*.chrono.kpmg.com.br

Issued by RapidSSL Global TLS RSA4096 SHA256 2022 CA1

About this certificate

This digital certificate with serial number 03:99:3b:e0:1b:04:5f:e2:66:ce:73:ff:84:4c:2a:ae was issued on by DigiCert, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=*.chrono.kpmg.com.br

DigiCert, Inc.

Organization: DigiCert, Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:99:3b:e0:1b:04:5f:e2:66:ce:73:ff:84:4c:2a:ae
Serial Number (int): 4783319824346978659286015586148821678
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 17:b4:7a:e7:82:3b:0a:2a:f1:44:a8:b1:a4:77:1e:de:7b:1a:a0:30
AuthorityKeyId: f0:9c:85:fd:a2:9f:7d:8f:c9:68:bb:d5:d4:89:4d:1d:be:d3:90:ff

Fingerprint (sha1): c0:51:82:32:6e:6a:0f:1a:b1:dc:3d:62:c6:36:a6:f7:b3:aa:1b:75
Fingerprint (sha256): 2f:b5:b5:b8:34:d7:5a:1d:f6:48:0f:2c:3d:9b:79:d4:15:4c:dc:c3:e1:11:b0:02:8d:ce:1b:eb:f3:ea:87:96

Issuing Certificate URL: http://cacerts.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crl
CRL Distribution Point: http://crl4.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crl

Check the revocation status for certificate *.chrono.kpmg.com.br

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.chrono.kpmg.com.br

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.chrono.kpmg.com.br
chrono.kpmg.com.br

Other certificates including the domain name kpmg.com.br

(limited to 100 certificates)
*.leap.kpmg.com.br
akamaisecure8.qualtrics.com
csg.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
clix.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
kpmg.kpmg.com.br
sipfed.kpmg.com
ktax2.kpmg.com.br
kbs.kpmg.com.br
clientexperience.kpmg.com.br
kbs.kpmg.com.br
*.kpmg.com.br
clix.kpmg.com.br
tprm.kpmg.com.br
clientexperience.kpmg.com.br
clixtest.kpmg.com.br
clientexperience.kpmg.com.br
content.leap.kpmg.com.br
clientexperience.kpmg.com.br
content.leap.kpmg.com.br
sipfed.kpmg.com
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
*.plataformacentral.kpmg.com.br
*.gmsdigital.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
ktaxportal.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
executivesearch.kpmg.com.br
*.chrono.kpmg.com.br
sepbr.kpmg.com.br
tprm.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
tprm.kpmg.com.br
kpmg.com.br
intranet.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
*.tprm.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
sipfed.kpmg.com
clientexperience.kpmg.com.br
kpmg.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
*.prd.chrono.kpmg.com.br
*.ati.kpmg.com.br
kbs.kpmg.com.br
clientexperience.kpmg.com.br
kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
content.leap.kpmg.com.br
*.icmsst.kpmg.com.br
webservice.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
www.kpmg.com.br
kpmg.com.br
akamaisecure8.qualtrics.com
kpmg.com.br
oma.kpmg.com.br
beyond.kpmg.com.br
kpmg.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
kpmg.kpmg.com.br
akamaisecure8.qualtrics.com
*.taxdigital.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
sipfed-ema2.kpmg.com
clientexperience.kpmg.com.br
clixtest.kpmg.com.br
clientexperience.kpmg.com.br
ktax.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br

Certificate

The complete raw certificate details for *.chrono.kpmg.com.br in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGOzCCBCOgAwIBAgIQA5k74BsEX+JmznP/hEwqrjANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT
K1JhcGlkU1NMIEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN
MjIwNzA4MDAwMDAwWhcNMjMwNzA4MjM1OTU5WjAfMR0wGwYDVQQDDBQqLmNocm9u
by5rcG1nLmNvbS5icjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDf
Zu/2oE2ONSgtdiwmN8sYB4Qm4gh4GwUPsOphSDDGDIiVaHwZhtn/B1l8+wGFkTLD
lVoVXjPcOYNJRaiaoHEVRlahzGgoHgnkCw2gmDwtQ+vjjcDfOX7nH2AK0K7ouuXj
WYrplJZS0I5kvYJiBN5v8ldw8fdQecVgDiLj5W59M2ZK0nTIOEdgdx7FZBja9BI6
03pn32ekuJpnii9mpHZR2A+iZOv+3ujHvIJoNfAa6XXb+8UhjmjjYebhMZPiLmhW
hs9ILd1D7XrCZ4yvvvrg7JDwEJ0qeccAHBDabygnHedAPNyAPtkPeC1ZOMdLJZBF
2QTT6ehX4lFAtuA/QI0CAwEAAaOCAjQwggIwMB8GA1UdIwQYMBaAFPCchf2in32P
yWi71dSJTR2+05D/MB0GA1UdDgQWBBQXtHrngjsKKvFEqLGkdx7eexqgMDAzBgNV
HREELDAqghQqLmNocm9uby5rcG1nLmNvbS5icoISY2hyb25vLmtwbWcuY29tLmJy
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
gZ8GA1UdHwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL1Jh
cGlkU1NMR2xvYmFsVExTUlNBNDA5NlNIQTI1NjIwMjJDQTEuY3JsMEigRqBEhkJo
dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vUmFwaWRTU0xHbG9iYWxUTFNSU0E0MDk2
U0hBMjU2MjAyMkNBMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgEwKTAnBggrBgEF
BQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGHBggrBgEFBQcBAQR7
MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEF
BQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL1JhcGlkU1NMR2xvYmFs
VExTUlNBNDA5NlNIQTI1NjIwMjJDQTEuY3J0MAkGA1UdEwQCMAAwEwYKKwYBBAHW
eQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggIBAFzgXohHYcsWKJOLfXYLmNIi
M1EdBUZugMj5FcO2Bkn7lURsmk/VeUs0eWP/Bchz3pFKv6MHLa6oyUD1xFJoECYM
tseplYV9hpMXagA01PUXmJWMr+P4w9EF/F23d/CRw2zh5MfD73muDQOAW9NtuNkX
YbMmstRKe1b0QRUxTzDi6qVbSAi3PrB69mHXyVLJcW3M8I3CF+BzaSeD25OzZLWp
mHBrji946v05RMj+M6ObCT3qR/q/EpDR+nQkhCvWrNgw/GVOnZhUYq/hM3g6W/y1
qJzuVcLp+yfkTbPu0+czPKZqpsknpeteo2AEZB26IEsn/XUJc033R2bOXfTwqwyI
JwHyYT1uMv1s962YI5Z3nMCSkfQI+bkFr7h3dE6ozaFd4XHdCIZXvtreg9CnbYVB
R6CDbu156+KMr5geJnIBrfd7CUh+hcJDEilS5Yab6eVE6IWeHfXhCC9ulZXa7549
gInEM1GDoa+8HWjQn7LhqD62Ba+5i210TM/15Fys5PWwJIjNWEChVxHTNmpV4YIs
jCdEXR4jApKA98ApX4ar+blSRWfDxpejPFc9N+s3/hMlNsbNIE5w2HZJYdfXEVUT
iELn7te1tn+s1OZf6uAZplzawzb1LU2bXfawQpFCSrrxQzkJNj19fnD/lSxEWeSE
LZNgsCBka3aDi+/On3nw
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoN9m7/agTY41KC12LCY3
yxgHhCbiCHgbBQ+w6mFIMMYMiJVofBmG2f8HWXz7AYWRMsOVWhVeM9w5g0lFqJqg
cRVGVqHMaCgeCeQLDaCYPC1D6+ONwN85fucfYArQrui65eNZiumUllLQjmS9gmIE
3m/yV3Dx91B5xWAOIuPlbn0zZkrSdMg4R2B3HsVkGNr0EjrTemffZ6S4mmeKL2ak
dlHYD6Jk6/7e6Me8gmg18Brpddv7xSGOaONh5uExk+IuaFaGz0gt3UPtesJnjK++
+uDskPAQnSp5xwAcENpvKCcd50A83IA+2Q94LVk4x0slkEXZBNPp6FfiUUC24D9A
jQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 4783319824346978659286015586148821678
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'RapidSSL Global TLS RSA4096 SHA256 2022 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-07-08 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-07-08 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.chrono.kpmg.com.br'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20308292475467871131414409629334868690655732587531665878580869759036173086288173772515863455816580240855355312720575642199801880710069845204728276275904501165943165636754924940425187131013264470857924839166621121299132637023669835829679400244224613359248051439538207633837449495116908041629262445425672556036700713626812108910314264283999108954331469276642062767831192905727889172708352734845906401028619930820015240564724745422431091161288330116037519761556972127535533782966757985664340895402907755687841825777119254728180955045978262974138129645524123928069210222485607136115418112463487430701019405742757210177677
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f09c85fda29f7d8fc968bbd5d4894d1dbed390ff
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							17b47ae7823b0a2af144a8b1a4771ede7b1aa030
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.chrono.kpmg.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'chrono.kpmg.com.br'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		005ce05e884761cb1628938b7d760b98d22233511d05466e80c8f915c3b60649fb95446c9a4fd5794b347963ff05c873de914abfa3072daea8c940f5c4526810260cb6c7a995857d8693176a0034d4f51798958cafe3f8c3d105fc5db777f091c36ce1e4c7c3ef79ae0d03805bd36db8d91761b326b2d44a7b56f44115314f30e2eaa55b4808b73eb07af661d7c952c9716dccf08dc217e073692783db93b364b5a998706b8e2f78eafd3944c8fe33a39b093dea47fabf1290d1fa7424842bd6acd830fc654e9d985462afe133783a5bfcb5a89cee55c2e9fb27e44db3eed3e7333ca66aa6c927a5eb5ea36004641dba204b27fd7509734df74766ce5df4f0ab0c882701f2613d6e32fd6cf7ad982396779cc09291f408f9b905afb877744ea8cda15de171dd088657bedade83d0a76d854147a0836eed79ebe28caf981e267201adf77b09487e85c243122952e5869be9e544e8859e1df5e1082f6e9595daef9e3d8089c4335183a1afbc1d68d09fb2e1a83eb605afb98b6d744ccff5e45cace4f5b02488cd5840a15711d3366a55e1822c8c27445d1e23029280f7c0295f86abf9b9524567c3c697a33c573d37eb37fe132536c6cd204e70d8764961d7d71155138842e7eed7b5b67facd4e65feae019a65cdac336f52d4d9b5df6b04291424abaf1433909363d7d7e70ff952c4459e4842d9360b020646b76838befce9f79f0