mazars.com

Issued by GeoTrust Global TLS RSA4096 SHA256 2022 CA1

About this certificate

This digital certificate with serial number 0b:98:c7:9d:3f:40:b7:8c:cf:6f:c6:08:6f:ba:e2:34 was issued on by DigiCert, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=mazars.com

DigiCert, Inc.

Organization: DigiCert, Inc.
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0b:98:c7:9d:3f:40:b7:8c:cf:6f:c6:08:6f:ba:e2:34
Serial Number (int): 15414785734039803485151875283587621428
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 0b:f2:c6:3f:c5:61:18:cc:67:bb:c7:b2:bd:8d:e5:37:65:8a:17:2b
AuthorityKeyId: a5:b4:d6:eb:36:c4:e7:6b:a6:df:c4:64:0b:01:2a:20:04:b8:66:23

Fingerprint (sha1): 39:45:ac:03:cb:ce:54:b8:c3:67:60:9f:89:6e:96:75:48:8e:09:4d
Fingerprint (sha256): 41:39:a4:01:b5:7f:74:2b:27:22:8f:e1:1e:a3:83:2a:ac:4a:e5:35:50:4f:2e:1a:ca:e9:c6:6b:50:02:90:32

Issuing Certificate URL: http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl
CRL Distribution Point: http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl

Check the revocation status for certificate mazars.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for mazars.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

mazars.com

Other certificates including the domain name mazars.com

(limited to 100 certificates)
businesshub.mazars.com
www.ecommerce.mazars.com
businesshub.mazars.com
blogs.mazars.com
ecommerce.mazars.com
lookingfortalent.mazars.com
university.mazars.com

www.mazars.nl

*.mazars.com
incontrol.mazars.com
ecommerce.mazars.com
moffice-api.dev.innovation.mazars.com
access01.mazars.co.uk
www.mazars.fr
fre.into.mazars.com
www.mazars.fr
*.mazars.com
*.mazars.com
businesshub.mazars.com
mazars.com
*.mazars.com
businesshub.mazars.com
optimize.mazars.com
ecommerce.mazars.com
insidemyphone.com
businesshub.mazars.com
businesshub.mazars.com
*.mazars.com
*.mazars.com
MAZARS
*.mazars.com
www.annualreport.mazars.com
tomorrowsaudithackathon.mazars.com
businesshub.mazars.com
www.ecommerce.mazars.com
mcount-api.dev.innovation.mazars.com
www.mazars.fr
bim.dev.innovation.mazars.com
www.mazars.fr
www.ecommerce.mazars.com
nothing-to-hide.mazars.com
university.mazars.com
www.mazars.fr
university.mazars.com
financialmodelling.mazars.com
insidemyphone.com
financialservices.mazars.com
*.mazars.com
blogs.mazars.com
insidemyphone.com
insidemyphone.com
ecommerce.mazars.com
insidemyphone.com
mail.mazars.co.uk
fre.into.mazars.com
access01.mazars.co.uk
www.ecommerce.mazars.com
university.mazars.com
*.mazars.com
moffice.dev.innovation.mazars.com
bim-api.dev.innovation.mazars.com
www.mazars.fr
ecommerce.mazars.com
www.mazars.fr
*.mazars.com
www.mazars.com
insightsforgood.mazars.com
businesshub.mazars.com
businesshub.mazars.com
businesshub.mazars.com
*.mazars.com
veritas.mazars.com
insidemyphone.com
*.mazars.com
lyweb01.mazars.co.uk
net-zero-hero-webapp.dev.innovation.mazars.com
mazars.fr
www.mazars.com
access01.mazars.co.uk
*.mazars.com
insidemyphone.com
*.mazars.com
insidemyphone.com
veritas.mazars.com
*.mazars.com
financialmodelling.mazars.com
access02.mazars.co.uk
*.mazars.com
insidemyphone.com
www.mazars.fr
*.mazars.com
mympp.mazars.com
financialservices.mazars.com
www.mazars.fr
iframes.mazars.com
www.ecommerce.mazars.com
ecommerce.mazars.com
insidemyphone.com

Certificate

The complete raw certificate details for mazars.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHhTCCBW2gAwIBAgIQC5jHnT9At4zPb8YIb7riNDANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT
K0dlb1RydXN0IEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN
MjQwMjIyMDAwMDAwWhcNMjQwODE1MjM1OTU5WjAVMRMwEQYDVQQDEwptYXphcnMu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BxzG5pg+ughHXkQ
VV6gvFvkV1Rjhd7rJI5VBL21z6YY+5dXTYUe1wxDVSn2LU0qOH3eOWMNFZKPGHUP
Qs3SAEo98kyRiRupiwC6+uPgnU6MsvakSKd1IDqhmasd3Fk2BzGwBCLlPVwKR0ko
oevzojGAsv6upegMhwtXcxxDYTOLOkAEL/0DL8fSCr3FKQ8uAIV9o5mU/BHnRRD0
JzgJVIxaADMnaO1gohbkuazb0IlwK1QRqqZL8QQYHOiTGdj+Uea66P1d/lhJyNUf
3nV6hsHc+SB3NVC3o7OiSUpEk3AGG9KXNLpPrV2pFyKfLofymUTstK0JbeBzVgOK
6rszWQIDAQABo4IDiDCCA4QwHwYDVR0jBBgwFoAUpbTW6zbE52um38RkCwEqIAS4
ZiMwHQYDVR0OBBYEFAvyxj/FYRjMZ7vHsr2N5TdlihcrMBUGA1UdEQQOMAyCCm1h
emFycy5jb20wPgYDVR0gBDcwNTAzBgZngQwBAgEwKTAnBggrBgEFBQcCARYbaHR0
cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZ8GA1UdHwSBlzCBlDBIoEagRIZCaHR0
cDovL2NybDMuZGlnaWNlcnQuY29tL0dlb1RydXN0R2xvYmFsVExTUlNBNDA5NlNI
QTI1NjIwMjJDQTEuY3JsMEigRqBEhkJodHRwOi8vY3JsNC5kaWdpY2VydC5jb20v
R2VvVHJ1c3RHbG9iYWxUTFNSU0E0MDk2U0hBMjU2MjAyMkNBMS5jcmwwgYcGCCsG
AQUFBwEBBHsweTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t
MFEGCCsGAQUFBzAChkVodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vR2VvVHJ1
c3RHbG9iYWxUTFNSU0E0MDk2U0hBMjU2MjAyMkNBMS5jcnQwDAYDVR0TAQH/BAIw
ADCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHYA7s3QZNXbGs7FXLedtM0TojKH
Rny87N7DUUhZRnEftZsAAAGN0MUfbAAABAMARzBFAiBrN6hXNwnQistn4QnHazgz
AF3+rKwiR7LuC+GdjqbCZAIhAIJ2PjrpfkC1uSOa3VNSL+m6SBAXOidU/E06vYsq
BgYRAHcASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGN0MUfZgAA
BAMASDBGAiEAsXJK7E+5UAhpohtK4UDH2EnY17nFAb2DImjrQ9G2o7wCIQDi3njQ
Rl3XhqdSRo2+w3Hg3HmQUBaw7wn7Vn+9nDAVSwB3ANq2v2s/tbYin5vCu1xr6HCR
cWy7UYSFNL2kPTBI1/urAAABjdDFH8UAAAQDAEgwRgIhAIZ1d5NzcGuR0ZFg1CQM
JpSiZMWOVJA1csJ3DLRL/+RkAiEAnK0LBfVWLqSsh3Q+1+siuV2ruNetx75nr1/Z
TRPylGEwDQYJKoZIhvcNAQELBQADggIBAHf0HE5mU/KIJs9/m4i01QZ3XMc+iK4P
ZSg4JIlq+8tsgEVQZwr9rHhhWesFYNqnNClFKdIMYgY5EOYHigeDUtD75SoNCtRF
Wj33WdyktSzqrgMmUGDAWgbrEvuzUQEE8yAHrK1pNMP8/f89GRMidsdtTJ9oWv3t
sNApDj79W2qjoXQT+XGg01bKg/XxRuJ7u+ntNuDgSdiOBn6ZWb6bD1dVJw1c2/tF
7byvhQ30Puo9uWVe3rXAXbtgeUKMG7E0m9tgl6jGSXkePsUzW+CrXuTmwX04QG85
qHNHVHA6imrod6Dq0wj0UmTrsV+DAXJ1g1FZ6kdv2PtrtXIOelL+xNQjwLbJjdjX
6mBhNMvPRSZTz2xNiWe0RqennPXJC9AdOvmT16Ykm+wo18IsFvwLjXOic7fXviLD
pWmMQPh9XZPBdGtDVhcACJ7spIn2rWULWfHuTdyB/NrEcI6l4voRPC8wnCowp42T
7HF+C4DiH4SblTnXiVfLgQijq4mTkY+x0qeWbt6RwUr/DrfR4HqoIlwNJjwNZ3cq
+FmJD8PfKWJ2GUXMVFjkTlXrTJkkTK1zTu+EbOuURdchsFuwXBMAsBW4XnPasRWO
ZVKAMyPnmXjBd8qJJgW7uC1DHnTxwzfpy/nq6y7B3j4t0DYgTuKBSvSwJ6GgdAPi
/HT5cdLKS9zm
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BxzG5pg+ughHXkQVV6g
vFvkV1Rjhd7rJI5VBL21z6YY+5dXTYUe1wxDVSn2LU0qOH3eOWMNFZKPGHUPQs3S
AEo98kyRiRupiwC6+uPgnU6MsvakSKd1IDqhmasd3Fk2BzGwBCLlPVwKR0kooevz
ojGAsv6upegMhwtXcxxDYTOLOkAEL/0DL8fSCr3FKQ8uAIV9o5mU/BHnRRD0JzgJ
VIxaADMnaO1gohbkuazb0IlwK1QRqqZL8QQYHOiTGdj+Uea66P1d/lhJyNUf3nV6
hsHc+SB3NVC3o7OiSUpEk3AGG9KXNLpPrV2pFyKfLofymUTstK0JbeBzVgOK6rsz
WQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15414785734039803485151875283587621428
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Global TLS RSA4096 SHA256 2022 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-22 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-08-15 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'mazars.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26776549693127842115074129014722070731600782837657625778955009165908461790707743412874119725147280294916259775041340571671771708154251291898002211590171846718616051753954603698374059972608808788023712514114350011112839490363137309613392236317612650235112983578480661044441522639523267023531115521704843456000066529698760960880504406725610180282756397362712684520933922879636112292491397669763500478377693752408539676123787376314577178334926736563064576066827383012203086818391755841157426343678682286412605154569882975475025677616505623367999951092653676189144643379102836863994719818219897886369599079467046082917209
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a5b4d6eb36c4e76ba6dfc4640b012a2004b86623
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							0bf2c63fc56118cc67bbc7b2bd8de537658a172b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (14 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mazars.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018dd0c51f6c000004030047304502206b37a8573709d08acb67e109c76b3833005dfeacac2247b2ee0be19d8ea6c26402210082763e3ae97e40b5b9239add53522fe9ba4810173a2754fc4d3abd8b2a06061100770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018dd0c51f660000040300483046022100b1724aec4fb9500869a21b4ae140c7d849d8d7b9c501bd832268eb43d1b6a3bc022100e2de78d0465dd786a752468dbec371e0dc79905016b0ef09fb567fbd9c30154b007700dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018dd0c51fc500000403004830460221008675779373706b91d19160d4240c2694a264c58e54903572c2770cb44bffe4640221009cad0b05f5562ea4ac87743ed7eb22b95dabb8d7adc7be67af5fd94d13f29461
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0077f41c4e6653f28826cf7f9b88b4d506775cc73e88ae0f65283824896afbcb6c804550670afdac786159eb0560daa734294529d20c62063910e6078a078352d0fbe52a0d0ad4455a3df759dca4b52ceaae03265060c05a06eb12fbb3510104f32007acad6934c3fcfdff3d19132276c76d4c9f685afdedb0d0290e3efd5b6aa3a17413f971a0d356ca83f5f146e27bbbe9ed36e0e049d88e067e9959be9b0f5755270d5cdbfb45edbcaf850df43eea3db9655edeb5c05dbb6079428c1bb1349bdb6097a8c649791e3ec5335be0ab5ee4e6c17d38406f39a8734754703a8a6ae877a0ead308f45264ebb15f83017275835159ea476fd8fb6bb5720e7a52fec4d423c0b6c98dd8d7ea606134cbcf452653cf6c4d8967b446a7a79cf5c90bd01d3af993d7a6249bec28d7c22c16fc0b8d73a273b7d7be22c3a5698c40f87d5d93c1746b43561700089eeca489f6ad650b59f1ee4ddc81fcdac4708ea5e2fa113c2f309c2a30a78d93ec717e0b80e21f849b9539d78957cb8108a3ab8993918fb1d2a7966ede91c14aff0eb7d1e07aa8225c0d263c0d67772af859890fc3df2962761945cc5458e44e55eb4c99244cad734eef846ceb9445d721b05bb05c1300b015b85e73dab1158e6552803323e79978c177ca892605bbb82d431e74f1c337e9cbf9eaeb2ec1de3e2dd036204ee2814af4b027a1a07403e2fc74f971d2ca4bdce6