ncio.nato.int

- NATO -

Issued by GlobalSign RSA OV SSL CA 2018

About this certificate

This digital certificate with serial number 64:bf:f3:4d:63:b7:28:5f:0d:ee:09:18 was issued on by GlobalSign nv-sa.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

NATO

Organization: NATO
State / Province: Brussels
Locality: Brussels
Country: BE

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate will expire on

Certificate Details

Serial Number (hex): 64:bf:f3:4d:63:b7:28:5f:0d:ee:09:18
Serial Number (int): 31180554776320788163483011352
Serial Number lenght: 95 bits, 12 octets

SubjectKeyId: 9f:c9:10:b0:c2:91:fc:32:d7:5e:2e:3d:4b:ad:dc:39:67:b0:1d:ba
AuthorityKeyId: f8:ef:7f:f2:cd:78:67:a8:de:6f:8f:24:8d:88:f1:87:03:02:b3:eb

Fingerprint (sha1): 5b:4e:21:05:4c:69:79:31:05:c4:f0:e3:de:39:96:38:8b:b6:c3:af
Fingerprint (sha256): 04:75:04:e8:e3:f8:59:68:ba:d6:3d:cc:22:b8:b2:27:e0:5f:10:bf:3c:65:3c:c0:f7:de:72:d2:c2:68:63:b8

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt

Revocation information

OCSP Server: http://ocsp.globalsign.com/gsrsaovsslca2018
CRL Distribution Point: http://crl.globalsign.com/gsrsaovsslca2018.crl

Check the revocation status for certificate ncio.nato.int

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ncio.nato.int

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ncio.nato.int

Other certificates including the domain name nato.int

(limited to 100 certificates)
shared.napma.nato.int
meet.nahema.nato.int
ims.nato.int
npc.ncia.nato.int
www.natoschool.nato.int
*.nc3a.nato.int
www.nato.int
extranet.napma.nato.int
extranet.napma.nato.int
ap.ndc.nato.int
ncia.nato.int
apx.ndc.nato.int
elearning.natoschool.nato.int
*.ncia.nato.int
mail.cmre.nato.int
ndcmail.ndc.nato.int
www.asc.nato.int
awds.ndc.nato.int
mdm.napma.nato.int
mail.hrf.tr.nato.int
verity.hq.nato.int
extranet.napma.nato.int
ism.hq.nato.int
captiveportal.nahema.nato.int
msiac.nato.int
guest.napma.nato.int
gss.ncia.nato.int
servicedesk.thwaites.co.uk
ssc.nato.int
ncio.nato.int
dnbl.ncia.nato.int
acquia-sites.com
coi.nato.int
*.nc3a.nato.int
cmre.nato.int
itsupport.valeosnackfoods.com
www.ncia.nato.int
iocore.ivv.ncia.nato.int
www.nspa.nato.int
dnbl.ncia.nato.int
shared.napma.nato.int
awacs.nato.int
*.nacc.nato.int
*.ims.nato.int
redirect.napma.nato.int
nexus.dev.nato.int
acquia-sites.com
iocore-cwix.ivv.ncia.nato.int
*.nciss.nato.int
*.reach.nato.int
acquia-sites.com
emm.hq.nato.int
lldb.jallc.nato.int
apx.ndc.nato.int
ndccds.ndc.nato.int
apy.ndc.nato.int
www.ssc.nato.int
guest.napma.nato.int
sts.reach.nato.int
meet.nahema.nato.int
NSOVPN.natoschool.nato.int
ndccds.ndc.nato.int
skypeaccess.shape.nato.int
labs.academy.ncia.nato.int
shared.napma.nato.int
dev.nato.int
www.ssc.nato.int
amdc2-iss.ncia.nato.int
mail.cmre.nato.int
e-isaf.act.nato.int
*.nshq.nato.int
mdm.napma.nato.int
servicedesk.usspeaking.com
webmail.pia.nato.int
acquia-sites.com
diana.nato.int
jftc.nato.int
ticketing.alphamead.com
selfservice.act.nato.int
verity.hq.nato.int
acquia-sites.com
gp.csp.nato.int
mobile.pan.nato.int
meet.nahema.nato.int
redirect.napma.nato.int
acquia-sites.com
napma.nato.int
msiac.nato.int
extranet.napma.nato.int
extranet.napma.nato.int
guest.napma.nato.int
webmail.cmre.nato.int
haivision.hq.nato.int
*.ndss.nato.int
ssc.nato.int
www.msiac.nato.int
ithelpdesk.dccoilireland.com
servicedesk.thwaites.co.uk
eportal.nspa.nato.int
www.nspa.nato.int

Certificate

The complete raw certificate details for ncio.nato.int in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIMZL/zTWO3KF8N7gkYMA0GCSqGSIb3DQEBCwUAMFAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1H
bG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yNDA2MDcwOTExMDVaFw0y
NTA3MDkwOTExMDRaMFoxCzAJBgNVBAYTAkJFMREwDwYDVQQIEwhCcnVzc2VsczER
MA8GA1UEBxMIQnJ1c3NlbHMxDTALBgNVBAoTBE5BVE8xFjAUBgNVBAMTDW5jaW8u
bmF0by5pbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV5m93Wt0Q
O5Dl23wKljrKwDSUM3zIjRXGyL3LvkecyODPFq7Ip1xJpG0It4w/gElatXT+oPMe
nPmM8xbuDTMiQsxj+i3dE0+wp1JEUAMErgWG+j8nmMbuIME80pCiMXpdxorWfFV+
vs3Bcx9jhPNMXqfIIZGuB+0vPHgppLyVuOCxGXGuBPqqxbKRhJTeItp7IsKvzXCp
nmv+SVRnbaXy6MGdjBPpUGtBH8i2eyBqnlWphK28kHENX8WHzDkBaD5tiojPJ5xy
BYTG1RK2029nB+mv4Q8zmm5oR5gouBRLH5He5rX/vtSTZV6opA5pM9IkZq5NkGTO
1HtVHjCRlGilAgMBAAGjggHaMIIB1jAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
BAIwADCBjgYIKwYBBQUHAQEEgYEwfzBEBggrBgEFBQcwAoY4aHR0cDovL3NlY3Vy
ZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nyc2FvdnNzbGNhMjAxOC5jcnQwNwYI
KwYBBQUHMAGGK2h0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2dzcnNhb3Zzc2xj
YTIwMTgwVgYDVR0gBE8wTTBBBgkrBgEEAaAyARQwNDAyBggrBgEFBQcCARYmaHR0
cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQICMD8G
A1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3Nyc2Fv
dnNzbGNhMjAxOC5jcmwwGAYDVR0RBBEwD4INbmNpby5uYXRvLmludDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAU+O9/8s14Z6jeb48k
jYjxhwMCs+swHQYDVR0OBBYEFJ/JELDCkfwy114uPUut3DlnsB26MBMGCisGAQQB
1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAX+6zou3rT3aT3OUGazTFd
jvj4nIrf7ZC4ao/xXzaguIFoIjhQAvvDtyU1bvm9lVsLIL0cIy3ZHYz44quInLv2
k4sHIFLgNRRIlnEyKMi6djho6GljA9KWAj84V4PJVi3zsuyr9TQ9o4kitg5l2cLX
lF5CchxlabNQpGmdN7Dt6zG/XN1/PjfKr0+2+44lf0bSlMtukgkNYjEI9GQ8yrjR
ZOUbH3zTYTucZXkqD0PIFqDin93mnFWnXjqzDJ18ADbM/cqcGU8tEA16nbsdAUWL
jdH2o8hUtVcF3LB2EA3/ub260I8IhmdXuFAZ7uxf7eRcs1E95CXSsOTnr/rWi08A
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleZvd1rdEDuQ5dt8CpY6
ysA0lDN8yI0Vxsi9y75HnMjgzxauyKdcSaRtCLeMP4BJWrV0/qDzHpz5jPMW7g0z
IkLMY/ot3RNPsKdSRFADBK4Fhvo/J5jG7iDBPNKQojF6XcaK1nxVfr7NwXMfY4Tz
TF6nyCGRrgftLzx4KaS8lbjgsRlxrgT6qsWykYSU3iLaeyLCr81wqZ5r/klUZ22l
8ujBnYwT6VBrQR/Itnsgap5VqYStvJBxDV/Fh8w5AWg+bYqIzyeccgWExtUSttNv
Zwfpr+EPM5puaEeYKLgUSx+R3ua1/77Uk2VeqKQOaTPSJGauTZBkztR7VR4wkZRo
pQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 31180554776320788163483011352
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign RSA OV SSL CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-07 09:11:05 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-07-09 09:11:04 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Brussels'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Brussels'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NATO'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ncio.nato.int'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 18923139378180728117716196112747172440321322347301040012721982892532413013453950687551861561315471289272087368945788735471367195743309379245716430623948789876755641801115898819784233654246814305303243743685034430886336945960884404617075845939087508260871035168799840809485932324572478784872113534403327712161314379622727532489707568741252311652405940415108509822552085091196753310239024191589590535006784716306120234416632012794989782821969023985925350636354487943791081490631091720133472025977735202401517837630544916806590688881436392773218806942465452672602347751049560322191495113826369933922193452921382010906789
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (129 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.globalsign.com/gsrsaovsslca2018'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gsrsaovsslca2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (17 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ncio.nato.int'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f8ef7ff2cd7867a8de6f8f248d88f1870302b3eb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							9fc910b0c291fc32d75e2e3d4baddc3967b01dba
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0017fbace8bb7ad3dda4f739419acd315d8ef8f89c8adfed90b86a8ff15f36a0b8816822385002fbc3b725356ef9bd955b0b20bd1c232dd91d8cf8e2ab889cbbf6938b072052e035144896713228c8ba763868e8696303d296023f385783c9562df3b2ecabf5343da38922b60e65d9c2d7945e42721c6569b350a4699d37b0edeb31bf5cdd7f3e37caaf4fb6fb8e257f46d294cb6e92090d623108f4643ccab8d164e51b1f7cd3613b9c65792a0f43c816a0e29fdde69c55a75e3ab30c9d7c0036ccfdca9c194f2d100d7a9dbb1d01458b8dd1f6a3c854b55705dcb076100dffb9bdbad08f08866757b85019eeec5fede45cb3513de425d2b0e4e7affad68b4f00