hubble.officeapps.live-int.com

Issued by Microsoft IT TLS CA 1

About this certificate

This digital certificate with serial number 7b:00:05:fa:f4:12:d6:11:0b:89:3a:97:23:00:00:00:05:fa:f4 was issued on by Microsoft Corporation.

With 5 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

Certificate Subject

CN=hubble.officeapps.live-int.com

Microsoft Corporation

Organization: Microsoft Corporation
Organization unit: Microsoft IT
State / Province: Washington
Locality: Redmond
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 7b:00:05:fa:f4:12:d6:11:0b:89:3a:97:23:00:00:00:05:fa:f4
Serial Number (int): 2742993694405402674287512010346352697124715252
Serial Number lenght: 151 bits, 19 octets

SubjectKeyId: e4:cf:78:b8:64:10:9a:89:69:73:61:be:51:6d:4f:a4:fe:fb:77:96
AuthorityKeyId: 58:88:9f:d6:dc:9c:48:22:b7:14:3e:ff:84:88:e8:e6:85:ff:fa:7d

Fingerprint (sha1): aa:e5:6d:b3:fc:58:5f:8f:55:b1:53:97:64:f2:ea:ae:e0:fa:f6:3b
Fingerprint (sha256): 1c:19:f6:2e:3d:fb:e1:26:29:95:89:7f:77:46:2f:70:0f:58:f7:e0:0e:9c:3a:fb:b5:7d:c8:99:e4:43:ae:c9

Issuing Certificate URL: http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt

Revocation information

OCSP Server: http://ocsp.msocsp.com
CRL Distribution Point: http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl
CRL Distribution Point: http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl

Check the revocation status for certificate hubble.officeapps.live-int.com

5

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for hubble.officeapps.live-int.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

11 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

hubble.officeapps.live-int.com
*.officeapps.live-int.com
*.hubble.osi.office-int.net
*.hubble.officeapps.live-int.com
*.osi.office-int.net

Other certificates including the domain name live-int.com

(limited to 100 certificates)
xd.live-int.com
entitlement.int2.onecare.live-int.com
login.live-int.com
images.partner.windowsphone.com
graph.windows.net
*.osi.office-int.net
*.osi.office-int.net
*.login.live-int.com
notify.mpnstress1.live-int.com
msm.live-int.com
graph.windows.net
graph.windows.net
SigningCert.login.live-int.com
graph.windows.net
skype-certapiqa-msaautocsrint.login.live-int.com
b.familysafety.microsoft.com
graph.windows.net
graph.windows.net
clientauthentication.retailer.officeapps.live-int.com
*.m2.tiles.live-int.com
profile-bvt.live-int.com
*.login.live-int.com
*.vo.msecnd.net
login.live-int.com
graph.windows.net
graph.windows.net
login.live-int.com
storage.live.com
graph.windows.net
Devices-gd.live-int.com
*.samples.live-int.com
graph.windows.net
buy.live-int.com
skype-certapiqa-msaautocsrint.login.live-int.com
api.choice.microsoft-int.com
support.msn-int.com
pptcs.officeapps.live-int.com
graph.windows.net
account.live-int.com
login.live-int.com
onedrive.live-int.com
graph.windows.net
graph.windows.net
*.login.live-int.com
login.live-int.com
graph.windows.net
graph.windows.net
msm.live-int.com
ieonline.live-int.com
account.live-int.com
graph.windows.net
graph.windows.net
stateservice.officeapps.live-int.com
PubSubAutoCSRClient.login.live-int.com
graph.windows.net
mid.live-int.com
captions.officeapps.live-int.com
login.live-int.com
f2.push.live-int.com
login.live.com
graph.windows.net
graph.windows.net
*.location.live-int.com
graph.windows.net
graph.windows.net
graph.windows.net
*.login.live-int.com
login.live-int.com
storage.live.com
api-s3.live-int.com
*.osi.office-int.net
pptcs.officeapps.live-int.com
graph.windows.net
busbuy.live-int.com
graph.windows.net
account.live-int.com
*.osi.office-int.net
*.osi.office-int.net
login.live-int.com
graph.windows.net
login.live-int.com
account.live-int.com
ols-idsapi.officeapps.live-int.com
ieonline.live-int.com
graph.windows.net
*.osi.office-int.net
hubblecontent.osi.office-int.net
hubble.officeapps.live-int.com
graph.windows.net
odcsm-aad-int.officeapps.live-int.com
*.login.live-int.com
graph.windows.net
onedrive.live-int.com
graph.windows.net
graph.windows.net
login.live-int.com
graph.windows.net
*.osi.office-int.net
cns.fss.live-int.com
s2s.aliasdirectory.live-int.com

Certificate

The complete raw certificate details for hubble.officeapps.live-int.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJOTCCByGgAwIBAgITewAF+vQS1hELiTqXIwAAAAX69DANBgkqhkiG9w0BAQsF
ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE
CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEw
HhcNMTkwNzMwMTc1MDU5WhcNMjEwNzMwMTc1MDU5WjApMScwJQYDVQQDEx5odWJi
bGUub2ZmaWNlYXBwcy5saXZlLWludC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDClK1+gGeMgXC6xHVdebk1p5rJ9iA02CGeYBNFldl84tS/YlIG
EtmvauElegvgprczaPAGUgN1yh8BYcvIMgA6KbKo6Zb2U15UX23SIN2NCqiQFvZE
mT5DWJQdgziaM/6Wr2Mp91hlBL4QCmgGyNUyrfda7hDc/4YJfO6KLMIIeTyfyETD
sVjkZqi//u0ub7H0xr2C6Fv/9EgJvXVcEBFBquKVElE6MycVk/qIPKxJYzbfEbYE
Tx6F7cAqXpXNCh/A/zXBmrlD0uczLwHJk6iHwfG/jhhkxMlDIGPdkjE3wAEGXa3X
1zpWgztxTWHnv+d2ciIrrwZg4BHVU6RjiktpAgMBAAGjggT1MIIE8TCCAfQGCisG
AQQB1nkCBAIEggHkBIIB4AHeAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7
iXqo/csAAAFsRArq5gAABAMARjBEAiBBKkahbK0Ss7+vVopTz3dlGC1Fr5xff7/O
PDEKMAhc4wIgHQtXexjvjDu1v7RV6KBGK/HKtrBAgFqj0H5bTjdrjWwAdQBVgdTC
FpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWxECuw8AAAEAwBGMEQCIBnW
YNjmYXIdrrMGP10SvYeSih2UeCCwNnJQtvVRjandAiBueLd606xdwSaSoIFWjRJp
zRzuDSUrtcdYFx9BQYExHAB2AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2
xw7KAAABbEQK6ycAAAQDAEcwRQIgNVjsDr8EXFUzGLc/Jcrljk79ZMVSWnqASNUD
8TqWuh0CIQD7dUNrRJcQB4c3NUcv7lNuQGasfRPBxXd+K4b6XiCeqAB2ALvZ37wf
inG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABbEQK6ukAAAQDAEcwRQIgK+dP
DXUmyfcRlSXZ2VicRlFjCo6d1PbzxIgxBP1XHrkCIQDGWFrG717sMhE/wPD2ePzR
6drLtmII8gzCq9TGERn1tDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoG
CCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmF
G4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsG
AQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNy
b3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6
Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFOTPeLhkEJqJaXNhvlFtT6T++3eW
MAsGA1UdDwQEAwIEsDCBmwYDVR0RBIGTMIGQgh5odWJibGUub2ZmaWNlYXBwcy5s
aXZlLWludC5jb22CGSoub2ZmaWNlYXBwcy5saXZlLWludC5jb22CGyouaHViYmxl
Lm9zaS5vZmZpY2UtaW50Lm5ldIIgKi5odWJibGUub2ZmaWNlYXBwcy5saXZlLWlu
dC5jb22CFCoub3NpLm9mZmljZS1pbnQubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZug
gZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01p
Y3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNybIZJaHR0cDovL2NybC5taWNy
b3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIw
Q0ElMjAxLmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIB
FidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0j
BBgwFoAUWIif1tycSCK3FD7/hIjo5oX/+n0wHQYDVR0lBBYwFAYIKwYBBQUHAwIG
CCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQBLBMOIdsjg2jFS2tNxYeuIb5rZ
KOk6E5/79AwLMs14QEAmtyAAvcGhsH8SlSlzev8TcmR3QBdsE+M4ajWuG3ioa++Y
QPTreaVR9nOiTrZApt3RaWggqSxtfHAnnqFw0rHxSozv1p/29/4nUY2FkHPxZXzY
dHkE0Z1Vhl0bmfFrDPRaALYvpsISedKLDxNV5d2ejK/iU76CO0bizmry8m/BXffP
MRGaFYbYJvFAUn2FtVEhvWgoPRN7MIhYnUMK18ibCPVs8hfT1TgM6BFttzJfiqcr
hkr/0JUMwOAwBavZzmVIgZbgSMTVYICE9FILYacNAebjwooHj7Xau5Pmw7B6m9bL
/1U4A2bGq+djEzGLv4HazvKcWEUFRzdT8w5OJ8Lq05f9GUZJFEa0g0kkbr65hSGW
9g7ytK9HDlkM6UZXts9fuDujt+h4icI1mQL2+YDLMqd3o+ztf0I2eidopIxli6ZW
faARXENUFQ6a/MC/apTsantKAcPB3JqftO5UtJ9MaJv53No+bksoiUSVO+GQFw26
JYUkUnwfSzz6lp4u9qeBS36BGHbrlN4Vjt6ZuFlK9UQOyWhpoemXEk980z1CoOEB
AqWQ26UuSRPwkZVPQZUcNJ9HrzJkzsWuYh3C/gUvGbWAaIVlzNt+81zTm5qgWDdK
HvMuQ/VsDQMn8Fj0jg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpStfoBnjIFwusR1XXm5
NaeayfYgNNghnmATRZXZfOLUv2JSBhLZr2rhJXoL4Ka3M2jwBlIDdcofAWHLyDIA
OimyqOmW9lNeVF9t0iDdjQqokBb2RJk+Q1iUHYM4mjP+lq9jKfdYZQS+EApoBsjV
Mq33Wu4Q3P+GCXzuiizCCHk8n8hEw7FY5Gaov/7tLm+x9Ma9guhb//RICb11XBAR
QarilRJROjMnFZP6iDysSWM23xG2BE8ehe3AKl6VzQofwP81wZq5Q9LnMy8ByZOo
h8Hxv44YZMTJQyBj3ZIxN8ABBl2t19c6VoM7cU1h57/ndnIiK68GYOAR1VOkY4pL
aQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2742993694405402674287512010346352697124715252
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Washington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT TLS CA 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-30 17:50:59 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-07-30 17:50:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'hubble.officeapps.live-int.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24563546875475419319701501480028958023849892211302613424144881703523065087329341670950944637878840081699412678807982007704017117287100020909948319215618156523170306403347057637042970234752718560838751799252457204982043428153586596910688994826242382721596421518162822089745946322446435419009982777529376845948391233351499089339149500892341682932443394327609350005657623565852360210457781799458221756980434737900029748731458217648476000993913702822438850777694432998277766159697582403650821357424128816249698782625349316087955779992914430055987201630473705462191356528482934549199862394140419266710016928691683746007913
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (484 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (480 bytes)
							01de007500ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000016c440aeae600000403004630440220412a46a16cad12b3bfaf568a53cf7765182d45af9c5f7fbfce3c310a30085ce302201d0b577b18ef8c3bb5bfb455e8a0462bf1cab6b040805aa3d07e5b4e376b8d6c0075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000016c440aec3c0000040300463044022019d660d8e661721daeb3063f5d12bd87928a1d947820b0367250b6f5518da9dd02206e78b77ad3ac5dc12692a081568d1269cd1cee0d252bb5c758171f414181311c0076005cdc4392fee6ab4544b15e9ad456e61037fbd5fa47dca17394b25ee6f6c70eca0000016c440aeb27000004030047304502203558ec0ebf045c553318b73f25cae58e4efd64c5525a7a8048d503f13a96ba1d022100fb75436b44971007873735472fee536e4066ac7d13c1c5777e2b86fa5e209ea8007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016c440aeae9000004030047304502202be74f0d7526c9f7119525d9d9589c4651630a8e9dd4f6f3c4883104fd571eb9022100c6585ac6ef5eec32113fc0f0f678fcd1e9dacbb66208f20cc2abd4c61119f5b4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.16155509.8105089.5391003.2969441.12400096.221.9744322.5884410
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.msocsp.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e4cf78b864109a89697361be516d4fa4fefb7796
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (147 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hubble.officeapps.live-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.officeapps.live-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hubble.osi.office-int.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hubble.officeapps.live-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.osi.office-int.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (164 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.42.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pki/mscorp/cps'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 58889fd6dc9c4822b7143eff8488e8e685fffa7d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		004b04c38876c8e0da3152dad37161eb886f9ad928e93a139ffbf40c0b32cd78404026b72000bdc1a1b07f129529737aff1372647740176c13e3386a35ae1b78a86bef9840f4eb79a551f673a24eb640a6ddd1696820a92c6d7c70279ea170d2b1f14a8cefd69ff6f7fe27518d859073f1657cd8747904d19d55865d1b99f16b0cf45a00b62fa6c21279d28b0f1355e5dd9e8cafe253be823b46e2ce6af2f26fc15df7cf31119a1586d826f140527d85b55121bd68283d137b3088589d430ad7c89b08f56cf217d3d5380ce8116db7325f8aa72b864affd0950cc0e03005abd9ce65488196e048c4d5608084f4520b61a70d01e6e3c28a078fb5dabb93e6c3b07a9bd6cbff55380366c6abe76313318bbf81dacef29c584505473753f30e4e27c2ead397fd1946491446b48349246ebeb9852196f60ef2b4af470e590ce94657b6cf5fb83ba3b7e87889c2359902f6f980cb32a777a3eced7f42367a2768a48c658ba6567da0115c4354150e9afcc0bf6a94ec6a7b4a01c3c1dc9a9fb4ee54b49f4c689bf9dcda3e6e4b288944953be190170dba258524527c1f4b3cfa969e2ef6a7814b7e811876eb94de158ede99b8594af5440ec96869a1e997124f7cd33d42a0e10102a590dba52e4913f091954f41951c349f47af3264cec5ae621dc2fe052f19b580688565ccdb7ef35cd39b9aa058374a1ef32e43f56c0d0327f058f48e