*.identity-stage.adobe.com

- Adobe Inc. -

Issued by DigiCert Global G2 TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 0d:91:18:52:46:2d:c2:f0:e0:8f:22:67:70:1f:9b:f5 was issued on by DigiCert Inc.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Adobe Inc.

Organization: Adobe Inc.
State / Province: California
Locality: San Jose
Country: US

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0d:91:18:52:46:2d:c2:f0:e0:8f:22:67:70:1f:9b:f5
Serial Number (int): 18033340285950543095526528494900059125
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 5e:09:bd:7a:88:ea:ce:83:a7:de:12:e3:fd:70:a8:00:e7:c2:26:62
AuthorityKeyId: 74:85:80:c0:66:c7:df:37:de:cf:bd:29:37:aa:03:1d:be:ed:cd:17

Fingerprint (sha1): d3:db:13:e1:0f:30:99:c2:f2:56:89:9c:3d:3a:3f:80:15:b2:9c:7a
Fingerprint (sha256): 05:71:0c:88:0c:d5:b6:f8:ac:89:c6:5d:18:ca:6e:1c:94:2a:ff:bc:35:61:d7:b5:6a:9f:55:4b:ab:6a:7e:5b

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl

Check the revocation status for certificate *.identity-stage.adobe.com

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.identity-stage.adobe.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.identity-stage.adobe.com
aadsync-stage.services.adobe.com
delegated-stg1.adobelogin.com

Other certificates including the domain name adobe.com

(limited to 100 certificates)
dublin-1-ext.vpn.adobe.com
als.adobe.com
*.dev.adobelogin.com
cert00023-azurecdn.akamaized.net
mc.corp.adobe.com
sa58gl.wpc.edgecastcdn.net
reportbuilder-stage.an.adobe.com
todds-plm-test-cert.corp.adobe.com
cert00037-azurecdn.akamaized.net
cert00050-azurecdn.akamaized.net
m2.shared.global.fastly.net
adsync-va6.identity.adobe.com
das.corp.adobe.com
aemforms.corp.adobe.com
sj1010005183081.corp.adobe.com
cert00059-azurecdn.akamaized.net
cert00091-azurecdn.akamaized.net
ims-na1-stg1.adobelogin.com
cert00080-azurecdn.akamaized.net
lams.corp.adobe.com
lp.owarnersb.journeyusshared.adobe.com
cert00059-azurecdn.akamaized.net
prospective.shared.global.fastly.net
*.publish.adobe.com
ox-d.adobe.com
cert00059-azurecdn.akamaized.net
or1010050161108.corp.adobe.com
or1d-sevone.corp.adobe.com
noida-inet-cp.corp.adobe.com
cert00009-azurecdn.akamaized.net
dashmonitor-stg.corp.adobe.com
distribute.adobe.com
*.campaign-sandbox.adobe.com
web-stage.corp.adobe.com
cert00037-azurecdn.akamaized.net
aemm.adobe.com
deletemeserver1.corp.adobe.com
sj1010010040073.corp.adobe.com
learning-aws.adobe.com
*.app-eu.fusion.adobe.com
*.s3-region1.s3-sj-lab.corp.adobe.com
butail-wx-4.corp.adobe.com
nitintest.corp.adobe.com
s7confucius.corp.adobe.com
cert00042-azurecdn.akamaized.net
or1010020030040.corp.adobe.com
aemtrials.corp.adobe.com
or1010051197048.corp.adobe.com
edgewebfonts.adobe.com
cert00076-azurecdn.akamaized.net
secure08.lithium.com
cert00017-azurecdn.akamaized.net
aws-airflow.dev.cloud-automation.corp.adobe.com
staticanalysis.corp.adobe.com
redirect.adobe.com
ssl.adobe.com
maas-api-stage.corp.adobe.com
testabc.corp.adobe.com
test78901.corp.adobe.com
or1010050072011.corp.adobe.com
secure.va.adobesignpreview.com
k2.shared.global.fastly.net
event.adobe.com
plmprdtest1.corp.adobe.com
tyocmpub.pac.adobe.com
messages.adobe.com
lcforms.adobe.com
secure08.lithium.com
h2.shared.global.fastly.net
anuvaad65.dev.corp.adobe.com
or1010050166106.corp.adobe.com
prospective.shared.global.fastly.net
dns-vetting1l.map.fastly.net
cert00023-azurecdn.akamaized.net
cert00050-azurecdn.akamaized.net
cert00037-azurecdn.akamaized.net
exchange.adobe.com
*.or.k8s.ipaas.corp.adobe.com
emeaexpcore2.corp.adobe.com
saltit-dim.corp.adobe.com
primeapps-stage.adobe.com
or1010050165132.corp.adobe.com
b2bwmfix.corp.adobe.com
cert00023-azurecdn.akamaized.net
bast-linux-qa-hb-135.corp.adobe.com
cert00023-azurecdn.akamaized.net
dashboard-stg.k8s.or1.itcloud.corp.adobe.com
toddtestcert.corp.adobe.com
data.b2bmail.adobe.com
developers.adobe.com
cert00037-azurecdn.akamaized.net
cert00010-azurecdn.akamaized.net
cert00010-azurecdn.akamaized.net
asa-noida-1.adobe.com
cert00017-azurecdn.akamaized.net
gportal.corp.adobe.com
marketplace-stg2.magento.com
secure08.lithium.com
or1010050157209.corp.adobe.com
k2.shared.global.fastly.net

Certificate

The complete raw certificate details for *.identity-stage.adobe.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHLDCCBhSgAwIBAgIQDZEYUkYtwvDgjyJncB+b9TANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQw
NTIyMDAwMDAwWhcNMjUwNjIyMjM1OTU5WjBvMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxEzARBgNVBAoTCkFkb2Jl
IEluYy4xIzAhBgNVBAMMGiouaWRlbnRpdHktc3RhZ2UuYWRvYmUuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YQeujnoM2s4iYvRcQoB+PUwv8Nt
heF50XhUrDhyfBCxUmkdyFqMSd/eiKtdC9JI6Za2n+Bo8y7QOt7BsCvpPA+QvVRW
5lSDc52kk1ogIH23MegLot36veDmtrFLUL2+0aBuQRnyURkyGAByJeWz17v09KH4
UoiOZpyb3GOB+aEUOVWO7A2Z/EWCkgd+HaUlX9OsO3f1tR5LB7EqPX+2zAI8Hlb3
vRQNeurGG7dGGdTptm98q/fNJBv04Gq8d0f095r6ZdvgABmAMXjrlplzaeE5KLFc
g41H42cDq1jQ/fuu9nADjp6NKa2AZMzXKdza4HNqRWFK+mt7hYvUIjwE6QIDAQAB
o4ID2DCCA9QwHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0O
BBYEFF4JvXqI6s6Dp94S4/1wqADnwiZiMGYGA1UdEQRfMF2CGiouaWRlbnRpdHkt
c3RhZ2UuYWRvYmUuY29tgiBhYWRzeW5jLXN0YWdlLnNlcnZpY2VzLmFkb2JlLmNv
bYIdZGVsZWdhdGVkLXN0ZzEuYWRvYmVsb2dpbi5jb20wPgYDVR0gBDcwNTAzBgZn
gQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BT
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
gZ8GA1UdHwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp
Z2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMEigRqBEhkJo
dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNI
QTI1NjIwMjBDQTEtMS5jcmwwgYcGCCsGAQUFBwEBBHsweTAkBggrBgEFBQcwAYYY
aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFEGCCsGAQUFBzAChkVodHRwOi8vY2Fj
ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIw
MjBDQTEtMS5jcnQwDAYDVR0TAQH/BAIwADCCAX8GCisGAQQB1nkCBAIEggFvBIIB
awFpAHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGPoGeeewAA
BAMARzBFAiEAuROECML3qhpq1GYytuNeOyALZdKEvKcolBiGCifZESwCIBBuoHp/
DYg144z1mZ6C0oYXDiRbnPd4KkBwTEJSVQnuAHcAfVkeEuF4KnscYWd8Xv340Idc
FKBOlZ65Ay/ZDowuebgAAAGPoGed3wAABAMASDBGAiEAgTr/7VGrUzn0hCRjm3MO
xxtuNoqnCrXHz0rO9NwFdxgCIQDUx6mQ2DUf/nwesrdtIQX3wvaCNi491D7f3AUO
PQ9AKQB2AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45QAAABj6BnnesA
AAQDAEcwRQIhAKDo/RYkY/Nakg8pKi6mAOOM3+bxURNNmPMrBUQ1v6vDAiBeqnpu
Dh5XwWsOo8pCziqtuOYhiOPktv987SYTOXqCsTANBgkqhkiG9w0BAQsFAAOCAQEA
QEbyAbpgHdikj85/tXES4OSVsvqnW7Z3ec0A61XAYGkK2cqPSPEX82JyDZZ80Eii
AOqhsT6GEwm5VExU0W/ktAXbKmImGrwWEb/fLsaDqI0SvZEvIjOP5kv3OlbX2SPU
GpSMkxPYNxWjLb4VUm1IEZ3zJZ91qDyylbMyeksU63Xvl+F4rw+/gFYfq1vTM9LV
EGQc5A60GAk6TQi2eQkOKthzqGhoM02H8vBkoyZXQKexz31tTTuAlVbVJAY6IRKr
eElBcE4/cQZTwPPPWgmg0WKSc8UHQkqLVGk+6uwqwLSsalvd5wxFvkuXuzSjhhab
LnrCVABnAC1igAQ4ImwNfQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YQeujnoM2s4iYvRcQoB
+PUwv8NtheF50XhUrDhyfBCxUmkdyFqMSd/eiKtdC9JI6Za2n+Bo8y7QOt7BsCvp
PA+QvVRW5lSDc52kk1ogIH23MegLot36veDmtrFLUL2+0aBuQRnyURkyGAByJeWz
17v09KH4UoiOZpyb3GOB+aEUOVWO7A2Z/EWCkgd+HaUlX9OsO3f1tR5LB7EqPX+2
zAI8Hlb3vRQNeurGG7dGGdTptm98q/fNJBv04Gq8d0f095r6ZdvgABmAMXjrlplz
aeE5KLFcg41H42cDq1jQ/fuu9nADjp6NKa2AZMzXKdza4HNqRWFK+mt7hYvUIjwE
6QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 18033340285950543095526528494900059125
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global G2 TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-22 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-06-22 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'San Jose'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Adobe Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.identity-stage.adobe.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26448956552452814939860367852858711925315084945594220890809117296472502365415014998913259419080882355045675283484051590960728144469251705949233616410239621482912949847076563320136480049334832059755352645050799077720733359649897435357141231318111676369593336714882271056396532345660309404708740337199077118534131606075647302073657853787915498769748232830570040379724017323163104392157870294534864800449534211002390904011159656293548060630125322416109336908013581444033632197431043210507232792862363092152434511920383292325200627539073225603012629429887094796512294226140167671793243702240551684885046254682936008508649
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 748580c066c7df37decfbd2937aa031dbeedcd17
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5e09bd7a88eace83a7de12e3fd70a800e7c22662
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (95 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.identity-stage.adobe.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aadsync-stage.services.adobe.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'delegated-stg1.adobelogin.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							01690076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018fa0679e7b0000040300473045022100b9138408c2f7aa1a6ad46632b6e35e3b200b65d284bca7289418860a27d9112c0220106ea07a7f0d8835e38cf5999e82d286170e245b9cf7782a40704c42525509ee0077007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018fa0679ddf0000040300483046022100813affed51ab5339f48424639b730ec71b6e368aa70ab5c7cf4acef4dc057718022100d4c7a990d8351ffe7c1eb2b76d2105f7c2f682362e3dd43edfdc050e3d0f4029007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018fa0679deb0000040300473045022100a0e8fd162463f35a920f292a2ea600e38cdfe6f151134d98f32b054435bfabc302205eaa7a6e0e1e57c16b0ea3ca42ce2aadb8e62188e3e4b6ff7ced2613397a82b1
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004046f201ba601dd8a48fce7fb57112e0e495b2faa75bb67779cd00eb55c060690ad9ca8f48f117f362720d967cd048a200eaa1b13e861309b9544c54d16fe4b405db2a62261abc1611bfdf2ec683a88d12bd912f22338fe64bf73a56d7d923d41a948c9313d83715a32dbe15526d48119df3259f75a83cb295b3327a4b14eb75ef97e178af0fbf80561fab5bd333d2d510641ce40eb418093a4d08b679090e2ad873a86868334d87f2f064a3265740a7b1cf7d6d4d3b809556d524063a2112ab784941704e3f710653c0f3cf5a09a0d1629273c507424a8b54693eeaec2ac0b4ac6a5bdde70c45be4b97bb34a386169b2e7ac2540067002d62800438226c0d7d