www.hsi.com.hk

- HSBC Group Management Services Limited -

Issued by DigiCert SHA2 Extended Validation Server CA

About this certificate

This digital certificate with serial number 05:91:99:97:f2:08:5f:dc:42:80:f2:c4:93:e7:5b:8c was issued on by DigiCert Inc.

With 15 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

HSBC Group Management Services Limited

Company registration number: 09231974
Organization: HSBC Group Management Services Limited
Locality: London
Country: GB

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 05:91:99:97:f2:08:5f:dc:42:80:f2:c4:93:e7:5b:8c
Serial Number (int): 7402138270439524201359887250544352140
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 5e:f5:02:de:be:8b:2e:e9:a6:c6:f7:13:2b:6e:e1:d1:53:80:b9:76
AuthorityKeyId: 3d:d3:50:a5:d6:a0:ad:ee:f3:4a:60:0a:65:d3:21:d4:f8:f8:d6:0f

Fingerprint (sha1): c4:77:b6:2f:8a:fc:77:f5:f1:57:55:61:a1:b3:4a:d0:22:d0:60:7e
Fingerprint (sha256): 41:89:6b:13:3c:85:02:84:6e:66:29:04:8d:00:45:2f:18:0d:ab:4a:ad:d8:1d:48:c5:8e:69:ed:aa:af:7e:11

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/sha2-ev-server-g3.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ev-server-g3.crl

Check the revocation status for certificate www.hsi.com.hk

15

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.hsi.com.hk

Public Key Algorithm

ECDSA

Key Size

256

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Agreement

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.hsi.com.hk
main.hsi.com.hk
www.hangsengindex.com
www.hangsengindex.com.hk
www.hangsengindexes.com
www.hangsengindexes.net
www.hangsengonline.com.hk
www.hsi.com.cn
www.hsindex.com.hk
www.hsindexes.com
www.hsionline.com.hk
www.hsiservices.com
www.hsiservices.com.hk
www.hsonline.com.hk
www.indexes.com.hk

Other certificates including the domain name hsi.com.hk

(limited to 100 certificates)
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk
www.hsi.com.hk

Certificate

The complete raw certificate details for www.hsi.com.hk in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHijCCBnKgAwIBAgIQBZGZl/IIX9xCgPLEk+dbjDANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTIzMTAwOTAwMDAwMFoXDTI0MTAwNTIz
NTk1OVowga8xEzARBgsrBgEEAYI3PAIBAxMCR0IxHTAbBgNVBA8MFFByaXZhdGUg
T3JnYW5pemF0aW9uMREwDwYDVQQFEwgwOTIzMTk3NDELMAkGA1UEBhMCR0IxDzAN
BgNVBAcTBkxvbmRvbjEvMC0GA1UEChMmSFNCQyBHcm91cCBNYW5hZ2VtZW50IFNl
cnZpY2VzIExpbWl0ZWQxFzAVBgNVBAMTDnd3dy5oc2kuY29tLmhrMFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEJ5NAZ4qXeoy0zNmXNfbfOUmIV6I1FBpd5Dmm1jHR
WgLlP3Hfrq8uQWiwIrMLUH70NaBcKl4NBzuZoMiO8yT/hqOCBKQwggSgMB8GA1Ud
IwQYMBaAFD3TUKXWoK3u80pgCmXTIdT4+NYPMB0GA1UdDgQWBBRe9QLevosu6abG
9xMrbuHRU4C5djCCAU8GA1UdEQSCAUYwggFCgg53d3cuaHNpLmNvbS5oa4IPbWFp
bi5oc2kuY29tLmhrghV3d3cuaGFuZ3NlbmdpbmRleC5jb22CGHd3dy5oYW5nc2Vu
Z2luZGV4LmNvbS5oa4IXd3d3LmhhbmdzZW5naW5kZXhlcy5jb22CF3d3dy5oYW5n
c2VuZ2luZGV4ZXMubmV0ghl3d3cuaGFuZ3NlbmdvbmxpbmUuY29tLmhrgg53d3cu
aHNpLmNvbS5jboISd3d3LmhzaW5kZXguY29tLmhrghF3d3cuaHNpbmRleGVzLmNv
bYIUd3d3LmhzaW9ubGluZS5jb20uaGuCE3d3dy5oc2lzZXJ2aWNlcy5jb22CFnd3
dy5oc2lzZXJ2aWNlcy5jb20uaGuCE3d3dy5oc29ubGluZS5jb20uaGuCEnd3dy5p
bmRleGVzLmNvbS5oazBKBgNVHSAEQzBBMAsGCWCGSAGG/WwCATAyBgVngQwBATAp
MCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0P
AQH/BAQDAgOIMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8E
bjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2
ZXItZzMuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1l
di1zZXJ2ZXItZzMuY3JsMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0
dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2Vy
dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNl
cnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFq
AWgAdgDuzdBk1dsazsVct520zROiModGfLzs3sNRSFlGcR+1mwAAAYsTvzFrAAAE
AwBHMEUCIQDPghXH4ZrSn5gHKSCKdOP3b1JnEv8FKIgt4xM2rwCphwIgBM0NyAT7
wCy3e2It6CF7ZKPiUQpItkI7A9fxqQmEyV8AdgBIsONr2qZHNA/lagL6nTDrHFIB
y1bdLIHZu7+rOdiEcwAAAYsTvzFlAAAEAwBHMEUCIQCMksUpioicfyK4+a6lG6lK
bzieiSZmzKmpBl0zU1KbmwIgJbK+aAxS6eAsiFSZGAp3FTrs/nueZj2cqBjzoQ8r
kkMAdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYsTvzGTAAAE
AwBHMEUCID1UDkl2yifGhLjA3jAV1fDaxTPU82Tdkl6Jr92us4qnAiEA0AjmsukB
8HD4ox/Ft0dpdxhtZiabOcJbThtqZA+1Oo8wDQYJKoZIhvcNAQELBQADggEBAIQW
J4KrPXwJvYIo9RSKrcR5SAA0cueXKDmhCuxOB0JFsaen/xp6fhtdLnr0iavIW6GA
hlleKVELgRA9dynau4eG97dNxTsPSw0g5ADSlZSsunSPpwcfNkbmTTaHwsBsAGOx
AE+/InQcEl2ttyfII1y3IvyaWUTmKnXmWoeLX33ZlOU4caDCLtDyZKJdJkTSPwSz
sDuKUgzX14UPl0VNNHrBOrIquERnPRx+wIiJVeT/+qskVTlemUBaWpRALCAHyzLA
jNXgZkww+rSoJQAnpyGCABTL2erxd6s4sPtCHrGkFPxsopu/qXXxI9hboRCC+bTW
xmznkTLBNmz1QRCKlTw=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ5NAZ4qXeoy0zNmXNfbfOUmIV6I1
FBpd5Dmm1jHRWgLlP3Hfrq8uQWiwIrMLUH70NaBcKl4NBzuZoMiO8yT/hg==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 7402138270439524201359887250544352140
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Extended Validation Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-09 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-05 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '09231974'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'London'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'HSBC Group Management Services Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.hsi.com.hk'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.2.1 (ecPublicKey)
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.3.1.7 (prime256v1)
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (520 bits)
				0004279340678a977a8cb4ccd99735f6df39498857a235141a5de439a6d631d15a02e53f71dfaeaf2e4168b022b30b507ef435a05c2a5e0d073b99a0c88ef324ff86
 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 3dd350a5d6a0adeef34a600a65d321d4f8f8d60f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5ef502debe8b2ee9a6c6f7132b6ee1d15380b976
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (326 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hsi.com.hk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'main.hsi.com.hk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hangsengindex.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hangsengindex.com.hk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hangsengindexes.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hangsengindexes.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hangsengonline.com.hk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hsi.com.cn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hsindex.com.hk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hsindexes.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hsionline.com.hk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hsiservices.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hsiservices.com.hk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hsonline.com.hk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.indexes.com.hk'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.2.1 (DigiCert EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (5 bits)
							0388
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ev-server-g3.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ev-server-g3.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (124 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018b13bf316b0000040300473045022100cf8215c7e19ad29f980729208a74e3f76f526712ff0528882de31336af00a987022004cd0dc804fbc02cb77b622de8217b64a3e2510a48b6423b03d7f1a90984c95f00760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018b13bf316500000403004730450221008c92c5298a889c7f22b8f9aea51ba94a6f389e892666cca9a9065d3353529b9b022025b2be680c52e9e02c885499180a77153aecfe7b9e663d9ca818f3a10f2b9243007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018b13bf3193000004030047304502203d540e4976ca27c684b8c0de3015d5f0dac533d4f364dd925e89afddaeb38aa7022100d008e6b2e901f070f8a31fc5b7476977186d66269b39c25b4e1b6a640fb53a8f
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0084162782ab3d7c09bd8228f5148aadc47948003472e7972839a10aec4e074245b1a7a7ff1a7a7e1b5d2e7af489abc85ba18086595e29510b81103d7729dabb8786f7b74dc53b0f4b0d20e400d29594acba748fa7071f3646e64d3687c2c06c0063b1004fbf22741c125dadb727c8235cb722fc9a5944e62a75e65a878b5f7dd994e53871a0c22ed0f264a25d2644d23f04b3b03b8a520cd7d7850f97454d347ac13ab22ab844673d1c7ec0888955e4fffaab2455395e99405a5a94402c2007cb32c08cd5e0664c30fab4a8250027a721820014cbd9eaf177ab38b0fb421eb1a414fc6ca29bbfa975f123d85ba11082f9b4d6c66ce79132c1366cf541108a953c