www.usa.gov

- General Services Administration -

Issued by GeoTrust SSL CA - G3

About this certificate

This digital certificate with serial number 39:1b:7e:ae:34:91:72:32:57:93:33:3c:cc:94:1b:6c was issued on by GeoTrust Inc..

With 32 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

General Services Administration

Organization: General Services Administration
State / Province: District Of Columbia
Locality: Washington
Country: US

GeoTrust Inc.

Organization: GeoTrust Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 39:1b:7e:ae:34:91:72:32:57:93:33:3c:cc:94:1b:6c
Serial Number (int): 75908757160500036726936243935330442092
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: d2:6f:f7:96:f4:85:3f:72:3c:30:7d:23:da:85:78:9b:a3:7c:5a:7c

Fingerprint (sha1): a5:22:9b:fc:8e:d0:ec:2a:00:18:6c:5d:43:22:36:1f:a2:e4:ba:a6
Fingerprint (sha256): 04:60:4a:cd:72:f0:bd:ff:aa:f7:1a:2b:93:1f:dc:e6:c9:87:24:69:b0:50:ab:36:f4:18:1e:9a:22:79:3c:fa

Issuing Certificate URL: http://gn.symcb.com/gn.crt

Revocation information

OCSP Server: http://gn.symcd.com
CRL Distribution Point: http://gn.symcb.com/gn.crl

Check the revocation status for certificate www.usa.gov

32

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.usa.gov

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.ussm.gov
www.privacycouncil.gov
www.performance.gov
www.manufacturing.gov
www.fhfaoig.gov
www.citizenscience.gov
www.christophercolumbusfoundation.gov
uat-www.gsa.gov
www.gsa.gov
marketplace.fedramp.gov
federation-staging.data.gov
federation.data.gov
labs-staging.data.gov
sdg-staging.data.gov
sdg.data.gov
staging.vocab.data.gov
vocab.data.gov
dec.dodea.edu
toy.dodea.edu
atlanta.feb.gov
advisethepresident.archives.gov
www.advisethepresident.archives.gov
api.usa.gov
blog.usa.gov
dev-business.usa.gov
feedback.usa.gov
presidentialtransition.usa.gov
rtv.usa.gov
stage-business.usa.gov
usa.gov
www.feedback.usa.gov
www.usa.gov

Other certificates including the domain name usa.gov

(limited to 100 certificates)
answers.usa.gov
1.usa.gov
kids.usa.gov
www.gobierno.usa.gov
analytics.usa.gov
cms.usa.gov
www.usa.gov
demo2.search.usa.gov
guineapig.staging.search.usa.gov
www.usa.gov
1.usa.gov
i14y.seagull.staging.search.usa.gov
answers.usa.gov
sa66gl.wpc.edgecastcdn.net
answers.usa.gov
kibana.search.usa.gov
i14y.bird.staging.search.usa.gov
answers.usa.gov
search.usa.gov
go.usa.gov
api.usa.gov
i14y.seagull.staging.search.usa.gov
seagull.staging.search.usa.gov
sandpiper.staging.search.usa.gov
promotions.usa.gov
answers.usa.gov
1.usa.gov
1.usa.gov
hogfish.staging.search.usa.gov
usa.gov
vote.usa.gov
labs.usa.gov
answers.usa.gov
www.usa.gov
www.usa.gov
i14y.vanilla.staging.search.usa.gov
i14y.ox.staging.search.usa.gov
dachshund.staging.search.usa.gov
components.standards.usa.gov
bear.staging.search.usa.gov
redir.gsa.ctacdev.com
answers.usa.gov
i14y.bear.staging.search.usa.gov
1.usa.gov
secure0051.hubspot.com
www.usa.gov
*.sites.usa.gov
answers.usa.gov
beta.usa.gov
pusheen.staging.search.usa.gov
warthog.staging.search.usa.gov
components.standards.usa.gov
*.usa.gov
answers.usa.gov
answers.usa.gov
epa-notice.usa.gov
open.usa.gov
answers.usa.gov
sa66gl.wpc.edgecastcdn.net
i14y.usa.gov
open.usa.gov
i14y.dachshund.staging.search.usa.gov
sa10gl.wpc.edgecastcdn.net
lemonade.staging.search.usa.gov
labs.usa.gov
answers.usa.gov
i14y.luke.staging.search.usa.gov
www.my.usa.gov
panda.staging.search.usa.gov
answers.usa.gov
business.usa.gov
cms.usa.gov
goldfinch.staging.search.usa.gov
answers.usa.gov
gobierno.usa.gov
www.usa.gov
open.usa.gov
i14y.chinchilla.staging.search.usa.gov
answers.usa.gov
search.usa.gov
toothpick.staging.search.usa.gov
answers.usa.gov
sa55gl.wpc.edgecastcdn.net
lemonade.staging.search.usa.gov
i14y.hogfish.staging.search.usa.gov
open-staging.usa.gov
redir.gsa.ctacdev.com
i14y.auk.staging.search.usa.gov
i14y.hedgehog.staging.search.usa.gov
vote.usa.gov
www.usa.gov
search.usa.gov
porcupine.staging.search.usa.gov
answers.usa.gov
epa-notice.usa.gov
lets-encrypt.infr.search.usa.gov
toothpick.staging.search.usa.gov
snowflake.staging.search.usa.gov
i14y.dachshund.staging.search.usa.gov
sa159gl.wpc.edgecastcdn.net

Certificate

The complete raw certificate details for www.usa.gov in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHlDCCBnygAwIBAgIQORt+rjSRcjJXkzM8zJQbbDANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTYwODE3MDAwMDAwWhcNMTcxMTE2MjM1
OTU5WjCBgTELMAkGA1UEBhMCVVMxHTAbBgNVBAgMFERpc3RyaWN0IE9mIENvbHVt
YmlhMRMwEQYDVQQHDApXYXNoaW5ndG9uMSgwJgYDVQQKDB9HZW5lcmFsIFNlcnZp
Y2VzIEFkbWluaXN0cmF0aW9uMRQwEgYDVQQDDAt3d3cudXNhLmdvdjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUDWvrJSEkKj8XrIQVGZhs7UtQB7vd4
YDkg/5NspF69xV73vPE3uqRitFBsC4VeHvXpe5p6ooTlp9IL4nNkrjGwN0MVQzmc
GpnvEluLhGRiA9SIuR67h6N4q6xATIWaLeJ9/Db/6naztk4JvkrlhLIz2+VE/lIh
Zi5vkSQ3Y2m6qKrq/QIHsNvMb/9yPpurP81OnPhIpxpORIQFreMXeXv7kKs9oVhA
fH/a2k49U/34BlkqMIGUF/z2RoWxB9ZKfqe9crzPAP7LU3ibqdLowDIzT2eftmmm
581c+wtm0xzbI1dO+Jz0gx1IJZqmmQKCtnoTyNlvdJ2yWUcnw+ckSrsCAwEAAaOC
BEIwggQ+MIICpAYDVR0RBIICmzCCApeCDHd3dy51c3NtLmdvdoIWd3d3LnByaXZh
Y3ljb3VuY2lsLmdvdoITd3d3LnBlcmZvcm1hbmNlLmdvdoIVd3d3Lm1hbnVmYWN0
dXJpbmcuZ292gg93d3cuZmhmYW9pZy5nb3aCFnd3dy5jaXRpemVuc2NpZW5jZS5n
b3aCJXd3dy5jaHJpc3RvcGhlcmNvbHVtYnVzZm91bmRhdGlvbi5nb3aCD3VhdC13
d3cuZ3NhLmdvdoILd3d3LmdzYS5nb3aCF21hcmtldHBsYWNlLmZlZHJhbXAuZ292
ghtmZWRlcmF0aW9uLXN0YWdpbmcuZGF0YS5nb3aCE2ZlZGVyYXRpb24uZGF0YS5n
b3aCFWxhYnMtc3RhZ2luZy5kYXRhLmdvdoIUc2RnLXN0YWdpbmcuZGF0YS5nb3aC
DHNkZy5kYXRhLmdvdoIWc3RhZ2luZy52b2NhYi5kYXRhLmdvdoIOdm9jYWIuZGF0
YS5nb3aCDWRlYy5kb2RlYS5lZHWCDXRveS5kb2RlYS5lZHWCD2F0bGFudGEuZmVi
LmdvdoIfYWR2aXNldGhlcHJlc2lkZW50LmFyY2hpdmVzLmdvdoIjd3d3LmFkdmlz
ZXRoZXByZXNpZGVudC5hcmNoaXZlcy5nb3aCC2FwaS51c2EuZ292ggxibG9nLnVz
YS5nb3aCFGRldi1idXNpbmVzcy51c2EuZ292ghBmZWVkYmFjay51c2EuZ292gh5w
cmVzaWRlbnRpYWx0cmFuc2l0aW9uLnVzYS5nb3aCC3J0di51c2EuZ292ghZzdGFn
ZS1idXNpbmVzcy51c2EuZ292ggd1c2EuZ292ghR3d3cuZmVlZGJhY2sudXNhLmdv
doILd3d3LnVzYS5nb3YwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0f
BCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASB
lTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90
cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIw
NQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5
L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAW
gBTSb/eW9IU/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUH
MAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5z
eW1jYi5jb20vZ24uY3J0MBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEB
CwUAA4IBAQDSMIhthGLZocn6u0//WD+KjFffe2B1WUAQOrGunh6M+yvSHhm0gimd
nup+nmtpTHEXVR78juR2mDE1TD/PzrtVLuOKulIeUHISUHcVCKhr0QXBA6mpW36b
RhBeVGsdKP4cUNfGobBi9CRDngj77Bgl85/Aa2zaZ7y6vTawc8hDIR9toHgmfpK9
KuzQY8urlj5evBHXcuFjviGI+ConGTyj3BgOio5O3fZ1f991YK0g33f8CtdFV/QT
/qpo37GFqtmseA8SA23QIjdW+KCMDbNHp+xYwzH5fPEybA2RTjZUvsLxTKddSPkg
UIvhHan/91Cdk7lDX+8DbwLQAVxYs/18
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQNa+slISQqPxeshBUZm
GztS1AHu93hgOSD/k2ykXr3FXve88Te6pGK0UGwLhV4e9el7mnqihOWn0gvic2Su
MbA3QxVDOZwame8SW4uEZGID1Ii5HruHo3irrEBMhZot4n38Nv/qdrO2Tgm+SuWE
sjPb5UT+UiFmLm+RJDdjabqoqur9Agew28xv/3I+m6s/zU6c+EinGk5EhAWt4xd5
e/uQqz2hWEB8f9raTj1T/fgGWSowgZQX/PZGhbEH1kp+p71yvM8A/stTeJup0ujA
MjNPZ5+2aabnzVz7C2bTHNsjV074nPSDHUglmqaZAoK2ehPI2W90nbJZRyfD5yRK
uwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 75908757160500036726936243935330442092
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust SSL CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-08-17 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-11-16 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'District Of Columbia'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Washington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'General Services Administration'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'www.usa.gov'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24870600682393358945599609838296415387046796879200255654849395314730189418194428389537584461490761227117934856436185646612249302939134604735422458200099378108950557490185786458552000012349343520853878478997130420180827279544178963544025196700291740937916623314548861135872180752239624856798967624415691096137648802314339860162102476516031385722933474336181592745694424285049801286833158376020388848814139272932314557095466818079733282355779513476452517997783208871175201913105465350234119525979397179503088897570577217527048928500528186237331889600291639763296733014837896316224638251856188770612723509146371152431803
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (667 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ussm.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.privacycouncil.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.performance.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.manufacturing.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.fhfaoig.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citizenscience.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.christophercolumbusfoundation.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat-www.gsa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.gsa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'marketplace.fedramp.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'federation-staging.data.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'federation.data.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'labs-staging.data.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sdg-staging.data.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sdg.data.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.vocab.data.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vocab.data.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dec.dodea.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'toy.dodea.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'atlanta.feb.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'advisethepresident.archives.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.advisethepresident.archives.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blog.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev-business.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'feedback.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'presidentialtransition.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rtv.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage-business.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.feedback.usa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.usa.gov'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (149 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d26ff796f4853f723c307d23da85789ba37c5a7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00d230886d8462d9a1c9fabb4fff583f8a8c57df7b60755940103ab1ae9e1e8cfb2bd21e19b482299d9eea7e9e6b694c7117551efc8ee4769831354c3fcfcebb552ee38aba521e50721250771508a86bd105c103a9a95b7e9b46105e546b1d28fe1c50d7c6a1b062f424439e08fbec1825f39fc06b6cda67bcbabd36b073c843211f6da078267e92bd2aecd063cbab963e5ebc11d772e163be2188f82a27193ca3dc180e8a8e4eddf6757fdf7560ad20df77fc0ad74557f413feaa68dfb185aad9ac780f12036dd0223756f8a08c0db347a7ec58c331f97cf1326c0d914e3654bec2f14ca75d48f920508be11da9fff7509d93b9435fef036f02d0015c58b3fd7c