ma.aarpmedicareplans.com

Issued by GeoTrust Global TLS RSA4096 SHA256 2022 CA1

About this certificate

This digital certificate with serial number 0b:0f:8b:d9:14:91:41:4d:3d:8a:32:22:8e:74:03:db was issued on by DigiCert, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=ma.aarpmedicareplans.com

DigiCert, Inc.

Organization: DigiCert, Inc.
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0b:0f:8b:d9:14:91:41:4d:3d:8a:32:22:8e:74:03:db
Serial Number (int): 14702228860323573012846136289490371547
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: b5:25:ee:a8:6a:9c:ef:92:ea:cc:3c:55:99:98:68:4c:3f:9b:c0:89
AuthorityKeyId: a5:b4:d6:eb:36:c4:e7:6b:a6:df:c4:64:0b:01:2a:20:04:b8:66:23

Fingerprint (sha1): a7:c2:e1:46:40:14:93:71:05:3a:24:d4:4e:4c:61:ca:5e:dc:61:5d
Fingerprint (sha256): 13:f8:f5:61:8d:2e:a7:1d:ca:76:8b:d4:f3:71:3c:5a:ad:b3:26:d1:60:43:04:05:2c:bd:fb:53:0a:cc:62:77

Issuing Certificate URL: http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl
CRL Distribution Point: http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl

Check the revocation status for certificate ma.aarpmedicareplans.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ma.aarpmedicareplans.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ma.aarpmedicareplans.com

Other certificates including the domain name aarpmedicareplans.com

(limited to 100 certificates)
5767409591910400-fe4.pantheonsite.io
ma.aarpmedicareplans.com
offline-mnrgeneric.uhc.com
pdp.aarpmedicareplans.com
5638916786880512-fe1.pantheonsite.io
caid.uhccommunityplan.com
5767409591910400-fe4.pantheonsite.io
offline.uhcmedicaresolutions.com
gpd-acq-azure.optum.com
ma.aarpmedicareplans.com
dlm-mnrfed.uhcsouthflorida.com
www.uhcmedicaresolutions.com
mnrgeneric.uhc.com
5638916786880512-fe1.pantheonsite.io
www.uhcmedicaresolutions.com
5638916786880512-fe1.pantheonsite.io
info.aarpmedicareplans.com
caid.uhccommunityplan.com
5638916786880512-fe1.pantheonsite.io
5638916786880512-fe1.pantheonsite.io
mars.aarpmedicareplans.com
5638916786880512-fe1.pantheonsite.io
microsites-prod-externalprodv2.aemprod.optum.com
gpd-acq-azure.optum.com
renew.aarpmedicareplans.com
roadtripreunion.aarpmedicareplans.com
www.aarpmedicareplans.com
mnrgeneric2.uhc.com
ma.aarpmedicareplans.com
mnrgeneric.uhc.com
www.aarpmedicareplans.com
visualizeyou.member.aarpmedicareplans.com
www.aarpmedicareplans.com
renew.aarpmedicareplans.com
info.aarpmedicareplans.com
caid.uhccommunityplan.com
offline.aarpmedicareplans.com
caid.uhccommunityplan.com
5767409591910400-fe4.pantheonsite.io
www.aarpmedicareplans.com
mnrgeneric2.uhc.com
renew.aarpmedicareplans.com
www.uhcmedicaresolutions.com
5767409591910400-fe4.pantheonsite.io
mnrgeneric.uhc.com
5638916786880512-fe1.pantheonsite.io
offline.uhcmedicaresolutions.com
www.uhcmedicaresolutions.com
hl.member.aarpmedicareplans.com
offline.uhcmedicaresolutions.com
mnrgeneric2.uhc.com
5767409591910400-fe4.pantheonsite.io
planselector.aarpmedicareplans.com
microsites-prod-externalprodv5.aemprod.optum.com
offline.uhcmedicaresolutions.com
advisor.aarpmedicareplans.com
www.uhcmedicaresolutions.com
5638916786880512-fe1.pantheonsite.io
hl-shra.member.aarpmedicareplans.com
5767409591910400-fe4.pantheonsite.io
5767409591910400-fe4.pantheonsite.io
pdp.aarpmedicareplans.com
caid.uhccommunityplan.com
www.uhcmedicaresolutions.com
caid.uhccommunityplan.com
offline-mnrgeneric.uhc.com
5767409591910400-fe4.pantheonsite.io
offline.aarpmedicareplans.com
mnrgeneric.uhc.com

info.aarpmedicareplans.com
5638916786880512-fe1.pantheonsite.io
info.aarpmedicareplans.com
www.uhcmedicaresolutions.com
5767409591910400-fe4.pantheonsite.io
renew.aarpmedicareplans.com
mnrgeneric.uhc.com
5767409591910400-fe4.pantheonsite.io
microsites-prod-externalprodv3.aemprod.optum.com
mnrgeneric2.uhc.com
5638916786880512-fe1.pantheonsite.io
5638916786880512-fe1.pantheonsite.io
offline-mnrgeneric2.uhc.com
5767409591910400-fe4.pantheonsite.io
offline.uhcmedicaresolutions.com
hl.member.aarpmedicareplans.com
ma.aarpmedicareplans.com
5767409591910400-fe4.pantheonsite.io
renew.aarpmedicareplans.com
5638916786880512-fe1.pantheonsite.io
5767409591910400-fe4.pantheonsite.io
mnrgeneric.uhc.com
www.uhcmedicaresolutions.com
5638916786880512-fe1.pantheonsite.io
offline.uhcmedicaresolutions.com
gpd-acq-azure.optum.com
5767409591910400-fe4.pantheonsite.io
5638916786880512-fe1.pantheonsite.io
offline-mnrgeneric2.uhc.com
5767409591910400-fe4.pantheonsite.io

Certificate

The complete raw certificate details for ma.aarpmedicareplans.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHoDCCBYigAwIBAgIQCw+L2RSRQU09ijIijnQD2zANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT
K0dlb1RydXN0IEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN
MjQwNDIzMDAwMDAwWhcNMjQxMDIzMjM1OTU5WjAjMSEwHwYDVQQDExhtYS5hYXJw
bWVkaWNhcmVwbGFucy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCrAhyootl1ZguGr81e5+wRmx93MfsAG18efBevpEvLLYfEZapnKd+7k6lVorSC
4gPwz8+64lREBWVKCcpsS8dNjcROHFQKqMdwgTe0vCqzr2JRSfF3xpwlvzwuLpN4
sYvUzbw4kpiCx5G1pu2Ah1dzxB6wiC/F6yviSHHVNlNnCF0MkIoL33k8aoOqDvZH
v4/VktTNQEe13N29rPeT4ea1l7kBNwx3herd0P0clhHnmP9KIfjmDpX5sFaHRFrG
QExTcKE88ZRUExG3dih6nGQhvC4z9vO7eVGJUJIF4lVixlrIxOY8KIDToTnPMNl9
c7VeFKOiUzJyNhwj6ghPxYX5AgMBAAGjggOVMIIDkTAfBgNVHSMEGDAWgBSltNbr
NsTna6bfxGQLASogBLhmIzAdBgNVHQ4EFgQUtSXuqGqc75LqzDxVmZhoTD+bwIkw
IwYDVR0RBBwwGoIYbWEuYWFycG1lZGljYXJlcGxhbnMuY29tMD4GA1UdIAQ3MDUw
MwYGZ4EMAQIBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29t
L0NQUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMIGfBgNVHR8EgZcwgZQwSKBGoESGQmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNv
bS9HZW9UcnVzdEdsb2JhbFRMU1JTQTQwOTZTSEEyNTYyMDIyQ0ExLmNybDBIoEag
RIZCaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0dlb1RydXN0R2xvYmFsVExTUlNB
NDA5NlNIQTI1NjIwMjJDQTEuY3JsMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUH
MAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDov
L2NhY2VydHMuZGlnaWNlcnQuY29tL0dlb1RydXN0R2xvYmFsVExTUlNBNDA5NlNI
QTI1NjIwMjJDQTEuY3J0MAwGA1UdEwEB/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIB
bwSCAWsBaQB3AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABjwpx
JZAAAAQDAEgwRgIhAMD08d5zTz2fMyok27DNhmxwpcdeoSm5TqlJsquwYxW5AiEA
5Ftkug2FY0vhtUqUE8wZWzqKmAHueNEn8mWphXS2dJgAdgBIsONr2qZHNA/lagL6
nTDrHFIBy1bdLIHZu7+rOdiEcwAAAY8KcST3AAAEAwBHMEUCIQCrxxeLDnv4CSpT
Doz7bc32rKBzug/IcyyauQ5BK2S+EgIgbJT8pGnUIpTkTnkG9iYG9VomdYbNg9Tq
HUHAnjm/y6QAdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAY8K
cSTuAAAEAwBHMEUCIBUeTbE1Z5CjgdjeCQbQH0J9T0vF0gax4f73bFofEeLHAiEA
hSOwFDaZ3r+7fNcWuCkvNMgl/lZu5jzt3yjN/3QkOZUwDQYJKoZIhvcNAQELBQAD
ggIBAInY3Sqvni9Cy/tSKZDYc8sMO6xv3X3FV1YczPMsVvk/yrNBIbdcjQjFXQop
mgTDKLe1bO6bRe0XLyy3OnVAQak1k+zJA11cJYpxc/oeJzdgmiurPeoGAwbOulPo
4oW8UxA9cZRRq8Z0V9LwW+y62kqGlZMoYZ5LLb8U42ReiVT/FQSqp1Zyqqx4dqK6
mQtvylmxR/w7SwyJMYQVCU9bPv8bBdCMMHbzs8toKL8Zq+n71dJnrBqw96W7VZf9
zaXeE79veLgEQoMKmdYsWvGO1WKBgE4hVWvNXWMjqKTgg6y7x5KNQ08oUO4t64iE
mLFH+h8CEyFC5rhpIh7XnMFiVDg7cibNFENfFGfs1sLhTCSNkoh7O5AxURhtA49X
tYCz26aqLsTjk6AqZo8uGFd5HNstnAXqlEBfHVfFXYwh6Y8pZjnQBgd1jFHXMsVq
S+tOjRaSCR9oM3qytC9QZ3+GOhdJfxoRT1QjbYlUAF26BTa63GXnfVZRRjc1+KhR
AiDUtRWVsqMj3sdOSMphM74YzEVYLYSrfHMwp4RvynPIk8UFGzx1vaoKFKE0YG2v
CGqhJa/FtaboZNwQuM8UEfW1SE3Yz10gXrLj7EUKCXPq0ZZk/Wh2HGmk9mzPmkCy
YD3zal5WFyUKTfiGyMTyltJNC/6g4cyGfcASVqXYaPJ3v4CF
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwIcqKLZdWYLhq/NXufs
EZsfdzH7ABtfHnwXr6RLyy2HxGWqZynfu5OpVaK0guID8M/PuuJURAVlSgnKbEvH
TY3EThxUCqjHcIE3tLwqs69iUUnxd8acJb88Li6TeLGL1M28OJKYgseRtabtgIdX
c8QesIgvxesr4khx1TZTZwhdDJCKC995PGqDqg72R7+P1ZLUzUBHtdzdvaz3k+Hm
tZe5ATcMd4Xq3dD9HJYR55j/SiH45g6V+bBWh0RaxkBMU3ChPPGUVBMRt3Yoepxk
IbwuM/bzu3lRiVCSBeJVYsZayMTmPCiA06E5zzDZfXO1XhSjolMycjYcI+oIT8WF
+QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 14702228860323573012846136289490371547
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Global TLS RSA4096 SHA256 2022 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-23 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-23 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ma.aarpmedicareplans.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21587791589660151342413165265168165547049348476357646070968616970993291399816530244866498659123627628442138183449035046188380915167285980001307195068960714068841708236403290335081444272057584354465345158059232153091213172493977196424366634284839454720810880760474245081421535983633451323377854075794232036497150532740391853523469142871297305471599670072849498678704511637179084230700619924358878378628251284847487471991922130024682774659362723003310453645062240222269869543710990558592298703734346078843276638992348473024527517491135267166495038030749491771148995162626581933289362607063318155582036147977670334187001
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a5b4d6eb36c4e76ba6dfc4640b012a2004b86623
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b525eea86a9cef92eacc3c559998684c3f9bc089
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ma.aarpmedicareplans.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018f0a7125900000040300483046022100c0f4f1de734f3d9f332a24dbb0cd866c70a5c75ea129b94ea949b2abb06315b9022100e45b64ba0d85634be1b54a9413cc195b3a8a9801ee78d127f265a98574b6749800760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018f0a7124f70000040300473045022100abc7178b0e7bf8092a530e8cfb6dcdf6aca073ba0fc8732c9ab90e412b64be1202206c94fca469d42294e44e7906f62606f55a267586cd83d4ea1d41c09e39bfcba4007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018f0a7124ee00000403004730450220151e4db1356790a381d8de0906d01f427d4f4bc5d206b1e1fef76c5a1f11e2c70221008523b0143699debfbb7cd716b8292f34c825fe566ee63ceddf28cdff74243995
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0089d8dd2aaf9e2f42cbfb522990d873cb0c3bac6fdd7dc557561cccf32c56f93fcab34121b75c8d08c55d0a299a04c328b7b56cee9b45ed172f2cb73a754041a93593ecc9035d5c258a7173fa1e2737609a2bab3dea060306ceba53e8e285bc53103d719451abc67457d2f05becbada4a86959328619e4b2dbf14e3645e8954ff1504aaa75672aaac7876a2ba990b6fca59b147fc3b4b0c89318415094f5b3eff1b05d08c3076f3b3cb6828bf19abe9fbd5d267ac1ab0f7a5bb5597fdcda5de13bf6f78b80442830a99d62c5af18ed56281804e21556bcd5d6323a8a4e083acbbc7928d434f2850ee2deb888498b147fa1f02132142e6b869221ed79cc16254383b7226cd14435f1467ecd6c2e14c248d92887b3b903151186d038f57b580b3dba6aa2ec4e393a02a668f2e1857791cdb2d9c05ea94405f1d57c55d8c21e98f296639d00607758c51d732c56a4beb4e8d1692091f68337ab2b42f50677f863a17497f1a114f54236d8954005dba0536badc65e77d5651463735f8a8510220d4b51595b2a323dec74e48ca6133be18cc45582d84ab7c7330a7846fca73c893c5051b3c75bdaa0a14a134606daf086aa125afc5b5a6e864dc10b8cf1411f5b5484dd8cf5d205eb2e3ec450a0973ead19664fd68761c69a4f66ccf9a40b2603df36a5e5617250a4df886c8c4f296d24d0bfea0e1cc867dc01256a5d868f277bf8085