www.office.com

- Microsoft Corporation -

Issued by Microsoft Azure TLS Issuing CA 02

About this certificate

This digital certificate with serial number 33:00:58:fd:6b:1c:4a:d3:9f:39:09:04:56:00:00:00:58:fd:6b was issued on by Microsoft Corporation.

With 20 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Microsoft Corporation

Organization: Microsoft Corporation
State / Province: WA
Locality: Redmond
Country: US

Microsoft Corporation

Organization: Microsoft Corporation
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 33:00:58:fd:6b:1c:4a:d3:9f:39:09:04:56:00:00:00:58:fd:6b
Serial Number (int): 1137368286824183356096802730964515232874560875
Serial Number lenght: 150 bits, 19 octets

SubjectKeyId: 10:fc:5b:13:7d:0d:44:08:15:27:69:b8:30:c7:81:df:c1:c0:22:5f
AuthorityKeyId: 00:ab:91:fc:21:62:26:97:9a:a8:79:1b:61:41:90:60:a9:62:67:fd

Fingerprint (sha1): f9:4c:7b:fb:b6:d5:b1:3c:77:27:12:6f:18:6d:f2:8c:d0:55:57:f8
Fingerprint (sha256): 15:d0:d3:86:e6:98:9c:a9:ca:02:90:5c:6d:8e:7f:c1:88:92:b0:7d:0e:13:ca:a4:0c:f8:f1:10:cf:04:32:f6

Issuing Certificate URL: http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2002%20-%20xsign.crt

Revocation information

OCSP Server: http://oneocsp.microsoft.com/ocsp
CRL Distribution Point: http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20TLS%20Issuing%20CA%2002.crl

Check the revocation status for certificate www.office.com

20

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.office.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

12 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

home.office.com
login.office.com
office.com
signin.office.com
www.office.com
*.prodprv.office.com
*.www.office.com
word.office.com
excel.office.com
powerpoint.office.com
visio.office.com
apps.office.com
stream.office.com
fluid.office.com
www.microsoft365.com
microsoft365.com
*.www.microsoft365.com
m365.go.microsoft
m365.cloud.microsoft
officehome.japaneast.cloudapp.azure.com

Other certificates including the domain name office.com

(limited to 100 certificates)
loki.delve.office.com
*.asm.skype.com
df.incubator.aesir.office.com
5702666986455040-fe2.pantheonsite.io
officeapps.live.com
*.footprintdns.com
*.wac.gbl.office.com
5702666986455040-fe2.pantheonsite.io
augloop.office.com
cachewriter.teams.microsoft.com
www.office.com
gls.itarl4.ingestion.office.com
nam1.gcs.office.com
outlook.com
graph.windows.net
o365auditrealtimeingestion.manage.office.com
cachewriter.teams.microsoft.com
forms.office.com
authsvc.teams.microsoft.com
*.config.skype.com
*.fp.measure.office.com
app.ingestion.office.com
*.config.skype.com
augloop.office.com
www.office.com
ppe.sso.eduupgrade.office.com
bookings.outlookapps.com
www.office.com
www.office.com
tr-tmc-afd.office.com
augloop.office.com
cert00010-azurecdn.akamaized.net
SPOActivityPipeSigningCertKey.office.com
chatsvcagg.teams.microsoft.com
graph.windows.net
store.office.com
delve.office.com
graph.windows.net
test.test.test.outlook.com
*.footprintdns.com
*.asm.skype.com
outlook.com
setup.office.com
*.fp.measure.office.com
pls-cacheinv.teams.microsoft.com
5702666986455040-fe2.pantheonsite.io
*.footprintdns.com
griffinb2-gru-client.office.com
outlook.com
cisurvey.office.com
support.office.com
mdsrunnermgmt.office.com
bookings.outlookapps.com
gcp.ingestion.office.com
*.domains.live.com
support.officeppe.com
portal.office.com
*.footprintdns.com
prod.invite.teams.internal.office.com
ifttt.edog.office.com
OfficeOMEXSigningCertKey.office.com
www.office.com
cortana.office.com
setup.office.com
manage.office.com
api.orginsights.viva.office.com
office365-waffle.forms.office.com
*.config.skype.com
portal.office.com
outlook.live.com
desdemona.osikevlartorus.office.com
support.office.com
*.gcscluster.office.com
sender.office.com
lifecycle.office.com
afd.loki.delve.office.com
support.outlook.com
portal.office.com
*.footprintdns.com
YPPServicesSigningCertKey.office.com
gcc.loki.delve.office.com
reverseproxy.onenote.com
graph.windows.net
kvaccess.delve.office.com
config.office.com
www.silicon.help
outlook.com
www.office.com
o365auditrealtimeingestion.manage.office.com
support.office.com
kvapp.df.aesir.office.com
df.invite.teams.internal.office.com
outlook.com
prod.idsapi.loki.delve.office.com
*.footprintdns.com
cdn.forms.office.net
uci.officeapps.live.com
*.footprintdns.com
hrd.office.com
*.footprintdns.com

Certificate

The complete raw certificate details for www.office.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIaDCCBlCgAwIBAgITMwBY/WscStOfOQkEVgAAAFj9azANBgkqhkiG9w0BAQwF
ADBZMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MSowKAYDVQQDEyFNaWNyb3NvZnQgQXp1cmUgVExTIElzc3VpbmcgQ0EgMDIwHhcN
MjIwODE5MTkwNjQyWhcNMjMwODE0MTkwNjQyWjBlMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCV0ExEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD
b3Jwb3JhdGlvbjEXMBUGA1UEAxMOd3d3Lm9mZmljZS5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC38Q7vuiwVrkMjEipOREPTEJBdJJJOnf3d6l3p
0l+WtYqz9zpggWipXmb2/0Q+TGUgJgmypQO4cq+VOAZ6fCFiYVwBMFm4C8ME5bfJ
RGEouJeodM1BhcZoTIuZs0hmvHb8vHwf6RFesQPsmjnyxGAVMrCmLqVbh19xJSrS
3H/kamUz2Q4SwcYhQ8iRtlmGolZHWTYERXkh9frX2vnjsPqOfBA+AcmXfUcGVp86
LPkXhNgx+3KrdZEL5XsxtECDK1E9GDEY5+xykmVP7PdvcfAFB3Qc9Vx4ZySe0qkp
n9T7Xo2iHll99nWj4GtaZVAnTLkLpVZRisxt5hwFiBCtOifJAgMBAAGjggQbMIIE
FzATBgorBgEEAdZ5AgQDAQH/BAIFADAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUF
BwMCMAoGCCsGAQUFBwMBMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIe91xuB
5+tGgoGdLo7QDIfw2h1dgoTlaYLzpz4CAWQCASUwga4GCCsGAQUFBwEBBIGhMIGe
MG0GCCsGAQUFBzAChmFodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2Nl
cnRzL01pY3Jvc29mdCUyMEF6dXJlJTIwVExTJTIwSXNzdWluZyUyMENBJTIwMDIl
MjAtJTIweHNpZ24uY3J0MC0GCCsGAQUFBzABhiFodHRwOi8vb25lb2NzcC5taWNy
b3NvZnQuY29tL29jc3AwHQYDVR0OBBYEFBD8WxN9DUQIFSdpuDDHgd/BwCJfMA4G
A1UdDwEB/wQEAwIEsDCCAZsGA1UdEQSCAZIwggGOgg9ob21lLm9mZmljZS5jb22C
EGxvZ2luLm9mZmljZS5jb22CCm9mZmljZS5jb22CEXNpZ25pbi5vZmZpY2UuY29t
gg53d3cub2ZmaWNlLmNvbYIUKi5wcm9kcHJ2Lm9mZmljZS5jb22CECoud3d3Lm9m
ZmljZS5jb22CD3dvcmQub2ZmaWNlLmNvbYIQZXhjZWwub2ZmaWNlLmNvbYIVcG93
ZXJwb2ludC5vZmZpY2UuY29tghB2aXNpby5vZmZpY2UuY29tgg9hcHBzLm9mZmlj
ZS5jb22CEXN0cmVhbS5vZmZpY2UuY29tghBmbHVpZC5vZmZpY2UuY29tghR3d3cu
bWljcm9zb2Z0MzY1LmNvbYIQbWljcm9zb2Z0MzY1LmNvbYIWKi53d3cubWljcm9z
b2Z0MzY1LmNvbYIRbTM2NS5nby5taWNyb3NvZnSCFG0zNjUuY2xvdWQubWljcm9z
b2Z0gidvZmZpY2Vob21lLmphcGFuZWFzdC5jbG91ZGFwcC5henVyZS5jb20wDAYD
VR0TAQH/BAIwADBkBgNVHR8EXTBbMFmgV6BVhlNodHRwOi8vd3d3Lm1pY3Jvc29m
dC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBBenVyZSUyMFRMUyUyMElzc3Vp
bmclMjBDQSUyMDAyLmNybDBmBgNVHSAEXzBdMFEGDCsGAQQBgjdMg30BATBBMD8G
CCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3Mv
UmVwb3NpdG9yeS5odG0wCAYGZ4EMAQICMB8GA1UdIwQYMBaAFACrkfwhYiaXmqh5
G2FBkGCpYmf9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG
9w0BAQwFAAOCAgEArI/T4XdDjX+WPZtF3EHo1bWywiGNX08fhIZ26riizmu5M053
G02wyPjpWkVgL44byFwHA3kx2R7Kph+lNB/su4qciYCHw7pLhSLSQ9CAvhEgBTcx
2pY+vtxSLHbinO0tuYz8fm01FWSYZXi19CktNNkHYNz9dJ26uI7t7qhkb3aHIDDt
AQNXpSECQei5lONx51Arv1PiP+ZyGi3AbcWo8NQymZXvPRO8/90jtlqbQci6WoQf
FcfEnGgdksyV7MA30IkrCF1LeZMWMzaFKz4JlF6glt7YhZSNzQgQ7fB/hDzFIpNw
WEkhj0OWF98sH3W3ONkuo/Zndxt7pKwn59wTkCmIvHfJMvQZI8L9mo9yguTmlPw4
M5vfFkaT9kUm5myjyGJVs6hOyL7zMJj27LjwJ93vtUXSrA/sVSX++QlpCKtqvP74
6Hj5TPOCLxtoWV3rbI9HMEZ7GGhKUUxBGvm6Dmug2387k0yFLWsqmIqaAyx8DBKk
fgf+HYXylQrSRB4Dji1PonKCrHPt+DpR/6EOLXg6shpVplzhiDu7n/BK7YjMcoyx
Ha9IrCMhEEpJUJVbPTJwveDiHVfVHYJo7GwjZLRARxpBaP5t0DkhY/ascXzQfcew
oD2t/RGws8pheENDzV7pvm5c26eDoKLH4HDAzsEfa1joDvOvX50Iji4UDGk=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/EO77osFa5DIxIqTkRD
0xCQXSSSTp393epd6dJflrWKs/c6YIFoqV5m9v9EPkxlICYJsqUDuHKvlTgGenwh
YmFcATBZuAvDBOW3yURhKLiXqHTNQYXGaEyLmbNIZrx2/Lx8H+kRXrED7Jo58sRg
FTKwpi6lW4dfcSUq0tx/5GplM9kOEsHGIUPIkbZZhqJWR1k2BEV5IfX619r547D6
jnwQPgHJl31HBlafOiz5F4TYMftyq3WRC+V7MbRAgytRPRgxGOfscpJlT+z3b3Hw
BQd0HPVceGckntKpKZ/U+16Noh5ZffZ1o+BrWmVQJ0y5C6VWUYrMbeYcBYgQrTon
yQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1137368286824183356096802730964515232874560875
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Azure TLS Issuing CA 02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-08-19 19:06:42 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-08-14 19:06:42 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'WA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.office.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23220480109285569869400554719368363475893155961565655387021782482142015817515029471303953436950524401956380439485003419943266193711656154771732982475509860798562606859662865437763017807788389475160173200009763879641163998173471696677967801499298522912061686505058694698244429799310803692883334572532697261310761425753725821677753753303291080280851020176261310361944257538927415960650100312099739950149774179583792463260761744505299821610167764020412539792846074775110101672729489260995349977792553396462179248353713525882555361781101632670729882713226118587268730244213196471365019308824380117877619472597681228621769
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (47 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.15690651.3798470.4214446.239628.16526621.93.4272873.6083518
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 37
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (161 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2002%20-%20xsign.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://oneocsp.microsoft.com/ocsp'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							10fc5b137d0d4408152769b830c781dfc1c0225f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (402 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'home.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'login.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'signin.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prodprv.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.www.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'word.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'excel.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'powerpoint.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'visio.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apps.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stream.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fluid.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.microsoft365.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'microsoft365.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.www.microsoft365.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'm365.go.microsoft'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'm365.cloud.microsoft'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'officehome.japaneast.cloudapp.azure.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (93 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20TLS%20Issuing%20CA%2002.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (95 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.76.509.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pkiops/Docs/Repository.htm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 00ab91fc216226979aa8791b61419060a96267fd
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00ac8fd3e177438d7f963d9b45dc41e8d5b5b2c2218d5f4f1f848676eab8a2ce6bb9334e771b4db0c8f8e95a45602f8e1bc85c07037931d91ecaa61fa5341fecbb8a9c898087c3ba4b8522d243d080be1120053731da963ebedc522c76e29ced2db98cfc7e6d351564986578b5f4292d34d90760dcfd749dbab88eedeea8646f76872030ed010357a5210241e8b994e371e7502bbf53e23fe6721a2dc06dc5a8f0d4329995ef3d13bcffdd23b65a9b41c8ba5a841f15c7c49c681d92cc95ecc037d0892b085d4b7993163336852b3e09945ea096ded885948dcd0810edf07f843cc52293705849218f439617df2c1f75b738d92ea3f667771b7ba4ac27e7dc13902988bc77c932f41923c2fd9a8f7282e4e694fc38339bdf164693f64526e66ca3c86255b3a84ec8bef33098f6ecb8f027ddefb545d2ac0fec5525fef9096908ab6abcfef8e878f94cf3822f1b68595deb6c8f4730467b18684a514c411af9ba0e6ba0db7f3b934c852d6b2a988a9a032c7c0c12a47e07fe1d85f2950ad2441e038e2d4fa27282ac73edf83a51ffa10e2d783ab21a55a65ce1883bbb9ff04aed88cc728cb11daf48ac2321104a4950955b3d3270bde0e21d57d51d8268ec6c2364b440471a4168fe6dd0392163f6ac717cd07dc7b0a03dadfd11b0b3ca61784343cd5ee9be6e5cdba783a0a2c7e070c0cec11f6b58e80ef3af5f9d088e2e140c69