hierarchyapi.onenote.com

- Microsoft Corporation -

Issued by Microsoft Azure TLS Issuing CA 05

About this certificate

This digital certificate with serial number 33:00:d7:b2:a9:15:76:ef:e7:4d:40:e2:cd:00:00:00:d7:b2:a9 was issued on by Microsoft Corporation.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Microsoft Corporation

Organization: Microsoft Corporation
State / Province: WA
Locality: Redmond
Country: US

Microsoft Corporation

Organization: Microsoft Corporation
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 33:00:d7:b2:a9:15:76:ef:e7:4d:40:e2:cd:00:00:00:d7:b2:a9
Serial Number (int): 1137411403314466554566774902601684874457232041
Serial Number lenght: 150 bits, 19 octets

SubjectKeyId: 76:72:4b:22:aa:bb:e7:2f:63:b5:db:5f:ef:5e:49:86:86:37:f7:b6
AuthorityKeyId: c7:b2:9c:7f:1c:e3:b8:5a:ef:e9:68:1a:a8:5d:94:c1:26:52:6a:68

Fingerprint (sha1): df:92:90:84:86:56:a2:7b:5b:c3:32:52:12:dc:57:a5:b7:f4:66:09
Fingerprint (sha256): 13:76:ea:e7:ba:ef:f7:b1:55:5b:31:55:98:f9:76:86:9b:28:53:8c:e9:73:1c:b3:ef:8b:f6:2b:fa:fb:1f:23

Issuing Certificate URL: http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2005%20-%20xsign.crt

Revocation information

OCSP Server: http://oneocsp.microsoft.com/ocsp
CRL Distribution Point: http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20TLS%20Issuing%20CA%2005.crl

Check the revocation status for certificate hierarchyapi.onenote.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for hierarchyapi.onenote.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

12 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

hierarchyapi.onenote.com
*.hierarchyapi.onenote.com

Other certificates including the domain name onenote.com

(limited to 100 certificates)
hierarchyapi.onenote.com
site.edog.onenote.com
apimonolith.onenote.com
mergesync.onenote.com
augmentationbg.onenote.com
contentsync.onenote.com
npkrsag.koreasouth.cloudapp.azure.com
reverseproxy.onenote.com
lookup.onenote.com
lookup.onenote.com
handwritingreco.edog.onenote.com
studentagency.edog.onenote.com
learningtools.onenote.com
apimonolith.onenote.com
handwritingreco.onenote.com
npinwag.westindia.cloudapp.azure.com
cdn.onenote.net
npneuag.northeurope.cloudapp.azure.com
classnotebookapi.edog.onenote.com
augmentationbg.edog.onenote.com
pagecontentretriever.onenote.com
handwritingreco.onenote.com
pagecontentsync.onenote.com
userinfo.onenote.com
pagecontentsync.edog.onenote.com
site.edog.onenote.com
cdn.onenote.net
assignments.onenote.com
nbdistribution.edog.onenote.com
mergesync.onenote.com
pagecontentretriever.onenote.com
npinwag.westindia.cloudapp.azure.com
pagecontentgc.edog.onenote.com
onenoteonlinesync.onenote.com
hierarchyapi.edog.onenote.com
cdn.onenote.net
learningtools.onenote.com
pagecontentgc.onenote.com
appsforoffice.edog.onenote.com
hierarchyapi.onenote.com
npkrcag.koreacentral.cloudapp.azure.com
assignments.onenote.com
handwritingreco.edog.onenote.com
realtimesync.onenote.com
reverseproxy.edog.onenote.com
onenote.com
cdn.onenote.net
npeusag.eastus.cloudapp.azure.com
site.edog.onenote.com
cdn.onenote.net
apiwebhooks.onenote.com
assignments.edog.onenote.com
officeaddins.meetingdetails.onenote.com
cdn.onenote.net
reverseproxy.edog.onenote.com
entitystorage.edog.onenote.com
contentsync.onenote.com
pagecontentretriever.edog.onenote.com
pagecontentgc.onenote.com
bingindexing.edog.onenote.com
pagecontentretriever.onenote.com
officeaddins.meetingdetails.edog.onenote.com
nbdistribution.onenote.com
o365notification.edog.onenote.com
officeaddins.meetingdetails.edog.onenote.com
educonnect.assignments.onenote.com
npkrcag.koreacentral.cloudapp.azure.com
niscusag.southcentralus.cloudapp.azure.com
whiteboard.edog.onenote.com
site-cdn.onenote.net
notificationshub.edog.onenote.com
pagecontentgc.onenote.com
npjpeag.japaneast.cloudapp.azure.com
userinfo.onenote.com
hierarchyretriever.onenote.com
userinfo.edog.onenote.com
appsforoffice.onenote.com
niscusag.southcentralus.cloudapp.azure.com
pagecontentgc.onenote.com
site-cdn.onenote.net
npneuag.northeurope.cloudapp.azure.com
classnotebookapi.edog.onenote.com
cdn.onenote.net
lookup.edog.onenote.com
apiwebhooks.onenote.com
mergesync.edog.onenote.com
onenoteonlinesync.edog.onenote.com
edunotebookssite.onenote.com
reverseproxy.onenote.com
lookup.edog.onenote.com
onenote.com
educonnect.assignments.onenote.com
pagecontentgc.edog.onenote.com
bingindexing.onenote.com
lookup.onenote.com
pagecontentsync.onenote.com
nineuag.northeurope.cloudapp.azure.com
lookup.edog.onenote.com
lookup.edog.onenote.com
reverseproxy.onenote.com

Certificate

The complete raw certificate details for hierarchyapi.onenote.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIgzCCBmugAwIBAgITMwDXsqkVdu/nTUDizQAAANeyqTANBgkqhkiG9w0BAQwF
ADBZMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MSowKAYDVQQDEyFNaWNyb3NvZnQgQXp1cmUgVExTIElzc3VpbmcgQ0EgMDUwHhcN
MjMwOTI3MDA1NTQ1WhcNMjQwNjI3MjM1OTU5WjBvMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCV0ExEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD
b3Jwb3JhdGlvbjEhMB8GA1UEAxMYaGllcmFyY2h5YXBpLm9uZW5vdGUuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIgbyi/VW3342EOqbkZwRqMH
BvTi6/Dvg1Q+KVb5RLZb0RW6MZMvrBworc/TMfSQ8DSW3FQyUX2jOngaJvto1W/A
ywD2su0iqSge5sLI9dVWRPZof8yH7V2TL+D7jWh70aqJrkXBoK0lidkz/faeK+Ms
nkWb45Gx0mxCZOE3Vih1rbYyqpvPfTHShgKgtNQwh2AWwbTgD5xQud6D9TxPPMow
0wSFqk/0wGegqfl9lb8Pe3VVYrh/oE6dEHlIrUS8feOby4BCiFHJVia0VLjmGORD
HDlPpOIFfY8cbnLI/8bagZ5Q8dOiWlE1xHwOs7BjsJqYlUSL0T1bdyNlrkXJDQID
AQABo4IELDCCBCgwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2AHb/iD8KtvuV
UcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABitQrtpAAAAQDAEcwRQIhAMWzE1DW
mvy/7FOoAJcKkpe/NHMflzDodMQNPtranpewAiAwVrSPiYUHQaH5ogClfSl5Jakv
ALGdChT/Ur9Iq2oRZgB3ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/ur
AAABitQrtusAAAQDAEgwRgIhAIEduJyXFG+HXKk7nS6WXSvIsQDJdFHf6bf85t9H
jq2AAiEAnC2TpkV01yElcoYvBwwXcAJAV3rR9xdT5omJpw7TEwUAdwBIsONr2qZH
NA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAYrUK7dxAAAEAwBIMEYCIQDctJCv
Wt3lTKoVus1Nt4PwV8ETuR9FH6RgmIY4NwMRBQIhAP8onAozkjAideZja2Eg1VsE
0XEAwtREwrH9d/kce8QCMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYI
KwYBBQUHAwEwPAYJKwYBBAGCNxUHBC8wLQYlKwYBBAGCNxUIh73XG4Hn60aCgZ0u
jtAMh/DaHV2ChOVpgvOnPgIBZAIBJjCBrgYIKwYBBQUHAQEEgaEwgZ4wbQYIKwYB
BQUHMAKGYWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWlj
cm9zb2Z0JTIwQXp1cmUlMjBUTFMlMjBJc3N1aW5nJTIwQ0ElMjAwNSUyMC0lMjB4
c2lnbi5jcnQwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vbmVvY3NwLm1pY3Jvc29mdC5j
b20vb2NzcDAdBgNVHQ4EFgQUdnJLIqq75y9jtdtf715JhoY397YwDgYDVR0PAQH/
BAQDAgWgMD8GA1UdEQQ4MDaCGGhpZXJhcmNoeWFwaS5vbmVub3RlLmNvbYIaKi5o
aWVyYXJjaHlhcGkub25lbm90ZS5jb20wDAYDVR0TAQH/BAIwADBkBgNVHR8EXTBb
MFmgV6BVhlNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNy
b3NvZnQlMjBBenVyZSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDA1LmNybDBmBgNV
HSAEXzBdMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3
Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EM
AQICMB8GA1UdIwQYMBaAFMeynH8c47ha7+loGqhdlMEmUmpoMB0GA1UdJQQWMBQG
CCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQwFAAOCAgEAYM0yrZ1Ds4DK
4n4DnJwMMiEjusPcOONWZ8tLr7aXt7pQbxinfMLqHCbjFotxCCWMTdGtXNHRDkGD
8d5wHG/oMaZHZZmN2q3cvn1xKvDbj0nsZ1AyZtej9kWrVCNtGLz4kSy+7iJzgA2K
DZsO2CWDo37jMpDqgcitkZ78ORpcRoB1B7hW8zjqfen89rEOV2fgQ4KYWwU+yelw
6ySOxp0s4JM/KIQFeEwnxItHUxdpL+TGd9iv8wUJ89+0ELg6b7TgAJVqKNHEq1Gm
Cmmg4cwGjMNws/ha7VhL3LX2ZCSXPFVU4veg2B77SzdfDQuRGfS4wfm9ZBmL9KOJ
aKZ6UiAyR1/8tuVOWHvDXF9nlcZ4tQOKWs5Roh2+GplHwDKkVBeEcSrwmYBA9YeC
iihVTq2L+FVegI5OE4+GtDMM6XlV8UzGgE+SBzzcyaAhD/q2cgRl6KJUzVHJqJbg
WIlaExaTNi2a8zg10eYzbfC5m5REv6KWJhzDw7SJMXD5QlKXR928K/gAnQiNozhd
sMPg1yA9twtP8Af3JqG6RRTP81mOl/yqiGobthzp/oMSQY/bK1zz7H6ZsIgsvEmv
hgYpn0O0KGJoC/fVjS5yHIPl37kCHKk5+47jg6jlKRp7z2SysgzirgoejPtbBY5+
uL8IGZXEXTlCshydmS9sIo7vp5gVGl8=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIgbyi/VW3342EOqbkZw
RqMHBvTi6/Dvg1Q+KVb5RLZb0RW6MZMvrBworc/TMfSQ8DSW3FQyUX2jOngaJvto
1W/AywD2su0iqSge5sLI9dVWRPZof8yH7V2TL+D7jWh70aqJrkXBoK0lidkz/fae
K+MsnkWb45Gx0mxCZOE3Vih1rbYyqpvPfTHShgKgtNQwh2AWwbTgD5xQud6D9TxP
PMow0wSFqk/0wGegqfl9lb8Pe3VVYrh/oE6dEHlIrUS8feOby4BCiFHJVia0VLjm
GORDHDlPpOIFfY8cbnLI/8bagZ5Q8dOiWlE1xHwOs7BjsJqYlUSL0T1bdyNlrkXJ
DQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1137411403314466554566774902601684874457232041
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Azure TLS Issuing CA 05'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-27 00:55:45 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-27 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'WA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'hierarchyapi.onenote.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25819731842500759499457948422552373808510655725565130162790252739672450329343126800727412610917110281011859188705967798969103192571165064388002806124424583395229668964280222123093535152830079284283457852250618634501767935664364076165883428314515916636786380572842329975172618992599836244709954754777968516877261185529002916815399331880050580552965332855558619794809269739922670983680488923233014596321435039572209214532177329430002573936021845039201850575564544565824762129304198504227381547477692509067119906864274237507277017688831599820985402438294266882008129984530440811806389677192802703348193249147324463433997
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a00760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018ad42bb6900000040300473045022100c5b31350d69afcbfec53a800970a9297bf34731f9730e874c40d3edada9e97b002203056b48f89850741a1f9a200a57d297925a92f00b19d0a14ff52bf48ab6a1166007700dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018ad42bb6eb0000040300483046022100811db89c97146f875ca93b9d2e965d2bc8b100c97451dfe9b7fce6df478ead800221009c2d93a64574d7212572862f070c17700240577ad1f71753e68989a70ed3130500770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018ad42bb7710000040300483046022100dcb490af5adde54caa15bacd4db783f057c113b91f451fa46098863837031105022100ff289c0a3392302275e6636b6120d55b04d17100c2d444c2b1fd77f91c7bc402
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (47 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.15690651.3798470.4214446.239628.16526621.93.4272873.6083518
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 38
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (161 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2005%20-%20xsign.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://oneocsp.microsoft.com/ocsp'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							76724b22aabbe72f63b5db5fef5e49868637f7b6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hierarchyapi.onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hierarchyapi.onenote.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (93 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20TLS%20Issuing%20CA%2005.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (95 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.76.509.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pkiops/Docs/Repository.htm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c7b29c7f1ce3b85aefe9681aa85d94c126526a68
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0060cd32ad9d43b380cae27e039c9c0c322123bac3dc38e35667cb4bafb697b7ba506f18a77cc2ea1c26e3168b7108258c4dd1ad5cd1d10e4183f1de701c6fe831a64765998ddaaddcbe7d712af0db8f49ec67503266d7a3f645ab54236d18bcf8912cbeee2273800d8a0d9b0ed82583a37ee33290ea81c8ad919efc391a5c46807507b856f338ea7de9fcf6b10e5767e04382985b053ec9e970eb248ec69d2ce0933f288405784c27c48b475317692fe4c677d8aff30509f3dfb410b83a6fb4e000956a28d1c4ab51a60a69a0e1cc068cc370b3f85aed584bdcb5f66424973c5554e2f7a0d81efb4b375f0d0b9119f4b8c1f9bd64198bf4a38968a67a522032475ffcb6e54e587bc35c5f6795c678b5038a5ace51a21dbe1a9947c032a4541784712af0998040f587828a28554ead8bf8555e808e4e138f86b4330ce97955f14cc6804f92073cdcc9a0210ffab6720465e8a254cd51c9a896e058895a131693362d9af33835d1e6336df0b99b9444bfa296261cc3c3b4893170f942529747ddbc2bf8009d088da3385db0c3e0d7203db70b4ff007f726a1ba4514cff3598e97fcaa886a1bb61ce9fe8312418fdb2b5cf3ec7e99b0882cbc49af8606299f43b42862680bf7d58d2e721c83e5dfb9021ca939fb8ee383a8e5291a7bcf64b2b20ce2ae0a1e8cfb5b058e7eb8bf081995c45d3942b21c9d992f6c228eefa798151a5f