ukga-prd-hpov03.illumina.com

- Illumina Inc -

Issued by HydrantID Server CA O1

About this certificate

This digital certificate with serial number 40:01:8e:15:a6:47:f4:3b:b6:cd:54:9f:d4:39:fe:d0 was issued on by IdenTrust.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Illumina Inc

Organization: Illumina Inc
State / Province: California
Locality: San Diego
Country: US

IdenTrust

Organization: IdenTrust
Organization unit: HydrantID Trusted Certificate Service
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 40:01:8e:15:a6:47:f4:3b:b6:cd:54:9f:d4:39:fe:d0
Serial Number (int): 85078665844509780752711390480955997904
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 95:c2:bf:58:cd:55:c1:b6:f3:7c:55:b2:ca:aa:bb:75:f2:96:60:a4
AuthorityKeyId: 89:b8:9b:b6:9e:ed:fb:b0:c6:bd:0d:ec:67:4e:3c:a3:92:9d:2d:f9

Fingerprint (sha1): ad:2e:4c:83:54:13:8c:7e:1a:6b:79:3b:cf:91:1a:6d:3a:6b:2d:ba
Fingerprint (sha256): 07:fb:63:55:a4:2f:03:d9:55:1f:57:0e:6f:10:1f:89:67:d6:3e:e3:82:33:a0:73:c6:48:95:3d:a8:68:05:76

Issuing Certificate URL: http://validation.identrust.com/certs/hydrantidcaO1.p7c

Revocation information

OCSP Server: http://commercial.ocsp.identrust.com
CRL Distribution Point: http://validation.identrust.com/crl/hydrantidcao1.crl

Check the revocation status for certificate ukga-prd-hpov03.illumina.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ukga-prd-hpov03.illumina.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ukga-prd-hpov03.illumina.com

Other certificates including the domain name illumina.com

(limited to 100 certificates)
secure07.stage.lithium.com
ussd-prd-arcp01.illumina.com
ussd-sbx-zpac06.illumina.com
sapgtsprd.illumina.com
lims-rc.illumina.com
dev.rancherpd.illumina.com
dev-prdt.illumina.com
ipp-dev.illumina.com
sgnt-dev-zpac04.illumina.com
lab.adamshealthnetwork.org
instrument-scheduler.ils.illumina.com
sapmiidev.illumina.com
tableausbx.illumina.com
adm-fab-san-prd.illumina.com
prdt.illumina.com
devchat-bluejeans-service.aws-prod.illumina.com
incapsula.com
vault.oad.illumina.com
cpc-jenkins.ep-np.illumina.com
incapsula.com
cds1.cvent.com
grr.illumina.com
ussd-prd-dswb03.illumina.com
gokpi.illumina.com
eventregistration.illumina.com
tst2.etpsolr.illumina.com
*.subscription.illumina.com
supportassets.illumina.com
ontology.testing-domain.illumina.com
*.iron-tst.illumina.com
rancher-vye.aws-dev.illumina.com
UKCH-PRD-SNMD02.illumina.com
*.cloud-test.illumina.com
sso.login.illumina.com
www.alexhang.com
cds1.cvent.com
www.illumina.com
api.sequencing-design.designstudio-staging.illumina.com
tierboard-dev.illumina.com
wgs-preprod.illumina.com
controlmdev.illumina.com
*.docker.illumina.com
cds1.cvent.com
api-tst.add.illumina.com
expwy.apac.illumina.com
components.illumina.com
use1.deso-prod.cpo.illumina.com
www.providerportal.ils.illumina.com
othrys.olympia.k8s.backend-dev-aws.illumina.com
software.radiance-design.illumina.com
finvivirstatus.mambu.com
secure07.stage.lithium.com
tls.automattic.com
*.cloud-test.illumina.com
ipp.illumina.com
softwaredownloads.illumina.com
ussd-dev-zpac04.illumina.com
ussd-ftp.illumina.com
company.ensvee.com
ussd-dev-smap01.illumina.com
ussd-tst-etpw01.illumina.com
ussd-prd-hpad03.illumina.com
vaultdev.illumina.com
ashg2020.illumina.com
*.basespace.illumina.com
*.rancher-dev.illumina.com
cds1.cvent.com
inotifications-dev.illumina.com
sapeccprd.illumina.com
finvivirstatus.mambu.com
hub-dev.illumina.com
solr-ldap-service.illumina.com
login.illumina.com
incapsula.com
usma-prd-rdgw01.illumina.com
cds1.cvent.com
blog.infra.illumina.com
rancher-thtf.aws-dev.illumina.com
*.cloud-naboo.illumina.com
myaccess-sbx.illumina.com
secure07.stage.lithium.com
ussd-prd-clms02.illumina.com
platform.illumina.com
rancher-test.aws-prod.illumina.com
ukga-prd-hpov03.illumina.com
esb13-n1.illumina.com
incapsula.com
secure07.stage.lithium.com
finvivirstatus.mambu.com
*.testing-domain.illumina.com
*.ca.basespace.illumina.com
*.oad-aws.illumina.com
ussd-prd-snmd04.illumina.com
ussd-prd-okta01.illumina.com
secure07.stage.lithium.com
delivery-api-bssh.ils.illumina.com
cds1.cvent.com
ussd-prd-sfdcspkl.illumina.com
blog.arwinstrating.com
splunkes.illumina.com

Certificate

The complete raw certificate details for ukga-prd-hpov03.illumina.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIQQAGOFaZH9Du2zVSf1Dn+0DANBgkqhkiG9w0BAQsFADBy
MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MS4wLAYDVQQLEyVIeWRy
YW50SUQgVHJ1c3RlZCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlMR8wHQYDVQQDExZIeWRy
YW50SUQgU2VydmVyIENBIE8xMB4XDTI0MDMwNjIxMjMyMloXDTI1MDMzMTIxMjIy
MlowdDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcT
CVNhbiBEaWVnbzEVMBMGA1UEChMMSWxsdW1pbmEgSW5jMSUwIwYDVQQDExx1a2dh
LXByZC1ocG92MDMuaWxsdW1pbmEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA7MX+jEOZvBgwovgXUjec6Yk3wIcMpsYyL6B5wYW6fSQmLHAV6bjL
ih6ECsEzLYEzuhVzDhfiy6xwwWUPy3Ht/rU2W9xan5Ncz7QaGXTHg5RCG1S8vnsX
4Q27kA7+WltF6VfZN3Jul/dQpkHCykJ4cDU1RZW2tEh1XMFpWlBqqhEbhLSYIlfG
N8c0CiekhK5r8QWFGCM6zJkP26G4eLp+DS5msG1uc/4oc0tfVIjugmV7h25H8Aam
wkQmhPghxvwKJcEwyS8dX4gYpk+JLkZGuBpFcSGkCArOH9/TekqY/AB1885p1t6R
dfOf+nwxcPdVgS5uvy8S8IsMCQ0i+sc7QwIDAQABo4IBpDCCAaAwDgYDVR0PAQH/
BAQDAgWgMIGFBggrBgEFBQcBAQR5MHcwMAYIKwYBBQUHMAGGJGh0dHA6Ly9jb21t
ZXJjaWFsLm9jc3AuaWRlbnRydXN0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL3Zh
bGlkYXRpb24uaWRlbnRydXN0LmNvbS9jZXJ0cy9oeWRyYW50aWRjYU8xLnA3YzAf
BgNVHSMEGDAWgBSJuJu2nu37sMa9DexnTjyjkp0t+TAhBgNVHSAEGjAYMAgGBmeB
DAECAjAMBgpghkgBhvkvAAYDMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly92YWxp
ZGF0aW9uLmlkZW50cnVzdC5jb20vY3JsL2h5ZHJhbnRpZGNhbzEuY3JsMCcGA1Ud
EQQgMB6CHHVrZ2EtcHJkLWhwb3YwMy5pbGx1bWluYS5jb20wHQYDVR0OBBYEFJXC
v1jNVcG283xVssqqu3XylmCkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAVMZ5Mhd2
+f1Q0U9BblhWV6urabOKhiX5lpZ2NzLlVC47dk9KSvgIfgpMmpa2UtDiDsVsAvFd
smO9l+EyWshgZs/Fd6jmQw3U4dh8ARq+qigSXkgQX5IF1CwnCbwcbFFpRHlOEpkc
qLNcswdcDMC8Eck9u1ogHaswUfZZQiwJxKIOEs5QmF4fhYhi4vZpALlhy5SzfZdJ
BGOMkLeyrH3v4asJl3UDjHr6IvD00/VJgY7hix4EPsnHoSCz+F5kBLzzEqCu/ezV
nd1++wNmbO/Xn4bcE/1B4QVhY91C3rVvK0EUcD4QUSRtMP6+Xcf9E9eV3fq7BpEA
j4eBoUjDnbcXcg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7MX+jEOZvBgwovgXUjec
6Yk3wIcMpsYyL6B5wYW6fSQmLHAV6bjLih6ECsEzLYEzuhVzDhfiy6xwwWUPy3Ht
/rU2W9xan5Ncz7QaGXTHg5RCG1S8vnsX4Q27kA7+WltF6VfZN3Jul/dQpkHCykJ4
cDU1RZW2tEh1XMFpWlBqqhEbhLSYIlfGN8c0CiekhK5r8QWFGCM6zJkP26G4eLp+
DS5msG1uc/4oc0tfVIjugmV7h25H8AamwkQmhPghxvwKJcEwyS8dX4gYpk+JLkZG
uBpFcSGkCArOH9/TekqY/AB1885p1t6RdfOf+nwxcPdVgS5uvy8S8IsMCQ0i+sc7
QwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 85078665844509780752711390480955997904
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IdenTrust'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'HydrantID Trusted Certificate Service'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'HydrantID Server CA O1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-06 21:23:22 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-31 21:22:22 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'San Diego'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illumina Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ukga-prd-hpov03.illumina.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29889874613901116615046073496157192450791509002564813779697821119556356938655501362880227272206226251936808341261840424348736347954626447294903848110974751993676593548229501129418223046720985389283264298985364351930586554831889387564589209363265560166439918200639474331054916920000740973250388757367841902806816963184158057873685068015073386140675854079295656320407166344033297933350354509050362859584940592015845206120762051901831430802199266481693163186399014566401482238176911587245329600909057369410759022106058363334444350616494658128357222360369777143212293994233641358038530926136752717840113119694348393855811
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://commercial.ocsp.identrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://validation.identrust.com/certs/hydrantidcaO1.p7c'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 89b89bb69eedfbb0c6bd0dec674e3ca3929d2df9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.113839.0.6.3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (63 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://validation.identrust.com/crl/hydrantidcao1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ukga-prd-hpov03.illumina.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							95c2bf58cd55c1b6f37c55b2caaabb75f29660a4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0054c679321776f9fd50d14f416e585657abab69b38a8625f99696763732e5542e3b764f4a4af8087e0a4c9a96b652d0e20ec56c02f15db263bd97e1325ac86066cfc577a8e6430dd4e1d87c011abeaa28125e48105f9205d42c2709bc1c6c516944794e12991ca8b35cb3075c0cc0bc11c93dbb5a201dab3051f659422c09c4a20e12ce50985e1f858862e2f66900b961cb94b37d974904638c90b7b2ac7defe1ab099775038c7afa22f0f4d3f549818ee18b1e043ec9c7a120b3f85e6404bcf312a0aefdecd59ddd7efb03666cefd79f86dc13fd41e1056163dd42deb56f2b4114703e1051246d30febe5dc7fd13d795ddfabb0691008f8781a148c39db71772