careers.roche.com

- F. Hoffmann-La Roche AG -

Issued by GeoTrust SSL CA - G3

About this certificate

This digital certificate with serial number 3a:a5:14:8c:2d:79:2a:90:36:87:0b:9c:ac:2f:5f:79 was issued on by GeoTrust Inc..

With 23 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

F. Hoffmann-La Roche AG

Organization: F. Hoffmann-La Roche AG
State / Province: Basel
Locality: Basel
Country: CH

GeoTrust Inc.

Organization: GeoTrust Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 3a:a5:14:8c:2d:79:2a:90:36:87:0b:9c:ac:2f:5f:79
Serial Number (int): 77952369491391498683330530761224707961
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: d2:6f:f7:96:f4:85:3f:72:3c:30:7d:23:da:85:78:9b:a3:7c:5a:7c

Fingerprint (sha1): 71:0c:f9:1d:ba:d3:15:fe:b4:fb:af:84:0f:04:76:eb:c0:7c:de:64
Fingerprint (sha256): 11:83:2a:67:55:5e:76:2c:a8:be:ee:57:87:61:03:ef:f1:0e:9e:14:3f:1d:c1:14:ae:6a:97:39:21:15:82:8d

Issuing Certificate URL: http://gn.symcb.com/gn.crt

Revocation information

OCSP Server: http://gn.symcd.com
CRL Distribution Point: http://gn.symcb.com/gn.crl

Check the revocation status for certificate careers.roche.com

23

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for careers.roche.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.dialogoroche.com.mx
www.foundationmedicine.com.sg
www.rochemed.gr
www.roche.co.uk
www.fibrosisquistica.co
www.rocheplus.es
www.roche-oncology.ch
live.digitalfactory.roche.com
www.latamrochepressday.com
www.msdiseaseactivity.com
www.dialogoroche.com.br
www.rochetudastar.hu
www.foundationmedicine.com.sg.fmi.preprod.opengarden.rch.cm
www.msdiseaseactivity.co.uk
www.dialogoroche.com
www.dialogorochecac.com
www.dialogoroche.com.co
www.dialogoroche.com.ar
mystudies.roche.com
www.rocheonline.se
www.infomedics.it
www.licht-an-fuer-ms.de
careers.roche.com

Other certificates including the domain name roche.com

(limited to 100 certificates)
involve.roche.com
www.hpv16and18.com
easydrive-uat.roche.com
advancedanalytics.roche.com
main.rhelp.roche.com
api.fido.tst.pdaa.science.roche.com
sni.cloudflaressl.com
magentocloud28.map.fastly.net
rbalvprexd0.bas.roche.com
cieas01.roche.com
harmonytest.de
sequencing.roche.com
esource.roche.com
e-medical.roche.com
esource.roche.com
maps-uat.roche.com
coaguchek.com
rsmsourcing.roche.com
deimos.roche.com
cert2.roche.com
sni.cloudflaressl.com
cdn.appstore.gene.com
shpivee1-01.roche.com
eews-dev.roche.com
myaccess.roche.com
ican.roche.com
sni.cloudflaressl.com
sni.cloudflaressl.com
albecsinternaltest.aws.cloud.roche.com
cert3.roche.com
sni.cloudflaressl.com
sni.cloudflaressl.com
mrdivee2-02.netlab.roche.com
rodip.roche.com
nsrdcongresses.roche.com
rbavxsentry11.bas.roche.com
mobilesolution-dev.roche.com
wamua.roche.com
dialog-62-test.roche.com
identity-hu.login.digitalidentity.roche.com
rocheggcpac.roche.com
san-003.ceros.com
video.hive.roche.com
sni.cloudflaressl.com
rssg.roche.com
usdiagnostics.roche.com
mftemeaext.roche.com
anadisuat01.sc1.roche.com
careers.roche.com
flow.roche.com
cert3.roche.com
sni.cloudflaressl.com
misp.roche.com
cert2.roche.com
careers.roche.com
api.rockwizz.roche.com
bitbucket-nala-qa.roche.com
careers.roche.com
wamdev.roche.com
sonar-dev-old.roche.com
diauxhub.roche.com
careers.roche.com
globalfms.roche.com
rexis-dialog-dev.roche.com
san-003.ceros.com
sc1lvflexq2.sc1.roche.com
easydrive-dev.roche.com
send-tst.roche.com
indigrow.roche.com
careers.roche.com
careers.roche.com
env5-remotedashboard.roche.com
mrd25.me
cert2.roche.com
*.esrv-hub-uat.roche.com
sb.eu.phcaa.science.roche.com
san-003.ceros.com
extaccess-nala.roche.com
magentocloud28.map.fastly.net
go.roche.com
magentocloud32.map.fastly.net
sni.cloudflaressl.com
status.repository.roche.com
itot.roche.com
ssl882748.cloudflaressl.com
sni.cloudflaressl.com
esrv-marketplace-dev.roche.com
careers.roche.com
gispeopledev.roche.com
imcore.roche.com
booster.roche.com
sni.cloudflaressl.com
akamai-san195.exacttarget.com
raumbuch.roche.com
pitas01.roche.com
sni.cloudflaressl.com
c1edb.roche.com
magentocloud45.map.fastly.net
shpivee1-01.roche.com
hpv16and18.com

Certificate

The complete raw certificate details for careers.roche.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIHTCCBwWgAwIBAgIQOqUUjC15KpA2hwucrC9feTANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTYwNzA1MDAwMDAwWhcNMTcwOTAzMjM1
OTU5WjBrMQswCQYDVQQGEwJDSDEOMAwGA1UECAwFQmFzZWwxDjAMBgNVBAcMBUJh
c2VsMSAwHgYDVQQKDBdGLiBIb2ZmbWFubi1MYSBSb2NoZSBBRzEaMBgGA1UEAwwR
Y2FyZWVycy5yb2NoZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCmzrT7nTqikGS+EmznuXTylfBx+XgUNn+cuEOYemcWkjHRg6kyzfWf8u5HjvYl
SPqjp1MT2f5cdGaSqumW9uriiUBzAqqcj8fznW0ktuwXUJf7l/gs2beLzUcAlOUh
pFoeTjRLRc5ZazUobo2K0PHzXmPFtfa7Jql6xbkCEKa0QSxV+QqNgvjeqeoqhuj1
OzEsJnCMUpmoYI3EbeH/D2rrELvxTgShfIFbG94bRYg2fCSaYlGYNYf59a4UpTDe
4Hc30YCeTLa+j62DyTJyaU305m5q159BYj46obZd+zi5RgGj+CQMOSLdNZ1P0WKt
kCtEbVZw5+Uz5V/qK9YPbWdNAgMBAAGjggTiMIIE3jCCAlEGA1UdEQSCAkgwggJE
ghd3d3cuZGlhbG9nb3JvY2hlLmNvbS5teIIdd3d3LmZvdW5kYXRpb25tZWRpY2lu
ZS5jb20uc2eCD3d3dy5yb2NoZW1lZC5ncoIPd3d3LnJvY2hlLmNvLnVrghd3d3cu
Zmlicm9zaXNxdWlzdGljYS5jb4IQd3d3LnJvY2hlcGx1cy5lc4IVd3d3LnJvY2hl
LW9uY29sb2d5LmNogh1saXZlLmRpZ2l0YWxmYWN0b3J5LnJvY2hlLmNvbYIad3d3
LmxhdGFtcm9jaGVwcmVzc2RheS5jb22CGXd3dy5tc2Rpc2Vhc2VhY3Rpdml0eS5j
b22CF3d3dy5kaWFsb2dvcm9jaGUuY29tLmJyghR3d3cucm9jaGV0dWRhc3Rhci5o
dYI7d3d3LmZvdW5kYXRpb25tZWRpY2luZS5jb20uc2cuZm1pLnByZXByb2Qub3Bl
bmdhcmRlbi5yY2guY22CG3d3dy5tc2Rpc2Vhc2VhY3Rpdml0eS5jby51a4IUd3d3
LmRpYWxvZ29yb2NoZS5jb22CF3d3dy5kaWFsb2dvcm9jaGVjYWMuY29tghd3d3cu
ZGlhbG9nb3JvY2hlLmNvbS5jb4IXd3d3LmRpYWxvZ29yb2NoZS5jb20uYXKCE215
c3R1ZGllcy5yb2NoZS5jb22CEnd3dy5yb2NoZW9ubGluZS5zZYIRd3d3LmluZm9t
ZWRpY3MuaXSCF3d3dy5saWNodC1hbi1mdWVyLW1zLmRlghFjYXJlZXJzLnJvY2hl
LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDArBgNVHR8EJDAiMCCgHqAc
hhpodHRwOi8vZ24uc3ltY2IuY29tL2duLmNybDCBnQYDVR0gBIGVMIGSMIGPBgZn
gQwBAgIwgYQwPwYIKwYBBQUHAgEWM2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9y
ZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdhbDBBBggrBgEFBQcCAjA1DDNodHRwczov
L3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFNJv95b0hT9y
PDB9I9qFeJujfFp8MFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDov
L2duLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL2duLnN5bWNiLmNvbS9n
bi5jcnQwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgDd6x0reg1PpiCLga2BaHB+
Lo6dAdVciI09EcTNtuy+zAAAAVW8kxrpAAAEAwBHMEUCIAOPQAHs551xwqT68hzN
jZbCH7XQs+guu3MKNl5TdNrPAiEAnucZs2Ny55PDILLAuJmTsjMrA1jf8Br1IZC6
DHFQKUAAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVW8kxsJ
AAAEAwBHMEUCIA4T//DGD+6hAfzVj59s/ErqOhghzVkK7bqhcejvMKHwAiEA6OtN
6nWtKfWPon7Pejm+Lzz2bYvYI2lHW0Zi+DK86jkwDQYJKoZIhvcNAQELBQADggEB
AMTvK8ciuUo/VQWkhHsIB35fKSQiuf+hsmyaTjy5TaMpEbYGa03uanQYpLR2VrbV
yRzCVy5rzRSYanFvlzsjWUdDRXoT3Ikz72fq147KyJF+y7vSDTmLjjHY3utSuLCk
hS1BRWvyHcBeEe156dsuD/dj3hSZdQAuI8B98u3O8SRo4GwZnm8kV5yIEeuWo4tU
anAQchTVigJXEU+YiLACRzqlSXEHdPTdzGe4QS+Q+1XC11ofUulmW9BvD6XgwW2G
tikljkOsS87uj70X2JbBDiI9Wc/E8UiZiN+5JLPDRcWI6UA2IOivalHquAlb/p10
qcaMlK7KMt8RDYfkSnC6P3U=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps60+506opBkvhJs57l0
8pXwcfl4FDZ/nLhDmHpnFpIx0YOpMs31n/LuR472JUj6o6dTE9n+XHRmkqrplvbq
4olAcwKqnI/H851tJLbsF1CX+5f4LNm3i81HAJTlIaRaHk40S0XOWWs1KG6NitDx
815jxbX2uyapesW5AhCmtEEsVfkKjYL43qnqKobo9TsxLCZwjFKZqGCNxG3h/w9q
6xC78U4EoXyBWxveG0WINnwkmmJRmDWH+fWuFKUw3uB3N9GAnky2vo+tg8kycmlN
9OZuatefQWI+OqG2Xfs4uUYBo/gkDDki3TWdT9FirZArRG1WcOflM+Vf6ivWD21n
TQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 77952369491391498683330530761224707961
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust SSL CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-07-05 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-09-03 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Basel'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Basel'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'F. Hoffmann-La Roche AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'careers.roche.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21057489627496201246893609553064160806853318928701170907153906563826660202951423175402651644392483272496561528206906387253834094718998838172870755920833966967635752026295577896963512960630976247671834968166794709616189241614620018653989865069482356344708254415506011287916683254219309806149708710906922318009013864423567258598811387371855853233338138149008827698616764463391844458981202675030912109958413332961126330286128864966307730568051289114609576330540319146505307532502768944227788439726059280794485301593525675525628953753089840470316844379866534288293337854209119094616413769873145646226407929399270961932109
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (584 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dialogoroche.com.mx'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.foundationmedicine.com.sg'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rochemed.gr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.fibrosisquistica.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rocheplus.es'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche-oncology.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'live.digitalfactory.roche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.latamrochepressday.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.msdiseaseactivity.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dialogoroche.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rochetudastar.hu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.foundationmedicine.com.sg.fmi.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.msdiseaseactivity.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dialogoroche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dialogorochecac.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dialogoroche.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dialogoroche.com.ar'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mystudies.roche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rocheonline.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.infomedics.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.licht-an-fuer-ms.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'careers.roche.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (149 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d26ff796f4853f723c307d23da85789ba37c5a7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc00000155bc931ae900000403004730450220038f4001ece79d71c2a4faf21ccd8d96c21fb5d0b3e82ebb730a365e5374dacf0221009ee719b36372e793c320b2c0b89993b2332b0358dff01af52190ba0c71502940007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000155bc931b09000004030047304502200e13fff0c60feea101fcd58f9f6cfc4aea3a1821cd590aedbaa171e8ef30a1f0022100e8eb4dea75ad29f58fa27ecf7a39be2f3cf66d8bd82369475b4662f832bcea39
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00c4ef2bc722b94a3f5505a4847b08077e5f292422b9ffa1b26c9a4e3cb94da32911b6066b4dee6a7418a4b47656b6d5c91cc2572e6bcd14986a716f973b23594743457a13dc8933ef67ead78ecac8917ecbbbd20d398b8e31d8deeb52b8b0a4852d41456bf21dc05e11ed79e9db2e0ff763de149975002e23c07df2edcef12468e06c199e6f24579c8811eb96a38b546a70107214d58a0257114f9888b002473aa549710774f4ddcc67b8412f90fb55c2d75a1f52e9665bd06f0fa5e0c16d86b629258e43ac4bceee8fbd17d896c10e223d59cfc4f1489988dfb924b3c345c588e9403620e8af6a51eab8095bfe9d74a9c68c94aeca32df110d87e44a70ba3f75