shop.bfi.org.uk

- BRITISH FILM INSTITUTE (BIG SCREEN) LIMITED -

Issued by GlobalSign RSA OV SSL CA 2018

About this certificate

This digital certificate with serial number 06:0f:aa:5c:a6:c0:25:46:84:54:ad:a5 was issued on by GlobalSign nv-sa.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

BRITISH FILM INSTITUTE (BIG SCREEN) LIMITED

Organization: BRITISH FILM INSTITUTE (BIG SCREEN) LIMITED
State / Province: London
Locality: London
Country: GB

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate will expire on

Certificate Details

Serial Number (hex): 06:0f:aa:5c:a6:c0:25:46:84:54:ad:a5
Serial Number (int): 1875848457640477261556919717
Serial Number lenght: 91 bits, 12 octets

SubjectKeyId: d5:20:55:f3:31:0f:75:73:fd:fc:94:17:ba:48:ff:7a:99:6d:ce:65
AuthorityKeyId: f8:ef:7f:f2:cd:78:67:a8:de:6f:8f:24:8d:88:f1:87:03:02:b3:eb

Fingerprint (sha1): bc:dd:c2:35:aa:7e:ac:06:d4:e6:88:5e:31:f5:30:11:e1:e9:ec:ec
Fingerprint (sha256): 22:e9:2c:b8:99:b7:17:47:68:d0:d3:20:93:c7:1d:79:03:07:93:da:16:0a:39:dd:0b:b8:5b:9e:19:ef:de:3e

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt

Revocation information

OCSP Server: http://ocsp.globalsign.com/gsrsaovsslca2018
CRL Distribution Point: http://crl.globalsign.com/gsrsaovsslca2018.crl

Check the revocation status for certificate shop.bfi.org.uk

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for shop.bfi.org.uk

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

shop.bfi.org.uk

Other certificates including the domain name bfi.org.uk

(limited to 100 certificates)
search-es.player.bfi.org.uk
testappstore.bfi.org.uk
mdm.bfi.org.uk
www2.bfi.org.uk
subscriber.pagesuite.com
bfimail.bfi.org.uk
bfijobsandopportunities.bfi.org.uk
stories.bfi.org.uk
www.pagesuite.co.uk
www.pagesuite.co.uk
courtamew.dev
owa.bfi.org.uk
adnoncentaur3.abasoft.co.uk
filmstore.bfi.org.uk
jasperdekorte.nl
www.bfi.org.uk
el3alamia.website
staging.core-cms.bfi.digital
core-cms.bfi.org.uk
adnoncentaur3.abasoft.co.uk
appstore.bfi.org.uk
tickets.bfi.org.uk
contribute.bfi.org.uk
drbfiportal.bfi.org.uk
*.player.bfi.org.uk
testappstore.bfi.org.uk
adnoncentaur3.abasoft.co.uk
stills.bfi.org.uk
www.bfi.org.uk
appstore.bfi.org.uk
www.reactnative.ga
digital-collection.bfi.org.uk
bfimail.bfi.org.uk
www.anomalymusic.dev
filmography.bfi.org.uk
testappstore.bfi.org.uk
filmstore.bfi.org.uk
core-cms.bfi.org.uk
admin.gruve.link
digital-collection.bfi.org.uk
fan.bfi.org.uk
festivalaccreditation.bfi.org.uk
contribute.bfi.org.uk
pasteleriadonrafael.cl
www.stelliteautomation.com
planfile.com
BK-BFICTXADM1.bfi.org.uk
shop.bfi.org.uk
palrivercg.com
adnoncentaur3.abasoft.co.uk
subscriber.pagesuite.com
www.pagesuite.co.uk
www.shop.bfi.org.uk
filmography.bfi.org.uk
blueprint.currents.fm
ss-xfiles1.bfi.org.uk
www.shop.bfi.org.uk
player-skylark.bfi.org.uk
player.bfi.org.uk
www.pagesuite.co.uk
contribute.bfi.org.uk
bfimail.bfi.org.uk
appstore.bfi.org.uk
whatson.bfi.org.uk
shop.bfi.org.uk
filmography.bfi.org.uk
network.bfi.org.uk
owamob.bfi.org.uk
xmgateway.bfi.org.uk
www.pagesuite.co.uk
fftd.bfi.org.uk
adnoncentaur3.abasoft.co.uk
tempbfiportal.bfi.org.uk
bfidigitaldesktop.bfi.org.uk
sightandsounddigitaledition.bfi.org.uk
contribute.bfi.org.uk
admin.dheoab.dev
whatson.bfi.org.uk
www.bfi.org.uk
lf-cast.pearsports.com
adnoncentaur3.abasoft.co.uk
bfiftp.bfi.org.uk
adfe7.abasoft.co.uk
*.player.bfi.org.uk
collections-search.bfi.org.uk
adnoncentaur3.abasoft.co.uk
owa.bfi.org.uk
search-es.player.bfi.org.uk
www.pagesuite.co.uk
subscriber.pagesuite.com
explore.bfi.org.uk
adnoncentaur3.abasoft.co.uk
BFICTXNS02.bfi.org.uk
contribute.bfi.org.uk
stories.bfi.org.uk
app.dev.mazumago.com
whatson.bfi.org.uk
www.tnguyen.dev
contribute.bfi.org.uk
contribute.bfi.org.uk

Certificate

The complete raw certificate details for shop.bfi.org.uk in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIMBg+qXKbAJUaEVK2lMA0GCSqGSIb3DQEBCwUAMFAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1H
bG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yNDA1MTcwODQ2MDJaFw0y
NTA2MTgwODQ2MDFaMH8xCzAJBgNVBAYTAkdCMQ8wDQYDVQQIEwZMb25kb24xDzAN
BgNVBAcTBkxvbmRvbjE0MDIGA1UEChMrQlJJVElTSCBGSUxNIElOU1RJVFVURSAo
QklHIFNDUkVFTikgTElNSVRFRDEYMBYGA1UEAxMPc2hvcC5iZmkub3JnLnVrMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMZkcjw9SEQNo0LHykjA3c3I
/KXMJ0FNlTr2HZediIzSk0AmKLskE8GmlITk6LU7AlS0k+tsUTvETjtxZL4FOOEM
nCOKtPwM1Vc6GJ27HMr27esrVsMvOv/GdXDG1gNNufZxRiMYQtkYUm5Jo6Yu3rIo
xaqFlsEPfpbQVa71E/auZU30M14MCFVWn19H7a1FQQJCIQJgfTTFaAamUq9JRl0g
3mqv8zy01K5Ez3Jn4WFreHZ06/uku7eYJXLr/UbFlE36LT/ydqOgCsXud6jxmrtK
0t/61g8T87ICWiKKbY0CGd7RsQpRw+kdo1AeDq9nPkVoLDMyJyzvNa8n7AICmQID
AQABo4IB3DCCAdgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwgY4GCCsG
AQUFBwEBBIGBMH8wRAYIKwYBBQUHMAKGOGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2ln
bi5jb20vY2FjZXJ0L2dzcnNhb3Zzc2xjYTIwMTguY3J0MDcGCCsGAQUFBzABhito
dHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9nc3JzYW92c3NsY2EyMDE4MFYGA1Ud
IARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmds
b2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjA/BgNVHR8EODA2MDSg
MqAwhi5odHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzcnNhb3Zzc2xjYTIwMTgu
Y3JsMBoGA1UdEQQTMBGCD3Nob3AuYmZpLm9yZy51azAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAU+O9/8s14Z6jeb48kjYjxhwMCs+sw
HQYDVR0OBBYEFNUgVfMxD3Vz/fyUF7pI/3qZbc5lMBMGCisGAQQB1nkCBAMBAf8E
AgUAMA0GCSqGSIb3DQEBCwUAA4IBAQBBCAHzmjLniS0m61uEahpMMMaGLCaxCg8q
7WluP6gu+PIZMHu1cJRIgGa3kAb/ie4yddJhGpf67GfYefV+qHfDUuF+nHRu1fnk
JoWd9lPpHpSUqp/wfpDzzmEIKXraQVe2cHOm54rrtWCPYnSEBmCT0qHOFr0s/Lvm
0d1rOcoSLQ5kIFr5GDrl1ztBMMldfLfWjFyg0y/meIuog93GWWz4WVn3vPePUVun
VJ2dP3iwHnOGv5Ud4/JsLnlqVNGEzAVsRyy3T32yGuggeRFKl7efmzKPaOv1QRnn
E3XJ8rqrkMxygXUABPfx2z7/FuD1JM5vpKz8xgclB+/EFFHq4KAQ
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMZkcjw9SEQNo0LHykjA
3c3I/KXMJ0FNlTr2HZediIzSk0AmKLskE8GmlITk6LU7AlS0k+tsUTvETjtxZL4F
OOEMnCOKtPwM1Vc6GJ27HMr27esrVsMvOv/GdXDG1gNNufZxRiMYQtkYUm5Jo6Yu
3rIoxaqFlsEPfpbQVa71E/auZU30M14MCFVWn19H7a1FQQJCIQJgfTTFaAamUq9J
Rl0g3mqv8zy01K5Ez3Jn4WFreHZ06/uku7eYJXLr/UbFlE36LT/ydqOgCsXud6jx
mrtK0t/61g8T87ICWiKKbY0CGd7RsQpRw+kdo1AeDq9nPkVoLDMyJyzvNa8n7AIC
mQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1875848457640477261556919717
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign RSA OV SSL CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-17 08:46:02 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-06-18 08:46:01 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'London'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'London'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BRITISH FILM INSTITUTE (BIG SCREEN) LIMITED'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'shop.bfi.org.uk'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23830632256533863169804877061720493944562901426125564095921011721419323570884356195118839409161769770904800839163075370562111897154912165081995169987816927511059549570125747381868547482838956721776825280164580365657079058592627058223920490561144330467147559910000127819782514869476034578044099392692229563346421992563673951427072824158714972055813307362148513094134431721475596735674923330945611805311527468687128383913645627491877449848484776507407856783680551426865721570385449240122942780251462577117128007393939883758686488788909907168608607620020238239335321511817594595904657224064532718712337164277936581378713
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (129 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.globalsign.com/gsrsaovsslca2018'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gsrsaovsslca2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (19 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'shop.bfi.org.uk'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f8ef7ff2cd7867a8de6f8f248d88f1870302b3eb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d52055f3310f7573fdfc9417ba48ff7a996dce65
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00410801f39a32e7892d26eb5b846a1a4c30c6862c26b10a0f2aed696e3fa82ef8f219307bb57094488066b79006ff89ee3275d2611a97faec67d879f57ea877c352e17e9c746ed5f9e426859df653e91e9494aa9ff07e90f3ce6108297ada4157b67073a6e78aebb5608f627484066093d2a1ce16bd2cfcbbe6d1dd6b39ca122d0e64205af9183ae5d73b4130c95d7cb7d68c5ca0d32fe6788ba883ddc6596cf85959f7bcf78f515ba7549d9d3f78b01e7386bf951de3f26c2e796a54d184cc056c472cb74f7db21ae82079114a97b79f9b328f68ebf54119e71375c9f2baab90cc7281750004f7f1db3eff16e0f524ce6fa4acfcc6072507efc41451eae0a010