at-vaillant-cssp-stage.vaillant-group.com

Issued by AlphaSSL CA - SHA256 - G2

About this certificate

This digital certificate with serial number 17:38:aa:23:6d:28:31:a1:0e:1a:99:57 was issued on by GlobalSign nv-sa.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=at-vaillant-cssp-stage.vaillant-group.com,OU=Domain Control Validated,C=DE

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 17:38:aa:23:6d:28:31:a1:0e:1a:99:57
Serial Number (int): 7186658527593077550972836183
Serial Number lenght: 93 bits, 12 octets

SubjectKeyId: d8:69:48:d3:22:6d:48:e9:e0:6d:b6:21:76:74:0b:67:15:67:d1:4f
AuthorityKeyId: f5:cd:d5:3c:08:50:f9:6a:4f:3a:b7:97:da:56:83:e6:69:d2:68:f7

Fingerprint (sha1): c6:24:ed:70:53:3e:e0:b5:1c:75:02:31:70:9b:5e:42:78:eb:3a:e4
Fingerprint (sha256): 26:19:38:be:fb:9d:65:26:c5:96:03:14:3f:29:ce:f5:d3:52:f8:b2:8f:f2:6c:da:8e:8d:78:22:d6:14:19:9b

Issuing Certificate URL: http://secure2.alphassl.com/cacert/gsalphasha2g2r1.crt

Revocation information

OCSP Server: http://ocsp2.globalsign.com/gsalphasha2g2
CRL Distribution Point: http://crl2.alphassl.com/gs/gsalphasha2g2.crl

Check the revocation status for certificate at-vaillant-cssp-stage.vaillant-group.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for at-vaillant-cssp-stage.vaillant-group.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

at-vaillant-cssp-stage.vaillant-group.com

Other certificates including the domain name vaillant-group.com

(limited to 100 certificates)
wrm3.vaillant-group.com
sip.eb-com.com
vstart.vaillant-group.com
*.gorecord.vaillant-group.com
pool04.eb-com.com
ga.vaillant-group.com
*.vaillant-group.com
cn-shanghai-800b.vaillant-group.com
ga.vaillant-group.com
access.vaillant-group.com
jobs.vaillant-group.com
supplierquality.vaillant-group.com
*.vaillant-group.com
gb-vaillant-cssp-stage.vaillant-group.com
*.dia.vaillant-group.com
sip.eb-com.com
sync.vaillant-group.com
pool04.eb-com.com
sip.eb-com.com
jobs.vaillant-group.com
prometheus.apidev-dev.azure.vaillant-group.com
pool04.eb-com.com
www.vaillant.com
mdm.vaillant-group.com
mender.prod.azure.vaillant-group.com
akamai-san150.exacttarget.com
sync.vaillant-group.com
pool04.eb-com.com
jobs.vaillant-group.com
mailcrypt.vaillant-group.com
pool04.eb-com.com
pool04.eb-com.com
*.sslvpn.vaillant-group.com
sip.eb-com.com
san-18-s50.tlsprovisioning.exacttarget.com
sip.eb-com.com
www.vaillant.lt
www.vaillant.com
groupnet.vaillant-group.com
webshare.vaillant-group.com
sip.eb-com.com
tsbc-uk-be2.vaillant-group.com
ldaps.vaillant-group.com
groupspace.vaillant-group.com
www.vaillant-group.com
www.vaillant.com
dk-vaillant-cssp-stage.vaillant-group.com
mdm.vaillant-group.com
be-vaillant-cssp-stage.vaillant-group.com
pool04.eb-com.com
mdm.vaillant-group.com
vstart.vaillant-group.com
grafana.apidev-dev.azure.vaillant-group.com
pool04.eb-com.com
jira.vaillant-group.com
merchandising.vaillant-group.com
be-vaillant-cssp-stage.vaillant-group.com
www.vaillant.lt
vstart.vaillant-group.com
*.vaillant-group.com
akamai-san150.exacttarget.com
sip.eb-com.com
pool04.eb-com.com
sip.eb-com.com
awb.consent-portal-dev.azure.vaillant-group.com
sip.eb-com.com
www.vaillant.com
pool04.eb-com.com
at-vaillant-cssp-stage.vaillant-group.com
webshare.vaillant-group.com
mailcrypt.vaillant-group.com
futureclima.ziggu.app
jobs.vaillant-group.com
*.sslvpn.vaillant-group.com
pool04.eb-com.com
vaillant-demo.bee2bee.vaillant-group.com
sip.eb-com.com
jira.vaillant-group.com
jira-test.vaillant-group.com
vstart.vaillant-group.com
sds.vaillant-group.com
pool04.eb-com.com
vstart.vaillant-group.com
t04int01.vaillant-group.com
sip.eb-com.com
pool04.eb-com.com
*.gorecord.vaillant-group.com
*.vaillant-group.com
pool04.eb-com.com
sentry2.vaillant-group.com
sip.eb-com.com
*.gorecord.vaillant-group.com
teamshare.vaillant-group.com
pool04.eb-com.com
pool04.eb-com.com
sip.eb-com.com
sip.eb-com.com
sip.eb-com.com
sip.eb-com.com
be-bulex-cssp-stage.vaillant-group.com

Certificate

The complete raw certificate details for at-vaillant-cssp-stage.vaillant-group.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGlDCCBXygAwIBAgIMFziqI20oMaEOGplXMA0GCSqGSIb3DQEBCwUAMEwxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlB
bHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcyMB4XDTE4MDcyNTE2NTEwM1oXDTIwMDcy
NTE2NTEwM1owZDELMAkGA1UEBhMCREUxITAfBgNVBAsTGERvbWFpbiBDb250cm9s
IFZhbGlkYXRlZDEyMDAGA1UEAxMpYXQtdmFpbGxhbnQtY3NzcC1zdGFnZS52YWls
bGFudC1ncm91cC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx
oenrEyJ5TOrjNNen6I1mSglbMIa2w5eL6HC1MnwhBR3yD7wE2wcxfTJeGBcNNIp2
EXnK5y42qGfAZ6sS8NT3PTL2RmP604tSSTBtilJjNNNmtAp4svNlLZNNMdR07AAG
TBOH6nYCxJ+KeKc+3PyY2/ej3bftvIv9ugfjfQkgEOzyjTg2lHcTP9/1JX39HcNE
TLqgTmHjRSkpN9Dh9IlYBYlbeGOkeHchtGjPDlde5O2UccUWPcOi5bbfgE3YHHkY
FdSGotKdf2ow+EmKEQhfnpZIEp8tUUtn7Pbyzt+sA4JUUQtpoul+sGXl1ak5YOGw
quVk67/KF2ML/M+2ft4pAgMBAAGjggNcMIIDWDAOBgNVHQ8BAf8EBAMCBaAwgYkG
CCsGAQUFBwEBBH0wezBCBggrBgEFBQcwAoY2aHR0cDovL3NlY3VyZTIuYWxwaGFz
c2wuY29tL2NhY2VydC9nc2FscGhhc2hhMmcycjEuY3J0MDUGCCsGAQUFBzABhilo
dHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3NhbHBoYXNoYTJnMjBXBgNVHSAE
UDBOMEIGCisGAQQBoDIBCgowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xv
YmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwPgYD
VR0fBDcwNTAzoDGgL4YtaHR0cDovL2NybDIuYWxwaGFzc2wuY29tL2dzL2dzYWxw
aGFzaGEyZzIuY3JsMDQGA1UdEQQtMCuCKWF0LXZhaWxsYW50LWNzc3Atc3RhZ2Uu
dmFpbGxhbnQtZ3JvdXAuY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAdBgNVHQ4EFgQU2GlI0yJtSOngbbYhdnQLZxVn0U8wHwYDVR0jBBgwFoAU9c3V
PAhQ+WpPOreX2laD5mnSaPcwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB3AFWB
1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZNJZ65UAAAQDAEgwRgIh
ALPsky4yHNwXWX1y0Ab4qVgTFpHMpZjHTf8EFUrn2k0+AiEArfpV+zCKaHSrodUI
W52NKxe/LdCj7GqqVD4zzrhtyscAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jj
d80OyA3cEAAAAWTSWelTAAAEAwBHMEUCIBBb0IVvQ7L2Ztr7gpY9Qf4wgMgZK0TE
/eI1KcXOhOeqAiEA/M0JvLoolImIJ2jhqCZNC0sv7y63IfOCvfLukFZhUEMAdgBv
U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWTSWevEAAAEAwBHMEUC
IQDUzNi4yfoqyr3WDKvxTG/DQ9DlWL2UVMOMOCEigfpvIAIgM6FhBHZH3KpZD9Uh
y8XTy1ZG61DNHrbwH2ng6lKSMXMwDQYJKoZIhvcNAQELBQADggEBAL5+6oNM2ATM
LqwxgLdYLfxvhGE9NqVBEfOaHmwqs4z5nYyiZdhgnFbpBZPSVMZOjEeoXr5HUO+1
VQHEpiNzobWaecvqjms3H2SmRiK3KXBFvwL7ACO6yRHXqz8I2jfoExZt5/fjFW8i
8ooJyf7Chq3VJ3EQtuX3mTe7sf8VzM8If9TC97ZlSaS/kSF/TAtcn6wO72SAZ0Dg
l2zCauCRbCfy0aumHEDe9nic5Tm+h8Qs1jZgmoCEXJwb6nKWI6AXg1KSCXDzT91x
/bmEk3EaI4+Dm7+yEd03T9ISm85ScauZ2vT0Ui/eWwxinxh1n2zCl0j4PmPaigcC
ogQbCuDS7us=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaHp6xMieUzq4zTXp+iN
ZkoJWzCGtsOXi+hwtTJ8IQUd8g+8BNsHMX0yXhgXDTSKdhF5yucuNqhnwGerEvDU
9z0y9kZj+tOLUkkwbYpSYzTTZrQKeLLzZS2TTTHUdOwABkwTh+p2AsSfininPtz8
mNv3o9237byL/boH430JIBDs8o04NpR3Ez/f9SV9/R3DREy6oE5h40UpKTfQ4fSJ
WAWJW3hjpHh3IbRozw5XXuTtlHHFFj3DouW234BN2Bx5GBXUhqLSnX9qMPhJihEI
X56WSBKfLVFLZ+z28s7frAOCVFELaaLpfrBl5dWpOWDhsKrlZOu/yhdjC/zPtn7e
KQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 7186658527593077550972836183
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'AlphaSSL CA - SHA256 - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-07-25 16:51:03 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-07-25 16:51:03 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Domain Control Validated'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'at-vaillant-cssp-stage.vaillant-group.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22424022621543267252326112507724537549040885829169311396189150077636904973253109044610565020047209548180733961481101231130401389322524948547792658839837041105963805376413821286740816026860852894057228571495950335148591983785800003740051405545128137233857934359665979318062493512663554708732786460052875814022070755223406920291731470210064744982095256395369075650859871714658193312806089792454775975051697260400546682381906497774958774773257638836151213296387078869811831464831203382942695396484562156364537187806532530050366438931137574869975174735121102641683114396541365327127278201507730858299330501120415988899369
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (125 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure2.alphassl.com/cacert/gsalphasha2g2r1.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsalphasha2g2'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (80 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.10.10 (Domain Validation Certificates Policy - AlphaSSL)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl2.alphassl.com/gs/gsalphasha2g2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (45 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'at-vaillant-cssp-stage.vaillant-group.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d86948d3226d48e9e06db62176740b671567d14f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f5cdd53c0850f96a4f3ab797da5683e669d268f7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							01690077005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000164d259eb950000040300483046022100b3ec932e321cdc17597d72d006f8a958131691cca598c74dff04154ae7da4d3e022100adfa55fb308a6874aba1d5085b9d8d2b17bf2dd0a3ec6aaa543e33ceb86dcac7007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000164d259e95300000403004730450220105bd0856f43b2f666dafb82963d41fe3080c8192b44c4fde23529c5ce84e7aa022100fccd09bcba289489882768e1a8264d0b4b2fef2eb721f382bdf2ee90566150430076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d91300000164d259ebc40000040300473045022100d4ccd8b8c9fa2acabdd60cabf14c6fc343d0e558bd9454c38c38212281fa6f20022033a161047647dcaa590fd521cbc5d3cb5646eb50cd1eb6f01f69e0ea52923173
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00be7eea834cd804cc2eac3180b7582dfc6f84613d36a54111f39a1e6c2ab38cf99d8ca265d8609c56e90593d254c64e8c47a85ebe4750efb55501c4a62373a1b59a79cbea8e6b371f64a64622b7297045bf02fb0023bac911d7ab3f08da37e813166de7f7e3156f22f28a09c9fec286add5277110b6e5f79937bbb1ff15cccf087fd4c2f7b66549a4bf91217f4c0b5c9fac0eef64806740e0976cc26ae0916c27f2d1aba61c40def6789ce539be87c42cd636609a80845c9c1bea729623a0178352920970f34fdd71fdb98493711a238f839bbfb211dd374fd2129bce5271ab99daf4f4522fde5b0c629f18759f6cc29748f83e63da8a0702a2041b0ae0d2eeeb