bnp09s.bnpparibas.com

- BNP PARIBAS SA -

Issued by DigiCert TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 0b:b6:83:eb:9c:b0:cc:8f:7a:c2:a8:ef:7a:1e:aa:95 was issued on by DigiCert Inc.

With 87 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

BNP PARIBAS SA

Organization: BNP PARIBAS SA
State / Province: Ile de France
Locality: MONTREUIL
Country: FR

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0b:b6:83:eb:9c:b0:cc:8f:7a:c2:a8:ef:7a:1e:aa:95
Serial Number (int): 15569181644657080937154031336260807317
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: f6:0a:fd:7e:34:e7:03:32:c6:5e:81:16:03:65:54:c6:b9:35:46:ca
AuthorityKeyId: b7:6b:a2:ea:a8:aa:84:8c:79:ea:b4:da:0f:98:b2:c5:95:76:b9:f4

Fingerprint (sha1): 1b:0c:66:ba:3b:46:70:4e:88:91:d2:f0:fa:83:dd:22:06:16:5f:fe
Fingerprint (sha256): 12:21:e0:33:8b:f4:88:5b:f0:de:7d:57:06:ea:0b:cc:43:17:c3:7a:d1:59:21:2b:88:93:1d:31:a0:47:a6:74

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl

Check the revocation status for certificate bnp09s.bnpparibas.com

87

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for bnp09s.bnpparibas.com

Public Key Algorithm

ECDSA

Key Size

256

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

bnp09s.bnpparibas.com
api-psd2.abm-uid.com
api.nickel.eu
app.nickel.eu
area-personale.staging.bnpparibascardif.it
assurance.fr
back-bo.abm-uid.com
back-bo.alpha.abm-uid.com
bo-menu.nickel.eu
bo-nickel.abm-uid.com
bo-nickel.staging.abm-uid.com
borne-choix-service.abm-uid.com
cetelem.fr
cmonbusiness.bnpparibas-pf.com
compte-nickel.fr
customer-auth.abm-uid.com
customer-calls-bo.abm-uid.com
customer-forms.nickel.eu
devenir-distributeur.compte-nickel.fr
employee-auth.abm-uid.com
espace-indemnisation-c03-rec.cardif.fr
formation-borne.compte-nickel.fr
formation-buraliste-bo-es.nickel.eu
formation-buraliste-bo-fr.nickel.eu
formation-buraliste-terminal-fr.nickel.eu
formation-buraliste-web-es.nickel.eu
formation-buraliste-web-fr.nickel.eu
formation-managment.compte-nickel.fr
formation.compte-nickel.fr
front-bo.abm-uid.com
front-bo.alpha.abm-uid.com
hdplusindex.bnpparibas.com
hdplusindex.com
mailbot-api.compte-nickel.fr
mon-compte-nickel.staging.abm-uid.com
mon.compte-nickel.fr
monespace.compte-nickel.fr
mpad-prod.abm-uid.com
nickel.eu
onetrust.cardif.com.tw
portail-borne.compte-nickel.fr
pos-management.abm-uid.com
prescripteur.souscription-vat.neuges.org
prescripteur.souscription.neuges.org
pro.nickel.eu
proctechtool.bnpparibas.com
recette.prescripteur.souscription.neuges.org
resources.compte-nickel.fr
sell.nickel.eu
sfs.nickel.eu
simulationcg-pp-assurance.cardif.fr
souscription-borne.compte-nickel.fr
souscription-totem.nickel.eu
souscription.compte-nickel.fr
souscription.nickel.eu
static-resources.nickel.eu
storelocator.nickel.eu
sub-uat.primebroker.com
sub.primebroker.com
tablet-nickel.abm-uid.com
tabletnickel-service.staging.abm-uid.com
terminal-portal.alpha.nickel.eu
terminal-portal.nickel.eu
training.nickel.eu
webdoc-algerie.bnpparibas.net
webdoc-expe-bicici.bnpparibas.com
welcome.nickel.eu
widgets.compte-nickel.fr
ws-ext-bimedia.nickel.eu
ws-ext-esendex.nickel.eu
ws-ext-infobip.nickel.eu
ws-ext-monext.nickel.eu
ws-ext-onfido.staging.nickel.eu
ws-ext-pinsms.nickel.eu
ws-ext-webappsvi.nickel.eu
ws-ext-webapptibco.nickel.eu
ws-ext-zendesk.nickel.eu
ws.demo.staging.icare-service.com
www.area-personale.staging.bnpparibascardif.it
www.assurance.fr
www.cetelem.fr
www.compte-nickel.fr
www.espace-indemnisation-c03-rec.cardif.fr
www.hdplusindex.bnpparibas.com
www.hdplusindex.com
www.webdoc-algerie.bnpparibas.net
www.webdoc-expe-bicici.bnpparibas.com

Other certificates including the domain name bnpparibas.com

(limited to 100 certificates)
bnp16b.bnpparibas.com
porta.bnpparibas.com
bnp04s.bnpparibas.com
bnp05b.bnpparibas.com
bnp12b.bnpparibas.com
bnp11b.bnpparibas.com
dna-wp.bnpparibas.com
pls-mytools-rec3.staging.bnpparibas.com
cdx-rec.bnpparibas.com
us-cortex.bnpparibas.com
planetshares-mytools.bnpparibas.com
eqd-globalmarkets.bnpparibas.com
securitiesrec-bluegreen.bnpparibas.com
vulcan-brio.sso-stg.bnpparibas.com
f17aaabc20bfe045075927934fed52d21.bnpparibas.com
www.vendor-academy.leasingsolutions.bnpparibas.com
www.cards.bnpparibas.com
f17aaabc20bfe045075927934fed52d21.bnpparibas.com
group.bnpparibas.com
wow.bnpparibas.com
indices-globalmarkets.bnpparibas.com
connexissupplychain.uat3.bnpparibas.com
clientportfolio.smartderivatives.bnpparibas.com
us-cortexfx.bnpparibas.com
europagoderec2.bnpparibas.com
bnp02tpc.bnpparibas.com
bnp05s.bnpparibas.com
bnp09b.bnpparibas.com
auth.staging.bnpparibas.com
eqresearch.bnpparibas.com
front-rec.bnpparibas.com
www.gps-protocol.bnpparibas.com
india-netpay.bnpparibas.com
apac-faststream02.bnpparibas.com
mymobility-qual.staging.bnpparibas.com
bnp03sw.bnpparibas.com
imactions.uat.bnpparibas.com
bnp05b.bnpparibas.com
welcome-qual.staging.bnpparibas.com
connexissupplychain.uat1.bnpparibas.com
gctabsreporting-staging.bnpparibas.com
expe-122-opf.bnpparibas.com
bnp13b.bnpparibas.com
connexistrade-ls.bnpparibas.com
cxt-uat-ls.bnpparibas.com
staging.intdistrib-am.bnpparibas.com
brio.sso-stg.bnpparibas.com
int-qa2-cciweb.bnpparibas.com
sinmail3.asia.bnpparibas.com
bnp06s.bnpparibas.com
bnp05s.bnpparibas.com
2016-u.leasingsolutions.bnpparibas.com
bnp07b.bnpparibas.com
smartderivatives.bnpparibas.com
account.onebank.bnpparibas.com
bnppf-dgi-collection.bnpparibas.com
fr-sdpp-prd-internet-stream01.bnpparibas.com
bnp07b.bnpparibas.com
int-bfx-newscci.bnpparibas.com
bnp03s.bnpparibas.com
bnp19b.bnpparibas.com
marketlinkedproducts.bnpparibas.com
wealthmanagement-staging.bnpparibas.com
wsgateway.bnpparibas.com
jp-cortexfx.bnpparibas.com
bnp01sw.bnpparibas.com
securitiesrec-link.bnpparibas.com
bnp09b.bnpparibas.com
bnp04s.bnpparibas.com
rewardsatwork.be
www.bnpparibas.com.br
spotbuying.mediaprocessing.bnpparibas.com
group.bnpparibas
clientportfolio.smartderivatives.bnpparibas.com
cce.bnpparibas.com
cdc-securities-link.portail-investisseur.com
markets360-test.bnpparibas.com
www.privalto.fr
push.connexiscash.bnpparibas.com
bnp09s.bnpparibas.com
matisse-compta.bnpparibas.com
ews-itg-ext.test.bnpparibas.com
www.primebroker.com
obbligazioni.bnpparibas.com
webtrends.bnpparibas.com
fao.bnpparibas.com
dna-promoter.bnpparibas.com
globalmarkets-pp.bnpparibas.com
bnp09b.bnpparibas.com
bnp04b.bnpparibas.com
cardif-asia-demo.dev.bnpparibas.com
bnp03s.bnpparibas.com
push.bnpparibas.com
bnp19b.bnpparibas.com
keys.bnpparibas.com
sinmail4.asia.bnpparibas.com
connexisdirect.api.staging.bnpparibas.com
centric-vasco.bnpparibas.com
securitiesrec-client.bnpparibas.com
tlcx-tempo.bnpparibas.com

Certificate

The complete raw certificate details for bnp09s.bnpparibas.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIOGjCCDQKgAwIBAgIQC7aD65ywzI96wqjveh6qlTANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMjA2MTMwMDAwMDBa
Fw0yMzAzMjIyMzU5NTlaMHIxCzAJBgNVBAYTAkZSMRYwFAYDVQQIEw1JbGUgZGUg
RnJhbmNlMRIwEAYDVQQHEwlNT05UUkVVSUwxFzAVBgNVBAoTDkJOUCBQQVJJQkFT
IFNBMR4wHAYDVQQDExVibnAwOXMuYm5wcGFyaWJhcy5jb20wWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAQEKbjdC5fMSiNW9TVsxZdOmNEfJo6SQG2T1z349K5acTgC
eoEUgoPfwCH/psx8P1VTY5vQVDOVhlTU+O68z0fto4ILmDCCC5QwHwYDVR0jBBgw
FoAUt2ui6qiqhIx56rTaD5iyxZV2ufQwHQYDVR0OBBYEFPYK/X405wMyxl6BFgNl
VMa5NUbKMIIJrgYDVR0RBIIJpTCCCaGCFWJucDA5cy5ibnBwYXJpYmFzLmNvbYIU
YXBpLXBzZDIuYWJtLXVpZC5jb22CDWFwaS5uaWNrZWwuZXWCDWFwcC5uaWNrZWwu
ZXWCKmFyZWEtcGVyc29uYWxlLnN0YWdpbmcuYm5wcGFyaWJhc2NhcmRpZi5pdIIM
YXNzdXJhbmNlLmZyghNiYWNrLWJvLmFibS11aWQuY29tghliYWNrLWJvLmFscGhh
LmFibS11aWQuY29tghFiby1tZW51Lm5pY2tlbC5ldYIVYm8tbmlja2VsLmFibS11
aWQuY29tgh1iby1uaWNrZWwuc3RhZ2luZy5hYm0tdWlkLmNvbYIfYm9ybmUtY2hv
aXgtc2VydmljZS5hYm0tdWlkLmNvbYIKY2V0ZWxlbS5mcoIeY21vbmJ1c2luZXNz
LmJucHBhcmliYXMtcGYuY29tghBjb21wdGUtbmlja2VsLmZyghljdXN0b21lci1h
dXRoLmFibS11aWQuY29tgh1jdXN0b21lci1jYWxscy1iby5hYm0tdWlkLmNvbYIY
Y3VzdG9tZXItZm9ybXMubmlja2VsLmV1giVkZXZlbmlyLWRpc3RyaWJ1dGV1ci5j
b21wdGUtbmlja2VsLmZyghllbXBsb3llZS1hdXRoLmFibS11aWQuY29tgiZlc3Bh
Y2UtaW5kZW1uaXNhdGlvbi1jMDMtcmVjLmNhcmRpZi5mcoIgZm9ybWF0aW9uLWJv
cm5lLmNvbXB0ZS1uaWNrZWwuZnKCI2Zvcm1hdGlvbi1idXJhbGlzdGUtYm8tZXMu
bmlja2VsLmV1giNmb3JtYXRpb24tYnVyYWxpc3RlLWJvLWZyLm5pY2tlbC5ldYIp
Zm9ybWF0aW9uLWJ1cmFsaXN0ZS10ZXJtaW5hbC1mci5uaWNrZWwuZXWCJGZvcm1h
dGlvbi1idXJhbGlzdGUtd2ViLWVzLm5pY2tlbC5ldYIkZm9ybWF0aW9uLWJ1cmFs
aXN0ZS13ZWItZnIubmlja2VsLmV1giRmb3JtYXRpb24tbWFuYWdtZW50LmNvbXB0
ZS1uaWNrZWwuZnKCGmZvcm1hdGlvbi5jb21wdGUtbmlja2VsLmZyghRmcm9udC1i
by5hYm0tdWlkLmNvbYIaZnJvbnQtYm8uYWxwaGEuYWJtLXVpZC5jb22CGmhkcGx1
c2luZGV4LmJucHBhcmliYXMuY29tgg9oZHBsdXNpbmRleC5jb22CHG1haWxib3Qt
YXBpLmNvbXB0ZS1uaWNrZWwuZnKCJW1vbi1jb21wdGUtbmlja2VsLnN0YWdpbmcu
YWJtLXVpZC5jb22CFG1vbi5jb21wdGUtbmlja2VsLmZyghptb25lc3BhY2UuY29t
cHRlLW5pY2tlbC5mcoIVbXBhZC1wcm9kLmFibS11aWQuY29tggluaWNrZWwuZXWC
Fm9uZXRydXN0LmNhcmRpZi5jb20udHeCHnBvcnRhaWwtYm9ybmUuY29tcHRlLW5p
Y2tlbC5mcoIacG9zLW1hbmFnZW1lbnQuYWJtLXVpZC5jb22CKHByZXNjcmlwdGV1
ci5zb3VzY3JpcHRpb24tdmF0Lm5ldWdlcy5vcmeCJHByZXNjcmlwdGV1ci5zb3Vz
Y3JpcHRpb24ubmV1Z2VzLm9yZ4INcHJvLm5pY2tlbC5ldYIbcHJvY3RlY2h0b29s
LmJucHBhcmliYXMuY29tgixyZWNldHRlLnByZXNjcmlwdGV1ci5zb3VzY3JpcHRp
b24ubmV1Z2VzLm9yZ4IacmVzb3VyY2VzLmNvbXB0ZS1uaWNrZWwuZnKCDnNlbGwu
bmlja2VsLmV1gg1zZnMubmlja2VsLmV1giNzaW11bGF0aW9uY2ctcHAtYXNzdXJh
bmNlLmNhcmRpZi5mcoIjc291c2NyaXB0aW9uLWJvcm5lLmNvbXB0ZS1uaWNrZWwu
ZnKCHHNvdXNjcmlwdGlvbi10b3RlbS5uaWNrZWwuZXWCHXNvdXNjcmlwdGlvbi5j
b21wdGUtbmlja2VsLmZyghZzb3VzY3JpcHRpb24ubmlja2VsLmV1ghpzdGF0aWMt
cmVzb3VyY2VzLm5pY2tlbC5ldYIWc3RvcmVsb2NhdG9yLm5pY2tlbC5ldYIXc3Vi
LXVhdC5wcmltZWJyb2tlci5jb22CE3N1Yi5wcmltZWJyb2tlci5jb22CGXRhYmxl
dC1uaWNrZWwuYWJtLXVpZC5jb22CKHRhYmxldG5pY2tlbC1zZXJ2aWNlLnN0YWdp
bmcuYWJtLXVpZC5jb22CH3Rlcm1pbmFsLXBvcnRhbC5hbHBoYS5uaWNrZWwuZXWC
GXRlcm1pbmFsLXBvcnRhbC5uaWNrZWwuZXWCEnRyYWluaW5nLm5pY2tlbC5ldYId
d2ViZG9jLWFsZ2VyaWUuYm5wcGFyaWJhcy5uZXSCIXdlYmRvYy1leHBlLWJpY2lj
aS5ibnBwYXJpYmFzLmNvbYIRd2VsY29tZS5uaWNrZWwuZXWCGHdpZGdldHMuY29t
cHRlLW5pY2tlbC5mcoIYd3MtZXh0LWJpbWVkaWEubmlja2VsLmV1ghh3cy1leHQt
ZXNlbmRleC5uaWNrZWwuZXWCGHdzLWV4dC1pbmZvYmlwLm5pY2tlbC5ldYIXd3Mt
ZXh0LW1vbmV4dC5uaWNrZWwuZXWCH3dzLWV4dC1vbmZpZG8uc3RhZ2luZy5uaWNr
ZWwuZXWCF3dzLWV4dC1waW5zbXMubmlja2VsLmV1ghp3cy1leHQtd2ViYXBwc3Zp
Lm5pY2tlbC5ldYIcd3MtZXh0LXdlYmFwcHRpYmNvLm5pY2tlbC5ldYIYd3MtZXh0
LXplbmRlc2submlja2VsLmV1giF3cy5kZW1vLnN0YWdpbmcuaWNhcmUtc2Vydmlj
ZS5jb22CLnd3dy5hcmVhLXBlcnNvbmFsZS5zdGFnaW5nLmJucHBhcmliYXNjYXJk
aWYuaXSCEHd3dy5hc3N1cmFuY2UuZnKCDnd3dy5jZXRlbGVtLmZyghR3d3cuY29t
cHRlLW5pY2tlbC5mcoIqd3d3LmVzcGFjZS1pbmRlbW5pc2F0aW9uLWMwMy1yZWMu
Y2FyZGlmLmZygh53d3cuaGRwbHVzaW5kZXguYm5wcGFyaWJhcy5jb22CE3d3dy5o
ZHBsdXNpbmRleC5jb22CIXd3dy53ZWJkb2MtYWxnZXJpZS5ibnBwYXJpYmFzLm5l
dIIld3d3LndlYmRvYy1leHBlLWJpY2ljaS5ibnBwYXJpYmFzLmNvbTAOBgNVHQ8B
Af8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGPBgNVHR8E
gYcwgYQwQKA+oDyGOmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRM
U1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2lj
ZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwPgYDVR0g
BDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2Vy
dC5jb20vQ1BTMH8GCCsGAQUFBwEBBHMwcTAkBggrBgEFBQcwAYYYaHR0cDovL29j
c3AuZGlnaWNlcnQuY29tMEkGCCsGAQUFBzAChj1odHRwOi8vY2FjZXJ0cy5kaWdp
Y2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAkGA1Ud
EwQCMAAwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAF2l
pnlxB0+vOUUinFXwVgse6syYmPGhhyfVda9ifxBza6ksBx/0C1z/PrUBounomExE
gJ3K/Zu5vzFIj8zcUwWKFrtDIii+JlY05dlhwneFlhxczDcVqozj6HwmP6a5lVCx
H95xJzYlklQ0hWAIRQNzPqx934FCqzlzVG7RC9w1CshBfkKiglWMKxNZFj+pcKvs
U9vH1bzbzxQ+vqt8PHlnSWUm0kwywu54JojhPyeci2J31mApx8bLkMCLJnvkmxb7
Rt/srAv/zlMTzpfSts/6JnQaxCHZZOb209tRGyXlvIcAw5qX6BmINo9+N4eBqLBI
UBOSNVmVLIXMBHmRb5Y=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBCm43QuXzEojVvU1bMWXTpjRHyaO
kkBtk9c9+PSuWnE4AnqBFIKD38Ah/6bMfD9VU2Ob0FQzlYZU1PjuvM9H7Q==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15569181644657080937154031336260807317
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-06-13 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-03-22 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ile de France'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'MONTREUIL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BNP PARIBAS SA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'bnp09s.bnpparibas.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.2.1 (ecPublicKey)
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.3.1.7 (prime256v1)
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (520 bits)
				00040429b8dd0b97cc4a2356f5356cc5974e98d11f268e92406d93d73df8f4ae5a7138027a81148283dfc021ffa6cc7c3f5553639bd05433958654d4f8eebccf47ed
 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f60afd7e34e70332c65e8116036554c6b93546ca
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2469 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bnp09s.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api-psd2.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'app.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'area-personale.staging.bnpparibascardif.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'assurance.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'back-bo.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'back-bo.alpha.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bo-menu.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bo-nickel.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bo-nickel.staging.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'borne-choix-service.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cetelem.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cmonbusiness.bnpparibas-pf.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'customer-auth.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'customer-calls-bo.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'customer-forms.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'devenir-distributeur.compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'employee-auth.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'espace-indemnisation-c03-rec.cardif.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'formation-borne.compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'formation-buraliste-bo-es.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'formation-buraliste-bo-fr.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'formation-buraliste-terminal-fr.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'formation-buraliste-web-es.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'formation-buraliste-web-fr.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'formation-managment.compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'formation.compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'front-bo.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'front-bo.alpha.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hdplusindex.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hdplusindex.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mailbot-api.compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mon-compte-nickel.staging.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mon.compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'monespace.compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mpad-prod.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onetrust.cardif.com.tw'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'portail-borne.compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pos-management.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prescripteur.souscription-vat.neuges.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prescripteur.souscription.neuges.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pro.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'proctechtool.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recette.prescripteur.souscription.neuges.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'resources.compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sell.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sfs.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'simulationcg-pp-assurance.cardif.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'souscription-borne.compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'souscription-totem.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'souscription.compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'souscription.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'static-resources.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'storelocator.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sub-uat.primebroker.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sub.primebroker.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tablet-nickel.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tabletnickel-service.staging.abm-uid.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'terminal-portal.alpha.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'terminal-portal.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'training.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webdoc-algerie.bnpparibas.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webdoc-expe-bicici.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'welcome.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'widgets.compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws-ext-bimedia.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws-ext-esendex.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws-ext-infobip.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws-ext-monext.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws-ext-onfido.staging.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws-ext-pinsms.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws-ext-webappsvi.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws-ext-webapptibco.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws-ext-zendesk.nickel.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws.demo.staging.icare-service.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.area-personale.staging.bnpparibascardif.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.assurance.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cetelem.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.compte-nickel.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.espace-indemnisation-c03-rec.cardif.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hdplusindex.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hdplusindex.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.webdoc-algerie.bnpparibas.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.webdoc-expe-bicici.bnpparibas.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (1 bits)
							0780
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (115 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		005da5a67971074faf3945229c55f0560b1eeacc9898f1a18727d575af627f10736ba92c071ff40b5cff3eb501a2e9e8984c44809dcafd9bb9bf31488fccdc53058a16bb432228be265634e5d961c27785961c5ccc3715aa8ce3e87c263fa6b99550b11fde712736259254348560084503733eac7ddf8142ab3973546ed10bdc350ac8417e42a282558c2b1359163fa970abec53dbc7d5bcdbcf143ebeab7c3c7967496526d24c32c2ee782688e13f279c8b6277d66029c7c6cb90c08b267be49b16fb46dfecac0bffce5313ce97d2b6cffa26741ac421d964e6f6d3db511b25e5bc8700c39a97e81988368f7e378781a8b0485013923559952c85cc0479916f96