ob-preprod.business.hsbc.co.uk

- HSBC Group Management Services Limited -

Issued by DigiCert Global G2 TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 06:d5:92:3f:a3:84:34:0d:ee:7a:41:2e:c2:3e:7d:09 was issued on by DigiCert Inc.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

HSBC Group Management Services Limited

Organization: HSBC Group Management Services Limited
Locality: London
Country: GB

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 06:d5:92:3f:a3:84:34:0d:ee:7a:41:2e:c2:3e:7d:09
Serial Number (int): 9084293479359665693952281202007112969
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 72:fc:9b:d3:e8:cd:0b:65:77:2d:68:0f:7f:cb:df:1a:f8:f7:a2:1e
AuthorityKeyId: 74:85:80:c0:66:c7:df:37:de:cf:bd:29:37:aa:03:1d:be:ed:cd:17

Fingerprint (sha1): d9:be:00:5d:92:35:13:a5:ae:d2:4f:eb:c8:e4:2d:69:bf:ba:7e:3d
Fingerprint (sha256): 04:5f:cf:24:b4:95:d4:47:71:d9:4e:89:2c:ea:50:50:17:4b:9d:ac:c2:f6:a1:2e:fd:8c:97:27:c9:c0:7c:6f

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl

Check the revocation status for certificate ob-preprod.business.hsbc.co.uk

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ob-preprod.business.hsbc.co.uk

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ob-preprod.business.hsbc.co.uk

Other certificates including the domain name hsbc.co.uk

(limited to 100 certificates)
servicing.hsbc.co.uk
sy-evrgrn-uae.lp.hsbc.co.uk
www.cmbinsightservice.business.hsbc.co.uk
wdc-evrgrn-uae.lp.hsbc.co.uk
creditcard-msb-devstubbed.hsbc.co.uk
www.security.hsbc.co.uk
www.hsbc.co.uk
www.sg-gws.hsbc.co.uk
wdc-dtest-ukpib.gsslp.hsbc.co.uk
view.mail01.hsbc.co.uk
futurefocus.staff.hsbc.co.uk
anycremoteaccess.hsbc.co.uk
www.business.hsbc.co.uk
wdc-dtest-ukpib.lp.hsbc.co.uk
dco-loans-uat.lp.hsbc.co.uk
sy-fdib.gsslp.hsbc.co.uk
wdc-evrgrn-ms.lp.hsbc.co.uk
saas.hsbc.co.uk
portal.intermediaries.hsbc.co.uk
GBV00990.gsslp.hsbc.co.uk
www.m.services.online-banking.hsbc.co.uk
online-banking.business.hsbc.co.uk
online.email.hsbc.co.uk
maint-wdc.servicing.hsbc.co.uk
oam.hsbc.co.uk
www.business.hsbc.co.uk
wdc-evrgrn-ukpib.lp.hsbc.co.uk
live.hsbc.co.uk
wdc-dtest-evrgrn-ms.lp.hsbc.co.uk
www.security.hsbc.co.uk
online-banking-test.business.hsbc.co.uk
sygdc.exconnect.hsbc.co.uk
api-sy.hsbc.co.uk
wdc-ukpib-gplfx.lp.hsbc.co.uk
sy-hssidi.lp.hsbc.co.uk
www.assetmanagement.hsbc.com
wdc-ukiif-filedownloadservice.gsslp.hsbc.co.uk
www.wdc.maint.appointmentbooking.hsbc.co.uk
sy-rbp2-ohd.gsslp.hsbc.co.uk
dtest-ukpib.lp.hsbc.co.uk
contactcentre.hsbc.co.uk
sylp.security.hsbc.co.uk
sygdc-hsbcadvance.gsslp.hsbc.co.uk
dco-loans-uat.lp.hsbc.co.uk
lp.online-banking.business.hsbc.co.uk
www.uk-gws.hsbc.co.uk
www.security.hsbc.co.uk
wdc-dtest-evrgrn-ukbib.lp.hsbc.co.uk
sy-prb.gsslp.hsbc.co.uk
creditindication.business.hsbc.co.uk
advancemembers.hsbc.co.uk
services-platform-b1-uat.business.hsbc.co.uk
pdfservice.hsbc.co.uk
www.hsbc.co.uk
sy.lp.appointmentbooking.online-banking.hsbc.co.uk
dco-ao-uat.lp.hsbc.co.uk
UK.Cheque.Client.Prod.2.IPSL.hsbc.co.uk
fatca-hk-link.hsbc.co.uk
www.services.online-banking.hsbc.co.uk
tx.fguk.hsbc.com
www.biciban.hsbc.co.uk
gbv00999.gsslp.hsbc.co.uk
link.hsbc.co.uk
nw-uaeao.gsslp.hsbc.co.uk
www.premier-golf-network.hsbc.co.uk
GBWDC300VG032.mra-emea-uat.hsbc.com
www.uniphitest.hsbc.co.uk
wdc.maint.pbgb.hsbc.co.uk
wdc-evrgrn-ms.lp.hsbc.co.uk
dip-cert.online-mortgages.hsbc.co.uk
wdclp.m.services.online-banking.hsbc.co.uk
globalinvestments.hsbc.co.uk
insurance-online-iipliveproving.hsbc.co.uk
wdc-pk.gsslp.hsbc.co.uk
hsss-lp.hsbc.co.uk
www2.trading.investdirect.hsbc.co.uk
api-sy.hsbc.co.uk
www.assetmanagement.hsbc.com
staffremoteaccess2.hsbc.co.uk
www.makeaclaim.hsbc.co.uk
www.maint-file-online-banking.hsbc.co.uk
ob-preprod.business.hsbc.co.uk
www.ukdabao-fileservice.hsbc.co.uk
san-12-s10.tlsprovisioning.exacttarget.com
nwndc-hsbcadvance.gsslp.hsbc.co.uk
wdc-pdf.gsslp.hsbc.co.uk
intermediaryupdate.hsbc.co.uk
sy-mortgageswitcher.lp.hsbc.co.uk
link.hsbc.co.uk
wdc-stp.gsslp.hsbc.co.uk
dsp.hsbc.co.uk
ukpib-fileservice.hsbc.co.uk
www.personalisedloanquote.hsbc.co.uk
ukpib-fileservice.hsbc.co.uk
fatca-palestine-link.hsbc.co.uk
sylp.m.services.online-banking.hsbc.co.uk
fatca-bangladesh-link.hsbc.co.uk
www.investments.hsbc.co.uk
uat.market.privatebanking.hsbc.co.uk
www.tmo.hsbc.co.uk

Certificate

The complete raw certificate details for ob-preprod.business.hsbc.co.uk in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG+DCCBeCgAwIBAgIQBtWSP6OENA3uekEuwj59CTANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQw
MjE0MDAwMDAwWhcNMjUwMjEzMjM1OTU5WjB4MQswCQYDVQQGEwJHQjEPMA0GA1UE
BxMGTG9uZG9uMS8wLQYDVQQKEyZIU0JDIEdyb3VwIE1hbmFnZW1lbnQgU2Vydmlj
ZXMgTGltaXRlZDEnMCUGA1UEAxMeb2ItcHJlcHJvZC5idXNpbmVzcy5oc2JjLmNv
LnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8Pc1EKLy4YlhIUw
e3doYR42i7i36rF2nFYrdgrjH9aJl7kLtkjEA6pD/uNDPCnAbvRsbm97bKvIUutL
XUDD1MsghRa6nQExu3cZqWcpj/F2Z7CzEDEbtGEK+UhOtQ31W7Lld0wh0xgRPIr9
tkanb6Wqy7n9okey8V7Fv1XXPUwebNdSkVbkxsQNCVrx7UeEt9Yr81zXKEvvV+cG
8ALbF9K1Mfmb/dKxjzFSgOw04JP7bz3UOWxaI0qpRaGZWKNu79LN/hfQstB/5Um+
qO7ba7/t8Yxlz/7l51oxCdFksJKb7JHncuV11MN8VAqE3FuwqATxyNRnsghblnFk
eowDuQIDAQABo4IDmzCCA5cwHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7t
zRcwHQYDVR0OBBYEFHL8m9PozQtldy1oD3/L3xr496IeMCkGA1UdEQQiMCCCHm9i
LXByZXByb2QuYnVzaW5lc3MuaHNiYy5jby51azA+BgNVHSAENzA1MDMGBmeBDAEC
AjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBnwYD
VR0fBIGXMIGUMEigRqBEhkJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNl
cnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcmwwSKBGoESGQmh0dHA6
Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2
MjAyMENBMS0xLmNybDCBhwYIKwYBBQUHAQEEezB5MCQGCCsGAQUFBzABhhhodHRw
Oi8vb2NzcC5kaWdpY2VydC5jb20wUQYIKwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRz
LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENB
MS0xLmNydDAMBgNVHRMBAf8EAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA
dgDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAY2nB95kAAAEAwBH
MEUCIBVVRIat/0ePHJ0pDa/doHx2qZMz2MIIQjFrreAacO6GAiEAwPlDczfLZokq
g2fUXWjD12+XOJ4g8heDAIkeE5Lj01AAdwB9WR4S4XgqexxhZ3xe/fjQh1wUoE6V
nrkDL9kOjC55uAAAAY2nB94jAAAEAwBIMEYCIQDUL9getc6x8zx7oAHJnTlHLC0g
G/ri8uL/2TJz+oZbwQIhAK8zy6Iskt0q5IDE/6w0ooQwJtanHGi5GmqWLok70MbD
AHYA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGNpwfeUwAABAMA
RzBFAiAUI4e0J895eyFRieu1lAljui3X2F562lKNJO2g+hwGZgIhAITxZFx3QpOP
e5q/lAIrDxbClNqsyhRmrG0k26QDmhbDMA0GCSqGSIb3DQEBCwUAA4IBAQBrgvgU
9OiBBLUqqDtuFp7jwp+ECQvPZjxxRpaaCAFmzfOy5tm7sc3dw7HGZ4mr51gtnG/K
KnJtSoSB5x+5lqFwAUrLW6fVM7bsnQibMgBOROfk2BQzVxcEgIzdvZJNnCImlJDZ
D0ZNV4nmOHimMtss5pxoFYtpx95oLbzQLbb4kNk47QobjqSPeK90jb/nYyRaZdK2
nsE0oyR02vMNJ+jskvfBdMrRJaXkn0vLxowvC5qrxb8MT7AplXJyOjLdR/Q72INq
IfU0BYytfroFmNxvMQ1hHik2zovGkfJ/4NytjGeUZFPcg+WTc/UPRYVf2Gq2THgJ
iJ31vPENEhosphE2
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8Pc1EKLy4YlhIUwe3do
YR42i7i36rF2nFYrdgrjH9aJl7kLtkjEA6pD/uNDPCnAbvRsbm97bKvIUutLXUDD
1MsghRa6nQExu3cZqWcpj/F2Z7CzEDEbtGEK+UhOtQ31W7Lld0wh0xgRPIr9tkan
b6Wqy7n9okey8V7Fv1XXPUwebNdSkVbkxsQNCVrx7UeEt9Yr81zXKEvvV+cG8ALb
F9K1Mfmb/dKxjzFSgOw04JP7bz3UOWxaI0qpRaGZWKNu79LN/hfQstB/5Um+qO7b
a7/t8Yxlz/7l51oxCdFksJKb7JHncuV11MN8VAqE3FuwqATxyNRnsghblnFkeowD
uQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 9084293479359665693952281202007112969
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global G2 TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-14 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-13 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'London'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'HSBC Group Management Services Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ob-preprod.business.hsbc.co.uk'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21683333603790116715774573845934494274471933856710255348807896277239055169425956677497461596302890653356659877658381218212743178138913766060449826714792512850009801036963391169384751043844078889323557357465087730597070479017795957451172162278781890944379242700607418646873665450388255849919061621414293230343798710272477235229452381522275599041939938206751214440984534088633703542390373117877812113714444356058212605572123481331435641838909010735684749050217870655276984914826630289621185042102577958361348611352291981759704945571971232693557591039151123231368638796621416640094389337962087568919091967167292462859193
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 748580c066c7df37decfbd2937aa031dbeedcd17
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							72fc9bd3e8cd0b65772d680f7fcbdf1af8f7a21e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ob-preprod.business.hsbc.co.uk'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007600cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018da707de640000040300473045022015554486adff478f1c9d290dafdda07c76a99333d8c20842316bade01a70ee86022100c0f9437337cb66892a8367d45d68c3d76f97389e20f2178300891e1392e3d3500077007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018da707de230000040300483046022100d42fd81eb5ceb1f33c7ba001c99d39472c2d201bfae2f2e2ffd93273fa865bc1022100af33cba22c92dd2ae480c4ffac34a2843026d6a71c68b91a6a962e893bd0c6c3007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018da707de5300000403004730450220142387b427cf797b215189ebb5940963ba2dd7d85e7ada528d24eda0fa1c066602210084f1645c7742938f7b9abf94022b0f16c294daacca1466ac6d24dba4039a16c3
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		006b82f814f4e88104b52aa83b6e169ee3c29f84090bcf663c7146969a080166cdf3b2e6d9bbb1cdddc3b1c66789abe7582d9c6fca2a726d4a8481e71fb996a170014acb5ba7d533b6ec9d089b32004e44e7e4d81433571704808cddbd924d9c22269490d90f464d5789e63878a632db2ce69c68158b69c7de682dbcd02db6f890d938ed0a1b8ea48f78af748dbfe763245a65d2b69ec134a32474daf30d27e8ec92f7c174cad125a5e49f4bcbc68c2f0b9aabc5bf0c4fb0299572723a32dd47f43bd8836a21f534058cad7eba0598dc6f310d611e2936ce8bc691f27fe0dcad8c67946453dc83e59373f50f45855fd86ab64c7809889df5bcf10d121a2ca61136