b2b.origin.aws.grainger.com

- W.W. Grainger, Inc -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 05:38:6b:b8:21:82:e0:ef:db:0f:fe:c4:7c:88:6a:46 was issued on by Entrust, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

W.W. Grainger, Inc

Organization: W.W. Grainger, Inc
State / Province: Illinois
Locality: Lake Forest
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 05:38:6b:b8:21:82:e0:ef:db:0f:fe:c4:7c:88:6a:46
Serial Number (int): 6939093409183250980393623480366033478
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 47:cd:45:3b:89:f3:13:e9:b8:aa:94:64:07:ed:d8:58:15:7f:28:1f
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 4d:04:89:68:bb:a5:98:18:9e:ee:c7:8b:9a:d6:23:a0:11:3f:2f:6c
Fingerprint (sha256): 06:af:8a:86:8f:a5:df:67:1a:f3:f9:95:64:18:66:91:93:33:9f:34:91:e2:f3:d3:1a:ec:35:71:07:4b:33:e4

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate b2b.origin.aws.grainger.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for b2b.origin.aws.grainger.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

b2b.origin.aws.grainger.com

Other certificates including the domain name grainger.com

(limited to 100 certificates)
prmsdsap753.us.grainger.com
apiportal.grainger.com
lt.gcom.grainger.com
devmail.grainger.com
SF-SSO-QA.grainger.com
siplyncexternal.grainger.com
n7nac007.7300.grainger.com
dvlchbap01.dev-sap.grainger.com
prlchbap05.prod-sap.grainger.com
prmaltap102.us.grainger.com
sf-bobj-altdev.grainger.com
smpconnect.sap.grainger.com
lt.gcom.grainger.com
prmsdsap402.gcad.grainger.com
mex-hylt.gcom.grainger.com
sbcmutare.grainger.com
b2b.origin.aws.grainger.com
jacksongroup.grainger.com
prlbmdm01.prod-sap.grainger.com
by.essl.optimost.grainger.com
praadmap001.us.grainger.com
lt.gcom.grainger.com
customsigns.grainger.com
vexweb.grainger.com
invest.grainger.com
vexout.grainger.com
benman.grainger.com
ggsisp.grainger.com
lt.gcom.grainger.com
lt.gcom.grainger.com
ggsisp.grainger.com
n7nac007.7300.grainger.com
b2balt.grainger.com
jobs.grainger.com
t5-vex.grainger.com
eweb.grainger.com
qps.gcom.grainger.com
ocswebfarm.grainger.com
experiencedone.sap.grainger.com
secureauth.grainger.com
prlchbap014.prod-sap.grainger.com
secure.scene7.com
prapsnap012.us.grainger.com
salesforce-sso-prod.grainger.com
lyncweb01.grainger.com
drlhybap500.gcom.grainger.com
cwa.grainger.com
migration.grainger.com
niles1.ebiz.grainger.com
PRMALTAP0004.us.grainger.com
www.grainger.com
www.meetme.grainger.com
b2bconnect.grainger.com
apigw.grainger.com
inventory.qa2-sap.grainger.com
prmsdsap7555.resource.grainger.com
www.grainger.com
inventory-omni.qa2-sap.grainger.com
jacksongroup.grainger.com
portalxi.sap.grainger.com
webremote.grainger.com
prafnsap008.us.grainger.com
dvzenoss.grainger.com
e.grainger.com
pw3nlb01.sap.prod.aws.grainger.com
pingf.grainger.com
prmsdsap402.gcad.grainger.com
tableauqa.sapad.grainger.com
keepstockselectiontool.grainger.com
prgcmalb01.gcom.grainger.com
sipexternal.grainger.com
prafnsap007.us.grainger.com
keepstockselectiontool.grainger.com
portalau.sap.grainger.com
q2gcmalb01.gcom.grainger.com
experiencedone.sap.grainger.com
ocswebfarm.grainger.com
www.grainger.com
ca.gcom.grainger.com
secure.scene7.com
by.essl.optimost.grainger.com
secures.scene7.com
devmail.grainger.com
lt.gcom.grainger.com
portalau.sap.grainger.com
lt.gcom.grainger.com
*.sap.grainger.com
lt.gcom.grainger.com
prmsdsap022.us.grainger.com
qaledap01.qa2-sap.grainger.com
prasmtap021.grainger.com
ext-prmznsap001.grainger.com
prmsdsap495.us.grainger.com
tableauqa.sapad.grainger.com
keepstocksecure.grainger.com
ebopsweb.sap.grainger.com
owa.grainger.com
qaqpslb01.gcom.grainger.com
sf-bobj-dev.grainger.com
secure.scene7.com

Certificate

The complete raw certificate details for b2b.origin.aws.grainger.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIQBThruCGC4O/bD/7EfIhqRjANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDAzMjAxNzQ2MTRaFw0yNTAzMjAxNzQ2MTNaMHkxCzAJBgNVBAYTAlVTMREwDwYD
VQQIEwhJbGxpbm9pczEUMBIGA1UEBxMLTGFrZSBGb3Jlc3QxGzAZBgNVBAoTElcu
Vy4gR3JhaW5nZXIsIEluYzEkMCIGA1UEAxMbYjJiLm9yaWdpbi5hd3MuZ3JhaW5n
ZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlG6jlymn4Fyz
JcpWImbCsNGiiIv5C1HPt2ZLeNbVBFn5Y/kyZxyaigSg9LaIIHL2B96mFLMON3EO
Q0FZYi6C1cE4zdtJKKTYJfPL6S0c1eOj6iueN1hvf3TawtbnTsI4l+kZfTEw+rMp
4bAgu/lV8qkIyZ6V2ik4ROGk2q+EupFQPppVAJEQIaiIOFI908Xbc2SKXkazUpJQ
3U9Fenacm5MuzSULAWHg4tv9ys2kRCRnnK55SlWHDnBe0oY/6slrowJBWSZCcA9V
3+FIo42eihn6sPT1EBlGFpfoqifwQ2OHwX0N2jLCanI6fOVK5aP8797bEVDXJsw7
hrj0hH17JQIDAQABo4IBcjCCAW4wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUR81F
O4nzE+m4qpRkB+3YWBV/KB8wHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYK
TL8waAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRy
dXN0Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWst
Y2hhaW4yNTYuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVz
dC5uZXQvbGV2ZWwxay5jcmwwJgYDVR0RBB8wHYIbYjJiLm9yaWdpbi5hd3MuZ3Jh
aW5nZXIuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwEwYDVR0gBAwwCjAIBgZngQwBAgIwEwYKKwYBBAHWeQIEAwEB/wQC
BQAwDQYJKoZIhvcNAQELBQADggEBACX0Grs4zDNOXVIM1u7HthzOSCV0h1fIapuj
6wsg2aLcYnCH1KxU1trolkfj6aszK0Jc/nwA4jwwAbg5sTR8pIj+eEIJMfn0Y/cX
x/R4OrnVDMxCZmmTKfj6GzSqEM28f+L8q7j4ew8dEgG0jf/LaBt7DgBQoV5GxETm
3v2ktnvUi0pSLLpy/sDqWGcDIAXUwlPh/BNMWOtVXis7TX+fS5hQtsP56NgQbKNc
mfjP+OB68InL4Y6bGY2grvCwZZ14IHEHVsceT73P1rLx9qPWL4u24R0QRsBWZXfX
+yJG23lFnV0dQx+abBpDI59Us4I/LS+RmYV/OvIiNx4kRNPIqcY=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlG6jlymn4FyzJcpWImbC
sNGiiIv5C1HPt2ZLeNbVBFn5Y/kyZxyaigSg9LaIIHL2B96mFLMON3EOQ0FZYi6C
1cE4zdtJKKTYJfPL6S0c1eOj6iueN1hvf3TawtbnTsI4l+kZfTEw+rMp4bAgu/lV
8qkIyZ6V2ik4ROGk2q+EupFQPppVAJEQIaiIOFI908Xbc2SKXkazUpJQ3U9Fenac
m5MuzSULAWHg4tv9ys2kRCRnnK55SlWHDnBe0oY/6slrowJBWSZCcA9V3+FIo42e
ihn6sPT1EBlGFpfoqifwQ2OHwX0N2jLCanI6fOVK5aP8797bEVDXJsw7hrj0hH17
JQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 6939093409183250980393623480366033478
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-20 17:46:14 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-20 17:46:13 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illinois'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Lake Forest'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'W.W. Grainger, Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'b2b.origin.aws.grainger.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 18737827271766654596605085984034304841977233892417983058293988074386603794167732383229595878185412490579188897808208483115941832827234003493354006059262294103480112428982455131620790030508726999777259438735026483200020785854171680761945871784017743648848715844651207846858628441228051662056836775878167917568180467457839681514598399872112136483591062317975638486498620614979296935934346052768994006756195366720803737183949028265344277464564037837331590845285652180082400332407787921853182966328900174258965381440082163398858543278758063552605062993366912896058739709689443223165832033995238332004171274817223320763173
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							47cd453b89f313e9b8aa946407edd858157f281f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (31 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'b2b.origin.aws.grainger.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0025f41abb38cc334e5d520cd6eec7b61cce4825748757c86a9ba3eb0b20d9a2dc627087d4ac54d6dae89647e3e9ab332b425cfe7c00e23c3001b839b1347ca488fe78420931f9f463f717c7f4783ab9d50ccc4266699329f8fa1b34aa10cdbc7fe2fcabb8f87b0f1d1201b48dffcb681b7b0e0050a15e46c444e6defda4b67bd48b4a522cba72fec0ea5867032005d4c253e1fc134c58eb555e2b3b4d7f9f4b9850b6c3f9e8d8106ca35c99f8cff8e07af089cbe18e9b198da0aef0b0659d7820710756c71e4fbdcfd6b2f1f6a3d62f8bb6e11d1046c0566577d7fb2246db79459d5d1d431f9a6c1a43239f54b3823f2d2f9199857f3af222371e2444d3c8a9c6