ricohspha.ricoh-usa.com

- Ricoh USA, Inc. -

Issued by AffirmTrust Certificate Authority - OV1

About this certificate

This digital certificate with serial number 89:06:1a:0c:08:d8:17:c4:00:00:00:00:58:08:9b:03 was issued on by AffirmTrust.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Ricoh USA, Inc.

Organization: Ricoh USA, Inc.
State / Province: New Jersey
Locality: Caldwell
Country: US

AffirmTrust

Organization: AffirmTrust
Organization unit: See www.affirmtrust.com/repository
Country: CA

This certificate has expire since

Certificate Details

Serial Number (hex): 89:06:1a:0c:08:d8:17:c4:00:00:00:00:58:08:9b:03
Serial Number (int): 182135917499809448953794288889367141123
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: db:c8:a1:2b:fb:38:46:75:7e:46:43:4d:cc:7b:2c:ff:4a:b1:41:47
AuthorityKeyId: fe:60:c3:0d:a4:a2:9d:21:4f:7a:78:4c:62:c5:db:14:fc:39:78:c4

Fingerprint (sha1): e5:77:59:db:8e:c7:44:c1:1f:a9:3d:f1:8f:52:59:e3:e9:ab:de:fb
Fingerprint (sha256): 20:fb:d2:4c:8f:1f:3e:9d:98:ff:1a:63:56:01:a8:3d:2d:18:3b:95:cc:73:5c:a7:e4:21:69:16:9a:78:21:02

Issuing Certificate URL: http://aia.affirmtrust.com/aftov1ca.crt

Revocation information

OCSP Server: http://ocsp.affirmtrust.com
CRL Distribution Point: http://crl.affirmtrust.com/crl/aftov1ca.crl

Check the revocation status for certificate ricohspha.ricoh-usa.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ricohspha.ricoh-usa.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ricohspha.ricoh-usa.com

Other certificates including the domain name ricoh-usa.com

(limited to 100 certificates)
*.ricoh-usa.com
ssl1.ricoh-usa.com
adaptiveformstest.ricoh-usa.com
boulder-ssl1.ricoh-usa.com
*.returnmailservices.ricoh-usa.com
support.rpp.ricoh-usa.com
*.ricoh-usa.com
proxyapi.my3dhealthcaredev.ricoh-usa.com
storefront.ricoh-usa.com
cs2.ricoh-usa.com
mdm.ricoh-usa.com
xen.ricoh-usa.com
*.ricoh-usa.com
*.ricoh-usa.com
events.ricoh-usa.com
rworld-test.ricoh-usa.com
portal.ricoh-usa.com
UCAAS2-CTPC1-01.ricoh-usa.com
UCAAS11-CTPC1-01.dev.ricoh-usa.com
mdm.ricoh-usa.com
rworld-test.ricoh-usa.com
mobileha.ricoh-usa.com
support.rpp.ricoh-usa.com
sts.ricoh-usa.com
UCAAS11-CUCPUB2-01.dev.ricoh-usa.com
newsroom.ricoh-usa.com
pb1.ricoh-usa.com
sts.dev.ricoh-usa.com
ucaas11-cup1-01.dev.ricoh-usa.com
*.ricoh-usa.com
ricohaps.ricoh-usa.com
boulder-ssl2.ricoh-usa.com
sts.ricoh-usa.com
sts.preprod.ricoh-usa.com
newsroom.ricoh-usa.com
*.awsdev.ricoh-usa.com
UCAAS2-UCMPUB2-01-ms.ricoh-usa.com
*.Ricoh-usa.com
jobs.ricoh-usa.com
*.ricoh-usa.com
UCAAS1-CTPC1-01.ricoh-usa.com
*.ricoh-usa.com
cs3.ricoh-usa.com
tec.ricoh-usa.com
cs3.ricoh-usa.com
rworld-test.ricoh-usa.com
*.ricoh-usa.com
rscc.ricoh-usa.com
thedocshop.ricoh-usa.com
events.ricoh-usa.com
sts.dev.ricoh-usa.com
iapoc.intelligentdelivery.ricoh-usa.com
*.ricoh-usa.com
ricohspha.ricoh-usa.com
ctpat.ricoh-usa.com
rworld-test.ricoh-usa.com
mobile3.ricoh-usa.com
*.Ricoh-usa.com
sts.ricoh-usa.com
PhishReporter.ricoh-usa.com
solutionfinder.ricoh-usa.com
*.ricoh-usa.com
ddpe.ricoh-usa.com
*.ricoh-usa.com
asklola.ricoh-usa.com
GA16ARTDEV01.ricoh-usa.com
*.ricoh-usa.com
lpo.ricoh-usa.com
mobile.ricoh-usa.com
comms.ricoh-usa.com
my.ricoh-usa.com
ssl1.ricoh-usa.com
sts.ricoh-usa.com
UCAAS2-CUCPUB2-01-ms.ricoh-usa.com
adaptiveformsdev.ricoh-usa.com
UCAAS11-VCSE-01B.dev.ricoh-usa.com
newsroom.ricoh-usa.com
ssl2.ricoh-usa.com
images.learn.ricoh-usa.com
sts.ricoh-usa.com
UCAAS2-UCMPUB2-01.ricoh-usa.com
ddpe.ricoh-usa.com
sts.preprod.ricoh-usa.com
portal.ricoh-usa.com
ssl2.ricoh-usa.com
UCAAS2-CUP2-01-ms.ricoh-usa.com
mobileha.ricoh-usa.com
UCAAS11-VCSE1-01A.dev.ricoh-usa.com
ucaas11-cucpub1-01-ms.dev.ricoh-usa.com
*.ricoh-usa.com
portal.ricoh-usa.com
gitcloud.awsdev.ricoh-usa.com
*.ricoh-usa.com
rworld.ricoh-usa.com
mobilepoc.ricoh-usa.com
my.ricoh-usa.com
rworld-test.ricoh-usa.com
xenapp.ricoh-usa.com
rworld.ricoh-usa.com
ssl2.ricoh-usa.com

Certificate

The complete raw certificate details for ricohspha.ricoh-usa.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHITCCBgmgAwIBAgIRAIkGGgwI2BfEAAAAAFgImwMwDQYJKoZIhvcNAQELBQAw
gYIxCzAJBgNVBAYTAkNBMRQwEgYDVQQKEwtBZmZpcm1UcnVzdDErMCkGA1UECxMi
U2VlIHd3dy5hZmZpcm10cnVzdC5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnQWZm
aXJtVHJ1c3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gT1YxMB4XDTE4MTAwODEy
MDAxM1oXDTIwMTAwODEyMzAxMVowcTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5l
dyBKZXJzZXkxETAPBgNVBAcTCENhbGR3ZWxsMRgwFgYDVQQKEw9SaWNvaCBVU0Es
IEluYy4xIDAeBgNVBAMTF3JpY29oc3BoYS5yaWNvaC11c2EuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7lNCTfExWr3DKulxCUwqHFOo2kG3G2UB
1smjjvf7mNlxiQ+v4aBThjQOu+m31K121Owf0b9wGqlBS+WHzWtGIvITln+rROqM
z00ATzupUPdurhIdDcSM3wv6GAfIaajNH9AnDM6RCJ5JKqZ4BMKcPOywLJzoxv8g
eKJmdLtcRixOplZALiZyGHYV8lzWxHK+Vw+Ugoxz0G55R/MMTeJ30K2gEqx7oJ6M
uSGtE4Duf/PG4zC0ACyRCs2CHMUgZlC2tJcyBHJB7xmLy1yNOkEs/WAenelptVxV
F1HniF2MthrxLzVjsMHTM4gdU4YuLKc6QTYJZb50XVie/GBziwx0WwIDAQABo4ID
oDCCA5wwIgYDVR0RBBswGYIXcmljb2hzcGhhLnJpY29oLXVzYS5jb20wggH1Bgor
BgEEAdZ5AgQCBIIB5QSCAeEB3wB3AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG0
6v9eoIMPAAABZlOoCv4AAAQDAEgwRgIhAIWMoyd3igZAxP2csUE1pQz2VXsCbNFE
xvLbPax+lZlCAiEA6TU0UQ/DYOk+tVE8Zk2ZkmdNm2to/Vjt47g/Nf9xFjcAdQBW
FAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWZTqAsOAAAEAwBGMEQC
IDdlrIHcd0kQwAkPklp4eikQdosaRHYGK+dxT9i8Pov7AiAW4obwGAIuBMvtn4Pv
yuRSAkbwJnzBWlQElp4WrI+eogB2AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+j
qh0HE9MMAAABZlOoC1oAAAQDAEcwRQIhAJb/nmMUs4rG82pvmBm1tPRYqtw6yhlE
AFqn5vqO2C6MAiAadiySk0KE9ku2Qa9m9ECQ3KMIg4Y/eL7tuNmARHt8ZwB1AKS5
CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZlOoCxwAAAQDAEYwRAIg
Q5pDqWWvkdmFMjVfV9eYTy/Elrp+L5xm5/II+E79Nz0CIDYTuNkMHmI2NtKBju+G
klBeFc1/6GN3Zy80YeiVdufjMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwCQYDVR0TBAIwADBsBggrBgEFBQcBAQRgMF4wJwYI
KwYBBQUHMAGGG2h0dHA6Ly9vY3NwLmFmZmlybXRydXN0LmNvbTAzBggrBgEFBQcw
AoYnaHR0cDovL2FpYS5hZmZpcm10cnVzdC5jb20vYWZ0b3YxY2EuY3J0MFcGA1Ud
IARQME4wQgYKKwYBBAGCjwkCBTA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5h
ZmZpcm10cnVzdC5jb20vcmVwb3NpdG9yeTAIBgZngQwBAgIwPAYDVR0fBDUwMzAx
oC+gLYYraHR0cDovL2NybC5hZmZpcm10cnVzdC5jb20vY3JsL2FmdG92MWNhLmNy
bDAfBgNVHSMEGDAWgBT+YMMNpKKdIU96eExixdsU/Dl4xDAdBgNVHQ4EFgQU28ih
K/s4RnV+RkNNzHss/0qxQUcwDQYJKoZIhvcNAQELBQADggEBADUQ76msND4S1Mri
RUlqh9lzFUrFNEl1qPvut43mroNvPRzpN1E/tWe0LtoHUm1dce+qmR8X12Y6YHPT
jKteTurEuOuEsAfCih6yVu9PCvxAzAEGkWuOEFBXD8ukW+/3h217ioocu1rQ/4+c
aAcd0KxA9TujKwo5bZGeLqAXhtS6dqdXJ6IbELj0b33Yiuiw5ARpDNhIiwYS19aZ
CzHn/RcHW8/w25YgEQouwD/DH1DOPMXL8qgeYsMHqlaE7Hn+epDRMRGkT9HxMH+l
IyKeFMGCrcfrT8T6Hr2gyIT+f71EWaoMA4rsh0Itik3h7RoTWd79KnYGEbdzX1nc
qxpy59w=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7lNCTfExWr3DKulxCUwq
HFOo2kG3G2UB1smjjvf7mNlxiQ+v4aBThjQOu+m31K121Owf0b9wGqlBS+WHzWtG
IvITln+rROqMz00ATzupUPdurhIdDcSM3wv6GAfIaajNH9AnDM6RCJ5JKqZ4BMKc
POywLJzoxv8geKJmdLtcRixOplZALiZyGHYV8lzWxHK+Vw+Ugoxz0G55R/MMTeJ3
0K2gEqx7oJ6MuSGtE4Duf/PG4zC0ACyRCs2CHMUgZlC2tJcyBHJB7xmLy1yNOkEs
/WAenelptVxVF1HniF2MthrxLzVjsMHTM4gdU4YuLKc6QTYJZb50XVie/GBziwx0
WwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 182135917499809448953794288889367141123
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'AffirmTrust'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.affirmtrust.com/repository'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'AffirmTrust Certificate Authority - OV1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-10-08 12:00:13 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-10-08 12:30:11 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New Jersey'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Caldwell'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ricoh USA, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ricohspha.ricoh-usa.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30085773125909345669401968764499649835293689767857953013026700007131775519197959615018539775546200122791428398627426089040599943676034775594390175711179225886915868818423328086299077433281269031969136889217203919983417674836373026025024463050108000004438274189417620020186349967562752851846539919426202098426737702592353900977369087016175080079944712865381324880739103431501546418193343943701196897218739345235818571065901890434386608900523331443996930730625202842853873136360117655883674471337562587357353701792859025542919291807850407894912310147013050925149647545758494010552556284142696271901616296665642701714523
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (27 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ricohspha.ricoh-usa.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (485 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (481 bytes)
							01df0077008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016653a80afe0000040300483046022100858ca327778a0640c4fd9cb14135a50cf6557b026cd144c6f2db3dac7e959942022100e93534510fc360e93eb5513c664d9992674d9b6b68fd58ede3b83f35ff7116370075005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000016653a80b0e000004030046304402203765ac81dc774910c0090f925a787a2910768b1a4476062be7714fd8bc3e8bfb022016e286f018022e04cbed9f83efcae4520246f0267cc15a5404969e16ac8f9ea20076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000016653a80b5a000004030047304502210096ff9e6314b38ac6f36a6f9819b5b4f458aadc3aca1944005aa7e6fa8ed82e8c02201a762c92934284f64bb641af66f44090dca30883863f78beedb8d980447b7c67007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016653a80b1c00000403004630440220439a43a965af91d98532355f57d7984f2fc496ba7e2f9c66e7f208f84efd373d02203613b8d90c1e623636d2818eef8692505e15cd7fe86377672f3461e89576e7e3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (96 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.affirmtrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.affirmtrust.com/aftov1ca.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (80 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.34697.2.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.affirmtrust.com/repository'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (53 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.affirmtrust.com/crl/aftov1ca.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName fe60c30da4a29d214f7a784c62c5db14fc3978c4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							dbc8a12bfb3846757e46434dcc7b2cff4ab14147
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003510efa9ac343e12d4cae245496a87d973154ac5344975a8fbeeb78de6ae836f3d1ce937513fb567b42eda07526d5d71efaa991f17d7663a6073d38cab5e4eeac4b8eb84b007c28a1eb256ef4f0afc40cc0106916b8e1050570fcba45beff7876d7b8a8a1cbb5ad0ff8f9c68071dd0ac40f53ba32b0a396d919e2ea01786d4ba76a75727a21b10b8f46f7dd88ae8b0e404690cd8488b0612d7d6990b31e7fd17075bcff0db9620110a2ec03fc31f50ce3cc5cbf2a81e62c307aa5684ec79fe7a90d13111a44fd1f1307fa523229e14c182adc7eb4fc4fa1ebda0c884fe7fbd4459aa0c038aec87422d8a4de1ed1a1359defd2a760611b7735f59dcab1a72e7dc