www.citi.com
- Citigroup Inc. -
Issued by DigiCert SHA2 Extended Validation Server CA
About this certificate
This digital certificate with serial number 03:a4:26:4c:7f:f3:fc:25:9e:d9:58:3c:bc:3e:e9:1c was issued on by DigiCert Inc.
With 34 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Citigroup Inc.
Company registration number:
2154254
Organization: Citigroup Inc.
Organization: Citigroup Inc.
State / Province:
New York
Locality: New York
Country: US
Locality: New York
Country: US
DigiCert Inc
Organization:
DigiCert Inc
Organization unit: www.digicert.com
Organization unit: www.digicert.com
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:a4:26:4c:7f:f3:fc:25:9e:d9:58:3c:bc:3e:e9:1cSerial Number (int): 4839997464659305149162859124888627484
Serial Number lenght: 122 bits, 16 octets
SubjectKeyId: 23:35:e3:52:1b:9d:23:ac:a5:07:10:8a:84:26:4f:81:29:1b:46:95
AuthorityKeyId: 3d:d3:50:a5:d6:a0:ad:ee:f3:4a:60:0a:65:d3:21:d4:f8:f8:d6:0f
Fingerprint (sha1): 38:43:1a:58:84:c3:0e:20:d2:bb:04:e6:fc:84:06:61:d2:eb:bd:e9
Fingerprint (sha256): 3e:24:0d:8b:9d:2b:75:d4:bf:54:85:11:2d:90:31:ec:da:50:b5:cd:a0:6a:3a:c7:0b:81:3e:cb:53:e3:68:ff
Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt
Revocation information
OCSP Server: http://ocsp.digicert.comCRL Distribution Point: http://crl3.digicert.com/sha2-ev-server-g3.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ev-server-g3.crl
Check the revocation status for certificate www.citi.com
34
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for www.citi.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
www.blog.citigroup.com
ipbus.citi.com
citibank.hu
www.citibank.ae
citimanager.com
blog.citigroup.com
citibank.sk
ipb.citibank.eu
www.citibank.cz
www.universalcard.com
www.ipb.citi.com
citibank.ae
ipb.citi.com
www.citi.com
citibank.kz
www.citigold.citibank.com
www.citigroup.jp
www.europe.citigold.citibank.com
www.ipb.citibank.co.uk
www.citibank.hu
citibank.cz
www.citimanager.com
universalcard.com
citigroup.jp
europe.citigold.citibank.com
ipb.citibank.co.uk
www.ipbusclientappreciation.citi.com
www.citibank.sk
www.ipbus.citi.com
ipbusclientappreciation.citi.com
citigold.citibank.com
www.ipb.citibank.eu
www4.citi.com
citibank.bh
ipbus.citi.com
citibank.hu
www.citibank.ae
citimanager.com
blog.citigroup.com
citibank.sk
ipb.citibank.eu
www.citibank.cz
www.universalcard.com
www.ipb.citi.com
citibank.ae
ipb.citi.com
www.citi.com
citibank.kz
www.citigold.citibank.com
www.citigroup.jp
www.europe.citigold.citibank.com
www.ipb.citibank.co.uk
www.citibank.hu
citibank.cz
www.citimanager.com
universalcard.com
citigroup.jp
europe.citigold.citibank.com
ipb.citibank.co.uk
www.ipbusclientappreciation.citi.com
www.citibank.sk
www.ipbus.citi.com
ipbusclientappreciation.citi.com
citigold.citibank.com
www.ipb.citibank.eu
www4.citi.com
citibank.bh
Other certificates including the domain name citi.com
(limited to 100 certificates)
tv.citi.com
ibmwebspheremqaltophubqmsit.citi.com
ibmwebspheremqgtsitorg01.citi.com
consumersoa.citi.com
ibmwebspheremqmrntbc12.citi.com
www.citibank.com
ibmWebSphereMQCSGPP.citi.com
uat.citi.com
ibmwebspheremqswprdcol01.citi.com
uat.accountonline.com
mx-test.mail.citi.com
desktop.citi.com
ibmwebspheremqgtsgatewayqm2.citi.com
cardactivation.citi.com
Preview.online.citi.com
Financialtools.citi.com
mobilesoasit2.citi.com
friendlyusertest.creditcards.citi.com
soawebsocketuat.citi.com
www.privatebank.citibank.com
ibmwebspheremqgtprdfus17.citi.com
efdissecuresignuat.citi.com
LyncProdDR.EUR.NSROOT.NET
ibmwebspheremqmrnpbc45.citi.com
citicards.citi.com
expresswaye02.emealabs.citi.com
www.uat.payment.citi.com
security1.citi.com
ibmwebspheremqmdltbc04.citi.com.citi.com
supplierportal.uattec.citi.com
extracash.citi.com
ibmwebspheremqgtprdca04.citi.com
chat.online.citi.com
mailir.citi.com
ibmwebspheremqswprdmob02.citi.com
ibmwebspheremqswprdbby05.citi.com
concierge.citi.com
paymentexchange.cte.transactionservices.citi.com
businesspopmoney.citi.com
citiconnectbeneficiaryadvising.citi.com
approvepay.citi.com
ibmWebSphereMQSP02P.citi.com
www.citibank.co.uk
sit7.online.citi.com
citiconnectbeneficiaryadvising.citi.com
locationtracker.citi.com
ibmwebspheremqmdlpbc03.citi.com
ibmwebspheremqmrnpbc30.citi.com
uat.approvepay.citi.com
vmr.emealabs.citi.com
supplierportal.uat.citi.com
ibmwebspheremqmdlpbc31.citi.com
survey.emailapps.emea.citi.com
ibmWebSphereMQCSGDU.citi.com
wiresuat2.citi.com
www.privatebank.citibank.com
citifundremoteaccess.transactionservices.citi.com
www.retailservicescommercial.citi.com
uat.citi.com
icg.citi.com
paymentexchange.cte.transactionservices.citi.com
ibmwebspheremqfpsnam_prod.citi.com
uat.remoteoffice.citigroup.com
ibmwebspheremqrd03u.citi.com
sip.citi.com
creditscore.citi.com
ibmwebspheremqmdlpbc43.citi.com
wiresuat1.citi.com
uat.citi.com
ibmwebspheremqgtaemf4qm.sit.citi.com
presentandpay.citi.com
www.identityprotection.citi.com
mobilesoaaspac.citi.com
mobileservices.nam.citiprivatebank.citi.com
aspac.api2s.citi.com
eur.vmr.citi.com
www.paymentaidplus.citi.com
m.partner.citi.com
mobilesoaaspac2.citi.com
dit01.creditcards.citi.com
businessaccess.citibank.citigroup.com
ir.citi.com
aspac.api.citi.com
mobilesoaaspac2.citi.com
soawebsocketsit.citi.com
ibmwebspheremqnaissc2p.citi.com
reset.uat.citi.com
ibmwebspheremqswlodcol01.citi.com
ibmwebspheremqgtprdorg02.citi.com
uat.citigoldlounges.citi.com
ibmwebspheremqicgqm1.qc1.citi.com
ibmwebspheremqmdlpbc48.citi.com
uat.citigoldlounges.citi.com
lync13poolnamdev1.namdev.nsrootdev.net
uat.ir.citi.com
sit15.accountonline.citi.com
metrics1.citi.com
citipaymentexchange.citi.com
ibmwebspheremqgtlodrpl01.citi.com
myassetbasedlending.citi.com
ibmwebspheremqaltophubqmsit.citi.com
ibmwebspheremqgtsitorg01.citi.com
consumersoa.citi.com
ibmwebspheremqmrntbc12.citi.com
www.citibank.com
ibmWebSphereMQCSGPP.citi.com
uat.citi.com
ibmwebspheremqswprdcol01.citi.com
uat.accountonline.com
mx-test.mail.citi.com
desktop.citi.com
ibmwebspheremqgtsgatewayqm2.citi.com
cardactivation.citi.com
Preview.online.citi.com
Financialtools.citi.com
mobilesoasit2.citi.com
friendlyusertest.creditcards.citi.com
soawebsocketuat.citi.com
www.privatebank.citibank.com
ibmwebspheremqgtprdfus17.citi.com
efdissecuresignuat.citi.com
LyncProdDR.EUR.NSROOT.NET
ibmwebspheremqmrnpbc45.citi.com
citicards.citi.com
expresswaye02.emealabs.citi.com
www.uat.payment.citi.com
security1.citi.com
ibmwebspheremqmdltbc04.citi.com.citi.com
supplierportal.uattec.citi.com
extracash.citi.com
ibmwebspheremqgtprdca04.citi.com
chat.online.citi.com
mailir.citi.com
ibmwebspheremqswprdmob02.citi.com
ibmwebspheremqswprdbby05.citi.com
concierge.citi.com
paymentexchange.cte.transactionservices.citi.com
businesspopmoney.citi.com
citiconnectbeneficiaryadvising.citi.com
approvepay.citi.com
ibmWebSphereMQSP02P.citi.com
www.citibank.co.uk
sit7.online.citi.com
citiconnectbeneficiaryadvising.citi.com
locationtracker.citi.com
ibmwebspheremqmdlpbc03.citi.com
ibmwebspheremqmrnpbc30.citi.com
uat.approvepay.citi.com
vmr.emealabs.citi.com
supplierportal.uat.citi.com
ibmwebspheremqmdlpbc31.citi.com
survey.emailapps.emea.citi.com
ibmWebSphereMQCSGDU.citi.com
wiresuat2.citi.com
www.privatebank.citibank.com
citifundremoteaccess.transactionservices.citi.com
www.retailservicescommercial.citi.com
uat.citi.com
icg.citi.com
paymentexchange.cte.transactionservices.citi.com
ibmwebspheremqfpsnam_prod.citi.com
uat.remoteoffice.citigroup.com
ibmwebspheremqrd03u.citi.com
sip.citi.com
creditscore.citi.com
ibmwebspheremqmdlpbc43.citi.com
wiresuat1.citi.com
uat.citi.com
ibmwebspheremqgtaemf4qm.sit.citi.com
presentandpay.citi.com
www.identityprotection.citi.com
mobilesoaaspac.citi.com
mobileservices.nam.citiprivatebank.citi.com
aspac.api2s.citi.com
eur.vmr.citi.com
www.paymentaidplus.citi.com
m.partner.citi.com
mobilesoaaspac2.citi.com
dit01.creditcards.citi.com
businessaccess.citibank.citigroup.com
ir.citi.com
aspac.api.citi.com
mobilesoaaspac2.citi.com
soawebsocketsit.citi.com
ibmwebspheremqnaissc2p.citi.com
reset.uat.citi.com
ibmwebspheremqswlodcol01.citi.com
ibmwebspheremqgtprdorg02.citi.com
uat.citigoldlounges.citi.com
ibmwebspheremqicgqm1.qc1.citi.com
ibmwebspheremqmdlpbc48.citi.com
uat.citigoldlounges.citi.com
lync13poolnamdev1.namdev.nsrootdev.net
uat.ir.citi.com
sit15.accountonline.citi.com
metrics1.citi.com
citipaymentexchange.citi.com
ibmwebspheremqgtlodrpl01.citi.com
myassetbasedlending.citi.com
Certificate
The complete raw certificate details for www.citi.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIJwzCCCKugAwIBAgIQA6QmTH/z/CWe2Vg8vD7pHDANBgkqhkiG9w0BAQsFADB1 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTIyMDIxNjAwMDAwMFoXDTIzMDMxOTIz NTk1OVowgcQxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI RGVsYXdhcmUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQF EwcyMTU0MjU0MQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNV BAcTCE5ldyBZb3JrMRcwFQYDVQQKEw5DaXRpZ3JvdXAgSW5jLjEVMBMGA1UEAxMM d3d3LmNpdGkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Lz9 +HSB+M0iC0JdNM5coQbH2is/hhEqRES91VgqxchjKkkePgeT9shA9x4aRDJK48vu Sbd0GGDzrN6UHKIX/gBzSRDEZpz4Abipk2o/pM8l/IirbYM0QVM2O4VEusmmQS36 iHwEvSPvd7M/lhZEeGsGFj28DbasakmOe6/bu1qOqwhkR7kLajqdCTnaajBfXZ2q lhsD7iMHkT8krOQIFyUMX36UB3S1LeKwVz/EetaUXob7pgyO0DxGOmVnlmGnhqjz qv0XkfLUMv/ULoWtiD20bVDtjxjjKBl49/KCOCIqGLh8Ty/8q1DS5RpB8drLAlxn Y66zmMHLG3VQBG/SGQIDAQABo4IF/TCCBfkwHwYDVR0jBBgwFoAUPdNQpdagre7z SmAKZdMh1Pj41g8wHQYDVR0OBBYEFCM141IbnSOspQcQioQmT4EpG0aVMIICqAYD VR0RBIICnzCCApuCFnd3dy5ibG9nLmNpdGlncm91cC5jb22CDmlwYnVzLmNpdGku Y29tggtjaXRpYmFuay5odYIPd3d3LmNpdGliYW5rLmFlgg9jaXRpbWFuYWdlci5j b22CEmJsb2cuY2l0aWdyb3VwLmNvbYILY2l0aWJhbmsuc2uCD2lwYi5jaXRpYmFu ay5ldYIPd3d3LmNpdGliYW5rLmN6ghV3d3cudW5pdmVyc2FsY2FyZC5jb22CEHd3 dy5pcGIuY2l0aS5jb22CC2NpdGliYW5rLmFlggxpcGIuY2l0aS5jb22CDHd3dy5j aXRpLmNvbYILY2l0aWJhbmsua3qCGXd3dy5jaXRpZ29sZC5jaXRpYmFuay5jb22C EHd3dy5jaXRpZ3JvdXAuanCCIHd3dy5ldXJvcGUuY2l0aWdvbGQuY2l0aWJhbmsu Y29tghZ3d3cuaXBiLmNpdGliYW5rLmNvLnVrgg93d3cuY2l0aWJhbmsuaHWCC2Np dGliYW5rLmN6ghN3d3cuY2l0aW1hbmFnZXIuY29tghF1bml2ZXJzYWxjYXJkLmNv bYIMY2l0aWdyb3VwLmpwghxldXJvcGUuY2l0aWdvbGQuY2l0aWJhbmsuY29tghJp cGIuY2l0aWJhbmsuY28udWuCJHd3dy5pcGJ1c2NsaWVudGFwcHJlY2lhdGlvbi5j aXRpLmNvbYIPd3d3LmNpdGliYW5rLnNrghJ3d3cuaXBidXMuY2l0aS5jb22CIGlw YnVzY2xpZW50YXBwcmVjaWF0aW9uLmNpdGkuY29tghVjaXRpZ29sZC5jaXRpYmFu ay5jb22CE3d3dy5pcGIuY2l0aWJhbmsuZXWCDXd3dzQuY2l0aS5jb22CC2NpdGli YW5rLmJoMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB BQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29t L3NoYTItZXYtc2VydmVyLWczLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNl cnQuY29tL3NoYTItZXYtc2VydmVyLWczLmNybDBKBgNVHSAEQzBBMAsGCWCGSAGG /WwCATAyBgVngQwBATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0 LmNvbS9DUFMwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29j c3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5kaWdp Y2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0Eu Y3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AK33 vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABfwJ9Xx4AAAQDAEcwRQIg f4/uwIexmsa088/civ6zkwTlqMWzOibax7xXSZgEZW0CIQCo7hUVZCiXK5UPeI0s QsZExvsXGB3VdjC7vkCaEck5QgB2ADXPGRu/sWxXvw+tTG1Cy7u2JyAmUeo/4Srv qAPDO9ZMAAABfwJ9XyEAAAQDAEcwRQIgBaBDRvszeTG7X6wI4fPv//tr/XAtAWIe Kh8CjUw9zKcCIQCnAjA3H/Bathu+q+OV31UMf5rrjnpSFO+JKLz/uojzHQB2ALNz dwfhhFD4Y4bWBancEQlKeS2xZwwLh9zwAw55NqWaAAABfwJ9X0IAAAQDAEcwRQIh ALQWqjsb7HFOU+V7VnzekuGj9gYys8svBPqvqyCLwpV6AiB/r7PY38lZt6L6ozPf un0TKiqC9H4ruP+VuR1UUsxMnTANBgkqhkiG9w0BAQsFAAOCAQEA0mEnkdVTUdYb 9ykUdX9OXEOG6deXbzKxql8D8RHfrwe0D9xsfWPynrxy7PiqW6Do6FLaAkF/MzRd fxQky+Rm1h7Z0kxo74XQ6Gh4XtdlT/jF9xArgK2elrLnprzxdk5vtSoOGsPSe1q8 g+zlE3PMwE5jEjHhXQDkjrQ9ePcE7s8fjGDfNjl9b8lDs2NNp3JpyWPxDbMEAgMk dI+FJbhsEHooDBrE0VqjwjU94f0LHXQBP2Ico9D7J/LVPifDIaDjPn/AmbDgfk4Y LC4+21hemcq78YnR1bfdO6ryW/yMMbs6/LWAbOLicwWJuBPbjiXl+7n93M9UGfjv ePXTMhiqOw== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Lz9+HSB+M0iC0JdNM5c oQbH2is/hhEqRES91VgqxchjKkkePgeT9shA9x4aRDJK48vuSbd0GGDzrN6UHKIX /gBzSRDEZpz4Abipk2o/pM8l/IirbYM0QVM2O4VEusmmQS36iHwEvSPvd7M/lhZE eGsGFj28DbasakmOe6/bu1qOqwhkR7kLajqdCTnaajBfXZ2qlhsD7iMHkT8krOQI FyUMX36UB3S1LeKwVz/EetaUXob7pgyO0DxGOmVnlmGnhqjzqv0XkfLUMv/ULoWt iD20bVDtjxjjKBl49/KCOCIqGLh8Ty/8q1DS5RpB8drLAlxnY66zmMHLG3VQBG/S GQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 4839997464659305149162859124888627484 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Extended Validation Server CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-02-16 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-03-19 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Delaware' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Private Organization' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '2154254' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Citigroup Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.citi.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28875528996591551461947247226882580862816864975988262740880786760003018615382713303388260234306265672040575505206620926910560306224782369623765620069274765539871715516332603042906481071691358614570267036153108399417570442507009611730349295833248466978806012283148259122497940065731711999589523180130325735603486299714682790128919910306003644958952091192607889414191719406313805135318773555362012224749795321353577456210997280863951018962763739607796075839193967718915610439175237321038259986633373382980890031726543590893229471389005826711633837171853647605024952578006872759185507027069044462566533728106601239269913 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 3dd350a5d6a0adeef34a600a65d321d4f8f8d60f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 2335e3521b9d23aca507108a84264f81291b4695 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (671 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.blog.citigroup.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ipbus.citi.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.hu' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citibank.ae' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citimanager.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blog.citigroup.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.sk' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ipb.citibank.eu' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citibank.cz' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.universalcard.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ipb.citi.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.ae' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ipb.citi.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citi.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.kz' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citigold.citibank.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citigroup.jp' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.europe.citigold.citibank.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ipb.citibank.co.uk' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citibank.hu' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.cz' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citimanager.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'universalcard.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citigroup.jp' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'europe.citigold.citibank.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ipb.citibank.co.uk' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ipbusclientappreciation.citi.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citibank.sk' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ipbus.citi.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ipbusclientappreciation.citi.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citigold.citibank.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ipb.citibank.eu' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www4.citi.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.bh' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ev-server-g3.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ev-server-g3.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.2.1 (DigiCert EV policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (124 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes) 0168007600adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a0000017f027d5f1e000004030047304502207f8feec087b19ac6b4f3cfdc8afeb39304e5a8c5b33a26dac7bc57499804656d022100a8ee15156428972b950f788d2c42c644c6fb17181dd57630bbbe409a11c9394200760035cf191bbfb16c57bf0fad4c6d42cbbbb627202651ea3fe12aefa803c33bd64c0000017f027d5f210000040300473045022005a04346fb337931bb5fac08e1f3effffb6bfd702d01621e2a1f028d4c3dcca7022100a70230371ff05ab61bbeabe395df550c7f9aeb8e7a5214ef8928bcffba88f31d007600b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a0000017f027d5f420000040300473045022100b416aa3b1bec714e53e57b567cde92e1a3f60632b3cb2f04faafab208bc2957a02207fafb3d8dfc959b7a2faa333dfba7d132a2a82f47e2bb8ff95b91d5452cc4c9d . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00d2612791d55351d61bf72914757f4e5c4386e9d7976f32b1aa5f03f111dfaf07b40fdc6c7d63f29ebc72ecf8aa5ba0e8e852da02417f33345d7f1424cbe466d61ed9d24c68ef85d0e868785ed7654ff8c5f7102b80ad9e96b2e7a6bcf1764e6fb52a0e1ac3d27b5abc83ece51373ccc04e631231e15d00e48eb43d78f704eecf1f8c60df36397d6fc943b3634da77269c963f10db304020324748f8525b86c107a280c1ac4d15aa3c2353de1fd0b1d74013f621ca3d0fb27f2d53e27c321a0e33e7fc099b0e07e4e182c2e3edb585e99cabbf189d1d5b7dd3baaf25bfc8c31bb3afcb5806ce2e2730589b813db8e25e5fbb9fddccf5419f8ef78f5d33218aa3b