sts.ppe.fco.gov.uk

- FCDO Services -

Issued by GlobalSign RSA OV SSL CA 2018

About this certificate

This digital certificate with serial number 20:e9:14:b2:cd:51:ee:3e:9d:c2:e1:69 was issued on by GlobalSign nv-sa.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Apple recommends that certificates be issued with a maximum validity of 397 days. TLS server certificates issued on or after September 1, 2020 00:00 GMT/UTC should not have a validity period greater than 397 days (https://support.apple.com/en-us/HT211025)

FCDO Services

Organization: FCDO Services
State / Province: Buckinghamshire
Locality: Milton Keynes
Country: GB

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 20:e9:14:b2:cd:51:ee:3e:9d:c2:e1:69
Serial Number (int): 10185297775898221513694962025
Serial Number lenght: 94 bits, 12 octets

SubjectKeyId: 40:59:b9:6e:b9:6e:c1:59:74:29:22:d6:bb:d0:c4:ba:c9:8f:e5:3e
AuthorityKeyId: f8:ef:7f:f2:cd:78:67:a8:de:6f:8f:24:8d:88:f1:87:03:02:b3:eb

Fingerprint (sha1): ea:04:b9:aa:26:05:e9:a6:98:1a:d2:aa:7e:71:da:d5:72:69:11:37
Fingerprint (sha256): 25:08:1d:8c:28:43:d6:23:80:80:c1:81:10:81:dc:e3:a5:e4:43:61:00:bd:b3:df:c1:f0:e2:a7:af:c6:15:7a

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt

Revocation information

OCSP Server: http://ocsp.globalsign.com/gsrsaovsslca2018
CRL Distribution Point: http://crl.globalsign.com/gsrsaovsslca2018.crl

Check the revocation status for certificate sts.ppe.fco.gov.uk

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for sts.ppe.fco.gov.uk

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

sts.ppe.fco.gov.uk

Other certificates including the domain name fco.gov.uk

(limited to 100 certificates)
protocol.fco.gov.uk
blogs.fco.gov.uk
blogs.fcdo.gov.uk
blogs.fcdo.gov.uk
gitlab.dev.hub.fco.gov.uk
vle.fco.gov.uk
api.cistest.fco.gov.uk
vle.fco.gov.uk
nexus.dev.hub.fco.gov.uk
securelogin.wifi.fco.gov.uk
crisis.hub.fco.gov.uk
link.cistest.fco.gov.uk
vle.fco.gov.uk
vle.fco.gov.uk
pyramiddr.fco.gov.uk
api.cistest.fco.gov.uk
vetting.fco.gov.uk
*.myna.fco.gov.uk
ci.crisis.dev.hub.fco.gov.uk
*.hub.fco.gov.uk
mx.ppe.fco.gov.uk
*.visa4uk.fco.gov.uk
blogs.fcdo.gov.uk
nexus.dev.hub.fco.gov.uk
vle.fco.gov.uk
vetting.fco.gov.uk
*.hub.fco.gov.uk
www.chevening.fco.gov.uk
jira.dev.hub.fco.gov.uk
confluence.dev.hub.fco.gov.uk
sip.ppe.fco.gov.uk
blogs.fcdo.gov.uk
web-analytics.fco.gov.uk
ci.crisis.dev.hub.fco.gov.uk
*.sharepoint.cloud.fco.gov.uk
blogs.fcdo.gov.uk
protocol.fcdo.gov.uk
servicenowtest.fcos.gov.uk
crisis.hub.fco.gov.uk
*.fconet.fco.gov.uk
nexus.dev.hub.fco.gov.uk
terminal.fco.gov.uk
vle.fco.gov.uk
*.fconet.fco.gov.uk
portal.wifi.fco.gov.uk
internationalmedia.fco.gov.uk
www.locate.fco.gov.uk
servicenowtest.fcos.gov.uk
protocol.fcdo.gov.uk
nexus.dev.hub.fco.gov.uk
hspinternet.fco.gov.uk
*.visa4uk.fco.gov.uk
jira.dev.hub.fco.gov.uk
*.estate.fco.gov.uk
blogs.fcdo.gov.uk
*.estate.fco.gov.uk
protocol.fco.gov.uk
ist.crisis.hub.fco.gov.uk
exercise.crisis.hub.fco.gov.uk
hspinternet.fco.gov.uk
web-analytics.fco.gov.uk
jira.dev.hub.fco.gov.uk
ftp.bacs.services.fco.gov.uk
*.os-insight.fco.gov.uk
*.visa4uk.fco.gov.uk
exercise.consular.hub.fco.gov.uk
vle-test.fco.gov.uk
uat.crisis.dev.hub.fco.gov.uk
protocol.fco.gov.uk
protocol.fcdo.gov.uk
vle.fco.gov.uk
local.crisis.dev.hub.fco.gov.uk
transfer.cistest.fco.gov.uk
etdc.cis.fco.gov.uk
exercise.crisis.hub.fco.gov.uk
*.fco.gov.uk
crisis.hub.fco.gov.uk
blogs.fcdo.gov.uk
protocol.fcdo.gov.uk
sts.ppe.fco.gov.uk
ist.crisis.hub.fco.gov.uk
crisis.hub.fco.gov.uk
protocol.fco.gov.uk
blogs.fcdo.gov.uk
blogs.fco.gov.uk
api.cis.fco.gov.uk
*.visa4uk.fco.gov.uk
wasp.wifi.fco.gov.uk
portal.estate.fco.gov.uk
pyramid.fco.gov.uk
protocol.fco.gov.uk
pyramid.fco.gov.uk
jira.dev.hub.fco.gov.uk
*.consular.fco.gov.uk
nightly.crisis.dev.hub.fco.gov.uk
*.hub.fco.gov.uk
exercise.crisis.hub.fco.gov.uk
nexus.dev.hub.fco.gov.uk
nightly.crisis.dev.hub.fco.gov.uk
estate.fco.gov.uk

Certificate

The complete raw certificate details for sts.ppe.fco.gov.uk in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIMIOkUss1R7j6dwuFpMA0GCSqGSIb3DQEBCwUAMFAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1H
bG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yMTAyMjQxMDQ1MTNaFw0y
MjAzMjgxMDQ1MTNaMHQxCzAJBgNVBAYTAkdCMRgwFgYDVQQIEw9CdWNraW5naGFt
c2hpcmUxFjAUBgNVBAcTDU1pbHRvbiBLZXluZXMxFjAUBgNVBAoTDUZDRE8gU2Vy
dmljZXMxGzAZBgNVBAMTEnN0cy5wcGUuZmNvLmdvdi51azCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJkALF4lU2T87d4yjKvQ5HB3jPj3IwXzQOQS/FDR
3zY9q1AH6p7CslVVfKAQ+c4vtV1kON++Xv4kuWmOg22kX4eSOXsbJ1SyXcgeORKV
vBnI4KTUo9SD1r1UOc9qPqmpSQ1tLQ/rXxafWP3Xl61bxPAnZezzQ/O0rsK5mh4n
a+rezGlyOEGCwjHliv6349OzLckRs5QgV8ELEBz4zdmhL3B8vkS04QKsvi2VWqjC
dwynoK9/8nKCgKjQSJmQ+G1nGCSf67dPTYR0P5JFHuPlslDqqSFw8v/SqqPB63NV
dDchkqQTcK1Qo917myBiW+p3fqT/Gw4El8/3ig2dA4kWZEkCAwEAAaOCAdwwggHY
MA4GA1UdDwEB/wQEAwIFoDCBjgYIKwYBBQUHAQEEgYEwfzBEBggrBgEFBQcwAoY4
aHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nyc2FvdnNzbGNh
MjAxOC5jcnQwNwYIKwYBBQUHMAGGK2h0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29t
L2dzcnNhb3Zzc2xjYTIwMTgwVgYDVR0gBE8wTTBBBgkrBgEEAaAyARQwNDAyBggr
BgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8w
CAYGZ4EMAQICMAkGA1UdEwQCMAAwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2Ny
bC5nbG9iYWxzaWduLmNvbS9nc3JzYW92c3NsY2EyMDE4LmNybDAdBgNVHREEFjAU
ghJzdHMucHBlLmZjby5nb3YudWswHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMB8GA1UdIwQYMBaAFPjvf/LNeGeo3m+PJI2I8YcDArPrMB0GA1UdDgQWBBRA
WbluuW7BWXQpIta70MS6yY/lPjATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG
9w0BAQsFAAOCAQEAHeKClvCE8+6VQ8End8/FJmDE85K0Bhe/CbxhXE8ckujQ1yon
8hfIARmxNLFyFpLNJ3Xn7ow/GwI9hSPNqTT91e1EHPzn87s28rQrJIWbXsUIyszG
xo2sO+1f5lk5bO39zbeqIN4vg2e5yMVjS5i+PtZnMBeicWfQLpRlu1d2MUF+x4qS
F9xj4lb/9GBL88zedl4MxawgaTWKXFLJHbVRdg037rGDVU0UlVJ1oBpv4kk3Hsu9
uVWqL+QD1TS9spCbBL89UyLjGaePgU3EwQW5kajKuEKOsmeTJ2IiLQLGHejdz8P3
qxerzLuTzJ93BLLJOBx8CN89av+iSXlF72mOoA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQAsXiVTZPzt3jKMq9Dk
cHeM+PcjBfNA5BL8UNHfNj2rUAfqnsKyVVV8oBD5zi+1XWQ4375e/iS5aY6DbaRf
h5I5exsnVLJdyB45EpW8GcjgpNSj1IPWvVQ5z2o+qalJDW0tD+tfFp9Y/deXrVvE
8Cdl7PND87SuwrmaHidr6t7MaXI4QYLCMeWK/rfj07MtyRGzlCBXwQsQHPjN2aEv
cHy+RLThAqy+LZVaqMJ3DKegr3/ycoKAqNBImZD4bWcYJJ/rt09NhHQ/kkUe4+Wy
UOqpIXDy/9Kqo8Hrc1V0NyGSpBNwrVCj3XubIGJb6nd+pP8bDgSXz/eKDZ0DiRZk
SQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 10185297775898221513694962025
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign RSA OV SSL CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-02-24 10:45:13 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-03-28 10:45:13 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Buckinghamshire'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Milton Keynes'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FCDO Services'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'sts.ppe.fco.gov.uk'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19314546122918001609934296052381163078476500445290704372073401892407750795371687909694773763157620909551449006151737919726268027067552160326386979697040699411081301390230431861774358484160300573749748769752775319458718877660494142364483113706457954736243489696711320670122371943301090685365302560472705762143602741934201258075792043997424808849510413162495135636770704546450780671483489427677117082408872264362793215500330955440770235246752127690393486893957958467513306107281940104367797407810936466248252393301562688695014392481160201796368092048318897912293106792613679365837366703700447743237476843611724547777609
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (129 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.globalsign.com/gsrsaovsslca2018'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gsrsaovsslca2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sts.ppe.fco.gov.uk'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f8ef7ff2cd7867a8de6f8f248d88f1870302b3eb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							4059b96eb96ec159742922d6bbd0c4bac98fe53e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001de28296f084f3ee9543c12777cfc52660c4f392b40617bf09bc615c4f1c92e8d0d72a27f217c80119b134b1721692cd2775e7ee8c3f1b023d8523cda934fdd5ed441cfce7f3bb36f2b42b24859b5ec508caccc6c68dac3bed5fe659396cedfdcdb7aa20de2f8367b9c8c5634b98be3ed6673017a27167d02e9465bb577631417ec78a9217dc63e256fff4604bf3ccde765e0cc5ac2069358a5c52c91db551760d37eeb183554d14955275a01a6fe249371ecbbdb955aa2fe403d534bdb2909b04bf3d5322e319a78f814dc4c105b991a8cab8428eb267932762222d02c61de8ddcfc3f7ab17abccbb93cc9f7704b2c9381c7c08df3d6affa2497945ef698ea0