cmsdcadiskitb04.fnal.gov
- Fermi Research Alliance -
Issued by InCommon RSA IGTF Server CA 3
About this certificate
This digital certificate with serial number a2:70:82:f0:35:1d:c4:ca:1e:38:89:75:2f:e0:46:d3 was issued on by Internet2.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Fermi Research Alliance
Organization:
Fermi Research Alliance
State / Province:
Illinois
Country: US
Country: US
Internet2
Organization:
Internet2
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): a2:70:82:f0:35:1d:c4:ca:1e:38:89:75:2f:e0:46:d3Serial Number (int): 215919128309758443926958994732015961811
Serial Number lenght: 128 bits, 16 octets
SubjectKeyId: 7f:c8:d1:16:fb:09:d0:ac:8b:d7:49:36:83:62:2b:60:9c:10:20:8a
AuthorityKeyId: 16:36:a5:e3:31:7b:bf:67:f6:b2:b7:e7:ea:54:ef:57:30:be:c7:e5
Fingerprint (sha1): 09:b4:3a:50:42:36:e3:9f:61:5d:98:7e:2f:04:83:77:c4:f2:c5:12
Fingerprint (sha256): 0c:0e:12:d3:bc:0f:2b:58:7d:4d:65:c1:ec:6d:51:40:ec:df:7c:36:23:3f:fb:96:38:a5:83:c3:c2:a5:1c:03
Issuing Certificate URL: http://crt.sectigo.com/InCommonRSAIGTFServerCA3.crt
Revocation information
OCSP Server: http://ocsp.sectigo.comCRL Distribution Point: http://crl.sectigo.com/InCommonRSAIGTFServerCA3.crl
Check the revocation status for certificate cmsdcadiskitb04.fnal.gov
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for cmsdcadiskitb04.fnal.gov
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA384 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
cmsdcadiskitb04.fnal.gov
Other certificates including the domain name fnal.gov
(limited to 100 certificates)
uboonepro-uboonegpvm01.fnal.gov
gpce03.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
stkendca71a.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
lpcschedd3.fnal.gov
samwebgpvm03.fnal.gov
ftdc2.fermitest.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
pubstor2231.fnal.gov
*.fnal.gov
nsexpe2.fnal.gov
cmsstor341.fnal.gov
*.fnal.gov
uhosts.fnal.gov
www-bss.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmssi-factory02.fnal.gov
*.fnal.gov
uhosts.fnal.gov
fermi-rsa-2.fnal.gov
*.fnal.gov
cmseos-tf1103.fnal.gov
rcds01.fnal.gov
*.fnal.gov
*.fnal.gov
ssiadmin3.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos511.fnal.gov
uhosts.fnal.gov
fcdfcache122.fnal.gov
*.fnal.gov
*.fnal.gov
cmssrv628.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
cmseos1144.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
icaruspro-icarusgpvm01.fnal.gov
cmsstor907.fnal.gov
*.fnal.gov
*.fnal.gov
fifeutilgpvm01.fnal.gov
fermicloud527.fnal.gov
*.fnal.gov
*.fnal.gov
fndcaitb1.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos-if1102.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
fermicloud363.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos517.fnal.gov
rcodegpvm02.fnal.gov
cmseos56.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb03.fnal.gov
*.fnal.gov
accelaipro-accelaigpvm01.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb04.fnal.gov
cmseos34.fnal.gov
fndca5b.fnal.gov
*.fnal.gov
gpce03.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
stkendca71a.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
lpcschedd3.fnal.gov
samwebgpvm03.fnal.gov
ftdc2.fermitest.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
pubstor2231.fnal.gov
*.fnal.gov
nsexpe2.fnal.gov
cmsstor341.fnal.gov
*.fnal.gov
uhosts.fnal.gov
www-bss.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmssi-factory02.fnal.gov
*.fnal.gov
uhosts.fnal.gov
fermi-rsa-2.fnal.gov
*.fnal.gov
cmseos-tf1103.fnal.gov
rcds01.fnal.gov
*.fnal.gov
*.fnal.gov
ssiadmin3.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos511.fnal.gov
uhosts.fnal.gov
fcdfcache122.fnal.gov
*.fnal.gov
*.fnal.gov
cmssrv628.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
cmseos1144.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
icaruspro-icarusgpvm01.fnal.gov
cmsstor907.fnal.gov
*.fnal.gov
*.fnal.gov
fifeutilgpvm01.fnal.gov
fermicloud527.fnal.gov
*.fnal.gov
*.fnal.gov
fndcaitb1.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos-if1102.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
fermicloud363.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos517.fnal.gov
rcodegpvm02.fnal.gov
cmseos56.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb03.fnal.gov
*.fnal.gov
accelaipro-accelaigpvm01.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb04.fnal.gov
cmseos34.fnal.gov
fndca5b.fnal.gov
*.fnal.gov
Certificate
The complete raw certificate details for cmsdcadiskitb04.fnal.gov in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIIKTCCBpGgAwIBAgIRAKJwgvA1HcTKHjiJdS/gRtMwDQYJKoZIhvcNAQEMBQAw STELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEmMCQGA1UEAxMdSW5D b21tb24gUlNBIElHVEYgU2VydmVyIENBIDMwHhcNMjMxMjEyMDAwMDAwWhcNMjUw MTEwMjM1OTU5WjCBlDETMBEGCgmSJomT8ixkARkWA29yZzEYMBYGCgmSJomT8ixk ARkWCGluY29tbW9uMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxIDAe BgNVBAoTF0Zlcm1pIFJlc2VhcmNoIEFsbGlhbmNlMSEwHwYDVQQDExhjbXNkY2Fk aXNraXRiMDQuZm5hbC5nb3YwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC AQCQ0rbKlRJTK97cQqvCJd8EbbjI12kF4wekQErm9BhPREBAn9KA29JYC3FnCAuo dlv2RFrYBp8uKh9YfxL72CjetHOeO8NyD22dGoWPpXp6br0DfVDaxkCxOShd+EE3 JI2dtTtgPFoFOFt1i1Qs4oHETWyTDFlPZsDdir9XSN88nAtYB5bPfo1L8v3sddHp hY/VXjrp+CPYf9tcdkIDC/w5zJO/Em121osdweiLcg0oSNQ96v5eW8bPRv2/HLQZ dOVEFXJk9FsJSDOpv6mAwJ0i3aMLFTcI9daXEq8K4IZZRHQCq6EhITWE2Zwh0ks3 k9x1bO8KLduEgTE12AEUYVq+uyKjOPLaPj5lxqISEHc2x8R0Da/OtIpmfLWRXJaF OkDAJmhgbVaDY0lMv3IQesz1wTKDgkPMRYlROYeojd29dcXotFVGcNGK0ImwLkuY rhyt/+re1Q/tlud8xm1ey+eBRyTpoO6ABF9nokEyXW0KJvc/oAhzebzYXCEwj1yx vX6EGfbWwhXBqRXBAIVgXElWfhB3HeYjBW+czUajit6gFq2UZDmq+SZ4HC7YEgst Ec586NhsjDqMkhIw1/pf2vEf3q9yByfX1qVrDqiHYeRslRCDBOmPZHcKcA0jmxbt YTSv3/yOF9A90Ax8BU35jUkrIlmx5vV7QAabbre+DowvxwIDAQABo4IDPjCCAzow HwYDVR0jBBgwFoAUFjal4zF7v2f2srfn6lTvVzC+x+UwHQYDVR0OBBYEFH/I0Rb7 CdCsi9dJNoNiK2CcECCKMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBYBgNVHSAEUTBPMDUGDCsGAQQB riMBBAMEAjAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAM BgoqhkiG90wFAgIBMAgGBmeBDAECAjBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8v Y3JsLnNlY3RpZ28uY29tL0luQ29tbW9uUlNBSUdURlNlcnZlckNBMy5jcmwwdAYI KwYBBQUHAQEEaDBmMD8GCCsGAQUFBzAChjNodHRwOi8vY3J0LnNlY3RpZ28uY29t L0luQ29tbW9uUlNBSUdURlNlcnZlckNBMy5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6 Ly9vY3NwLnNlY3RpZ28uY29tMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgDP EVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAYxe8pbuAAAEAwBHMEUC ICKVggjI4gyXd7E2GYHaJWxk1rhEHUG5mEFDznVMfWosAiEAmj3/CaPGDx2O1hsW bWm0DKDOJPo0SzFkQdi2c83aCl4AdgCi4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14b LMS5UKRH5wAAAYxe8peRAAAEAwBHMEUCIQDBwnDP8s8b3ZOhywmP/fyCTm0pWiVS TCUIbfNwk3rmuQIgAVPE+6qqoFQofJQa8886pvp7weBrv8M0sNzIc0H8UrIAdgBO daMnXJoQwzhbbNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAYxe8pbKAAAEAwBHMEUC IHJZFrk4fpcyvqsi5fDxdOehVe/C+iS7e3L2C1XDNwVHAiEA4rzA2KzfMDlne4PY kiKuosNY3Ouqpv4j6rlR7xFZiO8wIwYDVR0RBBwwGoIYY21zZGNhZGlza2l0YjA0 LmZuYWwuZ292MA0GCSqGSIb3DQEBDAUAA4IBgQBJxlwZv58eDcotGLNsil/mZdhH vQCHgyHY0Cu7PVDz6lPBMDHgydAD1gLmNgMNHuxb3kw1ig060h+1FgTi/qd59wHZ Z3vLLm8pujwStA/D9oExOoCNQIoOo7mXnvDdQgM0ALtRMZBJg3jdfB95peylK7W4 QkL//T8bSktBj+n8IaTeG4pl+mp9ZA4mo1S1JI2EjAmLwiU6i5r1B+PLZ0WMx2uJ 3N/BLTjRTaMB4r+QF0CJ+A3/vGGFk5fS0qJtmwhmcjbiFEOkBWh40frXu5+Z3fH2 pt1IuTLz8278ujDsMlFR9Fo5H/XdK/okxQZA+DsKw3qDvdNtm5vK9Bv/dOLCKfjW b1joJup/zIY7aq402uqX7E4Z6woQH0TXt9Dw2O7Y9bBph53poHRMO3xo1rjZTevs JmuJ0pAGHJRFC+r+2zVd8r+N+sgsvDhRIo+rs0sDSPL7YnN8rltE9ADMH7gMVd7P qUgN5NDXc+FJudrRUZjZBYggZtnW7VJir0F5HY0= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkNK2ypUSUyve3EKrwiXf BG24yNdpBeMHpEBK5vQYT0RAQJ/SgNvSWAtxZwgLqHZb9kRa2AafLiofWH8S+9go 3rRznjvDcg9tnRqFj6V6em69A31Q2sZAsTkoXfhBNySNnbU7YDxaBThbdYtULOKB xE1skwxZT2bA3Yq/V0jfPJwLWAeWz36NS/L97HXR6YWP1V466fgj2H/bXHZCAwv8 OcyTvxJtdtaLHcHoi3INKEjUPer+XlvGz0b9vxy0GXTlRBVyZPRbCUgzqb+pgMCd It2jCxU3CPXWlxKvCuCGWUR0AquhISE1hNmcIdJLN5PcdWzvCi3bhIExNdgBFGFa vrsiozjy2j4+ZcaiEhB3NsfEdA2vzrSKZny1kVyWhTpAwCZoYG1Wg2NJTL9yEHrM 9cEyg4JDzEWJUTmHqI3dvXXF6LRVRnDRitCJsC5LmK4crf/q3tUP7ZbnfMZtXsvn gUck6aDugARfZ6JBMl1tCib3P6AIc3m82FwhMI9csb1+hBn21sIVwakVwQCFYFxJ Vn4Qdx3mIwVvnM1Go4reoBatlGQ5qvkmeBwu2BILLRHOfOjYbIw6jJISMNf6X9rx H96vcgcn19alaw6oh2HkbJUQgwTpj2R3CnANI5sW7WE0r9/8jhfQPdAMfAVN+Y1J KyJZseb1e0AGm263vg6ML8cCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 215919128309758443926958994732015961811 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA IGTF Server CA 3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-12 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-10 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'org' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'incommon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illinois' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Fermi Research Alliance' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cmsdcadiskitb04.fnal.gov' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 590826707658470350914839730063165884300342635971895193517040176037520435911383194130108675892783675588681032386031435160327227388761523724546957590439514929974880951237678348050843305238721579683098748267136408455920293293533189403648887452004820127258173618328282423994586148582557374658173956822273328589261304294591910135603682108755051921169435014710134318838783762783976894665645805197361093834381698831525307238523877060700384807908722788072260683933591576402396822370738617982460874958600843395669971889479563131276224958448023167140984753187974148795924234402307180411858846179998701461973900108676115526429014846673424333526260233431018448792894277971058723628293223049352544579289335001148643227266123976035089214632098599897324401186274272715122875424551769513623024340183982404874783856887502082644796530518384277115613680709931755587008231986405175148748703444348189416428086466098445753387084441570713033430273570922997657178516050162346202432068478607994398161979300428387676755815738498418579113489056172715480844565060596306091554849012809587147435501759645374265618234493383982056597057027440793222938590195611869321157433678157244640863994730577504668094900338671711628382302152020395718711808986006001955195596743 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1636a5e3317bbf67f6b2b7e7ea54ef5730bec7e5 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 7fc8d116fb09d0ac8bd7493683622b609c10208a . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (81 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.4.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113612.5.2.2.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/InCommonRSAIGTFServerCA3.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/InCommonRSAIGTFServerCA3.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes) 0168007600cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018c5ef296ee0000040300473045022022958208c8e20c9777b1361981da256c64d6b8441d41b9984143ce754c7d6a2c0221009a3dff09a3c60f1d8ed61b166d69b40ca0ce24fa344b316441d8b673cdda0a5e007600a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018c5ef297910000040300473045022100c1c270cff2cf1bdd93a1cb098ffdfc824e6d295a25524c25086df370937ae6b902200153c4fbaaaaa054287c941af3cf3aa6fa7bc1e06bbfc334b0dcc87341fc52b20076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018c5ef296ca00000403004730450220725916b9387e9732beab22e5f0f174e7a155efc2fa24bb7b72f60b55c3370547022100e2bcc0d8acdf3039677b83d89222aea2c358dcebaaa6fe23eab951ef115988ef . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cmsdcadiskitb04.fnal.gov' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (3072 bits) 0049c65c19bf9f1e0dca2d18b36c8a5fe665d847bd00878321d8d02bbb3d50f3ea53c13031e0c9d003d602e636030d1eec5bde4c358a0d3ad21fb51604e2fea779f701d9677bcb2e6f29ba3c12b40fc3f681313a808d408a0ea3b9979ef0dd42033400bb513190498378dd7c1f79a5eca52bb5b84242fffd3f1b4a4b418fe9fc21a4de1b8a65fa6a7d640e26a354b5248d848c098bc2253a8b9af507e3cb67458cc76b89dcdfc12d38d14da301e2bf90174089f80dffbc61859397d2d2a26d9b08667236e21443a4056878d1fad7bb9f99ddf1f6a6dd48b932f3f36efcba30ec325151f45a391ff5dd2bfa24c50640f83b0ac37a83bdd36d9b9bcaf41bff74e2c229f8d66f58e826ea7fcc863b6aae34daea97ec4e19eb0a101f44d7b7d0f0d8eed8f5b069879de9a0744c3b7c68d6b8d94debec266b89d290061c94450beafedb355df2bf8dfac82cbc3851228fabb34b0348f2fb62737cae5b44f400cc1fb80c55decfa9480de4d0d773e149b9dad15198d905882066d9d6ed5262af41791d8d