services.nowtv.com

- Sky Plc -

Issued by GeoTrust RSA CA 2018

About this certificate

This digital certificate with serial number 0e:94:6d:1a:af:c1:04:21:0f:b2:e3:f9:c9:54:d2:a0 was issued on by DigiCert Inc.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Sky Plc

Organization: Sky Plc
Locality: ISLEWORTH
Country: GB

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0e:94:6d:1a:af:c1:04:21:0f:b2:e3:f9:c9:54:d2:a0
Serial Number (int): 19379864773024219013885513470120874656
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: a0:2a:2c:65:58:f1:6d:02:0f:40:95:b0:ed:30:6a:36:db:43:ca:d6
AuthorityKeyId: 90:58:ff:b0:9c:75:a8:51:54:77:b1:ed:f2:a3:43:16:38:9e:6c:c5

Fingerprint (sha1): 90:82:66:69:50:b0:7f:f0:45:ea:c9:6d:72:3b:46:61:aa:13:bd:2d
Fingerprint (sha256): 29:c8:26:a2:92:2f:86:ab:e0:e4:d7:c6:9a:fe:ca:2c:ea:26:6d:ed:ff:9d:2e:e2:d8:33:2d:ab:84:65:86:f8

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustRSACA2018.crl

Check the revocation status for certificate services.nowtv.com

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for services.nowtv.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

services.nowtv.com
chromecast.nowtv.com
crosstv.nowtv.com
smarttv.nowtv.com

Other certificates including the domain name nowtv.com

(limited to 100 certificates)
secure03.stage.lithium.com
skyidapp.sky.com
www.nowtv.com
crosstv.nowtv.com
secure03.stage.lithium.com
secure03.stage.lithium.com
search.nowtv.com
chromecast.nowtv.com
www.stage.nowtv.com
www.nowtv.com
uiapi.id.int.nowtv.it
services.stage.nowtv.com
secure03.stage.lithium.com
ie.api.atom.nowtv.com
crmg-local.nowtv.com
geekzone.nowtv.com
www.stage.nowtv.com

help.nowtv.com
roku.int.nowtv.com
staging.ott.sky.com
stg1.skyidapp.sky.com
secure03.stage.lithium.com
api.nowtv.com
secure03.stage.lithium.com
uc18.janrainengage.com
ie.api.stage2.atom.nowtv.com
secure03.stage.lithium.com
slo.skyidappintl.sky.com
*.api.stage.nowtv.com
id.nowtv.com
secure03.stage.lithium.com
skyidapp.sky.com
slo.skyidappintl.sky.com
www.stage.nowtv.com
www.stage.nowtv.com
ie.api.atom.nowtv.com
click.messaging.nowtv.com
www.stage.nowtv.com
services.nowtv.com
secure03.stage.lithium.com
ott.sky.com
*.api.nowtv.com
uiapi.id.int.nowtv.it
secure03.stage.lithium.com
uc18.janrainengage.com
slo.skyidappintl.sky.com
secure03.stage.lithium.com
ie.api.stage1.atom.nowtv.com
secure03.stage.lithium.com

www.stage.nowtv.com
www.nowtv.com
my.nowtv.com
uiapi.id.int.nowtv.it
staging.ott.sky.com
crmg.nowtv.com
secure03.stage.lithium.com
www.nowtv.com
onebrief.nowtv.com
stage-mcs-gatekeeper.sky.com
services.stage.nowtv.com
secure03.stage.lithium.com

secure03.stage.lithium.com
community.nowtv.com
interest.sky.com
staging.ott.sky.com
secure03.stage.lithium.com
secure03.stage.lithium.com
nowtv.com
nowtv.com
cms.stage1.atom.nowtv.com
device.nowtv.com
api.atom.nowtv.com
slo.skyidappintl.sky.com
www.stage.nowtv.com
signup.nowtv.com
*.api.nowtv.com
skyidapp.sky.com
www.stage.nowtv.com
secure03.stage.lithium.com
ott.sky.com
cks-thirdparty.ovp.stable-int.nowtv.com
www.nowtv.com
webstatic.stage.nowtv.com
watch.stage.nowtv.com
*.stage.nowtv.com
www.stage.nowtv.com
secure03.stage.lithium.com
api.stage1.atom.nowtv.com

www.nowtv.com
uc18.janrainengage.com
www.nowtv.com
www.stage.nowtv.com
uiapi.id.int.nowtv.it
secure03.stage.lithium.com
services.nowtv.com
ott.sky.com

Certificate

The complete raw certificate details for services.nowtv.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIQDpRtGq/BBCEPsuP5yVTSoDANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe
Fw0xODAxMTgwMDAwMDBaFw0xOTA0MTkxMjAwMDBaMFAxCzAJBgNVBAYTAkdCMRIw
EAYDVQQHEwlJU0xFV09SVEgxEDAOBgNVBAoTB1NreSBQbGMxGzAZBgNVBAMTEnNl
cnZpY2VzLm5vd3R2LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKxUqaJrjAQX9gTessrpetAnWBsfyIQXmSVBNRG9KbPbndMtXQv2Hh/pw3DgcTcA
D3ota5Y81FbME2E7/Kv01XGFTNmdHybXgI8nfT91Y+Fhw0mkd5SEfQu+teRMM4TS
YnHa5e8RuSJY22AXVVqnWXvR+a2FFfCIh8WkDBOfBg6287sZE74VVVY0wMyrYpC9
PVKBxGg0ALg3j4iHxPEJsT+ZIRvs71MdbB7S0P/Vebv+dHNxbmm5eUuMsm01YztK
H/2NAYMtaoI7VJORV5Ij5r0e4SKastneWCw1JNm1VLWHzCJMd3ePnRHgJoCqs9Lz
qXIZ07fWFkwElk5SsG2xQXMCAwEAAaOCAd4wggHaMB8GA1UdIwQYMBaAFJBY/7Cc
dahRVHex7fKjQxY4nmzFMB0GA1UdDgQWBBSgKixlWPFtAg9AlbDtMGo220PK1jBZ
BgNVHREEUjBQghJzZXJ2aWNlcy5ub3d0di5jb22CFGNocm9tZWNhc3Qubm93dHYu
Y29tghFjcm9zc3R2Lm5vd3R2LmNvbYIRc21hcnR0di5ub3d0di5jb20wDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA+BgNVHR8E
NzA1MDOgMaAvhi1odHRwOi8vY2RwLmdlb3RydXN0LmNvbS9HZW9UcnVzdFJTQUNB
MjAxOC5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYc
aHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwdQYIKwYBBQUH
AQEEaTBnMCYGCCsGAQUFBzABhhpodHRwOi8vc3RhdHVzLmdlb3RydXN0LmNvbTA9
BggrBgEFBQcwAoYxaHR0cDovL2NhY2VydHMuZ2VvdHJ1c3QuY29tL0dlb1RydXN0
UlNBQ0EyMDE4LmNydDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAw3wNg
q/+NEfolX7y9uzgRziB0u/KTvD/L2Ig6qIjc2MsagKlbAxOkIoPbEjuQ1QSYRWzm
dY9FTMQx1WZmxyGlPXQAIF3EXdpCXgbWLr1czvVYl/y1FghZXyNcoINxQ10yGkTF
t2fIcNXzZx9HqEGvHMue86+OZYu1+54tBTqQnzECgiRZXp4O7VqTd0I+7CavBvoP
mfaAYiKxVPAKADsRi+WP+JTxlIln55wZRw6AFmWKU5iHT6ShP3M6Gd1I977yXkqP
6M2qCsfNXPItQW+1v88R3G1lJYZrRCbtgxKmThc6Rlz2QdDtPPlY6BYIm9w6IXVp
Q7nVihAzuYf9yFOv
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFSpomuMBBf2BN6yyul6
0CdYGx/IhBeZJUE1Eb0ps9ud0y1dC/YeH+nDcOBxNwAPei1rljzUVswTYTv8q/TV
cYVM2Z0fJteAjyd9P3Vj4WHDSaR3lIR9C7615EwzhNJicdrl7xG5IljbYBdVWqdZ
e9H5rYUV8IiHxaQME58GDrbzuxkTvhVVVjTAzKtikL09UoHEaDQAuDePiIfE8Qmx
P5khG+zvUx1sHtLQ/9V5u/50c3Fuabl5S4yybTVjO0of/Y0Bgy1qgjtUk5FXkiPm
vR7hIpqy2d5YLDUk2bVUtYfMIkx3d4+dEeAmgKqz0vOpchnTt9YWTASWTlKwbbFB
cwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 19379864773024219013885513470120874656
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-01-18 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-04-19 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ISLEWORTH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sky Plc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'services.nowtv.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21754737155270914162026765508468824793468380761753993174585234640424670520998319644513845646242727774345905203591536452830760839441995976478923836015119229088788398435661993623213154809886524796364533926603071068362056238446925902277834236860071729551456800021069070529219153424968971715851680098063567928912185327136157143408714841910090044229509871029400724118275016498856123459690188683822271897287820647774689801164328372695978956349502745855916238499343518425007966578011318535469185498363272154250914942572920644908468096696831684164494256659944210790766996089985267192333998533143223565218038098882893871923571
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9058ffb09c75a8515477b1edf2a34316389e6cc5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a02a2c6558f16d020f4095b0ed306a36db43cad6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (82 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'services.nowtv.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'chromecast.nowtv.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'crosstv.nowtv.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'smarttv.nowtv.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0030df0360abff8d11fa255fbcbdbb3811ce2074bbf293bc3fcbd8883aa888dcd8cb1a80a95b0313a42283db123b90d50498456ce6758f454cc431d56666c721a53d7400205dc45dda425e06d62ebd5ccef55897fcb51608595f235ca08371435d321a44c5b767c870d5f3671f47a841af1ccb9ef3af8e658bb5fb9e2d053a909f31028224595e9e0eed5a9377423eec26af06fa0f99f6806222b154f00a003b118be58ff894f1948967e79c19470e8016658a5398874fa4a13f733a19dd48f7bef25e4a8fe8cdaa0ac7cd5cf22d416fb5bfcf11dc6d6525866b4426ed8312a64e173a465cf641d0ed3cf958e816089bdc3a21756943b9d58a1033b987fdc853af