node21.webauthn.eduid.ch

- SWITCH -

Issued by DigiCert Global G2 TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 06:79:48:6c:a3:62:1d:a1:5a:cd:cd:45:fe:ea:08:63 was issued on by DigiCert Inc.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

SWITCH

Organization: SWITCH
State / Province: Zürich
Locality: Zürich
Country: CH

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 06:79:48:6c:a3:62:1d:a1:5a:cd:cd:45:fe:ea:08:63
Serial Number (int): 8605104835289895097592407204718839907
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: bc:76:7e:5d:94:8b:8b:0c:14:9d:8f:e2:0c:fc:94:2d:31:5e:a2:44
AuthorityKeyId: 74:85:80:c0:66:c7:df:37:de:cf:bd:29:37:aa:03:1d:be:ed:cd:17

Fingerprint (sha1): 60:e7:cd:07:2b:16:65:6a:9e:bc:10:e2:81:7e:07:c9:7d:72:2a:05
Fingerprint (sha256): 09:d9:43:5e:a8:4f:5b:82:bd:95:ea:83:e9:fc:ce:48:7f:57:0c:dd:15:cf:14:24:a1:21:ba:0e:72:16:aa:04

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl

Check the revocation status for certificate node21.webauthn.eduid.ch

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for node21.webauthn.eduid.ch

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

node21.webauthn.eduid.ch
oak21.switch.ch
webauthn.eduid.ch

Other certificates including the domain name eduid.ch

(limited to 100 certificates)
io.gdi.lenovo.com
node1.login.test.eduid.ch
status.republic.com
node21.webauthn.eduid.ch
login.eduid.ch
login.test.eduid.ch
idp-db.eduid.ch
login.test.eduid.ch
idp-db.test.eduid.ch
altastatus.us.veritas.com
status.republic.com
login.test.eduid.ch
login.eduid.ch
status.greenewx.com
test.login.eduid.ch
login.eduid.ch
node2.lb.trid.switch.ch
node2.lb.trid.switch.ch
login.eduid.ch
login.staging.eduid.ch
status.admiresty.co
idp-db.eduid.ch
login.staging.eduid.ch
uern.d5n.is
aai-login.eduid.ch
node1.lb.trid.switch.ch
status.alogna.co.ao
mfa.test.eduid.ch
login.test.eduid.ch
status.conpds.com
status.conpds.com
login.eduid.ch
login.eduid.ch
status.greenewx.com
eduid.ch
ap-api-fernuni.test.eduid.ch
uern.d5n.is
login.test.eduid.ch
cinc-status.tkelevator.com
comanagetest.eduid.ch
status.linkmanager.ai
status-v3.knowledgeforce.com
status.h2.tc
io.gdi.lenovo.com
idp-db.test.eduid.ch
status.greenewx.com
node2.lb.trid.switch.ch
login.eduid.ch
node2.lb.trid.switch.ch
status.greenewx.com
api.eduid.ch
eduid.ch
status.huntervoip.com.br
status.linkmanager.ai
switch.login.staging.eduid.ch
zhaw.login.staging.eduid.ch
login.staging.eduid.ch
login.eduid.ch
dun.im.4pple.org
status.alam.earth
login.eduid.ch
eduid.ch
proxy-login.eduid.ch
node2.lb.trid.switch.ch
status.republic.com
ldap-slave1.test.eduid.ch
status.sumex.ch
status.linkmanager.ai
login.staging.eduid.ch
status.linkmanager.ai
status.greenewx.com
status.linkmanager.ai
proxy-login.eduid.ch
node2.login.test.eduid.ch
login.test.eduid.ch
proxy-login.eduid.ch
mfa.eduid.ch
login.eduid.ch
altastatus.us.veritas.com
eduid.ch
ldap-slave1.eduid.ch
login.test.eduid.ch
login.test.eduid.ch
io.gdi.lenovo.com
login.test.eduid.ch
status.conpds.com
altastatus.us.veritas.com
status.linkmanager.ai
test.eduid.ch
io.gdi.lenovo.com
unisg.login.staging.eduid.ch
status.huntervoip.com.br
status.nicksaude.com.br
malincdb.switch.ch
uern.d5n.is
node1.lb.trid.switch.ch
cinc-status.tkelevator.com
api.test.eduid.ch
status.greenewx.com
status.linkmanager.ai

Certificate

The complete raw certificate details for node21.webauthn.eduid.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIBDCCBuygAwIBAgIQBnlIbKNiHaFazc1F/uoIYzANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjMx
MTA0MDAwMDAwWhcNMjQwMjAyMjM1OTU5WjBlMQswCQYDVQQGEwJDSDEQMA4GA1UE
CAwHWsO8cmljaDEQMA4GA1UEBwwHWsO8cmljaDEPMA0GA1UEChMGU1dJVENIMSEw
HwYDVQQDExhub2RlMjEud2ViYXV0aG4uZWR1aWQuY2gwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQDooTBcOhuGEcINJ4vSKMEx2om2TRM+rJQNUWtJsw6W
GbUXWUDAqmmS0afeM5eOfd3rtVWwL3Bs1jyzV/j91FLcYMXDfcHhNgBs+sUIKSYO
2VurauoY2TRwTIHvoZlZt1uQhh5ANEhOQMWqi4nE/iPBRrXEbG9Hc/97LGskz9+4
7olMpOPMpLoNUSY3iS2jLyd0bZ7RH98t1Xh2AfBVduDV60DjwFB8B2bpytb7Czfi
XR5yeXX9j7A1CGdxfyO9iopfYIQPeafeFPMKHpo6UbzKDYxKhD7h/KeEVkj49hBs
Ha7J2nZOEcoef7Q5wC+AnfbFWqz+aLB+slr7mE9J5jB6BRbynZipi+Pab0D6bWx3
h6RXpl1/vJ9LT7Gd2rUydBOO2hwuSEwDDqztiSPm+DTSi4lLKcRguCzAsooGd7bY
CXDEkjLPNEHwzNKX9GkalGDxYFWuKaN4c2w0nzB36buXQ4qTM+uxsYNWXOPuSIxk
1+kJoRCxq+peWmgabcuWP2KWUd3bfZEF5ccv6qd4MPp+VoXQByhbKF6e/6GKxDnx
qaXYMMxiyvVACUcc4G875OIeupz5eRQNDumaxaO6xjCT0LJlp6OucdncZWGn56ML
WH5dtrNCOVyTCJQOm1CVhqphGijgqKHkLgGNTVr0qeoLAdrgmXgA5kr+SaNS8xwV
WwIDAQABo4IDujCCA7YwHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcw
HQYDVR0OBBYEFLx2fl2Ui4sMFJ2P4gz8lC0xXqJEMEcGA1UdEQRAMD6CGG5vZGUy
MS53ZWJhdXRobi5lZHVpZC5jaIIPb2FrMjEuc3dpdGNoLmNoghF3ZWJhdXRobi5l
ZHVpZC5jaDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRw
Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0fBIGXMIGUMEigRqBEhkJodHRw
Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1
NjIwMjBDQTEtMS5jcmwwSKBGoESGQmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9E
aWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNybDCBhwYIKwYB
BQUHAQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20w
UQYIKwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2Vy
dEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAMBgNVHRMBAf8EAjAA
MIIBgAYKKwYBBAHWeQIEAgSCAXAEggFsAWoAdwDuzdBk1dsazsVct520zROiModG
fLzs3sNRSFlGcR+1mwAAAYuXqFyVAAAEAwBIMEYCIQCREbcCjWY37ogPfP74pmQE
aRcthECoiPfKTd1EtTbvrwIhAOPfoxUJJG3I8dOFNj4K470ugwu2U4ymOE7R6eir
FsBuAHYASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGLl6hcNQAA
BAMARzBFAiBkJwcwJFxi5TjtZG7jwg79y7boFa2Hi4OiKi7pBxVQ8QIhAPccXYfe
tpaG5V5fNtzFOTxcFexDjjUg5Vz37j+L/im0AHcA2ra/az+1tiKfm8K7XGvocJFx
bLtRhIU0vaQ9MEjX+6sAAAGLl6hcHwAABAMASDBGAiEAlrzLsvdgQUOBXDnqq+EE
b+tX8DDvqsQIsQcczisPXfACIQCBWCzu4jDZCodoLukKHKLbhnbUebyH1QS08ps1
mBrhbTANBgkqhkiG9w0BAQsFAAOCAQEAc753S9jJZqrxkFOmd49qfYPo9exsyCT7
jU2g+TzQQQp5et+Sb4nqbvTUXxJgU+aFWUDhoTAyPC+uk+0FqAObgUxAulK4ijS3
h1nNgR5iQ65kRlJwDjdBrde3WsVVWak9y6N9e725RSFgUpILp1AkDy8Nwv55asb8
APIvhgjn5Cvs1jAZzpQeB9EnUVQ9wYQEmMHyVWkp+Z30yTnk82MTzUuiXYJbEgN4
fg2nMPKsBMU7D7N+wxeK55Gz5kCQW4154ZzjPEoHa0sNq2mDqw9JXjWFCNq/ZQmQ
JnlIml5nVMnZbSBTKP2xKzcvNeGx6XeAUthHR4k1aMsIUEJ9eOGoQg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6KEwXDobhhHCDSeL0ijB
MdqJtk0TPqyUDVFrSbMOlhm1F1lAwKppktGn3jOXjn3d67VVsC9wbNY8s1f4/dRS
3GDFw33B4TYAbPrFCCkmDtlbq2rqGNk0cEyB76GZWbdbkIYeQDRITkDFqouJxP4j
wUa1xGxvR3P/eyxrJM/fuO6JTKTjzKS6DVEmN4ktoy8ndG2e0R/fLdV4dgHwVXbg
1etA48BQfAdm6crW+ws34l0ecnl1/Y+wNQhncX8jvYqKX2CED3mn3hTzCh6aOlG8
yg2MSoQ+4fynhFZI+PYQbB2uydp2ThHKHn+0OcAvgJ32xVqs/miwfrJa+5hPSeYw
egUW8p2YqYvj2m9A+m1sd4ekV6Zdf7yfS0+xndq1MnQTjtocLkhMAw6s7Ykj5vg0
0ouJSynEYLgswLKKBne22AlwxJIyzzRB8MzSl/RpGpRg8WBVrimjeHNsNJ8wd+m7
l0OKkzPrsbGDVlzj7kiMZNfpCaEQsavqXlpoGm3Llj9illHd232RBeXHL+qneDD6
flaF0AcoWyhenv+hisQ58aml2DDMYsr1QAlHHOBvO+TiHrqc+XkUDQ7pmsWjusYw
k9CyZaejrnHZ3GVhp+ejC1h+XbazQjlckwiUDptQlYaqYRoo4Kih5C4BjU1a9Knq
CwHa4Jl4AOZK/kmjUvMcFVsCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 8605104835289895097592407204718839907
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global G2 TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-04 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-02 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Zürich'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Zürich'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SWITCH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'node21.webauthn.eduid.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 949046147879822399980565482175987729941580312122528232211675564681495548444903577425733222660331063170639032239751136531792662363500756950977957720263793106221020194778589714865015470011722954376206892399487606800855643053263427739257415829072400053856239899302916941348584786429327879340620256305404050088692195436370951632786981701804886447776780324974503680677122862602158775630250161086172080604640261047181132637325101322827446121866234126113175338414935837835279774933146394490964267408928198934374419490261011308309190457138524400505561009364086026789207409208301119877129208290096835304025440956754476710645735002935173524163333512616316031611040811608979408498881503910384905445435595178195377506707197790146759594014628597135961719718015559944478528003098580026751183696664192930384494346730349852367022080922825070786159478480832907769289626898215817118354374655915231760341285635601093506126683213017854503879558047081766181623829660756495400649387515788328884548350897207237154375187404173401453565999538292858335526367663709822162700427308763083867072617136310310613780462155011798326612436725634476723881472953092186267642611220684665408509764453711328978712945157470452617731920915940631873911811035898417874351166811
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 748580c066c7df37decfbd2937aa031dbeedcd17
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							bc767e5d948b8b0c149d8fe20cfc942d315ea244
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (64 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'node21.webauthn.eduid.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oak21.switch.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webauthn.eduid.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018b97a85c9500000403004830460221009111b7028d6637ee880f7cfef8a6640469172d8440a888f7ca4ddd44b536efaf022100e3dfa31509246dc8f1d385363e0ae3bd2e830bb6538ca6384ed1e9e8ab16c06e00760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018b97a85c350000040300473045022064270730245c62e538ed646ee3c20efdcbb6e815ad878b83a22a2ee9071550f1022100f71c5d87deb69686e55e5f36dcc5393c5c15ec438e3520e55cf7ee3f8bfe29b4007700dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018b97a85c1f000004030048304602210096bccbb2f7604143815c39eaabe1046feb57f030efaac408b1071cce2b0f5df002210081582ceee230d90a87682ee90a1ca2db8676d479bc87d504b4f29b35981ae16d
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0073be774bd8c966aaf19053a6778f6a7d83e8f5ec6cc824fb8d4da0f93cd0410a797adf926f89ea6ef4d45f126053e6855940e1a130323c2fae93ed05a8039b814c40ba52b88a34b78759cd811e6243ae644652700e3741add7b75ac55559a93dcba37d7bbdb945216052920ba750240f2f0dc2fe796ac6fc00f22f8608e7e42becd63019ce941e07d12751543dc1840498c1f2556929f99df4c939e4f36313cd4ba25d825b1203787e0da730f2ac04c53b0fb37ec3178ae791b3e640905b8d79e19ce33c4a076b4b0dab6983ab0f495e358508dabf6509902679489a5e6754c9d96d205328fdb12b372f35e1b1e9778052d84747893568cb0850427d78e1a842