ams-swwe-1-hos-encodingrest-1-1.cloudapp.net

Issued by Microsoft IT TLS CA 1

About this certificate

This digital certificate with serial number 7b:00:0e:93:71:d1:f9:39:c2:52:b6:c7:1e:00:00:00:0e:93:71 was issued on by Microsoft Corporation.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

Certificate Subject

CN=ams-swwe-1-hos-encodingrest-1-1.cloudapp.net

Microsoft Corporation

Organization: Microsoft Corporation
Organization unit: Microsoft IT
State / Province: Washington
Locality: Redmond
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 7b:00:0e:93:71:d1:f9:39:c2:52:b6:c7:1e:00:00:00:0e:93:71
Serial Number (int): 2742996619359907234239647699131331390466855793
Serial Number lenght: 151 bits, 19 octets

SubjectKeyId: 61:78:5f:20:0e:e4:e4:ca:f0:2c:96:89:5b:7c:d6:62:5d:79:d9:a4
AuthorityKeyId: 58:88:9f:d6:dc:9c:48:22:b7:14:3e:ff:84:88:e8:e6:85:ff:fa:7d

Fingerprint (sha1): a4:10:bc:c0:1d:00:99:fe:45:26:a1:2c:c7:82:99:b6:c8:91:f8:b9
Fingerprint (sha256): 20:55:f7:74:8f:ea:d4:78:71:44:ed:79:27:81:f8:0c:ce:30:5c:9c:76:65:74:2a:13:90:1e:c8:38:e4:b4:3a

Issuing Certificate URL: http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt

Revocation information

OCSP Server: http://ocsp.msocsp.com
CRL Distribution Point: http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl
CRL Distribution Point: http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl

Check the revocation status for certificate ams-swwe-1-hos-encodingrest-1-1.cloudapp.net

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ams-swwe-1-hos-encodingrest-1-1.cloudapp.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

11 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ams-swwe-1-hos-encodingrest-1-1.cloudapp.net
ams-swwe1-hos-encodingrest-1-1.encodingrest.media.azure.net

Other certificates including the domain name ams-swwe-1-hos-encodingrest-1-1.cloudapp.net

(limited to 100 certificates)

Certificate

The complete raw certificate details for ams-swwe-1-hos-encodingrest-1-1.cloudapp.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHPDCCBSSgAwIBAgITewAOk3HR+TnCUrbHHgAAAA6TcTANBgkqhkiG9w0BAQsF
ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE
CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEw
HhcNMjAwMTEzMDI0NjAwWhcNMjIwMTEzMDI0NjAwWjA3MTUwMwYDVQQDEyxhbXMt
c3d3ZS0xLWhvcy1lbmNvZGluZ3Jlc3QtMS0xLmNsb3VkYXBwLm5ldDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBANsgTrLNFwlUWTu3xfOcuMOXM2mV5vpi
hqv53bcXwSh1VrMBO/ul/XjOCEeTNW8d/ilGq54ekXOguNcqrLb6M3O329hsBjti
ZZy0Yl6relxwzoeuLKV6UKZWlW7iv5iMxy66kkncyXwIapH9TmwHthcV4MlBeIa7
2aRwLq+N09qjoMgjwZbNS7aZLo86PHigyuBqxS/e+SeTQ0WqVJ918RV3g/7Z3svT
ZosDUc4SschB7eo4RjiyUcVKdkKBHEo5kwwhsqK8c6dMg0Tw9K1JmZOhDZsMOIv0
cfa0jPsO6EPEO1onbwyWbpR9Ur/1uNxNgyHCo2Oxr0a3K2Y0UJNUl2MCAwEAAaOC
AuowggLmMBMGCisGAQQB1nkCBAMBAf8EAgUAMCcGCSsGAQQBgjcVCgQaMBgwCgYI
KwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUI
h9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcB
AQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kv
bXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEF
BQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUYXhfIA7k5Mrw
LJaJW3zWYl152aQwCwYDVR0PBAQDAgSwMHQGA1UdEQRtMGuCLGFtcy1zd3dlLTEt
aG9zLWVuY29kaW5ncmVzdC0xLTEuY2xvdWRhcHAubmV0gjthbXMtc3d3ZTEtaG9z
LWVuY29kaW5ncmVzdC0xLTEuZW5jb2RpbmdyZXN0Lm1lZGlhLmF6dXJlLm5ldDCB
rAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNv
bS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5j
cmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNy
b3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEE
AYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br
aS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+/4SI6OaF//p9MB0G
A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEA
Ef/PzViyXQtb6HycLPdiUgVld2VKPZ2YgW0Zb5mZo5Yq0pyxxK9fl1DI4g9yH9kp
0fhMAvDCuozkuvuzQNEr0/9llBD9F82bwUhnMeo8voiQGCeoJQhlB8vaYZtzDEPu
22MG/b8M4V1IumAt8O76uDCpjZjHjGlYXK5bukc2Vh1R7qcuSQAnRbBA7TcLfKqT
VRa6aEQLcsBxS3A9jj/m7WXRbYuzt0hS+FlbzTSW1hdl6OBHL3oadai5y/Wb63uC
MgPMzMvHDrFu8fiorQbOzIDdqLlaR1LkPH1UUgxJSH10CSXlnaMAO0DpCEsEWCDk
sccNRNCB2OgFOc1y9ZyuatffQfeQDdPARDZTJh8sV7MXLhaHlEMmDGy0OUX6nhjc
06Pehs9/oQfLp2vE9/YIIO9jrHmFw48EtnqPXiO/Rv8jC46K+dy6dT9bpDBAo+sY
zYRtHDiYCxoR0BvJCXYVCEuiuQkJtSQRU0bsfYaouH/MTZZbzzwTiTg+BDrfVSW1
aMSmskNE0/SeyygN4l6Cuk8eNlDuUzhEmhWeqIcG/qms3cE6B+qUTyQ9toIffXZ9
kdT0aVNxmE1J9UTJjcd+AkTueIugv5Z23y/2zH/faZgPuPMzGF1SI8bFDzzBZo74
jy8mYRWWOYfOke65tzLyPQcy2VQjV4mDF3qr2r5rAVQ=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yBOss0XCVRZO7fF85y4
w5czaZXm+mKGq/ndtxfBKHVWswE7+6X9eM4IR5M1bx3+KUarnh6Rc6C41yqstvoz
c7fb2GwGO2JlnLRiXqt6XHDOh64spXpQplaVbuK/mIzHLrqSSdzJfAhqkf1ObAe2
FxXgyUF4hrvZpHAur43T2qOgyCPBls1Ltpkujzo8eKDK4GrFL975J5NDRapUn3Xx
FXeD/tney9NmiwNRzhKxyEHt6jhGOLJRxUp2QoEcSjmTDCGyorxzp0yDRPD0rUmZ
k6ENmww4i/Rx9rSM+w7oQ8Q7WidvDJZulH1Sv/W43E2DIcKjY7GvRrcrZjRQk1SX
YwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2742996619359907234239647699131331390466855793
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Washington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT TLS CA 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-01-13 02:46:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-01-13 02:46:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ams-swwe-1-hos-encodingrest-1-1.cloudapp.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27662120168062962749428090590104783128883311239352777456891974131456098840501574203192159564754933745684384798639021531691719894024027225560522855865720239724297733202255324097362219867360065943225568883567626427314256771377312581470317903393687642598112946729981006321456935689554710033349282504120720622080232963806460999049329285794733237320132354607543319486024022956690761636997697135720817125141068759939136306298863473346222716719160754582146132042502830170881645355060857867136049370045730666339937325240699194800058392910887724013275780346188897854319111723195596906333000432387953193960573501172583849301859
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.16155509.8105089.5391003.2969441.12400096.221.9744322.5884410
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.msocsp.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							61785f200ee4e4caf02c96895b7cd6625d79d9a4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (109 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ams-swwe-1-hos-encodingrest-1-1.cloudapp.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ams-swwe1-hos-encodingrest-1-1.encodingrest.media.azure.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (164 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.42.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pki/mscorp/cps'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 58889fd6dc9c4822b7143eff8488e8e685fffa7d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0011ffcfcd58b25d0b5be87c9c2cf76252056577654a3d9d98816d196f9999a3962ad29cb1c4af5f9750c8e20f721fd929d1f84c02f0c2ba8ce4bafbb340d12bd3ff659410fd17cd9bc1486731ea3cbe88901827a825086507cbda619b730c43eedb6306fdbf0ce15d48ba602df0eefab830a98d98c78c69585cae5bba4736561d51eea72e49002745b040ed370b7caa935516ba68440b72c0714b703d8e3fe6ed65d16d8bb3b74852f8595bcd3496d61765e8e0472f7a1a75a8b9cbf59beb7b823203cccccbc70eb16ef1f8a8ad06cecc80dda8b95a4752e43c7d54520c49487d740925e59da3003b40e9084b045820e4b1c70d44d081d8e80539cd72f59cae6ad7df41f7900dd3c0443653261f2c57b3172e16879443260c6cb43945fa9e18dcd3a3de86cf7fa107cba76bc4f7f60820ef63ac7985c38f04b67a8f5e23bf46ff230b8e8af9dcba753f5ba43040a3eb18cd846d1c38980b1a11d01bc9097615084ba2b90909b524115346ec7d86a8b87fcc4d965bcf3c1389383e043adf5525b568c4a6b24344d3f49ecb280de25e82ba4f1e3650ee5338449a159ea88706fea9acddc13a07ea944f243db6821f7d767d91d4f4695371984d49f544c98dc77e0244ee788ba0bf9676df2ff6cc7fdf69980fb8f333185d5223c6c50f3cc1668ef88f2f266115963987ce91eeb9b732f23d0732d95423578983177aabdabe6b0154