apicegw.humana.com

- Humana Inc. -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 63:a3:b8:49:0a:6a:b4:03:00:00:00:00:50:f0:82:d4 was issued on by Entrust, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Humana Inc.

Organization: Humana Inc.
Organization unit: Hum
State / Province: Kentucky
Locality: Louisville
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 63:a3:b8:49:0a:6a:b4:03:00:00:00:00:50:f0:82:d4
Serial Number (int): 132443653720894630085981770630753714900
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 1b:ab:65:bf:00:6d:d5:46:52:5d:8f:1e:cf:29:f2:ae:4e:da:4d:fb
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): b1:19:ea:27:1f:cb:5e:54:1a:aa:d4:b3:32:c5:a9:05:58:9a:d4:26
Fingerprint (sha256): 07:46:de:d4:01:8a:d5:a2:dd:79:7d:c4:b7:73:c5:e8:0e:5a:69:99:02:02:3d:57:87:0b:11:0e:e5:5e:d8:d5

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate apicegw.humana.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for apicegw.humana.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

apicegw.humana.com

Other certificates including the domain name humana.com

(limited to 100 certificates)
s4.humana.com
dev-ex1site2.preview.humana.com
vanity7.jiveon.com
QA2-hpsspws.humana.com
s2.humana.com
qa3-myhumana.humana.com
testthis.humana.com
vitalitydestinationrewards.humana.com
shop.humana.com
vanity4.lithium.com
cloud.humana.com
ws.humana.com
5699942098141184-fe2.pantheonsite.io
qa-adsl.humana.com
crmsavaya-client.humana.com
tfauth.humana.com
WS.HUMANA.COM
vanity21.jiveon.com
testthisnow.humana.com
s3.humana.com
valuebasedcare.humana.com
int-apicloudgwyg.humana.com
qa-identitydc.humana.com
vanity6.jiveon.com
previewaz-buy.humana.com
vanity21.jiveon.com
vanity3.jiveon.com
apicloudgegwy-service.humana.com
nis.humana.com
vanity6.jiveon.com
homecaresolutions.humana.com
qa-dc.humana.com
tfauth2.humana.com
s4.humana.com
qa-myaccess.humana.com
qa2-myhmhs.humana.com
*.digital-foundation-prod.ase.east2.azure.humana.com
ezprice.humana.com
webtechconfig.humana.com
wap3.humana.com
vanity21.jiveon.com
acuity-uat.humana.com
oohology.com
tfauth2.humana.com
qa-buy.humana.com
vanity21.jiveon.com
test-developer.humana.com
int-mrsimage.humana.com
tls.automattic.com
EMPLOYERS.HUMANA.COM
vanity21.jiveon.com
vanity6.jiveon.com
qa-m.humana.com
testwwww.VaultPOC.Humana.com
vanity3.jiveon.com
qa-hi.humana.com
qa-clarity.humana.com
qa3-carehubws.humana.com
*.prd-int.cc.humana.com
qa-datavaultws.humana.com
vanity7.jiveon.com
s4.humana.com
dev-ex1site2.humana.com
WS.HUMANA-MILITARY.COM
apicegw.humana.com
qaaz-www.humana.com
carehub.humana.com
s2.humana.com
s4.humana.com
edi.humana.com
qa-pophealthguideapi.humana.com
*.prd-qa.cc.humana.com
dental.humana.com
crms-neoload.humana.com
QA-WWW2.ENROLL.HUMANA.COM
reset.humana.com
myaccess.humana.com
vanity7.jiveon.com
supportqa-resolutions.humana.com
api.humana.com
myhmhs.humana.com
devaz-buy.humana.com
hulpenhoop.be
vanity3.jiveon.com
s1.humana.com
LyncAccess.humana.com
s3.humana.com
carehub.humana.com
www.humanamarketpoint.com
payerplatform-tst.humana.com
hatsc.humana.com
qa-www.humana.com
test1023.test3.VaultPOC.Humana.com
vanity2.lithium.com
login.humana.com
qa-wtlsapi.humana.com
test-webmail.humana.com
qa-myaccess.humana.com
qa-go.humana.com
vanity6.jiveon.com

Certificate

The complete raw certificate details for apicegw.humana.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgIQY6O4SQpqtAMAAAAAUPCC1DANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0x
OTA0MTgxNzU1MjFaFw0yMTA1MjUxODI1MjBaMHYxCzAJBgNVBAYTAlVTMREwDwYD
VQQIEwhLZW50dWNreTETMBEGA1UEBxMKTG91aXN2aWxsZTEUMBIGA1UEChMLSHVt
YW5hIEluYy4xDDAKBgNVBAsTA0h1bTEbMBkGA1UEAxMSYXBpY2Vndy5odW1hbmEu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5BnkvDxO/wPx7bae
TQZ+QAalHlnOP1qovNOC8R1MbWoDpRpI4uXtrZUxcqPitKc0Oww2dTBJ2l+zmqC5
fApnvqpGWhyy1hCnsexQAl+KHvLrAmO4TAeiMzAOvCPbSM1Kk3JU92Qs+kUSgmj8
30z1PVjqi9CkZS1h8r7qEm0/GrLGD4gPNNt8BkYZGIkBEmKzImyQcnSpUOzVizi/
naQ4868gBUs5nXgQUyywrOrJpBIp0ai0M8fmmBe/Iu87SN2BRQ/Ne1Wm9pPKhOWc
uwsFMxvon8XkWSz+hkacMhufZHRGI/EuJCgMVeFRRHwzoqjLVIFHWnBEoKNd69yK
pbjkQQIDAQABo4IBnjCCAZowEwYKKwYBBAHWeQIEAwEB/wQCBQAwHQYDVR0RBBYw
FIISYXBpY2Vndy5odW1hbmEuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2Ny
bC5lbnRydXN0Lm5ldC9sZXZlbDFrLmNybDBLBgNVHSAERDBCMDYGCmCGSAGG+mwK
AQUwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYG
Z4EMAQICMGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQv
bDFrLWNoYWluMjU2LmNlcjAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpM
vzAdBgNVHQ4EFgQUG6tlvwBt1UZSXY8ezynyrk7aTfswCQYDVR0TBAIwADANBgkq
hkiG9w0BAQsFAAOCAQEAfyrfCD2CSMutALcX9U9CiUPIjAjngLh0IPlCLnzcihtU
GeJh+LCVgb392T8RXx5WmnzIj65OLm6PPk2cvagE4EdSiwqcDPcjaITd0Q3YcOGQ
jCT7FJA+c6e+GlWqhBU577EPiaaga6oHsp5B5uhJd6hNsLTNOkZLOsBOAt4/B1I/
2JdoG2wqIYzGwO4jcwCsix2JoTRrvglsKNVnKpYFOuEWJMktydPA//0sxfKQBD2g
xIZBgnYFEylf5LfJVUB4jctrjm5oz0QgE89d+TBEbslKsvbyPVwnojz3un1FgYjH
nyJ2n1bCRPbKoYXcweaRYya07PvsY3+PJgXy25d9iQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5BnkvDxO/wPx7baeTQZ+
QAalHlnOP1qovNOC8R1MbWoDpRpI4uXtrZUxcqPitKc0Oww2dTBJ2l+zmqC5fApn
vqpGWhyy1hCnsexQAl+KHvLrAmO4TAeiMzAOvCPbSM1Kk3JU92Qs+kUSgmj830z1
PVjqi9CkZS1h8r7qEm0/GrLGD4gPNNt8BkYZGIkBEmKzImyQcnSpUOzVizi/naQ4
868gBUs5nXgQUyywrOrJpBIp0ai0M8fmmBe/Iu87SN2BRQ/Ne1Wm9pPKhOWcuwsF
Mxvon8XkWSz+hkacMhufZHRGI/EuJCgMVeFRRHwzoqjLVIFHWnBEoKNd69yKpbjk
QQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 132443653720894630085981770630753714900
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-04-18 17:55:21 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-05-25 18:25:20 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Kentucky'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Louisville'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Humana Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Hum'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'apicegw.humana.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28795102091644594390385968142848131246424173688949167728601531827656531327198747520409480853467804691489955374403003089032791499500721087474069269026535908751468939365417881398445123694079641566217765759760435123345918888584545214660841731033818748180844385148725794009246241157423405591286691177719773291154258447655040369563522108915865810430460763549002168421298906494811254462859643405385916596170400161531199473122882778634210829797338999035812481208888386771009529401562238261090023036079988864870502020721616182106171198990154840150641070054897984904746527059197071314950793508225493710598749533837163165705281
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apicegw.humana.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1bab65bf006dd546525d8f1ecf29f2ae4eda4dfb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		007f2adf083d8248cbad00b717f54f428943c88c08e780b87420f9422e7cdc8a1b5419e261f8b09581bdfdd93f115f1e569a7cc88fae4e2e6e8f3e4d9cbda804e047528b0a9c0cf7236884ddd10dd870e1908c24fb14903e73a7be1a55aa841539efb10f89a6a06baa07b29e41e6e84977a84db0b4cd3a464b3ac04e02de3f07523fd897681b6c2a218cc6c0ee237300ac8b1d89a1346bbe096c28d5672a96053ae11624c92dc9d3c0fffd2cc5f290043da0c4864182760513295fe4b7c95540788dcb6b8e6e68cf442013cf5df930446ec94ab2f6f23d5c27a23cf7ba7d458188c79f22769f56c244f6caa185dcc1e6916326b4ecfbec637f8f2605f2db977d89