cmssi-factory02.fnal.gov
- Fermi Research Alliance -
Issued by InCommon RSA IGTF Server CA 3
About this certificate
This digital certificate with serial number 10:49:fe:ab:f4:2f:dc:a7:a9:79:4b:6e:66:15:1e:d4 was issued on by Internet2.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Fermi Research Alliance
Organization:
Fermi Research Alliance
State / Province:
Illinois
Country: US
Country: US
Internet2
Organization:
Internet2
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 10:49:fe:ab:f4:2f:dc:a7:a9:79:4b:6e:66:15:1e:d4Serial Number (int): 21651850958859017770207501067983593172
Serial Number lenght: 125 bits, 16 octets
SubjectKeyId: 5c:35:a2:9a:bf:27:42:1e:80:3e:9a:77:28:f4:4e:ab:49:94:30:b3
AuthorityKeyId: 16:36:a5:e3:31:7b:bf:67:f6:b2:b7:e7:ea:54:ef:57:30:be:c7:e5
Fingerprint (sha1): 30:21:99:a6:99:07:ea:6e:78:f2:b4:f9:eb:c5:1f:2a:91:2e:c2:16
Fingerprint (sha256): 04:64:db:ed:1b:a7:2d:56:ed:86:e9:d3:3e:da:54:c0:8b:99:8e:c2:54:10:fd:8f:d3:7e:94:fc:ea:95:ed:72
Issuing Certificate URL: http://crt.sectigo.com/InCommonRSAIGTFServerCA3.crt
Revocation information
OCSP Server: http://ocsp.sectigo.comCRL Distribution Point: http://crl.sectigo.com/InCommonRSAIGTFServerCA3.crl
Check the revocation status for certificate cmssi-factory02.fnal.gov
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for cmssi-factory02.fnal.gov
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA384 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
cmssi-factory02.fnal.gov
Other certificates including the domain name fnal.gov
(limited to 100 certificates)
uboonepro-uboonegpvm01.fnal.gov
gpce03.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
stkendca71a.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
lpcschedd3.fnal.gov
samwebgpvm03.fnal.gov
ftdc2.fermitest.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
pubstor2231.fnal.gov
*.fnal.gov
nsexpe2.fnal.gov
cmsstor341.fnal.gov
*.fnal.gov
uhosts.fnal.gov
www-bss.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmssi-factory02.fnal.gov
*.fnal.gov
uhosts.fnal.gov
fermi-rsa-2.fnal.gov
*.fnal.gov
cmseos-tf1103.fnal.gov
rcds01.fnal.gov
*.fnal.gov
*.fnal.gov
ssiadmin3.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos511.fnal.gov
uhosts.fnal.gov
fcdfcache122.fnal.gov
*.fnal.gov
*.fnal.gov
cmssrv628.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
cmseos1144.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
icaruspro-icarusgpvm01.fnal.gov
cmsstor907.fnal.gov
*.fnal.gov
*.fnal.gov
fifeutilgpvm01.fnal.gov
fermicloud527.fnal.gov
*.fnal.gov
*.fnal.gov
fndcaitb1.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos-if1102.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
fermicloud363.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos517.fnal.gov
rcodegpvm02.fnal.gov
cmseos56.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb03.fnal.gov
*.fnal.gov
accelaipro-accelaigpvm01.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb04.fnal.gov
cmseos34.fnal.gov
fndca5b.fnal.gov
*.fnal.gov
gpce03.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
stkendca71a.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
lpcschedd3.fnal.gov
samwebgpvm03.fnal.gov
ftdc2.fermitest.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
pubstor2231.fnal.gov
*.fnal.gov
nsexpe2.fnal.gov
cmsstor341.fnal.gov
*.fnal.gov
uhosts.fnal.gov
www-bss.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmssi-factory02.fnal.gov
*.fnal.gov
uhosts.fnal.gov
fermi-rsa-2.fnal.gov
*.fnal.gov
cmseos-tf1103.fnal.gov
rcds01.fnal.gov
*.fnal.gov
*.fnal.gov
ssiadmin3.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos511.fnal.gov
uhosts.fnal.gov
fcdfcache122.fnal.gov
*.fnal.gov
*.fnal.gov
cmssrv628.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
cmseos1144.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
icaruspro-icarusgpvm01.fnal.gov
cmsstor907.fnal.gov
*.fnal.gov
*.fnal.gov
fifeutilgpvm01.fnal.gov
fermicloud527.fnal.gov
*.fnal.gov
*.fnal.gov
fndcaitb1.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos-if1102.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
fermicloud363.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos517.fnal.gov
rcodegpvm02.fnal.gov
cmseos56.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb03.fnal.gov
*.fnal.gov
accelaipro-accelaigpvm01.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb04.fnal.gov
cmseos34.fnal.gov
fndca5b.fnal.gov
*.fnal.gov
Certificate
The complete raw certificate details for cmssi-factory02.fnal.gov in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIIKDCCBpCgAwIBAgIQEEn+q/Qv3KepeUtuZhUe1DANBgkqhkiG9w0BAQwFADBJ MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMSYwJAYDVQQDEx1JbkNv bW1vbiBSU0EgSUdURiBTZXJ2ZXIgQ0EgMzAeFw0yMzEyMDQwMDAwMDBaFw0yNTAx MDIyMzU5NTlaMIGUMRMwEQYKCZImiZPyLGQBGRYDb3JnMRgwFgYKCZImiZPyLGQB GRYIaW5jb21tb24xCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEgMB4G A1UEChMXRmVybWkgUmVzZWFyY2ggQWxsaWFuY2UxITAfBgNVBAMTGGNtc3NpLWZh Y3RvcnkwMi5mbmFsLmdvdjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AObaMuTtmW0yFznT7RKS9UaCLLWS1OzB1thFO2iwslD0iGemNXV3zfJpuyWCqZE7 1/4QNvMn+sSSSH0iezqfNsFJKZEB1yCSBFLb4MKcFZTPX32tnh4eEhoU+xrn4ZdA K6BZw43q2TCsVhDavqOWZNkrV1yssdzvXh4LrJOdOFsfr4ENdl6GYF0fQZh7ChfQ x4mqacdB6xsS34zclz464e03qB7Wo3xFSYvyrSEUGZixmKA9DIuq2GIb40M75ZQi p09V0z27XAp7fPQLC4OhKDa09ZhBjvSUETVDSMYqRgHzf+HoQWxVt1ahCZELLJrd IN0iCCy7oApWlIuh/J53Ie2HFJ/cYp/uhImMbfOeoTNmpNxJKiuTuwDh83a6Fo5D iAPgwksMtTEBORJP71XEJ379UFKWqQJ7vNJeWZef+HDnrir/ebIYd8tCDvV204Cp 67rjEu5TQRJhZqcz3DPRbKLgW0XcXnj6e1IoaK/lEC4Zj0oM8USnvP2gmmpMu+FC YobZ7B1AEMQ/0WA7rV8xGguFDXV2NBDOpP9XGxDpzwqaNJj/2CmXVP6QkHWhIKAj 1EYt26tAhzDsMafoovfglqFBLNuWKSy9MXvCzH/vGjEJ8r1s1hSj9eIJKSqQc9EW pH6rMwq480RTHLQu7Z0qZ6TxBiMuZ53fqpKAHnAKH+YZAgMBAAGjggM+MIIDOjAf BgNVHSMEGDAWgBQWNqXjMXu/Z/ayt+fqVO9XML7H5TAdBgNVHQ4EFgQUXDWimr8n Qh6APpp3KPROq0mUMLMwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFgGA1UdIARRME8wNQYMKwYBBAGu IwEEAwQCMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAwG CiqGSIb3TAUCAgEwCAYGZ4EMAQICMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9j cmwuc2VjdGlnby5jb20vSW5Db21tb25SU0FJR1RGU2VydmVyQ0EzLmNybDB0Bggr BgEFBQcBAQRoMGYwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQuc2VjdGlnby5jb20v SW5Db21tb25SU0FJR1RGU2VydmVyQ0EzLmNydDAjBggrBgEFBQcwAYYXaHR0cDov L29jc3Auc2VjdGlnby5jb20wggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AM8R Vu7VLnyv84db2Wkum+kacWdKsBfsrAHSW3fOzDsIAAABjDWA+TUAAAQDAEcwRQIg I7P8iIe6dErg3YhqMnLOaGNr3PEyjrPwv9bx/MDgcnUCIQDbaTj9GLTH8xyWzj7F IQPzCi3m4Y3pbvIATR7SDH1xgwB2AKLjCuRF772tm3447Udnd1PXgluElNcrXhss xLlQpEfnAAABjDWA+hYAAAQDAEcwRQIhAJdKsfHJDM0CCg9BrgdhfYHEXFw9HYW5 Zh6VEeBGjmqqAiALKguVHKUeda1b58nMb7eXIYNwPGyifrEnl1eMC2smwAB2AE51 oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjDWA+WMAAAQDAEcwRQIg attEJnBkKXZsAEYkHgpWdVPt5yV8KT4mhnxxdlxP2EsCIQD7SLqMeAGWxC1051gp 2k8z5gnue+gKM0kH5qTJsCdtLzAjBgNVHREEHDAaghhjbXNzaS1mYWN0b3J5MDIu Zm5hbC5nb3YwDQYJKoZIhvcNAQEMBQADggGBAFnZaZHj6EVWADNucJY9/HXfEbyU dFokdIL272iduLWiExDDRgE4mLRBgDV4IJp5J5y1Dm+cuDBuz6eOrX8O+MlKSwYJ a13ASH7iNYQv5+7CBuQjQbnS3RTLwo/FCEBC4fB5PW9S1j+Ea/kOhfO2npOUVwAC omn80XtCm9bX+GpQGvCeYe1eoQJruHmeySqisT3cwRfAQAd/JKs+Tls/DBoX/cIH 98ic78XFG1+NiyF1FG/iQo/4vgdvpyiWl/avEH9DqmSD3d+7OsUNEJaQpv7GEbs6 ae1cYd4VR/LzYDR0UAOMANiiwOV+qgweA+0A81vlC9zl8rv1JJpJPPO3GJEIsJOW rchs7YVxuhtyuK5leBQ8H4J8wx/hPNxcp4AsEbK2Us1peQ/3z7QFXZWkxKwWWJCj lrZLgA1STFhaT6OIGetxTTc0x7ivVC8m29gS45pkqTZE/iRbtDmnWO+8rcynLEId FhtA/hkpdAN3j8icF9KRZNPCiR6QzKNPzoqf3Q== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5toy5O2ZbTIXOdPtEpL1 RoIstZLU7MHW2EU7aLCyUPSIZ6Y1dXfN8mm7JYKpkTvX/hA28yf6xJJIfSJ7Op82 wUkpkQHXIJIEUtvgwpwVlM9ffa2eHh4SGhT7Gufhl0AroFnDjerZMKxWENq+o5Zk 2StXXKyx3O9eHgusk504Wx+vgQ12XoZgXR9BmHsKF9DHiappx0HrGxLfjNyXPjrh 7TeoHtajfEVJi/KtIRQZmLGYoD0Mi6rYYhvjQzvllCKnT1XTPbtcCnt89AsLg6Eo NrT1mEGO9JQRNUNIxipGAfN/4ehBbFW3VqEJkQssmt0g3SIILLugClaUi6H8nnch 7YcUn9xin+6EiYxt856hM2ak3EkqK5O7AOHzdroWjkOIA+DCSwy1MQE5Ek/vVcQn fv1QUpapAnu80l5Zl5/4cOeuKv95shh3y0IO9XbTgKnruuMS7lNBEmFmpzPcM9Fs ouBbRdxeePp7Uihor+UQLhmPSgzxRKe8/aCaaky74UJihtnsHUAQxD/RYDutXzEa C4UNdXY0EM6k/1cbEOnPCpo0mP/YKZdU/pCQdaEgoCPURi3bq0CHMOwxp+ii9+CW oUEs25YpLL0xe8LMf+8aMQnyvWzWFKP14gkpKpBz0RakfqszCrjzRFMctC7tnSpn pPEGIy5nnd+qkoAecAof5hkCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 21651850958859017770207501067983593172 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA IGTF Server CA 3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-04 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-02 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'org' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'incommon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illinois' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Fermi Research Alliance' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cmssi-factory02.fnal.gov' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 941795375735192039632395782411695468109367750804148292188645891162905830458454549302511121774740228024328322702477231012879182594407401303404175940564793371769514292144672590198869422613554795979563508829383300838556115502871986356640802383884741734792643514635421829038256371394782591462072272253017127294605986973504654832416291898980964429117286529903071714977880610741468753651165633164528473215154626727903391617360442656493520916852106709532274280477629886690781852480052350686278386335008598706706679142510316642146241736645898022412017802581176921162537164509186142841041244137277851710957964758504510882023908695817085103272298068843221679636107907200118728599740283446665570980047322987521727230341427860628182077025977855795021860535954407432038736212263489435675484045201768984144844716920239463719941991431710216452298028513918470661280711938099412578530281702799780479967417389545533599816610109333050841255504901510911890154194947139091801752807175772801700427281938615975340203632119260179272074154434085249985272073400964320289645339086132323594764561785967386972475315764753280512440001819579432583120443906518783137189568921902283952681365470330518970818611376358313131408124161814325956244310251679944039026648601 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1636a5e3317bbf67f6b2b7e7ea54ef5730bec7e5 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 5c35a29abf27421e803e9a7728f44eab499430b3 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (81 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.4.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113612.5.2.2.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/InCommonRSAIGTFServerCA3.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/InCommonRSAIGTFServerCA3.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes) 0168007600cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018c3580f9350000040300473045022023b3fc8887ba744ae0dd886a3272ce68636bdcf1328eb3f0bfd6f1fcc0e07275022100db6938fd18b4c7f31c96ce3ec52103f30a2de6e18de96ef2004d1ed20c7d7183007600a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018c3580fa160000040300473045022100974ab1f1c90ccd020a0f41ae07617d81c45c5c3d1d85b9661e9511e0468e6aaa02200b2a0b951ca51e75ad5be7c9cc6fb7972183703c6ca27eb12797578c0b6b26c00076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018c3580f963000004030047304502206adb4426706429766c0046241e0a567553ede7257c293e26867c71765c4fd84b022100fb48ba8c780196c42d74e75829da4f33e609ee7be80a334907e6a4c9b0276d2f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cmssi-factory02.fnal.gov' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (3072 bits) 0059d96991e3e8455600336e70963dfc75df11bc94745a247482f6ef689db8b5a21310c346013898b441803578209a79279cb50e6f9cb8306ecfa78ead7f0ef8c94a4b06096b5dc0487ee235842fe7eec206e42341b9d2dd14cbc28fc5084042e1f0793d6f52d63f846bf90e85f3b69e9394570002a269fcd17b429bd6d7f86a501af09e61ed5ea1026bb8799ec92aa2b13ddcc117c040077f24ab3e4e5b3f0c1a17fdc207f7c89cefc5c51b5f8d8b2175146fe2428ff8be076fa7289697f6af107f43aa6483dddfbb3ac50d109690a6fec611bb3a69ed5c61de1547f2f360347450038c00d8a2c0e57eaa0c1e03ed00f35be50bdce5f2bbf5249a493cf3b7189108b09396adc86ced8571ba1b72b8ae6578143c1f827cc31fe13cdc5ca7802c11b2b652cd69790ff7cfb4055d95a4c4ac165890a396b64b800d524c585a4fa38819eb714d3734c7b8af542f26dbd812e39a64a93644fe245bb439a758efbcadcca72c421d161b40fe19297403778fc89c17d29164d3c2891e90cca34fce8a9fdd