uat.lia-share.fglife.com.tw

- Farglory Life Insurance Co., Ltd. -

Issued by TWCA Secure SSL Certification Authority

About this certificate

This digital certificate with serial number 47:e7:00:00:00:06:c7:81:2b:64:91:5c:85:5e:b5:f9 was issued on by TAIWAN-CA.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Basic Constraints extension is present (2.5.29.19) and marked as non-critical basicConstraints MAY appear in the certificate, and when it is included MUST be marked as critical (CA/Browser Forum BRs: 7.1.2.7.6)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Farglory Life Insurance Co., Ltd.

Organization: Farglory Life Insurance Co., Ltd.
State / Province: Taiwan
Locality: Taipei
Country: TW

TAIWAN-CA

Organization: TAIWAN-CA
Country: TW

This certificate will expire on

Certificate Details

Serial Number (hex): 47:e7:00:00:00:06:c7:81:2b:64:91:5c:85:5e:b5:f9
Serial Number (int): 95574608275058767846965394142794790393
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 97:13:72:55:02:6b:b1:2b:37:29:30:63:55:6a:a3:e1:82:04:8f:92:ab:00:17:32:f7:c3:52:09:0a:7c:fe:a9
AuthorityKeyId: 92:e7:fa:62:16:71:8c:f3:97:71:42:c6:06:a7:e0:46:61:4b:5c:b6

Fingerprint (sha1): df:6e:f6:bc:c1:b1:22:4e:60:f7:25:2c:fa:13:2b:ed:54:a0:d3:1e
Fingerprint (sha256): 10:2c:ab:f4:e2:d6:ce:9f:d8:1c:6d:8a:94:e8:e2:68:55:e3:5b:47:b2:74:7e:ac:c4:f8:cd:10:e6:ce:73:ad

Issuing Certificate URL: http://sslserver.twca.com.tw/cacert/secure_sha2_2023G3.crt

Revocation information

OCSP Server: http://twcasslocsp.twca.com.tw/
CRL Distribution Point: http://sslserver.twca.com.tw/sslserver/Securessl_revoke_sha2_2023G3.crl

Check the revocation status for certificate uat.lia-share.fglife.com.tw

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for uat.lia-share.fglife.com.tw

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

uat.lia-share.fglife.com.tw

Other certificates including the domain name fglife.com.tw

(limited to 100 certificates)
ex.fglife.com.tw
mdm.fglife.com.tw
app-customer.fglife.com.tw
ex3.fglife.com.tw
fgweb.fglife.com.tw
member.fglife.com.tw
uat.lia-share.fglife.com.tw
app-bank.fglife.com.tw
hr.fglife.com.tw
bw.fglife.com.tw
proposal.fglife.com.tw
hr.fglife.com.tw
member.fglife.com.tw
member.fglife.com.tw
uat.lia-share.fglife.com.tw
slm.fglife.com.tw
webmail.fglife.com.tw
app-customer.fglife.com.tw
test.fglife.com.tw
bw.fglife.com.tw
gip.fglife.com.tw
ex3.fglife.com.tw
ex.fglife.com.tw
accessibility.fglife.com.tw
sslvpn.fglife.com.tw
app2-ins.fglife.com.tw
app-broker.fglife.com.tw
fgweb.fglife.com.tw
luckygo.fglife.com.tw
webmail.fglife.com.tw
fgweb.fglife.com.tw
member.fglife.com.tw
app-broker.fglife.com.tw
www.fglife.com.tw
jcm.fglife.com.tw
app-bank.fglife.com.tw
www2.fglife.com.tw
bw.fglife.com.tw
online-ins.fglife.com.tw
member.fglife.com.tw
e-recruit.fglife.com.tw
app-broker.fglife.com.tw
bw.fglife.com.tw
realty.fglife.com.tw
slm.fglife.com.tw
www.fglife.com.tw
online-ins.fglife.com.tw
member.fglife.com.tw
lip.fglife.com.tw
lip.fglife.com.tw
lia-share.fglife.com.tw
mdm.fglife.com.tw
crm.fglife.com.tw
hr.fglife.com.tw
webmail.fglife.com.tw
fgweb.fglife.com.tw
lia-share.fglife.com.tw
slm.fglife.com.tw
member.fglife.com.tw
sslvpn.fglife.com.tw
jcm.fglife.com.tw
online-ins.fglife.com.tw
app-agent.fglife.com.tw
app-agent.fglife.com.tw
ex.fglife.com.tw
app-ins-test.fglife.com.tw
app-ins-nbpr.fglife.com.tw
ex.fglife.com.tw
lip.fglife.com.tw
lia-share.fglife.com.tw
uat.lia-share.fglife.com.tw
accessibility.fglife.com.tw
www.fglife.com.tw
cas.fglife.com.tw
fatca.fglife.com.tw
cas.fglife.com.tw
member.fglife.com.tw
member.fglife.com.tw
fg-ao5.fglife.com.tw
sslvpn.fglife.com.tw
jcm.fglife.com.tw
realty.fglife.com.tw
www.fglife.com.tw
lip.fglife.com.tw
jira.fglife.com.tw
fg-ao5.fglife.com.tw
www2.fglife.com.tw
e-recruit.fglife.com.tw
member.fglife.com.tw
app2-ins-test.fglife.com.tw
cas.fglife.com.tw
sslvpn.fglife.com.tw
app-bank.fglife.com.tw
hr.fglife.com.tw
www.fglife.com.tw

Certificate

The complete raw certificate details for uat.lia-share.fglife.com.tw in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgIQR+cAAAAGx4ErZJFchV61+TANBgkqhkiG9w0BAQsFADBT
MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMTAwLgYDVQQDEydUV0NB
IFNlY3VyZSBTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMjMxMjIyMDE0
MzQ0WhcNMjUwMTIwMTU1OTU5WjCBgTELMAkGA1UEBhMCVFcxDzANBgNVBAgTBlRh
aXdhbjEPMA0GA1UEBxMGVGFpcGVpMSowKAYDVQQKEyFGYXJnbG9yeSBMaWZlIElu
c3VyYW5jZSBDby4sIEx0ZC4xJDAiBgNVBAMTG3VhdC5saWEtc2hhcmUuZmdsaWZl
LmNvbS50dzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALb+s0B+XdY9
eE4H+k3jlBJBeWo1viRbtkEVPwhY51SqIvqoWlpDRbYZJnrn6mKwwK4F1zLawCSi
lj2NR2Y/CPddKDM2ZNcN6P7j7nxfJX2zgIPPSl7iuSRH6uD4XrHoe2lb799OqgKh
DYygHkCQtSv3XTlPO8idQvvCVfRSfxYiMaVnHiAen4Ksv9SIL/wVZFpVETgWRA55
StcVL6mGtzi/DD2dnphCPafJq8wLzUBiuqBpG47XvZoKUzat9dGe6cq3a/wPTDwS
YPVr48eGBisYnnElUCdtNqKtUBtTJRu86oAJGlIv/euw+VLnuUX6tr6x8Rd5GkUx
o3H1UFnTcNkCAwEAAaOCAfMwggHvMB8GA1UdIwQYMBaAFJLn+mIWcYzzl3FCxgan
4EZhS1y2MCkGA1UdDgQiBCCXE3JVAmuxKzcpMGNVaqPhggSPkqsAFzL3w1IJCnz+
qTBYBgNVHR8EUTBPME2gS6BJhkdodHRwOi8vc3Nsc2VydmVyLnR3Y2EuY29tLnR3
L3NzbHNlcnZlci9TZWN1cmVzc2xfcmV2b2tlX3NoYTJfMjAyM0czLmNybDAmBgNV
HREEHzAdght1YXQubGlhLXNoYXJlLmZnbGlmZS5jb20udHcwgYMGCCsGAQUFBwEB
BHcwdTBGBggrBgEFBQcwAoY6aHR0cDovL3NzbHNlcnZlci50d2NhLmNvbS50dy9j
YWNlcnQvc2VjdXJlX3NoYTJfMjAyM0czLmNydDArBggrBgEFBQcwAYYfaHR0cDov
L3R3Y2Fzc2xvY3NwLnR3Y2EuY29tLnR3LzBKBgNVHSAEQzBBMDUGCysGAQQBgr8l
AQEVMCYwJAYIKwYBBQUHAgEWGGh0dHBzOi8vd3d3LnR3Y2EuY29tLnR3LzAIBgZn
gQwBAgIwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEB
CwUAA4IBAQByrptDMBpXNJoZS8vQnj7P+sjMND5ONLzaQPAxcSTZeF5Uv6OGTDv8
RJjshymfJmU1KtAckZmML8g9bUjpj+jeB50957vGyuNQcdnHtuD569dQdsAo4yTj
pbcDNtxdlugpLZtgIGEoFTLK+Ei9+338KZdyKp9y3/8zcFd5Y66p0FJ/fnYFpbR4
BMN/1bApbu5nEqwZmdU67UB2ZWI02ipoWHFIQo4D4aIhBJLN/fDVCDXXOJ3IjDRa
7f6W6zTHG8pd4tGjj2tS3VqojcTPvAybjeRpyaV64eSpiswgwItctyOKya04l2bZ
jRzSl91xhS9KtFJu5lDo4bcXIlif6Vph
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtv6zQH5d1j14Tgf6TeOU
EkF5ajW+JFu2QRU/CFjnVKoi+qhaWkNFthkmeufqYrDArgXXMtrAJKKWPY1HZj8I
910oMzZk1w3o/uPufF8lfbOAg89KXuK5JEfq4Pheseh7aVvv306qAqENjKAeQJC1
K/ddOU87yJ1C+8JV9FJ/FiIxpWceIB6fgqy/1Igv/BVkWlUROBZEDnlK1xUvqYa3
OL8MPZ2emEI9p8mrzAvNQGK6oGkbjte9mgpTNq310Z7pyrdr/A9MPBJg9Wvjx4YG
KxiecSVQJ202oq1QG1MlG7zqgAkaUi/967D5Uue5Rfq2vrHxF3kaRTGjcfVQWdNw
2QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 95574608275058767846965394142794790393
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TW'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TAIWAN-CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TWCA Secure SSL Certification Authority'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-22 01:43:44 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-20 15:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TW'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Taiwan'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Taipei'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Farglory Life Insurance Co., Ltd.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'uat.lia-share.fglife.com.tw'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23100968854922689533293630306032998390679568423277574364854903356772001164430456854475196582945611991002311543541416161718665890114837431124519755278745885650240941547378235019128638596844273213939495853377179655339762330397568615207900461447266600694481952930829837557114082057095332646990062593273673437312305483930332763550341722005988524918736164577647246358179031026061169580706014779360492492645681703279416722094174356110644955012898704911924793028311263813581640878442433701777858240608936548649570751697584632303628160261746789409028777702793334758061848073992832539925227417629769990081604763558474994118873
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 92e7fa6216718cf3977142c606a7e046614b5cb6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
							97137255026bb12b37293063556aa3e182048f92ab001732f7c352090a7cfea9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (81 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sslserver.twca.com.tw/sslserver/Securessl_revoke_sha2_2023G3.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (31 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat.lia-share.fglife.com.tw'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sslserver.twca.com.tw/cacert/secure_sha2_2023G3.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://twcasslocsp.twca.com.tw/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.40869.1.1.21
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.twca.com.tw/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0072ae9b43301a57349a194bcbd09e3ecffac8cc343e4e34bcda40f0317124d9785e54bfa3864c3bfc4498ec87299f2665352ad01c91998c2fc83d6d48e98fe8de079d3de7bbc6cae35071d9c7b6e0f9ebd75076c028e324e3a5b70336dc5d96e8292d9b602061281532caf848bdfb7dfc2997722a9f72dfff3370577963aea9d0527f7e7605a5b47804c37fd5b0296eee6712ac1999d53aed4076656234da2a68587148428e03e1a2210492cdfdf0d50835d7389dc88c345aedfe96eb34c71bca5de2d1a38f6b52dd5aa88dc4cfbc0c9b8de469c9a57ae1e4a98acc20c08b5cb7238ac9ad389766d98d1cd297dd71852f4ab4526ee650e8e1b71722589fe95a61