securitiesrec.bnpparibas.com

- BNP PARIBAS SA -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 33:ce:8c:6a:86:ca:b0:a9:00:00:00:00:50:e3:4c:f0 was issued on by Entrust, Inc..

With 6 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

BNP PARIBAS SA

Organization: BNP PARIBAS SA
Locality: Montreuil
Country: FR

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 33:ce:8c:6a:86:ca:b0:a9:00:00:00:00:50:e3:4c:f0
Serial Number (int): 68863088915134650341073707667195907312
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 6d:bc:f1:3f:c0:9c:b9:dc:b7:79:13:c2:14:42:1f:1d:c1:7f:9b:8e
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 28:a6:b1:42:92:2c:48:f6:08:88:4f:d9:6d:53:3e:0c:4d:25:27:79
Fingerprint (sha256): 14:14:29:0e:85:21:41:5c:13:fd:6b:c7:84:5b:49:47:67:e4:e7:0d:ac:54:4b:74:69:66:8c:21:87:81:5d:72

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate securitiesrec.bnpparibas.com

6

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for securitiesrec.bnpparibas.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

securitiesrec.bnpparibas.com
org-securitiesrec.bnpparibas.com
securitiesrec.bnpparibas.ch
securitiesrec.bnpparibas.de
securitiesrec.bnpparibas.pl
securitiesrec.bnpparibas.us

Other certificates including the domain name bnpparibas.com

(limited to 100 certificates)
bnp16b.bnpparibas.com
porta.bnpparibas.com
bnp04s.bnpparibas.com
bnp05b.bnpparibas.com
bnp12b.bnpparibas.com
bnp11b.bnpparibas.com
dna-wp.bnpparibas.com
cdx-rec.bnpparibas.com
us-cortex.bnpparibas.com
planetshares-mytools.bnpparibas.com
eqd-globalmarkets.bnpparibas.com
securitiesrec-bluegreen.bnpparibas.com
f17aaabc20bfe045075927934fed52d21.bnpparibas.com
www.vendor-academy.leasingsolutions.bnpparibas.com
www.cards.bnpparibas.com
f17aaabc20bfe045075927934fed52d21.bnpparibas.com
group.bnpparibas.com
indices-globalmarkets.bnpparibas.com
connexissupplychain.uat3.bnpparibas.com
clientportfolio.smartderivatives.bnpparibas.com
us-cortexfx.bnpparibas.com
bnp05s.bnpparibas.com
bnp09b.bnpparibas.com
auth.staging.bnpparibas.com
eqresearch.bnpparibas.com
front-rec.bnpparibas.com
www.gps-protocol.bnpparibas.com
india-netpay.bnpparibas.com
apac-faststream02.bnpparibas.com
bnp03sw.bnpparibas.com
bnp05b.bnpparibas.com
welcome-qual.staging.bnpparibas.com
connexissupplychain.uat1.bnpparibas.com
expe-122-opf.bnpparibas.com
bnp13b.bnpparibas.com
connexistrade-ls.bnpparibas.com
cxt-uat-ls.bnpparibas.com
staging.intdistrib-am.bnpparibas.com
brio.sso-stg.bnpparibas.com
int-qa2-cciweb.bnpparibas.com
sinmail3.asia.bnpparibas.com
bnp06s.bnpparibas.com
bnp05s.bnpparibas.com
2016-u.leasingsolutions.bnpparibas.com
bnp07b.bnpparibas.com
smartderivatives.bnpparibas.com
account.onebank.bnpparibas.com
fr-sdpp-prd-internet-stream01.bnpparibas.com
bnp07b.bnpparibas.com
int-bfx-newscci.bnpparibas.com
bnp03s.bnpparibas.com
bnp19b.bnpparibas.com
marketlinkedproducts.bnpparibas.com
wealthmanagement-staging.bnpparibas.com
wsgateway.bnpparibas.com
jp-cortexfx.bnpparibas.com
bnp01sw.bnpparibas.com
securitiesrec-link.bnpparibas.com
bnp09b.bnpparibas.com
bnp04s.bnpparibas.com
rewardsatwork.be
www.bnpparibas.com.br
spotbuying.mediaprocessing.bnpparibas.com
group.bnpparibas
clientportfolio.smartderivatives.bnpparibas.com
cce.bnpparibas.com
cdc-securities-link.portail-investisseur.com
www.privalto.fr
push.connexiscash.bnpparibas.com
bnp09s.bnpparibas.com
matisse-compta.bnpparibas.com
ews-itg-ext.test.bnpparibas.com
www.primebroker.com
obbligazioni.bnpparibas.com
webtrends.bnpparibas.com
fao.bnpparibas.com
dna-promoter.bnpparibas.com
globalmarkets-pp.bnpparibas.com
bnp09b.bnpparibas.com
bnp04b.bnpparibas.com
bnp03s.bnpparibas.com
push.bnpparibas.com
bnp19b.bnpparibas.com
keys.bnpparibas.com
sinmail4.asia.bnpparibas.com
connexisdirect.api.staging.bnpparibas.com
centric-vasco.bnpparibas.com
securitiesrec-client.bnpparibas.com
tlcx-tempo.bnpparibas.com
bnp19b.bnpparibas.com
bnp06s.bnpparibas.com
oak-extranet.bnpparibas-am.com
otcetrader-globalmarkets.bnpparibas.com
bnp03s.bnpparibas.com
ssoforms.bnpparibas.com
bnp06s.bnpparibas.com
bnp23b.bnpparibas.com
bnp04s.bnpparibas.com
securities.bnpparibas.com
c00f0c4675b91fb8b918e4079a0b1bac1.bnpparibas.com

Certificate

The complete raw certificate details for securitiesrec.bnpparibas.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHzTCCBrWgAwIBAgIQM86MaobKsKkAAAAAUONM8DANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0x
ODA1MzEwNzI2MTdaFw0yMDA1MzEwNzU2MTVaMGExCzAJBgNVBAYTAkZSMRIwEAYD
VQQHEwlNb250cmV1aWwxFzAVBgNVBAoTDkJOUCBQQVJJQkFTIFNBMSUwIwYDVQQD
ExxzZWN1cml0aWVzcmVjLmJucHBhcmliYXMuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAtL0Y89qOJQ7HfRzqAjFwTL3rFN2pacvRcCDW9tleiJPn
klsqdWa29zleJhybSacU3YS1D1lmbWjl7naps8X2s/WJilhfTGcaSW8W/jhSQkM6
NDgteDDhesHZvk8w2FIDjzXa/VwYXwwkw7I3/7sM9iiqzltnWmWopBRanuALT/Cd
kXnGwmhnNk+yKkJ0G+qxfyWbgYrclhNMdNpt753wBInMsYTtWOPaUwRQVNHTJ8TR
OeNl4wTf+nX1y0yKuP0VDzL5AzbXHiqmJNmtdU3IO6G06oNNkDzazU6jeTIOHaDT
tPIJ38Uz8LBuIWm3ZitwXSLmd3knQVknb/nksuI6AwIDAQABo4IEJTCCBCEwgb8G
A1UdEQSBtzCBtIIcc2VjdXJpdGllc3JlYy5ibnBwYXJpYmFzLmNvbYIgb3JnLXNl
Y3VyaXRpZXNyZWMuYm5wcGFyaWJhcy5jb22CG3NlY3VyaXRpZXNyZWMuYm5wcGFy
aWJhcy5jaIIbc2VjdXJpdGllc3JlYy5ibnBwYXJpYmFzLmRlghtzZWN1cml0aWVz
cmVjLmJucHBhcmliYXMucGyCG3NlY3VyaXRpZXNyZWMuYm5wcGFyaWJhcy51czCC
AfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA3esdK3oNT6Ygi4GtgWhwfi6OnQHV
XIiNPRHEzbbsvswAAAFjtTKGbAAABAMARjBEAiBXaK2bfohTXMv3NjutSy7g+KlB
AJwGrR2j0yrvam2xRgIgYXXBYz/7SuH0KDPJlsGjd/TSgv2imR+GGjHqFmd5F3AA
dwBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWO1MoazAAAEAwBI
MEYCIQDEuUwjsXFi1Xn6IbHccmxlcvmUMNIYpXR/AWk2muRhUgIhALtqGfEYGm3M
ij4ciIIuhs0WblDaPeLIFl7JAn7YqeoMAHUAVYHUwhaQNgFK6gubVzxT8MDkOHhw
JQgXL6OqHQcT0wwAAAFjtTKG+QAABAMARjBEAiAwf0J0oDdOpNxAKuW0bXgC9EyP
PC72plL45SowCe28mwIgYNpIF3wexhxBtRuQLLf55WWL2PFM3FSvg8/Y1XtHR9cA
dgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWO1MoasAAAEAwBH
MEUCIQD7ckqKFjAmAYz4u5Y0e62GUWWw4T2T4w83bEh/B/e5QgIgYYGq5aZnYzTs
FPm8BSJiUtSLxyIDQ2p4WSIBUDQkMlswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v
Y3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYKYIZIAYb6
bAoBBTAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAI
BgZngQwBAgIwaAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz
cC5lbnRydXN0Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5l
dC9sMWstY2hhaW4yNTYuY2VyMB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DG
Cky/MB0GA1UdDgQWBBRtvPE/wJy53Ld5E8IUQh8dwX+bjjAJBgNVHRMEAjAAMA0G
CSqGSIb3DQEBCwUAA4IBAQAFCKvQOGrQKHni01azZw6XSEu6U4UOVUpK0/EURRq3
hRqkcRabw8f6Gb8n7UOWcUXJRtLe1oYMmc+1ngHSQWuvKQrbSEW4t7fjZFGh4Vhx
aqJ01Yy3Asz6SsOTzOyT18QW6eDYpVmpkI2IfwVmFiQt3xke+EgW8IETdYs4IV9M
HYma11rIH9As6b0W0WU5tSylQGhuX3owlJGgEHw/5DO3Hg76eJazHM6SQ/jUdRsy
LX04Tmv2Y0fW2NF2JvNaVFmHsxfJFnJbw7Kj28Uz/K0Hu2be1lSVzUEyCsySXl5x
KKRJc8NBKOb0WdLGLMn5EgkV65+ipGklzTr3KotajHTn
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtL0Y89qOJQ7HfRzqAjFw
TL3rFN2pacvRcCDW9tleiJPnklsqdWa29zleJhybSacU3YS1D1lmbWjl7naps8X2
s/WJilhfTGcaSW8W/jhSQkM6NDgteDDhesHZvk8w2FIDjzXa/VwYXwwkw7I3/7sM
9iiqzltnWmWopBRanuALT/CdkXnGwmhnNk+yKkJ0G+qxfyWbgYrclhNMdNpt753w
BInMsYTtWOPaUwRQVNHTJ8TROeNl4wTf+nX1y0yKuP0VDzL5AzbXHiqmJNmtdU3I
O6G06oNNkDzazU6jeTIOHaDTtPIJ38Uz8LBuIWm3ZitwXSLmd3knQVknb/nksuI6
AwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 68863088915134650341073707667195907312
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-05-31 07:26:17 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-05-31 07:56:15 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Montreuil'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BNP PARIBAS SA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'securitiesrec.bnpparibas.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22816142332177198732291431502538330516548891055615342196973458524214841928500712274875428004909439506898364782007051736394743321855143755606829248142048911978225984149574573582397920597350777357079730663393917576875560396668898880553666840396984528388687124132612364472143725973292805967159400519491920680060810629883132364199517529246666403316283042037352994946539624834520770519015271358103942881311380739581023611293970152960815047274542784716800520532389470575356446238535390940751091953823526301903470577825584011132850817103637016732291240241168396463099444843565172948456166684623942155378831899623049648028163
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (183 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securitiesrec.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'org-securitiesrec.bnpparibas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securitiesrec.bnpparibas.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securitiesrec.bnpparibas.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securitiesrec.bnpparibas.pl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securitiesrec.bnpparibas.us'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (485 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (481 bytes)
							01df007500ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc00000163b532866c000004030046304402205768ad9b7e88535ccbf7363bad4b2ee0f8a941009c06ad1da3d32aef6a6db14602206175c1633ffb4ae1f42833c996c1a377f4d282fda2991f861a31ea16677917700077005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd00000163b53286b30000040300483046022100c4b94c23b17162d579fa21b1dc726c6572f99430d218a5747f0169369ae46152022100bb6a19f1181a6dcc8a3e1c88822e86cd166e50da3de2c8165ec9027ed8a9ea0c0075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000163b53286f900000403004630440220307f4274a0374ea4dc402ae5b46d7802f44c8f3c2ef6a652f8e52a3009edbc9b022060da48177c1ec61c41b51b902cb7f9e5658bd8f14cdc54af83cfd8d57b4747d7007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000163b53286ac0000040300473045022100fb724a8a163026018cf8bb96347bad865165b0e13d93e30f376c487f07f7b94202206181aae5a6676334ec14f9bc05226252d48bc72203436a78592201503424325b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6dbcf13fc09cb9dcb77913c214421f1dc17f9b8e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000508abd0386ad02879e2d356b3670e97484bba53850e554a4ad3f114451ab7851aa471169bc3c7fa19bf27ed43967145c946d2ded6860c99cfb59e01d2416baf290adb4845b8b7b7e36451a1e158716aa274d58cb702ccfa4ac393ccec93d7c416e9e0d8a559a9908d887f056616242ddf191ef84816f08113758b38215f4c1d899ad75ac81fd02ce9bd16d16539b52ca540686e5f7a309491a0107c3fe433b71e0efa7896b31cce9243f8d4751b322d7d384e6bf66347d6d8d17626f35a545987b317c916725bc3b2a3dbc533fcad07bb66ded65495cd41320acc925e5e7128a44973c34128e6f459d2c62cc9f9120915eb9fa2a46925cd3af72a8b5a8c74e7