nyoffair.abc.com

- The Walt Disney Company -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 2e:9c:df:d4:88:86:c4:72:78:65:99:4b:8e:0b:c5:f5 was issued on by Entrust, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

The Walt Disney Company

Organization: The Walt Disney Company
State / Province: California
Locality: Burbank
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 2e:9c:df:d4:88:86:c4:72:78:65:99:4b:8e:0b:c5:f5
Serial Number (int): 61959025932002515701136257584923919861
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 04:b5:d3:7d:31:ba:a8:5d:2f:1a:dd:8c:f1:ed:e7:a6:a5:7c:8d:84
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 1e:2d:d5:3d:d5:3f:fb:95:27:b4:3b:5f:ef:03:33:92:07:8c:65:57
Fingerprint (sha256): 0d:11:98:99:e1:8e:2d:db:42:0f:f7:e6:a0:56:4c:af:54:47:cd:f5:bb:98:2b:b4:50:9b:d8:cd:e8:2b:d4:3f

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate nyoffair.abc.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for nyoffair.abc.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

nyoffair.abc.com

Other certificates including the domain name abc.com

(limited to 100 certificates)
emx.abc.com
j3.shared.global.fastly.net
v2.shared.global.fastly.net
emindex.net.abc.com
bvl-emg-emsetup.swna.wdpr.disney.com
Mobile-west.disney.com
etsdev.abc.com
secure.cdn.media.oscar.abc.com
test.gatekeeper.us-abc.symphony.edgedatg.com
fcast.qa.cdn.abc.com
fantasy.espn.com
v2.shared.global.fastly.net
staging.gatekeeper.us-abc.symphony.edgedatg.com
secureaccess.abc.com
api.partners.abc.com
watchdisneyfe.com
staging.gatekeeper.us-abc.symphony.edgedatg.com
api.presentation.watchabc.go.com
mobile-west.disney.com
dsl-prod.media.disney.com
prod.gatekeeper.us-abc.symphony.edgedatg.com
emsoundminerdev.net.abc.com
blogs.abc.com
soundminer.net.abc.com
mobile-east.disney.com
api.contents.watchabc.go.com
prod.gatekeeper.us-abc.symphony.edgedatg.com
v2.shared.global.fastly.net
newsmamdev.abc.com
j3.shared.global.fastly.net
emx.abc.com
splunk.mit.abc.com
static.ddb.go.com
nyoffair.abc.com
www.gist.abc.com
mobile-east.disney.com
vdigateqa.abc.com
fcast.cdn.abc.com
j3.shared.global.fastly.net
j3.shared.global.fastly.net
dev.gatekeeper.us-abc.symphony.edgedatg.com
api2.abc.go.com
prod.gatekeeper.us-abc.symphony.edgedatg.com
api.watchabc.go.com
qa.gatekeeper.us-abc.symphony.edgedatg.com
emindexdb.net.abc.com
prod.gatekeeper.us-abc.symphony.edgedatg.com
boesfx.net.abc.com
idolvote-test.abc.com
v2.shared.global.fastly.net
vdigate.abc.com
nyoffair.abc.com
v2.shared.global.fastly.net
vdigate1.abc.com
asperaconsole.abc.com
dwtsvote-live-test.abc.com
soundminer.net.abc.com
splunk.mit.abc.com
emmedia.disney.com
idolvote.abc.com
fcast.cdn.abc.com
sw88.abc.com
secure.cdn.media.oscar.abc.com
staging.gatekeeper.us-abc.symphony.edgedatg.com
emsoundminerdev.net.abc.com
mpowr-aprimo.net.abc.com
secure.cdn.media.oscar.abc.com
v2.shared.global.fastly.net
static.ddb.go.com
watchdisneyfe.com
dev.sweepstakes.abc.com
j3.shared.global.fastly.net
bvl-emg-emsetup.swna.wdpr.disney.com
dwtsvote.abc.com
api.partners.abc.com
mobile-west.disney.com
watchdisneyfe.com
emreach-staging.net.abc.com
dev.gatekeeper.us-abc.symphony.edgedatg.com
prod.gatekeeper.us-abc.symphony.edgedatg.com
OCNA.wdw.disney.com
dev.gatekeeper.us-abc.symphony.edgedatg.com
galaxy.abc.com
test.gatekeeper.us-abc.symphony.edgedatg.com
api.presentation.watchabc.go.com
mc.twdcmarketing.com
api.abc.go.com
fcast.cdn.abc.com
api.partners.abc.com
remotesupport.abc.com
v2.shared.global.fastly.net
api.watchabc.go.com
watchdisneyfe.com
vdigate.abc.com
api.watchabc.go.com
api.abc.com
prod.gatekeeper.us-abc.symphony.edgedatg.com
v2.shared.global.fastly.net
devemx.net.abc.com
fcast.qa.cdn.abc.com

Certificate

The complete raw certificate details for nyoffair.abc.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIQLpzf1IiGxHJ4ZZlLjgvF9TANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDAyMjYxNDQ2NTBaFw0yNTAzMjUxNDQ2NDlaMHExCzAJBgNVBAYTAlVTMRMwEQYD
VQQIEwpDYWxpZm9ybmlhMRAwDgYDVQQHEwdCdXJiYW5rMSAwHgYDVQQKExdUaGUg
V2FsdCBEaXNuZXkgQ29tcGFueTEZMBcGA1UEAxMQbnlvZmZhaXIuYWJjLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvn4gvDXVBmIj807y0jSp2T
bMh8HUBftDwkPbmVZULGXmx6Y1UKlDMS0TRU6LDniq35CpDX7+hZrFdMQNwBJblq
ZgVDCX/D5RZ7mRE1MKUT8R/0yDRQj/pknpGFSL9F5K0D+FFCt+6rA0f3WLentP3K
GFNoN67cKNzeIMUqm/hB3to1noyKXk7zd6rYTkavoLc4RCZFZsg9MC1Azns0T80M
GJKERyS5tdvFAgMDsEVhQU7SGkidSoKwCyozv7w6rAvZaOOZ3nCWmhH1kX1TJ8Au
U5AB51cRUDeHKvvG24W/D9FHSo1bU5fA7cmcwwOP1zaMJ44qWfU1dZLCRNbydHcC
AwEAAaOCAWcwggFjMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAS1030xuqhdLxrd
jPHt56alfI2EMB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MGgGCCsG
AQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQw
MwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2
LmNlcjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xl
dmVsMWsuY3JsMBsGA1UdEQQUMBKCEG55b2ZmYWlyLmFiYy5jb20wDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjATBgNVHSAEDDAK
MAgGBmeBDAECAjATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0BAQsFAAOC
AQEAf5cE3tioC7Kgx9vD/PSrV+CCFYBwfup+cg2wyeuy44hG3OXTeM9B2nQTJ0wU
tyXagdQ4Co06Sm/HwtTv+SaeayGUTwlHM5tWXEPt3Aqhfaj62syAna3zJQvZ4Qaq
u+y+lFn7/rBmjyY1Pw9VsbbT7FQh7d8dSBrrh7K8/iol2TSkgcXdybDZCcUDZePW
fH3S4nUX2BJ2y8HbLkVr9jBlrDbi4larrSIvTuvxayEjlr7G9n5uyjODEMg/lUP8
8KEOSHp9VLGZ6LNX+a0hpzTiQfqqezuHkK8FXgmGqu4tYwv7sqRCF2hfMxIWwtHI
Ai922OpdI5Mtd62hcLHusG3t9w==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+fiC8NdUGYiPzTvLSNK
nZNsyHwdQF+0PCQ9uZVlQsZebHpjVQqUMxLRNFTosOeKrfkKkNfv6FmsV0xA3AEl
uWpmBUMJf8PlFnuZETUwpRPxH/TINFCP+mSekYVIv0XkrQP4UUK37qsDR/dYt6e0
/coYU2g3rtwo3N4gxSqb+EHe2jWejIpeTvN3qthORq+gtzhEJkVmyD0wLUDOezRP
zQwYkoRHJLm128UCAwOwRWFBTtIaSJ1KgrALKjO/vDqsC9lo45necJaaEfWRfVMn
wC5TkAHnVxFQN4cq+8bbhb8P0UdKjVtTl8DtyZzDA4/XNownjipZ9TV1ksJE1vJ0
dwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 61959025932002515701136257584923919861
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-26 14:46:50 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-25 14:46:49 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Burbank'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'The Walt Disney Company'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nyoffair.abc.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19681283034815029213324565922931565777284617626433279315954702552646134243458614838183067136689927995671813379524397742666635314276588942579823716203552170489310253427957023374138673103573695633135412225901963679763113246462908002861693481822081238525247383034076413070224835001271458005756204524696195877213608348021930367967498318300134419109698119134562143466981302217251117863294746417786750436103096184370534360860300695409823913191742487237825653597240377707141945373403470167300297931129553190491844467743751401987236175171628625645965043950218986701186313104753144411692470341631719543379217054662072487539831
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							04b5d37d31baa85d2f1add8cf1ede7a6a57c8d84
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nyoffair.abc.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		007f9704ded8a80bb2a0c7dbc3fcf4ab57e0821580707eea7e720db0c9ebb2e38846dce5d378cf41da7413274c14b725da81d4380a8d3a4a6fc7c2d4eff9269e6b21944f0947339b565c43eddc0aa17da8fadacc809dadf3250bd9e106aabbecbe9459fbfeb0668f26353f0f55b1b6d3ec5421eddf1d481aeb87b2bcfe2a25d934a481c5ddc9b0d909c50365e3d67c7dd2e27517d81276cbc1db2e456bf63065ac36e2e256abad222f4eebf16b212396bec6f67e6eca338310c83f9543fcf0a10e487a7d54b199e8b357f9ad21a734e241faaa7b3b8790af055e0986aaee2d630bfbb2a44217685f331216c2d1c8022f76d8ea5d23932d77ada170b1eeb06dedf7