sfbext.bar.ch.glencore.net

- Glencore International AG -

Issued by Thawte RSA CA 2018

About this certificate

This digital certificate with serial number 0c:52:ab:ef:ba:dd:bd:c5:47:7d:7e:53:dc:36:21:2c was issued on by DigiCert Inc.

With 13 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Glencore International AG

Organization: Glencore International AG
Organization unit: IT
State / Province: Zug
Locality: Baar
Country: CH

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0c:52:ab:ef:ba:dd:bd:c5:47:7d:7e:53:dc:36:21:2c
Serial Number (int): 16379991577224192284534638420904255788
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: c0:de:e4:2a:90:04:db:c6:c0:2d:1f:5a:5f:07:49:25:2d:8f:61:e4
AuthorityKeyId: a3:c8:5e:65:54:e5:30:78:c1:05:ea:07:0a:6a:59:cc:b9:fe:de:5a

Fingerprint (sha1): d7:7d:93:72:10:01:c7:ec:35:c8:b6:54:46:f2:63:64:c6:3c:ad:8c
Fingerprint (sha256): 15:d3:1f:e2:80:c7:4c:b9:b5:2a:b8:88:b6:e2:fd:10:50:37:2c:f9:cd:d2:13:38:50:1a:4e:8c:ca:e3:b2:40

Issuing Certificate URL: http://cacerts.thawte.com/ThawteRSACA2018.crt

Revocation information

OCSP Server: http://status.thawte.com
CRL Distribution Point: http://cdp.thawte.com/ThawteRSACA2018.crl

Check the revocation status for certificate sfbext.bar.ch.glencore.net

13

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for sfbext.bar.ch.glencore.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

sfbext.bar.ch.glencore.net
lyncdiscover.glencore-ca.com
lyncdiscover.glencore-us.com
lyncdiscover.glencore.us
lyncdiscover.glencore.ca
lyncdiscover.glencore.co.uk
lyncdiscover.glencore.co.za
lyncdiscover.glencore.com
lyncdiscover.glencore.com.au
lyncdiscover.glencore.com.sg
meet.ch.glencore.net
meet.glencore.net
owebapp.met.ch.glencore.net

Other certificates including the domain name glencore.net

(limited to 100 certificates)
ap.syd.au.glencore.net
testmyid.ch.glencore.net
*.de.glencore.net
b2b.stg.cl.glencore.net
ucb-sam.glencore.com
mail.nam.glencore.net
UCB-AUS.glencore.com
*.pe.glencore.net
www.glencore.com
afenav.ldn.gb.glencore.net
ap.bar.ch.glencore.net
sfbext.mtl.ca.glencore.net
connect.eur.glencore.net
helpme.glencore.net
ap.mtl.ca.glencore.net
emm-admin.glencore.net
fileshare.ca.glencore.net
www.glencore.com
edw.ldn.gb.glencore.net
acb-eur.glencore.com
sts.glencore.net
connect.ktg.cd.glencore.net
helpme.glencore.net
*.au.glencore.net
static-test.glencore.net
www.glencore.com
www.glencore.com
groupmobility.glencore.net
sfbext.ch.glencore.net
fileshare.ca.glencore.net
usti.cz.glencore.net
sfbext.bar.ch.glencore.net
connect.eur.glencore.net
*.ca.glencore.net
UCA-NAM.glencore.com
ap.zrh.ch.glencore.net
*.za.glencore.net
emm-device-test.glencore.net
glccmg.glencore.net
b2b.krs.no.glencore.net
*.glencore.net
mail.eur.glencore.net
www.glencore.com
helpme.glencore.net
adfs.glencore.net
*.za.glencore.net
UCB-ZAF.glencore.com
induction.coal.au.glencore.net
UCB-EUR.glencore.com
b2b.stg.cl.glencore.net
bienvenueccr.mtl.ca.glencore.net
*.za.glencore.net
sfbext.zrh.ch.glencore.net
connect.sas.ar.glencore.net
UCB-NAM.glencore.com
*.br.glencore.net
b2b.stg.cl.glencore.net
*.sg.glencore.net
ewac1.ldn.gb.glencore.net
sfbext.bar.ch.glencore.net
b2b.aus.glencore.net
uca-eur.glencore.com
myid.ch.glencore.net
*.au.glencore.net
bienvenueccr.mtl.ca.glencore.net
ap.bar.ch.glencore.net
ewac2.ldn.gb.glencore.net
formations.rag.ca.glencore.net
www.glencore.com
GLCPT1CMG.GLENCORE.NET
connect.spd.br.glencore.net
usti.cz.glencore.net
sc-test.glencore.net
www.glencore.com
helpme.glencore.net
b2b.stg.cl.glencore.net
www.glencore.com
sfbext.zrh.ch.glencore.net
*.br.glencore.net
*.sam.glencore.net
*.cn.glencore.net
acs.bne.au.glencore.net
UCA-ZAF.glencore.com
helpme.glencore.net
ap.bar.ch.glencore.net
helpme.glencore.net
ap.bar.ch.glencore.net
sfbext.sng.sg.glencore.net
www.glencore.com
connect.mak.ph.glencore.net
*.ca.glencore.net
ap.mtl.ca.glencore.net
UCB-SAM.glencore.com
perthview.per.au.glencore.net
edw-test.ldn.gb.glencore.net
ecms-demo.glencore.net
*.za.glencore.net
www.glencore.com
ucb-eur.glencore.com
*.sg.glencore.net

Certificate

The complete raw certificate details for sfbext.bar.ch.glencore.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGazCCBVOgAwIBAgIQDFKr77rdvcVHfX5T3DYhLDANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcN
MTgwNTE0MDAwMDAwWhcNMTkwNTE0MTIwMDAwWjCBgDELMAkGA1UEBhMCQ0gxDDAK
BgNVBAgTA1p1ZzENMAsGA1UEBxMEQmFhcjEiMCAGA1UEChMZR2xlbmNvcmUgSW50
ZXJuYXRpb25hbCBBRzELMAkGA1UECxMCSVQxIzAhBgNVBAMTGnNmYmV4dC5iYXIu
Y2guZ2xlbmNvcmUubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
kp50uFqKKV8VpgPr7j4SvE9fecrEDBjyp7tpjK7to2uApSd3Mvvesw+SQe/WkPQK
g5bnuw3rWHcaVsCtybl5bbzRZnLpKyL6Ykop26qCvrV+8pKF4tpjayKwl4H3NkY1
apAICQbVPoCC2VzFm4fNHPvvY9AQqR10xMAAm5rpl35VehbJdxEvpowrEvnsAvJ8
SaqOfzo0j3Z/5kFO9K3UPOeMUBmf/cYYfrp6tWTHDAx05nx5jlR/XyI+xAxmeLy6
DSozU7ux9X03L0iu+jC0ndjb7YTo4AeMLqL7sWLwmUlcwij2GxKyGYyE/AfyAUuS
lbwbYu5WAQVT+AZfrd1DUwIDAQABo4IDAjCCAv4wHwYDVR0jBBgwFoAUo8heZVTl
MHjBBeoHCmpZzLn+3lowHQYDVR0OBBYEFMDe5CqQBNvGwC0fWl8HSSUtj2HkMIIB
cAYDVR0RBIIBZzCCAWOCGnNmYmV4dC5iYXIuY2guZ2xlbmNvcmUubmV0ghxseW5j
ZGlzY292ZXIuZ2xlbmNvcmUtY2EuY29tghxseW5jZGlzY292ZXIuZ2xlbmNvcmUt
dXMuY29tghhseW5jZGlzY292ZXIuZ2xlbmNvcmUudXOCGGx5bmNkaXNjb3Zlci5n
bGVuY29yZS5jYYIbbHluY2Rpc2NvdmVyLmdsZW5jb3JlLmNvLnVrghtseW5jZGlz
Y292ZXIuZ2xlbmNvcmUuY28uemGCGWx5bmNkaXNjb3Zlci5nbGVuY29yZS5jb22C
HGx5bmNkaXNjb3Zlci5nbGVuY29yZS5jb20uYXWCHGx5bmNkaXNjb3Zlci5nbGVu
Y29yZS5jb20uc2eCFG1lZXQuY2guZ2xlbmNvcmUubmV0ghFtZWV0LmdsZW5jb3Jl
Lm5ldIIbb3dlYmFwcC5tZXQuY2guZ2xlbmNvcmUubmV0MA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOgYDVR0fBDMwMTAvoC2g
K4YpaHR0cDovL2NkcC50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5jcmwwTAYD
VR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cu
ZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbwYIKwYBBQUHAQEEYzBhMCQGCCsG
AQUFBzABhhhodHRwOi8vc3RhdHVzLnRoYXd0ZS5jb20wOQYIKwYBBQUHMAKGLWh0
dHA6Ly9jYWNlcnRzLnRoYXd0ZS5jb20vVGhhd3RlUlNBQ0EyMDE4LmNydDAJBgNV
HRMEAjAAMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQCE
WMxnbNRtat6r39K7MgNInmx/9q7cCYPEkA1tvZFQaGuiybgqjS9bUV9SK6b6niiR
tKLaqfiNgcMLJ286vPw+BTeal3nOK+AA5b0ZOHVFKdzfowDFYriBT9ou/xIbJhXQ
OuIXKTVdZHI0oxX6K7imyJNBYq5VooWekP5jL5LI7SA8J4RDn9rgiTbEQ7q4gcEm
6avwarwCP161BopJgVzVR551YIpXOwAMf/8AOp6ni0SQq9TSPdgWoxSC523Maaoc
EGUR7rnT5od8b1oqnzyki/n2dn8ak7qgKudmUliAQYgmn57e4VS8VnCnKmUV6Nd1
Q088Xofyr7HcPzOJHiJY
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkp50uFqKKV8VpgPr7j4S
vE9fecrEDBjyp7tpjK7to2uApSd3Mvvesw+SQe/WkPQKg5bnuw3rWHcaVsCtybl5
bbzRZnLpKyL6Ykop26qCvrV+8pKF4tpjayKwl4H3NkY1apAICQbVPoCC2VzFm4fN
HPvvY9AQqR10xMAAm5rpl35VehbJdxEvpowrEvnsAvJ8SaqOfzo0j3Z/5kFO9K3U
POeMUBmf/cYYfrp6tWTHDAx05nx5jlR/XyI+xAxmeLy6DSozU7ux9X03L0iu+jC0
ndjb7YTo4AeMLqL7sWLwmUlcwij2GxKyGYyE/AfyAUuSlbwbYu5WAQVT+AZfrd1D
UwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 16379991577224192284534638420904255788
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-05-14 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-05-14 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Zug'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Baar'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Glencore International AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'sfbext.bar.ch.glencore.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 18508930060304971571947990099093434946126757449377999924599479867786096640716167589993267046350491188529053596722281930371673106105395892644776193858878359332779944894770699581639921979357228085980821449381893636017765090816899960997684406455742954929532304993572749717288177989019212231808014202917389788316546735403560854265109985641366704692649546452314100394801842517413010819288048187122882804994242872682313943565260141577132153728703401732132566507687165995312911066230609712258322864283861409425649187307189735850419037966130296807204096026081320870941474895264908413781760821151508139232989457745243635794771
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a3c85e6554e53078c105ea070a6a59ccb9fede5a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							c0dee42a9004dbc6c02d1f5a5f0749252d8f61e4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (359 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sfbext.bar.ch.glencore.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.glencore-ca.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.glencore-us.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.glencore.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.glencore.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.glencore.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.glencore.co.za'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.glencore.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.glencore.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.glencore.com.sg'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'meet.ch.glencore.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'meet.glencore.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'owebapp.met.ch.glencore.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (51 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		008458cc676cd46d6adeabdfd2bb3203489e6c7ff6aedc0983c4900d6dbd9150686ba2c9b82a8d2f5b515f522ba6fa9e2891b4a2daa9f88d81c30b276f3abcfc3e05379a9779ce2be000e5bd1938754529dcdfa300c562b8814fda2eff121b2615d03ae21729355d647234a315fa2bb8a6c8934162ae55a2859e90fe632f92c8ed203c2784439fdae08936c443bab881c126e9abf06abc023f5eb5068a49815cd5479e75608a573b000c7fff003a9ea78b4490abd4d23dd816a31482e76dcc69aa1c106511eeb9d3e6877c6f5a2a9f3ca48bf9f6767f1a93baa02ae7665258804188269f9edee154bc5670a72a6515e8d775434f3c5e87f2afb1dc3f33891e2258