dit01.creditcards.citi.com

- Citigroup Inc. -

Issued by Symantec Class 3 EV SSL CA - G3

About this certificate

This digital certificate with serial number 44:b2:5e:01:26:32:d7:5e:54:77:a4:84:49:8e:66:7f was issued on by Symantec Corporation.

With 10 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Compliant certificates should use the utf8string encoding for explicitText (RFC 6818: 3)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

Citigroup Inc.

Company registration number: 2154254
Organization: Citigroup Inc.
Organization unit: Citi
Address: 399 Park Avenue
Postal code: 10043
State / Province: New York
Locality: New York
Country: US

Symantec Corporation

Organization: Symantec Corporation
Organization unit: Symantec Trust Network
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 44:b2:5e:01:26:32:d7:5e:54:77:a4:84:49:8e:66:7f
Serial Number (int): 91313639191746278159687615363016451711
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: 01:59:ab:e7:dd:3a:0b:59:a6:64:63:d6:cf:20:07:57:d5:91:e7:6a

Fingerprint (sha1): bf:9d:76:77:f6:0f:7e:2b:b8:92:df:5e:01:85:39:71:ac:03:f8:8d
Fingerprint (sha256): 05:18:5e:50:86:f4:1b:9a:6c:1c:dd:17:83:e5:89:66:2b:43:75:de:0f:b2:5b:83:23:d0:d7:66:19:f0:7a:53

Issuing Certificate URL: http://sr.symcb.com/sr.crt

Revocation information

OCSP Server: http://sr.symcd.com
CRL Distribution Point: http://sr.symcb.com/sr.crl

Check the revocation status for certificate dit01.creditcards.citi.com

10

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for dit01.creditcards.citi.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

dit01.creditcards.citi.com
dit02.creditcards.citi.com
dit03.creditcards.citi.com
dit04.creditcards.citi.com
productest1.creditcards.citi.com
productest2.creditcards.citi.com
dit11.creditcards.citi.com
dit12.creditcards.citi.com
sit11.creditcards.citi.com
sit12.creditcards.citi.com

Other certificates including the domain name citi.com

(limited to 100 certificates)
tv.citi.com
ibmwebspheremqaltophubqmsit.citi.com
ibmwebspheremqgtsitorg01.citi.com
consumersoa.citi.com
ibmwebspheremqmrntbc12.citi.com
www.citibank.com
ibmWebSphereMQCSGPP.citi.com
uat.citi.com
ibmwebspheremqswprdcol01.citi.com
uat.accountonline.com
mx-test.mail.citi.com
desktop.citi.com
ibmwebspheremqgtsgatewayqm2.citi.com
cardactivation.citi.com
Preview.online.citi.com
Financialtools.citi.com
mobilesoasit2.citi.com
friendlyusertest.creditcards.citi.com
soawebsocketuat.citi.com
www.privatebank.citibank.com
ibmwebspheremqgtprdfus17.citi.com
efdissecuresignuat.citi.com
LyncProdDR.EUR.NSROOT.NET
ibmwebspheremqmrnpbc45.citi.com
citicards.citi.com
expresswaye02.emealabs.citi.com
www.uat.payment.citi.com
security1.citi.com
ibmwebspheremqmdltbc04.citi.com.citi.com
supplierportal.uattec.citi.com
extracash.citi.com
ibmwebspheremqgtprdca04.citi.com
chat.online.citi.com
mailir.citi.com
ibmwebspheremqswprdmob02.citi.com
ibmwebspheremqswprdbby05.citi.com
concierge.citi.com
paymentexchange.cte.transactionservices.citi.com
businesspopmoney.citi.com
citiconnectbeneficiaryadvising.citi.com
approvepay.citi.com
ibmWebSphereMQSP02P.citi.com
www.citibank.co.uk
sit7.online.citi.com
citiconnectbeneficiaryadvising.citi.com
locationtracker.citi.com
ibmwebspheremqmdlpbc03.citi.com
ibmwebspheremqmrnpbc30.citi.com
uat.approvepay.citi.com
vmr.emealabs.citi.com
supplierportal.uat.citi.com
ibmwebspheremqmdlpbc31.citi.com
survey.emailapps.emea.citi.com
ibmWebSphereMQCSGDU.citi.com
wiresuat2.citi.com
www.privatebank.citibank.com
citifundremoteaccess.transactionservices.citi.com
www.retailservicescommercial.citi.com
uat.citi.com
icg.citi.com
paymentexchange.cte.transactionservices.citi.com
ibmwebspheremqfpsnam_prod.citi.com
uat.remoteoffice.citigroup.com
ibmwebspheremqrd03u.citi.com
sip.citi.com
creditscore.citi.com
ibmwebspheremqmdlpbc43.citi.com
wiresuat1.citi.com
uat.citi.com
ibmwebspheremqgtaemf4qm.sit.citi.com
presentandpay.citi.com
www.identityprotection.citi.com
mobilesoaaspac.citi.com
mobileservices.nam.citiprivatebank.citi.com
aspac.api2s.citi.com
eur.vmr.citi.com
www.paymentaidplus.citi.com
m.partner.citi.com
mobilesoaaspac2.citi.com
dit01.creditcards.citi.com
businessaccess.citibank.citigroup.com
ir.citi.com
aspac.api.citi.com
mobilesoaaspac2.citi.com
soawebsocketsit.citi.com
ibmwebspheremqnaissc2p.citi.com
reset.uat.citi.com
ibmwebspheremqswlodcol01.citi.com
ibmwebspheremqgtprdorg02.citi.com
uat.citigoldlounges.citi.com
ibmwebspheremqicgqm1.qc1.citi.com
ibmwebspheremqmdlpbc48.citi.com
uat.citigoldlounges.citi.com
lync13poolnamdev1.namdev.nsrootdev.net
uat.ir.citi.com
sit15.accountonline.citi.com
metrics1.citi.com
citipaymentexchange.citi.com
ibmwebspheremqgtlodrpl01.citi.com
myassetbasedlending.citi.com

Certificate

The complete raw certificate details for dit01.creditcards.citi.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIETCCBvmgAwIBAgIQRLJeASYy115Ud6SESY5mfzANBgkqhkiG9w0BAQsFADB3
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTYwMjE2MDAwMDAwWhcNMTcxMDA2
MjM1OTU5WjCCAQsxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIB
AgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD
VQQFEwcyMTU0MjU0MQswCQYDVQQGEwJVUzEOMAwGA1UEEQwFMTAwNDMxETAPBgNV
BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECQwPMzk5IFBh
cmsgQXZlbnVlMRcwFQYDVQQKDA5DaXRpZ3JvdXAgSW5jLjENMAsGA1UECwwEQ2l0
aTEjMCEGA1UEAwwaZGl0MDEuY3JlZGl0Y2FyZHMuY2l0aS5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa7e2jT5+vF+C6arIvzbFAdcL0SCaygOKM
MoGKNCUv3c7Kvmrhelu0nAqX0ugoKP8KihuvYeoh9fcb3n0N8hx2Ra/QlFFWCrzM
xXtEeLCYZOxFKRIwzBZZsj0VuHnipFqduUoI3wDDe1emF2avDgeZ+Kb4YBUJ/J3B
Fs9iUoyAfrLK7FVNgMk/lYMNUt/YD2Gw83We/H4QRdPKDFg1wpTka39Mjc15t7sk
60NDxqOOu57D+/pHtiNJF8IXnh54GOihLuYk8zHei0mayApUz99mc5bsIwMdOjS8
DRqaptTCI5iWp1f021ZhECIx5XMz5pSDWF1LrrKX6OzECtkwrt0LAgMBAAGjggQB
MIID/TCCATEGA1UdEQSCASgwggEkghpkaXQwMS5jcmVkaXRjYXJkcy5jaXRpLmNv
bYIaZGl0MDIuY3JlZGl0Y2FyZHMuY2l0aS5jb22CGmRpdDAzLmNyZWRpdGNhcmRz
LmNpdGkuY29tghpkaXQwNC5jcmVkaXRjYXJkcy5jaXRpLmNvbYIgcHJvZHVjdGVz
dDEuY3JlZGl0Y2FyZHMuY2l0aS5jb22CIHByb2R1Y3Rlc3QyLmNyZWRpdGNhcmRz
LmNpdGkuY29tghpkaXQxMS5jcmVkaXRjYXJkcy5jaXRpLmNvbYIaZGl0MTIuY3Jl
ZGl0Y2FyZHMuY2l0aS5jb22CGnNpdDExLmNyZWRpdGNhcmRzLmNpdGkuY29tghpz
aXQxMi5jcmVkaXRjYXJkcy5jaXRpLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwZgYDVR0gBF8wXTBb
BgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29t
L2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNV
HSMEGDAWgBQBWavn3ToLWaZkY9bPIAdX1ZHnajArBgNVHR8EJDAiMCCgHqAchhpo
dHRwOi8vc3Iuc3ltY2IuY29tL3NyLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYB
BQUHMAGGE2h0dHA6Ly9zci5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9z
ci5zeW1jYi5jb20vc3IuY3J0MIIBewYKKwYBBAHWeQIEAgSCAWsEggFnAWUAdQDd
6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVLrrInuAAAEAwBGMEQC
IE8Da4f8JCuGp9IIKsVgq3QgdD0houSiHZQ8mm8sitU2AiBChBc2LVhjYq4XIJdA
lsxVHUaFM2ER4s1yt1mjeq7f9QB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3
zQ7IDdwQAAABUuusijUAAAQDAEYwRAIgYPSiNJySIiBfgp1KXnWFUqNw274MhXw0
Pt6SEdd63hECIElns7+oxKCMPY8cXb1L282oLaRVB6DA7evmk41hGJoKAHUAaPaY
+B9kgr46jO65KB1M/HFRXWeT1ETRCmesu09P+8QAAAFS66yKFgAABAMARjBEAiAL
dwBNbAClmeb/ZetNAhcLytHMF5LJpNzyCMc7AuHA5wIgBA/L+6dwOsD/pZ4rJCTW
pKj5csm59izBrnTi4kCm4WswDQYJKoZIhvcNAQELBQADggEBACMeF9qrripzAZv/
AKvXO9L4cYRrAiusW+40+9Cd8qRtSOlPBlbH9WaeE6E/LRgydk7QGErzHVYi+21u
hapRcKrwXAuQaxvnHeTmsbpwWEQGG4WML8+QxJIlS5ywhI9mnJ324HSOsL4ePv7Z
lUsp3nLkTTuslXKnL0yXL2eWKUOPnvq4J/dCOA4X0esjByOUBS/OvlpgnIqc/h25
R69DBLrZCVDsv9dYDg8VEYwYT6pow96OFaKShIfEKWkhHmSmWRnJ3iPcAJEpjgyZ
/dJTpWXr/S8Ti1BmCtyLpQ84LjtsuF0u4Mx+/trnwUZLJd+pDK4a37r6P/wI+/uS
ZONI9EE=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2u3to0+frxfgumqyL82x
QHXC9EgmsoDijDKBijQlL93Oyr5q4XpbtJwKl9LoKCj/Coobr2HqIfX3G959DfIc
dkWv0JRRVgq8zMV7RHiwmGTsRSkSMMwWWbI9Fbh54qRanblKCN8Aw3tXphdmrw4H
mfim+GAVCfydwRbPYlKMgH6yyuxVTYDJP5WDDVLf2A9hsPN1nvx+EEXTygxYNcKU
5Gt/TI3Nebe7JOtDQ8ajjruew/v6R7YjSRfCF54eeBjooS7mJPMx3otJmsgKVM/f
ZnOW7CMDHTo0vA0amqbUwiOYlqdX9NtWYRAiMeVzM+aUg1hdS66yl+jsxArZMK7d
CwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 91313639191746278159687615363016451711
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Symantec Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Symantec Trust Network'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Symantec Class 3 EV SSL CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-02-16 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-10-06 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Delaware'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '2154254'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '10043'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '399 Park Avenue'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Citigroup Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Citi'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'dit01.creditcards.citi.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27637277286935010896895968886399508840643202211060158092585728954224699418073945183818178370937876941095376208900832653096539947491005279119238831210395029622775675836134761015187663788040501033222284190175792591967420975929231927128124607201321660157900104484378071472113007520847677428142952765688372150816994102737199317161601959561937837539018859624498035416800566406076549270921916668044182894222193409139757904005271268691846018161093858302717751261291352915359206188140180650152109319790975451161084756014262268170280565875815651449732588660415605153435179851629840245927661703481043552830612579640328854625547
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (296 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dit01.creditcards.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dit02.creditcards.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dit03.creditcards.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dit04.creditcards.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'productest1.creditcards.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'productest2.creditcards.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dit11.creditcards.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dit12.creditcards.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sit11.creditcards.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sit12.creditcards.citi.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (95 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.113733.1.7.23.6 (VeriSign EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://d.symcb.com/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:26|false] VisibleString, ISO646String [104 116 116 112 115 58 47 47 100 46 115 121 109 99 98 46 99 111 109 47 114 112 97]
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0159abe7dd3a0b59a66463d6cf200757d591e76a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sr.symcb.com/sr.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sr.symcd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sr.symcb.com/sr.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (359 bytes)
							0165007500ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc00000152ebac89ee000004030046304402204f036b87fc242b86a7d2082ac560ab7420743d21a2e4a21d943c9a6f2c8ad5360220428417362d586362ae1720974096cc551d4685336111e2cd72b759a37aaedff5007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000152ebac8a350000040300463044022060f4a2349c9222205f829d4a5e758552a370dbbe0c857c343ede9211d77ade1102204967b3bfa8c4a08c3d8f1c5dbd4bdbcda82da45507a0c0edebe6938d61189a0a00750068f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc400000152ebac8a16000004030046304402200b77004d6c00a599e6ff65eb4d02170bcad1cc1792c9a4dcf208c73b02e1c0e70220040fcbfba7703ac0ffa59e2b2424d6a4a8f972c9b9f62cc1ae74e2e240a6e16b
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00231e17daabae2a73019bff00abd73bd2f871846b022bac5bee34fbd09df2a46d48e94f0656c7f5669e13a13f2d1832764ed0184af31d5622fb6d6e85aa5170aaf05c0b906b1be71de4e6b1ba705844061b858c2fcf90c492254b9cb0848f669c9df6e0748eb0be1e3efed9954b29de72e44d3bac9572a72f4c972f679629438f9efab827f742380e17d1eb23072394052fcebe5a609c8a9cfe1db947af4304bad90950ecbfd7580e0f15118c184faa68c3de8e15a2928487c42969211e64a65919c9de23dc0091298e0c99fdd253a565ebfd2f138b50660adc8ba50f382e3b6cb85d2ee0cc7efedae7c1464b25dfa90cae1adfbafa3ffc08fbfb9264e348f441