cmssrv628.fnal.gov
- Fermi Research Alliance -
Issued by InCommon RSA IGTF Server CA 3
About this certificate
This digital certificate with serial number 39:ab:88:1f:f8:d0:e5:15:e5:e9:b6:c5:37:d8:06:e9 was issued on by Internet2.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Fermi Research Alliance
Organization:
Fermi Research Alliance
State / Province:
Illinois
Country: US
Country: US
Internet2
Organization:
Internet2
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 39:ab:88:1f:f8:d0:e5:15:e5:e9:b6:c5:37:d8:06:e9Serial Number (int): 76656639463333615681414435805473539817
Serial Number lenght: 126 bits, 16 octets
SubjectKeyId: 19:a8:0c:80:b2:b7:83:08:df:d9:65:cb:23:ba:e9:75:36:ef:7b:47
AuthorityKeyId: 16:36:a5:e3:31:7b:bf:67:f6:b2:b7:e7:ea:54:ef:57:30:be:c7:e5
Fingerprint (sha1): bd:a9:5b:c7:6a:1d:d5:0f:76:c3:9f:ad:52:0d:4a:1b:b6:fc:de:0b
Fingerprint (sha256): 06:8e:47:86:74:7c:b1:c8:de:09:f8:0d:f4:b5:c3:cd:67:59:9a:c0:ed:52:b7:48:11:2a:3b:dc:ce:7a:ec:46
Issuing Certificate URL: http://crt.sectigo.com/InCommonRSAIGTFServerCA3.crt
Revocation information
OCSP Server: http://ocsp.sectigo.comCRL Distribution Point: http://crl.sectigo.com/InCommonRSAIGTFServerCA3.crl
Check the revocation status for certificate cmssrv628.fnal.gov
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for cmssrv628.fnal.gov
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA384 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
cmssrv628.fnal.gov
Other certificates including the domain name fnal.gov
(limited to 100 certificates)
uboonepro-uboonegpvm01.fnal.gov
gpce03.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
stkendca71a.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
lpcschedd3.fnal.gov
samwebgpvm03.fnal.gov
ftdc2.fermitest.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
pubstor2231.fnal.gov
*.fnal.gov
nsexpe2.fnal.gov
cmsstor341.fnal.gov
*.fnal.gov
uhosts.fnal.gov
www-bss.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmssi-factory02.fnal.gov
*.fnal.gov
uhosts.fnal.gov
fermi-rsa-2.fnal.gov
*.fnal.gov
cmseos-tf1103.fnal.gov
rcds01.fnal.gov
*.fnal.gov
*.fnal.gov
ssiadmin3.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos511.fnal.gov
uhosts.fnal.gov
fcdfcache122.fnal.gov
*.fnal.gov
*.fnal.gov
cmssrv628.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
cmseos1144.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
icaruspro-icarusgpvm01.fnal.gov
cmsstor907.fnal.gov
*.fnal.gov
*.fnal.gov
fifeutilgpvm01.fnal.gov
fermicloud527.fnal.gov
*.fnal.gov
*.fnal.gov
fndcaitb1.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos-if1102.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
fermicloud363.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos517.fnal.gov
rcodegpvm02.fnal.gov
cmseos56.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb03.fnal.gov
*.fnal.gov
accelaipro-accelaigpvm01.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb04.fnal.gov
cmseos34.fnal.gov
fndca5b.fnal.gov
*.fnal.gov
gpce03.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
stkendca71a.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
lpcschedd3.fnal.gov
samwebgpvm03.fnal.gov
ftdc2.fermitest.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
pubstor2231.fnal.gov
*.fnal.gov
nsexpe2.fnal.gov
cmsstor341.fnal.gov
*.fnal.gov
uhosts.fnal.gov
www-bss.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmssi-factory02.fnal.gov
*.fnal.gov
uhosts.fnal.gov
fermi-rsa-2.fnal.gov
*.fnal.gov
cmseos-tf1103.fnal.gov
rcds01.fnal.gov
*.fnal.gov
*.fnal.gov
ssiadmin3.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos511.fnal.gov
uhosts.fnal.gov
fcdfcache122.fnal.gov
*.fnal.gov
*.fnal.gov
cmssrv628.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
cmseos1144.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
icaruspro-icarusgpvm01.fnal.gov
cmsstor907.fnal.gov
*.fnal.gov
*.fnal.gov
fifeutilgpvm01.fnal.gov
fermicloud527.fnal.gov
*.fnal.gov
*.fnal.gov
fndcaitb1.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos-if1102.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
fermicloud363.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos517.fnal.gov
rcodegpvm02.fnal.gov
cmseos56.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb03.fnal.gov
*.fnal.gov
accelaipro-accelaigpvm01.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb04.fnal.gov
cmseos34.fnal.gov
fndca5b.fnal.gov
*.fnal.gov
Certificate
The complete raw certificate details for cmssrv628.fnal.gov in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGrzCCBRegAwIBAgIQOauIH/jQ5RXl6bbFN9gG6TANBgkqhkiG9w0BAQwFADBJ MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMSYwJAYDVQQDEx1JbkNv bW1vbiBSU0EgSUdURiBTZXJ2ZXIgQ0EgMzAeFw0yMzEyMDcwMDAwMDBaFw0yNTAx MDUyMzU5NTlaMIGOMRMwEQYKCZImiZPyLGQBGRYDb3JnMRgwFgYKCZImiZPyLGQB GRYIaW5jb21tb24xCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEgMB4G A1UEChMXRmVybWkgUmVzZWFyY2ggQWxsaWFuY2UxGzAZBgNVBAMTEmNtc3NydjYy OC5mbmFsLmdvdjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOYHM3wg T3H0ymC9JPPW6snhgZpNEYZo4TSBbfJDFiOhhdJTJwR0QwWT2RVHpF7vgQ+Sibuf cEL7D3ieSHm3ptLY5Tvl3JqmUOxA0x+26zozSbxoiZgkuFfi8UPAV78bxurVYoON Iw+3R1+1dkbBbmiMILH7H0HLpkptqQKUat6vpGKEmfKoO1xB0PRcrHMl6NmfwXi0 5gUY2Q03skBwSzqxGt/9e9lKAgvsJ5TQfENc8DkPpIBlJ7XMkkNzjRXXzEY+jDxK LPY3Ei81WW8wUbRhfaJAKIkVMS+Kdg+Mazygzcl9i21c7w6SPoF9YWIzJT0PMRXP msa4hu/Pbpk9d9AuRu1xMKr4XC6PJNhA+qez/SDN9zsvcOFgAHHDZj9GByw5ixXd xYZ1vB7Gsimhe459S3TYoplUzSJ6t6tkF4462MVS/dGsRNOjBhtDZh0yrx/RGGDC PrhAgevtrUl4+uJHrrL9X0QB+OAXveHkNqAmFJBxSlNXeWzvHU+lnz2nBxzBfZa5 0+y4Na61245cE9rTPi0Q3cmjusDw8WY8s68ObPTcarlRTpQUUcJ+kI04qtO+j209 vZQffEjTIpO7tn2BQarimiY9iQqv4OaES0oxhjOo/P0yZSWZWQzQ23FvRc1SQrXE GI5zexelUwW/K0lA4kHVJNgdL5tmgpzHPs6vAgMBAAGjggHLMIIBxzAfBgNVHSME GDAWgBQWNqXjMXu/Z/ayt+fqVO9XML7H5TAdBgNVHQ4EFgQUGagMgLK3gwjf2WXL I7rpdTbve0cwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMCMFgGA1UdIARRME8wNQYMKwYBBAGuIwEEAwQC MCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAwGCiqGSIb3 TAUCAgEwCAYGZ4EMAQICMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuc2Vj dGlnby5jb20vSW5Db21tb25SU0FJR1RGU2VydmVyQ0EzLmNybDB0BggrBgEFBQcB AQRoMGYwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vSW5Db21t b25SU0FJR1RGU2VydmVyQ0EzLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au c2VjdGlnby5jb20wEwYKKwYBBAHWeQIEAwEB/wQCBQAwHQYDVR0RBBYwFIISY21z c3J2NjI4LmZuYWwuZ292MA0GCSqGSIb3DQEBDAUAA4IBgQASxeYTTX72hlYalgmq RFtaWI71V8pm6yY7Se5DKT1CJMr3GhUcKqJCdI3wMl+OVCL3olnR2ZUhnn1JuLL0 SwFj4M2ih5aQAWZ/iZkMcKFByfEBBYLWvceiDwtOXiCppoOnXhuozkEDmwIMd/l7 QWBiSmuMF6ZjRHsT7qVWrVeJTHnuKk0KrMvcCf1qw1a7p1jTT1np8S2igLtF2eol AAAM8SN1iIqSaFATBjEr/wKSmEPvlTdK+q6SmYn58Z3et5eqdo/O7V+NIAfbb3DT JQbkLiR99oIlO44Cw5xq2ClDZI0MgG3vUJM8O+bddvbZH/OldiuA30K+dseEq33C RHHv5H3HifUDtnn7GkVniyHb1yXARTBFVH3erWPImEzUqcvcBYtzL6RlqUZzJ9kM p472JPxzFcDbVB9L4NO4IUWsNMpUW9eBGmf6cfxZMY/NP/uJrvvRBTs+HkjJoLns LL+MmgtBZdEjIUECdSPk4OCzXKY5rERElfhOA99NGRzgYFo= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5gczfCBPcfTKYL0k89bq yeGBmk0RhmjhNIFt8kMWI6GF0lMnBHRDBZPZFUekXu+BD5KJu59wQvsPeJ5Iebem 0tjlO+XcmqZQ7EDTH7brOjNJvGiJmCS4V+LxQ8BXvxvG6tVig40jD7dHX7V2RsFu aIwgsfsfQcumSm2pApRq3q+kYoSZ8qg7XEHQ9FyscyXo2Z/BeLTmBRjZDTeyQHBL OrEa3/172UoCC+wnlNB8Q1zwOQ+kgGUntcySQ3ONFdfMRj6MPEos9jcSLzVZbzBR tGF9okAoiRUxL4p2D4xrPKDNyX2LbVzvDpI+gX1hYjMlPQ8xFc+axriG789umT13 0C5G7XEwqvhcLo8k2ED6p7P9IM33Oy9w4WAAccNmP0YHLDmLFd3FhnW8HsayKaF7 jn1LdNiimVTNInq3q2QXjjrYxVL90axE06MGG0NmHTKvH9EYYMI+uECB6+2tSXj6 4keusv1fRAH44Be94eQ2oCYUkHFKU1d5bO8dT6WfPacHHMF9lrnT7Lg1rrXbjlwT 2tM+LRDdyaO6wPDxZjyzrw5s9NxquVFOlBRRwn6QjTiq076PbT29lB98SNMik7u2 fYFBquKaJj2JCq/g5oRLSjGGM6j8/TJlJZlZDNDbcW9FzVJCtcQYjnN7F6VTBb8r SUDiQdUk2B0vm2aCnMc+zq8CAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 76656639463333615681414435805473539817 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA IGTF Server CA 3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-07 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-05 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'org' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'incommon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illinois' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Fermi Research Alliance' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cmssrv628.fnal.gov' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 938432893367198305917713023881599136190121702441552495837903072565627968282585242907556451235974760960843065493843693311074138618333374651632344171568732639565285124718820945657110731130213126932507221672676688018457135501818874724790127429657291133169907833651000561230567292301213261782822120178175564507235507593466155964650343866783928546538074153390807218861447161323178590632976975030087470787719721591832232921494807284196055243861153288185547063132611988950180800170649884066502383322073476043788089826407380686208005557374142882379473029393556038923508580971456324212061048003741280984453820450886698063742708904810818809959913502884969365409649923088772581656779154755195696076809659311146569419950986648850779854764601617169161994169655960840615211932062861844204545696839150211456284003889737366433811406612636944527574427962925059004750456126835131759271026624277183564762585217333031596031631996515488310345779106879167207027081757364175146922217928252034656560804597259568555914606939441800043090815879209517979898920412980647273913307463715995021931566190591953331356318218626617334239593777756480774803069622906710216341799163026321283730066492829561958642887293083465471659408995818379800450413101993776580229254831 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1636a5e3317bbf67f6b2b7e7ea54ef5730bec7e5 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 19a80c80b2b78308dfd965cb23bae97536ef7b47 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (81 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.4.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113612.5.2.2.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/InCommonRSAIGTFServerCA3.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/InCommonRSAIGTFServerCA3.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cmssrv628.fnal.gov' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (3072 bits) 0012c5e6134d7ef686561a9609aa445b5a588ef557ca66eb263b49ee43293d4224caf71a151c2aa242748df0325f8e5422f7a259d1d995219e7d49b8b2f44b0163e0cda287969001667f89990c70a141c9f1010582d6bdc7a20f0b4e5e20a9a683a75e1ba8ce41039b020c77f97b4160624a6b8c17a663447b13eea556ad57894c79ee2a4d0aaccbdc09fd6ac356bba758d34f59e9f12da280bb45d9ea2500000cf12375888a9268501306312bff02929843ef95374afaae929989f9f19ddeb797aa768fceed5f8d2007db6f70d32506e42e247df682253b8e02c39c6ad82943648d0c806def50933c3be6dd76f6d91ff3a5762b80df42be76c784ab7dc24471efe47dc789f503b679fb1a45678b21dbd725c0453045547ddead63c8984cd4a9cbdc058b732fa465a9467327d90ca78ef624fc7315c0db541f4be0d3b82145ac34ca545bd7811a67fa71fc59318fcd3ffb89aefbd1053b3e1e48c9a0b9ec2cbf8c9a0b4165d1232141027523e4e0e0b35ca639ac444495f84e03df4d191ce0605a