manulife.com

- Manulife Financial -

Issued by Sectigo RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number a1:43:b6:8b:d5:f0:72:f9:af:aa:40:13:5f:de:96:85 was issued on by Sectigo Limited.

With 83 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Manulife Financial

Organization: Manulife Financial
State / Province: Ontario
Country: CA

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): a1:43:b6:8b:d5:f0:72:f9:af:aa:40:13:5f:de:96:85
Serial Number (int): 214357293688366735319714896149712115333
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: f4:98:7f:50:1b:2f:32:2f:73:06:e7:5e:fd:d4:fa:f0:de:d6:42:02
AuthorityKeyId: 17:d9:d6:25:27:67:f9:31:c2:49:43:d9:30:36:44:8c:6c:a9:4f:eb

Fingerprint (sha1): 3a:03:60:05:90:b6:43:fa:f2:97:7e:df:08:33:f3:4d:3a:c7:b3:96
Fingerprint (sha256): 14:8a:7f:da:1c:e7:fb:14:aa:d6:11:86:e0:e8:29:4b:0b:a2:e6:88:72:e7:d1:82:8c:f3:3e:2d:e5:ce:41:12

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate manulife.com

83

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for manulife.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

manulife.com
10014.manulife.com
agrssponsors.manulife.com
aidp.manulife.com
api.manulifesecurities.manulife.ca
api.placementsmanuvie.manuvie.ca
api.portal.manulife.ca
attestuat.manulife.com
aviproom.manulife.com
banquescotia.monprochainchapitre.ca
canadiancommercialmortgages.manulife.com
cdd-dev.manulife.com
cdd-prod.manulife.com
cdd-uat.manulife.com
cdncetdvcacicfrtr.manulife.io
cdncetprcacicfrtr.manulife.io
cloud.mesh.preprod.api.manulife.com
dr.api.manulifesecurities.manulife.ca
dr.api.portal.manulife.ca
edocs-bff.manulifeim.ca
edocs-uat-bff.manulifeim.ca
edocs-uat.manulifeim.ca
edocs.manulifeim.ca
enter.manulife.com
enterdev.manulife.com
enteruat.manulife.com
grssofmo.manulife.com
grssponsors.manulife.com
idp.manulife.com
m.manulife.com
m.manuvie.com
manulife.ca
manulifesecurities.manulife.ca
manuvie.ca
mfc.com
mfcentralqa.manulife.com
mfcentralstage.manulife.com
monprochainchapitre.ca
mynextchapter.ca
mysolutionsonline.manulife.ca
mysolutionsonline.manuvie.ca
nav.manulifeim.com
placementsmanuvie.manuvie.ca
portal.insurance.manulife.ca
prod.mysolutionsonline.manulife.ca
prod.mysolutionsonline.manuvie.ca
repsource.manulife.com
repsourcepublic.manulife.com
retirement.manulifeim.ca
retirement.manulifeim.com
retirementredefined.ca
retirementredefined.manulife.ca
retraiteredefinie.ca
retraiteredefinie.manuvie.ca
retraitre.gpmanuvie.ca
scotiabank.mynextchapter.ca
secureigaz.manulife.ca
secureigazuat.manulife.ca
stage.api.portal.manulife.ca
stage.mysolutionsonline.manulife.ca
stage.mysolutionsonline.manuvie.ca
stg-nav.manulifeim.com
stg-retirement.manulifeim.com
techconnect.manulife.com
uat.banquescotia.monprochainchapitre.ca
uat.monprochainchapitre.ca
uat.mynextchapter.ca
uat.portal.insurance.manulife.ca
uat.pot.manulife.ca
uat.scotiabank.mynextchapter.ca
uls-meud.manulife.com
viproom.manulife.com
web.manulife.com
www.canadiancommercialmortgages.manulife.com
www.mfc.com
www.monprochainchapitre.ca
www.mynextchapter.ca
www.portal.insurance.manulife.ca
www.retirement.manulifeim.ca
www.retirement.manulifeim.com
www.retirementredefined.ca
www.retraiteredefinie.ca
www.retraitre.gpmanuvie.ca

Other certificates including the domain name manulife.com

(limited to 100 certificates)
mlisxivg01.manulife.com
manulife.com
nasbfepool02.mfcgd.com
mfcentral.manulife.com
api1.np.ca.manulife.com
idwicrmapd01.mlijkt01.manulife.com
manulife.com
manulife.com
aidp.manulife.com
azalvedlwrkdp10.p01eaedl.manulife.com
manulife.com
client.manulifebank.com
rps.jhancock.com
manulife.com
sharepoint-externalpartner.uat.ap.manulife.com
hermes.manulife.com
manulife.com
clbs37841.manulife.com
internal.mesh.test.api.manulife.com
azcedlwrks003.s01caedl.manulife.com
manulife.com
cdcwvjhpwast21.americas.manulife.net
daily.manulife.com.vn
click.e.manulife.com
sft.institutional.manulife.com
johnhancock.com
manulife.com
sts.manulife.com
manulife.com
azslvedlmgtdd01.d01saedl.manulife.com
idwicrmapt21.mlijkt01.manulife.com
idwcasp.ap.manulife.com
mfcentral.manulife.com
manulife.com
view-e-ds.manulife.com
idwelems01.mlijkt01.manulife.com
druglookup-client.manulife.com
mfcentral.manulife.com
sharepoint-externalpartner.uat.ap.manulife.com
www-aem-prod.manulife.ca
insttrip.manulife.com
manulife.com
dbpartners.manulife.com
idwinetapt01.mlijkt01.manulife.com
asiacitrix.manulife.com
arrowonramp.manulife.com
manulife.com
qitsso-uat.manulife.com
manulife.com
sf.cac.internal.mesh.dev.api.manulife.com
manulife.com
giam-qa.manulife.com
manulife.com
cconprem.manulife.com
manulife.com
manulife.com
manulife.com
idp.grsportal.ca.manulife.com
manulife.com
insanalyticsdev01.manulife.com
awsuat.manulife.com.kh
idwiqmtapp01.mlijkt01.manulife.com
johnhancock.com
manulife.com
manulife.com
myasoaibp2.ap.manulife.com
remotejp2.manulife.com
johnhancock.com
sharepoint-int.ap.manulife.com
mlifs900g01.manulife.com
nasbaccess01.manulife.com
jhappsstaging-tst.aks.manulife.com
manulife.com
manulife.com
crverifyidentity-dev.johnhancock.com
manulife.com
jpnhoapt09.japan.corp.manulife.com
client.manulifebank.com
preprod.mtls.api.manulife.com
manulife.com
idwietsisft05.mlijkt01.manulife.com
remotehk.manulife.com
azcedledges001.s01caedl.manulife.com
idwcas4tap.ap.manulife.com
manulife.com
mlixnbarplzvnaca.manulife.com
manulife.com
manulife.com
druglookup-client.manulife.com
pcf.manulife.com
proxy.auw.my.underwriting.manulife.com
manulife.com
johnhancock.com
manulife.com
financeit.devsit202201.manulife.com
tw-ssg-fw1.manulife.com
advisor.manulife.ca
azwapnwasm01.mfcgd.com
azuedldbo01.p01usedl.manulife.com
edge.prod-ext.api.manulife.com

Certificate

The complete raw certificate details for manulife.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIN7TCCDNWgAwIBAgIRAKFDtovV8HL5r6pAE1/eloUwDQYJKoZIhvcNAQELBQAw
gZUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE9MDsGA1UE
AxM0U2VjdGlnbyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNl
cnZlciBDQTAeFw0yMjA4MjYwMDAwMDBaFw0yMzA4MjYyMzU5NTlaMFMxCzAJBgNV
BAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMRswGQYDVQQKExJNYW51bGlmZSBGaW5h
bmNpYWwxFTATBgNVBAMTDG1hbnVsaWZlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMNcpztACGuYF0KC2Ep8tydcNXtaWooDDLnOj22lv33unxe5
G543AznC3WD/WPCVj4YJVxfzpRqEhVxLwcaSWrqfJvPuCEQEcS66cd2SKofRv2EQ
Yp9XG38fHk/PWPP3MMZgx2Y2GUx5aZQ0AhrsqcvxwZt6nwH48xW+DPI/fawH8No8
P3xvntRKmr5aJcy2LGhLVY+P7qQTNe66ZxY6B26xeLKFJPMcSeMxfED51MjRQk49
G3RZiru9JTmTxkP+NweHzDvd2FUAOlSPuGxGh9sUEsGFebXdTXIKmHrDn1Q3e8/I
Wfw2vbMmAYRDlWQUILXx8mfujMK7eQlYXaHIzUECAwEAAaOCCncwggpzMB8GA1Ud
IwQYMBaAFBfZ1iUnZ/kxwklD2TA2RIxsqU/rMB0GA1UdDgQWBBT0mH9QGy8yL3MG
51791Prw3tZCAjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIB
AwQwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EM
AQICMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2Vj
dGlnb1JTQU9yZ2FuaXphdGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmww
gYoGCCsGAQUFBwEBBH4wfDBVBggrBgEFBQcwAoZJaHR0cDovL2NydC5zZWN0aWdv
LmNvbS9TZWN0aWdvUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZl
ckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wEwYK
KwYBBAHWeQIEAwEB/wQCBQAwggioBgNVHREEggifMIIIm4IMbWFudWxpZmUuY29t
ghIxMDAxNC5tYW51bGlmZS5jb22CGWFncnNzcG9uc29ycy5tYW51bGlmZS5jb22C
EWFpZHAubWFudWxpZmUuY29tgiJhcGkubWFudWxpZmVzZWN1cml0aWVzLm1hbnVs
aWZlLmNhgiBhcGkucGxhY2VtZW50c21hbnV2aWUubWFudXZpZS5jYYIWYXBpLnBv
cnRhbC5tYW51bGlmZS5jYYIWYXR0ZXN0dWF0Lm1hbnVsaWZlLmNvbYIVYXZpcHJv
b20ubWFudWxpZmUuY29tgiNiYW5xdWVzY290aWEubW9ucHJvY2hhaW5jaGFwaXRy
ZS5jYYIoY2FuYWRpYW5jb21tZXJjaWFsbW9ydGdhZ2VzLm1hbnVsaWZlLmNvbYIU
Y2RkLWRldi5tYW51bGlmZS5jb22CFWNkZC1wcm9kLm1hbnVsaWZlLmNvbYIUY2Rk
LXVhdC5tYW51bGlmZS5jb22CHWNkbmNldGR2Y2FjaWNmcnRyLm1hbnVsaWZlLmlv
gh1jZG5jZXRwcmNhY2ljZnJ0ci5tYW51bGlmZS5pb4IjY2xvdWQubWVzaC5wcmVw
cm9kLmFwaS5tYW51bGlmZS5jb22CJWRyLmFwaS5tYW51bGlmZXNlY3VyaXRpZXMu
bWFudWxpZmUuY2GCGWRyLmFwaS5wb3J0YWwubWFudWxpZmUuY2GCF2Vkb2NzLWJm
Zi5tYW51bGlmZWltLmNhghtlZG9jcy11YXQtYmZmLm1hbnVsaWZlaW0uY2GCF2Vk
b2NzLXVhdC5tYW51bGlmZWltLmNhghNlZG9jcy5tYW51bGlmZWltLmNhghJlbnRl
ci5tYW51bGlmZS5jb22CFWVudGVyZGV2Lm1hbnVsaWZlLmNvbYIVZW50ZXJ1YXQu
bWFudWxpZmUuY29tghVncnNzb2Ztby5tYW51bGlmZS5jb22CGGdyc3Nwb25zb3Jz
Lm1hbnVsaWZlLmNvbYIQaWRwLm1hbnVsaWZlLmNvbYIObS5tYW51bGlmZS5jb22C
DW0ubWFudXZpZS5jb22CC21hbnVsaWZlLmNhgh5tYW51bGlmZXNlY3VyaXRpZXMu
bWFudWxpZmUuY2GCCm1hbnV2aWUuY2GCB21mYy5jb22CGG1mY2VudHJhbHFhLm1h
bnVsaWZlLmNvbYIbbWZjZW50cmFsc3RhZ2UubWFudWxpZmUuY29tghZtb25wcm9j
aGFpbmNoYXBpdHJlLmNhghBteW5leHRjaGFwdGVyLmNhgh1teXNvbHV0aW9uc29u
bGluZS5tYW51bGlmZS5jYYIcbXlzb2x1dGlvbnNvbmxpbmUubWFudXZpZS5jYYIS
bmF2Lm1hbnVsaWZlaW0uY29tghxwbGFjZW1lbnRzbWFudXZpZS5tYW51dmllLmNh
ghxwb3J0YWwuaW5zdXJhbmNlLm1hbnVsaWZlLmNhgiJwcm9kLm15c29sdXRpb25z
b25saW5lLm1hbnVsaWZlLmNhgiFwcm9kLm15c29sdXRpb25zb25saW5lLm1hbnV2
aWUuY2GCFnJlcHNvdXJjZS5tYW51bGlmZS5jb22CHHJlcHNvdXJjZXB1YmxpYy5t
YW51bGlmZS5jb22CGHJldGlyZW1lbnQubWFudWxpZmVpbS5jYYIZcmV0aXJlbWVu
dC5tYW51bGlmZWltLmNvbYIWcmV0aXJlbWVudHJlZGVmaW5lZC5jYYIfcmV0aXJl
bWVudHJlZGVmaW5lZC5tYW51bGlmZS5jYYIUcmV0cmFpdGVyZWRlZmluaWUuY2GC
HHJldHJhaXRlcmVkZWZpbmllLm1hbnV2aWUuY2GCFnJldHJhaXRyZS5ncG1hbnV2
aWUuY2GCG3Njb3RpYWJhbmsubXluZXh0Y2hhcHRlci5jYYIWc2VjdXJlaWdhei5t
YW51bGlmZS5jYYIZc2VjdXJlaWdhenVhdC5tYW51bGlmZS5jYYIcc3RhZ2UuYXBp
LnBvcnRhbC5tYW51bGlmZS5jYYIjc3RhZ2UubXlzb2x1dGlvbnNvbmxpbmUubWFu
dWxpZmUuY2GCInN0YWdlLm15c29sdXRpb25zb25saW5lLm1hbnV2aWUuY2GCFnN0
Zy1uYXYubWFudWxpZmVpbS5jb22CHXN0Zy1yZXRpcmVtZW50Lm1hbnVsaWZlaW0u
Y29tghh0ZWNoY29ubmVjdC5tYW51bGlmZS5jb22CJ3VhdC5iYW5xdWVzY290aWEu
bW9ucHJvY2hhaW5jaGFwaXRyZS5jYYIadWF0Lm1vbnByb2NoYWluY2hhcGl0cmUu
Y2GCFHVhdC5teW5leHRjaGFwdGVyLmNhgiB1YXQucG9ydGFsLmluc3VyYW5jZS5t
YW51bGlmZS5jYYITdWF0LnBvdC5tYW51bGlmZS5jYYIfdWF0LnNjb3RpYWJhbmsu
bXluZXh0Y2hhcHRlci5jYYIVdWxzLW1ldWQubWFudWxpZmUuY29tghR2aXByb29t
Lm1hbnVsaWZlLmNvbYIQd2ViLm1hbnVsaWZlLmNvbYIsd3d3LmNhbmFkaWFuY29t
bWVyY2lhbG1vcnRnYWdlcy5tYW51bGlmZS5jb22CC3d3dy5tZmMuY29tghp3d3cu
bW9ucHJvY2hhaW5jaGFwaXRyZS5jYYIUd3d3Lm15bmV4dGNoYXB0ZXIuY2GCIHd3
dy5wb3J0YWwuaW5zdXJhbmNlLm1hbnVsaWZlLmNhghx3d3cucmV0aXJlbWVudC5t
YW51bGlmZWltLmNhgh13d3cucmV0aXJlbWVudC5tYW51bGlmZWltLmNvbYIad3d3
LnJldGlyZW1lbnRyZWRlZmluZWQuY2GCGHd3dy5yZXRyYWl0ZXJlZGVmaW5pZS5j
YYIad3d3LnJldHJhaXRyZS5ncG1hbnV2aWUuY2EwDQYJKoZIhvcNAQELBQADggEB
AFWwGsoOuPD9K4jBm23dMcUGk9vub4Xr16dj4pT03PwBQaFzje+nsgscYDHhWPQ2
PxlkSAKnuzg+zfS3k4e4b+RyQEXSzc3YyYlK0vo6EfM8cpcHKbM89aBlJV5hXe84
njgBeKspZPmq2iFng7LEu6eUxFuDozzeNAwwgkVE7c3+ZfUpNbZ1jHiuUhVZRvJE
YOXKzW4MCLkVnQHs5Y7DA90zrAEAiXuNc98PMavP14QQSFuqZcpnTqEK+ynf8x5L
nlabCkjpUWIgTeX3DTjtOs2Fc+IC6hHcCcJE+aSsO6/aVrk1GGEA1w4eIqbdKF2B
7xVJaYk8Np9Z76NwzkTrfjA=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1ynO0AIa5gXQoLYSny3
J1w1e1paigMMuc6PbaW/fe6fF7kbnjcDOcLdYP9Y8JWPhglXF/OlGoSFXEvBxpJa
up8m8+4IRARxLrpx3ZIqh9G/YRBin1cbfx8eT89Y8/cwxmDHZjYZTHlplDQCGuyp
y/HBm3qfAfjzFb4M8j99rAfw2jw/fG+e1EqavlolzLYsaEtVj4/upBM17rpnFjoH
brF4soUk8xxJ4zF8QPnUyNFCTj0bdFmKu70lOZPGQ/43B4fMO93YVQA6VI+4bEaH
2xQSwYV5td1NcgqYesOfVDd7z8hZ/Da9syYBhEOVZBQgtfHyZ+6Mwrt5CVhdocjN
QQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 214357293688366735319714896149712115333
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-08-26 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-08-26 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manulife Financial'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'manulife.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24662158487742046032550448291671309060359487298801273402486584454368486252327122679599545442172996188235523817767849065915573618365318804441416904359480056364962120367077698147247052453797708684614407893332756563013754614347383157113788300508755786905682936973076879539503940534680742420142900298411410869971632077665470841188351759583667411916370526074927783671912840990503567196054412656732269830518645046959003825509227519365765885840781513087458554698719430146454604918742929816063588306771129583815755628384253260082850087435317312695681150643439094987588433819800368830145776897478578379898734800351479395306817
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 17d9d6252767f931c24943d93036448c6ca94feb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f4987f501b2f322f7306e75efdd4faf0ded64202
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2207 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '10014.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'agrssponsors.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aidp.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.manulifesecurities.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.placementsmanuvie.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.portal.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'attestuat.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aviproom.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'banquescotia.monprochainchapitre.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'canadiancommercialmortgages.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdd-dev.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdd-prod.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdd-uat.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdncetdvcacicfrtr.manulife.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdncetprcacicfrtr.manulife.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cloud.mesh.preprod.api.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dr.api.manulifesecurities.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dr.api.portal.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edocs-bff.manulifeim.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edocs-uat-bff.manulifeim.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edocs-uat.manulifeim.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edocs.manulifeim.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'enter.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'enterdev.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'enteruat.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'grssofmo.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'grssponsors.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'idp.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'm.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'm.manuvie.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manulifesecurities.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mfc.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mfcentralqa.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mfcentralstage.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'monprochainchapitre.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mynextchapter.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mysolutionsonline.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mysolutionsonline.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nav.manulifeim.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'placementsmanuvie.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'portal.insurance.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prod.mysolutionsonline.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prod.mysolutionsonline.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'repsource.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'repsourcepublic.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'retirement.manulifeim.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'retirement.manulifeim.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'retirementredefined.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'retirementredefined.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'retraiteredefinie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'retraiteredefinie.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'retraitre.gpmanuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'scotiabank.mynextchapter.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secureigaz.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secureigazuat.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.api.portal.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.mysolutionsonline.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.mysolutionsonline.manuvie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg-nav.manulifeim.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg-retirement.manulifeim.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'techconnect.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat.banquescotia.monprochainchapitre.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat.monprochainchapitre.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat.mynextchapter.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat.portal.insurance.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat.pot.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat.scotiabank.mynextchapter.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uls-meud.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'viproom.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'web.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.canadiancommercialmortgages.manulife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.mfc.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.monprochainchapitre.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.mynextchapter.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.portal.insurance.manulife.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.retirement.manulifeim.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.retirement.manulifeim.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.retirementredefined.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.retraiteredefinie.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.retraitre.gpmanuvie.ca'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0055b01aca0eb8f0fd2b88c19b6ddd31c50693dbee6f85ebd7a763e294f4dcfc0141a1738defa7b20b1c6031e158f4363f19644802a7bb383ecdf4b79387b86fe4724045d2cdcdd8c9894ad2fa3a11f33c72970729b33cf5a065255e615def389e380178ab2964f9aada216783b2c4bba794c45b83a33cde340c30824544edcdfe65f52935b6758c78ae52155946f24460e5cacd6e0c08b9159d01ece58ec303dd33ac0100897b8d73df0f31abcfd78410485baa65ca674ea10afb29dff31e4b9e569b0a48e95162204de5f70d38ed3acd8573e202ea11dc09c244f9a4ac3bafda56b935186100d70e1e22a6dd285d81ef154969893c369f59efa370ce44eb7e30