affinityweb.fiacardservices.com

- Bank of America Corporation -

Issued by Entrust Certification Authority - L1M

About this certificate

This digital certificate with serial number 95:a5:95:77:65:08:b0:89:00:00:00:00:54:ce:c7:cf was issued on by Entrust, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Bank of America Corporation

Company registration number: 2927442
Organization: Bank of America Corporation
State / Province: Illinois
Locality: Chicago
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2014 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 95:a5:95:77:65:08:b0:89:00:00:00:00:54:ce:c7:cf
Serial Number (int): 198914731892061485979941817780053919695
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 34:52:13:7f:3a:f6:ee:67:5a:c1:b2:94:71:ed:55:36:8c:d2:75:0a
AuthorityKeyId: c3:f7:d0:b5:2a:30:ad:af:0d:91:21:70:39:54:dd:bc:89:70:c7:3a

Fingerprint (sha1): f7:a8:a8:39:c4:8c:cf:d2:bb:c0:17:c3:12:00:86:0f:9c:e7:60:98
Fingerprint (sha256): 0e:34:97:73:15:a0:39:ae:8a:31:9e:a2:f2:b2:31:b1:7b:1d:cb:bd:40:bd:ef:3f:72:1f:5c:dc:83:ec:1f:c1

Issuing Certificate URL: http://aia.entrust.net/l1m-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1m.crl

Check the revocation status for certificate affinityweb.fiacardservices.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for affinityweb.fiacardservices.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

affinityweb.fiacardservices.com

Other certificates including the domain name fiacardservices.com

(limited to 100 certificates)
www.managerewardsonline.fiacardservices.com
godirectdebit.fiacardservices.com
epass-uat.bankofamerica.com
www.managerewardsonline.fiacardservices.com
affinityweb.fiacardservices.com
wwwn.managerewardsonline.fiacardservices.com
Easyrewards.fiacardservices.com
affinityweb.fiacardservices.com
shopsafe-devps.ecnp.fiacardservices.com
reward-redemption.fiacardservices.com
mydirectdebit.fiacardservices.com
campus.bankofamerica.com
ddoxlogin.dynamicdox.com
travelcenter.fiacardservices.com
travelcenter.fiacardservices.com
www.staging.managerewardsonline.fiacardservices.com
affinityweb.fiacardservices.com
wwwa.managerewardsonline.fiacardservices.com
about-dev.bankofamerica.com
www5-staging.managerewardsonline.com
www5-staging.managerewardsonline.com
shopsafe-qaps.ecnp.fiacardservices.com
easyrewards.fiacardservices.com
mydirectdebit.fiacardservices.com
shopsafe-cert1.ecnp.fiacardservices.com
secure.fiacardservices.com
www.managerewardsonline.fiacardservices.com
mynewcard.fiacardservices.com
reward-redemption.fiacardservices.com
secure-cert2.ecnp.fiacardservices.com
onlinedirectdebit.fiacardservices.com
mynewcard.fiacardservices.com
travelcenterfaq.fiacardservices.com
secure.fiacardservices.com
ddoxlogin.dynamicdox.com
mydirectdebit.fiacardservices.com
shopsafe-devflex.ecnp.fiacardservices.com
epass-uat.bankofamerica.com
shopsafe-devflex.ecnp.fiacardservices.com
preferences.em.fiacardservices.com
sso-fi.fiacardservices.com
secure-pt2.ecnp.fiabusinesscard.com
preferences.em.fiacardservices.com
campus.bankofamerica.com
reward-redemption.fiacardservices.com
ddoxlogin-uat.bankofamerica.com
eesorigin.bankofamerica.com
www.managerewardsonline.fiacardservices.com
secure-pt2.ecnp.fiacardservices.com
businesscard.fiacardservices.com
www.managerewardsonline.fiacardservices.com
www.managerewardsonline.fiacardservices.com
secure-preview2.ecnp.fiacardservices.com
wwwn.staging.managerewardsonline.fiacardservices.com
preferencesorigin-dev.em.fiacardservices.com
www.staging.managerewardsonline.fiacardservices.com
godirectdebit.fiacardservices.com
www.managerewardsonline.fiacardservices.com
secure.fiacardservices.com
wwwa.managerewardsonline.fiacardservices.com
secure-dev1.ecnp.fiacardservices.com
sso-fi.fiacardservices.com
ddoxlogin.dynamicdox.com
secure.fiacardservices.com
aboutorigin-dev.bankofamerica.com
preferences-qa.em.fiacardservices.com
www5-staging.managerewardsonline.com
giftcard.fiacardservices.com
rewardsshoppingmall.fiacardservices.com
www.managerewardsonline.fiacardservices.com
shopsafe-pt1.ecnp.fiacardservices.com
secure-dev3.ecnp.fiacardservices.com
testSymantecStandardSSL-FIACardServices-SHA1.fiacardservices.com
mynewcard.fiacardservices.com
ddoxlogin.dynamicdox.com
www.staging.managerewardsonline.fiacardservices.com
redorigin-dev.bankofamerica.com
secure-qa2.ecnp.fiacardservices.com
ddoxlogin-uat-ah.dynamicdox.com
wwwa.managerewardsonline.fiacardservices.com
redorigin-dev.bankofamerica.com
uat.travelcenter.fiacardservices.com
choosedirectdebit.fiacardservices.com
campus.bankofamerica.com
onlinedirectdebit.fiacardservices.com
mynewcard.fiacardservices.com
mynewcarda.fiacardservices.com
choosedirectdebit.fiacardservices.com
secure-pt2.ecnp.fiacardservices.com
shopsafe-dev2.ecnp.fiacardservices.com
secure-dev2.ecnp.fiacardservices.com
redorigin-dev.bankofamerica.com
campus.bankofamerica.com
epass-uat.bankofamerica.com
miu-test.fiacardservices.com
travelcenter.sit1.fiacardservices.com
wwwn.managerewardsonline.fiacardservices.com
secure-preview2.ecnp.fiacardservices.com
affinityweb.fiacardservices.com
mynewcardn.fiacardservices.com

Certificate

The complete raw certificate details for affinityweb.fiacardservices.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHQzCCBiugAwIBAgIRAJWllXdlCLCJAAAAAFTOx88wDQYJKoZIhvcNAQELBQAw
gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
MjAxNCBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs
BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMU0wHhcN
MTgwNzMwMTkxMTA1WhcNMTkwNzMwMTk0MTAzWjCB4zELMAkGA1UEBhMCVVMxETAP
BgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdDaGljYWdvMRMwEQYLKwYBBAGCNzwC
AQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMSQwIgYDVQQKExtCYW5r
IG9mIEFtZXJpY2EgQ29ycG9yYXRpb24xHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5p
emF0aW9uMRAwDgYDVQQFEwcyOTI3NDQyMSgwJgYDVQQDEx9hZmZpbml0eXdlYi5m
aWFjYXJkc2VydmljZXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy+Cg+4DnweDcoj8QCYzK10p/Tvab9+l4cjM4nBw0NiGYtdciR5VFEBXzyjka
hPg6TgdXsXp3Oz0BW3gEWKDTRsWlew+VaSawQYUvNM5lZAGUMAkETzQn6fp6uA6r
tiYoP576YDbpDbhjhaAw6FO/R/lheSrznHFUDYIdyRDS0NItREjAM2aTBM0BX9ha
n67T2AOoPbDGacX3aiFbT/lQdj7PZvBvbhqXaA1N5+n+7Mv3GjVlHZMAUFXpYn94
WlaL8KWWOqyYdIfFBVX7worOYE9qLd0sLqmsjJu98lpfMYcKfyEZRBDbhbDW3akb
eLGRHT++OxiLivqpYJqabANH4QIDAUNro4IDFzCCAxMwKgYDVR0RBCMwIYIfYWZm
aW5pdHl3ZWIuZmlhY2FyZHNlcnZpY2VzLmNvbTCCAX4GCisGAQQB1nkCBAIEggFu
BIIBagFoAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFk7LVc
LwAABAMARjBEAiBEaciQzKk8y2NNWKyWla1UQuSw/NXZVxYNTa30hFGdSwIgS4qg
bMxoNJhqeddxRRX1SU343Ly1ROZSICn2nyfaU4QAdgBVgdTCFpA2AUrqC5tXPFPw
wOQ4eHAlCBcvo6odBxPTDAAAAWTstVxvAAAEAwBHMEUCIQCQY7lcjgmyKvs9bX9y
YIMIvhpc8XWWmcqrY9pJKRifywIgfwDEjKMd8NDwC908feL9KQG195KkPyiyUPLm
5bKK/csAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWTstVxt
AAAEAwBIMEYCIQC8cZwVfl3Gn3Mpi71LpOAGoD5mSJKuPlvXKhTpRG88aAIhAOet
jT0ofFF0fGlRfAa/i5prW747CDs2MY9Gs/+ukA2SMA4GA1UdDwEB/wQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwaAYIKwYBBQUHAQEEXDBaMCMG
CCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAzBggrBgEFBQcwAoYn
aHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMW0tY2hhaW4yNTYuY2VyMDMGA1UdHwQs
MCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxbS5jcmwwSgYD
VR0gBEMwQTA2BgpghkgBhvpsCgECMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cu
ZW50cnVzdC5uZXQvcnBhMAcGBWeBDAEBMB8GA1UdIwQYMBaAFMP30LUqMK2vDZEh
cDlU3byJcMc6MB0GA1UdDgQWBBQ0UhN/OvbuZ1rBspRx7VU2jNJ1CjAJBgNVHRME
AjAAMA0GCSqGSIb3DQEBCwUAA4IBAQA8SFrJy/iiR7cD+uYGICmdd30sNO6Btdrb
+dxGewNYRJGt1H5JS1v+JOvhABU1f7nx8ctRQfX0OatbRvvdku7xnnPePs6HkeNs
rxEtEZV89pQpbEf9huZecV0wyjtFi7bzmlIsT+hbsV9WguG+FD/B1nJ44kq7Oodu
7NHFdcxnSIdMi7idW80k5kh6IVQ/+i7qku4hTGrEcil4D/s3YWMsXBi5aH4cZ9RV
1MnJoK9Dszrma/VtNrPiKdJ3fo0eKHsJK52bQG9RXdWwIdFPRRI7snovWQ85uRVg
Pm9aj2OM+PF5Q/lyVJ+ekwusugYsfWRtV9QQL4bwfuXsPvtK13Az
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+Cg+4DnweDcoj8QCYzK
10p/Tvab9+l4cjM4nBw0NiGYtdciR5VFEBXzyjkahPg6TgdXsXp3Oz0BW3gEWKDT
RsWlew+VaSawQYUvNM5lZAGUMAkETzQn6fp6uA6rtiYoP576YDbpDbhjhaAw6FO/
R/lheSrznHFUDYIdyRDS0NItREjAM2aTBM0BX9han67T2AOoPbDGacX3aiFbT/lQ
dj7PZvBvbhqXaA1N5+n+7Mv3GjVlHZMAUFXpYn94WlaL8KWWOqyYdIfFBVX7worO
YE9qLd0sLqmsjJu98lpfMYcKfyEZRBDbhbDW3akbeLGRHT++OxiLivqpYJqabANH
4QIDAUNr
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 198914731892061485979941817780053919695
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2014 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1M'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-07-30 19:11:05 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-30 19:41:03 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illinois'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Chicago'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Delaware'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bank of America Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '2927442'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'affinityweb.fiacardservices.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25737144516352459051983432742253977238698415893528854190589056267719332840783682848366092740043290240642017865233007472419813438672657843732117058364166974247198558829757872567868830712451068956249568019124393077393214536991227430148142209260742450426506165569248879697248090299242622250842390967337164146836483910936656266284635111936380649399078702779542877168450628449122556518963088996745452709908212305432306691480757508285172989836022110716464995003694530889117678386068021795031312897007321798459175065423299016320004319843242074155569707786546606799545864773178004619715892348391995591876060195027495220889569
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 82795

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (35 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'affinityweb.fiacardservices.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680075008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f00000164ecb55c2f000004030046304402204469c890cca93ccb634d58ac9695ad5442e4b0fcd5d957160d4dadf484519d4b02204b8aa06ccc6834986a79d7714515f5494df8dcbcb544e6522029f69f27da53840076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000164ecb55c6f00000403004730450221009063b95c8e09b22afb3d6d7f72608308be1a5cf1759699caab63da4929189fcb02207f00c48ca31df0d0f00bdd3c7de2fd2901b5f792a43f28b250f2e6e5b28afdcb007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000164ecb55c6d0000040300483046022100bc719c157e5dc69f73298bbd4ba4e006a03e664892ae3e5bd72a14e9446f3c68022100e7ad8d3d287c51747c69517c06bf8b9a6b5bbe3b083b36318f46b3ffae900d92
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1m-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1m.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.2 (Entrust EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c3f7d0b52a30adaf0d9121703954ddbc8970c73a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3452137f3af6ee675ac1b29471ed55368cd2750a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003c485ac9cbf8a247b703fae60620299d777d2c34ee81b5dadbf9dc467b03584491add47e494b5bfe24ebe10015357fb9f1f1cb5141f5f439ab5b46fbdd92eef19e73de3ece8791e36caf112d11957cf694296c47fd86e65e715d30ca3b458bb6f39a522c4fe85bb15f5682e1be143fc1d67278e24abb3a876eecd1c575cc6748874c8bb89d5bcd24e6487a21543ffa2eea92ee214c6ac47229780ffb3761632c5c18b9687e1c67d455d4c9c9a0af43b33ae66bf56d36b3e229d2777e8d1e287b092b9d9b406f515dd5b021d14f45123bb27a2f590f39b915603e6f5a8f638cf8f17943f972549f9e930bacba062c7d646d57d4102f86f07ee5ec3efb4ad77033