iccspprod-api.iata.org

- International Air Transport Association -

Issued by Thawte RSA CA 2018

About this certificate

This digital certificate with serial number 08:63:9f:a3:a0:19:42:d1:9e:b5:d3:33:76:6e:2d:b7 was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

International Air Transport Association

Organization: International Air Transport Association
State / Province: Quebec
Locality: Montreal
Country: CA

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 08:63:9f:a3:a0:19:42:d1:9e:b5:d3:33:76:6e:2d:b7
Serial Number (int): 11151099222139885619038647553427910071
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: d1:10:df:1f:4b:79:aa:9a:89:b7:e1:5a:5c:ca:c7:30:05:4c:0c:84
AuthorityKeyId: a3:c8:5e:65:54:e5:30:78:c1:05:ea:07:0a:6a:59:cc:b9:fe:de:5a

Fingerprint (sha1): 8d:d6:1f:0a:81:c1:15:4a:3d:19:29:3d:96:84:44:2a:2a:32:c6:30
Fingerprint (sha256): 0b:27:62:1d:35:76:f3:4c:b4:63:7c:d6:45:8e:6e:5a:5b:e5:d2:61:76:5e:fd:3c:66:99:b4:61:46:c4:0d:e8

Issuing Certificate URL: http://cacerts.thawte.com/ThawteRSACA2018.crt

Revocation information

OCSP Server: http://status.thawte.com
CRL Distribution Point: http://cdp.thawte.com/ThawteRSACA2018.crl

Check the revocation status for certificate iccspprod-api.iata.org

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for iccspprod-api.iata.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

iccspprod-api.iata.org
iccspprod.iata.org

Other certificates including the domain name iata.org

(limited to 100 certificates)
sni.cloudflaressl.com
guides.developer.iata.org
sni.cloudflaressl.com
merchantstatus.paysafecard.com
pass-test.iata.org
sni.cloudflaressl.com
sni.cloudflaressl.com
www.highq.com
sni.cloudflaressl.com
www.highq.com
*.developer.iata.org
iccsdevqa-int.iata.org
*.cargois.iata.org
dgautocheck.iata.org
5709436928655360-fe2.pantheonsite.io
sni.cloudflaressl.com
ezdiharstatus.mambu.com
standards.iata.org
bo.digitalcredentials.iata.org
sni26824.cloudflaressl.com
sni.cloudflaressl.com
*.cargois.iata.org
ezdiharstatus.mambu.com
merchantstatus.paysafecard.com
ras2.iata.org
sni.cloudflaressl.com
sni.cloudflaressl.com
iris.iata.org
ifg.iata.org
ttbs.iata.org
sfb-access-la.iata.org
nextt.iata.org
ras4.iata.org
merchantstatus.paysafecard.com
ras3.iata.org
theplanner.co.uk
5709436928655360-fe2.pantheonsite.io
airlines.iata.org
casslink-test.iata.org
5709436928655360-fe2.pantheonsite.io
www.highq.com
pubdownload.iata.org
sni.cloudflaressl.com
ras2.iata.org
www.planestories.iata.org
standards.iata.org
5709436928655360-fe2.pantheonsite.io
theplanner.co.uk
prod.2.slot.cdn.salesforce-communities.com
sni26824.cloudflaressl.com
ssl826589.cloudflaressl.com
www.highq.com
isftp.iata.org
casslink-imp-test.iata.org
sso.iata.org
iccspprod-api.iata.org
5709436928655360-fe2.pantheonsite.io
iata-pay.iata.org
dev-dgautocheck-admin.iata.org
backoffice.digitalcredentials.iata.org
irisqabiz.iata.org
www.highq.com
sni.cloudflaressl.com
sni.cloudflaressl.com
www.highq.com
o365.iata.org
sni.cloudflaressl.com
iccsqa-dsig.iata.org
merchantstatus.paysafecard.com
extranet.iata.org
sni.cloudflaressl.com
sfb-access-ny.iata.org
5709436928655360-fe2.pantheonsite.io
zrh-ss.iata.org
www.highq.com
marketis.iata.org
iccsqa-api.iata.org
devsso.iata.org
elearning.iata.org
webstarmobile.iata.org
www.highq.com
www.highq.com
qa-dgautocheck.iata.org
iccsqa-xenc.iata.org
merchantstatus.paysafecard.com
sni.cloudflaressl.com
t4.staging.timatic.iata.org
*.spapps.iata.org
sni.cloudflaressl.com
airlines.iata.org
easypay1-qa.iata.org
ssl919904.cloudflaressl.com
sni.cloudflaressl.com
sni26824.cloudflaressl.com
5709436928655360-fe2.pantheonsite.io
isweb.iata.org
sni.cloudflaressl.com
merchantstatus.paysafecard.com
demoacmg.iata.org
sni26824.cloudflaressl.com

Certificate

The complete raw certificate details for iccspprod-api.iata.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGkjCCBXqgAwIBAgIQCGOfo6AZQtGetdMzdm4ttzANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcN
MjIwNjA5MDAwMDAwWhcNMjMwNjE1MjM1OTU5WjCBhDELMAkGA1UEBhMCQ0ExDzAN
BgNVBAgTBlF1ZWJlYzERMA8GA1UEBxMITW9udHJlYWwxMDAuBgNVBAoTJ0ludGVy
bmF0aW9uYWwgQWlyIFRyYW5zcG9ydCBBc3NvY2lhdGlvbjEfMB0GA1UEAxMWaWNj
c3Bwcm9kLWFwaS5pYXRhLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO2Gc+ZqtsxsqBdXNh/8YK552Bwv5AgTslLanBuCtIthhs70dF64CCEEUFlj
WVo1cAQluZ1Gce26yHDGdDl3Zhfe6LbuCGXMqVNUQs/oBUb+yeM6tjZ4GlbS1rpm
lVIXNv+A24Cybgvh8sXV6l6ZUYK/2JUbl/VVikZPaYO/gkuKeCpRE5Sek3bpB9cf
e3NNNU04Adbnp6YJuv7SBsUHSF5sfclyhFRoezpKu9PpoYmY6W+CirZ5cGdEo0mc
h01wbqeaE3W6EzrTHmzZmfsV6nCrPQhGcIv+LfLZ0l+YOFSfPRW9gOpEOqKnxhvA
FXHhI2+Vw9aXVp3XTGoFeCx2e80CAwEAAaOCAyUwggMhMB8GA1UdIwQYMBaAFKPI
XmVU5TB4wQXqBwpqWcy5/t5aMB0GA1UdDgQWBBTREN8fS3mqmom34VpcyscwBUwM
hDA1BgNVHREELjAsghZpY2NzcHByb2QtYXBpLmlhdGEub3JnghJpY2NzcHByb2Qu
aWF0YS5vcmcwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY2RwLnRoYXd0ZS5jb20v
VGhhd3RlUlNBQ0EyMDE4LmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsG
AQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwbwYIKwYBBQUHAQEE
YzBhMCQGCCsGAQUFBzABhhhodHRwOi8vc3RhdHVzLnRoYXd0ZS5jb20wOQYIKwYB
BQUHMAKGLWh0dHA6Ly9jYWNlcnRzLnRoYXd0ZS5jb20vVGhhd3RlUlNBQ0EyMDE4
LmNydDAJBgNVHRMEAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgDoPtDa
PvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAYFKI4jDAAAEAwBHMEUCIQCT
5s3wcEJBHvV2HU5RaS026T91foybWspGoZKf8rv/awIgaMUMU2opbpzm0JZKOFMl
LiLIj8PGAJSSMGCAnSm89YsAdwA1zxkbv7FsV78PrUxtQsu7ticgJlHqP+Eq76gD
wzvWTAAAAYFKI4g6AAAEAwBIMEYCIQChaZh3ftoY0p5VEYzf8zyT3afgDz/AIIIm
j4xhqraGiAIhAPoGhUO67U4N1oyamxpLRoXmDk4R7DdaPX2tbIwdYEXqAHYAs3N3
B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGBSiOIbwAABAMARzBFAiEA
yrBeWXrZ5QKG5z3iViUmwEbl+2q1Y1fSjI6/l7OdIBACIH/AZo6bJ/Pb0L0yK/mI
ttjWBLKYGy2MNXjcLpp1QxlyMA0GCSqGSIb3DQEBCwUAA4IBAQAURFAIQGuc4FrQ
O63q0xJvOzx5mYhYrC39VJZ6g53mwM+YzRvaHmGgxb0UTRXoCtjlHj88sODtdpa3
FEA48QkgiGP87LqR54TXZoUJQG6ji7l7/hm0hDU+4Diz9ng2BQ6aRoVhF+T9Xrqo
CrIgy1fKL7ueDkAtCN4p8CpBbe5b35sR1EeVKynflumhkJynloLthyONvZldLs01
w+yqGrWGcaTF5q+sC7nTART08zLMk+OdjbJ3eDR3F1TdbKn22502KMQjCGGt7i4+
mnq2uJEi9f1tPlXbxsX6C6toCMp71rPYigf7asLdmIqAY0Wzj9JkVZX1vUDGvRl3
+ujC2q3L
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7YZz5mq2zGyoF1c2H/xg
rnnYHC/kCBOyUtqcG4K0i2GGzvR0XrgIIQRQWWNZWjVwBCW5nUZx7brIcMZ0OXdm
F97otu4IZcypU1RCz+gFRv7J4zq2NngaVtLWumaVUhc2/4DbgLJuC+HyxdXqXplR
gr/YlRuX9VWKRk9pg7+CS4p4KlETlJ6TdukH1x97c001TTgB1uenpgm6/tIGxQdI
Xmx9yXKEVGh7Okq70+mhiZjpb4KKtnlwZ0SjSZyHTXBup5oTdboTOtMebNmZ+xXq
cKs9CEZwi/4t8tnSX5g4VJ89Fb2A6kQ6oqfGG8AVceEjb5XD1pdWnddMagV4LHZ7
zQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 11151099222139885619038647553427910071
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-06-09 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-06-15 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Quebec'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Montreal'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'International Air Transport Association'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'iccspprod-api.iata.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29984779391479379282426511320657496055839658924564948089294222385908954636311477696329786001269186319141403999771593245618818154101291870557994350144043154836293287630880372237783774397477910431679540860364050005948651933123966879978097962973210284273414661297937467770306482279847883321898467874324433187429392679096799981287310301713932880285011565940677473349902764138188895987529995272129082399655046836114360690360596488428268468907187345531823743547607910565628732674896576438109618151574830977307600777127468058322288761637400247259560839927202832357349714538407048059096166182906711672936807020767833578961869
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a3c85e6554e53078c105ea070a6a59ccb9fede5a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d110df1f4b79aa9a89b7e15a5ccac730054c0c84
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (46 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iccspprod-api.iata.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iccspprod.iata.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (51 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007600e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e000001814a2388c3000004030047304502210093e6cdf07042411ef5761d4e51692d36e93f757e8c9b5aca46a1929ff2bbff6b022068c50c536a296e9ce6d0964a3853252e22c88fc3c60094923060809d29bcf58b00770035cf191bbfb16c57bf0fad4c6d42cbbbb627202651ea3fe12aefa803c33bd64c000001814a23883a0000040300483046022100a16998777eda18d29e55118cdff33c93dda7e00f3fc02082268f8c61aab68688022100fa068543baed4e0dd68c9a9b1a4b4685e60e4e11ec375a3d7dad6c8c1d6045ea007600b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a000001814a23886f0000040300473045022100cab05e597ad9e50286e73de2562526c046e5fb6ab56357d28c8ebf97b39d201002207fc0668e9b27f3dbd0bd322bf988b6d8d604b2981b2d8c3578dc2e9a75431972
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0014445008406b9ce05ad03badead3126f3b3c79998858ac2dfd54967a839de6c0cf98cd1bda1e61a0c5bd144d15e80ad8e51e3f3cb0e0ed7696b7144038f109208863fcecba91e784d7668509406ea38bb97bfe19b484353ee038b3f67836050e9a46856117e4fd5ebaa80ab220cb57ca2fbb9e0e402d08de29f02a416dee5bdf9b11d447952b29df96e9a1909ca79682ed87238dbd995d2ecd35c3ecaa1ab58671a4c5e6afac0bb9d30114f4f332cc93e39d8db2777834771754dd6ca9f6db9d3628c4230861adee2e3e9a7ab6b89122f5fd6d3e55dbc6c5fa0bab6808ca7bd6b3d88a07fb6ac2dd988a806345b38fd2645595f5bd40c6bd1977fae8c2daadcb