*.icebreaker.com

- Icebreaker Holdings -

Issued by DigiCert Global G2 TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 0b:77:32:7f:ef:ab:be:7f:eb:3a:dc:76:76:17:01:21 was issued on by DigiCert Inc.

With 6 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Icebreaker Holdings

Organization: Icebreaker Holdings
Locality: Auckland
Country: NZ

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0b:77:32:7f:ef:ab:be:7f:eb:3a:dc:76:76:17:01:21
Serial Number (int): 15240415536431084256602996625615814945
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: ea:97:c7:c2:e2:39:b5:d5:e9:42:9f:2b:0d:d2:c3:5f:e2:5e:6b:d6
AuthorityKeyId: 74:85:80:c0:66:c7:df:37:de:cf:bd:29:37:aa:03:1d:be:ed:cd:17

Fingerprint (sha1): 9c:0a:c8:d3:0c:ed:7f:49:cf:43:10:77:f1:7d:03:29:57:20:a5:e2
Fingerprint (sha256): 0e:24:ef:02:24:de:5a:d8:6f:54:3c:a4:d7:b9:42:63:59:12:94:00:8f:8d:d5:72:c7:23:1c:09:44:22:4a:92

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl

Check the revocation status for certificate *.icebreaker.com

6

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.icebreaker.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.icebreaker.com
icebreaker.com
plm.icebreaker.com
bi.icebreaker.com
myapps.icebreaker.com
selfservice.icebreaker.com

Other certificates including the domain name icebreaker.com

(limited to 100 certificates)
ithelpdesk.endologix.com
link.icebreaker.com
ssl417474.cloudflaressl.com
helpdesk.enableinjections.com
sipca.icebreaker.com
helpdesk.dpsgroupglobal.com
icebreaker.com
*.icebreaker.com
secure.icebreaker.com
nhmail.icebreaker.com
sales.icebreaker.com
southernchronicles.icebreaker.com
ithelpdesk.endologix.com
preferences.icebreaker.com
ssl417476.cloudflaressl.com
support.unpri.org
southernchronicles.icebreaker.com
mail.icebreaker.com
ssl417476.cloudflaressl.com
ssl417476.cloudflaressl.com
ithelpdesk.endologix.com
shmail.icebreaker.com
ssl417474.cloudflaressl.com
southernchronicles.icebreaker.com
southernchronicles.icebreaker.com
ithelpdesk.endologix.com
southernchronicles.icebreaker.com
sipca.icebreaker.com
ICEBREAKER.COM
secure.icebreaker.com
sts.icebreaker.com
helpdesk.dpsgroupglobal.com
*.icebreaker.com
link3.icebreaker.com
*.icebreaker.com
secure.icebreaker.com
helpdesk.dpsgroupglobal.com
www.icebreaker.com
ssl417475.cloudflaressl.com
*.icebreaker.com
shmail.icebreaker.com
support.unpri.org
southernchronicles.icebreaker.com
ithelpdesk.endologix.com
link.icebreaker.com
*.icebreaker.com
link3.icebreaker.com
mail.icebreaker.com
support.unpri.org
*.icebreaker.com
ithelpdesk.endologix.com
ssl417474.cloudflaressl.com
ithelpdesk.endologix.com
image.icebreaker.com
ssl417475.cloudflaressl.com
helpdesk.dpsgroupglobal.com
www.icebreaker.com
southernchronicles.icebreaker.com
ssl417474.cloudflaressl.com
*.icebreaker.com
southernchronicles.icebreaker.com
tbancs.icebreaker.com
ssl417476.cloudflaressl.com
*.icebreaker.com
preferences.icebreaker.com
*.icebreaker.com
*.icebreaker.com
ssl417474.cloudflaressl.com
support.unpri.org
sts.icebreaker.com
southernchronicles.icebreaker.com
helpdesk.dpsgroupglobal.com
ithelpdesk.endologix.com
secure.icebreaker.com
preferences.icebreaker.com
helpdesk.dpsgroupglobal.com
southernchronicles.icebreaker.com
servicedesk.acdlabs.com
southernchronicles.icebreaker.com
*.icebreaker.com
sts.icebreaker.com
ssl417476.cloudflaressl.com
ssl417476.cloudflaressl.com
as2.icebreaker.com
secure.icebreaker.com
*.icebreaker.com
ithelpdesk.endologix.com
preferences.icebreaker.com
secure.icebreaker.com
ithelpdesk.endologix.com
ssl417475.cloudflaressl.com
ithelpdesk.endologix.com
southernchronicles.icebreaker.com
support.unpri.org
servicedesk.smcm.edu
helpdesk.icebreaker.com
ithelpdesk.endologix.com
tbancs.icebreaker.com
helpdesk.enableinjections.com
*.icebreaker.com

Certificate

The complete raw certificate details for *.icebreaker.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIMTCCBxmgAwIBAgIQC3cyf++rvn/rOtx2dhcBITANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjMw
NzMxMDAwMDAwWhcNMjQwODMwMjM1OTU5WjBZMQswCQYDVQQGEwJOWjERMA8GA1UE
BxMIQXVja2xhbmQxHDAaBgNVBAoTE0ljZWJyZWFrZXIgSG9sZGluZ3MxGTAXBgNV
BAMMECouaWNlYnJlYWtlci5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCjduIamiHL4PhW3lV7HDFdKRAuXv6Sm6iPlgKbZ1Rmsx/2qGe84CUHQ/1C
eOlU4RI8A9ib57Dwgz7ig3pROKK2WE/FgAYilhVJqjvXaCUweuhzrLbxs2wZNDTO
x+OMm/BlsgPz4ukn3mzVpR/Juf/4FgbIGKLJRoZCJZKJ5RmGItM+5KWfK0knJw/V
Ds7tY4ZVWVS6lQUJ42SuPVarLsNmV6T7aLVt5Sio5xcA9dAVEMv6AFxI8ELl+KmA
16IDEu2qBXSD6F/VKC/kRQJ1V1//rpgkIqfEWPYYHgiO0FMbKwLznie2lZHGeHR8
du63R6Pcup//UtUMtk64Jn3IEu+X7cONUw0oZ95bGdTlOg5vXoxoLVEHbk7K5lCa
IrwuXc1ggwS8jAvoZS3IvzvI9MCC2YUNkl1qnYzsZyo9ki4u7GrhKjduM7hqAJWR
9+xfziO2+jp2Ohp9prprwmD9y5m6wiaeVf4nWZXuODjP+ITGp2pBF1YQmHj3RKEp
SLxyGXKQIogx77ozE6yxVVK4FQbKswnJGy3EzPoCDO6+V7imKeQL89Zb8eB4vlto
nwNuWAfuKdBbiBgqs5PqeL2pwZWpIa9ZjclsqygagLSIz2b8DiT4G7h9sbnDvQk8
c0ua2XKEA9JvJvzQub0qQDBZrIFot4HQTAsrI6o6rBso8s2NMQIDAQABo4ID8zCC
A+8wHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0OBBYEFOqX
x8LiObXV6UKfKw3Sw1/iXmvWMIGFBgNVHREEfjB8ghAqLmljZWJyZWFrZXIuY29t
gg5pY2VicmVha2VyLmNvbYIScGxtLmljZWJyZWFrZXIuY29tghFiaS5pY2VicmVh
a2VyLmNvbYIVbXlhcHBzLmljZWJyZWFrZXIuY29tghpzZWxmc2VydmljZS5pY2Vi
cmVha2VyLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMIGfBgNVHR8EgZcwgZQwSKBGoESGQmh0dHA6Ly9jcmwzLmRpZ2lj
ZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNy
bDBIoEagRIZCaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFs
RzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQIC
MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCBhwYI
KwYBBQUHAQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j
b20wUQYIKwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp
Q2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAJBgNVHRMEAjAA
MIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdQDuzdBk1dsazsVct520zROiModG
fLzs3sNRSFlGcR+1mwAAAYmpTy57AAAEAwBGMEQCIDkKC6f7zdaVo+9FgPVctljp
Q9WpVU1Q67oL9nHOnGsHAiBofEIjTrSJBZYHr5NXQTopEVvGo3W+cQxfje13p50f
EwB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABialPLrkAAAQD
AEgwRgIhAM9D03a2vdaxY/FaqFAe/Mf0dGjtheyEchyUMwT8AgcfAiEAoedjwk9z
feKchMBHgMlOOlsIfQhWfE/7QxnLrJfYW6QAdQDatr9rP7W2Ip+bwrtca+hwkXFs
u1GEhTS9pD0wSNf7qwAAAYmpTy5lAAAEAwBGMEQCIGmPVkghzzMNtJvOin8A4G88
1aHCjCDpDzzB7dYDt5DrAiA+VkGv3lYoOGj6Uadgkd532xqd020dxi3Nc1cB/oJC
SzANBgkqhkiG9w0BAQsFAAOCAQEAgyz2tEmKP/B2/dsrv0NALeiKbfZS7hhAv9zb
TulprYLQ1GFttna3WGIRfUx+Ox6jZokq+fJrdJ1Ey0/9DboTKgSSHawOIqVRBscm
cqMp0BeVAbpzkHSn3vYBKTTrTgqTIqdni6E6tMIhVCO3vkTbqTQN/OgYcQStG71/
dBzHYwSNid6uw7nwrYoFZBq+F7xgJPW+qouQENUgWMST9oy+vglEq2+4DJ2gtLvs
NV4c21mKLHljo5wr2jasCs3SLZJYyq07idqpEG/w6YjqYB9U8qzR4/ZkoaYHKRmi
JiNlRP5lAUPIT+1IcfP6tFmaE2kI34kfVCexYXt3ls9O2ZaKTQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo3biGpohy+D4Vt5Vexwx
XSkQLl7+kpuoj5YCm2dUZrMf9qhnvOAlB0P9QnjpVOESPAPYm+ew8IM+4oN6UTii
tlhPxYAGIpYVSao712glMHroc6y28bNsGTQ0zsfjjJvwZbID8+LpJ95s1aUfybn/
+BYGyBiiyUaGQiWSieUZhiLTPuSlnytJJycP1Q7O7WOGVVlUupUFCeNkrj1Wqy7D
Zlek+2i1beUoqOcXAPXQFRDL+gBcSPBC5fipgNeiAxLtqgV0g+hf1Sgv5EUCdVdf
/66YJCKnxFj2GB4IjtBTGysC854ntpWRxnh0fHbut0ej3Lqf/1LVDLZOuCZ9yBLv
l+3DjVMNKGfeWxnU5ToOb16MaC1RB25OyuZQmiK8Ll3NYIMEvIwL6GUtyL87yPTA
gtmFDZJdap2M7GcqPZIuLuxq4So3bjO4agCVkffsX84jtvo6djoafaa6a8Jg/cuZ
usImnlX+J1mV7jg4z/iExqdqQRdWEJh490ShKUi8chlykCKIMe+6MxOssVVSuBUG
yrMJyRstxMz6Agzuvle4pinkC/PWW/HgeL5baJ8DblgH7inQW4gYKrOT6ni9qcGV
qSGvWY3JbKsoGoC0iM9m/A4k+Bu4fbG5w70JPHNLmtlyhAPSbyb80Lm9KkAwWayB
aLeB0EwLKyOqOqwbKPLNjTECAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15240415536431084256602996625615814945
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global G2 TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-07-31 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-08-30 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NZ'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Auckland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Icebreaker Holdings'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.icebreaker.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 666876519090389817574811973496173117678497148375050584666215711120355063376222173164706300399790748124274089401653511423816728925630725940207328183817948667385461883469135304428524303691398025600302622658215325652963695074025957633198370800127014528173984723859674741515600951164211536029036357947712270111136337067401969937900772664185290482218197994661668014346456883405184702069255914261303557342854355430460865495576042471508375108835227519810140919150640343366713259577756296850802282943662253482883941932897918256820850516914243675469390258710610868030279566774570598755574616402052478613604581149370917661163895921898489033242074657504908280321920056029586726049136131897680679598538433104934506584866913173310978459674213889186501167573101533717666699656215718925248431509573081578517193890129082538662695437007135803735441885384269546305514564709920902331457754251788180773427005811431197761370064331986260362438411931306757497023351081735127174080408652313584431856748808266196800725175977430887003699358289026129474801478532048172089655901008451387194487711384678381724659031422460698319054869683166161996341340645446062487999892594780594989658348952474967964461962375537948464894977181441733401170914947255304574131342641
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 748580c066c7df37decfbd2937aa031dbeedcd17
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							ea97c7c2e239b5d5e9429f2b0dd2c35fe25e6bd6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.icebreaker.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'icebreaker.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'plm.icebreaker.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bi.icebreaker.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'myapps.icebreaker.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'selfservice.icebreaker.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b00000189a94f2e7b00000403004630440220390a0ba7fbcdd695a3ef4580f55cb658e943d5a9554d50ebba0bf671ce9c6b070220687c42234eb489059607af9357413a29115bc6a375be710c5f8ded77a79d1f1300770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d8847300000189a94f2eb90000040300483046022100cf43d376b6bdd6b163f15aa8501efcc7f47468ed85ec84721c943304fc02071f022100a1e763c24f737de29c84c04780c94e3a5b087d08567c4ffb4319cbac97d85ba4007500dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab00000189a94f2e6500000403004630440220698f564821cf330db49bce8a7f00e06f3cd5a1c28c20e90f3cc1edd603b790eb02203e5641afde56283868fa51a76091de77db1a9dd36d1dc62dcd735701fe82424b
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00832cf6b4498a3ff076fddb2bbf43402de88a6df652ee1840bfdcdb4ee969ad82d0d4616db676b75862117d4c7e3b1ea366892af9f26b749d44cb4ffd0dba132a04921dac0e22a55106c72672a329d0179501ba739074a7def6012934eb4e0a9322a7678ba13ab4c2215423b7be44dba9340dfce8187104ad1bbd7f741cc763048d89deaec3b9f0ad8a05641abe17bc6024f5beaa8b9010d52058c493f68cbebe0944ab6fb80c9da0b4bbec355e1cdb598a2c7963a39c2bda36ac0acdd22d9258caad3b89daa9106ff0e988ea601f54f2acd1e3f664a1a6072919a226236544fe650143c84fed4871f3fab4599a136908df891f5427b1617b7796cf4ed9968a4d