brainspace.bdo.co.uk

- BDO LLP -

Issued by DigiCert Global CA G2

About this certificate

This digital certificate with serial number 05:db:65:3a:23:52:d3:47:44:d7:43:0a:71:d8:36:cf was issued on by DigiCert Inc.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

BDO LLP

Organization: BDO LLP
Organization unit: Forensic
Locality: London
Country: GB

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 05:db:65:3a:23:52:d3:47:44:d7:43:0a:71:d8:36:cf
Serial Number (int): 7785306120479206256174312048352048847
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: d5:c8:5f:86:c1:3e:f8:e8:21:84:19:64:1f:90:21:f9:41:83:2b:8e
AuthorityKeyId: 24:6e:2b:2d:d0:6a:92:51:51:25:69:01:aa:9a:47:a6:89:e7:40:20

Fingerprint (sha1): d5:34:ef:98:70:38:25:bd:3d:b3:f1:70:00:3b:b9:71:6b:70:21:31
Fingerprint (sha256): 29:0f:0f:a9:d8:ea:f8:ab:38:2d:1a:7c:fb:bb:76:8d:cb:a3:d1:3c:77:4b:d8:08:37:0a:83:49:7d:2c:05:a0

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalCAG2.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalCAG2.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalCAG2.crl

Check the revocation status for certificate brainspace.bdo.co.uk

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for brainspace.bdo.co.uk

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

brainspace.bdo.co.uk

Other certificates including the domain name bdo.co.uk

(limited to 100 certificates)
sni.cloudflaressl.com
bdoextranet.bdo.co.uk
fs.bdo.co.uk
mail.bdo.co.uk
guestwifi.bdo.co.uk
bdosbc01HA.bdo.co.uk
ceros4.map.fastly.net
paws.bdo.co.uk
ceros4.map.fastly.net
gtlp.bdo.co.uk
ndes.bdo.co.uk
guestwifi.bdo.co.uk
*.bdo.co.uk
ceros4.map.fastly.net
BDO SERVICES LIMITED
www.bdo.co.uk
emos.bdo.co.uk
help.bdo.co.uk
pentanavision.bdo.co.uk
open.bdo.co.uk
guestwifi.bdo.co.uk
ceros4.map.fastly.net
*.exp.gumgum.com
adrms.bdo.co.uk
guestwifi.bdo.co.uk
adfs.bdo.co.uk
gtlp.bdo.co.uk
eportal.bdo.co.uk
ceros4.map.fastly.net
share.bdo.co.uk
careers.bdo.co.uk
bdo-dms.bdo.co.uk
brportal.bdo.co.uk
ceros4.map.fastly.net
share.bdo.co.uk
ndes.bdo.co.uk
ssl473150.cloudflaressl.com
www.bdo.co.uk
www.bdo.co.uk
insite.bdo.co.uk
ixbrl.bdo.co.uk
drhome.bdo.co.uk
*.bdo.co.uk
uatbdoextranet.bdo.co.uk
careers.bdo.co.uk
ceros4.map.fastly.net
bdoarchive.bdo.co.uk
apps.bdo.co.uk
ams.bdo.co.uk
apps.bdo.co.uk
proaudit.bdo.co.uk
p11dupdate.bdo.co.uk
support.bdo.co.uk
www.neweconomy.bdo.co.uk
ssl473150.cloudflaressl.com
ceros4.map.fastly.net
emos.bdo.co.uk
gtlp.bdo.co.uk
go.bdo.co.uk
www.neweconomy.bdo.co.uk
bdoextranet.bdo.co.uk
msllp.bdo.co.uk
brainspace.bdo.co.uk
*.bdo.co.uk
ams.bdo.co.uk
ras.bdo.co.uk
adfs.bdo.co.uk
www.msllpstage.bdo.co.uk
open.bdo.co.uk
ras.bdo.co.uk
*.exp.gumgum.com
brportal.bdo.co.uk
ceros4.map.fastly.net
*.exp.gumgum.com
reception2.bdo.co.uk
ceros4.map.fastly.net
BDO SERVICES LIMITED
ssl473150.cloudflaressl.com
ceros4.map.fastly.net
adfs.bdo.co.uk
mobileiron.bdo.co.uk
ceros4.map.fastly.net
share.bdo.co.uk
admin-bdoprivate.bdo.co.uk
eportalftp.bdo.co.uk
ceros4.map.fastly.net
ams.bdo.co.uk
ceros4.map.fastly.net
www.safr.bdo.co.uk
www.bdo.co.uk
ssl473149.cloudflaressl.com
www.bdo.co.uk
ceros4.map.fastly.net
*.exp.gumgum.com
emos.bdo.co.uk
apps.bdo.co.uk
epubs.bdo.co.uk
ceros4.map.fastly.net
www.bdo.co.uk
officewebapps.bdo.co.uk

Certificate

The complete raw certificate details for brainspace.bdo.co.uk in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIQBdtlOiNS00dE10MKcdg2zzANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVE
aWdpQ2VydCBHbG9iYWwgQ0EgRzIwHhcNMTkwMTEwMDAwMDAwWhcNMjEwMTEwMTIw
MDAwWjBiMQswCQYDVQQGEwJHQjEPMA0GA1UEBxMGTG9uZG9uMRAwDgYDVQQKEwdC
RE8gTExQMREwDwYDVQQLEwhGb3JlbnNpYzEdMBsGA1UEAxMUYnJhaW5zcGFjZS5i
ZG8uY28udWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm2V11CYIt
WzzXKuuRIMj7zSY9VJpc7I7c74usX3uZjtgw3jA7PH6iMH3Y+ia+LgPS/6vsF8M1
cEzZQzR5rwsCOdAL2Bw+JhBdB0Fy+MCvvdSVVlcSALZeCw4e19QERcF1sLsS/MU5
XTMsdG3f1S1UiYc1ItPCIV6SAIwGg0JE/WKBtjrvgihhsRWLc6qrPfx/NHZBnJcs
IrF9j59ruKwTWQcMh/3OkOXBnGMdTm6OeK3p2Vz43E2BcslGimIYTgoqgY31+SBn
ZU7BICHxqOfRHvHtdk1X0QiiPbbuO2pzVH5edwBIeoOJ5txWSEw/+CEJ8kbVAE21
6HOkJQKDdpNhAgMBAAGjggHxMIIB7TAfBgNVHSMEGDAWgBQkbist0GqSUVElaQGq
mkemiedAIDAdBgNVHQ4EFgQU1chfhsE++OghhBlkH5Ah+UGDK44wHwYDVR0RBBgw
FoIUYnJhaW5zcGFjZS5iZG8uY28udWswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjB3BgNVHR8EcDBuMDWgM6Axhi9odHRwOi8v
Y3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxDQUcyLmNybDA1oDOgMYYv
aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsQ0FHMi5jcmww
TAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93
d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwdAYIKwYBBQUHAQEEaDBmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wPgYIKwYBBQUHMAKG
Mmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbENBRzIu
Y3J0MAkGA1UdEwQCMAAwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQEL
BQADggEBAJP3iOjhN965way4goYNFb7vjbsXnPiNOWR0SodYQQ4P34oWsFJ2UWTF
LtC1MPN2ZO9Yz1GRCmDdibonpmbf3m5af6xUl6ijRHt6sImTkUv7UuLoZOiNyzeb
7iJIJX2TPK4+QOsNfwfAOwDE240Xc3m3nF1c6o+rgONrXkUEKBPmQiXIrSFMBmXS
0tXUeqTpPybCDMFHMpljhvRSIt377Oi8g6sHe/I2ldRbyHlnooQRYN6mjTXP0uTY
6nMMx1rBb34kBfe8/xM4/qDjJdGttq9xC5mXGbUREMYNsxuiDpt/wKfge6ZibFig
yL0gcZal+DQgJj4hdmzjy+jj1+QcN1Y=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5tlddQmCLVs81yrrkSDI
+80mPVSaXOyO3O+LrF97mY7YMN4wOzx+ojB92Pomvi4D0v+r7BfDNXBM2UM0ea8L
AjnQC9gcPiYQXQdBcvjAr73UlVZXEgC2XgsOHtfUBEXBdbC7EvzFOV0zLHRt39Ut
VImHNSLTwiFekgCMBoNCRP1igbY674IoYbEVi3Oqqz38fzR2QZyXLCKxfY+fa7is
E1kHDIf9zpDlwZxjHU5ujnit6dlc+NxNgXLJRopiGE4KKoGN9fkgZ2VOwSAh8ajn
0R7x7XZNV9EIoj227jtqc1R+XncASHqDiebcVkhMP/ghCfJG1QBNtehzpCUCg3aT
YQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 7785306120479206256174312048352048847
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global CA G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-01-10 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-01-10 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'London'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BDO LLP'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Forensic'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'brainspace.bdo.co.uk'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29141996851681433947128103911983518547870770816576753108766272857080477147423106658008443634302987485923739776606969151742645263414092104073815938064347536605753935735533160400084147725665806840202123809305496835262678767805530692741601442016909319850320700837578852988607630998554057364323242862037898185630363960045969054205849029693554857891393955465289362612540331455665129205088787052757819568186272034076407080751665906195911732332944597864613867852596375271705784604275978848170174829689352071981772550793529067588545003590977298340544237945338154587228131227540571512471647130563051350328672042980677422322529
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 246e2b2dd06a925151256901aa9a47a689e74020
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d5c85f86c13ef8e8218419641f9021f941832b8e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'brainspace.bdo.co.uk'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (112 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalCAG2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0093f788e8e137deb9c1acb882860d15beef8dbb179cf88d3964744a8758410e0fdf8a16b052765164c52ed0b530f37664ef58cf51910a60dd89ba27a666dfde6e5a7fac5497a8a3447b7ab08993914bfb52e2e864e88dcb379bee2248257d933cae3e40eb0d7f07c03b00c4db8d177379b79c5d5cea8fab80e36b5e45042813e64225c8ad214c0665d2d2d5d47aa4e93f26c20cc14732996386f45222ddfbece8bc83ab077bf23695d45bc87967a2841160dea68d35cfd2e4d8ea730cc75ac16f7e2405f7bcff1338fea0e325d1adb6af710b999719b51110c60db31ba20e9b7fc0a7e07ba6626c58a0c8bd207196a5f83420263e21766ce3cbe8e3d7e41c3756