*.accesscontrol.identity.office-int.net

Issued by Microsoft IT TLS CA 1

About this certificate

This digital certificate with serial number 7b:00:0a:49:39:6f:32:44:4f:e8:25:1a:5f:00:00:00:0a:49:39 was issued on by Microsoft Corporation.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

Certificate Subject

CN=*.accesscontrol.identity.office-int.net

Microsoft Corporation

Organization: Microsoft Corporation
Organization unit: Microsoft IT
State / Province: Washington
Locality: Redmond
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 7b:00:0a:49:39:6f:32:44:4f:e8:25:1a:5f:00:00:00:0a:49:39
Serial Number (int): 2742995159574795799044585007774728727042869561
Serial Number lenght: 151 bits, 19 octets

SubjectKeyId: 04:ab:23:60:dd:51:98:75:a4:48:fd:56:72:05:6f:2c:cb:2d:95:a9
AuthorityKeyId: 58:88:9f:d6:dc:9c:48:22:b7:14:3e:ff:84:88:e8:e6:85:ff:fa:7d

Fingerprint (sha1): 19:a7:24:89:1d:1a:51:f1:dd:73:c1:07:a8:e8:c9:f1:fd:0a:3a:0b
Fingerprint (sha256): 0b:af:59:6b:19:be:d4:bf:e5:c6:fd:d8:be:9d:c6:53:bb:66:01:80:44:99:63:20:e2:31:4b:8b:48:99:9b:b9

Issuing Certificate URL: http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt

Revocation information

OCSP Server: http://ocsp.msocsp.com
CRL Distribution Point: http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl
CRL Distribution Point: http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl

Check the revocation status for certificate *.accesscontrol.identity.office-int.net

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.accesscontrol.identity.office-int.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

11 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.identity.accesscontrol-int.office.com
*.accesscontrol.identity.office-int.net

Other certificates including the domain name office-int.net

(limited to 100 certificates)
officernr.osi.office-int.net
kaizalamessaging.osi.office-int.net
*.osi.office-int.net
augmentation.osi.office-int.net
*.osi.office-int.net
OsiDataEncrypt-Carmine-ALL-DEK.osi.office-int.net
icmconnector.griffinosiplatformtest.osi.office-int.net
kasmgmtportal.osi.office-int.net
Aqua-INT-MdmAdministrator.osi.office-int.net
msa-sapi.graph.office-int.net
Cobalt-INT-MdmAdministrator.osi.office-int.net
manage.osi.office-int.net
Cobalt-INT-MdmAdministrator.osi.office-int.net
inclient.store.office-int.com
store.office-int.com
Wheat-INT-MdmAdministrator.osi.office-int.net
Caelum-INT-MdmAdministrator.osi.office-int.net
insertmedia.osi.office-int.net
captions.officeapps.live-int.com
ssu.office-int.com
oliml.office-int.net
tasks.office-int.com
*.osi.office-int.net
graph.office-int.net
support.office-int.com
wdgfabric.osi.office-int.net
*.osi.office-int.net
*.osi.office-int.net
GriffinOsiPlatformTest-DataEncryptionCertife.office-int.net
manage.osi.office-int.net
entity-sti-int.osi.office-int.net
samplegateway.omex.office-int.net
manage.osi.office-int.net
Vela-INT-MdmAdministrator.osi.office-int.net
GriffinOsiPlatformTest-DataEncryptionCertife.office-int.net
griffinosiplatformtest.osi.office-int.net
*.osi.office-int.net
hubblecontent.osi.office-int.net
hubble.officeapps.live-int.com
Caelum-INT-MdmAdministrator.osi.office-int.net
icms.osi.office-int.net
*.accesscontrol.identity.office-int.net
oxocompliance-test.office-int.net
*.osi.office-int.net
*.osi.office-int.net
Wheat-INT-MdmAdministrator.osi.office-int.net
Mint-INT-Mds.osi.office-int.net
kevlar.marketwatch.office-int.net
validationgateway.omex.office-int.net
scram.osi.office-int.net
Bronze-INT-Mds.osi.office-int.net
enceladus.osi.office-int.net
officecheckoutpurchase.omex.office-int.net
helene.cosmosproxy.osi.office-int.net
arms.osi.office-int.net
arms.osi.office-int.net
cornsilkint-mds.osi.office-int.net
Wheat-INT-MdmAdministrator.osi.office-int.net
ogma.osi.office-int.net
externalgateway.omex.office-int.net
addinslicensing.store.office-int.com
augmentation.osi.office-int.net
tellmeservice.osi.office-int.net
Antlia-INT-MdmAdministrator.osi.office-int.net
eridanus-Int-Mdm.osi.office-int.net
Russet-INT-Mds.osi.office-int.net
macommunication.geneva.keyvault.fullvalue.omex.office-int.net
Aqua-INT-MdmAdministrator.osi.office-int.net
setup.office-int.com
Aqua-INT-MdmAdministrator.osi.office-int.net
*.graph.office-int.net
Carpo-INT-Mds.osi.office-int.net
*.osi.office-int.net
cluster.fullvalue.omex.office-int.net
*.osi.office-int.net
dataencryption.omex.office-int.net
hubble.officeapps.live-int.com
forms.office-int.com
Manatee-INT-Mds.osi.office-int.net
checkout.office-int.com
GriffinOsiPlatformTest-gcpcert.office-int.net
config.officeapps.live-int.com
GriffinOsiPlatformTest-gcpcert.office-int.net
pptcast-rps-int.osi.office-int.net
store.office-int.com
aurigasentryportal.office-int.net
tasman.osi.office-int.net
Asparagus-INT-Mds.osi.office-int.net
support.office-int.com
stores.office-int.com
diagnosticsgateway.omex.office-int.net
checkout.office-int.com
usershardextension-sti-int.osi.office-int.net
*.identity.office-int.net
Lynx-INT-Mds.osi.office-int.net
Snow-INT-Mds.osi.office-int.net
loopback.osi.office-int.net
patriarch.cosmosproxy.osi.office-int.net
mdoipdomainmgmt.office-int.net
uci.officeapps.live-int.com

Certificate

The complete raw certificate details for *.accesscontrol.identity.office-int.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHHjCCBQagAwIBAgITewAKSTlvMkRP6CUaXwAAAApJOTANBgkqhkiG9w0BAQsF
ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE
CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEw
HhcNMTkwOTI0MTkzNzIyWhcNMjEwOTI0MTkzNzIyWjAyMTAwLgYDVQQDDCcqLmFj
Y2Vzc2NvbnRyb2wuaWRlbnRpdHkub2ZmaWNlLWludC5uZXQwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCwgoStAmEsEYiFOKAz+y44AapJMGztEi/ZnDVU
f3wmCHiTLIX9llu/gYnKkHd2rdJ2W3t1Jj0yRpY+4Ypo4jaUxGvLgdvzgichbT/5
XsShwz8o3qiL+oO0HpxoemUCH64XQzEWSU7vZrVIfd3VYVyK+gF3WZAScj0GNosz
dUFrLYezYFmtwDggOeeDJAB2AAR61zsI2LjIgSCvfH9dFWuTo8RJB3LnWpVU/XSG
ffv5TTVlIdF6Cdqy5IhG+goQEc7KmdNO1yTYPbSNMWTKPaXEKJ46zmPUE/l5Q1iP
Vmgbneoci804z9LeRg4z/imBmPYV/XMP4p9uwBV0jx3q6tgDAgMBAAGjggLRMIIC
zTATBgorBgEEAdZ5AgQDAQH/BAIFADAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUF
BwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD
7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3
MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29y
cC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcnQwIgYIKwYBBQUHMAGG
Fmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFASrI2DdUZh1pEj9VnIF
byzLLZWpMAsGA1UdDwQEAwIEsDBbBgNVHREEVDBSgicqLmlkZW50aXR5LmFjY2Vz
c2NvbnRyb2wtaW50Lm9mZmljZS5jb22CJyouYWNjZXNzY29udHJvbC5pZGVudGl0
eS5vZmZpY2UtaW50Lm5ldDCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8v
bXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJ
VCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9w
a2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmww
TQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3
dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bc
nEgitxQ+/4SI6OaF//p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAN
BgkqhkiG9w0BAQsFAAOCAgEAYlWZiu1UiKX3J9Vu4S60lsTjKoNYTeGElWldtCEb
4qw+5FmFwGz3BtWzIT9fS6tIPIX4psnDeJ5C6wusNXa/o8CaaXdElBVARcbWn80t
zhgsa98dguBww8M58RQFRRcbW5lEY0taxkvNQGmPQA8fTloIaleIK7HjukJoyqhi
xm0qJ5PFbMNFVj5RLPWrSMIj6r7vfiK3bQb8hAObgsX6UXRyKKykumPHTnrCA6LP
VbVg/qG58krf7qvoxapbczaGlplof/HSg390kt4AoY08fpTOnzzCfMdJdoHk46cU
TBYzCDgJBnwfzxUSjTSC2FhKcKqw597H5alffft+gah0OG73Vev2AOtQirb7XpIQ
wZUtYlmK5jmfYxlgrGxndLObl2+E1RS7KL5wskWNV85qIT+GK4rFyEyesSy/aBCL
j07CTKZnYVGXhScpDi0L7yvsGNNf8V2KfJFOBvJR3KGEu80C5pIuAFRHogvVmEZA
fiJWgJldn91sgueYPNxA2ebswkjqlybEgWx48g2rM3XXvMTZ/52jRvhFkyVqtASP
IK7miFJ2ljzYIqxEqkX4FEKq9GVWgzeA/yM1REqW34HJg1hF0w1l2cXNMRY2bFh7
puDqYhbnsk8OnGT53rWc9tU1+YlMNwlBsCN3rAumkxedm/hcg0ONIwukKMANCPig
/Bc=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIKErQJhLBGIhTigM/su
OAGqSTBs7RIv2Zw1VH98Jgh4kyyF/ZZbv4GJypB3dq3Sdlt7dSY9MkaWPuGKaOI2
lMRry4Hb84InIW0/+V7EocM/KN6oi/qDtB6caHplAh+uF0MxFklO72a1SH3d1WFc
ivoBd1mQEnI9BjaLM3VBay2Hs2BZrcA4IDnngyQAdgAEetc7CNi4yIEgr3x/XRVr
k6PESQdy51qVVP10hn37+U01ZSHRegnasuSIRvoKEBHOypnTTtck2D20jTFkyj2l
xCieOs5j1BP5eUNYj1ZoG53qHIvNOM/S3kYOM/4pgZj2Ff1zD+KfbsAVdI8d6urY
AwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2742995159574795799044585007774728727042869561
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Washington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT TLS CA 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-09-24 19:37:22 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-09-24 19:37:22 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.accesscontrol.identity.office-int.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22282302629220243405741285846794893786885279365015168781937180202563558047938854863406752002650308701113216000115608864687267901438555999665425029625692975711642574131827613485990091311002319803761427582872698686293751708489256881736599287784438463243239272469252144980493747263633972751634863646724339455151920699691250134685003977602529902928838450005817755006796889184865831818920894993198398684424339632775759930775296915607899288777352958044108532824864883858156430214908726367959338055252945817889380990175112491089874452885003297244526407171471824292475000416116950235660509559123070355244309809731267648477187
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.16155509.8105089.5391003.2969441.12400096.221.9744322.5884410
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.msocsp.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							04ab2360dd519875a448fd5672056f2ccb2d95a9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (84 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.identity.accesscontrol-int.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.accesscontrol.identity.office-int.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (164 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.42.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pki/mscorp/cps'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 58889fd6dc9c4822b7143eff8488e8e685fffa7d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		006255998aed5488a5f727d56ee12eb496c4e32a83584de18495695db4211be2ac3ee45985c06cf706d5b3213f5f4bab483c85f8a6c9c3789e42eb0bac3576bfa3c09a69774494154045c6d69fcd2dce182c6bdf1d82e070c3c339f1140545171b5b9944634b5ac64bcd40698f400f1f4e5a086a57882bb1e3ba4268caa862c66d2a2793c56cc345563e512cf5ab48c223eabeef7e22b76d06fc84039b82c5fa51747228aca4ba63c74e7ac203a2cf55b560fea1b9f24adfeeabe8c5aa5b7336869699687ff1d2837f7492de00a18d3c7e94ce9f3cc27cc7497681e4e3a7144c1633083809067c1fcf15128d3482d8584a70aab0e7dec7e5a95f7dfb7e81a874386ef755ebf600eb508ab6fb5e9210c1952d62598ae6399f631960ac6c6774b39b976f84d514bb28be70b2458d57ce6a213f862b8ac5c84c9eb12cbf68108b8f4ec24ca6676151978527290e2d0bef2bec18d35ff15d8a7c914e06f251dca184bbcd02e6922e005447a20bd59846407e225680995d9fdd6c82e7983cdc40d9e6ecc248ea9726c4816c78f20dab3375d7bcc4d9ff9da346f84593256ab4048f20aee6885276963cd822ac44aa45f81442aaf46556833780ff2335444a96df81c9835845d30d65d9c5cd3116366c587ba6e0ea6216e7b24f0e9c64f9deb59cf6d535f9894c370941b02377ac0ba693179d9bf85c83438d230ba428c00d08f8a0fc17