reverseproxy.onenote.com

Issued by Microsoft RSA TLS CA 02

About this certificate

This digital certificate with serial number 7f:00:0e:3b:7a:a7:2c:2e:45:5b:98:b3:98:00:00:00:0e:3b:7a was issued on by Microsoft Corporation.

With 16 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=reverseproxy.onenote.com

Microsoft Corporation

Organization: Microsoft Corporation
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 7f:00:0e:3b:7a:a7:2c:2e:45:5b:98:b3:98:00:00:00:0e:3b:7a
Serial Number (int): 2832199483227828662927929521999252816829234042
Serial Number lenght: 151 bits, 19 octets

SubjectKeyId: 07:70:61:93:7f:88:b4:81:07:b1:db:2f:1c:7a:d8:fa:3e:c9:89:51
AuthorityKeyId: ff:2f:7f:e1:06:f4:38:f3:2d:ed:25:8d:98:c2:fe:0e:f6:6c:fc:fa

Fingerprint (sha1): 23:6b:c3:95:91:8c:87:4f:8e:cb:5d:e9:14:df:a4:f3:e4:c5:6b:58
Fingerprint (sha256): 2e:ed:bd:65:8c:59:4c:5e:7a:db:49:90:0e:69:8c:13:10:85:8e:61:21:84:80:20:ae:0d:fc:61:10:95:de:20

Issuing Certificate URL: http://www.microsoft.com/pki/mscorp/Microsoft%20RSA%20TLS%20CA%2002.crt

Revocation information

OCSP Server: http://ocsp.msocsp.com
CRL Distribution Point: http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2002.crl
CRL Distribution Point: http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2002.crl

Check the revocation status for certificate reverseproxy.onenote.com

16

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for reverseproxy.onenote.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

11 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

onenote.co
onenote.co.uk
onenote.mobi
onenote.net
onenote.org
*.dev.onenote.com
onenote.com
*.onenote.com
onenote.office.com
*.www.onenote.com
reverseproxy.onenote.com
*.reverseproxy.onenote.com
wbd.ms
whiteboard.ms
edusupport.microsoft.com
todosupport.microsoft.com

Other certificates including the domain name onenote.com

(limited to 100 certificates)
hierarchyapi.onenote.com
site.edog.onenote.com
apimonolith.onenote.com
mergesync.onenote.com
augmentationbg.onenote.com
contentsync.onenote.com
npkrsag.koreasouth.cloudapp.azure.com
reverseproxy.onenote.com
lookup.onenote.com
lookup.onenote.com
handwritingreco.edog.onenote.com
studentagency.edog.onenote.com
learningtools.onenote.com
apimonolith.onenote.com
handwritingreco.onenote.com
npinwag.westindia.cloudapp.azure.com
cdn.onenote.net
npneuag.northeurope.cloudapp.azure.com
classnotebookapi.edog.onenote.com
augmentationbg.edog.onenote.com
pagecontentretriever.onenote.com
handwritingreco.onenote.com
pagecontentsync.onenote.com
userinfo.onenote.com
pagecontentsync.edog.onenote.com
site.edog.onenote.com
cdn.onenote.net
assignments.onenote.com
nbdistribution.edog.onenote.com
mergesync.onenote.com
pagecontentretriever.onenote.com
npinwag.westindia.cloudapp.azure.com
pagecontentgc.edog.onenote.com
onenoteonlinesync.onenote.com
hierarchyapi.edog.onenote.com
cdn.onenote.net
learningtools.onenote.com
pagecontentgc.onenote.com
appsforoffice.edog.onenote.com
hierarchyapi.onenote.com
npkrcag.koreacentral.cloudapp.azure.com
assignments.onenote.com
handwritingreco.edog.onenote.com
realtimesync.onenote.com
reverseproxy.edog.onenote.com
onenote.com
cdn.onenote.net
npeusag.eastus.cloudapp.azure.com
site.edog.onenote.com
cdn.onenote.net
apiwebhooks.onenote.com
assignments.edog.onenote.com
officeaddins.meetingdetails.onenote.com
cdn.onenote.net
reverseproxy.edog.onenote.com
entitystorage.edog.onenote.com
contentsync.onenote.com
pagecontentretriever.edog.onenote.com
pagecontentgc.onenote.com
bingindexing.edog.onenote.com
pagecontentretriever.onenote.com
officeaddins.meetingdetails.edog.onenote.com
nbdistribution.onenote.com
o365notification.edog.onenote.com
officeaddins.meetingdetails.edog.onenote.com
educonnect.assignments.onenote.com
npkrcag.koreacentral.cloudapp.azure.com
niscusag.southcentralus.cloudapp.azure.com
whiteboard.edog.onenote.com
site-cdn.onenote.net
notificationshub.edog.onenote.com
pagecontentgc.onenote.com
npjpeag.japaneast.cloudapp.azure.com
userinfo.onenote.com
hierarchyretriever.onenote.com
userinfo.edog.onenote.com
appsforoffice.onenote.com
niscusag.southcentralus.cloudapp.azure.com
pagecontentgc.onenote.com
site-cdn.onenote.net
npneuag.northeurope.cloudapp.azure.com
classnotebookapi.edog.onenote.com
cdn.onenote.net
lookup.edog.onenote.com
apiwebhooks.onenote.com
mergesync.edog.onenote.com
onenoteonlinesync.edog.onenote.com
edunotebookssite.onenote.com
reverseproxy.onenote.com
lookup.edog.onenote.com
onenote.com
educonnect.assignments.onenote.com
pagecontentgc.edog.onenote.com
bingindexing.onenote.com
lookup.onenote.com
pagecontentsync.onenote.com
nineuag.northeurope.cloudapp.azure.com
lookup.edog.onenote.com
lookup.edog.onenote.com
reverseproxy.onenote.com

Certificate

The complete raw certificate details for reverseproxy.onenote.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHtDCCBZygAwIBAgITfwAOO3qnLC5FW5izmAAAAA47ejANBgkqhkiG9w0BAQsF
ADBPMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MSAwHgYDVQQDExdNaWNyb3NvZnQgUlNBIFRMUyBDQSAwMjAeFw0yMTA0MjgxODQz
MDdaFw0yMjA0MjgxODQzMDdaMCMxITAfBgNVBAMTGHJldmVyc2Vwcm94eS5vbmVu
b3RlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsqGBEKd4pV
rV9tuOKt9QwwZikh5waRUHECrzlmK6jxnaX/vdz1sdrjrlCaRIcZ/OjTts19O3FQ
87WYvqxJdbqiR5AM3rjcsuOB8coiZVoXUqpRvgari1S7jewFg+ZiHM3/vICiugzY
yhq0Lqs1Hc/EDs+WTcsboEbvwES1440dmRd3ElHjNo6yfHuZTSLy0gaQrmALnlJm
6INDnLCMGFhm5tPCiDziYRzvjOnusDtGG0fvCzu0Iho72tYhpoXojrmQLZ9WnD+4
ELFKFsNlrf4KA+8lmDZlIz+vjFSHIQCEFiVpzQL6HeRDo8wuVjfojTsoS079/c6Y
mev0CX4L4A0CAwEAAaOCA7MwggOvMBMGCisGAQQB1nkCBAMBAf8EAgUAMCcGCSsG
AQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwPgYJKwYBBAGCNxUH
BDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYWGjkGHwphQAgFk
AgEnMIGHBggrBgEFBQcBAQR7MHkwUwYIKwYBBQUHMAKGR2h0dHA6Ly93d3cubWlj
cm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMFJTQSUyMFRMUyUyMENB
JTIwMDIuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0G
A1UdDgQWBBQHcGGTf4i0gQex2y8cetj6PsmJUTAOBgNVHQ8BAf8EBAMCBLAwggEo
BgNVHREEggEfMIIBG4IKb25lbm90ZS5jb4INb25lbm90ZS5jby51a4IMb25lbm90
ZS5tb2JpggtvbmVub3RlLm5ldIILb25lbm90ZS5vcmeCESouZGV2Lm9uZW5vdGUu
Y29tggtvbmVub3RlLmNvbYINKi5vbmVub3RlLmNvbYISb25lbm90ZS5vZmZpY2Uu
Y29tghEqLnd3dy5vbmVub3RlLmNvbYIYcmV2ZXJzZXByb3h5Lm9uZW5vdGUuY29t
ghoqLnJldmVyc2Vwcm94eS5vbmVub3RlLmNvbYIGd2JkLm1zgg13aGl0ZWJvYXJk
Lm1zghhlZHVzdXBwb3J0Lm1pY3Jvc29mdC5jb22CGXRvZG9zdXBwb3J0Lm1pY3Jv
c29mdC5jb20wgbAGA1UdHwSBqDCBpTCBoqCBn6CBnIZNaHR0cDovL21zY3JsLm1p
Y3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwUlNBJTIwVExT
JTIwQ0ElMjAwMi5jcmyGS2h0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNj
b3JwL2NybC9NaWNyb3NvZnQlMjBSU0ElMjBUTFMlMjBDQSUyMDAyLmNybDBXBgNV
HSAEUDBOMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1p
Y3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwCAYGZ4EMAQIBMB8GA1UdIwQYMBaA
FP8vf+EG9DjzLe0ljZjC/g72bPz6MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjANBgkqhkiG9w0BAQsFAAOCAgEA0fa26Lv2lzmPZ+YZ/qbPkXWK39MmtDS+
cdrtne8oOl1kkwAat2zcuujpyvOFrp+9Kqy4rv1l+X6mt47bHysoUZiOu6Ze5h2s
YZhRVyN0cQL1mI/T6Xubz+H2mQCgvSqGOk3EYBAte4PqnM5NRYSTTL7BhuelunVs
CqqjfRlTVMtkCEYvLu+yDzO1Ak+nO0k5N9h7BG4Py7duxAIzf5JrWgKX51IFB4Ba
THROOEfbTixOb2xIbS4DkIN1dcYKV2EzGqm3GaJGmsMCe1pB+NOQ+rnVYsVRcdvC
cg3NqQIosXb8vLTQnA/ABmxNfnab+QlMpKEktme4tV0pdnEJFedrmaXrzTLt8SRE
3ZtCUpGJ3x2g0yFpNmtP99+xmHtlHgTaR/t8NRVgQ5fqPKT/7jm1yyXosjv9uqy8
xJKW77JbfiGp8xDOKqexenXi3lV/6QZgZxWt7VIMwHEPlceQ3oTeFBY+kGZk3/+R
fxJVytSMszoQbDa9wxmedXhwJe5AFpx9YdweCWlD0aWrSbJUlPyBnq2iqcf2+cVk
uGA2nA3Mx2ilZEOhmX/m6KXYRuIe+PPc8a6yqF+2kjWPcNw76eVgNDpgKkyIeq2D
DQFJQsNSWOWFCVMT/I0jr81eGrwbQeHa4LnfzqCcyhW+yLYVU4eCRg5DYKcTBUER
5EM77fYDGWk=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyoYEQp3ilWtX2244q31
DDBmKSHnBpFQcQKvOWYrqPGdpf+93PWx2uOuUJpEhxn86NO2zX07cVDztZi+rEl1
uqJHkAzeuNyy44HxyiJlWhdSqlG+BquLVLuN7AWD5mIczf+8gKK6DNjKGrQuqzUd
z8QOz5ZNyxugRu/ARLXjjR2ZF3cSUeM2jrJ8e5lNIvLSBpCuYAueUmbog0OcsIwY
WGbm08KIPOJhHO+M6e6wO0YbR+8LO7QiGjva1iGmheiOuZAtn1acP7gQsUoWw2Wt
/goD7yWYNmUjP6+MVIchAIQWJWnNAvod5EOjzC5WN+iNOyhLTv39zpiZ6/QJfgvg
DQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2832199483227828662927929521999252816829234042
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft RSA TLS CA 02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-04-28 18:43:07 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-04-28 18:43:07 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'reverseproxy.onenote.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25647133238088669116560366221790154886221429722913890243004909985624172717478693699488125133062624938152849060841237042143402396372380433478108515414110487601085794705361117252229821420519258006967286409704599456173151781759297962934115682639642669470413361323723937048398727328562963862845651537417928604898010481603651128526383130888279825078862111451763717903601773657656585929035402036831965118046398380837255360338381175238096178960010416632239613246435189957426805592721698649173910188275424911275712998713502321012308650947444799499418740032861698856435209297249597969184621216099604426480364895876155945246733
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.16155509.8105089.5391003.2969441.12400096.221.10585921.15764560
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 39
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pki/mscorp/Microsoft%20RSA%20TLS%20CA%2002.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.msocsp.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							077061937f88b48107b1db2f1c7ad8fa3ec98951
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (287 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.mobi'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.dev.onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.www.onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'reverseproxy.onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.reverseproxy.onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wbd.ms'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'whiteboard.ms'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edusupport.microsoft.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'todosupport.microsoft.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (168 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2002.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2002.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (80 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.42.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pki/mscorp/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ff2f7fe106f438f32ded258d98c2fe0ef66cfcfa
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00d1f6b6e8bbf697398f67e619fea6cf91758adfd326b434be71daed9def283a5d6493001ab76cdcbae8e9caf385ae9fbd2aacb8aefd65f97ea6b78edb1f2b2851988ebba65ee61dac6198515723747102f5988fd3e97b9bcfe1f69900a0bd2a863a4dc460102d7b83ea9cce4d4584934cbec186e7a5ba756c0aaaa37d195354cb6408462f2eefb20f33b5024fa73b493937d87b046e0fcbb76ec402337f926b5a0297e7520507805a4c744e3847db4e2c4e6f6c486d2e0390837575c60a5761331aa9b719a2469ac3027b5a41f8d390fab9d562c55171dbc2720dcda90228b176fcbcb4d09c0fc0066c4d7e769bf9094ca4a124b667b8b55d2976710915e76b99a5ebcd32edf12444dd9b42529189df1da0d32169366b4ff7dfb1987b651e04da47fb7c3515604397ea3ca4ffee39b5cb25e8b23bfdbaacbcc49296efb25b7e21a9f310ce2aa7b17a75e2de557fe906606715aded520cc0710f95c790de84de14163e906664dfff917f1255cad48cb33a106c36bdc3199e75787025ee40169c7d61dc1e096943d1a5ab49b25494fc819eada2a9c7f6f9c564b860369c0dccc768a56443a1997fe6e8a5d846e21ef8f3dcf1aeb2a85fb692358f70dc3be9e560343a602a4c887aad830d014942c35258e585095313fc8d23afcd5e1abc1b41e1dae0b9dfcea09cca15bec8b615538782460e4360a713054111e4433bedf6031969