*.aws-origin.xfinity.com

- Comcast Corporation -

Issued by COMODO RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 0f:f8:a2:87:a8:e8:3a:41:00:f7:f5:c8:6e:b8:7a:af was issued on by COMODO CA Limited.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Comcast Corporation

Organization: Comcast Corporation
State / Province: Pennsylvania
Country: US

COMODO CA Limited

Organization: COMODO CA Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): 0f:f8:a2:87:a8:e8:3a:41:00:f7:f5:c8:6e:b8:7a:af
Serial Number (int): 21229406056122333878227654882279062191
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 5f:bd:47:5c:6e:73:3f:5a:f8:7d:24:16:cb:d9:f0:02:ac:4e:bd:58
AuthorityKeyId: 9a:f3:2b:da:cf:ad:4f:b6:2f:bb:2a:48:48:2a:12:b7:1b:42:c1:24

Fingerprint (sha1): a6:db:96:be:37:21:1c:09:92:03:05:7d:90:7b:48:b0:21:ee:27:23
Fingerprint (sha256): 0a:af:eb:e9:ae:34:51:2a:52:e2:b9:7c:a9:e0:5d:ab:0f:53:04:87:d9:ee:df:76:51:0f:5d:ed:42:80:68:b9

Issuing Certificate URL: http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.comodoca.com
CRL Distribution Point: http://crl.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate *.aws-origin.xfinity.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.aws-origin.xfinity.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.aws-origin.xfinity.com

Other certificates including the domain name xfinity.com

(limited to 100 certificates)
cdn-le4.arkadiumhosted.com
dns-test.np.gpe.xfinity.com
*.xfn-ops.xfinity.com
sit2-hop.cybersource.xfinity.com
*.identity.xfinity.com
approval.xfinity.com
payments.xfinity.com
www.xfinity.comcast.net
brand-staging.xfinity.com
imap.email.comcast.net
*.wifi-stage.connected.xfinity.com
*.iotplatform-int.eu.xfinity.com
*.xcp.xfinity.com
research.xfinity.com
wificouponmanager.xfinity.com
emailplus.xfinity.com
edge.cirrus-config.xcr.comcast.net
wifilogin-st.xfinity.com
design.comcast.com
pcat-beta.mobile.xfinity.com
*.xcp-ep-prod.xfinity.com
gamex-staging.np.gpe.xfinity.com
*.agentcoach.xfinity.com
iota-staging.xfinity.com
cms9.xfinity.com
developers.xfinity.com
communitystage.re.xfinity.com
developer.xfinity.com
pcat-alpha.mobile.xfinity.com
bill-pay-staging.maw-pci.xfinity.com
events.biggestfantour.com
api.wcdc.int.xfinity.com
stg-tech360-os-hoa-tdb-4.techtools.xfinity.com
missioncontrol.xfinity.com
research.staging.xfinity.com
movableink.xfinity.com
research.staging.xfinity.com
prod.mdu.xfinity.com
research.staging.xfinity.com
bill-pay-qa.maw-pci.xfinity.com
diagnosticapi-stage.traxion.xfinity.com
upload-qa.cvr.comcast.net
approval.xfinity.com
sit-hop.cybersource.xfinity.com
cdn-le4.arkadiumhosted.com
*.oauthlink.iot-prod.xfinity.com
bill-pay-pre-prod.maw-pci.xfinity.com
mobiletimetoswitch.xfinity.com
gql-dev-py.np.gpe.xfinity.com
cdn-le4.arkadiumhosted.com
stage.ipie.xfinity.com
cdn-le4.arkadiumhosted.com
nextray-preprod.traxion.xfinity.com
staging.cx.xfinity.com
gql-dev-node.np.gpe.xfinity.com
my.xfinity.com
*.spil.xfinity.com
bpm-auth.cac.xfinity.com
lab-controller.msn.comcast.net
research.staging.xfinity.com
xfinity.com
*.wifi-stage.connected.xfinity.com
internet.xfinity.com
san1.yext-cdn.com
pcat-alpha.mobile.xfinity.com
secure07.lithium.com
login-dev.comcast.net
xapi.xfinity.com
hawkeye.traxion.xfinity.com
autodiscover.comcast.net
carriers.xfinity.com
xray-stage.traxion.xfinity.com
*.xchat.xfinity.com
experience.xfinity.com
www.xfinity.com
api.dhtimeline.xfinity.com
es.xfinity.com
answers-autozone.pagescdn.com
import.xfinity.com
www.sc.xfinity.com
core.mqtt.iot-qa.eu.xfinity.com
secure07.lithium.com
client-events-gw.gpe.xfinity.com
www.xfinity.com
events.biggestfantour.com
signal-dev-vid.gslb2.xfinity.com
*.cws.xfinity.com

prod-hop.cybersource.xfinity.com
api.ch2.prd.xfinity.com
livecache-ng-prod.cvr.comcast.net
activatecablecard.xfinity.com
validation.slb.comcast.com
api.pdc.int.xfinity.com
communitytd3.re.xfinity.com
traffic-test.np.gpe.xfinity.com
livecache-stg-cvr.gslb2.xfinity.com
secure05.stage.lithium.com
*.np.sdp.xfinity.com
brand.xfinity.com

Certificate

The complete raw certificate details for *.aws-origin.xfinity.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG5zCCBc+gAwIBAgIQD/iih6joOkEA9/XIbrh6rzANBgkqhkiG9w0BAQsFADCB
ljELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPDA6BgNV
BAMTM0NPTU9ETyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl
cnZlciBDQTAeFw0yMjA4MTUwMDAwMDBaFw0yMzA4MTUyMzU5NTlaMGUxCzAJBgNV
BAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFuaWExHDAaBgNVBAoTE0NvbWNhc3Qg
Q29ycG9yYXRpb24xITAfBgNVBAMMGCouYXdzLW9yaWdpbi54ZmluaXR5LmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANzh4HMd6dMew0icP7qy1ZPU
3lbp+AiVr4W9RYy4cnzCa0pOI0ZOroaO3kPHEnBo3z4cIPoa0cOHOqKOBwkCYdSq
+LlJQTOOd++4VaSsRVV6KlJ6Vd6GgOgIK5NqScFWt9ynkdRGMC4nBRy66PHVIyC5
MK311J6t56SOQxIXO+5IPHVrq6fiJG5XIj5X++vAPH6MlQ+16hJSIuo3NoYnFdBt
GErHx0hh5BSbazdjcZYif4Sm17qtPDE5My7U64huSG5JEArCK5GUqeMSe6veSD2I
QxKdepAf6+QnZvih+zRzJxLa0YLiLjn0qSgfni0VHyJQkA6LemZ/V9YjkW3fkGMC
AwEAAaOCA18wggNbMB8GA1UdIwQYMBaAFJrzK9rPrU+2L7sqSEgqErcbQsEkMB0G
A1UdDgQWBBRfvUdcbnM/Wvh9JBbL2fACrE69WDAOBgNVHQ8BAf8EBAMCBaAwDAYD
VR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSgYDVR0g
BEMwQTA1BgwrBgEEAbIxAQIBAwQwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0
aWdvLmNvbS9DUFMwCAYGZ4EMAQICMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9j
cmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25T
ZWN1cmVTZXJ2ZXJDQS5jcmwwgYsGCCsGAQUFBwEBBH8wfTBVBggrBgEFBQcwAoZJ
aHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBT3JnYW5pemF0aW9uVmFs
aWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29j
c3AuY29tb2RvY2EuY29tMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgCt9776
fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAYKiudI8AAAEAwBHMEUCIFqh
nA4IX7zEeUh1h1N19zzrqSsgz8f9hU5mFE+XiVc5AiEAnyvE8Ag6Afzg0BBlShZq
BzpDXb89kZCtgFhYLpeSdggAdgB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpX
o1LrUgAAAYKiudIYAAAEAwBHMEUCIHDbBA1pqAsY7v96beAmbpuphE0bvHSPIvi0
dRHwYsXxAiEA8kBFFmEam9NujMYvIb0/OTZ59pTrATHeqVzahoTDIIsAdwDoPtDa
PvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAYKiudHXAAAEAwBIMEYCIQCg
93tGQRHtSJf9E6Yk520vYyoiNUprKR8hrn8tjRX2BAIhAJvQYdCQ1rm67nInjtPn
LhkL3GmsnkvnOp3QzfPV+s4HMCMGA1UdEQQcMBqCGCouYXdzLW9yaWdpbi54Zmlu
aXR5LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAHH4eigx79SVsV8a9Q3yHfXQO1MH4
iNcKJDHPt11G1/BxoY4wW93G/i0L5DLDAT6sR8uFqOL2J0PPngUVzOWOSpM1/n8b
UUVFiMLH9XDjU9CIj9QtgB4ZNk0/3w1A6yKl2lwD/tR7NMu2ZgmPfxvsbukGfi2x
bzgTDpaK/PT2faz2gxu8HY4yFr+nKGSCJU/ECT0jv4V1jjTMMoYabacXsx3nJmJc
VbBuKWzk0MeXidPZGJPCr5fXJbuH348Ty8AmxvBXHuJbn2oAUTI4o+WWzjWCOAIw
iVsT5F8p1S0rsQP+nICVdKJPYZOrka8EtT56sJGsDj0hC59NxpI8eD/abQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OHgcx3p0x7DSJw/urLV
k9TeVun4CJWvhb1FjLhyfMJrSk4jRk6uho7eQ8cScGjfPhwg+hrRw4c6oo4HCQJh
1Kr4uUlBM45377hVpKxFVXoqUnpV3oaA6Agrk2pJwVa33KeR1EYwLicFHLro8dUj
ILkwrfXUnq3npI5DEhc77kg8dWurp+IkblciPlf768A8foyVD7XqElIi6jc2hicV
0G0YSsfHSGHkFJtrN2NxliJ/hKbXuq08MTkzLtTriG5IbkkQCsIrkZSp4xJ7q95I
PYhDEp16kB/r5Cdm+KH7NHMnEtrRguIuOfSpKB+eLRUfIlCQDot6Zn9X1iORbd+Q
YwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 21229406056122333878227654882279062191
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'COMODO CA Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'COMODO RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-08-15 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-08-15 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Pennsylvania'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Comcast Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.aws-origin.xfinity.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27883811072522389499737092754527857458141628958220530855932299085654504138115334523189745568300064285267216763694490879489892123003739262664573153271004389416349969031127093689393367150607562058144477679106116282733624108354319570347112537992689678699956215266383633345592911790697758277476882651440102212069586833340180293490324119101516793116465360985733955660599426690877078544070682594789174080671798445291051062864828943073942668779819131982285438191564329093464702585806531416771439870987826116676293433891524559928262196517674777908696295191548433662166193570902728951910347400382404432219749632027535595245667
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9af32bdacfad4fb62fbb2a48482a12b71b42c124
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5fbd475c6e733f5af87d2416cbd9f002ac4ebd58
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (127 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.comodoca.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007600adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a00000182a2b9d23c000004030047304502205aa19c0e085fbcc4794875875375f73ceba92b20cfc7fd854e66144f978957390221009f2bc4f0083a01fce0d010654a166a073a435dbf3d9190ad8058582e979276080076007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb5200000182a2b9d2180000040300473045022070db040d69a80b18eeff7a6de0266e9ba9844d1bbc748f22f8b47511f062c5f1022100f2404516611a9bd36e8cc62f21bd3f393679f694eb0131dea95cda8684c3208b007700e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e00000182a2b9d1d70000040300483046022100a0f77b464111ed4897fd13a624e76d2f632a22354a6b291f21ae7f2d8d15f6040221009bd061d090d6b9baee72278ed3e72e190bdc69ac9e4be73a9dd0cdf3d5face07
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.aws-origin.xfinity.com'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001c7e1e8a0c7bf5256c57c6bd437c877d740ed4c1f888d70a2431cfb75d46d7f071a18e305bddc6fe2d0be432c3013eac47cb85a8e2f62743cf9e0515cce58e4a9335fe7f1b51454588c2c7f570e353d0888fd42d801e19364d3fdf0d40eb22a5da5c03fed47b34cbb666098f7f1bec6ee9067e2db16f38130e968afcf4f67dacf6831bbc1d8e3216bfa7286482254fc4093d23bf85758e34cc32861a6da717b31de726625c55b06e296ce4d0c79789d3d91893c2af97d725bb87df8f13cbc026c6f0571ee25b9f6a00513238a3e596ce3582380230895b13e45f29d52d2bb103fe9c809574a24f6193ab91af04b53e7ab091ac0e3d210b9f4dc6923c783fda6d