dam.richemont.com

- Richemont International SA -

Issued by DigiCert Global CA G2

About this certificate

This digital certificate with serial number 08:3e:4a:97:22:94:56:38:69:f7:97:53:f5:e5:d8:5a was issued on by DigiCert Inc.

With 16 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Richemont International SA

Organization: Richemont International SA
Organization unit: DS DAM
State / Province: Genève
Locality: Bellevue
Country: CH

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 08:3e:4a:97:22:94:56:38:69:f7:97:53:f5:e5:d8:5a
Serial Number (int): 10957259243973514693125326428201932890
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: de:b3:5d:de:c5:88:37:17:68:6b:9d:4d:5b:53:eb:7b:56:9e:de:bf
AuthorityKeyId: 24:6e:2b:2d:d0:6a:92:51:51:25:69:01:aa:9a:47:a6:89:e7:40:20

Fingerprint (sha1): 1d:8e:08:b6:ea:49:42:a8:03:23:42:85:a6:fd:ca:72:64:bd:6b:fe
Fingerprint (sha256): 33:cf:29:91:f9:9c:e1:78:de:22:12:0a:7e:b9:81:72:b8:1a:4f:e9:b7:bf:04:ed:35:e2:73:6b:ba:51:0f:e8

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalCAG2.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalCAG2.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalCAG2.crl

Check the revocation status for certificate dam.richemont.com

16

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for dam.richemont.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

dam.richemont.com
download.iwc.com
media.alaia.fr
media.alange-soehne.com
media.baume-et-mercier.com
media.cartier.com
media.giampierobodino.com
media.jaeger-lecoultre.com
media.panerai.com
media.piaget.com
media.purdey.com
media.richemont.com
media.rogerdubuis.com
media.vacheron-constantin.com
media.vancleefarpels.com
pincode.montblanc.com

Other certificates including the domain name richemont.com

(limited to 100 certificates)
preprod-iisfarm.richemont.com
careers.richemont.com
booster2.richemont.com
intranet.richemont.com
intranet.richemont.com
richemont.com
xsrna.richemont.com
xs.richemont.com
intranet.richemont.com
dam.richemont.com
intranet.richemont.com
belenus.richemont.com
collaboration.richemont.com
apps2013.richemont.com
linemedia.preprod.richemont.com
api-booster.richemont.com
preprod-apps2016.richemont.com
linemedia.preprod.richemont.com
media.richemont.com
vo1webdisp.richemont.com
wwsip.richemont.com
spark.nprd.val.elb.richemont.com
careers.richemont.com
booster.richemont.com
apps.richemont.com
www.richemont.com
preprod-apps2016.richemont.com
owa.richemont.com
intranet.richemont.com
preprod-apps2016.richemont.com
booster.richemont.com
intranet.richemont.com
linemedia.preprod.richemont.com
dam.richemont.com
linemedia.preprod.richemont.com
antispam.richemont.com
svn.richemont.com
apps2016.richemont.com
intranet.richemont.com
launchpad.richemont.com
visionnaire.richemont.com
epm-mobile.richemont.com
intranet.richemont.com
mdm.richemont.com
richemont.com
epm-mobile.richemont.com
eusip.richemont.com
www.quality.alange-soehne.com
jobs.richemont.com
jenkins-aws.richemont.com
search.richemont.com
launchpad.richemont.com
cyberjourney.richemont.com
api-booster.richemont.com
linemedia.preprod.richemont.com
admin.pre-booster.richemont.com
pre-booster.richemont.com
owa-sso.richemont.com
id-sso.richemont.com
scn01.richemont.com
intranet.preprod.richemont.com
owa-nosso.richemont.com
linemedia.preprod.richemont.com
epm-mobile.richemont.com
linemedia.preprod.richemont.com
linemedia.preprod.richemont.com
www.quality.alange-soehne.com
owa-nosso.richemont.com
careers.richemont.com
amer-ra.richemont.com
media.richemont.com
iisfarm.richemont.com
preprod-apps2013.richemont.com
emea-ra.richemont.com
xs4.richemont.com
inet.richemont.com
midgard.ch.richemont.com
aegis.ch.richemont.com
collaboration.richemont.com
intranet.richemont.com
linemedia.preprod.richemont.com
apps2016.richemont.com
owa.richemont.com
fileexchange.richemont.com
creative-academy.com
agile.quality.richemont.com
secure.richemont.com
cs.richemont.com
www.quality.alange-soehne.com
richemont.com
richemont.com
owa.richemont.com
agile.richemont.com
preprod-iisfarm.richemont.com
careers.richemont.com
*.richemont.com
belenus.richemont.com
www.lcboutiquenet.com
*.mytandem.eu
intranet.staging.richemont.com

Certificate

The complete raw certificate details for dam.richemont.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHkjCCBnqgAwIBAgIQCD5KlyKUVjhp95dT9eXYWjANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVE
aWdpQ2VydCBHbG9iYWwgQ0EgRzIwHhcNMTkwNjI1MDAwMDAwWhcNMTkxMDE0MTIw
MDAwWjCBhDELMAkGA1UEBhMCQ0gxEDAOBgNVBAgMB0dlbsOodmUxETAPBgNVBAcT
CEJlbGxldnVlMSMwIQYDVQQKExpSaWNoZW1vbnQgSW50ZXJuYXRpb25hbCBTQTEP
MA0GA1UECxMGRFMgREFNMRowGAYDVQQDExFkYW0ucmljaGVtb250LmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN4Fo8xHxIdLLbRHqzypxU0g4CNe
NM1dGvfIDpVaF/akNtPANvneI1HBrGwthkHlNeYVGN4ILI26r5kRVzr6rnJhr3TB
zoUCXu8klVHRjH9A5MCNE/izYu9ZvDOymwPS/EW0H1XagNNjwZ/wHUgTPku6US8O
5ZnpabV4HCtZ3JIhy4Rpy81fw10r7CFZh6ihX8kb3xN/FMjnceqRQ7kNzgz1Wer8
eVKhC29SoCOCeMPDTwBhoEZtSGFENSCRw+8eaaV1n66RyukbM62zq1XtgYEYorxN
52nsflqFag0Phhb2aM19hkqkr0m8LfHNWDFPl3eNWRTtoOUZmUEiMSg5rB0CAwEA
AaOCBD0wggQ5MB8GA1UdIwQYMBaAFCRuKy3QapJRUSVpAaqaR6aJ50AgMB0GA1Ud
DgQWBBTes13exYg3F2hrnU1bU+t7Vp7evzCCAXQGA1UdEQSCAWswggFnghFkYW0u
cmljaGVtb250LmNvbYIQZG93bmxvYWQuaXdjLmNvbYIObWVkaWEuYWxhaWEuZnKC
F21lZGlhLmFsYW5nZS1zb2VobmUuY29tghptZWRpYS5iYXVtZS1ldC1tZXJjaWVy
LmNvbYIRbWVkaWEuY2FydGllci5jb22CGW1lZGlhLmdpYW1waWVyb2JvZGluby5j
b22CGm1lZGlhLmphZWdlci1sZWNvdWx0cmUuY29tghFtZWRpYS5wYW5lcmFpLmNv
bYIQbWVkaWEucGlhZ2V0LmNvbYIQbWVkaWEucHVyZGV5LmNvbYITbWVkaWEucmlj
aGVtb250LmNvbYIVbWVkaWEucm9nZXJkdWJ1aXMuY29tgh1tZWRpYS52YWNoZXJv
bi1jb25zdGFudGluLmNvbYIYbWVkaWEudmFuY2xlZWZhcnBlbHMuY29tghVwaW5j
b2RlLm1vbnRibGFuYy5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjB3BgNVHR8EcDBuMDWgM6Axhi9odHRwOi8vY3JsMy5k
aWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxDQUcyLmNybDA1oDOgMYYvaHR0cDov
L2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsQ0FHMi5jcmwwTAYDVR0g
BEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGln
aWNlcnQuY29tL0NQUzAIBgZngQwBAgIwdAYIKwYBBQUHAQEEaDBmMCQGCCsGAQUF
BzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6
Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbENBRzIuY3J0MAkG
A1UdEwQCMAAwggEGBgorBgEEAdZ5AgQCBIH3BIH0APIAdwC72d+8H4pxtZOUI5eq
kntHOFeVCqtS6BqQlmQ2jh7RhQAAAWuOzeHaAAAEAwBIMEYCIQDleHqUdJEHJnTb
lAmvBYFnKzxUc4DvGOE7YaRjAs62UAIhAKRNN4PoEPOFaiWdkSOqC00bFNBaSnMo
nxAOFhO1dym7AHcAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFr
js3iOQAABAMASDBGAiEAmHrT8CK3b7eZvW/k6GpNZaYNUuib+cAzH2prLABDVMMC
IQDdpnCuib1ixhR+ptbB4AXjqkcCSYGsbhsD3gToDtDi2zANBgkqhkiG9w0BAQsF
AAOCAQEAF9GOMsR5c8Hh4TPFNjZ2vikx+6jaYgcjsi3RThEL3qN9ao6L/y0GPW+r
USPIT7R0f8QpJ6WL9mWY6QlSG9VUuZOBUgEA0frMnQnvrnYLeziYHWg4mmAvcRuc
oJ4FTGpwp7GHrqsqZ2VxPRDf5B3NkZ8StwxXvB4fE3B/9wvleqgdko4NKO9MvsiP
MjD+89+cv2GaUBZzUltOpl/Z3D8vuudZVwCvQfRABWDA0OH9SUpw/T2gex/E47Ou
zQmsqjqGstrinrQTnzkCJxd+fj4qoZLePorD5rHHsZyzF8Y3FpdAIKYT0J2qGXfx
Goh8FslDPbreNZRT2n6VOk6khZlynQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3gWjzEfEh0sttEerPKnF
TSDgI140zV0a98gOlVoX9qQ208A2+d4jUcGsbC2GQeU15hUY3ggsjbqvmRFXOvqu
cmGvdMHOhQJe7ySVUdGMf0DkwI0T+LNi71m8M7KbA9L8RbQfVdqA02PBn/AdSBM+
S7pRLw7lmelptXgcK1nckiHLhGnLzV/DXSvsIVmHqKFfyRvfE38UyOdx6pFDuQ3O
DPVZ6vx5UqELb1KgI4J4w8NPAGGgRm1IYUQ1IJHD7x5ppXWfrpHK6RszrbOrVe2B
gRiivE3naex+WoVqDQ+GFvZozX2GSqSvSbwt8c1YMU+Xd41ZFO2g5RmZQSIxKDms
HQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 10957259243973514693125326428201932890
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global CA G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-25 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-14 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Genève'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bellevue'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Richemont International SA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DS DAM'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'dam.richemont.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28027684809161445870604056697626043145570350596231841033829319750557453246258247042732579017719226808995494268795511227160205890960705102399254403710069658414571978298694681037001623235551016257027833384756300073462686397372469697756178164432688009417926207740675358536472220790922064838100962137793512842302698773985327881531543888182929358336326978493329546100526298811631881387066736372415933029014088720908408639330223862851028313380792558232213551519159822372351161464868876805044430713354813474855724979561248431113244383258863448663170209487042329497908676753351510006799308710150938505006988916056505315863581
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 246e2b2dd06a925151256901aa9a47a689e74020
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							deb35ddec5883717686b9d4d5b53eb7b569edebf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dam.richemont.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'download.iwc.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.alaia.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.alange-soehne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.baume-et-mercier.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.cartier.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.giampierobodino.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.jaeger-lecoultre.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.panerai.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.piaget.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.purdey.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.richemont.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.rogerdubuis.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.vacheron-constantin.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.vancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pincode.montblanc.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (112 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalCAG2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
							00f2007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016b8ecde1da0000040300483046022100e5787a947491072674db9409af0581672b3c547380ef18e13b61a46302ceb650022100a44d3783e810f3856a259d9123aa0b4d1b14d05a4a73289f100e1613b57729bb0077008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016b8ecde2390000040300483046022100987ad3f022b76fb799bd6fe4e86a4d65a60d52e89bf9c0331f6a6b2c004354c3022100dda670ae89bd62c6147ea6d6c1e005e3aa47024981ac6e1b03de04e80ed0e2db
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0017d18e32c47973c1e1e133c5363676be2931fba8da620723b22dd14e110bdea37d6a8e8bff2d063d6fab5123c84fb4747fc42927a58bf66598e909521bd554b99381520100d1facc9d09efae760b7b38981d68389a602f711b9ca09e054c6a70a7b187aeab2a6765713d10dfe41dcd919f12b70c57bc1e1f13707ff70be57aa81d928e0d28ef4cbec88f3230fef3df9cbf619a501673525b4ea65fd9dc3f2fbae7595700af41f4400560c0d0e1fd494a70fd3da07b1fc4e3b3aecd09acaa3a86b2dae29eb4139f390227177e7e3e2aa192de3e8ac3e6b1c7b19cb317c63716974020a613d09daa1977f11a887c16c9433dbade359453da7e953a4ea48599729d