dtc.kpmg.ca
- KPMG Inc. -
Issued by DigiCert Global G2 TLS RSA SHA256 2020 CA1
About this certificate
This digital certificate with serial number 07:30:58:4f:99:5b:3d:c2:c4:7b:b0:14:66:9f:ae:51 was issued on by DigiCert Inc.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
KPMG Inc.
Organization:
KPMG Inc.
State / Province:
Ontario
Locality: Toronto
Country: CA
Locality: Toronto
Country: CA
DigiCert Inc
Organization:
DigiCert Inc
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 07:30:58:4f:99:5b:3d:c2:c4:7b:b0:14:66:9f:ae:51Serial Number (int): 9555617378235553219808726066887896657
Serial Number lenght: 123 bits, 16 octets
SubjectKeyId: 12:dc:7e:15:f4:5b:07:52:d8:0e:12:27:c9:8c:fa:94:f0:ab:15:3e
AuthorityKeyId: 74:85:80:c0:66:c7:df:37:de:cf:bd:29:37:aa:03:1d:be:ed:cd:17
Fingerprint (sha1): aa:77:13:54:f2:93:be:32:85:02:d3:c2:ef:e5:6b:47:ab:e9:b5:40
Fingerprint (sha256): 22:f6:03:5a:24:9e:c4:2c:7f:31:0a:7e:37:43:f2:32:76:63:ad:39:95:88:50:6f:48:6c:cb:d2:4e:bf:10:98
Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt
Revocation information
OCSP Server: http://ocsp.digicert.comCRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
Check the revocation status for certificate dtc.kpmg.ca
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for dtc.kpmg.ca
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
dtc.kpmg.ca
www.dtc.kpmg.ca
www.dtc.kpmg.ca
Other certificates including the domain name kpmg.ca
(limited to 100 certificates)
Maillab.kpmg.ca
mc.kpmg.ca
www.sfx.kpmg.ca
surveys.kpmg.ca
prototype2010.kpmg.ca
Lync-RP-East3-ext.kpmg.ca
awp.kpmg.ca
actuarialfarm.kpmg.ca
accessEast.kpmg.ca
prototype2014.kpmg.ca
www2.kpmg.ca
WWW.SFX.KPMG.CA
access-portal.kpmg.ca
Lync-RP-East3-ext.kpmg.ca
advisorysurveys.kpmg.ca
sc2.kpmg.ca
caedcsbc115.staging.kpmg.ca
*.dev.si.dtt.kpmg.ca
aitestweb.kpmg.ca
Lync-RP-East3-ext.kpmg.ca
surveys.kpmg.ca
StrategicFocus-GRI.kpmg.ca
sipfed.kpmg.com
mc.kpmg.ca
access-portal.kpmg.ca
csfxeast.kpmg.ca
www.security-info-securite.kpmg.ca
mc.kpmg.ca
www.whistleblower.kpmg.ca
StrategicFocus-GRI.kpmg.ca
clientexperience.kpmg.com.br
QUESTIONNAIRE.KPMG.CA
wm.kpmg.ca
IC.KPMG.CA
sipfed.kpmg.com
sfb-rp-east.kpmg.ca
wm.kpmg.ca
OS.KPMG.CA
dtc.kpmg.ca
mslab.kpmg.ca
canatsrv09.kpmg.ca
CONSOLES.KPMG.CA
Sip.kpmg.com
mc.kpmg.ca
accessWest.kpmg.ca
clientexperience.kpmg.com.br
cabcasrv07.kpmg.ca
digital-maturity.kpmg.ca
sip-ema.kpmg.com
surveys.kpmg.ca
CONSOLES.KPMG.CA
mslab.kpmg.ca
devcsfx.kpmg.ca
www.security-info-securite.kpmg.ca
www.security-info-securite.kpmg.ca
cadalab.kpmg.ca
www.security-info-securite.kpmg.ca
accessEastSfB.staging.kpmg.ca
uat-smartraveler.kpmg.ca
accessEast.kpmg.ca
advisorysurveys.kpmg.ca
clientexperience.kpmg.com.br
sfb-rp-east.kpmg.ca
sfb-rp-west.kpmg.ca
os.kpmg.ca
accessportal.kpmg.ca
sfb-rp-east.staging.kpmg.ca
IC.KPMG.CA
sfb-rp-east.kpmg.ca
SIPWest4.kpmg.ca
accessWestSfB.staging.kpmg.ca
caedcecs.kpmg.ca
mc1.kpmg.ca
cadalab.kpmg.ca
clientexperience.kpmg.com.br
event.kpmg.ca
quebecbillets.kpmg.ca
clientexperience.kpmg.com.br
alumni.kpmg.ca
uatcompetitivealternatives.kpmg.ca
lync-dir-west-ext.staging.kpmg.ca
cabcasrv08.kpmg.ca
devcsfx.kpmg.ca
www.security-info-securite.kpmg.ca
cawdcsbc15.kpmg.ca
sipfed.kpmg.com
lync.kpmg.ca
Lync-RP-East3-ext.kpmg.ca
lync-dir-east-ext.staging.kpmg.ca
ttt.kpmg.ca
lfxlab.kpmg.ca
careers.kpmg.ca
os1.kpmg.ca
sfb-rp-west.kpmg.ca
access-portal.kpmg.ca
mc1.kpmg.ca
labvpn.kpmg.ca
IC.KPMG.CA
www.security-info-securite.kpmg.ca
www.sfx.kpmg.ca
mc.kpmg.ca
www.sfx.kpmg.ca
surveys.kpmg.ca
prototype2010.kpmg.ca
Lync-RP-East3-ext.kpmg.ca
awp.kpmg.ca
actuarialfarm.kpmg.ca
accessEast.kpmg.ca
prototype2014.kpmg.ca
www2.kpmg.ca
WWW.SFX.KPMG.CA
access-portal.kpmg.ca
Lync-RP-East3-ext.kpmg.ca
advisorysurveys.kpmg.ca
sc2.kpmg.ca
caedcsbc115.staging.kpmg.ca
*.dev.si.dtt.kpmg.ca
aitestweb.kpmg.ca
Lync-RP-East3-ext.kpmg.ca
surveys.kpmg.ca
StrategicFocus-GRI.kpmg.ca
sipfed.kpmg.com
mc.kpmg.ca
access-portal.kpmg.ca
csfxeast.kpmg.ca
www.security-info-securite.kpmg.ca
mc.kpmg.ca
www.whistleblower.kpmg.ca
StrategicFocus-GRI.kpmg.ca
clientexperience.kpmg.com.br
QUESTIONNAIRE.KPMG.CA
wm.kpmg.ca
IC.KPMG.CA
sipfed.kpmg.com
sfb-rp-east.kpmg.ca
wm.kpmg.ca
OS.KPMG.CA
dtc.kpmg.ca
mslab.kpmg.ca
canatsrv09.kpmg.ca
CONSOLES.KPMG.CA
Sip.kpmg.com
mc.kpmg.ca
accessWest.kpmg.ca
clientexperience.kpmg.com.br
cabcasrv07.kpmg.ca
digital-maturity.kpmg.ca
sip-ema.kpmg.com
surveys.kpmg.ca
CONSOLES.KPMG.CA
mslab.kpmg.ca
devcsfx.kpmg.ca
www.security-info-securite.kpmg.ca
www.security-info-securite.kpmg.ca
cadalab.kpmg.ca
www.security-info-securite.kpmg.ca
accessEastSfB.staging.kpmg.ca
uat-smartraveler.kpmg.ca
accessEast.kpmg.ca
advisorysurveys.kpmg.ca
clientexperience.kpmg.com.br
sfb-rp-east.kpmg.ca
sfb-rp-west.kpmg.ca
os.kpmg.ca
accessportal.kpmg.ca
sfb-rp-east.staging.kpmg.ca
IC.KPMG.CA
sfb-rp-east.kpmg.ca
SIPWest4.kpmg.ca
accessWestSfB.staging.kpmg.ca
caedcecs.kpmg.ca
mc1.kpmg.ca
cadalab.kpmg.ca
clientexperience.kpmg.com.br
event.kpmg.ca
quebecbillets.kpmg.ca
clientexperience.kpmg.com.br
alumni.kpmg.ca
uatcompetitivealternatives.kpmg.ca
lync-dir-west-ext.staging.kpmg.ca
cabcasrv08.kpmg.ca
devcsfx.kpmg.ca
www.security-info-securite.kpmg.ca
cawdcsbc15.kpmg.ca
sipfed.kpmg.com
lync.kpmg.ca
Lync-RP-East3-ext.kpmg.ca
lync-dir-east-ext.staging.kpmg.ca
ttt.kpmg.ca
lfxlab.kpmg.ca
careers.kpmg.ca
os1.kpmg.ca
sfb-rp-west.kpmg.ca
access-portal.kpmg.ca
mc1.kpmg.ca
labvpn.kpmg.ca
IC.KPMG.CA
www.security-info-securite.kpmg.ca
www.sfx.kpmg.ca
Certificate
The complete raw certificate details for dtc.kpmg.ca in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFazCCBFOgAwIBAgIQBzBYT5lbPcLEe7AUZp+uUTANBgkqhkiG9w0BAQsFADBZ MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjMx MjA4MDAwMDAwWhcNMjUwMTAzMjM1OTU5WjBbMQswCQYDVQQGEwJDQTEQMA4GA1UE CBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzESMBAGA1UEChMJS1BNRyBJbmMu MRQwEgYDVQQDEwtkdGMua3BtZy5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALHfDErY9Ax2hy3aMFA+Kzx0nZPodwIYq+mhcyFUKrLcATgPHm7y0rQa xyK5CJjt5oC+FVbQN9scdNsZDe70Jm3mP6HSCyVXq+nhxU+mgsjuhW+VgkLlfaoL GE15dtj7ekzXefptkldZG1HTkXOzhoQIQrOq1a8kxKWuLHTLVh8L7jelsUqqRr2R itJvY2lFh+TRl7IydkfHSyPuFgLFNh+eGC07cXYFrKanq7aDUD68cMpypWM06KkN rl/0gmaQn2tIcrgSSomBfe1QS58/+3rLJzoCNfgfMtYhLwsQu+rKSB9uebM4+TpF skSHg5L8Gp8uYVOGc4UFRlfuciOix30CAwEAAaOCAiswggInMB8GA1UdIwQYMBaA FHSFgMBmx9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBQS3H4V9FsHUtgOEifJjPqU 8KsVPjAnBgNVHREEIDAeggtkdGMua3BtZy5jYYIPd3d3LmR0Yy5rcG1nLmNhMD4G A1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGln aWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH AwEGCCsGAQUFBwMCMIGfBgNVHR8EgZcwgZQwSKBGoESGQmh0dHA6Ly9jcmwzLmRp Z2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0x LmNybDBIoEagRIZCaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xv YmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMIGHBggrBgEFBQcBAQR7MHkw JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcw AoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJU TFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAwGA1UdEwEB/wQCMAAwEwYKKwYBBAHW eQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAGtb70L5xgWmei4QifeR/aqP /52IqRyFQ/7FzlohSuCUTTji/EXvQBU9O0QQUjN/nieGyL/Ears0QzUIzkQWdTEB UmQpa+XbC8UL1z5GGFL/2QVzywFYMALWaBHqmC24xRENkkxRdWL5R5qC8t7QGz8S hxh1qUT0yZjAgV9KebKJ2fajAQRKh07gh2Woc3A38rCF8drRmow97V8NASIHC/pv UXBc35+OYGcEL2X8eI5lN1sGDTxEJDcm5LSGqchT7X3bv4ayUBb+a0yRmlfxf4qB ydSe99gWaivzABuVEeP/z0Pv6hSWnYNKoKoTvzh0frb/STlZ0XCBdyOJUVCwQe8= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsd8MStj0DHaHLdowUD4r PHSdk+h3Ahir6aFzIVQqstwBOA8ebvLStBrHIrkImO3mgL4VVtA32xx02xkN7vQm beY/odILJVer6eHFT6aCyO6Fb5WCQuV9qgsYTXl22Pt6TNd5+m2SV1kbUdORc7OG hAhCs6rVryTEpa4sdMtWHwvuN6WxSqpGvZGK0m9jaUWH5NGXsjJ2R8dLI+4WAsU2 H54YLTtxdgWspqertoNQPrxwynKlYzToqQ2uX/SCZpCfa0hyuBJKiYF97VBLnz/7 essnOgI1+B8y1iEvCxC76spIH255szj5OkWyRIeDkvwany5hU4ZzhQVGV+5yI6LH fQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 9555617378235553219808726066887896657 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global G2 TLS RSA SHA256 2020 CA1' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-08 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-03 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Toronto' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'KPMG Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'dtc.kpmg.ca' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22454169055564442272836743969677575906438729422070949192267749702108668979859137151636722176522449484996907080789568931863362051960430308988965700723016510381634500913339079094517436680690217792500512657484989324878420744619642997604054223762579296292545163870652996130005139316670774246831884701063516066048823995823566814945854892367607947315379704733505370626253108820890972891427383431054248710254678067784098000485755877591063047774337572350499334906255900661323951866250551546633228429855277891722809300431137887331925647937597214479257007024698281436704341601084438660462577222345726920277142949885209053677437 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 748580c066c7df37decfbd2937aa031dbeedcd17 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 12dc7e15f45b0752d80e1227c98cfa94f0ab153e . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dtc.kpmg.ca' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dtc.kpmg.ca' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 006b5bef42f9c605a67a2e1089f791fdaa8fff9d88a91c8543fec5ce5a214ae0944d38e2fc45ef40153d3b441052337f9e2786c8bfc46abb34433508ce44167531015264296be5db0bc50bd73e461852ffd90573cb01583002d66811ea982db8c5110d924c517562f9479a82f2ded01b3f12871875a944f4c998c0815f4a79b289d9f6a301044a874ee08765a8737037f2b085f1dad19a8c3ded5f0d0122070bfa6f51705cdf9f8e6067042f65fc788e65375b060d3c44243726e4b486a9c853ed7ddbbf86b25016fe6b4c919a57f17f8a81c9d49ef7d8166a2bf3001b9511e3ffcf43efea14969d834aa0aa13bf38747eb6ff493959d170817723895150b041ef