cmssrv628.fnal.gov

- Fermi Research Alliance -

Issued by InCommon RSA IGTF Server CA 3

About this certificate

This digital certificate with serial number 39:ab:88:1f:f8:d0:e5:15:e5:e9:b6:c5:37:d8:06:e9 was issued on by Internet2.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Fermi Research Alliance

Organization: Fermi Research Alliance
State / Province: Illinois
Country: US

Internet2

Organization: Internet2
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 39:ab:88:1f:f8:d0:e5:15:e5:e9:b6:c5:37:d8:06:e9
Serial Number (int): 76656639463333615681414435805473539817
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 19:a8:0c:80:b2:b7:83:08:df:d9:65:cb:23:ba:e9:75:36:ef:7b:47
AuthorityKeyId: 16:36:a5:e3:31:7b:bf:67:f6:b2:b7:e7:ea:54:ef:57:30:be:c7:e5

Fingerprint (sha1): bd:a9:5b:c7:6a:1d:d5:0f:76:c3:9f:ad:52:0d:4a:1b:b6:fc:de:0b
Fingerprint (sha256): 06:8e:47:86:74:7c:b1:c8:de:09:f8:0d:f4:b5:c3:cd:67:59:9a:c0:ed:52:b7:48:11:2a:3b:dc:ce:7a:ec:46

Issuing Certificate URL: http://crt.sectigo.com/InCommonRSAIGTFServerCA3.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/InCommonRSAIGTFServerCA3.crl

Check the revocation status for certificate cmssrv628.fnal.gov

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for cmssrv628.fnal.gov

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

cmssrv628.fnal.gov

Other certificates including the domain name fnal.gov

(limited to 100 certificates)
uboonepro-uboonegpvm01.fnal.gov
gpce03.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
stkendca71a.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
lpcschedd3.fnal.gov
samwebgpvm03.fnal.gov
ftdc2.fermitest.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
pubstor2231.fnal.gov
*.fnal.gov
nsexpe2.fnal.gov
cmsstor341.fnal.gov
*.fnal.gov
uhosts.fnal.gov
www-bss.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmssi-factory02.fnal.gov
*.fnal.gov
uhosts.fnal.gov
fermi-rsa-2.fnal.gov
*.fnal.gov
cmseos-tf1103.fnal.gov
rcds01.fnal.gov
*.fnal.gov
*.fnal.gov
ssiadmin3.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos511.fnal.gov
uhosts.fnal.gov
fcdfcache122.fnal.gov
*.fnal.gov
*.fnal.gov
cmssrv628.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
cmseos1144.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
icaruspro-icarusgpvm01.fnal.gov
cmsstor907.fnal.gov
*.fnal.gov
*.fnal.gov
fifeutilgpvm01.fnal.gov
fermicloud527.fnal.gov
*.fnal.gov
*.fnal.gov
fndcaitb1.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos-if1102.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
fermicloud363.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos517.fnal.gov
rcodegpvm02.fnal.gov
cmseos56.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb03.fnal.gov
*.fnal.gov
accelaipro-accelaigpvm01.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb04.fnal.gov
cmseos34.fnal.gov
fndca5b.fnal.gov
*.fnal.gov

Certificate

The complete raw certificate details for cmssrv628.fnal.gov in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGrzCCBRegAwIBAgIQOauIH/jQ5RXl6bbFN9gG6TANBgkqhkiG9w0BAQwFADBJ
MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMSYwJAYDVQQDEx1JbkNv
bW1vbiBSU0EgSUdURiBTZXJ2ZXIgQ0EgMzAeFw0yMzEyMDcwMDAwMDBaFw0yNTAx
MDUyMzU5NTlaMIGOMRMwEQYKCZImiZPyLGQBGRYDb3JnMRgwFgYKCZImiZPyLGQB
GRYIaW5jb21tb24xCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEgMB4G
A1UEChMXRmVybWkgUmVzZWFyY2ggQWxsaWFuY2UxGzAZBgNVBAMTEmNtc3NydjYy
OC5mbmFsLmdvdjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOYHM3wg
T3H0ymC9JPPW6snhgZpNEYZo4TSBbfJDFiOhhdJTJwR0QwWT2RVHpF7vgQ+Sibuf
cEL7D3ieSHm3ptLY5Tvl3JqmUOxA0x+26zozSbxoiZgkuFfi8UPAV78bxurVYoON
Iw+3R1+1dkbBbmiMILH7H0HLpkptqQKUat6vpGKEmfKoO1xB0PRcrHMl6NmfwXi0
5gUY2Q03skBwSzqxGt/9e9lKAgvsJ5TQfENc8DkPpIBlJ7XMkkNzjRXXzEY+jDxK
LPY3Ei81WW8wUbRhfaJAKIkVMS+Kdg+Mazygzcl9i21c7w6SPoF9YWIzJT0PMRXP
msa4hu/Pbpk9d9AuRu1xMKr4XC6PJNhA+qez/SDN9zsvcOFgAHHDZj9GByw5ixXd
xYZ1vB7Gsimhe459S3TYoplUzSJ6t6tkF4462MVS/dGsRNOjBhtDZh0yrx/RGGDC
PrhAgevtrUl4+uJHrrL9X0QB+OAXveHkNqAmFJBxSlNXeWzvHU+lnz2nBxzBfZa5
0+y4Na61245cE9rTPi0Q3cmjusDw8WY8s68ObPTcarlRTpQUUcJ+kI04qtO+j209
vZQffEjTIpO7tn2BQarimiY9iQqv4OaES0oxhjOo/P0yZSWZWQzQ23FvRc1SQrXE
GI5zexelUwW/K0lA4kHVJNgdL5tmgpzHPs6vAgMBAAGjggHLMIIBxzAfBgNVHSME
GDAWgBQWNqXjMXu/Z/ayt+fqVO9XML7H5TAdBgNVHQ4EFgQUGagMgLK3gwjf2WXL
I7rpdTbve0cwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMFgGA1UdIARRME8wNQYMKwYBBAGuIwEEAwQC
MCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAwGCiqGSIb3
TAUCAgEwCAYGZ4EMAQICMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuc2Vj
dGlnby5jb20vSW5Db21tb25SU0FJR1RGU2VydmVyQ0EzLmNybDB0BggrBgEFBQcB
AQRoMGYwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vSW5Db21t
b25SU0FJR1RGU2VydmVyQ0EzLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
c2VjdGlnby5jb20wEwYKKwYBBAHWeQIEAwEB/wQCBQAwHQYDVR0RBBYwFIISY21z
c3J2NjI4LmZuYWwuZ292MA0GCSqGSIb3DQEBDAUAA4IBgQASxeYTTX72hlYalgmq
RFtaWI71V8pm6yY7Se5DKT1CJMr3GhUcKqJCdI3wMl+OVCL3olnR2ZUhnn1JuLL0
SwFj4M2ih5aQAWZ/iZkMcKFByfEBBYLWvceiDwtOXiCppoOnXhuozkEDmwIMd/l7
QWBiSmuMF6ZjRHsT7qVWrVeJTHnuKk0KrMvcCf1qw1a7p1jTT1np8S2igLtF2eol
AAAM8SN1iIqSaFATBjEr/wKSmEPvlTdK+q6SmYn58Z3et5eqdo/O7V+NIAfbb3DT
JQbkLiR99oIlO44Cw5xq2ClDZI0MgG3vUJM8O+bddvbZH/OldiuA30K+dseEq33C
RHHv5H3HifUDtnn7GkVniyHb1yXARTBFVH3erWPImEzUqcvcBYtzL6RlqUZzJ9kM
p472JPxzFcDbVB9L4NO4IUWsNMpUW9eBGmf6cfxZMY/NP/uJrvvRBTs+HkjJoLns
LL+MmgtBZdEjIUECdSPk4OCzXKY5rERElfhOA99NGRzgYFo=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5gczfCBPcfTKYL0k89bq
yeGBmk0RhmjhNIFt8kMWI6GF0lMnBHRDBZPZFUekXu+BD5KJu59wQvsPeJ5Iebem
0tjlO+XcmqZQ7EDTH7brOjNJvGiJmCS4V+LxQ8BXvxvG6tVig40jD7dHX7V2RsFu
aIwgsfsfQcumSm2pApRq3q+kYoSZ8qg7XEHQ9FyscyXo2Z/BeLTmBRjZDTeyQHBL
OrEa3/172UoCC+wnlNB8Q1zwOQ+kgGUntcySQ3ONFdfMRj6MPEos9jcSLzVZbzBR
tGF9okAoiRUxL4p2D4xrPKDNyX2LbVzvDpI+gX1hYjMlPQ8xFc+axriG789umT13
0C5G7XEwqvhcLo8k2ED6p7P9IM33Oy9w4WAAccNmP0YHLDmLFd3FhnW8HsayKaF7
jn1LdNiimVTNInq3q2QXjjrYxVL90axE06MGG0NmHTKvH9EYYMI+uECB6+2tSXj6
4keusv1fRAH44Be94eQ2oCYUkHFKU1d5bO8dT6WfPacHHMF9lrnT7Lg1rrXbjlwT
2tM+LRDdyaO6wPDxZjyzrw5s9NxquVFOlBRRwn6QjTiq076PbT29lB98SNMik7u2
fYFBquKaJj2JCq/g5oRLSjGGM6j8/TJlJZlZDNDbcW9FzVJCtcQYjnN7F6VTBb8r
SUDiQdUk2B0vm2aCnMc+zq8CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 76656639463333615681414435805473539817
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA IGTF Server CA 3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-07 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-05 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'org'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'incommon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illinois'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Fermi Research Alliance'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cmssrv628.fnal.gov'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 938432893367198305917713023881599136190121702441552495837903072565627968282585242907556451235974760960843065493843693311074138618333374651632344171568732639565285124718820945657110731130213126932507221672676688018457135501818874724790127429657291133169907833651000561230567292301213261782822120178175564507235507593466155964650343866783928546538074153390807218861447161323178590632976975030087470787719721591832232921494807284196055243861153288185547063132611988950180800170649884066502383322073476043788089826407380686208005557374142882379473029393556038923508580971456324212061048003741280984453820450886698063742708904810818809959913502884969365409649923088772581656779154755195696076809659311146569419950986648850779854764601617169161994169655960840615211932062861844204545696839150211456284003889737366433811406612636944527574427962925059004750456126835131759271026624277183564762585217333031596031631996515488310345779106879167207027081757364175146922217928252034656560804597259568555914606939441800043090815879209517979898920412980647273913307463715995021931566190591953331356318218626617334239593777756480774803069622906710216341799163026321283730066492829561958642887293083465471659408995818379800450413101993776580229254831
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1636a5e3317bbf67f6b2b7e7ea54ef5730bec7e5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							19a80c80b2b78308dfd965cb23bae97536ef7b47
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (81 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.4.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113612.5.2.2.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/InCommonRSAIGTFServerCA3.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/InCommonRSAIGTFServerCA3.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cmssrv628.fnal.gov'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (3072 bits)
		0012c5e6134d7ef686561a9609aa445b5a588ef557ca66eb263b49ee43293d4224caf71a151c2aa242748df0325f8e5422f7a259d1d995219e7d49b8b2f44b0163e0cda287969001667f89990c70a141c9f1010582d6bdc7a20f0b4e5e20a9a683a75e1ba8ce41039b020c77f97b4160624a6b8c17a663447b13eea556ad57894c79ee2a4d0aaccbdc09fd6ac356bba758d34f59e9f12da280bb45d9ea2500000cf12375888a9268501306312bff02929843ef95374afaae929989f9f19ddeb797aa768fceed5f8d2007db6f70d32506e42e247df682253b8e02c39c6ad82943648d0c806def50933c3be6dd76f6d91ff3a5762b80df42be76c784ab7dc24471efe47dc789f503b679fb1a45678b21dbd725c0453045547ddead63c8984cd4a9cbdc058b732fa465a9467327d90ca78ef624fc7315c0db541f4be0d3b82145ac34ca545bd7811a67fa71fc59318fcd3ffb89aefbd1053b3e1e48c9a0b9ec2cbf8c9a0b4165d1232141027523e4e0e0b35ca639ac444495f84e03df4d191ce0605a