ur1-idp.lrs.education.gov.uk

- Education & Skills Funding Agency -

Issued by GlobalSign Organization Validation CA - SHA256 - G2

About this certificate

This digital certificate with serial number 71:70:ff:e4:60:5b:1a:79:7b:75:1f:e4 was issued on by GlobalSign nv-sa.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Education & Skills Funding Agency

Organization: Education & Skills Funding Agency
Organization unit: IM Services
State / Province: West Midlands
Locality: Coventry
Country: GB

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 71:70:ff:e4:60:5b:1a:79:7b:75:1f:e4
Serial Number (int): 35108414217862784158361001956
Serial Number lenght: 95 bits, 12 octets

SubjectKeyId: 2f:2c:83:95:8a:38:17:af:fb:a5:eb:eb:5e:0b:0d:33:ce:5a:bc:82
AuthorityKeyId: 96:de:61:f1:bd:1c:16:29:53:1c:c0:cc:7d:3b:83:00:40:e6:1a:7c

Fingerprint (sha1): f1:09:be:e3:08:2c:dc:26:8d:d0:76:06:2a:23:df:01:20:c6:46:7d
Fingerprint (sha256): 0b:7b:41:95:04:3b:0b:12:75:95:52:cd:d6:91:d3:2e:10:c0:9c:61:8c:35:ba:4e:60:b7:e4:ce:89:ea:18:ba

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt

Revocation information

OCSP Server: http://ocsp2.globalsign.com/gsorganizationvalsha2g2
CRL Distribution Point: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

Check the revocation status for certificate ur1-idp.lrs.education.gov.uk

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ur1-idp.lrs.education.gov.uk

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ur1-idp.lrs.education.gov.uk

Other certificates including the domain name education.gov.uk

(limited to 100 certificates)
ilsype.education.gov.uk
complete.education.gov.uk
fsm.education.gov.uk
cipdev.docs.platform.education.gov.uk
plan-your-grant.education.gov.uk
Pr-nndr-scanservice.education.gov.uk
Report-extremism.education.gov.uk
onlinecollections-preprod.education.gov.uk
manage-training-for-early-career-teachers.education.gov.uk
www.keytosuccess.education.gov.uk
operations.platform.education.gov.uk
education.gov.uk
oat-api-services-fcs.education.gov.uk
test.docs.platform.education.gov.uk
applyforerasmusgovernmentguarantee.education.gov.uk
pp-ws.lrs.education.gov.uk
ssl809275.cloudflaressl.com
traineeteacherportal-dv.education.gov.uk
consult.education.gov.uk
api-lrs.education.gov.uk
*.education.gov.uk
*.traineeships.education.gov.uk
idp.lrs.education.gov.uk
consult.education.gov.uk
schooljobs.education.gov.uk
publish-teacher-training-courses.education.gov.uk
findapprenticeshiptraining-api.apprenticeships.education.gov.uk
dms-information-exchange.education.gov.uk
section96.education.gov.uk
apim-ltm-api.apprenticeships.education.gov.uk
publish-teacher-training-courses.education.gov.uk
test-api-customerengagement.platform.education.gov.uk
ilsype.education.gov.uk
doat-web-operations-fcs.education.gov.uk
admin.apprenticeships.education.gov.uk
proxy.signin.education.gov.uk
approvals.providers.apprenticeships.education.gov.uk
api-services-fcs.education.gov.uk
teacherservices-pp.education.gov.uk
schoolexperience-staging.education.gov.uk
pp-lrs.education.gov.uk
consult.education.gov.uk
lrspaas-test08-idp.dev.lrs.education.gov.uk
apply-the-service-standard.education.gov.uk
lrs.education.gov.uk
traineeteacherportal.education.gov.uk
idp.lrs.education.gov.uk
consult.education.gov.uk
transfers-api.apprenticeships.education.gov.uk
help.apprenticeships.education.gov.uk
www.ecs2.education.gov.uk
collectdatauat.education.gov.uk
www.keytosuccess.education.gov.uk
cmp-lrs.education.gov.uk
ur1-idp.lrs.education.gov.uk
test.docs.platform.education.gov.uk
nca-pr.education.gov.uk
lrspaas-test01.dev.lrs.education.gov.uk
sni1c3d7gl.wpc.edgecastcdn.net
signin.education.gov.uk
schoolexperience-ta-recruit.education.gov.uk
clauat.education.gov.uk
doat-api-services-fcs.education.gov.uk
dev-api-customerengagement.platform.education.gov.uk
fsm2.education.gov.uk
status.apprenticeships.education.gov.uk
apply-for-qts-in-england.education.gov.uk
studentbursary.education.gov.uk
*.industryplacementmatching.education.gov.uk
dfe-hradvice.education.gov.uk
teachingjobs.education.gov.uk
education.gov.uk
sfs-dev.dev.funding.education.gov.uk
signin.education.gov.uk
subscriptions.apprenticeships.education.gov.uk
mta-sts.service.education.gov.uk
tasks.apprenticeships.education.gov.uk
pensionsregulator-api.apprenticeships.education.gov.uk
efadatacollections-stg.education.gov.uk
*.dev.lrs.education.gov.uk
help-for-early-years-providers.education.gov.uk
collectdatauat.education.gov.uk
refdata.apprenticeships.education.gov.uk
proxy.signin.education.gov.uk
ssl809273.cloudflaressl.com
status.apprenticeships.education.gov.uk
api-calculate-funding.education.gov.uk
www.primaryassessmentgateway.education.gov.uk
www.onetoonetuitiondata.education.gov.uk
dataprovision.education.gov.uk
mailshe.education.gov.uk
consult.education.gov.uk
ilsype.education.gov.uk
dev-search.apprenticeships.education.gov.uk
notifications.apprenticeships.education.gov.uk
apim-apprv-api.apprenticeships.education.gov.uk
cla.education.gov.uk
receptionbaselinetao.education.gov.uk
login.apprenticeships.education.gov.uk
efa-information-exchange.education.gov.uk

Certificate

The complete raw certificate details for ur1-idp.lrs.education.gov.uk in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgIMcXD/5GBbGnl7dR/kMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTgwNTEwMTQ0NjA0WhcNMjAwNTEwMTQ0NjA0WjCBoTELMAkGA1UEBhMC
R0IxFjAUBgNVBAgTDVdlc3QgTWlkbGFuZHMxETAPBgNVBAcTCENvdmVudHJ5MRQw
EgYDVQQLEwtJTSBTZXJ2aWNlczEqMCgGA1UECgwhRWR1Y2F0aW9uICYgU2tpbGxz
IEZ1bmRpbmcgQWdlbmN5MSUwIwYDVQQDExx1cjEtaWRwLmxycy5lZHVjYXRpb24u
Z292LnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljpPGaDPMJ1T
J04hggNnTaWxFQjTSnKOm+JB5Q1mFBKTymPPqR5K5xxM0WtLA1OCL2dkClt7N0rd
F6jdPEA29aaWbg/bwi+ecptQ6guV7CZXuuwwMG67mK2ch/kqTEMLXVgu8y/a6ak1
v88pIfPTun9eX3WrvlBUDnHB0Eo41ziR4EaEAkzjAWmmViL21A7RZ+oxlmIQ+biO
tk7PvFqKxBTVSHJb3Q06XiFk9j1ATSj7PvuppPQhlrjShBrdjdW5uYZu83RM/hLo
NY5yaeNPXpM4OmM7YSpH6kReyfqUMaKo6hLIXZv8J/PBDEBg0YeyEZnCsGxa/Ol4
Aq+NLw2bYQIDAQABo4ICAjCCAf4wDgYDVR0PAQH/BAQDAgWgMIGgBggrBgEFBQcB
AQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNv
bS9jYWNlcnQvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQwPwYIKwYBBQUH
MAGGM2h0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc29yZ2FuaXphdGlvbnZh
bHNoYTJnMjBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUFBwIBFiZo
dHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgIw
CQYDVR0TBAIwADBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmdsb2JhbHNp
Z24uY29tL2dzL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyLmNybDAnBgNVHREEIDAe
ghx1cjEtaWRwLmxycy5lZHVjYXRpb24uZ292LnVrMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQULyyDlYo4F6/7pevrXgsNM85avIIwHwYD
VR0jBBgwFoAUlt5h8b0cFilTHMDMfTuDAEDmGnwwEwYKKwYBBAHWeQIEAwEB/wQC
BQAwDQYJKoZIhvcNAQELBQADggEBAJy5aMjjDa4cr/iwnBfev3CHmnM5t1G3RExy
W+1eQJ0IAC32+yyEkNULPsUKKCirifPv8U1hyLK+OBRQicQWTj8UZnIuMGAHugI1
rIh/xTzbIN/TQAD/4uxhCeHwP7yiWW2kt0UcccalgsaKHiwSC3UArhfbnRV2KnTx
cxW0z0AO1UN903WL7cY8s6EtJlkrVCADD+K/sfvfJWtWNwJQxGQA0VxdA33oD6ic
51P3D1uGF78Xqov6n828wxsOIdReFE5FoythuBlq8wnxeSapuX8dFXMNvYXLYxfc
sOZt40EDXp3nmgWpX2nltTyRnoxnRicX16C2tguOqkNm1NDNfA8=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljpPGaDPMJ1TJ04hggNn
TaWxFQjTSnKOm+JB5Q1mFBKTymPPqR5K5xxM0WtLA1OCL2dkClt7N0rdF6jdPEA2
9aaWbg/bwi+ecptQ6guV7CZXuuwwMG67mK2ch/kqTEMLXVgu8y/a6ak1v88pIfPT
un9eX3WrvlBUDnHB0Eo41ziR4EaEAkzjAWmmViL21A7RZ+oxlmIQ+biOtk7PvFqK
xBTVSHJb3Q06XiFk9j1ATSj7PvuppPQhlrjShBrdjdW5uYZu83RM/hLoNY5yaeNP
XpM4OmM7YSpH6kReyfqUMaKo6hLIXZv8J/PBDEBg0YeyEZnCsGxa/Ol4Aq+NLw2b
YQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 35108414217862784158361001956
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign Organization Validation CA - SHA256 - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-05-10 14:46:04 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-05-10 14:46:04 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'West Midlands'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Coventry'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IM Services'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Education & Skills Funding Agency'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ur1-idp.lrs.education.gov.uk'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 18964498976963630233053302246430155529368737174383956040741000241925026343413446688864304492189673868379964118946941336466474862364102277403471103713676090757503137209156445607665674434091890981120340807781328500063910153345220074931805059936828511827987428144208700861179583300725967412819007210484272153698742094813831136110432647963439461083366219939311288454468201149250134518739117570214679838956627352446656243703182973510765402614149661480728529622927372312393708667597235331080212020998877592539972944174467653466169880113759638371251962355395222628867433321784076235643273355632710384431597250152489217268577
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (147 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsorganizationvalsha2g2'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ur1-idp.lrs.education.gov.uk'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							2f2c83958a3817affba5ebeb5e0b0d33ce5abc82
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 96de61f1bd1c1629531cc0cc7d3b830040e61a7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009cb968c8e30dae1caff8b09c17debf70879a7339b751b7444c725bed5e409d08002df6fb2c8490d50b3ec50a2828ab89f3eff14d61c8b2be38145089c4164e3f1466722e306007ba0235ac887fc53cdb20dfd34000ffe2ec6109e1f03fbca2596da4b7451c71c6a582c68a1e2c120b7500ae17db9d15762a74f17315b4cf400ed5437dd3758bedc63cb3a12d26592b5420030fe2bfb1fbdf256b56370250c46400d15c5d037de80fa89ce753f70f5b8617bf17aa8bfa9fcdbcc31b0e21d45e144e45a32b61b8196af309f17926a9b97f1d15730dbd85cb6317dcb0e66de341035e9de79a05a95f69e5b53c919e8c67462717d7a0b6b60b8eaa4366d4d0cd7c0f