www.ricaud.com

Issued by GlobalSign Domain Validation CA - SHA256 - G2

About this certificate

This digital certificate with serial number 5c:bf:06:6f:f8:06:f7:70:e9:a5:da:c3 was issued on by GlobalSign nv-sa.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=www.ricaud.com,OU=Domain Control Validated,C=FR

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 5c:bf:06:6f:f8:06:f7:70:e9:a5:da:c3
Serial Number (int): 28703556134769874130274998979
Serial Number lenght: 95 bits, 12 octets

SubjectKeyId: 0b:7a:5b:e0:88:47:ef:98:d7:74:a8:94:82:9d:bb:2e:20:a6:38:5d
AuthorityKeyId: ea:4e:7c:d4:80:2d:e5:15:81:86:26:8c:82:6d:c0:98:a4:cf:97:0f

Fingerprint (sha1): cf:b6:08:55:19:a0:15:03:24:5b:0a:c7:80:e1:64:c0:bd:57:16:dd
Fingerprint (sha256): 30:00:29:4a:b2:cf:66:35:a8:88:6a:22:22:46:97:01:5d:0b:9b:5d:c5:8b:c3:00:c6:58:3c:73:e1:39:1e:b4

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsdomainvalsha2g2r1.crt

Revocation information

OCSP Server: http://ocsp2.globalsign.com/gsdomainvalsha2g2
CRL Distribution Point: http://crl.globalsign.com/gs/gsdomainvalsha2g2.crl

Check the revocation status for certificate www.ricaud.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.ricaud.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.ricaud.com
ricaud.com

Other certificates including the domain name ricaud.com

(limited to 100 certificates)
secure01.lithium.com
livedatainstant.ricaud.com
workbench-www.ricaud.com
livedatainstant.ricaud.com
services.yves-rocher.com
secure10.lithium.com
secure01.stage.lithium.com
secure01.lithium.com
www.ricaud.com
assets.ricaud.com
secure10.lithium.com
incapsula.com
secure10.lithium.com
secure01.stage.lithium.com
www.ricaud.com
secure01.stage.lithium.com
staging-www.ricaud.com
www.yves-rocher.com
survey.yves-rocher.fr
secure10.lithium.com
secure01.lithium.com
secure01.lithium.com
www.ricaud.com
contrib-www.ricaud.com
secure10.lithium.com
www.ricaud.com
secure01.lithium.com
www.ricaud.com
www.yves-rocher.com
secure10.lithium.com
secure01.stage.lithium.com
www.ricaud.com
assets.ricaud.com
workbench-www.ricaud.com
imperva.com
www.ricaud.com
secure01.stage.lithium.com
secure10.lithium.com
mo.ricaud.com
secure01.lithium.com
secure10.lithium.com
secure01.stage.lithium.com
secure-vpci.ricaud.com
secure10.lithium.com
incapsula.com
survey.yves-rocher.fr
workbench-www.ricaud.com
secure10.lithium.com
secure10.lithium.com
www.ricaud.com
incapsula.com
secure01.lithium.com
secure01.stage.lithium.com
survey.yves-rocher.fr
secure10.lithium.com
www-npe.yves-rocher.com
incapsula.com
secure10.lithium.com
secure10.lithium.com
survey.yves-rocher.fr
workbench-www.ricaud.com
incapsula.com
secure10.lithium.com
secure01.stage.lithium.com
www.ricaud.com
incapsula.com
workbench-www.ricaud.com
mo.ricaud.com
secure01.stage.lithium.com
secure01.stage.lithium.com
workbench-www.ricaud.com
secure01.stage.lithium.com
www-npe.yves-rocher.com
secure10.lithium.com
secure01.stage.lithium.com
secure10.lithium.com
www.yves-rocher.com
secure10.lithium.com
secure01.stage.lithium.com
secure01.stage.lithium.com
t.nl.yves-rocher.de
secure01.stage.lithium.com
incapsula.com
survey.yves-rocher.fr
imperva.com
www.ricaud.com
secure01.stage.lithium.com
contrib-www.ricaud.com
contrib-www.ricaud.com
secure01.stage.lithium.com
t.nl.yves-rocher.de
push.ricaud.com
secure10.lithium.com
secure01.stage.lithium.com
secure01.stage.lithium.com
secure01.lithium.com
secure-vpci.ricaud.com
secure01.stage.lithium.com
secure01.stage.lithium.com
secure01.stage.lithium.com

Certificate

The complete raw certificate details for www.ricaud.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHezCCBmOgAwIBAgIMXL8Gb/gG93DppdrDMA0GCSqGSIb3DQEBCwUAMGAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H
bG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN
MTYxMDEzMTIwNjE3WhcNMTcxMDE5MTM1MzAzWjBJMQswCQYDVQQGEwJGUjEhMB8G
A1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRcwFQYDVQQDEw53d3cucmlj
YXVkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMrH2PjGxWyP
WKgffPNruSG6dCrr7A5HL5RIZrPYMug4sL3eyHozVa0FqRK3G17in5fYqoPX8YEY
ebeXQN05asj4ZzmXiq/IDtWO2Ttfa0uOTBwZQwjaXacqHzLXibHgkQDnntISmAjd
LYjf61rvob3MIrlna1snu2WBFmPLXmI8r5PCrEcahJRs0fuqrxsEUWKhQVVaFWN1
rLFK82Ap9GzCMDvmjXsPqKzBnjEM8mo3WfWOYEoB0qe+tmIElD70jQg0GXpYGME7
ATf0oMQOzlz3kgsWMSTP9X8j/G7UZtcAn2V9kSZ7C+/y0Uj4jTovhBcwa6sup4HD
JBtT7TXaJi8CAwEAAaOCBEowggRGMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUH
AQEEgYcwgYQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5j
b20vY2FjZXJ0L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1o
dHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYD
VR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cu
Z2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAw
QwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9n
c2RvbWFpbnZhbHNoYTJnMi5jcmwwJQYDVR0RBB4wHIIOd3d3LnJpY2F1ZC5jb22C
CnJpY2F1ZC5jb20wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1Ud
DgQWBBQLelvgiEfvmNd0qJSCnbsuIKY4XTAfBgNVHSMEGDAWgBTqTnzUgC3lFYGG
JoyCbcCYpM+XDzCCAm0GCisGAQQB1nkCBAIEggJdBIICWQJXAHUAVhQGmi/XwuzT
9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFXve+Y3wAABAMARjBEAiAJ8OL+P+My
7ZS6yY8ee6WcEtI2clZq1cxUxwROV9gDtwIgGxsgPLNFSXKK5N5iZ8fmq/jxpxfx
vUJG6ktWppPohs8AdgDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAA
AVe975qcAAAEAwBHMEUCIEHYclnx5w9bOsvZty5SIQtLc55w1XJCgAXXLGbde/Hu
AiEA+5Z9ACjkAu+qc6s1gqwzlqtS29Ic+ZmnWWDO5IleOjoAdgCkuQmQtBhYFIe7
E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVe975m0AAAEAwBHMEUCIDlvWIONzM9k
9Wkah5J9SupQzhh8YB4N1bMfX6juNMfIAiEAhp6TNIdJVK8uhaa+GxX1B0yFgk60
L7akV/7nnUjDhBIAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAA
AVe975puAAAEAwBHMEUCIQC6+nJxziNw51SrjUUOMb1gm3BaVV3KKzKJqAE84myy
iAIgYN0/K+nZsJGC7tQsaqNUV8GnzwPZuXqKwfW9d3dCyAcAdgDuS723dc5guuFC
aR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVe9753uAAAEAwBHMEUCIGPFcXzzZQwP
VVClQ8zKf3DFthdO0AmanXfcoZHIT2W9AiEAgT7rg3U/3KTFhIg2/6wyLJEPdQ4c
iFwL/AlTj+MxR0kwDQYJKoZIhvcNAQELBQADggEBAGk6lh+afkTHuQnmZ2WtT4Uu
pj888n3QD8k+IDmp2YF8CS8GjLhsmuQ9UzjovMOV5NSsyrM3/89qqTn6v+1DndXB
7+a5AFptAsUjrK8HSrEt4mseEHD7jX+6pbTpJjEaVOMACYwcys/UliY0QF09lkwI
aa3Lq43ofWd8bndR7pcEYTUUSKJSAP7zFz4/R9LxTo/rD7zhbMjWGGFI+qzMNOiW
zfodN2qiXCYw4CRhxbXUAExtOMWlzJJgcWcFefdGtq23PbZhKwEgpaaZLysVt1tb
LG6Idv61OIWXyzfRrx0W5iVIuJX1CXnypT2N/r4vwZlj9WXIP1yaIpQkYZaqH90=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysfY+MbFbI9YqB9882u5
Ibp0KuvsDkcvlEhms9gy6Diwvd7IejNVrQWpErcbXuKfl9iqg9fxgRh5t5dA3Tlq
yPhnOZeKr8gO1Y7ZO19rS45MHBlDCNpdpyofMteJseCRAOee0hKYCN0tiN/rWu+h
vcwiuWdrWye7ZYEWY8teYjyvk8KsRxqElGzR+6qvGwRRYqFBVVoVY3WssUrzYCn0
bMIwO+aNew+orMGeMQzyajdZ9Y5gSgHSp762YgSUPvSNCDQZelgYwTsBN/SgxA7O
XPeSCxYxJM/1fyP8btRm1wCfZX2RJnsL7/LRSPiNOi+EFzBrqy6ngcMkG1PtNdom
LwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 28703556134769874130274998979
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign Domain Validation CA - SHA256 - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-10-13 12:06:17 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-10-19 13:53:03 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Domain Control Validated'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.ricaud.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25598686101042755830514235399017589820226053601402333097156593802542876588425088983039572540973717069714648097216824645814752824014899204388230758490592077036145192329211667682005330286263214345011706865329855644707740941974079060647764233243799522505412851623437997890801699077121085079646717358104194221059027261966386404634211566647072499470152824831658747569885690949463542428481493959720380450181463835960118345362053069287669450652034187132570795522623818164785452925404228835744607375213998628085134254548659232258899917873912610709707199628392236548466955453196365800287119996019376758499908674712820768187951
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsdomainvalsha2g2r1.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsdomainvalsha2g2'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.10 (globalsignDVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (60 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gs/gsdomainvalsha2g2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ricaud.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ricaud.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							0b7a5be08847ef98d774a894829dbb2e20a6385d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ea4e7cd4802de5158186268c826dc098a4cf970f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (605 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (601 bytes)
							02570075005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd00000157bdef98df0000040300463044022009f0e2fe3fe332ed94bac98f1e7ba59c12d23672566ad5cc54c7044e57d803b702201b1b203cb34549728ae4de6267c7e6abf8f1a717f1bd4246ea4b56a693e886cf007600ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc00000157bdef9a9c0000040300473045022041d87259f1e70f5b3acbd9b72e52210b4b739e70d572428005d72c66dd7bf1ee022100fb967d0028e402efaa73ab3582ac3396ab52dbd21cf999a75960cee4895e3a3a007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000157bdef99b400000403004730450220396f58838dcccf64f5691a87927d4aea50ce187c601e0dd5b31f5fa8ee34c7c8022100869e9334874954af2e85a6be1b15f5074c85824eb42fb6a457fee79d48c3841200760068f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc400000157bdef9a6e0000040300473045022100bafa7271ce2370e754ab8d450e31bd609b705a555dca2b3289a8013ce26cb288022060dd3f2be9d9b09182eed42c6aa35457c1a7cf03d9b97a8ac1f5bd777742c807007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb00000157bdef9dee0000040300473045022063c5717cf3650c0f5550a543ccca7f70c5b6174ed0099a9d77dca191c84f65bd022100813eeb83753fdca4c5848836ffac322c910f750e1c885c0bfc09538fe3314749
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00693a961f9a7e44c7b909e66765ad4f852ea63f3cf27dd00fc93e2039a9d9817c092f068cb86c9ae43d5338e8bcc395e4d4accab337ffcf6aa939fabfed439dd5c1efe6b9005a6d02c523acaf074ab12de26b1e1070fb8d7fbaa5b4e926311a54e300098c1ccacfd4962634405d3d964c0869adcbab8de87d677c6e7751ee970461351448a25200fef3173e3f47d2f14e8feb0fbce16cc8d6186148faaccc34e896cdfa1d376aa25c2630e02461c5b5d4004c6d38c5a5cc926071670579f746b6adb73db6612b0120a5a6992f2b15b75b5b2c6e8876feb5388597cb37d1af1d16e62548b895f50979f2a53d8dfebe2fc19963f565c83f5c9a2294246196aa1fdd