*.kpmg.com.br

- KPMG AUDITORES INDEPENDENTES -

Issued by GeoTrust RSA CA 2018

About this certificate

This digital certificate with serial number 08:2c:8f:df:24:63:73:7d:f6:44:80:a3:73:9e:c8:8f was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

KPMG AUDITORES INDEPENDENTES

Organization: KPMG AUDITORES INDEPENDENTES
Organization unit: IT
State / Province: SAO PAULO
Locality: SAO PAULO
Country: BR

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 08:2c:8f:df:24:63:73:7d:f6:44:80:a3:73:9e:c8:8f
Serial Number (int): 10865203091770111674147965994499229839
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 8f:4a:a1:76:f6:e6:5f:5a:1f:b5:aa:68:1a:e2:35:85:45:14:ab:62
AuthorityKeyId: 90:58:ff:b0:9c:75:a8:51:54:77:b1:ed:f2:a3:43:16:38:9e:6c:c5

Fingerprint (sha1): ba:89:93:36:0c:97:e1:c6:03:20:40:15:52:41:5c:58:2b:fe:08:b2
Fingerprint (sha256): 17:54:ff:2b:a4:53:35:93:5f:32:31:76:36:42:e3:9e:b8:26:96:41:c3:19:a0:32:60:35:1c:4e:18:1a:22:3d

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustRSACA2018.crl

Check the revocation status for certificate *.kpmg.com.br

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.kpmg.com.br

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.kpmg.com.br
kpmg.com.br

Other certificates including the domain name kpmg.com.br

(limited to 100 certificates)
*.leap.kpmg.com.br
akamaisecure8.qualtrics.com
csg.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
clix.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
kpmg.kpmg.com.br
sipfed.kpmg.com
ktax2.kpmg.com.br
kbs.kpmg.com.br
clientexperience.kpmg.com.br
kbs.kpmg.com.br
*.kpmg.com.br
clix.kpmg.com.br
tprm.kpmg.com.br
clientexperience.kpmg.com.br
clixtest.kpmg.com.br
clientexperience.kpmg.com.br
content.leap.kpmg.com.br
clientexperience.kpmg.com.br
content.leap.kpmg.com.br
sipfed.kpmg.com
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
*.plataformacentral.kpmg.com.br
*.gmsdigital.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
ktaxportal.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
executivesearch.kpmg.com.br
*.chrono.kpmg.com.br
sepbr.kpmg.com.br
tprm.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
tprm.kpmg.com.br
kpmg.com.br
intranet.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
*.tprm.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
sipfed.kpmg.com
clientexperience.kpmg.com.br
kpmg.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
*.prd.chrono.kpmg.com.br
*.ati.kpmg.com.br
kbs.kpmg.com.br
clientexperience.kpmg.com.br
kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
content.leap.kpmg.com.br
*.icmsst.kpmg.com.br
webservice.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
www.kpmg.com.br
kpmg.com.br
akamaisecure8.qualtrics.com
kpmg.com.br
oma.kpmg.com.br
beyond.kpmg.com.br
kpmg.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
kpmg.kpmg.com.br
akamaisecure8.qualtrics.com
*.taxdigital.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
sipfed-ema2.kpmg.com
clientexperience.kpmg.com.br
clixtest.kpmg.com.br
clientexperience.kpmg.com.br
ktax.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br

Certificate

The complete raw certificate details for *.kpmg.com.br in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGljCCBX6gAwIBAgIQCCyP3yRjc332RICjc57IjzANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe
Fw0xODA2MDUwMDAwMDBaFw0xOTExMjMxMjAwMDBaMIGBMQswCQYDVQQGEwJCUjES
MBAGA1UECBMJU0FPIFBBVUxPMRIwEAYDVQQHEwlTQU8gUEFVTE8xJTAjBgNVBAoT
HEtQTUcgQVVESVRPUkVTIElOREVQRU5ERU5URVMxCzAJBgNVBAsTAklUMRYwFAYD
VQQDDA0qLmtwbWcuY29tLmJyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAprAEjiw+dw5PD4cqOSUymU+xwYac1fPTa/OQ+F1SLvb6738L1a4L834F7OFV
A9PEDbwoVUpvcQFx/KGLKkamQDoEXVFJAITWq7/n+NIgLwdTxdEgDruywfbNUHSc
0y8woazOLVrfTGTa8QTJrgvzY1P94s/iLVA9MEB374g80s9+QGtQc9rCG2BI2qPR
m9Emn8xJudeh6hWl953NkiiD1yGgHgurEimOVGKgTXgU1QD/kVCSZ3Or88Qnb6qo
YRG+r66gQdvD7j88A6PLHvxVVryXyed0nV/4qKrTsYHPrqahGvkJItg6YnQrS/Tt
5/z0t1nD5ubc90xkIIUlW5EOFQIDAQABo4IDKjCCAyYwHwYDVR0jBBgwFoAUkFj/
sJx1qFFUd7Ht8qNDFjiebMUwHQYDVR0OBBYEFI9KoXb25l9aH7WqaBriNYVFFKti
MCUGA1UdEQQeMByCDSoua3BtZy5jb20uYnKCC2twbWcuY29tLmJyMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPgYDVR0fBDcw
NTAzoDGgL4YtaHR0cDovL2NkcC5nZW90cnVzdC5jb20vR2VvVHJ1c3RSU0FDQTIw
MTguY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0
dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHUGCCsGAQUFBwEB
BGkwZzAmBggrBgEFBQcwAYYaaHR0cDovL3N0YXR1cy5nZW90cnVzdC5jb20wPQYI
KwYBBQUHMAKGMWh0dHA6Ly9jYWNlcnRzLmdlb3RydXN0LmNvbS9HZW9UcnVzdFJT
QUNBMjAxOC5jcnQwCQYDVR0TBAIwADCCAXwGCisGAQQB1nkCBAIEggFsBIIBaAFm
AHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFj0BcZZAAABAMA
RzBFAiEA1+eAGkCwMQLcK68xJfvcUuWW8KGZ7o1rF+qmqekx8kkCIA1HzU3dzvwU
5XZ47Ig52jtR889p7a7rX92xc/csFRALAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/
SrVgwbTq/16ggw8AAAFj0BcaAwAABAMARjBEAiASYtILCduBZtHJkUv23kIkif4r
DH9UJhF76MuTjKG1IQIgJf9ZwAvVtUmvA1bAmW4N07FuHR9I24E1qzRukQ0OJ5QA
dQC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWPQFxqCAAAEAwBG
MEQCIFbW21QbZPWHH3GgmAFOlJyE2zS5/YnazJtdP3UCJRcVAiAFYW/BLmspyKB+
JiQrAcjv4hT8WKC+2YyuQpJjaEDsDjANBgkqhkiG9w0BAQsFAAOCAQEApDpccVg7
M9btDd+jTKq++8gd/u2pi68CxMZ0EVi9EFUsIlyyi09mejQfqM7HAQ5bARDcdPWI
jwBmrli0RIivh+QgVZkpvWbW1ZwbRGgY64G+5S4vTM2P/PkfP9etvphvMm/dSt85
KpftLFXdsWdVz4KedQCr3kUCKZsmzUbjg0F/LIrZdoYGd8velQHXPw8esW8nEAa9
E9+BpJhH/BBuJl9hIjKKrRKNmIj0a0HS3oEdu4PURRZXtV2l11na+yzM9/ZRj2Wa
TqQ9G26RCS4d/hDnBPRJ4GcaxjiDFTLyZRsEkNSaXNvkhpB4xqnY/GwWToO704wJ
FPbom/WUWWj8Fw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprAEjiw+dw5PD4cqOSUy
mU+xwYac1fPTa/OQ+F1SLvb6738L1a4L834F7OFVA9PEDbwoVUpvcQFx/KGLKkam
QDoEXVFJAITWq7/n+NIgLwdTxdEgDruywfbNUHSc0y8woazOLVrfTGTa8QTJrgvz
Y1P94s/iLVA9MEB374g80s9+QGtQc9rCG2BI2qPRm9Emn8xJudeh6hWl953NkiiD
1yGgHgurEimOVGKgTXgU1QD/kVCSZ3Or88Qnb6qoYRG+r66gQdvD7j88A6PLHvxV
VryXyed0nV/4qKrTsYHPrqahGvkJItg6YnQrS/Tt5/z0t1nD5ubc90xkIIUlW5EO
FQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 10865203091770111674147965994499229839
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-06-05 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-11-23 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SAO PAULO'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SAO PAULO'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'KPMG AUDITORES INDEPENDENTES'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.kpmg.com.br'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21042356233768275244587298216289659550956630722086433045019900893995279264203316198916278952142388366562276349875336739709213024748634973934746276488497912824486240908514410830777231676648489840384215883091722453660157981037176821003401550323368530559117769482720030274054732037922929826428415161087368931084411844230645290640223669605710804782390732322620838913565061044425024003902432470993467184597760099019974767580840856549335515960831545284759250224089467730462752239441160929617443351108628579599698113914656640663561488243575333316117742333419320002554234202028516710044167262815333991870614097555567303265813
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9058ffb09c75a8515477b1edf2a34316389e6cc5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8f4aa176f6e65f5a1fb5aa681ae235854514ab62
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.kpmg.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kpmg.com.br'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes)
							0166007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000163d01719640000040300473045022100d7e7801a40b03102dc2baf3125fbdc52e596f0a199ee8d6b17eaa6a9e931f24902200d47cd4dddcefc14e57678ec8839da3b51f3cf69edaeeb5fddb173f72c15100b0075008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f00000163d0171a03000004030046304402201262d20b09db8166d1c9914bf6de422489fe2b0c7f5426117be8cb938ca1b521022025ff59c00bd5b549af0356c0996e0dd3b16e1d1f48db8135ab346e910d0e2794007500bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000163d0171a820000040300463044022056d6db541b64f5871f71a098014e949c84db34b9fd89dacc9b5d3f7502251715022005616fc12e6b29c8a07e26242b01c8efe214fc58a0bed98cae4292636840ec0e
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00a43a5c71583b33d6ed0ddfa34caabefbc81dfeeda98baf02c4c6741158bd10552c225cb28b4f667a341fa8cec7010e5b0110dc74f5888f0066ae58b44488af87e420559929bd66d6d59c1b446818eb81bee52e2f4ccd8ffcf91f3fd7adbe986f326fdd4adf392a97ed2c55ddb16755cf829e7500abde4502299b26cd46e383417f2c8ad976860677cbde9501d73f0f1eb16f271006bd13df81a49847fc106e265f6122328aad128d9888f46b41d2de811dbb83d4451657b55da5d759dafb2cccf7f6518f659a4ea43d1b6e91092e1dfe10e704f449e0671ac638831532f2651b0490d49a5cdbe4869078c6a9d8fc6c164e83bbd38c0914f6e89bf5945968fc17