uatimmunizationconsent.manitoba.ca

- Department of Finance (Province of Manitoba) -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 54:4a:37:3e:63:98:52:75:5a:a1:8d:57:51:63:4a:9a was issued on by Entrust, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Department of Finance (Province of Manitoba)

Organization: Department of Finance (Province of Manitoba)
State / Province: Manitoba
Locality: Winnipeg
Country: CA

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 54:4a:37:3e:63:98:52:75:5a:a1:8d:57:51:63:4a:9a
Serial Number (int): 112040502088961949390439191404521671322
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 81:0d:14:7a:49:3c:9d:a8:40:c7:0a:d5:a8:f5:cc:d9:47:7d:5f:a1
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): cd:f2:8c:4f:3b:4f:5c:41:f9:c2:96:49:50:e2:5c:fb:2d:5b:11:b5
Fingerprint (sha256): 22:df:58:23:dc:e3:d3:7b:3d:19:58:01:60:a1:dc:1f:35:b0:5a:be:be:40:86:40:57:60:c0:c7:ce:5a:c8:c0

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate uatimmunizationconsent.manitoba.ca

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for uatimmunizationconsent.manitoba.ca

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

uatimmunizationconsent.manitoba.ca

Other certificates including the domain name manitoba.ca

(limited to 100 certificates)
manitoba.ca
uatimmunizationcard.manitoba.ca
uatimmunizationconsent.manitoba.ca
manitoba.ca
*.manitoba.ca
manitoba.ca
manitoba.ca
immunizationconsent.manitoba.ca
manitoba.ca
60b725f10c9c85.manitoba.ca
manitoba.ca
www.manitoba.ca
immunizationcard.manitoba.ca
*.gov.mb.ca
manitoba.ca
stimmunizationconsent.manitoba.ca
manitoba.ca
immunizationcard.manitoba.ca
manitoba.ca
manitoba.ca
manitoba.ca
*.manitoba.ca
manitoba.ca
immunizationcard.manitoba.ca
SSO.MANITOBA.CA
SSODR.MANITOBA.CA
manitoba.ca
manitoba.ca
*.gov.mb.ca
*.gov.mb.ca
devimmunizationconsent.manitoba.ca
www.manitoba.ca
*.manitoba.ca

Certificate

The complete raw certificate details for uatimmunizationconsent.manitoba.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGWDCCBUCgAwIBAgIQVEo3PmOYUnVaoY1XUWNKmjANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
MzExMjkxODE4MzFaFw0yNDEyMjcxODE4MzBaMIGXMQswCQYDVQQGEwJDQTERMA8G
A1UECBMITWFuaXRvYmExETAPBgNVBAcTCFdpbm5pcGVnMTUwMwYDVQQKEyxEZXBh
cnRtZW50IG9mIEZpbmFuY2UgKFByb3ZpbmNlIG9mIE1hbml0b2JhKTErMCkGA1UE
AxMidWF0aW1tdW5pemF0aW9uY29uc2VudC5tYW5pdG9iYS5jYTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAOnuNxH1eamlpFjp1hTQgnaTSx/KLa18ymQd
hldoiHplY1MA4H49xTQDXVvQdTt5FOoTOd4gwJPc9BJKshIZMuDy9LIXTqWHQEjd
zOPGTTYhEmgggCrehEMxI2dd7B7UnaTCiNDsx9UAbR7nXGqMiQwQRw4JsIhkKSO3
NNsAwk4xsLVt+QIBuBslEJBf+S+KAK0GmhI/2UTm2h7T6A4iXNBoWxuFyTGxqTHR
uaqJWBXcCXjI9VjORQ5uVLX6R8ayELsaDyXtvUF/aiO6oDrP6NtRn5Fcixvz5PMw
1eo0ndCOJ4DP5ff7PZnvOajAVpF7l4fg8U5rGAuotlMvS45jMbUrcrhSKMVc2djp
DKl9hD97jBEHUN4YZVv6TxWZyDz2lFpX7SOPkI65zO9Nkq0gDFvvEdZ6+MAsndLj
HEwvU9AaKVItTLIGkzoju0TDWlVbPUZC+gV/zwNcLzLPWaE+1HWXUGzwW3CSFwqj
zvVxXX9z7G0Sw5qC6zmSS2geDeVCIo/D/RHBvvduyp7olGdF/L3nQkSTSvujsvb0
K112+hsDBvDS1qYwhQGqEe+EIvWxwchUHG/PS7a+vLhsL9q4y1k8NsdFClr4opsQ
knu8BemaDkmnV3LXbcTbKq59Ra7Im83ibubG8L1Mss0ElHjqFH/KC50G2/OehEZu
BFYPw4zLAgMBAAGjggF5MIIBdTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSBDRR6
STydqEDHCtWo9czZR31foTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpM
vzBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1
c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1j
aGFpbjI1Ni5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0
Lm5ldC9sZXZlbDFrLmNybDAtBgNVHREEJjAkgiJ1YXRpbW11bml6YXRpb25jb25z
ZW50Lm1hbml0b2JhLmNhMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwEwYDVR0gBAwwCjAIBgZngQwBAgIwEwYKKwYBBAHWeQIE
AwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAJN06uxb1fATdHVUdnFmb+3YSh9u
iusEG1cl0+C/b45/y/NNQriyw4OQ89fqucsZEjB6xZa/vy5dU17Jvdy99RBshD+Z
Ibe+QFh0c1gjbqpp0HAc9U3Vt8SN1pZyWzACf9zYjdRuIkjtBMD4aTT+kcWWBUa0
u3Lxy0lFr9L3c9CRlOuvUjciaJUcF8n+vVBu5H2gDNMCIDOQfcO65wN9CzpF3UkS
pYEKSGQyJy2wRpagrdg0zX21TycJEP/NQ/zaieq0g1Kt6gg6ka1rdyLInlI0CEjk
R/KZXjfWw0zPq6QmZ5lg8XM0e8Qwy54k3K6grOtSaTZ4K6yhIpUT3cY4YPM=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6e43EfV5qaWkWOnWFNCC
dpNLH8otrXzKZB2GV2iIemVjUwDgfj3FNANdW9B1O3kU6hM53iDAk9z0EkqyEhky
4PL0shdOpYdASN3M48ZNNiESaCCAKt6EQzEjZ13sHtSdpMKI0OzH1QBtHudcaoyJ
DBBHDgmwiGQpI7c02wDCTjGwtW35AgG4GyUQkF/5L4oArQaaEj/ZRObaHtPoDiJc
0GhbG4XJMbGpMdG5qolYFdwJeMj1WM5FDm5UtfpHxrIQuxoPJe29QX9qI7qgOs/o
21GfkVyLG/Pk8zDV6jSd0I4ngM/l9/s9me85qMBWkXuXh+DxTmsYC6i2Uy9LjmMx
tStyuFIoxVzZ2OkMqX2EP3uMEQdQ3hhlW/pPFZnIPPaUWlftI4+QjrnM702SrSAM
W+8R1nr4wCyd0uMcTC9T0BopUi1MsgaTOiO7RMNaVVs9RkL6BX/PA1wvMs9ZoT7U
dZdQbPBbcJIXCqPO9XFdf3PsbRLDmoLrOZJLaB4N5UIij8P9EcG+927KnuiUZ0X8
vedCRJNK+6Oy9vQrXXb6GwMG8NLWpjCFAaoR74Qi9bHByFQcb89Ltr68uGwv2rjL
WTw2x0UKWviimxCSe7wF6ZoOSadXctdtxNsqrn1FrsibzeJu5sbwvUyyzQSUeOoU
f8oLnQbb856ERm4EVg/DjMsCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 112040502088961949390439191404521671322
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-29 18:18:31 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-12-27 18:18:30 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manitoba'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Winnipeg'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Department of Finance (Province of Manitoba)'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'uatimmunizationconsent.manitoba.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 954353290083718797916282188580679654057970587768878465034762061769876518042344699075350938775659070256737699569998846963832587957957218969863256483538638061179296461901220448061438456757889810102785173119493243150941243511991899230281511360108367852781269635064794086404456716136256923171333798089347365691834047285997776431948417625921302779781267148994266538810668725489827167758481468590987220323329967249535637442574278999037856557514360437237280703806532465299778650183653401976491714396359246019612518309299644120101641831499924246317097024996540042176795981439662356009079180456495225756702648296671724406989557873762787186139490543148624777768858435002102451886739621343562003810481043292414347595995081380174465705090214680941112981855696394907196674437802589642883498940380276882495338541854926583893670830533095721403623589593048972063007322111357123119488872865059235701288893399215632316372622940626575126321238170344983518866216002172798465329177860905055436666981403543390596992340196514605696338688198462196349444582664560026288795594156549797330433161569689136535964122042475895834805394430931540703953515708881389768826480455677006445209228808871107132723901713559733913397813584511141982927917052265413286916492491
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							810d147a493c9da840c70ad5a8f5ccd9477d5fa1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uatimmunizationconsent.manitoba.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009374eaec5bd5f0137475547671666fedd84a1f6e8aeb041b5725d3e0bf6f8e7fcbf34d42b8b2c38390f3d7eab9cb1912307ac596bfbf2e5d535ec9bddcbdf5106c843f9921b7be4058747358236eaa69d0701cf54dd5b7c48dd696725b30027fdcd88dd46e2248ed04c0f86934fe91c5960546b4bb72f1cb4945afd2f773d09194ebaf52372268951c17c9febd506ee47da00cd3022033907dc3bae7037d0b3a45dd4912a5810a486432272db04696a0add834cd7db54f270910ffcd43fcda89eab48352adea083a91ad6b7722c89e52340848e447f2995e37d6c34ccfaba426679960f173347bc430cb9e24dcaea0aceb526936782baca1229513ddc63860f3