lighthouse.es.net

- Lawrence Berkeley National Laboratory -

Issued by InCommon RSA Server CA

About this certificate

This digital certificate with serial number 3c:e1:94:20:04:0c:8b:fb:86:e2:ec:ae:b9:89:59:c9 was issued on by Internet2.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Lawrence Berkeley National Laboratory

Organization: Lawrence Berkeley National Laboratory
Organization unit: ESnet
State / Province: California
Locality: Berkeley
Country: US

Internet2

Organization: Internet2
Organization unit: InCommon
State / Province: MI
Locality: Ann Arbor
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 3c:e1:94:20:04:0c:8b:fb:86:e2:ec:ae:b9:89:59:c9
Serial Number (int): 80924950873440937692243560865269897673
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 34:53:c5:00:4c:2c:a8:c7:15:d2:66:45:d4:aa:e9:57:7f:7a:5e:21
AuthorityKeyId: 1e:05:a3:77:8f:6c:96:e2:5b:87:4b:a6:b4:86:ac:71:00:0c:e7:38

Fingerprint (sha1): f8:20:67:b3:a4:d5:b2:f9:6f:18:4c:ea:a0:51:ac:c7:96:cc:ed:aa
Fingerprint (sha256): 3d:56:d6:5d:3b:42:9a:73:d5:95:1c:c9:1f:b8:94:95:87:93:29:44:dd:2f:54:ad:9b:8a:0f:ff:c3:51:fb:a4

Issuing Certificate URL: http://crt.usertrust.com/InCommonRSAServerCA_2.crt

Revocation information

OCSP Server: http://ocsp.usertrust.com
CRL Distribution Point: http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

Check the revocation status for certificate lighthouse.es.net

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for lighthouse.es.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

lighthouse.es.net
lighthouse-east.es.net
lighthouse-west.es.net
www.lighthouse.es.net

Other certificates including the domain name es.net

(limited to 100 certificates)
vapor.es.net
repo.es.net
mcusd1.es.net
if.es.net
enrollment.es.net
grafana.es.net
netbeam-api-develop.es.net
panorama-east.es.net
dna-east.es.net
my.es.net
nsmdb-west.es.net
cement.es.net
listserv.es.net
ninfo-west.es.net
software.es.net
nsi-aggr-west.es.net
tls.automattic.com
graphite.es.net
prometheus-west.es.net
dna-west.es.net
tls.automattic.com
netbeam.es.net
blue-mcp-east1.es.net
akips-test.es.net
packetdesign.es.net
mcusd2.es.net
www.es.net
es.net
eng-wiki.es.net
netbeam-core-api.es.net
netbeam-api.es.net
www.es.net
netbeam-core-api-develop.es.net
splunk-west1.es.net
vcenter-dev-west1.es.net
software.es.net
tls.automattic.com
sysmon.es.net
if.es.net
influxdb-poc.es.net
arbor.es.net
sysinfo.es.net
netlab-dna-west.es.net
nso-netlab.es.net
oscars-pss.es.net
thulite.es.net
vapor.es.net
bhr-west.es.net
www-eng.es.net
arista-bnl.es.net
vapor.es.net
sense-nrm.es.net
oscars-dev2.es.net
spectrum.es.net
stats.es.net
lighthouse.es.net
artemis.es.net
fw1-west-mgt.es.net
stats.es.net
hardware-inventory-east.es.net
omg.es.net
wiki.es.net
nsi-aggr-west.es.net
software.es.net
prometheus-poc.es.net
inflxudb-poc.es.net
wiki-east.es.net
cement-east.es.net
netbeam-core-api.es.net
idp.es.net
panorama.es.net
my.es.net
vcenter-west1.es.net
graphite.es.net
downloads.es.net
vcenter-east1.es.net
grafana.es.net
idp.es.net
stats.es.net
www.es.net
stats.es.net
nsmdb-east.es.net
arista-lbl.es.net
waikiki.es.net
my.es.net
nsi-aggr-west.es.net
omg.es.net
ps-dev-el7-1.es.net
gab.es.net
scan-west.es.net
software.es.net
bhr-lbl.es.net
software.es.net
mcuhd2.es.net
downloads.es.net
software.es.net
esdb.es.net
software.es.net
arbor.es.net
packetdesign.es.net

Certificate

The complete raw certificate details for lighthouse.es.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHJDCCBgygAwIBAgIQPOGUIAQMi/uG4uyuuYlZyTANBgkqhkiG9w0BAQsFADB2
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0yMTEyMDYwMDAwMDBaFw0yMzAxMDYy
MzU5NTlaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8G
A1UEBxMIQmVya2VsZXkxLjAsBgNVBAoTJUxhd3JlbmNlIEJlcmtlbGV5IE5hdGlv
bmFsIExhYm9yYXRvcnkxDjAMBgNVBAsTBUVTbmV0MRowGAYDVQQDExFsaWdodGhv
dXNlLmVzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANVvniJ+
iVIHa8NVJWaZBqNmNehB4LY1iAppPNmP22s3upmgiHwlAiSLa7juEoAyDykJKGio
VJRbj+xVcgL/SLVYvHGvjPZakFGmTqEhO+EYm7XCMYVdu++L/+vJyhEGGtqoEAEo
v1jC4gcnuZmgnMa5WTWha64icmHQ9aBiJ7Aq2lxwEjkTSOe0+6S3UYWK4My/kRxw
LnYIfwRxguIaOCdzfvY+ofgQpZ+CQthYpWCjrIpEINNe62jkmhCM+VvAKsBoEybQ
O6FvFD5s29klBZXV7zpbRwFA3lw0zj3NL8NzTKwNG8EGvfif+grXa0rvogG5p+CO
KMns4C3KC3wup6cCAwEAAaOCA5AwggOMMB8GA1UdIwQYMBaAFB4Fo3ePbJbiW4dL
prSGrHEADOc4MB0GA1UdDgQWBBQ0U8UATCyoxxXSZkXUqulXf3peITAOBgNVHQ8B
Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwZwYDVR0gBGAwXjBSBgwrBgEEAa4jAQQDAQEwQjBABggrBgEFBQcCARY0
aHR0cHM6Ly93d3cuaW5jb21tb24ub3JnL2NlcnQvcmVwb3NpdG9yeS9jcHNfc3Ns
LnBkZjAIBgZngQwBAgIwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC5pbmNv
bW1vbi1yc2Eub3JnL0luQ29tbW9uUlNBU2VydmVyQ0EuY3JsMHUGCCsGAQUFBwEB
BGkwZzA+BggrBgEFBQcwAoYyaHR0cDovL2NydC51c2VydHJ1c3QuY29tL0luQ29t
bW9uUlNBU2VydmVyQ0FfMi5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz
ZXJ0cnVzdC5jb20wggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2AK33vvp8/xDI
i509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABfZDKSucAAAQDAEcwRQIhAI1qotav
bxb3rwpXFBI59a5/GUuhMcaXnN+hSnlXNAaRAiBb0cprNG/ws/vpsGfVTMzZEz5x
+GIf4QqsVPCN4nhQXQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutS
AAABfZDKSvkAAAQDAEgwRgIhALpRoKX/ltJqEMsZR8NrRZjEeXpVXAE7bhDAl60Y
hFPXAiEA6f8I1Tp/gecKS6b86BrymvF0uS56rqjbi69NNpS3PTgAdwDoPtDaPvUG
NTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAX2QykrIAAAEAwBIMEYCIQDjJhU6
Pr6b7cWhgMqlUzNNBGjMFBbQe9Ax4QYhD/AmrAIhAOQ39KaB+3Dwh6/QgGxZO24t
S+ffxYJgjdYcjyRj6C/5MGMGA1UdEQRcMFqCEWxpZ2h0aG91c2UuZXMubmV0ghZs
aWdodGhvdXNlLWVhc3QuZXMubmV0ghZsaWdodGhvdXNlLXdlc3QuZXMubmV0ghV3
d3cubGlnaHRob3VzZS5lcy5uZXQwDQYJKoZIhvcNAQELBQADggEBAJiGCMLURQeA
y8xSxgNdWt+kIfbmv6DCZ0BhNeJGqt2vXF18167Jj8xPSti8e7oWatSLTptoSKQR
CkiDacBD8OoTojcnY+CenfXjQaSa0zJFX6Zpo2cRqQGykkqoA8dnDsIP8L74M93J
BGDjnJWi9d2H/L7U8s+ImlVxGPtjhn06Jw1Z/w6FdXwO3UVxY/OlcLPWkjk1tOxh
RW8J7KTx41237j2jfOJBhw6/ZfqkJMxk/aNCQUQufgXpRTnmc69fw/HjKIpSHXPu
4teukHou7o/gSX3qgBUFymtdgoU3M2al17HJrw1pPr8259DyZPvaIcRY5/+u9NCq
jlodHPfiFEU=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1W+eIn6JUgdrw1UlZpkG
o2Y16EHgtjWICmk82Y/baze6maCIfCUCJItruO4SgDIPKQkoaKhUlFuP7FVyAv9I
tVi8ca+M9lqQUaZOoSE74RibtcIxhV2774v/68nKEQYa2qgQASi/WMLiBye5maCc
xrlZNaFrriJyYdD1oGInsCraXHASORNI57T7pLdRhYrgzL+RHHAudgh/BHGC4ho4
J3N+9j6h+BCln4JC2FilYKOsikQg017raOSaEIz5W8AqwGgTJtA7oW8UPmzb2SUF
ldXvOltHAUDeXDTOPc0vw3NMrA0bwQa9+J/6CtdrSu+iAbmn4I4oyezgLcoLfC6n
pwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 80924950873440937692243560865269897673
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'MI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ann Arbor'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-12-06 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-06 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Berkeley'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Lawrence Berkeley National Laboratory'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ESnet'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'lighthouse.es.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26943799703862176481153015937313117362305549691900099290653321022993987655633253625424405036344887046819358576845846836805777568616261342753683012415015248877832213529525093134514225821346819361908549394159842851282565896043091812906975858357292479456072754360103685678612320381861224082042048317344637211039338804740027411670913681279553135332772843133983276204057476447136653769904549148472431038313105881651420961966790207227329491538458568934162735035170595797826926101833805053329606110375782006084481221926366717490518432752217967758742189647213153073404133003873113706018502504814598801052972879302575034116007
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1e05a3778f6c96e25b874ba6b486ac71000ce738
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3453c5004c2ca8c715d26645d4aae9577f7a5e21
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (96 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.incommon.org/cert/repository/cps_ssl.pdf'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.incommon-rsa.org/InCommonRSAServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.usertrust.com/InCommonRSAServerCA_2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.usertrust.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a007600adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a0000017d90ca4ae700000403004730450221008d6aa2d6af6f16f7af0a57141239f5ae7f194ba131c6979cdfa14a795734069102205bd1ca6b346ff0b3fbe9b067d54cccd9133e71f8621fe10aac54f08de278505d0077007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb520000017d90ca4af90000040300483046022100ba51a0a5ff96d26a10cb1947c36b4598c4797a555c013b6e10c097ad188453d7022100e9ff08d53a7f81e70a4ba6fce81af29af174b92e7aaea8db8baf4d3694b73d38007700e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e0000017d90ca4ac80000040300483046022100e326153a3ebe9bedc5a180caa553334d0468cc1416d07bd031e106210ff026ac022100e437f4a681fb70f087afd0806c593b6e2d4be7dfc582608dd61c8f2463e82ff9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lighthouse.es.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lighthouse-east.es.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lighthouse-west.es.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.lighthouse.es.net'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00988608c2d4450780cbcc52c6035d5adfa421f6e6bfa0c267406135e246aaddaf5c5d7cd7aec98fcc4f4ad8bc7bba166ad48b4e9b6848a4110a488369c043f0ea13a2372763e09e9df5e341a49ad332455fa669a36711a901b2924aa803c7670ec20ff0bef833ddc90460e39c95a2f5dd87fcbed4f2cf889a557118fb63867d3a270d59ff0e85757c0edd457163f3a570b3d6923935b4ec61456f09eca4f1e35db7ee3da37ce241870ebf65faa424cc64fda34241442e7e05e94539e673af5fc3f1e3288a521d73eee2d7ae907a2eee8fe0497dea801505ca6b5d8285373366a5d7b1c9af0d693ebf36e7d0f264fbda21c458e7ffaef4d0aa8e5a1d1cf7e21445