tp.bulgari.com

- Bulgari S.p.a. -

Issued by DigiCert SHA2 Secure Server CA

About this certificate

This digital certificate with serial number 0b:dc:bf:9b:3b:02:ec:70:a4:6b:c4:9c:77:58:5b:b5 was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Bulgari S.p.a.

Organization: Bulgari S.p.a.
Organization unit: IT Security
State / Province: Rome
Locality: Rome
Country: IT

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0b:dc:bf:9b:3b:02:ec:70:a4:6b:c4:9c:77:58:5b:b5
Serial Number (int): 15767699501374373847713549005696293813
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 8b:1f:77:10:45:b0:f7:24:a6:f8:fe:6e:7d:09:7d:43:8e:50:44:a5
AuthorityKeyId: 0f:80:61:1c:82:31:61:d5:2f:28:e7:8d:46:38:b4:2c:e1:c6:d9:e2

Fingerprint (sha1): 73:c3:b2:8a:2c:94:dd:5a:5a:56:48:73:f9:32:24:37:19:45:4c:1a
Fingerprint (sha256): 26:34:5e:0c:c6:ca:0c:56:e7:fc:d7:6a:36:0f:60:44:fa:ca:01:01:f4:da:a3:4a:2c:51:74:5d:df:de:1f:26

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/ssca-sha2-g6.crl
CRL Distribution Point: http://crl4.digicert.com/ssca-sha2-g6.crl

Check the revocation status for certificate tp.bulgari.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for tp.bulgari.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

tp.bulgari.com
www.tp.bulgari.com

Other certificates including the domain name bulgari.com

(limited to 100 certificates)
my-serpenti-dev.bulgari.com
s2-san.cloudinary.com
cloudinary2.map.fastly.net
serpentiform.bulgari.com
testbasel.bulgari.com
cloudinary2.map.fastly.net
m.bulgari.com
s2-san.cloudinary.com
s2-cloudinary-pin.map.fastly.net
s2-san.cloudinary.com
s2-san.cloudinary.com
*.bulgari.com
cloudinary2.map.fastly.net
s2-san.cloudinary.com
cloudinary2.map.fastly.net
s2-san.cloudinary.com
s4-san.cloudinary.com
bulgari.forma360.it
cloudinary2.map.fastly.net
emi.starclinch.com
testbulgarinetwork.bulgari.com
cloudinary2.map.fastly.net
s4-san.cloudinary.com
s2-san.cloudinary.com
testsotirios.bulgari.com
s2-cloudinary-pin.map.fastly.net
s2-san.cloudinary.com
bwelcome-dev.bulgari.com
illumina.bulgari.com
serpentiform.bulgari.com
s2-san.cloudinary.com
society.bulgari.com
s4-san.cloudinary.com
illumina.bulgari.com
www.serpentiform.bulgari.com
s2-san.cloudinary.com
s2-san.cloudinary.com
learninglab.bulgari.com
s2-san.cloudinary.com
cloudinary2.map.fastly.net
cloudinary2.map.fastly.net
s2-san.cloudinary.com
bulgari-presslounge.com
catalogs.bulgari.com
shop.bulgari.com
s4-san.cloudinary.com
cloudinary2.map.fastly.net
bulgari-presslounge.com
s2-san.cloudinary.com
s2-san.cloudinary.com
illumina.bulgari.com
secure.bulgari.com
s4-san.cloudinary.com
society.bulgari.com
*.bulgari.com
test-learninglab.bulgari.com
cloudinary2.map.fastly.net
mycampus.bulgari.com
cloudinary2.map.fastly.net
IdCycle-qta.bulgari.com
tributetofemininity.bulgari.com
bx1.bulgari.com
bwelcome-ppd.bulgari.com
cloudinary2.map.fastly.net
cloudinary2.map.fastly.net
after-sales-service.bulgari.com
s2-cloudinary-pin.map.fastly.net
gourmet.bulgari.com
BTraceExtRPT.bulgari.com
org-presslounge.bulgari.com
au-we-test.bulgari.com
tp.bulgari.com
sip.bulgari.com
photoboothtouch.bulgari.com
s4-san.cloudinary.com
s2-san.cloudinary.com
touch.bulgari.com
s2-cloudinary-pin.map.fastly.net
s2-san.cloudinary.com
webmail.bulgari.com
photoboothtouch.bulgari.com
cloudinary2.map.fastly.net
tp-qta.bulgari.com
s4-san.cloudinary.com
org-presslounge.bulgari.com
lydir01wsext.bulgari.com
myoffice.bulgari.com
omnia-pink-sapphire.bulgari.com
s2-san.cloudinary.com
s4-san.cloudinary.com
gourmet.bulgari.com
dy.www.bulgari.com
mail.bulgari.com
s2-cloudinary-pin.map.fastly.net
fe.bulgari.com
*.bulgari.com
s2-san.cloudinary.com
asset.bloomnation.com
s4-san.cloudinary.com
s4-san.cloudinary.com

Certificate

The complete raw certificate details for tp.bulgari.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgIQC9y/mzsC7HCka8Scd1hbtTANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTkwNzIyMDAwMDAwWhcN
MjEwNzI2MTIwMDAwWjBzMQswCQYDVQQGEwJJVDENMAsGA1UECBMEUm9tZTENMAsG
A1UEBxMEUm9tZTEXMBUGA1UEChMOQnVsZ2FyaSBTLnAuYS4xFDASBgNVBAsTC0lU
IFNlY3VyaXR5MRcwFQYDVQQDEw50cC5idWxnYXJpLmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAL/qbzLW4dow9ozXPWzQcAdHUgLgTZFOVdVnNg1r
sg04I2crX2qoX9JqAdIetqtDIDuehdFhVvwTKyr118e+TnhGwkgHdUI7aVUJuTVC
YzmNAdcVgULu5mljVWyX1/58JXQF2n6+WpHZ3ucfIjMowyyFWBt8jU7LqkImIMcI
mi7izqGA80qBBegG/BV2/jlJ7n0d2riZPwniV3vCVSaiXrQ6zQJklBzzenbX837k
jSaaINSSVpH2blF7y3ZsBz2ISjhNm/yQP6/srZwYWp1lcOZFPY5GtR/GX1cAOyBw
bmqKxBXQ3PeCW6fNIMmwaAvFYJA3rlQPQmAcIfaii3wJsX0CAwEAAaOCAf4wggH6
MB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBSLH3cQ
RbD3JKb4/m59CX1DjlBEpTAtBgNVHREEJjAkgg50cC5idWxnYXJpLmNvbYISd3d3
LnRwLmJ1bGdhcmkuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGln
aWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRp
Z2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9
bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw
CAYGZ4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29j
c3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdp
Y2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB
/wQCMAAwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAAWc
yjk+Ub/qTNzEyDY0Riw0v4QpqdJ1ipkA2kMvrYMiq6uGUubM/fhLttfRGjjarTHC
JkD9U/HZ1SomrCc6/Elxu6sc6C9BtONR99g4cmrV8I8KSHqxN1Zfi0J6vBiCWtEw
UnEObNB9HoWAcjPt0JUsCXsh3EYLwTbq+TLoKkx8DvJWmBtedAHYPPTqgYGnmJNS
rVRzikenYJsEa2MPm7wgCLEiMQlQ2JgXv9pY2yXJx0VL2V2QzmpEZEkxeoQRMTRY
j5E0SDSpBc79K02jVYnyetATEZ07RqvOf01krP0TlJYlSNhdSJ7izEhXSTIgsJvN
2HXUNDnUW10qLjPatDs=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+pvMtbh2jD2jNc9bNBw
B0dSAuBNkU5V1Wc2DWuyDTgjZytfaqhf0moB0h62q0MgO56F0WFW/BMrKvXXx75O
eEbCSAd1QjtpVQm5NUJjOY0B1xWBQu7maWNVbJfX/nwldAXafr5akdne5x8iMyjD
LIVYG3yNTsuqQiYgxwiaLuLOoYDzSoEF6Ab8FXb+OUnufR3auJk/CeJXe8JVJqJe
tDrNAmSUHPN6dtfzfuSNJpog1JJWkfZuUXvLdmwHPYhKOE2b/JA/r+ytnBhanWVw
5kU9jka1H8ZfVwA7IHBuaorEFdDc94Jbp80gybBoC8VgkDeuVA9CYBwh9qKLfAmx
fQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15767699501374373847713549005696293813
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-22 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-07-26 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Rome'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Rome'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bulgari S.p.a.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IT Security'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'tp.bulgari.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24227120144732597432526248700259321464340963172350862213601255980039884331579499890684533656435025005792583420008765734791722438905436037066215419760944817758843034594186806226821120321012789021438260859714386169206991164092427217510450247923011589768627648289545438436960614961539940023938994227655225770721972650583840581260849177779880993860404961191919072370738008372954357567724245293554853994684292825509699704749522909562200674841568524038185153748471814823986000412411219565746507653989806697628129508185337941618974991921374575435073923008638151276366710138646560100084356831071110836874445644664404557017469
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0f80611c823161d52f28e78d4638b42ce1c6d9e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8b1f771045b0f724a6f8fe6e7d097d438e5044a5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tp.bulgari.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tp.bulgari.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/ssca-sha2-g6.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/ssca-sha2-g6.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (112 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00059cca393e51bfea4cdcc4c83634462c34bf8429a9d2758a9900da432fad8322abab8652e6ccfdf84bb6d7d11a38daad31c22640fd53f1d9d52a26ac273afc4971bbab1ce82f41b4e351f7d838726ad5f08f0a487ab137565f8b427abc18825ad13052710e6cd07d1e85807233edd0952c097b21dc460bc136eaf932e82a4c7c0ef256981b5e7401d83cf4ea8181a7989352ad54738a47a7609b046b630f9bbc2008b122310950d89817bfda58db25c9c7454bd95d90ce6a446449317a84113134588f91344834a905cefd2b4da35589f27ad013119d3b46abce7f4d64acfd1394962548d85d489ee2cc4857493220b09bcdd875d43439d45b5d2a2e33dab43b