*.manitoba.ca

- Department of Finance (Province of Manitoba) -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 42:7d:e1:a9:9b:8a:ae:a1:84:a3:fa:b8:47:90:ea:42 was issued on by Entrust, Inc..

With 26 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Department of Finance (Province of Manitoba)

Organization: Department of Finance (Province of Manitoba)
State / Province: Manitoba
Locality: Winnipeg
Country: CA

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 42:7d:e1:a9:9b:8a:ae:a1:84:a3:fa:b8:47:90:ea:42
Serial Number (int): 88382661808979420558402897627669654082
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: ef:f2:40:cd:36:ec:f2:66:c0:c2:00:73:b7:a8:ca:9f:48:20:38:aa
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 47:09:7f:3e:f1:a6:e2:c9:5f:86:47:d5:d9:07:69:9e:3a:d8:98:94
Fingerprint (sha256): 33:af:0b:bf:e5:79:9c:25:8d:e3:d1:77:9c:da:0e:8e:c3:96:27:a6:cd:f1:c5:45:c1:fa:ea:5e:1f:65:32:7c

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate *.manitoba.ca

26

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.manitoba.ca

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.manitoba.ca
manitoba.ca
*.gov.mb.ca
gov.mb.ca
accessmanitoba.ca
ajic.mb.ca
tamaninquiry.ca
allcharitiescampaign.ca
aji-cwi.mb.ca
mbpolicecom.ca
manitobaaddresschange.ca
pubmanitoba.ca
phoenixsinclairinquiry.ca
csbsc.mb.ca
mbfinancialinstitutions.ca
mbrealestate.ca
iiumanitoba.ca
manitobaparentzone.ca
manitobalawreform.ca
manitobahumanrights.ca
accessibilitymb.ca
driskellinquiry.ca
mbsecurities.ca
pediatriccardiacinquest.mb.ca
driveelectricmanitoba.ca
investinmanitoba.ca

Other certificates including the domain name manitoba.ca

(limited to 100 certificates)
manitoba.ca
uatimmunizationcard.manitoba.ca
uatimmunizationconsent.manitoba.ca
manitoba.ca
*.manitoba.ca
manitoba.ca
manitoba.ca
immunizationconsent.manitoba.ca
manitoba.ca
60b725f10c9c85.manitoba.ca
manitoba.ca
www.manitoba.ca
immunizationcard.manitoba.ca
*.gov.mb.ca
manitoba.ca
stimmunizationconsent.manitoba.ca
manitoba.ca
immunizationcard.manitoba.ca
manitoba.ca
manitoba.ca
manitoba.ca
*.manitoba.ca
manitoba.ca
immunizationcard.manitoba.ca
SSO.MANITOBA.CA
SSODR.MANITOBA.CA
manitoba.ca
manitoba.ca
*.gov.mb.ca
*.gov.mb.ca
devimmunizationconsent.manitoba.ca
www.manitoba.ca
*.manitoba.ca

Certificate

The complete raw certificate details for *.manitoba.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJwDCCCKigAwIBAgIQQn3hqZuKrqGEo/q4R5DqQjANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
MDA5MjQxMzA0MzRaFw0yMTEwMjMxMzA0MzNaMIGCMQswCQYDVQQGEwJDQTERMA8G
A1UECBMITWFuaXRvYmExETAPBgNVBAcTCFdpbm5pcGVnMTUwMwYDVQQKEyxEZXBh
cnRtZW50IG9mIEZpbmFuY2UgKFByb3ZpbmNlIG9mIE1hbml0b2JhKTEWMBQGA1UE
AwwNKi5tYW5pdG9iYS5jYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
ALeef8XA+2j4h7KTcmcjLIuRbCV3k4YNWw80pj9yGCm277RLmOynTGV0KN3uFU98
ee4f7hTvOP7L5F6EDk8ecXDCOMP6b0Miu1JJGqNhygj/BT4EXQ2l26NP4j26hBUk
feUKJu5RoUwPZonw8ta6FsWbn2bZnNroZW4qlK0oF33YejB6Rs09VppxayS/gTr1
u/GgJjcI2oQp0y6UTBdYuOxbTdPzxlAThdtlh2el20oUGkhpQ9HpSOIeVEruE6Cf
dH6vERR7Mj2lAxm+hbXy8H5taJE554v4iqNYWQrd+LlK7YTC6CE9HK88T9Lu2sic
jWvk9/Toshd6Zue/Nmkmo0TKMyIwr7sm3RcURsISkuN5l9/Zq6BOUDhX9/8ZAys4
Wt6QAx56L1P2s1bcQ7q5rsI2W3Il2KztTSYKyFLMLFMX7d/NPnKBkyOcxZsMMqCE
YRmuS73EIttVSDZEzZJMJSZN2N0aJp5Folytcw3cTyzgKLEOWHxCNKmp3lux+EU6
FJRxBwEM69cZBA+BrlpOEkV8x5B8QcaR37PmNF0ndiIV7l33pFtNo2P91eYEypOM
INCrBNArrNNN7Nq/GIV503nkJVIG15I7NMmQijc1luBPONq7Fjj9gFz9f2NpOGKL
Ut19AI78DBLHk1RsqyUxZSm8hT160ST/+U197hPfB9B5AgMBAAGjggT2MIIE8jAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTv8kDNNuzyZsDCAHO3qMqfSCA4qjAfBgNV
HSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzBoBggrBgEFBQcBAQRcMFowIwYI
KwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMGCCsGAQUFBzAChido
dHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1jaGFpbjI1Ni5jZXIwMwYDVR0fBCww
KjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFrLmNybDCCAgQG
A1UdEQSCAfswggH3gg0qLm1hbml0b2JhLmNhggttYW5pdG9iYS5jYYILKi5nb3Yu
bWIuY2GCCWdvdi5tYi5jYYIRYWNjZXNzbWFuaXRvYmEuY2GCCmFqaWMubWIuY2GC
D3RhbWFuaW5xdWlyeS5jYYIXYWxsY2hhcml0aWVzY2FtcGFpZ24uY2GCDWFqaS1j
d2kubWIuY2GCDm1icG9saWNlY29tLmNhghhtYW5pdG9iYWFkZHJlc3NjaGFuZ2Uu
Y2GCDnB1Ym1hbml0b2JhLmNhghlwaG9lbml4c2luY2xhaXJpbnF1aXJ5LmNhggtj
c2JzYy5tYi5jYYIabWJmaW5hbmNpYWxpbnN0aXR1dGlvbnMuY2GCD21icmVhbGVz
dGF0ZS5jYYIOaWl1bWFuaXRvYmEuY2GCFW1hbml0b2JhcGFyZW50em9uZS5jYYIU
bWFuaXRvYmFsYXdyZWZvcm0uY2GCFm1hbml0b2JhaHVtYW5yaWdodHMuY2GCEmFj
Y2Vzc2liaWxpdHltYi5jYYISZHJpc2tlbGxpbnF1aXJ5LmNhgg9tYnNlY3VyaXRp
ZXMuY2GCHXBlZGlhdHJpY2NhcmRpYWNpbnF1ZXN0Lm1iLmNhghhkcml2ZWVsZWN0
cmljbWFuaXRvYmEuY2GCE2ludmVzdGlubWFuaXRvYmEuY2EwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBMBgNVHSAERTBDMDcG
CmCGSAGG+mwKAQUwKTAnBggrBgEFBQcCARYbaHR0cHM6Ly93d3cuZW50cnVzdC5u
ZXQvcnBhMAgGBmeBDAECAjCCAXwGCisGAQQB1nkCBAIEggFsBIIBaAFmAHUAVYHU
whaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAF0wDcsXAAABAMARjBEAiBg
rz3MegyIIE4pvVkd5feAs9sOvNoDbMfSTywaM30ahQIgcv7xxKV2XCzN17IX/PPy
wBkt3CWsJhwzMA86qBgtotoAdQBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV
1onQ3QAAAXTANyx2AAAEAwBGMEQCICd8gyPyLmqJI68hLbbWFP9Z+cdCQARweJlA
78K+STdlAiBOzWy01gESa9rPeF5/2PJLKKvw5iA19La4EvMXEuuckQB2AH0+8viP
/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+IvDXAAABdMA3LG8AAAQDAEcwRQIhAKaV
kwE30iUCBSD3ghRYkjkzj8rxlNw2/jM+qdN6qdjJAiAgy3Eex/XnpUQJIGj1ARpW
tSO8E+8pkyNucRiC8yJlizANBgkqhkiG9w0BAQsFAAOCAQEAUFfXThNd1j+oaQWh
xRGkf+59ZSsYy1+b17IbHiTeSrFdevqCPpYof4d2ohSxSitg/INUPSbKK3z+HKMv
/OA6ztEaaB9gUpDfGWzbSMcAxDyX1+IWvUQmSDan8U0iNbFgVwc/zChnZBZ9DV7W
7rsmWG6oKLMxBhg2vRuxJmcU6g6fEcVsORdYjuWkbFSKogxBQ9NvsdD7l4Gvpo7I
iOekJRm8L1gwQwYqrB3SVUm5muMY/6Vui9kDi3Nltj17Ae27bzY0msIq9fhCIUX7
4LF5V5WTCnNGld7rZXJ+Y9fhagjoOk/ICsOENlgfEbJPaaOA37Wsafi+SnjL6VD2
zZ3Rrw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAt55/xcD7aPiHspNyZyMs
i5FsJXeThg1bDzSmP3IYKbbvtEuY7KdMZXQo3e4VT3x57h/uFO84/svkXoQOTx5x
cMI4w/pvQyK7Ukkao2HKCP8FPgRdDaXbo0/iPbqEFSR95Qom7lGhTA9mifDy1roW
xZufZtmc2uhlbiqUrSgXfdh6MHpGzT1WmnFrJL+BOvW78aAmNwjahCnTLpRMF1i4
7FtN0/PGUBOF22WHZ6XbShQaSGlD0elI4h5USu4ToJ90fq8RFHsyPaUDGb6FtfLw
fm1okTnni/iKo1hZCt34uUrthMLoIT0crzxP0u7ayJyNa+T39OiyF3pm5782aSaj
RMozIjCvuybdFxRGwhKS43mX39mroE5QOFf3/xkDKzha3pADHnovU/azVtxDurmu
wjZbciXYrO1NJgrIUswsUxft380+coGTI5zFmwwyoIRhGa5LvcQi21VINkTNkkwl
Jk3Y3RomnkWiXK1zDdxPLOAosQ5YfEI0qaneW7H4RToUlHEHAQzr1xkED4GuWk4S
RXzHkHxBxpHfs+Y0XSd2IhXuXfekW02jY/3V5gTKk4wg0KsE0Cus003s2r8YhXnT
eeQlUgbXkjs0yZCKNzWW4E842rsWOP2AXP1/Y2k4YotS3X0AjvwMEseTVGyrJTFl
KbyFPXrRJP/5TX3uE98H0HkCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 88382661808979420558402897627669654082
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-09-24 13:04:34 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-10-23 13:04:33 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Manitoba'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Winnipeg'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Department of Finance (Province of Manitoba)'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.manitoba.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 749100723662263504679201938412745230415225218731823133024333231549538658890456069324352253941215308365834674288521682982378844364548889581015078200044912969976195757901648428364343646980968252581629100135205872301879521149842375575090271455603811233667072733280165340076463646059056686551889451409543595283485548135519695961369541085282995153006959876601439159075192850139581465467169519314569866505758282536767177575100197898042959712616578667742275032596390515732837266076554133843328864572052211896457631055305951314274238695847468162636439059899826822743279202697503270819538384461648831931201980422915270241487532485670503459986246441093484308665905168196096720108535103262724376408378528539773691435399379792602396673018202308512053067126749561279331552541997818027644101917995236899697090325860561955117071632288354230481803011992782575162758935592122206668817897350780718884423719006951366798653010964499901422823020251498524346896254420976815120762547692949117360172773715408219569759934175917649735968001582287041519459298412054102834944798058882402594006632835471398247714408139504815630420929299903401564324819685171403034116963078678652173345788734060033957306776116145702329168711033853358694117816955395222743642787961
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							eff240cd36ecf266c0c20073b7a8ca9f482038aa
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (507 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.manitoba.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manitoba.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gov.mb.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gov.mb.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'accessmanitoba.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ajic.mb.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tamaninquiry.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'allcharitiescampaign.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aji-cwi.mb.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mbpolicecom.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manitobaaddresschange.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pubmanitoba.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'phoenixsinclairinquiry.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'csbsc.mb.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mbfinancialinstitutions.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mbrealestate.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iiumanitoba.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manitobaparentzone.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manitobalawreform.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'manitobahumanrights.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'accessibilitymb.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'driskellinquiry.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mbsecurities.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pediatriccardiacinquest.mb.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'driveelectricmanitoba.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'investinmanitoba.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes)
							01660075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000174c0372c5c0000040300463044022060af3dcc7a0c88204e29bd591de5f780b3db0ebcda036cc7d24f2c1a337d1a85022072fef1c4a5765c2ccdd7b217fcf3f2c0192ddc25ac261c33300f3aa8182da2da0075005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd00000174c0372c7600000403004630440220277c8323f22e6a8923af212db6d614ff59f9c742400470789940efc2be49376502204ecd6cb4d601126bdacf785e7fd8f24b28abf0e62035f4b6b812f31712eb9c910076007d3ef2f88fff88556824c2c0ca9e5289792bc50e78097f2e6a9768997e22f0d700000174c0372c6f0000040300473045022100a695930137d225020520f78214589239338fcaf194dc36fe333ea9d37aa9d8c9022020cb711ec7f5e7a544092068f5011a56b523bc13ef2993236e711882f322658b
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		005057d74e135dd63fa86905a1c511a47fee7d652b18cb5f9bd7b21b1e24de4ab15d7afa823e96287f8776a214b14a2b60fc83543d26ca2b7cfe1ca32ffce03aced11a681f605290df196cdb48c700c43c97d7e216bd44264836a7f14d2235b16057073fcc286764167d0d5ed6eebb26586ea828b331061836bd1bb1266714ea0e9f11c56c3917588ee5a46c548aa20c4143d36fb1d0fb9781afa68ec888e7a42519bc2f583043062aac1dd25549b99ae318ffa56e8bd9038b7365b63d7b01edbb6f36349ac22af5f8422145fbe0b1795795930a734695deeb65727e63d7e16a08e83a4fc80ac38436581f11b24f69a380dfb5ac69f8be4a78cbe950f6cd9dd1af