ha1.parisnanterre.fr

- Université Paris Nanterre -

Issued by TERENA SSL CA 3

About this certificate

This digital certificate with serial number 0c:97:20:81:52:3a:4b:30:64:32:9d:a4:05:8f:7b:d1 was issued on by TERENA.

With 12 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Université Paris Nanterre

Organization: Université Paris Nanterre
Organization unit: DRI
Locality: Nanterre
Country: FR

TERENA

Organization: TERENA
State / Province: Noord-Holland
Locality: Amsterdam
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 0c:97:20:81:52:3a:4b:30:64:32:9d:a4:05:8f:7b:d1
Serial Number (int): 16735432058046274213344786917723438033
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 1c:4c:d1:ef:c9:0e:3b:30:b9:0e:01:8b:f3:61:fb:ff:ff:06:89:6f
AuthorityKeyId: 67:fd:88:20:14:27:98:c7:09:d2:25:19:bb:e9:51:11:63:75:50:62

Fingerprint (sha1): 2a:af:3e:c3:17:4e:85:d6:9d:7a:b2:17:49:96:5e:83:c9:13:53:6f
Fingerprint (sha256): 07:e3:8a:a7:ed:3a:15:03:45:c5:04:88:e2:79:9a:d1:0f:8e:66:6d:9c:b9:6e:71:f4:8c:22:15:66:1c:20:a8

Issuing Certificate URL: http://cacerts.digicert.com/TERENASSLCA3.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/TERENASSLCA3.crl
CRL Distribution Point: http://crl4.digicert.com/TERENASSLCA3.crl

Check the revocation status for certificate ha1.parisnanterre.fr

12

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ha1.parisnanterre.fr

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ha1.parisnanterre.fr
ha1.u-paris10.fr
ha2.u-paris10.fr
ha2.parisnanterre.fr
ha1.vip1.u-paris10.fr
ha1.vip2.u-paris10.fr
ha2.vip1.u-paris10.fr
ha2.vip2.u-paris10.fr
ha1.vip1.parisnanterre.fr
ha1.vip2.parisnanterre.fr
ha2.vip1.parisnanterre.fr
ha2.vip2.parisnanterre.fr

Other certificates including the domain name parisnanterre.fr

(limited to 100 certificates)
gestiondmzhttp.parisnanterre.fr
tpl.parisnanterre.fr
sas.parisnanterre.fr
webtv.parisnanterre.fr
*.parisnanterre.fr
coursenligne.parisnanterre.fr
coursenligne.parisnanterre.fr
ead.parisnanterre.fr
helios.parisnanterre.fr
hal.parisnanterre.fr
formation.parisnanterre.fr
coursenligne2018.parisnanterre.fr
50ansnumerique.parisnanterre.fr
tpl.parisnanterre.fr
comete-red.parisnanterre.fr
examens-phillia.parisnanterre.fr
examensenligne.parisnanterre.fr
ha1.parisnanterre.fr
ent.parisnanterre.fr
comete-stats.parisnanterre.fr
alba.parisnanterre.fr
viatori.parisnanterre.fr
hemera.admc.parisnanterre.fr
consultation.parisnanterre.fr
ead2016.parisnanterre.fr
examensenligne.parisnanterre.fr
comete-stats.parisnanterre.fr
projets.parisnanterre.fr
sas.parisnanterre.fr
ead.parisnanterre.fr
ead.parisnanterre.fr
coursenligne.parisnanterre.fr
baras.parisnanterre.fr
hector.admc.parisnanterre.fr
obm-bkd.parisnanterre.fr
ead.parisnanterre.fr
dante.parisnanterre.fr
webtv.parisnanterre.fr
coursenligne2016.parisnanterre.fr
coursenligne.parisnanterre.fr
comete-gestion.parisnanterre.fr
adum.parisnanterre.fr
coursenligne.parisnanterre.fr
gestiondmzhttp.parisnanterre.fr
webtv.parisnanterre.fr
examensenligne.parisnanterre.fr
ead.parisnanterre.fr
ecandidataspp.parisnanterre.fr
cousinade.grimbert.com
ha2.parisnanterre.fr
recharger.parisnanterre.fr
tpl.parisnanterre.fr
upnidp2.parisnanterre.fr
fichiers.parisnanterre.fr
projets.parisnanterre.fr
blogs.parisnanterre.fr
ssl471393.cloudflaressl.com
amphion.admc.parisnanterre.fr
gluttony2-rec.admc.parisnanterre.fr
eportfolio.parisnanterre.fr
horus.parisnanterre.fr
jason.parisnanterre.fr
coursenligne.parisnanterre.fr
viatori.parisnanterre.fr
upnidp2.parisnanterre.fr
hemera73.parisnanterre.fr
coursenligne2018.parisnanterre.fr
volnay.cva.parisnanterre.fr
imprimer.parisnanterre.fr
webtv.parisnanterre.fr
*.parisnanterre.fr
bene.parisnanterre.fr
primo-stag.parisnanterre.fr
examens-spse.parisnanterre.fr
longaway.parisnanterre.fr
tpl.parisnanterre.fr
coursenligne2016.parisnanterre.fr
50ansnumerique.parisnanterre.fr
ead2016.parisnanterre.fr
santenay.cva.parisnanterre.fr
spwifi.parisnanterre.fr
comete-stats.parisnanterre.fr
coursenligne2018.parisnanterre.fr
arnaudnew.parisnanterre.fr
bdr.parisnanterre.fr
comete-gestion.parisnanterre.fr
coursenligne2016.parisnanterre.fr
*.faraway.parisnanterre.fr
ladro.admc.parisnanterre.fr
*.faraway.parisnanterre.fr
gestiondmzhttp.parisnanterre.fr
coursenligne.parisnanterre.fr
oseprod.admc.parisnanterre.fr
*.saisine.parisnanterre.fr
upnidp1.parisnanterre.fr
blogs.parisnanterre.fr
comete.parisnanterre.fr
bdr.parisnanterre.fr
gestiondmzhttppp.parisnanterre.fr
obm3-ui.parisnanterre.fr

Certificate

The complete raw certificate details for ha1.parisnanterre.fr in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGTDCCBTSgAwIBAgIQDJcggVI6SzBkMp2kBY970TANBgkqhkiG9w0BAQsFADBk
MQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJ
QW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wg
Q0EgMzAeFw0yMDAzMTkwMDAwMDBaFw0yMjA2MjIwMDAwMDBaMHIxCzAJBgNVBAYT
AkZSMREwDwYDVQQHEwhOYW50ZXJyZTEjMCEGA1UECgwaVW5pdmVyc2l0w6kgUGFy
aXMgTmFudGVycmUxDDAKBgNVBAsTA0RSSTEdMBsGA1UEAxMUaGExLnBhcmlzbmFu
dGVycmUuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf3bQtAYSA
b9wz5KK+JChnejOKUM683+gWoeO39ctFudRjfizMjqjdejIOuV+TtV2e1sOxVLHX
9Gvp0fPzZyl/zqpuY+bYxFQbIYYAZvGQHEhqoO9FrZ1YZQj3dmfOZD1t+pxdwTGx
d7KkQDjoZDNO6+nkr25tHtMLhZpiQXglyRx/zUFZMUjaYH0KcPA79qpQtogGAC1M
rywYZgyjw/aJMZbUjDlS0M0G0Bah/3PaO47QtM1WGLQb12MNYmqqD+KM/lBPZnyc
DsxhLCXl5KKROo9flYB+4KjtcLkmWOGiP82sBPNGz6AlZivRTHRD3Fho2qpXIzYQ
lO5rmVSEsjoZAgMBAAGjggLqMIIC5jAfBgNVHSMEGDAWgBRn/YggFCeYxwnSJRm7
6VERY3VQYjAdBgNVHQ4EFgQUHEzR78kOOzC5DgGL82H7//8GiW8wggElBgNVHREE
ggEcMIIBGIIUaGExLnBhcmlzbmFudGVycmUuZnKCEGhhMS51LXBhcmlzMTAuZnKC
EGhhMi51LXBhcmlzMTAuZnKCFGhhMi5wYXJpc25hbnRlcnJlLmZyghVoYTEudmlw
MS51LXBhcmlzMTAuZnKCFWhhMS52aXAyLnUtcGFyaXMxMC5mcoIVaGEyLnZpcDEu
dS1wYXJpczEwLmZyghVoYTIudmlwMi51LXBhcmlzMTAuZnKCGWhhMS52aXAxLnBh
cmlzbmFudGVycmUuZnKCGWhhMS52aXAyLnBhcmlzbmFudGVycmUuZnKCGWhhMi52
aXAxLnBhcmlzbmFudGVycmUuZnKCGWhhMi52aXAyLnBhcmlzbmFudGVycmUuZnIw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBr
BgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vVEVSRU5B
U1NMQ0EzLmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVO
QVNTTENBMy5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcC
ARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbgYIKwYB
BQUHAQEEYjBgMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20w
OAYIKwYBBQUHMAKGLGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFT
U0xDQTMuY3J0MAwGA1UdEwEB/wQCMAAwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJ
KoZIhvcNAQELBQADggEBABa4rzc7wKWR+sENIwFYz+X7XCqJZ42W9FBdIAuUye63
4Z4gVBkGGf9lVaq1uVhoBgYVGUjXIg5o7S+GkiSSOL1a7r2Ih0ZEqQc2n/6B5Id/
ZEVun/hcecxbNFXq9uqKljuMfDZT12kcL9fuxTFMEb+BzR+dzGy/CldHusEMcCwd
suvJJDEQr2rNRzHftLhayopPJ4MfZe9lqWkZK5AEYatxMm1/6o+VDp/q8B4mOnCw
/36iE4rw1AGSb4AVlq+eYr7iXAHpQC5d7gAfii7wcLk9lkrtZI3aWyvLUrGfCYCR
+wqPtywZaTErndYI/fOLwSLqar0vMTMn+HwEW4yAw2A=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3920LQGEgG/cM+SiviQo
Z3ozilDOvN/oFqHjt/XLRbnUY34szI6o3XoyDrlfk7VdntbDsVSx1/Rr6dHz82cp
f86qbmPm2MRUGyGGAGbxkBxIaqDvRa2dWGUI93ZnzmQ9bfqcXcExsXeypEA46GQz
Tuvp5K9ubR7TC4WaYkF4Jckcf81BWTFI2mB9CnDwO/aqULaIBgAtTK8sGGYMo8P2
iTGW1Iw5UtDNBtAWof9z2juO0LTNVhi0G9djDWJqqg/ijP5QT2Z8nA7MYSwl5eSi
kTqPX5WAfuCo7XC5Jljhoj/NrATzRs+gJWYr0Ux0Q9xYaNqqVyM2EJTua5lUhLI6
GQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 16735432058046274213344786917723438033
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Noord-Holland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amsterdam'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TERENA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TERENA SSL CA 3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-19 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-06-22 00:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Nanterre'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Université Paris Nanterre'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DRI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ha1.parisnanterre.fr'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28260468231642252973316435459363682948357065212214111915708659293086991438435708359142277549595736214215417825223020510107336588396906242936480911215877346324348647963549368193573595568303069902436905224842960114178359952247313899201531822338605741482202304319175962107790004489089851453585922772463760557948887698567432271684228425830903676316164349006609990251279152083322002395349374163636814991496303441074043771064722520576951316251109827012954591096962153025771672742302883206477700659338097995824504192603177954791537450274600389273667348091861327009038420497934285204693028842370141038569407942147751483161113
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 67fd8820142798c709d22519bbe9511163755062
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1c4cd1efc90e3b30b90e018bf361fbffff06896f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (284 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ha1.parisnanterre.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ha1.u-paris10.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ha2.u-paris10.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ha2.parisnanterre.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ha1.vip1.u-paris10.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ha1.vip2.u-paris10.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ha2.vip1.u-paris10.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ha2.vip2.u-paris10.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ha1.vip1.parisnanterre.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ha1.vip2.parisnanterre.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ha2.vip1.parisnanterre.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ha2.vip2.parisnanterre.fr'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/TERENASSLCA3.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/TERENASSLCA3.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (98 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/TERENASSLCA3.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0016b8af373bc0a591fac10d230158cfe5fb5c2a89678d96f4505d200b94c9eeb7e19e2054190619ff6555aab5b958680606151948d7220e68ed2f8692249238bd5aeebd88874644a907369ffe81e4877f64456e9ff85c79cc5b3455eaf6ea8a963b8c7c3653d7691c2fd7eec5314c11bf81cd1f9dcc6cbf0a5747bac10c702c1db2ebc9243110af6acd4731dfb4b85aca8a4f27831f65ef65a969192b900461ab71326d7fea8f950e9feaf01e263a70b0ff7ea2138af0d401926f801596af9e62bee25c01e9402e5dee001f8a2ef070b93d964aed648dda5b2bcb52b19f098091fb0a8fb72c1969312b9dd608fdf38bc122ea6abd2f313327f87c045b8c80c360