opmh.op-palvelut.fi

- OP Osuuskunta -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number c3:67:42:51:c0:68:70:7f:00:00:00:00:50:ee:a0:60 was issued on by Entrust, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

OP Osuuskunta

Organization: OP Osuuskunta
Locality: Helsinki
Country: FI

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): c3:67:42:51:c0:68:70:7f:00:00:00:00:50:ee:a0:60
Serial Number (int): 259735610870550068546361096864283926624
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 62:da:52:a7:4e:56:e8:79:44:a3:bc:52:dc:47:08:68:07:85:cb:d2
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 7b:28:89:1f:24:ba:53:25:aa:80:eb:9b:c6:e7:60:a2:d9:ce:e8:1e
Fingerprint (sha256): 0a:da:7b:d3:e6:3e:e0:b6:a8:c5:22:e2:64:4d:58:b2:03:4c:b2:46:f1:da:f0:c1:cb:c1:bb:2e:5e:e3:77:a1

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate opmh.op-palvelut.fi

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for opmh.op-palvelut.fi

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

opmh.op-palvelut.fi
www.opmh.op-palvelut.fi

Other certificates including the domain name op-palvelut.fi

(limited to 100 certificates)
opbstpsdlv.op-palvelut.fi
palhavr.aws.op-palvelut.fi
remote.op-palvelut.fi
opla.tuot.op-palvelut.fi
scl.internal.aws.op-palvelut.fi
*.bravo.internal.aws.op-palvelut.fi
aviatrixctrl.internal.aws.op-palvelut.fi
opabacsr4.op-palvelut.fi
palhavr.internal.aws.op-palvelut.fi
*.vhahpral.internal.aws.op-palvelut.fi
verkkomaksu.op.fi
*.devops-coe.aws.op-palvelut.fi
opftp906.op-palvelut.fi
voroa1.op-palvelut.fi
*.aws.tuot.op-palvelut.fi
extlyncfarm.lync.op-palvelut.fi
aviatrixctrl.internal.aws.op-palvelut.fi
splunk.tuot.op-palvelut.fi
ldap-isam.op-palvelut.fi
aviatrixctrl.internal.aws.op-palvelut.fi
*.markets-analytics.internal.aws.op-palvelut.fi
subscriptionmanagement.op-palvelut.fi
opvaasrtcmsr2.op-palvelut.fi
portlet.viu.internal.aws.op-palvelut.fi
intraidp.op-palvelut.fi
*.vhahmyty.internal.aws.op-palvelut.fi
*.prod-qa.ccc.internal.aws.op-palvelut.fi
*.devops-coe.aws.op-palvelut.fi
*.markets-quants.aws.op-palvelut.fi
*.markets-quants.aws.op-palvelut.fi
m-request.op-palvelut.fi
vhplvsmjci.hec.tuot.op-palvelut.fi
verkkomaksu.op.fi
aviatrixctrl.internal.aws.op-palvelut.fi
resys.nl-pint.aws.op-palvelut.fi
aviatrixctrl.internal.aws.op-palvelut.fi
nolio-test.op-palvelut.fi
*.nl-aa-claims.internal.aws.op-palvelut.fi
*.cdc.internal.aws.op-palvelut.fi
*.acs-preprod.internal.aws.op-palvelut.fi
opmh.op-palvelut.fi
m-request.op-palvelut.fi
ext-ydin.op-palvelut.fi
*.datahub.internal.aws.op-palvelut.fi
*.global.kubelb.op-palvelut.fi
opla.tuot.op-palvelut.fi
nolio.op-palvelut.fi
*.ccc.internal.aws.op-palvelut.fi
view21rds.tuot.op-palvelut.fi
psd2-sandbox.aws.op-palvelut.fi
tcsopcloud.tuot.op-palvelut.fi
voroa1.op-palvelut.fi
aviatrixctrl.internal.aws.op-palvelut.fi
nolio-test.op-palvelut.fi
*.datahub.internal.aws.op-palvelut.fi
aviatrixctrl.internal.aws.op-palvelut.fi
aviatrixctrl.internal.aws.op-palvelut.fi
aviatrixctrl.internal.aws.op-palvelut.fi
opsccmcmg.op-palvelut.fi
op8021xnac2.op-palvelut.fi
vhplvws5wd01.hec.tuot.op-palvelut.fi
subscriptionmanagement.op-palvelut.fi
*.sya.internal.aws.op-palvelut.fi
*.markets-quants.internal.aws.op-palvelut.fi
vhplvow2wd01.hec.tuot.op-palvelut.fi
arekps.op-palvelut.fi
geotrust-admin.dk-common.aws.op-palvelut.fi
*.prod.creditengine.internal.aws.op-palvelut.fi
hallinta.op-kulku.fi
*.finanssialy-services.internal.aws.op-palvelut.fi
baw-common.op-palvelut.fi
aviatrixctrl.internal.aws.op-palvelut.fi
www.kontaktiarchive.internal.aws.op-palvelut.fi
ldap-isam.op-palvelut.fi
mapi.internal.aws.op-palvelut.fi
opvirtdesk.op-palvelut.fi
cmg.prod.op-palvelut.fi
*.nl-aa-claims-pre.internal.aws.op-palvelut.fi
*.datahub.internal.aws.op-palvelut.fi
opmb.aws.op-palvelut.fi
*.nl-web-cc-person.internal.aws.op-palvelut.fi
*.prod.nl-web-event-stream.internal.aws.op-palvelut.fi
*.vhahpral.internal.aws.op-palvelut.fi
api-nc.op-kassa.fi
7OGBLPIAMAP.op-palvelut.fi
api.kortteli.aws.op-palvelut.fi
pa-commpool.op-palvelut.fi
*.datahub.internal.aws.op-palvelut.fi
*.sanelmapreprod.internal.aws.op-palvelut.fi
*.sya.internal.aws.op-palvelut.fi
sapfin.hec.tuot.op-palvelut.fi
*.aviatrixctrl.internal.aws.op-palvelut.fi
*.digiaspa.tuot.op-palvelut.fi
*.viu.aws.op-palvelut.fi
*.nl-aa-claims.internal.aws.op-palvelut.fi
ucc.lync.op-palvelut.fi
opsctinsthgsr1.op-palvelut.fi
mobilepilot.op-palvelut.fi
vhplvws2wd01.hec.tuot.op-palvelut.fi
korttelisovellus.op-palvelut.fi

Certificate

The complete raw certificate details for opmh.op-palvelut.fi in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgIRAMNnQlHAaHB/AAAAAFDuoGAwDQYJKoZIhvcNAQELBQAw
gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
MjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs
BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcN
MTkwMzA4MDkxNTA0WhcNMjEwMzA4MDk0NTAzWjBWMQswCQYDVQQGEwJGSTERMA8G
A1UEBxMISGVsc2lua2kxFjAUBgNVBAoTDU9QIE9zdXVza3VudGExHDAaBgNVBAMT
E29wbWgub3AtcGFsdmVsdXQuZmkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCv/i679psqLyjc7xUqnX0T2ECDVw1/iLVDN2CeUpvsEQdKhkDG2T6X3ZMj
g1g9c77cuLkKAaz5UESIBRsrEtYBkX31mDTTqdriPttvjpy5A0ms4XQgnjxhYboZ
UYQUXk968m6rBjID5O4WvBNIbPFWp127/BqrTsw5Qx5SEKEbMLkEKUr8/jeXzdko
NsNVdaUx3+Z8DP7KcWiZMiDeyyM6FPGnY9XK3pz1HohPNQ805e5xl7KEdZBXIk54
x92p5wHaKXLt28Cd/u2iVyJYMUD3+LxglMpUK0SL/geNE+9zaL+KvfjKkengF1r8
G4UFIX9ET/mFpMYTwMN33TEF5ggpAgMBAAGjggG4MIIBtDATBgorBgEEAdZ5AgQD
AQH/BAIFADA3BgNVHREEMDAughNvcG1oLm9wLXBhbHZlbHV0LmZpghd3d3cub3Bt
aC5vcC1wYWx2ZWx1dC5maTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50
cnVzdC5uZXQvbGV2ZWwxay5jcmwwSwYDVR0gBEQwQjA2BgpghkgBhvpsCgEFMCgw
JgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMAgGBmeBDAEC
AjBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1
c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1j
aGFpbjI1Ni5jZXIwHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8wHQYD
VR0OBBYEFGLaUqdOVuh5RKO8UtxHCGgHhcvSMAkGA1UdEwQCMAAwDQYJKoZIhvcN
AQELBQADggEBAMUYBjZxjf5ncH0QP6RV+Fbbd/MmqFb7NpjoxQQLwSLIuNT06ZMa
mKPtlnXdph0G4lEN8yBLwVOtOivzFjkrqBuN3l1UtbjrDPS015ASyPusQmlGwRND
sqblkUBbjGOeqeZ+KBHbt3bFBHTkJYShgje3aWdaHhp4LDKGCoRLazuRj6Dz3ZVv
TYf5hNXIRFzRHxAScfYkfOVKgnFmGRjStZsA/52H3jY5J6KODWz6ensxWFWXgRqZ
s2Jpdsl4/pRRLKzhvOQaKuAKu6lqDWcaFOq4ndw6enujqvYqxL+hHTn7FEMBgVrT
c+9T5m5enSkwo0Ze3dQB4TLMBoxxBmeT7H8=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/4uu/abKi8o3O8VKp19
E9hAg1cNf4i1QzdgnlKb7BEHSoZAxtk+l92TI4NYPXO+3Li5CgGs+VBEiAUbKxLW
AZF99Zg006na4j7bb46cuQNJrOF0IJ48YWG6GVGEFF5PevJuqwYyA+TuFrwTSGzx
Vqddu/waq07MOUMeUhChGzC5BClK/P43l83ZKDbDVXWlMd/mfAz+ynFomTIg3ssj
OhTxp2PVyt6c9R6ITzUPNOXucZeyhHWQVyJOeMfdqecB2ily7dvAnf7tolciWDFA
9/i8YJTKVCtEi/4HjRPvc2i/ir34ypHp4Bda/BuFBSF/RE/5haTGE8DDd90xBeYI
KQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 259735610870550068546361096864283926624
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-03-08 09:15:04 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-03-08 09:45:03 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Helsinki'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'OP Osuuskunta'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'opmh.op-palvelut.fi'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22217045458786542581656743731999760607898305080095137999319561170007058933756124762130507049718873389034031217664497852767468660911583068133165376397160405611034202138878593758599827226722428973452090856097207881684116774234291797815974867643995573080912803738979235800140939663437269683687060867049508554826931465440399322334567269913270296373280021194274606033074329535561636106864031946003882832043723243619152062421367019009527153339709574719183589940357845555505481277189304620630088792088559947582221308903484347498012661971989323503662377647906050949757896797841141668607744693177888150464019581544545128941609
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (48 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'opmh.op-palvelut.fi'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.opmh.op-palvelut.fi'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							62da52a74e56e87944a3bc52dc4708680785cbd2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00c5180636718dfe67707d103fa455f856db77f326a856fb3698e8c5040bc122c8b8d4f4e9931a98a3ed9675dda61d06e2510df3204bc153ad3a2bf316392ba81b8dde5d54b5b8eb0cf4b4d79012c8fbac426946c11343b2a6e591405b8c639ea9e67e2811dbb776c50474e42584a18237b769675a1e1a782c32860a844b6b3b918fa0f3dd956f4d87f984d5c8445cd11f101271f6247ce54a8271661918d2b59b00ff9d87de363927a28e0d6cfa7a7b31585597811a99b3626976c978fe94512cace1bce41a2ae00abba96a0d671a14eab89ddc3a7a7ba3aaf62ac4bfa11d39fb144301815ad373ef53e66e5e9d2930a3465eddd401e132cc068c71066793ec7f