partner.api.s-pankki.fi

- S-Pankki Oyj -

Issued by DigiCert Global G2 TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 09:b0:75:2a:3d:60:0f:07:4d:d7:75:e9:22:c4:98:e3 was issued on by DigiCert Inc.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

S-Pankki Oyj

Organization: S-Pankki Oyj
Locality: Helsinki
Country: FI

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 09:b0:75:2a:3d:60:0f:07:4d:d7:75:e9:22:c4:98:e3
Serial Number (int): 12879272597667538811315998312425101539
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: f6:a3:98:80:a4:79:71:18:01:d4:5c:1a:e8:58:7f:7f:ac:ff:c0:d6
AuthorityKeyId: 74:85:80:c0:66:c7:df:37:de:cf:bd:29:37:aa:03:1d:be:ed:cd:17

Fingerprint (sha1): 8e:08:ff:c8:d0:a1:70:f8:ba:f9:18:e3:b2:ab:47:55:c9:2d:3c:91
Fingerprint (sha256): 29:96:14:f9:a2:e2:d5:50:29:a8:15:b6:3c:12:28:a1:a4:e6:6b:8a:f7:08:56:20:c1:f8:62:66:fd:1f:9f:b5

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl

Check the revocation status for certificate partner.api.s-pankki.fi

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for partner.api.s-pankki.fi

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

partner.api.s-pankki.fi

Other certificates including the domain name s-pankki.fi

(limited to 100 certificates)
bi-test.intra.s-pankki.fi
test.partner.api.s-pankki.fi
hakemukset.s-pankki.fi
dokumentit.s-pankki.fi
mapvi-test2.intra.s-pankki.fi
mobile.s-pankki.fi
*.stage.inet.s-pankki.fi
asko-em.test.intra.s-pankki.fi
view.email.s-pankki.fi
chat.inet.s-pankki.fi
aml.intra.s-pankki.fi
tunnistus.s-pankki.fi
openbanking.s-pankki.fi
chat-stg1.stage.inet.s-pankki.fi
asko2-em-int.intra.s-pankki.fi
ajanvaraus-test.intra.s-pankki.fi
splunk-collector-test.intra.s-pankki.fi
api.s-pankki.fi
asko2-em.test.intra.s-pankki.fi
www.s-pankki.fi
cloud.email.s-pankki.fi
ajanvaraus.s-pankki.fi
chat.inet.s-pankki.fi
isku.intra.s-pankki.fi
toimitilat-uutiskirje.s-pankki.fi
stageonline.s-pankki.fi
view.email.s-pankki.fi
test.public.api.s-pankki.fi
toimitilat-uutiskirje.s-pankki.fi
smobiiliwns.s-pankki.fi
isku-test.intra.s-pankki.fi
dps.intra.s-pankki.fi
test2.dokumentit.intra.s-pankki.fi
frontend.intra.s-pankki.fi
prod.api.intra.s-pankki.fi
toimitilat-uutiskirje.s-pankki.fi
click.email.s-pankki.fi
sokrhg1001.sed.intra.s-pankki.fi
pft.s-pankki.fi
cloud.email.s-pankki.fi
asko-em.intra.s-pankki.fi
jira.intra.s-pankki.fi
online.s-pankki.fi
toimitilat-uutiskirje.s-pankki.fi
test.azure-pompeli.intra.s-pankki.fi
partner.api.s-pankki.fi
sokrhg1002.sed.intra.s-pankki.fi
hakemukset.s-pankki.fi
test.partner.api.s-pankki.fi
online.s-pankki.fi
online.s-pankki.fi
bi.intra.s-pankki.fi
cassiopae.intra.s-pankki.fi
dokumentit.s-pankki.fi
mobile.s-pankki.fi
ajanvaraus2.intra.s-pankki.fi
www.s-pankki.fi
stageonline.s-pankki.fi
taviq.intra.s-pankki.fi
stagepft.s-pankki.fi
api.s-pankki.fi
analytics.s-pankki.fi
splunk.intra.s-pankki.fi
dokumentit.s-pankki.fi
splunk-collector-test.intra.s-pankki.fi
asko-em.intra.s-pankki.fi
palvelut-test.s-pankki.fi
tunnistus.s-pankki.fi
holvi.intra.s-pankki.fi
test.api.intra.s-pankki.fi
mobile.s-pankki.fi
splunk.intra.s-pankki.fi
dps.intra.s-pankki.fi
test.partner.api.s-pankki.fi
gitlab.intra.s-pankki.fi
asko2-em-cf.intra.s-pankki.fi
sokrhg1001.sed.intra.s-pankki.fi
nexus-test.intra.s-pankki.fi
click.email.s-pankki.fi
dokumentit2.s-pankki.fi
pft.s-pankki.fi
extranet.s-pankki.fi
mapvi2.intra.s-pankki.fi
jenkins-test.intra.s-pankki.fi
pft.s-pankki.fi
splunk-collector-test.intra.s-pankki.fi
gitlab-test.intra.s-pankki.fi
analytics.s-pankki.fi
asko-em.test.intra.s-pankki.fi
verkkopankki-admin.intra.s-pankki.fi
jenkins-test.intra.s-pankki.fi
*.inet.s-pankki.fi
partner.api.s-pankki.fi
testrail-test.intra.s-pankki.fi
splunk-collector-test.intra.s-pankki.fi
bi-tuotanto.intra.s-pankki.fi
cloud.email.s-pankki.fi
gitlab.intra.s-pankki.fi
online.s-pankki.fi
ajanvaraustest.s-pankki.fi

Certificate

The complete raw certificate details for partner.api.s-pankki.fi in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGZDCCBUygAwIBAgIQCbB1Kj1gDwdN13XpIsSY4zANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjMx
MTA4MDAwMDAwWhcNMjQxMTA3MjM1OTU5WjBZMQswCQYDVQQGEwJGSTERMA8GA1UE
BxMISGVsc2lua2kxFTATBgNVBAoTDFMtUGFua2tpIE95ajEgMB4GA1UEAxMXcGFy
dG5lci5hcGkucy1wYW5ra2kuZmkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQDmRdhW7t1TtNWDjzKnvTuo17h8VVYqG4K4wuJ6pfoG+kb/PUyBzBsSyHAC
d8XvD/ock8o2MeRaJsThnBh4UJHu2mKCmKS60eB3igwTPq+xCrcTHb8h9N8A+FwB
ZcpMKXNVgTrcX3uWyGViOsy6GL1CoizOm2cbV4gyJPi7/NzhlBBv3fVx5DO/LZGz
6zOlgL7PXGLypk585K5jpXImeZzgVb6Ad0P8IprxP5Kz0rm6iT53WMA8b5+kTSiN
ep0ARy7oWKpQfyY0Nr1ni7Wxnu4+mybjic7SGYMQDlad+GQMcTZV3AxfCNKRFM/R
MI8xomLZVT4RRqWV6H668N+Ro1mW6tCPgoZezMABdaBKCj22m1WlH/s6ZItHGOAZ
+tfg5XgEUNq3cDJso9NQdZNMYQb7ZRa6lZnzX2A5DBGtvjPKt1OeoWTc9EVh2unS
23YCXHcY/3OS2spE3qQIH4TJr7o+cqoOucBUK2KO35XFUbQQM7vJzIQR2Piid3SU
RtQCYH1AFjp7tktKULsaUdkoiqBxDlo7gbnvUPYn7JiKorgt9eY4cYnr3h54tXpD
1P9NRFc8qwNknZfSEe7LcwojLbfzz/pWv+yi2WtwLUf65kOjqw2zHLcwRRhtA8Vu
u1eQiuEAWTZ58yGtfqnO5u0vd5SFTmixihbPa2rEj087StpXNQIDAQABo4ICJjCC
AiIwHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0OBBYEFPaj
mICkeXEYAdRcGuhYf3+s/8DWMCIGA1UdEQQbMBmCF3BhcnRuZXIuYXBpLnMtcGFu
a2tpLmZpMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6
Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGfBgNVHR8EgZcwgZQwSKBGoESGQmh0dHA6
Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2
MjAyMENBMS0xLmNybDBIoEagRIZCaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0Rp
Z2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMIGHBggrBgEF
BQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBR
BggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0
R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAwGA1UdEwEB/wQCMAAw
EwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBABws5GzL/VXs
qfadqp3Dm21i0FE9SpwjrUbgRep3z5TkEtbljTd+qt+DnaILOCkzvuWZE4IomRKy
IeJtWAhTNDPD9aqMYVus7hkp0UXsRljZKMrtOyAtjxV3KqJZr9xDDu1RLfLm3tui
bZnpBIAQX8Efi+/+EUMYojfZhqLWCxd7C8Lu1wW+YPB4kHw7fCPjqTOrvpxcoYoU
vbVYVKWXuQd3sHLI7yubti/JHO9qxEAR7vSIZNSGht6YirJjj7FSuLuGBHEJL25G
lh8oInVXAwniab6rkOHzMceMu6POazLgQlWKDiTSGykSWYtzwIR5m9jQGiC/9Fhf
JnNOj5rCKUo=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5kXYVu7dU7TVg48yp707
qNe4fFVWKhuCuMLieqX6BvpG/z1MgcwbEshwAnfF7w/6HJPKNjHkWibE4ZwYeFCR
7tpigpikutHgd4oMEz6vsQq3Ex2/IfTfAPhcAWXKTClzVYE63F97lshlYjrMuhi9
QqIszptnG1eIMiT4u/zc4ZQQb931ceQzvy2Rs+szpYC+z1xi8qZOfOSuY6VyJnmc
4FW+gHdD/CKa8T+Ss9K5uok+d1jAPG+fpE0ojXqdAEcu6FiqUH8mNDa9Z4u1sZ7u
Ppsm44nO0hmDEA5WnfhkDHE2VdwMXwjSkRTP0TCPMaJi2VU+EUalleh+uvDfkaNZ
lurQj4KGXszAAXWgSgo9tptVpR/7OmSLRxjgGfrX4OV4BFDat3AybKPTUHWTTGEG
+2UWupWZ819gOQwRrb4zyrdTnqFk3PRFYdrp0tt2Alx3GP9zktrKRN6kCB+Eya+6
PnKqDrnAVCtijt+VxVG0EDO7ycyEEdj4ond0lEbUAmB9QBY6e7ZLSlC7GlHZKIqg
cQ5aO4G571D2J+yYiqK4LfXmOHGJ694eeLV6Q9T/TURXPKsDZJ2X0hHuy3MKIy23
88/6Vr/sotlrcC1H+uZDo6sNsxy3MEUYbQPFbrtXkIrhAFk2efMhrX6pzubtL3eU
hU5osYoWz2tqxI9PO0raVzUCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 12879272597667538811315998312425101539
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global G2 TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-08 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-11-07 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Helsinki'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'S-Pankki Oyj'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'partner.api.s-pankki.fi'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 939431194441489709990002787907270238516667482543241796602718374200795372312624239018002790446804980566840709995548481852421619487013171315779610791242597601549285980883992634172575564994994079640008310833028119249925667663176777245994790769026768012246840286477374278261607813776926552639446777677176749341626810702265806951902475998814942531757883537626969478513980351281096841755642533823508071833481109988578975567737840536939342495133749618342688966533830602346343015862679476626124641620523756761309439691874103553456645391362312337912651431259384095769757162986312474440126523569335128996592353862479406494686215052891884448454781185234598923902929353334847717981176840053177247488205888380402623573921470391544957398853367752948272654757816404175352434270927284626431832954176828276650995585239467785398196000043617036559369415824017558682234740703071918536616941964571766497538298123659528503538810618609951620066146023210369984755456864775364344712536812552839562791563470894481596104598637512345748654232675642523066118951090448837778625791720942305355769384958715724535089322382329019939512738575748715881031314244115649087184737728939906697109249152655314610096196561695375136022087396245596929530617654253623470464849717
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 748580c066c7df37decfbd2937aa031dbeedcd17
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f6a39880a479711801d45c1ae8587f7facffc0d6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (27 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'partner.api.s-pankki.fi'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001c2ce46ccbfd55eca9f69daa9dc39b6d62d0513d4a9c23ad46e045ea77cf94e412d6e58d377eaadf839da20b382933bee5991382289912b221e26d5808533433c3f5aa8c615bacee1929d145ec4658d928caed3b202d8f15772aa259afdc430eed512df2e6dedba26d99e90480105fc11f8beffe114318a237d986a2d60b177b0bc2eed705be60f078907c3b7c23e3a933abbe9c5ca18a14bdb55854a597b90777b072c8ef2b9bb62fc91cef6ac44011eef48864d48686de988ab2638fb152b8bb860471092f6e46961f282275570309e269beab90e1f331c78cbba3ce6b32e042558a0e24d21b2912598b73c084799bd8d01a20bff4585f26734e8f9ac2294a