housinglottery.rockefeller.edu

- The Rockefeller University -

Issued by COMODO RSA Organization Validation Secure Server CA

About this certificate

This digital certificate with serial number 9c:5b:63:e4:26:b1:63:4a:ff:b9:32:f4:f4:75:98:f9 was issued on by COMODO CA Limited.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Subscriber Certificate: extKeyUsage values other than id-kp-serverAuth, id-kp-clientAuth, and id-kp-emailProtection SHOULD NOT be present. (BRs: 7.1.2.3)

The Rockefeller University

Organization: The Rockefeller University
Organization unit: Information Technology
Organization unit: Hosted by The Rockefeller University
Organization unit: PlatinumSSL SGC
Address: 1230 York Ave.
Postal code: 10065
State / Province: New York
Locality: New York
Country: US

COMODO CA Limited

Organization: COMODO CA Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): 9c:5b:63:e4:26:b1:63:4a:ff:b9:32:f4:f4:75:98:f9
Serial Number (int): 207834092391120239395881701578456275193
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 74:aa:57:f6:d4:f4:bd:54:32:60:a4:92:c5:ac:47:b3:c3:6f:4e:77
AuthorityKeyId: 9a:f3:2b:da:cf:ad:4f:b6:2f:bb:2a:48:48:2a:12:b7:1b:42:c1:24

Fingerprint (sha1): 8d:da:8a:1f:8b:52:f0:19:40:91:2d:38:2f:1b:0d:8e:b5:ae:dc:85
Fingerprint (sha256): 18:16:7e:00:44:e4:1b:82:14:e4:47:f1:4b:04:3f:e5:c8:d5:0d:ba:bd:75:ac:db:50:74:bf:4b:58:69:07:d9

Issuing Certificate URL: http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.comodoca.com
CRL Distribution Point: http://crl.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crl

Check the revocation status for certificate housinglottery.rockefeller.edu

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for housinglottery.rockefeller.edu

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication
Microsoft Server-Gated Cryptography
Netscape Server-Gated Cryptography

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

housinglottery.rockefeller.edu
www.housinglottery.rockefeller.edu

Other certificates including the domain name rockefeller.edu

(limited to 100 certificates)
courses.rockefeller.edu
pubsubmit.rockefeller.edu
phe.rockefeller.edu
rubbdb2.rockefeller.edu
stage.rockedu.rockefeller.edu
mchc.rockefeller.edu
www.rockefeller.edu
phe.rockefeller.edu
parclip.rockefeller.edu
rushib.rockefeller.edu
formspolicies.rockefeller.edu
rocklab.rockefeller.edu
sopstudentapplication.rockefeller.edu
hgidlabredcap.rockefeller.edu
academicseminars.rockefeller.edu
ldaptest.rockefeller.edu
incubator.rockefeller.edu
formspolicies.rockefeller.edu
cctscertificate.rockefeller.edu
giveandjoin.rockefeller.edu
womenandscience.rockefeller.edu
oas.rockefeller.edu
cctscertificate.rockefeller.edu
phe.rockefeller.edu
vosshall-intra.rockefeller.edu
rumail.rockefeller.edu
appext.rockefeller.edu
bridges.rockefeller.edu
labapps.rockefeller.edu
cp.rockefeller.edu
pilotprojectsreview.rockefeller.edu
rumail.rockefeller.edu
netstat.rockefeller.edu
surfapplication.rockefeller.edu
cctscertificate.rockefeller.edu
go.rockefeller.edu
notifyru.rockefeller.edu
pubsubmit.rockefeller.edu
webmail.rockefeller.edu
reeke-pubdata.rockefeller.edu
eventreg.rockefeller.edu
elf.rockefeller.edu
virtualroom-graduate.rockefeller.edu
bh.rockefeller.edu
postdocalumni.rockefeller.edu
scholarapplication.rockefeller.edu
em.rockefeller.edu
itservices.rockefeller.edu
cchi.rockefeller.edu
virtualroom.rockefeller.edu
ruauth2.rockefeller.edu
bh.rockefeller.edu
pdf-files-test.rockefeller.edu
sopstudentapplication.rockefeller.edu
postdochousingwaitlist.rockefeller.edu
www.rockefeller.edu
xenopus.rockefeller.edu
giveandjoin.rockefeller.edu
maimonlab.rockefeller.edu
ruifar.rockefeller.edu
images.rockefeller.edu
www.rockefeller.edu
test4.rockedu.rockefeller.edu
rumail.rockefeller.edu
appintpl.rockefeller.edu
lab.rockefeller.edu
sees.rockefeller.edu
phe.rockefeller.edu
test19.rockedu.rockefeller.edu
plutus.rockefeller.edu
housinglottery.rockefeller.edu
hospitalhelpdesk.rockefeller.edu
biorhythm.rockefeller.edu
netstat.rockefeller.edu
cctscertificate.rockefeller.edu
itmd.rockefeller.edu
cctscertificate.rockefeller.edu
test22.rockedu.rockefeller.edu
zhao.labapps.rockefeller.edu
giveandjoin.rockefeller.edu
elf.rockefeller.edu
webmail.rockefeller.edu
darwin.rockefeller.edu
gradrecruitment.rockefeller.edu
mchc.rockefeller.edu
ruifar.rockefeller.edu
phe.rockefeller.edu
peggy.rockefeller.edu
sslvpntest.rockefeller.edu
rumail.rockefeller.edu
rufirst.rockefeller.edu
virtualroom.rockefeller.edu
housinglottery.rockefeller.edu
courseevaluations.rockefeller.edu
digitalcommons.rockefeller.edu
ias4web.rockefeller.edu
macromolecule.rockefeller.edu
anvesana.rockefeller.edu
sopstudentapplication.rockefeller.edu
graduateapplication.rockefeller.edu

Certificate

The complete raw certificate details for housinglottery.rockefeller.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGXTCCBUWgAwIBAgIRAJxbY+QmsWNK/7ky9PR1mPkwDQYJKoZIhvcNAQELBQAw
gZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYD
VQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBT
ZXJ2ZXIgQ0EwHhcNMTUwMTA1MDAwMDAwWhcNMTYwMTA1MjM1OTU5WjCCARQxCzAJ
BgNVBAYTAlVTMQ4wDAYDVQQREwUxMDA2NTERMA8GA1UECBMITmV3IFlvcmsxETAP
BgNVBAcTCE5ldyBZb3JrMRcwFQYDVQQJEw4xMjMwIFlvcmsgQXZlLjEjMCEGA1UE
ChMaVGhlIFJvY2tlZmVsbGVyIFVuaXZlcnNpdHkxHzAdBgNVBAsTFkluZm9ybWF0
aW9uIFRlY2hub2xvZ3kxLTArBgNVBAsTJEhvc3RlZCBieSBUaGUgUm9ja2VmZWxs
ZXIgVW5pdmVyc2l0eTEYMBYGA1UECxMPUGxhdGludW1TU0wgU0dDMScwJQYDVQQD
Ex5ob3VzaW5nbG90dGVyeS5yb2NrZWZlbGxlci5lZHUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCiCQFDoPz8a+/UJwC7NsDIKKVs/2FaOpgbc1sXaWBj
qz1BVhH/GNyNCr12nYWtO1hvIrhyovHbu5Eniyrq41QrzoVs9Ml8hl5QnCQCQDl1
OFyZkSaeimlm5PPEpuXnxeJfIhQv44wBUKmFaXKVC83o4awOMysia8W9ulGRW4EL
JC28XG9/PGCThDwF9BhUYe0TgQ7ypeatQ0Hfsmr9kbFC0DnYvOWC5Gnz64xmryE2
qfixoe+eqcyXEoaioMIVISZR3VfyNeW4PTCVzFB5FUo+eM6/etsrMzrGEV2n5hyb
7Ma/zPvKtqKkUAn76Ykp/kEdkrbKKAkKT/0gtmN0f7FpAgMBAAGjggIjMIICHzAf
BgNVHSMEGDAWgBSa8yvaz61Pti+7KkhIKhK3G0LBJDAdBgNVHQ4EFgQUdKpX9tT0
vVQyYKSSxaxHs8NvTncwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwNAYD
VR0lBC0wKwYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhC
BAEwUAYDVR0gBEkwRzA7BgwrBgEEAbIxAQIBAwQwKzApBggrBgEFBQcCARYdaHR0
cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EMAQICMFoGA1UdHwRTMFEw
T6BNoEuGSWh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQU9yZ2FuaXph
dGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYsGCCsGAQUFBwEBBH8w
fTBVBggrBgEFBQcwAoZJaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNB
T3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAkBggrBgEF
BQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tME0GA1UdEQRGMESCHmhvdXNp
bmdsb3R0ZXJ5LnJvY2tlZmVsbGVyLmVkdYIid3d3LmhvdXNpbmdsb3R0ZXJ5LnJv
Y2tlZmVsbGVyLmVkdTANBgkqhkiG9w0BAQsFAAOCAQEAVcbcTvW+2ZCXsG144Yxc
TXg/Sau4JgEYoF79Qrpe86YTYqSnQ9MsYO7L/ijZZQb5zfOvPO6oWnmfT1UK80e+
HFwF9qCCqwdBRpaZAewznskP5ctHiPwhJxS+t/yVg9YdNrSFiEd5DrOw8mfDqeEt
uY8ef9ot7rXf+7wyJB52wiUTmVwdE3yqsyT/JlpGi6FPakGcnjuG600gWnYOKKKw
ZIedcviUv/SAL/6PH62wxMHAS7Tg7271QSyybar51DURr4+8ZkKgMRBZSums8IaQ
SfStGkE2h1rGhyEXjg3IGmZVu0XY0qXA8CgS1B0Kpn5KAtf9x/7H2lEoMFdIhCw4
jw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogkBQ6D8/Gvv1CcAuzbA
yCilbP9hWjqYG3NbF2lgY6s9QVYR/xjcjQq9dp2FrTtYbyK4cqLx27uRJ4sq6uNU
K86FbPTJfIZeUJwkAkA5dThcmZEmnoppZuTzxKbl58XiXyIUL+OMAVCphWlylQvN
6OGsDjMrImvFvbpRkVuBCyQtvFxvfzxgk4Q8BfQYVGHtE4EO8qXmrUNB37Jq/ZGx
QtA52LzlguRp8+uMZq8hNqn4saHvnqnMlxKGoqDCFSEmUd1X8jXluD0wlcxQeRVK
PnjOv3rbKzM6xhFdp+Ycm+zGv8z7yraipFAJ++mJKf5BHZK2yigJCk/9ILZjdH+x
aQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 207834092391120239395881701578456275193
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'COMODO CA Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'COMODO RSA Organization Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-01-05 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-01-05 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '10065'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '1230 York Ave.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'The Rockefeller University'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Information Technology'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Hosted by The Rockefeller University'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'PlatinumSSL SGC'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'housinglottery.rockefeller.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20455045905020001064939259934625230752593719311411106394898950954236041092949979182829795455758458119145504031274149044202122466963845785056849744038903164569648237948358254892094753220149258801499706807570167402263655386823717465527426845297861323690823017273916701659714053479210808519094352885238777743575449450284882055719642772719002975124065994369457697121966941422123028132147306855099409313391783721002454957608623642238021143724821461557240655472538004879572614369312917490520033909273900999606126433144247613844348718918134755428195295625296219403645593682962202582873563590066728195393173670519448105103721
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9af32bdacfad4fb62fbb2a48482a12b71b42c124
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							74aa57f6d4f4bd543260a492c5ac47b3c36f4e77
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (45 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.10.3.3 (serverGatedCrypto)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.113730.4.1 (serverGatedCrypto)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://secure.comodo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (127 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.comodoca.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'housinglottery.rockefeller.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.housinglottery.rockefeller.edu'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0055c6dc4ef5bed99097b06d78e18c5c4d783f49abb8260118a05efd42ba5ef3a61362a4a743d32c60eecbfe28d96506f9cdf3af3ceea85a799f4f550af347be1c5c05f6a082ab074146969901ec339ec90fe5cb4788fc212714beb7fc9583d61d36b4858847790eb3b0f267c3a9e12db98f1e7fda2deeb5dffbbc32241e76c22513995c1d137caab324ff265a468ba14f6a419c9e3b86eb4d205a760e28a2b064879d72f894bff4802ffe8f1fadb0c4c1c04bb4e0ef6ef5412cb26daaf9d43511af8fbc6642a03110594ae9acf0869049f4ad1a4136875ac68721178e0dc81a6655bb45d8d2a5c0f02812d41d0aa67e4a02d7fdc7fec7da5128305748842c388f