*.stg.rzone.de

- Strato AG -

Issued by GeoTrust TLS RSA CA G1

About this certificate

This digital certificate with serial number 0e:ff:68:17:bb:23:8d:77:e7:f5:6d:ce:4f:c0:ae:1a was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Strato AG

Organization: Strato AG
State / Province: Berlin
Locality: Berlin
Country: DE

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0e:ff:68:17:bb:23:8d:77:e7:f5:6d:ce:4f:c0:ae:1a
Serial Number (int): 19935338890678398173561486162505281050
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 44:56:ce:a5:63:13:b8:c5:07:93:2d:6f:e6:fc:8d:65:4a:4c:5d:ad
AuthorityKeyId: 94:4f:d4:5d:8b:e4:a4:e2:a6:80:fe:fd:d8:f9:00:ef:a3:be:02:57

Fingerprint (sha1): 05:58:e1:a6:17:3d:b7:e6:89:aa:0a:32:cf:36:6e:60:7f:e9:15:45
Fingerprint (sha256): 15:b3:3d:fc:4e:88:ba:dd:1d:6c:be:4e:d6:0d:aa:fc:eb:25:cb:3a:32:ee:2d:b2:8f:ab:23:e5:84:58:db:a2

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl

Check the revocation status for certificate *.stg.rzone.de

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.stg.rzone.de

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.stg.rzone.de
stg.rzone.de

Other certificates including the domain name rzone.de

(limited to 100 certificates)
smtpin.test.rzone.de
*.stg.rzone.de
smtpin.rzone.de
wopi-thole.stg.rzone.de
wopi-dev.stg.rzone.de
*.s4.stg.rzone.de
smtpin.rzone.de
*.rzone.de
robot.prov.rzone.de
wopi.stg.rzone.de
test1.rzone.de
*.auth.test.rzone.de
test1.rzone.de
smtp.rzone.de
wopi-dev.stg.rzone.de
wopi.stg.rzone.de
robot.prov.rzone.de
*.rzone.de
wopi-dev.stg.rzone.de
imap.test.strato.de
*.stg.rzone.de
test3.rzone.de
wopi-dev.stg.rzone.de
smtpin.test.rzone.de
wopi-dev.stg.rzone.de
wopi-dev.stg.rzone.de
test1.rzone.de
test1.rzone.de
smtpin.rzone.de
*.smtp.rzone.de
relay.rzone.de
wild.stg.rzone.de
wopi-thole.stg.rzone.de
*.ox.rzone.de
*.ox.rzone.de
imap.test.strato.de
*.stg.rzone.de
*.s4.stg.rzone.de
wopi.stg.rzone.de
test1.rzone.de
wopi-thole.stg.rzone.de
smtpin.rzone.de
imap.test.strato.de
smtpin.rzone.de
wopi.stg.rzone.de
smtp.rzone.de
relay.rzone.de
smtp.rzone.de
*.s4.stg.rzone.de
wopi.stg.rzone.de
imap.test.strato.de
*.smtp.rzone.de
*.ox.rzone.de
smtp.test.rzone.de
*.stg.rzone.de
*.ox.rzone.de
*.rzone.de
smtp.rzone.de
*.s4.stg.rzone.de
*.smtp.rzone.de
wopi.stg.rzone.de
wopi-dev.stg.rzone.de
*.stg.rzone.de
wopi-dev.stg.rzone.de
*.rzone.de
test1.rzone.de
wopi.stg.rzone.de
robot.prov.rzone.de
imap.test.strato.de
wopi.stg.rzone.de
wopi-dev.stg.rzone.de
robot.prov.rzone.de
smtp.rzone.de
test1.rzone.de
*.s4.stg.rzone.de
wopi.stg.rzone.de
*.ox.rzone.de
test2.rzone.de
smtpin.rzone.de
wopi-dev.stg.rzone.de
smtpin.rzone.de
*.auth.test.rzone.de
smtp.rzone.de
wild.rzone.de
*.test.rzone.de
ox-test.rzone.de
wopi.stg.rzone.de
*.rzone.de
*.test.rzone.de
wopi-dev.stg.rzone.de
*.auth.rzone.de
test2.rzone.de
*.rzone.de
*.rzone.de
*.ox.rzone.de
test1.rzone.de
ox-test.rzone.de
*.smtp.rzone.de
openstack-demo.rzone.de
wopi.stg.rzone.de

Certificate

The complete raw certificate details for *.stg.rzone.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHaTCCBlGgAwIBAgIQDv9oF7sjjXfn9W3OT8CuGjANBgkqhkiG9w0BAQsFADBg
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZHZW9UcnVzdCBUTFMgUlNBIENBIEcx
MB4XDTIzMDQwNDAwMDAwMFoXDTI0MDUwNDIzNTk1OVowXDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMRIwEAYDVQQKEwlTdHJh
dG8gQUcxFzAVBgNVBAMMDiouc3RnLnJ6b25lLmRlMIICIjANBgkqhkiG9w0BAQEF
AAOCAg8AMIICCgKCAgEAzYP5nBFHD7abVDKATPaveBbCTdSJ++DKllIEztR+3ipc
hKO83I4O+Pe1X3L3hfvBvB2e7eKMhkIwTL6FaGdRWC/w4Brk+N0IH34oQtY83H4d
y5QEKjgLZvNNM9pMbkWjx9GSXZSVUyOUuRNfz2j7SOlTelMdNj6ig6kXoDBrShTG
GL7gna+1H0mf5T5QMJBH7+Xknl3kwmc5YJAlkt4BIlESJeMOl1ahuf+60/lFLl9+
BfZvJmLhlRk3oxHoTjP+/U7Ey3jo7oWkAHsMZ6UI2n+gXXWfEcnDe3Cgi300M0g/
tvG4ZInzbepSgGq3yGDbUTiIv///nOhPnACpCrhGhXLmERoiCuZtu8tqs3L5+5cD
A11KHcZhMl5bwXquZ/hWB/wsNZHJLRvGNE75AJfYS37DeOgyg8rsBRT1TcveyjFT
YUAecTAe4DJzuD+zlHz0LPy0gnodztQw9BFsYmJ4WW0P00nTna5X9uedsb3KTQSl
IQdaIJOgKVE6wL3Zl/nwIFju1GGYCNAwQwhFSEJ0fVvD3hnagHXr2pIT9xeJ7H57
0fatY7JV2mVH73jhdlE73Gw3XaeNoaVCbuOSkakO3MfsMcYoyyG0dsBVrXnUSoq4
H941eE5ifvDan34EaOI3DuFq/gUOsZb+sqcu0S7bfkGMgJAyjjKrA7iycSLnhF8C
AwEAAaOCAyEwggMdMB8GA1UdIwQYMBaAFJRP1F2L5KTipoD+/dj5AO+jvgJXMB0G
A1UdDgQWBBREVs6lYxO4xQeTLW/m/I1lSkxdrTAnBgNVHREEIDAegg4qLnN0Zy5y
em9uZS5kZYIMc3RnLnJ6b25lLmRlMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2Nk
cC5nZW90cnVzdC5jb20vR2VvVHJ1c3RUTFNSU0FDQUcxLmNybDA+BgNVHSAENzA1
MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNv
bS9DUFMwdgYIKwYBBQUHAQEEajBoMCYGCCsGAQUFBzABhhpodHRwOi8vc3RhdHVz
Lmdlb3RydXN0LmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL2NhY2VydHMuZ2VvdHJ1
c3QuY29tL0dlb1RydXN0VExTUlNBQ0FHMS5jcnQwCQYDVR0TBAIwADCCAX0GCisG
AQQB1nkCBAIEggFtBIIBaQFnAHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZ
RnEftZsAAAGHSyUhIwAABAMARzBFAiEAxmUxb1hQymC2FKoBGiGdLBIq55VsvRQt
CI8mBp9j8MsCIEr8LHtLKzW0VZ/NcXFXzLNLkm/hZEUqEO4xO/tbAKAhAHYAc9me
iRtMlnigIH1HneayxhzQUV5xGSqMa4AQesF3crUAAAGHSyUhfAAABAMARzBFAiBY
h+98u4ct0msrMiLOqh1VwIBLVVOcPVTPEF5uAbZtnAIhAMdYuuexodP3U+lxy1Nb
Ru/tP/rtga4TRSmLH4yoBXoVAHUASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/
qznYhHMAAAGHSyUhRQAABAMARjBEAiBZMtESfN8KcPOTUt6WgADvGXd1MvGLaRR2
yUAKMZmnGAIgN0UBZ/Ig79PzHreaBl3KzRLEUrlCq+nTvzFgl0wInwUwDQYJKoZI
hvcNAQELBQADggEBAEMRJCEzcDLV3RXI5G6icW8CynA5qDaO41ZI6xqp+1sTScct
CMPK1EEcQ//1k200xa1Lg09seuKznXeVhP33Vqjy/aMUotMTB0yJ8yO9pCtjOMPT
fdqUk7oVEhvoBHuZnNdeNihPQYs7z2qnw5NytZjgeyy+TA8yGJcZE/2j+kmSD5Pb
1sJ4vA/pLBxbNXC5gtacNRUg2ub1+m1HAFaeMzekLDqffk9rBrL0dmVSLk8wy8g0
WhCzfbuRpTkQ6KTiFlLJXVMxb2ZUZtFHRPcIG8wIVEmVx0R1kg/oQbTK/Yj14ZOn
B3b2woF8cQBEER7vYK1/WkLYOL11J5+3o8S5VJU=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzYP5nBFHD7abVDKATPav
eBbCTdSJ++DKllIEztR+3ipchKO83I4O+Pe1X3L3hfvBvB2e7eKMhkIwTL6FaGdR
WC/w4Brk+N0IH34oQtY83H4dy5QEKjgLZvNNM9pMbkWjx9GSXZSVUyOUuRNfz2j7
SOlTelMdNj6ig6kXoDBrShTGGL7gna+1H0mf5T5QMJBH7+Xknl3kwmc5YJAlkt4B
IlESJeMOl1ahuf+60/lFLl9+BfZvJmLhlRk3oxHoTjP+/U7Ey3jo7oWkAHsMZ6UI
2n+gXXWfEcnDe3Cgi300M0g/tvG4ZInzbepSgGq3yGDbUTiIv///nOhPnACpCrhG
hXLmERoiCuZtu8tqs3L5+5cDA11KHcZhMl5bwXquZ/hWB/wsNZHJLRvGNE75AJfY
S37DeOgyg8rsBRT1TcveyjFTYUAecTAe4DJzuD+zlHz0LPy0gnodztQw9BFsYmJ4
WW0P00nTna5X9uedsb3KTQSlIQdaIJOgKVE6wL3Zl/nwIFju1GGYCNAwQwhFSEJ0
fVvD3hnagHXr2pIT9xeJ7H570fatY7JV2mVH73jhdlE73Gw3XaeNoaVCbuOSkakO
3MfsMcYoyyG0dsBVrXnUSoq4H941eE5ifvDan34EaOI3DuFq/gUOsZb+sqcu0S7b
fkGMgJAyjjKrA7iycSLnhF8CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 19935338890678398173561486162505281050
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust TLS RSA CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-04-04 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-04 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Berlin'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Berlin'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Strato AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.stg.rzone.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 838430202613967048103774588669290237670303045611471933384895219866921283755846785963382334296470849569214785711053931057399099715104248856529775580005189860628643915546994983352712786804408751813884903079082046795966981751588198451794864912264141312949712774788261474355958005185603101319676875888101668302052067561261887498675098299370278137770599841890211463854491730463557448777540169905307730725808275029156443672720337533234165485583941457976782484134591687543322792556465371275182255657649315040068891618967090458632329910204041703799109392164350607315997557908541781624973937837777464978083154499236679756759856411859717797656249415375312512094598921139850961115286011867484336053066889955597004771255455484948631289199829494241155644130574197975683184537147692857440494976840074033224420178256442163242903983453779957534605060593879200493947497415943261986938934985581376481315595705094335662262242845961009802960992995193530886726643092878156813714138611160902122851705011942737207652999142416026483501909958426415130509056151367798068323415651637270490790785304709641534238465397839410922907024472974059784222019139993359121212697147217663249361890969777927778095451189663540452551319857704111228790566488174398833374495839
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 944fd45d8be4a4e2a680fefdd8f900efa3be0257
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							4456cea56313b8c507932d6fe6fc8d654a4c5dad
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.stg.rzone.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.rzone.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b000001874b2521230000040300473045022100c665316f5850ca60b614aa011a219d2c122ae7956cbd142d088f26069f63f0cb02204afc2c7b4b2b35b4559fcd717157ccb34b926fe164452a10ee313bfb5b00a02100760073d99e891b4c9678a0207d479de6b2c61cd0515e71192a8c6b80107ac17772b5000001874b25217c000004030047304502205887ef7cbb872dd26b2b3222ceaa1d55c0804b55539c3d54cf105e6e01b66d9c022100c758bae7b1a1d3f753e971cb535b46efed3ffaed81ae1345298b1f8ca8057a1500750048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d88473000001874b252145000004030046304402205932d1127cdf0a70f39352de968000ef19777532f18b691476c9400a3199a718022037450167f220efd3f31eb79a065dcacd12c452b942abe9d3bf3160974c089f05
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0043112421337032d5dd15c8e46ea2716f02ca7039a8368ee35648eb1aa9fb5b1349c72d08c3cad4411c43fff5936d34c5ad4b834f6c7ae2b39d779584fdf756a8f2fda314a2d313074c89f323bda42b6338c3d37dda9493ba15121be8047b999cd75e36284f418b3bcf6aa7c39372b598e07b2cbe4c0f3218971913fda3fa49920f93dbd6c278bc0fe92c1c5b3570b982d69c351520dae6f5fa6d4700569e3337a42c3a9f7e4f6b06b2f47665522e4f30cbc8345a10b37dbb91a53910e8a4e21652c95d53316f665466d14744f7081bcc08544995c74475920fe841b4cafd88f5e193a70776f6c2817c710044111eef60ad7f5a42d838bd75279fb7a3c4b95495