*.unicorn.cupdapp.com

- China Unionpay Data Services Co., Ltd -

Issued by CFCA OV OCA

About this certificate

This digital certificate with serial number 20:15:01:ba:b2:76:d2:c6:d3:22:4c:fd:cd:e9:32:b7 was issued on by China Financial Certification Authority.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

China Unionpay Data Services Co., Ltd

Organization: China Unionpay Data Services Co., Ltd
Organization unit: Innovation Business Dept.
State / Province: Shanghai
Locality: Shanghai
Country: CN

China Financial Certification Authority

Organization: China Financial Certification Authority
Country: CN

This certificate has expire since

Certificate Details

Serial Number (hex): 20:15:01:ba:b2:76:d2:c6:d3:22:4c:fd:cd:e9:32:b7
Serial Number (int): 42644369173226350977502667538099155639
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 8e:fc:75:4f:78:e3:0b:25:47:eb:d9:ff:f1:04:9e:ac:1e:7a:d8:6b
AuthorityKeyId: 66:b3:ef:fb:54:95:87:e9:ac:a5:96:56:ae:e6:7d:ed:3a:d0:43:d1

Fingerprint (sha1): d2:03:34:8d:3d:fb:26:06:14:5d:68:c9:da:e4:a3:8d:e9:06:7d:20
Fingerprint (sha256): 0f:42:c6:5e:a4:6d:54:d2:29:43:a7:95:00:da:8d:26:5a:16:39:ba:b4:cd:91:c7:fe:28:24:bf:76:92:14:88

Issuing Certificate URL: http://gtc.cfca.com.cn/ovoca/ovoca.cer

Revocation information

OCSP Server: http://ocsp.cfca.com.cn/ocsp
CRL Distribution Point: http://crl.cfca.com.cn/OVOCA/RSA/crl25.crl

Check the revocation status for certificate *.unicorn.cupdapp.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.unicorn.cupdapp.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.unicorn.cupdapp.com
unicorn.cupdapp.com

Other certificates including the domain name cupdapp.com

(limited to 100 certificates)
wechat.cupdapp.com
ws.cupdapp.net
ncoas.cupdapp.com
api.ws.cupdapp.net
stmt.cupdapp.com
ncoas.cupdapp.com
ncoas.cupdapp.com
wechat.cupdapp.com
ws.cupdapp.net
stmt.cupdapp.com
*.unicorn.cupdapp.com
ant.ccbillinst.cupdapp.com
ncoas.cupdapp.com
milkywaypage.cupdapp.com
xdzlar.cupdata.com
ncoas.cupdapp.com
ws.cupdapp.net
appsignsrc.cupdapp.com
ncoas.cupdapp.com
api.ws.cupdapp.net
*.static.cupdapp.com
ws.cupdapp.net
api.ws.cupdapp.net
app.cupdapp.com
ncoas.cupdapp.com
securityplus.cupdata.com
api.ws.cupdapp.net
ncoas.cupdapp.com
ncoas.cupdapp.com
directbank.cupdata.com
ws.cupdapp.net
perbank.cupdapp.com
apptranssign.cupdapp.com
stmt.cupdapp.com
ws.cupdapp.net
prepaidcard.leagcard.com
ncoas.cupdapp.com
ncoas.cupdapp.com
appsigndest.cupdapp.com
ncoas.cupdapp.com
stmt.cupdapp.com
ws.cupdapp.net
ncoas.cupdapp.com
ncoas.cupdapp.com
api.ws.cupdapp.net
api.ws.cupdapp.net
ncoas.cupdapp.com
app.cupdapp.com
ws.cupdapp.net
ncoas.cupdapp.com
milkywaypage.cupdapp.com
crbep.cupdapp.com
api.ws.cupdapp.net
ws.cupdapp.net
ws.cupdapp.net
stmt.cupdapp.com
app.cupdapp.com
appsigndest.cupdapp.com
ncoas.cupdapp.com
stmt.cupdapp.com
perbank.cupdapp.com
stmt.cupdapp.com
api.ws.cupdapp.net
ncoas.cupdapp.com
ncoas.cupdapp.com
ncoas.cupdapp.com
app.cupdapp.com
stmt.cupdapp.com
app.cupdapp.com
ncoas.cupdapp.com
ws.cupdapp.net
ncoas.cupdapp.com
ws.cupdapp.net
ncoas.cupdapp.com
ncoas.cupdapp.com
api.ws.cupdapp.net
ws.cupdapp.net
ws.cupdapp.net
ws.cupdapp.net
ncoas.cupdapp.com
ncoas.cupdapp.com
ncoas.cupdapp.com
app.cupdapp.com
ws.cupdapp.net
stmt.cupdapp.com
api.ws.cupdapp.net
app.cupdapp.com
stmt.cupdapp.com
stmt.cupdapp.com
ncoas.cupdapp.com
ncoas.cupdapp.com
wechat.cupdapp.com
stmt.cupdapp.com
stmt.cupdapp.com
ws.cupdapp.net
api.ws.cupdapp.net
stmt.cupdapp.com
stmt.cupdapp.com
api.ws.cupdapp.net
wx.cupdapp.com

Certificate

The complete raw certificate details for *.unicorn.cupdapp.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgIQIBUBurJ20sbTIkz9zekytzANBgkqhkiG9w0BAQsFADBV
MQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MRQwEgYDVQQDDAtDRkNBIE9WIE9DQTAeFw0xOTEyMDMw
ODU5MTVaFw0yMTEyMDMwODU5MTVaMIGnMQswCQYDVQQGEwJDTjERMA8GA1UECAwI
U2hhbmdoYWkxETAPBgNVBAcMCFNoYW5naGFpMS4wLAYDVQQKDCVDaGluYSBVbmlv
bnBheSBEYXRhIFNlcnZpY2VzIENvLiwgTHRkMSIwIAYDVQQLDBlJbm5vdmF0aW9u
IEJ1c2luZXNzIERlcHQuMR4wHAYDVQQDDBUqLnVuaWNvcm4uY3VwZGFwcC5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwCnQBhrrsrzMdmEqlpNZQ
+EC/M6VyvirI2AOD3M+e5VbsuFpWTXKSF2Kizk1ko2ABFDRrBCqT0FXgAqMZ1Obx
+6PWWuS0hj9zlUJMqNRafV+lvdhRu4sxqtLaLCw1lbNtmHT8VNuN1jQ4evhVx5I7
7CsfNRNZYbvPtPcE7E5VYY0C1aGRSpX2/oxCRfczBzwLdW1uKazH4j5P3NTwmnSj
DYhNA9n27k8pLifXuFZfuKA2z0LFkMdoqsQcHqISoyKWN0LyTm/pDGM6k+szmlXK
Ukp4rGtWRlLY3LPaXocjG8KWIsufdb8F5TWDvNVJySVOwR8fAf9MymdL9G830lOP
AgMBAAGjggG6MIIBtjAJBgNVHRMEAjAAMGwGCCsGAQUFBwEBBGAwXjAoBggrBgEF
BQcwAYYcaHR0cDovL29jc3AuY2ZjYS5jb20uY24vb2NzcDAyBggrBgEFBQcwAoYm
aHR0cDovL2d0Yy5jZmNhLmNvbS5jbi9vdm9jYS9vdm9jYS5jZXIwNQYDVR0RBC4w
LIIVKi51bmljb3JuLmN1cGRhcHAuY29tghN1bmljb3JuLmN1cGRhcHAuY29tMAsG
A1UdDwQEAwIFoDAdBgNVHQ4EFgQUjvx1T3jjCyVH69n/8QSerB562GswHQYDVR0l
BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBMGCisGAQQB1nkCBAMBAf8EAgUAMB8G
A1UdIwQYMBaAFGaz7/tUlYfprKWWVq7mfe060EPRMEYGA1UdIAQ/MD0wOwYGZ4EM
AQICMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2ZjYS5jb20uY24vdXMvdXMt
MTIuaHRtMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuY2ZjYS5jb20uY24v
T1ZPQ0EvUlNBL2NybDI1LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAvBk2MdZeF+GS
2oFWiKJI0SgLUddzxEDxPO/r1DL1kngkCDdha3LHhclTS4bC6JIAA4CzLuISYfNU
EX71Ec2yGT7ZfW0mKzSNtWXuo3uQiewcgpD1sx9itB0PiM24X+h910nweoCVohna
XrSyqvqRqF+8br7w6Tvn4uL4m6MhO7s54ezSOct6kgZRTvxOg1W4Glb1WX5kvDGF
k3fHsYNljd+JwDgjw2LddotUU77llCuh+rJsenDpJxwtsN632MZst6sUHVgi3GdD
9+mAeC1JQlj9n3AJ4tlrwOk93vnxQ/bwmYsOVtoTEJtcey0vjH9LWLD8uLIP+AEM
u6JwchiMPQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Ap0AYa67K8zHZhKpaTW
UPhAvzOlcr4qyNgDg9zPnuVW7LhaVk1ykhdios5NZKNgARQ0awQqk9BV4AKjGdTm
8fuj1lrktIY/c5VCTKjUWn1fpb3YUbuLMarS2iwsNZWzbZh0/FTbjdY0OHr4VceS
O+wrHzUTWWG7z7T3BOxOVWGNAtWhkUqV9v6MQkX3Mwc8C3Vtbimsx+I+T9zU8Jp0
ow2ITQPZ9u5PKS4n17hWX7igNs9CxZDHaKrEHB6iEqMiljdC8k5v6QxjOpPrM5pV
ylJKeKxrVkZS2Nyz2l6HIxvCliLLn3W/BeU1g7zVScklTsEfHwH/TMpnS/RvN9JT
jwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 42644369173226350977502667538099155639
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CN'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'China Financial Certification Authority'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'CFCA OV OCA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-12-03 08:59:15 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-12-03 08:59:15 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CN'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Shanghai'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Shanghai'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'China Unionpay Data Services Co., Ltd'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Innovation Business Dept.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.unicorn.cupdapp.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30302347831391586069764809221338839837713999803130748050530964725101247423657266669159332251437917875036989796641619782302232777023816161123973689563653435683340181044337153138985658763250891569732422675073746826528569700734184824010229278348487235684888995206576101937168903272278556630625679406498444860307588968672604050581085449530091744902052698150647596885434382013445903210132431243318520612851228739508245515058205246719159530504225150489553582857943979353464752495212223107073499244046010473724887284612955803215293816120281722114727881876001440918471704725959674753293357268669974270975437084850806305477519
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (96 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.cfca.com.cn/ocsp'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gtc.cfca.com.cn/ovoca/ovoca.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (46 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.unicorn.cupdapp.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'unicorn.cupdapp.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8efc754f78e30b2547ebd9fff1049eac1e7ad86b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 66b3effb549587e9aca59656aee67ded3ad043d1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (63 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.cfca.com.cn/us/us-12.htm'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.cfca.com.cn/OVOCA/RSA/crl25.crl'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00bc193631d65e17e192da815688a248d1280b51d773c440f13cefebd432f59278240837616b72c785c9534b86c2e892000380b32ee21261f354117ef511cdb2193ed97d6d262b348db565eea37b9089ec1c8290f5b31f62b41d0f88cdb85fe87dd749f07a8095a219da5eb4b2aafa91a85fbc6ebef0e93be7e2e2f89ba3213bbb39e1ecd239cb7a9206514efc4e8355b81a56f5597e64bc31859377c7b183658ddf89c03823c362dd768b5453bee5942ba1fab26c7a70e9271c2db0deb7d8c66cb7ab141d5822dc6743f7e980782d494258fd9f7009e2d96bc0e93ddef9f143f6f0998b0e56da13109b5c7b2d2f8c7f4b58b0fcb8b20ff8010cbba27072188c3d