www.aldi.co.uk

- ALDI Einkauf GmbH & Co. oHG -

Issued by Trusted Secure Certificate Authority 5

About this certificate

This digital certificate with serial number 09:89:65:c3:54:81:6b:ee:ca:cb:67:b5:d7:81:bb:3c was issued on by Corporation Service Company.

With 12 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

ALDI Einkauf GmbH & Co. oHG

Organization: ALDI Einkauf GmbH & Co. oHG
Organization unit: International Information Technology
Organization unit: Unified Communications
Address: Mintarder Strasse 38-40
Postal code: 45481
State / Province: Nordrhein-Westfalen
Locality: Muelheim an der Ruhr
Country: DE

Corporation Service Company

Organization: Corporation Service Company
State / Province: DE
Locality: Wilmington
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 09:89:65:c3:54:81:6b:ee:ca:cb:67:b5:d7:81:bb:3c
Serial Number (int): 12676460630698375295376507931042364220
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 3b:41:39:6f:5f:c3:ef:77:4d:77:82:26:bb:b3:ea:2b:2a:72:98:e5
AuthorityKeyId: f2:bb:55:ee:fc:8f:cf:d0:3f:14:68:1a:95:7e:79:0e:ab:17:30:f4

Fingerprint (sha1): 83:02:93:72:8a:46:92:cb:d2:ef:e8:44:ed:31:e9:23:c9:88:99:ec
Fingerprint (sha256): 2e:ab:06:e3:58:e6:1d:27:8d:54:1d:97:f8:61:01:6f:3a:77:23:fe:9f:7c:18:73:28:e4:38:6b:7b:39:e4:7f

Issuing Certificate URL: http://crt.usertrust.com/TrustedSecureCertificateAuthority5.crt

Revocation information

OCSP Server: http://ocsp.usertrust.com
CRL Distribution Point: http://crl.usertrust.com/TrustedSecureCertificateAuthority5.crl

Check the revocation status for certificate www.aldi.co.uk

12

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.aldi.co.uk

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.aldi.co.uk
aldi.co.uk
aldi.ie
assets.aldi-digital.co.uk
assets.aldi-digital.ie
assets.aldi.co.uk
assets.aldi.ie
preview.aldi.ie
prod-ws.aldi.co.uk
prod-ws.aldi.ie
www.aldi.ie
www.preview.aldi.ie

Other certificates including the domain name aldi.co.uk

(limited to 100 certificates)
sslcertificate3.queue-it.net
www.dr-admin.aldi.co.uk
stage-ptp.aldi.co.uk
www.aldi-sued.com
ameportal.aldi.co.uk
customerservice.aldi.co.uk
ppe-store.aldi.co.uk
queue.disneymovieclub.go.com
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
staging.store.dev.shopandgo.aldi.co.uk
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
www.ppe-store.aldi.co.uk
ame.aldi.co.uk
www.aldi.co.uk
sslcertificate3.queue-it.net
ppe-admin.aldi.co.uk
the-aldi-testers-club.aldi.co.uk
www.aldi.co.uk
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
fit-admin.aldi.co.uk
www.aldi.co.uk
www.aldi-sued.com
www.ppe-store.aldi.co.uk
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
customerservice.aldi.co.uk
www.def-store.aldi.co.uk
ameportal.aldi.co.uk
live-admin.aldi.co.uk
product.prd.shopandgo.aldi.co.uk
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
www.fit-store.aldi.co.uk
clocks.wfm.aldi.co.uk
test-ptp.aldi-international.com
www.aldi.co.uk
www.aldi-sued.com
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
mia.aldi.co.uk
stage-ptp.aldi.co.uk
sit-store.aldi.co.uk
live-admin.aldi.co.uk
masterdata.prd.shopandgo.aldi.co.uk
sslcertificate3.queue-it.net
www.aldi.co.uk
imperva.com
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
def-admin.aldi.co.uk
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
dev-block.ukcsd-order.aldi.co.uk
sslcertificate3.queue-it.net
queue.disneymovieclub.go.com
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
www.aldi.co.uk
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
staging.checkout.dev.shopandgo.aldi.co.uk
staff.dev.shopandgo.aldi.co.uk
sslcertificate3.queue-it.net
backoffice.dev.shopandgo.aldi.co.uk
groceries.aldi.co.uk
queue.disneymovieclub.go.com
sslcertificate3.queue-it.net
leaflets.aldi.co.uk
shopandgo.aldi.co.uk
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
leaflets.aldi.co.uk
sslcertificate3.queue-it.net
imperva.com
www.aldi-sued.com
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
gateway-test.aldi.co.uk
sslcertificate3.queue-it.net
sslcertificate3.queue-it.net
mia.aldi.co.uk
masterdata.dev.shopandgo.aldi.co.uk
sslcertificate3.queue-it.net

Certificate

The complete raw certificate details for www.aldi.co.uk in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGpjCCBY6gAwIBAgIQCYllw1SBa+7Ky2e114G7PDANBgkqhkiG9w0BAQsFADCB
hjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkRFMRMwEQYDVQQHEwpXaWxtaW5ndG9u
MSQwIgYDVQQKExtDb3Jwb3JhdGlvbiBTZXJ2aWNlIENvbXBhbnkxLzAtBgNVBAMT
JlRydXN0ZWQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSA1MB4XDTE2MDgw
OTAwMDAwMFoXDTE3MDIwOTIzNTk1OVowggELMQswCQYDVQQGEwJERTEOMAwGA1UE
ERMFNDU0ODExHDAaBgNVBAgTE05vcmRyaGVpbi1XZXN0ZmFsZW4xHTAbBgNVBAcT
FE11ZWxoZWltIGFuIGRlciBSdWhyMSAwHgYDVQQJExdNaW50YXJkZXIgU3RyYXNz
ZSAzOC00MDEkMCIGA1UECgwbQUxESSBFaW5rYXVmIEdtYkggJiBDby4gb0hHMS0w
KwYDVQQLEyRJbnRlcm5hdGlvbmFsIEluZm9ybWF0aW9uIFRlY2hub2xvZ3kxHzAd
BgNVBAsTFlVuaWZpZWQgQ29tbXVuaWNhdGlvbnMxFzAVBgNVBAMTDnd3dy5hbGRp
LmNvLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyoJqObXqDBkY
edxdTtAfGaimzWNk38RiiFk7it64Dv4b60zVVQTxO0xyyPgez1WrbezPcikKjJCc
QEaFn14OFF1fJW+yHXXDQ56fbDmwcizO1SqCY/e1wVJCylurX2Gp5gr+hwSMhS55
uys/xAbreTkto3hqowPey2PSZIU9o7iRClR0nCwPRZLLHIuUd83pz81zQ2c1Os43
2rsxrUCtYdaDpEwXtyR+TRnnAnHAr4yntxKD7z6Xv5Z+kMB8PBR+4l6yCSi734s6
pZ0C86BDyUfFUIKVsSUZqMqH7x0wZSlOLYnkVcU3idu6JDhzW3jwIZU533eWOmD0
dPvLFbOcFQIDAQABo4IChjCCAoIwHwYDVR0jBBgwFoAU8rtV7vyPz9A/FGgalX55
DqsXMPQwHQYDVR0OBBYEFDtBOW9fw+93TXeCJruz6isqcpjlMA4GA1UdDwEB/wQE
AwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjBLBgNVHSAERDBCMDYGCysGAQQBsjEBAgIIMCcwJQYIKwYBBQUHAgEWGWh0dHBz
Oi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYGZ4EMAQICMFAGA1UdHwRJMEcwRaBDoEGG
P2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9UcnVzdGVkU2VjdXJlQ2VydGlmaWNh
dGVBdXRob3JpdHk1LmNybDCBggYIKwYBBQUHAQEEdjB0MEsGCCsGAQUFBzAChj9o
dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVHJ1c3RlZFNlY3VyZUNlcnRpZmljYXRl
QXV0aG9yaXR5NS5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVz
dC5jb20wgd4GA1UdEQSB1jCB04IOd3d3LmFsZGkuY28udWuCCmFsZGkuY28udWuC
B2FsZGkuaWWCGWFzc2V0cy5hbGRpLWRpZ2l0YWwuY28udWuCFmFzc2V0cy5hbGRp
LWRpZ2l0YWwuaWWCEWFzc2V0cy5hbGRpLmNvLnVrgg5hc3NldHMuYWxkaS5pZYIP
cHJldmlldy5hbGRpLmllghJwcm9kLXdzLmFsZGkuY28udWuCD3Byb2Qtd3MuYWxk
aS5pZYILd3d3LmFsZGkuaWWCE3d3dy5wcmV2aWV3LmFsZGkuaWUwDQYJKoZIhvcN
AQELBQADggEBABMq6sKRg3wXBq/Kj4y2uS6153ifRLIN6LCKvHSK1e75KboJyJSM
jG93axOl8rh+QJuxg4s1/STITqpgzhMWlEn9wzIj28bNH2s1GYrPlENjgM4D9/S5
L4HTO83L2zDWS1UrJSLD7lOntiQYfxhkWRUjkwnCcbmth/T+5dkSiEBOs4CVra6V
9w4T5KOzJrfTRVqC4hqvpQ1M7eEk7DfhyMO2VrQvTng+UWMbGbO/7rTDySmz5aoe
zujYlwI5H5P0QoX2YnK4vcqsQEEzddn3yPFWOt7QkYt+HxEp61j6TGF5XLNtn659
pXarHlkjCl2BNF0JCKE61DpT6ZgmoNHKT4U=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyoJqObXqDBkYedxdTtAf
GaimzWNk38RiiFk7it64Dv4b60zVVQTxO0xyyPgez1WrbezPcikKjJCcQEaFn14O
FF1fJW+yHXXDQ56fbDmwcizO1SqCY/e1wVJCylurX2Gp5gr+hwSMhS55uys/xAbr
eTkto3hqowPey2PSZIU9o7iRClR0nCwPRZLLHIuUd83pz81zQ2c1Os432rsxrUCt
YdaDpEwXtyR+TRnnAnHAr4yntxKD7z6Xv5Z+kMB8PBR+4l6yCSi734s6pZ0C86BD
yUfFUIKVsSUZqMqH7x0wZSlOLYnkVcU3idu6JDhzW3jwIZU533eWOmD0dPvLFbOc
FQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 12676460630698375295376507931042364220
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Wilmington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Corporation Service Company'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Trusted Secure Certificate Authority 5'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-08-09 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-02-09 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '45481'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Nordrhein-Westfalen'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Muelheim an der Ruhr'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Mintarder Strasse 38-40'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'ALDI Einkauf GmbH & Co. oHG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'International Information Technology'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Unified Communications'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.aldi.co.uk'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25564447608450170886656618978882322326034375897930351627711680928011917786443009941845854297100376906792468665870825058483523084633554594188245922710350348055376404853966631124192330989781408603029825615167733185707143049558551882614848848578754830438150207553086697801924471017745995533990373010699695572794915476830574936369927420239074812221711144014494440976611338780500822819995099259234352901181082566898397823095347377080816042282088561352592418597101903704415955698918250130864822247498392637537674515482153201979534688696683114702762140232551522352652758253756699437734101410090970554836250897740775659117589
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f2bb55eefc8fcfd03f14681a957e790eab1730f4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3b41396f5fc3ef774d778226bbb3ea2b2a7298e5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.8
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://cps.usertrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.usertrust.com/TrustedSecureCertificateAuthority5.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (118 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.usertrust.com/TrustedSecureCertificateAuthority5.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.usertrust.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (214 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.aldi.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aldi.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aldi.ie'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'assets.aldi-digital.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'assets.aldi-digital.ie'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'assets.aldi.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'assets.aldi.ie'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'preview.aldi.ie'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prod-ws.aldi.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prod-ws.aldi.ie'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.aldi.ie'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.preview.aldi.ie'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00132aeac291837c1706afca8f8cb6b92eb5e7789f44b20de8b08abc748ad5eef929ba09c8948c8c6f776b13a5f2b87e409bb1838b35fd24c84eaa60ce13169449fdc33223dbc6cd1f6b35198acf94436380ce03f7f4b92f81d33bcdcbdb30d64b552b2522c3ee53a7b624187f18645915239309c271b9ad87f4fee5d91288404eb38095adae95f70e13e4a3b326b7d3455a82e21aafa50d4cede124ec37e1c8c3b656b42f4e783e51631b19b3bfeeb4c3c929b3e5aa1ecee8d89702391f93f44285f66272b8bdcaac40413375d9f7c8f1563aded0918b7e1f1129eb58fa4c61795cb36d9fae7da576ab1e59230a5d81345d0908a13ad43a53e99826a0d1ca4f85