subca1.narodni-ca.gov.cz

- Digitální a informační agentura -

Issued by GeoTrust EV RSA CA G2

About this certificate

This digital certificate with serial number 02:59:12:69:f9:bd:e8:22:f7:2e:6d:79:55:3b:e7:d0 was issued on by DigiCert Inc.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Digitální a informační agentura

Company registration number: 17651921
Organization: Digitální a informační agentura
Locality: Praha
Country: CZ

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 02:59:12:69:f9:bd:e8:22:f7:2e:6d:79:55:3b:e7:d0
Serial Number (int): 3120943891600711792016611900988843984
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 41:b8:e4:af:12:1d:27:4c:d8:24:c2:72:f3:45:f2:b5:34:d8:2c:23
AuthorityKeyId: 28:d2:cf:ee:09:84:75:dd:b5:b2:b5:bf:3c:d5:a0:c6:73:88:5d:1f

Fingerprint (sha1): ac:64:70:8c:ef:c4:31:4d:50:52:e1:a2:ba:fd:9c:22:6b:ae:31:74
Fingerprint (sha256): 10:20:15:c5:9a:5f:d4:e2:76:06:a6:cc:99:fd:49:75:d2:82:d1:d5:86:0b:2e:e1:5e:b6:f6:77:eb:3d:c2:eb

Issuing Certificate URL: http://cacerts.digicert.com/GeoTrustEVRSACAG2.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/GeoTrustEVRSACAG2.crl
CRL Distribution Point: http://crl4.digicert.com/GeoTrustEVRSACAG2.crl

Check the revocation status for certificate subca1.narodni-ca.gov.cz

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for subca1.narodni-ca.gov.cz

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

subca1.narodni-ca.gov.cz
subca2.narodni-ca.gov.cz
subca3.narodni-ca.gov.cz

Other certificates including the domain name gov.cz

(limited to 100 certificates)
copernicus.gov.cz
zony-idsjk.kraj-jihocesky.gov.cz
ctu.gov.cz
rpp-ais.egon.gov.cz
odok.cz
eru.gov.cz
ov.gov.cz
data.gov.cz
pruvodce.udh.gov.cz
cms.gov.cz
toots.dia.gov.cz
ov.gov.cz
data.mvcr.gov.cz
portal.gov.cz
smlouvy.gov.cz
rpp-aism-pub-test.egon.gov.cz
cert-externalauthapi.caais-test-int.gov.cz
irop.gov.cz
data.gov.cz
upv.gov.cz
frs.gov.cz
iam.nukib.gov.cz
digitalnicesko.gov.cz
zakony.gov.cz
vzdelavani.gov.cz
data.mvcr.gov.cz
slovnik.gov.cz
voda.gov.cz
*.gov.cz
geoportal.gov.cz
xn--slovnk-7va.gov.cz
data.kraj-jihocesky.gov.cz
testrs.gov.cz
rpp-ais-test.egon.gov.cz
twist-gp.kraj-jihocesky.gov.cz
smlouvy.gov.cz
mids.gov.cz
zony.kraj-jihocesky.gov.cz
www.gov.cz
code.gov.cz
viap1p.ros-iais.egon.gov.cz
vea801.gov.cz
eru.gov.cz
desu.gov.cz
viap1t.ros-iais.egon.gov.cz
biap1t.ros-iais.egon.gov.cz
opendata.gov.cz
ext-mattermost.nic.cz
subca1.narodni-ca.gov.cz
ria.gov.cz
admin.gov.cz
rrtv.gov.cz
*.szpi.gov.cz
covid.gov.cz
www.gov.cz
vea801.gov.cz
zony.kraj-jihocesky.gov.cz
*.kraj-jihocesky.gov.cz
spektrum.ctu.gov.cz
vyzkum.gov.cz
razr-pub.egon.gov.cz
testrs.gov.cz
ra.gov.cz
mids.gov.cz
archi.gov.cz
zds.kraj-jihocesky.gov.cz
nap.gov.cz
rpp-opendata-test.egon.gov.cz
cms.gov.cz
opendata.gov.cz
rpp-aism.egon.gov.cz
museion.kraj-jihocesky.gov.cz
prod.frs.gov.cz
tsl.gov.cz
isnipi.gov.cz
testrs.gov.cz
vea801.gov.cz
rpp-ais.egon.gov.cz
www.snsu.cz
tsl.gov.cz
uohs.cz
registrace.udh.gov.cz
gov.cz
sprava-dev.edoklady.gov.cz
admin.pruvodcepripojenim.gov.cz
vyzkum.gov.cz
smlouvy.gov.cz
rpp-aism-pub.egon.gov.cz
brvpn.ros.egon.gov.cz
uzsvm.cz
scitani.gov.cz
eru.gov.cz
mids.gov.cz
obcan.portal.gov.cz
upv.gov.cz
voda.gov.cz
code.gov.cz
ares.gov.cz
chciidentitu.gov.cz
biap1t.ros-iais.egon.gov.cz

Certificate

The complete raw certificate details for subca1.narodni-ca.gov.cz in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgIQAlkSafm96CL3Lm15VTvn0DANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH
ZW9UcnVzdCBFViBSU0EgQ0EgRzIwHhcNMjMxMjE4MDAwMDAwWhcNMjUwMTE3MjM1
OTU5WjCBsjETMBEGCysGAQQBgjc8AgEDEwJDWjEaMBgGA1UEDwwRR292ZXJubWVu
dCBFbnRpdHkxETAPBgNVBAUTCDE3NjUxOTIxMQswCQYDVQQGEwJDWjEOMAwGA1UE
BxMFUHJhaGExLDAqBgNVBAoMI0RpZ2l0w6FsbsOtIGEgaW5mb3JtYcSNbsOtIGFn
ZW50dXJhMSEwHwYDVQQDExhzdWJjYTEubmFyb2RuaS1jYS5nb3YuY3owggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHnE1GL2G4U/WI1HKgbTSHH/aXXCnt
foFa37PBrl1QCSY3gyRq3lXQ/HJHBtQtkjY/p+SptUmp11+gDpRyG+0Fu+CTF22q
r0k6OkYIgQAbiPl/m3GE4jI8M5X4b0OqsDuLFhHO6gnzdRDFTBF7UwP54j1oilGG
pNcHItCy06tWylMB9JgQL+iWqXHnSAnJ7gAGUlvNQDbqxJ1E3UD1oSJlX2cNl9LL
7jCXrfzdsb30IgUAuKOqta//sAT2ldqnJLYO4uHwgh5vYfGF6DXF7ciRStWFzlAu
yL4er9UgYENkLVDT+BB7sPiUitntGrLqtsAOBdgu7Bh6YPdFllvrgQvrAgMBAAGj
ggInMIICIzAfBgNVHSMEGDAWgBQo0s/uCYR13bWytb881aDGc4hdHzAdBgNVHQ4E
FgQUQbjkrxIdJ0zYJMJy80XytTTYLCMwVwYDVR0RBFAwToIYc3ViY2ExLm5hcm9k
bmktY2EuZ292LmN6ghhzdWJjYTIubmFyb2RuaS1jYS5nb3YuY3qCGHN1YmNhMy5u
YXJvZG5pLWNhLmdvdi5jejBKBgNVHSAEQzBBMAsGCWCGSAGG/WwCATAyBgVngQwB
ATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNV
HR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vR2VvVHJ1c3RF
VlJTQUNBRzIuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vR2Vv
VHJ1c3RFVlJTQUNBRzIuY3JsMHMGCCsGAQUFBwEBBGcwZTAkBggrBgEFBQcwAYYY
aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMD0GCCsGAQUFBzAChjFodHRwOi8vY2Fj
ZXJ0cy5kaWdpY2VydC5jb20vR2VvVHJ1c3RFVlJTQUNBRzIuY3J0MAwGA1UdEwEB
/wQCMAAwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAMVv
GOGfMTF0YoLhf9/ELJPUNMqFlWwHe094/OQquswMSKddcrygvU5K1j/JOZYT9P+I
5qn/lNQNVhx8dvjNd0jaLvE57xnOWnZ4u4nSHSu1y6ZmmwWiWmzHdIjmtCTwutnp
OXh5Oovlv9ABFz5C5F9HPdjrFKqmQQvRrDg23v8A/JqkQPl8OVW0TAMb29qKN0Vz
CzhMM9toOUP6LQXr/B6NrFPHw2x8Q/ZC8xXan/BsTE66GMR1XaUIGckpzP5/CSDr
KLz4mvTmpAosr+KhpDQbyTEI38w/ta26fYCzPQDqkh37LX0ty0NEzHLITFuBKqnI
FWvZz6JC2NqP2OE5nKE=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5xNRi9huFP1iNRyoG00
hx/2l1wp7X6BWt+zwa5dUAkmN4Mkat5V0PxyRwbULZI2P6fkqbVJqddfoA6Uchvt
Bbvgkxdtqq9JOjpGCIEAG4j5f5txhOIyPDOV+G9DqrA7ixYRzuoJ83UQxUwRe1MD
+eI9aIpRhqTXByLQstOrVspTAfSYEC/olqlx50gJye4ABlJbzUA26sSdRN1A9aEi
ZV9nDZfSy+4wl6383bG99CIFALijqrWv/7AE9pXapyS2DuLh8IIeb2Hxheg1xe3I
kUrVhc5QLsi+Hq/VIGBDZC1Q0/gQe7D4lIrZ7Rqy6rbADgXYLuwYemD3RZZb64EL
6wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 3120943891600711792016611900988843984
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust EV RSA CA G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-18 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-17 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CZ'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Government Entity'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '17651921'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CZ'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Praha'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Digitální a informační agentura'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'subca1.narodni-ca.gov.cz'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25198498004196626428970179947817772571137146862218857158995133478686050191225239684207800882354935042803058182254834249140332427665435026721731065093003238792611313277453662286267952077094235972972094945018658621136272661636019728252665156773162080878490076641825197622383126501888826064439222438224592769969680264491466316513037543407374231138261101662273669941310327124608198933318353161850651667938830171684453766454956282790694157475742469866619397870574388627439364106156469975012674949647853239623155226525155698562494898877487737548358754154616560027345009689749875925553107745552185413637954497952043428285419
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 28d2cfee098475ddb5b2b5bf3cd5a0c673885d1f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							41b8e4af121d274cd824c272f345f2b534d82c23
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (80 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'subca1.narodni-ca.gov.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'subca2.narodni-ca.gov.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'subca3.narodni-ca.gov.cz'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.2.1 (DigiCert EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/GeoTrustEVRSACAG2.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/GeoTrustEVRSACAG2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (103 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/GeoTrustEVRSACAG2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00c56f18e19f3131746282e17fdfc42c93d434ca85956c077b4f78fce42abacc0c48a75d72bca0bd4e4ad63fc9399613f4ff88e6a9ff94d40d561c7c76f8cd7748da2ef139ef19ce5a7678bb89d21d2bb5cba6669b05a25a6cc77488e6b424f0bad9e93978793a8be5bfd001173e42e45f473dd8eb14aaa6410bd1ac3836deff00fc9aa440f97c3955b44c031bdbda8a3745730b384c33db683943fa2d05ebfc1e8dac53c7c36c7c43f642f315da9ff06c4c4eba18c4755da50819c929ccfe7f0920eb28bcf89af4e6a40a2cafe2a1a4341bc93108dfcc3fb5adba7d80b33d00ea921dfb2d7d2dcb4344cc72c84c5b812aa9c8156bd9cfa242d8da8fd8e1399ca1