mail.royalcollege.ca

- Royal College of Physicians and Surgeons of Canada -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number c0:f3:81:87:00:00:00:00:50:d6:16:af was issued on by Entrust, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

Royal College of Physicians and Surgeons of Canada

Organization: Royal College of Physicians and Surgeons of Canada
State / Province: Ontario
Locality: Ottawa
Country: CA

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): c0:f3:81:87:00:00:00:00:50:d6:16:af
Serial Number (int): 59715502535451348220989806255
Serial Number lenght: 96 bits, 12 octets

SubjectKeyId: 18:d7:c8:72:48:8e:42:c6:a0:37:25:4e:2b:8e:ba:a6:07:1b:ec:c5
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 99:5d:d0:2c:b4:bd:42:f3:4a:89:8a:4b:62:d3:0a:2e:e9:86:71:4c
Fingerprint (sha256): 18:6d:f7:74:30:00:c4:d2:33:99:44:43:c6:4a:b4:a0:65:97:30:ba:42:f8:0d:1a:99:06:79:db:3f:32:f3:09

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate mail.royalcollege.ca

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for mail.royalcollege.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

mail.royalcollege.ca

Other certificates including the domain name royalcollege.ca

(limited to 100 certificates)
international-royalcollege-ca.adh.pbp.mybluehost.me
newsroom.royalcollege.ca
annualreview.royalcollege.ca
iceblog.royalcollege.ca
tls.automattic.com
pdhandbook.royalcollege.ca
icre.royalcollege.ca
newsroom.royalcollege.ca
annualreview.royalcollege.ca
royalcitytrack.ca
novacycling.com
pdhandbook.royalcollege.ca
strategicplan.royalcollege.ca
booking.royalcollege.ca
iceblog.royalcollege.ca
tls.automattic.com
tls.automattic.com
gartner.royalcollege.ca
tls.automattic.com
newsroom.royalcollege.ca
translation.royalcollege.ca
mail.royalcollege.ca
strategicplan.royalcollege.ca
forms.royalcollege.ca
tls.automattic.com
newsroom.royalcollege.ca
iceblog.royalcollege.ca
tls.automattic.com
tls.automattic.com
tls.automattic.com
pdhandbook.royalcollege.ca
tls.automattic.com
tls.automattic.com
cpd.royalcollege.ca
annualreview.royalcollege.ca
icre2021.royalcollege.ca
tls.automattic.com
strategicplan.royalcollege.ca
www.instid.app
tls.automattic.com
tls.automattic.com
tls.automattic.com
mail.royalcollege.ca
booking.royalcollege.ca
tls.automattic.com
mail.royalcollege.ca
tls.automattic.com
foundation.royalcollege.ca
icre.royalcollege.ca
tls.automattic.com
*.royalcollege.ca
strategicplan.royalcollege.ca
tls.automattic.com
tls.automattic.com
www.underskoterskejobb.se
icre2021.royalcollege.ca
tls.automattic.com
strategicplan.royalcollege.ca
annualreview.royalcollege.ca
quebec.royalcollege.ca
translation.royalcollege.ca
tls.automattic.com
annualreview.royalcollege.ca
strategicplan.royalcollege.ca
gasboard.teyral.at
pdhandbook.royalcollege.ca
*.royalcollege.ca
canmedsdb-test.royalcollege.ca
icre.royalcollege.ca
annualreview.royalcollege.ca
yeledoctor.dermadetect.com
booking.royalcollege.ca
auth.stg-ats.persol.one
tls.automattic.com
mail2.royalcollege.ca
spotify.vbi.dev
tls.automattic.com
iceblog.royalcollege.ca
chauyan.dev
tls.automattic.com
newsroom.adh.pbp.mybluehost.me
pdhandbook.royalcollege.ca
*.royalcollege.ca
translation.royalcollege.ca
forms.royalcollege.ca
tls.automattic.com
annualreview.royalcollege.ca
iceblog.royalcollege.ca
faces-dev.royalcollege.ca
strategicplan.royalcollege.ca
pdhandbook.collegeroyal.ca
icre.royalcollege.ca
www.elproveedor.com.co
icre.royalcollege.ca
tls.automattic.com
go.b2b.innov.ridegoshare.com
tls.automattic.com
pdhandbook.collegeroyal.ca
so-design-studio.com
icre2021.royalcollege.ca

Certificate

The complete raw certificate details for mail.royalcollege.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgINAMDzgYcAAAAAUNYWrzANBgkqhkiG9w0BAQsFADCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEy
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0xNTEx
MTcxODQ0MjRaFw0xOTAyMTYxOTE0MjNaMIGMMQswCQYDVQQGEwJDQTEQMA4GA1UE
CBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMTswOQYDVQQKEzJSb3lhbCBDb2xs
ZWdlIG9mIFBoeXNpY2lhbnMgYW5kIFN1cmdlb25zIG9mIENhbmFkYTEdMBsGA1UE
AxMUbWFpbC5yb3lhbGNvbGxlZ2UuY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCwrORxROrz80hBGKW07kBdssO8WlgEKdHxDgiWJ+GTjg9sHebrjvHh
v+FgNGanh5ZWUY2nkO9k5D/AtzKtxy2GeElxSvH6iHrD0NBuxVsJ9EYv2I98bwm4
scmFRrQp9Q+amL3vtdSWTt9UlzCF64O0t02DzcOU3N2uA4DwTI2KI1nBoyjjDmCs
zwkPQkA5qau8Cix+X75BES/nIUStreFTah8vMBAHE+i+vDZ/YY71ayHTUzSdbpj1
2X6SBNe2FmYuo58gyIRgMIwxUlrk6d7PcEMk6pKYdQ6GtyS1nWlo4pn+BGkwmxA6
EpBOQX+WWFC9YGJlV1Qmy1qZNAJj+UmNAgMBAAGjggF+MIIBejALBgNVHQ8EBAMC
BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMwYDVR0fBCwwKjAooCagJIYiaHR0cDov
L2NybC5lbnRydXN0Lm5ldC9sZXZlbDFrLmNybDBLBgNVHSAERDBCMDYGCmCGSAGG
+mwKAQUwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEw
CAYGZ4EMAQICMGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29j
c3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5u
ZXQvbDFrLWNoYWluMjU2LmNlcjAfBgNVHREEGDAWghRtYWlsLnJveWFsY29sbGVn
ZS5jYTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQU
GNfIckiOQsagNyVOK466pgcb7MUwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOC
AQEALwq0Ti+Sf/olQwE6x8NVTAiSjntZMxBKa/VWk5eza+sd+21zXuFynuzW39Wo
wge5snXLThVO5TAJKpY1s6m/KI5iwWtg2GEvGNP1BK6VsH7uBcTLU6lWrwo1hzR2
mebgu0oO8UNVDtqqYrMScJ9oEsEeCQfkawvt8kGZJYP2BI6JpXrGy/azaDAxkAMx
QlFsgi4UYPCstGyHv9QfRiQARE48xgyzLNyktnsMkBhIWo0RYPJifu2Y7oAy4dZo
JMoUhc+a+juIQT/BhQ4ZJVQMxcUYOSQ11MuyBIqz1PeRXMfaJKJ6z2N6Hh4YxL1c
byIK5Q71EdYZSJs+1rg9tI3teg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKzkcUTq8/NIQRiltO5A
XbLDvFpYBCnR8Q4Ilifhk44PbB3m647x4b/hYDRmp4eWVlGNp5DvZOQ/wLcyrcct
hnhJcUrx+oh6w9DQbsVbCfRGL9iPfG8JuLHJhUa0KfUPmpi977XUlk7fVJcwheuD
tLdNg83DlNzdrgOA8EyNiiNZwaMo4w5grM8JD0JAOamrvAosfl++QREv5yFEra3h
U2ofLzAQBxPovrw2f2GO9Wsh01M0nW6Y9dl+kgTXthZmLqOfIMiEYDCMMVJa5One
z3BDJOqSmHUOhrcktZ1paOKZ/gRpMJsQOhKQTkF/llhQvWBiZVdUJstamTQCY/lJ
jQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 59715502535451348220989806255
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-11-17 18:44:24 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-02-16 19:14:23 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ottawa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Royal College of Physicians and Surgeons of Canada'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'mail.royalcollege.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22303198071013118708405050120654495572038985612544115366912162882477191354502145564062120818990934633802390067901013723956711791128642692754005143465371809371144870589910773818560905342905293429083584097909395259804293669056931942385259116766521470184575048188981876057454661397634532668418876016445158885554626381445242915641479227495109907668740410152415804802007128060862094914733469642986947396801097829997224810906581870441620440405487438620141489666342700519036741620831362130972613171592296751565001471014949700924133323828724659072054230317860274762966609050505282890294626707407051010247697284480361123367309
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mail.royalcollege.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							18d7c872488e42c6a037254e2b8ebaa6071becc5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		002f0ab44e2f927ffa2543013ac7c3554c08928e7b5933104a6bf5569397b36beb1dfb6d735ee1729eecd6dfd5a8c207b9b275cb4e154ee530092a9635b3a9bf288e62c16b60d8612f18d3f504ae95b07eee05c4cb53a956af0a3587347699e6e0bb4a0ef143550edaaa62b312709f6812c11e0907e46b0bedf241992583f6048e89a57ac6cbf6b368303190033142516c822e1460f0acb46c87bfd41f462400444e3cc60cb32cdca4b67b0c9018485a8d1160f2627eed98ee8032e1d66824ca1485cf9afa3b88413fc1850e1925540cc5c518392435d4cbb2048ab3d4f7915cc7da24a27acf637a1e1e18c4bd5c6f220ae50ef511d619489b3ed6b83db48ded7a