bix.tietoevry.com

- Tietoevry Oyj -

Issued by DigiCert G5 TLS RSA4096 SHA384 2021 CA1

About this certificate

This digital certificate with serial number 09:19:ad:d9:1a:82:7f:21:b9:bc:4b:8f:f1:b3:b3:c0 was issued on by DigiCert, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Tietoevry Oyj

Organization: Tietoevry Oyj
Locality: ESPOO
Country: FI

DigiCert, Inc.

Organization: DigiCert, Inc.
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 09:19:ad:d9:1a:82:7f:21:b9:bc:4b:8f:f1:b3:b3:c0
Serial Number (int): 12096385441104681855766534355422524352
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: f0:2d:1b:87:55:07:8c:b2:c5:c6:c1:f4:34:20:4a:db:54:c0:96:61
AuthorityKeyId: ae:ba:94:33:ba:ef:37:4d:0b:d7:18:ef:4a:e4:a1:0d:bc:07:b6:73

Fingerprint (sha1): c8:11:64:e5:5f:02:3b:af:cc:4b:25:70:08:6a:2e:91:d9:d6:9b:53
Fingerprint (sha256): 14:53:d6:0c:37:0c:45:c3:40:5c:c2:d4:ea:e0:80:3d:77:3a:f2:12:f0:3e:95:0c:00:0f:8f:c2:ea:05:e8:7f

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertG5TLSRSA4096SHA3842021CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertG5TLSRSA4096SHA3842021CA1-1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertG5TLSRSA4096SHA3842021CA1-1.crl

Check the revocation status for certificate bix.tietoevry.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for bix.tietoevry.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

bix.tietoevry.com

Other certificates including the domain name tietoevry.com

(limited to 100 certificates)
analytics.service.tieto.com
traefik.nextgendevops.tietoevry.com
backoffice-company.main.bauid.tietoevry.com
*.jpproject1.dev.devops.tietoevry.com
dashboard.nextgendevops.tietoevry.com
minio.chronos.tietoevry.com
apm.tietoevry.com
pile-turner.ci.chronos.tietoevry.com
*.tds-mvp18.dev.devops.tietoevry.com
chat-preview.tietoevry.com
test2.chronos.tietoevry.com
credit.api.tietoevry.com
apps.pasfin-qa.energydev.tietoevry.com
identity.bauid.tietoevry.com
live.experimental.chronos.tietoevry.com
sni.cloudflaressl.com
brand.tietoevry.com
*.test-api-test.stage.devops.tietoevry.com
temperature-store.security.nextgendevops.tietoevry.com
oneportal.tietoevry.com
message.tietoevry.com
*.petovsam.dev.devops.tietoevry.com
rancher.bauid.tietoevry.com
pile-turner.ci.stable.chronos.tietoevry.com
bix.tietoevry.com
se.wpa.tietoevry.com
cas.tietoevry.com
pile-turner.demo3.chronos.tietoevry.com
jenkinsdemo.nextgendevops.tietoevry.com
*.jkproject.dev.devops.tietoevry.com
cportal.service.tieto.com
cs-campaign.tietoevry.com
*.sandbox.dev.devops.tietoevry.com
vamui-preprod-tds.vam-saas.tietoevry.com
customer-experience.tieto.com
live.nightly.chronos.tietoevry.com
ui-components.stage.nextgendevops.tietoevry.com
temperature-store.security.nextgendevops.tietoevry.com
chat-preview.tietoevry.com
pre-prod-placeholder.cloud.tietoevry.com
status.test2.chronos.tietoevry.com
monitoring.chronos.tietoevry.com
lifecare-app.service.tietoevry.com
*.ls-project.dev.devops.tietoevry.com
testtest.ru.tietoevry.com
*.jkproject.dev.devops.tietoevry.com
lama.chronos.tietoevry.com
status.staging.stable.chronos.tietoevry.com
pile-turner.test3.chronos.tietoevry.com
www.tietoevry.com
*.tietoevry.com
*.demo3.chronos.tietoevry.com
dmapi.service.tietoevry.com
backoffice-bauid.test1.bauid.tietoevry.com
create.tietoevry.com
napfin.tietoevry.com
aggregation.api.tietoevry.com
lifecare-app.service.tietoevry.com
terpqa.tietoevry.com
bmo-vam-test.cloud.tietoevry.com
*.dpm.tietoevry.com
jenkins.nextgendevops.tietoevry.com
*.prod.chronos.tietoevry.com
pile-turner.stable.chronos.tietoevry.com
portal-employee.test2.bauid.tietoevry.com
status.test3.chronos.tietoevry.com
alertmanager.chronos.tietoevry.com
*.jkproject.dev.devops.tietoevry.com
status.nightly.chronos.tietoevry.com
sni.cloudflaressl.com
ru.tietoevry.com
staging.stable.chronos.tietoevry.com
pile-turner.demo1.chronos.tietoevry.com
*.test-api-test.stage.devops.tietoevry.com
view2.tietoevry.com
prometheus.chronos.tietoevry.com
lama.chronos.tietoevry.com
ar2020.tietoevry.com
lifecare-api.service.tietoevry.com
napind.tietoevry.com
*.tds-mvp10.test1.devops.tietoevry.com
tietoevry.com
rancher.maas.int.tietoevry.com
*.test-api-test.stage.devops.tietoevry.com
status.test1.chronos.tietoevry.com
temperature-store.e2e.nextgendevops.tietoevry.com
pile-turner.nightly.chronos.tietoevry.com
ci.stable.chronos.tietoevry.com
monitoring.chronos.tietoevry.com
banking.tietoevry.com
demo3.chronos.tietoevry.com
sonarqube.nextgendevops.tietoevry.com
sni.cloudflaressl.com
temperature-ui.e2e.nextgendevops.tietoevry.com
qa.chronos.tietoevry.com
bmo-ftp-test.cloud.tietoevry.com
ci.chronos.tietoevry.com
*.test-api-test.stage.devops.tietoevry.com
ar.tietoevry.com
demo.archiving.tietoevry.com

Certificate

The complete raw certificate details for bix.tietoevry.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIvTCCBqWgAwIBAgIQCRmt2RqCfyG5vEuP8bOzwDANBgkqhkiG9w0BAQsFADBY
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xMDAuBgNVBAMT
J0RpZ2lDZXJ0IEc1IFRMUyBSU0E0MDk2IFNIQTM4NCAyMDIxIENBMTAeFw0yNDA0
MDkwMDAwMDBaFw0yNTA1MTAyMzU5NTlaMFExCzAJBgNVBAYTAkZJMQ4wDAYDVQQH
EwVFU1BPTzEWMBQGA1UEChMNVGlldG9ldnJ5IE95ajEaMBgGA1UEAxMRYml4LnRp
ZXRvZXZyeS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6/r3Z
X+v9iaNWNG/WLpvdMQdsg4PR0EdOYkfvGVyhsrHPJ+uq+wrjUddQYAbNpVBqFowK
ro9nriBOJagJYch2gxH7VAU/eh/+MD+sGIfBBziTBL2I3W1+VfNWGMhqHSlWcGNV
os6xb8von0NizSsspzxKLa28NuP6fznhMScj20MEPvyQsedCWjTfgC3NOPodhmEh
w5z+Kz5EORUeQKFQnqTtyctK4JFN652dK6kI5iuivU4lJHFJhcQR/1Tu+jJeaEw5
WoGmlrQ4DpiNS31KJVBGINDVN1tB0tssJH3qU92CIF8pFrXFl02hlGOtX652Ntld
71gBzpvE8I16w+z45VcbtSFJ1/xI9zozagsiG8tU0jxSWS4UR0Aq/ySsp0yQY+/5
ulb0X/1StXYG0n5j9b8pEGyUztLskfnmTdnySX13ts3zSJVJvwQ60ZFrfe+dgnxa
9Fi17uw7iy98CdWRpvtcDsKhJXHncvDtUgbZhDwSXqs9QGZz6Ip2vX2mimUUz5Ux
CRHupuXZAduYIhS7fYCiJSyOH3GKaDxzWZTKD+G97O/OqfV8IjV+oYg+N9bnkqzL
uzFyec8t5fMDTpV35Np9J9SBwrkxJRNRDgopMEXgrSRfRMSm5WDNJDI8Hvo8JUmA
k32mPR2dGWoVk31xy+GZ0NbHBGsAZKzodxoJcQIDAQABo4IDiDCCA4QwHwYDVR0j
BBgwFoAUrrqUM7rvN00L1xjvSuShDbwHtnMwHQYDVR0OBBYEFPAtG4dVB4yyxcbB
9DQgSttUwJZhMBwGA1UdEQQVMBOCEWJpeC50aWV0b2V2cnkuY29tMD4GA1UdIAQ3
MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQu
Y29tL0NQUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMIGbBgNVHR8EgZMwgZAwRqBEoEKGQGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0
LmNvbS9EaWdpQ2VydEc1VExTUlNBNDA5NlNIQTM4NDIwMjFDQTEtMS5jcmwwRqBE
oEKGQGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEc1VExTUlNBNDA5
NlNIQTM4NDIwMjFDQTEtMS5jcmwwgYUGCCsGAQUFBwEBBHkwdzAkBggrBgEFBQcw
AYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAChkNodHRwOi8v
Y2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRHNVRMU1JTQTQwOTZTSEEzODQy
MDIxQ0ExLTEuY3J0MAwGA1UdEwEB/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSC
AWsBaQB3AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjsLxVDQA
AAQDAEgwRgIhAO4EQXDOa94TcI9cPNq0gvJPZC6oorpGZ+FtDU/K59HBAiEAzIpL
gcTdGP02UJcnoDWMmwpVN7Nu3FBSvzIgj5QKfh0AdgBVgdTCFpA2AUrqC5tXPFPw
wOQ4eHAlCBcvo6odBxPTDAAAAY7C8VTHAAAEAwBHMEUCIB1URC4h/jEibeAxdSyZ
In8B6YaC95IotPVgGWp4YtymAiEAo9k+kQR7r9T95aZlNznGnGv9sWgKbRe4std0
qjF9LkoAdgCi4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH5wAAAY7C8VRR
AAAEAwBHMEUCIQCSia8GBFQxnmJQFDiB3XhPSFh74J3AEuxfyjGcO6linAIgCpq8
BuXs9RPrtLni2v/x1TvyfjgoVJtlFWofp61hnycwDQYJKoZIhvcNAQELBQADggIB
ADXHbYfxvTQCB79OMQXv0VGCbVFjitGeYXlgzJh2iPZrjoXBplhaUzo0/hB+qbMT
OtkE0kMv4dPbNYXfgh8NrbNKmt6TmyV+zUk3AhUcWCCWbHfRsteXbyB5V/VyUrDQ
Ly/4XI7w+wLFkgCw7lWOCStU/jv9xwtFdQSDmyAFEyokpX1aD4BSxZWgXu89U8oG
QnQ7C7Yg+1tqUNlp6IgzveW82nKkVDr6TGIxAATr4YIGiREmervMjVeM2WEmOFh6
pn3GmhV77HK3QBbmGsV+SFzNowaA/+G21+hHectOPRxgL6bLpEX1czwfU11OkYhD
FvjQs8UbZSnKP5Ja6dmLJzCDjEQ0H6BPykY/kpA0Ii9pUoPkrd43i05tvmjOeqg/
GY+ke1cZhwag/zmWyKXrVw5dI0fg9RmY9RO2otETCxuOR461r2GIWq9hxQuEV3LA
rlbXqYAEx9hFgPNMj6yCKUEN/zGlceiYMlMEMwUWJkRxoFyNita+EScLBr7NIeG7
fDkpCp4nZmnD7bf7UPI0vNx5+TpKgP+z7/aJ+uH2j5l8CkDM0n6+DyjcTFme74mq
zM42apMX9kyYzbyiL9QHl+eDvCAYvs6YNWPg9Pil2zZkLjko4cvhBcYywTTibBvp
GrCbU2bqf/AsHyiyr4vdJ/BtV9CqWgkd2ibrGQsQfQjo
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuv692V/r/YmjVjRv1i6b
3TEHbIOD0dBHTmJH7xlcobKxzyfrqvsK41HXUGAGzaVQahaMCq6PZ64gTiWoCWHI
doMR+1QFP3of/jA/rBiHwQc4kwS9iN1tflXzVhjIah0pVnBjVaLOsW/L6J9DYs0r
LKc8Si2tvDbj+n854TEnI9tDBD78kLHnQlo034AtzTj6HYZhIcOc/is+RDkVHkCh
UJ6k7cnLSuCRTeudnSupCOYror1OJSRxSYXEEf9U7voyXmhMOVqBppa0OA6YjUt9
SiVQRiDQ1TdbQdLbLCR96lPdgiBfKRa1xZdNoZRjrV+udjbZXe9YAc6bxPCNesPs
+OVXG7UhSdf8SPc6M2oLIhvLVNI8UlkuFEdAKv8krKdMkGPv+bpW9F/9UrV2BtJ+
Y/W/KRBslM7S7JH55k3Z8kl9d7bN80iVSb8EOtGRa33vnYJ8WvRYte7sO4svfAnV
kab7XA7CoSVx53Lw7VIG2YQ8El6rPUBmc+iKdr19poplFM+VMQkR7qbl2QHbmCIU
u32AoiUsjh9ximg8c1mUyg/hvezvzqn1fCI1fqGIPjfW55Ksy7sxcnnPLeXzA06V
d+TafSfUgcK5MSUTUQ4KKTBF4K0kX0TEpuVgzSQyPB76PCVJgJN9pj0dnRlqFZN9
ccvhmdDWxwRrAGSs6HcaCXECAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 12096385441104681855766534355422524352
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert G5 TLS RSA4096 SHA384 2021 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-09 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-10 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ESPOO'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Tietoevry Oyj'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'bix.tietoevry.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 762873386689505520533278368199201040256152600523373804110359702031990617560500708413441631682576451071981486903784987295019883703400584987219169096170577120613137439208494013503048698086804911068890205121421368063170209204257911133504874822065917054801434157953551722468262033701256723583651154698012355590161356325056514616707465519786694432586558631324835004679996043129077407808457032647307732061937646342301675605633285404874748134799916670164356575216737913505077823747873325088542122157202939720546693420311863367722377787329689811432960658280022494780791848527699986905970434749826413787243639233926964853106239311749645779765370713288117902600745374125324995675993588779515345186945130826352496843086324074990027930966846238838559742206273271194553243196364482434292869566645977678232360382921734079654203401088648425471258231764802705715346646094602169767436150730084254778921490194442465671840494240582560190589955365655340080936476934957753570816245237234934981153455804130419216678601828111231204476712141831899265072137950020586397141494617434959160892149438070559767569710707814332135204396784511925211625397997637096501139882518328321000168329652504478263900209509537881886344673342840300574403386242266348870329567601
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName aeba9433baef374d0bd718ef4ae4a10dbc07b673
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f02d1b8755078cb2c5c6c1f434204adb54c09661
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (21 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bix.tietoevry.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (147 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertG5TLSRSA4096SHA3842021CA1-1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertG5TLSRSA4096SHA3842021CA1-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertG5TLSRSA4096SHA3842021CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							01690077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018ec2f154340000040300483046022100ee044170ce6bde13708f5c3cdab482f24f642ea8a2ba4667e16d0d4fcae7d1c1022100cc8a4b81c4dd18fd36509727a0358c9b0a5537b36edc5052bf32208f940a7e1d0076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000018ec2f154c7000004030047304502201d54442e21fe31226de031752c99227f01e98682f79228b4f560196a7862dca6022100a3d93e91047bafd4fde5a6653739c69c6bfdb1680a6d17b8b2d774aa317d2e4a007600a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018ec2f1545100000403004730450221009289af060454319e6250143881dd784f48587be09dc012ec5fca319c3ba9629c02200a9abc06e5ecf513ebb4b9e2dafff1d53bf27e3828549b65156a1fa7ad619f27
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0035c76d87f1bd340207bf4e3105efd151826d51638ad19e617960cc987688f66b8e85c1a6585a533a34fe107ea9b3133ad904d2432fe1d3db3585df821f0dadb34a9ade939b257ecd493702151c5820966c77d1b2d7976f207957f57252b0d02f2ff85c8ef0fb02c59200b0ee558e092b54fe3bfdc70b457504839b2005132a24a57d5a0f8052c595a05eef3d53ca0642743b0bb620fb5b6a50d969e88833bde5bcda72a4543afa4c62310004ebe182068911267abbcc8d578cd9612638587aa67dc69a157bec72b74016e61ac57e485ccda30680ffe1b6d7e84779cb4e3d1c602fa6cba445f5733c1f535d4e91884316f8d0b3c51b6529ca3f925ae9d98b2730838c44341fa04fca463f929034222f695283e4adde378b4e6dbe68ce7aa83f198fa47b57198706a0ff3996c8a5eb570e5d2347e0f51998f513b6a2d1130b1b8e478eb5af61885aaf61c50b845772c0ae56d7a98004c7d84580f34c8fac8229410dff31a571e898325304330516264471a05c8d8ad6be11270b06becd21e1bb7c39290a9e276669c3edb7fb50f234bcdc79f93a4a80ffb3eff689fae1f68f997c0a40ccd27ebe0f28dc4c599eef89aaccce366a9317f64c98cdbca22fd40797e783bc2018bece983563e0f4f8a5db36642e3928e1cbe105c632c134e26c1be91ab09b5366ea7ff02c1f28b2af8bdd27f06d57d0aa5a091dda26eb190b107d08e8