gestionclients.intg.inalco.com

- Industrial Alliance Insurance and Financial Services Inc. -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 2e:ef:c0:6b:cc:65:07:d2:5e:4d:4e:70:05:05:a5:01 was issued on by Entrust, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Industrial Alliance Insurance and Financial Services Inc.

Organization: Industrial Alliance Insurance and Financial Services Inc.
State / Province: Quebec
Locality: Quebec
Country: CA

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 2e:ef:c0:6b:cc:65:07:d2:5e:4d:4e:70:05:05:a5:01
Serial Number (int): 62389349518610324552311714565851555073
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 2b:52:f9:35:58:32:3b:a9:56:4a:8e:bf:31:6d:ae:ef:7b:e6:a4:af
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 57:40:ba:8d:a6:71:a6:61:75:68:30:8e:37:ce:8e:a8:90:55:0d:cb
Fingerprint (sha256): 10:7c:48:5e:24:9a:13:76:0e:72:72:45:75:9d:af:40:c8:78:a5:66:72:cf:39:e7:e2:b3:12:7e:eb:dd:52:ea

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate gestionclients.intg.inalco.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for gestionclients.intg.inalco.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

gestionclients.intg.inalco.com
www.gestionclients.intg.inalco.com

Other certificates including the domain name inalco.com

(limited to 100 certificates)
poupon.inalco.com
www.inalco.com
securefonc.inalco.com
webmail.inalco.com
rave01.inalco.com
poupon.inalco.com
ei.secureweb.inalco.com
intg.api.inalco.com
imageserver.secureweb.inalco.com
inalco.com
iamobile.inalco.com
fr.wiki-crm.kronos-web.com
www.inalco.com
gestionclients.intg.inalco.com
inalco.com
poupon.inalco.com
www.inalco.com
inalco.com
we.secureweb.inalco.com
inalco.com
www.iaretirement.inalco.com
imageserver.secureweb.accp.ia.iafg.net
we.intg.secureweb.inalco.com
imageserver.secureweb.inalco.com
bambin.inalco.com
poupon.inalco.com
*.intg.secureweb.ia.ca
api.ia.ca
ia-cem.accp.secureweb.inalco.com
www.inalco.com
fs41.inalco.com
*.inalco.com
webmail.ia.ca
fs41.inalco.com
poupon.inalco.com
accp.api.ia.ca
secure2.inalco.com
imageserver.secureweb.inalco.com
imageserver.secureweb.inalco.com
iagtools.inalco.com
*.secureweb.inalco.com
*.intg.secureweb.ia.ca
imageserver.secureweb.inalco.com
fs01.inalco.com
secure.inalco.com
poupon.inalco.com
*.external.inalco.com
secure2.inalco.com
fr.wiki-crm.kronos-web.com
login.service.dealers.inalco.com
AWSSOIA.inalco.com
webadmin.inalco.com
imageserver.secureweb.inalco.com
rave01.inalco.com
www.inalco.com
accp.api.inalco.com
www.inalco.com
ia-cem.secureweb.inalco.com
fs01.inalco.com
stmartin.inalco.com
inalco.com
poupon.inalco.com
webmail.ia.ca
statss.inalco.com
secure.inalco.com
inalco.com
fs01.inalco.com
fr.wiki-crm.kronos-web.com
we.secureweb.inalco.com
iagtools.inalco.com
extranet.inalco.com
www.inalco.com
inalco.com
inalco.com
www.inalco.com
fnct.api.inalco.com
novus.inalco.com
bambin.inalco.com
test.domaine2.secureweb.inalco.com
proxy.accp.secureweb.inalco.com
www.inalco.com
www.inalco.com
poupon.inalco.com
ia-cem.accp.secureweb.inalco.com
imageserver.secureweb.inalco.com
*.secureweb.inalco.com
bambin.inalco.com
inalco.com
fs41.inalco.com
proxy.secureweb.inalco.com
fr.wiki-crm.kronos-web.com
imageserver.secureweb.accp.ia.iafg.net
*.accp.webrequests.inalco.com
*.webrequests.inalco.com
IAGTOOLS.inalco.com
imageserver.secureweb.inalco.com
*.inalco.com
webmail.ia.ca
proxy.intg.secureweb.inalco.com
*.secureweb.inalco.com

Certificate

The complete raw certificate details for gestionclients.intg.inalco.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgIQLu/Aa8xlB9JeTU5wBQWlATANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDAyMDEyMDMwMzlaFw0yNTAyMjMyMDMwMzhaMIGcMQswCQYDVQQGEwJDQTEPMA0G
A1UECBMGUXVlYmVjMQ8wDQYDVQQHEwZRdWViZWMxQjBABgNVBAoTOUluZHVzdHJp
YWwgQWxsaWFuY2UgSW5zdXJhbmNlIGFuZCBGaW5hbmNpYWwgU2VydmljZXMgSW5j
LjEnMCUGA1UEAxMeZ2VzdGlvbmNsaWVudHMuaW50Zy5pbmFsY28uY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8CTpEjpLhvaRCnxXzZ49nrScQSC
MQGz3YvfAe3xpVH1U+aSp7tETiG8vhnFI9FHlBYyf5XN95wb0y5J7AwyUlGU/DeE
s7Ln8hFuFfLjZpzIlLjrpVULzNSY3At2v1FC8OsRoY/SgQQgZLIYc5M/MQy1wJG5
DrgqhksKrGz2MsV1mC5UVuwxbfKuHSQR0z1IllJmMmzMJQJ/hVBLydtdfzS46ZpR
H0p5ClgI3EtVb+X38h0NWwRR4QS7mgJe4lnimaB9Pb3XwKeZhHZW0uTOK6kO7atL
HJnmNQQvY1+IR4JC61MN1LI6Ga4TRSviYIzgXFCMmGM1ezkZWLMVvOSscwIDAQAB
o4IBmTCCAZUwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUK1L5NVgyO6lWSo6/MW2u
73vmpK8wHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8waAYIKwYBBQUH
AQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAzBggr
BgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hhaW4yNTYuY2Vy
MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwx
ay5jcmwwTQYDVR0RBEYwRIIeZ2VzdGlvbmNsaWVudHMuaW50Zy5pbmFsY28uY29t
giJ3d3cuZ2VzdGlvbmNsaWVudHMuaW50Zy5pbmFsY28uY29tMA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gBAwwCjAI
BgZngQwBAgIwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEB
AHKJ2/14TxEpL1xKLDQt7oC6Vkajm/d8oGtGidKr6aOqJXDWJDYjICoBheoSlkld
peC4Aq55gaVfCKaMemeCaB4VdSFmrNmh2NY1LeXKmMQ+QHtq74x54Erz0Y1AqLkP
OEevl8EEBjUERn1wDyvAxib99vW1tHxrmEpIz6TtWhUUOQZZuxsJaqDphxXVO0M/
IHBPCMN7JuRDpGU7xll8TllJTa4K47vyQ5x5zM3K4DhDrav08CAzzRkgYMUybj4a
t2sVsYeycpA/L/EQ1Buq68BXqkf0O1DDtWi4X+mOJ8k24Z118Dhm6tdLNc66um5U
lZn+X6R0H/mwSCWIKlNnTh4=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8CTpEjpLhvaRCnxXzZ4
9nrScQSCMQGz3YvfAe3xpVH1U+aSp7tETiG8vhnFI9FHlBYyf5XN95wb0y5J7Awy
UlGU/DeEs7Ln8hFuFfLjZpzIlLjrpVULzNSY3At2v1FC8OsRoY/SgQQgZLIYc5M/
MQy1wJG5DrgqhksKrGz2MsV1mC5UVuwxbfKuHSQR0z1IllJmMmzMJQJ/hVBLydtd
fzS46ZpRH0p5ClgI3EtVb+X38h0NWwRR4QS7mgJe4lnimaB9Pb3XwKeZhHZW0uTO
K6kO7atLHJnmNQQvY1+IR4JC61MN1LI6Ga4TRSviYIzgXFCMmGM1ezkZWLMVvOSs
cwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 62389349518610324552311714565851555073
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-01 20:30:39 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-23 20:30:38 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Quebec'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Quebec'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Industrial Alliance Insurance and Financial Services Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'gestionclients.intg.inalco.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23701526151339423620294211358255168623742479473573726153646977645069821809360989774436898287776056718348046741385435289395845369428864034115250949106422985666864680388864915920903385906122218601741509475060268069664648848763863083696171016250943445163135133636662040751892794704776783630717497325551048366771186713278371038582696200418603382971315505397351565635137912123030738961972995061023537752915799303783786170586611990798722849751425297310971962390435148057834250455114805500980563330196000311361014062862804191851251618731579545055549483266507083024974925985857374038845056215619954120477890707108740567706739
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							2b52f93558323ba9564a8ebf316daeef7be6a4af
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gestionclients.intg.inalco.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.gestionclients.intg.inalco.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		007289dbfd784f11292f5c4a2c342dee80ba5646a39bf77ca06b4689d2abe9a3aa2570d6243623202a0185ea1296495da5e0b802ae7981a55f08a68c7a6782681e15752166acd9a1d8d6352de5ca98c43e407b6aef8c79e04af3d18d40a8b90f3847af97c104063504467d700f2bc0c626fdf6f5b5b47c6b984a48cfa4ed5a1514390659bb1b096aa0e98715d53b433f20704f08c37b26e443a4653bc6597c4e59494dae0ae3bbf2439c79cccdcae03843adabf4f02033cd192060c5326e3e1ab76b15b187b272903f2ff110d41baaebc057aa47f43b50c3b568b85fe98e27c936e19d75f03866ead74b35cebaba6e549599fe5fa4741ff9b04825882a53674e1e