static.itunes.apple.com

- Apple Inc. -

Issued by Apple Public EV Server RSA CA 2 - G1

About this certificate

This digital certificate with serial number 68:b9:52:5d:11:21:0a:27:56:5f:62:ee:b2:8e:60:d5 was issued on by Apple Inc..

With 37 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Apple Inc.

Company registration number: C0806592
Organization: Apple Inc.
State / Province: California
Locality: Cupertino
Country: US

Apple Inc.

Organization: Apple Inc.
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 68:b9:52:5d:11:21:0a:27:56:5f:62:ee:b2:8e:60:d5
Serial Number (int): 139201957011567994825154034453852348629
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 69:74:c7:bf:48:fd:db:18:db:de:29:05:ea:2f:2c:06:a5:10:45:66
AuthorityKeyId: 50:55:ab:43:a1:af:a9:48:2b:5a:c1:a2:87:89:04:e4:7a:0e:ca:da

Fingerprint (sha1): f8:53:cc:63:f8:e7:6f:cc:5f:6c:88:b4:62:aa:95:a2:fd:68:0b:34
Fingerprint (sha256): 1f:a0:d9:58:9d:a3:39:13:23:a5:5b:34:75:86:3c:e4:27:cb:08:06:4c:f9:0a:47:75:f1:26:fe:ef:f1:c7:31

Issuing Certificate URL: http://certs.apple.com/apevsrsa2g1.der

Revocation information

OCSP Server: http://ocsp.apple.com/ocsp03-apevsrsa2g101
CRL Distribution Point: http://crl.apple.com/apevsrsa2g1.crl

Check the revocation status for certificate static.itunes.apple.com

37

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for static.itunes.apple.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

genius.itunes.apple.com
pcr.apple.com
ld-2.itunes.apple.com
genius-download-2.itunes.apple.com
ld-nk11.itunes.apple.com
du.itunes.apple.com
pd-st.itunes.apple.com
cma.itunes.apple.com
ld-1.itunes.apple.com
feeds.itunes.apple.com
uclient-api.itunes.apple.com
ld-st11.itunes.apple.com
genius-2.itunes.apple.com
music.apple.com
api.ent.apple.com
sitemanager.itunes.apple.com
ld-3.itunes.apple.com
ld-8.itunes.apple.com
ld-5.itunes.apple.com
ld-6.itunes.apple.com
sonos-music.apple.com
userpub.itunes.apple.com
vpp.itunes.apple.com
myapp.itunes.apple.com
homesharing.itunes.apple.com
pd-nk.itunes.apple.com
static.itunes.apple.com
ld-4.itunes.apple.com
volume.itunes.apple.com
genius-download.itunes.apple.com
genius-upload-2.itunes.apple.com
apps-internal.mzstatic.com
partiality.itunes.apple.com
genius-upload.itunes.apple.com
ld-7.itunes.apple.com
my.itunes.apple.com
cma2.itunes.apple.com

Other certificates including the domain name apple.com

(limited to 100 certificates)
itunes.apple.com
ja.ls.apple.com
origin-discussions2-us-dr-prz.apple.com
training.apple.com
reserves-prime.prz.apple.com
app001.apple.com
deployment-pv50.ls.apple.com
itunes.apple.com
reserve-prime.apple.com
gsp81-ssl-e1118.ls.apple.com
gsp102-ssl-e1502.ls.apple.com
api.searchads.apple.com
idmsa-uat.apple.com
webpay-sh-pilot.apple.com
mzstatic.com
store-029.blobstore.apple.com
beatsglobalquality-uat.corp.apple.com
rw.apple.com
stg-pod1-smp.corp.apple.com
gr-api-video-h-aapne1a.smoot.apple.com
web-ext-mmap-ce01.apple.com
assurance-jigglebilly.apple.com
usl-expe1405.apple.com
store-995.blobstore.apple.com
sapecc-prd-ext.sap.apple.com
swdlp.apple.com
gsx.apple.com
gsp-ssl-e1134.ls.apple.com
clx-dev.apple.com
noodle.apple.com
gsp11-ty21-dlb-2.ls.apple.com
mzuserxp.itunes.apple.com
gsp64-st14-ssl-dlb.ls.apple.com
gsp45-ssl-e1356.ls.apple.com
gsp12-st14-dlb-2.ls.apple.com
discussions-uat.apple.com
dc-portal.apple.com
supplier.apple.com
gsp48-kittyhawk-qs55-ssl.ls.apple.com
gsp81-ssl-e1502.ls.apple.com
gsp48-ssl-e691.ls.apple.com
mapsconnectapi.ls.apple.com
wdg01-uat.apple.com
wellnessclassic.apple.com
api-partner-connect-uat1.apple.com
people.apple.com
supplier-registration.apple.com
gsp60-ssl-e997.ls.apple.com
ssuat.apple.com
locate.apple.com
itunes.apple.com
suppliernet.apple.com
gsp79-am31-dlb.ls.apple.com
smp-device-qa3.apple.com
eurored3.apple.com
devcon-oomnshuttleist-test.apple.com
coreservices-e1506-ms11-bistunium-k8straefik.ls.apple.com
dmo-vip01-storeinfo.retailtech.apple.com
gsp70-ssl-e706.ls.apple.com
dinah05.corp.apple.com
gsp1-ssl.apple.com
gspe85-cn-ssl.ls.apple.com
vorpal-relay.apple.com
bswe.apple.com
cma.itunes.apple.com
gsp-ssl-apne1-ash.ls.apple.com
theloop-stage.apple.com
tokenvalidation.apple.com
linkmaker.itunes.apple.com
gsp70-ssl-e1633.ls.apple.com
gsp63-ms12-kittyhawk-ssl.ls.apple.com
gsp-ssl-sl61-ipv6.ls.apple.com
aws-onepulse.apple.com
nightcap-events.apple.com
argo-api.apple.com
gsp12-kh-st14-1.ls.apple.com
gsp59-ssl-e506.ls.apple.com
mr-apple-com2.apple.com
ocservice.apple.com
gsp36-ssl-e1627.ls.apple.com
marketing.apple.com
ioss-callbackservices-qa3.apple.com
gsp19-kh-ms12.ls.apple.com
madeforipodandiphone.apple.com
gspe19-ssl.ls.apple.com
gsp19-1-kittyhawk-ci77-ssl.ls.apple.com
cs-integrations-stage.apple.com
gsp35-ty21-ssl.ls.apple.com
gbiportal-apps-external.apple.com
plmtest2.apple.com
gsp3-sy02-ssl.ls.apple.com
gspe35-ssl.ls.apple.com
gsp76-ty21-01.ls.apple.com
ne-access.apple.com
profilebroker.apple.com
axm-scim-qa12.apple.com
gsp95-hk02-stage-ssl.ls.apple.com
contactretail.apple.com
caffemacs-aa-prz.apple.com
bam.corp.apple.com

Certificate

The complete raw certificate details for static.itunes.apple.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIII/zCCB+egAwIBAgIQaLlSXREhCidWX2Luso5g1TANBgkqhkiG9w0BAQsFADBR
MQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEtMCsGA1UEAxMkQXBw
bGUgUHVibGljIEVWIFNlcnZlciBSU0EgQ0EgMiAtIEcxMB4XDTI0MDEwOTIwMjk1
M1oXDTI0MDcwNzIwMzk1M1owgdExHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0
aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQIMCkNhbGlm
b3JuaWExETAPBgNVBAUTCEMwODA2NTkyMQswCQYDVQQGEwJVUzETMBEGA1UECAwK
Q2FsaWZvcm5pYTESMBAGA1UEBwwJQ3VwZXJ0aW5vMRMwEQYDVQQKDApBcHBsZSBJ
bmMuMSAwHgYDVQQDDBdzdGF0aWMuaXR1bmVzLmFwcGxlLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMDIhxBMw/+RdBp7ypaXA1AiMWqV+GnGw0xU
+hqKJ3gYUq9goxqFIBJLEfdvo/e65R6CaUCmHpPDe2vTodDsJKLMFizNt/lo85OU
MTkxsMlG3HjSGqCNlMCvgnm7LMf9EsyHfcOhEeCUJIgRLr4KSPQDyOaqJY2scPKm
VZ7leK+aadhXEj4QdKZg9fe7lP5DSUjqmOb/FhZJq8OX8Ilw7QqhWzlN66/+HEqh
fdf8/kl99Qn382bvkX4KXM+ZPmjEYEHhVvIVB8mACUlaSSQ7eUJk0wI4F4mncz0D
xhmXV1skgZ4QUdil/pdkc+qy/w8f127scLGhZcUbFiSP1AaGrO8CAwEAAaOCBVAw
ggVMMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUUFWrQ6GvqUgrWsGih4kE5HoO
ytowegYIKwYBBQUHAQEEbjBsMDIGCCsGAQUFBzAChiZodHRwOi8vY2VydHMuYXBw
bGUuY29tL2FwZXZzcnNhMmcxLmRlcjA2BggrBgEFBQcwAYYqaHR0cDovL29jc3Au
YXBwbGUuY29tL29jc3AwMy1hcGV2c3JzYTJnMTAxMIIDqwYDVR0RBIIDojCCA56C
F2dlbml1cy5pdHVuZXMuYXBwbGUuY29tgg1wY3IuYXBwbGUuY29tghVsZC0yLml0
dW5lcy5hcHBsZS5jb22CImdlbml1cy1kb3dubG9hZC0yLml0dW5lcy5hcHBsZS5j
b22CGGxkLW5rMTEuaXR1bmVzLmFwcGxlLmNvbYITZHUuaXR1bmVzLmFwcGxlLmNv
bYIWcGQtc3QuaXR1bmVzLmFwcGxlLmNvbYIUY21hLml0dW5lcy5hcHBsZS5jb22C
FWxkLTEuaXR1bmVzLmFwcGxlLmNvbYIWZmVlZHMuaXR1bmVzLmFwcGxlLmNvbYIc
dWNsaWVudC1hcGkuaXR1bmVzLmFwcGxlLmNvbYIYbGQtc3QxMS5pdHVuZXMuYXBw
bGUuY29tghlnZW5pdXMtMi5pdHVuZXMuYXBwbGUuY29tgg9tdXNpYy5hcHBsZS5j
b22CEWFwaS5lbnQuYXBwbGUuY29tghxzaXRlbWFuYWdlci5pdHVuZXMuYXBwbGUu
Y29tghVsZC0zLml0dW5lcy5hcHBsZS5jb22CFWxkLTguaXR1bmVzLmFwcGxlLmNv
bYIVbGQtNS5pdHVuZXMuYXBwbGUuY29tghVsZC02Lml0dW5lcy5hcHBsZS5jb22C
FXNvbm9zLW11c2ljLmFwcGxlLmNvbYIYdXNlcnB1Yi5pdHVuZXMuYXBwbGUuY29t
ghR2cHAuaXR1bmVzLmFwcGxlLmNvbYIWbXlhcHAuaXR1bmVzLmFwcGxlLmNvbYIc
aG9tZXNoYXJpbmcuaXR1bmVzLmFwcGxlLmNvbYIWcGQtbmsuaXR1bmVzLmFwcGxl
LmNvbYIXc3RhdGljLml0dW5lcy5hcHBsZS5jb22CFWxkLTQuaXR1bmVzLmFwcGxl
LmNvbYIXdm9sdW1lLml0dW5lcy5hcHBsZS5jb22CIGdlbml1cy1kb3dubG9hZC5p
dHVuZXMuYXBwbGUuY29tgiBnZW5pdXMtdXBsb2FkLTIuaXR1bmVzLmFwcGxlLmNv
bYIaYXBwcy1pbnRlcm5hbC5tenN0YXRpYy5jb22CG3BhcnRpYWxpdHkuaXR1bmVz
LmFwcGxlLmNvbYIeZ2VuaXVzLXVwbG9hZC5pdHVuZXMuYXBwbGUuY29tghVsZC03
Lml0dW5lcy5hcHBsZS5jb22CE215Lml0dW5lcy5hcHBsZS5jb22CFWNtYTIuaXR1
bmVzLmFwcGxlLmNvbTBgBgNVHSAEWTBXMEgGBWeBDAEBMD8wPQYIKwYBBQUHAgEW
MWh0dHBzOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9wdWJs
aWMwCwYJYIZIAYb9bAIBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMDUGA1UdHwQuMCww
KqAooCaGJGh0dHA6Ly9jcmwuYXBwbGUuY29tL2FwZXZzcnNhMmcxLmNybDAdBgNV
HQ4EFgQUaXTHv0j92xjb3ikF6i8sBqUQRWYwDgYDVR0PAQH/BAQDAgWgMBMGCisG
AQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQDIQ4XDPjbwv3M/yQFW
19BqG0Jl5vbVMDODVMMFgiRuu7jiR08D9vC0Ik5BfcMcmCKZ/UQklqHVP3QUNOyq
DKpvAwsdkwqSr1uCaMKY+tb9Uj9Id7eykE5XEo9kg3d5pImzhrIqwrsoO1cjRQWt
JQHhM405FHMpl19jU7fZSqQVikkViD4Pjr4JglP8L2WyBiUSTfmSVHGur9uktsOF
CsOwssWcXs1jl4oUPvMJaoxNWxGgVvLx4clgiXVPnIYKeSbRunyLJSFaMToXu1vY
xvLUxr9+TmxSm/DaA04QETN/zj1FWkYdWGvA9Lo0g2EDkyMzn9MptHFN6+ZxhjbT
KtNi
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMiHEEzD/5F0GnvKlpcD
UCIxapX4acbDTFT6GooneBhSr2CjGoUgEksR92+j97rlHoJpQKYek8N7a9Oh0Owk
oswWLM23+Wjzk5QxOTGwyUbceNIaoI2UwK+Cebssx/0SzId9w6ER4JQkiBEuvgpI
9API5qoljaxw8qZVnuV4r5pp2FcSPhB0pmD197uU/kNJSOqY5v8WFkmrw5fwiXDt
CqFbOU3rr/4cSqF91/z+SX31CffzZu+Rfgpcz5k+aMRgQeFW8hUHyYAJSVpJJDt5
QmTTAjgXiadzPQPGGZdXWySBnhBR2KX+l2Rz6rL/Dx/XbuxwsaFlxRsWJI/UBoas
7wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 139201957011567994825154034453852348629
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Apple Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Apple Public EV Server RSA CA 2 - G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-09 20:29:53 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-07 20:39:53 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'C0806592'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Cupertino'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Apple Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'static.itunes.apple.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24336638394779580641348495292428557469307684458482946571402422885355488704424869029338392143995322739058902871966142018614783889614088388788803000661840244114008040773613285973595062068662217269620572831006964675300051510878391006382736527387126477556970887818465058828272268226913307721721929200599485070210074104335257852108977559476370913450988364237533312481438729628066916327617041036531831496925409510374554075218393372936734530870929732766342508928199268908369403158078480818230035083117602336585971047206137887282284054846613999061387098039664632816921999449584612086967878715297234660999397731526733837282543
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 5055ab43a1afa9482b5ac1a2878904e47a0ecada
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://certs.apple.com/apevsrsa2g1.der'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.apple.com/ocsp03-apevsrsa2g101'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (930 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'genius.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pcr.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ld-2.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'genius-download-2.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ld-nk11.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'du.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pd-st.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cma.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ld-1.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'feeds.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uclient-api.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ld-st11.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'genius-2.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'music.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.ent.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sitemanager.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ld-3.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ld-8.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ld-5.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ld-6.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sonos-music.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'userpub.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vpp.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'myapp.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'homesharing.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pd-nk.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'static.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ld-4.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'volume.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'genius-download.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'genius-upload-2.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apps-internal.mzstatic.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'partiality.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'genius-upload.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ld-7.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'my.itunes.apple.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cma2.itunes.apple.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (89 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.apple.com/certificateauthority/public'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.2.1 (DigiCert EV policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (46 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.apple.com/apevsrsa2g1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6974c7bf48fddb18dbde2905ea2f2c06a5104566
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00c84385c33e36f0bf733fc90156d7d06a1b4265e6f6d530338354c30582246ebbb8e2474f03f6f0b4224e417dc31c982299fd442496a1d53f741434ecaa0caa6f030b1d930a92af5b8268c298fad6fd523f4877b7b2904e57128f64837779a489b386b22ac2bb283b57234505ad2501e1338d39147329975f6353b7d94aa4158a4915883e0f8ebe098253fc2f65b20625124df9925471aeafdba4b6c3850ac3b0b2c59c5ecd63978a143ef3096a8c4d5b11a056f2f1e1c96089754f9c860a7926d1ba7c8b25215a313a17bb5bd8c6f2d4c6bf7e4e6c529bf0da034e1011337fce3d455a461d586bc0f4ba348361039323339fd329b4714debe6718636d32ad362