www2.healthcare.gov
- Centers for Medicare & Medicaid Services -
Issued by GeoTrust RSA CA 2018
About this certificate
This digital certificate with serial number 09:07:30:1a:9b:33:38:6d:4a:4d:a3:ad:76:9b:58:ba was issued on by DigiCert Inc.
With 13 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Centers for Medicare & Medicaid Services
Organization:
Centers for Medicare & Medicaid Services
Organization unit: OIS
Organization unit: OIS
State / Province:
Maryland
Locality: Baltimore
Country: US
Locality: Baltimore
Country: US
DigiCert Inc
Organization:
DigiCert Inc
Organization unit: www.digicert.com
Organization unit: www.digicert.com
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 09:07:30:1a:9b:33:38:6d:4a:4d:a3:ad:76:9b:58:baSerial Number (int): 12000373703699285508268195889184200890
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: 00:9d:51:51:2b:b0:93:8a:d4:20:33:a4:cb:ef:5f:e0:9a:b7:0c:b8
AuthorityKeyId: 90:58:ff:b0:9c:75:a8:51:54:77:b1:ed:f2:a3:43:16:38:9e:6c:c5
Fingerprint (sha1): c6:2d:f1:52:23:39:73:51:8c:42:48:17:28:ce:77:cf:62:35:d0:cd
Fingerprint (sha256): 06:f3:5c:3c:e5:5c:4c:f5:7f:f3:d6:1c:3f:2e:4b:a6:b3:1e:85:b5:b5:07:df:c2:fb:97:2a:e1:18:48:ec:98
Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt
Revocation information
OCSP Server: http://status.geotrust.comCRL Distribution Point: http://cdp.geotrust.com/GeoTrustRSACA2018.crl
Check the revocation status for certificate www2.healthcare.gov
13
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for www2.healthcare.gov
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
www2.healthcare.gov
mcr.api.healthcare.gov
address.api.healthcare.gov
ses.api.healthcare.gov
aws-prod.dsrs.api.healthcare.gov
dashboard.healthcare.gov
pecosai.portal.cms.gov
dr.ses.api.healthcare.gov
dsrs.api.healthcare.gov
api.bluebutton.cms.gov
aps.portal.cms.gov
aws-prod.mcr.api.healthcare.gov
aws-prod.ses.api.healthcare.gov
mcr.api.healthcare.gov
address.api.healthcare.gov
ses.api.healthcare.gov
aws-prod.dsrs.api.healthcare.gov
dashboard.healthcare.gov
pecosai.portal.cms.gov
dr.ses.api.healthcare.gov
dsrs.api.healthcare.gov
api.bluebutton.cms.gov
aps.portal.cms.gov
aws-prod.mcr.api.healthcare.gov
aws-prod.ses.api.healthcare.gov
Other certificates including the domain name healthcare.gov
(limited to 100 certificates)
splunk.aws.healthcare.gov
test3.healthcare.gov
test3.healthcare.gov
www.healthcare.gov
test2.healthcare.gov
www2.cms.gov
orig.impl1a.ses.api.healthcare.gov
www.healthcare.gov
pet-elb.imp1b.healthcare.gov
test-t.healthcare.gov
shop.prod.healthcare.gov
www.healthcare.gov
www.healthcare.gov
adobe-ep.healthcare.gov
www2.healthcare.gov
tmdsm.aws.healthcare.gov
www2.cms.gov
www2.cms.gov
app-dc01.prod.healthcare.gov
app-dc01.prod.healthcare.gov
test3.healthcare.gov
www2.healthcare.gov
tmdsmdr.aws.healthcare.gov
net.prod.healthcare.gov
test2.healthcare.gov
api.healthcare.gov
www.healthcare.gov
impl.mcr.dsh.healthcare.gov
search.test.healthcare.gov
www2.cms.gov
www2.cms.gov
test.healthcare.gov
dsrs.api.healthcare.gov
test4.healthcare.gov
test4.healthcare.gov
net-dc01.prod.healthcare.gov
test3.healthcare.gov
prod.pc2-elb.healthcare.gov
vpneast.aws.cms.gov
www.healthcare.gov
test3.healthcare.gov
orig.ses.api.healthcare.gov
www2.cms.gov
www2.cms.gov
test2.healthcare.gov
sls-elb.imp.healthcare.gov
test3.healthcare.gov
elb1.imp1a.healthcare.gov
test2.healthcare.gov
search1.healthcare.gov
test.healthcare.gov
api.healthcare.gov
tmdsmdr.aws.healthcare.gov
test3.healthcare.gov
chat.healthcare.gov
nagiosdr.aws.healthcare.gov
test2.healthcare.gov
test3.healthcare.gov
elb1.imp1a.healthcare.gov
www2.cms.gov
test3.healthcare.gov
prod-t.healthcare.gov
www2.cms.gov
test2.healthcare.gov
origin-es-app.prod.healthcare.gov
test0.mcr.gw.healthcare.gov
www2.healthcare.gov
www2.healthcare.gov
www2.healthcare.gov
test.healthcare.gov
test.healthcare.gov
b.dev.healthcare.gov
www.healthcare.gov
www2.healthcare.gov
test2.healthcare.gov
mcr.api.healthcare.gov
api-manager-elb.dev.healthcare.gov
www2.cms.gov
imp1b-marketplace-elb.api.healthcare.gov
origin-es-app.prod.healthcare.gov
test2.healthcare.gov
test.healthcare.gov
www2.cms.gov
www2.healthcare.gov
app1a.imp.healthcare.gov
test3.healthcare.gov
test0.shop.healthcare.gov
test2.healthcare.gov
chat.healthcare.gov
api-manager-elb.imp.healthcare.gov
www.healthcare.gov
www.healthcare.gov
test.healthcare.gov
www.healthcare.gov
test.healthcare.gov
www2.cms.gov
api.healthcare.gov
www2.cms.gov
test2.healthcare.gov
test3.healthcare.gov
test3.healthcare.gov
test3.healthcare.gov
www.healthcare.gov
test2.healthcare.gov
www2.cms.gov
orig.impl1a.ses.api.healthcare.gov
www.healthcare.gov
pet-elb.imp1b.healthcare.gov
test-t.healthcare.gov
shop.prod.healthcare.gov
www.healthcare.gov
www.healthcare.gov
adobe-ep.healthcare.gov
www2.healthcare.gov
tmdsm.aws.healthcare.gov
www2.cms.gov
www2.cms.gov
app-dc01.prod.healthcare.gov
app-dc01.prod.healthcare.gov
test3.healthcare.gov
www2.healthcare.gov
tmdsmdr.aws.healthcare.gov
net.prod.healthcare.gov
test2.healthcare.gov
api.healthcare.gov
www.healthcare.gov
impl.mcr.dsh.healthcare.gov
search.test.healthcare.gov
www2.cms.gov
www2.cms.gov
test.healthcare.gov
dsrs.api.healthcare.gov
test4.healthcare.gov
test4.healthcare.gov
net-dc01.prod.healthcare.gov
test3.healthcare.gov
prod.pc2-elb.healthcare.gov
vpneast.aws.cms.gov
www.healthcare.gov
test3.healthcare.gov
orig.ses.api.healthcare.gov
www2.cms.gov
www2.cms.gov
test2.healthcare.gov
sls-elb.imp.healthcare.gov
test3.healthcare.gov
elb1.imp1a.healthcare.gov
test2.healthcare.gov
search1.healthcare.gov
test.healthcare.gov
api.healthcare.gov
tmdsmdr.aws.healthcare.gov
test3.healthcare.gov
chat.healthcare.gov
nagiosdr.aws.healthcare.gov
test2.healthcare.gov
test3.healthcare.gov
elb1.imp1a.healthcare.gov
www2.cms.gov
test3.healthcare.gov
prod-t.healthcare.gov
www2.cms.gov
test2.healthcare.gov
origin-es-app.prod.healthcare.gov
test0.mcr.gw.healthcare.gov
www2.healthcare.gov
www2.healthcare.gov
www2.healthcare.gov
test.healthcare.gov
test.healthcare.gov
b.dev.healthcare.gov
www.healthcare.gov
www2.healthcare.gov
test2.healthcare.gov
mcr.api.healthcare.gov
api-manager-elb.dev.healthcare.gov
www2.cms.gov
imp1b-marketplace-elb.api.healthcare.gov
origin-es-app.prod.healthcare.gov
test2.healthcare.gov
test.healthcare.gov
www2.cms.gov
www2.healthcare.gov
app1a.imp.healthcare.gov
test3.healthcare.gov
test0.shop.healthcare.gov
test2.healthcare.gov
chat.healthcare.gov
api-manager-elb.imp.healthcare.gov
www.healthcare.gov
www.healthcare.gov
test.healthcare.gov
www.healthcare.gov
test.healthcare.gov
www2.cms.gov
api.healthcare.gov
www2.cms.gov
test2.healthcare.gov
test3.healthcare.gov
Certificate
The complete raw certificate details for www2.healthcare.gov in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIH6zCCBtOgAwIBAgIQCQcwGpszOG1KTaOtdptYujANBgkqhkiG9w0BAQsFADBe MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe Fw0yMDAyMjgwMDAwMDBaFw0yMTA1MjkxMjAwMDBaMIGTMQswCQYDVQQGEwJVUzER MA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTExMC8GA1UECgwo Q2VudGVycyBmb3IgTWVkaWNhcmUgJiBNZWRpY2FpZCBTZXJ2aWNlczEMMAoGA1UE CxMDT0lTMRwwGgYDVQQDExN3d3cyLmhlYWx0aGNhcmUuZ292MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvtWsd7FuBRO78CrQdr47ytyuwC64cPktBTt 3sPJihUdjgjXXX2vl+nuCE867xXtx7487XSJCfMLVCcGkSjmhvVMfmsCGsaSoVML kMDnePQXortnmjo9b+OIQYEro08XPxMaR8uIMkFe7uX0o981l0MflBb/yoVebetM lDGGIvyEC0Ga/r4t+mGB0srPbtbEbmUmfULTYqbh30EcWJ9fVdb5oSel8s9RmVOm QRtH5jo+iQREDrvinRfE7UKqa0lby3CTLkWLmyLu2K898YH+Dud39WYv2FCb4mCS iUGKFOABR9IT+cM8a3V6hmIYu8l4sR18EXhqdojMy8FJ5o85tQIDAQABo4IEbTCC BGkwHwYDVR0jBBgwFoAUkFj/sJx1qFFUd7Ht8qNDFjiebMUwHQYDVR0OBBYEFACd UVErsJOK1CAzpMvvX+Catwy4MIIBZAYDVR0RBIIBWzCCAVeCE3d3dzIuaGVhbHRo Y2FyZS5nb3aCFm1jci5hcGkuaGVhbHRoY2FyZS5nb3aCGmFkZHJlc3MuYXBpLmhl YWx0aGNhcmUuZ292ghZzZXMuYXBpLmhlYWx0aGNhcmUuZ292giBhd3MtcHJvZC5k c3JzLmFwaS5oZWFsdGhjYXJlLmdvdoIYZGFzaGJvYXJkLmhlYWx0aGNhcmUuZ292 ghZwZWNvc2FpLnBvcnRhbC5jbXMuZ292ghlkci5zZXMuYXBpLmhlYWx0aGNhcmUu Z292ghdkc3JzLmFwaS5oZWFsdGhjYXJlLmdvdoIWYXBpLmJsdWVidXR0b24uY21z LmdvdoISYXBzLnBvcnRhbC5jbXMuZ292gh9hd3MtcHJvZC5tY3IuYXBpLmhlYWx0 aGNhcmUuZ292gh9hd3MtcHJvZC5zZXMuYXBpLmhlYWx0aGNhcmUuZ292MA4GA1Ud DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPgYDVR0f BDcwNTAzoDGgL4YtaHR0cDovL2NkcC5nZW90cnVzdC5jb20vR2VvVHJ1c3RSU0FD QTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEW HGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHUGCCsGAQUF BwEBBGkwZzAmBggrBgEFBQcwAYYaaHR0cDovL3N0YXR1cy5nZW90cnVzdC5jb20w PQYIKwYBBQUHMAKGMWh0dHA6Ly9jYWNlcnRzLmdlb3RydXN0LmNvbS9HZW9UcnVz dFJTQUNBMjAxOC5jcnQwCQYDVR0TBAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIB agFoAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFwjApzuQAA BAMARzBFAiEAsdaYGpujYyjBYxaKh/u/rcawgaDkcMPxsETMTpUmV4ICICONMqfw YJUXV84RmkhxSRGLDe/4W3VRVBo2vqrwwMD2AHYAXNxDkv7mq0VEsV6a1FbmEDf7 1fpH3KFzlLJe5vbHDsoAAAFwjApz8AAABAMARzBFAiARrNmxHnFlxdi5ukQLFoZ0 H87CkBNaReSwYk5cult10wIhALtEdhAm94RdeJqo2xHjSrGdewF2CcOBd6G1dP6r nSOwAHYA7sCV7o1yZA+S48O5G8cSo2lqCXtLahoUOOZHssvtxfkAAAFwjAp0HAAA BAMARzBFAiEA79ANQ7v+B7Ls8/M5fP4gipT1CvamOLvb6bxy77DMU2ACIH2nfIDY 08rdBdDw7NViUhH/ezdNrPJdGqmMm7c/C9R5MA0GCSqGSIb3DQEBCwUAA4IBAQBQ 6OnaxQsVpP7ybVtufpq/crKhCUptumMaQTILd+oPXfs1ErZbqKGDCcTQQnTDpcKz qdF8iPy1Fzp1xUtkx584vfP24Mv+ZVkUStt7C4+hty8kuHhxEWzO/vtr515Evua+ /fcNyxCRAKI/28jAlfj/rsiC3Pz6RXCh19S6Wqh067y2F4MkoY3qPz8SZloiLpAC MahiT4UQCHTF2fhmziNRE3IpKekeSs9aj8o9wlxN4nZTspyyMjqCyqzPYL3aUYPC p8Dmfa4bBPRUzFwzet5sXZaAC1uK4E794bREs+fk/9zKZNwBFeymYKg585ZxGjh0 +nQQLoTgmZl6iA42sSLT -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvtWsd7FuBRO78CrQdr4 7ytyuwC64cPktBTt3sPJihUdjgjXXX2vl+nuCE867xXtx7487XSJCfMLVCcGkSjm hvVMfmsCGsaSoVMLkMDnePQXortnmjo9b+OIQYEro08XPxMaR8uIMkFe7uX0o981 l0MflBb/yoVebetMlDGGIvyEC0Ga/r4t+mGB0srPbtbEbmUmfULTYqbh30EcWJ9f Vdb5oSel8s9RmVOmQRtH5jo+iQREDrvinRfE7UKqa0lby3CTLkWLmyLu2K898YH+ Dud39WYv2FCb4mCSiUGKFOABR9IT+cM8a3V6hmIYu8l4sR18EXhqdojMy8FJ5o85 tQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 12000373703699285508268195889184200890 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust RSA CA 2018' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-02-28 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-05-29 12:00:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Maryland' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Baltimore' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Centers for Medicare & Medicaid Services' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'OIS' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www2.healthcare.gov' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23099311212214896366029160041380712748946083095996022380408155675556691484762564456120238670139332645227192758999969268179321541977143267471927208898983576782888952993624770858395475123834574472533479468119293633440277105304563654053573871912165028082337662565907185383369890785844204053053709510313243979729149174550085321084408108303482090332091007513320130575658791201333396539692568229243318284073062761947223777876161378175218512706094130123588206409963704727505660853460519907938543310352490484231972045856386231448658449814298645560534031756918513127370676221743096603180448086817993752707755359309139874363829 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9058ffb09c75a8515477b1edf2a34316389e6cc5 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 009d51512bb0938ad42033a4cbef5fe09ab70cb8 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (347 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www2.healthcare.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mcr.api.healthcare.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'address.api.healthcare.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ses.api.healthcare.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aws-prod.dsrs.api.healthcare.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dashboard.healthcare.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pecosai.portal.cms.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dr.ses.api.healthcare.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dsrs.api.healthcare.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.bluebutton.cms.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aps.portal.cms.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aws-prod.mcr.api.healthcare.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aws-prod.ses.api.healthcare.gov' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustRSACA2018.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustRSACA2018.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes) 0168007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10000001708c0a73b90000040300473045022100b1d6981a9ba36328c163168a87fbbfadc6b081a0e470c3f1b044cc4e952657820220238d32a7f060951757ce119a487149118b0deff85b7551541a36beaaf0c0c0f60076005cdc4392fee6ab4544b15e9ad456e61037fbd5fa47dca17394b25ee6f6c70eca000001708c0a73f00000040300473045022011acd9b11e7165c5d8b9ba440b1686741fcec290135a45e4b0624e5cba5b75d3022100bb44761026f7845d789aa8db11e34ab19d7b017609c38177a1b574feab9d23b0007600eec095ee8d72640f92e3c3b91bc712a3696a097b4b6a1a1438e647b2cbedc5f9000001708c0a741c0000040300473045022100efd00d43bbfe07b2ecf3f3397cfe208a94f50af6a638bbdbe9bc72efb0cc536002207da77c80d8d3cadd05d0f0ecd5625211ff7b374dacf25d1aa98c9bb73f0bd479 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0050e8e9dac50b15a4fef26d5b6e7e9abf72b2a1094a6dba631a41320b77ea0f5dfb3512b65ba8a18309c4d04274c3a5c2b3a9d17c88fcb5173a75c54b64c79f38bdf3f6e0cbfe6559144adb7b0b8fa1b72f24b87871116ccefefb6be75e44bee6befdf70dcb109100a23fdbc8c095f8ffaec882dcfcfa4570a1d7d4ba5aa874ebbcb6178324a18dea3f3f12665a222e900231a8624f85100874c5d9f866ce235113722929e91e4acf5a8fca3dc25c4de27653b29cb2323a82caaccf60bdda5183c2a7c0e67dae1b04f454cc5c337ade6c5d96800b5b8ae04efde1b444b3e7e4ffdcca64dc0115eca660a839f396711a3874fa74102e84e099997a880e36b122d3