bnp10s.bnpparibas.com

- BNP PARIBAS SA -

Issued by DigiCert TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 0a:b7:e9:6e:78:ff:cb:dd:48:0c:37:bc:78:74:a5:9c was issued on by DigiCert Inc.

With 75 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

BNP PARIBAS SA

Organization: BNP PARIBAS SA
State / Province: Île-de-France
Locality: MONTREUIL
Country: FR

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0a:b7:e9:6e:78:ff:cb:dd:48:0c:37:bc:78:74:a5:9c
Serial Number (int): 14247204836943999578226253697813620124
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 22:de:36:e2:4e:e2:9d:26:40:99:e5:c3:fa:08:dd:d6:54:f7:23:91
AuthorityKeyId: b7:6b:a2:ea:a8:aa:84:8c:79:ea:b4:da:0f:98:b2:c5:95:76:b9:f4

Fingerprint (sha1): ef:c8:46:da:ff:f7:f1:f8:01:d0:88:11:1b:8a:76:5f:e1:72:d2:50
Fingerprint (sha256): 0f:3d:1c:71:a4:db:ab:57:fc:75:fa:e5:c4:03:49:ec:b8:10:ca:20:55:6d:7d:04:51:47:d1:7d:d1:cc:ce:f2

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl

Check the revocation status for certificate bnp10s.bnpparibas.com

75

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for bnp10s.bnpparibas.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

bnp10s.bnpparibas.com
accountx2ca.bnl.it
agw-services.staging.bnpparibascardif.it
artigianonline.artigiancassa.it
auto-uat.bnpparibascardif.cl
auto.signature.neuges.org
autocencosudscotiabank-uat.bnpparibascardif.cl
autocoopeuchcorredores-uat.bnpparibascardif.cl
autoscotiabank-uat.bnpparibascardif.cl
campaignbancolombia.cardif.com.co
careers.apac.bnpparibas
cdc-archive.portail-investisseur.com
centric2cdms.asia.bnpparibas.com
cetelem-esignrc.bnpparibas-pf.com
courtier-sygma-esignrc.bnpparibas-pf.com
denuncias.cardif.com.co
ecnycn.asia.bnpparibas.com
edraft.uat1.bnpparibas.com
emprunteur.signature.neuges.org
esteeselsite.cardif.com.co
esteeselsitio.cardif.com.co
esteeselsitiocencosud.cardif.com.co
esteeselsitiocodensa.cardif.com.co
etranplus.bnpparibas.com
europagoderec.staging.bnpparibas.com
filebox.smsps-coll.bnl.it
financ.it
financit.it
finanzauto.cardif.com.co
fzw-ppd.bnpparibas.com
fzw.bnpparibas.com
gestorescomerciales.cardif.com.co
gm-graduate-careers.apac.bnpparibas
ips-lab.experiment.bnpparibas
ips-lab.staging.bnpparibas
mobile.preprod.domofinance.com
mobileservices2.bgl.lu
oi-itau-uat.bnpparibascardif.cl
partenaires.preprod.domofinance.com
partenaires.qualif.domofinance.com
partinst-esignrc.bnpparibas-pf.com
partnerbiz.it
pass-portal.staging.bnpparibascardif.it
prescripteur.signature.neuges.org
qualif.domofinance.com
reportesites.cardif.com.co
sb.artigiancassa.it
sbv2.artigiancassa.it
segurosban100.cardif.com.co
segurosmefia.cardif.com.co
signature-vad.domofinance.com
signature.cetelem.fr
sygma-esignrc.bnpparibas-pf.com
telepassxbiz.com
telepassxbiz.it
webdoc-ci.bicicinet.net
webdoc-ci.bnpparibas.com
webdoc-dz.staging.bnpparibas.net
webdoc-sn.bicisnet.net
webdoc-sn.bnpparibas.com
webview-uat.cardif.com.co
webview.cardif.com.co
www.accountx2ca.bnl.it
www.artigianonline.artigiancassa.it
www.financ.it
www.financit.it
www.partnerbiz.it
www.pass-portal.staging.bnpparibascardif.it
www.qualif.domofinance.com
www.telepassxbiz.it
www.webdoc-ci.bicicinet.net
www.webdoc-ci.bnpparibas.com
www.webdoc-dz.staging.bnpparibas.net
www.webdoc-sn.bicisnet.net
www.webdoc-sn.bnpparibas.com

Other certificates including the domain name bnpparibas.com

(limited to 100 certificates)
bnp16b.bnpparibas.com
porta.bnpparibas.com
bnp04s.bnpparibas.com
bnp05b.bnpparibas.com
bnp12b.bnpparibas.com
bnp11b.bnpparibas.com
dna-wp.bnpparibas.com
pls-mytools-rec3.staging.bnpparibas.com
cdx-rec.bnpparibas.com
us-cortex.bnpparibas.com
planetshares-mytools.bnpparibas.com
eqd-globalmarkets.bnpparibas.com
securitiesrec-bluegreen.bnpparibas.com
vulcan-brio.sso-stg.bnpparibas.com
f17aaabc20bfe045075927934fed52d21.bnpparibas.com
www.vendor-academy.leasingsolutions.bnpparibas.com
www.cards.bnpparibas.com
f17aaabc20bfe045075927934fed52d21.bnpparibas.com
group.bnpparibas.com
wow.bnpparibas.com
indices-globalmarkets.bnpparibas.com
connexissupplychain.uat3.bnpparibas.com
clientportfolio.smartderivatives.bnpparibas.com
us-cortexfx.bnpparibas.com
europagoderec2.bnpparibas.com
bnp02tpc.bnpparibas.com
bnp05s.bnpparibas.com
bnp09b.bnpparibas.com
auth.staging.bnpparibas.com
eqresearch.bnpparibas.com
front-rec.bnpparibas.com
www.gps-protocol.bnpparibas.com
india-netpay.bnpparibas.com
apac-faststream02.bnpparibas.com
mymobility-qual.staging.bnpparibas.com
bnp03sw.bnpparibas.com
imactions.uat.bnpparibas.com
bnp05b.bnpparibas.com
welcome-qual.staging.bnpparibas.com
connexissupplychain.uat1.bnpparibas.com
gctabsreporting-staging.bnpparibas.com
expe-122-opf.bnpparibas.com
bnp13b.bnpparibas.com
connexistrade-ls.bnpparibas.com
cxt-uat-ls.bnpparibas.com
staging.intdistrib-am.bnpparibas.com
brio.sso-stg.bnpparibas.com
int-qa2-cciweb.bnpparibas.com
sinmail3.asia.bnpparibas.com
bnp06s.bnpparibas.com
bnp05s.bnpparibas.com
2016-u.leasingsolutions.bnpparibas.com
bnp07b.bnpparibas.com
smartderivatives.bnpparibas.com
account.onebank.bnpparibas.com
bnppf-dgi-collection.bnpparibas.com
fr-sdpp-prd-internet-stream01.bnpparibas.com
bnp07b.bnpparibas.com
int-bfx-newscci.bnpparibas.com
bnp03s.bnpparibas.com
bnp19b.bnpparibas.com
marketlinkedproducts.bnpparibas.com
wealthmanagement-staging.bnpparibas.com
wsgateway.bnpparibas.com
jp-cortexfx.bnpparibas.com
bnp01sw.bnpparibas.com
securitiesrec-link.bnpparibas.com
bnp09b.bnpparibas.com
bnp04s.bnpparibas.com
rewardsatwork.be
www.bnpparibas.com.br
spotbuying.mediaprocessing.bnpparibas.com
group.bnpparibas
clientportfolio.smartderivatives.bnpparibas.com
cce.bnpparibas.com
cdc-securities-link.portail-investisseur.com
markets360-test.bnpparibas.com
www.privalto.fr
push.connexiscash.bnpparibas.com
bnp09s.bnpparibas.com
matisse-compta.bnpparibas.com
ews-itg-ext.test.bnpparibas.com
www.primebroker.com
obbligazioni.bnpparibas.com
webtrends.bnpparibas.com
fao.bnpparibas.com
dna-promoter.bnpparibas.com
globalmarkets-pp.bnpparibas.com
bnp09b.bnpparibas.com
bnp04b.bnpparibas.com
cardif-asia-demo.dev.bnpparibas.com
bnp03s.bnpparibas.com
push.bnpparibas.com
bnp19b.bnpparibas.com
keys.bnpparibas.com
sinmail4.asia.bnpparibas.com
connexisdirect.api.staging.bnpparibas.com
centric-vasco.bnpparibas.com
securitiesrec-client.bnpparibas.com
tlcx-tempo.bnpparibas.com

Certificate

The complete raw certificate details for bnp10s.bnpparibas.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIN1TCCDL2gAwIBAgIQCrfpbnj/y91IDDe8eHSlnDANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMzExMjAwMDAwMDBa
Fw0yNDAzMTQyMzU5NTlaMHMxCzAJBgNVBAYTAkZSMRcwFQYDVQQIDA7DjmxlLWRl
LUZyYW5jZTESMBAGA1UEBxMJTU9OVFJFVUlMMRcwFQYDVQQKEw5CTlAgUEFSSUJB
UyBTQTEeMBwGA1UEAxMVYm5wMTBzLmJucHBhcmliYXMuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts91o838iU3oCMe0lqRFivCXHnRWCF5otT3a
kH3bT9NrqqF3rXCTdfP/7VRb77iVbQXafSxcFaUEd7otEeCj2sEzGlhGihAhWcdK
hhSxF55gcCTLRSi2ZygXuxm/5dpYgT57legx1EsvF0fQgn/qtwW65dWPDNbP3/2f
yQd7iluvE4BQ5qoE383c4IIzOMWLlO9JmNFG/uwfzvGS2Ssk9Y25TKDz+fwdRGmp
FE2Ctg/TKnyzx6Kkz20cZPq7d9NmBC7f4JNkVaIjAFyibTjMuChgW1BYChHcEFDG
9H3ZCheTr25GjmgxnaTjMIVYQj+4pWDxVWnxeiTq2/RVwvod7QIDAQABo4IKhzCC
CoMwHwYDVR0jBBgwFoAUt2ui6qiqhIx56rTaD5iyxZV2ufQwHQYDVR0OBBYEFCLe
NuJO4p0mQJnlw/oI3dZU9yORMIIImgYDVR0RBIIIkTCCCI2CFWJucDEwcy5ibnBw
YXJpYmFzLmNvbYISYWNjb3VudHgyY2EuYm5sLml0gihhZ3ctc2VydmljZXMuc3Rh
Z2luZy5ibnBwYXJpYmFzY2FyZGlmLml0gh9hcnRpZ2lhbm9ubGluZS5hcnRpZ2lh
bmNhc3NhLml0ghxhdXRvLXVhdC5ibnBwYXJpYmFzY2FyZGlmLmNsghlhdXRvLnNp
Z25hdHVyZS5uZXVnZXMub3Jngi5hdXRvY2VuY29zdWRzY290aWFiYW5rLXVhdC5i
bnBwYXJpYmFzY2FyZGlmLmNsgi5hdXRvY29vcGV1Y2hjb3JyZWRvcmVzLXVhdC5i
bnBwYXJpYmFzY2FyZGlmLmNsgiZhdXRvc2NvdGlhYmFuay11YXQuYm5wcGFyaWJh
c2NhcmRpZi5jbIIhY2FtcGFpZ25iYW5jb2xvbWJpYS5jYXJkaWYuY29tLmNvghdj
YXJlZXJzLmFwYWMuYm5wcGFyaWJhc4IkY2RjLWFyY2hpdmUucG9ydGFpbC1pbnZl
c3Rpc3NldXIuY29tgiBjZW50cmljMmNkbXMuYXNpYS5ibnBwYXJpYmFzLmNvbYIh
Y2V0ZWxlbS1lc2lnbnJjLmJucHBhcmliYXMtcGYuY29tgihjb3VydGllci1zeWdt
YS1lc2lnbnJjLmJucHBhcmliYXMtcGYuY29tghdkZW51bmNpYXMuY2FyZGlmLmNv
bS5jb4IaZWNueWNuLmFzaWEuYm5wcGFyaWJhcy5jb22CGmVkcmFmdC51YXQxLmJu
cHBhcmliYXMuY29tgh9lbXBydW50ZXVyLnNpZ25hdHVyZS5uZXVnZXMub3Jnghpl
c3RlZXNlbHNpdGUuY2FyZGlmLmNvbS5jb4IbZXN0ZWVzZWxzaXRpby5jYXJkaWYu
Y29tLmNvgiNlc3RlZXNlbHNpdGlvY2VuY29zdWQuY2FyZGlmLmNvbS5jb4IiZXN0
ZWVzZWxzaXRpb2NvZGVuc2EuY2FyZGlmLmNvbS5jb4IYZXRyYW5wbHVzLmJucHBh
cmliYXMuY29tgiRldXJvcGFnb2RlcmVjLnN0YWdpbmcuYm5wcGFyaWJhcy5jb22C
GWZpbGVib3guc21zcHMtY29sbC5ibmwuaXSCCWZpbmFuYy5pdIILZmluYW5jaXQu
aXSCGGZpbmFuemF1dG8uY2FyZGlmLmNvbS5jb4IWZnp3LXBwZC5ibnBwYXJpYmFz
LmNvbYISZnp3LmJucHBhcmliYXMuY29tgiFnZXN0b3Jlc2NvbWVyY2lhbGVzLmNh
cmRpZi5jb20uY2+CI2dtLWdyYWR1YXRlLWNhcmVlcnMuYXBhYy5ibnBwYXJpYmFz
gh1pcHMtbGFiLmV4cGVyaW1lbnQuYm5wcGFyaWJhc4IaaXBzLWxhYi5zdGFnaW5n
LmJucHBhcmliYXOCHm1vYmlsZS5wcmVwcm9kLmRvbW9maW5hbmNlLmNvbYIWbW9i
aWxlc2VydmljZXMyLmJnbC5sdYIfb2ktaXRhdS11YXQuYm5wcGFyaWJhc2NhcmRp
Zi5jbIIjcGFydGVuYWlyZXMucHJlcHJvZC5kb21vZmluYW5jZS5jb22CInBhcnRl
bmFpcmVzLnF1YWxpZi5kb21vZmluYW5jZS5jb22CInBhcnRpbnN0LWVzaWducmMu
Ym5wcGFyaWJhcy1wZi5jb22CDXBhcnRuZXJiaXouaXSCJ3Bhc3MtcG9ydGFsLnN0
YWdpbmcuYm5wcGFyaWJhc2NhcmRpZi5pdIIhcHJlc2NyaXB0ZXVyLnNpZ25hdHVy
ZS5uZXVnZXMub3JnghZxdWFsaWYuZG9tb2ZpbmFuY2UuY29tghpyZXBvcnRlc2l0
ZXMuY2FyZGlmLmNvbS5jb4ITc2IuYXJ0aWdpYW5jYXNzYS5pdIIVc2J2Mi5hcnRp
Z2lhbmNhc3NhLml0ghtzZWd1cm9zYmFuMTAwLmNhcmRpZi5jb20uY2+CGnNlZ3Vy
b3NtZWZpYS5jYXJkaWYuY29tLmNvgh1zaWduYXR1cmUtdmFkLmRvbW9maW5hbmNl
LmNvbYIUc2lnbmF0dXJlLmNldGVsZW0uZnKCH3N5Z21hLWVzaWducmMuYm5wcGFy
aWJhcy1wZi5jb22CEHRlbGVwYXNzeGJpei5jb22CD3RlbGVwYXNzeGJpei5pdIIX
d2ViZG9jLWNpLmJpY2ljaW5ldC5uZXSCGHdlYmRvYy1jaS5ibnBwYXJpYmFzLmNv
bYIgd2ViZG9jLWR6LnN0YWdpbmcuYm5wcGFyaWJhcy5uZXSCFndlYmRvYy1zbi5i
aWNpc25ldC5uZXSCGHdlYmRvYy1zbi5ibnBwYXJpYmFzLmNvbYIZd2Vidmlldy11
YXQuY2FyZGlmLmNvbS5jb4IVd2Vidmlldy5jYXJkaWYuY29tLmNvghZ3d3cuYWNj
b3VudHgyY2EuYm5sLml0giN3d3cuYXJ0aWdpYW5vbmxpbmUuYXJ0aWdpYW5jYXNz
YS5pdIINd3d3LmZpbmFuYy5pdIIPd3d3LmZpbmFuY2l0Lml0ghF3d3cucGFydG5l
cmJpei5pdIIrd3d3LnBhc3MtcG9ydGFsLnN0YWdpbmcuYm5wcGFyaWJhc2NhcmRp
Zi5pdIIad3d3LnF1YWxpZi5kb21vZmluYW5jZS5jb22CE3d3dy50ZWxlcGFzc3hi
aXouaXSCG3d3dy53ZWJkb2MtY2kuYmljaWNpbmV0Lm5ldIIcd3d3LndlYmRvYy1j
aS5ibnBwYXJpYmFzLmNvbYIkd3d3LndlYmRvYy1kei5zdGFnaW5nLmJucHBhcmli
YXMubmV0ghp3d3cud2ViZG9jLXNuLmJpY2lzbmV0Lm5ldIIcd3d3LndlYmRvYy1z
bi5ibnBwYXJpYmFzLmNvbTA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUF
BwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjwYDVR0fBIGHMIGEMECg
PqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEy
NTYyMDIwQ0ExLTQuY3JsMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20v
RGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTQuY3JsMH8GCCsGAQUFBwEBBHMw
cTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkGCCsGAQUF
BzAChj1odHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FT
SEEyNTYyMDIwQ0ExLTEuY3J0MAwGA1UdEwEB/wQCMAAwEwYKKwYBBAHWeQIEAwEB
/wQCBQAwDQYJKoZIhvcNAQELBQADggEBALLefC0SypvMWxJzpQZHx4R3MBMg0VPp
SQA6BRNpwja82WOQuiOZS781JSTLjqu8UDtRppnyliaojCc8g/uRnvPpY1Y2WyFL
FYwRKgRu7ZlOkTEyAECWsDL39ryfvmIBMmP4T2O3obbIQU9FT0wzucmib1ZUS3VK
+g6ZgN4LzbqFQnItk9Ou3pSfCYoc9wfmCSDfRGOeuT3Z5RNq0CtU7kt/gBOTefVQ
N1xFJXOK59GwGNaRMENeiypSBhtamcvJ1X9Uml9v1kWWLppiFeXMF+El77nZggWq
byCuyhg19tBdrZFy7py3UsEFDplVlBDnDap/DvREk5hr3G3yZ7sZ7sA=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts91o838iU3oCMe0lqRF
ivCXHnRWCF5otT3akH3bT9NrqqF3rXCTdfP/7VRb77iVbQXafSxcFaUEd7otEeCj
2sEzGlhGihAhWcdKhhSxF55gcCTLRSi2ZygXuxm/5dpYgT57legx1EsvF0fQgn/q
twW65dWPDNbP3/2fyQd7iluvE4BQ5qoE383c4IIzOMWLlO9JmNFG/uwfzvGS2Ssk
9Y25TKDz+fwdRGmpFE2Ctg/TKnyzx6Kkz20cZPq7d9NmBC7f4JNkVaIjAFyibTjM
uChgW1BYChHcEFDG9H3ZCheTr25GjmgxnaTjMIVYQj+4pWDxVWnxeiTq2/RVwvod
7QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 14247204836943999578226253697813620124
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-20 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-14 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Île-de-France'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'MONTREUIL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BNP PARIBAS SA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'bnp10s.bnpparibas.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23077673611267711382497885452153365007716881738376013636516246721656476115639838422567197802256993965845880313071486392345543945374559638665722889124004686994496437042639842192001326615004985533361424452599942015428571751250038550986605316801273051564850658810665574848096755289711900950068453819061546617371106767554677118795984800209543846319874515553096231437402224475251007018693825397989774836093057559671011996159110238050158481972308343230808606376702654282488591956076320293424421740701188428713384258779068893495325332747558534355153345163500398916254563023178789176539009473475892384291769890063352472411629
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							22de36e24ee29d264099e5c3fa08ddd654f72391
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2193 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bnp10s.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'accountx2ca.bnl.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'agw-services.staging.bnpparibascardif.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'artigianonline.artigiancassa.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'auto-uat.bnpparibascardif.cl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'auto.signature.neuges.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autocencosudscotiabank-uat.bnpparibascardif.cl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autocoopeuchcorredores-uat.bnpparibascardif.cl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autoscotiabank-uat.bnpparibascardif.cl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'campaignbancolombia.cardif.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'careers.apac.bnpparibas'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdc-archive.portail-investisseur.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'centric2cdms.asia.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cetelem-esignrc.bnpparibas-pf.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'courtier-sygma-esignrc.bnpparibas-pf.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'denuncias.cardif.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ecnycn.asia.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edraft.uat1.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'emprunteur.signature.neuges.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'esteeselsite.cardif.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'esteeselsitio.cardif.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'esteeselsitiocencosud.cardif.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'esteeselsitiocodensa.cardif.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'etranplus.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'europagoderec.staging.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'filebox.smsps-coll.bnl.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'financ.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'financit.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'finanzauto.cardif.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fzw-ppd.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fzw.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gestorescomerciales.cardif.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gm-graduate-careers.apac.bnpparibas'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ips-lab.experiment.bnpparibas'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ips-lab.staging.bnpparibas'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mobile.preprod.domofinance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mobileservices2.bgl.lu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oi-itau-uat.bnpparibascardif.cl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'partenaires.preprod.domofinance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'partenaires.qualif.domofinance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'partinst-esignrc.bnpparibas-pf.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'partnerbiz.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pass-portal.staging.bnpparibascardif.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prescripteur.signature.neuges.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qualif.domofinance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'reportesites.cardif.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sb.artigiancassa.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sbv2.artigiancassa.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'segurosban100.cardif.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'segurosmefia.cardif.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'signature-vad.domofinance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'signature.cetelem.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sygma-esignrc.bnpparibas-pf.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'telepassxbiz.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'telepassxbiz.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webdoc-ci.bicicinet.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webdoc-ci.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webdoc-dz.staging.bnpparibas.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webdoc-sn.bicisnet.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webdoc-sn.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webview-uat.cardif.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webview.cardif.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.accountx2ca.bnl.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.artigianonline.artigiancassa.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.financ.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.financit.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.partnerbiz.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.pass-portal.staging.bnpparibascardif.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.qualif.domofinance.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.telepassxbiz.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.webdoc-ci.bicicinet.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.webdoc-ci.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.webdoc-dz.staging.bnpparibas.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.webdoc-sn.bicisnet.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.webdoc-sn.bnpparibas.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (115 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b2de7c2d12ca9bcc5b1273a50647c78477301320d153e949003a051369c236bcd96390ba23994bbf352524cb8eabbc503b51a699f29626a88c273c83fb919ef3e96356365b214b158c112a046eed994e913132004096b032f7f6bc9fbe62013263f84f63b7a1b6c8414f454f4c33b9c9a26f56544b754afa0e9980de0bcdba8542722d93d3aede949f098a1cf707e60920df44639eb93dd9e5136ad02b54ee4b7f80139379f550375c4525738ae7d1b018d69130435e8b2a52061b5a99cbc9d57f549a5f6fd645962e9a6215e5cc17e125efb9d98205aa6f20aeca1835f6d05dad9172ee9cb752c1050e99559410e70daa7f0ef44493986bdc6df267bb19eec0