nasnctxapqa01.na.holcim.net

- LafargeHolcim -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 18:16:ad:29:fa:84:8e:f7:6f:3e:09:ad:9a:db:e2:a3 was issued on by Entrust, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

LafargeHolcim

Organization: LafargeHolcim
State / Province: Michigan
Locality: Dundee
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 18:16:ad:29:fa:84:8e:f7:6f:3e:09:ad:9a:db:e2:a3
Serial Number (int): 32019214612473347785267831531879785123
Serial Number lenght: 125 bits, 16 octets

SubjectKeyId: 64:40:4e:4e:bf:14:5f:a2:fe:11:5e:46:1c:34:eb:22:0b:52:60:3d
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 30:c1:47:18:35:d7:ba:7b:3d:8e:41:1d:64:fb:97:be:bd:6f:50:a6
Fingerprint (sha256): 08:a6:ce:f7:04:3f:b1:fb:60:3a:08:86:1c:1b:19:e8:cc:b4:14:c2:15:5b:a1:23:a9:2d:60:e5:6c:7f:b3:ea

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate nasnctxapqa01.na.holcim.net

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for nasnctxapqa01.na.holcim.net

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

nasnctxapqa01.na.holcim.net

Other certificates including the domain name holcim.net

(limited to 100 certificates)
holporsso.holcim.net
webmail02.ea.holcim.net
hanzsapdev.oc.holcim.net
VPNFBNL.EA.holcim.net
holporsso.holcim.net
hnaadc501.extq.na.holcim.net
lassxp2cip02v.la.holcim.net
*.oc.holcim.net
HEAB-ITSC-A007.ap.holcim.net
vpn.au.holcim.net
nasnctxapqa01.na.holcim.net
hnamgw001.na.holcim.net
emea-webmail.ea.holcim.net
holporsso.holcim.net
usa-dund1-ise3.na.holcim.net
HEAB-ITSC-A006.ap.holcim.net
emea-webmail.ea.holcim.net
amanpmpinpd51.na.holcim.net
AP-SGS-SP901.in.holcim.net
hnaadc501.ebusinessq.na.holcim.net
amanpmpinpd01.na.holcim.net
deuha-webmail.ea.holcim.net
holcimconecta.ea.holcim.net
hnaadc502.extqa.na.holcim.net
qlikview.na.holcim.net
*.ea.holcim.net
holporsso-qa.holcim.net
hnaadc501.ext.na.holcim.net
integration-bmw.ea.holcim.net
hnaadc501.ebusiness.na.holcim.net
usa-dund1-ise3.na.holcim.net
hnaadc502.ebusinessq.na.holcim.net
AP-SGS-VH141.in.holcim.net
hgrsuhep.hgrs.holcim.net
holporsso-qa.holcim.net
hnaadc001.ext.na.holcim.net
vnmds03.ap.holcim.net
usa-dund1-ise4.na.holcim.net
NAWFMSP01.na.holcim.net
hgrs-hbk-s0230.hgrs.holcim.net
holporsso-qa.holcim.net
vpn.au.holcim.net
nasnctxappd03.na.holcim.net
webmail02.ea.holcim.net
usa-dund1-ise3.na.holcim.net
holcimconecta.ea.holcim.net
NACTXP076.na.holcim.net
ita-webmail.ea.holcim.net
AP-SGS-SP901.in.holcim.net
hgrsuhep.hgrs.holcim.net
qua-vpn.ap.holcim.net
AP-SGS-S5200.in.holcim.net
amanpmpinpd51.na.holcim.net
hnaadc502.ebusinessq.na.holcim.net
integration-immw.ea.holcim.net
esp-webmail.ea.holcim.net
AP-SGS-SP902.in.holcim.net
webmail.ea.holcim.net
integration-dmw.ea.holcim.net
hnaadc502.extqa.na.holcim.net
integration-bmw.ea.holcim.net
svk-webmail.ea.holcim.net
webmeetingmx.laseritsc.net
hanzappsdev.oc.holcim.net
AP-SGS-VH141.in.holcim.net
hanzapps.oc.holcim.net
webmail05.ea.holcim.net
AP-SGS-SP902.in.holcim.net
apacsepm.ap.holcim.net
holporsso-qa.holcim.net
mail.au.holcim.net
HEAB-ITSC-A006.ap.holcim.net
hnaadc501.extqa.na.holcim.net
hnaadc501.ebusiness.na.holcim.net
nasnwfmwsqa02.na.holcim.net
svk-webstorage.ea.holcim.net
comms.oc.holcim.net
hnaadc501.ebusinessq.na.holcim.net
hnaadc502.ebusinessq.na.holcim.net
htsx-hbk-s1457.hgrs.holcim.net
esp-logis.ea.holcim.net
sysmon.hgrs.holcim.net
comms.oc.holcim.net
ches-webmail.ea.holcim.net
hnaadc501.ebusinessq.na.holcim.net
amaiiseinpd02.na.holcim.net
hnaadc001.ebusiness.na.holcim.net
eportalqa.oc.holcim.net
nasnoraapdv01.na.holcim.net
hnaadc001.ebusiness.na.holcim.net
integration-immw.ea.holcim.net
nascvlep.ebusiness.na.holcim.net
usa-dund1-ise4.na.holcim.net
imperva.com
imperva.com
hnaadc501.ebusinessq.na.holcim.net
integration-dmw.ea.holcim.net
amaiiseinpd01.na.holcim.net
holporsso.holcim.net
integration-bmw.ea.holcim.net

Certificate

The complete raw certificate details for nasnctxapqa01.na.holcim.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGKDCCBRCgAwIBAgIQGBatKfqEjvdvPgmtmtviozANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDAxMTEwODMxMDVaFw0yNTAyMTAwODMxMDNaMG8xCzAJBgNVBAYTAlVTMREwDwYD
VQQIEwhNaWNoaWdhbjEPMA0GA1UEBxMGRHVuZGVlMRYwFAYDVQQKEw1MYWZhcmdl
SG9sY2ltMSQwIgYDVQQDExtuYXNuY3R4YXBxYTAxLm5hLmhvbGNpbS5uZXQwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCtIU3UxjvFGQxGZ30n6CY86Y8m
koN47VLK1WT/TuKwauLJ+JKE9OUF1rjA7PJzsa/bQFZbfI6H9bxyU1vbGftxB0rg
ESwt7il07lJneM0343cAjGKKD63N/t1//G35mdkMbJd7ZI5BK+XKrGEJW7IC9p23
2apb0Zdgzpf6MFoXDJ96Z7+VLevIlR5Lq0ZRm8CsuYBBmp/d0Lvttz8rf5JLmg08
B39BdG08HuY2p+1U+DjtjR2816y/uK1LLIIOI1xGAxcMZo7bG2eNWSu4lRIPlpaC
EhLDv84JAl4pt1pV3QSIeDl+GsMwY4VKwvao4dUwj3jkLlaeZWwSXEylf3YCVaAB
s22h+TX5k/QnFsVWm+4xWS0ZVYTWM+61n0LAJbpt1yL2NMaldq13jSU05ejXrv0D
V5K6/vhQx/UuGblNX38bSEH8Rt5yrBuJMRMmfRshx7/V4RIyEoQYVsThNXqYKoAg
VN/ThRa8QADyWkvX5/aP3VQYPs8+7QF8068DLR+CbhuBkglI1F4ZmaSBpBPaofMp
2Ze+dAnIgCtKtjCID3nPeD8NAzFat7eKABu//bDTXyQmHiZmNjbB2MBjj8egekuo
2tELMJ8/NLsBey/j/iD6/KrHUNxfyVe3gAWpOhTC2mD3xw/D9IOiGV3B/9Z8tmv6
bTEAUH+qXexSSeqtfQIDAQABo4IBcjCCAW4wDAYDVR0TAQH/BAIwADAdBgNVHQ4E
FgQUZEBOTr8UX6L+EV5GHDTrIgtSYD0wHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3
zX+nYMYKTL8waAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz
cC5lbnRydXN0Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5l
dC9sMWstY2hhaW4yNTYuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwu
ZW50cnVzdC5uZXQvbGV2ZWwxay5jcmwwJgYDVR0RBB8wHYIbbmFzbmN0eGFwcWEw
MS5uYS5ob2xjaW0ubmV0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwEwYDVR0gBAwwCjAIBgZngQwBAgIwEwYKKwYBBAHWeQIE
AwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAMtLg8cI6xe6MK6lHCvawbrCCJ2T
Y5+G9c94f6J8icwANczDO3Vi1ZskQoLQTmn874O3bzMVfNlb0D7WGQkZk7rpWZql
CWP01MtzHghWS4+BDlzen0+3jJpJWuBVdSG+ANSLfy4dD08z+8hk6wqhJSa/bmGd
Ve2CvWOG/ijOUpb7gNw/tPFO3Yp+FFJa0PrBSonbxjy2OlUvYRmxTP4LBZlvKopI
y3UwEnkLeM5vGh4KaeAB4QMcC4IIryYZgGnJti3ng5U95NcIZJyuuzbU6kWzdVD+
C8BpLYdOq6XQJ5lzPwnn02X+0xVNikPZ54BSxTWyliuftwtvSNK5laMITM8=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArSFN1MY7xRkMRmd9J+gm
POmPJpKDeO1SytVk/07isGriyfiShPTlBda4wOzyc7Gv20BWW3yOh/W8clNb2xn7
cQdK4BEsLe4pdO5SZ3jNN+N3AIxiig+tzf7df/xt+ZnZDGyXe2SOQSvlyqxhCVuy
Avadt9mqW9GXYM6X+jBaFwyfeme/lS3ryJUeS6tGUZvArLmAQZqf3dC77bc/K3+S
S5oNPAd/QXRtPB7mNqftVPg47Y0dvNesv7itSyyCDiNcRgMXDGaO2xtnjVkruJUS
D5aWghISw7/OCQJeKbdaVd0EiHg5fhrDMGOFSsL2qOHVMI945C5WnmVsElxMpX92
AlWgAbNtofk1+ZP0JxbFVpvuMVktGVWE1jPutZ9CwCW6bdci9jTGpXatd40lNOXo
1679A1eSuv74UMf1Lhm5TV9/G0hB/EbecqwbiTETJn0bIce/1eESMhKEGFbE4TV6
mCqAIFTf04UWvEAA8lpL1+f2j91UGD7PPu0BfNOvAy0fgm4bgZIJSNReGZmkgaQT
2qHzKdmXvnQJyIArSrYwiA95z3g/DQMxWre3igAbv/2w018kJh4mZjY2wdjAY4/H
oHpLqNrRCzCfPzS7AXsv4/4g+vyqx1DcX8lXt4AFqToUwtpg98cPw/SDohldwf/W
fLZr+m0xAFB/ql3sUknqrX0CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 32019214612473347785267831531879785123
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-11 08:31:05 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-10 08:31:03 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Michigan'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Dundee'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'LafargeHolcim'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nasnctxapqa01.na.holcim.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 706309160408034247180575217295145666054797546609416889182293167049606420445642977170047589500637110278647459792636503913804126997202242255572370457753301734303367164228473440025392224837505294672135323851756084804508414788368801885438996487237570970799674711738851912938662682508254431420218320538460803414711671404894078650626902690679272339759745778596269444131745852504984071364997531481380597868320739602743280020747289921937126094516864298138261968766130621974894952327165660414246305442924314590569412382437909096182469503788282612186021487005450956857191683469897470075669411204286031183708734229372176721703321703604435674719983699304874603845583318494264053106185134550520503715473340115578120723782280871237895286252770695554364119246894936915709079674944213012711502508799378521812219315875810454953330369394616451677730704732599605875047190185689850360491783630227697329818486121175878884233236890043385904217143480398944511365920143163908401369039123723500495462039483930578519256567339973656974566641278870777122279085417812585064572602642844098284821146555289849260756656829070852297812970037966605353225691401509644342551509250310264791111867739060922470690484102459324666491476935759411249231633104263223350525603197
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							64404e4ebf145fa2fe115e461c34eb220b52603d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (31 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nasnctxapqa01.na.holcim.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00cb4b83c708eb17ba30aea51c2bdac1bac2089d93639f86f5cf787fa27c89cc0035ccc33b7562d59b244282d04e69fcef83b76f33157cd95bd03ed619091993bae9599aa50963f4d4cb731e08564b8f810e5cde9f4fb78c9a495ae0557521be00d48b7f2e1d0f4f33fbc864eb0aa12526bf6e619d55ed82bd6386fe28ce5296fb80dc3fb4f14edd8a7e14525ad0fac14a89dbc63cb63a552f6119b14cfe0b05996f2a8a48cb753012790b78ce6f1a1e0a69e001e1031c0b8208af26198069c9b62de783953de4d708649caebb36d4ea45b37550fe0bc0692d874eaba5d02799733f09e7d365fed3154d8a43d9e78052c535b2962b9fb70b6f48d2b995a3084ccf