ctwst.psaairlines.com

- American Airlines Inc -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 58:d1:3e:4e:bb:d7:37:fb:b0:48:27:07:2a:7f:2e:5f was issued on by Entrust, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

American Airlines Inc

Organization: American Airlines Inc
State / Province: Texas
Locality: Fort Worth
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 58:d1:3e:4e:bb:d7:37:fb:b0:48:27:07:2a:7f:2e:5f
Serial Number (int): 118058517419832358566882951179894992479
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 72:5c:41:2d:da:0a:40:75:24:3d:a0:34:1f:3f:55:cf:9b:df:10:51
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 56:7a:ba:ed:fa:71:1b:ad:ae:a8:88:7e:35:7f:7a:e3:43:17:37:47
Fingerprint (sha256): 06:ed:7a:87:d2:ac:b7:59:b4:cb:36:d1:94:12:eb:84:e8:f2:73:a8:60:76:5b:aa:e0:0d:33:db:91:f4:43:74

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate ctwst.psaairlines.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ctwst.psaairlines.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ctwst.psaairlines.com

Other certificates including the domain name psaairlines.com

(limited to 100 certificates)
release.psaairlines.com
psaairlines.com
aaapac-expcluster-e01-hon1.aa.com
aana-expcluster-e01-bv1.aa.com
premium-mobile.stage.aa.com
psaairlines.com
premium-mobile.stage.aa.com
yada-beta.stage.aa.com
tokenservice.psaairlines.com
vpn.psaairlines.com
aana-cups21-sc1.aa.com
aana-expcluster-c01-bv1.aa.com
aana-expcluster-c01-bv1.aa.com
mcweb.psaairlines.com
aaemea-cups01-ams1-ms.aa.com
release.psaairlines.com
yada-beta.stage.aa.com
ctwst.psaairlines.com
release.psaairlines.com
release.psaairlines.com
premium-mobile.stage.aa.com
yada-beta.stage.aa.com
aaapac-expc01-sin1.aa.com
release.psaairlines.com
c3008021ipr101-ms.corpaa.aa.com
*.psaairlines.com
premium-mobile.stage.aa.com
ctws.psaairlines.com
aos2.psaairlines.com
aana-expcluster-e01-sc1.aa.com
psaairlines.com
psaairlines.com
psaairlines.com
aana-expcluster-e01-sc1.aa.com
aana-expcluster-c01-bv1.aa.com
release.psaairlines.com
aaapac-expe01-sin1.aa.com
aana-expcluster-e01-sc1.aa.com
aaemea-expe01-ams1.aa.com
yada-beta.stage.aa.com
release.psaairlines.com
planningvalidatorapi.psaairlines.com
aana-expcluster-c01-sc1.aa.com
premium-mobile.stage.aa.com
sni1fe0fgl.wpc.edgecastcdn.net
aos.stage.psaairlines.com
release.psaairlines.com
aana-expcluster-e01-bv1.aa.com
release.psaairlines.com
aaapac-expcluster-c01-sin1.aa.com
aana-expcluster-e01-bv1.aa.com
aana-expcluster-c01-bv1.aa.com
testreleaseapi.psaairlines.com
psaairlines.com
ftweb.psaairlines.com
yada-beta.stage.aa.com
aana-expcluster-c01-sc1.aa.com
testtokenservice.psaairlines.com
testplanningvalidatorapi.psaairlines.com
tokenservice.psaairlines.com
emp.psaairlines.com
release.psaairlines.com
aana-expcluster-c01-sc1.aa.com
testrelease.psaairlines.com
release.psaairlines.com
aana-expcluster-e01-bv1.aa.com
planningvalidatorapi.psaairlines.com
aaemea-expe01-lon1.aa.com
ctwst.psaairlines.com
premium-mobile.stage.aa.com
testreleaseapi.psaairlines.com
release.psaairlines.com
www.psaairlines.com
aana-expcluster-c01-bv1.aa.com
psaairlines.com
premium-mobile.stage.aa.com
c3008011ipr001-ms.corpaa.aa.com
psaairlines.com
psaairlines.com
yada-beta.stage.aa.com
psaairlines.com
psaairlines.com
aana-expcluster-e01-sc1.aa.com
premium-mobile.stage.aa.com
aana-expcluster-e01-bv1.aa.com
yada-beta.stage.aa.com
aaapac-cups01-hon1.aa.com
aana-expcluster-c01-bv1.aa.com
release.psaairlines.com
psaairlines.com
yada-beta.stage.aa.com
release.psaairlines.com
psaairlines.com
ctwst.psaairlines.com
planningvalidatorapi.psaairlines.com
psaairlines.com
sni11976gl.wpc.edgecastcdn.net
premium-mobile.stage.aa.com
release.psaairlines.com
premium-mobile.stage.aa.com

Certificate

The complete raw certificate details for ctwst.psaairlines.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIQWNE+TrvXN/uwSCcHKn8uXzANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDA1MjIxNDQyMTVaFw0yNTA1MjIxNDQyMTRaMHIxCzAJBgNVBAYTAlVTMQ4wDAYD
VQQIEwVUZXhhczETMBEGA1UEBxMKRm9ydCBXb3J0aDEeMBwGA1UEChMVQW1lcmlj
YW4gQWlybGluZXMgSW5jMR4wHAYDVQQDExVjdHdzdC5wc2FhaXJsaW5lcy5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWQoqEmNxTR0isSq2Y4q68
xuT7j8P6wBnBvxbPubO7V5xRsS4rDlQzvmNYcswCAOBo4Hfje7yNM3dloZwDUq5m
5vletKWO1GNHWL4gsYHgi3W43DlDLnJRUEHVwRMzHUbK5aLdUKgpoHzj+I5FCN5m
IJ/oF/JXkeb7O0advCGX1Z1s6ZI50W38B1G5AtRTc7mEGvWValREOu+kjpsGopsT
4AcYJFgVFhQF254Ot+/AWU1BhXjdWbkBygGIOCnS66qDyeoTdhTIjKur6t0NbRUh
326uI2EqL7VsMbpi+6Fk3u5vELFhd26HkiGQiuoQLkhqc2xf6QDvK6mT9/7ggwrH
AgMBAAGjggFsMIIBaDAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRyXEEt2gpAdSQ9
oDQfP1XPm98QUTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzBoBggr
BgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0
MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1jaGFpbjI1
Ni5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9s
ZXZlbDFrLmNybDAgBgNVHREEGTAXghVjdHdzdC5wc2FhaXJsaW5lcy5jb20wDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjATBgNV
HSAEDDAKMAgGBmeBDAECAjATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0B
AQsFAAOCAQEAnwCQTDADZLJdQF3qC/katL7ToKJPC/OvUXpNYOOvWXCV6E/BnhSb
1sjJzaB79GHw3Tp4eJi1uPDUc4eaKzjAwhNDWwuA/K+Z8KnCDlWbN13vr9+KQ9wg
L+92NLsuB6zwshPKclGQSOmBM1iR3IO4/ZFxb8/0aNDn6sex3pDCSmBgb/xcjKeM
HUULnkYVXFGXVWLEJAnSR+T3tQrIfXFfrBwrj6lT5JE+fUIEYG5Tnule19zi8c/A
q+e1wfiNy0DYQevDfVq5RrLL5UemyudGZpk40rv1QamJu3a+B955FoKZhVx9LdjX
etOICtQMKksR+inRLZGqiFQRopgKWOvROA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkKKhJjcU0dIrEqtmOKu
vMbk+4/D+sAZwb8Wz7mzu1ecUbEuKw5UM75jWHLMAgDgaOB343u8jTN3ZaGcA1Ku
Zub5XrSljtRjR1i+ILGB4It1uNw5Qy5yUVBB1cETMx1GyuWi3VCoKaB84/iORQje
ZiCf6BfyV5Hm+ztGnbwhl9WdbOmSOdFt/AdRuQLUU3O5hBr1lWpURDrvpI6bBqKb
E+AHGCRYFRYUBdueDrfvwFlNQYV43Vm5AcoBiDgp0uuqg8nqE3YUyIyrq+rdDW0V
Id9uriNhKi+1bDG6YvuhZN7ubxCxYXduh5IhkIrqEC5IanNsX+kA7yupk/f+4IMK
xwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 118058517419832358566882951179894992479
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-22 14:42:15 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-22 14:42:14 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Texas'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Fort Worth'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'American Airlines Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ctwst.psaairlines.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 18968558377246206235104922547853327330690393968891115984459050791196037598147515855596576823850279271174596825301084029353843935092024242860850416807849721611264329437321385064802959848861905089692568312886169671804736641225582561129993720968210870182987365137180190322053461410769369773357361565364464370128874230038667657210075132923931490003551313895030987897307283037873671911951816162130626636165764757560278700299373350783843394604448128092763671966703514578788241289926309504016743097350222243047197212507006882272707442365911807469122386770859903587284858831895017818070404825922263440856726694324817669327559
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							725c412dda0a4075243da0341f3f55cf9bdf1051
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ctwst.psaairlines.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009f00904c300364b25d405dea0bf91ab4bed3a0a24f0bf3af517a4d60e3af597095e84fc19e149bd6c8c9cda07bf461f0dd3a787898b5b8f0d473879a2b38c0c213435b0b80fcaf99f0a9c20e559b375defafdf8a43dc202fef7634bb2e07acf0b213ca72519048e981335891dc83b8fd91716fcff468d0e7eac7b1de90c24a60606ffc5c8ca78c1d450b9e46155c51975562c42409d247e4f7b50ac87d715fac1c2b8fa953e4913e7d4204606e539ee95ed7dce2f1cfc0abe7b5c1f88dcb40d841ebc37d5ab946b2cbe547a6cae746669938d2bbf541a989bb76be07de79168299855c7d2dd8d77ad3880ad40c2a4b11fa29d12d91aa885411a2980a58ebd138