*.homeoffice.gsi.gov.uk
- Home Office -
Issued by Entrust Certification Authority - L1K
About this certificate
This digital certificate with serial number 06:4e:e2:4e:7a:72:d2:2d:1d:c0:e5:b7:ba:4a:bf:47 was issued on by Entrust, Inc..
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Home Office
Organization:
Home Office
Locality:
London
Country: GB
Country: GB
Entrust, Inc.
Organization:
Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 06:4e:e2:4e:7a:72:d2:2d:1d:c0:e5:b7:ba:4a:bf:47Serial Number (int): 8384957171938294453431383503240085319
Serial Number lenght: 123 bits, 16 octets
SubjectKeyId: 7c:19:81:55:4f:80:34:cf:e5:e5:13:63:38:33:d4:78:9d:ad:78:d8
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf
Fingerprint (sha1): 4e:e2:80:bc:cb:b7:96:4b:7c:70:f9:fb:8d:10:b1:4f:6c:95:69:d0
Fingerprint (sha256): 09:08:09:d3:06:e4:62:58:aa:20:9b:f1:f2:86:c7:46:95:43:a4:3e:76:82:59:9e:fc:8c:35:7f:39:42:c9:42
Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer
Revocation information
OCSP Server: http://ocsp.entrust.netCRL Distribution Point: http://crl.entrust.net/level1k.crl
Check the revocation status for certificate *.homeoffice.gsi.gov.uk
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.homeoffice.gsi.gov.uk
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.homeoffice.gsi.gov.uk
Other certificates including the domain name gsi.gov.uk
(limited to 100 certificates)
*.fcos.gsi.gov.uk
mis.gateway.gsi.gov.uk
hmtreasury.gsi.gov.uk
www.ims.homeoffice.gsi.gov.uk
sip.dwp.gsi.gov.uk
noms-sip-support.noms.gsi.gov.uk
selfserve.scc.gsi.gov.uk
dr.noms.gsi.gov.uk
eucaristest.dvla.gsi.gov.uk
www.nsv.gsi.gov.uk
im.noms.gsi.gov.uk
mail.mhra.gov.uk
tellusonce.gsi.gov.uk
spg400.noms.gsi.gov.uk
cis.dwp.gsi.gov.uk
alfresco.noms.gsi.gov.uk
sts.cma.gov.uk
dfidexchange.dfid.gov.uk
hmtreasury.gsi.gov.uk
spg500.noms.gsi.gov.uk
dvla.gsi.gov.uk
STS.MHRA.GOV.UK
*.homeoffice.gsi.gov.uk
noms.gsi.gov.uk
portal.nca.gsi.gov.uk
noms.gsi.gov.uk
app.college.gsi.gov.uk
spg510.noms.gsi.gov.uk
sapphire.gsi.gov.uk
secure.sentinel.scc.com
portal-60.fcfg.gsi.gov.uk
spg510.noms.gsi.gov.uk
spire.trade.gsi.gov.uk
myaccount.gateway.gsi.gov.uk
analytic.noms.gsi.gov.uk
live.oscar.gsi.gov.uk
extranet.ipcc.gsi.gov.uk
*.ppud.gsi.gov.uk
t2.oscar.gsi.gov.uk
sts.mhra.gov.uk
pdlsc.pss.psn.dwp.gsi.gov.uk
decc.gsi.gov.uk
DHDISCOVERER.DH.GSI.GOV.UK
spire.trade.gsi.gov.uk
sco.ecase.gsi.gov.uk
STS.MHRA.GOV.UK
im.noms.gsi.gov.uk
vcmspp.noms.gsi.gov.uk
sip.dwp.gsi.gov.uk
*.mhra.gov.uk
docs.skyscapecloud.gsi.gov.uk
mail.mhra.gov.uk
zerto.z00010-ee1.r00007.frn.skyscapecloud.gsi.gov.uk
mail.mhra.gov.uk
sip.nationalpolice.FCOS.GSI.GOV.UK
analytic.noms.gsi.gov.uk
cag.vosa.gsi.gov.uk
sso-60.fcfg.gsi.gov.uk
*.ebanalytics.co.uk
mailshe.education.gov.uk
ccm.ukba.gsi.gov.uk
Mail.policeconduct.gov.uk
bsp-manager.psn.dwp.gsi.gov.uk
yjbservicespp.yjb.gsi.gov.uk
ext.mobile.fco.gsi.gov.uk
casa.psn.dwp.gsi.gov.uk
service.ucd.gsi.gov.uk
sharedservicesarvato.gsi.gov.uk
libra.courtstore.justice.gsi.gov.uk
sts.staging.mhra.gov.uk
sip.nationalpolice.FCOS.GSI.GOV.UK
www.ims.homeoffice.gsi.gov.uk
zerto.z0000d.r00005.cor.portal.skyscapecloud.gsi.gov.uk
vcmspp.noms.gsi.gov.uk
cag.vosa.gsi.gov.uk
Mail.policeconduct.gov.uk
ccm.ukba.gsi.gov.uk
mail.mhra.gov.uk
myaccount.gateway.gsi.gov.uk
bsp-manager.psn.dwp.gsi.gov.uk
preprod-intranet.hmpps.gsi.gov.uk
tfclookup.psn.dwp.gsi.gov.uk
estate.fco.gov.uk
poise.homeoffice.gsi.gov.uk
analytics.hmpps.gsi.gov.uk
im.noms.gsi.gov.uk
zerto.z00010-ef1.r00007.frn.skyscapecloud.gsi.gov.uk
FDEREPORTS.dsa.gsi.gov.uk
spg500.noms.gsi.gov.uk
courtstore.justice.gsi.gov.uk
pam.gsi.gov.uk
mta-sts.adjudicatorsoffice.gsi.gov.uk
jbes.pss.psn.dwp.gsi.gov.uk
zerto.z00012.r00006.frn.portal.skyscapecloud.gsi.gov.uk
vcms.noms.gsi.gov.uk
spg.noms.gsi.gov.uk
sapphire.gsi.gov.uk
Sip.hca.gsi.gov.uk
portal1.dft.gsi.gov.uk
mis.gateway.gsi.gov.uk
hmtreasury.gsi.gov.uk
www.ims.homeoffice.gsi.gov.uk
sip.dwp.gsi.gov.uk
noms-sip-support.noms.gsi.gov.uk
selfserve.scc.gsi.gov.uk
dr.noms.gsi.gov.uk
eucaristest.dvla.gsi.gov.uk
www.nsv.gsi.gov.uk
im.noms.gsi.gov.uk
mail.mhra.gov.uk
tellusonce.gsi.gov.uk
spg400.noms.gsi.gov.uk
cis.dwp.gsi.gov.uk
alfresco.noms.gsi.gov.uk
sts.cma.gov.uk
dfidexchange.dfid.gov.uk
hmtreasury.gsi.gov.uk
spg500.noms.gsi.gov.uk
dvla.gsi.gov.uk
STS.MHRA.GOV.UK
*.homeoffice.gsi.gov.uk
noms.gsi.gov.uk
portal.nca.gsi.gov.uk
noms.gsi.gov.uk
app.college.gsi.gov.uk
spg510.noms.gsi.gov.uk
sapphire.gsi.gov.uk
secure.sentinel.scc.com
portal-60.fcfg.gsi.gov.uk
spg510.noms.gsi.gov.uk
spire.trade.gsi.gov.uk
myaccount.gateway.gsi.gov.uk
analytic.noms.gsi.gov.uk
live.oscar.gsi.gov.uk
extranet.ipcc.gsi.gov.uk
*.ppud.gsi.gov.uk
t2.oscar.gsi.gov.uk
sts.mhra.gov.uk
pdlsc.pss.psn.dwp.gsi.gov.uk
decc.gsi.gov.uk
DHDISCOVERER.DH.GSI.GOV.UK
spire.trade.gsi.gov.uk
sco.ecase.gsi.gov.uk
STS.MHRA.GOV.UK
im.noms.gsi.gov.uk
vcmspp.noms.gsi.gov.uk
sip.dwp.gsi.gov.uk
*.mhra.gov.uk
docs.skyscapecloud.gsi.gov.uk
mail.mhra.gov.uk
zerto.z00010-ee1.r00007.frn.skyscapecloud.gsi.gov.uk
mail.mhra.gov.uk
sip.nationalpolice.FCOS.GSI.GOV.UK
analytic.noms.gsi.gov.uk
cag.vosa.gsi.gov.uk
sso-60.fcfg.gsi.gov.uk
*.ebanalytics.co.uk
mailshe.education.gov.uk
ccm.ukba.gsi.gov.uk
Mail.policeconduct.gov.uk
bsp-manager.psn.dwp.gsi.gov.uk
yjbservicespp.yjb.gsi.gov.uk
ext.mobile.fco.gsi.gov.uk
casa.psn.dwp.gsi.gov.uk
service.ucd.gsi.gov.uk
sharedservicesarvato.gsi.gov.uk
libra.courtstore.justice.gsi.gov.uk
sts.staging.mhra.gov.uk
sip.nationalpolice.FCOS.GSI.GOV.UK
www.ims.homeoffice.gsi.gov.uk
zerto.z0000d.r00005.cor.portal.skyscapecloud.gsi.gov.uk
vcmspp.noms.gsi.gov.uk
cag.vosa.gsi.gov.uk
Mail.policeconduct.gov.uk
ccm.ukba.gsi.gov.uk
mail.mhra.gov.uk
myaccount.gateway.gsi.gov.uk
bsp-manager.psn.dwp.gsi.gov.uk
preprod-intranet.hmpps.gsi.gov.uk
tfclookup.psn.dwp.gsi.gov.uk
estate.fco.gov.uk
poise.homeoffice.gsi.gov.uk
analytics.hmpps.gsi.gov.uk
im.noms.gsi.gov.uk
zerto.z00010-ef1.r00007.frn.skyscapecloud.gsi.gov.uk
FDEREPORTS.dsa.gsi.gov.uk
spg500.noms.gsi.gov.uk
courtstore.justice.gsi.gov.uk
pam.gsi.gov.uk
mta-sts.adjudicatorsoffice.gsi.gov.uk
jbes.pss.psn.dwp.gsi.gov.uk
zerto.z00012.r00006.frn.portal.skyscapecloud.gsi.gov.uk
vcms.noms.gsi.gov.uk
spg.noms.gsi.gov.uk
sapphire.gsi.gov.uk
Sip.hca.gsi.gov.uk
portal1.dft.gsi.gov.uk
Certificate
The complete raw certificate details for *.homeoffice.gsi.gov.uk in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGCzCCBPOgAwIBAgIQBk7iTnpy0i0dwOW3ukq/RzANBgkqhkiG9w0BAQsFADCB ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y NDAzMjIxNDAyMTNaFw0yNTAzMjExNDAyMTJaMFYxCzAJBgNVBAYTAkdCMQ8wDQYD VQQHEwZMb25kb24xFDASBgNVBAoTC0hvbWUgT2ZmaWNlMSAwHgYDVQQDDBcqLmhv bWVvZmZpY2UuZ3NpLmdvdi51azCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC ggIBAMcnq7mQKRatiKXLEMU3Kv5BJPW91ckQCpdpKzUEH3T9MtSc4fWi+SivXYdD KcM4C5jpLmgWsaucIOxNlr8TVMMtJZa6z0iWci3y0hZH2nc/+qpPTFLQqkb08oq1 18yiOHPHiMBTuIwTKpI9tF33wrgZslcbQFZGfjD1+3pJ7UP/jLCEZtR8CVgDq48n TYpSzLzrKzmdS03K3dLWYg0rx2P9k+ify8+KcWPbkfQ8a1kPCAe92l+KXlZPqhx5 XJjwl/L/S0d3TIuKxs68tuJjE3m4gB03loULAOGrQLwVFInkehpB+KGdPy7nXIyh VWrfPn9rT9Y2leLvJqbYzZI4SVm8sByGELwRNwn4AvER9JmM+niFc8SUW8UxUA/U liZXqDdT/4B9G+DPqee4G5Bgq8GjvoWOz6G+fBVS4nroRgFuKEaxR2Inm0KjPWK2 NeBqcJzHdXz4DYgVXVf6MS2CKw715D4vPzjHSaTpDfGYrNWCNFqaT3PQEN2AEbOa zJoL4FCH6WOQVvOPH51Nw+3Ije+G2yimCun/ECmnMp1f5QGC8Xizon9XOJ6vH+01 CrnZKl3z0edBh2QHkHLyK2fbxvIbHByKc/iBkfWHde0Nt4joweHTAVJOGH6FQwPB F+oHz3Bd7UeZBMU4Cmky9HMDeJhKSPceBYHYGJ6HxXCMeKj9AgMBAAGjggFuMIIB ajAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR8GYFVT4A0z+XlE2M4M9R4na142DAf BgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzBoBggrBgEFBQcBAQRcMFow IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMGCCsGAQUFBzAC hidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1jaGFpbjI1Ni5jZXIwMwYDVR0f BCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFrLmNybDAi BgNVHREEGzAZghcqLmhvbWVvZmZpY2UuZ3NpLmdvdi51azAOBgNVHQ8BAf8EBAMC BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBMGA1UdIAQMMAowCAYG Z4EMAQICMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAM OPPb1qPy/VAovRul/AZVZrkvcbxy6sUdbEd/jfEcmdGmHR3D3+GL2N0ypUBG5TL1 OV0EVUe9FS+EZlabAjPsaKszkqggw9iJxfG2kpeErgOXXLmXPoV1ilgSx6JgvezI mPnGqPmsom22M8PEeYnnM4q9bUpEIKvboKA4RI3ZTJlkhrDEaA5T5Ac908vDwJ/V N2cKu4iNBP303BeYLweboyySZKXprck7+UvQy97GnKoVwXaJUhNVpUzsYqPh4kMB bBUbMUpoSXqwxDuOM2qhhbg8pfljteUq9c8kHjmuG30k+DxYXMwN6skGydLw4AAd oSEvpp+Q37xu9eK/5l7k -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxyeruZApFq2IpcsQxTcq /kEk9b3VyRAKl2krNQQfdP0y1Jzh9aL5KK9dh0MpwzgLmOkuaBaxq5wg7E2WvxNU wy0llrrPSJZyLfLSFkfadz/6qk9MUtCqRvTyirXXzKI4c8eIwFO4jBMqkj20XffC uBmyVxtAVkZ+MPX7ekntQ/+MsIRm1HwJWAOrjydNilLMvOsrOZ1LTcrd0tZiDSvH Y/2T6J/Lz4pxY9uR9DxrWQ8IB73aX4peVk+qHHlcmPCX8v9LR3dMi4rGzry24mMT ebiAHTeWhQsA4atAvBUUieR6GkH4oZ0/LudcjKFVat8+f2tP1jaV4u8mptjNkjhJ WbywHIYQvBE3CfgC8RH0mYz6eIVzxJRbxTFQD9SWJleoN1P/gH0b4M+p57gbkGCr waO+hY7Pob58FVLieuhGAW4oRrFHYiebQqM9YrY14GpwnMd1fPgNiBVdV/oxLYIr DvXkPi8/OMdJpOkN8Zis1YI0WppPc9AQ3YARs5rMmgvgUIfpY5BW848fnU3D7ciN 74bbKKYK6f8QKacynV/lAYLxeLOif1c4nq8f7TUKudkqXfPR50GHZAeQcvIrZ9vG 8hscHIpz+IGR9Yd17Q23iOjB4dMBUk4YfoVDA8EX6gfPcF3tR5kExTgKaTL0cwN4 mEpI9x4FgdgYnofFcIx4qP0CAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 8384957171938294453431383503240085319 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-22 14:02:13 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-21 14:02:12 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'London' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Home Office' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.homeoffice.gsi.gov.uk' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 812481367757823520348164225252746492737675991130878865338723444360292764547680253687523730418517401521456583491616789972063098321828218412609681547106119899907290531024914492208889637100187911567728405989047888297912633867109119085046942045671291708066120689559499820919542527211323092250769377883020227400093388331489289084207363276643498827254839650918671591125349035660887568641384878115237565715779327816854657675338649457669472808143700175521772675774960266833934952593595793677706449077296920231163672096865969677530405492757427746377180565040112014270337526492945316113849743445048816049888507069343632452710280376975058854936305581594788019676264328524273675656198331936659815535625981770179055156248178978471101107150267425344120748367360702231685362771981663867621390637066715974046706405679447100386829078037147398278829557416243772038330615973314520802448755061970601288162485869321273326520266191773745327300267694226603798850297070454138952686879338293363661478034826613523042316957493435742424358880537514227357489190512362312920081569087863197344843985107731278573595524251288544389598409939715996057646075617925751333343126818508937415350391741919908479912765472875617983813476280682946460641365168299656736266561789 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 7c1981554f8034cfe5e513633833d4789dad78d8 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (27 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.homeoffice.gsi.gov.uk' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 000c38f3dbd6a3f2fd5028bd1ba5fc065566b92f71bc72eac51d6c477f8df11c99d1a61d1dc3dfe18bd8dd32a54046e532f5395d045547bd152f8466569b0233ec68ab3392a820c3d889c5f1b6929784ae03975cb9973e85758a5812c7a260bdecc898f9c6a8f9aca26db633c3c47989e7338abd6d4a4420abdba0a038448dd94c996486b0c4680e53e4073dd3cbc3c09fd537670abb888d04fdf4dc17982f079ba32c9264a5e9adc93bf94bd0cbdec69caa15c17689521355a54cec62a3e1e243016c151b314a68497ab0c43b8e336aa185b83ca5f963b5e52af5cf241e39ae1b7d24f83c585ccc0deac906c9d2f0e0001da1212fa69f90dfbc6ef5e2bfe65ee4