onescm.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 0f:e3:cd:91:75:44:c6:a7:8d:d9:22:e4:3f:3c:a8:fc was issued on by Amazon.

With 39 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=onescm.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0f:e3:cd:91:75:44:c6:a7:8d:d9:22:e4:3f:3c:a8:fc
Serial Number (int): 21121240742006348350221664338254276860
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 27:90:5e:dc:4f:a1:73:68:03:64:73:b0:fb:00:17:e8:d0:c3:1d:85
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): af:e2:bf:34:4b:5f:5e:e1:27:4c:d4:be:1f:00:1d:40:07:61:ce:fb
Fingerprint (sha256): 10:fa:68:96:d2:b2:4d:93:fa:4a:92:d5:f5:be:1f:a9:65:74:9c:c5:20:c5:ec:c4:63:35:3d:e1:7f:ae:39:88

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate onescm.com

39

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for onescm.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

onescm.com
*.sensage.com
*.clearorbit.net
*.verdiem.com
*.1scm.com
*.cardinalmark.net
cardinal-mark.com
clearorbit.com
*.bpainc.com
*.olivesoftware.com
right90.com
supplychainlabels.com
triactive.com
verdiem.com
1scm.com
*.1scm.net
*.telescopeondemand.com
streetsmartmobile.com
*.clearorbit.com
smartformdesign.com
*.triactive.com
*.purchasingnet.com
*.onescm.net
purchasingnet.com
cardinalmark.net
onescm.net
*.streetsmartmobile.com
sensage.com
bpainc.com
*.smartformdesign.com
clearorbit.net
*.right90.com
*.supplychainlabels.com
telescopeondemand.com
1scm.net
*.geminiseries.com
geminiseries.com
olivesoftware.com
*.cardinal-mark.com

Other certificates including the domain name onescm.com

(limited to 100 certificates)
www.onescm.com
support.engineyard.com
status.biznessapps.com
classichelp.kayako.com
support.engineyard.com
support.cardinal-mark.com
status.accept360.com
support.engineyard.com
onescm.com
imports.versata.com
www.onescm.com
support.crossover.com
onescm.com
*.onescm.com
support.infinio.com
www.onescm.com
*.onescm.com
*.onescm.com
demo.onescm.com
WWW.ONESCM.COM
support.engineyard.com
onescm.com
classichelp.kayako.com
classichelp.kayako.com
onescm.com
demo.onescm.com
classichelp.kayako.com
www.onescm.com
status.biznessapps.com
imports.versata.com
support.cardinal-mark.com
avolin.com
support.engineyard.com
dnnsupport.dnnsoftware.com
classichelp.kayako.com
support.engineyard.com
*.onescm.com
demo.onescm.com
*.onescm.com
support.cardinal-mark.com
WWW.ONESCM.COM
classichelp.kayako.com
*.onescm.com
avolin.com
onescm.com
onescm.com
imports.versata.com
status.biznessapps.com
classichelp.kayako.com
www.onescm.com
support.cardinal-mark.com
support.cardinal-mark.com
onescm.com
www.onescm.com
imports.versata.com
support.engineyard.com
www.onescm.com
support.engineyard.com
status.biznessapps.com
classichelp.kayako.com
support.engineyard.com
WWW.ONESCM.COM
imports.versata.com
avolin.com
demo.onescm.com
copilot.onescm.com
classichelp.kayako.com
imports.versata.com
*.onescm.com
status.accept360.com
classichelp.kayako.com
avolin.com
demo.onescm.com
support.engineyard.com
*.onescm.com
classichelp.kayako.com
onescm.com
www.onescm.com
status.accept360.com
*.onescm.com
*.onescm.com
imports.versata.com
support.engineyard.com
support.cardinal-mark.com
onescm.com
objectstore.com
support.engineyard.com
onescm.com
onescm.com
status.biznessapps.com
support.engineyard.com
WWW.ONESCM.COM
onescm.com
*.onescm.com
WWW.ONESCM.COM

Certificate

The complete raw certificate details for onescm.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIXjCCB0agAwIBAgIQD+PNkXVExqeN2SLkPzyo/DANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTI0MDUxODAwMDAwMFoXDTI1MDYxNjIzNTk1OVowFTET
MBEGA1UEAxMKb25lc2NtLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALUzqjJX1dp2E3yUJL/wbdnDg98omjUcQJzuUxwxTpsWprh/Y7nwcMork4nJ
HqhkjbwE+4Uys7xSCYgqIPDepO1rGv8EuYzo2/WnkzyIyqbRqs8fs1GXNcQDkUkF
rCvezil9ZZNbvVKQ3fJKaemxfct4kI5QRLa7nIPBSjPKOyuPiRQ+xbvbth4KNK3Q
FMsWR1gGXJi8UkPHU8Zw4UOYZaEtgxaeOs0Ak7cCynMgqtrv4wjZjqR39lGdturS
yO2mMTxxGDj+RyV3r80Z1sBewk1zA5Q8ar1fXnYNwv0jVxvlgXmokc8sYQiwPBYg
bZRa76dcow3MchGvGZ0h6Sq/v+UCAwEAAaOCBYEwggV9MB8GA1UdIwQYMBaAFMAx
Us1aUMOCfHRxzsvpnPl664LiMB0GA1UdDgQWBBQnkF7cT6FzaANkc7D7ABfo0MMd
hTCCArEGA1UdEQSCAqgwggKkggpvbmVzY20uY29tgg0qLnNlbnNhZ2UuY29tghAq
LmNsZWFyb3JiaXQubmV0gg0qLnZlcmRpZW0uY29tggoqLjFzY20uY29tghIqLmNh
cmRpbmFsbWFyay5uZXSCEWNhcmRpbmFsLW1hcmsuY29tgg5jbGVhcm9yYml0LmNv
bYIMKi5icGFpbmMuY29tghMqLm9saXZlc29mdHdhcmUuY29tggtyaWdodDkwLmNv
bYIVc3VwcGx5Y2hhaW5sYWJlbHMuY29tgg10cmlhY3RpdmUuY29tggt2ZXJkaWVt
LmNvbYIIMXNjbS5jb22CCiouMXNjbS5uZXSCFyoudGVsZXNjb3Blb25kZW1hbmQu
Y29tghVzdHJlZXRzbWFydG1vYmlsZS5jb22CECouY2xlYXJvcmJpdC5jb22CE3Nt
YXJ0Zm9ybWRlc2lnbi5jb22CDyoudHJpYWN0aXZlLmNvbYITKi5wdXJjaGFzaW5n
bmV0LmNvbYIMKi5vbmVzY20ubmV0ghFwdXJjaGFzaW5nbmV0LmNvbYIQY2FyZGlu
YWxtYXJrLm5ldIIKb25lc2NtLm5ldIIXKi5zdHJlZXRzbWFydG1vYmlsZS5jb22C
C3NlbnNhZ2UuY29tggpicGFpbmMuY29tghUqLnNtYXJ0Zm9ybWRlc2lnbi5jb22C
DmNsZWFyb3JiaXQubmV0gg0qLnJpZ2h0OTAuY29tghcqLnN1cHBseWNoYWlubGFi
ZWxzLmNvbYIVdGVsZXNjb3Blb25kZW1hbmQuY29tgggxc2NtLm5ldIISKi5nZW1p
bmlzZXJpZXMuY29tghBnZW1pbmlzZXJpZXMuY29tghFvbGl2ZXNvZnR3YXJlLmNv
bYITKi5jYXJkaW5hbC1tYXJrLmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1Ud
HwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwucjJtMDIuYW1hem9udHJ1c3QuY29tL3Iy
bTAyLmNybDB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3Nw
LnIybTAyLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5y
Mm0wMi5hbWF6b250cnVzdC5jb20vcjJtMDIuY2VyMAwGA1UdEwEB/wQCMAAwggF+
BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AE51oydcmhDDOFts1N8/Uusd8OCOG41p
wLH6ZLFimjnfAAABj4pU/swAAAQDAEcwRQIgdmd/+TO0HayNdwLPGLdw09FzvW6t
iunfSMfmK1tM7mgCIQDx8GFBdyBNY2aVItY4yJPGVN5B9aOn+BMK8XjnYpL7HwB2
AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4AAABj4pU/kAAAAQDAEcw
RQIhAIosO2ebVm/VbI/aH+CmevFUYAjavWjB0NoPS64I6IMOAiAMTnAHjgSli41y
amEUbxCoa3rocGuLe6Luo2rkBAQ3BwB2AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7
uocyHf0eN45QAAABj4pU/loAAAQDAEcwRQIgNgXwWB/hnSoXwDa8TlBPWvDqWbry
6KzuUcf/xuCVed0CIQDxf1HfOFIJWOuiXUqwnYkRRDMRPl6nRNiPdR4rJKAUxjAN
BgkqhkiG9w0BAQsFAAOCAQEACUukDUxAUdU/ak0b0zb3Zf6ulLPXhkKOrcmvYHfa
WlQJLb3SKmPiYbhv22gIk3Tcmk4/wnUXLmiXgdZz3jiyVZ5bHgmeAiqAB965NSfg
c48a2gWAQE/eOTb95hQKPSozAAOHouxL0eCP/z2BADgg6qlFXLq+ejU9syOnKF40
Lo8uz7BoJ2uj88HrOl519l3ZV54U83bRji6GtV4HGr1KE+2sYv+TeS8QWDTJlYOe
UfmeHCVrORNfJJeGa7O8BVtOx0NQlM73yoF0GrJe2qn8HG9vSlcpMSF6WdPxuVuK
ZM1a/+K/C28tAs9mahD1IXLz38wLramwQ7jLPu57dmXtdw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTOqMlfV2nYTfJQkv/Bt
2cOD3yiaNRxAnO5THDFOmxamuH9jufBwyiuTickeqGSNvAT7hTKzvFIJiCog8N6k
7Wsa/wS5jOjb9aeTPIjKptGqzx+zUZc1xAORSQWsK97OKX1lk1u9UpDd8kpp6bF9
y3iQjlBEtrucg8FKM8o7K4+JFD7Fu9u2Hgo0rdAUyxZHWAZcmLxSQ8dTxnDhQ5hl
oS2DFp46zQCTtwLKcyCq2u/jCNmOpHf2UZ226tLI7aYxPHEYOP5HJXevzRnWwF7C
TXMDlDxqvV9edg3C/SNXG+WBeaiRzyxhCLA8FiBtlFrvp1yjDcxyEa8ZnSHpKr+/
5QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 21121240742006348350221664338254276860
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-18 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-06-16 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'onescm.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22874610076398608082799216251922888537524622840693078389858391906657017645805152536936783906724328683039282106175348228166153270480475791189427803760400051435945499646642309734329497539439049765777443893649577002226788287297610406314964514870547709464237803826901907887409739722713889772006520822456510821213895295275522960579147860567819391129809812098769012662768230259897259158481803757436034131666763474129007797017328739538176807747430252519345789093305384374775882614495298400902049256529296961446870564208495058679364903233464087228667442397580238218143863704146986817917809404593091535510725548734601305767909
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							27905edc4fa17368036473b0fb0017e8d0c31d85
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (680 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onescm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sensage.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.clearorbit.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.verdiem.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.1scm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.cardinalmark.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cardinal-mark.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'clearorbit.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.bpainc.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.olivesoftware.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'right90.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'supplychainlabels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'triactive.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'verdiem.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '1scm.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.1scm.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.telescopeondemand.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'streetsmartmobile.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.clearorbit.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'smartformdesign.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.triactive.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.purchasingnet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.onescm.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'purchasingnet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cardinalmark.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onescm.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.streetsmartmobile.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sensage.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bpainc.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.smartformdesign.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'clearorbit.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.right90.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.supplychainlabels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'telescopeondemand.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '1scm.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.geminiseries.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'geminiseries.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'olivesoftware.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.cardinal-mark.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018f8a54fecc0000040300473045022076677ff933b41dac8d7702cf18b770d3d173bd6ead8ae9df48c7e62b5b4cee68022100f1f0614177204d63669522d638c893c654de41f5a3a7f8130af178e76292fb1f0076007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018f8a54fe4000000403004730450221008a2c3b679b566fd56c8fda1fe0a67af1546008dabd68c1d0da0f4bae08e8830e02200c4e70078e04a58b8d726a61146f10a86b7ae8706b8b7ba2eea36ae404043707007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018f8a54fe5a000004030047304502203605f0581fe19d2a17c036bc4e504f5af0ea59baf2e8acee51c7ffc6e09579dd022100f17f51df38520958eba25d4ab09d89114433113e5ea744d88f751e2b24a014c6
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00094ba40d4c4051d53f6a4d1bd336f765feae94b3d786428eadc9af6077da5a54092dbdd22a63e261b86fdb68089374dc9a4e3fc275172e689781d673de38b2559e5b1e099e022a8007deb93527e0738f1ada0580404fde3936fde6140a3d2a33000387a2ec4bd1e08fff3d81003820eaa9455cbabe7a353db323a7285e342e8f2ecfb068276ba3f3c1eb3a5e75f65dd9579e14f376d18e2e86b55e071abd4a13edac62ff93792f105834c995839e51f99e1c256b39135f2497866bb3bc055b4ec7435094cef7ca81741ab25edaa9fc1c6f6f4a572931217a59d3f1b95b8a64cd5affe2bf0b6f2d02cf666a10f52172f3dfcc0bada9b043b8cb3eee7b7665ed77