cdncetdvcacicfrtr.manulife.io

Issued by GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1

About this certificate

This digital certificate with serial number 01:39:2b:9a:84:c3:1f:23:76:98:b3:ae:e0:81:d3:55 was issued on by DigiCert Inc.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=cdncetdvcacicfrtr.manulife.io

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 01:39:2b:9a:84:c3:1f:23:76:98:b3:ae:e0:81:d3:55
Serial Number (int): 1626073302559294145051455644802077525
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: 9d:d0:2e:bd:c0:e7:4a:79:0e:86:9f:50:ff:58:f3:32:77:70:77:9e
AuthorityKeyId: 12:c9:88:9b:2f:c9:44:7a:7d:12:f1:df:40:03:42:98:92:c7:24:d6

Fingerprint (sha1): 19:5c:36:fb:48:ad:c0:c1:4c:4d:0d:94:ba:ff:ea:52:78:34:08:d7
Fingerprint (sha256): 17:90:70:35:d3:a1:93:3f:24:a8:38:51:99:c2:91:e7:8f:dc:f9:0b:e1:a1:f0:34:b6:ac:e0:59:d4:a9:79:10

Issuing Certificate URL: http://cacerts.digicert.com/GeoTrustTLSDVRSAMixedSHA2562020CA-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/GeoTrustTLSDVRSAMixedSHA2562020CA-1-1.crl
CRL Distribution Point: http://crl4.digicert.com/GeoTrustTLSDVRSAMixedSHA2562020CA-1-1.crl

Check the revocation status for certificate cdncetdvcacicfrtr.manulife.io

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for cdncetdvcacicfrtr.manulife.io

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

cdncetdvcacicfrtr.manulife.io

Other certificates including the domain name manulife.io

(limited to 100 certificates)
manulife.com
manulife.com
5659569942429696-fe3.pantheonsite.io
node3.c360-prod-dr-nifi.cde.manulife.io
manulife.com
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
noc.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
www.jhinvestments.com
5662800294707200-fe2.pantheonsite.io
bs03.mms.use.sandbox.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
credhub.ops.concourse.platform.manulife.io
sbx.github.platform.manulife.io
manulife.com
chefserversandbox.platform.manulife.io
manulife.com
ldap.test.eas.identity.platform.manulife.io
www.jhinvestments.com
consul.nonprod.cac.platform.manulife.io
api.gb.apim.manulife.io
appdb23.cae.platform.manulife.io
vault.prod.cae.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
manulife.io
5659569942429696-fe3.pantheonsite.io
bs02.mms.use.sandbox.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
5662800294707200-fe2.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
5662800294707200-fe2.pantheonsite.io
vault.sandbox.cae.platform.manulife.io
node1.c360-prod-nifi.cde.manulife.io
uaa.cae.ops.concourse.platform.manulife.io
appdb31.cac.preview.platform.manulife.io
sbx.github.platform.manulife.io
www.jhinvestments.com
5659569942429696-fe3.pantheonsite.io
ldap.ca.identity.platform.manulife.io
manulife.com
manulife.com
uls.preview.manulife.com
appdb21.cae.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
vault.sandbox.usc.platform.manulife.io
appdb12.eas.platform.manulife.io
sfplatform.dev.nifi.manulife.io
manulife.com
5659569942429696-fe3.pantheonsite.io
node2.c360-uat-nifi.cde.manulife.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
manulife.com
nonprodprod.apim.manulife.io
manulife.com
5659569942429696-fe3.pantheonsite.io
manulife.com
5659569942429696-fe3.pantheonsite.io
node1.c360-qat-nifi.cde.manulife.io
dashboard.platform.manulife.io
uls.manulife.com
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
terraform.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
manulife.com
5662800294707200-fe2.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
manulife.com
manulife.com
manulife.com
stoplight.gwam.manulife.io
uls.eas.preview.manulife.io
bs01.mms.use.sandbox.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
vault.sandbox.cac.platform.manulife.io
www.jhinvestments.com
node1.c360-prod-dr-nifi.cde.manulife.io
bs32.cac.preview.platform.manulife.io
nonprod.appgw.manulife.io
5659569942429696-fe3.pantheonsite.io
vault.nonprod.sea.platform.manulife.io
manulife.com
cdncetdvcacicfrtr.manulife.io
vault.sandbox.cac.platform.manulife.io
5659569942429696-fe3.pantheonsite.io
5662800294707200-fe2.pantheonsite.io
5659569942429696-fe3.pantheonsite.io
consul.nonprod.sea.platform.manulife.io
api.gb.appgw.manulife.io
5659569942429696-fe3.pantheonsite.io

Certificate

The complete raw certificate details for cdncetdvcacicfrtr.manulife.io in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIQATkrmoTDHyN2mLOu4IHTVTANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypH
ZW9UcnVzdCBUTFMgRFYgUlNBIE1peGVkIFNIQTI1NiAyMDIwIENBLTEwHhcNMjEx
MTE3MDAwMDAwWhcNMjIwNTE2MjM1OTU5WjAoMSYwJAYDVQQDEx1jZG5jZXRkdmNh
Y2ljZnJ0ci5tYW51bGlmZS5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK3wAaX+yy1cEyHp+vFb60swf/aiBa+W5Y7oEbWtygos1AZRvWrMpoIuAPUm
wji+mme4uAMUfGimstliegaJng7kollXc4rq4EFh1dci6/l7rpZ5CH9Sn/4DQsXA
brwoWa/ZDAVT5NNptbVSkEb4Te8WiivgSGI22bumPGLHoitXsltPRDs7j72YjkN9
5DJoQNs/U5am2iEQBDmZTq1mKxV/wf38xg+VvY8tVunTwem4/SQXbJQ28ir0vPgR
/h8M/p0tQuLyCL47sdKYaRybiHVDbazRsdqOLalcbmUK09LLPMS31fbT4o5h43/A
C7i/hKJ7Ak+ewSLjEUnNFqw0e+UCAwEAAaOCAicwggIjMB8GA1UdIwQYMBaAFBLJ
iJsvyUR6fRLx30ADQpiSxyTWMB0GA1UdDgQWBBSd0C69wOdKeQ6Gn1D/WPMyd3B3
njAoBgNVHREEITAfgh1jZG5jZXRkdmNhY2ljZnJ0ci5tYW51bGlmZS5pbzAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGfBgNV
HR8EgZcwgZQwSKBGoESGQmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9HZW9UcnVz
dFRMU0RWUlNBTWl4ZWRTSEEyNTYyMDIwQ0EtMS0xLmNybDBIoEagRIZCaHR0cDov
L2NybDQuZGlnaWNlcnQuY29tL0dlb1RydXN0VExTRFZSU0FNaXhlZFNIQTI1NjIw
MjBDQS0xLTEuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQIBMCkwJwYIKwYBBQUHAgEW
G2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCBhQYIKwYBBQUHAQEEeTB3MCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTwYIKwYBBQUHMAKG
Q2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9HZW9UcnVzdFRMU0RWUlNBTWl4
ZWRTSEEyNTYyMDIwQ0EtMS5jcnQwCQYDVR0TBAIwADATBgorBgEEAdZ5AgQDAQH/
BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAU4qroYWILn6RXhMWJqXqLNWBAndPA2d1
eAKhW+PZY0XkZvDEmwm7LB0sAscjjS0X8XMOAqkLP8MNkYfhv5yYWVN4RCm2A91/
+PSlpMaC5MtvU2DfsDeaOTyZNp2U3LSCjFkNJabGCKvjsltNvWP/comKJNB3WlSz
vwj8rtjVlwZrqFSu402ic48QAV9E2YBK0IM0xgC4Vp1pdJOxhgVwvyTAuSwVACKO
iHDMCboX92ywD+r9TEz8qcwoBib+YJyEGXxbevYE8TsKKZ5dIVc80oamy1C1NPJT
KiO6DNX/n4b4Yy5d2KdmWkTJgRWUgaiuJyugPYt/Ey2/VRaP5U3qjg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfABpf7LLVwTIen68Vvr
SzB/9qIFr5bljugRta3KCizUBlG9asymgi4A9SbCOL6aZ7i4AxR8aKay2WJ6Bome
DuSiWVdziurgQWHV1yLr+XuulnkIf1Kf/gNCxcBuvChZr9kMBVPk02m1tVKQRvhN
7xaKK+BIYjbZu6Y8YseiK1eyW09EOzuPvZiOQ33kMmhA2z9TlqbaIRAEOZlOrWYr
FX/B/fzGD5W9jy1W6dPB6bj9JBdslDbyKvS8+BH+Hwz+nS1C4vIIvjux0phpHJuI
dUNtrNGx2o4tqVxuZQrT0ss8xLfV9tPijmHjf8ALuL+EonsCT57BIuMRSc0WrDR7
5QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1626073302559294145051455644802077525
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-11-17 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-05-16 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cdncetdvcacicfrtr.manulife.io'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21957578345290659675447852682906216145770963582821312780889217507649696744625074503755723901430312791538569086067119148173587034665894507838665372937992161571658232458970255701168722100715473519954489392045616167405938706035446751086317680496316797857369984728024007371161079073510209111214075315833440913852956794979657584470946246857817352166076766967814274973454279010019411815003143438275744220935097939453920335791509261698381006200955867308470873080054258321486466731702096440832772828267546240923484245801726956644097536973515455252194268070209323359134499628391885783817061008254625997075857701363628926860261
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 12c9889b2fc9447a7d12f1df4003429892c724d6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							9dd02ebdc0e74a790e869f50ff58f3327770779e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (33 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdncetdvcacicfrtr.manulife.io'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/GeoTrustTLSDVRSAMixedSHA2562020CA-1-1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/GeoTrustTLSDVRSAMixedSHA2562020CA-1-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/GeoTrustTLSDVRSAMixedSHA2562020CA-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00538aaba185882e7e915e131626a5ea2cd58102774f0367757802a15be3d96345e466f0c49b09bb2c1d2c02c7238d2d17f1730e02a90b3fc30d9187e1bf9c985953784429b603dd7ff8f4a5a4c682e4cb6f5360dfb0379a393c99369d94dcb4828c590d25a6c608abe3b25b4dbd63ff72898a24d0775a54b3bf08fcaed8d597066ba854aee34da2738f10015f44d9804ad08334c600b8569d697493b1860570bf24c0b92c1500228e8870cc09ba17f76cb00feafd4c4cfca9cc280626fe609c84197c5b7af604f13b0a299e5d21573cd286a6cb50b534f2532a23ba0cd5ff9f86f8632e5dd8a7665a44c981159481a8ae272ba03d8b7f132dbf55168fe54dea8e