kyc.sgmarkets.com

- Societe Generale -

Issued by DigiCert SHA2 Secure Server CA

About this certificate

This digital certificate with serial number 02:ff:f0:be:05:67:a3:17:0b:5d:24:7b:53:cb:4f:27 was issued on by DigiCert Inc.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Societe Generale

Organization: Societe Generale
Organization unit: DTZONE
Locality: PARIS
Country: FR

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 02:ff:f0:be:05:67:a3:17:0b:5d:24:7b:53:cb:4f:27
Serial Number (int): 3987374523824681481566485213635890983
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: a1:8c:33:30:9c:37:2a:7b:d9:09:6e:4e:b8:13:26:53:50:34:1f:f5
AuthorityKeyId: 0f:80:61:1c:82:31:61:d5:2f:28:e7:8d:46:38:b4:2c:e1:c6:d9:e2

Fingerprint (sha1): a4:71:df:57:15:1e:eb:2d:1d:25:52:b8:57:8d:ce:29:76:7c:fa:bd
Fingerprint (sha256): 14:4a:07:af:41:6e:0b:55:9a:b2:2e:09:6d:d6:49:95:da:b3:00:1b:ab:c5:e1:08:d3:0c:56:44:74:f7:15:bb

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/ssca-sha2-g6.crl
CRL Distribution Point: http://crl4.digicert.com/ssca-sha2-g6.crl

Check the revocation status for certificate kyc.sgmarkets.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for kyc.sgmarkets.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

kyc.sgmarkets.com

Other certificates including the domain name sgmarkets.com

(limited to 100 certificates)
rfp.sgmarkets.com
youtrack-api.sgmarkets.com
fic-uatrc.sgmarkets.com
shared.sgmarkets.com
nirvana-nycprimary.sgmarkets.com
*.sgmarkets.com
riskworkflows.sgmarkets.com
volhub.sgmarkets.com
shared.sgmarkets.com
ic.sgmarkets.com
sp-docapi.sgmarkets.com
sgmarkets.com
custody.sgmarkets.com
sgmarkets.com
Stratlab.sgmarkets.com
cty.sgmarkets.com
myhedge-staging.sgmarkets.com
crossborder-uat.sgmarkets.com
eqdflow-uat.sgmarkets.com
lab.sgmarkets.com
gbds-uat.sgmarkets.com
nirvana-hkprimary.sgmarkets.com
1dfinancing.sgmarkets.com
tradematch-api.sgmarkets.com
Mybilling-h.sgmarkets.com
valuation.sgmarkets.com
myoprisk-h.sgmarkets.com
ushronboard-dev.sgmarkets.com
www.warrants.com
api-z-dev.sgmarkets.com
dt.sgmarkets.com
cty.sgmarkets.com
SSO.sgmarkets.com
riskworkflows.sgmarkets.com
riskworkflows-beta.sgmarkets.com
sso-cert.sgmarkets.com
emars.sgmarkets.com
www.societegenerale.fi
techweek.sgmarkets.com
eqd-uatrc.sgmarkets.com
design.sgmarkets.com
myoprisk.sgmarkets.com
myhedge.sgmarkets.com
riskworkflows-beta.sgmarkets.com
sp-preview.sgmarkets.com
t.sgmarkets.com
billing-v2-h.sgmarkets.com
ic.sgmarkets.com
fic-devint.sgmarkets.com
lisa-preview.sgmarkets.com
sso-uat.sgmarkets.com
cty.sgmarkets.com
kyc.sgmarkets.com
selfcare-hom.sgmarkets.com
finestrat.sgmarkets.com
sgmarkets.com
cty.sgmarkets.com
www.warrants.com
t-monitoring-web-shared.sgmarkets.com
dview.sgmarkets.com
cprofit-datacollect.sgmarkets.com
listedstructuredproducts.com
ic.sgmarkets.com
riskworkflows.sgmarkets.com
Stratlab.sgmarkets.com
crossassetfinancing.sgmarkets.com
cty.sgmarkets.com
cprofit-correction-uat.sgmarkets.com
securitiesservices-api.sgmarkets.com
analytics.sgmarkets.com
analytics.sgmarkets.com
static.sgmarkets.com
advisoryfinancing.sgmarkets.com
listedstructuredproducts.com
www.warrants.com
securitieslending.sgmarkets.com
t-apigateway-kong-test.sgmarkets.com
confirmation.sgmarkets.com
t-helpcenter-widget.sgmarkets.com
design.sgmarkets.com
smartcash-uat.sgmarkets.com
www.warrants.com
tradematch-api.sgmarkets.com
nirvana-parprimary.sgmarkets.com
api-z.sgmarkets.com
developer.sgmarkets.com
api-z-dev.sgmarkets.com
emars.sgmarkets.com
1dfinancing-api.sgmarkets.com
stratlab.sgmarkets.com
sso.sgmarkets.com
creditportfolio-demo.sgmarkets.com
test.sgmarkets.com
Api.sgmarkets.com
advisoryfinancing.sgmarkets.com
www.warrants.com
analytics-webwizard.sgmarkets.com
sso-cert.sgmarkets.com
valuation.sgmarkets.com
www.warrants.com

Certificate

The complete raw certificate details for kyc.sgmarkets.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIQAv/wvgVnoxcLXSR7U8tPJzANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwNDAzMDAwMDAwWhcN
MjAwNDAzMTIwMDAwWjBlMQswCQYDVQQGEwJGUjEOMAwGA1UEBxMFUEFSSVMxGTAX
BgNVBAoTEFNvY2lldGUgR2VuZXJhbGUxDzANBgNVBAsTBkRUWk9ORTEaMBgGA1UE
AxMRa3ljLnNnbWFya2V0cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDKxozz7UpurdzF/QC+2kZyVxRxebErT0WX0qXuQKNQKIo5eebVZ0ACj0Ga
eMMfxrI42dNcDFj2xLhsBL4K4TouTF5nx7EV/oYOVXYdrkQh0BUGJ4JIwC8w/A/i
fEGlaXFD8nRpZvPY+u5f+KxrLGBk4JvksK+iIVOHU/jJADM6AfFOc1+/g96Esw/y
JQa++zXY+E3qeEJIGmbeZRz5ZqUWrWZe0t9gV557oT4bIO5SM/GknF5DGLukR7gB
2gkbGHfAdbcBANcreIAwnCf+VknFmEqUvTRyahsKh5FET2jxcbbPSTOt52bErx63
dsgle71kWjT3FxXYqYrchajaDpqHAgMBAAGjggHqMIIB5jAfBgNVHSMEGDAWgBQP
gGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUoYwzMJw3KnvZCW5OuBMmU1A0
H/UwHAYDVR0RBBUwE4IRa3ljLnNnbWFya2V0cy5jb20wDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaAr
hilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2g
K4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYD
VR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cu
ZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsG
AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0
dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2
ZXJDQS5jcnQwCQYDVR0TBAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG
9w0BAQsFAAOCAQEAr/dA+uwUX/TXmGDHzEoS+02xYTelnmHpZK6htBuca0vtfG36
JWjsbNDEJMa22jsqWH5/WCjs4CeKl9bo+U8upsUpKVWJ8jqRl4g2tyjt5DbVGZMt
qFsIWSj7TiPDHepb/kvXErQaAqU2fsrZ0kBkGPB0ImaOIVlSQi1E5HZmfvHL8ebf
F/HeZKIQ6QqbobBkhQtKVIq3Gp7O5ZCTrc0UepfK233i5vfrvQ4pV+3BRmA+bBRU
4ewBbh2+tJZjDokyNw+fKi+h6hwkfXTxwzi9ixT0J5XM69MX62byk6VfrXX+oMRp
+ZuRpkl4haMb3GMZJVpGvdnmmKOEzK5l/Hv0yw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysaM8+1Kbq3cxf0AvtpG
clcUcXmxK09Fl9Kl7kCjUCiKOXnm1WdAAo9BmnjDH8ayONnTXAxY9sS4bAS+CuE6
LkxeZ8exFf6GDlV2Ha5EIdAVBieCSMAvMPwP4nxBpWlxQ/J0aWbz2PruX/isayxg
ZOCb5LCvoiFTh1P4yQAzOgHxTnNfv4PehLMP8iUGvvs12PhN6nhCSBpm3mUc+Wal
Fq1mXtLfYFeee6E+GyDuUjPxpJxeQxi7pEe4AdoJGxh3wHW3AQDXK3iAMJwn/lZJ
xZhKlL00cmobCoeRRE9o8XG2z0kzredmxK8et3bIJXu9ZFo09xcV2KmK3IWo2g6a
hwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 3987374523824681481566485213635890983
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-04-03 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-04-03 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'PARIS'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Societe Generale'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DTZONE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'kyc.sgmarkets.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25598046551655509738082474192080999925042516109488879208644865501620119656308278501350125660944121698821772216578402375778158319876154389811956993034723491368188444480840922843956613896261897211012760053149349581901385591102930875368393607193859709418960508051314613032230397446157011506669308705873220767775775188437590236090944381512441997539731292316338965596434987763544999393093158570668156842516388368067713065536947010111342656099241463097706620979885411006554591931784055693495515786165122853879272836925226937347752026654173498614815719197523783431141801244179642341388212582786466967509136367102873480108679
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0f80611c823161d52f28e78d4638b42ce1c6d9e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a18c33309c372a7bd9096e4eb813265350341ff5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (21 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kyc.sgmarkets.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/ssca-sha2-g6.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/ssca-sha2-g6.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (112 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00aff740faec145ff4d79860c7cc4a12fb4db16137a59e61e964aea1b41b9c6b4bed7c6dfa2568ec6cd0c424c6b6da3b2a587e7f5828ece0278a97d6e8f94f2ea6c529295589f23a91978836b728ede436d519932da85b085928fb4e23c31dea5bfe4bd712b41a02a5367ecad9d2406418f07422668e215952422d44e476667ef1cbf1e6df17f1de64a210e90a9ba1b064850b4a548ab71a9ecee59093adcd147a97cadb7de2e6f7ebbd0e2957edc146603e6c1454e1ec016e1dbeb496630e8932370f9f2a2fa1ea1c247d74f1c338bd8b14f42795ccebd317eb66f293a55fad75fea0c469f99b91a6497885a31bdc6319255a46bdd9e698a384ccae65fc7bf4cb