corporate-api.hsbc.com.cn

- HSBC Group Management Services Limited -

Issued by DigiCert SHA2 Extended Validation Server CA

About this certificate

This digital certificate with serial number 0c:d9:40:d2:56:9f:1b:43:b8:a2:ac:34:6a:c6:95:ec was issued on by DigiCert Inc.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

HSBC Group Management Services Limited

Company registration number: 09231974
Organization: HSBC Group Management Services Limited
Locality: London
Country: GB

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0c:d9:40:d2:56:9f:1b:43:b8:a2:ac:34:6a:c6:95:ec
Serial Number (int): 17078779106657868575740507653522494956
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 5f:f6:12:94:45:31:35:8a:41:13:03:1f:13:19:79:33:94:fa:9e:6f
AuthorityKeyId: 3d:d3:50:a5:d6:a0:ad:ee:f3:4a:60:0a:65:d3:21:d4:f8:f8:d6:0f

Fingerprint (sha1): a7:c2:53:4a:28:aa:83:7d:25:7c:5c:2e:b5:1c:ce:83:8b:d0:74:76
Fingerprint (sha256): 0f:c4:a5:b5:e9:fc:9c:eb:82:33:7b:70:6a:ea:2e:48:d0:1c:e3:ad:cc:af:67:86:98:05:7f:2c:4b:fa:f1:4f

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/sha2-ev-server-g3.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ev-server-g3.crl

Check the revocation status for certificate corporate-api.hsbc.com.cn

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for corporate-api.hsbc.com.cn

Public Key Algorithm

ECDSA

Key Size

256

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Agreement

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

corporate-api.hsbc.com.cn

Other certificates including the domain name hsbc.com.cn

(limited to 100 certificates)
www.erf.hsbc.com.cn
www.hsbc.com.cn
static.tko.lp.services.online-banking.hsbc.com.cn
www.isstprod.hsbc.com.cn
www.security.online-banking.hsbc.com.cn
fusion-lending.hsbc.com.cn
www.erf.hsbc.com.cn
www.assetmanagement.hsbc.com
mbspd.hsbc.com.cn
cnmer---vi006.hsbc.com.cn
cnmer---vi005.hsbc.com.cn
www.hsbc.com.cn
staff-remoteaccess.hsbc.com.cn
www.insuranceinfo.hsbc.com.cn
business.hsbc.com
tko.lp.launch.online-banking.hsbc.com.cn
www.services.cn-banking.hsbc.com.cn
www.services.cn-banking.hsbc.com.cn
static.tko.lp.services.online-banking.hsbc.com.cn
cyber.hsbc.com.cn
business-uat.hsbc.com.my
tko.pilot.hsbc.com.cn
staff-remoteaccess.hsbc.com.cn
www.business.hsbc.fr
tko.lp.security.online-banking.hsbc.com.cn
www.ssp.security.online-banking.hsbc.com.cn
www.services.cn-banking.hsbc.com.cn
www.security.online-banking.hsbc.com.cn
www.online-banking.business.hsbc.com.hk
www.about.hsbc.co.nz
business.hsbc.com
staff-remoteaccess.hsbc.com.cn
www.insuranceinfo.hsbc.com.cn
www.about.hsbc.co.nz
zone-apex-alb-lookup.prod.dynp.cloud1.vv1865.com
tko.lp.launch.online-banking.hsbc.com.cn
www.hsbc.com.cn
corporate-api.hsbc.com.cn
CNNHC---VI007.hsbc.com.cn
zone-apex-alb-lookup.preprod.dynp.cloud1.vv1865.com
www.assetmanagement.hsbc.com
static.services.online-banking.hsbc.com.cn
zone-apex-alb-lookup.prod.dynp.cloud1.vv1865.com
digitalpreprod-cmb-ext-api.hsbc.com.cn
www.business.hsbc.fr
tko.lp.security.online-banking.hsbc.com.cn
business-uat.hsbc.com.my
securities-services.hsbc.com.cn
www.about.hsbc.com.hk
www.launch.online-banking.hsbc.com.cn
api.ifc.lp.security.cn-banking.hsbc.com.cn
securities-services.hsbc.com.cn
cnifc---vi001.hsbc.com.cn
gp.oat.app.hsbcfts.com.cn
www.business.hsbc.fr
cnifc---vi006.hsbc.com.cn
creditcards.hsbc.com.cn
cnmer---vi003.hsbc.com.cn
www.services.cn-banking.hsbc.com.cn
securities-services.hsbc.com.cn
tko.lp.security.online-banking.hsbc.com.cn
events.data.hsbc.com
www.ecds.hsbc.com.cn
business.hsbc.com
cnmer---vi003.hsbc.com.cn
www.launch.online-banking.hsbc.com.cn
static.tko.lp.services.online-banking.hsbc.com.cn
www.isstprod.hsbc.com.cn
www.ecds.hsbc.com.cn
www.fusion-loans-azn.hsbc.com.cn
www.uat2-insh-wechat-mgw.hsbclifeservices.com.cn
irtt-confirmation-uat.business.hsbc.com.cn
www.qualityassurance.ecds.hsbc.com.cn
wechat-mp-uat.services.hsbc.com.cn
corporate-api.hsbc.com.cn
www.business.hsbc.fr
www.hsbc.com.cn
www.hsbc.com.cn
cyber.hsbc.com.cn
zone-apex-alb-lookup.prod.dynp.cloud1.vv1865.com
investments.personal-banking.hsbc.com.cn
CNNHC---VI005.hsbc.com.cn
zone-apex-alb-lookup.prod.dynp.cloud1.vv1865.com
www.assetmanagement.hsbc.com
staff-remoteaccess.hsbc.com.cn
CNNHC---VI008.hsbc.com.cn
business-uat.hsbc.com.my
investments.personal-banking.hsbc.com.cn
tko.lp.launch.online-banking.hsbc.com.cn
staff-remoteaccess.hsbc.com.cn
cyber.hsbc.com.cn
www.ecds.hsbc.com.cn
cnnhc---vi004.hsbc.com.cn
www.about.hsbc.co.nz
zone-apex-alb-lookup.prod.dynp.cloud1.vv1865.com
investments.personal-banking.hsbc.com.cn
gp.uat.app.hsbcfts.com.cn
www.hsbc.com.cn
www.partnership.hsbc.com.cn
creditcards.hsbc.com.cn

Certificate

The complete raw certificate details for corporate-api.hsbc.com.cn in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGaDCCBVCgAwIBAgIQDNlA0lafG0O4oqw0asaV7DANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTIzMTAyNzAwMDAwMFoXDTI0MTAyNTIz
NTk1OVowgboxEzARBgsrBgEEAYI3PAIBAxMCR0IxHTAbBgNVBA8MFFByaXZhdGUg
T3JnYW5pemF0aW9uMREwDwYDVQQFEwgwOTIzMTk3NDELMAkGA1UEBhMCR0IxDzAN
BgNVBAcTBkxvbmRvbjEvMC0GA1UEChMmSFNCQyBHcm91cCBNYW5hZ2VtZW50IFNl
cnZpY2VzIExpbWl0ZWQxIjAgBgNVBAMTGWNvcnBvcmF0ZS1hcGkuaHNiYy5jb20u
Y24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASVeZ4xxP12VH5MorXWLFPMxhku
bsT5ag6ZVjOZcMBDylOG38YLR9NvCGDyWB6Rmkt7krH4pxPG9GqABBiaFJi/o4ID
dzCCA3MwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYE
FF/2EpRFMTWKQRMDHxMZeTOU+p5vMCQGA1UdEQQdMBuCGWNvcnBvcmF0ZS1hcGku
aHNiYy5jb20uY24wSgYDVR0gBEMwQTALBglghkgBhv1sAgEwMgYFZ4EMAQEwKTAn
BggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB
/wQEAwIDiDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4w
bDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVy
LWczLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYt
c2VydmVyLWczLmNybDCBiAYIKwYBBQUHAQEEfDB6MCQGCCsGAQUFBzABhhhodHRw
Oi8vb2NzcC5kaWdpY2VydC5jb20wUgYIKwYBBQUHMAKGRmh0dHA6Ly9jYWNlcnRz
LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJFeHRlbmRlZFZhbGlkYXRpb25TZXJ2
ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFo
AHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGLcQRpZAAABAMA
RzBFAiEAh48lytMgWGhc7tApfqEVFEC+pRGQ6KfnkqeKQfWALM8CIFZ8/0k4xlhN
t11MRAbsY9m/hVPeWHlStBiH/DPt+bUJAHYASLDja9qmRzQP5WoC+p0w6xxSActW
3SyB2bu/qznYhHMAAAGLcQRphwAABAMARzBFAiAscWYWl3OLNbNVmlQ6ZW2T8mX7
qyq3yVQoXt4Gc7BD8wIhAL6jX1Dne+onHtdP7RewHHlCWkmU/Hg+Rpqlx3u8jDOy
AHYA2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGLcQRpfQAABAMA
RzBFAiAk6eACcYcK/oTiS9B3aWARi9JG8yMyX6ZnNk0fLkcdEAIhAKswnk4da39o
Xjy7J+p1TeA1tcmqBJgWZ1e8BNqhFtq9MA0GCSqGSIb3DQEBCwUAA4IBAQC6xiqG
zMhoGVM9eV6xvf5syXBoJKPrT0vmN2U1w9OfDTkbvMq4FQlIU/EFPz7cNZce7oj7
MWR+a3MuPYwnoAHzGX2rLtT+2ghYQVrDNGg/osTsYpIdDOoyuupzKLtP9gzP1QWk
yZz4CQxANmewbapSGqZSmZifeiaBGnMHXpzr+jJ58ViZ2RyTszcpp4oNGaTEz3RP
sWghw/TIcfP5U3SEDh6OtzHhsvauZBEn6NShuEPuED0V7WAJk0saLkiQCpOl3iX7
CV6vxrF0yJIOr5W5d/pohATIofpiKX5OADAeuOfPhfbNt5TituwAxzed9nO6t7FU
yV0q5rP6XxpEhTn6
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElXmeMcT9dlR+TKK11ixTzMYZLm7E
+WoOmVYzmXDAQ8pTht/GC0fTbwhg8lgekZpLe5Kx+KcTxvRqgAQYmhSYvw==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 17078779106657868575740507653522494956
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Extended Validation Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-27 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-25 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '09231974'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'London'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'HSBC Group Management Services Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'corporate-api.hsbc.com.cn'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.2.1 (ecPublicKey)
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.3.1.7 (prime256v1)
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (520 bits)
				000495799e31c4fd76547e4ca2b5d62c53ccc6192e6ec4f96a0e9956339970c043ca5386dfc60b47d36f0860f2581e919a4b7b92b1f8a713c6f46a8004189a1498bf
 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 3dd350a5d6a0adeef34a600a65d321d4f8f8d60f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5ff612944531358a4113031f1319793394fa9e6f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (29 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'corporate-api.hsbc.com.cn'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.2.1 (DigiCert EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (5 bits)
							0388
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ev-server-g3.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ev-server-g3.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (124 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018b710469640000040300473045022100878f25cad32058685ceed0297ea1151440bea51190e8a7e792a78a41f5802ccf0220567cff4938c6584db75d4c4406ec63d9bf8553de587952b41887fc33edf9b50900760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018b71046987000004030047304502202c71661697738b35b3559a543a656d93f265fbab2ab7c954285ede0673b043f3022100bea35f50e77bea271ed74fed17b01c79425a4994fc783e469aa5c77bbc8c33b2007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018b7104697d0000040300473045022024e9e00271870afe84e24bd0776960118bd246f323325fa667364d1f2e471d10022100ab309e4e1d6b7f685e3cbb27ea754de035b5c9aa0498166757bc04daa116dabd
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00bac62a86ccc86819533d795eb1bdfe6cc9706824a3eb4f4be6376535c3d39f0d391bbccab815094853f1053f3edc35971eee88fb31647e6b732e3d8c27a001f3197dab2ed4feda0858415ac334683fa2c4ec62921d0cea32baea7328bb4ff60ccfd505a4c99cf8090c403667b06daa521aa65299989f7a26811a73075e9cebfa3279f15899d91c93b33729a78a0d19a4c4cf744fb16821c3f4c871f3f95374840e1e8eb731e1b2f6ae641127e8d4a1b843ee103d15ed6009934b1a2e48900a93a5de25fb095eafc6b174c8920eaf95b977fa688404c8a1fa62297e4e00301eb8e7cf85f6cdb794e2b6ec00c7379df673bab7b154c95d2ae6b3fa5f1a448539fa