verify.origin.prod-news.production.ap.brightspot.cloud

Issued by GTS CA 1D4

About this certificate

This digital certificate with serial number f0:9a:1b:05:9b:7c:b2:dc:0a:a4:f8:84:3b:f7:ca:76 was issued on by Google Trust Services LLC.

With 10 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=verify.origin.prod-news.production.ap.brightspot.cloud

Google Trust Services LLC

Organization: Google Trust Services LLC
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): f0:9a:1b:05:9b:7c:b2:dc:0a:a4:f8:84:3b:f7:ca:76
Serial Number (int): 319814880773915212082355883211826383478
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 1d:56:a8:92:e2:69:58:34:86:01:e5:6c:ad:eb:55:57:57:5d:3b:32
AuthorityKeyId: 25:e2:18:0e:b2:57:91:94:2a:e5:d4:5d:86:90:83:de:53:b3:b8:92

Fingerprint (sha1): 0d:8e:27:22:6e:08:f6:2d:73:5e:e9:ca:77:6c:44:d8:91:76:0e:9e
Fingerprint (sha256): 1d:f6:e6:55:51:82:04:82:a2:c6:d9:25:f1:ad:9c:d3:83:e2:5f:93:7a:a8:e1:79:62:95:86:e6:1e:8f:e2:96

Issuing Certificate URL: http://pki.goog/repo/certs/gts1d4.der

Revocation information

OCSP Server: http://ocsp.pki.goog/s/gts1d4/ZrTfxjlxZ_o
CRL Distribution Point: http://crls.pki.goog/gts1d4/Ljiga1eCboE.crl

Check the revocation status for certificate verify.origin.prod-news.production.ap.brightspot.cloud

10

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for verify.origin.prod-news.production.ap.brightspot.cloud

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

verify.origin.prod-news.production.ap.brightspot.cloud
origin.prod-news.production.ap.brightspot.cloud
dims.prod-news.production.ap.brightspot.cloud
prod-news.production.ap.brightspot.cloud
cms.prod-news.production.ap.brightspot.cloud
verify.cms.prod-news.production.ap.brightspot.cloud
cms.apnews.com
beta.apnews.com
dims.apnews.com
origin.apnews.com

Other certificates including the domain name brightspot.cloud

(limited to 100 certificates)
cst-qa.lower.chorus.brightspot.cloud
origin.ser.production.k1.amazon.brightspot.cloud
origin.uat.lower.google-marketing.brightspot.cloud
entertainment.production.k1.amazon.brightspot.cloud
origin.relay-qa.lower.k1.amazon.brightspot.cloud
biospace-qa.lower.k1.m1.brightspot.cloud
origin.kpbs.kpbs.production.k3.m1.brightspot.cloud
cms.6amcity.com
origin.ajga-uat.ajga.lower.k1.m1.brightspot.cloud
amazon-hvh.lower.k3.m1.brightspot.cloud
static.amazon-hvh.lower.k3.m1.brightspot.cloud
origin.acertus.production.k1.m1.brightspot.cloud
origin.cst-web.production.chorus.brightspot.cloud
origin.web.production.projectm.brightspot.cloud
origin.medtech.production.jnj.brightspot.cloud
origin.web.production.hca.brightspot.cloud
intsys.inter-systems.production.k2.m1.brightspot.cloud
origin.wwe-prod.production.k2.m1.brightspot.cloud
origin.jobs.production.amazon-jobs.brightspot.cloud
origin.berlin-2023-qa.berlin-2023.lower.k2.m1.brightspot.cloud
www.nbcsportsathletedirect.com
static.church-qa.church.lower.church.brightspot.cloud
origin.epe-uat.epe.lower.k2.m1.brightspot.cloud
lehigh-v.lehigh-valley.production.k1.m1.brightspot.cloud
origin.pitchbook-uat.lower.k2.m1.brightspot.cloud
fastmarkets.com
origin.deseret.production.chorus.brightspot.cloud
static.lexipol.lower.k1.m1.brightspot.cloud
origin.web.production.hca.brightspot.cloud
static.bwater-uat.bridgewater.lower.k2.m1.brightspot.cloud
static.farm-journal-qa.lower.k1.m1.brightspot.cloud
origin.web.production.hca.brightspot.cloud
origin.web.production.teaching-strategies.brightspot.cloud
origin.thecity.production.chorus.brightspot.cloud
origin.intsys.inter-systems.production.k2.m1.brightspot.cloud
amazon-last-mile.lower.k3.m1.brightspot.cloud
origin.vpm.production.k1.m1.brightspot.cloud
origin.foods.wholefoods.production.k1.amazon.brightspot.cloud
static.biospace.production.k1.m1.brightspot.cloud
bsp.elpais.com.uy
origin.vpm.production.k1.m1.brightspot.cloud
origin.carrick.production.k1.m1.brightspot.cloud
cms.6amcity.com
static.timothy-shriver-prod.production.k1.m1.brightspot.cloud
origin.chalkbeat.production.chorus.brightspot.cloud
origin.berlin-2023.berlin-2023.production.k2.m1.brightspot.cloud
acertus-qa.lower.k1.m1.brightspot.cloud
cms.6amcity.com
cms.6amcity.com
origin.marriott-news.production.k1.m1.brightspot.cloud
origin.ei.energy-intelligence.production.k1.m1.brightspot.cloud
origin.thecity.production.chorus.brightspot.cloud
origin.lehigh-v.lehigh-valley.production.k1.m1.brightspot.cloud
static.uat.lower.dispatch-health.brightspot.cloud
*.dispatchhealth.com
origin.chopra.chopra.production.k2.m1.brightspot.cloud
origin.web.production.hca.brightspot.cloud
static.uat.lower.amazon-sell.brightspot.cloud
static.notmusa.production.k3.m1.brightspot.cloud
static.aarp-states-uat.aarp.lower.k1.m1.brightspot.cloud
science-qa2.topics.lower.k1.amazon.brightspot.cloud
origin.im-qa.lower.jnj.brightspot.cloud
origin.uat.lower.dispatch-health.brightspot.cloud
sixam-city-uat.lower.k1.m1.brightspot.cloud
origin.rfdtv.k1.go.brightspot.cloud
static.web.production.forum-communications.brightspot.cloud
static.gbh.production.k1.m1.brightspot.cloud
origin.aji.production.k2.m1.brightspot.cloud
origin.notmusa.production.k3.m1.brightspot.cloud
origin.usnews-uat.lower.usnews.brightspot.cloud
verify.origin.prod-news.production.ap.brightspot.cloud
mattress-uat.mattress-firm.lower.k2.m1.brightspot.cloud
origin.qa-migration.lower.el-pais.brightspot.cloud
castle-qa.castle-connolly.lower.k2.m1.brightspot.cloud
origin.qa.lower.google-marketing.brightspot.cloud
sustainability.production.k1.amazon.brightspot.cloud
static.uat.lower.google-marketing.brightspot.cloud
origin.in-investor-qa2.lower.k2.m1.brightspot.cloud
static.acertus.production.k1.m1.brightspot.cloud
origin.lexis.production.ln-production.brightspot.cloud
origin.deseret-qa2.lower.chorus.brightspot.cloud
static.pay.production.k1.amazon.brightspot.cloud
origin.cst-web.production.chorus.brightspot.cloud
origin.lehigh-v.lehigh-valley.production.k1.m1.brightspot.cloud
origin.church-qa.church.lower.church.brightspot.cloud
static.epe.epe.production.k2.m1.brightspot.cloud
origin.pay.production.k1.amazon.brightspot.cloud
origin.sixam-city.production.k1.m1.brightspot.cloud
origin.realtymogul.k1.go.brightspot.cloud
epe-uat.epe.lower.k2.m1.brightspot.cloud
origin.web.production.projectm.brightspot.cloud
origin.farm-journal.production.k1.m1.brightspot.cloud
origin.torridon.production.k2.m1.brightspot.cloud
origin.church-perf.church.lower.church.brightspot.cloud
brightspot-design.brightspotcdn.com
costar-qa.costar.lower.k1.m1.brightspot.cloud
origin.cst-web.production.chorus.brightspot.cloud
fastmarkets.com
costar-uat.costar.lower.k1.m1.brightspot.cloud
origin.web.production.forum-communications.brightspot.cloud

Certificate

The complete raw certificate details for verify.origin.prod-news.production.ap.brightspot.cloud in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG6TCCBdGgAwIBAgIRAPCaGwWbfLLcCqT4hDv3ynYwDQYJKoZIhvcNAQELBQAw
RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
TEMxEzARBgNVBAMTCkdUUyBDQSAxRDQwHhcNMjMxMTA4MjAzOTQ0WhcNMjQwMjA2
MjEzMzU4WjBBMT8wPQYDVQQDEzZ2ZXJpZnkub3JpZ2luLnByb2QtbmV3cy5wcm9k
dWN0aW9uLmFwLmJyaWdodHNwb3QuY2xvdWQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2JNTavCMT6qwQzp9PA3LJitny4wGvyB74RANc9VDoS6DJlUdT
gN/cPfvVqGJa7N6VtFXg+Q63WermJ7hXXnKhEQ3lfmmIICPxlpmQCVk5Wx3Orc9n
xlNCswARqcUETLBjD17R/c/03jCgvM+xQCxAZ60/4zRNg2XExoHyzrlki5pSVl+3
MieRyoIbJskxvBnaGn3oS5kdMR/288x7g/n0vvG0s0VuWBKNOLvwNcvyM/xjYdr4
rztCm+2zvVk6qFm2EUi5Vb4V1P5d3XFz7zMgocu3Bve078wILFWiLtV7sOsCLQG9
NmiFWA12xYOG0+tUQlAVVY4FaVxFJt+YjZxZAgMBAAGjggPVMIID0TAOBgNVHQ8B
Af8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNV
HQ4EFgQUHVaokuJpWDSGAeVsretVV1ddOzIwHwYDVR0jBBgwFoAUJeIYDrJXkZQq
5dRdhpCD3lOzuJIweAYIKwYBBQUHAQEEbDBqMDUGCCsGAQUFBzABhilodHRwOi8v
b2NzcC5wa2kuZ29vZy9zL2d0czFkNC9aclRmeGpseFpfbzAxBggrBgEFBQcwAoYl
aHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMWQ0LmRlcjCCAXcGA1UdEQSC
AW4wggFqgjZ2ZXJpZnkub3JpZ2luLnByb2QtbmV3cy5wcm9kdWN0aW9uLmFwLmJy
aWdodHNwb3QuY2xvdWSCL29yaWdpbi5wcm9kLW5ld3MucHJvZHVjdGlvbi5hcC5i
cmlnaHRzcG90LmNsb3Vkgi1kaW1zLnByb2QtbmV3cy5wcm9kdWN0aW9uLmFwLmJy
aWdodHNwb3QuY2xvdWSCKHByb2QtbmV3cy5wcm9kdWN0aW9uLmFwLmJyaWdodHNw
b3QuY2xvdWSCLGNtcy5wcm9kLW5ld3MucHJvZHVjdGlvbi5hcC5icmlnaHRzcG90
LmNsb3VkgjN2ZXJpZnkuY21zLnByb2QtbmV3cy5wcm9kdWN0aW9uLmFwLmJyaWdo
dHNwb3QuY2xvdWSCDmNtcy5hcG5ld3MuY29tgg9iZXRhLmFwbmV3cy5jb22CD2Rp
bXMuYXBuZXdzLmNvbYIRb3JpZ2luLmFwbmV3cy5jb20wIQYDVR0gBBowGDAIBgZn
gQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Js
cy5wa2kuZ29vZy9ndHMxZDQvTGppZ2ExZUNib0UuY3JsMIIBBAYKKwYBBAHWeQIE
AgSB9QSB8gDwAHYAO1N3dT4tuYBOizBbBv5AO2fYT8P0x70ADS1yb+H61BcAAAGL
sOCBiAAABAMARzBFAiEAyaHVGKi0rLg6mb+ptF67KYEKd/A74MpBkTTPKcVPNRAC
IDBY4oSSDzZGE1D6lBRs8aNRXzn7QvziOb8HlkIGlKvoAHYA7s3QZNXbGs7FXLed
tM0TojKHRny87N7DUUhZRnEftZsAAAGLsOCBbAAABAMARzBFAiEA0JJoeTfjRw8Q
ARsS96er6L84Z+QERAAmzqSa+q0T5MoCIEYFE8TD+UXDjvQx4BOVjGn2suRR7FRf
diFXzri4AYe5MA0GCSqGSIb3DQEBCwUAA4IBAQCG2bFb0pK27AskP7rHqMFtdPaK
9mSW84xMDvx5NBb4G+bi+/pDgXFr3aHDX9ETRLBUAoNabKoHUQLntqqygV0TJaTp
sAF5xh+XwHnLcGE7C8Qg6Rd/I4Df0EYu+4y0K1oGkHOWa4IAiryec+WkbR3MByNz
ZlvxK4HpnryKY2Yhy0gkl8z1PTIzWj6qqF+HZNi3OwI98qTgzd15d0zy1T3rcfWm
mX14dymJihQ7qwf1ANukk/JC/qKLAUKKRtr7086bC7CnVdMpRp1k5DhAxP8CrBrI
4iRyMrddHPYPMalV9J6jEmwmb2Nycd2eAwFDfkfc4VuEQ+aVdCj0oYJdDgQj
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiTU2rwjE+qsEM6fTwNy
yYrZ8uMBr8ge+EQDXPVQ6EugyZVHU4Df3D371ahiWuzelbRV4PkOt1nq5ie4V15y
oREN5X5piCAj8ZaZkAlZOVsdzq3PZ8ZTQrMAEanFBEywYw9e0f3P9N4woLzPsUAs
QGetP+M0TYNlxMaB8s65ZIuaUlZftzInkcqCGybJMbwZ2hp96EuZHTEf9vPMe4P5
9L7xtLNFblgSjTi78DXL8jP8Y2Ha+K87Qpvts71ZOqhZthFIuVW+FdT+Xd1xc+8z
IKHLtwb3tO/MCCxVoi7Ve7DrAi0BvTZohVgNdsWDhtPrVEJQFVWOBWlcRSbfmI2c
WQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 319814880773915212082355883211826383478
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Google Trust Services LLC'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GTS CA 1D4'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-08 20:39:44 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-06 21:33:58 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'verify.origin.prod-news.production.ap.brightspot.cloud'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22993533774962566740988436660880341305018232851953512373502947121463922562280929653194796062630903908008991036848867849103183192857756332204196098770324022298503055102856366684502542964818878591820321433823281153481942995836830464818854062881985545678606726443847342984052548006560204565933333438081623519364959785920912632019597020333639311783765331460825580513192957319163942296601466182985872434572352515669840865774837276469136461036775664732526388833755202242903765549117262692393089661736611696733914919717237491783487162320371788266886348395678570702747652398795291933902622119880572516307000870585355725544537
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1d56a892e26958348601e56cadeb5557575d3b32
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 25e2180eb25791942ae5d45d869083de53b3b892
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (108 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.pki.goog/s/gts1d4/ZrTfxjlxZ_o'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://pki.goog/repo/certs/gts1d4.der'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'verify.origin.prod-news.production.ap.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'origin.prod-news.production.ap.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dims.prod-news.production.ap.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prod-news.production.ap.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cms.prod-news.production.ap.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'verify.cms.prod-news.production.ap.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cms.apnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'beta.apnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dims.apnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'origin.apnews.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.5.3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (53 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crls.pki.goog/gts1d4/Ljiga1eCboE.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f00076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018bb0e081880000040300473045022100c9a1d518a8b4acb83a99bfa9b45ebb29810a77f03be0ca419134cf29c54f351002203058e284920f36461350fa94146cf1a3515f39fb42fce239bf0796420694abe8007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018bb0e0816c0000040300473045022100d092687937e3470f10011b12f7a7abe8bf3867e404440026cea49afaad13e4ca0220460513c4c3f945c38ef431e013958c69f6b2e451ec545f762157ceb8b80187b9
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0086d9b15bd292b6ec0b243fbac7a8c16d74f68af66496f38c4c0efc793416f81be6e2fbfa4381716bdda1c35fd11344b05402835a6caa075102e7b6aab2815d1325a4e9b00179c61f97c079cb70613b0bc420e9177f2380dfd0462efb8cb42b5a069073966b82008abc9e73e5a46d1dcc072373665bf12b81e99ebc8a636621cb482497ccf53d32335a3eaaa85f8764d8b73b023df2a4e0cddd79774cf2d53deb71f5a6997d787729898a143bab07f500dba493f242fea28b01428a46dafbd3ce9b0bb0a755d329469d64e43840c4ff02ac1ac8e2247232b75d1cf60f31a955f49ea3126c266f637271dd9e0301437e47dce15b8443e6957428f4a1825d0e0423