sfbext.mtl.ca.glencore.net

- Glencore International AG -

Issued by Thawte RSA CA 2018

About this certificate

This digital certificate with serial number 0a:cb:04:e1:29:91:cd:ed:05:19:94:f3:5d:cd:3e:84 was issued on by DigiCert Inc.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Glencore International AG

Organization: Glencore International AG
Organization unit: IT
State / Province: Zug
Locality: Baar
Country: CH

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0a:cb:04:e1:29:91:cd:ed:05:19:94:f3:5d:cd:3e:84
Serial Number (int): 14346415188971861157681507106089156228
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 41:6e:d5:33:38:e8:58:97:9f:45:7f:21:09:37:06:dc:72:0f:d0:92
AuthorityKeyId: a3:c8:5e:65:54:e5:30:78:c1:05:ea:07:0a:6a:59:cc:b9:fe:de:5a

Fingerprint (sha1): f4:47:65:a2:11:90:ee:92:79:cd:d8:af:38:a8:db:e3:f1:8f:72:3d
Fingerprint (sha256): 04:9a:92:32:b9:29:e0:41:c4:a5:dd:79:9d:87:53:02:09:56:db:ac:99:32:c0:72:96:a4:6e:0c:92:1e:8a:4a

Issuing Certificate URL: http://cacerts.thawte.com/ThawteRSACA2018.crt

Revocation information

OCSP Server: http://status.thawte.com
CRL Distribution Point: http://cdp.thawte.com/ThawteRSACA2018.crl

Check the revocation status for certificate sfbext.mtl.ca.glencore.net

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for sfbext.mtl.ca.glencore.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

sfbext.mtl.ca.glencore.net
meet.ca.glencore.net
owebapp.mtl.ca.glencore.net

Other certificates including the domain name glencore.net

(limited to 100 certificates)
ap.syd.au.glencore.net
testmyid.ch.glencore.net
*.de.glencore.net
b2b.stg.cl.glencore.net
ucb-sam.glencore.com
mail.nam.glencore.net
UCB-AUS.glencore.com
*.pe.glencore.net
www.glencore.com
afenav.ldn.gb.glencore.net
ap.bar.ch.glencore.net
sfbext.mtl.ca.glencore.net
connect.eur.glencore.net
helpme.glencore.net
ap.mtl.ca.glencore.net
emm-admin.glencore.net
fileshare.ca.glencore.net
www.glencore.com
edw.ldn.gb.glencore.net
acb-eur.glencore.com
sts.glencore.net
connect.ktg.cd.glencore.net
helpme.glencore.net
*.au.glencore.net
static-test.glencore.net
www.glencore.com
www.glencore.com
groupmobility.glencore.net
sfbext.ch.glencore.net
fileshare.ca.glencore.net
usti.cz.glencore.net
sfbext.bar.ch.glencore.net
connect.eur.glencore.net
*.ca.glencore.net
UCA-NAM.glencore.com
ap.zrh.ch.glencore.net
*.za.glencore.net
emm-device-test.glencore.net
glccmg.glencore.net
b2b.krs.no.glencore.net
*.glencore.net
mail.eur.glencore.net
www.glencore.com
helpme.glencore.net
adfs.glencore.net
*.za.glencore.net
UCB-ZAF.glencore.com
induction.coal.au.glencore.net
UCB-EUR.glencore.com
b2b.stg.cl.glencore.net
bienvenueccr.mtl.ca.glencore.net
*.za.glencore.net
sfbext.zrh.ch.glencore.net
connect.sas.ar.glencore.net
UCB-NAM.glencore.com
*.br.glencore.net
b2b.stg.cl.glencore.net
*.sg.glencore.net
ewac1.ldn.gb.glencore.net
sfbext.bar.ch.glencore.net
b2b.aus.glencore.net
uca-eur.glencore.com
myid.ch.glencore.net
*.au.glencore.net
bienvenueccr.mtl.ca.glencore.net
ap.bar.ch.glencore.net
ewac2.ldn.gb.glencore.net
formations.rag.ca.glencore.net
www.glencore.com
GLCPT1CMG.GLENCORE.NET
connect.spd.br.glencore.net
usti.cz.glencore.net
sc-test.glencore.net
www.glencore.com
helpme.glencore.net
b2b.stg.cl.glencore.net
www.glencore.com
sfbext.zrh.ch.glencore.net
*.br.glencore.net
*.sam.glencore.net
*.cn.glencore.net
acs.bne.au.glencore.net
UCA-ZAF.glencore.com
helpme.glencore.net
ap.bar.ch.glencore.net
helpme.glencore.net
ap.bar.ch.glencore.net
sfbext.sng.sg.glencore.net
www.glencore.com
connect.mak.ph.glencore.net
*.ca.glencore.net
ap.mtl.ca.glencore.net
UCB-SAM.glencore.com
perthview.per.au.glencore.net
edw-test.ldn.gb.glencore.net
ecms-demo.glencore.net
*.za.glencore.net
www.glencore.com
ucb-eur.glencore.com
*.sg.glencore.net

Certificate

The complete raw certificate details for sfbext.mtl.ca.glencore.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGRDCCBSygAwIBAgIQCssE4SmRze0FGZTzXc0+hDANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcN
MTgwNTE1MDAwMDAwWhcNMTkwNTE1MTIwMDAwWjCBgDELMAkGA1UEBhMCQ0gxDDAK
BgNVBAgTA1p1ZzENMAsGA1UEBxMEQmFhcjEiMCAGA1UEChMZR2xlbmNvcmUgSW50
ZXJuYXRpb25hbCBBRzELMAkGA1UECxMCSVQxIzAhBgNVBAMTGnNmYmV4dC5tdGwu
Y2EuZ2xlbmNvcmUubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
wFMgOrUS5Zes/tEVEtc53Y+3K+xIZ5LnDU5ibQo2Gva7l9GUSlZ7L4s0GKmDC0qL
8oYlEDsS6CBhQBupW1ksjPDi7YKOXO3ziHkSvsSKw8kM3O8lZT3qt/xlUD/ja3ZF
1DAiXetwwVSnfkf7IHqR47k7nusY76Q2o/qS6ASw4rzF/5UsIXq6wipZ6H1rKbwf
xd5+lqGllY3TA7s5N3dnj8IzZBzCzXmwHdTJz+28BitEei2+rDzj1v33TFLP1pF2
mkmE5r20dFsmPx0X5JKIrHH/71il8HplsPUKyQ8dT1TgEp2GRjnDnINQr1c12utM
tCZ9KypmH5UZzxvU73hzpQIDAQABo4IC2zCCAtcwHwYDVR0jBBgwFoAUo8heZVTl
MHjBBeoHCmpZzLn+3lowHQYDVR0OBBYEFEFu1TM46FiXn0V/IQk3BtxyD9CSMFgG
A1UdEQRRME+CGnNmYmV4dC5tdGwuY2EuZ2xlbmNvcmUubmV0ghRtZWV0LmNhLmds
ZW5jb3JlLm5ldIIbb3dlYmFwcC5tdGwuY2EuZ2xlbmNvcmUubmV0MA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOgYDVR0fBDMw
MTAvoC2gK4YpaHR0cDovL2NkcC50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6
Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbwYIKwYBBQUHAQEEYzBh
MCQGCCsGAQUFBzABhhhodHRwOi8vc3RhdHVzLnRoYXd0ZS5jb20wOQYIKwYBBQUH
MAKGLWh0dHA6Ly9jYWNlcnRzLnRoYXd0ZS5jb20vVGhhd3RlUlNBQ0EyMDE4LmNy
dDAJBgNVHRMEAjAAMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcApLkJkLQYWBSH
uxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFjYrtnQAAABAMASDBGAiEAmoYYGv9d
wWkamdtKLPonY7r0zkWiW0pL2g/+VSOExZUCIQDXMrfBx4Z1ZTwHaKOSBCiyfwLj
JjK5QUBt8KA7kdwBEQB1AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kT
AAABY2K7aQAAAAQDAEYwRAIgNWXB0ua7gDyywSlh2Lz/pVpvNr/Zx0DYfzF2f/1o
wGoCICiUR6dcgjjKXbqdAFibmoVAVP2WTp3DIvOCTHsdXVPPMA0GCSqGSIb3DQEB
CwUAA4IBAQAmDmyVlw4csSE0CViKUqpEo4c6MM2v0EcrX349oEQXS9aUFkxPD2O2
VcqEe/aN8M+nQ+fimtOTmMZel6VYVP+dDSkc4tbNUbpV5usyfLS1A1aMCUI8Gj1G
eWeK17PlPS2X+v56iGngYhl7Z4BWFr/zZnDXu+gnqY1dWTdIvqdnuFBVyBdslp86
Ana0suf0XE1Y9q6vQPkdlVScx8MWMVx43nzDn6yX0pX/clGgxMpDZEt0NOxRyfHv
OZ94nhgmemApyYef6X+Mg3HaC3N237/SiYEsY87APk6yDym0Ul4EHog4p74LmD0S
YkU/Upzrgz6i3vYk91HS0iHAc6t+5qEf
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFMgOrUS5Zes/tEVEtc5
3Y+3K+xIZ5LnDU5ibQo2Gva7l9GUSlZ7L4s0GKmDC0qL8oYlEDsS6CBhQBupW1ks
jPDi7YKOXO3ziHkSvsSKw8kM3O8lZT3qt/xlUD/ja3ZF1DAiXetwwVSnfkf7IHqR
47k7nusY76Q2o/qS6ASw4rzF/5UsIXq6wipZ6H1rKbwfxd5+lqGllY3TA7s5N3dn
j8IzZBzCzXmwHdTJz+28BitEei2+rDzj1v33TFLP1pF2mkmE5r20dFsmPx0X5JKI
rHH/71il8HplsPUKyQ8dT1TgEp2GRjnDnINQr1c12utMtCZ9KypmH5UZzxvU73hz
pQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 14346415188971861157681507106089156228
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-05-15 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-05-15 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Zug'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Baar'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Glencore International AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'sfbext.mtl.ca.glencore.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24278745460455545321123883790260314895402210124184514894940828599298494228418436437555722030047447674847599773581704605955361458550537716391485237682514789645711491873558255847179225151393411433727619133827725819778058676464291526394880570861971571521004253333080682236755295613417633994100730080474086158458215540190500851438843033240355026437465049147185282322490220229595706469175257349727179999684276038911640804427735250677271318657507348525429720270602413087934040306962810657759888788831569256019413731786396185533926740577773589967917963948152417185491077838646469324994594217088677632670474218538369998680997
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a3c85e6554e53078c105ea070a6a59ccb9fede5a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							416ed53338e858979f457f21093706dc720fd092
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (81 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sfbext.mtl.ca.glencore.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'meet.ca.glencore.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'owebapp.mtl.ca.glencore.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (51 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007700a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016362bb674000000403004830460221009a86181aff5dc1691a99db4a2cfa2763baf4ce45a25b4a4bda0ffe552384c595022100d732b7c1c78675653c0768a3920428b27f02e32632b941406df0a03b91dc01110075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000016362bb6900000004030046304402203565c1d2e6bb803cb2c12961d8bcffa55a6f36bfd9c740d87f31767ffd68c06a0220289447a75c8238ca5dba9d00589b9a854054fd964e9dc322f3824c7b1d5d53cf
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00260e6c95970e1cb1213409588a52aa44a3873a30cdafd0472b5f7e3da044174bd694164c4f0f63b655ca847bf68df0cfa743e7e29ad39398c65e97a55854ff9d0d291ce2d6cd51ba55e6eb327cb4b503568c09423c1a3d4679678ad7b3e53d2d97fafe7a8869e062197b67805616bff36670d7bbe827a98d5d593748bea767b85055c8176c969f3a0276b4b2e7f45c4d58f6aeaf40f91d95549cc7c316315c78de7cc39fac97d295ff7251a0c4ca43644b7434ec51c9f1ef399f789e18267a6029c9879fe97f8c8371da0b7376dfbfd289812c63cec03e4eb20f29b4525e041e8838a7be0b983d1262453f529ceb833ea2def624f751d2d221c073ab7ee6a11f