digital-collection.bfi.org.uk

- British Film Institute -

Issued by GlobalSign Organization Validation CA - SHA256 - G2

About this certificate

This digital certificate with serial number 05:88:22:c6:fa:57:f6:be:74:2b:a2:07 was issued on by GlobalSign nv-sa.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

British Film Institute

Organization: British Film Institute
State / Province: London
Locality: London
Country: GB

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 05:88:22:c6:fa:57:f6:be:74:2b:a2:07
Serial Number (int): 1712003191529217204121477639
Serial Number lenght: 91 bits, 12 octets

SubjectKeyId: 0f:0c:42:3d:84:2b:f0:8c:b2:1a:10:e3:47:81:a4:97:6b:fd:45:56
AuthorityKeyId: 96:de:61:f1:bd:1c:16:29:53:1c:c0:cc:7d:3b:83:00:40:e6:1a:7c

Fingerprint (sha1): 25:ae:ac:cb:bd:5a:ad:ff:b4:4f:99:a5:b6:5b:6c:95:51:b9:42:39
Fingerprint (sha256): 17:7e:82:1f:15:c0:6d:5c:9a:be:5a:74:3f:26:e2:5c:ef:27:cd:7c:6c:11:7e:77:00:ca:f8:d5:04:cb:b7:28

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt

Revocation information

OCSP Server: http://ocsp2.globalsign.com/gsorganizationvalsha2g2
CRL Distribution Point: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

Check the revocation status for certificate digital-collection.bfi.org.uk

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for digital-collection.bfi.org.uk

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

digital-collection.bfi.org.uk

Other certificates including the domain name bfi.org.uk

(limited to 100 certificates)
search-es.player.bfi.org.uk
testappstore.bfi.org.uk
mdm.bfi.org.uk
www2.bfi.org.uk
subscriber.pagesuite.com
bfimail.bfi.org.uk
bfijobsandopportunities.bfi.org.uk
stories.bfi.org.uk
www.pagesuite.co.uk
www.pagesuite.co.uk
courtamew.dev
owa.bfi.org.uk
adnoncentaur3.abasoft.co.uk
filmstore.bfi.org.uk
jasperdekorte.nl
www.bfi.org.uk
el3alamia.website
staging.core-cms.bfi.digital
core-cms.bfi.org.uk
adnoncentaur3.abasoft.co.uk
appstore.bfi.org.uk
tickets.bfi.org.uk
contribute.bfi.org.uk
drbfiportal.bfi.org.uk
*.player.bfi.org.uk
testappstore.bfi.org.uk
adnoncentaur3.abasoft.co.uk
stills.bfi.org.uk
www.bfi.org.uk
appstore.bfi.org.uk
www.reactnative.ga
digital-collection.bfi.org.uk
bfimail.bfi.org.uk
www.anomalymusic.dev
filmography.bfi.org.uk
testappstore.bfi.org.uk
filmstore.bfi.org.uk
core-cms.bfi.org.uk
admin.gruve.link
digital-collection.bfi.org.uk
fan.bfi.org.uk
festivalaccreditation.bfi.org.uk
contribute.bfi.org.uk
pasteleriadonrafael.cl
www.stelliteautomation.com
planfile.com
BK-BFICTXADM1.bfi.org.uk
shop.bfi.org.uk
palrivercg.com
adnoncentaur3.abasoft.co.uk
subscriber.pagesuite.com
www.pagesuite.co.uk
www.shop.bfi.org.uk
filmography.bfi.org.uk
blueprint.currents.fm
ss-xfiles1.bfi.org.uk
www.shop.bfi.org.uk
player-skylark.bfi.org.uk
player.bfi.org.uk
www.pagesuite.co.uk
contribute.bfi.org.uk
bfimail.bfi.org.uk
appstore.bfi.org.uk
whatson.bfi.org.uk
shop.bfi.org.uk
filmography.bfi.org.uk
network.bfi.org.uk
owamob.bfi.org.uk
xmgateway.bfi.org.uk
www.pagesuite.co.uk
fftd.bfi.org.uk
adnoncentaur3.abasoft.co.uk
tempbfiportal.bfi.org.uk
bfidigitaldesktop.bfi.org.uk
sightandsounddigitaledition.bfi.org.uk
contribute.bfi.org.uk
admin.dheoab.dev
whatson.bfi.org.uk
www.bfi.org.uk
lf-cast.pearsports.com
adnoncentaur3.abasoft.co.uk
bfiftp.bfi.org.uk
adfe7.abasoft.co.uk
*.player.bfi.org.uk
collections-search.bfi.org.uk
adnoncentaur3.abasoft.co.uk
owa.bfi.org.uk
search-es.player.bfi.org.uk
www.pagesuite.co.uk
subscriber.pagesuite.com
explore.bfi.org.uk
adnoncentaur3.abasoft.co.uk
BFICTXNS02.bfi.org.uk
contribute.bfi.org.uk
stories.bfi.org.uk
app.dev.mazumago.com
whatson.bfi.org.uk
www.tnguyen.dev
contribute.bfi.org.uk
contribute.bfi.org.uk

Certificate

The complete raw certificate details for digital-collection.bfi.org.uk in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgIMBYgixvpX9r50K6IHMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMzIwMTM1MTEwWhcNMjAwMzIwMTM1MTEwWjB4MQswCQYDVQQGEwJH
QjEPMA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xHzAdBgNVBAoTFkJy
aXRpc2ggRmlsbSBJbnN0aXR1dGUxJjAkBgNVBAMTHWRpZ2l0YWwtY29sbGVjdGlv
bi5iZmkub3JnLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkg3
Trub42sw1k5ppvid98l87SgQlysOhm7AAdP/yHPOHMVidXTpNWKVZ6JZOrYqqf4H
N06y+T6NMsybz7chbzFgiq/fbQ4XGPPpFQtlQxx+jJFetNoONEI4e4K1GAO4Af9r
BfY5m5/o00HF7FKvN7sp2C3mw7IOXJz3WLpBclUgZwBt5pJ0TgUTD2W1WUfFb8FL
wT9H3L2+uTWaGP2Z2rImcFU/pYQi1G57/p2eRu5ph3omdTlAF94R7EIx5391j3ce
EmVn7rJz2Otnd6Y2Fbc4TpBaCjJmVP5T6rZobu9NK/VmRH6XIl7rmFsoEI2oraQB
ye0Ej7HpL0pYGYeatQIDAQABo4IB7jCCAeowDgYDVR0PAQH/BAQDAgWgMIGgBggr
BgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxz
aWduLmNvbS9jYWNlcnQvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQwPwYI
KwYBBQUHMAGGM2h0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc29yZ2FuaXph
dGlvbnZhbHNoYTJnMjBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUF
BwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZn
gQwBAgIwCQYDVR0TBAIwADBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmds
b2JhbHNpZ24uY29tL2dzL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyLmNybDAoBgNV
HREEITAfgh1kaWdpdGFsLWNvbGxlY3Rpb24uYmZpLm9yZy51azAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFA8MQj2EK/CMshoQ40eBpJdr
/UVWMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07gwBA5hp8MA0GCSqGSIb3DQEB
CwUAA4IBAQBVTIId3Msn+VvgE5xAX1KUkTK7mo1v4SGzMFBemHa6aOo6XcJWzNw/
qsQ4pZMwmgqBzbHmEt2pKPfPQU5MhUNbbMg29Cil+6XZ3WBQ5txLbTgFdj4IQ8xl
GEMD4H+CIBDbTI/kX4XTXAGC5k71JN5HKndeRCQ/2fHEfJOwXB/2+ez0WyYvJp96
zIiwtqSJhxAA90CvhQTWEsXhnOjF9/t1ra9mqUhXWN631bTvSoXj15py0pXIA3hc
g7bl2QG2XYRh19Mkqxnimqq3ahUjTQP59XUrJoEYsGcyPctegExcdif/NzLmyaMf
CTIiRBwoEdLfMKEoftbM8xhTgKA/Qlz4
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkg3Trub42sw1k5ppvid
98l87SgQlysOhm7AAdP/yHPOHMVidXTpNWKVZ6JZOrYqqf4HN06y+T6NMsybz7ch
bzFgiq/fbQ4XGPPpFQtlQxx+jJFetNoONEI4e4K1GAO4Af9rBfY5m5/o00HF7FKv
N7sp2C3mw7IOXJz3WLpBclUgZwBt5pJ0TgUTD2W1WUfFb8FLwT9H3L2+uTWaGP2Z
2rImcFU/pYQi1G57/p2eRu5ph3omdTlAF94R7EIx5391j3ceEmVn7rJz2Otnd6Y2
Fbc4TpBaCjJmVP5T6rZobu9NK/VmRH6XIl7rmFsoEI2oraQBye0Ej7HpL0pYGYea
tQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1712003191529217204121477639
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign Organization Validation CA - SHA256 - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-03-20 13:51:10 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-20 13:51:10 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'London'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'London'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'British Film Institute'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'digital-collection.bfi.org.uk'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 18466403584134549093345817512598136466439039965911128484084932004952339094799456793462618022541350967744065410679400968169434820044961097063270833544896521080564220462604981758766759112429317147068400001184042025244497440732788649876236971635048189819859742520662489620327791791420703421708789220138865399496634907627222155404518176528873842862726403639332249427334401143799032014387590925276309136531716942388974298986349109391464402366706853963126007736327435136613674258342352568118278160511530865674015006071082848562482154721479310528524578981816450889204635083566461782425485411879930066632220747871044120320693
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (147 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsorganizationvalsha2g2'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (33 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'digital-collection.bfi.org.uk'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							0f0c423d842bf08cb21a10e34781a4976bfd4556
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 96de61f1bd1c1629531cc0cc7d3b830040e61a7c
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00554c821ddccb27f95be0139c405f52949132bb9a8d6fe121b330505e9876ba68ea3a5dc256ccdc3faac438a593309a0a81cdb1e612dda928f7cf414e4c85435b6cc836f428a5fba5d9dd6050e6dc4b6d3805763e0843cc65184303e07f822010db4c8fe45f85d35c0182e64ef524de472a775e44243fd9f1c47c93b05c1ff6f9ecf45b262f269f7acc88b0b6a489871000f740af8504d612c5e19ce8c5f7fb75adaf66a9485758deb7d5b4ef4a85e3d79a72d295c803785c83b6e5d901b65d8461d7d324ab19e29aaab76a15234d03f9f5752b268118b067323dcb5e804c5c7627ff3732e6c9a31f093222441c2811d2df30a1287ed6ccf3185380a03f425cf8