hierarchyretriever.onenote.com

- Microsoft Corporation -

Issued by Microsoft Azure TLS Issuing CA 01

About this certificate

This digital certificate with serial number 33:00:5e:7e:48:60:ef:c5:57:da:2b:6c:a0:00:00:00:5e:7e:48 was issued on by Microsoft Corporation.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Microsoft Corporation

Organization: Microsoft Corporation
State / Province: WA
Locality: Redmond
Country: US

Microsoft Corporation

Organization: Microsoft Corporation
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 33:00:5e:7e:48:60:ef:c5:57:da:2b:6c:a0:00:00:00:5e:7e:48
Serial Number (int): 1137370159526091299075339991831402328696454728
Serial Number lenght: 150 bits, 19 octets

SubjectKeyId: 16:62:a3:02:2c:23:b3:21:b8:39:a2:67:1c:76:2b:23:78:18:7f:f3
AuthorityKeyId: 0f:20:5d:d7:a1:57:95:db:92:cf:2b:d0:c7:c2:77:04:ce:72:80:76

Fingerprint (sha1): c2:67:74:e3:ac:85:46:52:38:8f:d8:2c:2f:5c:1a:40:51:99:64:4a
Fingerprint (sha256): 23:60:ba:5d:b1:96:81:e3:eb:de:9a:dd:17:9e:0f:03:03:39:3f:0a:30:7a:bf:65:81:f9:34:85:45:3c:4e:6d

Issuing Certificate URL: http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2001%20-%20xsign.crt

Revocation information

OCSP Server: http://oneocsp.microsoft.com/ocsp
CRL Distribution Point: http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20TLS%20Issuing%20CA%2001.crl

Check the revocation status for certificate hierarchyretriever.onenote.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for hierarchyretriever.onenote.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

12 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

hierarchyretriever.onenote.com
*.hierarchyretriever.onenote.com

Other certificates including the domain name onenote.com

(limited to 100 certificates)
hierarchyapi.onenote.com
site.edog.onenote.com
apimonolith.onenote.com
mergesync.onenote.com
augmentationbg.onenote.com
contentsync.onenote.com
npkrsag.koreasouth.cloudapp.azure.com
reverseproxy.onenote.com
lookup.onenote.com
lookup.onenote.com
handwritingreco.edog.onenote.com
studentagency.edog.onenote.com
learningtools.onenote.com
apimonolith.onenote.com
handwritingreco.onenote.com
npinwag.westindia.cloudapp.azure.com
cdn.onenote.net
npneuag.northeurope.cloudapp.azure.com
classnotebookapi.edog.onenote.com
augmentationbg.edog.onenote.com
pagecontentretriever.onenote.com
handwritingreco.onenote.com
pagecontentsync.onenote.com
userinfo.onenote.com
pagecontentsync.edog.onenote.com
site.edog.onenote.com
cdn.onenote.net
assignments.onenote.com
nbdistribution.edog.onenote.com
mergesync.onenote.com
pagecontentretriever.onenote.com
npinwag.westindia.cloudapp.azure.com
pagecontentgc.edog.onenote.com
onenoteonlinesync.onenote.com
hierarchyapi.edog.onenote.com
cdn.onenote.net
learningtools.onenote.com
pagecontentgc.onenote.com
appsforoffice.edog.onenote.com
hierarchyapi.onenote.com
npkrcag.koreacentral.cloudapp.azure.com
assignments.onenote.com
handwritingreco.edog.onenote.com
realtimesync.onenote.com
reverseproxy.edog.onenote.com
onenote.com
cdn.onenote.net
npeusag.eastus.cloudapp.azure.com
site.edog.onenote.com
cdn.onenote.net
apiwebhooks.onenote.com
assignments.edog.onenote.com
officeaddins.meetingdetails.onenote.com
cdn.onenote.net
reverseproxy.edog.onenote.com
entitystorage.edog.onenote.com
contentsync.onenote.com
pagecontentretriever.edog.onenote.com
pagecontentgc.onenote.com
bingindexing.edog.onenote.com
pagecontentretriever.onenote.com
officeaddins.meetingdetails.edog.onenote.com
nbdistribution.onenote.com
o365notification.edog.onenote.com
officeaddins.meetingdetails.edog.onenote.com
educonnect.assignments.onenote.com
npkrcag.koreacentral.cloudapp.azure.com
niscusag.southcentralus.cloudapp.azure.com
whiteboard.edog.onenote.com
site-cdn.onenote.net
notificationshub.edog.onenote.com
pagecontentgc.onenote.com
npjpeag.japaneast.cloudapp.azure.com
userinfo.onenote.com
hierarchyretriever.onenote.com
userinfo.edog.onenote.com
appsforoffice.onenote.com
niscusag.southcentralus.cloudapp.azure.com
pagecontentgc.onenote.com
site-cdn.onenote.net
npneuag.northeurope.cloudapp.azure.com
classnotebookapi.edog.onenote.com
cdn.onenote.net
lookup.edog.onenote.com
apiwebhooks.onenote.com
mergesync.edog.onenote.com
onenoteonlinesync.edog.onenote.com
edunotebookssite.onenote.com
reverseproxy.onenote.com
lookup.edog.onenote.com
onenote.com
educonnect.assignments.onenote.com
pagecontentgc.edog.onenote.com
bingindexing.onenote.com
lookup.onenote.com
pagecontentsync.onenote.com
nineuag.northeurope.cloudapp.azure.com
lookup.edog.onenote.com
lookup.edog.onenote.com
reverseproxy.onenote.com

Certificate

The complete raw certificate details for hierarchyretriever.onenote.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIljCCBn6gAwIBAgITMwBefkhg78VX2itsoAAAAF5+SDANBgkqhkiG9w0BAQwF
ADBZMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MSowKAYDVQQDEyFNaWNyb3NvZnQgQXp1cmUgVExTIElzc3VpbmcgQ0EgMDEwHhcN
MjIwOTAxMDUwODQyWhcNMjMwODI3MDUwODQyWjB1MQswCQYDVQQGEwJVUzELMAkG
A1UECBMCV0ExEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD
b3Jwb3JhdGlvbjEnMCUGA1UEAxMeaGllcmFyY2h5cmV0cmlldmVyLm9uZW5vdGUu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfVtd48QsUbbXeK2
O8XwOSERBMhpijwEcmE/+Gf9/jRPbaNwDhpFSGc6LZ4ngtP6MH2gQe0kUA17LaLz
pu+eOB4RAktRctXJ+POED4nzQdhSw3nYfpTzI97VbXdpe0Df6kZubmzBviDkN2c8
iyW4OAOS91WfbL0f5ZpJc6fYrR1XiYk6//j2Dj5I2+FX89Q8YUeEZ2thKc7ewzRK
N31fTz+W79oXlL4U7IrmNYs/+RlfzfZZ50c1ZFtdDg6bUomfkTGq8FtLrCGweRSc
gbadeNL94fOEjgsh87WYLvBwbxTvmfF0FnGWzaRmlHZnoH36WjVEUGOW8ovEKkt8
vTBQvQIDAQABo4IEOTCCBDUwggGBBgorBgEEAdZ5AgQCBIIBcQSCAW0BawB3AOg+
0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABgvd8w4AAAAQDAEgwRgIh
AJzC82PLAYpxThHBO8JAphxtas3JpdZ3m3K330DcBWfIAiEApI3lYW3vEmE0Ylv2
DSCyszDW5VfQxGkEyAMGjcBhOcoAdwCzc3cH4YRQ+GOG1gWp3BEJSnktsWcMC4fc
8AMOeTalmgAAAYL3fMP0AAAEAwBIMEYCIQD/OhZlXoXKN4jGyok4BNXtLrLOLwCe
pbDuBIubLhJlVgIhAKnF1gfrtpP6wJ48t3tvQT1dP5szdkxU57pvW12NDl4jAHcA
ejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGC93zDuwAABAMASDBG
AiEAq3a8El4l2RO+gEV1k3YHJupp/p4RjK0ZLIWN/KYHHqUCIQC1hcWa/XCTswHk
kmWFjwcI8Yfik04bLer/xiT/mSC83zAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUF
BwMCMAoGCCsGAQUFBwMBMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIe91xuB
5+tGgoGdLo7QDIfw2h1dgoTlaYLzpz4CAWQCASUwga4GCCsGAQUFBwEBBIGhMIGe
MG0GCCsGAQUFBzAChmFodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2Nl
cnRzL01pY3Jvc29mdCUyMEF6dXJlJTIwVExTJTIwSXNzdWluZyUyMENBJTIwMDEl
MjAtJTIweHNpZ24uY3J0MC0GCCsGAQUFBzABhiFodHRwOi8vb25lb2NzcC5taWNy
b3NvZnQuY29tL29jc3AwHQYDVR0OBBYEFBZiowIsI7MhuDmiZxx2KyN4GH/zMA4G
A1UdDwEB/wQEAwIEsDBLBgNVHREERDBCgh5oaWVyYXJjaHlyZXRyaWV2ZXIub25l
bm90ZS5jb22CICouaGllcmFyY2h5cmV0cmlldmVyLm9uZW5vdGUuY29tMAwGA1Ud
EwEB/wQCMAAwZAYDVR0fBF0wWzBZoFegVYZTaHR0cDovL3d3dy5taWNyb3NvZnQu
Y29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwQXp1cmUlMjBUTFMlMjBJc3N1aW5n
JTIwQ0ElMjAwMS5jcmwwZgYDVR0gBF8wXTBRBgwrBgEEAYI3TIN9AQEwQTA/Bggr
BgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2NzL1Jl
cG9zaXRvcnkuaHRtMAgGBmeBDAECAjAfBgNVHSMEGDAWgBQPIF3XoVeV25LPK9DH
wncEznKAdjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcN
AQEMBQADggIBABL1VFjalC+VTWV6xyT36YBl5PLY0IIQamCsTm5bXPe0PPrXkNRd
p1Rn0HJnbrT4ruekN5zvL0WmMHxUaj/eA9XvV/6qZ1zRRtft/GIMfoypqtSpiXmz
4Ie6ltYrIahDjlOzf8Rt0pNHMUf1DkaJ1Fpe9qP4HMxFvAZQpmzhyjzUlS8EbxDs
YO60d8ZTmqErcdDDne3xsx1DO1guLGkP4qSHlIKyu4d5ZaskIz4nEPgMH+uAjN+i
vdHu1jKmO0qSAPVe6jOU77lc6Ng5GNzl/9pIEshyjmzF55zlRUPdy+llV1U/WYjm
1HPVpdt2uLTqqAbmYdB+J91U78KlAfUql3TSHulnn9CQkfYAPP69sSWoR1fM0aHb
OQeoo/exZ9trdYvYH6X31V0rkGNNvwjI7Qg2ThiyT5ttZU6rPsXLZgm9lBgI3Q83
dVMWM8uMbZfswnUkP6r+tPKTdT1OHFp689j0EF5JjLWzcZ+BjBW1dcKt+ZzAi5n4
7NY8+PaMZzcwwx+zIhT/XHRnZ6HYrwhXp4rAAATy/JUWdsfJcvuJiHNf71aIHPDL
0o4kpbAgDKEOiv74mp5kPv1VuPIfiKAik3gOUlkGuFBE+yUoJLy/cDv7FswpVuYb
Jp3vULiKyF7WWmrSyXthLq9TEqSYD9moDnynLXQiZYZmCs9G4m0CVshG
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfVtd48QsUbbXeK2O8Xw
OSERBMhpijwEcmE/+Gf9/jRPbaNwDhpFSGc6LZ4ngtP6MH2gQe0kUA17LaLzpu+e
OB4RAktRctXJ+POED4nzQdhSw3nYfpTzI97VbXdpe0Df6kZubmzBviDkN2c8iyW4
OAOS91WfbL0f5ZpJc6fYrR1XiYk6//j2Dj5I2+FX89Q8YUeEZ2thKc7ewzRKN31f
Tz+W79oXlL4U7IrmNYs/+RlfzfZZ50c1ZFtdDg6bUomfkTGq8FtLrCGweRScgbad
eNL94fOEjgsh87WYLvBwbxTvmfF0FnGWzaRmlHZnoH36WjVEUGOW8ovEKkt8vTBQ
vQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1137370159526091299075339991831402328696454728
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Azure TLS Issuing CA 01'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-09-01 05:08:42 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-08-27 05:08:42 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'WA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'hierarchyretriever.onenote.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24485017721415897600188233151930663220791865442242976681308529153335280862809954520578802513104857738923488449564375473939504795478539282920502111032911343832065112731696001705924859468472449311138984341653479143153486066700461748094090972683001542369884511785061776663540675666633823813555769778630680698854009737619387698364609257525929662316193132562918125304849453445552783844924725039198011616120368186575689827966114742134714283463551520204761276789159473661065915830880272203372045083933674517894407335170155446041333657531478864249672476671295482812793694385754202949336131731041272744688385591448139631448253
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (369 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
							016b007700e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e00000182f77cc38000000403004830460221009cc2f363cb018a714e11c13bc240a61c6d6acdc9a5d6779b72b7df40dc0567c8022100a48de5616def126134625bf60d20b2b330d6e557d0c46904c803068dc06139ca007700b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a00000182f77cc3f40000040300483046022100ff3a16655e85ca3788c6ca893804d5ed2eb2ce2f009ea5b0ee048b9b2e126556022100a9c5d607ebb693fac09e3cb77b6f413d5d3f9b33764c54e7ba6f5b5d8d0e5e230077007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb5200000182f77cc3bb0000040300483046022100ab76bc125e25d913be80457593760726ea69fe9e118cad192c858dfca6071ea5022100b585c59afd7093b301e49265858f0708f187e2934e1b2deaffc624ff9920bcdf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (47 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.15690651.3798470.4214446.239628.16526621.93.4272873.6083518
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 37
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (161 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2001%20-%20xsign.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://oneocsp.microsoft.com/ocsp'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1662a3022c23b321b839a2671c762b2378187ff3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hierarchyretriever.onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hierarchyretriever.onenote.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (93 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20TLS%20Issuing%20CA%2001.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (95 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.76.509.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pkiops/Docs/Repository.htm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0f205dd7a15795db92cf2bd0c7c27704ce728076
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0012f55458da942f954d657ac724f7e98065e4f2d8d082106a60ac4e6e5b5cf7b43cfad790d45da75467d072676eb4f8aee7a4379cef2f45a6307c546a3fde03d5ef57feaa675cd146d7edfc620c7e8ca9aad4a98979b3e087ba96d62b21a8438e53b37fc46dd293473147f50e4689d45a5ef6a3f81ccc45bc0650a66ce1ca3cd4952f046f10ec60eeb477c6539aa12b71d0c39dedf1b31d433b582e2c690fe2a4879482b2bb877965ab24233e2710f80c1feb808cdfa2bdd1eed632a63b4a9200f55eea3394efb95ce8d83918dce5ffda4812c8728e6cc5e79ce54543ddcbe96557553f5988e6d473d5a5db76b8b4eaa806e661d07e27dd54efc2a501f52a9774d21ee9679fd09091f6003cfebdb125a84757ccd1a1db3907a8a3f7b167db6b758bd81fa5f7d55d2b90634dbf08c8ed08364e18b24f9b6d654eab3ec5cb6609bd941808dd0f3775531633cb8c6d97ecc275243faafeb4f293753d4e1c5a7af3d8f4105e498cb5b3719f818c15b575c2adf99cc08b99f8ecd63cf8f68c673730c31fb32214ff5c746767a1d8af0857a78ac00004f2fc951676c7c972fb8988735fef56881cf0cbd28e24a5b0200ca10e8afef89a9e643efd55b8f21f88a02293780e525906b85044fb252824bcbf703bfb16cc2956e61b269def50b88ac85ed65a6ad2c97b612eaf5312a4980fd9a80e7ca72d74226586660acf46e26d0256c846