*.preview.huffpost.net
- Oath Inc -
Issued by DigiCert SHA2 High Assurance Server CA
About this certificate
This digital certificate with serial number 0f:a2:d5:29:35:a2:76:4e:1d:d0:f6:4e:2d:d7:b3:4e was issued on by DigiCert Inc.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Oath Inc
Organization:
Oath Inc
State / Province:
California
Locality: Sunnyvale
Country: US
Locality: Sunnyvale
Country: US
DigiCert Inc
Organization:
DigiCert Inc
Organization unit: www.digicert.com
Organization unit: www.digicert.com
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 0f:a2:d5:29:35:a2:76:4e:1d:d0:f6:4e:2d:d7:b3:4eSerial Number (int): 20783895446055731243565551183453467470
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: 26:51:aa:d0:f8:4c:60:68:ce:c0:7b:2e:71:87:b9:43:8e:8e:23:fa
AuthorityKeyId: 51:68:ff:90:af:02:07:75:3c:cc:d9:65:64:62:a2:12:b8:59:72:3b
Fingerprint (sha1): 3f:de:f0:4e:28:f5:1a:6e:e0:b2:ec:86:88:5c:6c:a3:7a:e6:8a:cc
Fingerprint (sha256): 1c:75:a0:af:7c:c1:16:02:6a:43:23:7c:2c:ab:9e:90:34:1b:13:3f:b1:33:86:17:fa:3b:12:a7:f4:aa:71:6c
Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt
Revocation information
OCSP Server: http://ocsp.digicert.comCRL Distribution Point: http://crl3.digicert.com/sha2-ha-server-g6.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ha-server-g6.crl
Check the revocation status for certificate *.preview.huffpost.net
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.preview.huffpost.net
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.preview.huffpost.net
preview.huffpost.net
preview.huffpost.net
Other certificates including the domain name huffpost.net
(limited to 100 certificates)
staging-securedrop.huffpost.net
*.app-west.buzzfeed.io
*.edit.huffpost.net
staging-elections.huffpost.net
accounts.huffingtonpost.com
*.edit.huffpost.net
accounts.huffingtonpost.com
*.edit.huffpost.net
staging-securedrop.huffpost.net
production-securedrop.huffpost.net
staging-securedrop.huffpost.net
accounts.huffingtonpost.com
*.prod.buzzfeed.io
docker.huffpost.net
*.app-west.buzzfeed.io
*.prod.buzzfeed.io
staging-securedrop.huffpost.net
secrets.huffpost.net
staging-athena-mongo-cms.huffpost.net
*.prod.buzzfeed.io
staging-securedrop.huffpost.net
*.blog.huffpost.net
*.edit.huffpost.net
origin-identifiers.huffpost.net
huffpost.net
*.preview.huffpost.net
*.stage.buzzfeed.io
*.edit.huffpost.net
accounts.huffingtonpost.com
*.prod.buzzfeed.io
yamas.huffpost.net
*.stage.buzzfeed.io
staging-athena-mongo-cms.huffpost.net
*.preview.huffpost.net
*.app-west.buzzfeed.io
*.preview.huffpost.net
*.app-west.buzzfeed.io
*.tools.huffpost.net
*.blog.huffpost.net
accounts.huffingtonpost.com
origin-identifiers.huffpost.net
42.huffpost.net
*.preview.huffpost.net
*.prod.buzzfeed.io
*.stage.buzzfeed.io
staging-elections.huffpost.net
secrets.huffpost.net
*.app-west.buzzfeed.io
origin-identifiers.huffpost.net
*.stage.buzzfeed.io
*.app-west.buzzfeed.io
production-securedrop.huffpost.net
*.content-internal.huffpost.net
*.app-west.buzzfeed.io
staging-elections.huffpost.net
*.unstable.buzzfeed.io
*.edit.huffpost.net
*.prod.buzzfeed.io
*.app-west.buzzfeed.io
*.app-west.buzzfeed.io
staging-elections.huffpost.net
huffpost.net
*.content-internal.huffpost.net
*.preview.huffpost.net
*.preview.huffpost.net
*.unstable.buzzfeed.io
gamp.huffpost.net
secrets.huffpost.net
accounts.huffingtonpost.com
*.huffpost.net
*.prod.buzzfeed.io
*.unstable.buzzfeed.io
*.tools.huffpost.net
*.blog.huffpost.net
*.edit.huffpost.net
huffpost.net
*.tools.huffpost.net
*.stage.buzzfeed.io
*.stage.buzzfeed.io
production-securedrop.huffpost.net
*.huffpost.net
*.app-west.buzzfeed.io
*.prod.buzzfeed.io
*.huffpost.net
origin-identifiers.huffpost.net
*.prod.buzzfeed.io
*.app-west.buzzfeed.io
*.preview.huffpost.net
*.stage.buzzfeed.io
*.unstable.buzzfeed.io
huffpost.net
accounts.huffingtonpost.com
*.prod.buzzfeed.io
docker.huffpost.net
*.prod.buzzfeed.io
production-securedrop.huffpost.net
docker.huffpost.net
jumpmanjumpmanjumpman.huffpost.net
*.tools.huffpost.net
*.edit.huffpost.net
*.app-west.buzzfeed.io
*.edit.huffpost.net
staging-elections.huffpost.net
accounts.huffingtonpost.com
*.edit.huffpost.net
accounts.huffingtonpost.com
*.edit.huffpost.net
staging-securedrop.huffpost.net
production-securedrop.huffpost.net
staging-securedrop.huffpost.net
accounts.huffingtonpost.com
*.prod.buzzfeed.io
docker.huffpost.net
*.app-west.buzzfeed.io
*.prod.buzzfeed.io
staging-securedrop.huffpost.net
secrets.huffpost.net
staging-athena-mongo-cms.huffpost.net
*.prod.buzzfeed.io
staging-securedrop.huffpost.net
*.blog.huffpost.net
*.edit.huffpost.net
origin-identifiers.huffpost.net
huffpost.net
*.preview.huffpost.net
*.stage.buzzfeed.io
*.edit.huffpost.net
accounts.huffingtonpost.com
*.prod.buzzfeed.io
yamas.huffpost.net
*.stage.buzzfeed.io
staging-athena-mongo-cms.huffpost.net
*.preview.huffpost.net
*.app-west.buzzfeed.io
*.preview.huffpost.net
*.app-west.buzzfeed.io
*.tools.huffpost.net
*.blog.huffpost.net
accounts.huffingtonpost.com
origin-identifiers.huffpost.net
42.huffpost.net
*.preview.huffpost.net
*.prod.buzzfeed.io
*.stage.buzzfeed.io
staging-elections.huffpost.net
secrets.huffpost.net
*.app-west.buzzfeed.io
origin-identifiers.huffpost.net
*.stage.buzzfeed.io
*.app-west.buzzfeed.io
production-securedrop.huffpost.net
*.content-internal.huffpost.net
*.app-west.buzzfeed.io
staging-elections.huffpost.net
*.unstable.buzzfeed.io
*.edit.huffpost.net
*.prod.buzzfeed.io
*.app-west.buzzfeed.io
*.app-west.buzzfeed.io
staging-elections.huffpost.net
huffpost.net
*.content-internal.huffpost.net
*.preview.huffpost.net
*.preview.huffpost.net
*.unstable.buzzfeed.io
gamp.huffpost.net
secrets.huffpost.net
accounts.huffingtonpost.com
*.huffpost.net
*.prod.buzzfeed.io
*.unstable.buzzfeed.io
*.tools.huffpost.net
*.blog.huffpost.net
*.edit.huffpost.net
huffpost.net
*.tools.huffpost.net
*.stage.buzzfeed.io
*.stage.buzzfeed.io
production-securedrop.huffpost.net
*.huffpost.net
*.app-west.buzzfeed.io
*.prod.buzzfeed.io
*.huffpost.net
origin-identifiers.huffpost.net
*.prod.buzzfeed.io
*.app-west.buzzfeed.io
*.preview.huffpost.net
*.stage.buzzfeed.io
*.unstable.buzzfeed.io
huffpost.net
accounts.huffingtonpost.com
*.prod.buzzfeed.io
docker.huffpost.net
*.prod.buzzfeed.io
production-securedrop.huffpost.net
docker.huffpost.net
jumpmanjumpmanjumpman.huffpost.net
*.tools.huffpost.net
*.edit.huffpost.net
Certificate
The complete raw certificate details for *.preview.huffpost.net in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGZTCCBU2gAwIBAgIQD6LVKTWidk4d0PZOLdezTjANBgkqhkiG9w0BAQsFADBw MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz dXJhbmNlIFNlcnZlciBDQTAeFw0yMTAzMDgwMDAwMDBaFw0yMTA5MDEyMzU5NTla MGoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlT dW5ueXZhbGUxETAPBgNVBAoTCE9hdGggSW5jMR8wHQYDVQQDDBYqLnByZXZpZXcu aHVmZnBvc3QubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCHg 6TuznQXIdL2ExmoL6zd2bA61aw/zMzndyGkm4ghp259OJc47A3qCzbBcnpfT2sYH +X4pDKMYDqzq3u/uuvmcLHyEqHAd5VMIzvKSgMFZRaO5lBNM326H93vZ9pyDk4CU 6NBItEHTa9IA24Et7xi91QZZuE7xXEz6p3cUGj5Awq3cnyeT6ZOwv+3F077UwLZ5 f+RQXExtO/8y8QvmR2qapUtuG5YQ1bS5kHIPVF78mN9yizuhsiIAw6hE8+ZbBHsK UDumTlI1ubbaKJ5jL6/dVmkGDGmk805vSo7yu9wbJ0xx5JbiZ+LIWsp4A+JxeBrB jTD7RoFqqQ++ptrcVwIDAQABo4IC/zCCAvswHwYDVR0jBBgwFoAUUWj/kK8CB3U8 zNllZGKiErhZcjswHQYDVR0OBBYEFCZRqtD4TGBozsB7LnGHuUOOjiP6MDcGA1Ud EQQwMC6CFioucHJldmlldy5odWZmcG9zdC5uZXSCFHByZXZpZXcuaHVmZnBvc3Qu bmV0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3No YTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQu Y29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjAp MCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsG AQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t ME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl cnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIB BAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUAfT7y+I//iFVoJMLAyp5SiXkrxQ54CX8u apdomX4i8NcAAAF4Ech5NAAABAMARjBEAiBpbBwc9XqsK4zBsP5GyAVlWzqRRKP1 /SYjKLxUvvch1QIgLU1CikOyG3B6xHxHoGrEBV4iANXyvuov2sGEXcBAQvsAdwBE lGUusO7Or8RAB9io/ijA2uaCvtjLMbU/0zOWtbaBqAAAAXgRyHjLAAAEAwBIMEYC IQD7x2eNxpKkUJed7TyMiDe+REVqGK4SV2lI0oD748l3ygIhALiq9SI8Huvtsn+T RU7TUD5V68bz28KBTZ9kbZe+AEMBMA0GCSqGSIb3DQEBCwUAA4IBAQBv5kvEqk1k xwEBk4dIqFzG7wPDE2Uy1Z2/qA2Tzu5mtKcKiPVKlLyV9lHoBi+wMIKcGlOf/KwJ Px9MNWmGLyS/6C/K2qitKYKPr5MYfyMKcGI057oZ1cXqbrdxrgXPYOP2jiffK1jY tuUmWqXzaDZOpV6+KWkkm6qR14TZsPbVUF+UZlLAseOblCTDtQcZMGwEXEM37W9I vJCe6JA5tlZC93QcCp4HznUYgBW6EK8x2MmQ3D5Ay042b46e51blFp2PfjbOrBm1 SBnEGwMASppWUgV2AXhoJijLfs4wtYPTFQDGR58EKGF4u7710XoXEaM+wh3RCW/l 7qVqKNzTnNs5 -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCHg6TuznQXIdL2ExmoL 6zd2bA61aw/zMzndyGkm4ghp259OJc47A3qCzbBcnpfT2sYH+X4pDKMYDqzq3u/u uvmcLHyEqHAd5VMIzvKSgMFZRaO5lBNM326H93vZ9pyDk4CU6NBItEHTa9IA24Et 7xi91QZZuE7xXEz6p3cUGj5Awq3cnyeT6ZOwv+3F077UwLZ5f+RQXExtO/8y8Qvm R2qapUtuG5YQ1bS5kHIPVF78mN9yizuhsiIAw6hE8+ZbBHsKUDumTlI1ubbaKJ5j L6/dVmkGDGmk805vSo7yu9wbJ0xx5JbiZ+LIWsp4A+JxeBrBjTD7RoFqqQ++ptrc VwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 20783895446055731243565551183453467470 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 High Assurance Server CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-03-08 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-09-01 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sunnyvale' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Oath Inc' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.preview.huffpost.net' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17690068835266636254458185239163864630733069378242677799971893657597087222056659379081233335375242709659172820078636309056958592382524496705959861487283784583567586219308262260600339376986214041486210736146115026343085931203834747217147143402925088205514044541625607513825404672046343525109000976203533712544556064003823829234971620901972871694777056247744352588089524890176515443966594980786665245971613387724368730382655211035166500213626887897093361017228386134759987610541158801950058429597113805141105113342208601359286950983467012094074420359187423619903375392142022275236159665324655070465770408965296333970519 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 5168ff90af0207753cccd9656462a212b859723b . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 2651aad0f84c6068cec07b2e7187b9438e8e23fa . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (48 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.preview.huffpost.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'preview.huffpost.net' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ha-server-g6.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ha-server-g6.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f00075007d3ef2f88fff88556824c2c0ca9e5289792bc50e78097f2e6a9768997e22f0d70000017811c8793400000403004630440220696c1c1cf57aac2b8cc1b0fe46c805655b3a9144a3f5fd262328bc54bef721d502202d4d428a43b21b707ac47c47a06ac4055e2200d5f2beea2fdac1845dc04042fb0077004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000017811c878cb0000040300483046022100fbc7678dc692a450979ded3c8c8837be44456a18ae12576948d280fbe3c977ca022100b8aaf5223c1eebedb27f93454ed3503e55ebc6f3dbc2814d9f646d97be004301 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 006fe64bc4aa4d64c70101938748a85cc6ef03c3136532d59dbfa80d93ceee66b4a70a88f54a94bc95f651e8062fb030829c1a539ffcac093f1f4c3569862f24bfe82fcadaa8ad29828faf93187f230a706234e7ba19d5c5ea6eb771ae05cf60e3f68e27df2b58d8b6e5265aa5f368364ea55ebe2969249baa91d784d9b0f6d5505f946652c0b1e39b9424c3b50719306c045c4337ed6f48bc909ee89039b65642f7741c0a9e07ce75188015ba10af31d8c990dc3e40cb4e366f8e9ee756e5169d8f7e36ceac19b54819c41b03004a9a565205760178682628cb7ece30b583d31500c6479f04286178bbbef5d17a1711a33ec21dd1096fe5eea56a28dcd39cdb39