duos.dsp-duos-prod.broadinstitute.org

- The Broad Institute of MIT and Harvard -

Issued by InCommon RSA Server CA

About this certificate

This digital certificate with serial number 36:65:ea:cf:3c:cc:fa:5e:97:41:52:61:e0:5f:44:f3 was issued on by Internet2.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

The Broad Institute of MIT and Harvard

Organization: The Broad Institute of MIT and Harvard
Organization unit: DSP
Address: 415 Main St.
Postal code: 02142
State / Province: MA
Locality: Cambridge
Country: US

Internet2

Organization: Internet2
Organization unit: InCommon
State / Province: MI
Locality: Ann Arbor
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 36:65:ea:cf:3c:cc:fa:5e:97:41:52:61:e0:5f:44:f3
Serial Number (int): 72307496257991273463880078873459639539
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 9a:fe:e3:55:2b:e2:18:5e:92:68:c4:7a:21:e2:f0:74:34:b4:73:54
AuthorityKeyId: 1e:05:a3:77:8f:6c:96:e2:5b:87:4b:a6:b4:86:ac:71:00:0c:e7:38

Fingerprint (sha1): da:70:f8:d1:d1:ae:c6:d4:90:29:69:f6:0a:b9:ba:7a:17:c9:aa:b3
Fingerprint (sha256): 11:63:24:98:00:ed:99:af:38:41:2b:d0:88:80:36:b5:4c:f2:c7:d8:f3:4a:30:4a:c9:67:d3:44:a0:a6:23:2d

Issuing Certificate URL: http://crt.usertrust.com/InCommonRSAServerCA_2.crt

Revocation information

OCSP Server: http://ocsp.usertrust.com
CRL Distribution Point: http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

Check the revocation status for certificate duos.dsp-duos-prod.broadinstitute.org

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for duos.dsp-duos-prod.broadinstitute.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

duos.dsp-duos-prod.broadinstitute.org
duos.broadinstitute.org

Other certificates including the domain name broadinstitute.org

(limited to 100 certificates)
*.dsde-staging.broadinstitute.org
gpmocha01.broadinstitute.org
suffix.broadinstitute.org
duos.broadinstitute.org
vdesktop.broadinstitute.org
mercury.broadinstitute.org
risteys.broadinstitute.org
abbvie.ukbb.broadinstitute.org
bard.broadinstitute.org
*.dsde-prod.broadinstitute.org
portal.firecloud.org
itdev.broadinstitute.org
disclosure-dev.broadinstitute.org
software.broadinstitute.org
esrs-v3.broadinstitute.org
pan.ukbb.broadinstitute.org
cromwell.gp-cromwell-dev.broadinstitute.org
addrtest.broadinstitute.org
gpdevconfluence.broadinstitute.org
weblb-dev.broadinstitute.org
*.mint-stress.broadinstitute.org
omero.broadinstitute.org
secexplorer.dsp-appsec.broadinstitute.org
*.thescholr.com
*.dsde-prod.broadinstitute.org
radon.broadinstitute.org
*.thescholr.com
*.thescholr.com
mercurydev.broadinstitute.org
cda.cda-dev.broadinstitute.org
internal.ukbb.broadinstitute.org
*.thescholr.com
intranet.broadinstitute.org
gpbroad.broadinstitute.org
giving.broadinstitute.org
tufin.broadinstitute.org
github.broadinstitute.org
identity.broadinstitute.org
tufin.broadinstitute.org
coeus.broadinstitute.org
jujubes.broadinstitute.org
coolidge.broadinstitute.org
duos.broadinstitute.org
bod.broadinstitute.org
*.mint-dev.broadinstitute.org
ora-oemrep.broadinstitute.org
broadies.broadinstitute.org
*.dsde-prod.broadinstitute.org
su2c.broadinstitute.org
zebrafish.dsde-dev.broadinstitute.org
*.d8.theopenscholar.com
ibd-genetics.broadinstitute.org
identity.broadinstitute.org
1sum-701-n1-dwdm-415m.broadinstitute.org
lof.curation.broadinstitute.org
stash.broadinstitute.org
enigma.broadinstitute.org
jade-6.datarepo-integration.broadinstitute.org
sendit.broadinstitute.org
*.thescholr.com
cellstrainer.broadinstitute.org
*.d8.theopenscholar.com
space-dev.broadinstitute.org
bit-qa.broadinstitute.org
agora.dsde-prod.broadinstitute.org
320c-2102-c5-dwdm-415m.broadinstitute.org
bitstore.broadinstitute.org
covid-19-sequencing.broadinstitute.org
beehive.dsp-devops.broadinstitute.org
genomics.broadinstitute.org
confluence.broadinstitute.org
cloudaccounts-dev.broadinstitute.org
www.broadinstitute.org
slims.broadinstitute.org
crowdldap.broadinstitute.org
hscgp.broadinstitute.org
dpa.broadinstitute.org
transfer.broadinstitute.org
solwind.broadinstitute.org
duos.dsp-duos-prod.broadinstitute.org
www.broadinstitute.org
alkesgroup.broadinstitute.org
transfer.broadinstitute.org
gphub.broadinstitute.org
www.broadinstitute.org
firecloud.dsde-alpha.broadinstitute.org
support.terra.bio
firecloud.dsde-staging.broadinstitute.org
ladderstocures.broadinstitute.org
dotmatics-dev.broadinstitute.org
papers-dev.broadinstitute.org
slims-qa.broadinstitute.org
consent.dsde-dev.broadinstitute.org
unity.broadinstitute.org
intranet.broadinstitute.org
help.broadinstitute.org
idp.broadinstitute.org
*.thescholr.com
gatkforums.broadinstitute.org
healthquest.broadinstitute.org

Certificate

The complete raw certificate details for duos.dsp-duos-prod.broadinstitute.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHPDCCBiSgAwIBAgIQNmXqzzzM+l6XQVJh4F9E8zANBgkqhkiG9w0BAQsFADB2
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xOTA4MTMwMDAwMDBaFw0yMTA4MTIy
MzU5NTlaMIHEMQswCQYDVQQGEwJVUzEOMAwGA1UEERMFMDIxNDIxCzAJBgNVBAgT
Ak1BMRIwEAYDVQQHEwlDYW1icmlkZ2UxFTATBgNVBAkTDDQxNSBNYWluIFN0LjEv
MC0GA1UEChMmVGhlIEJyb2FkIEluc3RpdHV0ZSBvZiBNSVQgYW5kIEhhcnZhcmQx
DDAKBgNVBAsTA0RTUDEuMCwGA1UEAxMlZHVvcy5kc3AtZHVvcy1wcm9kLmJyb2Fk
aW5zdGl0dXRlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOdn
RBkhP+p/MOZmD5oO2Vefq9bqE1gLbmCiaf5yKXJniskw28oa4KSaAjImOKlFrHev
InQ0bRIse/SdYz0lVU8twFX/AuYC0izuZy3eYHABKe+TCbGRg0yJ3hEkyQVXKn9f
9sNgB9C4LBdMvT3D6IJQ5QGjDoVLVyAlN+r/e4NB4FpOrU0wDl5C16fmx8wi9W9C
9RA5EZAWPDVfkuSb1xTWU8tbT2wYobYgVyQCWEK9SEkaBHgvW0P51n1RWwPNQ3Cu
WWX3aQZsDQ3sZP2A1Rq6eY7EraVlgOP71zqF0yfIfUKQ2blnD83mDGeqnK7q9Pk0
u3BlH/r1dlI254R+H48CAwEAAaOCA3UwggNxMB8GA1UdIwQYMBaAFB4Fo3ePbJbi
W4dLprSGrHEADOc4MB0GA1UdDgQWBBSa/uNVK+IYXpJoxHoh4vB0NLRzVDAOBgNV
HQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwZwYDVR0gBGAwXjBSBgwrBgEEAa4jAQQDAQEwQjBABggrBgEFBQcC
ARY0aHR0cHM6Ly93d3cuaW5jb21tb24ub3JnL2NlcnQvcmVwb3NpdG9yeS9jcHNf
c3NsLnBkZjAIBgZngQwBAgIwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC5p
bmNvbW1vbi1yc2Eub3JnL0luQ29tbW9uUlNBU2VydmVyQ0EuY3JsMHUGCCsGAQUF
BwEBBGkwZzA+BggrBgEFBQcwAoYyaHR0cDovL2NydC51c2VydHJ1c3QuY29tL0lu
Q29tbW9uUlNBU2VydmVyQ0FfMi5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3Nw
LnVzZXJ0cnVzdC5jb20wSQYDVR0RBEIwQIIlZHVvcy5kc3AtZHVvcy1wcm9kLmJy
b2FkaW5zdGl0dXRlLm9yZ4IXZHVvcy5icm9hZGluc3RpdHV0ZS5vcmcwggF/Bgor
BgEEAdZ5AgQCBIIBbwSCAWsBaQB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8g
C8xO8WTjAAABbIyLcYIAAAQDAEgwRgIhAOrWfTkFNqC6maaVIJBPbnTqwhweccaE
LgYuc/NIh3dQAiEA+MzSQlbYBwXWyB/6kinu7tleW8oc2xJE9BPdUarA4gAAdgBE
lGUusO7Or8RAB9io/ijA2uaCvtjLMbU/0zOWtbaBqAAAAWyMi3GjAAAEAwBHMEUC
ICTKphW389DpuLlt8LVJVkCCGUFWr9i3Dj8spXJbmFTRAiEAsxa2UUUU9c0u6HEo
/kmXv4b2G28xcewd5qqwb2lXoQMAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcv
o6odBxPTDAAAAWyMi3F6AAAEAwBHMEUCIH0dr4qdQZyr1y25VH9FLkBPF2/qbuuo
9SEzUI7VWkEVAiEAkQs3vx0i4J43LZhsfMNJ6bCViLF9WkYAAkI88raBIUowDQYJ
KoZIhvcNAQELBQADggEBADs/Xl0GpA73n5CQePLJES4LEsLXPtA+kXgMMZi2gQAT
Mp/gXGv7o22NBxLXEdvqrgfex5LOUAsCBUnCQqz/pWbTn4Ixw4zslekhtB+7ELeW
pyARRSH1SjwgTdW2AnjOwOu8AuB1xd660Qk82pS5XeXo7WNAnG2Ml8cNVY9igann
VtIoOMm2y1j5qXpxtXbWMHBWCE7gVVRjaKFHx5t+BLL1m06JqRODjRKzCQjDAw3c
gs6ukL1cT31vDeHCHhcnourBPywAnxF/MzZnMdkJ2Y5LVJFjaQnSMPTEP3KAViJK
Ztn3zZGHg4bsScTIjSv6fkaVQ3Ld9KUITI2uPPWKTbY=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52dEGSE/6n8w5mYPmg7Z
V5+r1uoTWAtuYKJp/nIpcmeKyTDbyhrgpJoCMiY4qUWsd68idDRtEix79J1jPSVV
Ty3AVf8C5gLSLO5nLd5gcAEp75MJsZGDTIneESTJBVcqf1/2w2AH0LgsF0y9PcPo
glDlAaMOhUtXICU36v97g0HgWk6tTTAOXkLXp+bHzCL1b0L1EDkRkBY8NV+S5JvX
FNZTy1tPbBihtiBXJAJYQr1ISRoEeC9bQ/nWfVFbA81DcK5ZZfdpBmwNDexk/YDV
Grp5jsStpWWA4/vXOoXTJ8h9QpDZuWcPzeYMZ6qcrur0+TS7cGUf+vV2UjbnhH4f
jwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 72307496257991273463880078873459639539
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'MI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ann Arbor'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-08-13 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-08-12 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '02142'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'MA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Cambridge'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '415 Main St.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'The Broad Institute of MIT and Harvard'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DSP'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'duos.dsp-duos-prod.broadinstitute.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29211970813829603465600167968207302562616680816777429445324893898326344924688817210304516305820001458299061228133873617122019390434174374790507658810682509479146887311234815423646109476267642765491414171199091490743355286845696808603202443305527642191704817491290409532850548515135167570197110608101855220041161478151739998448159552814407119616227814699351677393648396754557556259646797440932988723781169972736901177619755933813513305168730621490079376463009408972977993760311412291813413189130252695413353968908280008227561348892154327705419118184013956528182798932469133152372548448402098839897771765264290670321551
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1e05a3778f6c96e25b874ba6b486ac71000ce738
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							9afee3552be2185e9268c47a21e2f07434b47354
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (96 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.incommon.org/cert/repository/cps_ssl.pdf'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.incommon-rsa.org/InCommonRSAServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.usertrust.com/InCommonRSAServerCA_2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.usertrust.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'duos.dsp-duos-prod.broadinstitute.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'duos.broadinstitute.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007700f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e30000016c8c8b71820000040300483046022100ead67d390536a0ba99a69520904f6e74eac21c1e71c6842e062e73f348877750022100f8ccd24256d80705d6c81ffa9229eeeed95e5bca1cdb1244f413dd51aac0e2000076004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000016c8c8b71a30000040300473045022024caa615b7f3d0e9b8b96df0b549564082194156afd8b70e3f2ca5725b9854d1022100b316b6514514f5cd2ee87128fe4997bf86f61b6f3171ec1de6aab06f6957a1030076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000016c8c8b717a000004030047304502207d1daf8a9d419cabd72db9547f452e404f176fea6eeba8f52133508ed55a4115022100910b37bf1d22e09e372d986c7cc349e9b09588b17d5a460002423cf2b681214a
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003b3f5e5d06a40ef79f909078f2c9112e0b12c2d73ed03e91780c3198b6810013329fe05c6bfba36d8d0712d711dbeaae07dec792ce500b020549c242acffa566d39f8231c38cec95e921b41fbb10b796a720114521f54a3c204dd5b60278cec0ebbc02e075c5debad1093cda94b95de5e8ed63409c6d8c97c70d558f6281a9e756d22838c9b6cb58f9a97a71b576d6307056084ee055546368a147c79b7e04b2f59b4e89a913838d12b30908c3030ddc82ceae90bd5c4f7d6f0de1c21e1727a2eac13f2c009f117f33366731d909d98e4b5491636909d230f4c43f728056224a66d9f7cd91878386ec49c4c88d2bfa7e46954372ddf4a5084c8dae3cf58a4db6