www.lecolevancleefarpels.com

- Richemont International SA -

Issued by DigiCert Global CA G2

About this certificate

This digital certificate with serial number 04:da:d8:6d:9a:a0:ab:f1:e8:a3:1b:25:d0:83:35:31 was issued on by DigiCert Inc.

With 9 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Richemont International SA

Organization: Richemont International SA
Organization unit: VCA
State / Province: Genève
Locality: Bellevue
Country: CH

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:da:d8:6d:9a:a0:ab:f1:e8:a3:1b:25:d0:83:35:31
Serial Number (int): 6453222382499290360981892555591595313
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: f1:34:b5:81:a5:c7:94:19:45:9a:d7:29:88:c9:e9:84:21:ae:cb:73
AuthorityKeyId: 24:6e:2b:2d:d0:6a:92:51:51:25:69:01:aa:9a:47:a6:89:e7:40:20

Fingerprint (sha1): bb:17:f3:89:30:fb:2a:67:5f:9f:b0:92:29:0b:5c:4f:99:3c:93:70
Fingerprint (sha256): 34:67:5c:ad:d2:ed:75:3e:99:1b:4b:f6:78:3d:b6:03:b0:0f:14:56:18:ea:e6:c3:31:dd:ea:e4:d2:c3:18:b0

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalCAG2.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalCAG2.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalCAG2.crl

Check the revocation status for certificate www.lecolevancleefarpels.com

9

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.lecolevancleefarpels.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

admin.global.lecolevancleefarpels.com
admin.hk.lecolevancleefarpels.com
admin.www.lecolevancleefarpels.com
fr.lecolevancleefarpels.com
hk.lecolevancleefarpels.com
jp.lecolevancleefarpels.com
me.lecolevancleefarpels.com
us.lecolevancleefarpels.com
www.lecolevancleefarpels.com

Other certificates including the domain name lecolevancleefarpels.com

(limited to 100 certificates)
www.lecolevancleefarpels.com
www.vancleefarpels.com
www.lecolevancleefarpels.com
diamondcheck.vancleefarpels.com
www.lecolevancleefarpels.com
linemedia.preprod.richemont.com
www.lecolevancleefarpels.com
www.vancleefarpels.com
www.quality.alange-soehne.com
vcaballet.vancleefarpels.com
linemedia.preprod.richemont.com
sihh2014.vancleefarpels.com
www.lecolevancleefarpels.com
m.montblanc.com
vcaballet.vancleefarpels.com
www.quality.alange-soehne.com
vcaballet.vancleefarpels.com
vcaballet.vancleefarpels.com
linemedia.preprod.richemont.com
vcaballet.vancleefarpels.com
diamondcheck.vancleefarpels.com
www.quality.alange-soehne.com
www.lecolevancleefarpels.com
vcaballet.vancleefarpels.com
m.montblanc.com
www.vancleefarpels.com
m.montblanc.com
diamondcheck.vancleefarpels.com
linemedia.preprod.richemont.com
linemedia.preprod.richemont.com
m.montblanc.com
www.lecolevancleefarpels.com
sihh2014.vancleefarpels.com
www.quality.alange-soehne.com
vcaballet.vancleefarpels.com
sihh2016.vancleefarpels.com
sihh2014.vancleefarpels.com
www.lecolevancleefarpels.com
vcaballet.vancleefarpels.com
press.lecolevancleefarpels.com
m.montblanc.com
www.quality.alange-soehne.com
org-timenaturelove.vancleefarpels.com
sihh2014.vancleefarpels.com
m.montblanc.com
sihh2014.vancleefarpels.com
sihh2014.vancleefarpels.com
www.vancleefarpels.com
sihh2016.vancleefarpels.com
press.lecolevancleefarpels.com
sihh2014.vancleefarpels.com
sihh2016.vancleefarpels.com
diamondcheck.vancleefarpels.com
diamondcheck.vancleefarpels.com
www.lecolevancleefarpels.com
www.lecolevancleefarpels.com
sihh2016.vancleefarpels.com
sihh2014.vancleefarpels.com
vcaballet.vancleefarpels.com
www.lecolevancleefarpels.com
diamondcheck.vancleefarpels.com
press.lecolevancleefarpels.com
org-timenaturelove.vancleefarpels.com
sihh2014.vancleefarpels.com
vcaballet.vancleefarpels.com
www.quality.alange-soehne.com
diamondcheck.vancleefarpels.com
m.montblanc.com
sihh2014.vancleefarpels.com
www.quality.alange-soehne.com
sihh2014.vancleefarpels.com
www.quality.alange-soehne.com
www.lecolevancleefarpels.com
sihh2014.vancleefarpels.com
press.lecolevancleefarpels.com
org-timenaturelove.vancleefarpels.com
sihh2014.vancleefarpels.com
www.lecolevancleefarpels.com
org-us.lecolevancleefarpels.com
www.vancleefarpels.com
www.lecolevancleefarpels.com
www.lecolevancleefarpels.com
m.montblanc.com
www.quality.alange-soehne.com
org-timenaturelove.vancleefarpels.com
diamondcheck.vancleefarpels.com
www.vancleefarpels.com
vcaballet.vancleefarpels.com
www.lecolevancleefarpels.com
diamondcheck.vancleefarpels.com
m.montblanc.com
vcaballet.vancleefarpels.com
vcaballet.vancleefarpels.com
www.quality.alange-soehne.com
sihh2014.vancleefarpels.com
org-timenaturelove.vancleefarpels.com
m.montblanc.com
vcaballet.vancleefarpels.com
vcaballet.vancleefarpels.com
sihh2016.vancleefarpels.com

Certificate

The complete raw certificate details for www.lecolevancleefarpels.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHTjCCBjagAwIBAgIQBNrYbZqgq/Hooxsl0IM1MTANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVE
aWdpQ2VydCBHbG9iYWwgQ0EgRzIwHhcNMTkxMDIxMDAwMDAwWhcNMjAwODA1MTIw
MDAwWjCBjDELMAkGA1UEBhMCQ0gxEDAOBgNVBAgMB0dlbsOodmUxETAPBgNVBAcT
CEJlbGxldnVlMSMwIQYDVQQKExpSaWNoZW1vbnQgSW50ZXJuYXRpb25hbCBTQTEM
MAoGA1UECxMDVkNBMSUwIwYDVQQDExx3d3cubGVjb2xldmFuY2xlZWZhcnBlbHMu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuqcy2gkwnmmJb45
5gx+kbsXNMGHGf849pPEdFJ9IRMla1K7leL2ik9hKmfb5bLxECRxMTkT9QZwEXLg
Ob9J1BJ1tU/NsVGEW5sycQxxm+8XII/LqwUYzXFBaJEFgh2sbmx1nlTz6+wdZh1Z
nZmdzQb+JbF9M+QNTEMInwTLzS9Fa1X/w8kx0ZSEIYzuhzvqmiFjSX3RRgaj4FLr
0fqKBmNwOOShitlZNAxWJRBszLzgo4SIGbUilz30Y/bUsxNr1vShmZQiIiOQrCcy
OCL4q5L+ox8DDwCebYbSq1tVHdWkKNK1j8dcFp8F3+yoqvRhyD+04rHHaW9wSg3D
ZwPTSwIDAQABo4ID8TCCA+0wHwYDVR0jBBgwFoAUJG4rLdBqklFRJWkBqppHponn
QCAwHQYDVR0OBBYEFPE0tYGlx5QZRZrXKYjJ6YQhrstzMIIBKgYDVR0RBIIBITCC
AR2CJWFkbWluLmdsb2JhbC5sZWNvbGV2YW5jbGVlZmFycGVscy5jb22CIWFkbWlu
LmhrLmxlY29sZXZhbmNsZWVmYXJwZWxzLmNvbYIiYWRtaW4ud3d3LmxlY29sZXZh
bmNsZWVmYXJwZWxzLmNvbYIbZnIubGVjb2xldmFuY2xlZWZhcnBlbHMuY29tghto
ay5sZWNvbGV2YW5jbGVlZmFycGVscy5jb22CG2pwLmxlY29sZXZhbmNsZWVmYXJw
ZWxzLmNvbYIbbWUubGVjb2xldmFuY2xlZWZhcnBlbHMuY29tght1cy5sZWNvbGV2
YW5jbGVlZmFycGVscy5jb22CHHd3dy5sZWNvbGV2YW5jbGVlZmFycGVscy5jb20w
DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB3
BgNVHR8EcDBuMDWgM6Axhi9odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNl
cnRHbG9iYWxDQUcyLmNybDA1oDOgMYYvaHR0cDovL2NybDQuZGlnaWNlcnQuY29t
L0RpZ2lDZXJ0R2xvYmFsQ0FHMi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEw
KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZn
gQwBAgIwdAYIKwYBBQUHAQEEaDBmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k
aWdpY2VydC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0
LmNvbS9EaWdpQ2VydEdsb2JhbENBRzIuY3J0MAkGA1UdEwQCMAAwggEEBgorBgEE
AdZ5AgQCBIH1BIHyAPAAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7R
hQAAAW3u3ROJAAAEAwBIMEYCIQC8QrokSODJd2FfUvjJu91Nxx9i34ozImKs3UuW
ejsdYgIhAI8bi52/ckQgC1ZWc/jj2rI9gAQVpJzCbUzO0jxf8eC/AHUAh3W/51l8
+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFt7t0T0QAABAMARjBEAiA97GTs
0kVyJ9u3disvfRFPDsAk/qicWbSEOj42pILbrwIgTePUysX6QJIU8cmzG7w71CAa
u6idWGooYa2fsUpwPAgwDQYJKoZIhvcNAQELBQADggEBALfnyt6ppNOOsXoX2rph
ZZlho/TiIJMgRiXd9A+9obsvmHVRpWTNDXTVeQVQjkLZ4F0PReHjA04fBHxJt8Vk
/EWtKtunkSwk3FHZ6ZPWMfXFRsKwpjQo7D62k3/orfDrPAaZxGXoId/OxtPWa4Ar
aWf6fwNLoY8ZD8UVig+8kPN7B3y2wJEY+rRxduVZvpRIcCWzuviGJEK5nxz8749C
k96FmW03mtEby3dYFFrHhSz4NVuSjupimv6CgMOJWC31sFcpHqexJyIR1hM1ayj8
Z4hqYQUGn4IwFamqpvnwS0kfk+e/h12WDpUA5y+r4ZdFzP2tSKO+xS2Lo5OQwuAH
1/0=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuqcy2gkwnmmJb455gx+
kbsXNMGHGf849pPEdFJ9IRMla1K7leL2ik9hKmfb5bLxECRxMTkT9QZwEXLgOb9J
1BJ1tU/NsVGEW5sycQxxm+8XII/LqwUYzXFBaJEFgh2sbmx1nlTz6+wdZh1ZnZmd
zQb+JbF9M+QNTEMInwTLzS9Fa1X/w8kx0ZSEIYzuhzvqmiFjSX3RRgaj4FLr0fqK
BmNwOOShitlZNAxWJRBszLzgo4SIGbUilz30Y/bUsxNr1vShmZQiIiOQrCcyOCL4
q5L+ox8DDwCebYbSq1tVHdWkKNK1j8dcFp8F3+yoqvRhyD+04rHHaW9wSg3DZwPT
SwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 6453222382499290360981892555591595313
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global CA G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-21 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-08-05 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Genève'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bellevue'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Richemont International SA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'VCA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.lecolevancleefarpels.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26120782548165215886747840163034013411733808671936745769263665386317578834361387175938754057045692655516313862514289525542203630346015338110139275864926453403278362846328761398410865397921258459326820490137498211838225428622190593768012074083984037643695366491350324120972889591257684587093355825583278258990207863870580313400922563634987299455287311799312014291567334810095604237075830223557697590871415817977824067054183267976907823868421914681588905511821250529447253183757356148421278911640439167475278574861947614561537166608507575327449318787466258811041781750042556158678110955075031178274793978441176132604747
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 246e2b2dd06a925151256901aa9a47a689e74020
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f134b581a5c79419459ad72988c9e98421aecb73
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (289 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'admin.global.lecolevancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'admin.hk.lecolevancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'admin.www.lecolevancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fr.lecolevancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hk.lecolevancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jp.lecolevancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'me.lecolevancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'us.lecolevancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.lecolevancleefarpels.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (112 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalCAG2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016deedd13890000040300483046022100bc42ba2448e0c977615f52f8c9bbdd4dc71f62df8a332262acdd4b967a3b1d620221008f1b8b9dbf7244200b565673f8e3dab23d800415a49cc26d4cced23c5ff1e0bf0075008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016deedd13d1000004030046304402203dec64ecd2457227dbb7762b2f7d114f0ec024fea89c59b4843a3e36a482dbaf02204de3d4cac5fa409214f1c9b31bbc3bd4201abba89d586a2861ad9fb14a703c08
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b7e7cadea9a4d38eb17a17daba61659961a3f4e22093204625ddf40fbda1bb2f987551a564cd0d74d57905508e42d9e05d0f45e1e3034e1f047c49b7c564fc45ad2adba7912c24dc51d9e993d631f5c546c2b0a63428ec3eb6937fe8adf0eb3c0699c465e821dfcec6d3d66b802b6967fa7f034ba18f190fc5158a0fbc90f37b077cb6c09118fab47176e559be94487025b3baf8862442b99f1cfcef8f4293de85996d379ad11bcb7758145ac7852cf8355b928eea629afe8280c389582df5b057291ea7b1272211d613356b28fc67886a6105069f823015a9aaa6f9f04b491f93e7bf875d960e9500e72fabe19745ccfdad48a3bec52d8ba39390c2e007d7fd