gbbsp.hangseng.com

- HANG SENG BANK LTD -

Issued by DigiCert SHA2 Extended Validation Server CA

About this certificate

This digital certificate with serial number 01:15:9d:29:59:41:77:1e:f8:9d:ca:c6:29:c2:51:43 was issued on by DigiCert Inc.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

HANG SENG BANK LTD

Company registration number: 0003653
Organization: HANG SENG BANK LTD
Organization unit: GPEV gbbsp hase 2018 ad
Locality: CENTRAL
Country: HK

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 01:15:9d:29:59:41:77:1e:f8:9d:ca:c6:29:c2:51:43
Serial Number (int): 1441453844099892235500492094078865731
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: a4:d8:ef:a3:18:02:20:7e:32:49:a2:82:93:3a:da:0a:b5:88:73:26
AuthorityKeyId: 3d:d3:50:a5:d6:a0:ad:ee:f3:4a:60:0a:65:d3:21:d4:f8:f8:d6:0f

Fingerprint (sha1): be:9c:00:bf:94:78:e0:1c:12:e1:ea:ee:4f:57:6f:6c:e5:7f:6e:fe
Fingerprint (sha256): 16:4f:ce:93:38:59:f5:1f:3d:03:4d:47:42:20:cc:c3:27:d5:c9:bc:46:7a:ab:6a:98:f0:61:a8:ea:3e:f8:19

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/sha2-ev-server-g2.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ev-server-g2.crl

Check the revocation status for certificate gbbsp.hangseng.com

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for gbbsp.hangseng.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

gbbsp.hangseng.com
gbbsp-1.hangseng.com
gbbsp-2.hangseng.com

Other certificates including the domain name hangseng.com

(limited to 100 certificates)
www.hangseng.com
qualityassurance-ebusiness-mobile.hangseng.com
hasecuppostlsskm.hangseng.com
uat-api.ob.hangseng.com
e-banking.hangseng.com
qualityassurance-cmb-api-uat.hangseng.com
ebusiness.hangseng.com
skm-e-banking.hangseng.com
quote3.hangseng.com
sat-quote.hangseng.com
preprod.iads.sandbox.ob.hangseng.com
origin-am6-gbbsp.hangseng.com
developer.hangseng.com
www.cardsmsservice.qualityassurance.hangseng.com
bank.hangseng.com
www.ipoonline.hangseng.com
uat.haseafepos.hangseng.com
san-12-s10.tlsprovisioning.exacttarget.com
www.cardsmsservice.hangseng.com
www.prd-ins-wis.hangseng.com
e-banking.hangseng.com
e-banking.hangseng.com
www.ipoonline.hangseng.com
sslcertificate2.queue-it.net
qualityassurance-hase-dbbsp-mauth-uat.hangseng.com
www.hangseng.com
devatmpcup.hangseng.com
cloud.cmb.hangseng.com
b2bedge2.b2b-apac.hsbc.com
quote3.hangseng.com
sandbox.ob.business.hangseng.com
preprod.directory.sandbox.ob.hangseng.com
uat-api.hangseng.com
sslcertificate2.queue-it.net
pilot-e-banking.hangseng.com
chatbot.hangseng.com
develop.hangseng.com
uat-developer.hangseng.com
san-12-s10.tlsprovisioning.exacttarget.com
www.hangseng.com
www.hangseng.com
qualityassurance-hase-gbbsp-uat.p2g.netd2.hangseng.com
coordinator.fl-dev.business.hangseng.com
www.hangseng.com
www.ipoonline.hangseng.com
www.hsi.com.hk
chatbot-uat.hangseng.com
click.cmb.hangseng.com
uat-api.ob.hangseng.com
e-banking.uat.hangseng.com
www.ipoonline.hsbc.com.hk
pages.messaging.hangseng.com
business.virtualassistant.hangseng.com
e-banking1.hangseng.com
qualityassurance-bank.hangseng.com
sslcertificate2.queue-it.net
digitalreceivablesfinance.business.hangseng.com
apply-bank.hangseng.com
appointment-uat.hangseng.com
uat-cms.hangseng.com
zone-apex-alb-lookup.prod.dynp.cloud1.vv1865.com
am6-gbbsp.hangseng.com
preprod.iads.sandbox.ob.business.hangseng.com
www.ipoonline.hangseng.com
qualityassurance-ebusiness-mobile6.hangseng.com
e-banking2.hangseng.com
zone-apex-alb-lookup.preprod.dynp.cloud1.vv1865.com
zone-apex-alb-lookup.prod.dynp.cloud1.vv1865.com
qualityassurance-ebusiness-mobile5.hangseng.com
qualityassurance-ebusiness-mobile3.hangseng.com
uat-eba.hangseng.com
dco-ao-tko.hangseng.com
cloud.messaging.hangseng.com
e-banking.hangseng.com
www.enacservicehk.qualityassurance.hangseng.com
www.ipoonline.hangseng.com
dsp.hangseng.com
www.visatokenotp.hangseng.com
inv.hangseng.com
www.qualityassurance.ipoonline.hangseng.com
e-banking.hangseng.com
ob.hangseng.com
uat.securepay.hangseng.com
apply-ebusiness.hangseng.com
sslcertificate2.queue-it.net
uat-eba.hangseng.com
chatbot-uat.hangseng.com
san-12-s10.tlsprovisioning.exacttarget.com
tx.fghk-dev3.hangseng.com
e-banking.hangseng.com
b2bedge1.b2b-apac.hsbc.com
sslcertificate2.queue-it.net
gbbsp.hangseng.com
sslcertificate2.queue-it.net
e-banking1.hangseng.com
sslcertificate2.queue-it.net
tx.fghk.hangseng.com
e-banking2.hangseng.com
devmcup.hangseng.com
e-banking.uat.hangseng.com

Certificate

The complete raw certificate details for gbbsp.hangseng.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG4zCCBcugAwIBAgIQARWdKVlBdx74ncrGKcJRQzANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDUyNTAwMDAwMFoXDTE5MDUyNjEy
MDAwMFowgcExHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAkhLMRAwDgYDVQQFEwcwMDAzNjUzMQswCQYDVQQGEwJISzEQMA4G
A1UEBxMHQ0VOVFJBTDEbMBkGA1UEChMSSEFORyBTRU5HIEJBTksgTFREMSAwHgYD
VQQLExdHUEVWIGdiYnNwIGhhc2UgMjAxOCBhZDEbMBkGA1UEAxMSZ2Jic3AuaGFu
Z3NlbmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlc/veK4Z
sBYltDIEJ+/LWoO7G+izP6FhYnRu/kzv9jNjKhvMxnfy7v9Zj/cYDd5OuVbZj90n
oJYQ49LELshconNBq/1Aj2ZcwadQjMtw7HNxEFRJHe8r72K1gIHbZ9yMDcu065nf
vBi7AM0kqGYBftHhFSolSDWyR2HyGaFahBMz1xn0R4Z++J51bLjDrd5Mw/mDWqG+
GNSv85buRK2pqpnYNKRYZVv6xz1m+LphsEttK/z+EBKriW6FXLlNkz9bC3wvg7wp
n6z0cKFMKBvr2EFwmUj44nmjwgjw0BozsRoNN/vCkFilTwrFEuNXQtUN6/W8cQ9a
ziJxvCE10ZWBWQIDAQABo4IDIDCCAxwwHwYDVR0jBBgwFoAUPdNQpdagre7zSmAK
ZdMh1Pj41g8wHQYDVR0OBBYEFKTY76MYAiB+MkmigpM62gq1iHMmMEkGA1UdEQRC
MECCEmdiYnNwLmhhbmdzZW5nLmNvbYIUZ2Jic3AtMS5oYW5nc2VuZy5jb22CFGdi
YnNwLTIuaGFuZ3NlbmcuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMu
ZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDA0oDKgMIYuaHR0cDov
L2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcyLmNybDBLBgNVHSAE
RDBCMDcGCWCGSAGG/WwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdp
Y2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUH
MAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDov
L2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRh
dGlvblNlcnZlckNBLmNydDAJBgNVHRMEAjAAMIIBBAYKKwYBBAHWeQIEAgSB9QSB
8gDwAHcApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFjlPDdmwAA
BAMASDBGAiEA8sQIH2ku6FnEKKWELPL9u6RQUnZ1TEwViNE8FZD1Yj4CIQCRC8Wx
oy5SlJiR3+daXsk7BCLwbduNDMSH5hWX4Gc0/wB1AFYUBpov18Ls0/XhvUSyPsdG
drm8mRFcwO+UmFXWidDdAAABY5Tw3fYAAAQDAEYwRAIgcLHazxngNabYmK8y5oCS
2CmR3occqhbSLRk6a++GAfsCICKj0i4m9nUroQc64GYLJ32UQk7jbACQqoTjKfnW
e3+MMA0GCSqGSIb3DQEBCwUAA4IBAQBHpDcX9Vs50kTI2LKUEfYCs6MjsOn1DWaR
PJ7VJaVitrYRg5UfIB8sERsVsyDopZQnDvW5Avti4BhTdlwMlaQ4mII9EdMVv95i
GO/uqn2R51sazA5B6aWjH3fpji3S3cncdurw0647fba8B+mSAsuITS0Q1SxLT2O0
8m22u3Ipo7Cup1TXDqFmyyctw5LUKDFkbMmZ248gz/zzmnLeipT6YOo2fXUiBqwG
1JvONSJcbJvK7RoIW+K9zDVWHRZxW9LLgm3StqhLIMqQZeCnP3EUl+ZVQuC4gviG
KvfZAdSig1ZnFP7cSSlnv0uQQZ8rDTxutwkTy+3uUeIQMdTOGtvU
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlc/veK4ZsBYltDIEJ+/L
WoO7G+izP6FhYnRu/kzv9jNjKhvMxnfy7v9Zj/cYDd5OuVbZj90noJYQ49LELshc
onNBq/1Aj2ZcwadQjMtw7HNxEFRJHe8r72K1gIHbZ9yMDcu065nfvBi7AM0kqGYB
ftHhFSolSDWyR2HyGaFahBMz1xn0R4Z++J51bLjDrd5Mw/mDWqG+GNSv85buRK2p
qpnYNKRYZVv6xz1m+LphsEttK/z+EBKriW6FXLlNkz9bC3wvg7wpn6z0cKFMKBvr
2EFwmUj44nmjwgjw0BozsRoNN/vCkFilTwrFEuNXQtUN6/W8cQ9aziJxvCE10ZWB
WQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1441453844099892235500492094078865731
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Extended Validation Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-05-25 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-05-26 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'HK'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '0003653'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'HK'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CENTRAL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'HANG SENG BANK LTD'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GPEV gbbsp hase 2018 ad'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'gbbsp.hangseng.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 18912044224629218524272394928039416419155073661367456354815524878512348458159783244429195266608797098554901205699453775045936075397297969573756819953175974305528864773843999580331067307961833633606380479147008013107206821573318423381929999870295419726894100618944556073604343727845403482049791904258254865135134297419586612003206330544779384482975990371672966552074593352209887930287456302368684475152793180703311926706467648190223394569412062787764511441118233866045071157255724822380843576424372984278749431070874473472926553852605477686462340530999327966530218254091476060526522005840597615309598233566352896262489
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 3dd350a5d6a0adeef34a600a65d321d4f8f8d60f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a4d8efa31802207e3249a282933ada0ab5887326
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gbbsp.hangseng.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gbbsp-1.hangseng.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gbbsp-2.hangseng.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ev-server-g2.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ev-server-g2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.2.1 (DigiCert EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (124 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007700a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016394f0dd9b0000040300483046022100f2c4081f692ee859c428a5842cf2fdbba4505276754c4c1588d13c1590f5623e022100910bc5b1a32e52949891dfe75a5ec93b0422f06ddb8d0cc487e61597e06734ff0075005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000016394f0ddf60000040300463044022070b1dacf19e035a6d898af32e68092d82991de871caa16d22d193a6bef8601fb022022a3d22e26f6752ba1073ae0660b277d94424ee36c0090aa84e329f9d67b7f8c
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0047a43717f55b39d244c8d8b29411f602b3a323b0e9f50d66913c9ed525a562b6b61183951f201f2c111b15b320e8a594270ef5b902fb62e01853765c0c95a43898823d11d315bfde6218efeeaa7d91e75b1acc0e41e9a5a31f77e98e2dd2ddc9dc76eaf0d3ae3b7db6bc07e99202cb884d2d10d52c4b4f63b4f26db6bb7229a3b0aea754d70ea166cb272dc392d42831646cc999db8f20cffcf39a72de8a94fa60ea367d752206ac06d49bce35225c6c9bcaed1a085be2bdcc35561d16715bd2cb826dd2b6a84b20ca9065e0a73f711497e65542e0b882f8862af7d901d4a283566714fedc492967bf4b90419f2b0d3c6eb70913cbedee51e21031d4ce1adbd4