www.lcnb.com

- LCNB National Bank -

Issued by GeoTrust EV RSA CA G2

About this certificate

This digital certificate with serial number 03:13:db:92:f4:e8:cb:f8:96:91:ac:39:e5:e5:8e:89 was issued on by DigiCert Inc.

With 6 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

LCNB National Bank

Company registration number: 2360
Organization: LCNB National Bank
State / Province: Ohio
Locality: Lebanon
Country: US

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 03:13:db:92:f4:e8:cb:f8:96:91:ac:39:e5:e5:8e:89
Serial Number (int): 4090791118477612554666619613852569225
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 59:4b:38:e9:c7:06:18:c9:c8:46:bb:a7:03:74:a7:f3:ee:ff:e9:21
AuthorityKeyId: 28:d2:cf:ee:09:84:75:dd:b5:b2:b5:bf:3c:d5:a0:c6:73:88:5d:1f

Fingerprint (sha1): 0e:25:1e:1d:56:30:b3:d8:b5:8a:21:23:f8:78:e2:1b:36:16:01:d6
Fingerprint (sha256): 1a:90:a6:c3:9d:f1:70:fa:66:f8:3a:f9:7a:3b:d3:b8:aa:2d:bd:49:7f:36:9e:8b:d9:81:d6:c4:4d:07:e3:87

Issuing Certificate URL: http://cacerts.digicert.com/GeoTrustEVRSACAG2.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/GeoTrustEVRSACAG2.crl
CRL Distribution Point: http://crl4.digicert.com/GeoTrustEVRSACAG2.crl

Check the revocation status for certificate www.lcnb.com

6

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.lcnb.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA512 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.lcnb.com
lcnb.com
www.cincinnatifederal.com
www.kentuckyfederal.com
cincinnatifederal.com
kentuckyfederal.com

Other certificates including the domain name lcnb.com

(limited to 100 certificates)
support.psplegal.ca
assist.fusiongroupusa.com
support.psplegal.ca
www.lcnb.com
www.lcnb.com
assist.broxelbroadband.com
www.lcnb.com
www.lcnb.com
assist.nmrevents.com
start.lcnb.com
assist.fusiongroupusa.com
assist.fusiongroupusa.com
go.lcnb.com
assist.fusiongroupusa.com
mail.lcnb.com
www.lcnb.com
assist.fusiongroupusa.com
assist.fusiongroupusa.com
start.lcnb.com
www.lcnb.com
www.lcnb.com
assist.broxelbroadband.com
assist.fusiongroupusa.com
assist.fusiongroupusa.com
assist.broxelbroadband.com
smc.lcnb.com
www.lcnb.com
www.lcnb.com
assist.smsi.group
assist.fusiongroupusa.com
assist.fusiongroupusa.com
mail.lcnb.com
assist.fusiongroupusa.com
assist.fusiongroupusa.com
assist.edgt.com
assist.fusiongroupusa.com
assist.thebergroup.com
assist.fusiongroupusa.com
assist.edgt.com
assist.smsi.group
mail.lcnb.com
www.lcnb.com
mail.lcnb.com
assist.aa-techs.com
help.rubieraproductions.com
assist.smsi.group
smc.lcnb.com
assist.fusiongroupusa.com
assist.fusiongroupusa.com
assist.edgt.com
mail.lcnb.com
*.lcnb.com
assist.thebergroup.com
assist.fusiongroupusa.com
assist.fusiongroupusa.com
assist.broxelbroadband.com
assist.fusiongroupusa.com
assist.fusiongroupusa.com
support.psplegal.ca
assist.fusiongroupusa.com
assist.fusiongroupusa.com
help.rubieraproductions.com
start.lcnb.com
assist.thebergroup.com
support.psplegal.ca
help.rubieraproductions.com
assist.thebergroup.com
servicedesk.oq8.om
assist.fusiongroupusa.com
assist.fusiongroupusa.com
assist.aa-techs.com
help.rubieraproductions.com
assist.lcnb.com
assist.aa-techs.com
assist.aa-techs.com
assist.smsi.group
assist.nmrevents.com
www.lcnb.com
assist.fusiongroupusa.com
assist.nmrevents.com
assist.ctp123.com
start.lcnb.com
www.lcnb.com
www.lcnb.com
go.lcnb.com
assist.edgt.com
www.lcnb.com
assist.nmrevents.com

Certificate

The complete raw certificate details for www.lcnb.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHNTCCBh2gAwIBAgIQAxPbkvToy/iWkaw55eWOiTANBgkqhkiG9w0BAQ0FADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH
ZW9UcnVzdCBFViBSU0EgQ0EgRzIwHhcNMjQwMjI2MDAwMDAwWhcNMjUwMjI1MjM1
OTU5WjCBpTETMBEGCysGAQQBgjc8AgEDEwJVUzEdMBsGA1UEDwwUUHJpdmF0ZSBP
cmdhbml6YXRpb24xDTALBgNVBAUTBDIzNjAxCzAJBgNVBAYTAlVTMQ0wCwYDVQQI
EwRPaGlvMRAwDgYDVQQHEwdMZWJhbm9uMRswGQYDVQQKExJMQ05CIE5hdGlvbmFs
IEJhbmsxFTATBgNVBAMTDHd3dy5sY25iLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALsH1/W1r9a4oFXaHPkw70fpR+KDr25ZW6sYWexSuUFoPGYt
vKYgvY43B68787HE0Av+1ByFuSkMpEk40mWA/ji3/KFuUPlkq4KgmWEP7NDvs/wK
LtC1OdFlbJriC6a3Xz/bZ6X+mLgyjfebeH75WdzrPLIogdZ+uoHWldwpQRFFSbDv
tsrLNkiXbLIiiOFec6dO7NuTk0RoDFR3Zk8Mb7ZVKEBb8YYdK4RH9OB4d05tVcOJ
OqQfAwTGqUscZ8eZEoJR3XYmP+2+CQXlNvZN8ribTi+bUg0aXtl60Q70k4G92WdV
t8T3hroGo83v+tBZ0VJwgts4ualptahk9Eo0BI8CAwEAAaOCA78wggO7MB8GA1Ud
IwQYMBaAFCjSz+4JhHXdtbK1vzzVoMZziF0fMB0GA1UdDgQWBBRZSzjpxwYYychG
u6cDdKfz7v/pITCBgQYDVR0RBHoweIIMd3d3LmxjbmIuY29tgghsY25iLmNvbYIZ
d3d3LmNpbmNpbm5hdGlmZWRlcmFsLmNvbYIXd3d3LmtlbnR1Y2t5ZmVkZXJhbC5j
b22CFWNpbmNpbm5hdGlmZWRlcmFsLmNvbYITa2VudHVja3lmZWRlcmFsLmNvbTBK
BgNVHSAEQzBBMAsGCWCGSAGG/WwCATAyBgVngQwBATApMCcGCCsGAQUFBwIBFhto
dHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRw
Oi8vY3JsMy5kaWdpY2VydC5jb20vR2VvVHJ1c3RFVlJTQUNBRzIuY3JsMDSgMqAw
hi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vR2VvVHJ1c3RFVlJTQUNBRzIuY3Js
MHMGCCsGAQUFBwEBBGcwZTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl
cnQuY29tMD0GCCsGAQUFBzAChjFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v
R2VvVHJ1c3RFVlJTQUNBRzIuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEEAdZ5
AgQCBIIBbgSCAWoBaAB2AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnf
AAABjeWofRoAAAQDAEcwRQIhAIomZctSCjETph8jdmv8qvmmIzEuGYBH4+yclNyB
fq+fAiA4tIXZhHZC+AKGQlqEt5AoHaoe/NanSLm3kwGukCcaNQB1AH1ZHhLheCp7
HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4AAABjeWofSUAAAQDAEYwRAIgeEFLWa5h
+BAWHnHUkavt93+ac7jyUlGa/F+yEORBPocCIDwtt45k5KfuNAJlAquLrmMNiqpa
Ie/uo+EAXsTDD8+9AHcA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAA
AAGN5ah9UgAABAMASDBGAiEAh3Sy0lt1GNZO5Db44ZWVcf5be25hrxY+zvvrOcDO
r8gCIQDIwcxHJmybjAoz+zPavDcLEkeUHn0cAzep45ttXfgl0TANBgkqhkiG9w0B
AQ0FAAOCAQEAIgKEdFqBujTOOouyaWMiVX7tKj/0bVV1ry0nlCWuIAOVQ55FqaQI
SlSHgppPZAPx73JMORX4qqmsOool1bzWhTTdPCuNKCVQbV3a1L4xjG1g/mog+Cn4
0dgTLzgRtpn7iNhPptoH75dc9QjgVYvGPbjHZF6vsflkEMRAZioFDS6GFkrVY4x3
C2aThdT0/o+NYwp5itQpekEn7mWGZ2mXK015Gvs1HfvHHpwouibOKzqsNm/JWFVS
ZpiRLhFWp4avdjdTBR4SZGQSnycQCw9uOMxWRGsWMMBlqx6owcmI4pOWrPF1h0zP
fMck0V3nQ+uVvXXR59wMtqCgqb6Au+xNvw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwfX9bWv1rigVdoc+TDv
R+lH4oOvbllbqxhZ7FK5QWg8Zi28piC9jjcHrzvzscTQC/7UHIW5KQykSTjSZYD+
OLf8oW5Q+WSrgqCZYQ/s0O+z/Aou0LU50WVsmuILprdfP9tnpf6YuDKN95t4fvlZ
3Os8siiB1n66gdaV3ClBEUVJsO+2yss2SJdssiKI4V5zp07s25OTRGgMVHdmTwxv
tlUoQFvxhh0rhEf04Hh3Tm1Vw4k6pB8DBMapSxxnx5kSglHddiY/7b4JBeU29k3y
uJtOL5tSDRpe2XrRDvSTgb3ZZ1W3xPeGugajze/60FnRUnCC2zi5qWm1qGT0SjQE
jwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 4090791118477612554666619613852569225
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.13 (sha512WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust EV RSA CA G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-26 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-25 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '2360'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ohio'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Lebanon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'LCNB National Bank'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.lcnb.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23610430848508352717496269458133469814366009066923556024031533992327097649847440438881190004846859344909793072750415059048369286653181164013847613950069022478375703160843715473840326651171960678548677296450889307413700253690362255876501034771455991202716379339584223820794068561463534033741408823259897109312177025435228220239533542640459509851948022112153624177869619207144277948773204998501455956822244408170868973032578419678619787488278982469802069305444351071743004534269804242240527102338435264506009691273228547072576709258380998848356530225737906233933219535043377816955132722704306033432424023291969725006991
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 28d2cfee098475ddb5b2b5bf3cd5a0c673885d1f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							594b38e9c70618c9c846bba70374a7f3eeffe921
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (122 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.lcnb.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lcnb.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cincinnatifederal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kentuckyfederal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cincinnatifederal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kentuckyfederal.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.2.1 (DigiCert EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/GeoTrustEVRSACAG2.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/GeoTrustEVRSACAG2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (103 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/GeoTrustEVRSACAG2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018de5a87d1a00000403004730450221008a2665cb520a3113a61f23766bfcaaf9a623312e198047e3ec9c94dc817eaf9f022038b485d9847642f80286425a84b790281daa1efcd6a748b9b79301ae90271a350075007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018de5a87d250000040300463044022078414b59ae61f810161e71d491abedf77f9a73b8f252519afc5fb210e4413e8702203c2db78e64e4a7ee34026502ab8bae630d8aaa5a21efeea3e1005ec4c30fcfbd007700e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018de5a87d5200000403004830460221008774b2d25b7518d64ee436f8e1959571fe5b7b6e61af163ecefbeb39c0ceafc8022100c8c1cc47266c9b8c0a33fb33dabc370b1247941e7d1c0337a9e39b6d5df825d1
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.13 (sha512WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00220284745a81ba34ce3a8bb2696322557eed2a3ff46d5575af2d279425ae200395439e45a9a4084a5487829a4f6403f1ef724c3915f8aaa9ac3a8a25d5bcd68534dd3c2b8d2825506d5ddad4be318c6d60fe6a20f829f8d1d8132f3811b699fb88d84fa6da07ef975cf508e0558bc63db8c7645eafb1f96410c440662a050d2e86164ad5638c770b669385d4f4fe8f8d630a798ad4297a4127ee65866769972b4d791afb351dfbc71e9c28ba26ce2b3aac366fc95855526698912e1156a786af763753051e126464129f27100b0f6e38cc56446b1630c065ab1ea8c1c988e29396acf175874ccf7cc724d15de743eb95bd75d1e7dc0cb6a0a0a9be80bbec4dbf