k8s-oidc.production.braintree-api.com

- PayPal, Inc. -

Issued by DigiCert SHA2 High Assurance Server CA

About this certificate

This digital certificate with serial number 07:d2:a1:ce:83:98:da:f4:f8:95:92:b9:3a:b2:12:99 was issued on by DigiCert Inc.

With 6 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

PayPal, Inc.

Organization: PayPal, Inc.
State / Province: California
Locality: San Jose
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 07:d2:a1:ce:83:98:da:f4:f8:95:92:b9:3a:b2:12:99
Serial Number (int): 10398260140461717775698685051085656729
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: ce:87:0e:ba:ca:56:d3:b6:e6:5b:e3:a7:a5:6a:bf:59:dc:26:82:11
AuthorityKeyId: 51:68:ff:90:af:02:07:75:3c:cc:d9:65:64:62:a2:12:b8:59:72:3b

Fingerprint (sha1): 67:f5:1f:e9:01:e1:39:78:3f:05:fe:ba:45:f7:7f:5f:f9:d8:d6:d0
Fingerprint (sha256): 1c:3a:4e:21:b6:0a:01:0a:99:31:92:3e:78:0c:33:7d:78:1f:99:1f:d7:01:ae:12:27:46:31:ef:62:7e:3e:e0

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/sha2-ha-server-g6.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ha-server-g6.crl

Check the revocation status for certificate k8s-oidc.production.braintree-api.com

6

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for k8s-oidc.production.braintree-api.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

k8s-oidc.production.braintree-api.com
k8s-oidc-prod-us-east-1.production.braintree-api.com
k8s-oidc-prod-us-east-2.production.braintree-api.com
k8s-oidc-prod-us-west-2.production.braintree-api.com
k8s-oidc-prod-ap-southeast-2.production.braintree-api.com
k8s-oidc-prod-eu-central-1.production.braintree-api.com

Other certificates including the domain name braintree-api.com

(limited to 100 certificates)
aegis-proxy.sandbox.braintree-api.com
briskqa.braintree.tools
reader.sandbox.braintree-api.com
payments.sandbox.braintree-api.com
apply.qa.braintreepayments.com
arbiter-kubernetes-qa.dev.braintree-api.com
localpay-checkout.sandbox.braintree-api.com
k8s-oidc.sandbox.braintree-api.com
dimension-finder-stag.sandbox.braintree-api.com
origin-analytics-qa.dev.braintree-api.com
sentinel-prod.production.braintree-api.com
disputin.sandbox.braintree.tools
airflow.data-staging.braintree-api.com
transactions-prod-us.production.braintree-api.com
reader.braintree-api.com
gateway-sand.sandbox.braintree-api.com
functions.sandbox.braintree-api.com
graphql-docs-sand-us-east-1.sandbox.braintree-api.com
brisk.braintree.tools
provisioner.qa.braintreepayments.com
arbiter-kubernetes-sand.sandbox.braintree-api.com
k8s-oidc.data-production.braintree-api.com
localpay-checkout-test.sandbox.braintree-api.com
payments.braintree-api.com
aegis-proxy-sand-us-east-2.sandbox.braintree-api.com
origin-analytics-sand.sandbox.braintree-api.com
*.dev.braintree-api.com
brisk.sandbox.braintree.tools
sentinel-sand.sandbox.braintree-api.com
apply.qa.braintreepayments.com
batch-validation-prod-us-east-2.production.braintree-api.com
localpay-checkout.sandbox.braintree-api.com
k8s-oidc.data-production.braintree-api.com
panel.gateway.qa.braintreepayments.com
docs-qa-us-east-1.dev.braintree-api.com
arbiter-kubernetes-prod.production.braintree-api.com
*.bcoumes.dev.braintree-api.com
data-airflow.sand.braintree.tools
millennium-simulator.dev.braintree-api.com
k8s-oidc.data-production.braintree-api.com
mission-control.braintree-api.com
tugboat.dev.braintree-api.com
taskworker-flower.production.braintree-api.com
reader-service.sandbox.braintree-api.com
apply.braintreegateway.com
taskworker-auditor.production.braintree-api.com
data-airflow-webserver-datastag.data-staging.braintree-api.com
docs-prod-us-east-1.production.braintree-api.com
taskworker-flower.production.braintree-api.com
monitoring-tool-serv-sand-us-west-2.sandbox.braintree-api.com
bazaar.braintree.tools
event-sink-sand-us-west-2.sandbox.braintree-api.com
bazaar.braintree.tools
docs.sandbox.braintree-api.com
data-airflow.braintree.tools
aegis-proxy.production.braintree-api.com
billpay-validator-sand.sandbox.braintree-api.com
k8s-oidc.data-staging.braintree-api.com
provisioner.svc.braintreepayments.com
marketing-qa-us-east-1.dev.braintree-api.com
payments.sandbox.braintree-api.com
blue-front-door.braintree-api.com
infra-sso-token-converter.braintree-api.com
alert-notify-sand-us-west-2.sandbox.braintree-api.com
k8s-oidc.production.braintree-api.com
sentinel-dev.dev.braintree-api.com
origin-falcon.dev.braintree-api.com
tugboat.dev.braintree-api.com
reader.braintree-api.com
aegis-proxy-prod-us-east-2.production.braintree-api.com
pigeon.production.braintree-api.com
k8s-dashboard-qa-us-west-2.braintree.tools
pigeon.dev.braintree-api.com
pricing-prod.production.braintree-api.com
k8s-dashboard.sandbox.braintree-api.com
origin-analytics-sand.sandbox.braintree-api.com
infra-sso-token-converter.braintree-api.com
millennium-simulator.sandbox.braintree-api.com
functions.sandbox.braintree-api.com
airflow.dev.braintree-api.com
ppwr-sand.sandbox.braintree-api.com
signups.sand.braintreepayments.com
payments.sandbox.braintree-api.com
consul.braintree-api.com
arbiter-kubernetes-prod.production.braintree-api.com
localpay-checkout-test.sandbox.braintree-api.com
pigeon.sandbox.braintree-api.com
apply.braintreegateway.com
origin-analytics-qa.dev.braintree-api.com
twistlock-sand-us-east-1.sandbox.braintree-api.com
gateway-qa.dev.braintree-api.com
k8s-oidc.data-staging.braintree-api.com
processor-webhook-receiver.braintree-api.com
k8s-dashboard.data-production.braintree-api.com
gateway.braintree-api.com
sentintel-sand-us-west-2.sandbox.braintree-api.com
arbiter-kubernetes-prod.production.braintree-api.com
origin-falcon-prod.production.braintree-api.com
monitor-data-model-sand-us-west-2.sandbox.braintree-api.com
gateway.braintree-api.com

Certificate

The complete raw certificate details for k8s-oidc.production.braintree-api.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGmTCCBYGgAwIBAgIQB9KhzoOY2vT4lZK5OrISmTANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0yNDAyMjEwMDAwMDBaFw0yNTAyMjAyMzU5NTla
MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhT
YW4gSm9zZTEVMBMGA1UEChMMUGF5UGFsLCBJbmMuMS4wLAYDVQQDEyVrOHMtb2lk
Yy5wcm9kdWN0aW9uLmJyYWludHJlZS1hcGkuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsd9rA2oNMLj8W8Ejo8azgiCw1XzTGjL4RuiKkAqV2ojH
lcdG0hGhYxDTF3TfuEf3YkFJKvT5qejdqKXo3K4KZmd7WzUvOPBl+PgqID3zYaR3
KhtaPFWoc4kcNcPNzTNCu0b4r3lBeoXl82SN4zWryzcXtxOHx/q3rF7ybJ3W7Y3K
9HraJfK326M09imYnL3hoStBxVXgUsItJyfwIEbYm6n1d6P135lieV8xos7YPgBZ
JSAxOdQJV/8gBmt5RRoiLwlC/p10oHuqHHDeVoE2wMAe496wIv5sMTmHugXGTkz+
9RrUdUzRVX2lJ/6CFp3tUzRBraCdFA8ax04fxnPhsQIDAQABo4IDITCCAx0wHwYD
VR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFM6HDrrKVtO2
5lvjp6Vqv1ncJoIRMIIBSgYDVR0RBIIBQTCCAT2CJWs4cy1vaWRjLnByb2R1Y3Rp
b24uYnJhaW50cmVlLWFwaS5jb22CNGs4cy1vaWRjLXByb2QtdXMtZWFzdC0xLnBy
b2R1Y3Rpb24uYnJhaW50cmVlLWFwaS5jb22CNGs4cy1vaWRjLXByb2QtdXMtZWFz
dC0yLnByb2R1Y3Rpb24uYnJhaW50cmVlLWFwaS5jb22CNGs4cy1vaWRjLXByb2Qt
dXMtd2VzdC0yLnByb2R1Y3Rpb24uYnJhaW50cmVlLWFwaS5jb22COWs4cy1vaWRj
LXByb2QtYXAtc291dGhlYXN0LTIucHJvZHVjdGlvbi5icmFpbnRyZWUtYXBpLmNv
bYI3azhzLW9pZGMtcHJvZC1ldS1jZW50cmFsLTEucHJvZHVjdGlvbi5icmFpbnRy
ZWUtYXBpLmNvbTA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhto
dHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRw
Oi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSgMqAw
hi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3Js
MIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj
ZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t
L0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/
BAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAISgK
4iIOPX/8nI0NVg3h+DnVjNr9/ry1O713rVHDrFZS16WZPlUcAQkNPaCWG/pkGd1p
Dx7EfRRAJZW19hc42mrZ7CcOMejJgWXvTd7a+30Sl8oG6fFF7f1lLOw6sK14ywH7
Up9jTZknbhJEqtnsQQDkYebuMa2qc4M3qTv8uPrseO/JhWew7OOBVsLVj8fgxV1A
kIhU6kBjAdHAL8UTQhC9D87Z7fBos6v4EHG6g5uNhjDa6S7flSrnfgVYFLfCB4bW
cPyf4G1cwZujOcVijBnWMSo1hX7TOP0JdqSWpelNOhfpnqReqZnZdnL91d/3WDa/
sVmA0Nn/TzKHG8Zt8w==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsd9rA2oNMLj8W8Ejo8az
giCw1XzTGjL4RuiKkAqV2ojHlcdG0hGhYxDTF3TfuEf3YkFJKvT5qejdqKXo3K4K
Zmd7WzUvOPBl+PgqID3zYaR3KhtaPFWoc4kcNcPNzTNCu0b4r3lBeoXl82SN4zWr
yzcXtxOHx/q3rF7ybJ3W7Y3K9HraJfK326M09imYnL3hoStBxVXgUsItJyfwIEbY
m6n1d6P135lieV8xos7YPgBZJSAxOdQJV/8gBmt5RRoiLwlC/p10oHuqHHDeVoE2
wMAe496wIv5sMTmHugXGTkz+9RrUdUzRVX2lJ/6CFp3tUzRBraCdFA8ax04fxnPh
sQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 10398260140461717775698685051085656729
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 High Assurance Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-21 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-20 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'San Jose'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'PayPal, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'k8s-oidc.production.braintree-api.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22454351511221531675195427568360818906742220575643709005383899556084569950314404898940289274241201295782278047901060062558793185035119412967420272785453445943280588804354719046275359452650021737274209723596159579060122644605083119575583802475440796783312012751687132886165768099935831203759610028495614096658013554953220336064933375543400796164041599855484513852536084865504986178081819573556036557281098049672597285569414113080058009509060552579927227135213236117216476455713271646132534384381260390644307146859366288225957046574242161651220278279971051460568846690111419008281078886024479046174476553638173100728753
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 5168ff90af0207753cccd9656462a212b859723b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							ce870ebaca56d3b6e65be3a7a56abf59dc268211
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (321 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'k8s-oidc.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'k8s-oidc-prod-us-east-1.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'k8s-oidc-prod-us-east-2.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'k8s-oidc-prod-us-west-2.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'k8s-oidc-prod-ap-southeast-2.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'k8s-oidc-prod-eu-central-1.production.braintree-api.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0021280ae2220e3d7ffc9c8d0d560de1f839d58cdafdfebcb53bbd77ad51c3ac5652d7a5993e551c01090d3da0961bfa6419dd690f1ec47d14402595b5f61738da6ad9ec270e31e8c98165ef4ddedafb7d1297ca06e9f145edfd652cec3ab0ad78cb01fb529f634d99276e1244aad9ec4100e461e6ee31adaa738337a93bfcb8faec78efc98567b0ece38156c2d58fc7e0c55d40908854ea406301d1c02fc5134210bd0fced9edf068b3abf81071ba839b8d8630dae92edf952ae77e055814b7c20786d670fc9fe06d5cc19ba339c5628c19d6312a35857ed338fd0976a496a5e94d3a17e99ea45ea999d97672fdd5dff75836bfb15980d0d9ff4f32871bc66df3