iccsqa-api.iata.org

- International Air Transport Association -

Issued by Thawte TLS RSA CA G1

About this certificate

This digital certificate with serial number 06:78:84:59:84:eb:5e:4d:5f:24:c5:13:64:f2:63:e4 was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

International Air Transport Association

Organization: International Air Transport Association
State / Province: Quebec
Locality: Montreal
Country: CA

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 06:78:84:59:84:eb:5e:4d:5f:24:c5:13:64:f2:63:e4
Serial Number (int): 8601127968244384536600000353635820516
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 23:25:6e:32:20:9f:9d:52:61:fc:67:49:b2:e8:40:a2:6a:59:3d:d5
AuthorityKeyId: a5:8c:fe:32:cc:eb:0f:2c:d4:19:c6:08:b8:00:24:88:5d:c3:c5:b7

Fingerprint (sha1): ca:39:28:b4:b2:22:e3:a8:c6:06:d8:e6:21:08:60:77:92:61:a5:25
Fingerprint (sha256): 0e:8b:4e:48:ff:e9:a2:9a:31:f0:ad:87:63:d8:70:7d:62:51:d0:f6:3a:eb:2f:e5:0f:e3:c5:57:1e:39:2a:e7

Issuing Certificate URL: http://cacerts.thawte.com/ThawteTLSRSACAG1.crt

Revocation information

OCSP Server: http://status.thawte.com
CRL Distribution Point: http://cdp.thawte.com/ThawteTLSRSACAG1.crl

Check the revocation status for certificate iccsqa-api.iata.org

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for iccsqa-api.iata.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

iccsqa-api.iata.org
iccsqa.iata.org

Other certificates including the domain name iata.org

(limited to 100 certificates)
sni.cloudflaressl.com
guides.developer.iata.org
sni.cloudflaressl.com
merchantstatus.paysafecard.com
pass-test.iata.org
sni.cloudflaressl.com
sni.cloudflaressl.com
www.highq.com
sni.cloudflaressl.com
www.highq.com
*.developer.iata.org
iccsdevqa-int.iata.org
*.cargois.iata.org
dgautocheck.iata.org
5709436928655360-fe2.pantheonsite.io
sni.cloudflaressl.com
ezdiharstatus.mambu.com
standards.iata.org
bo.digitalcredentials.iata.org
sni26824.cloudflaressl.com
sni.cloudflaressl.com
*.cargois.iata.org
ezdiharstatus.mambu.com
merchantstatus.paysafecard.com
ras2.iata.org
sni.cloudflaressl.com
sni.cloudflaressl.com
iris.iata.org
ifg.iata.org
ttbs.iata.org
sfb-access-la.iata.org
nextt.iata.org
ras4.iata.org
merchantstatus.paysafecard.com
ras3.iata.org
theplanner.co.uk
5709436928655360-fe2.pantheonsite.io
airlines.iata.org
casslink-test.iata.org
5709436928655360-fe2.pantheonsite.io
www.highq.com
pubdownload.iata.org
sni.cloudflaressl.com
ras2.iata.org
www.planestories.iata.org
standards.iata.org
5709436928655360-fe2.pantheonsite.io
theplanner.co.uk
prod.2.slot.cdn.salesforce-communities.com
sni26824.cloudflaressl.com
ssl826589.cloudflaressl.com
www.highq.com
isftp.iata.org
casslink-imp-test.iata.org
sso.iata.org
iccspprod-api.iata.org
5709436928655360-fe2.pantheonsite.io
iata-pay.iata.org
dev-dgautocheck-admin.iata.org
backoffice.digitalcredentials.iata.org
irisqabiz.iata.org
www.highq.com
sni.cloudflaressl.com
sni.cloudflaressl.com
www.highq.com
o365.iata.org
sni.cloudflaressl.com
iccsqa-dsig.iata.org
merchantstatus.paysafecard.com
extranet.iata.org
sni.cloudflaressl.com
sfb-access-ny.iata.org
5709436928655360-fe2.pantheonsite.io
zrh-ss.iata.org
www.highq.com
marketis.iata.org
iccsqa-api.iata.org
devsso.iata.org
elearning.iata.org
webstarmobile.iata.org
www.highq.com
www.highq.com
qa-dgautocheck.iata.org
iccsqa-xenc.iata.org
merchantstatus.paysafecard.com
sni.cloudflaressl.com
t4.staging.timatic.iata.org
*.spapps.iata.org
sni.cloudflaressl.com
airlines.iata.org
easypay1-qa.iata.org
ssl919904.cloudflaressl.com
sni.cloudflaressl.com
sni26824.cloudflaressl.com
5709436928655360-fe2.pantheonsite.io
isweb.iata.org
sni.cloudflaressl.com
merchantstatus.paysafecard.com
demoacmg.iata.org
sni26824.cloudflaressl.com

Certificate

The complete raw certificate details for iccsqa-api.iata.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgIQBniEWYTrXk1fJMUTZPJj5DANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRUaGF3dGUgVExTIFJTQSBDQSBHMTAe
Fw0yMzEyMTgwMDAwMDBaFw0yNTAxMDIyMzU5NTlaMIGBMQswCQYDVQQGEwJDQTEP
MA0GA1UECBMGUXVlYmVjMREwDwYDVQQHEwhNb250cmVhbDEwMC4GA1UEChMnSW50
ZXJuYXRpb25hbCBBaXIgVHJhbnNwb3J0IEFzc29jaWF0aW9uMRwwGgYDVQQDExNp
Y2NzcWEtYXBpLmlhdGEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqXUx8rvCkoA/r0VS0fMnBiqj213pQridpblXUCgqEMsqbsXTEFvy8BP031n+
8uoi2T4x1MNryGyX7Z+wV8N9YaFD9COFN8vkjYx/VXBJ/x84034tOB7nUe5VhFPW
7UU3N/5P7qsAKaIX3j/byEomFhY8WhU5c6aBKq5QljKno0vdC6lQ8E5FwrdKEbwn
OxtLkQRuCDov4UPzOB7lCvLkRx0kfPtCpynrBbRNzUia8TpgByUEJ6xGo/aF7HsH
5+kUOyqiMi2vaCIWW9MdqnKcMLEm3XiBUftiJ5gXKLVkqNKsAAbTyfnDQuz4hWVD
8BhQ70AeDRsBl04ZMkd7CHIW/QIDAQABo4IBtjCCAbIwHwYDVR0jBBgwFoAUpYz+
MszrDyzUGcYIuAAkiF3DxbcwHQYDVR0OBBYEFCMlbjIgn51SYfxnSbLoQKJqWT3V
MC8GA1UdEQQoMCaCE2ljY3NxYS1hcGkuaWF0YS5vcmeCD2ljY3NxYS5pYXRhLm9y
ZzA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3
LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY2RwLnRo
YXd0ZS5jb20vVGhhd3RlVExTUlNBQ0FHMS5jcmwwcAYIKwYBBQUHAQEEZDBiMCQG
CCsGAQUFBzABhhhodHRwOi8vc3RhdHVzLnRoYXd0ZS5jb20wOgYIKwYBBQUHMAKG
Lmh0dHA6Ly9jYWNlcnRzLnRoYXd0ZS5jb20vVGhhd3RlVExTUlNBQ0FHMS5jcnQw
DAYDVR0TAQH/BAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0BAQsF
AAOCAQEAKEiL+cj2KSComHuyxpFiz6TElzkEPRh36dqHpYasRLfIv8+8/EAM04kj
xPYOEhuO8izS4+hEOVbixFuu2Y7d2iB9Wq0lo8Edy6sWqNNvjeGN7hvumhxKhZMz
DgJnD+FSc1F+fREgpHTxM7GwMcfc4lQV+p9nxymkVhaE56WZqt7pB+fu0gRb+TBc
gULYUXvcdXNqPDXlwlMXl3j67o2yshOXtLEGkdS1yE/IfRij143YEpN/8A0p5QaZ
0eYMyAzhEpsjnUcQgV4yVVHaka0MikVQBKQaz/IA4578dzaOJW7JkorPf1gGYXAM
KYnf00phpLt628c0+1DwlmMoThh5ZA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXUx8rvCkoA/r0VS0fMn
Biqj213pQridpblXUCgqEMsqbsXTEFvy8BP031n+8uoi2T4x1MNryGyX7Z+wV8N9
YaFD9COFN8vkjYx/VXBJ/x84034tOB7nUe5VhFPW7UU3N/5P7qsAKaIX3j/byEom
FhY8WhU5c6aBKq5QljKno0vdC6lQ8E5FwrdKEbwnOxtLkQRuCDov4UPzOB7lCvLk
Rx0kfPtCpynrBbRNzUia8TpgByUEJ6xGo/aF7HsH5+kUOyqiMi2vaCIWW9MdqnKc
MLEm3XiBUftiJ5gXKLVkqNKsAAbTyfnDQuz4hWVD8BhQ70AeDRsBl04ZMkd7CHIW
/QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 8601127968244384536600000353635820516
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte TLS RSA CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-18 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-02 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Quebec'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Montreal'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'International Air Transport Association'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'iccsqa-api.iata.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21392064601941000535031207976816049099811368551894651858150923023208084353954630214295481240530501606819248179843515085023480015498386242969030283043342623026829090810382156726759684568402392608179188735128217500372620395216437957953357572108284790435106066365153841386398718328538279251993174015797100430115196437243689604476794328383683817477925346877267406796533000311074873823731273443664840672906494818619761949481342141148723456829420669475512544419481716361877578695956886068462523512762580015011460500042017659449028281107035450344053646369567123083069603885370432993180551822193508465433129440039543164245757
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a58cfe32cceb0f2cd419c608b80024885dc3c5b7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							23256e32209f9d5261fc6749b2e840a26a593dd5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iccsqa-api.iata.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iccsqa.iata.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteTLSRSACAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteTLSRSACAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0028488bf9c8f62920a8987bb2c69162cfa4c49739043d1877e9da87a586ac44b7c8bfcfbcfc400cd38923c4f60e121b8ef22cd2e3e8443956e2c45baed98eddda207d5aad25a3c11dcbab16a8d36f8de18dee1bee9a1c4a8593330e02670fe15273517e7d1120a474f133b1b031c7dce25415fa9f67c729a4561684e7a599aadee907e7eed2045bf9305c8142d8517bdc75736a3c35e5c253179778faee8db2b21397b4b10691d4b5c84fc87d18a3d78dd812937ff00d29e50699d1e60cc80ce1129b239d4710815e325551da91ad0c8a455004a41acff200e39efc77368e256ec9928acf7f580661700c2989dfd34a61a4bb7adbc734fb50f09663284e187964