*.s3.hidrive.strato.com

- Strato AG -

Issued by Thawte RSA CA 2018

About this certificate

This digital certificate with serial number 0c:e2:74:60:1f:28:fc:31:71:a9:ee:d3:e8:31:99:8e was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Strato AG

Organization: Strato AG
Organization unit: Rechenzentrum
State / Province: Berlin
Locality: Berlin
Country: DE

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0c:e2:74:60:1f:28:fc:31:71:a9:ee:d3:e8:31:99:8e
Serial Number (int): 17126555414509069767719928806205659534
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: bf:d4:7b:cc:43:a3:ae:5d:5d:70:5d:b2:3b:ee:e8:db:7d:5d:3c:78
AuthorityKeyId: a3:c8:5e:65:54:e5:30:78:c1:05:ea:07:0a:6a:59:cc:b9:fe:de:5a

Fingerprint (sha1): 5f:95:b4:d4:a0:d2:ce:c8:1d:a5:f6:3c:6c:b5:6f:c1:5d:8a:7f:e3
Fingerprint (sha256): 18:63:42:34:c8:4d:a6:0a:72:6d:5a:32:70:a8:f7:f8:f4:4e:e5:3d:37:1b:72:44:67:84:37:9e:86:9e:4f:78

Issuing Certificate URL: http://cacerts.thawte.com/ThawteRSACA2018.crt

Revocation information

OCSP Server: http://status.thawte.com
CRL Distribution Point: http://cdp.thawte.com/ThawteRSACA2018.crl

Check the revocation status for certificate *.s3.hidrive.strato.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.s3.hidrive.strato.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.s3.hidrive.strato.com
s3.hidrive.strato.com

Other certificates including the domain name strato.com

(limited to 100 certificates)
webmail.strato.de
*.s3.hidrive.strato.com
ftp.hidrive.strato.com
api.hidrive.strato.com
*.strato.com
*.webdav.hidrive.strato.com
ftp.hidrive.strato.com
www.hidrive.strato.com
hidrive.strato.com
*.webdav.qsdrive.strato.com
hidrive.strato.com
mx.hidrive.strato.com
smtp.strato.com
backup.strato.com
webdav.qsdrive.strato.com
registrar.strato.com
webdav.hidrive.strato.com
pop3.strato.de
imap.test.strato.de
news.strato.com
*.s3.hidrive.strato.com
www.hidrive.strato.com
*.strato.com
news.strato.com
diag.hidrive.strato.com
*.shop.strato.com
developer.qsdrive.strato.com
api.hidrive.strato.com
www.hidrive.strato.com
webdav.qsdrive.strato.com
imap.test.strato.de
news.strato.com
api.hidrive.strato.com
backup.strato.com
smtp.strato.com
webdav.hidrive.strato.com
hidrive.strato.com
www.hidrive.strato.com
webdav.hidrive.strato.com
smtp.strato.com
*.strato.com
webdav.hidrive.strato.com
imap.test.strato.de
*.webdav.hidrive.strato.com
backup.strato.com
diag.hidrive.strato.com
webdav.drive.strato.com
webdav.hidrive.strato.com
www.qsdrive.strato.com
backup.strato.com
pop3.strato.de
webdav.hidrive.strato.com
api.hidrive.strato.com
imap.test.strato.de
hidrive.strato.com
news.strato.com
*.strato.com
smtp.test.rzone.de
news.strato.com
imap.strato.de
imap.strato.de
api.hidrive.strato.com
pop3.strato.de
webmail.strato.de
hidrive.strato.com
hidrive.strato.com
provisioning.hidrive.strato.com
*.strato.com
webmail.strato.de
imap.strato.de
*.strato.com
api.hidrive.strato.com
imap.strato.de
imap.test.strato.de
mx.hidrive.strato.com
news.strato.com
com4.strato.de
pop3.strato.de
smtp.strato.com
pop3.strato.de
*.s3.hidrive.strato.com
webmail.strato.de
hidrive.strato.com
*.ep7test.strato.com
*.ep7test.strato.com
webmail.strato.de
www.hidrive.strato.com
webdav.hidrive.strato.com
imap.strato.de
www.hidrive.strato.com
*.webdav.hidrive.strato.com
smtp.strato.com
api.hidrive.strato.com
pop3.strato.de
hidrive.strato.com
api.hidrive.strato.com
pop3.strato.de
news.strato.com
sfm.hidrive.strato.com
api.hidrive.strato.com

Certificate

The complete raw certificate details for *.s3.hidrive.strato.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIQDOJ0YB8o/DFxqe7T6DGZjjANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcN
MTkwMTE1MDAwMDAwWhcNMjAwMTMxMTIwMDAwWjB9MQswCQYDVQQGEwJERTEPMA0G
A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xEjAQBgNVBAoTCVN0cmF0byBB
RzEWMBQGA1UECxMNUmVjaGVuemVudHJ1bTEgMB4GA1UEAwwXKi5zMy5oaWRyaXZl
LnN0cmF0by5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqJDfO
0AUzIFkSJosHvdrt+J93R/F/m0ooq0CSmRCGMNaeIVHOHbeT+HliDNED5mWwGY/B
BbgA971YgC0ukUx1GoGcF8sdImS1cPQEyRptjCi6m+ZsNe70Qwe75iuK+9+rVScm
BlrtGpvY+QJnQ0CAMbeMpdXwutB/niCemd0frCuCWttUjNBONGoMxyhBq55slSm8
ZeBqBcU5JuOHp9WLUEsAO3dyQBT30cGWskL+FAA2ewOeggzAmI/wNIOEdYvb90MV
IU8LufQgtcIRQH0J0u37A4M5DZss3stgb3BLF0Q7+HnU7RLvgJV2EnEM6p5MuAPG
FBI3v2KWJmlywawBAgMBAAGjggHJMIIBxTAfBgNVHSMEGDAWgBSjyF5lVOUweMEF
6gcKalnMuf7eWjAdBgNVHQ4EFgQUv9R7zEOjrl1dcF2yO+7o231dPHgwOQYDVR0R
BDIwMIIXKi5zMy5oaWRyaXZlLnN0cmF0by5jb22CFXMzLmhpZHJpdmUuc3RyYXRv
LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3
dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYB
BQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMG8G
CCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUu
Y29tMDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0
ZVJTQUNBMjAxOC5jcnQwCQYDVR0TBAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADAN
BgkqhkiG9w0BAQsFAAOCAQEAt4Z43+Q3fm0ZIZybjdSKr+zxMuLQpM7PhAsUedL2
yxlS28zlAw6ZLNmk8rsbnVkD/8vklt5E1Ri0FaXKbzyMJQAxiIIFK2v2sgSrQJBr
euFQwFsJZ35TPU0L0AN/nl5IyUuXy91aRMzmNxWxhKaDqFWfAyRjHgYfH/WiVKq+
R09GFwRzrmCVZzawwZqfJaow2sbMwCwunZRj+wg79AbJpM4fOqFPKCHO2cksC+pI
U7WxyiuVWR2lyCtb7HIUlnlISv/N5+7q+hm6IiBieE+wuFz3W1mfsNBTub71xRwq
bduPAnysun9riGWYzDPg8eAGOLwKZy/dTH3jJYxvFE08aQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6iQ3ztAFMyBZEiaLB73a
7fifd0fxf5tKKKtAkpkQhjDWniFRzh23k/h5YgzRA+ZlsBmPwQW4APe9WIAtLpFM
dRqBnBfLHSJktXD0BMkabYwoupvmbDXu9EMHu+Yrivvfq1UnJgZa7Rqb2PkCZ0NA
gDG3jKXV8LrQf54gnpndH6wrglrbVIzQTjRqDMcoQauebJUpvGXgagXFOSbjh6fV
i1BLADt3ckAU99HBlrJC/hQANnsDnoIMwJiP8DSDhHWL2/dDFSFPC7n0ILXCEUB9
CdLt+wODOQ2bLN7LYG9wSxdEO/h51O0S74CVdhJxDOqeTLgDxhQSN79iliZpcsGs
AQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 17126555414509069767719928806205659534
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-01-15 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-01-31 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Berlin'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Berlin'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Strato AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Rechenzentrum'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.s3.hidrive.strato.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29557623123233623437774659806646956672132093108857090637839914340938308966881795019207208772854851998883611811382027800517031461383066728339889490244966278644948904000521422192804613201441942083462793887817156472477630623759151990190529952492980748199158009482560911963159412747621222523435871385970732084859767753835859659845509734334531325483530229610772364695674356570174423563973407232494295105934269893204269925253245354943843210137944623015460552070105588399005257324926945219353488531831891611988804619016303636435289809877578430330452751821544600233677336813266927664724191900475029337698200698270258370292737
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a3c85e6554e53078c105ea070a6a59ccb9fede5a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							bfd47bcc43a3ae5d5d705db23beee8db7d5d3c78
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.s3.hidrive.strato.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 's3.hidrive.strato.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (51 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b78678dfe4377e6d19219c9b8dd48aafecf132e2d0a4cecf840b1479d2f6cb1952dbcce5030e992cd9a4f2bb1b9d5903ffcbe496de44d518b415a5ca6f3c8c2500318882052b6bf6b204ab40906b7ae150c05b09677e533d4d0bd0037f9e5e48c94b97cbdd5a44cce63715b184a683a8559f0324631e061f1ff5a254aabe474f46170473ae60956736b0c19a9f25aa30dac6ccc02c2e9d9463fb083bf406c9a4ce1f3aa14f2821ced9c92c0bea4853b5b1ca2b95591da5c82b5bec72149679484affcde7eeeafa19ba222062784fb0b85cf75b599fb0d053b9bef5c51c2a6ddb8f027cacba7f6b886598cc33e0f1e00638bc0a672fdd4c7de3258c6f144d3c69