se3vk030.roche.net
Issued by GeoTrust TLS RSA CA G1
About this certificate
This digital certificate with serial number 03:65:15:6b:52:5d:b0:c5:cf:7e:90:45:dd:9a:78:58 was issued on by DigiCert Inc.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=se3vk030.roche.net
DigiCert Inc
Organization:
DigiCert Inc
Organization unit: www.digicert.com
Organization unit: www.digicert.com
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 03:65:15:6b:52:5d:b0:c5:cf:7e:90:45:dd:9a:78:58Serial Number (int): 4512540403572866612591596881252612184
Serial Number lenght: 122 bits, 16 octets
SubjectKeyId: 1d:53:d7:27:85:04:1a:f4:b8:ef:76:b7:37:50:41:38:60:1c:8c:a6
AuthorityKeyId: 94:4f:d4:5d:8b:e4:a4:e2:a6:80:fe:fd:d8:f9:00:ef:a3:be:02:57
Fingerprint (sha1): ef:1c:ad:ae:57:1a:60:72:d2:51:64:21:70:90:1c:d4:87:c3:52:13
Fingerprint (sha256): 12:d7:89:df:e6:44:09:75:b5:31:b3:47:64:b8:82:e3:88:23:6f:be:09:7c:05:ed:86:92:22:4a:ed:25:6e:47
Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt
Revocation information
OCSP Server: http://status.geotrust.comCRL Distribution Point: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl
Check the revocation status for certificate se3vk030.roche.net
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for se3vk030.roche.net
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
se3vk030.roche.net
www.se3vk030.roche.net
www.se3vk030.roche.net
Other certificates including the domain name roche.net
(limited to 100 certificates)
coaguchek.com
partneraccess.roche.net
sentry-ppe.roche.net
edi2.roche.net
mdm.roche.net
sni.cloudflaressl.com
*.edidev2.roche.net
sg3vk030.roche.net
range.roche.net
sentryasiagmail.roche.net
sentrygmailtest.roche.net
vpn.range.roche.net
*.edidev2.roche.net
remoteaccess.roche.net
*.edi2.roche.net
rosa.roche.net
rkavoglh.roche.net
sni.cloudflaressl.com
se2vk030.roche.net
mdm-test.roche.net
partneraccess.roche.net
remoteaccess.roche.net
esrv-hub-uat.roche.net
*.editest2.roche.net
sni.cloudflaressl.com
editest3.roche.net
se2vk030.roche.net
se3vk030.roche.net
*.edi2.roche.net
sni.cloudflaressl.com
api-home.roche.net
sni.cloudflaressl.com
sni.cloudflaressl.com
sentryasiagmail.roche.net
sni.cloudflaressl.com
sni.cloudflaressl.com
rkavoglh.roche.net
*.rosa.roche.net
prod.rosa.roche.net
sentryemeao365.roche.net
cat.navify.esrv-hub-dev.roche.net
sni.cloudflaressl.com
ridusaxprod.dia.roche.net
aauthctx.roche.net
api-home.roche.net
sni.cloudflaressl.com
api-uat-home.roche.com
roche.net
edidev2.roche.net
*.edi2.roche.net
mb2vk030.roche.net
sentrynalao365.roche.net
roche.net
vpn.range.roche.net
roche.net
api-home.roche.net
roche.net
*.range.roche.net
mdm-dev.roche.net
range.roche.net
home.roche.net
sni.cloudflaressl.com
zh5vk030.roche.net
smartwebpoc.roche.net
roche.net
edi2.roche.net
cat.navify.esrv-hub-dev.roche.net
api-uat-home.roche.net
api-home.roche.net
*.edi2.roche.net
roche.net
api-home.roche.net
*.range.roche.net
sni.cloudflaressl.com
vpn.range.roche.net
remoteaccess.roche.net
sni.cloudflaressl.com
partneraccess.roche.net
esrv-hub-dev.roche.net
sni.cloudflaressl.com
roche.net
*.edidev2.roche.net
businesspartners.roche.net
sni.cloudflaressl.com
mdm-test.roche.net
range.roche.net
*.rosa.roche.net
esrv-hub-uat.roche.net
mb2vk030.roche.net
se2vk030.roche.net
range.roche.net
sni.cloudflaressl.com
uat-home.roche.net
sentry-ppe.roche.net
fr4vk030.roche.net
sni.cloudflaressl.com
sni.cloudflaressl.com
mdm.roche.net
edidev.roche.net
sni.cloudflaressl.com
partneraccess.roche.net
sentry-ppe.roche.net
edi2.roche.net
mdm.roche.net
sni.cloudflaressl.com
*.edidev2.roche.net
sg3vk030.roche.net
range.roche.net
sentryasiagmail.roche.net
sentrygmailtest.roche.net
vpn.range.roche.net
*.edidev2.roche.net
remoteaccess.roche.net
*.edi2.roche.net
rosa.roche.net
rkavoglh.roche.net
sni.cloudflaressl.com
se2vk030.roche.net
mdm-test.roche.net
partneraccess.roche.net
remoteaccess.roche.net
esrv-hub-uat.roche.net
*.editest2.roche.net
sni.cloudflaressl.com
editest3.roche.net
se2vk030.roche.net
se3vk030.roche.net
*.edi2.roche.net
sni.cloudflaressl.com
api-home.roche.net
sni.cloudflaressl.com
sni.cloudflaressl.com
sentryasiagmail.roche.net
sni.cloudflaressl.com
sni.cloudflaressl.com
rkavoglh.roche.net
*.rosa.roche.net
prod.rosa.roche.net
sentryemeao365.roche.net
cat.navify.esrv-hub-dev.roche.net
sni.cloudflaressl.com
ridusaxprod.dia.roche.net
aauthctx.roche.net
api-home.roche.net
sni.cloudflaressl.com
api-uat-home.roche.com
roche.net
edidev2.roche.net
*.edi2.roche.net
mb2vk030.roche.net
sentrynalao365.roche.net
roche.net
vpn.range.roche.net
roche.net
api-home.roche.net
roche.net
*.range.roche.net
mdm-dev.roche.net
range.roche.net
home.roche.net
sni.cloudflaressl.com
zh5vk030.roche.net
smartwebpoc.roche.net
roche.net
edi2.roche.net
cat.navify.esrv-hub-dev.roche.net
api-uat-home.roche.net
api-home.roche.net
*.edi2.roche.net
roche.net
api-home.roche.net
*.range.roche.net
sni.cloudflaressl.com
vpn.range.roche.net
remoteaccess.roche.net
sni.cloudflaressl.com
partneraccess.roche.net
esrv-hub-dev.roche.net
sni.cloudflaressl.com
roche.net
*.edidev2.roche.net
businesspartners.roche.net
sni.cloudflaressl.com
mdm-test.roche.net
range.roche.net
*.rosa.roche.net
esrv-hub-uat.roche.net
mb2vk030.roche.net
se2vk030.roche.net
range.roche.net
sni.cloudflaressl.com
uat-home.roche.net
sentry-ppe.roche.net
fr4vk030.roche.net
sni.cloudflaressl.com
sni.cloudflaressl.com
mdm.roche.net
edidev.roche.net
sni.cloudflaressl.com
Certificate
The complete raw certificate details for se3vk030.roche.net in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFzzCCBLegAwIBAgIQA2UVa1JdsMXPfpBF3Zp4WDANBgkqhkiG9w0BAQsFADBg MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZHZW9UcnVzdCBUTFMgUlNBIENBIEcx MB4XDTI0MDExNzAwMDAwMFoXDTI1MDExNjIzNTk1OVowHTEbMBkGA1UEAxMSc2Uz dmswMzAucm9jaGUubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA xe4i0Jn6k0yHg3oBLxAc5jrB8xm5IKGdJp9nUfhY1diQkXwuBxrJsT/yui4rgkDE ICG1VjIyqKbSr70WMFyGFPq+gBb1J+A5A3zx6GXv6hA2uXYyTp/OCRKdslB5ZUl5 0+VUpEQ5v2g6AgHeZxyqPPhXaYJt+CXfCvDZWZ99piykkBOCYxQueHXSAZb3EeaZ 3iGEiwlYK64ccdfFlWU+OTA2fvYESoN/40jy+p7w6kQUxl7yYOTLIBT5ilOR+lk1 QKCTiipT2krfC6tFslN8pTzzR25ISayh6413PRY077mufTmEqHxfca2OpHKcKDkA 7KvOQNNd26Qp1MPcCACPCVx1JMEu9wuBDTeZwTTSNc0+PtP7FoANlf4I/7dBzEoe Kev26mA9ll87+7Vd1Xxz2iRgx+ALnaXjA2Q6t+be7zalkFwWQpfeuFhSHcmPW2ST DSLXM91zq8qHYn3MV9HSjToQOfoW6+C90d3DpcmA3VP5OP+2lfyjfdzECDf83CR2 +yx4CUSK5lo/As/wIvPOQltiIudteDUzz7HuvypzBBpMFTnHdfVKYV9xw75PLaII ioTuaNrtDr2sI4KQIqfI/8ZSG72QCdpSXRbJt3lrLWJm+cwdeKFzkINPwtXIKzI2 Wzjw8jGODx36NYhupteUAnGFnvD5moGp4pIF+ACx+RkCAwEAAaOCAcYwggHCMB8G A1UdIwQYMBaAFJRP1F2L5KTipoD+/dj5AO+jvgJXMB0GA1UdDgQWBBQdU9cnhQQa 9Ljvdrc3UEE4YByMpjA1BgNVHREELjAsghJzZTN2azAzMC5yb2NoZS5uZXSCFnd3 dy5zZTN2azAzMC5yb2NoZS5uZXQwPgYDVR0gBDcwNTAzBgZngQwBAgEwKTAnBggr BgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQE AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPwYDVR0fBDgwNjA0 oDKgMIYuaHR0cDovL2NkcC5nZW90cnVzdC5jb20vR2VvVHJ1c3RUTFNSU0FDQUcx LmNybDB2BggrBgEFBQcBAQRqMGgwJgYIKwYBBQUHMAGGGmh0dHA6Ly9zdGF0dXMu Z2VvdHJ1c3QuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vY2FjZXJ0cy5nZW90cnVz dC5jb20vR2VvVHJ1c3RUTFNSU0FDQUcxLmNydDAMBgNVHRMBAf8EAjAAMBMGCisG AQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQCwLW3lKRTmHj8+80TZ LtaeD8gGzz1FK5PVtSWA8nxvvtRz/YWbf1bLtlqlqSTOXqdxUPtBNiQbFViawNaV pREluEfZmcYA+7dFWSuWf8UnjlxekGGNcucoRA+kT3WQBZCe+FTt2nikJeEitJJu P04ekXwKFQw4AVlycwjbIzKlv0kavjN8ql+YHobynqLXsiOm0FegOozg/cvJMM8b 0cc4CZ2B6nBL/PTCIGlIlkW87OUvx54bj1AiaYxpc1tCoSFbo9neUGjVh9i0XoDn 84lOxE9THOAAIBYd1633pYENvpRdACxnT2nhua3HyEFr04oclvZwdzVofQR6f3E3 5EtS -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxe4i0Jn6k0yHg3oBLxAc 5jrB8xm5IKGdJp9nUfhY1diQkXwuBxrJsT/yui4rgkDEICG1VjIyqKbSr70WMFyG FPq+gBb1J+A5A3zx6GXv6hA2uXYyTp/OCRKdslB5ZUl50+VUpEQ5v2g6AgHeZxyq PPhXaYJt+CXfCvDZWZ99piykkBOCYxQueHXSAZb3EeaZ3iGEiwlYK64ccdfFlWU+ OTA2fvYESoN/40jy+p7w6kQUxl7yYOTLIBT5ilOR+lk1QKCTiipT2krfC6tFslN8 pTzzR25ISayh6413PRY077mufTmEqHxfca2OpHKcKDkA7KvOQNNd26Qp1MPcCACP CVx1JMEu9wuBDTeZwTTSNc0+PtP7FoANlf4I/7dBzEoeKev26mA9ll87+7Vd1Xxz 2iRgx+ALnaXjA2Q6t+be7zalkFwWQpfeuFhSHcmPW2STDSLXM91zq8qHYn3MV9HS jToQOfoW6+C90d3DpcmA3VP5OP+2lfyjfdzECDf83CR2+yx4CUSK5lo/As/wIvPO QltiIudteDUzz7HuvypzBBpMFTnHdfVKYV9xw75PLaIIioTuaNrtDr2sI4KQIqfI /8ZSG72QCdpSXRbJt3lrLWJm+cwdeKFzkINPwtXIKzI2Wzjw8jGODx36NYhupteU AnGFnvD5moGp4pIF+ACx+RkCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 4512540403572866612591596881252612184 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust TLS RSA CA G1' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-17 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-16 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'se3vk030.roche.net' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 807484842733746373601451663601015664062207941033119210384481319266104812476118001090570172911278722946549280915898102952312590363876171295668014003883417360543460461908577833650922469196388489239185731656905937773532932325262876951852069197605399601313293567119867166735318588220546630460703213943059416226486108745310238971654301283042135323998586581954076979965319447675960807314867331134221090139261315191223242891895764822241089332127870072420249023683635182311333670691499196167515418265958284480667500238920449270418567487275705740908420826997950232007025825351302195843341786711615450385413526919444213940581964234718544250790036729321960997731904602914462379148043763080823111161854834645640894834886003744051489139497645809087187453411396259072509463633314881997365252307101782448264772502407951933042371258280671345375771953687334367169052817575463061219263851481139544813267211878451117458427345619423190462066138886706254250204221940010180705484600679662221788441466608028783948727894914944993021514649558785181062887195559196856485440086643549487453210814756247045905085918472803654086200055305723390590462456209173018220025814361269282469782662306467742349848526460042998163687984025013417581015446575197299587534682393 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 944fd45d8be4a4e2a680fefdd8f900efa3be0257 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 1d53d72785041af4b8ef76b737504138601c8ca6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (46 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'se3vk030.roche.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.se3vk030.roche.net' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00b02d6de52914e61e3f3ef344d92ed69e0fc806cf3d452b93d5b52580f27c6fbed473fd859b7f56cbb65aa5a924ce5ea77150fb4136241b15589ac0d695a51125b847d999c600fbb745592b967fc5278e5c5e90618d72e728440fa44f759005909ef854edda78a425e122b4926e3f4e1e917c0a150c380159727308db2332a5bf491abe337caa5f981e86f29ea2d7b223a6d057a03a8ce0fdcbc930cf1bd1c738099d81ea704bfcf4c22069489645bcece52fc79e1b8f5022698c69735b42a1215ba3d9de5068d587d8b45e80e7f3894ec44f531ce00020161dd7adf7a5810dbe945d002c674f69e1b9adc7c8416bd38a1c96f6707735687d047a7f7137e44b52