careers.roche.com

- F. Hoffmann-La Roche AG -

Issued by GeoTrust SSL CA - G3

About this certificate

This digital certificate with serial number 72:b0:48:c8:10:03:bc:c7:df:90:92:11:81:d3:22:45 was issued on by GeoTrust Inc..

With 23 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

F. Hoffmann-La Roche AG

Organization: F. Hoffmann-La Roche AG
State / Province: Basel
Locality: Basel
Country: CH

GeoTrust Inc.

Organization: GeoTrust Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 72:b0:48:c8:10:03:bc:c7:df:90:92:11:81:d3:22:45
Serial Number (int): 152447311950662783373304166756400702021
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: d2:6f:f7:96:f4:85:3f:72:3c:30:7d:23:da:85:78:9b:a3:7c:5a:7c

Fingerprint (sha1): ae:eb:f7:e6:e7:a0:d8:69:16:5a:e9:1d:5f:20:a5:90:5d:1f:1e:83
Fingerprint (sha256): 0b:62:42:46:37:39:0f:f8:79:0f:ae:dc:bf:64:f8:2f:35:11:a1:0b:9d:df:30:e0:a2:9f:38:55:d7:b3:3d:0f

Issuing Certificate URL: http://gn.symcb.com/gn.crt

Revocation information

OCSP Server: http://gn.symcd.com
CRL Distribution Point: http://gn.symcb.com/gn.crl

Check the revocation status for certificate careers.roche.com

23

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for careers.roche.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.dialogoroche.com.ar
www.roche-oncology.ch
www.dialogorochecac.com
www.fibrosisquistica.co
www.foundationmedicine.com.sg.fmi.preprod.opengarden.rch.cm
www.infomedics.it
www.msdiseaseactivity.com
www.msdiseaseactivity.co.uk
live.digitalfactory.roche.com
www.dialogoroche.com
www.rochemed.gr
www.dialogoroche.com.mx
www.foundationmedicine.com.sg
www.latamrochepressday.com
www.dialogoroche.com.co
mystudies.roche.com
www.rocheonline.se
www.licht-an-fuer-ms.de
www.rochetudastar.hu
www.dialogoroche.com.br
www.roche.co.uk
www.rocheplus.es
careers.roche.com

Other certificates including the domain name roche.com

(limited to 100 certificates)
involve.roche.com
www.hpv16and18.com
easydrive-uat.roche.com
advancedanalytics.roche.com
main.rhelp.roche.com
api.fido.tst.pdaa.science.roche.com
sni.cloudflaressl.com
magentocloud28.map.fastly.net
rbalvprexd0.bas.roche.com
cieas01.roche.com
harmonytest.de
sequencing.roche.com
esource.roche.com
e-medical.roche.com
esource.roche.com
maps-uat.roche.com
coaguchek.com
rsmsourcing.roche.com
deimos.roche.com
cert2.roche.com
sni.cloudflaressl.com
cdn.appstore.gene.com
shpivee1-01.roche.com
eews-dev.roche.com
myaccess.roche.com
ican.roche.com
sni.cloudflaressl.com
sni.cloudflaressl.com
albecsinternaltest.aws.cloud.roche.com
cert3.roche.com
sni.cloudflaressl.com
sni.cloudflaressl.com
mrdivee2-02.netlab.roche.com
rodip.roche.com
nsrdcongresses.roche.com
rbavxsentry11.bas.roche.com
mobilesolution-dev.roche.com
wamua.roche.com
dialog-62-test.roche.com
identity-hu.login.digitalidentity.roche.com
rocheggcpac.roche.com
san-003.ceros.com
video.hive.roche.com
sni.cloudflaressl.com
rssg.roche.com
usdiagnostics.roche.com
mftemeaext.roche.com
anadisuat01.sc1.roche.com
careers.roche.com
flow.roche.com
cert3.roche.com
sni.cloudflaressl.com
misp.roche.com
cert2.roche.com
careers.roche.com
api.rockwizz.roche.com
bitbucket-nala-qa.roche.com
careers.roche.com
wamdev.roche.com
sonar-dev-old.roche.com
diauxhub.roche.com
careers.roche.com
globalfms.roche.com
rexis-dialog-dev.roche.com
san-003.ceros.com
sc1lvflexq2.sc1.roche.com
easydrive-dev.roche.com
send-tst.roche.com
indigrow.roche.com
careers.roche.com
careers.roche.com
env5-remotedashboard.roche.com
mrd25.me
cert2.roche.com
*.esrv-hub-uat.roche.com
sb.eu.phcaa.science.roche.com
san-003.ceros.com
extaccess-nala.roche.com
magentocloud28.map.fastly.net
go.roche.com
magentocloud32.map.fastly.net
sni.cloudflaressl.com
status.repository.roche.com
itot.roche.com
ssl882748.cloudflaressl.com
sni.cloudflaressl.com
esrv-marketplace-dev.roche.com
careers.roche.com
gispeopledev.roche.com
imcore.roche.com
booster.roche.com
sni.cloudflaressl.com
akamai-san195.exacttarget.com
raumbuch.roche.com
pitas01.roche.com
sni.cloudflaressl.com
c1edb.roche.com
magentocloud45.map.fastly.net
shpivee1-01.roche.com
hpv16and18.com

Certificate

The complete raw certificate details for careers.roche.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIHDCCBwSgAwIBAgIQcrBIyBADvMffkJIRgdMiRTANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTYwNzA0MDAwMDAwWhcNMTcwOTAyMjM1
OTU5WjBrMQswCQYDVQQGEwJDSDEOMAwGA1UECAwFQmFzZWwxDjAMBgNVBAcMBUJh
c2VsMSAwHgYDVQQKDBdGLiBIb2ZmbWFubi1MYSBSb2NoZSBBRzEaMBgGA1UEAwwR
Y2FyZWVycy5yb2NoZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCw0VNz8EdekU2BrTiqJaEnxAzsfDOi04rIyP2RzM+KSsVhQl6kSOG6+REMG5nJ
7K2wNwgsVQnhfvlCbJxMSrjRnUplXkv5FVQavjk7HQaAvuU5FJNADUTZTMxlVH5A
hD90Cs4ENIUI6coNH7H+Q1hziWIWSavxny+P6OjKI2FueYvFgjToh9ijNgrKjJTM
ngmlMjnQmXrCDS+w4ESwBlroDE4uci8WhJ69Odu3QxQBWPwmrwk4KCAjIL0ajFh4
WB12Cuag0ZqaMk0RUmFE47VvaRI36IagF1EdUDW1pAa1zHUWqP1DmmOBtLG7kEqJ
erIPjar4cNlYosDSles8R9G7AgMBAAGjggThMIIE3TCCAlEGA1UdEQSCAkgwggJE
ghd3d3cuZGlhbG9nb3JvY2hlLmNvbS5hcoIVd3d3LnJvY2hlLW9uY29sb2d5LmNo
ghd3d3cuZGlhbG9nb3JvY2hlY2FjLmNvbYIXd3d3LmZpYnJvc2lzcXVpc3RpY2Eu
Y2+CO3d3dy5mb3VuZGF0aW9ubWVkaWNpbmUuY29tLnNnLmZtaS5wcmVwcm9kLm9w
ZW5nYXJkZW4ucmNoLmNtghF3d3cuaW5mb21lZGljcy5pdIIZd3d3Lm1zZGlzZWFz
ZWFjdGl2aXR5LmNvbYIbd3d3Lm1zZGlzZWFzZWFjdGl2aXR5LmNvLnVrgh1saXZl
LmRpZ2l0YWxmYWN0b3J5LnJvY2hlLmNvbYIUd3d3LmRpYWxvZ29yb2NoZS5jb22C
D3d3dy5yb2NoZW1lZC5ncoIXd3d3LmRpYWxvZ29yb2NoZS5jb20ubXiCHXd3dy5m
b3VuZGF0aW9ubWVkaWNpbmUuY29tLnNnghp3d3cubGF0YW1yb2NoZXByZXNzZGF5
LmNvbYIXd3d3LmRpYWxvZ29yb2NoZS5jb20uY2+CE215c3R1ZGllcy5yb2NoZS5j
b22CEnd3dy5yb2NoZW9ubGluZS5zZYIXd3d3LmxpY2h0LWFuLWZ1ZXItbXMuZGWC
FHd3dy5yb2NoZXR1ZGFzdGFyLmh1ghd3d3cuZGlhbG9nb3JvY2hlLmNvbS5icoIP
d3d3LnJvY2hlLmNvLnVrghB3d3cucm9jaGVwbHVzLmVzghFjYXJlZXJzLnJvY2hl
LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDArBgNVHR8EJDAiMCCgHqAc
hhpodHRwOi8vZ24uc3ltY2IuY29tL2duLmNybDCBnQYDVR0gBIGVMIGSMIGPBgZn
gQwBAgIwgYQwPwYIKwYBBQUHAgEWM2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9y
ZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdhbDBBBggrBgEFBQcCAjA1DDNodHRwczov
L3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFNJv95b0hT9y
PDB9I9qFeJujfFp8MFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDov
L2duLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL2duLnN5bWNiLmNvbS9n
bi5jcnQwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQDd6x0reg1PpiCLga2BaHB+
Lo6dAdVciI09EcTNtuy+zAAAAVW3zNRpAAAEAwBGMEQCIBmJAyp2DPxMQbV6IcJi
H2NMpbBCvDigTnhU6t92JC3+AiBtfR3OzVWqy4mzg7j9TYNoDtlVxZ8WHIjMM8V2
hBI1TAB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABVbfM1J4A
AAQDAEcwRQIgNl/DslpmF3a/jdl+Wv/w8GWIQEedK9CxRCKTn10xq18CIQD4xXIJ
r49BZW2+SpDiT78U7GXBQD1XdeMguqBkLfDzhDANBgkqhkiG9w0BAQsFAAOCAQEA
1wuv081X0n+lODROo1CLKWKXgn5a5cENvTMtZm8qF6b9u6k7o3CG1nZqKdjfYkCX
1wXcdCT8MarDqTrROfJLPK2dAheshMIbMlaTUtW6Mf83+Kj0nI0o7QarwTjrU9Bh
trZGy1IZZSIXCBvg+OvCtFVdbX1WkN/V+ILNubGCJU22TnEIZtoXAu8WOClfvlVK
gqh+MhA/DFsHMGuZukxOaIUYOJZBJ281LLTCng7gq/5JlNBsNTCo9g367ChxwTvs
QEsl570jER7shNjSpClBLyE1gUzVldM2xKsp4OmOlozAemYIDB9Wk14z5+9ljOZ4
AFKSKXzHjxz6/XmCqBaxZg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNFTc/BHXpFNga04qiWh
J8QM7HwzotOKyMj9kczPikrFYUJepEjhuvkRDBuZyeytsDcILFUJ4X75QmycTEq4
0Z1KZV5L+RVUGr45Ox0GgL7lORSTQA1E2UzMZVR+QIQ/dArOBDSFCOnKDR+x/kNY
c4liFkmr8Z8vj+joyiNhbnmLxYI06IfYozYKyoyUzJ4JpTI50Jl6wg0vsOBEsAZa
6AxOLnIvFoSevTnbt0MUAVj8Jq8JOCggIyC9GoxYeFgddgrmoNGamjJNEVJhROO1
b2kSN+iGoBdRHVA1taQGtcx1Fqj9Q5pjgbSxu5BKiXqyD42q+HDZWKLA0pXrPEfR
uwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 152447311950662783373304166756400702021
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust SSL CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-07-04 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-09-02 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Basel'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Basel'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'F. Hoffmann-La Roche AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'careers.roche.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22321164165781463296369479756125855386830090933193699159391160712716005567472968961218587232987947888748239963568112137532534562711653823323078182947313567134207870160867303515126592949638335090131751911664612071055072716326474098707781536675877807041514279139664474548412716225002961365634443454143771060294108250271510148813303957450683931242821868976022147122334220004849179364694648140987366079825883517912470860873153395719312984530735124817116146248133668542119177748665311541772284264348541827159334541727191270134391675790211673148208838942569658137359330486936792675508468371880334566429828364984470164984251
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (584 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dialogoroche.com.ar'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche-oncology.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dialogorochecac.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.fibrosisquistica.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.foundationmedicine.com.sg.fmi.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.infomedics.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.msdiseaseactivity.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.msdiseaseactivity.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'live.digitalfactory.roche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dialogoroche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rochemed.gr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dialogoroche.com.mx'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.foundationmedicine.com.sg'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.latamrochepressday.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dialogoroche.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mystudies.roche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rocheonline.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.licht-an-fuer-ms.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rochetudastar.hu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dialogoroche.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rocheplus.es'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'careers.roche.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (149 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d26ff796f4853f723c307d23da85789ba37c5a7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007500ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc00000155b7ccd469000004030046304402201989032a760cfc4c41b57a21c2621f634ca5b042bc38a04e7854eadf76242dfe02206d7d1dcecd55aacb89b383b8fd4d83680ed955c59f161c88cc33c5768412354c007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000155b7ccd49e00000403004730450220365fc3b25a661776bf8dd97e5afff0f0658840479d2bd0b14422939f5d31ab5f022100f8c57209af8f41656dbe4a90e24fbf14ec65c1403d5775e320baa0642df0f384
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00d70bafd3cd57d27fa538344ea3508b296297827e5ae5c10dbd332d666f2a17a6fdbba93ba37086d6766a29d8df624097d705dc7424fc31aac3a93ad139f24b3cad9d0217ac84c21b32569352d5ba31ff37f8a8f49c8d28ed06abc138eb53d061b6b646cb5219652217081be0f8ebc2b4555d6d7d5690dfd5f882cdb9b182254db64e710866da1702ef1638295fbe554a82a87e32103f0c5b07306b99ba4c4e688518389641276f352cb4c29e0ee0abfe4994d06c3530a8f60dfaec2871c13bec404b25e7bd23111eec84d8d2a429412f2135814cd595d336c4ab29e0e98e968cc07a66080c1f56935e33e7ef658ce678005292297cc78f1cfafd7982a816b166