lariatpro-lariatsamgpvm01.fnal.gov
- Fermi Research Alliance -
Issued by InCommon RSA IGTF Server CA 3
About this certificate
This digital certificate with serial number 90:1c:69:a1:46:22:7d:65:19:95:7d:e3:d8:09:78:69 was issued on by Internet2.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Fermi Research Alliance
Organization:
Fermi Research Alliance
State / Province:
Illinois
Country: US
Country: US
Internet2
Organization:
Internet2
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 90:1c:69:a1:46:22:7d:65:19:95:7d:e3:d8:09:78:69Serial Number (int): 191556358135515055419836017992553560169
Serial Number lenght: 128 bits, 16 octets
SubjectKeyId: 04:5f:82:b3:53:9f:d2:39:36:9e:68:18:e7:fb:9d:73:13:2e:49:05
AuthorityKeyId: 16:36:a5:e3:31:7b:bf:67:f6:b2:b7:e7:ea:54:ef:57:30:be:c7:e5
Fingerprint (sha1): 3a:17:07:0b:b3:2d:c8:93:f4:88:94:e9:f9:6e:7b:f0:2d:e7:bb:a3
Fingerprint (sha256): 0c:83:e7:65:45:3c:13:11:8c:2d:3e:cd:d6:a9:3a:a7:73:56:bd:3b:63:d5:11:3d:4c:46:24:bf:9c:76:9f:a1
Issuing Certificate URL: http://crt.sectigo.com/InCommonRSAIGTFServerCA3.crt
Revocation information
OCSP Server: http://ocsp.sectigo.comCRL Distribution Point: http://crl.sectigo.com/InCommonRSAIGTFServerCA3.crl
Check the revocation status for certificate lariatpro-lariatsamgpvm01.fnal.gov
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for lariatpro-lariatsamgpvm01.fnal.gov
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA384 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
lariatpro-lariatsamgpvm01.fnal.gov
Other certificates including the domain name fnal.gov
(limited to 100 certificates)
uboonepro-uboonegpvm01.fnal.gov
gpce03.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
stkendca71a.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
lpcschedd3.fnal.gov
samwebgpvm03.fnal.gov
ftdc2.fermitest.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
pubstor2231.fnal.gov
*.fnal.gov
nsexpe2.fnal.gov
cmsstor341.fnal.gov
*.fnal.gov
uhosts.fnal.gov
www-bss.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmssi-factory02.fnal.gov
*.fnal.gov
uhosts.fnal.gov
fermi-rsa-2.fnal.gov
*.fnal.gov
cmseos-tf1103.fnal.gov
rcds01.fnal.gov
*.fnal.gov
*.fnal.gov
ssiadmin3.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos511.fnal.gov
uhosts.fnal.gov
fcdfcache122.fnal.gov
*.fnal.gov
*.fnal.gov
cmssrv628.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
cmseos1144.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
icaruspro-icarusgpvm01.fnal.gov
cmsstor907.fnal.gov
*.fnal.gov
*.fnal.gov
fifeutilgpvm01.fnal.gov
fermicloud527.fnal.gov
*.fnal.gov
*.fnal.gov
fndcaitb1.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos-if1102.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
fermicloud363.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos517.fnal.gov
rcodegpvm02.fnal.gov
cmseos56.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb03.fnal.gov
*.fnal.gov
accelaipro-accelaigpvm01.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb04.fnal.gov
cmseos34.fnal.gov
fndca5b.fnal.gov
*.fnal.gov
gpce03.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
stkendca71a.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
lpcschedd3.fnal.gov
samwebgpvm03.fnal.gov
ftdc2.fermitest.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
pubstor2231.fnal.gov
*.fnal.gov
nsexpe2.fnal.gov
cmsstor341.fnal.gov
*.fnal.gov
uhosts.fnal.gov
www-bss.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmssi-factory02.fnal.gov
*.fnal.gov
uhosts.fnal.gov
fermi-rsa-2.fnal.gov
*.fnal.gov
cmseos-tf1103.fnal.gov
rcds01.fnal.gov
*.fnal.gov
*.fnal.gov
ssiadmin3.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos511.fnal.gov
uhosts.fnal.gov
fcdfcache122.fnal.gov
*.fnal.gov
*.fnal.gov
cmssrv628.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
cmseos1144.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
icaruspro-icarusgpvm01.fnal.gov
cmsstor907.fnal.gov
*.fnal.gov
*.fnal.gov
fifeutilgpvm01.fnal.gov
fermicloud527.fnal.gov
*.fnal.gov
*.fnal.gov
fndcaitb1.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos-if1102.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
fermicloud363.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos517.fnal.gov
rcodegpvm02.fnal.gov
cmseos56.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb03.fnal.gov
*.fnal.gov
accelaipro-accelaigpvm01.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb04.fnal.gov
cmseos34.fnal.gov
fndca5b.fnal.gov
*.fnal.gov
Certificate
The complete raw certificate details for lariatpro-lariatsamgpvm01.fnal.gov in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIG0DCCBTigAwIBAgIRAJAcaaFGIn1lGZV949gJeGkwDQYJKoZIhvcNAQEMBQAw STELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEmMCQGA1UEAxMdSW5D b21tb24gUlNBIElHVEYgU2VydmVyIENBIDMwHhcNMjMxMjA1MDAwMDAwWhcNMjUw MTAzMjM1OTU5WjCBnjETMBEGCgmSJomT8ixkARkWA29yZzEYMBYGCgmSJomT8ixk ARkWCGluY29tbW9uMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxIDAe BgNVBAoTF0Zlcm1pIFJlc2VhcmNoIEFsbGlhbmNlMSswKQYDVQQDEyJsYXJpYXRw cm8tbGFyaWF0c2FtZ3B2bTAxLmZuYWwuZ292MIICIjANBgkqhkiG9w0BAQEFAAOC Ag8AMIICCgKCAgEAl02JPKbOE4vo4LuK3MmM46cqRF4e71LRpoxCIHGAewdEvSJj 7c8clevZDaiti+Fh/Pj6LJGyQPsz84B3CxfDHPBFGB3fp6GqLgWQFyOHlEs+29G3 GLUrbbEl12ho1fP0nMPMLMsSHMkjKJLJgZmWqqaYdN55tr3iObCozUacYX3vel17 WEFJzgzPamMNHrLAEUIeCtTTBolzMJB+/l/Im+pTSi1mJNpkHstlIgN3ieQjLwMQ Tu3JOhmcBOgyRjcjW8tYJ4VFnmyCP6zxxn9yi8IQdPjnDdebmpNm1Fq7SQ/hENP8 CexDOZuVUoe4Zm1IeSItHXVV4Vm2o6LvkWSXKzC1dC+KGOnoEUvRX9m/T1coR1wg gt0TUCNaDmivtJu7RPPvFwI9p6NLuA2SBl3xuWvLt/pM/u/wrEqJYZtgbFlJYrQF 4zX9SB/iGWLmCxc0lk6tED73r6EQl79H6TThHtFPgBN9i6ATLcbxZTQpf+geS6VC XCplg3z4s2MI1vH2BzxkzePRnkXrbVQ1+tnUc6sHOaPEpn2k+EbTYQiqD5uHQC2x 0mJGxTI+crCG6YsAt/ETo+bEN2ZLEX+NiObz8POi/WSauXs1eXMxE5oByjyHHgV1 r8XeU+cMxQ9pgkK4EbebZ3SMxw1g4E+Lllaa4+6WFz+f51xExJYu/veEU3UCAwEA AaOCAdswggHXMB8GA1UdIwQYMBaAFBY2peMxe79n9rK35+pU71cwvsflMB0GA1Ud DgQWBBQEX4KzU5/SOTaeaBjn+51zEy5JBTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T AQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwWAYDVR0gBFEw TzA1BgwrBgEEAa4jAQQDBAIwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdv LmNvbS9DUFMwDAYKKoZIhvdMBQICATAIBgZngQwBAgIwRAYDVR0fBD0wOzA5oDeg NYYzaHR0cDovL2NybC5zZWN0aWdvLmNvbS9JbkNvbW1vblJTQUlHVEZTZXJ2ZXJD QTMuY3JsMHQGCCsGAQUFBwEBBGgwZjA/BggrBgEFBQcwAoYzaHR0cDovL2NydC5z ZWN0aWdvLmNvbS9JbkNvbW1vblJTQUlHVEZTZXJ2ZXJDQTMuY3J0MCMGCCsGAQUF BzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTATBgorBgEEAdZ5AgQDAQH/BAIF ADAtBgNVHREEJjAkgiJsYXJpYXRwcm8tbGFyaWF0c2FtZ3B2bTAxLmZuYWwuZ292 MA0GCSqGSIb3DQEBDAUAA4IBgQBYutryuaAsEDTDMsxw8TF0YQC7K0Cm0zekzpe3 otBVJGuNshbmQYcOsCcI9ozsChtre+AKQNuDcn/xRf/PnS5VinAFCquBawspyIFy P71iy0/tQO47c7nIwBABaj77EhM7coygo2bRDRdtHhT04VybdsGOMPNZxXG0pYBH sxKL62ykE+HDIex9ZS87iU8tYUXbonNsgap22D1zze6AsmP1rnD/lNA/MTU3IWf5 ixRMk+NB+KTE/s/atvHgrtXN7NFkd+YPxrCVQrOjIAH8CxCBM0DuX2Kri7xyN5+R isxKx5Gvsa0mtyz29qsbh7+5wX7gWQV2BmkLqZZj0LdIE7h66dBlP3io/wFrcL/Y EQwOtjtb0W8rBJlT+9ubBoxPM3o94fwpn0BVvLEKCde9JtCLuAJzmXkiMzaHoXRa 3bgxh2cQ/I7mDp3DPgMlRh2gp9rX5DlUQZMMiMiWzS/kMgYXPwWL9US80YRt04xi U6dXyJKTC4UwJ66IW93yXFE3nww= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAl02JPKbOE4vo4LuK3MmM 46cqRF4e71LRpoxCIHGAewdEvSJj7c8clevZDaiti+Fh/Pj6LJGyQPsz84B3CxfD HPBFGB3fp6GqLgWQFyOHlEs+29G3GLUrbbEl12ho1fP0nMPMLMsSHMkjKJLJgZmW qqaYdN55tr3iObCozUacYX3vel17WEFJzgzPamMNHrLAEUIeCtTTBolzMJB+/l/I m+pTSi1mJNpkHstlIgN3ieQjLwMQTu3JOhmcBOgyRjcjW8tYJ4VFnmyCP6zxxn9y i8IQdPjnDdebmpNm1Fq7SQ/hENP8CexDOZuVUoe4Zm1IeSItHXVV4Vm2o6LvkWSX KzC1dC+KGOnoEUvRX9m/T1coR1wggt0TUCNaDmivtJu7RPPvFwI9p6NLuA2SBl3x uWvLt/pM/u/wrEqJYZtgbFlJYrQF4zX9SB/iGWLmCxc0lk6tED73r6EQl79H6TTh HtFPgBN9i6ATLcbxZTQpf+geS6VCXCplg3z4s2MI1vH2BzxkzePRnkXrbVQ1+tnU c6sHOaPEpn2k+EbTYQiqD5uHQC2x0mJGxTI+crCG6YsAt/ETo+bEN2ZLEX+NiObz 8POi/WSauXs1eXMxE5oByjyHHgV1r8XeU+cMxQ9pgkK4EbebZ3SMxw1g4E+Lllaa 4+6WFz+f51xExJYu/veEU3UCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 191556358135515055419836017992553560169 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA IGTF Server CA 3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-05 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-03 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'org' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'incommon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illinois' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Fermi Research Alliance' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'lariatpro-lariatsamgpvm01.fnal.gov' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 617261877770434799873939023408235909633265976559012140784711793099623674762937719484396767606949549360698126819758750946900272258902813732552696726507429365953863141589592388624370225278984135957349554275500251285994409982450437471774948959780446627903885569004508301075963594208079192833942593831331127725060780125550494891071346000971408793157658570868166093554361078076600309081091255779557582730845822011784111450058979249531581802479156059417746547498286957385722482870626612695187204075266566867471746296814852241107298516104816493002116294496851333999219548328611334827322201756827434157623678155016698963118935318778878069089685934542946947980787096685628093191804427295105916040212417164672609348266062078058053112777868831728238299271422892673915605367182764256265796133324373798410637683190896999148256945068024320587814139535894153364252452644693246536125385656055026401152688437779975703652936564977241128592954555931703492093133393287903148559639841777231627777780311891348436198519481705618095272099296314375256732673134944866535627857649387624804144032579089002899069605704183392175910552192038938280797068853631565875962638677397017369391639091436481564314971472566423818353345540097237108952721696980766571117171573 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1636a5e3317bbf67f6b2b7e7ea54ef5730bec7e5 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 045f82b3539fd239369e6818e7fb9d73132e4905 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (81 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.4.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113612.5.2.2.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/InCommonRSAIGTFServerCA3.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/InCommonRSAIGTFServerCA3.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lariatpro-lariatsamgpvm01.fnal.gov' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (3072 bits) 0058badaf2b9a02c1034c332cc70f131746100bb2b40a6d337a4ce97b7a2d055246b8db216e641870eb02708f68cec0a1b6b7be00a40db83727ff145ffcf9d2e558a70050aab816b0b29c881723fbd62cb4fed40ee3b73b9c8c010016a3efb12133b728ca0a366d10d176d1e14f4e15c9b76c18e30f359c571b4a58047b3128beb6ca413e1c321ec7d652f3b894f2d6145dba2736c81aa76d83d73cdee80b263f5ae70ff94d03f3135372167f98b144c93e341f8a4c4fecfdab6f1e0aed5cdecd16477e60fc6b09542b3a32001fc0b10813340ee5f62ab8bbc72379f918acc4ac791afb1ad26b72cf6f6ab1b87bfb9c17ee059057606690ba99663d0b74813b87ae9d0653f78a8ff016b70bfd8110c0eb63b5bd16f2b049953fbdb9b068c4f337a3de1fc299f4055bcb10a09d7bd26d08bb80273997922333687a1745addb831876710fc8ee60e9dc33e0325461da0a7dad7e4395441930c88c896cd2fe43206173f058bf544bcd1846dd38c6253a757c892930b853027ae885bddf25c51379f0c