www.healthcare.gov

- Centers for Medicare & Medicaid Services -

Issued by GeoTrust SSL CA - G3

About this certificate

This digital certificate with serial number 09:33:85:f5:1f:74:60:2f:6e:7c:88:05:ae:79:24:7e was issued on by GeoTrust Inc..

With 70 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

Centers for Medicare & Medicaid Services

Organization: Centers for Medicare & Medicaid Services
Organization unit: OIS
State / Province: Maryland
Locality: Baltimore
Country: US

GeoTrust Inc.

Organization: GeoTrust Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 09:33:85:f5:1f:74:60:2f:6e:7c:88:05:ae:79:24:7e
Serial Number (int): 12230576082961345653796123122293351550
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: d2:6f:f7:96:f4:85:3f:72:3c:30:7d:23:da:85:78:9b:a3:7c:5a:7c

Fingerprint (sha1): de:ad:1b:a6:22:86:ea:d5:21:af:3d:57:24:e7:57:e4:d3:1d:cc:9a
Fingerprint (sha256): 27:d4:64:25:ee:91:cf:c4:4e:5e:1f:29:30:88:51:70:17:8b:92:62:42:4d:e9:97:fc:16:cf:0c:dd:78:cf:3a

Issuing Certificate URL: http://gn.symcb.com/gn.crt

Revocation information

OCSP Server: http://gn.symcd.com
CRL Distribution Point: http://gn.symcb.com/gn.crl

Check the revocation status for certificate www.healthcare.gov

70

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.healthcare.gov

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

assets.cms.gov
companyprofiles.healthcare.gov
geo.api.healthcare.gov
hipchat.cms.gov
go.healthcare.gov
jira.cms.gov
hospitalcompare.hhs.gov
reminder.healthcare.gov
styleguide.healthcare.gov
finder.healthcare.gov
github.cms.gov
ci.cms.gov
tmdsmdr.aws.healthcare.gov
ahrcvo.cms.gov
billing.healthcare.gov
nagios.healthcare.gov
ratereview.healthcare.gov
healthcare.gov
partnershippledge.healthcare.gov
signup.healthcare.gov
eap.cms.gov
aca.api.healthcare.gov
eidm.cms.gov
splunk.cms.gov
search.stopmedicarefraud.gov
tmdsm.aws.healthcare.gov
marketplace.cms.gov
marketplace.api.healthcare.gov
www.errp.gov
www.hospitalcompare.hhs.gov
crowd.cms.gov
wr.healthcare.gov
prodprime.healthcare.gov
ayudalocal.cuidadodesalud.gov
www.cuidadodesalud.gov
forms.healthcare.gov
vpn.aws.healthcare.gov
status.healthcare.gov
www.cciio.cms.gov
downloads.cms.gov
monitor.healthcare.gov
portal.cms.gov
stopmedicarefraud.gov
scclia.cms.gov
splunk.healthcare.gov
cciio.cms.gov
errp.gov
login.healthcare.gov
data.healthcare.gov
companyprofile.healthcare.gov
search.healthcare.gov
openpaymentsdata.cms.gov
pcip.gov
www.stopmedicarefraud.gov
cicd.cms.gov
assets.healthcare.gov
cuidadodesalud.gov
prodprime.cuidadodesalud.gov
hfpp.cms.gov
maps.cms.gov
api.healthcare.gov
marketplace-int.api.healthcare.gov
api.finder.healthcare.gov
www.pcip.gov
developer.cms.gov
ahrc.cms.gov
localhelp.healthcare.gov
calt.cms.gov
confluence.cms.gov
www.healthcare.gov

Other certificates including the domain name healthcare.gov

(limited to 100 certificates)
splunk.aws.healthcare.gov
test3.healthcare.gov
test3.healthcare.gov
www.healthcare.gov
test2.healthcare.gov
www2.cms.gov
orig.impl1a.ses.api.healthcare.gov
www.healthcare.gov
pet-elb.imp1b.healthcare.gov
test-t.healthcare.gov
shop.prod.healthcare.gov
www.healthcare.gov
www.healthcare.gov
adobe-ep.healthcare.gov
www2.healthcare.gov
tmdsm.aws.healthcare.gov
www2.cms.gov
www2.cms.gov
app-dc01.prod.healthcare.gov
app-dc01.prod.healthcare.gov
test3.healthcare.gov
www2.healthcare.gov
tmdsmdr.aws.healthcare.gov
net.prod.healthcare.gov
test2.healthcare.gov
api.healthcare.gov
www.healthcare.gov
impl.mcr.dsh.healthcare.gov
search.test.healthcare.gov
www2.cms.gov
www2.cms.gov
test.healthcare.gov
dsrs.api.healthcare.gov
test4.healthcare.gov
test4.healthcare.gov
net-dc01.prod.healthcare.gov
test3.healthcare.gov
prod.pc2-elb.healthcare.gov
vpneast.aws.cms.gov
www.healthcare.gov
test3.healthcare.gov
orig.ses.api.healthcare.gov
www2.cms.gov
www2.cms.gov
test2.healthcare.gov
sls-elb.imp.healthcare.gov
test3.healthcare.gov
elb1.imp1a.healthcare.gov
test2.healthcare.gov
search1.healthcare.gov
test.healthcare.gov
api.healthcare.gov
tmdsmdr.aws.healthcare.gov
test3.healthcare.gov
chat.healthcare.gov
nagiosdr.aws.healthcare.gov
test2.healthcare.gov
test3.healthcare.gov
elb1.imp1a.healthcare.gov
www2.cms.gov
test3.healthcare.gov
prod-t.healthcare.gov
www2.cms.gov
test2.healthcare.gov
origin-es-app.prod.healthcare.gov
test0.mcr.gw.healthcare.gov
www2.healthcare.gov
www2.healthcare.gov
www2.healthcare.gov
test.healthcare.gov
test.healthcare.gov
b.dev.healthcare.gov
www.healthcare.gov
www2.healthcare.gov
test2.healthcare.gov
mcr.api.healthcare.gov
api-manager-elb.dev.healthcare.gov
www2.cms.gov
imp1b-marketplace-elb.api.healthcare.gov
origin-es-app.prod.healthcare.gov
test2.healthcare.gov
test.healthcare.gov
www2.cms.gov
www2.healthcare.gov
app1a.imp.healthcare.gov
test3.healthcare.gov
test0.shop.healthcare.gov
test2.healthcare.gov
chat.healthcare.gov
api-manager-elb.imp.healthcare.gov
www.healthcare.gov
www.healthcare.gov
test.healthcare.gov
www.healthcare.gov
test.healthcare.gov
www2.cms.gov
api.healthcare.gov
www2.cms.gov
test2.healthcare.gov
test3.healthcare.gov

Certificate

The complete raw certificate details for www.healthcare.gov in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIL1jCCCr6gAwIBAgIQCTOF9R90YC9ufIgFrnkkfjANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTYwMjAzMDAwMDAwWhcNMTcwMjAyMjM1
OTU5WjCBkjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMRIwEAYDVQQH
FAlCYWx0aW1vcmUxMTAvBgNVBAoUKENlbnRlcnMgZm9yIE1lZGljYXJlICYgTWVk
aWNhaWQgU2VydmljZXMxDDAKBgNVBAsUA09JUzEbMBkGA1UEAxQSd3d3LmhlYWx0
aGNhcmUuZ292MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJGByjHO
Ew8y1wNxxD5tfnLCcR00bCB2nhaM6XK/6uNKSz2SszlEfYhpZ8cG9lPAsiMsPEQe
aa6eUP9OSh17bAH4d0wOT4jX8LwqC65nvMiUnSPRPTRhHLSmzw0Ok+8OgYnI5MSv
DQmyVPweLxHE8zaulb/sA1Of8RNykKS3Tu7dIEsEBz+fgZCATnHSA1BZn7llyijw
sfs3/M8WEaHxTBpQxhVQpBhT/ro621L9rP5I5Tz0lOUruyKuspe4+HbRZTTkmhZi
dbRA5HsS1SquLP6+FN1muH2XXG+NHJ/b29vousqcG069y9ws3/CEmu2a0Y4y9HF/
MvT3qp94U6oy6QIDAQABo4IIczCCCG8wggXjBgNVHREEggXaMIIF1oIOYXNzZXRz
LmNtcy5nb3aCHmNvbXBhbnlwcm9maWxlcy5oZWFsdGhjYXJlLmdvdoIWZ2VvLmFw
aS5oZWFsdGhjYXJlLmdvdoIPaGlwY2hhdC5jbXMuZ292ghFnby5oZWFsdGhjYXJl
LmdvdoIMamlyYS5jbXMuZ292ghdob3NwaXRhbGNvbXBhcmUuaGhzLmdvdoIXcmVt
aW5kZXIuaGVhbHRoY2FyZS5nb3aCGXN0eWxlZ3VpZGUuaGVhbHRoY2FyZS5nb3aC
FWZpbmRlci5oZWFsdGhjYXJlLmdvdoIOZ2l0aHViLmNtcy5nb3aCCmNpLmNtcy5n
b3aCGnRtZHNtZHIuYXdzLmhlYWx0aGNhcmUuZ292gg5haHJjdm8uY21zLmdvdoIW
YmlsbGluZy5oZWFsdGhjYXJlLmdvdoIVbmFnaW9zLmhlYWx0aGNhcmUuZ292ghly
YXRlcmV2aWV3LmhlYWx0aGNhcmUuZ292gg5oZWFsdGhjYXJlLmdvdoIgcGFydG5l
cnNoaXBwbGVkZ2UuaGVhbHRoY2FyZS5nb3aCFXNpZ251cC5oZWFsdGhjYXJlLmdv
doILZWFwLmNtcy5nb3aCFmFjYS5hcGkuaGVhbHRoY2FyZS5nb3aCDGVpZG0uY21z
LmdvdoIOc3BsdW5rLmNtcy5nb3aCHHNlYXJjaC5zdG9wbWVkaWNhcmVmcmF1ZC5n
b3aCGHRtZHNtLmF3cy5oZWFsdGhjYXJlLmdvdoITbWFya2V0cGxhY2UuY21zLmdv
doIebWFya2V0cGxhY2UuYXBpLmhlYWx0aGNhcmUuZ292ggx3d3cuZXJycC5nb3aC
G3d3dy5ob3NwaXRhbGNvbXBhcmUuaGhzLmdvdoINY3Jvd2QuY21zLmdvdoIRd3Iu
aGVhbHRoY2FyZS5nb3aCGHByb2RwcmltZS5oZWFsdGhjYXJlLmdvdoIdYXl1ZGFs
b2NhbC5jdWlkYWRvZGVzYWx1ZC5nb3aCFnd3dy5jdWlkYWRvZGVzYWx1ZC5nb3aC
FGZvcm1zLmhlYWx0aGNhcmUuZ292ghZ2cG4uYXdzLmhlYWx0aGNhcmUuZ292ghVz
dGF0dXMuaGVhbHRoY2FyZS5nb3aCEXd3dy5jY2lpby5jbXMuZ292ghFkb3dubG9h
ZHMuY21zLmdvdoIWbW9uaXRvci5oZWFsdGhjYXJlLmdvdoIOcG9ydGFsLmNtcy5n
b3aCFXN0b3BtZWRpY2FyZWZyYXVkLmdvdoIOc2NjbGlhLmNtcy5nb3aCFXNwbHVu
ay5oZWFsdGhjYXJlLmdvdoINY2NpaW8uY21zLmdvdoIIZXJycC5nb3aCFGxvZ2lu
LmhlYWx0aGNhcmUuZ292ghNkYXRhLmhlYWx0aGNhcmUuZ292gh1jb21wYW55cHJv
ZmlsZS5oZWFsdGhjYXJlLmdvdoIVc2VhcmNoLmhlYWx0aGNhcmUuZ292ghhvcGVu
cGF5bWVudHNkYXRhLmNtcy5nb3aCCHBjaXAuZ292ghl3d3cuc3RvcG1lZGljYXJl
ZnJhdWQuZ292ggxjaWNkLmNtcy5nb3aCFWFzc2V0cy5oZWFsdGhjYXJlLmdvdoIS
Y3VpZGFkb2Rlc2FsdWQuZ292ghxwcm9kcHJpbWUuY3VpZGFkb2Rlc2FsdWQuZ292
ggxoZnBwLmNtcy5nb3aCDG1hcHMuY21zLmdvdoISYXBpLmhlYWx0aGNhcmUuZ292
giJtYXJrZXRwbGFjZS1pbnQuYXBpLmhlYWx0aGNhcmUuZ292ghlhcGkuZmluZGVy
LmhlYWx0aGNhcmUuZ292ggx3d3cucGNpcC5nb3aCEWRldmVsb3Blci5jbXMuZ292
ggxhaHJjLmNtcy5nb3aCGGxvY2FsaGVscC5oZWFsdGhjYXJlLmdvdoIMY2FsdC5j
bXMuZ292ghJjb25mbHVlbmNlLmNtcy5nb3aCEnd3dy5oZWFsdGhjYXJlLmdvdjAJ
BgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDArBgNVHR8EJDAiMCCgHqAchhpodHRw
Oi8vZ24uc3ltY2IuY29tL2duLmNybDCBnQYDVR0gBIGVMIGSMIGPBgZngQwBAgIw
gYQwPwYIKwYBBQUHAgEWM2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJj
ZXMvcmVwb3NpdG9yeS9sZWdhbDBBBggrBgEFBQcCAjA1DDNodHRwczovL3d3dy5n
ZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFNJv95b0hT9yPDB9I9qF
eJujfFp8MFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2duLnN5
bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcnQw
ggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgDd6x0reg1PpiCLga2BaHB+Lo6dAdVc
iI09EcTNtuy+zAAAAVKlYFyvAAAEAwBHMEUCIDI76bY3Ar3q1+2qm+KXunCGSQTK
+FdqSbI8DDiHquXTAiEAnZtpoQGp2l183xR5EZJ3OeAntxoktBxwTTmCKgFz/K8A
dQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVKlYFzjAAAEAwBG
MEQCIBUom/b1B0Jm0FgpTiFFE5isJMlaoH+xSfnyTBzxmNOmAiB5o/zralujPVwl
+9RhsVAW4ni8AQM+7SyEX+XUhOUUEDANBgkqhkiG9w0BAQsFAAOCAQEAeX9cvmnY
o5u5+GYhK8NajXtb51kLVCC+vq2E7kjbltJoseF733jUub0HzQicoNGHuXsXX8RB
BxYsZlXPiAeSGP9cVXaqGs8L69Z4BM0LKsB50cJdnCv7Cyf1+U0NFEzNtvM25A8o
LRQ8EjBf25eXbzY1knaTJyt/+8VsMgMMNZeXRND9AyZ9dXNdhesSIUZJEmtyQxbs
ufAGJx67e7ezE2wOps0csgEoyGYURwUNF6kWIHDi9GeTJRLY6uUddg+HndlozeO9
bF41hWF+zBwQ9GW2f06PTrBY26Zq1xt1Q8nZRzyrJaSHgBpLTfrJH7uATWElcPFS
6lnXGv3iZhh+Lw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJGByjHOEw8y1wNxxD5t
fnLCcR00bCB2nhaM6XK/6uNKSz2SszlEfYhpZ8cG9lPAsiMsPEQeaa6eUP9OSh17
bAH4d0wOT4jX8LwqC65nvMiUnSPRPTRhHLSmzw0Ok+8OgYnI5MSvDQmyVPweLxHE
8zaulb/sA1Of8RNykKS3Tu7dIEsEBz+fgZCATnHSA1BZn7llyijwsfs3/M8WEaHx
TBpQxhVQpBhT/ro621L9rP5I5Tz0lOUruyKuspe4+HbRZTTkmhZidbRA5HsS1Squ
LP6+FN1muH2XXG+NHJ/b29vousqcG069y9ws3/CEmu2a0Y4y9HF/MvT3qp94U6oy
6QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 12230576082961345653796123122293351550
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust SSL CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-02-03 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-02-02 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Maryland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Baltimore'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Centers for Medicare & Medicaid Services'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'OIS'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'www.healthcare.gov'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21279787406043602843848036778917374573576118322703435500554725446141341834233658787766174870234475870387128610785675256561229309930241143251010773974554898080862535359413899703467010021927888999679090288818124887547827013064926369096200998695897973268817641793887167251370275932078768320835124245906562999657666877372380423225718165706667715287203048326207417324193358157212998996216494437206126464649647440774525208813525367824682951395218167990687110604459988081216261743682107439200843756640235338948421726911284557307330936003598259443055068018783260066480549725210949429696365547750621187799177566458387100218089
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1498 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'assets.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'companyprofiles.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'geo.api.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hipchat.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'go.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jira.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hospitalcompare.hhs.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'reminder.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'styleguide.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'finder.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'github.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ci.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tmdsmdr.aws.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ahrcvo.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'billing.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nagios.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ratereview.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'partnershippledge.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'signup.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'eap.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aca.api.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'eidm.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'splunk.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'search.stopmedicarefraud.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tmdsm.aws.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'marketplace.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'marketplace.api.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.errp.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hospitalcompare.hhs.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'crowd.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wr.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prodprime.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ayudalocal.cuidadodesalud.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cuidadodesalud.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'forms.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vpn.aws.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'status.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cciio.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'downloads.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'monitor.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'portal.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stopmedicarefraud.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'scclia.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'splunk.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cciio.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'errp.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'login.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'data.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'companyprofile.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'search.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'openpaymentsdata.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pcip.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stopmedicarefraud.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cicd.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'assets.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cuidadodesalud.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prodprime.cuidadodesalud.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hfpp.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'maps.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'marketplace-int.api.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.finder.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.pcip.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'developer.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ahrc.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'localhelp.healthcare.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'calt.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'confluence.cms.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.healthcare.gov'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (149 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d26ff796f4853f723c307d23da85789ba37c5a7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007600ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc00000152a5605caf00000403004730450220323be9b63702bdead7edaa9be297ba70864904caf8576a49b23c0c3887aae5d30221009d9b69a101a9da5d7cdf147911927739e027b71a24b41c704d39822a0173fcaf007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000152a5605ce30000040300463044022015289bf6f5074266d058294e21451398ac24c95aa07fb149f9f24c1cf198d3a6022079a3fceb6a5ba33d5c25fbd461b15016e278bc01033eed2c845fe5d484e51410
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00797f5cbe69d8a39bb9f866212bc35a8d7b5be7590b5420bebead84ee48db96d268b1e17bdf78d4b9bd07cd089ca0d187b97b175fc44107162c6655cf88079218ff5c5576aa1acf0bebd67804cd0b2ac079d1c25d9c2bfb0b27f5f94d0d144ccdb6f336e40f282d143c12305fdb97976f3635927693272b7ffbc56c32030c35979744d0fd03267d75735d85eb12214649126b724316ecb9f006271ebb7bb7b3136c0ea6cd1cb20128c8661447050d17a9162070e2f467932512d8eae51d760f879dd968cde3bd6c5e3585617ecc1c10f465b67f4e8f4eb058dba66ad71b7543c9d9473cab25a487801a4b4dfac91fbb804d612570f152ea59d71afde266187e2f