*.proxy03.bnl.lu
- Bibliothèque nationale de Luxembourg -
Issued by TERENA SSL CA 3
About this certificate
This digital certificate with serial number 07:5e:d7:ec:80:d5:41:bb:85:ae:73:13:02:07:f5:17 was issued on by TERENA.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Bibliothèque nationale de Luxembourg
Organization:
Bibliothèque nationale de Luxembourg
Locality:
Luxembourg
Country: LU
Country: LU
TERENA
Organization:
TERENA
State / Province:
Noord-Holland
Locality: Amsterdam
Country: NL
Locality: Amsterdam
Country: NL
This certificate has expire since
Certificate Details
Serial Number (hex): 07:5e:d7:ec:80:d5:41:bb:85:ae:73:13:02:07:f5:17Serial Number (int): 9797051330979716252638713112385025303
Serial Number lenght: 123 bits, 16 octets
SubjectKeyId: 80:0e:61:8b:1c:c5:d3:86:b5:c6:4b:af:d6:42:e7:1a:d9:60:a5:9f
AuthorityKeyId: 67:fd:88:20:14:27:98:c7:09:d2:25:19:bb:e9:51:11:63:75:50:62
Fingerprint (sha1): be:60:ff:8a:d4:59:14:03:3e:a2:0b:b0:d7:69:33:e6:dc:cc:20:43
Fingerprint (sha256): 34:6e:e0:52:57:b0:6f:44:a3:b6:fc:3e:2c:e2:4a:b7:fa:3a:cf:20:e6:44:67:64:f6:55:92:3c:5d:c3:45:31
Issuing Certificate URL: http://cacerts.digicert.com/TERENASSLCA3.crt
Revocation information
OCSP Server: http://ocsp.digicert.comCRL Distribution Point: http://crl3.digicert.com/TERENASSLCA3.crl
CRL Distribution Point: http://crl4.digicert.com/TERENASSLCA3.crl
Check the revocation status for certificate *.proxy03.bnl.lu
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.proxy03.bnl.lu
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.proxy03.bnl.lu
proxy03.bnl.lu
proxy03.bnl.lu
Other certificates including the domain name bnl.lu
(limited to 100 certificates)
*.proxy02.bnl.lu
*.proxy.bnl.lu
*.proxy02.bnl.lu
*.proxy03.bnl.lu
auth.bnl.lu
bnl.lu
auth.bnl.lu
*.bnl.lu
*.proxy02.bnl.lu
*.proxy03.bnl.lu
auth.bnl.lu
auth.bnl.lu
*.proxy04.bnl.lu
bnl.lu
*.proxy04.bnl.lu
auth3.bnl.lu
bnl.lu
luxemburgensia.bnl.lu
*.proxy.bnl.lu
analytics.bnl.lu
bnl.lu
windbook.bnl.lu
bnl.lu
bnl.lu
wifiportal-1.bnl.lu
auth-dev.bnl.lu
*.bnl.lu
*.proxy03.bnl.lu
auth1.bnl.lu
bnl.lu
auth1.bnl.lu
bnl.lu
analytics.bnl.lu
*.proxy03.bnl.lu
bnl.lu
windbook.bnl.lu
mia.bnl.lu
*.proxy03.bnl.lu
*.proxy.bnl.lu
bnl.lu
auth.bnl.lu
auth3.bnl.lu
lida.bnl.lu
bnl.lu
*.proxy04.bnl.lu
*.proxy.bnl.lu
luxemburgensia.bnl.lu
bnl.lu
*.proxy.bnl.lu
*.proxy02.bnl.lu
*.proxy03.bnl.lu
auth.bnl.lu
bnl.lu
auth.bnl.lu
*.bnl.lu
*.proxy02.bnl.lu
*.proxy03.bnl.lu
auth.bnl.lu
auth.bnl.lu
*.proxy04.bnl.lu
bnl.lu
*.proxy04.bnl.lu
auth3.bnl.lu
bnl.lu
luxemburgensia.bnl.lu
*.proxy.bnl.lu
analytics.bnl.lu
bnl.lu
windbook.bnl.lu
bnl.lu
bnl.lu
wifiportal-1.bnl.lu
auth-dev.bnl.lu
*.bnl.lu
*.proxy03.bnl.lu
auth1.bnl.lu
bnl.lu
auth1.bnl.lu
bnl.lu
analytics.bnl.lu
*.proxy03.bnl.lu
bnl.lu
windbook.bnl.lu
mia.bnl.lu
*.proxy03.bnl.lu
*.proxy.bnl.lu
bnl.lu
auth.bnl.lu
auth3.bnl.lu
lida.bnl.lu
bnl.lu
*.proxy04.bnl.lu
*.proxy.bnl.lu
luxemburgensia.bnl.lu
bnl.lu
Certificate
The complete raw certificate details for *.proxy03.bnl.lu in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGSzCCBTOgAwIBAgIQB17X7IDVQbuFrnMTAgf1FzANBgkqhkiG9w0BAQsFADBk MQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJ QW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wg Q0EgMzAeFw0yMDAxMjcwMDAwMDBaFw0yMjA0MjkxMjAwMDBaMG0xCzAJBgNVBAYT AkxVMRMwEQYDVQQHEwpMdXhlbWJvdXJnMS4wLAYDVQQKDCVCaWJsaW90aMOocXVl IG5hdGlvbmFsZSBkZSBMdXhlbWJvdXJnMRkwFwYDVQQDDBAqLnByb3h5MDMuYm5s Lmx1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArnomDpcBc0oMksUa mxY3qP2x8MRbudRKLCJqRiD1Sub5l5rlHsbRHq6LAezNd9evYd8/LELTsbFpOJle vmnSXPZac/iDFU7VVPuxQdQgZTOTU2lWon5yoDJfbsJQeBAWJeYBQKnfWoegNJp1 bZn8xQDhDgiI8NQ6TFTnR3MtgJ3EgrXiH4cVkOdlh/PqQ4rVBS+qrt5nhryD20JE /rs7Bl/oc7OGzzF+U9o6yXURu9Ja175AFnJjhz8qS3YoZJXe3ySbuiRcESNxoRoG wSAdwzh7TnyFAEly5AZUBU2bVhFAEr1udtTUtmzqvC4hFowQF/a8aJDT+dNHtOkC gnyhFZxCBw087wu0lVRaDDlaAZpGGEvWWsAVMnsmYiittdstb7x6V+vzgIn9/pea iIBOM27VPqCqrNn5OKdc5g1Gj2ICx0CE/jr+ImNaeGfTeLLWVRIlKY/FejoOrC/s 6vXRg3ncA0B1BSYwhBtP1JzN1wfSBq3m7iKzftEgsKWDHBvbXzh1/YscsswqPgJp Z3FcHe5Css4PfD8iC+0bkZAH8vOpPmNaQKw2rwa7Y4OPc7EXn/S25CrzsUL8eDMN c4vxS+Nxn5i+mk1y0yve6Wra8GqqzX224fh/0EIwC73QvKBjghBx9ZwHJrVEynsF R0LpCLyx8utCSeGNz8UwUvBSF4cCAwEAAaOCAe4wggHqMB8GA1UdIwQYMBaAFGf9 iCAUJ5jHCdIlGbvpURFjdVBiMB0GA1UdDgQWBBSADmGLHMXThrXGS6/WQuca2WCl nzArBgNVHREEJDAighAqLnByb3h5MDMuYm5sLmx1gg5wcm94eTAzLmJubC5sdTAO BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsG A1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9URVJFTkFT U0xDQTMuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vVEVSRU5B U1NMQ0EzLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIB FhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjBuBggrBgEF BQcBAQRiMGAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA4 BggrBgEFBQcwAoYsaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL1RFUkVOQVNT TENBMy5jcnQwDAYDVR0TAQH/BAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkq hkiG9w0BAQsFAAOCAQEAQtWZPJ/aNQXbftCG8yYVegi/g3e63NnoaktIiUfRRQCs 9I5XniIz8NkUjdGKQeKtqTVek7He4DlX+3dixO+WgOuriA7QjgvbaORzRPG/l6ey xz19rN6hweyRzAwdQ5ynKuWv19KthI/uUZaLVj1HVxaoJcJkb2e5FhnCK6LTekRY UFCmoashGU68PJ21KQAjBMF0MHMgRH3fzZasSPlUt8QGgnh6cJvMKlwWctqAdsuE rQsRqiD7u+RML6561E8RoxVDkX8WM7mKDR7gQvu4gV8aDkr9flJV8lGydhPSZ1N9 bfIRPbHmymwDY5gIrNThQiKK2zo7meYTKLvnqkChSg== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArnomDpcBc0oMksUamxY3 qP2x8MRbudRKLCJqRiD1Sub5l5rlHsbRHq6LAezNd9evYd8/LELTsbFpOJlevmnS XPZac/iDFU7VVPuxQdQgZTOTU2lWon5yoDJfbsJQeBAWJeYBQKnfWoegNJp1bZn8 xQDhDgiI8NQ6TFTnR3MtgJ3EgrXiH4cVkOdlh/PqQ4rVBS+qrt5nhryD20JE/rs7 Bl/oc7OGzzF+U9o6yXURu9Ja175AFnJjhz8qS3YoZJXe3ySbuiRcESNxoRoGwSAd wzh7TnyFAEly5AZUBU2bVhFAEr1udtTUtmzqvC4hFowQF/a8aJDT+dNHtOkCgnyh FZxCBw087wu0lVRaDDlaAZpGGEvWWsAVMnsmYiittdstb7x6V+vzgIn9/peaiIBO M27VPqCqrNn5OKdc5g1Gj2ICx0CE/jr+ImNaeGfTeLLWVRIlKY/FejoOrC/s6vXR g3ncA0B1BSYwhBtP1JzN1wfSBq3m7iKzftEgsKWDHBvbXzh1/YscsswqPgJpZ3Fc He5Css4PfD8iC+0bkZAH8vOpPmNaQKw2rwa7Y4OPc7EXn/S25CrzsUL8eDMNc4vx S+Nxn5i+mk1y0yve6Wra8GqqzX224fh/0EIwC73QvKBjghBx9ZwHJrVEynsFR0Lp CLyx8utCSeGNz8UwUvBSF4cCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 9797051330979716252638713112385025303 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Noord-Holland' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amsterdam' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TERENA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TERENA SSL CA 3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-01-27 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-04-29 12:00:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'LU' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Luxembourg' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Bibliothèque nationale de Luxembourg' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.proxy03.bnl.lu' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 711804642275698195565027637392726393720771517393157345437207693137424670291657282270545731111721158305556214198670427619884441809490311625630559090391144270247630921041235128277197176476541853844078430993191911005147443495766055196725032702237078438696693836591033011348350107541975420456313113948985803894819745031131659611778190589574260915206447119357690447655108258419465809289387590471640704105673520780350788254972512656616658840272666115270200351738430643499600882803382983823283818547459466639493462859514783359450521721882271048760292241685473808756753015041120486759780405045860756872283818976987433967565911980543580962999254821515190640991369363274880213629706658212558664227967780439974365774047327054902400002019069256949062580927668843942798170392507437824137275434892341401078861644882971784116973704541427383742247513805738209641079503025124858046667887773722991302001233714239374667136243188337220712664069313871773447157062659537414980238919106965873641814605618450131529904181857569699605316816110104932103019324890264438788778590117844279061833461957495803673350337446685557095258427916633564483725262690566096402782679017268191494083065698785418283213452531207124347153870506064381184364101781326890044702726023 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 67fd8820142798c709d22519bbe9511163755062 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 800e618b1cc5d386b5c64bafd642e71ad960a59f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.proxy03.bnl.lu' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'proxy03.bnl.lu' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/TERENASSLCA3.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/TERENASSLCA3.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (98 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/TERENASSLCA3.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0042d5993c9fda3505db7ed086f326157a08bf8377badcd9e86a4b488947d14500acf48e579e2233f0d9148dd18a41e2ada9355e93b1dee03957fb7762c4ef9680ebab880ed08e0bdb68e47344f1bf97a7b2c73d7dacdea1c1ec91cc0c1d439ca72ae5afd7d2ad848fee51968b563d475716a825c2646f67b91619c22ba2d37a44585050a6a1ab21194ebc3c9db529002304c174307320447ddfcd96ac48f954b7c40682787a709bcc2a5c1672da8076cb84ad0b11aa20fbbbe44c2fae7ad44f11a31543917f1633b98a0d1ee042fbb8815f1a0e4afd7e5255f251b27613d267537d6df2113db1e6ca6c03639808acd4e142228adb3a3b99e61328bbe7aa40a14a