citizens.sit2.cloud.digitalid.alberta.ca

Issued by GeoTrust Global TLS RSA4096 SHA256 2022 CA1

About this certificate

This digital certificate with serial number 0d:b7:bd:3e:cf:7c:3d:37:43:a3:47:a6:bd:fb:9b:e5 was issued on by DigiCert, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=citizens.sit2.cloud.digitalid.alberta.ca

DigiCert, Inc.

Organization: DigiCert, Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0d:b7:bd:3e:cf:7c:3d:37:43:a3:47:a6:bd:fb:9b:e5
Serial Number (int): 18233992622090538772320469791408888805
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: e2:5c:b6:d4:0e:cb:59:41:09:3f:b2:fc:62:e1:06:ae:e1:5a:82:0b
AuthorityKeyId: a5:b4:d6:eb:36:c4:e7:6b:a6:df:c4:64:0b:01:2a:20:04:b8:66:23

Fingerprint (sha1): 9f:f9:13:60:7e:fe:b4:96:52:ec:9f:3a:df:6f:a1:65:3d:e7:fc:c3
Fingerprint (sha256): 0e:33:62:b9:23:95:e5:10:9e:63:63:0e:b6:b4:d9:75:3c:3f:f5:83:1c:54:a6:b1:ab:29:ae:4a:ed:47:fa:a1

Issuing Certificate URL: http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl
CRL Distribution Point: http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl

Check the revocation status for certificate citizens.sit2.cloud.digitalid.alberta.ca

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for citizens.sit2.cloud.digitalid.alberta.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

citizens.sit2.cloud.digitalid.alberta.ca

Other certificates including the domain name alberta.ca

(limited to 100 certificates)
platform-test.myhealth.alberta.ca
foip.alberta.ca
fs.alt.alberta.ca
sslvs07.igloosoftware.com
hermis.alberta.ca
sip.aimco.alberta.ca
data.environment.alberta.ca
*.ae.alberta.ca
qa.myhealth.alberta.ca
vpn.loshared.alberta.ca
commercialhearings-internal.alberta.ca
mypass.alberta.ca
aemagis.gov.ab.ca
geodiscover.alberta.ca
qa.myhealth.alberta.ca
*.aimco.alberta.ca
seniors.alberta.ca
getfile.alberta.ca
abdlan.gov.ab.ca
*.acstraining.alberta.ca
sslvs07.igloosoftware.com
albertaready.aema.alberta.ca
sslvs07.igloosoftware.com
ext.sp.tb.alberta.ca
*.aet.alberta.ca
justice-digital.alberta.ca
lyncaccess2.gov.ab.ca
otdr.health.alberta.ca
platform.healthvault.alberta.ca
transportal.alberta.ca
projects.transportation.alberta.ca
sslvs07.igloosoftware.com
mhaloginppe.alberta.ca
lufsp.alberta.ca
regionaldashboard.alberta.ca
surplusuat.alberta.ca
abdlan.gov.ab.ca
sslvs07.igloosoftware.com
exts2.aep.alberta.ca
ppe2.myhealth.alberta.ca
sni.cloudflaressl.com
sslvs07.igloosoftware.com
alberta.ca
www.maps.srd.alberta.ca
ddi.health.alberta.ca
sslvs07.igloosoftware.com
defecttracking.health.alberta.ca
spin.stg.alt.alberta.ca
acc-qa.myhealth.alberta.ca
wa8.sp.alberta.ca
sslvs07.igloosoftware.com
mhalogin.alberta.ca
pats.alberta.ca
aemagis.gov.ab.ca
wildfire.alberta.ca
work.alberta.ca
account.healthvault.alberta.ca
*.aimco.alberta.ca
support.alberta.ca
pabapps.alberta.ca
siamsfs.madi.alberta.ca
info.health.alberta.ca
connect.tbf.alberta.ca
sslvs07.igloosoftware.com
www.opra.alberta.ca
sslvs07.igloosoftware.com
work.alberta.ca
*.aimco.alberta.ca
tls.automattic.com
www.hrextcguat1.alberta.ca
alberta.ca
citizens.sit.cloud.digitalid.alberta.ca
lyncaccess2.gov.ab.ca
api.iam.alberta.ca
abdlan.gov.ab.ca
uat.questaplus.alberta.ca
sni.cloudflaressl.com
www.hrextcg.alberta.ca
wildfire.alberta.ca
stpgrants.alberta.ca
secure.myloan.studentaid.alberta.ca
*.aet.alberta.ca
citizens.sit2.cloud.digitalid.alberta.ca
sslvs07.igloosoftware.com
aish-apply.alberta.ca
open.alberta.ca
stage.ecommittee.alberta.ca
caqc.alberta.ca
qa.myhealth.alberta.ca
*.aimco.alberta.ca
sslvs07.igloosoftware.com
saml.public.uat.sadfs.alberta.ca
vision.alberta.ca
maps.srd.alberta.ca
personaldirectives.alberta.ca
*.aimco.alberta.ca
projects.alberta.ca
data.iae.alberta.ca
Contractornet.ocya.alberta.ca
portfolio-management2.health.alberta.ca

Certificate

The complete raw certificate details for citizens.sit2.cloud.digitalid.alberta.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHvjCCBaagAwIBAgIQDbe9Ps98PTdDo0emvfub5TANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT
K0dlb1RydXN0IEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN
MjMwNDI1MDAwMDAwWhcNMjMxMDIwMjM1OTU5WjAzMTEwLwYDVQQDEyhjaXRpemVu
cy5zaXQyLmNsb3VkLmRpZ2l0YWxpZC5hbGJlcnRhLmNhMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAoTK5omuNdowOunhcADRE+nmkhTevng99SOwHPmBk
sBe3sTAPNgcYBF3MBIm958cfEL6k8lFrw2lgyb8dmmJllg9X2dJJCu8/Xn3l0NfV
vo+4pWGrqjhYbZvyzCP7QfLZXrCBMpNkMTxDZsIxxeWF/LD/QZwY/tLuAOCyVbBM
KVE4DpLsinw3zXLo1l7Yqd1GktV8r982SH/PEX14OV7QF09rA5OlekpOkn4G2ACa
sIyEwyfYVhInUo64LCopVneNDFluEMPY8jqxK2f4S8ll+uzCLSNwGsZDNbCbNEmE
WtlhbfDVEHv9nRqs+eeUXay2KTT57LE2BKlUGQYYKro8QQIDAQABo4IDozCCA58w
HwYDVR0jBBgwFoAUpbTW6zbE52um38RkCwEqIAS4ZiMwHQYDVR0OBBYEFOJcttQO
y1lBCT+y/GLhBq7hWoILMDMGA1UdEQQsMCqCKGNpdGl6ZW5zLnNpdDIuY2xvdWQu
ZGlnaXRhbGlkLmFsYmVydGEuY2EwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0fBIGXMIGUMEigRqBEhkJodHRwOi8v
Y3JsMy5kaWdpY2VydC5jb20vR2VvVHJ1c3RHbG9iYWxUTFNSU0E0MDk2U0hBMjU2
MjAyMkNBMS5jcmwwSKBGoESGQmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9HZW9U
cnVzdEdsb2JhbFRMU1JTQTQwOTZTSEEyNTYyMDIyQ0ExLmNybDA+BgNVHSAENzA1
MDMGBmeBDAECATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNv
bS9DUFMwgYcGCCsGAQUFBwEBBHsweTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au
ZGlnaWNlcnQuY29tMFEGCCsGAQUFBzAChkVodHRwOi8vY2FjZXJ0cy5kaWdpY2Vy
dC5jb20vR2VvVHJ1c3RHbG9iYWxUTFNSU0E0MDk2U0hBMjU2MjAyMkNBMS5jcnQw
CQYDVR0TBAIwADCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHcA6D7Q2j71BjUy
51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGHtvT6agAABAMASDBGAiEAiZynnYb7
G9ND3hNkbJS1o3VavMqC6+czIcn3sB8PuwICIQCz8cf4NGSx2Qb28kJ3CiuLu1Jd
uyDucMZ6u2hS5fskbgB2ALNzdwfhhFD4Y4bWBancEQlKeS2xZwwLh9zwAw55NqWa
AAABh7b0+tYAAAQDAEcwRQIhAJLJJpSMPPwVJL1PHoQwF6HBBDNzt4JXtbyUnaT5
FUeoAiBVmXUHa+/EP5FtLibjB4ehm8O+LB4i+xOO14vj0gAGdgB3AHoyjFTYty22
IOo44FIe6YQWcDIThU070ivBOlejUutSAAABh7b0+mcAAAQDAEgwRgIhAPJynqsS
p7TQfCAfaRZTEG2GDmG9crSB7li7jkK3e5/SAiEAop7JsLRdhFoMPHDfw+TRX3ua
Hxt7rDrLh/0ttVt8BL0wDQYJKoZIhvcNAQELBQADggIBAMzuUVqtLxdycBZxUKnN
S2HzRFwsFcucE9U8Bdu6olV3/UKT/sFHL3cgU39ot7qOtvDfCVpILgkP1PmSWwez
H793xUx9hsTmhTk/h2WQ1MuM5emSM40bnbFE6Qwn7pOCwyNwdjfZ1kVn7PLfo8vU
47xGDOceJ5HI5pG4vwnyJ2NIY9MVksc4Y8dtN2rkKFpKp1YzZJ/4O/z1OL8kKKQH
8Wdiq0ztaEfNNkFiXai3sud3zyv/p90cIrzzAu9Lv/lsuxnB2a41qSEYCqCmyafZ
qVNrut2HA35y1JtlUZHL4SL84LLv7O9hQVkM7nz65sysDOilVp9V1x2p8ZDIc86B
TJVp5C0iBwIRNx5yxxE621FL+kcn3MXVSDOC+gjU5/UpemtfAUqn8tVtE7WBc144
GFPvdUz9Ex2HQur5kit1j1CWrzTpl2NyP27XqkfNt3LGp/SQDuvf14mEo0SiSorn
AiMKDAsuby4mAd6ync5jVNPB0h7hlZL3VBWya13OR3iyrDpEIYgnedDeOczEm9Xp
7UHBiifku7I95rt4DLJOqoib4L5fF4hDvSP1WIltpzJQhn0HJeA/NK2Mf/l1ZQt5
+K5JTxU7EIHpJ9/8oGLST6LWu8Ghf/F/NCVlUk3VpEGfP8+mptWit24DhIMsW0bt
1UIL9VQWeenS29nBtj9I0J2X
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTK5omuNdowOunhcADRE
+nmkhTevng99SOwHPmBksBe3sTAPNgcYBF3MBIm958cfEL6k8lFrw2lgyb8dmmJl
lg9X2dJJCu8/Xn3l0NfVvo+4pWGrqjhYbZvyzCP7QfLZXrCBMpNkMTxDZsIxxeWF
/LD/QZwY/tLuAOCyVbBMKVE4DpLsinw3zXLo1l7Yqd1GktV8r982SH/PEX14OV7Q
F09rA5OlekpOkn4G2ACasIyEwyfYVhInUo64LCopVneNDFluEMPY8jqxK2f4S8ll
+uzCLSNwGsZDNbCbNEmEWtlhbfDVEHv9nRqs+eeUXay2KTT57LE2BKlUGQYYKro8
QQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 18233992622090538772320469791408888805
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Global TLS RSA4096 SHA256 2022 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-04-25 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-20 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'citizens.sit2.cloud.digitalid.alberta.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20349380595664804154614999018141301785965571204678424095016153193397199102610675450773116554824259447812069964699334108029105111619786739164592552483743354701016573237618106505945968173310126734893505226998556941842073805065884693575387952327234716331930943104781982436523209729222420627196058851756326592667965641852033262303595592841834959050395971648659869284223377964800151606972753243860592236285788093633262782221923891902139142504584326749109979970212557391368197479830760168257642797099876165517071816234641752216716040096137397953647675082242606736096864072925607423599054056191837620495239717023741388667969
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a5b4d6eb36c4e76ba6dfc4640b012a2004b86623
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e25cb6d40ecb5941093fb2fc62e106aee15a820b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citizens.sit2.cloud.digitalid.alberta.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a007700e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e00000187b6f4fa6a0000040300483046022100899ca79d86fb1bd343de13646c94b5a3755abcca82ebe73321c9f7b01f0fbb02022100b3f1c7f83464b1d906f6f242770a2b8bbb525dbb20ee70c67abb6852e5fb246e007600b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a00000187b6f4fad6000004030047304502210092c926948c3cfc1524bd4f1e843017a1c1043373b78257b5bc949da4f91547a80220559975076befc43f916d2e26e30787a19bc3be2c1e22fb138ed78be3d20006760077007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb5200000187b6f4fa670000040300483046022100f2729eab12a7b4d07c201f691653106d860e61bd72b481ee58bb8e42b77b9fd2022100a29ec9b0b45d845a0c3c70dfc3e4d15f7b9a1f1b7bac3acb87fd2db55b7c04bd
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00ccee515aad2f177270167150a9cd4b61f3445c2c15cb9c13d53c05dbbaa25577fd4293fec1472f7720537f68b7ba8eb6f0df095a482e090fd4f9925b07b31fbf77c54c7d86c4e685393f876590d4cb8ce5e992338d1b9db144e90c27ee9382c323707637d9d64567ecf2dfa3cbd4e3bc460ce71e2791c8e691b8bf09f227634863d31592c73863c76d376ae4285a4aa75633649ff83bfcf538bf2428a407f16762ab4ced6847cd3641625da8b7b2e777cf2bffa7dd1c22bcf302ef4bbff96cbb19c1d9ae35a921180aa0a6c9a7d9a9536bbadd87037e72d49b655191cbe122fce0b2efecef6141590cee7cfae6ccac0ce8a5569f55d71da9f190c873ce814c9569e42d22070211371e72c7113adb514bfa4727dcc5d5483382fa08d4e7f5297a6b5f014aa7f2d56d13b581735e381853ef754cfd131d8742eaf9922b758f5096af34e99763723f6ed7aa47cdb772c6a7f4900eebdfd78984a344a24a8ae702230a0c0b2e6f2e2601deb29dce6354d3c1d21ee19592f75415b26b5dce4778b2ac3a4421882779d0de39ccc49bd5e9ed41c18a27e4bbb23de6bb780cb24eaa889be0be5f178843bd23f558896da73250867d0725e03f34ad8c7ff975650b79f8ae494f153b1081e927dffca062d24fa2d6bbc1a17ff17f342565524dd5a4419f3fcfa6a6d5a2b76e0384832c5b46edd5420bf5541679e9d2dbd9c1b63f48d09d97