dtc.kpmg.ca

- KPMG Inc. -

Issued by DigiCert Global G2 TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 07:30:58:4f:99:5b:3d:c2:c4:7b:b0:14:66:9f:ae:51 was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

KPMG Inc.

Organization: KPMG Inc.
State / Province: Ontario
Locality: Toronto
Country: CA

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 07:30:58:4f:99:5b:3d:c2:c4:7b:b0:14:66:9f:ae:51
Serial Number (int): 9555617378235553219808726066887896657
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 12:dc:7e:15:f4:5b:07:52:d8:0e:12:27:c9:8c:fa:94:f0:ab:15:3e
AuthorityKeyId: 74:85:80:c0:66:c7:df:37:de:cf:bd:29:37:aa:03:1d:be:ed:cd:17

Fingerprint (sha1): aa:77:13:54:f2:93:be:32:85:02:d3:c2:ef:e5:6b:47:ab:e9:b5:40
Fingerprint (sha256): 22:f6:03:5a:24:9e:c4:2c:7f:31:0a:7e:37:43:f2:32:76:63:ad:39:95:88:50:6f:48:6c:cb:d2:4e:bf:10:98

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl

Check the revocation status for certificate dtc.kpmg.ca

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for dtc.kpmg.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

dtc.kpmg.ca
www.dtc.kpmg.ca

Other certificates including the domain name kpmg.ca

(limited to 100 certificates)
Maillab.kpmg.ca
mc.kpmg.ca
www.sfx.kpmg.ca
surveys.kpmg.ca
prototype2010.kpmg.ca
Lync-RP-East3-ext.kpmg.ca
awp.kpmg.ca
actuarialfarm.kpmg.ca
accessEast.kpmg.ca
prototype2014.kpmg.ca
www2.kpmg.ca
WWW.SFX.KPMG.CA
access-portal.kpmg.ca
Lync-RP-East3-ext.kpmg.ca
advisorysurveys.kpmg.ca
sc2.kpmg.ca
caedcsbc115.staging.kpmg.ca
*.dev.si.dtt.kpmg.ca
aitestweb.kpmg.ca
Lync-RP-East3-ext.kpmg.ca
surveys.kpmg.ca
StrategicFocus-GRI.kpmg.ca
sipfed.kpmg.com
mc.kpmg.ca
access-portal.kpmg.ca
csfxeast.kpmg.ca
www.security-info-securite.kpmg.ca
mc.kpmg.ca
www.whistleblower.kpmg.ca
StrategicFocus-GRI.kpmg.ca
clientexperience.kpmg.com.br
QUESTIONNAIRE.KPMG.CA
wm.kpmg.ca
IC.KPMG.CA
sipfed.kpmg.com
sfb-rp-east.kpmg.ca
wm.kpmg.ca
OS.KPMG.CA
dtc.kpmg.ca
mslab.kpmg.ca
canatsrv09.kpmg.ca
CONSOLES.KPMG.CA
Sip.kpmg.com
mc.kpmg.ca
accessWest.kpmg.ca
clientexperience.kpmg.com.br
cabcasrv07.kpmg.ca
digital-maturity.kpmg.ca
sip-ema.kpmg.com
surveys.kpmg.ca
CONSOLES.KPMG.CA
mslab.kpmg.ca
devcsfx.kpmg.ca
www.security-info-securite.kpmg.ca
www.security-info-securite.kpmg.ca
cadalab.kpmg.ca
www.security-info-securite.kpmg.ca
accessEastSfB.staging.kpmg.ca
uat-smartraveler.kpmg.ca
accessEast.kpmg.ca
advisorysurveys.kpmg.ca
clientexperience.kpmg.com.br
sfb-rp-east.kpmg.ca
sfb-rp-west.kpmg.ca
os.kpmg.ca
accessportal.kpmg.ca
sfb-rp-east.staging.kpmg.ca
IC.KPMG.CA
sfb-rp-east.kpmg.ca
SIPWest4.kpmg.ca
accessWestSfB.staging.kpmg.ca
caedcecs.kpmg.ca
mc1.kpmg.ca
cadalab.kpmg.ca
clientexperience.kpmg.com.br
event.kpmg.ca
quebecbillets.kpmg.ca
clientexperience.kpmg.com.br
alumni.kpmg.ca
uatcompetitivealternatives.kpmg.ca
lync-dir-west-ext.staging.kpmg.ca
cabcasrv08.kpmg.ca
devcsfx.kpmg.ca
www.security-info-securite.kpmg.ca
cawdcsbc15.kpmg.ca
sipfed.kpmg.com
lync.kpmg.ca
Lync-RP-East3-ext.kpmg.ca
lync-dir-east-ext.staging.kpmg.ca
ttt.kpmg.ca
lfxlab.kpmg.ca
careers.kpmg.ca
os1.kpmg.ca
sfb-rp-west.kpmg.ca
access-portal.kpmg.ca
mc1.kpmg.ca
labvpn.kpmg.ca
IC.KPMG.CA
www.security-info-securite.kpmg.ca
www.sfx.kpmg.ca

Certificate

The complete raw certificate details for dtc.kpmg.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFazCCBFOgAwIBAgIQBzBYT5lbPcLEe7AUZp+uUTANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjMx
MjA4MDAwMDAwWhcNMjUwMTAzMjM1OTU5WjBbMQswCQYDVQQGEwJDQTEQMA4GA1UE
CBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzESMBAGA1UEChMJS1BNRyBJbmMu
MRQwEgYDVQQDEwtkdGMua3BtZy5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALHfDErY9Ax2hy3aMFA+Kzx0nZPodwIYq+mhcyFUKrLcATgPHm7y0rQa
xyK5CJjt5oC+FVbQN9scdNsZDe70Jm3mP6HSCyVXq+nhxU+mgsjuhW+VgkLlfaoL
GE15dtj7ekzXefptkldZG1HTkXOzhoQIQrOq1a8kxKWuLHTLVh8L7jelsUqqRr2R
itJvY2lFh+TRl7IydkfHSyPuFgLFNh+eGC07cXYFrKanq7aDUD68cMpypWM06KkN
rl/0gmaQn2tIcrgSSomBfe1QS58/+3rLJzoCNfgfMtYhLwsQu+rKSB9uebM4+TpF
skSHg5L8Gp8uYVOGc4UFRlfuciOix30CAwEAAaOCAiswggInMB8GA1UdIwQYMBaA
FHSFgMBmx9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBQS3H4V9FsHUtgOEifJjPqU
8KsVPjAnBgNVHREEIDAeggtkdGMua3BtZy5jYYIPd3d3LmR0Yy5rcG1nLmNhMD4G
A1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGln
aWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMIGfBgNVHR8EgZcwgZQwSKBGoESGQmh0dHA6Ly9jcmwzLmRp
Z2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0x
LmNybDBIoEagRIZCaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xv
YmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMIGHBggrBgEFBQcBAQR7MHkw
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcw
AoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJU
TFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAwGA1UdEwEB/wQCMAAwEwYKKwYBBAHW
eQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAGtb70L5xgWmei4QifeR/aqP
/52IqRyFQ/7FzlohSuCUTTji/EXvQBU9O0QQUjN/nieGyL/Ears0QzUIzkQWdTEB
UmQpa+XbC8UL1z5GGFL/2QVzywFYMALWaBHqmC24xRENkkxRdWL5R5qC8t7QGz8S
hxh1qUT0yZjAgV9KebKJ2fajAQRKh07gh2Woc3A38rCF8drRmow97V8NASIHC/pv
UXBc35+OYGcEL2X8eI5lN1sGDTxEJDcm5LSGqchT7X3bv4ayUBb+a0yRmlfxf4qB
ydSe99gWaivzABuVEeP/z0Pv6hSWnYNKoKoTvzh0frb/STlZ0XCBdyOJUVCwQe8=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsd8MStj0DHaHLdowUD4r
PHSdk+h3Ahir6aFzIVQqstwBOA8ebvLStBrHIrkImO3mgL4VVtA32xx02xkN7vQm
beY/odILJVer6eHFT6aCyO6Fb5WCQuV9qgsYTXl22Pt6TNd5+m2SV1kbUdORc7OG
hAhCs6rVryTEpa4sdMtWHwvuN6WxSqpGvZGK0m9jaUWH5NGXsjJ2R8dLI+4WAsU2
H54YLTtxdgWspqertoNQPrxwynKlYzToqQ2uX/SCZpCfa0hyuBJKiYF97VBLnz/7
essnOgI1+B8y1iEvCxC76spIH255szj5OkWyRIeDkvwany5hU4ZzhQVGV+5yI6LH
fQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 9555617378235553219808726066887896657
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global G2 TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-08 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-03 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Toronto'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'KPMG Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'dtc.kpmg.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22454169055564442272836743969677575906438729422070949192267749702108668979859137151636722176522449484996907080789568931863362051960430308988965700723016510381634500913339079094517436680690217792500512657484989324878420744619642997604054223762579296292545163870652996130005139316670774246831884701063516066048823995823566814945854892367607947315379704733505370626253108820890972891427383431054248710254678067784098000485755877591063047774337572350499334906255900661323951866250551546633228429855277891722809300431137887331925647937597214479257007024698281436704341601084438660462577222345726920277142949885209053677437
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 748580c066c7df37decfbd2937aa031dbeedcd17
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							12dc7e15f45b0752d80e1227c98cfa94f0ab153e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dtc.kpmg.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dtc.kpmg.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		006b5bef42f9c605a67a2e1089f791fdaa8fff9d88a91c8543fec5ce5a214ae0944d38e2fc45ef40153d3b441052337f9e2786c8bfc46abb34433508ce44167531015264296be5db0bc50bd73e461852ffd90573cb01583002d66811ea982db8c5110d924c517562f9479a82f2ded01b3f12871875a944f4c998c0815f4a79b289d9f6a301044a874ee08765a8737037f2b085f1dad19a8c3ded5f0d0122070bfa6f51705cdf9f8e6067042f65fc788e65375b060d3c44243726e4b486a9c853ed7ddbbf86b25016fe6b4c919a57f17f8a81c9d49ef7d8166a2bf3001b9511e3ffcf43efea14969d834aa0aa13bf38747eb6ff493959d170817723895150b041ef