ushwebstore.nbcuni.com

- Universal City Studios -

Issued by GeoTrust RSA CA 2018

About this certificate

This digital certificate with serial number 0c:7b:ba:27:4c:86:61:de:cc:02:b7:e0:b9:ce:be:18 was issued on by DigiCert Inc.

With 8 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Universal City Studios

Organization: Universal City Studios
Organization unit: Universal City Studios
State / Province: California
Locality: Universal City
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0c:7b:ba:27:4c:86:61:de:cc:02:b7:e0:b9:ce:be:18
Serial Number (int): 16593164104786710525840078669920255512
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 11:ef:d2:c4:60:76:69:4a:27:97:a1:d6:30:bc:3e:0f:dd:b6:e6:74
AuthorityKeyId: 90:58:ff:b0:9c:75:a8:51:54:77:b1:ed:f2:a3:43:16:38:9e:6c:c5

Fingerprint (sha1): d3:8d:e1:36:c1:8c:13:db:ef:cb:74:f6:40:72:eb:cb:d7:63:9d:6b
Fingerprint (sha256): 1f:5d:59:18:73:c4:97:7b:da:ba:52:1b:31:25:a9:ad:b6:cd:97:90:89:95:9e:ef:b4:e5:cb:71:29:4d:77:dd

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustRSACA2018.crl

Check the revocation status for certificate ushwebstore.nbcuni.com

8

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ushwebstore.nbcuni.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ushwebstore.nbcuni.com
ticketsstg.universalstudioshollywood.com
storestg.universalstudioshollywood.com
www.ushticketsstg.nbcuni.com
ushwebstorestg.nbcuni.com
stage.universalstudioshollywood.com
stage.info.universalstudioshollywood.com
stage.espanol.universalstudioshollywood.com

Other certificates including the domain name nbcuni.com

(limited to 100 certificates)
nexusdev.nbcuni.com
www.universalorlando.com
stratastaging2.nbcuni.com
solar.nbcuni.com
atsc-ba-prod.nextgentv.nbcuni.com
vod-media-validator.summer-dev.nbcuni.com
solarstg.nbcuni.com
*.nbcuni.com
fcc-vera.nbcuni.com
cp.stg.inbcu.com
dev.showsystem.nbcuni.com
stage.idxapiexplorer.nbcuni.com
nimbus.nbcuni.com
sharedpartnerushdr.nbcuni.com
icreative-stg.nbcuni.com
earth-prod.nbcuni.com
schedulesstg.nbcuni.com
adminprod-nbcuaffiliate.nbcuni.com
score.nbcuni.com
www.seeso.com
www.stillonyourside.com
www.stillonyourside.com
dev.showsystem.nbcuni.com
vod-media-validator.earth-dev.nbcuni.com
prod.tvecms.nbcuni.com
dashboard.lightbox.nbcuni.com
stage.idxapi.nbcuni.com
int-grafana-us-east-2.nowtv-dev.nbcuni.com
usz.nbcuni.com
*.apps.nbcuni.com
api.vms.nbcuni.com
ad-tech.nbcuni.com
phoenix-ingest.next1-dev.nbcuni.com
ushwebstorestg.nbcuni.com
ermpoc.nbcuni.com
FilmEntMstr11DR.nbcuni.com
ssoapp.stg.inbcu.com
www.universalorlando.com
config-mgmt-tool-api.mssai-dev.nbcuni.com
showsystem.nbcuni.com
sst-moe-reports.summer-prod.nbcuni.com
stagingbenefits.nbcuni.com
ssl867936.cloudflaressl.com
tellystg.nbcuni.com
nbcuni.com
sportsevents.nbcuni.com
atsc-ba-qa.nextgentv.nbcuni.com
prod.tvecms.nbcuni.com
*.k8s.apps.nbcuni.com
msppm-ssrsPROD.nbcuni.com
www.stillonyourside.com
www.universalorlando.com
snasadmin.nbcuni.com
nonprod-test.origin-nonprod-commerce.nbcuni.com
mail.inbcu.com
*.apps.nbcuni.com
cp.nbcuni.com
phoenix-data-gold.vod-dev.nbcuni.com
www.colonytv.com
nbcuni.com
transworks.nbcuni.com
gateworks.nbcuni.com
qa-coding.nbcuni.com
prod.12.slot.cdn.salesforce-communities.com
nbcuni.com
www.stillonyourside.com
4help.nbcuni.com
stratastaging2.nbcuni.com
anywherelon.nbcuni.com
prod.12.slot.cdn.salesforce-communities.com
api.lxt.nbcuni.com
www.universalorlando.com
www.colonytv.com
perforceswarm.nbcuni.com
apps.devsysusz.nbcuni.com
prod.12.slot.cdn.salesforce-communities.com
licensing.nbcuni.com
qa-coding.nbcuni.com
stratastaging2.nbcuni.com
4help.nbcuni.com
cosmos.nbcuni.com
www.colonytv.com
phoenix-delivery.next1-prod.nbcuni.com
adc-vera.nbcuni.com
slate.nbcuni.com
qaapi.newsconnect.nbcuni.com
usgresearch.nbcuni.com
stage-mps.nbcuni.com
jp.travel.nbcuni.com
prod-longform.moe.nbcuni.com
myhrqa2.nbcuni.com
www.colonytv.com
slemanager-lem-synchronizer.vod-dev.nbcuni.com
www.stillonyourside.com
ushwebstore.nbcuni.com
fss.external.nbcuni.com
devfmaatmapi.nbcuni.com
dropbox.nbcuni.com
flexpay.nbcuni.com
www.colonytv.com

Certificate

The complete raw certificate details for ushwebstore.nbcuni.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHRDCCBiygAwIBAgIQDHu6J0yGYd7MArfguc6+GDANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe
Fw0xODA2MTgwMDAwMDBaFw0xOTA2MTgxMjAwMDBaMIGeMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEXMBUGA1UEBxMOVW5pdmVyc2FsIENpdHkxHzAd
BgNVBAoTFlVuaXZlcnNhbCBDaXR5IFN0dWRpb3MxHzAdBgNVBAsTFlVuaXZlcnNh
bCBDaXR5IFN0dWRpb3MxHzAdBgNVBAMTFnVzaHdlYnN0b3JlLm5iY3VuaS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClWSUO7rZ2aIsJ4WnA0WWi
aClKvOz2GkDdpvZ0zbqioSZetCUriB+aprais44w88X/EuYUnO8MaqbeTuEem1gS
nFwdKAJKFmw1nRFI/0VRRCoHwpS/nesEacTb6Zm5MahyMZxd+J6LpRnUQ7MrfHkv
l61BS7JT9W8wJyNdaQI1gyWu3Nla1mcuIO2hkt4fJ744yP2CN0BXmL1Ag2JCV1Q/
2Dg1xRCxX5skr36NcBcdEvKZOymLY6n3hHxawi1oHNdXlTaigaMNvKYXHery2FXY
DLaJspL6zaPDk+abdYul+nTlRsT1bVLMxK+a5ynmHzNAHwOW8u4A6+QjkHlOrcpd
AgMBAAGjggO7MIIDtzAfBgNVHSMEGDAWgBSQWP+wnHWoUVR3se3yo0MWOJ5sxTAd
BgNVHQ4EFgQUEe/SxGB2aUonl6HWMLw+D9225nQwggEsBgNVHREEggEjMIIBH4IW
dXNod2Vic3RvcmUubmJjdW5pLmNvbYIodGlja2V0c3N0Zy51bml2ZXJzYWxzdHVk
aW9zaG9sbHl3b29kLmNvbYImc3RvcmVzdGcudW5pdmVyc2Fsc3R1ZGlvc2hvbGx5
d29vZC5jb22CHHd3dy51c2h0aWNrZXRzc3RnLm5iY3VuaS5jb22CGXVzaHdlYnN0
b3Jlc3RnLm5iY3VuaS5jb22CI3N0YWdlLnVuaXZlcnNhbHN0dWRpb3Nob2xseXdv
b2QuY29tgihzdGFnZS5pbmZvLnVuaXZlcnNhbHN0dWRpb3Nob2xseXdvb2QuY29t
gitzdGFnZS5lc3Bhbm9sLnVuaXZlcnNhbHN0dWRpb3Nob2xseXdvb2QuY29tMA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPgYD
VR0fBDcwNTAzoDGgL4YtaHR0cDovL2NkcC5nZW90cnVzdC5jb20vR2VvVHJ1c3RS
U0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUH
AgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHUGCCsG
AQUFBwEBBGkwZzAmBggrBgEFBQcwAYYaaHR0cDovL3N0YXR1cy5nZW90cnVzdC5j
b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9jYWNlcnRzLmdlb3RydXN0LmNvbS9HZW9U
cnVzdFJTQUNBMjAxOC5jcnQwCQYDVR0TBAIwADCCAQQGCisGAQQB1nkCBAIEgfUE
gfIA8AB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZBBQPSoA
AAQDAEgwRgIhANR4SjEhxHuK3Yquj17NVsXJCZzXJav70lOXweKVAv1ZAiEA7u6/
xDrHTSYxEpoZosbWyFkptv2YvpMzLlVAQdijcJsAdQCHdb/nWXz4jEOZX73zbv9W
jUdWNv9KtWDBtOr/XqCDDwAAAWQQUD4BAAAEAwBGMEQCICqRXjikhrm6DChZVjwU
jHnbMwAs8JGzMos2DqpQuVlWAiAnajMGlLOFUSCxhIFQk6ZMH2xEJbtQPmc7RhNF
QeTQGzANBgkqhkiG9w0BAQsFAAOCAQEAMMAiJKPmQ3jDjIIuZgUiYGtQCfAvBS92
wQHBL3v6wCulvWpMQRl7nKQXb9wRZBJnK49CxhbJ5daxgfUiNJwnz9Zz4sLhhW1S
oeAaQSNrNGXL1i3Vl4ko7tskDAvgXDMZS7K3/I+8uSGHQ/UklV0GCNUylPWN+ukw
YgOjkNMEUsoNKHAaECxs/MFm2UnmXBPz+L2G1cnaxdoQB+QFcTSg3zVURtcLaXBw
XUn3WjWZq3IJmU/8XwUd6vUSPMg295rznQVwijhOYPQ0kU0koFQaGbr80PwR+HdS
hEDlwIFR8XzAT/DkQApnuE/E5K37fCU2As1Zd/Wkwl7SW36m5p5XVQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVklDu62dmiLCeFpwNFl
omgpSrzs9hpA3ab2dM26oqEmXrQlK4gfmqa2orOOMPPF/xLmFJzvDGqm3k7hHptY
EpxcHSgCShZsNZ0RSP9FUUQqB8KUv53rBGnE2+mZuTGocjGcXfiei6UZ1EOzK3x5
L5etQUuyU/VvMCcjXWkCNYMlrtzZWtZnLiDtoZLeHye+OMj9gjdAV5i9QINiQldU
P9g4NcUQsV+bJK9+jXAXHRLymTspi2Op94R8WsItaBzXV5U2ooGjDbymFx3q8thV
2Ay2ibKS+s2jw5Pmm3WLpfp05UbE9W1SzMSvmucp5h8zQB8DlvLuAOvkI5B5Tq3K
XQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 16593164104786710525840078669920255512
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-06-18 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-18 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Universal City'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Universal City Studios'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Universal City Studios'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ushwebstore.nbcuni.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20873279238483941450983377631794411781773918133803140544311664733523318435102411802448751079872846723733370132194044983876632129211209912815483885039355555242913695981978717656447551785123386789053172757940986232504142774730896838539769437527253893521857162784009197684497785380748510867677722737303410402673035091644227590671570352868728988383655269339057816713963289225166762334193536262053153813162700434673300160863376106887555793403593175680974987570348083018200151702967702557664689048780923584507317979249370754666052638275996339517678843421004199275613005854288183201334236896511286644716356734443049414675037
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9058ffb09c75a8515477b1edf2a34316389e6cc5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							11efd2c46076694a2797a1d630bc3e0fddb6e674
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (291 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ushwebstore.nbcuni.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ticketsstg.universalstudioshollywood.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'storestg.universalstudioshollywood.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ushticketsstg.nbcuni.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ushwebstorestg.nbcuni.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.universalstudioshollywood.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.info.universalstudioshollywood.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.espanol.universalstudioshollywood.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007700a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016410503d2a0000040300483046022100d4784a3121c47b8add8aae8f5ecd56c5c9099cd725abfbd25397c1e29502fd59022100eeeebfc43ac74d2631129a19a2c6d6c85929b6fd98be93332e554041d8a3709b0075008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016410503e01000004030046304402202a915e38a486b9ba0c2859563c148c79db33002cf091b3328b360eaa50b959560220276a330694b3855120b184815093a64c1f6c4425bb503e673b46134541e4d01b
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0030c02224a3e64378c38c822e660522606b5009f02f052f76c101c12f7bfac02ba5bd6a4c41197b9ca4176fdc116412672b8f42c616c9e5d6b181f522349c27cfd673e2c2e1856d52a1e01a41236b3465cbd62dd5978928eedb240c0be05c33194bb2b7fc8fbcb9218743f524955d0608d53294f58dfae9306203a390d30452ca0d28701a102c6cfcc166d949e65c13f3f8bd86d5c9dac5da1007e4057134a0df355446d70b6970705d49f75a3599ab7209994ffc5f051deaf5123cc836f79af39d05708a384e60f434914d24a0541a19bafcd0fc11f877528440e5c08151f17cc04ff0e4400a67b84fc4e4adfb7c253602cd5977f5a4c25ed25b7ea6e69e5755