starscream.sierra.state.gov

Issued by U.S. Department of State AD High Assurance CA

About this certificate

This digital certificate with serial number 51:b6:f7:18 was issued on byU.S. Department of State AD High Assurance CA.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DNSNames must have a valid TLD. (BRs: 3.2.2.4)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=starscream.sierra.state.gov,OU=Enterprise Services+OU=PKI+OU=Web Servers,0.9.2342.19200300.100.1.25=#130b6170707365727669636573,0.9.2342.19200300.100.1.25=#13057374617465,0.9.2342.19200300.100.1.25=#1303736275

U.S. Department of State AD High Assurance CA

This certificate has expire since

Certificate Details

Serial Number (hex): 51:b6:f7:18
Serial Number (int): 1370945304
Serial Number lenght: 31 bits, 4 octets

SubjectKeyId: 77:b2:34:a8:da:46:6d:fc:12:1b:14:c1:4f:2c:a8:7c:f9:33:03:a9
AuthorityKeyId: 2f:4a:ea:b0:a5:54:3f:07:92:4d:49:9b:3e:7d:08:5a:d2:43:b9:4b

Fingerprint (sha1): 6e:31:f3:a0:7c:43:ec:bc:fb:ae:42:9a:47:b1:00:63:76:08:29:59
Fingerprint (sha256): 04:08:b5:b1:12:61:b4:3c:7f:6e:f5:d6:75:78:0d:17:7f:79:34:04:67:de:76:e6:74:b1:45:43:d3:eb:02:19

Issuing Certificate URL: http://crls.pki.state.gov/AIA/CertsIssuedToDoSADHACA.p7c
Issuing Certificate URL: ldap://certrep.pki.state.gov/cn=U.S.%20Department%20of%20State%20AD%20High%20Assurance%20CA,cn=AIA,cn=Public%20Key%20Services,cn=Services,cn=Configuration,dc=state,dc=sbu?cACertificate;binary
Issuing Certificate URL: ldap://certrep.pki.state.gov/cn=U.S.%20Department%20of%20State%20AD%20High%20Assurance%20CA,cn=AIA,cn=Public%20Key%20Services,cn=Services,cn=Configuration,dc=state,dc=sbu?crossCertificatePair;binary

Revocation information

OCSP Server: http://ocsp.pki.state.gov/OCSP/DoSOCSPResponder

Check the revocation status for certificate starscream.sierra.state.gov

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for starscream.sierra.state.gov

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

11 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

starscream.sierra.state.gov
sessmsmdmas1u.ses.state.sbu
sessmsmdmas2u.ses.state.sbu

Other certificates including the domain name state.gov

(limited to 100 certificates)
receptiontours.state.gov
cert5.state.gov
test-web-lws.edu.help
entranceondutytst.state.gov
womenofcourage.state.gov
pptform2.state.gov
tfa.state.gov
dev.cadatacatalog.state.gov
www.dvlottery.state.gov
test-cms.history.state.gov
pptform.state.gov
sni.cloudflaressl.com
receptiontours.state.gov
2001-2009.state.gov
oas.icdev.de
www.dvlottery.state.gov
exchanges.state.gov
pptform.state.gov
elibraryusa.state.gov
5636635823702016-fe2.pantheonsite.io
ivvsmarttraveler.state.gov
usrapchad.state.gov
adgsupport.state.gov
staging-bangkok.ilea.state.gov
www.design-engineering.princeton.edu
stsent.state.gov
alumni.dev.state.gov
iocareers.state.gov
bangkok.ilea.ign-uat.inl.state.gov
admin.eca.test.state.gov
globalhealth.playbooks.commons-dev.state.gov
caprovservice.state.gov
dev.diplomacy.state.gov
auth.passportappointment.travel.state.gov
rnet.state.gov
hrex.state.gov
www.j1visa.state.gov
search.usa.gov
www.blogs.earthjustice.org
readmypins.state.gov
sni.cloudflaressl.com
exportcontrol.state.gov
*.state.gov
j1visawaiverstatus.state.gov
directory-sandbox.state.gov
webdev.colorado.edu
state.gov
virtual2.unlv.edu
research-pp.stonybrook.edu
workflows.state.gov
fsilearncenter.state.gov
5636635823702016-fe2.pantheonsite.io
covid19.playbooks.commons-dev.state.gov
deccschat.pmddtc.state.gov
upenn-it.asc.upenn.edu
*.staging.pmddtc.state.gov
*.state.gov
geonode.state.gov
alumni.state.gov
diplomacy.state.gov
www.dvlottery.state.gov
starscream.sierra.state.gov
secondarycities.geonode.state.gov
synergy.state.gov
berlinwall.state.gov
playbooks.commons-dev.state.gov
oas.icdev.de
educationusa.state.gov
test-cms.history.state.gov
PassportStatus.state.gov
*.test.state.gov
ivvcadataapi.state.gov
tfa.state.gov
sait.state.gov
sni.cloudflaressl.com
commons-dev.state.gov
refugeesmigration.playbooks.commons.state.gov
cms.history.state.gov
sni.cloudflaressl.com
akamaisecure7.qualtrics.com
bangkok.ilea.state.gov
iservices.state.gov
secondarycities.state.gov
Server3.eRecruitment.State.gov
online-auction-controlpanel.state.gov
americanenglish.state.gov
amspaces.state.gov
cert5.state.gov
hiu.state.gov
readmypins.state.gov
adgsupport.state.gov
cfsc.state.gov
jsas.state.gov
pivogr.state.gov
sni.cloudflaressl.com
qa.californiasciencecenter.ca.gov
akamaisecure7.qualtrics.com
diplomacy.state.gov
ceac.state.gov
dev.cadataapi.state.gov

Certificate

The complete raw certificate details for starscream.sierra.state.gov in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJVzCCCD+gAwIBAgIEUbb3GDANBgkqhkiG9w0BAQsFADCBuzETMBEGCgmSJomT
8ixkARkWA3NidTEVMBMGCgmSJomT8ixkARkWBXN0YXRlMRYwFAYDVQQDDA1Db25m
aWd1cmF0aW9uMREwDwYDVQQDDAhTZXJ2aWNlczEcMBoGA1UEAwwTUHVibGljIEtl
eSBTZXJ2aWNlczEMMAoGA1UEAwwDQUlBMTYwNAYDVQQDDC1VLlMuIERlcGFydG1l
bnQgb2YgU3RhdGUgQUQgSGlnaCBBc3N1cmFuY2UgQ0EwHhcNMTcxMjEyMTUwNjIy
WhcNMjAxMjEyMTUzNjIyWjCBsTETMBEGCgmSJomT8ixkARkWA3NidTEVMBMGCgmS
JomT8ixkARkWBXN0YXRlMRswGQYKCZImiZPyLGQBGRYLYXBwc2VydmljZXMxHDAa
BgNVBAsME0VudGVycHJpc2UgU2VydmljZXMxDDAKBgNVBAsMA1BLSTEUMBIGA1UE
CwwLV2ViIFNlcnZlcnMxJDAiBgNVBAMMG3N0YXJzY3JlYW0uc2llcnJhLnN0YXRl
LmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjYozN2Fy6slh7o
1S7XlY7fkhxEJLHMaXuLwDw+ib4WhL1SvmmOxO3X3w5IzAgOJsz2QhbWo3f7/NI/
1VcgrW1HEKMN4eLG3jjQIxFN5glF4/xKkD6aIZIQzXeysLur0JEo2/ThQhhgBsmB
PXragEG0Lnpc9zaebigoi65Tek1DFsVJzsyRMkO2W23AmOLmrrvlOvHHPJAJCq84
cO+iuTcRqjnI9w5d3xWgqhcHvllWPRcKg+YtVlcxfe2f4qAjnrIHBq3fSWml1Exb
bj31VEstZSI/3bM4PjBCsO5SngEK419nEaJc6nTKM9FgpPHKPsx20pWRnm2m9MNv
fAk+GqsCAwEAAaOCBWkwggVlMA4GA1UdDwEB/wQEAwIFoDAXBgNVHSAEEDAOMAwG
CmCGSAFlAwIBBiUwEwYDVR0lBAwwCgYIKwYBBQUHAwEwggI6BggrBgEFBQcBAQSC
AiwwggIoMEQGCCsGAQUFBzAChjhodHRwOi8vY3Jscy5wa2kuc3RhdGUuZ292L0FJ
QS9DZXJ0c0lzc3VlZFRvRG9TQURIQUNBLnA3YzCBzAYIKwYBBQUHMAKGgb9sZGFw
Oi8vY2VydHJlcC5wa2kuc3RhdGUuZ292L2NuPVUuUy4lMjBEZXBhcnRtZW50JTIw
b2YlMjBTdGF0ZSUyMEFEJTIwSGlnaCUyMEFzc3VyYW5jZSUyMENBLGNuPUFJQSxj
bj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxjbj1TZXJ2aWNlcyxjbj1Db25maWd1
cmF0aW9uLGRjPXN0YXRlLGRjPXNidT9jQUNlcnRpZmljYXRlO2JpbmFyeTCB0wYI
KwYBBQUHMAKGgcZsZGFwOi8vY2VydHJlcC5wa2kuc3RhdGUuZ292L2NuPVUuUy4l
MjBEZXBhcnRtZW50JTIwb2YlMjBTdGF0ZSUyMEFEJTIwSGlnaCUyMEFzc3VyYW5j
ZSUyMENBLGNuPUFJQSxjbj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxjbj1TZXJ2
aWNlcyxjbj1Db25maWd1cmF0aW9uLGRjPXN0YXRlLGRjPXNidT9jcm9zc0NlcnRp
ZmljYXRlUGFpcjtiaW5hcnkwOwYIKwYBBQUHMAGGL2h0dHA6Ly9vY3NwLnBraS5z
dGF0ZS5nb3YvT0NTUC9Eb1NPQ1NQUmVzcG9uZGVyMGAGA1UdEQRZMFeCG3N0YXJz
Y3JlYW0uc2llcnJhLnN0YXRlLmdvdoIbc2Vzc21zbWRtYXMxdS5zZXMuc3RhdGUu
c2J1ghtzZXNzbXNtZG1hczJ1LnNlcy5zdGF0ZS5zYnUwggHwBgNVHR8EggHnMIIB
4zCCAd+gggHboIIB16SBzzCBzDETMBEGCgmSJomT8ixkARkWA3NidTEVMBMGCgmS
JomT8ixkARkWBXN0YXRlMRYwFAYDVQQDDA1Db25maWd1cmF0aW9uMREwDwYDVQQD
DAhTZXJ2aWNlczEcMBoGA1UEAwwTUHVibGljIEtleSBTZXJ2aWNlczEMMAoGA1UE
AwwDQUlBMTYwNAYDVQQDDC1VLlMuIERlcGFydG1lbnQgb2YgU3RhdGUgQUQgSGln
aCBBc3N1cmFuY2UgQ0ExDzANBgNVBAMMBkNSTDQwMYY1aHR0cDovL2NybHMucGtp
LnN0YXRlLmdvdi9jcmxzL0RvU0FEUEtJSEFDQXNoYTI1Ni5jcmyGgctsZGFwOi8v
Y2VydHJlcC5wa2kuc3RhdGUuZ292L2NuPVUuUy4lMjBEZXBhcnRtZW50JTIwb2Yl
MjBTdGF0ZSUyMEFEJTIwSGlnaCUyMEFzc3VyYW5jZSUyMENBLGNuPUFJQSxjbj1Q
dWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxjbj1TZXJ2aWNlcyxjbj1Db25maWd1cmF0
aW9uLGRjPXN0YXRlLGRjPXNidT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2Jp
bmFyeTArBgNVHRAEJDAigA8yMDE3MTIxMjE1MDYyMlqBDzIwMjAxMjEyMTUzNjIy
WjAfBgNVHSMEGDAWgBQvSuqwpVQ/B5JNSZs+fQha0kO5SzAdBgNVHQ4EFgQUd7I0
qNpGbfwSGxTBTyyofPkzA6kwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRW
OC4xAwIDqDANBgkqhkiG9w0BAQsFAAOCAQEAu6KHTrKuR2h7SF1GjaCrU70GkrZP
wJpP+bwRm26kOYUf9ZH56DJkqSs/OFWRoPl9hl0+VIZH58DUkCS0WnbeJMap5R9D
Z0QqR56HEK6LDFIUkwj4/vUJdR/VkLL88DN2px11XK2ZYCcFPMT1/hB4HFBZWF1K
qzraBs1GkLuae3sESfFvoHQEUsjznkN2AweCvekCV58nsR5ftwT9XdryxZyfEqtc
8SIUcRIztOc0f9BBEJxfmE5NxLnrUj4QNb68gYClxw/LutosXtSmhU0WLpHY/iAT
FQY/QEb0pIBPiPPGYD80ud1gGalt5WX6vXnpzyuFE2QXR+p4z+lR61woTw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNijM3YXLqyWHujVLteV
jt+SHEQkscxpe4vAPD6JvhaEvVK+aY7E7dffDkjMCA4mzPZCFtajd/v80j/VVyCt
bUcQow3h4sbeONAjEU3mCUXj/EqQPpohkhDNd7Kwu6vQkSjb9OFCGGAGyYE9etqA
QbQuelz3Np5uKCiLrlN6TUMWxUnOzJEyQ7ZbbcCY4uauu+U68cc8kAkKrzhw76K5
NxGqOcj3Dl3fFaCqFwe+WVY9FwqD5i1WVzF97Z/ioCOesgcGrd9JaaXUTFtuPfVU
Sy1lIj/dszg+MEKw7lKeAQrjX2cRolzqdMoz0WCk8co+zHbSlZGebab0w298CT4a
qwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1370945304
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'sbu'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'state'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Configuration'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Services'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Public Key Services'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'AIA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'U.S. Department of State AD High Assurance CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-12-12 15:06:22 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-12-12 15:36:22 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'sbu'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'state'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'appservices'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Enterprise Services'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'PKI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Web Servers'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'starscream.sierra.state.gov'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21314863169045485688825293253779613805240454865015588419183928023015544924935005578270829564862406960997914168445507598322851990228622338659231355575537427396321942126722297524140369270496424257976637180347922401754428293484664871614977602948952852176827203032011902788093171977123448954217192170935726961062486293028915471657004129723380131443761522487668521024300976305913884683358068019014811209154910825333374977823511039978241936774252803743430103873451483963896412441232767961461524150866282440670048585288667036837184915888880749351779329432410673822483571348504058099072669033066893095500209357191981821729451
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (16 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.101.3.2.1.6.37
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (556 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crls.pki.state.gov/AIA/CertsIssuedToDoSADHACA.p7c'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://certrep.pki.state.gov/cn=U.S.%20Department%20of%20State%20AD%20High%20Assurance%20CA,cn=AIA,cn=Public%20Key%20Services,cn=Services,cn=Configuration,dc=state,dc=sbu?cACertificate;binary'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://certrep.pki.state.gov/cn=U.S.%20Department%20of%20State%20AD%20High%20Assurance%20CA,cn=AIA,cn=Public%20Key%20Services,cn=Services,cn=Configuration,dc=state,dc=sbu?crossCertificatePair;binary'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.pki.state.gov/OCSP/DoSOCSPResponder'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (89 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'starscream.sierra.state.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sessmsmdmas1u.ses.state.sbu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sessmsmdmas2u.ses.state.sbu'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (487 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:4|true] Name 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'sbu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'state'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Configuration'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Services'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Public Key Services'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'AIA'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'U.S. Department of State AD High Assurance CA'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'CRL401'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crls.pki.state.gov/crls/DoSADPKIHACAsha256.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://certrep.pki.state.gov/cn=U.S.%20Department%20of%20State%20AD%20High%20Assurance%20CA,cn=AIA,cn=Public%20Key%20Services,cn=Services,cn=Configuration,dc=state,dc=sbu?certificateRevocationList;binary'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.16 (privateKeyUsagePeriod)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 32303137313231323135303632325a
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:1|false] IA5String '20201212153622Z'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 2f4aeab0a5543f07924d499b3e7d085ad243b94b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							77b234a8da466dfc121b14c14f2ca87cf93303a9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113533.7.65.0 (entrustVersInfo)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:27|false] GeneralString 'V8.1'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (5 bits)
								03a8
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00bba2874eb2ae47687b485d468da0ab53bd0692b64fc09a4ff9bc119b6ea439851ff591f9e83264a92b3f385591a0f97d865d3e548647e7c0d49024b45a76de24c6a9e51f4367442a479e8710ae8b0c52149308f8fef509751fd590b2fcf03376a71d755cad996027053cc4f5fe10781c5059585d4aab3ada06cd4690bb9a7b7b0449f16fa0740452c8f39e4376030782bde902579f27b11e5fb704fd5ddaf2c59c9f12ab5cf12214711233b4e7347fd041109c5f984e4dc4b9eb523e1035bebc8180a5c70fcbbada2c5ed4a6854d162e91d8fe201315063f4046f4a4804f88f3c6603f34b9dd6019a96de565fabd79e9cf2b8513641747ea78cfe951eb5c284f