sfvdiFrstBdom.statefarm.com

- State Farm Mutual Automobile Insurance Company -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 33:a3:d9:60:a2:73:97:b7:00:00:00:00:50:f7:85:29 was issued on by Entrust, Inc..

With 7 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

State Farm Mutual Automobile Insurance Company

Organization: State Farm Mutual Automobile Insurance Company
State / Province: Illinois
Locality: Bloomington
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 33:a3:d9:60:a2:73:97:b7:00:00:00:00:50:f7:85:29
Serial Number (int): 68641381112035794716809698804848100649
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 3d:8b:47:d6:5f:bf:aa:82:e8:ca:42:3b:48:62:f1:e9:20:cb:2e:30
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 9e:49:e4:c2:ef:44:f4:bd:b7:29:06:fe:04:e5:f2:f4:32:7b:2f:ac
Fingerprint (sha256): 0b:60:9a:1b:b4:88:62:c4:39:ff:5e:60:c4:39:3f:a4:a0:67:1e:33:80:48:a8:b2:99:71:b9:f4:c2:cb:6b:89

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate sfvdiFrstBdom.statefarm.com

7

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for sfvdiFrstBdom.statefarm.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

sfvdiFrstBdom.statefarm.com
sfvdiFrstBdom.tcisp.statefarm.com
sfvdiFrstAdom.tcidv.statefarm.com
sfvdiFrstBodc.statefarm.com
sfvdiFrstAodc.statefarm.com
sfvdiFrstBodc.tcisp.statefarm.com
sfvdiFrstAodc.tcidv.statefarm.com

Other certificates including the domain name statefarm.com

(limited to 100 certificates)
claims-prep.test.statefarm.com
apps-prep.test.statefarm.com
iwh.statefarm.com
forlife.statefarm.com
ex90dev1vin2.statefarm.com
ildap.prod.statefarm.com
cebuatadm.statefarm.com
sflws13p1.tcisp.statefarm.com
securedatamgmt.statefarm.com
eBank.statefarm.com
onlineapps-imaging.statefarm.com
checkout.hub.claims.statefarm.com
quotes.statefarm.com
arsondog.statefarm.com
sfrun.statefarm.com
cebuat.statefarm.com
cebuat.statefarm.com
b2b.statefarm.com
aexp.auto.statefarm.com
www.statefarm.com
services.tcidv.statefarm.com
online2.statefarm.com
edocuments.statefarm.com
www.neighborhoodofgood.statefarm.com
portfolio.statefarm.com
es.statefarm.com
hub.claims.sandbox.statefarm.com
utility-prep.test.statefarm.com
coleschallenge.statefarm.com
iwh.statefarm.com
worlds22.statefarm.com
online3.statefarm.com
communication.statefarm.com
www-prep.test.statefarm.com
banksvc.statefarm.com
cebuat.statefarm.com
checkout.hub.claims.statefarm.com
commercialcard.statefarm.com
roadsideassistance.claims.test.statefarm.com
iwh.statefarm.com
bank.statefarm.com
sflsweb.statefarm.com
auth.statefarm.com
common.statefarm.com
opportunity.statefarm.com
api.claims.sandbox.c1.statefarm
cromsvcs-prep.test.statefarm.com
chat.statefarm.com
cebuat.statefarm.com
e.statefarm.com
base.statefarm.com
banksvc.statefarm.com
common.statefarm.com
fire.statefarm.com
vehicleloan.statefarm.com
developer.statefarm.com
iwh.statefarm.com
communication.statefarm.com
quotes.statefarm.com
b2cwa.tcidv.statefarm.com
photovideocapture.claims.test.statefarm.com
SECCTF.STATEFARM.COM
learningcenter.statefarm.com
assocmgmt-prep.test.statefarm.com
phase0-xx.test.statefarm.com
www.developer.statefarm.com
apps-prep.test.statefarm.com
sfvdiFrstBdom.statefarm.com
sfvdifrstbdom.tcisp.statefarm.com
sfmeet.statefarm.com
online4.tcidv.statefarm.com
banksvc-prep.test.statefarm.com
chat.statefarm.com
developer.statefarm.com
www.tcidv.statefarm.com
statefarm.com
launch-dev.policy-view.test.statefarm.com
sfcmgtest.test.statefarm.com
health-prep.test.statefarm.com
forlife.statefarm.com
checkout.hub.claims.statefarm.com
mft.statefarm.com
rating.statefarm.com
meetus.statefarm.com
franchiseprograms.statefarm.com
qaa-prep.test.statefarm.com
cdnlog.statefarm.com
cromsvcs.statefarm.com
iwh-staging.statefarm.com
mail71.tcisp.statefarm.com
www.statefarm.com
auth.test.statefarm.com
assocmgmt.statefarm.com
dvntservice.test.statefarm.com
findjobs.statefarm.com
becomeanagent.statefarm.com
tcixx.statefarm.com
access.tcidv.statefarm.com
test.statefarm.com
mvp.statefarm.com

Certificate

The complete raw certificate details for sfvdiFrstBdom.statefarm.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIMzCCBxugAwIBAgIQM6PZYKJzl7cAAAAAUPeFKTANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0x
OTA5MjAxMzU5MDVaFw0yMTEyMTkxNDI5MDRaMIGVMQswCQYDVQQGEwJVUzERMA8G
A1UECBMISWxsaW5vaXMxFDASBgNVBAcTC0Jsb29taW5ndG9uMTcwNQYDVQQKEy5T
dGF0ZSBGYXJtIE11dHVhbCBBdXRvbW9iaWxlIEluc3VyYW5jZSBDb21wYW55MSQw
IgYDVQQDExtzZnZkaUZyc3RCZG9tLnN0YXRlZmFybS5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC3p98NGUDl+l2sKcAum5HhEVV8+FTkVN7msINQ
upHLoroB8iDw7i1oUX2AtD9/6ZpToK3rcCRdvq6TlJ2GiKkh+ZpTAVa9a9YuaEqT
CeXdAnrXsckN1PlDJ6bCTQ3+JcuXHReT6qv3vu23BVwUXxAOa3SrWCv3rPT4vuO/
EPB/6bhbmvVvCbGibkt8z1pF/7qFEszsIZavN77Qd4A5qvzGK137Dg8ZSnbdsUpa
DA8POYWgAiQBJLbGEt7wSAKPz/tlRRNCHh9DBozVXqxTsYTcDIwHdnYsiyMwAvne
xUtg1Ckc+tm8NMbMbgOoK92mTAbP0cD70B3nskT2dzi9EgulAgMBAAGjggRWMIIE
UjCB7gYDVR0RBIHmMIHjghtzZnZkaUZyc3RCZG9tLnN0YXRlZmFybS5jb22CIXNm
dmRpRnJzdEJkb20udGNpc3Auc3RhdGVmYXJtLmNvbYIhc2Z2ZGlGcnN0QWRvbS50
Y2lkdi5zdGF0ZWZhcm0uY29tghtzZnZkaUZyc3RCb2RjLnN0YXRlZmFybS5jb22C
G3NmdmRpRnJzdEFvZGMuc3RhdGVmYXJtLmNvbYIhc2Z2ZGlGcnN0Qm9kYy50Y2lz
cC5zdGF0ZWZhcm0uY29tgiFzZnZkaUZyc3RBb2RjLnRjaWR2LnN0YXRlZmFybS5j
b20wggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB1AESUZS6w7s6vxEAH2Kj+KMDa
5oK+2MsxtT/TM5a1toGoAAABbU8TlDgAAAQDAEYwRAIgKhIART5euDH51vT3pVSg
1opZAq5gyV99n1/wiv3O+VUCIBE9znub5KAZA3t38EQxbCRpLHr/iSG7478FfItJ
EsCoAHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFtTxOUbwAA
BAMARzBFAiEAqpbIIaTysLQ81r9GLPMDyNWyODlRF6bMnzo58h6AqhwCIGcVbxtW
gkck0yGd4wJQTP4EOijbEU6qnYMAGp7th0X8AHcAVhQGmi/XwuzT9eG9RLI+x0Z2
ubyZEVzA75SYVdaJ0N0AAAFtTxOUhgAABAMASDBGAiEAvAbqQI7if15hTVwi1zU9
R9/5kFowhxkxE/2iy5b/R5ACIQDuD7A37qrXxNuZqQYivVXhqSwdtOhREybkskAN
ThLvTgB3ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABbU8TlHYA
AAQDAEgwRgIhAP/8RATEu6uaaxOgO9reMERfDrFr05PZ8VOnW60H3kLFAiEA2hur
A7+fINAW9JM9s+/HRU/oF04Syw0QKGa0etBhAEcwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJo
dHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYK
YIZIAYb6bAoBBTAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0
L3JwYTAIBgZngQwBAgIwaAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRw
Oi8vb2NzcC5lbnRydXN0Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRy
dXN0Lm5ldC9sMWstY2hhaW4yNTYuY2VyMB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU
981/p2DGCky/MB0GA1UdDgQWBBQ9i0fWX7+qgujKQjtIYvHpIMsuMDAJBgNVHRME
AjAAMA0GCSqGSIb3DQEBCwUAA4IBAQA4tQnV85/nzHkZmltNG18BpiEYX8MKTgJS
3ts6lK9ybH7TKCPqXS2g1j8/aDyGBuFsgwvU0Irb+8vHRBdp3ICJMaw9lXFlLy0P
zVZWJP2EGt7Lg4m3EzsbCStO+mUZI8H6cvftLkhzpno/J4zG6tLhG20IdsTwzquX
jGxq8PVDFPYONYj6s13/u+399wEImNROEW0AOA2NklwCn8XOClSRFFL9am7bCVhB
h2LeEqR2OSbkIfuknJbU38QQS101GJ3HaJ1aq2StM6EAfJM7ysAnwc93D1/OAYgs
8q9wjs71UFdyHtKVROp7AkJqj6+lH0c1IyLBfhaZu0WIMsDSXI+Q
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6ffDRlA5fpdrCnALpuR
4RFVfPhU5FTe5rCDULqRy6K6AfIg8O4taFF9gLQ/f+maU6Ct63AkXb6uk5Sdhoip
IfmaUwFWvWvWLmhKkwnl3QJ617HJDdT5Qyemwk0N/iXLlx0Xk+qr977ttwVcFF8Q
Dmt0q1gr96z0+L7jvxDwf+m4W5r1bwmxom5LfM9aRf+6hRLM7CGWrze+0HeAOar8
xitd+w4PGUp23bFKWgwPDzmFoAIkASS2xhLe8EgCj8/7ZUUTQh4fQwaM1V6sU7GE
3AyMB3Z2LIsjMAL53sVLYNQpHPrZvDTGzG4DqCvdpkwGz9HA+9Ad57JE9nc4vRIL
pQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 68641381112035794716809698804848100649
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-09-20 13:59:05 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-12-19 14:29:04 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illinois'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bloomington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'State Farm Mutual Automobile Insurance Company'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'sfvdiFrstBdom.statefarm.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23184390228941006096101282209376021360782829310586752690117521190339649541530613032494228192689262960752160262580385671810237945895480272279798763730801666940614396447140430578404737329958366567357239500870161601837138839695845673638552841411807055353959847437123757105876802628273897415925579004771688108106315842493817412112475319555308086848013598992099902482553807752919780533161603221664177108081695597034879907021679602321188464592268833289314521082721415040366801543967367834906383568448517831743207391142061345979475565931843510398506878883384232638657235196034349738432526991634183996276812167142556640086949
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (230 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sfvdiFrstBdom.statefarm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sfvdiFrstBdom.tcisp.statefarm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sfvdiFrstAdom.tcidv.statefarm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sfvdiFrstBodc.statefarm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sfvdiFrstAodc.statefarm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sfvdiFrstBodc.tcisp.statefarm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sfvdiFrstAodc.tcidv.statefarm.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (487 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (483 bytes)
							01e10075004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000016d4f139438000004030046304402202a1200453e5eb831f9d6f4f7a554a0d68a5902ae60c95f7d9f5ff08afdcef9550220113dce7b9be4a019037b77f044316c24692c7aff8921bbe3bf057c8b4912c0a80076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000016d4f13946f0000040300473045022100aa96c821a4f2b0b43cd6bf462cf303c8d5b238395117a6cc9f3a39f21e80aa1c022067156f1b56824724d3219de302504cfe043a28db114eaa9d83001a9eed8745fc0077005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000016d4f1394860000040300483046022100bc06ea408ee27f5e614d5c22d7353d47dff9905a3087193113fda2cb96ff4790022100ee0fb037eeaad7c4db99a90622bd55e1a92c1db4e8511326e4b2400d4e12ef4e007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016d4f1394760000040300483046022100fffc4404c4bbab9a6b13a03bdade30445f0eb16bd393d9f153a75bad07de42c5022100da1bab03bf9f20d016f4933db3efc7454fe8174e12cb0d102866b47ad0610047
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3d8b47d65fbfaa82e8ca423b4862f1e920cb2e30
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0038b509d5f39fe7cc79199a5b4d1b5f01a621185fc30a4e0252dedb3a94af726c7ed32823ea5d2da0d63f3f683c8606e16c830bd4d08adbfbcbc7441769dc808931ac3d9571652f2d0fcd565624fd841adecb8389b7133b1b092b4efa651923c1fa72f7ed2e4873a67a3f278cc6ead2e11b6d0876c4f0ceab978c6c6af0f54314f60e3588fab35dffbbedfdf7010898d44e116d00380d8d925c029fc5ce0a54911452fd6a6edb0958418762de12a4763926e421fba49c96d4dfc4104b5d35189dc7689d5aab64ad33a1007c933bcac027c1cf770f5fce01882cf2af708ecef55057721ed29544ea7b02426a8fafa51f47352322c17e1699bb458832c0d25c8f90