imp04.fanatics.com

- Fanatics, Inc. -

Issued by GeoTrust RSA CA 2018

About this certificate

This digital certificate with serial number 07:12:1a:89:7f:ae:53:c8:dd:e0:38:b3:f4:79:d9:0e was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Fanatics, Inc.

Organization: Fanatics, Inc.
Organization unit: IT
State / Province: Florida
Locality: Jacksonville
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 07:12:1a:89:7f:ae:53:c8:dd:e0:38:b3:f4:79:d9:0e
Serial Number (int): 9398595550371342406963974449569323278
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 5f:e0:8c:ac:ba:32:e5:ed:18:6e:0d:f6:59:c4:0d:2a:31:1d:9c:05
AuthorityKeyId: 90:58:ff:b0:9c:75:a8:51:54:77:b1:ed:f2:a3:43:16:38:9e:6c:c5

Fingerprint (sha1): 96:c7:18:7f:33:79:68:34:a1:b7:73:af:b3:95:ea:10:c0:5f:23:05
Fingerprint (sha256): 07:7c:44:1f:e8:7b:6e:ad:bb:ee:96:c1:5d:7b:d5:01:0c:f7:c4:07:91:3a:45:8f:99:4b:35:e5:89:b1:15:75

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustRSACA2018.crl

Check the revocation status for certificate imp04.fanatics.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for imp04.fanatics.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

imp04.fanatics.com
fanatics.com

Other certificates including the domain name fanatics.com

(limited to 100 certificates)
secure03.fanaticsretailgroup.com
secure02.fanaticsretailgroup.com
jira.fanatics.com
secure01.fanaticsretailgroup.com
secure03.fanaticsretailgroup.com
domains.returnly.com
cisco-expc02.fanatics.com
secure01.fanaticsretailgroup.com
secure01.fanaticsretailgroup.com
cisco-expe04.fanatics.com
na85-1.cdn.salesforce-communities.com
secure02.fanaticsretailgroup.com
smcq-edge-cluster.fanatics.com
adfs.fanatics.com
secure01.fanaticsretailgroup.com
na85-1.cdn.salesforce-communities.com
image.email-aaanational.com
okta-iwa.fanatics.com
secure02.fanaticsretailgroup.com
www.nflshop.com
gag.fanatics.com
na85-1.cdn.salesforce-communities.com
imp04.fanatics.com
image.email-aaanational.com
image.email-aaanational.com
secure01.fanaticsretailgroup.com
na85-1.cdn.salesforce-communities.com
na85-1.cdn.salesforce-communities.com
domains.returnly.com
secure02.fanaticsretailgroup.com
image.email-aaanational.com
na85-1.cdn.salesforce-communities.com
secure01.fanaticsretailgroup.com
imp01.fanatics.com
secure01.fanaticsretailgroup.com
domains.returnly.com
secure01.fanaticsretailgroup.com
secure03.fanaticsretailgroup.com
secure02.teamfanshop.com
secure01.fanaticsretailgroup.com
image.email-aaanational.com
plm.fanatics.com
secure01.fanaticsretailgroup.com
secure01.fanaticsretailgroup.com
www.nflshop.com
secure01.fanaticsretailgroup.com
secure02.fanaticsretailgroup.com
secure02.fanaticsretailgroup.com
secure02.fanaticsretailgroup.com
secure02.fanaticsretailgroup.com
na85-1.cdn.salesforce-communities.com
cucm04.fanatics.com
secure02.teamfanshop.com
secure02.fanaticsretailgroup.com
returns.fanatics.com
san-2-s1.tlsprovisioning.exacttarget.com
cucm03.fanatics.com
image.email-aaanational.com
cisco-expc02.fanatics.com
domains.returnly.com
owa.fanatics.com
domains.returnly.com
secure01.fanaticsretailgroup.com
secure01.fanaticsretailgroup.com
secure02.teamfanshop.com
cisco-expe02.fanatics.com
secure01.fanaticsretailgroup.com
secure02.teamfanshop.com
returns.fanatics.com
asrfanaticsmgr.fanatics.com
secure02.fanaticsretailgroup.com
image.email-aaanational.com
www.nflshop.com
san-2-s1.tlsprovisioning.exacttarget.com
secure01.fanaticsretailgroup.com
image.email-aaanational.com
domains.returnly.com
www.footballfanatics.com
www.nflshop.com
plm.fanatics.com
image.email-aaanational.com
cisco-expe03.fanatics.com
secure01.fanaticsretailgroup.com
secure02.teamfanshop.com
image.email-aaanational.com
secure02.fanaticsretailgroup.com
secure01.fanaticsretailgroup.com
cisco-expe04.fanatics.com
cucm03.fanatics.com
secure01.fanaticsretailgroup.com
www.nflshop.com
*.fanatics.com
secure01.fanaticsretailgroup.com
portal.wifi.fanatics.com
secure01.fanaticsretailgroup.com
plm.fanatics.com
image.email-aaanational.com
secure02.fanaticsretailgroup.com
jira.fanatics.com
image.email-aaanational.com

Certificate

The complete raw certificate details for imp04.fanatics.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIQBxIaiX+uU8jd4Diz9HnZDjANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe
Fw0xODAyMjEwMDAwMDBaFw0xOTEwMDExMjAwMDBaMHkxCzAJBgNVBAYTAlVTMRAw
DgYDVQQIEwdGbG9yaWRhMRUwEwYDVQQHEwxKYWNrc29udmlsbGUxFzAVBgNVBAoT
DkZhbmF0aWNzLCBJbmMuMQswCQYDVQQLEwJJVDEbMBkGA1UEAxMSaW1wMDQuZmFu
YXRpY3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdo+fXj+
KaKVAhagKJVF2EYZdo8izlgPS8Rl5givemceXPsSg83oPNJQ5X9iP0DVzjco1Zlb
8if+q2xj64JU9mUAaC2IWPKL5g4wxdDxfnLbW3Tw+maE5xa31HQit7agxZlavc59
L3GBUTEP5HkABbenYQWq1+nxC5WxRAiM2i/9cgIKgCCCpYNF00x1yU3c44s5EylN
oCDpfrACumq8MljVbeE3b9O21mHp/WxycPkrwaYsXxkav9C0pyvfJAGvZd5cZll2
xsIG4WuBjZjYmjS9SLycdyUo0yHgYSeb0/gIyTruK8/kTPoGKmw/CQGxs0F3QMCb
KSumraSb4kImbQIDAQABo4IBxTCCAcEwHwYDVR0jBBgwFoAUkFj/sJx1qFFUd7Ht
8qNDFjiebMUwHQYDVR0OBBYEFF/gjKy6MuXtGG4N9lnEDSoxHZwFMCsGA1UdEQQk
MCKCEmltcDA0LmZhbmF0aWNzLmNvbYIMZmFuYXRpY3MuY29tMA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPgYDVR0fBDcwNTAz
oDGgL4YtaHR0cDovL2NkcC5nZW90cnVzdC5jb20vR2VvVHJ1c3RSU0FDQTIwMTgu
Y3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz
Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHUGCCsGAQUFBwEBBGkw
ZzAmBggrBgEFBQcwAYYaaHR0cDovL3N0YXR1cy5nZW90cnVzdC5jb20wPQYIKwYB
BQUHMAKGMWh0dHA6Ly9jYWNlcnRzLmdlb3RydXN0LmNvbS9HZW9UcnVzdFJTQUNB
MjAxOC5jcnQwCQYDVR0TBAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG
9w0BAQsFAAOCAQEAbyHj8vqBBFoOMF/+3ipD6QOPZHH9qga9DRbldmYA2iXNu9ro
ffFk9w3JNlaxJHWBPsAdcyDSW78RA15OdicH6a6WquXGu0ko1H410VHCqRchr8ns
W+5FvxCTk188BCc7i9nfzEDkidbw91IAgEh3W+bWEkLP97A5M6csTb59P0AMDjtc
pLBRFiccTv6odRtF3Gjs8KnJGpWTMGjwfBvpz/SyGDN8quWwKztyCHLcbzOWMo8+
Bz0xKAMLciVl4n98m0bpnYLYlj3s2tqQLpgieTh6obMU3CddXA/j3DYd8ajWGWFr
5OgHU/IuM5PAWp/bA1/W60dxKQye778/2JsV1g==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdo+fXj+KaKVAhagKJVF
2EYZdo8izlgPS8Rl5givemceXPsSg83oPNJQ5X9iP0DVzjco1Zlb8if+q2xj64JU
9mUAaC2IWPKL5g4wxdDxfnLbW3Tw+maE5xa31HQit7agxZlavc59L3GBUTEP5HkA
BbenYQWq1+nxC5WxRAiM2i/9cgIKgCCCpYNF00x1yU3c44s5EylNoCDpfrACumq8
MljVbeE3b9O21mHp/WxycPkrwaYsXxkav9C0pyvfJAGvZd5cZll2xsIG4WuBjZjY
mjS9SLycdyUo0yHgYSeb0/gIyTruK8/kTPoGKmw/CQGxs0F3QMCbKSumraSb4kIm
bQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 9398595550371342406963974449569323278
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-02-21 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-01 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Florida'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Jacksonville'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Fanatics, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'imp04.fanatics.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22956753376641533430534177350015382813931905916290464228154738883058012133838338438623353058250057338399186938460795290489930387125992441078166443286187702146513997340316036103353215712702331951917478454344913674076531969821692915724124029611463082570971525060982479230793214811282013708898590997831252586161103446649556986161734930132578373435906350017319083488423604415421958037232614865466238914849505749089068712882971938021138452149661649222360591015459290140710463133527988442277102892146210092705500421501754537502010406010904228354874974532946675303603651995793020212223148351900442004907809910889265877886573
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9058ffb09c75a8515477b1edf2a34316389e6cc5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5fe08cacba32e5ed186e0df659c40d2a311d9c05
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'imp04.fanatics.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fanatics.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		006f21e3f2fa81045a0e305ffede2a43e9038f6471fdaa06bd0d16e5766600da25cdbbdae87df164f70dc93656b12475813ec01d7320d25bbf11035e4e762707e9ae96aae5c6bb4928d47e35d151c2a91721afc9ec5bee45bf1093935f3c04273b8bd9dfcc40e489d6f0f752008048775be6d61242cff7b03933a72c4dbe7d3f400c0e3b5ca4b05116271c4efea8751b45dc68ecf0a9c91a95933068f07c1be9cff4b218337caae5b02b3b720872dc6f3396328f3e073d3128030b722565e27f7c9b46e99d82d8963decdada902e982279387aa1b314dc275d5c0fe3dc361df1a8d619616be4e80753f22e3393c05a9fdb035fd6eb4771290c9eefbf3fd89b15d6