nbdistribution.edog.onenote.com

- Microsoft Corporation -

Issued by Microsoft Azure RSA TLS Issuing CA 08

About this certificate

This digital certificate with serial number 33:00:07:86:f0:51:b0:4a:fb:ff:53:f5:a2:00:00:00:07:86:f0 was issued on by Microsoft Corporation.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Microsoft Corporation

Organization: Microsoft Corporation
State / Province: WA
Locality: Redmond
Country: US

Microsoft Corporation

Organization: Microsoft Corporation
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 33:00:07:86:f0:51:b0:4a:fb:ff:53:f5:a2:00:00:00:07:86:f0
Serial Number (int): 1137340566465989750555686631047946218278192880
Serial Number lenght: 150 bits, 19 octets

SubjectKeyId: 31:24:84:ca:25:de:46:26:ad:26:01:fe:4a:66:82:58:f6:8e:cf:52
AuthorityKeyId: f6:7e:2f:bd:80:a3:4a:b2:70:5b:eb:df:9a:1f:d8:ed:ca:61:80:07

Fingerprint (sha1): 85:18:95:83:49:8f:bd:79:bc:dc:5b:1d:15:a4:9a:03:a7:18:17:a7
Fingerprint (sha256): 0d:cd:b2:ec:ea:94:e3:d8:ec:af:21:79:46:56:bf:33:f7:94:75:fd:95:79:c8:97:9d:dc:52:ee:0f:41:7a:cf

Issuing Certificate URL: http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2008%20-%20xsign.crt

Revocation information

OCSP Server: http://oneocsp.microsoft.com/ocsp
CRL Distribution Point: http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2008.crl

Check the revocation status for certificate nbdistribution.edog.onenote.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for nbdistribution.edog.onenote.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

12 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

nbdistribution.edog.onenote.com
*.nbdistribution.edog.onenote.com

Other certificates including the domain name onenote.com

(limited to 100 certificates)
hierarchyapi.onenote.com
site.edog.onenote.com
apimonolith.onenote.com
mergesync.onenote.com
augmentationbg.onenote.com
contentsync.onenote.com
npkrsag.koreasouth.cloudapp.azure.com
reverseproxy.onenote.com
lookup.onenote.com
lookup.onenote.com
handwritingreco.edog.onenote.com
studentagency.edog.onenote.com
learningtools.onenote.com
apimonolith.onenote.com
handwritingreco.onenote.com
npinwag.westindia.cloudapp.azure.com
cdn.onenote.net
npneuag.northeurope.cloudapp.azure.com
classnotebookapi.edog.onenote.com
augmentationbg.edog.onenote.com
pagecontentretriever.onenote.com
handwritingreco.onenote.com
pagecontentsync.onenote.com
userinfo.onenote.com
pagecontentsync.edog.onenote.com
site.edog.onenote.com
cdn.onenote.net
assignments.onenote.com
nbdistribution.edog.onenote.com
mergesync.onenote.com
pagecontentretriever.onenote.com
npinwag.westindia.cloudapp.azure.com
pagecontentgc.edog.onenote.com
onenoteonlinesync.onenote.com
hierarchyapi.edog.onenote.com
cdn.onenote.net
learningtools.onenote.com
pagecontentgc.onenote.com
appsforoffice.edog.onenote.com
hierarchyapi.onenote.com
npkrcag.koreacentral.cloudapp.azure.com
assignments.onenote.com
handwritingreco.edog.onenote.com
realtimesync.onenote.com
reverseproxy.edog.onenote.com
onenote.com
cdn.onenote.net
npeusag.eastus.cloudapp.azure.com
site.edog.onenote.com
cdn.onenote.net
apiwebhooks.onenote.com
assignments.edog.onenote.com
officeaddins.meetingdetails.onenote.com
cdn.onenote.net
reverseproxy.edog.onenote.com
entitystorage.edog.onenote.com
contentsync.onenote.com
pagecontentretriever.edog.onenote.com
pagecontentgc.onenote.com
bingindexing.edog.onenote.com
pagecontentretriever.onenote.com
officeaddins.meetingdetails.edog.onenote.com
nbdistribution.onenote.com
o365notification.edog.onenote.com
officeaddins.meetingdetails.edog.onenote.com
educonnect.assignments.onenote.com
npkrcag.koreacentral.cloudapp.azure.com
niscusag.southcentralus.cloudapp.azure.com
whiteboard.edog.onenote.com
site-cdn.onenote.net
notificationshub.edog.onenote.com
pagecontentgc.onenote.com
npjpeag.japaneast.cloudapp.azure.com
userinfo.onenote.com
hierarchyretriever.onenote.com
userinfo.edog.onenote.com
appsforoffice.onenote.com
niscusag.southcentralus.cloudapp.azure.com
pagecontentgc.onenote.com
site-cdn.onenote.net
npneuag.northeurope.cloudapp.azure.com
classnotebookapi.edog.onenote.com
cdn.onenote.net
lookup.edog.onenote.com
apiwebhooks.onenote.com
mergesync.edog.onenote.com
onenoteonlinesync.edog.onenote.com
edunotebookssite.onenote.com
reverseproxy.onenote.com
lookup.edog.onenote.com
onenote.com
educonnect.assignments.onenote.com
pagecontentgc.edog.onenote.com
bingindexing.onenote.com
lookup.onenote.com
pagecontentsync.onenote.com
nineuag.northeurope.cloudapp.azure.com
lookup.edog.onenote.com
lookup.edog.onenote.com
reverseproxy.onenote.com

Certificate

The complete raw certificate details for nbdistribution.edog.onenote.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHOTCCBSGgAwIBAgITMwAHhvBRsEr7/1P1ogAAAAeG8DANBgkqhkiG9w0BAQwF
ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDA4
MB4XDTIzMTIwMzIyNTczNFoXDTI0MTEyNzIyNTczNFowdjELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
ZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH25iZGlzdHJpYnV0aW9uLmVkb2cub25l
bm90ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9ethfy/E6
Ot69uphVP4xM0DPCBGKAoKNqif5zQ3/NX8D1CtEYQWdX9WJi5gaf8dbDGXiLqRp+
OUKGWLofmmL08vGwSGyVFzONwrgTHpE3STfPrY6wjaj2PbHv9+VaTQYTwTQAuEJ9
QkS68rUwJ+cPE+WjgLUGSKxiKiVltq+wGUfYBf/Pxac9ES0mEsOQ0ykYbrrneSaz
eClLFbsWmCOgnhydz/o3STtrYTmvWEO+IATW3vK02QHXSviIsiMxKVzoVyGr8jG1
Gi+qLbmNwaQFOzsK+PGzvtJO3DIbdRQtYkGGPrdNBPAbo8/17uDNhEILuXL/rzvw
jLdeHBy0KAYxAgMBAAGjggLXMIIC0zATBgorBgEEAdZ5AgQDAQH/BAIFADAnBgkr
BgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMDwGCSsGAQQBgjcV
BwQvMC0GJSsGAQQBgjcVCIe91xuB5+tGgoGdLo7QDIfw2h1dgoTlaYLzpz4CAWQC
ASYwgbQGCCsGAQUFBwEBBIGnMIGkMHMGCCsGAQUFBzAChmdodHRwOi8vd3d3Lm1p
Y3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMEF6dXJlJTIwUlNB
JTIwVExTJTIwSXNzdWluZyUyMENBJTIwMDglMjAtJTIweHNpZ24uY3J0MC0GCCsG
AQUFBzABhiFodHRwOi8vb25lb2NzcC5taWNyb3NvZnQuY29tL29jc3AwHQYDVR0O
BBYEFDEkhMol3kYmrSYB/kpmglj2js9SMA4GA1UdDwEB/wQEAwIFoDBNBgNVHREE
RjBEgh9uYmRpc3RyaWJ1dGlvbi5lZG9nLm9uZW5vdGUuY29tgiEqLm5iZGlzdHJp
YnV0aW9uLmVkb2cub25lbm90ZS5jb20wDAYDVR0TAQH/BAIwADBqBgNVHR8EYzBh
MF+gXaBbhllodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNy
b3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDA4LmNy
bDBmBgNVHSAEXzBdMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRw
Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0w
CAYGZ4EMAQICMB8GA1UdIwQYMBaAFPZ+L72Ao0qycFvr35of2O3KYYAHMB0GA1Ud
JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQwFAAOCAgEAZC4y
sU11TF48Wk4Pdvb3GUsdN8b1XWmoGBVvByf7W+UCegTMTK0BAsWg2SV5eRcpA3Kt
vzHwKig0fTXTdea00nbRbechB0jRLCyT08YWb89a/7xv/QtXWirmGXgmjm0isqFY
vTQM0S9fMNDlrVXjZz1Trm+lDSG1a34WfUNr5o3Z7NN4Zg7Uucbe/ZsJwbvflNiU
w5xq1Eq/m4mDuu04F1hmswsemTKSIEv0hfy+pVhYvLSIuUySFrP8yltsSfdVvb95
inzNUZ5HkrlBsDTwlHKe6z+CJ5lLOldg3XlU3kqMClSmvBk+Q/Tf+BJjHawIFb8w
q6KBJtI6bwnMra3xlLwrDHbTzOzH35RRnyf3B7q/pau57Wn4TqU4ckvLu190MqBF
Pcfe5So6MxfN+++hDBwDvuePEs3c93NAT0ZLDZwE1AJkUm8SO+V1cEzTGG5KmZ6A
IEOVvA3mPzA6LrCvcENcmBGHIAdn0XgIdk0qbUxTUIewDZyI6Jb6MCO5KcDiKszt
cH1pAMAeg7NzrY8nzxG4viXlGi81CdsFWqqtzGNQAhTOHQ7XESB1IQ3fgqqtXcvN
GnqiAal1/4r4wInkAjD2jyC1G3DyRYHnbAs8GHSKZXKxGJn84dErDEGVW/bOLaXB
n2EPuz8AzoWluArRH0xVzGobye68RLGhcl3KHcs=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXrYX8vxOjrevbqYVT+M
TNAzwgRigKCjaon+c0N/zV/A9QrRGEFnV/ViYuYGn/HWwxl4i6kafjlChli6H5pi
9PLxsEhslRczjcK4Ex6RN0k3z62OsI2o9j2x7/flWk0GE8E0ALhCfUJEuvK1MCfn
DxPlo4C1BkisYiolZbavsBlH2AX/z8WnPREtJhLDkNMpGG6653kms3gpSxW7Fpgj
oJ4cnc/6N0k7a2E5r1hDviAE1t7ytNkB10r4iLIjMSlc6Fchq/IxtRovqi25jcGk
BTs7Cvjxs77STtwyG3UULWJBhj63TQTwG6PP9e7gzYRCC7ly/6878Iy3XhwctCgG
MQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1137340566465989750555686631047946218278192880
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Azure RSA TLS Issuing CA 08'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-03 22:57:34 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-11-27 22:57:34 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'WA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nbdistribution.edog.onenote.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23919616870238844696626451307772901268423285488799897990640215993533266052082779035165035464679440645594243203962561809990844074245311847480760703101329846666582968825860497108228210841940958949661393726599491235390429522966765914630808625916074713860020159806615031970826937964053055339703741593152882123692802247647859693289628384922753326765560703314244151998706380673353507788618866220994471187135409062102733268892094604048413186113629841887218179008884914864198053433744196320839163114342479427444596936983844867389040616722652634846719792699544740916088472919314147721223506539002235641529862855597490564498993
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (47 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.15690651.3798470.4214446.239628.16526621.93.4272873.6083518
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 38
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (167 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2008%20-%20xsign.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://oneocsp.microsoft.com/ocsp'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							312484ca25de4626ad2601fe4a668258f68ecf52
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbdistribution.edog.onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.nbdistribution.edog.onenote.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2008.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (95 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.76.509.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pkiops/Docs/Repository.htm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f67e2fbd80a34ab2705bebdf9a1fd8edca618007
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00642e32b14d754c5e3c5a4e0f76f6f7194b1d37c6f55d69a818156f0727fb5be5027a04cc4cad0102c5a0d925797917290372adbf31f02a28347d35d375e6b4d276d16de7210748d12c2c93d3c6166fcf5affbc6ffd0b575a2ae61978268e6d22b2a158bd340cd12f5f30d0e5ad55e3673d53ae6fa50d21b56b7e167d436be68dd9ecd378660ed4b9c6defd9b09c1bbdf94d894c39c6ad44abf9b8983baed38175866b30b1e993292204bf485fcbea55858bcb488b94c9216b3fcca5b6c49f755bdbf798a7ccd519e4792b941b034f094729eeb3f8227994b3a5760dd7954de4a8c0a54a6bc193e43f4dff812631dac0815bf30aba28126d23a6f09ccadadf194bc2b0c76d3ccecc7df94519f27f707babfa5abb9ed69f84ea538724bcbbb5f7432a0453dc7dee52a3a3317cdfbefa10c1c03bee78f12cddcf773404f464b0d9c04d40264526f123be575704cd3186e4a999e80204395bc0de63f303a2eb0af70435c981187200767d17808764d2a6d4c535087b00d9c88e896fa3023b929c0e22acced707d6900c01e83b373ad8f27cf11b8be25e51a2f3509db055aaaadcc63500214ce1d0ed7112075210ddf82aaad5dcbcd1a7aa201a975ff8af8c089e40230f68f20b51b70f24581e76c0b3c18748a6572b11899fce1d12b0c41955bf6ce2da5c19f610fbb3f00ce85a5b80ad11f4c55cc6a1bc9eebc44b1a1725dca1dcb