*.ibo.nyc.ny.us

- Independent Budget Office -

Issued by GeoTrust RSA CA 2018

About this certificate

This digital certificate with serial number 01:b5:09:4a:9d:16:57:79:ee:69:31:33:4d:2a:80:e6 was issued on by DigiCert Inc.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Independent Budget Office

Organization: Independent Budget Office
State / Province: New York
Locality: New York
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 01:b5:09:4a:9d:16:57:79:ee:69:31:33:4d:2a:80:e6
Serial Number (int): 2269222180366334599364680902995771622
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: b9:0b:d9:22:42:99:7b:17:2f:df:23:48:5f:66:7b:a9:b8:14:da:20
AuthorityKeyId: 90:58:ff:b0:9c:75:a8:51:54:77:b1:ed:f2:a3:43:16:38:9e:6c:c5

Fingerprint (sha1): 76:53:25:c8:eb:e0:20:fe:50:03:5c:aa:e6:44:95:18:09:2f:6b:95
Fingerprint (sha256): 27:75:2a:8c:48:b2:0b:f5:9e:05:cf:f7:47:99:ef:14:12:b3:d1:86:c8:ae:92:6c:b2:48:00:2e:ec:86:af:61

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustRSACA2018.crl

Check the revocation status for certificate *.ibo.nyc.ny.us

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.ibo.nyc.ny.us

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.ibo.nyc.ny.us

Other certificates including the domain name nyc.ny.us

(limited to 100 certificates)
iboremote2.ibo.nyc.ny.us
iboremote2.ibo.nyc.ny.us
www.tac.nyc.ny.us
42fw.boe.nyc.ny.us
*.ibo.nyc.ny.us
owa.trs.nyc.ny.us
ibo.nyc.ny.us
*.trs.nyc.ny.us
ctxdr.council.nyc.ny.us
qns.boe.nyc.ny.us
42fw.boe.nyc.ny.us
ctx.council.nyc.ny.us
hope.nyc.ny.us
*.trs.nyc.ny.us
*.trs.nyc.ny.us
*.ibo.nyc.ny.us
mail.trinityschoolnyc.org
mail.council.nyc.gov
*.ibo.nyc.ny.us
vote.nyc.ny.us
wm.ibo.nyc.ny.us
*.hope.nyc.ny.us
iboremote.ibo.nyc.ny.us
*.trs.nyc.ny.us
*.ibo.nyc.ny.us
ctx.council.nyc.ny.us
home.nyc.ny.us
ibo.nyc.ny.us
owa.trs.nyc.ny.us
*.council.nyc.ny.us
ibo.nyc.ny.us
ibo.nyc.ny.us
ibo.nyc.gov
wm.ibo.nyc.ny.us
*.trs.nyc.ny.us
hope.nyc.ny.us
42fw.boe.nyc.ny.us
*.ibo.nyc.ny.us
ibo.nyc.ny.us
ibomail.ibo.nyc.ny.us
*.vote.nyc
vote.nyc.ny.us
*.trs.nyc.ny.us
www.trs.nyc.ny.us
owa.trs.nyc.ny.us
*.ibo.nyc.ny.us
*.hope.nyc.ny.us
owa.trs.nyc.ny.us
mail.council.nyc.gov
owa.boe.nyc
www.trs.nyc.ny.us
www.tac.nyc.ny.us
owa.trs.nyc.ny.us
ibomail.ibo.nyc.ny.us
hope.nyc.ny.us
42fw.boe.nyc.ny.us
www.hope.nyc.ny.us
hope.nyc.ny.us
ibo.nyc.ny.us
ibo.nyc.ny.us
vote.nyc.ny.us
queens.boe.nyc.ny.us
ibo.nyc.ny.us
hope.nyc.ny.us
*.ibo.nyc.ny.us
vote.nyc.ny.us
ctx.council.nyc.ny.us
pullrequest.hope.nyc.ny.us
ibo.nyc.ny.us
ibo.nyc.ny.us
ibo.nyc.ny.us
hope.nyc.ny.us
*.council.nyc.ny.us
webmail.ibo.nyc.ny.us
queens.boe.nyc.ny.us
ibomail.ibo.nyc.ny.us
*.ibo.nyc.ny.us
iboremote2.ibo.nyc.ny.us
ibo.nyc.ny.us
*.ibo.nyc.ny.us
ibo.nyc.ny.us
vote.nyc.ny.us
ibo.nyc.ny.us
ibo.nyc.ny.us
hope.nyc.ny.us
ibo.nyc.ny.us
www.trs.nyc.ny.us
42fw.boe.nyc.ny.us
*.ibo.nyc.ny.us
www.tac.nyc.ny.us
mail.council.nyc.gov
owa.trs.nyc.ny.us
*.hope.nyc.ny.us
*.ibo.nyc.ny.us
ctxdr.council.nyc.ny.us
webmail.ibo.nyc.ny.us
42fw.boe.nyc.ny.us
www.tac.nyc.ny.us
vote.nyc.ny.us
tailor.home.nyc.ny.us

Certificate

The complete raw certificate details for *.ibo.nyc.ny.us in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGbTCCBVWgAwIBAgIQAbUJSp0WV3nuaTEzTSqA5jANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe
Fw0yMzAyMDIwMDAwMDBaFw0yNDAxMDYyMzU5NTlaMHExCzAJBgNVBAYTAlVTMREw
DwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxIjAgBgNVBAoTGUlu
ZGVwZW5kZW50IEJ1ZGdldCBPZmZpY2UxGDAWBgNVBAMMDyouaWJvLm55Yy5ueS51
czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOPOZLUhpjHAKEpyFh8I
LjU3RXIVf6mwdYVHXGElmUIIx95+EcMZFaOsfZZVug9yJ+j1WZvBsszm1SmhvzdW
CveKNKobINHoF/hiQJORoz30JVbyMVYgalITamajgZDGZc7B22NMulJNXaSQ904o
8/X131y1q5hj4TqIXWKqGBdgxk96Ul53IpsbmvhRIVvqNtJtYIBcpyx6LBco4KsD
pI1ez+kznOfbqmAhmV32RmWL7VpLEY/LVi3S6fJgi9h3mJMDCsYuXIcjS/TndQxO
5LE/OKFFXlho+1EY0vCYQqRpqfL0bE3/IPsbT7lhwe8qYRFaIoKBdodIwTwB8g8R
wlsCAwEAAaOCAxIwggMOMB8GA1UdIwQYMBaAFJBY/7CcdahRVHex7fKjQxY4nmzF
MB0GA1UdDgQWBBS5C9kiQpl7Fy/fI0hfZnupuBTaIDAaBgNVHREEEzARgg8qLmli
by5ueWMubnkudXMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vY2RwLmdlb3RydXN0
LmNvbS9HZW9UcnVzdFJTQUNBMjAxOC5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIw
KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHUGCCsG
AQUFBwEBBGkwZzAmBggrBgEFBQcwAYYaaHR0cDovL3N0YXR1cy5nZW90cnVzdC5j
b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9jYWNlcnRzLmdlb3RydXN0LmNvbS9HZW9U
cnVzdFJTQUNBMjAxOC5jcnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFt
BIIBaQFnAHUA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGGFBEj
ewAABAMARjBEAiApg8NR1HNP8U/Cbh6LLNvVbSqwarLKQTCMbMLFB0daGwIgM9xA
wNyg3VlZa4fv375bAk/+OCmHXgk2Y2EbUfMs0Y0AdgBz2Z6JG0yWeKAgfUed5rLG
HNBRXnEZKoxrgBB6wXdytQAAAYYUESOnAAAEAwBHMEUCIQCLiI4qNbC6RavNfrhD
uar/dxO6QDKtJCwQqC822cdxTAIgFsHMNjR2C29iogBaAXjZtnFAvWMGPD7hV6J2
XTUOMocAdgBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAYYUESNa
AAAEAwBHMEUCIQCoszBoHEy6lUndOrMzxe7vqszsG64R5jSOeQ5DDYUCAwIgPn6p
eQ1r9DgsLx/fLaV1nn/Tp/Wa01uyYmKVi3RPBjQwDQYJKoZIhvcNAQELBQADggEB
AEUiTJr7S5WS4qHtbbs3XlnDS9DwIv446O6njxlUubUM4iCOvO/HTlubmBjl/Lxz
xkr7tJptANu/MBuMWmtkudtDjPd/vbiBrNQV/Aoh/g/ZpI/AWWpPsmupiPj40GdQ
0Zco8DeuJbxh+jkznyIYU7L44yP8KROp4os6yS3R+SQhfVOIW0ALPlWBnNPdimSs
BDui1oH6Bj7MqaKh/ke3byt7B+MEc3bZWkk9JxfZZd/WvJDExYcnJ2SA5QMwxJLO
nWPLwh+TwGeUDIq8IgYRANGiXplUd5oKjisoL7/PYpHO2rzCfGuUIWcuIFvYgIAK
wYyblv7hZpiuLp0tXptnlLI=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA485ktSGmMcAoSnIWHwgu
NTdFchV/qbB1hUdcYSWZQgjH3n4RwxkVo6x9llW6D3In6PVZm8GyzObVKaG/N1YK
94o0qhsg0egX+GJAk5GjPfQlVvIxViBqUhNqZqOBkMZlzsHbY0y6Uk1dpJD3Tijz
9fXfXLWrmGPhOohdYqoYF2DGT3pSXncimxua+FEhW+o20m1ggFynLHosFyjgqwOk
jV7P6TOc59uqYCGZXfZGZYvtWksRj8tWLdLp8mCL2HeYkwMKxi5chyNL9Od1DE7k
sT84oUVeWGj7URjS8JhCpGmp8vRsTf8g+xtPuWHB7yphEVoigoF2h0jBPAHyDxHC
WwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2269222180366334599364680902995771622
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-02-02 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-06 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Independent Budget Office'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.ibo.nyc.ny.us'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28757871600592880852934935009652773750085928900609631817812384840398952459162908220682627209634098321532430985634913025712365473359091586918704056369357608930398992447359930897753172951185690475543325791029296903534727836780016571314827839010098529029081022909624247142866420612237922024718751880039715021179664895968116720805533402989246049444651823340723772775875695683145113471055735144518619834357343446704296210208677127675191356270967108698651890143325681952836397338203626905441175533881921772544929126606277167010025546992360202023813399411954447356071927447430950029134676164858049362668071333261274950779483
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9058ffb09c75a8515477b1edf2a34316389e6cc5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b90bd92242997b172fdf23485f667ba9b814da20
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (19 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ibo.nyc.ny.us'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b000001861411237b000004030046304402202983c351d4734ff14fc26e1e8b2cdbd56d2ab06ab2ca41308c6cc2c507475a1b022033dc40c0dca0dd59596b87efdfbe5b024ffe3829875e093663611b51f32cd18d00760073d99e891b4c9678a0207d479de6b2c61cd0515e71192a8c6b80107ac17772b500000186141123a700000403004730450221008b888e2a35b0ba45abcd7eb843b9aaff7713ba4032ad242c10a82f36d9c7714c022016c1cc3634760b6f62a2005a0178d9b67140bd63063c3ee157a2765d350e328700760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d88473000001861411235a0000040300473045022100a8b330681c4cba9549dd3ab333c5eeefaaccec1bae11e6348e790e430d85020302203e7ea9790d6bf4382c2f1fdf2da5759e7fd3a7f59ad35bb26262958b744f0634
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0045224c9afb4b9592e2a1ed6dbb375e59c34bd0f022fe38e8eea78f1954b9b50ce2208ebcefc74e5b9b9818e5fcbc73c64afbb49a6d00dbbf301b8c5a6b64b9db438cf77fbdb881acd415fc0a21fe0fd9a48fc0596a4fb26ba988f8f8d06750d19728f037ae25bc61fa39339f221853b2f8e323fc2913a9e28b3ac92dd1f924217d53885b400b3e55819cd3dd8a64ac043ba2d681fa063ecca9a2a1fe47b76f2b7b07e3047376d95a493d2717d965dfd6bc90c4c58727276480e50330c492ce9d63cbc21f93c067940c8abc22061100d1a25e9954779a0a8e2b282fbfcf6291cedabcc27c6b9421672e205bd880800ac18c9b96fee16698ae2e9d2d5e9b6794b2