orf.ap.holcim.com

Issued by COMODO RSA Domain Validation Secure Server CA

About this certificate

This digital certificate with serial number af:5a:c6:1c:94:dc:79:42:e1:e9:ad:59:1f:c3:08:54 was issued on by COMODO CA Limited.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=orf.ap.holcim.com,OU=Domain Control Validated+OU=Issued through LafargeHolcim Ltd E-PKI Manager+OU=COMODO SSL

COMODO CA Limited

Organization: COMODO CA Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): af:5a:c6:1c:94:dc:79:42:e1:e9:ad:59:1f:c3:08:54
Serial Number (int): 233086224161188803448861932001683507284
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 35:9d:9f:99:8a:85:a5:23:53:4b:28:bd:5d:29:72:ab:72:aa:51:21
AuthorityKeyId: 90:af:6a:3a:94:5a:0b:d8:90:ea:12:56:73:df:43:b4:3a:28:da:e7

Fingerprint (sha1): ed:49:3a:44:74:1e:5a:0b:bd:e1:19:60:dd:1a:27:c0:86:1c:0f:28
Fingerprint (sha256): 39:90:94:d0:47:93:b9:dd:cd:c0:53:6e:74:d2:9d:cc:7e:9c:88:ef:c0:c6:a9:4d:ae:a9:44:92:9e:c9:a7:4e

Issuing Certificate URL: http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.comodoca.com
CRL Distribution Point: http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl

Check the revocation status for certificate orf.ap.holcim.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for orf.ap.holcim.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

orf.ap.holcim.com
www.orf.ap.holcim.com

Other certificates including the domain name holcim.com

(limited to 100 certificates)
teamplace-qa.holcim.com
lp2-logon.holcim.com
*.hgrs.holcim.com
servicedesk.ap.holcim.com
brandportal.lafargeholcim.com
brandportal.lafargeholcim.com
aop.ap.holcim.com
iDispo-phl.ap.holcim.com
hronline.ap.holcim.com
trilogy.ap.holcim.com
stars-uat.ap.holcim.com
portal-qas.ap.holcim.com
brandportal.lafargeholcim.com
bwreport-poc.ap.holcim.com
crl-dev.privasphere.com
hronline-qas.ap.holcim.com
web-qa.hgrs.holcim.com
qlikview.ap.holcim.com
*.holcim.com
vd.hgrs.holcim.com
*.holcim.com
lp1-logon.holcim.com
stars.ap.holcim.com
*.hgrs.holcim.com
webvpn.holcim.com
esales.ap.holcim.com
*.hgrs.holcim.com
*.holcim.com
apbm.ap.holcim.com
portal-qas.ap.holcim.com
www.privasphere.com
*.analytics.hgrs.holcim.com
orf-poc.ap.holcim.com
Loyalty.ap.holcim.com
centennial-qa.holcim.com
*.holcim.com
*.hgrs.holcim.com
lq0-logon.holcim.com
awconsole.holcim.com
portal-poc.ap.holcim.com
vd.hgrs.holcim.com
dwa.hgrs.holcim.com
integrityline.holcim.com
loyalty-uat.ap.holcim.com
srm-qas.ap.holcim.com
mobilebi-cco.hgrs.holcim.com
trilogy.ap.holcim.com
hronline-qas.ap.holcim.com
cbs.holcim.com
awconsole.holcim.com
gw01hgrs.holcim.com
www.privasphere.com
stars.ap.holcim.com
cco.holcim.com
qa.holcim.com
websurvey.ap.holcim.com
bwreport-qas.ap.holcim.com
teamplace.holcim.com
webvpn.holcim.com
ecc-qas.ap.holcim.com
citrixphl.ap.holcim.com
hcm-qa.hgrs.holcim.com
emea-srmqimp.holcim.com
mobile.ap.holcim.com
emea-srmqbrt.holcim.com
dwa-qa.hgrs.holcim.com
bwreport-dev.ap.holcim.com
apbm.ap.holcim.com
bi.ap.holcim.com
orf-dev.ap.holcim.com
mdm.holcim.com
webvpn.holcim.com
workflow.ap.holcim.com
qvweb-dev.analytics.hgrs.holcim.com
integrity.lafargeholcim.com
www.privasphere.com
video.holcim.com
portal-qa.holcim.com
orf-dev.ap.holcim.com
maps.analytics.hgrs.holcim.com
global-workflow-dev.holcim.com
hcm.hgrs.holcim.com
crl-dev.privasphere.com
portal-dev.ap.holcim.com
*.hgrs.holcim.com
tmc.holcim.com
versand.ea.holcim.com
brandportal.lafargeholcim.com
bi-qa.hgrs.holcim.com
*.holcim.com
lj1-logon.holcim.com
stars-uat.ap.holcim.com
orf.ap.holcim.com
guesthgrs.hgrs.holcim.com
srm-qas.ap.holcim.com
logon.holcim.com
easybuild.holcim.com
*.holcim.com
appstore.ap.holcim.com
mobile.ap.holcim.com

Certificate

The complete raw certificate details for orf.ap.holcim.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHETCCBfmgAwIBAgIRAK9axhyU3HlC4emtWR/DCFQwDQYJKoZIhvcNAQELBQAw
gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
Q0EwHhcNMTgwNTA5MDAwMDAwWhcNMjAwNjIyMjM1OTU5WjCBjTEhMB8GA1UECxMY
RG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMTcwNQYDVQQLEy5Jc3N1ZWQgdGhyb3Vn
aCBMYWZhcmdlSG9sY2ltIEx0ZCBFLVBLSSBNYW5hZ2VyMRMwEQYDVQQLEwpDT01P
RE8gU1NMMRowGAYDVQQDExFvcmYuYXAuaG9sY2ltLmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALLJgQB3ivtEY4ii2JdgMTg55sXlpUMthW3psbDK
huIY3kOZNCoJ65EqMUL9XQDhUiiwj0HIej9syK2gmup1tEHiMfuf8q53yf2QRqVQ
fV5cujRmpUCzSGLQ4agP5+exibQ1BcL7C3OKQWYwANVsGLl+9uSA66b+HMprRrWo
SE4yrRv28ULqfW9k01suMRnqEwW0X+y/QPw+rL3AuPA7ouer2BmxgDdK3Hacm/vV
2Uy0Rxy34a0Z+G/ks8Kurq9uxtu0G8THoesag9+HOFGtJD3XXRtq3o96Cv/c7lrK
sQ+jyqHxtJJ1sl3OUqrl4jIFITnBl68pX2zdliOzZDQUlIsCAwEAAaOCA2UwggNh
MB8GA1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBQ1nZ+Z
ioWlI1NLKL1dKXKrcqpRITAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEE
AbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29t
L0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21v
ZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB
LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNv
bW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVy
Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wMwYD
VR0RBCwwKoIRb3JmLmFwLmhvbGNpbS5jb22CFXd3dy5vcmYuYXAuaG9sY2ltLmNv
bTCCAXwGCisGAQQB1nkCBAIEggFsBIIBaAFmAHYA7ku9t3XOYLrhQmkfq+GeZqMP
fl+wctiDAMR7iXqo/csAAAFjRBTD/gAABAMARzBFAiEA+/q5ivlwnXYZMrU8tlL4
AM6pgqMr/XaoxjJV1pWqDmcCIGcOXYsiWbNaXx/nC8c9P6yAv3UFy1uaeXwL/qiS
87yNAHYAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFjRBTEGwAA
BAMARzBFAiAj/hoMrxnKU2jLn9sZENkE1v2Jp+gbYdK49OtlYGHnYAIhAO6RAEZH
ncabrbzAFJWmQAci1q+Eh58Xu1GuXVTe/t+QAHQAVYHUwhaQNgFK6gubVzxT8MDk
OHhwJQgXL6OqHQcT0wwAAAFjRBTEcAAABAMARTBDAh8ZZiAE3xV5i3LibfB7BxRf
6h6jSOUXInkTHoYO4eMpAiBRqFU2GIK8vCqxdSu9ff+AlV26Kpskx6z6LNuHhz7z
9jANBgkqhkiG9w0BAQsFAAOCAQEADgKSLbl2Bb56Vlu/71/gVzrIngvq9isCcI0o
bJ3EuH37tZXj9gkhZ/Waravh65r30UCA/+MsruQLX09ZWGJBu4DYcW5NWgF2Dk63
Jtzlo1i93vrD50/U9z9HTwjVvVWe0tgYfy7xSc7pDEnIlWqz710cyd3tvLMQEEnB
6PJYsNnod+Ok1ne7fFt/vUwXO/Q4RFLadcXo5vwtvGcVzRaDRCYIDNQyU2PJCGRa
+5ro+cWcJ1NFTQigKCR9sazJyFHi5mlLCRP0IoxNNU/JGHONd4Js4FUG0i/whf76
z0kbR8kCDT5AOURxfWRJMNeE/hOwnOHPKOlyK0fanV8GiMhWBg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssmBAHeK+0RjiKLYl2Ax
ODnmxeWlQy2FbemxsMqG4hjeQ5k0KgnrkSoxQv1dAOFSKLCPQch6P2zIraCa6nW0
QeIx+5/yrnfJ/ZBGpVB9Xly6NGalQLNIYtDhqA/n57GJtDUFwvsLc4pBZjAA1WwY
uX725IDrpv4cymtGtahITjKtG/bxQup9b2TTWy4xGeoTBbRf7L9A/D6svcC48Dui
56vYGbGAN0rcdpyb+9XZTLRHHLfhrRn4b+Szwq6ur27G27QbxMeh6xqD34c4Ua0k
PdddG2rej3oK/9zuWsqxD6PKofG0knWyXc5SquXiMgUhOcGXrylfbN2WI7NkNBSU
iwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 233086224161188803448861932001683507284
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'COMODO CA Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'COMODO RSA Domain Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-05-09 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-06-22 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Domain Control Validated'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Issued through LafargeHolcim Ltd E-PKI Manager'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'COMODO SSL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'orf.ap.holcim.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22569783567038617890916064219789276586121448146431915820046898795933425991383749466617740051577097463467465437524128321743696919910447602485271327326887257965039096774942966777614075897513363339149483786025576623364317878753125417552239438380294481481926005566665541223218339799300860204443576373182186289227306706628871307098606727088408324867629154108403550481648542810361801355528240954328752125043743896795496168380570398844987099144043287105848074128769060934371292941955491838764728927248782725205657691155962452602434481018541637162588551997749428942230755682970337732992381452949117263094109710663226739692683
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 90af6a3a945a0bd890ea125673df43b43a28dae7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							359d9f998a85a523534b28bd5d2972ab72aa5121
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (72 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://secure.comodo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (77 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.comodoca.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'orf.ap.holcim.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.orf.ap.holcim.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes)
							0166007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb000001634414c3fe0000040300473045022100fbfab98af9709d761932b53cb652f800cea982a32bfd76a8c63255d695aa0e670220670e5d8b2259b35a5f1fe70bc73d3fac80bf7505cb5b9a797c0bfea892f3bc8d0076005ea773f9df56c0e7b536487dd049e0327a919a0c84a112128418759681714558000001634414c41b0000040300473045022023fe1a0caf19ca5368cb9fdb1910d904d6fd89a7e81b61d2b8f4eb656061e760022100ee910046479dc69badbcc01495a6400722d6af84879f17bb51ae5d54defedf900074005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c000001634414c4700000040300453043021f19662004df15798b72e26df07b07145fea1ea348e5172279131e860ee1e329022051a855361882bcbc2ab1752bbd7dff80955dba2a9b24c7acfa2cdb87873ef3f6
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000e02922db97605be7a565bbfef5fe0573ac89e0beaf62b02708d286c9dc4b87dfbb595e3f6092167f59aadabe1eb9af7d14080ffe32caee40b5f4f59586241bb80d8716e4d5a01760e4eb726dce5a358bddefac3e74fd4f73f474f08d5bd559ed2d8187f2ef149cee90c49c8956ab3ef5d1cc9ddedbcb3101049c1e8f258b0d9e877e3a4d677bb7c5b7fbd4c173bf4384452da75c5e8e6fc2dbc6715cd16834426080cd4325363c908645afb9ae8f9c59c2753454d08a028247db1acc9c851e2e6694b0913f4228c4d354fc918738d77826ce05506d22ff085fefacf491b47c9020d3e403944717d644930d784fe13b09ce1cf28e9722b47da9d5f0688c85606