webmail.ijm.org

- International Justice Mission -

Issued by DigiCert SHA2 High Assurance Server CA

About this certificate

This digital certificate with serial number 09:2f:42:56:41:02:6f:4b:3b:b7:f7:c5:38:2f:e7:5c was issued on by DigiCert Inc.

With 9 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

International Justice Mission

Organization: International Justice Mission
State / Province: District of Columbia
Locality: Washington
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 09:2f:42:56:41:02:6f:4b:3b:b7:f7:c5:38:2f:e7:5c
Serial Number (int): 12208435387190666052171453613055403868
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 86:d3:12:e5:6f:8d:91:54:f1:55:be:52:66:9c:2d:e9:c9:62:7d:d1
AuthorityKeyId: 51:68:ff:90:af:02:07:75:3c:cc:d9:65:64:62:a2:12:b8:59:72:3b

Fingerprint (sha1): 1e:ff:6f:6b:b3:a3:30:83:31:9e:f0:92:8c:6f:89:cf:7e:d0:a9:f1
Fingerprint (sha256): 3f:1f:d5:be:ea:93:8f:e9:0f:83:ca:60:72:57:70:94:5c:d8:c0:6e:d8:54:7f:9b:a9:33:ef:bf:1f:b7:f1:34

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/sha2-ha-server-g5.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ha-server-g5.crl

Check the revocation status for certificate webmail.ijm.org

9

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for webmail.ijm.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

webmail.ijm.org
hq-core-wf1.ijm.org
mobile.ijm.org
sentry2.ijm.org
svmdc0010.ijm.org
svmdc0012.ijm.org
svmdc0011.ijm.org
autodiscover.ijm.org
exchange.ijm.org

Other certificates including the domain name ijm.org

(limited to 100 certificates)
stage.ijm.org
stage.freedomcommons.ijm.org
gifts.ijm.org
sentry.ijm.org
image.mktmarathonkids.org
ssl964611.cloudflaressl.com
freedomcommons.ijm.org
stage.gifts.ijm.org
sni.cloudflaressl.com
gifts.ijm.org
netcommunity.ijm.org
www.ijm.org
mask12.classy.org
sharepoint.ijm.org
stage.ijm.org
gifts.ijm.org
image.mktmarathonkids.org
gifts.ijm.org
mask12.classy.org
fundraising.ijm.org
*.ijm.org
freedomcommons.ijm.org
mask12.classy.org
mask12.classy.org
mask12.classy.org
freedomcommons.ijm.org
mask12.classy.org
gifts.ijm.org
mask12.classy.org
dev.ijm.org
mobile.ijm.org
image.mktmarathonkids.org
support.quickhelp.com
mobile.ijm.org
support.quickhelp.com
san-3-s7.tlsprovisioning.exacttarget.com
tableau.ijm.org
support.quickhelp.com
*.ijm.org
stage.ijm.org
dev.ijm.org
stage.ijm.org
webmail.ijm.org
stage.gifts.ijm.org
www.ijm.org
stage.ijm.org
stage.ijm.org
webmail.ijm.org
ssl964612.cloudflaressl.com
stage.freedomcommons.ijm.org
image.mktmarathonkids.org
support.quickhelp.com
gifts.ijm.org
tableau.ijm.org
gifts.ijm.org
ijm.org
stage.freedomcommons.ijm.org
stage.gifts.ijm.org
image.mktmarathonkids.org
image.mktmarathonkids.org
mask12.classy.org
sharepoint.ijm.org
image.mktmarathonkids.org
support.quickhelp.com
mobile.ijm.org
image.mktmarathonkids.org
mask12.classy.org
webmail.ijm.org
mask12.classy.org
gifts.ijm.org
stage.gifts.ijm.org
mask12.classy.org
dev.ijm.org
image.mktmarathonkids.org
webmail.ijm.org
mask12.classy.org
my.ijm.org
mask12.classy.org
sni.cloudflaressl.com
www.ijm.org
image.mktmarathonkids.org
image.mktmarathonkids.org
mask12.classy.org
gifts.ijm.org
san-3-s7.tlsprovisioning.exacttarget.com
mask12.classy.org
mask12.classy.org
image.mktmarathonkids.org
stage.freedomcommons.ijm.org
tableau.ijm.org
www.ijm.org
image.mktmarathonkids.org
mask12.classy.org
stage.gifts.ijm.org
sni.cloudflaressl.com
webmail.ijm.org
bomgar.ijm.org
image.mktmarathonkids.org
sni.cloudflaressl.com
dev.ijm.org

Certificate

The complete raw certificate details for webmail.ijm.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgIQCS9CVkECb0s7t/fFOC/nXDANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0xMzEwMjIxMjAwMDFaFw0xNjA4MjQxMjAwMDBa
MIGDMQswCQYDVQQGEwJVUzEdMBsGA1UECBMURGlzdHJpY3Qgb2YgQ29sdW1iaWEx
EzARBgNVBAcTCldhc2hpbmd0b24xJjAkBgNVBAoTHUludGVybmF0aW9uYWwgSnVz
dGljZSBNaXNzaW9uMRgwFgYDVQQDEw93ZWJtYWlsLmlqbS5vcmcwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLM9kD7xVP6wtr6iTMYkw10RTxp/7km0U3
gHnIX09jyLIzXtF8RWByD4UoklEkdjVbS3jumFbhHi+MbseovHz0XqMbfdVbHmk9
V1rh6eVP6lVRb6HJRbIFh5XwT8mH3PgCeglr7+0/3W197BN7qn60fbGvUx+ZX3+P
VQH1D7dddDSOLI4oDtKoloFGMqEYMohRyjc7GREyOCN3yJElLFm0YjBsaPLpmU55
Ha712G88JrUhAuinSEmLCE3HXA/IAnwhpldlGI64Y6RsKRvet78vMSUYhqrujB+v
QS+VQPPmskbcKOHMQ88nHDzmfOL6n9tVLoNX9fZxGNBtXq9dnhndAgMBAAGjggKC
MIICfjAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQU
htMS5W+NkVTxVb5SZpwt6clifdEwgbMGA1UdEQSBqzCBqIIPd2VibWFpbC5pam0u
b3JnghNocS1jb3JlLXdmMS5pam0ub3Jngg5tb2JpbGUuaWptLm9yZ4IPc2VudHJ5
Mi5pam0ub3JnghFzdm1kYzAwMTAuaWptLm9yZ4IRc3ZtZGMwMDEyLmlqbS5vcmeC
EXN2bWRjMDAxMS5pam0ub3JnghRhdXRvZGlzY292ZXIuaWptLm9yZ4IQZXhjaGFu
Z2UuaWptLm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0
LmNvbS9zaGEyLWhhLXNlcnZlci1nNS5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRp
Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNS5jcmwwTAYDVR0gBEUwQzA3Bglg
hkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29t
L0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0
cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0
cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNB
LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCUiGpOV9stB3sQ
TG1jho0H3v1JUFiomoDU54MnzcdnARCnsVS4kvXlUymfREYl6Jz6L97nEZc16QV4
+otAJru50rd9wglOTTsy79/64IcXOLJVeZa/3/GqsaEvEFZhCudeHSY0dPZfY4sg
iUrXt8w8SUdE8QfMeAwjQ1Hi4x43OvZUJ9F7xoAJU7KhJqXywfKRiGkj2drkINgp
Pws/RekTA26JPwzwYYZLP3VgJfuhS1Irnzn4yVeTtds3wUdEJIkFiEw90Ndlb8Wi
jp7DOOtCu3oZDoYS8m0V+MNQksPH4wzGoZMwfJ5ZAlBF9cB51FeSuiC28568x74D
nVrRDLTL
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzPZA+8VT+sLa+okzGJM
NdEU8af+5JtFN4B5yF9PY8iyM17RfEVgcg+FKJJRJHY1W0t47phW4R4vjG7HqLx8
9F6jG33VWx5pPVda4enlT+pVUW+hyUWyBYeV8E/Jh9z4AnoJa+/tP91tfewTe6p+
tH2xr1MfmV9/j1UB9Q+3XXQ0jiyOKA7SqJaBRjKhGDKIUco3OxkRMjgjd8iRJSxZ
tGIwbGjy6ZlOeR2u9dhvPCa1IQLop0hJiwhNx1wPyAJ8IaZXZRiOuGOkbCkb3re/
LzElGIaq7owfr0EvlUDz5rJG3CjhzEPPJxw85nzi+p/bVS6DV/X2cRjQbV6vXZ4Z
3QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 12208435387190666052171453613055403868
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 High Assurance Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2013-10-22 12:00:01 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-08-24 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'District of Columbia'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Washington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'International Justice Mission'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'webmail.ijm.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25651942969903452413828644227592747352351318723173790073881963414162907841752793081778252917131572132421092766737577245469054752369620504004678857229504979336930981788524548836922457834373820322083315160130483032867763611790284759644988302498849376004784077251923698360519307528030405776706429596364237027579166023727772895925808361637758348868134246963268389060689652851972844596844758928454861029656369897636745565255722672012756971184587121979491542816692841958303216891893599740966738598649840297802378271146085601088993070123202026828079015658484009416922382911450177274457871576402002835102826612635063321237981
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 5168ff90af0207753cccd9656462a212b859723b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							86d312e56f8d9154f155be52669c2de9c9627dd1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (171 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webmail.ijm.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hq-core-wf1.ijm.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mobile.ijm.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sentry2.ijm.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'svmdc0010.ijm.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'svmdc0012.ijm.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'svmdc0011.ijm.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.ijm.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'exchange.ijm.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ha-server-g5.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ha-server-g5.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0094886a4e57db2d077b104c6d63868d07defd495058a89a80d4e78327cdc7670110a7b154b892f5e553299f444625e89cfa2fdee7119735e90578fa8b4026bbb9d2b77dc2094e4d3b32efdffae0871738b2557996bfdff1aab1a12f1056610ae75e1d263474f65f638b20894ad7b7cc3c494744f107cc780c234351e2e31e373af65427d17bc6800953b2a126a5f2c1f291886923d9dae420d8293f0b3f45e913036e893f0cf061864b3f756025fba14b522b9f39f8c95793b5db37c14744248905884c3dd0d7656fc5a28e9ec338eb42bb7a190e8612f26d15f8c35092c3c7e30cc6a193307c9e59025045f5c079d45792ba20b6f39ebcc7be039d5ad10cb4cb