go.kiva.org
Issued by AlphaSSL CA - SHA256 - G2
About this certificate
This digital certificate with serial number 7f:e0:11:ce:fe:6e:df:76:76:96:6b:ab was issued on by GlobalSign nv-sa.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=go.kiva.org,OU=Domain Control Validated by OneClickSSL
GlobalSign nv-sa
Organization:
GlobalSign nv-sa
Country:
BE
This certificate has expire since
Certificate Details
Serial Number (hex): 7f:e0:11:ce:fe:6e:df:76:76:96:6b:abSerial Number (int): 39575479729497825464278215595
Serial Number lenght: 95 bits, 12 octets
SubjectKeyId: ae:57:8d:16:a6:3f:19:68:30:68:d3:a0:49:9e:7d:d8:99:39:09:54
AuthorityKeyId: f5:cd:d5:3c:08:50:f9:6a:4f:3a:b7:97:da:56:83:e6:69:d2:68:f7
Fingerprint (sha1): d4:17:7d:28:d8:86:4b:69:db:fd:51:62:2d:61:95:df:72:1e:92:0b
Fingerprint (sha256): 1b:77:76:48:d5:da:bd:78:2d:b3:24:56:aa:f7:97:fb:25:ab:3d:39:cd:16:4c:46:f6:89:b8:7f:22:50:50:29
Issuing Certificate URL: http://secure2.alphassl.com/cacert/gsalphasha2g2r1.crt
Revocation information
OCSP Server: http://ocsp2.globalsign.com/gsalphasha2g2CRL Distribution Point: http://crl2.alphassl.com/gs/gsalphasha2g2.crl
Check the revocation status for certificate go.kiva.org
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for go.kiva.org
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
go.kiva.org
www.go.kiva.org
www.go.kiva.org
Other certificates including the domain name kiva.org
(limited to 100 certificates)
devvm-api.dk1.kiva.org
secure.novica.com
secure.novica.com
*.stage.kiva.org
*.stage.kiva.org
gender.kiva.org
masterbooker.com
lend.kiva.org
groove.ehlinks.com
jespergustafsson.com
secure.novica.com
*.dev.kiva.org
groove.simondata.com
careers.kiva.org
partnerships.kiva.org
sni.cloudflaressl.com
login.kiva.org
www.marlim.co
*.dev.kiva.org
groove.robinpowered.com
*.dev.kiva.org
www.kiva.org
lend.kiva.org
www.gender.kiva.org
sgchuscpje.device.sighub.ch
go.kiva.org
groove.swivl.com
www.gender.kiva.org
groove.lyric.com
partnerships.kiva.org
groove.kiva.org
links.kiva.org
www.starterplus.net
login.kiva.org
groove.ehlinks.com
secure.novica.com
cdn.steviewonder.es
lend.kiva.org
partnerships.kiva.org
groove.jebbit.com
lend.kiva.org
www.refugees.kiva.org
us.kiva.org
groove.jebbit.com
admin-api.k1.kiva.org
go.kiva.org
*.kiva.org
www.kiva.org
groove.adpearance.com
*.stage.kiva.org
*.kiva.org
educathours.com
secure.novica.com
groove.cloudleaf.io
*.kiva.org
secure.novica.com
www.refugees.kiva.org
login.kiva.org
partner-api.k1.kiva.org
novica.com
*.kiva.org
login.kiva.org
www.labs.kiva.org
www.dashboard.geotargetly.com
gender.kiva.org
groove.kiva.org
www.refugees.kiva.org
groove.trustarc.com
novica.com
viska.com
*.kiva.org
sg.travelrank.org
go.kiva.org
secure.novica.com
login.qa.kiva.org
*.qa.kiva.org
branded.grooveapp.com
us.kiva.org
groove.g2.com
groove.uber.com
www.webboot.io
refugees.kiva.org
careers.kiva.org
wordscanner.app
*.kiva.org
*.kiva.org
careers.kiva.org
sdk.sl.kiva.org
*.dev.kiva.org
*.stage.kiva.org
*.kiva.org
us.kiva.org
wordscanner.app
*.dk1.kiva.org
admin-api.dk1.kiva.org
careers.kiva.org
*.dev.kiva.org
*.dev.kiva.org
marketplace-api.k1.kiva.org
bjuttflix.niels.me
secure.novica.com
secure.novica.com
*.stage.kiva.org
*.stage.kiva.org
gender.kiva.org
masterbooker.com
lend.kiva.org
groove.ehlinks.com
jespergustafsson.com
secure.novica.com
*.dev.kiva.org
groove.simondata.com
careers.kiva.org
partnerships.kiva.org
sni.cloudflaressl.com
login.kiva.org
www.marlim.co
*.dev.kiva.org
groove.robinpowered.com
*.dev.kiva.org
www.kiva.org
lend.kiva.org
www.gender.kiva.org
sgchuscpje.device.sighub.ch
go.kiva.org
groove.swivl.com
www.gender.kiva.org
groove.lyric.com
partnerships.kiva.org
groove.kiva.org
links.kiva.org
www.starterplus.net
login.kiva.org
groove.ehlinks.com
secure.novica.com
cdn.steviewonder.es
lend.kiva.org
partnerships.kiva.org
groove.jebbit.com
lend.kiva.org
www.refugees.kiva.org
us.kiva.org
groove.jebbit.com
admin-api.k1.kiva.org
go.kiva.org
*.kiva.org
www.kiva.org
groove.adpearance.com
*.stage.kiva.org
*.kiva.org
educathours.com
secure.novica.com
groove.cloudleaf.io
*.kiva.org
secure.novica.com
www.refugees.kiva.org
login.kiva.org
partner-api.k1.kiva.org
novica.com
*.kiva.org
login.kiva.org
www.labs.kiva.org
www.dashboard.geotargetly.com
gender.kiva.org
groove.kiva.org
www.refugees.kiva.org
groove.trustarc.com
novica.com
viska.com
*.kiva.org
sg.travelrank.org
go.kiva.org
secure.novica.com
login.qa.kiva.org
*.qa.kiva.org
branded.grooveapp.com
us.kiva.org
groove.g2.com
groove.uber.com
www.webboot.io
refugees.kiva.org
careers.kiva.org
wordscanner.app
*.kiva.org
*.kiva.org
careers.kiva.org
sdk.sl.kiva.org
*.dev.kiva.org
*.stage.kiva.org
*.kiva.org
us.kiva.org
wordscanner.app
*.dk1.kiva.org
admin-api.dk1.kiva.org
careers.kiva.org
*.dev.kiva.org
*.dev.kiva.org
marketplace-api.k1.kiva.org
bjuttflix.niels.me
Certificate
The complete raw certificate details for go.kiva.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHWzCCBkOgAwIBAgIMf+ARzv5u33Z2lmurMA0GCSqGSIb3DQEBCwUAMEwxCzAJ BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlB bHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcyMB4XDTE3MDMzMTAzMjkwNFoXDTE4MDQw MTAzMjkwNFowSDEwMC4GA1UECxMnRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkIGJ5 IE9uZUNsaWNrU1NMMRQwEgYDVQQDEwtnby5raXZhLm9yZzCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBANeiA4a9iRn6TmbVMiXeJJUGJQrx8D00chTDPOyM jV4meHG+AmBu5RGHmhjo67KZDgJKuOHcJPKstNFW1RKGwQHaNBws3ozPbzmxCZZ/ q6fPT13+7nWNO/soFPawTEUvuBR5CDfm2QZBt9XnZfhvNJAho2BmlyHowcs/2YZe h90wnP2oj7zg/QqmlXN8YbaE1EFo6GzK36GNdBwN2v+adhQLWXUFncfyC6I+Bp87 9SmNZ1TgfhFi/fHHSq73OhkKCHzCGKvVUxItGFtOu0UDNAS5/trjJ3FwSo9KJfVZ m+FJKrnr0Xjhmt6acXR2PzX+8Ifsdsohio7ogVzzqO4/S7ECAwEAAaOCBD8wggQ7 MA4GA1UdDwEB/wQEAwIFoDCBiQYIKwYBBQUHAQEEfTB7MEIGCCsGAQUFBzAChjZo dHRwOi8vc2VjdXJlMi5hbHBoYXNzbC5jb20vY2FjZXJ0L2dzYWxwaGFzaGEyZzJy MS5jcnQwNQYIKwYBBQUHMAGGKWh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9n c2FscGhhc2hhMmcyMFcGA1UdIARQME4wQgYKKwYBBAGgMgEKCjA0MDIGCCsGAQUF BwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZn gQwBAgEwCQYDVR0TBAIwADA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vY3JsMi5h bHBoYXNzbC5jb20vZ3MvZ3NhbHBoYXNoYTJnMi5jcmwwJwYDVR0RBCAwHoILZ28u a2l2YS5vcmeCD3d3dy5nby5raXZhLm9yZzAdBgNVHSUEFjAUBggrBgEFBQcDAQYI KwYBBQUHAwIwHQYDVR0OBBYEFK5XjRamPxloMGjToEmefdiZOQlUMB8GA1UdIwQY MBaAFPXN1TwIUPlqTzq3l9pWg+Zp0mj3MIICbwYKKwYBBAHWeQIEAgSCAl8EggJb AlkAdgDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVsiaM34AAAE AwBHMEUCIQDaobnUj6OfOobpnJZAc/25qYQi9sXcISC9T79E0LaLrwIgVHdyDhz1 NNoJhi25DeQ7CCiLveIO7xQ1K0x1iyX1uSUAdwBWFAaaL9fC7NP14b1Esj7HRna5 vJkRXMDvlJhV1onQ3QAAAVsiaM5CAAAEAwBIMEYCIQDlKiAbTegaiK+VOjpboquP M+QipIpz86rrj/mQDIFN6wIhAKK/9W1LAgyy3G+aGINgU42O/0WBAoDncxF+RMwZ eLmrAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFbImjQuQAA BAMARzBFAiAhHIuJXgSlvURgDDdprwTve/tSWMpsolrbDeXxtHubcwIhAPbe88LJ k5TaN6ona8IMcvN9y+9r7fYtkq4dBR6U2tChAHYAu9nfvB+KcbWTlCOXqpJ7RzhX lQqrUugakJZkNo4e0YUAAAFbImjRfwAABAMARzBFAiEA2vxe6TGwIUBmICNLF8fT jTx47ZD3KPuVgmLiofMmFTUCIDQJ/D0BEI4pqAtji1TLSGplpMpeEogUhNrxfl+X DeiAAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFbImjTrQAA BAMARzBFAiAJcQHCukqAKCwWYNoHIctc5Vbpxmvd7aUervY9MeAbggIhAN6eHICp kYM2mmz4uH4qSMePkjGJc/Q+SOmqgct3EDNqMA0GCSqGSIb3DQEBCwUAA4IBAQCg +eWmVZ++soXvW086TlFLhZd+qKH9a/Symp+gC1Png0ZuBPvjHEXwcSGEvGln+dQh dQWmVxKaEXwdjJVubw7CdPs1U9UNFi8IPqrsU+HafX0rJWdd2k1Anztgrti6K0hd Xca5W4sgoim8KIp0XDU7rcuvaRrRw6EF/xdTkf9SqhFAF2LCRE5pp6xHfkoepimt znjRlgciotRbPb/qyTmmyKXm9mrQhMmt3gAhsuAtV3wOzeOWYlVJVTqtdogv7jMY 7Fqo2w3jk4BtjRVSLiz1Vi/7PTqFg7Vl4DEii0yveYUl+bPFDwF/guwscww5n8zK hkfrpnr/fOysyENqAWpA -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16IDhr2JGfpOZtUyJd4k lQYlCvHwPTRyFMM87IyNXiZ4cb4CYG7lEYeaGOjrspkOAkq44dwk8qy00VbVEobB Ado0HCzejM9vObEJln+rp89PXf7udY07+ygU9rBMRS+4FHkIN+bZBkG31edl+G80 kCGjYGaXIejByz/Zhl6H3TCc/aiPvOD9CqaVc3xhtoTUQWjobMrfoY10HA3a/5p2 FAtZdQWdx/ILoj4Gnzv1KY1nVOB+EWL98cdKrvc6GQoIfMIYq9VTEi0YW067RQM0 BLn+2uMncXBKj0ol9Vmb4UkquevReOGa3ppxdHY/Nf7wh+x2yiGKjuiBXPOo7j9L sQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 39575479729497825464278215595 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'AlphaSSL CA - SHA256 - G2' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-03-31 03:29:04 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-04-01 03:29:04 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Domain Control Validated by OneClickSSL' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'go.kiva.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27221127537633965100399373890014829249593516435306285353114345492650680267190567881094383256793158911834233948965790476058825939121838092828575972752673829487854524949036434879058779618007142122868929505747596639370531312593480181198399408876767561701934788184899137137946174612253087272757907694728024511350047931772243011532619772579804610576867392488019918350550636167914582495107197645950384713136997506296877488789919081075440045448122558450227653321170811470369804970750805189592605450855715514194519208652254549756875849119518168811852212372812594225488683294553707630788804536624834910022954398744350971349937 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (125 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure2.alphassl.com/cacert/gsalphasha2g2r1.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsalphasha2g2' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (80 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.10.10 (Domain Validation Certificates Policy - AlphaSSL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl2.alphassl.com/gs/gsalphasha2g2.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'go.kiva.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.go.kiva.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) ae578d16a63f19683068d3a0499e7dd899390954 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f5cdd53c0850f96a4f3ab797da5683e669d268f7 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (607 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (603 bytes) 0259007600ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc0000015b2268cdf80000040300473045022100daa1b9d48fa39f3a86e99c964073fdb9a98422f6c5dc2120bd4fbf44d0b68baf02205477720e1cf534da09862db90de43b08288bbde20eef14352b4c758b25f5b9250077005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000015b2268ce420000040300483046022100e52a201b4de81a88af953a3a5ba2ab8f33e422a48a73f3aaeb8ff9900c814deb022100a2bff56d4b020cb2dc6f9a188360538d8eff45810280e773117e44cc1978b9ab007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000015b2268d0b900000403004730450220211c8b895e04a5bd44600c3769af04ef7bfb5258ca6ca25adb0de5f1b47b9b73022100f6def3c2c99394da37aa276bc20c72f37dcbef6bedf62d92ae1d051e94dad0a1007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000015b2268d17f0000040300473045022100dafc5ee931b021406620234b17c7d38d3c78ed90f728fb958262e2a1f326153502203409fc3d01108e29a80b638b54cb486a65a4ca5e12881484daf17e5f970de880007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000015b2268d3ad00000403004730450220097101c2ba4a80282c1660da0721cb5ce556e9c66bddeda51eaef63d31e01b82022100de9e1c80a99183369a6cf8b87e2a48c78f92318973f43e48e9aa81cb7710336a . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00a0f9e5a6559fbeb285ef5b4f3a4e514b85977ea8a1fd6bf4b29a9fa00b53e783466e04fbe31c45f0712184bc6967f9d4217505a657129a117c1d8c956e6f0ec274fb3553d50d162f083eaaec53e1da7d7d2b25675dda4d409f3b60aed8ba2b485d5dc6b95b8b20a229bc288a745c353badcbaf691ad1c3a105ff175391ff52aa11401762c2444e69a7ac477e4a1ea629adce78d1960722a2d45b3dbfeac939a6c8a5e6f66ad084c9adde0021b2e02d577c0ecde396625549553aad76882fee3318ec5aa8db0de393806d8d15522e2cf5562ffb3d3a8583b565e031228b4caf798525f9b3c50f017f82ec2c730c399fccca8647eba67aff7cecacc8436a016a40