*.api-np.sncf.fr

- SNCF -

Issued by CLASS 2 KEYNECTIS CA

About this certificate

This digital certificate with serial number 11:21:a1:97:2a:0c:c3:e2:01:cc:cb:c3:62:63:ee:f4:a3:3c was issued on by KEYNECTIS.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Subscriber certificates authorityInformationAccess extension should contain the HTTP URL of the issuing CA’s certificate (BRs: 7.1.2.3)

SNCF

Organization: SNCF
Organization unit: Organization Validated SSL certificate
State / Province: Ile-de-France
Locality: Saint-Denis
Country: FR

KEYNECTIS

Organization: KEYNECTIS
Country: FR

This certificate has expire since

Certificate Details

Serial Number (hex): 11:21:a1:97:2a:0c:c3:e2:01:cc:cb:c3:62:63:ee:f4:a3:3c
Serial Number (int): 1492352969545334736607598984642754254250812
Serial Number lenght: 141 bits, 18 octets

SubjectKeyId: 6f:20:e8:11:85:be:5e:27:d6:7f:82:be:4f:72:2d:ee:45:1c:3c:50
AuthorityKeyId: 00:11:41:df:3b:9d:3b:cb:b8:a2:c1:33:92:a8:81:cc:e5:7d:e7:99

Fingerprint (sha1): 6a:7e:7d:07:57:bb:bb:d5:80:74:38:97:df:7b:4f:fd:98:af:69:8e
Fingerprint (sha256): 13:e3:4d:d8:02:73:6c:90:bf:00:7f:93:1e:64:72:ef:e8:d2:00:a3:63:44:6f:d3:ad:f5:6e:ce:97:d1:bb:bc


Revocation information

OCSP Server: http://ocsp-ssl.certificat2.com/ssl-ocsp
CRL Distribution Point: http://crl-ssl.certificat2.com/keynectis/class2keynectisca.crl

Check the revocation status for certificate *.api-np.sncf.fr

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.api-np.sncf.fr

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.api-np.sncf.fr

Other certificates including the domain name sncf.fr

(limited to 100 certificates)
pre-atlas-travaux.sso.reseau.sncf.fr
*.carmen.sncf.fr
octave-api-dev.sncf.fr
www.EME-portailSSO-sncf.com
*.apps.eul.sncf.fr
vdixenpilote.sncf.fr
cert00089-azurecdn.akamaized.net
formtractiontv.sncf.fr
*.sncfconnect.com
rhobs-archives-dev.sncf.fr
smartoffice.sncf.fr
seminaire-rh-2017.sncf.fr
seminaire-rh-2017.sncf.fr
postprod-pcs-reponse.reseau.sncf.fr
test-slan.sncf.fr
resultats-labo-paris.sncf.fr
cypres-api-int.sncf.fr
matomo.fd.sncf.fr
sncf.com
pmad.reseau.sncf.com
int.auth.sso.reseau.sncf.fr
sncf.com
mattv.sncf.fr
sts.commun.ad.sncf.fr
alerte-transilien.sncf.fr
dev-prospectus.sncf.fr
orion-connect-form.sncf.fr
accessibilite.sncf.com
sources.fd.sncf.fr
monacademie.sncf.fr
pdvf-rec.sncf.fr
cert00089-azurecdn.akamaized.net
robustest-cerbere.dgexsol.sncf.fr
postprod-fit.reseau.sncf.fr
s2if-gie.sncf.com
cert00089-azurecdn.akamaized.net
preprod-pcs-reponse.reseau.sncf.fr
mestrainsdhier.fd.sncf.fr
monacademie.sncf.fr
*.fret.sncf.com
localiter.sncf.fr
bonneannee.sncf.fr
test-slan.sncf.fr
catalogue-formation-fret.sncf.fr
resultats-labo-lyon.sncf.fr
preprod-apies-np.sncf.fr
netkin.eu
laboutiqueeco.sncf.fr
quizrh.sncf.fr
cashsolutions.sncf.fr
enquete-client.dgii.sncf.fr
form-papact.prevention.sncf.fr
*.ase-01-e2-pr.cloud.sncf.fr
poc.portail-citrix.reseau.sncf.fr
moter-recette.sncf.fr
netkin.eu
recette1.ticketing-sncf.vsct.fr
mon-assistant-visuel-int.sncf.fr
veillesst.prevention.sncf.fr
sncfcontact.sncf.fr
form.prevention.sncf.fr
www.srtpf.fr
siph.sso.reseau.sncf.fr
viveletrain-forumemploi.sncf.fr
www.tech.sncf.fr
declic-for.infra.sncf.fr
*.api-np.sncf.fr
*.accessly.divadigital.sncf.fr
int-auth.sso.reseau.sncf.fr
contact-contravention-integration.sncf.fr
recette1.ticketing-sncf.vsct.fr
diva.sncf.fr
dev-apies-np.sncf.fr
matomo.fd.sncf.fr
*.dashboardly.divadigital.sncf.fr
preprod-apies-np.sncf.fr
netkin.eu
hospitalite-france2019.sncf.fr
themis-regles-dev.sncf.fr
design-bootstrap.sncf.fr
mestrainsdhier.fd.sncf.fr
netkin.eu
g11-ref-optimum.sncf.fr
snr.infra.eva.sncf.fr
preprod-stockfds-webapi.prevention.sncf.fr
dev-salto-iamapp.sncf.fr
recette1.ticketing-sncf.vsct.fr
myuds.sncf.fr
*.staging.aks.eul.sncf.fr
ouranos-int.sncf.fr
laboutiqueeco.sncf.fr
oui.sncf
webstats.sncf.fr
cert00089-azurecdn.akamaized.net
e-logement.sncf.fr
rec-beb.basic-ng.exp.reseau.sncf.fr
*.sncfconnect.com
formation-dsdm.reseau.sncf.fr
banque-des-preuves-rse.sncf.fr
sources.fd.sncf.fr

Certificate

The complete raw certificate details for *.api-np.sncf.fr in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgISESGhlyoMw+IBzMvDYmPu9KM8MA0GCSqGSIb3DQEBCwUA
MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKEwlLRVlORUNUSVMxHTAbBgNVBAMTFENM
QVNTIDIgS0VZTkVDVElTIENBMB4XDTE3MDgxODA3NDkyMloXDTE4MDgxOTA3NDky
MlowgZYxCzAJBgNVBAYTAkZSMRYwFAYDVQQIDA1JbGUtZGUtRnJhbmNlMRQwEgYD
VQQHDAtTYWludC1EZW5pczEvMC0GA1UECwwmT3JnYW5pemF0aW9uIFZhbGlkYXRl
ZCBTU0wgY2VydGlmaWNhdGUxDTALBgNVBAoMBFNOQ0YxGTAXBgNVBAMMECouYXBp
LW5wLnNuY2YuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdntZc
ANHXGaVHghor6VWA5vgWSEa4rSiHFe1zI0t24yu/kbvbXSaJTLdEtZHC05s8qODf
ygEDCp3Gl/9sOxerBG/80k7bfXvBWN2FElh+Va45QwEhmZwfLe2Sa+LD0MHCtcBl
vTwWvIZdsgtYfYe8M85RbPpI1AlSGs7DDVdCflJCXWi2+paQKram9vVFP+rpigIc
mMEfXqkcLbxMWQF/TXwfnuE8HwzfjySd2cthmQiUE79W41aOeON4j0rkSB++Q29h
aDE65H1ybUPG0G2Z8B/Qi7j0xYmHQELz9hj0NKj9iHUKLxRIkd+GQsPIcRrg/PF6
4f6IrFNpfPy3nMWJAgMBAAGjggF8MIIBeDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0RBBQw
EoIQKi5hcGktbnAuc25jZi5mcjBPBgNVHR8ESDBGMESgQqBAhj5odHRwOi8vY3Js
LXNzbC5jZXJ0aWZpY2F0Mi5jb20va2V5bmVjdGlzL2NsYXNzMmtleW5lY3Rpc2Nh
LmNybDBEBggrBgEFBQcBAQQ4MDYwNAYIKwYBBQUHMAGGKGh0dHA6Ly9vY3NwLXNz
bC5jZXJ0aWZpY2F0Mi5jb20vc3NsLW9jc3AwRQYDVR0gBD4wPDA6Bg0rBgEEAYGt
WgIFAgUBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cub3BlbnRydXN0LmNvbS9Q
QzAdBgNVHQ4EFgQUbyDoEYW+XifWf4K+T3It7kUcPFAwHwYDVR0jBBgwFoAUABFB
3zudO8u4osEzkqiBzOV955kwDQYJKoZIhvcNAQELBQADggEBAEXgb2AeFhbUmg/4
OAwZchcRwj3fApYdm6IXz/+o2pNT+Z1eG9v8aXr+f10Evnix/eaggC+brhMABl0r
4KJTNGTCcEk1F/IPZV/9WVEbEolN82K28IZYtx15XGFdVz2EQ8ejwTlMlVvMmbgy
f/orRUC/QIbC/xnhkxBZhS1Jbu+scPuhiWIaCE7Nj+W04ct0PTzIMbfFkBhiapwU
iOVEBB8XYnzzpv+If2pXcSMHvyiDssIyw/AUxzN6a/HsoFFYPf+qBZLP0K5RoeRy
GfNrsWBB9PPbmo0/XYOLoQI5M+BrFZUJbEvVB4U0ZvT+19kLbuLrKgHeMSbhoWxQ
xDDqf9k=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZ7WXADR1xmlR4IaK+lV
gOb4FkhGuK0ohxXtcyNLduMrv5G7210miUy3RLWRwtObPKjg38oBAwqdxpf/bDsX
qwRv/NJO2317wVjdhRJYflWuOUMBIZmcHy3tkmviw9DBwrXAZb08FryGXbILWH2H
vDPOUWz6SNQJUhrOww1XQn5SQl1otvqWkCq2pvb1RT/q6YoCHJjBH16pHC28TFkB
f018H57hPB8M348kndnLYZkIlBO/VuNWjnjjeI9K5EgfvkNvYWgxOuR9cm1DxtBt
mfAf0Iu49MWJh0BC8/YY9DSo/Yh1Ci8USJHfhkLDyHEa4PzxeuH+iKxTaXz8t5zF
iQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1492352969545334736607598984642754254250812
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'KEYNECTIS'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CLASS 2 KEYNECTIS CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-08-18 07:49:22 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-08-19 07:49:22 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Ile-de-France'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Saint-Denis'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Organization Validated SSL certificate'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'SNCF'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.api-np.sncf.fr'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19897739491930109373946507618129292284641546708491025399410166966381165924932713837057690181940794319281119109776036662177580740356863698509995642696710706386830530737681046139904039639379323265091416473032415531005830551338028750503159767037020545757197948624199814269820892597374166024127386523760194135361545698829681776710452807733068056653126664182938073631082297133351815450922857042004940695561467778875040995145817455932797819684064064789720998069064684806560990859582752471764484685867559361363340748232592422836760118525806671352260267353362180779752299444766258772330554192166396697037542736662686359930249
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.api-np.sncf.fr'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (72 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl-ssl.certificat2.com/keynectis/class2keynectisca.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp-ssl.certificat2.com/ssl-ocsp'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (62 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.22234.2.5.2.5.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.opentrust.com/PC'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6f20e81185be5e27d67f82be4f722dee451c3c50
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 001141df3b9d3bcbb8a2c13392a881cce57de799
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0045e06f601e1616d49a0ff8380c19721711c23ddf02961d9ba217cfffa8da9353f99d5e1bdbfc697afe7f5d04be78b1fde6a0802f9bae1300065d2be0a2533464c270493517f20f655ffd59511b12894df362b6f08658b71d795c615d573d8443c7a3c1394c955bcc99b8327ffa2b4540bf4086c2ff19e1931059852d496eefac70fba189621a084ecd8fe5b4e1cb743d3cc831b7c59018626a9c1488e544041f17627cf3a6ff887f6a57712307bf2883b2c232c3f014c7337a6bf1eca051583dffaa0592cfd0ae51a1e47219f36bb16041f4f3db9a8d3f5d838ba1023933e06b1595096c4bd507853466f4fed7d90b6ee2eb2a01de3126e1a16c50c430ea7fd9