ircc-oem.apps.ci.gc.ca

- Immigration, Refugees and Citizenship Canada -

Issued by Entrust Certification Authority - L1M

About this certificate

This digital certificate with serial number 68:81:df:7e:eb:c4:9a:96:d0:8a:62:34:fe:f3:67:c2 was issued on by Entrust, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Immigration, Refugees and Citizenship Canada

Company registration number: 1994-06-23
Organization: Immigration, Refugees and Citizenship Canada
Organization unit: GCMS
State / Province: Ontario
Locality: Ottawa
Country: CA

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2014 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 68:81:df:7e:eb:c4:9a:96:d0:8a:62:34:fe:f3:67:c2
Serial Number (int): 138914050889438991461024907855991629762
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 68:9b:ae:06:2d:76:50:65:09:51:41:3c:90:cc:62:aa:89:02:ca:a1
AuthorityKeyId: c3:f7:d0:b5:2a:30:ad:af:0d:91:21:70:39:54:dd:bc:89:70:c7:3a

Fingerprint (sha1): 8d:d8:5a:ef:35:df:03:83:79:4b:56:ba:24:36:6a:06:68:a3:96:be
Fingerprint (sha256): 1b:bb:b5:0a:61:f4:11:11:52:6a:21:c1:d7:b3:72:df:52:80:d5:54:19:bc:6f:8d:6a:3a:a8:05:c1:83:3d:1d

Issuing Certificate URL: http://aia.entrust.net/l1m-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1m.crl

Check the revocation status for certificate ircc-oem.apps.ci.gc.ca

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ircc-oem.apps.ci.gc.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ircc-oem.apps.ci.gc.ca

Other certificates including the domain name ci.gc.ca

(limited to 100 certificates)
gcms-smf.apps.ci.gc.ca
cic.gc.ca
NJES1S6308.apps.ci.gc.ca
gcs-ssc-i.apps.ci.gc.ca
extern.cic.gc.ca
*.apps.ci.gc.ca
gcms-prd-a-eai.apps.ci.gc.ca
onlineservices-training.ci.gc.ca
alm-int-tfs.apps.ci.gc.ca
gcs-ssc-isys.apps.ci.gc.ca
gcdocs2.ci.gc.ca
gcms-smgc.apps.ci.gc.ca
cicoemprd.apps.ci.gc.ca
ldaps-edc.apps.ci.gc.ca
irccsbxoms1.apps.ci.gc.ca
*.ci.gc.ca
irccsbxoms1.apps.ci.gc.ca
gcs-ssc-itrn.apps.ci.gc.ca
gcs-ssc-dev.apps.ci.gc.ca
service-stg.ci.gc.ca
ircc-oem.apps.ci.gc.ca
psoft89-gchrms.ci.gc.ca
onlineservices-development2.ci.gc.ca
ccps-stcc-trn.cic.gc.ca
gcms-smf-edc-prd.apps.ci.gc.ca
gcmsmgtaom1.apps.ci.gc.ca
ircc-cognos.ci.gc.ca
extern.cic.gc.ca
cicedw.ci.gc.ca
gcms-smf.apps.ci.gc.ca
eservices1.ci.gc.ca
extern.cic.gc.ca
NSEP1S5119.ci.gc.ca
gcdocs2-svc.ci.gc.ca
ircc-oem-npe.apps.ci.gc.ca
NJES1S6309.apps.ci.gc.ca
tempo-ste.apps.ci.gc.ca
tempo-pef.cic.gc.ca
eservices1.ci.gc.ca
*.ci.gc.ca
gcms-staging.apps.ci.gc.ca
ircc-cognossnd.ci.gc.ca
ircc-cognosint.ci.gc.ca
pss-fg-dev.apps.ci.gc.ca
onlineservices-dev.ci.gc.ca
ircc-oem-npe.apps.ci.gc.ca
gcmsmgtoms1.apps.ci.gc.ca
cicedwdev.ci.gc.ca
gcmssystestmel.apps.ci.gc.ca
psoft-hrms-gc89test-v854.ci.gc.ca
extern.cic.gc.ca
eservices3.ci.gc.ca
gcmssa.apps.ci.gc.ca
extern.cic.gc.ca
pss-ds-dev.apps.ci.gc.ca
ircc-cognostrg.ci.gc.ca
tempo-trn.cic.gc.ca
ircc-cognosdev.ci.gc.ca
ircc-oem.apps.ci.gc.ca
tempo-pte.cic.gc.ca
cicedwsnd.ci.gc.ca
eservices2.ci.gc.ca
tempo-ste.cic.gc.ca
gcs-ssc-itrn.apps.ci.gc.ca
onlineservices-development2.ci.gc.ca
adssdev1.ci.gc.ca
tempo-stg.apps.ci.gc.ca
NJES1S1106.CI.GC.CA
gcmstgmel.apps.ci.gc.ca
gcdocs2.ci.gc.ca
*.ci.gc.ca
ircc-oem.apps.ci.gc.ca
cicoemnpe.apps.ci.gc.ca
gcs-ssc-sys.apps.ci.gc.ca
gcms-staging.apps.ci.gc.ca
mailrelay.ci.gc.ca
gcs-ssc-dev.apps.ci.gc.ca
extern.cic.gc.ca
gcmsprdmel.apps.ci.gc.ca
onlineservices-dev.ci.gc.ca
*.apps.ci.gc.ca
cic.gc.ca
gcmsprdmel.apps.ci.gc.ca
eservices5.ci.gc.ca
ccps-stcc-int.cic.gc.ca
extern.cic.gc.ca
iprms.ci.gc.ca
ccps-stcc.cic.gc.ca
gcms-pdf.apps.ci.gc.ca
gcs-ssc-stg.apps.ci.gc.ca
NJES1S1106.CI.GC.CA
extern.cic.gc.ca
gcs-ssc-isys.apps.ci.gc.ca
gcs-ssc-stg.apps.ci.gc.ca
psoft-hrms-gc89test.ci.gc.ca
gcs-ssc-isys.apps.ci.gc.ca
ccps-stcc-dev.cic.gc.ca
gcms-smgc.apps.ci.gc.ca
ircc-oem-sbx.apps.ci.gc.ca
gcdocsmobile.apps.ci.gc.ca

Certificate

The complete raw certificate details for ircc-oem.apps.ci.gc.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIQaIHffuvEmpbQimI0/vNnwjANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDE0IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxTTAeFw0y
MTEyMTYyMzAzMThaFw0yMzAxMTUyMzAzMThaMIHdMQswCQYDVQQGEwJDQTEQMA4G
A1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMRMwEQYLKwYBBAGCNzwCAQMT
AkNBMTUwMwYDVQQKEyxJbW1pZ3JhdGlvbiwgUmVmdWdlZXMgYW5kIENpdGl6ZW5z
aGlwIENhbmFkYTEaMBgGA1UEDxMRR292ZXJubWVudCBFbnRpdHkxDTALBgNVBAsT
BEdDTVMxEzARBgNVBAUTCjE5OTQtMDYtMjMxHzAdBgNVBAMTFmlyY2Mtb2VtLmFw
cHMuY2kuZ2MuY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNMJMH
qCCZGJ3sgRDwSRJmO0xZmUJRE8vllo1b6/jGRq1k28fIPbQ0CICRQEgmqKCKd8SG
RQ8bdAiRxGA2TZrp/MD79XjiYmIsFBA9O14X2tNYR8xOoK4Y6wUkEh4tWaEbwUj0
mH9+fsV3jtRf3FHJ0H1cQkIdJt9mf4ULRyqmb1DIORQa+aBVBxvp1xndgbCi8zCp
EFp3jPK/7EQnregEOOL35HTGLXeQpI3wMowPAAc5ynO87TZ1mhX8YShxZpc98yf/
/DVXtWxhlKXjWQsfmKTGT4TXn/W1wwZTplwsoPghfi9Y/2qmi7+q5CtpD9DRS2dc
45FscSVt5V5SiK37AgMBAAGjggGlMIIBoTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
BBRom64GLXZQZQlRQTyQzGKqiQLKoTAfBgNVHSMEGDAWgBTD99C1KjCtrw2RIXA5
VN28iXDHOjBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3Nw
LmVudHJ1c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0
L2wxbS1jaGFpbjI1Ni5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5l
bnRydXN0Lm5ldC9sZXZlbDFtLmNybDAhBgNVHREEGjAYghZpcmNjLW9lbS5hcHBz
LmNpLmdjLmNhMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwSwYDVR0gBEQwQjA3BgpghkgBhvpsCgECMCkwJwYIKwYBBQUHAgEW
G2h0dHBzOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAHBgVngQwBATATBgorBgEEAdZ5
AgQDAQH/BAIFADANBgkqhkiG9w0BAQsFAAOCAQEABQbRpb1GVZpjun6/LxkoSNZu
iL8j8Uitn/zYd3xBfz5Ha1tjGcmCBuY1EQ/4U/88kstpt97dUJueOuUHsrmt8QIu
O3z+QzC2y0UstnUg4wUxGUP9mQN12UtqeQaaxrIxL/YW1Egevkl2Hm7GieqHU9W9
vhTYGpRbmt/8Lbp72OLHEhuXs963NWEBAHsixZEaABglfsk4D0rrT7AO52jm0MGH
vqnvtL+O8oxKNE05JBpvgYORT1YdTVsBhwE2Rofb0zjBcGRt8tZJfvEX7KQUXAR0
D6C/tUWi5eHoe85hzO8HJVkQsf+rxfJsiZvKwRbNIuriKxcA775s8evADGpGBg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTCTB6ggmRid7IEQ8EkS
ZjtMWZlCURPL5ZaNW+v4xkatZNvHyD20NAiAkUBIJqiginfEhkUPG3QIkcRgNk2a
6fzA+/V44mJiLBQQPTteF9rTWEfMTqCuGOsFJBIeLVmhG8FI9Jh/fn7Fd47UX9xR
ydB9XEJCHSbfZn+FC0cqpm9QyDkUGvmgVQcb6dcZ3YGwovMwqRBad4zyv+xEJ63o
BDji9+R0xi13kKSN8DKMDwAHOcpzvO02dZoV/GEocWaXPfMn//w1V7VsYZSl41kL
H5ikxk+E15/1tcMGU6ZcLKD4IX4vWP9qpou/quQraQ/Q0UtnXOORbHElbeVeUoit
+wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 138914050889438991461024907855991629762
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2014 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1M'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-12-16 23:03:18 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-15 23:03:18 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ottawa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Immigration, Refugees and Citizenship Canada'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Government Entity'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GCMS'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '1994-06-23'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ircc-oem.apps.ci.gc.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25902805415654563444188570000352817800855119433403931930636712537242501057422993321055864937477094778524163713102535543018416607235185017044565238093923373290587512215426511635419473513371179821703133864005755810608331167652572195844370481579272107532748350627754990618532205143632173030131363133778621650744793448649763355622391720485962936030297720884446712448976318647807043553232102591749740006038968917452173054572194720663219192768439580547830025165880841075026258625883391214777472838923472633486074354923457533863596640055869364730157082497769713181369616133329280946342821178063315641685142471358880030436859
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							689bae062d7650650951413c90cc62aa8902caa1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c3f7d0b52a30adaf0d9121703954ddbc8970c73a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1m-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1m.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ircc-oem.apps.ci.gc.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.2 (Entrust EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000506d1a5bd46559a63ba7ebf2f192848d66e88bf23f148ad9ffcd8777c417f3e476b5b6319c98206e635110ff853ff3c92cb69b7dedd509b9e3ae507b2b9adf1022e3b7cfe4330b6cb452cb67520e305311943fd990375d94b6a79069ac6b2312ff616d4481ebe49761e6ec689ea8753d5bdbe14d81a945b9adffc2dba7bd8e2c7121b97b3deb7356101007b22c5911a0018257ec9380f4aeb4fb00ee768e6d0c187bea9efb4bf8ef28c4a344d39241a6f8183914f561d4d5b018701364687dbd338c170646df2d6497ef117eca4145c04740fa0bfb545a2e5e1e87bce61ccef07255910b1ffabc5f26c899bcac116cd22eae22b1700efbe6cf1ebc00c6a4606