www.managerewardsonline.fiacardservices.com

- Bank of America Corporation -

Issued by Entrust Certification Authority - L1M

About this certificate

This digital certificate with serial number e4:82:03:ab:a9:8c:85:c4:00:00:00:00:54:cf:4b:30 was issued on by Entrust, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Bank of America Corporation

Company registration number: 2927442
Organization: Bank of America Corporation
Organization unit: Mercury - DAL
State / Province: Illinois
Locality: Chicago
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2014 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): e4:82:03:ab:a9:8c:85:c4:00:00:00:00:54:cf:4b:30
Serial Number (int): 303739056078287795472847399414741814064
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 89:18:fa:7e:57:4e:ed:93:00:44:0a:cd:16:8c:b9:48:b9:b3:16:9c
AuthorityKeyId: c3:f7:d0:b5:2a:30:ad:af:0d:91:21:70:39:54:dd:bc:89:70:c7:3a

Fingerprint (sha1): 42:5d:68:97:81:bc:06:85:a5:1b:1d:2d:ed:63:7c:8c:fa:8b:76:9e
Fingerprint (sha256): 2d:79:a8:57:3c:d1:51:e9:ea:5f:4d:56:20:48:86:49:32:85:0c:b4:18:f6:0f:4b:84:4c:e3:ed:75:09:42:07

Issuing Certificate URL: http://aia.entrust.net/l1m-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1m.crl

Check the revocation status for certificate www.managerewardsonline.fiacardservices.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.managerewardsonline.fiacardservices.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.managerewardsonline.fiacardservices.com

Other certificates including the domain name fiacardservices.com

(limited to 100 certificates)
www.managerewardsonline.fiacardservices.com
godirectdebit.fiacardservices.com
epass-uat.bankofamerica.com
www.managerewardsonline.fiacardservices.com
affinityweb.fiacardservices.com
wwwn.managerewardsonline.fiacardservices.com
Easyrewards.fiacardservices.com
affinityweb.fiacardservices.com
shopsafe-devps.ecnp.fiacardservices.com
reward-redemption.fiacardservices.com
mydirectdebit.fiacardservices.com
campus.bankofamerica.com
ddoxlogin.dynamicdox.com
travelcenter.fiacardservices.com
travelcenter.fiacardservices.com
www.staging.managerewardsonline.fiacardservices.com
affinityweb.fiacardservices.com
wwwa.managerewardsonline.fiacardservices.com
about-dev.bankofamerica.com
www5-staging.managerewardsonline.com
www5-staging.managerewardsonline.com
shopsafe-qaps.ecnp.fiacardservices.com
easyrewards.fiacardservices.com
mydirectdebit.fiacardservices.com
shopsafe-cert1.ecnp.fiacardservices.com
secure.fiacardservices.com
www.managerewardsonline.fiacardservices.com
mynewcard.fiacardservices.com
reward-redemption.fiacardservices.com
secure-cert2.ecnp.fiacardservices.com
onlinedirectdebit.fiacardservices.com
mynewcard.fiacardservices.com
travelcenterfaq.fiacardservices.com
secure.fiacardservices.com
ddoxlogin.dynamicdox.com
mydirectdebit.fiacardservices.com
shopsafe-devflex.ecnp.fiacardservices.com
epass-uat.bankofamerica.com
shopsafe-devflex.ecnp.fiacardservices.com
preferences.em.fiacardservices.com
sso-fi.fiacardservices.com
secure-pt2.ecnp.fiabusinesscard.com
preferences.em.fiacardservices.com
campus.bankofamerica.com
reward-redemption.fiacardservices.com
ddoxlogin-uat.bankofamerica.com
eesorigin.bankofamerica.com
www.managerewardsonline.fiacardservices.com
secure-pt2.ecnp.fiacardservices.com
businesscard.fiacardservices.com
www.managerewardsonline.fiacardservices.com
www.managerewardsonline.fiacardservices.com
secure-preview2.ecnp.fiacardservices.com
wwwn.staging.managerewardsonline.fiacardservices.com
preferencesorigin-dev.em.fiacardservices.com
www.staging.managerewardsonline.fiacardservices.com
godirectdebit.fiacardservices.com
www.managerewardsonline.fiacardservices.com
secure.fiacardservices.com
wwwa.managerewardsonline.fiacardservices.com
secure-dev1.ecnp.fiacardservices.com
sso-fi.fiacardservices.com
ddoxlogin.dynamicdox.com
secure.fiacardservices.com
aboutorigin-dev.bankofamerica.com
preferences-qa.em.fiacardservices.com
www5-staging.managerewardsonline.com
giftcard.fiacardservices.com
rewardsshoppingmall.fiacardservices.com
www.managerewardsonline.fiacardservices.com
shopsafe-pt1.ecnp.fiacardservices.com
secure-dev3.ecnp.fiacardservices.com
testSymantecStandardSSL-FIACardServices-SHA1.fiacardservices.com
mynewcard.fiacardservices.com
ddoxlogin.dynamicdox.com
www.staging.managerewardsonline.fiacardservices.com
redorigin-dev.bankofamerica.com
secure-qa2.ecnp.fiacardservices.com
ddoxlogin-uat-ah.dynamicdox.com
wwwa.managerewardsonline.fiacardservices.com
redorigin-dev.bankofamerica.com
uat.travelcenter.fiacardservices.com
choosedirectdebit.fiacardservices.com
campus.bankofamerica.com
onlinedirectdebit.fiacardservices.com
mynewcard.fiacardservices.com
mynewcarda.fiacardservices.com
choosedirectdebit.fiacardservices.com
secure-pt2.ecnp.fiacardservices.com
shopsafe-dev2.ecnp.fiacardservices.com
secure-dev2.ecnp.fiacardservices.com
redorigin-dev.bankofamerica.com
campus.bankofamerica.com
epass-uat.bankofamerica.com
miu-test.fiacardservices.com
travelcenter.sit1.fiacardservices.com
wwwn.managerewardsonline.fiacardservices.com
secure-preview2.ecnp.fiacardservices.com
affinityweb.fiacardservices.com
mynewcardn.fiacardservices.com

Certificate

The complete raw certificate details for www.managerewardsonline.fiacardservices.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGBzCCBO+gAwIBAgIRAOSCA6upjIXEAAAAAFTPSzAwDQYJKoZIhvcNAQELBQAw
gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
MjAxNCBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs
BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMU0wHhcN
MTgxMjI3MTYwMzA4WhcNMTkxMjI2MTYzMzA3WjCCAQcxCzAJBgNVBAYTAlVTMREw
DwYDVQQIEwhJbGxpbm9pczEQMA4GA1UEBxMHQ2hpY2FnbzETMBEGCysGAQQBgjc8
AgEDEwJVUzEZMBcGCysGAQQBgjc8AgECEwhEZWxhd2FyZTEkMCIGA1UEChMbQmFu
ayBvZiBBbWVyaWNhIENvcnBvcmF0aW9uMR0wGwYDVQQPExRQcml2YXRlIE9yZ2Fu
aXphdGlvbjEWMBQGA1UECxMNTWVyY3VyeSAtIERBTDEQMA4GA1UEBRMHMjkyNzQ0
MjE0MDIGA1UEAxMrd3d3Lm1hbmFnZXJld2FyZHNvbmxpbmUuZmlhY2FyZHNlcnZp
Y2VzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANLnclmmGm3h
UCqYii5shlVuBt1WV7yyv6VVeehBD4OnVtzABaPQvxzz2j50YRrqxbmgb1va60v9
lsUYcYkG/rqVZgdJEossORJOJkc2BXbkMRSPTCadJqKBG/tXpgR8Vs/+NTcGYuRW
zByf25b8y64MbnXKpCHFrii0uR6Twz2O7rMECzHCYfAh41y33Q9h48wBOeDVJbVi
mt1XSUSq2iH9sOLl1u50X/MYneKIkeQwq9c3noT686//LePq7Qb2riROT8SdSJD3
l0uLCO472ihHR4EfDM8UVEdMi2mTJ6DBNZY5Gjx3as36tMCPraZytQpL+7GwQK6e
L1YJnPXMZXECAwEAAaOCAbYwggGyMBMGCisGAQQB1nkCBAMBAf8EAgUAMDYGA1Ud
EQQvMC2CK3d3dy5tYW5hZ2VyZXdhcmRzb25saW5lLmZpYWNhcmRzZXJ2aWNlcy5j
b20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1
c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxbS1j
aGFpbjI1Ni5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0
Lm5ldC9sZXZlbDFtLmNybDBKBgNVHSAEQzBBMDYGCmCGSAGG+mwKAQIwKDAmBggr
BgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwBwYFZ4EMAQEwHwYD
VR0jBBgwFoAUw/fQtSowra8NkSFwOVTdvIlwxzowHQYDVR0OBBYEFIkY+n5XTu2T
AEQKzRaMuUi5sxacMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBADnimFxB
3qIDYjPLkdyeN4FImZ/jRmyFrftVRQwcRKPcu+mSIeLpNc6w5Y3eomCSvcGn8PIh
wf4HmOXX5PdxhINk4mi7gmX07lDELtyh78mi7Pp1NY7UkxfoQQUKY/6WiiYnUUYl
jfnDuq3byAw5PHxD3LsC4Egp9B9TazEBLYU71FE+BWs0se6BUCA8dANl0Qsu6Xi+
mNh6lL7lzzyLJCw8b1EVDVkuv4qy4r2fckiNlW34rjE8HkUjBQNP4mVfYyl2xleM
zZhyyc0pGm7CvwwC7h41rDb73IsgFn2fXftI3G7aIHhFvm8joRAiu8x8KmOhnoXl
GBIpmBWe9qAwyKM=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0udyWaYabeFQKpiKLmyG
VW4G3VZXvLK/pVV56EEPg6dW3MAFo9C/HPPaPnRhGurFuaBvW9rrS/2WxRhxiQb+
upVmB0kSiyw5Ek4mRzYFduQxFI9MJp0mooEb+1emBHxWz/41NwZi5FbMHJ/blvzL
rgxudcqkIcWuKLS5HpPDPY7uswQLMcJh8CHjXLfdD2HjzAE54NUltWKa3VdJRKra
If2w4uXW7nRf8xid4oiR5DCr1zeehPrzr/8t4+rtBvauJE5PxJ1IkPeXS4sI7jva
KEdHgR8MzxRUR0yLaZMnoME1ljkaPHdqzfq0wI+tpnK1Ckv7sbBArp4vVgmc9cxl
cQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 303739056078287795472847399414741814064
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2014 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1M'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-12-27 16:03:08 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-12-26 16:33:07 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illinois'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Chicago'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Delaware'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bank of America Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Mercury - DAL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '2927442'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.managerewardsonline.fiacardservices.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26624174654699855791983451843872052134385758624286123953693530906333155925114173391216415498863954357734450269304182876780752555514835350611213905250860988131709107871322579203186092302538409721904276253916330224526324242755388914823522817741572925510572658955171717017945829004115056164095799042441924700530931802210442936646744934223644182219522249940420624704689829343672266018516108010801335171143499705891301848249519865634480818864768824293496432022408752997753334265986674305255456203170871878357271420148596277142936339840300855716094694074603526997158128141932366843462991479629822056424099399602834223424881
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (47 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.managerewardsonline.fiacardservices.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1m-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1m.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.2 (Entrust EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c3f7d0b52a30adaf0d9121703954ddbc8970c73a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8918fa7e574eed9300440acd168cb948b9b3169c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0039e2985c41dea2036233cb91dc9e378148999fe3466c85adfb55450c1c44a3dcbbe99221e2e935ceb0e58ddea26092bdc1a7f0f221c1fe0798e5d7e4f771848364e268bb8265f4ee50c42edca1efc9a2ecfa75358ed49317e841050a63fe968a26275146258df9c3baaddbc80c393c7c43dcbb02e04829f41f536b31012d853bd4513e056b34b1ee8150203c740365d10b2ee978be98d87a94bee5cf3c8b242c3c6f51150d592ebf8ab2e2bd9f72488d956df8ae313c1e452305034fe2655f632976c6578ccd9872c9cd291a6ec2bf0c02ee1e35ac36fbdc8b20167d9f5dfb48dc6eda207845be6f23a11022bbcc7c2a63a19e85e518122998159ef6a030c8a3