tag.cartier.com
Issued by GeoTrust Global TLS RSA4096 SHA256 2022 CA1
About this certificate
This digital certificate with serial number 0f:14:f9:e8:96:e9:dc:d2:02:d9:a9:4b:a3:cf:6f:38 was issued on by DigiCert, Inc..
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=tag.cartier.com
DigiCert, Inc.
Organization:
DigiCert, Inc.
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 0f:14:f9:e8:96:e9:dc:d2:02:d9:a9:4b:a3:cf:6f:38Serial Number (int): 20047334621574921205209437506290806584
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: 8b:8d:53:5f:eb:c4:c9:28:79:9c:fb:79:b5:14:eb:eb:77:93:e3:cd
AuthorityKeyId: a5:b4:d6:eb:36:c4:e7:6b:a6:df:c4:64:0b:01:2a:20:04:b8:66:23
Fingerprint (sha1): 5d:1d:af:e3:24:de:de:c7:f0:fc:a4:ee:01:c6:51:05:50:17:9c:a8
Fingerprint (sha256): 04:af:54:22:22:6a:c4:ce:0b:34:d6:e4:7e:52:c3:53:3c:0e:df:8f:19:b2:72:1c:d6:86:8f:8d:3c:e4:eb:6a
Issuing Certificate URL: http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt
Revocation information
OCSP Server: http://ocsp.digicert.comCRL Distribution Point: http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl
CRL Distribution Point: http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl
Check the revocation status for certificate tag.cartier.com
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for tag.cartier.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
tag.cartier.com
Other certificates including the domain name cartier.com
(limited to 100 certificates)
nouveaute-horlogerie.staging.cartier.com
www.cartierretailnet.com
szervizek.carglass.hu
artrader.co
intranet.richemont.com
intranet.richemont.com
claudia-andujar.quality.fondationcartier.com
www.cartierretailnet.com
scan.preprod2.cartier.com
intranet.richemont.com
dam.richemont.com
intranet.richemont.com
www.cartier.com
tag.cartier.com
www.cartier.com
www.fondationcartier.com
media.richemont.com
cartier.com
scan.preprod2.cartier.com
secure.m.dev.cartier.com
secure.www.en.cartier.com
secure-www.bridal.cartier.com
www.cartierretailnet.com
russia.b2b.cartier.com
intranet.richemont.com
admin.cartier.com
intranet.richemont.com
linemedia.preprod.richemont.com
dam.richemont.com
scan.dev.cartier.com
scan.preprod.jaeger-lecoultre.com
stores.cartier.com
akamai-san106.exacttarget.com
secure.quality.eshop.fondationcartier.com
bo.cartier.com
presse.fondation.cartier.com
intranet.richemont.com
www.careers.cartier.com
secure.www.pprod.cartier.com
intranet.richemont.com
plaza.cartier.com
blog-hitchhikers.yext.com
www.quality.alange-soehne.com
sfy.cartier.com
powerofmythgame.cartier.com
www.fondationcartier.com
presse.fondation.cartier.com
www.osni.cartier.com
linemedia.preprod.richemont.com
alkhabourah.net
scan.preprod2.cartier.com
platformsh5.map.fastly.net
cp-daiken.dqdai-souls.com
www.cartier.com
intranet.preprod.richemont.com
nasekomo.tech
www.fondationcartier.com
sfy.cartier.com
presse.fondation.cartier.com
careers.cartier.com
secure-dev.cartier.com
www.quality.alange-soehne.com
sfy.cartier.com
media.richemont.com
www.fondationcartier.com
bo.cartier.com
scan.dev.cartier.com
platformsh5.map.fastly.net
cartier.com
linemedia.preprod.richemont.com
bo.cartier.com
3d-cartier.com
secure.www.cartier.com
go.luana.app
lohiabooks.com
cartier.com
www.quality.alange-soehne.com
www.cartier.com
cartier.at
cartiercare.preprod2.cartier.com
cartier.at
cartier.com
intranet.staging.richemont.com
www.quality.digital-library.cartier.com
bo.cartier.com
cartier-load-balancer-aws.cartier.com
secure.www.cartier.com
systemesfonctionnels.staging.cartier.com
www.cartierretailnet.com
www.quality.alange-soehne.com
bo.cartier.com
atlas.cartier.com
presse.fondation.quality.cartier.com
www.fondationcartier.com
sfy.cartier.com
secure.m.cartier.com
akamai-san106.exacttarget.com
scan.dev2.cartier.com
secure.quality.eshop.fondationcartier.com
cartierpress.cartier.com
www.cartierretailnet.com
szervizek.carglass.hu
artrader.co
intranet.richemont.com
intranet.richemont.com
claudia-andujar.quality.fondationcartier.com
www.cartierretailnet.com
scan.preprod2.cartier.com
intranet.richemont.com
dam.richemont.com
intranet.richemont.com
www.cartier.com
tag.cartier.com
www.cartier.com
www.fondationcartier.com
media.richemont.com
cartier.com
scan.preprod2.cartier.com
secure.m.dev.cartier.com
secure.www.en.cartier.com
secure-www.bridal.cartier.com
www.cartierretailnet.com
russia.b2b.cartier.com
intranet.richemont.com
admin.cartier.com
intranet.richemont.com
linemedia.preprod.richemont.com
dam.richemont.com
scan.dev.cartier.com
scan.preprod.jaeger-lecoultre.com
stores.cartier.com
akamai-san106.exacttarget.com
secure.quality.eshop.fondationcartier.com
bo.cartier.com
presse.fondation.cartier.com
intranet.richemont.com
www.careers.cartier.com
secure.www.pprod.cartier.com
intranet.richemont.com
plaza.cartier.com
blog-hitchhikers.yext.com
www.quality.alange-soehne.com
sfy.cartier.com
powerofmythgame.cartier.com
www.fondationcartier.com
presse.fondation.cartier.com
www.osni.cartier.com
linemedia.preprod.richemont.com
alkhabourah.net
scan.preprod2.cartier.com
platformsh5.map.fastly.net
cp-daiken.dqdai-souls.com
www.cartier.com
intranet.preprod.richemont.com
nasekomo.tech
www.fondationcartier.com
sfy.cartier.com
presse.fondation.cartier.com
careers.cartier.com
secure-dev.cartier.com
www.quality.alange-soehne.com
sfy.cartier.com
media.richemont.com
www.fondationcartier.com
bo.cartier.com
scan.dev.cartier.com
platformsh5.map.fastly.net
cartier.com
linemedia.preprod.richemont.com
bo.cartier.com
3d-cartier.com
secure.www.cartier.com
go.luana.app
lohiabooks.com
cartier.com
www.quality.alange-soehne.com
www.cartier.com
cartier.at
cartiercare.preprod2.cartier.com
cartier.at
cartier.com
intranet.staging.richemont.com
www.quality.digital-library.cartier.com
bo.cartier.com
cartier-load-balancer-aws.cartier.com
secure.www.cartier.com
systemesfonctionnels.staging.cartier.com
www.cartierretailnet.com
www.quality.alange-soehne.com
bo.cartier.com
atlas.cartier.com
presse.fondation.quality.cartier.com
www.fondationcartier.com
sfy.cartier.com
secure.m.cartier.com
akamai-san106.exacttarget.com
scan.dev2.cartier.com
secure.quality.eshop.fondationcartier.com
cartierpress.cartier.com
Certificate
The complete raw certificate details for tag.cartier.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHjzCCBXegAwIBAgIQDxT56Jbp3NIC2alLo89vODANBgkqhkiG9w0BAQsFADBc MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT K0dlb1RydXN0IEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN MjMxMjA1MDAwMDAwWhcNMjQwNjA1MjM1OTU5WjAaMRgwFgYDVQQDEw90YWcuY2Fy dGllci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmBlSWJR/c ZwnTHLjOrPbCITPMSvXunydmuvGo0f2h+PKOj2WSzcXqmMOtSaC9T5K079bK9kGB INmmNLWR7PYw5QJ+EeQyJ/6Kkl0HSCBjSwxD5EkAzCOeGCqAXaXR+vwm5CIJ7J7f A7wLKo8VsZnOw64TIAJBTl5n1qdX6g24RYd5WguPUtXCnzXU53BDaG1YcgELITKL 3Tdb/qEd5EyoUswUmF8p7uVV2ICutEKtlebbd/CQAcT2b8qr7hMmbHk7XM0h9QA+ 9M7zzC0W771CeIToGyzr9GaNYs0wb2mLf5izCwwWoKBu9DokIIetakYCZ0yaGJmB 9/khMFsFdFQFAgMBAAGjggONMIIDiTAfBgNVHSMEGDAWgBSltNbrNsTna6bfxGQL ASogBLhmIzAdBgNVHQ4EFgQUi41TX+vEySh5nPt5tRTr63eT480wGgYDVR0RBBMw EYIPdGFnLmNhcnRpZXIuY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQIBMCkwJwYIKwYB BQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMC BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGfBgNVHR8EgZcwgZQw SKBGoESGQmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9HZW9UcnVzdEdsb2JhbFRM U1JTQTQwOTZTSEEyNTYyMDIyQ0ExLmNybDBIoEagRIZCaHR0cDovL2NybDQuZGln aWNlcnQuY29tL0dlb1RydXN0R2xvYmFsVExTUlNBNDA5NlNIQTI1NjIwMjJDQTEu Y3JsMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp Z2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQu Y29tL0dlb1RydXN0R2xvYmFsVExTUlNBNDA5NlNIQTI1NjIwMjJDQTEuY3J0MAwG A1UdEwEB/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3AO7N0GTV2xrO xVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABjDsTSR8AAAQDAEgwRgIhANLYE/ke wztHTzoKAMtQSzc3X1OrUDhX3jBu0sj4GwdfAiEAltkqBITJTvr3inHw21ht/Tto y/ynM/MCIYMh6UKCDhcAdwBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiE cwAAAYw7E0i3AAAEAwBIMEYCIQDiGJUU6khmmhxT3BcLsuffZOYGPpcH4wHqOF1v X1/7zAIhAKDfwRFabiI5HCGmM1InhwebyyaJVviQDGF1/5yM6wGYAHYA2ra/az+1 tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGMOxNIjQAABAMARzBFAiEA5kJk VQRbGpNSTNks01x9kvRc97wMPBkRTFSKhmIJc9kCICIb+UAVtVTRpqNP/d7Cd7lD 8WRcpJPMvy2eajZ/9Vm2MA0GCSqGSIb3DQEBCwUAA4ICAQC1XJlDVE07FcM+XK1s NJcTGN7ZxuuW1alnwssOrFYtIeIEw/TV3Eo2i1gibGqXT+cvCh2g1sE6HlQ2PXNu u0I5weX4IUkRKIdbSQrsqTXEqaZ1u7uPGhss38oqe1PbrYkpJMqkfJM6X5HC3vYT euWJ4ndHbpt89oMfpZGgGsaCvvnxfwf0Nt/erYyqblX2ZTFbT/x4Xh5FGD5hMXsX bw+r1RFngOVgtwyREG9m2ECLn4/fRTUmBeqr1uhYRlvpHtMjZ3qzotnXgdcmTALr UdNBsDeP8VdRTrb2rptTONRTf7s55p7Ny5geTnWX2HBuU5/MgCd9eAibcFIpBtTG 8Fcd3Pwt5vSF78gBTnO0Z2ceAhN2e6CDNFg/4VeQ6TvplJUmytJdqgePmBr9A7cP XZP9Y+OHb0KGxF7Pttj59jZA1Hzk+2VawTVK7m5mQOOXka36/vVFljL1nh415Lko f3T59YbsDTbm7YXYdf0+PK4h11E9yrSFYcRf+XYQz0JtNBffIuGG37ru1KGL6PrC jRrc6xyiob44MMSyVOZhcPbay2gBmw24a+BbdalDIA7rqYdlWVdHMy1fvMjeuCL9 PpAAjdZU9Er/SIAEjkbrf2xktNUQiXRgJ+jucDQOJ3DXSmanlGm3hjqRF/LOECSF eR3Oe1o9eEo1uS+kdqkjf4Dp6Q== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgZUliUf3GcJ0xy4zqz2 wiEzzEr17p8nZrrxqNH9ofjyjo9lks3F6pjDrUmgvU+StO/WyvZBgSDZpjS1kez2 MOUCfhHkMif+ipJdB0ggY0sMQ+RJAMwjnhgqgF2l0fr8JuQiCeye3wO8CyqPFbGZ zsOuEyACQU5eZ9anV+oNuEWHeVoLj1LVwp811OdwQ2htWHIBCyEyi903W/6hHeRM qFLMFJhfKe7lVdiArrRCrZXm23fwkAHE9m/Kq+4TJmx5O1zNIfUAPvTO88wtFu+9 QniE6Bss6/RmjWLNMG9pi3+YswsMFqCgbvQ6JCCHrWpGAmdMmhiZgff5ITBbBXRU BQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 20047334621574921205209437506290806584 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Global TLS RSA4096 SHA256 2022 CA1' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-05 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-05 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'tag.cartier.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20958680268855974534952528823267239669329522210757682423637502729983824490451161137887308802279333743638230146438273644942273228832264862245602664691569931104539607966889515776011775053377245048400169820669700789944566632071240463712971630090521933012910965591401746923121409992617394946373700839361876919734506641369564474702783953124126821815860977088517226686902076200902292717464376051580968409415400013818141821097274246689164039349464871725146917009663011984116024464908829633232856654879520952366027062924721185410411773549811330773558373549820516805341178017789895450717777403458706013021469732677236676645893 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a5b4d6eb36c4e76ba6dfc4640b012a2004b86623 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 8b8d535febc4c928799cfb79b514ebeb7793e3cd . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (19 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tag.cartier.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes) 016a007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018c3b13491f0000040300483046022100d2d813f91ec33b474f3a0a00cb504b37375f53ab503857de306ed2c8f81b075f02210096d92a0484c94efaf78a71f0db586dfd3b68cbfca733f302218321e942820e1700770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018c3b1348b70000040300483046022100e2189514ea48669a1c53dc170bb2e7df64e6063e9707e301ea385d6f5f5ffbcc022100a0dfc1115a6e22391c21a633522787079bcb268956f8900c6175ff9c8ceb0198007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018c3b13488d0000040300473045022100e6426455045b1a93524cd92cd35c7d92f45cf7bc0c3c19114c548a86620973d90220221bf94015b554d1a6a34ffddec277b943f1645ca493ccbf2d9e6a367ff559b6 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 00b55c9943544d3b15c33e5cad6c34971318ded9c6eb96d5a967c2cb0eac562d21e204c3f4d5dc4a368b58226c6a974fe72f0a1da0d6c13a1e54363d736ebb4239c1e5f821491128875b490aeca935c4a9a675bbbb8f1a1b2cdfca2a7b53dbad892924caa47c933a5f91c2def6137ae589e277476e9b7cf6831fa591a01ac682bef9f17f07f436dfdead8caa6e55f665315b4ffc785e1e45183e61317b176f0fabd5116780e560b70c91106f66d8408b9f8fdf45352605eaabd6e858465be91ed323677ab3a2d9d781d7264c02eb51d341b0378ff157514eb6f6ae9b5338d4537fbb39e69ecdcb981e4e7597d8706e539fcc80277d78089b70522906d4c6f0571ddcfc2de6f485efc8014e73b467671e0213767ba08334583fe15790e93be9949526cad25daa078f981afd03b70f5d93fd63e3876f4286c45ecfb6d8f9f63640d47ce4fb655ac1354aee6e6640e39791adfafef5459632f59e1e35e4b9287f74f9f586ec0d36e6ed85d875fd3e3cae21d7513dcab48561c45ff97610cf426d3417df22e186dfbaeed4a18be8fac28d1adceb1ca2a1be3830c4b254e66170f6dacb68019b0db86be05b75a943200eeba98765595747332d5fbcc8deb822fd3e90008dd654f44aff4880048e46eb7f6c64b4d51089746027e8ee70340e2770d74a66a79469b7863a9117f2ce102485791dce7b5a3d784a35b92fa476a9237f80e9e9