apply.braintreegateway.com

- PayPal, Inc. -

Issued by DigiCert SHA2 High Assurance Server CA

About this certificate

This digital certificate with serial number 0b:c9:22:9c:02:0c:38:b3:29:44:f2:1e:67:e1:fb:43 was issued on by DigiCert Inc.

With 6 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

PayPal, Inc.

Organization: PayPal, Inc.
State / Province: California
Locality: San Jose
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0b:c9:22:9c:02:0c:38:b3:29:44:f2:1e:67:e1:fb:43
Serial Number (int): 15665861584353196224249649672721922883
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 2d:96:e9:32:08:88:38:0a:77:d4:ce:fd:50:ef:86:ff:ae:bb:1e:dd
AuthorityKeyId: 51:68:ff:90:af:02:07:75:3c:cc:d9:65:64:62:a2:12:b8:59:72:3b

Fingerprint (sha1): 80:41:4e:d4:46:76:5b:e5:49:f2:ca:f0:05:33:17:fb:3d:8d:96:a4
Fingerprint (sha256): 24:ae:a8:0e:ee:f4:4d:83:2a:d9:b9:b9:a8:fb:cc:40:1f:9d:30:86:f1:80:48:78:77:0c:32:98:93:ec:97:0c

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/sha2-ha-server-g6.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ha-server-g6.crl

Check the revocation status for certificate apply.braintreegateway.com

6

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for apply.braintreegateway.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

apply.braintreegateway.com
apply-prod-us-east-1.production.braintree-api.com
apply-prod-us-east-2.production.braintree-api.com
apply-prod-us-west-2.production.braintree-api.com
apply-prod-ap-southeast-2.production.braintree-api.com
apply-prod-eu-central-1.production.braintree-api.com

Other certificates including the domain name braintreegateway.com

(limited to 100 certificates)
www.sandbox.paypal.com
api.sandbox.braintreegateway.com
id.sandbox.braintreegateway.com
origin-js.braintreegateway.com
panel.sandbox.braintreegateway.com
api.braintreegateway.com
forwarding.sandbox.braintreegateway.com
origin-js.braintreegateway.com
api.sandbox.braintreegateway.com
gateway-sand.sandbox.braintree-api.com
www.sandbox.paypal.com
origin-onboarding.braintreegateway.com
login.braintreegateway.com
venmosdk.braintreegateway.com
forwarding.braintreegateway.com
id.braintreegateway.com
api.sandbox.braintreegateway.com
apply.braintreegateway.com
forwarding.sandbox.braintreegateway.com
sepa-mandates.braintreegateway.com
panel.gateway.qa.braintreepayments.com
www.braintreegateway.com
checkout.paypal.com
venmosdk.sandbox.braintreegateway.com
www.braintreegateway.com
apply.braintreegateway.com
livingsocial.braintreegateway.com
www.paypal.com
www.sandbox.paypal.com
venmosdk.braintreegateway.com
api.sandbox.braintreegateway.com
www.braintreegateway.com
api.sandbox.braintreegateway.com
id.braintreegateway.com
panel.braintreegateway.com
forwarding.braintreegateway.com
www.braintreegateway.com
www.paypal.com
client-analytics.braintreegateway.com
www.sandbox.paypal.com
www.paypal.com
www.braintreegateway.com
sandbox.braintreegateway.com
api.braintreegateway.com
api.sandbox.braintreegateway.com
login.braintreegateway.com
checkout.paypal.com
id.sandbox.braintreegateway.com
sandbox.braintreegateway.com
login.braintreegateway.com
js.braintreegateway.com
rabbitmq.sand.braintreegateway.com
apply.braintreegateway.com
*.sandbox.braintreegateway.com
api.sandbox.braintreegateway.com
api.braintreegateway.com
rabbitmq.braintreegateway.com
origin-checkout.braintreegateway.com
id.sandbox.braintreegateway.com
www.paypal.com
panel.sandbox.braintreegateway.com
gateway.braintree-api.com
gstatic.sandbox.braintreegateway.com
gateway.braintree-api.com
login.braintreegateway.com
www.braintreegateway.com
api.braintreegateway.com
metrics.sandbox.braintreegateway.com
sandbox.braintreegateway.com
panel.qa.braintreegateway.com
www.braintreegateway.com
rabbitmq.sand.braintreegateway.com
sandbox.braintreegateway.com
client-analytics.braintreegateway.com
www.paypal.com
gstatic.braintreegateway.com
panel.braintreegateway.com
www.paypal.com
launchpad.braintreegateway.com
client-analytics.braintreegateway.com
gstatic.braintreegateway.com
*.braintreegateway.com
api.sandbox.braintreegateway.com
forwarding.braintreegateway.com
www.paypal.com
api.sandbox.braintreegateway.com
apply.braintreegateway.com
checkout.paypal.com
api.braintreegateway.com
www.braintreegateway.com
qa.braintreegateway.com
gateway.braintree-api.com
*.qa2.braintreegateway.com
qa2.braintreegateway.com
panel.sandbox.braintreegateway.com
gstatic.sandbox.braintreegateway.com
origin-js.braintreegateway.com
www.sandbox.paypal.com
api.braintreegateway.com
gstatic.sandbox.braintreegateway.com

Certificate

The complete raw certificate details for apply.braintreegateway.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGdDCCBVygAwIBAgIQC8kinAIMOLMpRPIeZ+H7QzANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0yMzA5MTkwMDAwMDBaFw0yNDEwMTkyMzU5NTla
MHExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhT
YW4gSm9zZTEVMBMGA1UEChMMUGF5UGFsLCBJbmMuMSMwIQYDVQQDExphcHBseS5i
cmFpbnRyZWVnYXRld2F5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANGvqsgYnilQjqJlriDuCuqz1ylN2b188kP8Ng+Nb39UMCCjILWYOyW+nDmZ
JK2/3SoIN6y3K1OeyNg0A7mPV8pI3EziurbUG3YKnuqhZjxzcLooBPZAEx0fMFDB
jb4iLOopukVJbC/NkWlFjIMy6vt/qFKQEI6wNjsfXVXFVBuG55IxN6zE7AzCWYLh
4c8gyyNdgEOBDwIztNfWoJuVWkkk+piECTbGWwlwG6GJHT6/8YVwWkRKGhLQNmiX
GktaN1jTFv/JRqmelUBMlvbC36O9jSJIMCLJTmDZ6I9HqYGULmaAWa0fFo5LnYOv
0iO9oU6fBKG1dZJXp8WC5xtecc8CAwEAAaOCAwcwggMDMB8GA1UdIwQYMBaAFFFo
/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBQtlukyCIg4CnfUzv1Q74b/rrse
3TCCATAGA1UdEQSCAScwggEjghphcHBseS5icmFpbnRyZWVnYXRld2F5LmNvbYIx
YXBwbHktcHJvZC11cy1lYXN0LTEucHJvZHVjdGlvbi5icmFpbnRyZWUtYXBpLmNv
bYIxYXBwbHktcHJvZC11cy1lYXN0LTIucHJvZHVjdGlvbi5icmFpbnRyZWUtYXBp
LmNvbYIxYXBwbHktcHJvZC11cy13ZXN0LTIucHJvZHVjdGlvbi5icmFpbnRyZWUt
YXBpLmNvbYI2YXBwbHktcHJvZC1hcC1zb3V0aGVhc3QtMi5wcm9kdWN0aW9uLmJy
YWludHJlZS1hcGkuY29tgjRhcHBseS1wcm9kLWV1LWNlbnRyYWwtMS5wcm9kdWN0
aW9uLmJyYWludHJlZS1hcGkuY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYI
KwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGww
NKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1n
Ni5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNl
cnZlci1nNi5jcmwwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDov
L29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5k
aWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNy
dDAMBgNVHRMBAf8EAjAAMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEB
CwUAA4IBAQBg9ceYWUA1whOFh5Bk9EMUijjXIlGFsPwe/d+XjY47NGFPqG2+v/kB
d41d+qWtGtKlBFO74L6q9+5zV6CPcI5bbGe5gsSfvczeIikAuST0V3hmqWr6ytcw
kdqU4FqZNFeOh/S9wNNuO5vK9W553VP54I6TOMA6ZA9BP/tRBFneq7IDwuEV3U/8
m8N9G5Bx4qFYKwNAe3HVEbOf1fH9QcCQ8QjLB3uTrF3xxMAjks/zDGcUK0O87ytC
oedT1RQ5OgfYXeFJrq34OeHndZ8W22Y1b9t+AxgiBkGcna1I7iOJqC1TL8cLw/SU
3uqsE/sz7PYcd6rNjkaZkGZzpUOMLySq
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0a+qyBieKVCOomWuIO4K
6rPXKU3ZvXzyQ/w2D41vf1QwIKMgtZg7Jb6cOZkkrb/dKgg3rLcrU57I2DQDuY9X
ykjcTOK6ttQbdgqe6qFmPHNwuigE9kATHR8wUMGNviIs6im6RUlsL82RaUWMgzLq
+3+oUpAQjrA2Ox9dVcVUG4bnkjE3rMTsDMJZguHhzyDLI12AQ4EPAjO019agm5Va
SST6mIQJNsZbCXAboYkdPr/xhXBaREoaEtA2aJcaS1o3WNMW/8lGqZ6VQEyW9sLf
o72NIkgwIslOYNnoj0epgZQuZoBZrR8Wjkudg6/SI72hTp8EobV1klenxYLnG15x
zwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15665861584353196224249649672721922883
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 High Assurance Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-19 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-19 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'San Jose'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'PayPal, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'apply.braintreegateway.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26470430421216483481513387714292904325333528631500003181814009943996252736769662547913264472232530246064324236211060036408516481802870159208820947810609306425467959977607575084873106420931551963374990031890123939669917816465271512823343144518527222195883687315364466521097564112597017930148475374977020512429588771734811213020836667573180227816108578892529113563374710043886713247432947253750545528876242566229110336644548392263741620519387388710760898744760383714171228359035258400034110974444132491571488168301257353044080706239681777411672653979158262423871515279849787041682538414769387700530765484857242236645839
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 5168ff90af0207753cccd9656462a212b859723b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							2d96e9320888380a77d4cefd50ef86ffaebb1edd
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (295 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apply.braintreegateway.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apply-prod-us-east-1.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apply-prod-us-east-2.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apply-prod-us-west-2.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apply-prod-ap-southeast-2.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apply-prod-eu-central-1.production.braintree-api.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0060f5c798594035c21385879064f443148a38d7225185b0fc1efddf978d8e3b34614fa86dbebff901778d5dfaa5ad1ad2a50453bbe0beaaf7ee7357a08f708e5b6c67b982c49fbdccde222900b924f4577866a96afacad73091da94e05a9934578e87f4bdc0d36e3b9bcaf56e79dd53f9e08e9338c03a640f413ffb510459deabb203c2e115dd4ffc9bc37d1b9071e2a1582b03407b71d511b39fd5f1fd41c090f108cb077b93ac5df1c4c02392cff30c67142b43bcef2b42a1e753d514393a07d85de149aeadf839e1e7759f16db66356fdb7e03182206419c9dad48ee2389a82d532fc70bc3f494deeaac13fb33ecf61c77aacd8e4699906673a5438c2f24aa