globalassethub.sonypictures.com

- Sony Pictures Entertainment, Inc. -

Issued by GeoTrust RSA CA 2018

About this certificate

This digital certificate with serial number 02:b2:3f:d6:c8:ee:31:60:e7:b6:71:f1:95:54:75:25 was issued on by DigiCert Inc.

With 7 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Sony Pictures Entertainment, Inc.

Organization: Sony Pictures Entertainment, Inc.
State / Province: California
Locality: Culver City
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 02:b2:3f:d6:c8:ee:31:60:e7:b6:71:f1:95:54:75:25
Serial Number (int): 3583979641205798664370041290596054309
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: bf:1d:79:c8:84:78:6e:29:e5:22:0f:42:ac:71:51:a0:34:fc:cc:82
AuthorityKeyId: 90:58:ff:b0:9c:75:a8:51:54:77:b1:ed:f2:a3:43:16:38:9e:6c:c5

Fingerprint (sha1): 04:ad:92:2b:6f:72:6d:f9:12:2d:ce:51:10:15:56:8e:3a:7e:02:08
Fingerprint (sha256): 04:2c:86:23:9e:35:07:53:7c:44:53:72:fa:10:de:bd:60:11:cf:6e:38:11:25:79:58:6e:a4:b2:17:50:cf:e4

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustRSACA2018.crl

Check the revocation status for certificate globalassethub.sonypictures.com

7

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for globalassethub.sonypictures.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

globalassethub.sonypictures.com
www.sonypicturespublicity.co.nz
www.sonypicturespresse.fr
www.sonypicturespublicity.com
sonypicturespublicity.com
www.sonypicturespublicity.com.au
www.sonypicturespublicity.net

Other certificates including the domain name sonypictures.com

(limited to 100 certificates)
conectados.sonypictures.com
*.sonypictures.com
redeem.sonypictures.com
origin-flash.sonypictures.com
edge-micros1.sonypictures.com
secure.sonypictures.com
origin-flash.sonypictures.com
edge-micros2.sonypictures.com
brand.sonypictures.com
flash.sonypictures.com
microsites.sonypictures.com
extaz-qa.spe.sony.com
edge-micros2.sonypictures.com
edge-micros2.sonypictures.com
sites.sonypictures.com
sites.sonypictures.com
secure.sonypictures.com
globalassethub.sonypictures.com
www.stage6films.com
api.stg-stage-productionservices.sonypictures.com
pub.email.sonypictures.com
connect.sonypictures.com
sites.sonypictures.com
edge-micros1.sonypictures.com
edge-micros1.sonypictures.com
edge-micros1.sonypictures.com
globalassethub.sonypictures.com
stage-microsites.sonypictures.com
portals.sonypictures.com
microsites.sonypictures.com
image.20210419.200345.s6.et.yellsatcloud.com
globalassethub.sonypictures.com
portals.sonypictures.com
portals.sonypictures.com
conectados.sonypictures.com
edge-micros1.sonypictures.com
flash.sonypictures.com
sites.sonypictures.com
edge-portals.sonypictures.com
edge-micros1.sonypictures.com
globalassethub.sonypictures.com
edge-micros2.sonypictures.com
flash.sonypictures.com
pub.email.sonypictures.com
griffin.sonypictures.com
view.email.sonypictures.com
edge-micros1.sonypictures.com
edge-micros1.sonypictures.com
flash.sonypictures.com
microsites.sonypictures.com
sites.sonypictures.com
audiolibrary.sonypictures.com
edge-portals.sonypictures.com
stage-microsites.sonypictures.com
stage-microsites.sonypictures.com
akamai-san77.exacttarget.com
stage-microsites.sonypictures.com
www.sonypictures.co.uk
edge-portals.sonypictures.com
stage-microsites.sonypictures.com
stage-microsites.sonypictures.com
viewer.sonypictures.com
secure.sonypictures.com
edge-portals.sonypictures.com
sites2.sonypictures.com
edge-micros2.sonypictures.com
test.rewards.sonypictures.com
www.stage6films.com
test.rewards.sonypictures.com
microsites.sonypictures.com
stage-microsites.sonypictures.com
edge-micros1.sonypictures.com
gam.sonypictures.com
microsites.sonypictures.com
flash.sonypictures.com
view.email.games.sonypictures.com
rewards.sonypictures.com
test.redeem.sonypictures.com
edge-micros1.sonypictures.com
brand.sonypictures.com
gam.sonypictures.com
stage-microsites.sonypictures.com
perc.sonypictures.com
sony-prod.actioniq.mr-in.com
click.email.sonypictures.com
stage-edge-portals.sonypictures.com
stage-microsites.sonypictures.com
tweets.sonypictures.com
flash.sonypictures.com
rewards.sonypictures.com
pages.email.games.sonypictures.com
view.email.sonypictures.com
rewards.sonypictures.com
redeem.sonypictures.com
microsites.sonypictures.com
redeem.sonypictures.com
stage-microsites.sonypictures.com
microsites.sonypictures.com
microsites.sonypictures.com
origin-flash.sonypictures.com

Certificate

The complete raw certificate details for globalassethub.sonypictures.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF7DCCBNSgAwIBAgIQArI/1sjuMWDntnHxlVR1JTANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe
Fw0yMzEwMzEwMDAwMDBaFw0yNDAyMTcyMzU5NTlaMIGOMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLQ3VsdmVyIENpdHkxKjAoBgNV
BAoTIVNvbnkgUGljdHVyZXMgRW50ZXJ0YWlubWVudCwgSW5jLjEoMCYGA1UEAxMf
Z2xvYmFsYXNzZXRodWIuc29ueXBpY3R1cmVzLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBANI62bYdF14Dk3hRFmXhAb88BP5WW+Y43vp2ChnBUZep
gNgHogfGns3xD7StCkLNyLOy2t0lqS/yG1gVAmxWfjDQxzWosjP+KEFumRRr8DOJ
IoJ7saA+vxjxaQXc/T4zjFEmyg6hgn4EQ5+sjRCoSIEijpX33qUgPNnH/1yYL66t
lvz+0sjGbw5M0HPROpuGhnSKNF5+eZj2o85NUkZhIJGLFyJbYfP7351uqSBGCMVj
A7UgXt9pWuGHeUpuNfH2jr9KuZot0TOBxjsNhU1QXZrftTYvtp9VeOmuQXHtw77k
o0I3lcI8Fli0Kg0VQnCg2++hkoP/pjew+5OznzycrMkCAwEAAaOCAnMwggJvMB8G
A1UdIwQYMBaAFJBY/7CcdahRVHex7fKjQxY4nmzFMB0GA1UdDgQWBBS/HXnIhHhu
KeUiD0KscVGgNPzMgjCB4wYDVR0RBIHbMIHYgh9nbG9iYWxhc3NldGh1Yi5zb255
cGljdHVyZXMuY29tgh93d3cuc29ueXBpY3R1cmVzcHVibGljaXR5LmNvLm56ghl3
d3cuc29ueXBpY3R1cmVzcHJlc3NlLmZygh13d3cuc29ueXBpY3R1cmVzcHVibGlj
aXR5LmNvbYIZc29ueXBpY3R1cmVzcHVibGljaXR5LmNvbYIgd3d3LnNvbnlwaWN0
dXJlc3B1YmxpY2l0eS5jb20uYXWCHXd3dy5zb255cGljdHVyZXNwdWJsaWNpdHku
bmV0MD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93
d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9jZHAu
Z2VvdHJ1c3QuY29tL0dlb1RydXN0UlNBQ0EyMDE4LmNybDB1BggrBgEFBQcBAQRp
MGcwJgYIKwYBBQUHMAGGGmh0dHA6Ly9zdGF0dXMuZ2VvdHJ1c3QuY29tMD0GCCsG
AQUFBzAChjFodHRwOi8vY2FjZXJ0cy5nZW90cnVzdC5jb20vR2VvVHJ1c3RSU0FD
QTIwMTguY3J0MAwGA1UdEwEB/wQCMAAwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJ
KoZIhvcNAQELBQADggEBAECYfAjuv6Jn97PSssv4LYxfMG3fhjf9G/NzF85RXJMc
GC5pZNJC0bNVWScfkUyLdD+AKgTuAr+fgUaJhnmD1rZvjMMbDH4UZCTHIX1bGKiy
3LFGXzEMvDzKyrElLS/4uqWQJcuQ8zYb9vbZUPiqaDqPkQ+2jwfBdokZqgUxgXiQ
l3RUboyZXkAxgT99B2El7b04TrTt/TI9eJ+32l1sUKE5cE41IAttOVi7jszThXnN
IS8z07ehpaqg2GqBeiq5Idbss7cmLkBcU6f9h40YG2iVOQKaXYyb3Lj47gKWW9xf
OBz0mk/w6bDPf+X3dRwdBMcMdLwxDnPMP/xrS3sowVg=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jrZth0XXgOTeFEWZeEB
vzwE/lZb5jje+nYKGcFRl6mA2AeiB8aezfEPtK0KQs3Is7La3SWpL/IbWBUCbFZ+
MNDHNaiyM/4oQW6ZFGvwM4kignuxoD6/GPFpBdz9PjOMUSbKDqGCfgRDn6yNEKhI
gSKOlffepSA82cf/XJgvrq2W/P7SyMZvDkzQc9E6m4aGdIo0Xn55mPajzk1SRmEg
kYsXIlth8/vfnW6pIEYIxWMDtSBe32la4Yd5Sm418faOv0q5mi3RM4HGOw2FTVBd
mt+1Ni+2n1V46a5Bce3DvuSjQjeVwjwWWLQqDRVCcKDb76GSg/+mN7D7k7OfPJys
yQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 3583979641205798664370041290596054309
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-31 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-17 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Culver City'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sony Pictures Entertainment, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'globalassethub.sonypictures.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26539064274010852859655902244667865846388619248989210519970969863120728120606042154276036289226458633174019365433480134430179254382659021805288074302310809374661484172658323579726472329662055107075332363539984219604465014740528444966359562864614148195075301326176403119328949121289245250158093383899093394529522917585865357292657638451177942913422231849064162760503881885232606186630848985360908433562818091537596179560789929063657171117673451936789301726819516168178006706846484723624835728550051805723114116252808797255376286164658940365577797432843692457689565275845153284400049746295105120467402569290883748637897
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9058ffb09c75a8515477b1edf2a34316389e6cc5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							bf1d79c884786e29e5220f42ac7151a034fccc82
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (219 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'globalassethub.sonypictures.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonypicturespublicity.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonypicturespresse.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonypicturespublicity.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sonypicturespublicity.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonypicturespublicity.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonypicturespublicity.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0040987c08eebfa267f7b3d2b2cbf82d8c5f306ddf8637fd1bf37317ce515c931c182e6964d242d1b35559271f914c8b743f802a04ee02bf9f814689867983d6b66f8cc31b0c7e146424c7217d5b18a8b2dcb1465f310cbc3ccacab1252d2ff8baa59025cb90f3361bf6f6d950f8aa683a8f910fb68f07c1768919aa05318178909774546e8c995e4031813f7d076125edbd384eb4edfd323d789fb7da5d6c50a139704e35200b6d3958bb8eccd38579cd212f33d3b7a1a5aaa0d86a817a2ab921d6ecb3b7262e405c53a7fd878d181b689539029a5d8c9bdcb8f8ee02965bdc5f381cf49a4ff0e9b0cf7fe5f7751c1d04c70c74bc310e73cc3ffc6b4b7b28c158