cma-pega-sit.windtre.it

- Wind Tre S.p.A. -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 25:f3:5c:e4:98:0d:ac:2a:6b:ec:55:ed:c1:8a:c3:b5 was issued on by Entrust, Inc..

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Wind Tre S.p.A.

Organization: Wind Tre S.p.A.
State / Province: Milano
Locality: Rho
Country: IT

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 25:f3:5c:e4:98:0d:ac:2a:6b:ec:55:ed:c1:8a:c3:b5
Serial Number (int): 50445048073428690175196176749932757941
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: b8:d7:7c:07:a1:69:00:2a:ae:02:b5:e4:39:c8:98:be:5f:d3:93:6f
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): fd:28:2b:81:dc:d4:41:e0:fa:c5:a0:27:de:dc:f8:93:67:97:cf:61
Fingerprint (sha256): 2c:52:ef:10:6d:e7:e3:13:b7:2c:8b:31:4c:96:b5:73:ff:04:1b:e1:b9:c8:18:df:c7:cc:43:d3:9b:eb:da:26

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate cma-pega-sit.windtre.it

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for cma-pega-sit.windtre.it

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

cma-pega-sit.windtre.it
www.cma-pega-sit.windtre.it
cma-pega-sit.gcp.windtre.it

Other certificates including the domain name windtre.it

(limited to 100 certificates)
vcloud-rm.windcloud.wind.it
nog.windtre.it
app.windtre.it
appuntamentotecnico.windtre.it
withu.windtre.it
selfcare-ob-bs.apps.windtre.it
static.windtre.it
igp.aws.windtre.it
ologateway-test.windtre.it
cdn-magazine.windtre.it
vcloud-vmrc-rm.windcloud.wind.it
fibra-il-tuo-codice-pre.windtre.it
shopping.windtre.it
b2b.shop.windtre.it
vcloud-mi.windcloud.wind.it
apigw.windtre.it
registrazioneinternet.windtre.it
www.propostediristoro.windtre.it
skype-ext.windtre.it
cw3hubsec.windtre.it
shop.dea.windtre.it
withu.windtre.it
developer.windtre.it
newscms.windtre.it
areaclienti.windtre.it
vcloud-rm.windcloud.wind.it
windtre.it
gateway.shop.wind.it
visual.bs.windtre.it
apigw.windtre.it
fibra-richiedi-codice-professional-pre.windtre.it
attiva.windtre.it
apps.windtre.it
solplus.windtre.it
areaclienti.bs.windtre.it
cvse.windtre.it
www.propostedirimborso.windtre.it
selfcaring.windtre.it
www.windtre.it
fibra-dnsprofessional.windtre.it
clockin.windtre.it
erp-ocp.windtre.it
ilc.dms.windtre.it
www.windtre.it
myaccount.windtre.it
partners.windtre.it
sharepoint.windtre.it
fibra-il-tuo-codice-professional-pre.windtre.it
conversation.windtre.it
api.windtre.it
apigateway-selfcare.apps.windtre.it
travelweb.windtre.it
vse.windtre.it
dea.windtre.it
api.shop.windtre.it
devmagazine.windtre.it
ml-in-2.apps.windtre.it
myaccount.windtre.it
cma-pega-sit.windtre.it
shop.windtre.it
visual.windtre.it
vcse1new.windtre.it
clockin.windtre.it
pre-dea.windtre.it
gateway.shop.wind.it
apigw-ob-dev.apps.windtre.it
mail-rewarding.windtre.it
magazine.windtre.it
controllerlab.epc.windtre.it
agenda.windtre.it
SEC-SDV-SFE-DMZ.WINDTRE.IT
consumer.windtre.it
pd.windtre.it
w3hub.windtre.it
attiva.dea.windtre.it
cma-pega.windtre.it
minio.windtre.it
vcloud-vmrc-mi.windcloud.wind.it
easysales.windtre.it
uat-identity.windtre.it
techystore.windtre.it
mnp.windtre.it
gateway.shop.windtre.it
internet.windtre.it
newscms.windtre.it
gateway.shop.windtre.it
FW-TestPlant-IDR.windtre.it
skype-ext.windtre.it
skype-ext.windtre.it
apigw-ob-bs.apps.windtre.it
smartdesk-api.windtre.it
buy.shop.windtre.it
hcm-test.windtre.it
ilq.dms.windtre.it
next.windtre.it
shiftplanner.windtre.it
selfcaring.windtre.it
devops-bot.windtre.it
fibra-dnsdinamico.windtre.it
selfcare-customer-care.gcp.windtre.it

Certificate

The complete raw certificate details for cma-pega-sit.windtre.it in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgIQJfNc5JgNrCpr7FXtwYrDtTANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDAxMDkxNTAyMjhaFw0yNTAxMDkxNTAyMjdaMGgxCzAJBgNVBAYTAklUMQ8wDQYD
VQQIEwZNaWxhbm8xDDAKBgNVBAcTA1JobzEYMBYGA1UEChMPV2luZCBUcmUgUy5w
LkEuMSAwHgYDVQQDExdjbWEtcGVnYS1zaXQud2luZHRyZS5pdDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANWna4Cpy4RZyIWQWNaSEKKa99wmakdff1uh
BbctGHLii6eCsEKq2Y1C9276XsTN1clEsvQGAPrpRpo/mFQImH6o8OCuxn80hvrK
WpTgyt8gXnZceuOQyteRJhOYMfWQp1D6iJCotBqSA+Vpm4vE86lyWf+8A+PPdL0l
6uC8tOYf4yF8lQ+VlFyr9JtOAmrqH2kj7/FOEHUvV5pDCcC9/LO9KUe6RCSdg3d3
QzCHx57G2iPuxywEdJf7DLz0e0h9cnn3WhpMMKJmKkaDbpvGn4xmwgaxvgCbn2N3
8P8cFThnsqnNbGM2UCXcj8nA5mhsu7ATlrLpXLzvwT1YnsP1k2UCAwEAAaOCAagw
ggGkMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFLjXfAehaQAqrgK15DnImL5f05Nv
MB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MGgGCCsGAQUFBwEBBFww
WjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUH
MAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAzBgNV
HR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3Js
MFwGA1UdEQRVMFOCF2NtYS1wZWdhLXNpdC53aW5kdHJlLml0ght3d3cuY21hLXBl
Z2Etc2l0LndpbmR0cmUuaXSCG2NtYS1wZWdhLXNpdC5nY3Aud2luZHRyZS5pdDAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBMG
A1UdIAQMMAowCAYGZ4EMAQICMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3
DQEBCwUAA4IBAQDCidsKZhP3HmlQWZcrGJ/fz4qVQ2GIzA8GoQfOYtG23GRykK84
ZC9ByH24faZiJuFlpNiLlWQWuP1AwkSXily1oH9JtoVZ8Q5aTg100z5OMESMwKCP
VJ4mecdsaHoDj0ORHuQ8v/FhZ8lLcYW6w+CCOjxHGt7YswduOWZTOHJa5rV5UFAD
+fWXNLr1uojv9+E3IsOMRO6KFDpHgo9xRrgphGAa5ytFYEbG6X1Kv6BRcDKj1iYS
wAfqgqHxfE2UIPJC7cgKaYZYav7G16GdAFx200v0tK1VOZ0iVka9+UGahddixPis
gJO6X7OmG4cnxF1LEaRU6w10VvEhzGkBnk8v
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1adrgKnLhFnIhZBY1pIQ
opr33CZqR19/W6EFty0YcuKLp4KwQqrZjUL3bvpexM3VyUSy9AYA+ulGmj+YVAiY
fqjw4K7GfzSG+spalODK3yBedlx645DK15EmE5gx9ZCnUPqIkKi0GpID5Wmbi8Tz
qXJZ/7wD4890vSXq4Ly05h/jIXyVD5WUXKv0m04CauofaSPv8U4QdS9XmkMJwL38
s70pR7pEJJ2Dd3dDMIfHnsbaI+7HLAR0l/sMvPR7SH1yefdaGkwwomYqRoNum8af
jGbCBrG+AJufY3fw/xwVOGeyqc1sYzZQJdyPycDmaGy7sBOWsulcvO/BPView/WT
ZQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 50445048073428690175196176749932757941
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-09 15:02:28 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-09 15:02:27 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Milano'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Rho'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Wind Tre S.p.A.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cma-pega-sit.windtre.it'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26971316803210539496707476595415838749268718611516040501207045458337423376195882532318067181365211629638259685999200255058360166582336081040087567425602386741303598102057176188750244903020975787538490152264604870100464739803311434804096097558581354454907303054297424753420059562397362852141204310760737238546489413103153049169808097657241629187618402824236083514877669008402371555475899386151148693615479508361619762412257940981736412832504695111314416227625629384030213395881718672509928927774147730039743105798474855707307475039436908996506918138617447721624949502633529973471668706739295665185659317526484089148261
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b8d77c07a169002aae02b5e439c898be5fd3936f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (85 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cma-pega-sit.windtre.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cma-pega-sit.windtre.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cma-pega-sit.gcp.windtre.it'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00c289db0a6613f71e695059972b189fdfcf8a95436188cc0f06a107ce62d1b6dc647290af38642f41c87db87da66226e165a4d88b956416b8fd40c244978a5cb5a07f49b68559f10e5a4e0d74d33e4e30448cc0a08f549e2679c76c687a038f43911ee43cbff16167c94b7185bac3e0823a3c471aded8b3076e39665338725ae6b579505003f9f59734baf5ba88eff7e13722c38c44ee8a143a47828f7146b82984601ae72b456046c6e97d4abfa0517032a3d62612c007ea82a1f17c4d9420f242edc80a6986586afec6d7a19d005c76d34bf4b4ad55399d225646bdf9419a85d762c4f8ac8093ba5fb3a61b8727c45d4b11a454eb0d7456f121cc69019e4f2f