webmail.karkkainen.com

- Kärkkäinen Oy -

Issued by GeoTrust RSA CA 2018

About this certificate

This digital certificate with serial number 04:e0:bc:44:1a:50:fa:41:e9:83:f5:90:a6:b9:cd:63 was issued on by DigiCert Inc.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Kärkkäinen Oy

Organization: Kärkkäinen Oy
Locality: Ylivieska
Country: FI

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:e0:bc:44:1a:50:fa:41:e9:83:f5:90:a6:b9:cd:63
Serial Number (int): 6483804968116508492830504820749749603
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 3c:91:b0:69:e6:21:fe:57:f6:c5:90:99:85:fa:11:45:5a:46:4b:d9
AuthorityKeyId: 90:58:ff:b0:9c:75:a8:51:54:77:b1:ed:f2:a3:43:16:38:9e:6c:c5

Fingerprint (sha1): 74:81:b0:30:d1:11:c7:90:a3:35:75:9d:e4:d3:a2:d6:6f:45:12:ee
Fingerprint (sha256): 30:98:8c:88:77:18:ba:55:ae:04:5a:4f:18:b0:bf:c1:fc:f3:c7:38:2d:c2:2d:b8:07:af:8f:ff:98:15:8c:9a

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustRSACA2018.crl

Check the revocation status for certificate webmail.karkkainen.com

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for webmail.karkkainen.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

webmail.karkkainen.com
autodiscover.karkkainen.com
mail.karkkainen.com
smtp.karkkainen.com

Other certificates including the domain name karkkainen.com

(limited to 100 certificates)
fw.karkkainen.com
kuvat.karkkainen.com
kuvat.karkkainen.com
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
kone.karkkainen.com
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
lehti.karkkainen.com
lehti.karkkainen.com
s3-san.cloudinary.com
fw.karkkainen.com
autohuolto.karkkainen.com
s3-cloudinary-pin.map.fastly.net
s3-san.cloudinary.com
lehti.karkkainen.com
s3-san.cloudinary.com
s3-san.cloudinary.com
s3-cloudinary-pin.map.fastly.net
arvonta.karkkainen.com
s3-san.cloudinary.com
webmail.karkkainen.com
s3-cloudinary-pin.map.fastly.net
*.karkkainen.com
*.karkkainen.com
lahjakortti.karkkainen.com
kuvat.karkkainen.com
s3-san.cloudinary.com
yritysmyynti.karkkainen.com
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
s3-san.cloudinary.com
s3-cloudinary-pin.map.fastly.net
*.karkkainen.com
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
a.hwstatic.com
tuki.karkkainen.com
tuki.karkkainen.com
s3-san.cloudinary.com
lehti.karkkainen.com
kuvat.karkkainen.com
s3-san.cloudinary.com
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
s3-san.cloudinary.com
s3-san.cloudinary.com
s3-san.cloudinary.com
fw.karkkainen.com
kuvat.karkkainen.com
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
s3-san.cloudinary.com
s3-san.cloudinary.com
s3-san.cloudinary.com
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
*.karkkainen.com
kuvat.karkkainen.com
*.karkkainen.com
s3-cloudinary-pin.map.fastly.net
link.uutiskirje.karkkainen.com
s3-cloudinary-pin.map.fastly.net
webmail.karkkainen.com
webmail.karkkainen.com
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
s3-san.cloudinary.com
s3-cloudinary-pin.map.fastly.net
s3-san.cloudinary.com
lehti.karkkainen.com
link.uutiskirje.karkkainen.com
s3-san.cloudinary.com
s3-cloudinary-pin.map.fastly.net
lehti.karkkainen.com
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
*.karkkainen.com
s3-cloudinary-pin.map.fastly.net
s3-san.cloudinary.com
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
a.hwstatic.com
yritysmyynti.karkkainen.com
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
s3-cloudinary-pin.map.fastly.net
arvonta.karkkainen.com
s3-san.cloudinary.com
s3-cloudinary-pin.map.fastly.net
tuki.karkkainen.com
s3-san.cloudinary.com
s3-cloudinary-pin.map.fastly.net

Certificate

The complete raw certificate details for webmail.karkkainen.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGtjCCBZ6gAwIBAgIQBOC8RBpQ+kHpg/WQprnNYzANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe
Fw0yMDAzMTcwMDAwMDBaFw0yMjA0MTIxMjAwMDBaMFwxCzAJBgNVBAYTAkZJMRIw
EAYDVQQHEwlZbGl2aWVza2ExGDAWBgNVBAoMD0vDpHJra8OkaW5lbiBPeTEfMB0G
A1UEAxMWd2VibWFpbC5rYXJra2FpbmVuLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPO/APlthT9yiCMnnuc+NF0cfnW7YTrZFNxkyqCzw+39Xuke
0m5+hXVffe1zu2iMtKqEG2pnMrN4uyGeAgYXk3uUfbzBlG+7dDijxup3RAvVpbJ3
+x6Jt9tcAnfhBBt33assO9wNgB8i8uejApCG9qiIl2doyeaK/ajelMx+4f3facW9
FSvSPvlx9lwe9LnOV3vR24dJVde72fitQxCZk+2eDXg2VH04dV2+MwxwCgA/xv5w
ZM1hXOthiB24IwndzN8mOPv4+TA41Nj6onZ3/BLrkjSh/uWCleidRYPbkX9H+X1v
pUHOrV8brgjxo/ynBNpXtzPn7w1yMfuHEQNgMp8CAwEAAaOCA3AwggNsMB8GA1Ud
IwQYMBaAFJBY/7CcdahRVHex7fKjQxY4nmzFMB0GA1UdDgQWBBQ8kbBp5iH+V/bF
kJmF+hFFWkZL2TBoBgNVHREEYTBfghZ3ZWJtYWlsLmthcmtrYWluZW4uY29tghth
dXRvZGlzY292ZXIua2Fya2thaW5lbi5jb22CE21haWwua2Fya2thaW5lbi5jb22C
E3NtdHAua2Fya2thaW5lbi5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vY2Rw
Lmdlb3RydXN0LmNvbS9HZW9UcnVzdFJTQUNBMjAxOC5jcmwwTAYDVR0gBEUwQzA3
BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQu
Y29tL0NQUzAIBgZngQwBAgIwdQYIKwYBBQUHAQEEaTBnMCYGCCsGAQUFBzABhhpo
dHRwOi8vc3RhdHVzLmdlb3RydXN0LmNvbTA9BggrBgEFBQcwAoYxaHR0cDovL2Nh
Y2VydHMuZ2VvdHJ1c3QuY29tL0dlb1RydXN0UlNBQ0EyMDE4LmNydDAMBgNVHRMB
Af8EAjAAMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQC72d+8H4pxtZOUI5eq
kntHOFeVCqtS6BqQlmQ2jh7RhQAAAXDonYzuAAAEAwBGMEQCIGdGHVvhIhhXGV2a
Ps0B7rwcteGnwLY4Yz1XqdWNMqfzAiA+8j4CI5aaAYDXBjDmrBzwUsLBd51Cnb/U
5aY4pqTgbQB2ACJFRQdZVSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABcOid
jSAAAAQDAEcwRQIgfo4Fg4S4A9Ub5U+BbTMKYAumE2cIZanPK8eINtp8ResCIQCv
yXCK/6fdQjFd8JciaQxj+6xYX4jx3lU4B32YdqHJVAB1AFGjsPX9AXmcVm24N3iP
DKR6zBsny/eeiEKaDf7UiwXlAAABcOidjUEAAAQDAEYwRAIgCP40Ib0M48VhDwpn
HpqToAY7w1sOuE9s6QM+j85KXAACIHtKSNGD/kGuCXDz191rZtiOCjlqMTWSs1Wi
qkD86QpnMA0GCSqGSIb3DQEBCwUAA4IBAQCxQO3aoPaEjs2q1nqQYaKoApe6fgWh
siRSd7XOv7Nlloj0559CVxwgGZhV5t+Rxi7REQtx3xYTYr2l5HCKFPN3IVy80i90
S5dLACQFVrnMId9CV8qvRImdKXEkavuXCwqCuGiO1dwOjr1PKi1zHEgUn3pdHyJF
RYhlOcDk2j/7UpUz8Cwz6z34Dn7hftWvjVOYlSz9lRTE/ZG6i8D9SnmS6VEZY1NR
3q/Z6ti1o49xe20HMQxRSNeCrGQOjnAVPLo/lJJLXIhN3YEgxkDRvQ+d0ychb9z6
AFHauvNl/QsPdpmnVcXaM8E6Hr2esnjY3LWctN2QES5yiLytxkpkJVtA
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA878A+W2FP3KIIyee5z40
XRx+dbthOtkU3GTKoLPD7f1e6R7Sbn6FdV997XO7aIy0qoQbamcys3i7IZ4CBheT
e5R9vMGUb7t0OKPG6ndEC9Wlsnf7Hom321wCd+EEG3fdqyw73A2AHyLy56MCkIb2
qIiXZ2jJ5or9qN6UzH7h/d9pxb0VK9I++XH2XB70uc5Xe9Hbh0lV17vZ+K1DEJmT
7Z4NeDZUfTh1Xb4zDHAKAD/G/nBkzWFc62GIHbgjCd3M3yY4+/j5MDjU2Pqidnf8
EuuSNKH+5YKV6J1Fg9uRf0f5fW+lQc6tXxuuCPGj/KcE2le3M+fvDXIx+4cRA2Ay
nwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 6483804968116508492830504820749749603
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-17 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-04-12 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ylivieska'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Kärkkäinen Oy'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'webmail.karkkainen.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30770095593889999809991240730923981178533380593200357361850796688041531226729409736139205347858727815210631070673622686898575101069554583954418474164216455545079304407236383985963930950834732920798997315381798855157779285140297797475376087007767242416123656470411144303834776502617630376294856598987439910021346114419469352980342842863950573297797160121027139614785657965283543720390953001025918587138776622836548872285476882841817397956971831153084899501737947923607067661652010098968915338020503313278751853998205684796558650777146772760027899202264864588232230359627196915705080447374384474150220039693697405694623
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9058ffb09c75a8515477b1edf2a34316389e6cc5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3c91b069e621fe57f6c5909985fa11455a464bd9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (97 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webmail.karkkainen.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.karkkainen.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mail.karkkainen.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'smtp.karkkainen.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes)
							0166007500bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000170e89d8cee0000040300463044022067461d5be1221857195d9a3ecd01eebc1cb5e1a7c0b638633d57a9d58d32a7f302203ef23e0223969a0180d70630e6ac1cf052c2c1779d429dbfd4e5a638a6a4e06d0076002245450759552456963fa12ff1f76d86e0232663adc04b7f5dc6835c6ee20f0200000170e89d8d20000004030047304502207e8e058384b803d51be54f816d330a600ba613670865a9cf2bc78836da7c45eb022100afc9708affa7dd42315df09722690c63fbac585f88f1de5538077d9876a1c95400750051a3b0f5fd01799c566db837788f0ca47acc1b27cbf79e88429a0dfed48b05e500000170e89d8d410000040300463044022008fe3421bd0ce3c5610f0a671e9a93a0063bc35b0eb84f6ce9033e8fce4a5c0002207b4a48d183fe41ae0970f3d7dd6b66d88e0a396a313592b355a2aa40fce90a67
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b140eddaa0f6848ecdaad67a9061a2a80297ba7e05a1b2245277b5cebfb3659688f4e79f42571c20199855e6df91c62ed1110b71df161362bda5e4708a14f377215cbcd22f744b974b00240556b9cc21df4257caaf44899d2971246afb970b0a82b8688ed5dc0e8ebd4f2a2d731c48149f7a5d1f224545886539c0e4da3ffb529533f02c33eb3df80e7ee17ed5af8d5398952cfd9514c4fd91ba8bc0fd4a7992e95119635351deafd9ead8b5a38f717b6d07310c5148d782ac640e8e70153cba3f94924b5c884ddd8120c640d1bd0f9dd327216fdcfa0051dabaf365fd0b0f7699a755c5da33c13a1ebd9eb278d8dcb59cb4dd90112e7288bcadc64a64255b40