provisioner.svc.braintreepayments.com

- PayPal, Inc. -

Issued by DigiCert SHA2 High Assurance Server CA

About this certificate

This digital certificate with serial number 0e:5f:e3:a1:56:f2:5e:90:7e:e7:18:3c:71:c9:30:c4 was issued on by DigiCert Inc.

With 8 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

PayPal, Inc.

Organization: PayPal, Inc.
State / Province: California
Locality: San Jose
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0e:5f:e3:a1:56:f2:5e:90:7e:e7:18:3c:71:c9:30:c4
Serial Number (int): 19107077032172542032015541329539444932
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 21:bf:0a:12:eb:78:49:c3:8e:10:d7:e2:27:95:b7:26:d4:19:79:d3
AuthorityKeyId: 51:68:ff:90:af:02:07:75:3c:cc:d9:65:64:62:a2:12:b8:59:72:3b

Fingerprint (sha1): b2:93:46:50:d2:5b:37:14:66:e1:5a:b2:ca:0f:92:50:56:2a:f5:f5
Fingerprint (sha256): 19:8f:a6:7b:76:4c:00:a7:e6:0c:47:2b:93:2e:6c:21:0c:2f:42:db:e8:62:6e:43:c0:d2:51:4d:44:c6:1e:b6

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/sha2-ha-server-g6.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ha-server-g6.crl

Check the revocation status for certificate provisioner.svc.braintreepayments.com

8

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for provisioner.svc.braintreepayments.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

provisioner.svc.braintreepayments.com
provisioner.braintreepayments.com
www.provisioner.braintreepayments.com
provisioner-prod-us-east-1.production.braintree-api.com
provisioner-prod-us-east-2.production.braintree-api.com
provisioner-prod-us-west-2.production.braintree-api.com
provisioner-prod-ap-southeast-2.production.braintree-api.com
provisioner-prod-eu-central-1.production.braintree-api.com

Other certificates including the domain name braintreepayments.com

(limited to 100 certificates)
statuspage.io
rundeck.qwt.braintreepayments.com
status.acquia.com
statuspage.io
statuspage.io
statuspage.io
js-sdk-integration.sand.braintreepayments.com
apply.qa.braintreepayments.com
blue-front-door-us-east-1-proxy.staging.braintreepayments.com
resources.braintreepayments.com
watchtower.sand.braintreepayments.com
gstatic.dev.braintreepayments.com
statuspage.io
resources.braintreepayments.com
panel.sandbox.braintreegateway.com
graphql.braintreepayments.com
login.staging.braintreepayments.com
statuspage.io
opscenter.qa.braintreepayments.com
statuspage.io
dimension-finder-stag.sandbox.braintree-api.com
www.braintreepayments.com
collins.qwt.braintreepayments.com
billing.braintreepayments.com
statuspage.io
*.produswest2.braintreepayments.com
statuspage.io
statuspage.io
statuspage.io
statuspage.io
statuspage.io
disputin.sandbox.braintree.tools
statuspage.io
billing.qa2.braintreepayments.com
cosmos-authy.braintreepayments.com
braintreepayments.com
statuspage.io
adxstatus.com
statuspage.io
status.acquia.com
demo.braintreepayments.com
solidfire.chi.braintreepayments.com
statuspage.io
statuspage.io
www.paypal-status.com
statuspage.io
statuspage.io
staging.braintreepayments.com
statuspage.io
provisioner.qa.braintreepayments.com
billing.qa2.braintreepayments.com
statuspage.io
statuspage.io
statuspage.io
provisioner.sand.braintreepayments.com
payments.braintree-api.com
statuspage.io
statuspage.io
puppet.braintreepayments.com
decisions.qa.braintreepayments.com
statuspage.io
statuspage.io
gateway.staging.braintreepayments.com
cosmos-authy.braintreepayments.com
brand.braintreepayments.com
statuspage.io
statuspage.io
login.qa.braintreepayments.com
statuspage.io
apply.qa.braintreepayments.com
logs-sand.braintreepayments.com
statuspage.io
billing-registration.braintreepayments.com
panel.gateway.qa.braintreepayments.com
statuspage.io
watchtower.qwt.braintreepayments.com
statuspage.io
statuspage.io
collins.chi.braintreepayments.com
statuspage.io
login.qa.braintreepayments.com
statuspage.io
statuspage.io
statuspage.io
statuspage.io
statuspage.io
statuspage.io
staging.braintreepayments.com
statuspage.io
statuspage.io
statuspage.io
statuspage.io
statuspage.io
jabber.braintreepayments.com
mission-control.braintree-api.com
*.qa.braintreepayments.com
collins.chi.braintreepayments.com
graphql.staging.braintreepayments.com
statuspage.io
*.dev.cosmos.braintreepayments.com

Certificate

The complete raw certificate details for provisioner.svc.braintreepayments.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG8jCCBdqgAwIBAgIQDl/joVbyXpB+5xg8cckwxDANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0yNDAzMDQwMDAwMDBaFw0yNTAyMDQyMzU5NTla
MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhT
YW4gSm9zZTEVMBMGA1UEChMMUGF5UGFsLCBJbmMuMS4wLAYDVQQDEyVwcm92aXNp
b25lci5zdmMuYnJhaW50cmVlcGF5bWVudHMuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA1q4wMAM/hzj4EcuF6iJHXMWfxDIeIA+OnFleo+TROqSh
Xz9YK3ZotloxFKVIfBR9JQ5ZYuCpvzLcGkJwtgAHpKxyixxcWuOepcVsojrXzcMN
rzDmjiYlCfCnN5OlWXakH9XJM39adel4VbRL2LronqSGkcnXhe2Er8iGkNNcwL/l
VfGbK/DQTX/Emi1Ol0Agsbq03MUFEL4Z/VyjiPLRSBJEvmcIXQ27GyyfFJXs/7wF
Y1cbpbDn2cUEzh4Y+FIetoaF5faWWW5t4DVkWZG2lcmy9/VMk+yRKEqGhWaM0cnC
pF8VWmgWWhyLZ5/HQt7ijpbf7oMLBhbqAEhkY1w+4wIDAQABo4IDejCCA3YwHwYD
VR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFCG/ChLreEnD
jhDX4ieVtybUGXnTMIIBowYDVR0RBIIBmjCCAZaCJXByb3Zpc2lvbmVyLnN2Yy5i
cmFpbnRyZWVwYXltZW50cy5jb22CIXByb3Zpc2lvbmVyLmJyYWludHJlZXBheW1l
bnRzLmNvbYIld3d3LnByb3Zpc2lvbmVyLmJyYWludHJlZXBheW1lbnRzLmNvbYI3
cHJvdmlzaW9uZXItcHJvZC11cy1lYXN0LTEucHJvZHVjdGlvbi5icmFpbnRyZWUt
YXBpLmNvbYI3cHJvdmlzaW9uZXItcHJvZC11cy1lYXN0LTIucHJvZHVjdGlvbi5i
cmFpbnRyZWUtYXBpLmNvbYI3cHJvdmlzaW9uZXItcHJvZC11cy13ZXN0LTIucHJv
ZHVjdGlvbi5icmFpbnRyZWUtYXBpLmNvbYI8cHJvdmlzaW9uZXItcHJvZC1hcC1z
b3V0aGVhc3QtMi5wcm9kdWN0aW9uLmJyYWludHJlZS1hcGkuY29tgjpwcm92aXNp
b25lci1wcm9kLWV1LWNlbnRyYWwtMS5wcm9kdWN0aW9uLmJyYWludHJlZS1hcGku
Y29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93
d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwz
LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6
Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwgYMGCCsG
AQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t
ME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl
cnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMBMG
CisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQCajOuQzuS7I2Oq
BfyDx6ChFlXGnp6HooqcPRVQhG+zcc6iRBeq20MUUI6gAuUv/UNXdozW0qwplCre
Kdsn0/0+70DeJoD5uE15PxtJYbgVBWU8M/rotkVNVEArkZhC/xnhurcjNMbfDQbt
9g3MLJ/mUemUOgiF16hwqq66t7B3CKL55lSjJFYYe0HkWXFCfR9PF2Pe5LQS+Lsu
sDQwBT1NE4Kchh6DA60xwB6FXslgCQugwhVOJtTMXNDbaxLCi1AGy1BJ8+EpBhc9
7QRgSrKrgRmkKpTodJMlfkUmJD2aWFYzYf3HHqazsWUvdNfSf0nY9Ko2jVjjGaOD
7oISHMZm
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1q4wMAM/hzj4EcuF6iJH
XMWfxDIeIA+OnFleo+TROqShXz9YK3ZotloxFKVIfBR9JQ5ZYuCpvzLcGkJwtgAH
pKxyixxcWuOepcVsojrXzcMNrzDmjiYlCfCnN5OlWXakH9XJM39adel4VbRL2Lro
nqSGkcnXhe2Er8iGkNNcwL/lVfGbK/DQTX/Emi1Ol0Agsbq03MUFEL4Z/VyjiPLR
SBJEvmcIXQ27GyyfFJXs/7wFY1cbpbDn2cUEzh4Y+FIetoaF5faWWW5t4DVkWZG2
lcmy9/VMk+yRKEqGhWaM0cnCpF8VWmgWWhyLZ5/HQt7ijpbf7oMLBhbqAEhkY1w+
4wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 19107077032172542032015541329539444932
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 High Assurance Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-04 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-04 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'San Jose'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'PayPal, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'provisioner.svc.braintreepayments.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27100892681605341082637334650681830661261005954730706068620803467925594307085683705921218500545440840754013989809040503678267501093609487544539021488797165265600390385788585358512341495386683075724819511651060525670827552085442518871563371771043964067335785886066545222591085489111958858050124352294165549071932075222903848363670778933000718874996453681867399686210951176922911574851280287644323433351758061092382122996080611205830211336202300489474321632598006493821916071963436453487005966784182312995737510641459099706683082283270138447605545219558763595626634447386818403088953396143146561070631711133454965685987
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 5168ff90af0207753cccd9656462a212b859723b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							21bf0a12eb7849c38e10d7e22795b726d41979d3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (410 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'provisioner.svc.braintreepayments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'provisioner.braintreepayments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.provisioner.braintreepayments.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'provisioner-prod-us-east-1.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'provisioner-prod-us-east-2.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'provisioner-prod-us-west-2.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'provisioner-prod-ap-southeast-2.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'provisioner-prod-eu-central-1.production.braintree-api.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009a8ceb90cee4bb2363aa05fc83c7a0a11655c69e9e87a28a9c3d1550846fb371cea24417aadb4314508ea002e52ffd4357768cd6d2ac29942ade29db27d3fd3eef40de2680f9b84d793f1b4961b81505653c33fae8b6454d54402b919842ff19e1bab72334c6df0d06edf60dcc2c9fe651e9943a0885d7a870aaaebab7b07708a2f9e654a32456187b41e45971427d1f4f1763dee4b412f8bb2eb03430053d4d13829c861e8303ad31c01e855ec960090ba0c2154e26d4cc5cd0db6b12c28b5006cb5049f3e12906173ded04604ab2ab8119a42a94e87493257e4526243d9a58563361fdc71ea6b3b1652f74d7d27f49d8f4aa368d58e319a383ee82121cc666