ifg.iata.org

- International Air Transport Association -

Issued by Thawte RSA CA 2018

About this certificate

This digital certificate with serial number 01:ef:3e:5f:2e:e4:72:7d:a1:df:19:b7:a2:36:3c:71 was issued on by DigiCert Inc.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

International Air Transport Association

Organization: International Air Transport Association
Organization unit: Network Services
State / Province: Quebec
Locality: Montreal
Country: CA

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 01:ef:3e:5f:2e:e4:72:7d:a1:df:19:b7:a2:36:3c:71
Serial Number (int): 2571451995558091140741086602044259441
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: f1:d3:02:78:f1:b2:b3:41:90:cf:ac:61:ec:a0:fd:d0:89:80:8b:55
AuthorityKeyId: a3:c8:5e:65:54:e5:30:78:c1:05:ea:07:0a:6a:59:cc:b9:fe:de:5a

Fingerprint (sha1): cc:9a:94:23:1c:2c:65:03:87:6d:a1:c1:9c:00:07:6f:a3:02:b9:92
Fingerprint (sha256): 06:33:24:1f:41:67:99:36:5d:fe:73:30:95:a2:5d:aa:63:52:9c:ff:56:cb:32:d0:af:18:c6:a5:a3:dc:1e:df

Issuing Certificate URL: http://cacerts.thawte.com/ThawteRSACA2018.crt

Revocation information

OCSP Server: http://status.thawte.com
CRL Distribution Point: http://cdp.thawte.com/ThawteRSACA2018.crl

Check the revocation status for certificate ifg.iata.org

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ifg.iata.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ifg.iata.org

Other certificates including the domain name iata.org

(limited to 100 certificates)
sni.cloudflaressl.com
guides.developer.iata.org
sni.cloudflaressl.com
merchantstatus.paysafecard.com
pass-test.iata.org
sni.cloudflaressl.com
sni.cloudflaressl.com
www.highq.com
sni.cloudflaressl.com
www.highq.com
*.developer.iata.org
iccsdevqa-int.iata.org
*.cargois.iata.org
dgautocheck.iata.org
5709436928655360-fe2.pantheonsite.io
sni.cloudflaressl.com
ezdiharstatus.mambu.com
standards.iata.org
bo.digitalcredentials.iata.org
sni26824.cloudflaressl.com
sni.cloudflaressl.com
*.cargois.iata.org
ezdiharstatus.mambu.com
merchantstatus.paysafecard.com
ras2.iata.org
sni.cloudflaressl.com
sni.cloudflaressl.com
iris.iata.org
ifg.iata.org
ttbs.iata.org
sfb-access-la.iata.org
nextt.iata.org
ras4.iata.org
merchantstatus.paysafecard.com
ras3.iata.org
theplanner.co.uk
5709436928655360-fe2.pantheonsite.io
airlines.iata.org
casslink-test.iata.org
5709436928655360-fe2.pantheonsite.io
www.highq.com
pubdownload.iata.org
sni.cloudflaressl.com
ras2.iata.org
www.planestories.iata.org
standards.iata.org
5709436928655360-fe2.pantheonsite.io
theplanner.co.uk
prod.2.slot.cdn.salesforce-communities.com
sni26824.cloudflaressl.com
ssl826589.cloudflaressl.com
www.highq.com
isftp.iata.org
casslink-imp-test.iata.org
sso.iata.org
iccspprod-api.iata.org
5709436928655360-fe2.pantheonsite.io
iata-pay.iata.org
dev-dgautocheck-admin.iata.org
backoffice.digitalcredentials.iata.org
irisqabiz.iata.org
www.highq.com
sni.cloudflaressl.com
sni.cloudflaressl.com
www.highq.com
o365.iata.org
sni.cloudflaressl.com
iccsqa-dsig.iata.org
merchantstatus.paysafecard.com
extranet.iata.org
sni.cloudflaressl.com
sfb-access-ny.iata.org
5709436928655360-fe2.pantheonsite.io
zrh-ss.iata.org
www.highq.com
marketis.iata.org
iccsqa-api.iata.org
devsso.iata.org
elearning.iata.org
webstarmobile.iata.org
www.highq.com
www.highq.com
qa-dgautocheck.iata.org
iccsqa-xenc.iata.org
merchantstatus.paysafecard.com
sni.cloudflaressl.com
t4.staging.timatic.iata.org
*.spapps.iata.org
sni.cloudflaressl.com
airlines.iata.org
easypay1-qa.iata.org
ssl919904.cloudflaressl.com
sni.cloudflaressl.com
sni26824.cloudflaressl.com
5709436928655360-fe2.pantheonsite.io
isweb.iata.org
sni.cloudflaressl.com
merchantstatus.paysafecard.com
demoacmg.iata.org
sni26824.cloudflaressl.com

Certificate

The complete raw certificate details for ifg.iata.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIQAe8+Xy7kcn2h3xm3ojY8cTANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcN
MTgwODE3MDAwMDAwWhcNMjAwNzMxMTIwMDAwWjCBlTELMAkGA1UEBhMCQ0ExDzAN
BgNVBAgTBlF1ZWJlYzERMA8GA1UEBxMITW9udHJlYWwxMDAuBgNVBAoTJ0ludGVy
bmF0aW9uYWwgQWlyIFRyYW5zcG9ydCBBc3NvY2lhdGlvbjEZMBcGA1UECxMQTmV0
d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMaWZnLmlhdGEub3JnMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq90mDO3HnV0k0XNEan+gM29Gpau/gHjfXP62
1RpaNk8tNDeboNKPAsoRbksDfR0qulmP1YhIhyEVNSUbqk2qRDez+z904iMJQgX8
N6KFGwP1QOK9W4lXm8vc8EvRBTOTQ0NDAKmMLj/EUQSr7lWFrgzvIzXcYeYsaYo5
7IeyKjJtJ2jJjXuADl5ShROoIuBz7YR+Y5koTG4IiCOdTb9XmjRnbJT721kQSLSl
qTE/04oZfRGXhPBCfiwaW/X9iKlGgp/047ih7W2hc3OfifskstTXSyUqjVVK/EfW
utQ/415DsqWjVlM58pmOZky7/kpkSeJQMdR9VzrrRfThde97ewIDAQABo4IBpzCC
AaMwHwYDVR0jBBgwFoAUo8heZVTlMHjBBeoHCmpZzLn+3lowHQYDVR0OBBYEFPHT
AnjxsrNBkM+sYeyg/dCJgItVMBcGA1UdEQQQMA6CDGlmZy5pYXRhLm9yZzAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1Ud
HwQzMDEwL6AtoCuGKWh0dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIw
MTguY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0
dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMG8GCCsGAQUFBwEB
BGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29tMDkGCCsG
AQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAx
OC5jcnQwCQYDVR0TBAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0B
AQsFAAOCAQEArCi9yVikvtJodsfAhASd5w8EM3c4BDRexC7zFH4iN10mmFEHu27S
utVhTGFVtuWUjKV0kkgE7Jf6lWoNnOXldLj4iLRk8AO1P4SWaesZ1y5V3V05gMCv
JHP4yozcQUxBxGLKlWQ11eczSB/R4t3j8vRzvHAc5JrXZjyqtg6FjmbhnYVsbJNP
SN/RQ0zwmK+jyvWIBJAUCZ9cxKOQtO3FKCdvfQY/sySgf3Ak+D93nTPL+ilj91C3
ugr0fv7T7Tf/kwB6JPP6dZrAncdKGzdDCsA4JWd1lceCQNCvGovqGsrPaFgmBL19
KoSnQsiCpAjkIq0hqOUYLsp7ymjRgwY7YA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq90mDO3HnV0k0XNEan+g
M29Gpau/gHjfXP621RpaNk8tNDeboNKPAsoRbksDfR0qulmP1YhIhyEVNSUbqk2q
RDez+z904iMJQgX8N6KFGwP1QOK9W4lXm8vc8EvRBTOTQ0NDAKmMLj/EUQSr7lWF
rgzvIzXcYeYsaYo57IeyKjJtJ2jJjXuADl5ShROoIuBz7YR+Y5koTG4IiCOdTb9X
mjRnbJT721kQSLSlqTE/04oZfRGXhPBCfiwaW/X9iKlGgp/047ih7W2hc3Ofifsk
stTXSyUqjVVK/EfWutQ/415DsqWjVlM58pmOZky7/kpkSeJQMdR9VzrrRfThde97
ewIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2571451995558091140741086602044259441
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-08-17 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-07-31 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Quebec'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Montreal'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'International Air Transport Association'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Network Services'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ifg.iata.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21695802605445882744703044754149315294863125585950408049358303056319520688768788557602526720494246434550559532547362194637366752395070831114745830328840577810819460941384930503050560565329622886805436974047492896741065829881467758972675912324917230728682355236797997725164285084298581551656631553946660510841345675412438791181153124351464765893837514953521575574911409804501250184652657762447857023810359229511228203404041786592732432971096910208887576245746247085788847177695312332870115125196417653914929414002692762072448772427116424210286428258498947157432242416095980883956398873602700480160699195745778132810619
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a3c85e6554e53078c105ea070a6a59ccb9fede5a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f1d30278f1b2b34190cfac61eca0fdd089808b55
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (16 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ifg.iata.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (51 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00ac28bdc958a4bed26876c7c084049de70f0433773804345ec42ef3147e22375d26985107bb6ed2bad5614c6155b6e5948ca574924804ec97fa956a0d9ce5e574b8f888b464f003b53f849669eb19d72e55dd5d3980c0af2473f8ca8cdc414c41c462ca956435d5e733481fd1e2dde3f2f473bc701ce49ad7663caab60e858e66e19d856c6c934f48dfd1434cf098afa3caf588049014099f5cc4a390b4edc528276f7d063fb324a07f7024f83f779d33cbfa2963f750b7ba0af47efed3ed37ff93007a24f3fa759ac09dc74a1b37430ac03825677595c78240d0af1a8bea1acacf68582604bd7d2a84a742c882a408e422ad21a8e5182eca7bca68d183063b60