services.inspection.gc.ca

- Canadian Food Inspection Agency -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 1c:9e:d3:5f:50:0c:90:57:54:a4:ab:89:f4:8b:10:6b was issued on by Entrust, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Canadian Food Inspection Agency

Organization: Canadian Food Inspection Agency
State / Province: Ontario
Locality: Ottawa
Country: CA

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 1c:9e:d3:5f:50:0c:90:57:54:a4:ab:89:f4:8b:10:6b
Serial Number (int): 38043053925501946091468377458651893867
Serial Number lenght: 125 bits, 16 octets

SubjectKeyId: 00:7f:a2:10:3a:45:06:76:08:d2:c7:ee:64:f0:67:b2:3f:11:2b:fb
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): fb:a9:f8:64:b0:c9:55:e9:06:33:d5:a1:d8:26:66:59:3f:10:ff:60
Fingerprint (sha256): 19:fc:58:1a:ac:b3:56:31:42:22:0e:2b:32:40:50:e1:63:88:cb:6d:13:83:26:9c:dd:7b:e0:7f:43:56:32:3a

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate services.inspection.gc.ca

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for services.inspection.gc.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

services.inspection.gc.ca
www.services.inspection.gc.ca

Other certificates including the domain name inspection.gc.ca

(limited to 100 certificates)
services.inspection.gc.ca
apps.cfia-acia.inspection.gc.ca
inspection.gc.ca
collab.cfia-acia.inspection.gc.ca
cfonk1awvasd052.cfia-acia.inspection.gc.ca
cfonk1awvasp122.cfia-acia.inspection.gc.ca
services-pre.cfia-acia.inspection.gc.ca
splunk.cfia-acia.inspection.gc.ca
services1.inspection.gc.ca
CFONK1AWVWSP009.cfia-acia.inspection.gc.ca
CFONK1AWVAST008.CFIA-ACIA.inspection.gc.ca
services1.inspection.gc.ca
avs-svs.inspection.gc.ca
CFONK1AWVASD061.cfia-acia.inspection.gc.ca
NCOTTA330.cfia-acia.inspection.gc.ca
CFONK1AWVASP150.CFIA-ACIA.inspection.gc.ca
AGR.GC.CA
active.inspection.gc.ca
cfonk1awvasd050.cfia-acia.inspection.gc.ca
CFONK1AWVASD070.cfia-acia.inspection.gc.ca
services.inspection.gc.ca
CFONK1AWVASP165.cfia-acia.inspection.gc.ca
collab.cfia-acia.inspection.gc.ca
shipmenttracker-suividesenvois.inspection.gc.ca
cfonk1awvasp136.cfia-acia.inspection.gc.ca
services-pre.cfia-acia.inspection.gc.ca
vpn.inspection.gc.ca
wwwqa.inspection.gc.ca
NCOTTA330.cfia-acia.inspection.gc.ca
inspection.gc.ca
inspection.gc.ca
cfonk1awvasd049.cfia-acia.inspection.gc.ca
inspection.gc.ca
aem-prod-disp.cloud-nuage.inspection.gc.ca
wwwqa.inspection.gc.ca
collab.cfia-acia.inspection.gc.ca
CFONK1AWVASP168.cfia-acia.inspection.gc.ca
services.inspection.gc.ca
cfonk1awvasd051.cfia-acia.inspection.gc.ca
CFONK1AWVASD071.cfia-acia.inspection.gc.ca
splunk.cfia-acia.inspection.gc.ca
CFONK1AWVWSS001.cfia-acia.inspection.gc.ca
avs-svs.inspection.gc.ca
services.inspection.gc.ca
CFONK1AWVASP048.CFIA-ACIA.inspection.gc.ca
secure.inspection.gc.ca
cfonk1awvasd048.cfia-acia.inspection.gc.ca
arcgis.cfia-acia.inspection.gc.ca
avs-svs.inspection.gc.ca
collab.cfia-acia.inspection.gc.ca
int-search-recherche.cfia-acia.inspection.gc.ca
cfonk1awvast006.cfia-acia.inspection.gc.ca
CFONK1AWVASP147.CFIA-ACIA.inspection.gc.ca
vpn-bcp.inspection.gc.ca
apps.cfia-acia.inspection.gc.ca
CFONK1AWVASP147.CFIA-ACIA.inspection.gc.ca
geo.inspection.gc.ca
cfonk1awvasp120.cfia-acia.inspection.gc.ca
active.inspection.gc.ca
CFONK1AWVASP148.CFIA-ACIA.inspection.gc.ca
sms-sigs.cfia-acia.inspection.gc.ca
BB10UDS.inspection.gc.ca
cfonk1awvasp138.cfia-acia.inspection.gc.ca
prod.inspection.canada.ca
cfonk1awvast005.cfia-acia.inspection.gc.ca
apps.cfia-acia.inspection.gc.ca
smartvue.cfia-acia.inspection.gc.ca
int-search-recherche.cfia-acia.inspection.gc.ca
int-search-recherche.cfia-acia.inspection.gc.ca
active.inspection.gc.ca
phpkb-dev.agr.gc.ca
sso-iu.inspection.gc.ca
active.inspection.gc.ca
inspection.gc.ca
collab.cfia-acia.inspection.gc.ca
splunk.cfia-acia.inspection.gc.ca
dsdpportal.cfia-acia.inspection.gc.ca
cfsin-es-dev.cloud.inspection.gc.ca
CFONK1AWVASD062.cfia-acia.inspection.gc.ca
secure.inspection.gc.ca
collab.cfia-acia.inspection.gc.ca
cfonk1awvasd048.cfia-acia.inspection.gc.ca
asisst-orasi.inspection.gc.ca
wwwqa.inspection.gc.ca
cfonk1awvasd051.cfia-acia.inspection.gc.ca
airs-sari.inspection.gc.ca
phpkb-dev.agr.gc.ca
asisst-orasi.inspection.gc.ca
airs-sari.inspection.gc.ca
apps.cfia-acia.inspection.gc.ca
CFONK1AWVWSP002.cfia-acia.inspection.gc.ca
CFONK1AWVAST010.cfia-acia.inspection.gc.ca
splunk.cfia-acia.inspection.gc.ca
CFONK1AWVWSP005.cfia-acia.inspection.gc.ca
services.inspection.gc.ca
cfsin-rcisa.inspection.gc.ca
cfonk1awvasp120.cfia-acia.inspection.gc.ca
CFONK1AWVASP169.cfia-acia.inspection.gc.ca
CFONK1AWVASP185.cfia-acia.inspection.gc.ca
CFONK1AWVASD063.cfia-acia.inspection.gc.ca

Certificate

The complete raw certificate details for services.inspection.gc.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGwjCCBaqgAwIBAgIQHJ7TX1AMkFdUpKuJ9IsQazANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
MzEwMDMxNTM3NTdaFw0yNDExMDMxNTM3NTZaMH4xCzAJBgNVBAYTAkNBMRAwDgYD
VQQIEwdPbnRhcmlvMQ8wDQYDVQQHEwZPdHRhd2ExKDAmBgNVBAoTH0NhbmFkaWFu
IEZvb2QgSW5zcGVjdGlvbiBBZ2VuY3kxIjAgBgNVBAMTGXNlcnZpY2VzLmluc3Bl
Y3Rpb24uZ2MuY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxnbR6
XABE3rhaFFmcAGKOeukkpJXj63y98WSPfte7hKbfPqVei1ExbyL2ysnAIeRXJBUP
GQo+k6EZZBMpFiBE9CTHru1j4XuxR9J5nr1ywoQfvZzXY2sGC7Wk01JpUqp6wXzf
HlYQU1u4BD06r9x6NBjV0sVBZCmzXCPuk0e+qljmeHyPZaMq5YYk/Z2UUMOEYovW
GpwFcQjffwelPRJnJx3FCF2snC4EV7h/bww6vp69H3+8HG4sl+I/Y1/anOF6x0fg
gWOHhr8jIf5l3W5neA4oaWJz6WuvixxQAu2fRK30qTkVIEbX6IsSkyURZP329JJN
dxjRNS2xTLPdnrAxAgMBAAGjggL9MIIC+TAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
BBQAf6IQOkUGdgjSx+5k8GeyPxEr+zAfBgNVHSMEGDAWgBSConB03bxTP8971PfN
f6dgxgpMvzBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3Nw
LmVudHJ1c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0
L2wxay1jaGFpbjI1Ni5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5l
bnRydXN0Lm5ldC9sZXZlbDFrLmNybDBDBgNVHREEPDA6ghlzZXJ2aWNlcy5pbnNw
ZWN0aW9uLmdjLmNhgh13d3cuc2VydmljZXMuaW5zcGVjdGlvbi5nYy5jYTAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBMGA1Ud
IAQMMAowCAYGZ4EMAQICMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdwA/F0tP
1yJHWJQdZRyEvg0S7ZA3fx+FauvBvyiF7PhkbgAAAYr2MFVcAAAEAwBIMEYCIQCY
2il5ONNYNXARAItD2kwyAEXwwR5FTwz8BP/CRmoRYQIhAIKdH9dwNYy5Qh4rO2Vs
rS+WZjrIErQXJJOpDUspAeH6AHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZ
RnEftZsAAAGK9jBVgQAABAMARzBFAiEA0ZRy3WSNxsRzwxvJQEg9sjrRNrqGODHR
HKp2XVttc7MCIAOWip59NPblC8X8dLk2lcgZ5P7ZMPFeieDs87aeb5dOAHYASLDj
a9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGK9jBV4wAABAMARzBFAiEA
4De3KcnwelSrTh/4OxMqos56idveNL+2dlX5YOavQtkCIHDTVrUVPSVVykRLGPMh
AmVt942zG12q/EY3/qV5H2ptMA0GCSqGSIb3DQEBCwUAA4IBAQCPw7/Xcenehqoy
moE5XmvxIywBXk5bzlyu2CMisp+UIQ0JCrXIjhYgFoPXyOjAEZpofmWcdcj/xS6R
5T3Tax+tZF6ZWMADj4Irq4nWNcnns65awVhCyaIT44mPRwA8t90nrSZG5Pn0DY9R
non7yGGomtTu9ez9dEB0padGTPbni3RgyZ9PzmS/DlU5Twf35xnLituuYMisRj69
38NbjsgP5eqLeB/gAImVA2iFyOYxWhoiqgJKAOsTmec4A6WFMD9v4UJIB8rqV00o
wYRWjFJqsAur4oF7uAdrfLeu03eH1Gt3MmFdCNqvg1xPSbGUYjFLUmhOxTP7VAo7
yuuuaiSL
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Z20elwARN64WhRZnABi
jnrpJKSV4+t8vfFkj37Xu4Sm3z6lXotRMW8i9srJwCHkVyQVDxkKPpOhGWQTKRYg
RPQkx67tY+F7sUfSeZ69csKEH72c12NrBgu1pNNSaVKqesF83x5WEFNbuAQ9Oq/c
ejQY1dLFQWQps1wj7pNHvqpY5nh8j2WjKuWGJP2dlFDDhGKL1hqcBXEI338HpT0S
ZycdxQhdrJwuBFe4f28MOr6evR9/vBxuLJfiP2Nf2pzhesdH4IFjh4a/IyH+Zd1u
Z3gOKGlic+lrr4scUALtn0St9Kk5FSBG1+iLEpMlEWT99vSSTXcY0TUtsUyz3Z6w
MQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 38043053925501946091468377458651893867
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-03 15:37:57 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-11-03 15:37:56 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ottawa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Canadian Food Inspection Agency'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'services.inspection.gc.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30501198726827274736317743332291819431188491164220579796480318146740465023119920422723759518056273118141543008227680518602516996122484150495763734736291171667470125457633153176209960439950818691831480766663512722458590834877686713753157503447521996297757093514440444969893632699254649693774948660484551334145307101434320685775503148112554437098204101046258614470081155929872730285206808277404758047546998114461789716382883076106006055169185394400467271782824437815464434048560634160544163958762444772710866562094526049751730796602353446197037081973794989434790859934638644482882913790648122755117341785534265991016497
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							007fa2103a45067608d2c7ee64f067b23f112bfb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (60 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'services.inspection.gc.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.services.inspection.gc.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							01690077003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018af630555c000004030048304602210098da297938d358357011008b43da4c320045f0c11e454f0cfc04ffc2466a1161022100829d1fd770358cb9421e2b3b656cad2f96663ac812b4172493a90d4b2901e1fa007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018af63055810000040300473045022100d19472dd648dc6c473c31bc940483db23ad136ba863831d11caa765d5b6d73b3022003968a9e7d34f6e50bc5fc74b93695c819e4fed930f15e89e0ecf3b69e6f974e00760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018af63055e30000040300473045022100e037b729c9f07a54ab4e1ff83b132aa2ce7a89dbde34bfb67655f960e6af42d9022070d356b5153d2555ca444b18f32102656df78db31b5daafc4637fea5791f6a6d
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		008fc3bfd771e9de86aa329a81395e6bf1232c015e4e5bce5caed82322b29f94210d090ab5c88e16201683d7c8e8c0119a687e659c75c8ffc52e91e53dd36b1fad645e9958c0038f822bab89d635c9e7b3ae5ac15842c9a213e3898f47003cb7dd27ad2646e4f9f40d8f519e89fbc861a89ad4eef5ecfd744074a5a7464cf6e78b7460c99f4fce64bf0e55394f07f7e719cb8adbae60c8ac463ebddfc35b8ec80fe5ea8b781fe0008995036885c8e6315a1a22aa024a00eb1399e73803a585303f6fe1424807caea574d28c184568c526ab00babe2817bb8076b7cb7aed37787d46b7732615d08daaf835c4f49b19462314b52684ec533fb540a3bcaebae6a248b