iso-mtls.ica.cardif.api.staging.bnpparibas

- BNP PARIBAS SA -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 01:a8:06:01:42:3b:fa:62:3d:fa:18:43:68:93:00:27 was issued on by Entrust, Inc..

With 5 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

BNP PARIBAS SA

Organization: BNP PARIBAS SA
Locality: Montreuil
Country: FR

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 01:a8:06:01:42:3b:fa:62:3d:fa:18:43:68:93:00:27
Serial Number (int): 2201655662203071014217394670911291431
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: 5f:a9:a3:c0:f8:8a:0f:de:32:12:30:8b:e7:0f:89:a6:a6:ff:50:63
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): f4:19:90:64:92:87:08:c8:48:e5:59:af:e4:80:ce:ce:db:c9:ca:94
Fingerprint (sha256): 30:ee:4b:f0:7c:c0:12:27:d9:e8:9a:56:39:d3:a8:1f:e0:b4:c6:6c:47:7e:28:94:9c:1d:f9:19:8f:52:16:59

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate iso-mtls.ica.cardif.api.staging.bnpparibas

5

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for iso-mtls.ica.cardif.api.staging.bnpparibas

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

iso-mtls.ica.cardif.api.staging.bnpparibas
icare.cardif.api.staging.bnpparibas
api.uat-pf.icare-service.com
api.uat-dig.icare-service.com
api.uat.icare-service.com

Other certificates including the domain name staging.bnpparibas

(limited to 100 certificates)
bnp05s.bnpparibas.com
bnp19b.bnpparibas.com
bnp23b.bnpparibas.com
c00f0c4675b91fb8b918e4079a0b1bac1.bnpparibas.com
bnp09s.bnpparibas.com
fr-pub.cardif.api.staging.bnpparibas
bnp19b.bnpparibas.com
iso-mtls.at.cardif.api.staging.bnpparibas
bnp09s.bnpparibas.com
bnp08s.bnpparibas.com
collect-bnl-test.staging.bnpparibas
bnppf-collect.staging.bnpparibas
neobonds.staging.bnpparibas
bnp08s.bnpparibas.com
bnp18b.bnpparibas.com
bnp09s.bnpparibas.com
webfactory.am.staging.bnpparibas
bnp05s.bnpparibas.com
transferflow.ere.staging.bnpparibas
gedoc.staging.bnpparibas
bnp08b.bnpparibas.com
bnp19b.bnpparibas.com
bnp08s.bnpparibas.com
bnp10s.bnpparibas.com
bnp09s.bnpparibas.com
ig.api.staging.bnpparibas
em-noba-mortgage-no-ogc.cardif.api.staging.bnpparibas
f17aaabc20bfe045075927934fed52d21.bnpparibas.com
bnp17b.bnpparibas.com
bnp08s.bnpparibas.com
bnp09s.bnpparibas.com
banqueentreprise.staging.bnpparibas
api-psd2.bddf.staging.bnpparibas
fund-administration.uat.staging.bnpparibas
bnp18b.bnpparibas.com
bnp09s.bnpparibas.com
bnp10s.bnpparibas.com
c00f0c4675b91fb8b918e4079a0b1bac1.bnpparibas.com
bnp05s.bnpparibas.com
bnp08s.bnpparibas.com
bnp10s.bnpparibas.com
bnp10s.bnpparibas.com
bnp08s.bnpparibas.com
boomi-factoring.staging.bnpparibas
bnp22b.bnpparibas.com
api-nav.sandbox.bddf.staging.bnpparibas
bnp21b.bnpparibas.com
gedoc.staging.bnpparibas
bnp08s.bnpparibas.com
bnp08s.bnpparibas.com
bnp09s.bnpparibas.com
bnp06s.bnpparibas.com
bnp08b.bnpparibas.com
bnp19b.bnpparibas.com
bnp08s.bnpparibas.com
bnp05s.bnpparibas.com
packages.staging.bnpparibas-am.com
bnp05s.bnpparibas.com
bnp18b.bnpparibas.com
bnp21b.bnpparibas.com
login01.extidp.staging.bnpparibas
collect-bnl-test.staging.bnpparibas
collect-bnl-test.staging.bnpparibas
monepargne.ere.staging.bnpparibas
bnp09s.bnpparibas.com
bcef-dgi-collection.staging.bnpparibas
bnp08s.bnpparibas.com
boomi-factoring.staging.bnpparibas
bnp10s.bnpparibas.com
bnp08s.bnpparibas.com
collect-dmit.staging.bnpparibas
bnp08s.bnpparibas.com
gedoc.staging.bnpparibas
api.bddf.staging.bnpparibas
bnp19b.bnpparibas.com
bnp08s.bnpparibas.com
bnp08s.bnpparibas.com
tls.octapi.bgl.api.staging.bnpparibas
bnp05s.bnpparibas.com
c00f0c4675b91fb8b918e4079a0b1bac1.bnpparibas.com
bnp08s.bnpparibas.com
bnp05s.bnpparibas.com
bnp06s.bnpparibas.com
bnp17b.bnpparibas.com
bnp08s.bnpparibas.com
bnp17b.bnpparibas.com
bnp08b.bnpparibas.com
bnp09s.bnpparibas.com
bnp16b.bnpparibas.com
bnp09s.bnpparibas.com
bnp04s.bnpparibas.com
bnp10s.bnpparibas.com
alis-qual-int.staging.bnpparibas
bnp04s.bnpparibas.com
bnp18b.bnpparibas.com
c00f0c4675b91fb8b918e4079a0b1bac1.bnpparibas.com
login03.extidp.staging.bnpparibas
bnp09s.bnpparibas.com
bnp10b.bnpparibas.com
bnp10s.bnpparibas.com

Certificate

The complete raw certificate details for iso-mtls.ica.cardif.api.staging.bnpparibas in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFtzCCBJ+gAwIBAgIQAagGAUI7+mI9+hhDaJMAJzANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDAxMjYxNDU3MTZaFw0yNTAxMjQxNDU3MTVaMG8xCzAJBgNVBAYTAkZSMRIwEAYD
VQQHEwlNb250cmV1aWwxFzAVBgNVBAoTDkJOUCBQQVJJQkFTIFNBMTMwMQYDVQQD
Eyppc28tbXRscy5pY2EuY2FyZGlmLmFwaS5zdGFnaW5nLmJucHBhcmliYXMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEOENW7vSrLPIMfCxfd7mQY44R
7brm1s+I0EzVwfXtMvBezu058a9jxvWpElExbqWKdnqlLOQ/OdKcw4KP6Mrx0dtl
qdFGsm7pynINw65DyaoW/8VlC0hDZw8aOGNF/IG0d155ezVby17yeUhFAc8fderq
hW4EUnyDAzIY+NOte3qSn6Ws6U8kMQ3Zt2o4P1wE0MfYuxYFl3Koy3g34tOUtxpy
fl/LrWhkc1OH9cRkzoAyPwcd1OfF0GZlQfftnKXMGgwPprHFDe178FxBWD5AozYf
koRSmS+V4IFJamL8AsHNdfojoVKT/MeunHxHYoqsOKO43b53np7JtD4oAgJvAgMB
AAGjggIBMIIB/TAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRfqaPA+IoP3jISMIvn
D4mmpv9QYzAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzBoBggrBgEF
BQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMG
CCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1jaGFpbjI1Ni5j
ZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZl
bDFrLmNybDCBtAYDVR0RBIGsMIGpgippc28tbXRscy5pY2EuY2FyZGlmLmFwaS5z
dGFnaW5nLmJucHBhcmliYXOCI2ljYXJlLmNhcmRpZi5hcGkuc3RhZ2luZy5ibnBw
YXJpYmFzghxhcGkudWF0LXBmLmljYXJlLXNlcnZpY2UuY29tgh1hcGkudWF0LWRp
Zy5pY2FyZS1zZXJ2aWNlLmNvbYIZYXBpLnVhdC5pY2FyZS1zZXJ2aWNlLmNvbTAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBMG
A1UdIAQMMAowCAYGZ4EMAQICMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3
DQEBCwUAA4IBAQCBfZbCnO5AW9aHvhhMMXGFNTEeQ9YPXTuWCYhR8udj1/8bBqe3
0BC8h+Su82LpxxnYown+vwf+TziqnWorQr0BU4RkuWWawWfdVNIhYNRsKC1RlTwJ
f3tBnR1JnSRLT3YHJNxVgVF7QTiQbVGsH3v2sxtQFuew9kzZMD9vGVw6V8Cma/nQ
+iv13B4DZng1Ga1mmmf+YP4OYdLw3FA6lz6a9kdEFXBI711kcL0CMxteqLzQg+OA
KTWE+iym26nuz1k9SE1R2/gYvPg6BE85EmILisdohdqUb936rCC7DvCvrl2/JEgQ
GbV4d5QeFyyjAAenU5AWmqDb0QboCfLgK/Nj
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDhDVu70qyzyDHwsX3e5
kGOOEe265tbPiNBM1cH17TLwXs7tOfGvY8b1qRJRMW6linZ6pSzkPznSnMOCj+jK
8dHbZanRRrJu6cpyDcOuQ8mqFv/FZQtIQ2cPGjhjRfyBtHdeeXs1W8te8nlIRQHP
H3Xq6oVuBFJ8gwMyGPjTrXt6kp+lrOlPJDEN2bdqOD9cBNDH2LsWBZdyqMt4N+LT
lLcacn5fy61oZHNTh/XEZM6AMj8HHdTnxdBmZUH37ZylzBoMD6axxQ3te/BcQVg+
QKM2H5KEUpkvleCBSWpi/ALBzXX6I6FSk/zHrpx8R2KKrDijuN2+d56eybQ+KAIC
bwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2201655662203071014217394670911291431
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-26 14:57:16 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-24 14:57:15 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Montreuil'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BNP PARIBAS SA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'iso-mtls.ica.cardif.api.staging.bnpparibas'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24770452115005413729417663463565840609928350073303706612873399343823960762886775347629933907524056326769402044405403976872784514440934364142900452485145170913489975389509767452356123685194068492369032663575799626843021690881153105241755573940543556034018401220495317797344906178962006133619625125749206492380479562046967313224989192999167018055805807324071431210467724714789564960523562178993004623660517965928348961574885614129096937842487375910092555332835460828863575825948236605489401734103737660293091032170168755713836595899116769326643996634333272675833791949206571777650458337160036090288119905102388409795183
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5fa9a3c0f88a0fde3212308be70f89a6a6ff5063
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (172 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iso-mtls.ica.cardif.api.staging.bnpparibas'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'icare.cardif.api.staging.bnpparibas'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.uat-pf.icare-service.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.uat-dig.icare-service.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.uat.icare-service.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00817d96c29cee405bd687be184c31718535311e43d60f5d3b96098851f2e763d7ff1b06a7b7d010bc87e4aef362e9c719d8a309febf07fe4f38aa9d6a2b42bd01538464b9659ac167dd54d22160d46c282d51953c097f7b419d1d499d244b4f760724dc5581517b4138906d51ac1f7bf6b31b5016e7b0f64cd9303f6f195c3a57c0a66bf9d0fa2bf5dc1e0366783519ad669a67fe60fe0e61d2f0dc503a973e9af64744157048ef5d6470bd02331b5ea8bcd083e380293584fa2ca6dba9eecf593d484d51dbf818bcf83a044f3912620b8ac76885da946fddfaac20bb0ef0afae5dbf24481019b57877941e172ca30007a75390169aa0dbd106e809f2e02bf363