aisportal.mpo.cz

Issued by Thawte RSA CA 2018

About this certificate

This digital certificate with serial number 06:06:1c:22:d9:3c:1e:49:d0:85:1f:42:17:a8:57:21 was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=aisportal.mpo.cz

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 06:06:1c:22:d9:3c:1e:49:d0:85:1f:42:17:a8:57:21
Serial Number (int): 8007092424318057647994385277617985313
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: e4:c1:15:31:cf:52:f8:7f:a5:5e:a5:8d:ed:7f:3a:a2:4b:c8:11:2c
AuthorityKeyId: a3:c8:5e:65:54:e5:30:78:c1:05:ea:07:0a:6a:59:cc:b9:fe:de:5a

Fingerprint (sha1): 77:59:6b:7c:6d:e5:83:30:a8:63:9e:bf:5b:16:6d:2f:b0:69:a0:67
Fingerprint (sha256): 30:1b:19:80:50:c7:b5:36:d7:e7:dc:2f:94:fb:c0:9e:e4:9f:b2:cd:6a:36:08:d1:7b:3a:35:8e:ca:7f:50:dc

Issuing Certificate URL: http://cacerts.thawte.com/ThawteRSACA2018.crt

Revocation information

OCSP Server: http://status.thawte.com
CRL Distribution Point: http://cdp.thawte.com/ThawteRSACA2018.crl

Check the revocation status for certificate aisportal.mpo.cz

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for aisportal.mpo.cz

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

aisportal.mpo.cz
www.aisportal.mpo.cz

Other certificates including the domain name mpo.cz

(limited to 100 certificates)
druhotnasurovina.mpo.cz
druhotnasurovina.mpo.cz
adfs.mpo.cz
www.mpo.cz
miss.mpo.cz
trio.mpo.cz
cafe.mpo.cz
monitoring.mpo.cz
mis.mpo.cz
druhotnasurovina.mpo.cz
druhotnasurovina.cz
cafe.mpo.cz
registr.mpo.cz
druhotnasurovina.mpo.cz
monitoring.mpo.cz
monitoring.mpo.cz
foreigners.mpo.cz
aimapa.mpo.cz
vykazy.mpo.cz
activesync.mpo.cz
monitoring.mpo.cz
trio.mpo.cz
cafe.mpo.cz
aisportal.mpo.cz
adfs.mpo.cz
monitoring.mpo.cz
aisportal.mpo.cz
monitoring.mpo.cz
vykazy.mpo.cz
foreigners.mpo.cz
druhotnasurovina.mpo.cz
adfs.mpo.cz
foreigners.mpo.cz
druhotnasurovina.cz
ais.mpo.cz
blockchain.mpo.cz
www.mpo.gov.cz
druhotnasurovina.mpo.cz
trio.mpo.cz
aimapa.mpo.cz
druhotnasurovina.cz
mapi.mpo.cz
www.mpo.cz
monitoring.mpo.cz
registr.mpo.cz
mpo.cz
www.mpo.cz
foreigners.mpo.cz
cafe.mpo.cz
trios.mpo.cz
adfs.mpo.cz
foreigners.mpo.cz
foreigners.mpo.cz
cafe.mpo.cz
druhotnasurovina.mpo.cz
cafe.mpo.cz
foreigners.mpo.cz
miss.mpo.cz
autodiscover.mpo.cz
www.mpo.cz
ews.mpo.cz
druhotnasurovina.mpo.cz
aimapa.mpo.cz
trio.mpo.cz
monitoring.mpo.cz
trio.mpo.cz
monitoring.mpo.cz
druhotnasurovina.cz
elisportal.mpo.cz
druhotnasurovina.cz
vykazy.mpo.cz
monitoring.mpo.cz
foreigners.mpo.cz
miss.mpo.cz
spintra.mpo.cz
foreigners.mpo.cz
www.mpo.cz
druhotnasurovina.cz
mis.mpo.cz
druhotnasurovina.cz
druhotnasurovina.cz
homeoffice.mpo.cz
tip.mpo.cz
miss.mpo.cz
druhotnasurovina.cz
monitoring.mpo.cz
foreigners.mpo.cz
monitoring.mpo.cz
vykazy.mpo.cz
owa.mpo.cz
cafe.mpo.cz
cafe.mpo.cz
vykazy.mpo.cz
trio.mpo.cz
blockchain.mpo.cz
www.mpo.cz
druhotnasurovina.cz
monitoring.mpo.cz
forms.mpo.cz

Certificate

The complete raw certificate details for aisportal.mpo.cz in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHIzCCBgugAwIBAgIQBgYcItk8HknQhR9CF6hXITANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcN
MjIwNTI0MDAwMDAwWhcNMjMwNjE5MjM1OTU5WjAbMRkwFwYDVQQDExBhaXNwb3J0
YWwubXBvLmN6MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0VDG60/Z
PEue5YFtH/wlnzvijC5X2lYWTceomGVg6kcuzX4v/yWkfME5aWMKnGeeChKZFCB6
xzimH73cTdI1SKRrAGfmo6vVEXvn6V0InomjZ+sRB7ja2XA9hDjyZ4lV3lo96av1
PCOHA5XS1XU/9CLFoeL5wS19JH+CoafnOSDBulKkmXt0AoUg/MneV2E8YG73xD5n
MerBel0vxm0eOk/EhiRVubYWdBuvxvzMJu2ZzstWExt2h7mEy+Tn0zz7lsC6dnoQ
aq6poOw2WAj4bNfcvsI5SfjH2H7U6xLXgy+sJ05UVlPSUQBG1xJPmSewaXLm+y8v
Vl1Q2d5K6Fu2Jmv1cGUtl1GCfEfjPqyNui0/HB4lL0V0iJgOPtoRI2tp0ssNyBln
ZbZUjPb+en7rJz9fdz0trbKo28f3mBTInqjdJKxNLZ2uMM34S7o0Vw1Fn6xo23sV
MrcW06lFaJR2yPwRTdyQzky6efOp5aWCbi1c+0mzGEII70sZCMmy23jdACi2HE32
oVEelA6+DVmSMyj2V+cPyLgYyWiS/EEvXBFCMmVZyUElY8t7Sf7M4Dxu2x7jNV+v
fkgu8It9HjP08bViwSRBLbPLqx8JVsgtcxlhholsKMQbafnNKQDVkkIf6eszqqHT
wLtscNP4KPctt3KNeRTIWn3hOmsdtcql3o8CAwEAAaOCAyAwggMcMB8GA1UdIwQY
MBaAFKPIXmVU5TB4wQXqBwpqWcy5/t5aMB0GA1UdDgQWBBTkwRUxz1L4f6VepY3t
fzqiS8gRLDAxBgNVHREEKjAoghBhaXNwb3J0YWwubXBvLmN6ghR3d3cuYWlzcG9y
dGFsLm1wby5jejAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jZHAudGhhd3RlLmNv
bS9UaGF3dGVSU0FDQTIwMTguY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQIBMCkwJwYI
KwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBvBggrBgEFBQcB
AQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9zdGF0dXMudGhhd3RlLmNvbTA5Bggr
BgEFBQcwAoYtaHR0cDovL2NhY2VydHMudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIw
MTguY3J0MAkGA1UdEwQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AOg+
0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABgPZF5ioAAAQDAEcwRQIh
AKMV2AK6Ufu9U0WUzu3/WU8q22KPyZJZBbEFk0aGJvNCAiA2GCQEF2omb+YKQYTQ
Y5UABfi/H5/hYt/fgDFA3dKvxwB3ADXPGRu/sWxXvw+tTG1Cy7u2JyAmUeo/4Srv
qAPDO9ZMAAABgPZF5jcAAAQDAEgwRgIhAPqvc1wYU+IRm0ufhmw6q7A1aB/IdQkj
xYaKrpcngiTZAiEAt8barqC9pKROUG6giOB+pAeJiCru4pn6elRYEMpGy5cAdQCz
c3cH4YRQ+GOG1gWp3BEJSnktsWcMC4fc8AMOeTalmgAAAYD2ReZWAAAEAwBGMEQC
IGXJON7YgEwCVOH7P4sE0H7d+edq92OJ7Seopg0hJOLpAiBCUUnwxehGEhXNn/SJ
pf7FKCAgZb3OmZcc9N9fo6OsJjANBgkqhkiG9w0BAQsFAAOCAQEAUStdUqzRSEg9
4pJO0rLRDW8oxSSonqal36sHnNdu2wgyH++xvemsxg+nnqMjKLJW/S+PcViVGWOV
w7QCjrV7HZ8RWov35N+4FXjf7QHOLGcOpC8HNULM4ovec7JunSoHvcPH+pRyQBDi
KItLx3NpU/nmFQWeD01J/599KEJnYikILu4UKbQRjJSf4IW1KVqGIJTfAtJgmddE
nWfu+9ggDc70fw3SvLunIRIFxPe2QcUb8CteZyyu/QORpLu2MJQqbeFTMSb0J7kH
XeLLTanESzx8i6SOsw90t6fE/5QWAVFFvgpQwq8taEjH1TzGay+hgli6HBen8Wch
yYD/M06WKQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0VDG60/ZPEue5YFtH/wl
nzvijC5X2lYWTceomGVg6kcuzX4v/yWkfME5aWMKnGeeChKZFCB6xzimH73cTdI1
SKRrAGfmo6vVEXvn6V0InomjZ+sRB7ja2XA9hDjyZ4lV3lo96av1PCOHA5XS1XU/
9CLFoeL5wS19JH+CoafnOSDBulKkmXt0AoUg/MneV2E8YG73xD5nMerBel0vxm0e
Ok/EhiRVubYWdBuvxvzMJu2ZzstWExt2h7mEy+Tn0zz7lsC6dnoQaq6poOw2WAj4
bNfcvsI5SfjH2H7U6xLXgy+sJ05UVlPSUQBG1xJPmSewaXLm+y8vVl1Q2d5K6Fu2
Jmv1cGUtl1GCfEfjPqyNui0/HB4lL0V0iJgOPtoRI2tp0ssNyBlnZbZUjPb+en7r
Jz9fdz0trbKo28f3mBTInqjdJKxNLZ2uMM34S7o0Vw1Fn6xo23sVMrcW06lFaJR2
yPwRTdyQzky6efOp5aWCbi1c+0mzGEII70sZCMmy23jdACi2HE32oVEelA6+DVmS
Myj2V+cPyLgYyWiS/EEvXBFCMmVZyUElY8t7Sf7M4Dxu2x7jNV+vfkgu8It9HjP0
8bViwSRBLbPLqx8JVsgtcxlhholsKMQbafnNKQDVkkIf6eszqqHTwLtscNP4KPct
t3KNeRTIWn3hOmsdtcql3o8CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 8007092424318057647994385277617985313
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-05-24 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-06-19 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'aisportal.mpo.cz'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 853932881792056358957718966345979342639778328539308102116009404416722916391251551831683486160896142740606145839820003149390171641924911831954938603223231524845498358375769585199966212144717005280178913877608412830279701283148915809042572148049001552817749595680380145007758946486342867436022267333079661158233784245283953315584524480943357097452716194502717502105011972976417797939025159924132435200901193413911909281384396717198989500180666329083401435590952668752010268881005803104798051078853312330510311709851608204391111291909315897569505565027067645827236997499107060043929460649937756020507325810113565049433069205211649414358999434903043888484261171379001155936125666256343391307842411452786128331540341681393456475372167852996427116533386023253614944001507133757750524396593842488142523325264946268244516122936681481058074587841569889050116390062337876105413177210237500509535584433319707437152993711644511107331415605556303579878975534658999641554750401517574001321897873351420681037538578733665028708745124197063867769840777396936786842326979514641558722339781272761142342763679375818806126987765693270032966891236040926204151872845221239237741911125877689961453020295387077973554253255036002513996236947655743754996145807
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a3c85e6554e53078c105ea070a6a59ccb9fede5a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e4c11531cf52f87fa55ea58ded7f3aa24bc8112c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (42 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aisportal.mpo.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.aisportal.mpo.cz'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (51 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007600e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e00000180f645e62a0000040300473045022100a315d802ba51fbbd534594ceedff594f2adb628fc9925905b10593468626f342022036182404176a266fe60a4184d063950005f8bf1f9fe162dfdf803140ddd2afc700770035cf191bbfb16c57bf0fad4c6d42cbbbb627202651ea3fe12aefa803c33bd64c00000180f645e6370000040300483046022100faaf735c1853e2119b4b9f866c3aabb035681fc8750923c5868aae97278224d9022100b7c6daaea0bda4a44e506ea088e07ea40789882aeee299fa7a545810ca46cb97007500b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a00000180f645e6560000040300463044022065c938ded8804c0254e1fb3f8b04d07eddf9e76af76389ed27a8a60d2124e2e90220425149f0c5e8461215cd9ff489a5fec528202065bdce99971cf4df5fa3a3ac26
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00512b5d52acd148483de2924ed2b2d10d6f28c524a89ea6a5dfab079cd76edb08321fefb1bde9acc60fa79ea32328b256fd2f8f715895196395c3b4028eb57b1d9f115a8bf7e4dfb81578dfed01ce2c670ea42f073542cce28bde73b26e9d2a07bdc3c7fa94724010e2288b4bc7736953f9e615059e0f4d49ff9f7d2842676229082eee1429b4118c949fe085b5295a862094df02d26099d7449d67eefbd8200dcef47f0dd2bcbba7211205c4f7b641c51bf02b5e672caefd0391a4bbb630942a6de1533126f427b9075de2cb4da9c44b3c7c8ba48eb30f74b7a7c4ff9416015145be0a50c2af2d6848c7d53cc66b2fa18258ba1c17a7f16721c980ff334e9629