staging.www.huffingtonpost.com

- Verizon Digital Media Services, Inc. -

Issued by DigiCert SHA2 Secure Server CA

About this certificate

This digital certificate with serial number 04:e1:44:5f:24:18:63:d5:11:ef:3a:47:af:e0:7e:05 was issued on by DigiCert Inc.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Verizon Digital Media Services, Inc.

Organization: Verizon Digital Media Services, Inc.
Organization unit: Huffington Post
State / Province: California
Locality: Los Angeles
Country: US

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:e1:44:5f:24:18:63:d5:11:ef:3a:47:af:e0:7e:05
Serial Number (int): 6486565518009432894705270781900783109
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 26:d2:a5:b5:28:55:28:42:34:d9:7c:fd:d6:d6:f3:0c:b4:6b:bf:88
AuthorityKeyId: 0f:80:61:1c:82:31:61:d5:2f:28:e7:8d:46:38:b4:2c:e1:c6:d9:e2

Fingerprint (sha1): a7:0d:5a:e3:e8:c9:18:e3:84:3d:c9:82:12:9e:87:4b:d4:d8:19:2f
Fingerprint (sha256): 0b:a3:3a:75:02:6c:d7:4e:27:9a:87:10:f9:44:0f:3c:5b:3c:46:56:c3:8a:34:04:99:d9:58:0e:ed:e6:a4:96

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/ssca-sha2-g1.crl
CRL Distribution Point: http://crl4.digicert.com/ssca-sha2-g1.crl

Check the revocation status for certificate staging.www.huffingtonpost.com

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for staging.www.huffingtonpost.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

staging.www.huffingtonpost.com
staging.m.huffpost.com
staging.www.huffpost.com

Other certificates including the domain name huffingtonpost.com

(limited to 100 certificates)
qa5.add.my.aol.com
*.preview.www.huffpost.com
qa.mapi.huffpost.com
*.app-west.buzzfeed.io
*.aol.com
*.add.my.aol.com
pr.huffingtonpost.com
img.huffingtonpost.com
www.huffingtonpost.com
*.contributor.huffingtonpost.com
content.huffingtonpost.com
staging-userapi.huffingtonpost.com
img.staging.huffingtonpost.com
accounts.huffingtonpost.com
qa.mapi.huffpost.com
src5.yahoo.com
beta-origin-cambria-alb.huffpo.net
staging.www.huffingtonpost.com
*.aol.com
stage.guce.oath.com
production-kraken-valencia-preview.use1.huffpo.net
accounts.huffingtonpost.com
*.search.yahoo.com
secure.huffingtonpost.com
b.aol.com
*.aol.com
huffingtonpost.com
athena.huffingtonpost.com
huffingtonpost.com
src1.yahoo.com
*.search.yahoo.com
trunk.guce.oath.com
trunk.guce.oath.com
qa.preview.www.huffpost.com
staging.www.huffingtonpost.com
www.huffpost.com
huffingtonpost.com
accounts.huffingtonpost.com
ifthisartcouldvote.huffingtonpost.com
www.huffpost.com
dev.search.yahoo.com
origin-kraken.huffpo.net
beta-origin-cambria-alb.huffpo.net
*.search.yahoo.com
qa.preview.www.huffpost.com
www.huffingtonpost.com
stage.guce.oath.com
www.huffingtonpost.com
*.assets.huffingtonpost.com
origin-img.huffingtonpost.com
elections.huffingtonpost.com
src5.yahoo.com
src5.yahoo.com
*.aol.com
*.contributor.huffingtonpost.com
*.search.yahoo.com
*.prod.buzzfeed.io
ifthisartcouldvote.huffingtonpost.com
origin-kraken.huffpo.net
src5.yahoo.com
staging-athena-mongo-cms.huffpost.net
ifthisartcouldvote.huffingtonpost.com
news.huffingtonpost.com
*.assets.huffingtonpost.com
stage.guce.oath.com
*.prod.buzzfeed.io
content.staging.huffingtonpost.com
dev.search.yahoo.com
ifthisartcouldvote.huffingtonpost.com
*.search.yahoo.com
guce.oath.com
www.huffingtonpost.com
editorial.huffingtonpost.com
src1.yahoo.com
staging.www.huffingtonpost.com
qa.preview.www.huffpost.com
*.search.yahoo.com
editorial.huffingtonpost.com
*.stage.buzzfeed.io
src6.yahoo.com
accounts.huffingtonpost.com
*.prod.buzzfeed.io
*.stage.buzzfeed.io
src1.yahoo.com
src6.yahoo.com
*.preview.www.huffpost.com
staging.preview.www.huffpost.com
secure.huffingtonpost.com
secure.huffingtonpost.com
ifthisartcouldvote.huffingtonpost.com
*.app-west.buzzfeed.io
huffingtonpost.com
ws.huffingtonpost.com
qa.mapi.huffpost.com
secure.huffingtonpost.com
*.add.my.aol.com
preview.www.huffpost.com
origin-kraken.huffpo.net
trunk.guce.oath.com
sp.huffingtonpost.com

Certificate

The complete raw certificate details for staging.www.huffingtonpost.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHlDCCBnygAwIBAgIQBOFEXyQYY9UR7zpHr+B+BTANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTcxMDI1MDAwMDAwWhcN
MjAwNjA0MTIwMDAwWjCBqjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju
aWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMS0wKwYDVQQKEyRWZXJpem9uIERpZ2l0
YWwgTWVkaWEgU2VydmljZXMsIEluYy4xGDAWBgNVBAsTD0h1ZmZpbmd0b24gUG9z
dDEnMCUGA1UEAxMec3RhZ2luZy53d3cuaHVmZmluZ3RvbnBvc3QuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi28sXk3qkhy9Ysh+VWEQoHinvjcK
XqT1lthSe6A4VTyysANywiU1KJV2ypBxVgadVMZ9sYDfYhABP+fWOtJzKp4gXL1E
qjN3SCUR37q5ZHaosbnkvah6NeeKpNcPiXDIPCh5DH8tXQ0e1iQ4gQI8dlrG5g3z
2cJl3YFizw5PeHUSzGMZBMEkXiNS7pvYlwGoq6oXJBoHdU3EL2YJzFSEHL3XwTiq
L3eFo9i/ZfGBhnPdOdYi8hphzTkpUobds4SmxLOFf4SBs6HF6X2p1E37oLBWiOTF
ec89Un3uAzpzZwhZ6uzCtHg2bbH5EEyv+BSYMA8AvFPnMvGw2J5hgQdHmQIDAQAB
o4IEEDCCBAwwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0O
BBYEFCbSpbUoVShCNNl8/dbW8wy0a7+IMFsGA1UdEQRUMFKCHnN0YWdpbmcud3d3
Lmh1ZmZpbmd0b25wb3N0LmNvbYIWc3RhZ2luZy5tLmh1ZmZwb3N0LmNvbYIYc3Rh
Z2luZy53d3cuaHVmZnBvc3QuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2Ny
bDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nMS5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzEuY3JsMEwGA1UdIARFMEMwNwYJ
YIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNv
bS9DUFMwCAYGZ4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0
cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0
cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwG
A1UdEwEB/wQCMAAwggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB2AKS5CZC0GFgU
h7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABX1JevLEAAAQDAEcwRQIhAP7ONf1C
DHoV9YCtfFadiees086X48vQSJbaPhVC7pHoAiA0aTFdrcL/YA4QH+8vEtG4f0vL
Qv7qQEGsVni8v2oIOgB1AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDd
AAABX1JevX0AAAQDAEYwRAIgRReoLTsYw0peOodJFZowj6udKUcpFaZXv3XHEblj
R4kCIDsHhDHee2oe70Qo5KJeEI3CwNa4OuVtjxbQWYRq/Y+TAHYA7ku9t3XOYLrh
Qmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFfUl6/qAAABAMARzBFAiEAqBuv1ikc
Z6mBEzp2hTrjlpxUukjV9SzTAat9ZIplnYwCIEVb7s6PUMeOXXbLyPf3awJA3659
vLFdssL/BHMvCxIFAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUA
AAFfUl69TAAABAMARzBFAiEAllP/rf1V1fLjKRFcrJ4TpttIRoUre7OK/11IFhYP
wyACICrCXySDB3vFRd4WciZv07wGH5XlF1myq6M03h31AtYWMA0GCSqGSIb3DQEB
CwUAA4IBAQCn6fCv//pCwWwhA9Wd6eb8IfaTYmwDuMRILGlwCPQaIjPtM2CqxXhf
N6V+GBXNpj3OQGMGBAkOiU2RcCeYzkaretnLKxJ4Jizo0P9FTEufPDp67pebYHM4
4unZhCKByttSeVomqfuksha6XDN+7P7fL+Yuvqk1iUaVeqhVmJYMl0O+Qd7udHWw
N+t9Mwc2Nd0H5MpmtylaG3JaC1aqUQlJkS2mWzAAXMjxlJ+9zZ6XsbwfDkNT4wEy
6fKlpJGJ2EbabyisTXhALXrzZ90gKY/Nrd2kQ+68I8jv7377YbJcah3OnNugGZp9
o2+mTRg2Z3rUDOcJpIIf01JQGVXQIURx
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi28sXk3qkhy9Ysh+VWEQ
oHinvjcKXqT1lthSe6A4VTyysANywiU1KJV2ypBxVgadVMZ9sYDfYhABP+fWOtJz
Kp4gXL1EqjN3SCUR37q5ZHaosbnkvah6NeeKpNcPiXDIPCh5DH8tXQ0e1iQ4gQI8
dlrG5g3z2cJl3YFizw5PeHUSzGMZBMEkXiNS7pvYlwGoq6oXJBoHdU3EL2YJzFSE
HL3XwTiqL3eFo9i/ZfGBhnPdOdYi8hphzTkpUobds4SmxLOFf4SBs6HF6X2p1E37
oLBWiOTFec89Un3uAzpzZwhZ6uzCtHg2bbH5EEyv+BSYMA8AvFPnMvGw2J5hgQdH
mQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 6486565518009432894705270781900783109
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-10-25 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-06-04 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Los Angeles'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Verizon Digital Media Services, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Huffington Post'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'staging.www.huffingtonpost.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17601945994630100722099290789861911726697759346722555272091315211688148976034206461019348260100332332834302085086355049062995860564526328596914691347398342926922462215756456230399040944939255729399777635351971485807643971969768824756364075154030699141660711359863356396234187003039513925091321709601390900883340506319669586347403616595893489915228535020020942886149504264772838926307059570091022463034212137890494974205004326882366295642066601727556388182110932060942632310896324372582433807049901018391724081619683390257509211825227442786956005648235357315790280658162696703641292019873595947099722393727701969487769
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0f80611c823161d52f28e78d4638b42ce1c6d9e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							26d2a5b52855284234d97cfdd6d6f30cb46bbf88
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (84 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.www.huffingtonpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.m.huffpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.www.huffpost.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/ssca-sha2-g1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/ssca-sha2-g1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (112 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (485 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (481 bytes)
							01df007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000015f525ebcb10000040300473045022100fece35fd420c7a15f580ad7c569d89e7acd3ce97e3cbd04896da3e1542ee91e802203469315dadc2ff600e101fef2f12d1b87f4bcb42feea4041ac5678bcbf6a083a0075005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000015f525ebd7d000004030046304402204517a82d3b18c34a5e3a8749159a308fab9d29472915a657bf75c711b963478902203b078431de7b6a1eef4428e4a25e108dc2c0d6b83ae56d8f16d059846afd8f93007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000015f525ebfa80000040300473045022100a81bafd6291c67a981133a76853ae3969c54ba48d5f52cd301ab7d648a659d8c0220455beece8f50c78e5d76cbc8f7f76b0240dfae7dbcb15db2c2ff04732f0b1205007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000015f525ebd4c00000403004730450221009653ffadfd55d5f2e329115cac9e13a6db4846852b7bb38aff5d4816160fc32002202ac25f2483077bc545de1672266fd3bc061f95e51759b2aba334de1df502d616
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00a7e9f0affffa42c16c2103d59de9e6fc21f693626c03b8c4482c697008f41a2233ed3360aac5785f37a57e1815cda63dce40630604090e894d91702798ce46ab7ad9cb2b1278262ce8d0ff454c4b9f3c3a7aee979b607338e2e9d9842281cadb52795a26a9fba4b216ba5c337eecfedf2fe62ebea9358946957aa85598960c9743be41deee7475b037eb7d33073635dd07e4ca66b7295a1b725a0b56aa510949912da65b30005cc8f1949fbdcd9e97b1bc1f0e4353e30132e9f2a5a49189d846da6f28ac4d78402d7af367dd20298fcdaddda443eebc23c8efef7efb61b25c6a1dce9cdba0199a7da36fa64d1836677ad40ce709a4821fd352501955d0214471