baas-accel.kinvey.com

- Kinvey Inc. -

Issued by GeoTrust SSL CA

About this certificate

This digital certificate with serial number 03:09:8a was issued on by GeoTrust, Inc..

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Kinvey Inc.

Company registration number: LmlsyGQ01k9n/2iGrv5VhMO7DU0XgbNf
Organization: Kinvey Inc.
Organization unit: IT
State / Province: Massachusetts
Locality: Boston
Country: US

GeoTrust, Inc.

Organization: GeoTrust, Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:09:8a
Serial Number (int): 199050
Serial Number lenght: 18 bits, 3 octets

SubjectKeyId: ae:41:42:90:a4:34:0c:7e:98:86:e9:a2:b3:75:6b:c6:e9:42:ac:8c
AuthorityKeyId: 42:79:54:1b:61:cd:55:2b:3e:63:d5:3c:48:57:f5:9f:fb:45:ce:4a

Fingerprint (sha1): 1b:70:16:0b:2e:9b:13:ad:e7:2a:e7:13:2e:d8:df:50:65:4c:17:73
Fingerprint (sha256): 14:f2:30:85:13:48:21:fd:6f:f1:12:96:be:0a:b6:9d:de:16:57:6f:c5:02:68:63:f9:ae:42:e8:ab:93:e2:85

Issuing Certificate URL: http://gtssl-aia.geotrust.com/gtssl.crt

Revocation information

OCSP Server: http://gtssl-ocsp.geotrust.com
CRL Distribution Point: http://gtssl-crl.geotrust.com/crls/gtssl.crl

Check the revocation status for certificate baas-accel.kinvey.com

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for baas-accel.kinvey.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA1 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

se-apac-baas.kinvey.com
se-baas.kinvey.com
baas-accel.kinvey.com

Other certificates including the domain name kinvey.com

(limited to 100 certificates)
kvy-eu2-status.kinvey.com
support.firemodules.com
www.datadirect.com
go.kinvey.com
support.oneaston.com
kvy-eu2-status.kinvey.com
kvy-eu2-status.kinvey.com
kvy-eu2-status.kinvey.com
wiscommunicator.wis.nl
support.oneaston.com
kvy-eu2-status.kinvey.com
tls.automattic.com
support.skylinewindows.com
kvy-eu2-status.kinvey.com
kvy-eu2-status.kinvey.com
kvy-eu2-status.kinvey.com
wiscommunicator.wis.nl
kvy-eu2-status.kinvey.com
kvy-eu2-status.kinvey.com
wiscommunicator.wis.nl
wiscommunicator.wis.nl
kvy-eu2-status.kinvey.com
www.datadirect.com
www.datadirect.com
kvy-eu2-status.kinvey.com
support.oneaston.com
kvy-eu2-status.kinvey.com
www.kinvey.com
kvy-eu2-status.kinvey.com
baas-accel.kinvey.com
*.kinvey.com
www.datadirect.com
bots.kinvey.com
kvy-eu2-status.kinvey.com
*.kinvey.com
kvy-eu2-status.kinvey.com
wiscommunicator.wis.nl
kvy-eu2-status.kinvey.com
blazorrepl.com
kvy-eu2-status.kinvey.com
go.kinvey.com
wiscommunicator.wis.nl
wiscommunicator.wis.nl
support.skylinewindows.com
kvy-eu2-status.kinvey.com
stg-us1-studio.kinvey.com
downloads.chef.io
www.kinvey.com
www.datadirect.com
kinocine.es
www.datadirect.com
kvy-eu2-status.kinvey.com
kvy-eu2-status.kinvey.com
support.oneaston.com
kvy-eu2-status.kinvey.com
wiscommunicator.wis.nl
kvy-eu2-status.kinvey.com
www.kinvey.com
www.datadirect.com
kvy-eu2-status.kinvey.com
kvy-eu2-status.kinvey.com
downloads.chef.io
kvy-eu2-status.kinvey.com
support.oneaston.com
blazorrepl.com
kvy-eu2-status.kinvey.com
www.datadirect.com
kvy-eu2-status.kinvey.com
tls.automattic.com
kvy-eu2-status.kinvey.com
support.firemodules.com
go.kinvey.com
kvy-eu2-status.kinvey.com
tls.automattic.com
support.oneaston.com
kvy-eu2-status.kinvey.com
*.kinvey.com
wiscommunicator.wis.nl
www.datadirect.com
wiscommunicator.wis.nl
wiscommunicator.wis.nl
kvy-eu2-status.kinvey.com
kvy-eu2-status.kinvey.com
www.datadirect.com
www.datadirect.com
www.datadirect.com
*.kinvey.com
wiscommunicator.wis.nl
www.kinvey.com
kvy-eu2-status.kinvey.com
wiscommunicator.wis.nl
www.datadirect.com
kvy-eu2-status.kinvey.com
kvy-eu2-status.kinvey.com
kvy-eu2-status.kinvey.com
kvy-eu2-status.kinvey.com
downloads.chef.io
www.datadirect.com
wiscommunicator.wis.nl
wiscommunicator.wis.nl

Certificate

The complete raw certificate details for baas-accel.kinvey.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIDAwmKMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT
MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM
IENBMB4XDTE0MTIwMzEzMDA0NVoXDTE1MTIwNTE0MzM1N1owgaQxKTAnBgNVBAUT
IExtbHN5R1EwMWs5bi8yaUdydjVWaE1PN0RVMFhnYk5mMQswCQYDVQQGEwJVUzEW
MBQGA1UECBMNTWFzc2FjaHVzZXR0czEPMA0GA1UEBxMGQm9zdG9uMRQwEgYDVQQK
EwtLaW52ZXkgSW5jLjELMAkGA1UECxMCSVQxHjAcBgNVBAMTFWJhYXMtYWNjZWwu
a2ludmV5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFDoxiH
cd+Nu/5shBkoZBpyJJuswtLIbPiTCwysbhI/Q9/m5YMoS11dKgWaXqFuW6XiYeDQ
IIneHdByugAcwdF2GNI8UOnCOtJW0MjCpW8ZkQStFcfEjlW88P6SrecafE2qdGJj
hVBU0Jb7ZWgdcNrRDvbXU6x82eNfVn92TNEJgoDcQ1yK71SozFkOEvWKBdp+6e9V
Aru7emeXsrYuouDyQLLTGknwj5NQdcCKxvGz/Wfi3egdAxcl9jVAQACafLbJGuJ3
4GuB1w+7qnadeh1XMHeVaN8kxCVdjPg4pIxPAGWcXX1XccvDKDA2uIA7IxKXVnp9
Oaf/Z0SrUZbLNQ0CAwEAAaOCAc4wggHKMB8GA1UdIwQYMBaAFEJ5VBthzVUrPmPV
PEhX9Z/7Rc5KMA4GA1UdDwEB/wQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwTQYDVR0RBEYwRIIXc2UtYXBhYy1iYWFzLmtpbnZleS5jb22CEnNl
LWJhYXMua2ludmV5LmNvbYIVYmFhcy1hY2NlbC5raW52ZXkuY29tMD0GA1UdHwQ2
MDQwMqAwoC6GLGh0dHA6Ly9ndHNzbC1jcmwuZ2VvdHJ1c3QuY29tL2NybHMvZ3Rz
c2wuY3JsMB0GA1UdDgQWBBSuQUKQpDQMfpiG6aKzdWvG6UKsjDAMBgNVHRMBAf8E
AjAAMG8GCCsGAQUFBwEBBGMwYTAqBggrBgEFBQcwAYYeaHR0cDovL2d0c3NsLW9j
c3AuZ2VvdHJ1c3QuY29tMDMGCCsGAQUFBzAChidodHRwOi8vZ3Rzc2wtYWlhLmdl
b3RydXN0LmNvbS9ndHNzbC5jcnQwTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMw
MQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9j
cHMwDQYJKoZIhvcNAQEFBQADggEBAEJsupjDIODpJFb3GeJT0dyNFna6thXUVSZY
dhsC9pJf6iyb6ecXoyFc3LrM6Qe6EmVAqSL57DZkhM4hc2/bwgPdxWMXK9njEHmy
JTDItfiyJ5wWv0f+pFN5gPs8RPILIWlW8IsEddYuGWuM0QyMSFHXr1isoB6T+tF/
HdRuOfGJJJBJKfxHFZJBIWsGdWm7a336I9BBANCbH+oXeoj6fLYqgewpoAos/M4N
UbRQ/FnxertJaofAVAr7NyO1edgc1xwmGH+bLk5Tw2T/oQhuvFtHJ+tan2NnEuwb
CCBqgFaQHSnYVv0l5E3l5QV6OnlxAZMJXaNmmYtcP9N81kkRm2w=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUOjGIdx3427/myEGShk
GnIkm6zC0shs+JMLDKxuEj9D3+blgyhLXV0qBZpeoW5bpeJh4NAgid4d0HK6ABzB
0XYY0jxQ6cI60lbQyMKlbxmRBK0Vx8SOVbzw/pKt5xp8Tap0YmOFUFTQlvtlaB1w
2tEO9tdTrHzZ419Wf3ZM0QmCgNxDXIrvVKjMWQ4S9YoF2n7p71UCu7t6Z5eyti6i
4PJAstMaSfCPk1B1wIrG8bP9Z+Ld6B0DFyX2NUBAAJp8tska4nfga4HXD7uqdp16
HVcwd5Vo3yTEJV2M+DikjE8AZZxdfVdxy8MoMDa4gDsjEpdWen05p/9nRKtRlss1
DQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 199050
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust SSL CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2014-12-03 13:00:45 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-12-05 14:33:57 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'LmlsyGQ01k9n/2iGrv5VhMO7DU0XgbNf'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Massachusetts'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Boston'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Kinvey Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'baas-accel.kinvey.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24397345952111242158475692024199910942467654026059569535651870691726426834638671679775902714409585992712238271948268928940514906266194374191296324911349456421679054256020075990762119176131175725362444664688584371599159893868542856959222797591878530450486541579550296632087246423931547186308909229840554957357651662656611961041189997193374085568282088901842646179723088156882327263888225014437273739287084462742428192955491230228985508633354903251869863263171762446543525823199281930103628374110558950911071290738285957169595655900910529750648941429352044199477282150272365719279052489981402092124720777424709679265037
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 4279541b61cd552b3e63d53c4857f59ffb45ce4a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'se-apac-baas.kinvey.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'se-baas.kinvey.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'baas-accel.kinvey.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gtssl-crl.geotrust.com/crls/gtssl.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							ae414290a4340c7e9886e9a2b3756bc6e942ac8c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gtssl-ocsp.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gtssl-aia.geotrust.com/gtssl.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.113733.1.7.54
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.geotrust.com/resources/cps'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00426cba98c320e0e92456f719e253d1dc8d1676bab615d4552658761b02f6925fea2c9be9e717a3215cdcbacce907ba126540a922f9ec366484ce21736fdbc203ddc563172bd9e31079b22530c8b5f8b2279c16bf47fea4537980fb3c44f20b216956f08b0475d62e196b8cd10c8c4851d7af58aca01e93fad17f1dd46e39f18924904929fc47159241216b067569bb6b7dfa23d04100d09b1fea177a88fa7cb62a81ec29a00a2cfcce0d51b450fc59f17abb496a87c0540afb3723b579d81cd71c26187f9b2e4e53c364ffa1086ebc5b4727eb5a9f636712ec1b08206a8056901d29d856fd25e44de5e5057a3a79710193095da366998b5c3fd37cd649119b6c