYd6aDO0EnfAZ97+KQXZ
v8Uliz73Al5vcPlDTJKeh0TI5lmCm2huHiYhxzVGEmyZTUSEGds2Ihm9ivKeV/Vx
AgMBAAGjggFoMIIBZDAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS1s3FDHnG2l0oo
0ROAiA+0uubndDAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzBoBggr
BgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0
MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1jaGFpbjI1
Ni5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9s
ZXZlbDFrLmNybDAcBgNVHREEFTATghFzYWlsLmFtLmxpbGx5LmNvbTAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBMGA1UdIAQM
MAowCAYGZ4EMAQICMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUA
A4IBAQBAnwvDyw6p9wcVlo+vgjjkJM/wZn57oeF06S81qLnZ15io5lfiBD9U00EA
WrK4d5AqUFwjePqZLauQGPh/uhYJVvd8bgsW4e7yGg8/6soft/uKviLuX7CyRVex
wOuwOs563bEAhDcLU/LLKkYGfCFGosT9Qw1u+8M+X8oGsRmHwKvR41p+M9IDAscJ
pibU+faPm2L5UPj5EkyhuEfBKqOIYnks0JWbcQY2KLeSSeaqtfNazho/KCzq9tND
cl0xe2DmcEQcBv4Ld5cHKb52sna6yPa8FdnnTqOY7p1HvReIxZHr+qFWTp7UhOeO
y3EG5WeLECd2Ugzdp5YIiHMnVDeQ
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dy3eTq/RD1LpT8pUYQC
Tu1qqX6OZu9XaULZhhvBCUEb8wbu8LLQJ6cskq5p90DQvB44hLllW67ilDSBtyf6
bIeO60AKWD6gF/MfL3uOCBecV6o+C6onQQirP/whXby+Sqy18UeqDHtiJihF64su
5DzoG95dtYcP81n11HIq/rMYZFkBSDEXot+Bay/XxProfrAWF6FHhAWoxJ254iHr
GnPqJVJIyIhzTPQ4YiPAq8yuQMlcMoGsQ6jKTe6o39k3KXmHemgztBJ3wGfe/ikF
2b/FJYs+9wJeb3D5Q0ySnodEyOZZgptobh4mIcc1RhJsmU1EhBnbNiIZvYrynlf1
cQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 5686016912512361302894746348320258259
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-17 04:00:20 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-06-16 04:00:19 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Indiana'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Indianapolis'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Eli Lilly and Company'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'sail.am.lilly.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27502551635733816776616307974170233318341771836790619824385255667936555503870249516305530780207155313768243007104421158792438963910853141403614758551915167086067772752563312771356709439536833339767099094402148159444820667969345063720413339482807445292427998428222330732320801145314429961214120499318438441185604978220006586574559939300522663994558616396977785914527578377242125915600190018671684737237708737252562431829733940928653360608361430785566695078760923721218609338101385411267614134967133100357614184026066154817888238099008121123559776549223580966504277600238099361705933860309397663816730701361883116991857
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b5b371431e71b6974a28d11380880fb4bae6e774
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (21 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sail.am.lilly.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00409f0bc3cb0ea9f70715968faf8238e424cff0667e7ba1e174e92f35a8b9d9d798a8e657e2043f54d341005ab2b877902a505c2378fa992dab9018f87fba160956f77c6e0b16e1eef21a0f3feaca1fb7fb8abe22ee5fb0b24557b1c0ebb03ace7addb10084370b53f2cb2a46067c2146a2c4fd430d6efbc33e5fca06b11987c0abd1e35a7e33d20302c709a626d4f9f68f9b62f950f8f9124ca1b847c12aa38862792cd0959b71063628b79249e6aab5f35ace1a3f282ceaf6d343725d317b60e670441c06fe0b77970729be76b276bac8f6bc15d9e74ea398ee9d47bd1788c591ebfaa1564e9ed484e78ecb7106e5678b102776520cdda79608887327543790