origin-falcon-prod.production.braintree-api.com

- PayPal, Inc. -

Issued by DigiCert SHA2 High Assurance Server CA

About this certificate

This digital certificate with serial number 0b:31:37:2d:3f:05:c0:99:7b:0a:93:6f:d3:fb:3d:17 was issued on by DigiCert Inc.

With 7 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

PayPal, Inc.

Organization: PayPal, Inc.
State / Province: California
Locality: San Jose
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0b:31:37:2d:3f:05:c0:99:7b:0a:93:6f:d3:fb:3d:17
Serial Number (int): 14877049617002304912933808441430588695
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 5c:75:70:97:27:94:8c:af:99:b6:1e:35:fb:f0:af:a5:d8:43:f9:71
AuthorityKeyId: 51:68:ff:90:af:02:07:75:3c:cc:d9:65:64:62:a2:12:b8:59:72:3b

Fingerprint (sha1): 40:c2:6e:4d:84:23:77:65:fd:cc:e7:5d:ac:3a:ca:87:97:03:ad:de
Fingerprint (sha256): 29:42:d2:46:af:b1:1f:6d:30:5d:a5:08:1a:f7:8e:a5:35:47:e2:f0:7b:06:0e:ce:72:59:15:ec:24:3d:00:1f

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/sha2-ha-server-g6.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ha-server-g6.crl

Check the revocation status for certificate origin-falcon-prod.production.braintree-api.com

7

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for origin-falcon-prod.production.braintree-api.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

origin-falcon-prod.production.braintree-api.com
falcon-prod-us-east-1.production.braintree-api.com
falcon-prod-us-east-2.production.braintree-api.com
falcon-prod-us-west-1.production.braintree-api.com
falcon-prod-us-west-2.production.braintree-api.com
falcon-prod-eu-central-1.production.braintree-api.com
falcon-prod-ap-southeast-2.production.braintree-api.com

Other certificates including the domain name braintree-api.com

(limited to 100 certificates)
aegis-proxy.sandbox.braintree-api.com
briskqa.braintree.tools
reader.sandbox.braintree-api.com
payments.sandbox.braintree-api.com
apply.qa.braintreepayments.com
arbiter-kubernetes-qa.dev.braintree-api.com
localpay-checkout.sandbox.braintree-api.com
k8s-oidc.sandbox.braintree-api.com
dimension-finder-stag.sandbox.braintree-api.com
origin-analytics-qa.dev.braintree-api.com
sentinel-prod.production.braintree-api.com
disputin.sandbox.braintree.tools
airflow.data-staging.braintree-api.com
transactions-prod-us.production.braintree-api.com
reader.braintree-api.com
gateway-sand.sandbox.braintree-api.com
functions.sandbox.braintree-api.com
graphql-docs-sand-us-east-1.sandbox.braintree-api.com
brisk.braintree.tools
provisioner.qa.braintreepayments.com
arbiter-kubernetes-sand.sandbox.braintree-api.com
k8s-oidc.data-production.braintree-api.com
localpay-checkout-test.sandbox.braintree-api.com
payments.braintree-api.com
aegis-proxy-sand-us-east-2.sandbox.braintree-api.com
origin-analytics-sand.sandbox.braintree-api.com
*.dev.braintree-api.com
brisk.sandbox.braintree.tools
sentinel-sand.sandbox.braintree-api.com
apply.qa.braintreepayments.com
batch-validation-prod-us-east-2.production.braintree-api.com
localpay-checkout.sandbox.braintree-api.com
k8s-oidc.data-production.braintree-api.com
panel.gateway.qa.braintreepayments.com
docs-qa-us-east-1.dev.braintree-api.com
arbiter-kubernetes-prod.production.braintree-api.com
*.bcoumes.dev.braintree-api.com
data-airflow.sand.braintree.tools
millennium-simulator.dev.braintree-api.com
k8s-oidc.data-production.braintree-api.com
mission-control.braintree-api.com
tugboat.dev.braintree-api.com
taskworker-flower.production.braintree-api.com
reader-service.sandbox.braintree-api.com
apply.braintreegateway.com
taskworker-auditor.production.braintree-api.com
data-airflow-webserver-datastag.data-staging.braintree-api.com
docs-prod-us-east-1.production.braintree-api.com
taskworker-flower.production.braintree-api.com
monitoring-tool-serv-sand-us-west-2.sandbox.braintree-api.com
bazaar.braintree.tools
event-sink-sand-us-west-2.sandbox.braintree-api.com
bazaar.braintree.tools
docs.sandbox.braintree-api.com
data-airflow.braintree.tools
aegis-proxy.production.braintree-api.com
billpay-validator-sand.sandbox.braintree-api.com
k8s-oidc.data-staging.braintree-api.com
provisioner.svc.braintreepayments.com
marketing-qa-us-east-1.dev.braintree-api.com
payments.sandbox.braintree-api.com
blue-front-door.braintree-api.com
infra-sso-token-converter.braintree-api.com
alert-notify-sand-us-west-2.sandbox.braintree-api.com
k8s-oidc.production.braintree-api.com
sentinel-dev.dev.braintree-api.com
origin-falcon.dev.braintree-api.com
tugboat.dev.braintree-api.com
reader.braintree-api.com
aegis-proxy-prod-us-east-2.production.braintree-api.com
pigeon.production.braintree-api.com
k8s-dashboard-qa-us-west-2.braintree.tools
pigeon.dev.braintree-api.com
pricing-prod.production.braintree-api.com
k8s-dashboard.sandbox.braintree-api.com
origin-analytics-sand.sandbox.braintree-api.com
infra-sso-token-converter.braintree-api.com
millennium-simulator.sandbox.braintree-api.com
functions.sandbox.braintree-api.com
airflow.dev.braintree-api.com
ppwr-sand.sandbox.braintree-api.com
signups.sand.braintreepayments.com
payments.sandbox.braintree-api.com
consul.braintree-api.com
arbiter-kubernetes-prod.production.braintree-api.com
localpay-checkout-test.sandbox.braintree-api.com
pigeon.sandbox.braintree-api.com
apply.braintreegateway.com
origin-analytics-qa.dev.braintree-api.com
twistlock-sand-us-east-1.sandbox.braintree-api.com
gateway-qa.dev.braintree-api.com
k8s-oidc.data-staging.braintree-api.com
processor-webhook-receiver.braintree-api.com
k8s-dashboard.data-production.braintree-api.com
gateway.braintree-api.com
sentintel-sand-us-west-2.sandbox.braintree-api.com
arbiter-kubernetes-prod.production.braintree-api.com
origin-falcon-prod.production.braintree-api.com
monitor-data-model-sand-us-west-2.sandbox.braintree-api.com
gateway.braintree-api.com

Certificate

The complete raw certificate details for origin-falcon-prod.production.braintree-api.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG1TCCBb2gAwIBAgIQCzE3LT8FwJl7CpNv0/s9FzANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0yMzA4MzEwMDAwMDBaFw0yNDA5MzAyMzU5NTla
MIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMI
U2FuIEpvc2UxFTATBgNVBAoTDFBheVBhbCwgSW5jLjE4MDYGA1UEAxMvb3JpZ2lu
LWZhbGNvbi1wcm9kLnByb2R1Y3Rpb24uYnJhaW50cmVlLWFwaS5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCslE7LOpzRCl3msITo99PcmEnhMJiT
0WkyLOnI8rj7qFzw2fAntqca8N8gz/WYk6H/7uTw4mPVEJtNNVfgEQyArPfR8g0a
a/6Dw6kTbukblSx1t2zLpY+OZ3gfHf0iziUQKzKCP+Gaw5e2DuZdPAv1Qy6p5BEt
FvoWrkeZHHwVg8+KDGEdQPkRUXcPftmCH0QhJPthdE82jDMhdv/hnuUXASW0vq6z
zH+urbz5L0XvPDDgSFeQOHElVSeAVKaA1V0bLKXoNzJZIf0TVc7fI5etiQNMspIj
N1hLdV7mWCxkx6qmeXB4NgSm2qJPShhQRxlAoDJ6D018TNiTpkARtxDfAgMBAAGj
ggNSMIIDTjAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4E
FgQUXHVwlyeUjK+Zth41+/CvpdhD+XEwggF+BgNVHREEggF1MIIBcYIvb3JpZ2lu
LWZhbGNvbi1wcm9kLnByb2R1Y3Rpb24uYnJhaW50cmVlLWFwaS5jb22CMmZhbGNv
bi1wcm9kLXVzLWVhc3QtMS5wcm9kdWN0aW9uLmJyYWludHJlZS1hcGkuY29tgjJm
YWxjb24tcHJvZC11cy1lYXN0LTIucHJvZHVjdGlvbi5icmFpbnRyZWUtYXBpLmNv
bYIyZmFsY29uLXByb2QtdXMtd2VzdC0xLnByb2R1Y3Rpb24uYnJhaW50cmVlLWFw
aS5jb22CMmZhbGNvbi1wcm9kLXVzLXdlc3QtMi5wcm9kdWN0aW9uLmJyYWludHJl
ZS1hcGkuY29tgjVmYWxjb24tcHJvZC1ldS1jZW50cmFsLTEucHJvZHVjdGlvbi5i
cmFpbnRyZWUtYXBpLmNvbYI3ZmFsY29uLXByb2QtYXAtc291dGhlYXN0LTIucHJv
ZHVjdGlvbi5icmFpbnRyZWUtYXBpLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6
Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCG
Lmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmww
PgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5k
aWdpY2VydC5jb20vQ1BTMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0
dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2Vy
dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJD
QS5jcnQwCQYDVR0TBAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0B
AQsFAAOCAQEAEW9Vv+nmvxquIddRrDjtLwemR8Wh7Rnie1gYiOojO3U39IHx1Exs
iVgiKIQ3liIUJTrgNITd0/Hj8kixHXA5RWYVnS+wJ5cn4692q2yRPMN9KDEevEBy
hT98BRHHm1tWww/9JAD9HswtHKGg1/VgY137XFJ5cyC1IeI6OK2izCJhmi73kkSh
v2awQwFy3iXp4BTTH72AXjspMZENHI8Ob889bEhKtBhE/hQl+YeW37Uc6qt13mgG
qbz0vfy363r2e1yOncM9k4pK3uSs0UgmHYklhQAgK5nKcLdZLW5wMqtElbrPbs/G
wswh5AKk7PVKsAHf7yQ++HeRwhBOYpbocg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJROyzqc0Qpd5rCE6PfT
3JhJ4TCYk9FpMizpyPK4+6hc8NnwJ7anGvDfIM/1mJOh/+7k8OJj1RCbTTVX4BEM
gKz30fINGmv+g8OpE27pG5Usdbdsy6WPjmd4Hx39Is4lECsygj/hmsOXtg7mXTwL
9UMuqeQRLRb6Fq5HmRx8FYPPigxhHUD5EVF3D37Zgh9EIST7YXRPNowzIXb/4Z7l
FwEltL6us8x/rq28+S9F7zww4EhXkDhxJVUngFSmgNVdGyyl6DcyWSH9E1XO3yOX
rYkDTLKSIzdYS3Ve5lgsZMeqpnlweDYEptqiT0oYUEcZQKAyeg9NfEzYk6ZAEbcQ
3wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 14877049617002304912933808441430588695
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 High Assurance Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-08-31 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-09-30 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'San Jose'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'PayPal, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'origin-falcon-prod.production.braintree-api.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21786121750400400203654069560709997885153448610032705011132338175672275952934171446259680435004050596864986247446912501156751906155820849500419233406102654870910976788230845729342260484491666691173288542259968357352987587811170578575801070446418505270262226955829075557501848259885783910185345754109275470629847407024518763217485797123296817759093773411610041702847520578039228877623112448499366775383626334368455037191274970959336378124553231097351375854028975126243463497550336643213852069617594741928229819725391614694321988007516576929358227658642999353475788457453243244192551668234664472906879522821478435721439
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 5168ff90af0207753cccd9656462a212b859723b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5c75709727948caf99b61e35fbf0afa5d843f971
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (373 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'origin-falcon-prod.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'falcon-prod-us-east-1.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'falcon-prod-us-east-2.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'falcon-prod-us-west-1.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'falcon-prod-us-west-2.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'falcon-prod-eu-central-1.production.braintree-api.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'falcon-prod-ap-southeast-2.production.braintree-api.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00116f55bfe9e6bf1aae21d751ac38ed2f07a647c5a1ed19e27b581888ea233b7537f481f1d44c6c895822288437962214253ae03484ddd3f1e3f248b11d70394566159d2fb0279727e3af76ab6c913cc37d28311ebc4072853f7c0511c79b5b56c30ffd2400fd1ecc2d1ca1a0d7f560635dfb5c52797320b521e23a38ada2cc22619a2ef79244a1bf66b0430172de25e9e014d31fbd805e3b2931910d1c8f0e6fcf3d6c484ab41844fe1425f98796dfb51ceaab75de6806a9bcf4bdfcb7eb7af67b5c8e9dc33d938a4adee4acd148261d89258500202b99ca70b7592d6e7032ab4495bacf6ecfc6c2cc21e402a4ecf54ab001dfef243ef87791c2104e6296e872