www.kyoin-saiyo.metro.tokyo.lg.jp

- Tokyo Metropolitan Government -

Issued by SECOM Passport for Web SR 3.0 CA

About this certificate

This digital certificate with serial number 0a:6a:9b:9b:01:0f:b4:22:c2:fb:bf:de:41:88:17:33 was issued on by SECOM Trust Systems CO.,LTD..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Subscriber certificates authorityInformationAccess extension should contain the HTTP URL of the issuing CA’s certificate (BRs: 7.1.2.3)

Tokyo Metropolitan Government

Organization: Tokyo Metropolitan Government
Organization unit: Kyouikuchou Jinjibu Jinjikyuuyojouhouka
State / Province: Tokyo
Locality: Shinjuku-ku
Country: JP

SECOM Trust Systems CO.,LTD.

Organization: SECOM Trust Systems CO.,LTD.
Country: JP

This certificate has expire since

Certificate Details

Serial Number (hex): 0a:6a:9b:9b:01:0f:b4:22:c2:fb:bf:de:41:88:17:33
Serial Number (int): 13845819479036075741872156009386481459
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 34:42:9a:4c:4b:37:04:42:16:05:78:07:02:e8:7a:c3:0d:31:84:ea
AuthorityKeyId: cb:ef:3d:ef:83:74:a1:a8:42:f0:3b:40:36:fa:6d:82:94:a9:27:36

Fingerprint (sha1): 05:b5:aa:c3:0d:0a:e8:ea:56:d4:2f:31:b5:63:6a:61:72:aa:60:1c
Fingerprint (sha256): 22:ca:ed:ac:cd:ca:a8:0d:8b:94:3d:7f:61:59:9b:36:19:30:6d:66:0b:f8:1e:7d:c4:3a:99:8d:f7:00:1f:8a


Revocation information

OCSP Server: http://sr30.ocsp.secomtrust.net
CRL Distribution Point: http://repo1.secomtrust.net/spcpp/pfw/pfwsr3ca/fullcrl2.crl

Check the revocation status for certificate www.kyoin-saiyo.metro.tokyo.lg.jp

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.kyoin-saiyo.metro.tokyo.lg.jp

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.kyoin-saiyo.metro.tokyo.lg.jp

Other certificates including the domain name tokyo.lg.jp

(limited to 100 certificates)
www.ecosystem.metro.tokyo.lg.jp
en.sports-tokyo-info.metro.tokyo.lg.jp
www.tokyo-danjo.metro.tokyo.lg.jp
csyouboudoui-irai.tfd.metro.tokyo.lg.jp
www.kyoin-saiyo.tems.metro.tokyo.lg.jp
www9.kankyo.metro.tokyo.lg.jp
www.sports-tokyo-info.metro.tokyo.lg.jp
smooth-biz.metro.tokyo.lg.jp
ijime.metro.tokyo.lg.jp
www.locationbox.metro.tokyo.lg.jp
www.meisai.tems.metro.tokyo.lg.jp
www.digitalservice.metro.tokyo.lg.jp
stg.apr.applicant-api.2021.jitan.metro.tokyo.lg.jp
shuyojoho.metro.tokyo.lg.jp
www.hikaku.metro.tokyo.lg.jp
www.kankyo.metro.tokyo.lg.jp
www2.fukushihoken.metro.tokyo.lg.jp
yoyaku.sports.metro.tokyo.lg.jp
stg.kodomo-smile.metro.tokyo.lg.jp
www2.fukushihoken.metro.tokyo.lg.jp
koshikawakaikei.lfv.jp
nenryou-taisaku.metro.tokyo.lg.jp
wwwdojou.kankyo.metro.tokyo.lg.jp
www.kaisyahakken.metro.tokyo.lg.jp
stopcovid19.metro.tokyo.lg.jp
www.kodomo-dokusho.metro.tokyo.lg.jp
gairaisyu.metro.tokyo.lg.jp
futari-story.metro.tokyo.lg.jp
mypage.018support-system.metro.tokyo.lg.jp
www.wakanavi-tokyo.metro.tokyo.lg.jp
map-origin.bousai.metro.tokyo.lg.jp
www.lwb-expo.metro.tokyo.lg.jp
www.conrepo.metro.tokyo.lg.jp
catalog.data.metro.tokyo.lg.jp
prod.41.slot.cdn.salesforce-communities.com
stg.kenkou-hataraku.metro.tokyo.lg.jp
www5.kankyo.metro.tokyo.lg.jp
www8.kankyo.metro.tokyo.lg.jp
toritsuko.metro.tokyo.lg.jp
www.e-rule.metro.tokyo.lg.jp
prod.41.slot.cdn.salesforce-communities.com
www.hikaku.metro.tokyo.lg.jp
www.medclar.ro
www.hataraku.metro.tokyo.lg.jp
prod.41.slot.cdn.salesforce-communities.com
wwwdojou.kankyo.metro.tokyo.lg.jp
www.maedatei.metro.tokyo.lg.jp
search.metro.tokyo.lg.jp
filets01.metro.tokyo.lg.jp
www.tamajimu.metro.tokyo.lg.jp
prod.41.slot.cdn.salesforce-communities.com
portal.data.metro.tokyo.lg.jp
www.ecosystem.metro.tokyo.lg.jp
www.investtokyo.metro.tokyo.lg.jp
poc-ground.metro.tokyo.lg.jp
nihongoup.metro.tokyo.lg.jp
staff2.shintosei.metro.tokyo.lg.jp
suidonet.waterworks.metro.tokyo.lg.jp
wannyan.metro.tokyo.lg.jp
www3.kankyo.metro.tokyo.lg.jp
cms.hataraku.metro.tokyo.lg.jp
catalog.library.metro.tokyo.lg.jp
www.kyoin-saiyo.metro.tokyo.lg.jp
api.data.metro.tokyo.lg.jp
gamcheatsheet.com
futari-story.metro.tokyo.lg.jp
catalog.data.metro.tokyo.lg.jp
cms.hataraku.metro.tokyo.lg.jp
sabisapp-stage.websays.com
nihongoup.metro.tokyo.lg.jp
fukushikensa.metro.tokyo.lg.jp
*.support-navi.metro.tokyo.lg.jp
catalog.data.metro.tokyo.lg.jp
tems.kjssj.metro.tokyo.lg.jp
www.taiki.kankyo.metro.tokyo.lg.jp
www.anzenedu.metro.tokyo.lg.jp
www.mentor-cafe.metro.tokyo.lg.jp
018support-system.metro.tokyo.lg.jp
tokyovaccine-rsv.metro.tokyo.lg.jp
www.keishicho.metro.tokyo.lg.jp
www.takken.metro.tokyo.lg.jp
www.snsdouga.metro.tokyo.lg.jp
www.conrepo.metro.tokyo.lg.jp
www.tmiph.metro.tokyo.lg.jp
prod.41.slot.cdn.salesforce-communities.com
sumasapo.metro.tokyo.lg.jp
webtest.tfd.metro.tokyo.lg.jp
www.zeroemission-life.metro.tokyo.lg.jp
kodomosafetypj.metro.tokyo.lg.jp
www.kouwan.metro.tokyo.lg.jp
prod.41.slot.cdn.salesforce-communities.com
www.taiki.kankyo.metro.tokyo.lg.jp
kosodateswitch.metro.tokyo.lg.jp
www.fsis.metro.tokyo.lg.jp
futari-story.metro.tokyo.lg.jp
www.ifarc.metro.tokyo.lg.jp
www.kaisyahakken.metro.tokyo.lg.jp
stg.kenkou-hataraku.metro.tokyo.lg.jp
www.fukuho-kodomotsu.metro.tokyo.lg.jp
manabu.metro.tokyo.lg.jp

Certificate

The complete raw certificate details for www.kyoin-saiyo.metro.tokyo.lg.jp in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGqzCCBZOgAwIBAgIQCmqbmwEPtCLC+7/eQYgXMzANBgkqhkiG9w0BAQsFADBf
MQswCQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4s
TFRELjEpMCcGA1UEAxMgU0VDT00gUGFzc3BvcnQgZm9yIFdlYiBTUiAzLjAgQ0Ew
HhcNMTkwNjI3MDg0OTUyWhcNMjEwNjI3MTQ1OTU5WjCBuTELMAkGA1UEBhMCSlAx
DjAMBgNVBAgTBVRva3lvMRQwEgYDVQQHEwtTaGluanVrdS1rdTEmMCQGA1UEChMd
VG9reW8gTWV0cm9wb2xpdGFuIEdvdmVybm1lbnQxMDAuBgNVBAsTJ0t5b3Vpa3Vj
aG91IEppbmppYnUgSmluamlreXV1eW9qb3Vob3VrYTEqMCgGA1UEAxMhd3d3Lmt5
b2luLXNhaXlvLm1ldHJvLnRva3lvLmxnLmpwMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA3pMp3qpzyUD0Ev7HWbx8vNd4UF+ijEjgwSz/Jny1WfX2mDwc
p6+LWSmF9lwtrLHKttaRDDatQQo18lUTOFC2HPrFtvfooC24pR/59cLR+GtdBdlI
jKbJ/yR1c/ZndHBiZ+3qL3gXVvaC3BpO1nHd3L7Ci/D13G4bkk/hdXRwWo2lpI7i
KIxcFKzxTI2UPbKj1K9I0i31p60rvgLCQ3P3vZViuH0QyDMMPTz24SHf32aUsIy9
GhD0v5Zb9YUW6RkC72bWBBL19AgbuMdFSn4S19fNukt5R9NlvF/WlkfqYg9Q28C8
DdPq/y1VU+l5imSfBBOIwYQODPVtUwOZhO3IeQIDAQABo4IDBjCCAwIwHwYDVR0j
BBgwFoAUy+8974N0oahC8DtANvptgpSpJzYwOwYIKwYBBQUHAQEELzAtMCsGCCsG
AQUFBzABhh9odHRwOi8vc3IzMC5vY3NwLnNlY29tdHJ1c3QubmV0MCwGA1UdEQQl
MCOCIXd3dy5reW9pbi1zYWl5by5tZXRyby50b2t5by5sZy5qcDBhBgNVHSAEWjBY
MEwGCiqDCIybG2SFbwEwPjA8BggrBgEFBQcCARYwaHR0cHM6Ly9yZXBvMS5zZWNv
bXRydXN0Lm5ldC9zcGNwcC9wZncvcGZ3c3IzY2EvMAgGBmeBDAECAjATBgNVHSUE
DDAKBggrBgEFBQcDATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vcmVwbzEuc2Vj
b210cnVzdC5uZXQvc3BjcHAvcGZ3L3Bmd3NyM2NhL2Z1bGxjcmwyLmNybDAdBgNV
HQ4EFgQUNEKaTEs3BEIWBXgHAuh6ww0xhOowDgYDVR0PAQH/BAQDAgWgMIIBfQYK
KwYBBAHWeQIEAgSCAW0EggFpAWcAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jj
d80OyA3cEAAAAWuYKaCsAAAEAwBHMEUCIAhbOYS+sd02QV5T0W4C2bWQsww9Oh96
MCDLLCWNRIxTAiEA//LY2xFPhVYz5JLQUJTvn/y8wiqWnQPpv2wIPwmXB44AdgDu
S723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWuYKalhAAAEAwBHMEUC
IFEUY2ypMTDOScbBtD13laZgkFBV+//P1PO0Dahl8HCqAiEArVHvfTS/FavB9siH
e3fZVFzKw8UXND6ZF8j2LxJRXVAAdQBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkG
jbIImjfZEwAAAWuYKbKdAAAEAwBGMEQCIFF9BAn/n1xyN1ZRZRScQ4WVNewicfOM
3miw3RSgLpFnAiAX7D59+O3PcZDupogwUmh0HgEOCWdaSS382pBLFqhKXDANBgkq
hkiG9w0BAQsFAAOCAQEAivDJ7JlUTF9QZOfPWnJkGmF+pT9S47S6XuK6M3b2FHVk
/541LV2TdwlRtvp1Gg94L+ApEGkyxNlZxsXO0dZMS3D6wA231b1l3HLK6rA5tZUt
V+R0SO6l/HZYuXWATiMPNle+svh9k9/EopONPacH2wDyYnmtDwWjs4C4Oovk7a9d
uySfdtg2/8ZGzpvIrS2xIsgE3ADhH3NE/Y08k5wxcDaY97OqoIx6UdoxKuBaA4yD
7qLIBAp2cMPfEYhcac6izN/8DPZO+dDRM3D1H6ADSP6ZVsOT7nMb0d0Xw1n2cuqe
ZiQDmRSovC8Ow7C8r4BHXWNHqGqS6yjnXd4WpPB1AA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pMp3qpzyUD0Ev7HWbx8
vNd4UF+ijEjgwSz/Jny1WfX2mDwcp6+LWSmF9lwtrLHKttaRDDatQQo18lUTOFC2
HPrFtvfooC24pR/59cLR+GtdBdlIjKbJ/yR1c/ZndHBiZ+3qL3gXVvaC3BpO1nHd
3L7Ci/D13G4bkk/hdXRwWo2lpI7iKIxcFKzxTI2UPbKj1K9I0i31p60rvgLCQ3P3
vZViuH0QyDMMPTz24SHf32aUsIy9GhD0v5Zb9YUW6RkC72bWBBL19AgbuMdFSn4S
19fNukt5R9NlvF/WlkfqYg9Q28C8DdPq/y1VU+l5imSfBBOIwYQODPVtUwOZhO3I
eQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 13845819479036075741872156009386481459
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'JP'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SECOM Trust Systems CO.,LTD.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SECOM Passport for Web SR 3.0 CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-27 08:49:52 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-06-27 14:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'JP'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Tokyo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Shinjuku-ku'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Tokyo Metropolitan Government'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Kyouikuchou Jinjibu Jinjikyuuyojouhouka'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.kyoin-saiyo.metro.tokyo.lg.jp'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28097472755559482186896134666976051965633413376312469931949310032472224869030726659229753851583286975455341878015647859218550680865319906812246981932744882597209518002910717960127525612848460744702045421387379339840133708468388135141746138998702953947376432928852523963429589886920586795851143970986795930859630083343309303369993940841466252958036664173914106458940605570685637365332204253883158100567965137487467507174095438742240065884979971509419409719067267609297963997312834205642726052450414825348231716496081613737743803420616412771565835090902157021293135687129246058451236970852065919286418360610052436248697
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName cbef3def8374a1a842f03b4036fa6d8294a92736
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (47 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sr30.ocsp.secomtrust.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (37 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kyoin-saiyo.metro.tokyo.lg.jp'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (90 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.392.200091.100.751.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repo1.secomtrust.net/spcpp/pfw/pfwsr3ca/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://repo1.secomtrust.net/spcpp/pfw/pfwsr3ca/fullcrl2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							34429a4c4b3704421605780702e87ac30d3184ea
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016b9829a0ac00000403004730450220085b3984beb1dd36415e53d16e02d9b590b30c3d3a1f7a3020cb2c258d448c53022100fff2d8db114f855633e492d05094ef9ffcbcc22a969d03e9bf6c083f0997078e007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000016b9829a961000004030047304502205114636ca93130ce49c6c1b43d7795a660905055fbffcfd4f3b40da865f070aa022100ad51ef7d34bf15abc1f6c8877b77d9545ccac3c517343e9917c8f62f12515d500075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000016b9829b29d00000403004630440220517d0409ff9f5c7237565165149c43859535ec2271f38cde68b0dd14a02e9167022017ec3e7df8edcf7190eea688305268741e010e09675a492dfcda904b16a84a5c
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		008af0c9ec99544c5f5064e7cf5a72641a617ea53f52e3b4ba5ee2ba3376f6147564ff9e352d5d93770951b6fa751a0f782fe029106932c4d959c6c5ced1d64c4b70fac00db7d5bd65dc72caeab039b5952d57e47448eea5fc7658b975804e230f3657beb2f87d93dfc4a2938d3da707db00f26279ad0f05a3b380b83a8be4edaf5dbb249f76d836ffc646ce9bc8ad2db122c804dc00e11f7344fd8d3c939c31703698f7b3aaa08c7a51da312ae05a038c83eea2c8040a7670c3df11885c69cea2ccdffc0cf64ef9d0d13370f51fa00348fe9956c393ee731bd1dd17c359f672ea9e6624039914a8bc2f0ec3b0bcaf80475d6347a86a92eb28e75dde16a4f07500