idp.lrs.education.gov.uk

- Department for Education -

Issued by GlobalSign RSA OV SSL CA 2018

About this certificate

This digital certificate with serial number 0d:4c:f6:f8:f4:61:fd:86:5d:bf:c4:78 was issued on by GlobalSign nv-sa.

With 11 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Department for Education

Organization: Department for Education
State / Province: Greater Manchester
Locality: Manchester
Country: GB

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate will expire on

Certificate Details

Serial Number (hex): 0d:4c:f6:f8:f4:61:fd:86:5d:bf:c4:78
Serial Number (int): 4116349784525148694926836856
Serial Number lenght: 92 bits, 12 octets

SubjectKeyId: 4b:90:a7:50:a7:d8:e4:cd:3f:b8:d6:e4:87:db:d0:8b:79:1c:5a:10
AuthorityKeyId: f8:ef:7f:f2:cd:78:67:a8:de:6f:8f:24:8d:88:f1:87:03:02:b3:eb

Fingerprint (sha1): e7:23:aa:94:d8:f3:ed:b6:31:8b:ed:d8:e8:16:4e:26:9d:3e:1d:c2
Fingerprint (sha256): 0a:06:95:17:c4:b1:a3:8f:0d:e0:d6:9b:2f:a6:30:33:87:58:fa:08:29:f8:3b:5a:45:65:bb:12:09:9e:8d:02

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt

Revocation information

OCSP Server: http://ocsp.globalsign.com/gsrsaovsslca2018
CRL Distribution Point: http://crl.globalsign.com/gsrsaovsslca2018.crl

Check the revocation status for certificate idp.lrs.education.gov.uk

11

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for idp.lrs.education.gov.uk

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

idp.lrs.education.gov.uk
lrs-prod01-idp.lrs.education.gov.uk
lrs-prod02-idp.lrs.education.gov.uk
lrs-prod03-idp.lrs.education.gov.uk
lrs-prod04-idp.lrs.education.gov.uk
lrs-prod05-idp.lrs.education.gov.uk
lrs-prod06-idp.lrs.education.gov.uk
lrs-prod07-idp.lrs.education.gov.uk
lrs-prod08-idp.lrs.education.gov.uk
lrs-prod09-idp.lrs.education.gov.uk
lrs-prod10-idp.lrs.education.gov.uk

Other certificates including the domain name education.gov.uk

(limited to 100 certificates)
ilsype.education.gov.uk
complete.education.gov.uk
fsm.education.gov.uk
cipdev.docs.platform.education.gov.uk
bfr-pp.education.gov.uk
plan-your-grant.education.gov.uk
Pr-nndr-scanservice.education.gov.uk
Report-extremism.education.gov.uk
caaradmin.education.gov.uk
onlinecollections-preprod.education.gov.uk
manage-training-for-early-career-teachers.education.gov.uk
www.keytosuccess.education.gov.uk
operations.platform.education.gov.uk
education.gov.uk
oat-api-services-fcs.education.gov.uk
dev-api-customerengagement.platform.education.gov.uk
gg-auth.education.gov.uk
test.docs.platform.education.gov.uk
applyforerasmusgovernmentguarantee.education.gov.uk
pp-ws.lrs.education.gov.uk
ssl809275.cloudflaressl.com
apim-find-epao-api.apprenticeships.education.gov.uk
traineeteacherportal-dv.education.gov.uk
consult.education.gov.uk
api-lrs.education.gov.uk
*.education.gov.uk
*.traineeships.education.gov.uk
dev-api-customerengagement.platform.education.gov.uk
idp.lrs.education.gov.uk
consult.education.gov.uk
schooljobs.education.gov.uk
console.apprenticeships.education.gov.uk
publish-teacher-training-courses.education.gov.uk
findapprenticeshiptraining-api.apprenticeships.education.gov.uk
dms-information-exchange.education.gov.uk
section96.education.gov.uk
apim-ltm-api.apprenticeships.education.gov.uk
publish-teacher-training-courses.education.gov.uk
test-api-customerengagement.platform.education.gov.uk
ilsype.education.gov.uk
doat-web-operations-fcs.education.gov.uk
admin.apprenticeships.education.gov.uk
proxy.signin.education.gov.uk
apim-fun-api.apprenticeships.education.gov.uk
approvals.providers.apprenticeships.education.gov.uk
api-services-fcs.education.gov.uk
teacherservices-pp.education.gov.uk
schoolexperience-staging.education.gov.uk
pp-lrs.education.gov.uk
consult.education.gov.uk
lrspaas-test08-idp.dev.lrs.education.gov.uk
apply-the-service-standard.education.gov.uk
lrs.education.gov.uk
traineeteacherportal.education.gov.uk
idp.lrs.education.gov.uk
idp.lrs.education.gov.uk
consult.education.gov.uk
transfers-api.apprenticeships.education.gov.uk
help.apprenticeships.education.gov.uk
www.ecs2.education.gov.uk
collectdatauat.education.gov.uk
www.keytosuccess.education.gov.uk
cmp-lrs.education.gov.uk
ur1-idp.lrs.education.gov.uk
test.docs.platform.education.gov.uk
nca-pr.education.gov.uk
assessors-api.apprenticeships.education.gov.uk
lrspaas-test01.dev.lrs.education.gov.uk
sni1c3d7gl.wpc.edgecastcdn.net
signin.education.gov.uk
schoolexperience-ta-recruit.education.gov.uk
clauat.education.gov.uk
doat-api-services-fcs.education.gov.uk
adt.apprenticeships.education.gov.uk
dev-api-customerengagement.platform.education.gov.uk
fsm2.education.gov.uk
status.apprenticeships.education.gov.uk
forecasting-api.apprenticeships.education.gov.uk
apply-for-qts-in-england.education.gov.uk
studentbursary.education.gov.uk
*.industryplacementmatching.education.gov.uk
dfe-hradvice.education.gov.uk
teachingjobs.education.gov.uk
education.gov.uk
sfs-dev.dev.funding.education.gov.uk
signin.education.gov.uk
subscriptions.apprenticeships.education.gov.uk
mta-sts.service.education.gov.uk
tasks.apprenticeships.education.gov.uk
pensionsregulator-api.apprenticeships.education.gov.uk
efadatacollections-stg.education.gov.uk
*.dev.lrs.education.gov.uk
help-for-early-years-providers.education.gov.uk
pp-services.signin.education.gov.uk
collectdatauat.education.gov.uk
refdata.apprenticeships.education.gov.uk
proxy.signin.education.gov.uk
ssl809273.cloudflaressl.com
status.apprenticeships.education.gov.uk
api-calculate-funding.education.gov.uk

Certificate

The complete raw certificate details for idp.lrs.education.gov.uk in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGuzCCBaOgAwIBAgIMDUz2+PRh/YZdv8R4MA0GCSqGSIb3DQEBCwUAMFAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1H
bG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yMzEyMDcwMDAwMzBaFw0y
NTAxMDcwMDAwMjlaMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBN
YW5jaGVzdGVyMRMwEQYDVQQHEwpNYW5jaGVzdGVyMSEwHwYDVQQKExhEZXBhcnRt
ZW50IGZvciBFZHVjYXRpb24xITAfBgNVBAMTGGlkcC5scnMuZWR1Y2F0aW9uLmdv
di51azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoefSrvXX+W2Qtt
+oaIzYW9TipW6vhxyEhVSyTAr5eVowlPb0hRU+P22RrBfNsrK+6Iu7T7xwar5udP
b/9kZ+HmIvRByTuiAhwaHNLvaX6fbyvIgKzxQjDuT1lH8TpgDQPfRHZAJ+W9e3bQ
epYvhmVNo8ai4cur1ZjNuvJvgsM8OlOVz8d23s7mxG/BbxwaczgntvxwgLSohsM2
zNyw36qBtSoZVT5xw2gIYsZzmhajltMAqiEdDdr5IzS9nO2M4adu/1vKqCUKSH7Z
Ej4E6mHj5MTj5/n1o6/g3HzpbtHRhyh60icaplihFhRjqBGr/WSMoVMalwLKCcDm
iihEjqkCAwEAAaOCA10wggNZMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAA
MIGOBggrBgEFBQcBAQSBgTB/MEQGCCsGAQUFBzAChjhodHRwOi8vc2VjdXJlLmds
b2JhbHNpZ24uY29tL2NhY2VydC9nc3JzYW92c3NsY2EyMDE4LmNydDA3BggrBgEF
BQcwAYYraHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vZ3Nyc2FvdnNzbGNhMjAx
ODBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUFBwIBFiZodHRwczov
L3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwPwYDVR0f
BDgwNjA0oDKgMIYuaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9nc3JzYW92c3Ns
Y2EyMDE4LmNybDCCAZkGA1UdEQSCAZAwggGMghhpZHAubHJzLmVkdWNhdGlvbi5n
b3YudWuCI2xycy1wcm9kMDEtaWRwLmxycy5lZHVjYXRpb24uZ292LnVrgiNscnMt
cHJvZDAyLWlkcC5scnMuZWR1Y2F0aW9uLmdvdi51a4IjbHJzLXByb2QwMy1pZHAu
bHJzLmVkdWNhdGlvbi5nb3YudWuCI2xycy1wcm9kMDQtaWRwLmxycy5lZHVjYXRp
b24uZ292LnVrgiNscnMtcHJvZDA1LWlkcC5scnMuZWR1Y2F0aW9uLmdvdi51a4Ij
bHJzLXByb2QwNi1pZHAubHJzLmVkdWNhdGlvbi5nb3YudWuCI2xycy1wcm9kMDct
aWRwLmxycy5lZHVjYXRpb24uZ292LnVrgiNscnMtcHJvZDA4LWlkcC5scnMuZWR1
Y2F0aW9uLmdvdi51a4IjbHJzLXByb2QwOS1pZHAubHJzLmVkdWNhdGlvbi5nb3Yu
dWuCI2xycy1wcm9kMTAtaWRwLmxycy5lZHVjYXRpb24uZ292LnVrMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBT473/yzXhnqN5vjySN
iPGHAwKz6zAdBgNVHQ4EFgQUS5CnUKfY5M0/uNbkh9vQi3kcWhAwEwYKKwYBBAHW
eQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAE4O8vgcUIW1tOGxrTWFfGlr
BtJazCHEvh9LtF03b6CPE5SkzeLIxL75xRSjocgG/RkpdHuccMe14XmZEMcIMdv9
nZFA1qYeDeZBUPZEurYKtBgXKL9hwwWAHC3P4pNMAZqMHYINacPLhFQJVoUqMSll
YBHmpWaAtsqmKpRr2q7bMYZ/sA9WaLwleI3FU8w31yMVeneMsUVAWLIwuY5yaxLV
mvr2p0dUxPJTa4BCAIzVvn4gGyYhnnZ+LW5d1/vBJJQ2aQZIUqx7cyXu4effzEMC
WenI+j4uWHN5eXEUrtZ3owbD9dc87Tjx0LrQuSRjlq7DaCV4LQEsBqILOppn474=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqh59Ku9df5bZC236hojN
hb1OKlbq+HHISFVLJMCvl5WjCU9vSFFT4/bZGsF82ysr7oi7tPvHBqvm509v/2Rn
4eYi9EHJO6ICHBoc0u9pfp9vK8iArPFCMO5PWUfxOmANA99EdkAn5b17dtB6li+G
ZU2jxqLhy6vVmM268m+Cwzw6U5XPx3bezubEb8FvHBpzOCe2/HCAtKiGwzbM3LDf
qoG1KhlVPnHDaAhixnOaFqOW0wCqIR0N2vkjNL2c7Yzhp27/W8qoJQpIftkSPgTq
YePkxOPn+fWjr+DcfOlu0dGHKHrSJxqmWKEWFGOoEav9ZIyhUxqXAsoJwOaKKESO
qQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 4116349784525148694926836856
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign RSA OV SSL CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-07 00:00:30 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-07 00:00:29 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Department for Education'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'idp.lrs.education.gov.uk'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21475546499111370674593183668199870309863904420949589029096064695157292879954803029155612838012975397472687931730407257099447089009278952147800026911419824793513489359127073341909834952444709465149063474941797398450532791125604348599756388828937165545801426526236896132377870394014210176397554832705631810268168053891871268461306506887431509629486831264255216742921083239227866195059409116182008930651243985403171108718707583724474135881470226067872140995031504703539866857505394244758248634274235805524579287510462640597160216292035593632561679307106492451010815357157043253588670316682650748985569252608018487742121
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (129 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.globalsign.com/gsrsaovsslca2018'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gsrsaovsslca2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (400 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'idp.lrs.education.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lrs-prod01-idp.lrs.education.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lrs-prod02-idp.lrs.education.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lrs-prod03-idp.lrs.education.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lrs-prod04-idp.lrs.education.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lrs-prod05-idp.lrs.education.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lrs-prod06-idp.lrs.education.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lrs-prod07-idp.lrs.education.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lrs-prod08-idp.lrs.education.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lrs-prod09-idp.lrs.education.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lrs-prod10-idp.lrs.education.gov.uk'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f8ef7ff2cd7867a8de6f8f248d88f1870302b3eb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							4b90a750a7d8e4cd3fb8d6e487dbd08b791c5a10
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004e0ef2f81c5085b5b4e1b1ad35857c696b06d25acc21c4be1f4bb45d376fa08f1394a4cde2c8c4bef9c514a3a1c806fd1929747b9c70c7b5e1799910c70831dbfd9d9140d6a61e0de64150f644bab60ab4181728bf61c305801c2dcfe2934c019a8c1d820d69c3cb84540956852a3129656011e6a56680b6caa62a946bdaaedb31867fb00f5668bc25788dc553cc37d723157a778cb1454058b230b98e726b12d59afaf6a74754c4f2536b8042008cd5be7e201b26219e767e2d6e5dd7fbc124943669064852ac7b7325eee1e7dfcc430259e9c8fa3e2e587379797114aed677a306c3f5d73ced38f1d0bad0b9246396aec36825782d012c06a20b3a9a67e3be