www.citi.com

- Citigroup Inc. -

Issued by DigiCert EV RSA CA G2

About this certificate

This digital certificate with serial number 0d:31:57:8a:cf:84:f7:b3:81:99:70:1d:20:b8:8f:6f was issued on by DigiCert Inc.

With 72 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Citigroup Inc.

Company registration number: 2154254
Organization: Citigroup Inc.
State / Province: New York
Locality: New York
Country: US

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0d:31:57:8a:cf:84:f7:b3:81:99:70:1d:20:b8:8f:6f
Serial Number (int): 17536162058618202542387594269906472815
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 5f:0d:07:3c:98:88:d9:ed:8d:79:a5:a7:79:db:0c:b4:a5:aa:d1:72
AuthorityKeyId: 6a:4e:50:bf:98:68:9d:5b:7b:20:75:d4:59:01:79:48:66:92:32:06

Fingerprint (sha1): 6a:bc:b4:20:38:21:5b:6b:a5:37:17:06:3a:c7:45:10:92:7d:2b:16
Fingerprint (sha256): 49:09:ad:cd:26:1a:45:ac:e3:06:bf:7d:16:9a:5f:30:03:2d:fc:7b:81:32:fd:5f:bb:1e:89:b2:c7:a7:e6:4b

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertEVRSACAG2.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertEVRSACAG2.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertEVRSACAG2.crl

Check the revocation status for certificate www.citi.com

72

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.citi.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.citi.com
accitrade.com
accitrade.com.mx
blog.citigroup.com
bridgebuiltbyciti.com
bridgebyciti.com
canvas.citi.com
cardservicesdirect.com.au
careers.citigroup.com
citi.com
citibank.co.id
citibank.co.kr
citibank.co.th
citibank.co.uk
citibank.com
citibank.com.au
citibank.com.cn
citibank.com.hk
citibank.com.sg
citibank.com.vn
citibank.cz
citibank.hu
citibank.pl
citibankonline.pl
citidirect.com
citifx.com
citigold.citibank.com
citigold.co.kr
citigold.pl
citigroup.com
citigroup.jp
citimanager.com
citipay.citi.com
citivelocity.com
dinersclub.com.au
europe.citigold.citibank.com
homeownersupport.com
ipb.citi.com
ipb.citibank.co.uk
ipb.citibank.com
ipb.citibank.eu
ipbus.citi.com
ipbusclientappreciation.citi.com
recognitionprogram.citi.com
universalcard.com
workday.citi.com
www.blog.citigroup.com
www.cardbenefits.citi.com
www.careers.citigroup.com
www.citibank.ae
www.citibank.bh
www.citibank.cz
www.citibank.hu
www.citibank.sk
www.citigold.citibank.com
www.citigroup.jp
www.citimanager.com
www.citipay.citi.com
www.citipricerewind.com
www.emergingmarkets.transactionservices.citi.com
www.esources.transactionservices.citi.com
www.europe.citigold.citibank.com
www.ipb.citi.com
www.ipb.citibank.co.uk
www.ipb.citibank.com
www.ipb.citibank.eu
www.ipbus.citi.com
www.ipbusclientappreciation.citi.com
www.mortgage.com
www.searscard.com
www.universalcard.com
www4.citi.com

Other certificates including the domain name citi.com

(limited to 100 certificates)
tv.citi.com
ibmwebspheremqaltophubqmsit.citi.com
ibmwebspheremqgtsitorg01.citi.com
consumersoa.citi.com
ibmwebspheremqmrntbc12.citi.com
www.citibank.com
ibmWebSphereMQCSGPP.citi.com
uat.citi.com
ibmwebspheremqswprdcol01.citi.com
uat.accountonline.com
mx-test.mail.citi.com
desktop.citi.com
ibmwebspheremqgtsgatewayqm2.citi.com
cardactivation.citi.com
Preview.online.citi.com
Financialtools.citi.com
mobilesoasit2.citi.com
friendlyusertest.creditcards.citi.com
soawebsocketuat.citi.com
www.privatebank.citibank.com
ibmwebspheremqgtprdfus17.citi.com
efdissecuresignuat.citi.com
LyncProdDR.EUR.NSROOT.NET
ibmwebspheremqmrnpbc45.citi.com
citicards.citi.com
expresswaye02.emealabs.citi.com
www.uat.payment.citi.com
security1.citi.com
ibmwebspheremqmdltbc04.citi.com.citi.com
supplierportal.uattec.citi.com
extracash.citi.com
ibmwebspheremqgtprdca04.citi.com
chat.online.citi.com
mailir.citi.com
ibmwebspheremqswprdmob02.citi.com
ibmwebspheremqswprdbby05.citi.com
concierge.citi.com
paymentexchange.cte.transactionservices.citi.com
businesspopmoney.citi.com
citiconnectbeneficiaryadvising.citi.com
approvepay.citi.com
ibmWebSphereMQSP02P.citi.com
www.citibank.co.uk
sit7.online.citi.com
citiconnectbeneficiaryadvising.citi.com
locationtracker.citi.com
ibmwebspheremqmdlpbc03.citi.com
ibmwebspheremqmrnpbc30.citi.com
uat.approvepay.citi.com
vmr.emealabs.citi.com
supplierportal.uat.citi.com
ibmwebspheremqmdlpbc31.citi.com
survey.emailapps.emea.citi.com
ibmWebSphereMQCSGDU.citi.com
wiresuat2.citi.com
www.privatebank.citibank.com
citifundremoteaccess.transactionservices.citi.com
www.retailservicescommercial.citi.com
uat.citi.com
icg.citi.com
paymentexchange.cte.transactionservices.citi.com
ibmwebspheremqfpsnam_prod.citi.com
uat.remoteoffice.citigroup.com
ibmwebspheremqrd03u.citi.com
sip.citi.com
creditscore.citi.com
ibmwebspheremqmdlpbc43.citi.com
wiresuat1.citi.com
uat.citi.com
ibmwebspheremqgtaemf4qm.sit.citi.com
presentandpay.citi.com
www.identityprotection.citi.com
mobilesoaaspac.citi.com
mobileservices.nam.citiprivatebank.citi.com
aspac.api2s.citi.com
eur.vmr.citi.com
www.paymentaidplus.citi.com
m.partner.citi.com
mobilesoaaspac2.citi.com
dit01.creditcards.citi.com
businessaccess.citibank.citigroup.com
ir.citi.com
aspac.api.citi.com
mobilesoaaspac2.citi.com
soawebsocketsit.citi.com
ibmwebspheremqnaissc2p.citi.com
reset.uat.citi.com
ibmwebspheremqswlodcol01.citi.com
ibmwebspheremqgtprdorg02.citi.com
uat.citigoldlounges.citi.com
ibmwebspheremqicgqm1.qc1.citi.com
ibmwebspheremqmdlpbc48.citi.com
uat.citigoldlounges.citi.com
lync13poolnamdev1.namdev.nsrootdev.net
uat.ir.citi.com
sit15.accountonline.citi.com
metrics1.citi.com
citipaymentexchange.citi.com
ibmwebspheremqgtlodrpl01.citi.com
myassetbasedlending.citi.com

Certificate

The complete raw certificate details for www.citi.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIMhzCCC2+gAwIBAgIQDTFXis+E97OBmXAdILiPbzANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVE
aWdpQ2VydCBFViBSU0EgQ0EgRzIwHhcNMjQwMzIyMDAwMDAwWhcNMjUwMzI4MjM1
OTU5WjCBxDETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgECEwhE
ZWxhd2FyZTEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUT
BzIxNTQyNTQxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UE
BxMITmV3IFlvcmsxFzAVBgNVBAoTDkNpdGlncm91cCBJbmMuMRUwEwYDVQQDEwx3
d3cuY2l0aS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg0Ga9
AjY3KVV06nW+p5WcNoRHu5kbsw36ay/PGDFy3xtk/GHu7qGIRfbLkeO/B7Xafiuy
hwdPQR4I6tSi6U+xq1pWO5aeBpAO/HUJ0a9LrqXAi1V7oY35PYN8eAuk4Whr1EbG
p+vs8IJ1dTZIJzf/tnEosZWew9jDgaHImYxS/29HxVJoDdz/51A1diosAsZHy+96
l4CQFhxLkZ4RpGBuA9ZlVm0oOaoCOycC7NrZ9yMJlI+l4W+bU/wnRtVIHmCr6/4U
UIEupQgsObXl6E5P+O2etjsoSpKWnHVAtGOpxTtuFqNAm/rX4rkHKsiT89b9pjSt
l0I7ZOsVJnQ0LZSrAgMBAAGjggjyMIII7jAfBgNVHSMEGDAWgBRqTlC/mGidW3sg
ddRZAXlIZpIyBjAdBgNVHQ4EFgQUXw0HPJiI2e2NeaWnedsMtKWq0XIwggWyBgNV
HREEggWpMIIFpYIMd3d3LmNpdGkuY29tgg1hY2NpdHJhZGUuY29tghBhY2NpdHJh
ZGUuY29tLm14ghJibG9nLmNpdGlncm91cC5jb22CFWJyaWRnZWJ1aWx0YnljaXRp
LmNvbYIQYnJpZGdlYnljaXRpLmNvbYIPY2FudmFzLmNpdGkuY29tghljYXJkc2Vy
dmljZXNkaXJlY3QuY29tLmF1ghVjYXJlZXJzLmNpdGlncm91cC5jb22CCGNpdGku
Y29tgg5jaXRpYmFuay5jby5pZIIOY2l0aWJhbmsuY28ua3KCDmNpdGliYW5rLmNv
LnRogg5jaXRpYmFuay5jby51a4IMY2l0aWJhbmsuY29tgg9jaXRpYmFuay5jb20u
YXWCD2NpdGliYW5rLmNvbS5jboIPY2l0aWJhbmsuY29tLmhrgg9jaXRpYmFuay5j
b20uc2eCD2NpdGliYW5rLmNvbS52boILY2l0aWJhbmsuY3qCC2NpdGliYW5rLmh1
ggtjaXRpYmFuay5wbIIRY2l0aWJhbmtvbmxpbmUucGyCDmNpdGlkaXJlY3QuY29t
ggpjaXRpZnguY29tghVjaXRpZ29sZC5jaXRpYmFuay5jb22CDmNpdGlnb2xkLmNv
LmtyggtjaXRpZ29sZC5wbIINY2l0aWdyb3VwLmNvbYIMY2l0aWdyb3VwLmpwgg9j
aXRpbWFuYWdlci5jb22CEGNpdGlwYXkuY2l0aS5jb22CEGNpdGl2ZWxvY2l0eS5j
b22CEWRpbmVyc2NsdWIuY29tLmF1ghxldXJvcGUuY2l0aWdvbGQuY2l0aWJhbmsu
Y29tghRob21lb3duZXJzdXBwb3J0LmNvbYIMaXBiLmNpdGkuY29tghJpcGIuY2l0
aWJhbmsuY28udWuCEGlwYi5jaXRpYmFuay5jb22CD2lwYi5jaXRpYmFuay5ldYIO
aXBidXMuY2l0aS5jb22CIGlwYnVzY2xpZW50YXBwcmVjaWF0aW9uLmNpdGkuY29t
ghtyZWNvZ25pdGlvbnByb2dyYW0uY2l0aS5jb22CEXVuaXZlcnNhbGNhcmQuY29t
ghB3b3JrZGF5LmNpdGkuY29tghZ3d3cuYmxvZy5jaXRpZ3JvdXAuY29tghl3d3cu
Y2FyZGJlbmVmaXRzLmNpdGkuY29tghl3d3cuY2FyZWVycy5jaXRpZ3JvdXAuY29t
gg93d3cuY2l0aWJhbmsuYWWCD3d3dy5jaXRpYmFuay5iaIIPd3d3LmNpdGliYW5r
LmN6gg93d3cuY2l0aWJhbmsuaHWCD3d3dy5jaXRpYmFuay5za4IZd3d3LmNpdGln
b2xkLmNpdGliYW5rLmNvbYIQd3d3LmNpdGlncm91cC5qcIITd3d3LmNpdGltYW5h
Z2VyLmNvbYIUd3d3LmNpdGlwYXkuY2l0aS5jb22CF3d3dy5jaXRpcHJpY2VyZXdp
bmQuY29tgjB3d3cuZW1lcmdpbmdtYXJrZXRzLnRyYW5zYWN0aW9uc2VydmljZXMu
Y2l0aS5jb22CKXd3dy5lc291cmNlcy50cmFuc2FjdGlvbnNlcnZpY2VzLmNpdGku
Y29tgiB3d3cuZXVyb3BlLmNpdGlnb2xkLmNpdGliYW5rLmNvbYIQd3d3LmlwYi5j
aXRpLmNvbYIWd3d3LmlwYi5jaXRpYmFuay5jby51a4IUd3d3LmlwYi5jaXRpYmFu
ay5jb22CE3d3dy5pcGIuY2l0aWJhbmsuZXWCEnd3dy5pcGJ1cy5jaXRpLmNvbYIk
d3d3LmlwYnVzY2xpZW50YXBwcmVjaWF0aW9uLmNpdGkuY29tghB3d3cubW9ydGdh
Z2UuY29tghF3d3cuc2VhcnNjYXJkLmNvbYIVd3d3LnVuaXZlcnNhbGNhcmQuY29t
gg13d3c0LmNpdGkuY29tMEoGA1UdIARDMEEwCwYJYIZIAYb9bAIBMDIGBWeBDAEB
MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1Ud
HwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEVW
UlNBQ0FHMi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp
Q2VydEVWUlNBQ0FHMi5jcmwwcwYIKwYBBQUHAQEEZzBlMCQGCCsGAQUFBzABhhho
dHRwOi8vb2NzcC5kaWdpY2VydC5jb20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9jYWNl
cnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEVWUlNBQ0FHMi5jcnQwDAYDVR0TAQH/
BAIwADCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYAzxFW7tUufK/zh1vZaS6b
6RpxZ0qwF+ysAdJbd87MOwgAAAGOZ61ouwAABAMARzBFAiAhxjGk0uPoDSsN1ELG
NF7V54l5uOvHDi8cwa8VTWmdkAIhAOicvNABqCJTtQUOQB7XreQgUJJmzKC3rzKg
kQNoihOdAHcAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGOZ61o
vQAABAMASDBGAiEAlBUhq4lX3xkfLfUrZ/dLLxDeyB93uMpvO6aYu5Zcr8cCIQC8
m5jAJwr0c7QizCKlS2/HVLUbdVJF81Pew5Y+Ti9h9QB2AObSMWNAd4zBEEEG13G5
zsHSQPaWhIb7uocyHf0eN45QAAABjmetaMwAAAQDAEcwRQIgHOhiK9rE5o4iu1EF
3afFFoKlXBLh9VhMvbnn8tLkeNsCIQC909NYe7sr/0OM+D7WpPNuZarRvo5joMT2
cBqIg0/RYTANBgkqhkiG9w0BAQsFAAOCAQEAHBe38CeDiH0HXNg83bM3QbRee/Ab
uZjx/PzmsbWPIyW0tMskp7wz9lQM2283eU9E7s9K545xTFzCWeX8pcZUMQrbQyeH
OLXQRO0QEpwmQiaGRHWuwhvfkbhz48lr+/AUM6Zqlo11grWoq/nh6Y6n0B1R3lwm
6AUw+HmXgUnLxVvf0yZ5AsXWYqs8fNbMDU0GqCcrk8Dbgbj31cXkS3LuzSmWfjBU
AVkE95Z/vnHEjh5C2XURYkh4draSS1aNrfIHIJ+AoMfCGcs3uaqOx73UEr0TVuwY
M3kWSfOnXCcK2NLt11uuCgoX789mUgTYxzXXTT+nTlfJESnqnJMziDgUUg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNBmvQI2NylVdOp1vqeV
nDaER7uZG7MN+msvzxgxct8bZPxh7u6hiEX2y5Hjvwe12n4rsocHT0EeCOrUoulP
sataVjuWngaQDvx1CdGvS66lwItVe6GN+T2DfHgLpOFoa9RGxqfr7PCCdXU2SCc3
/7ZxKLGVnsPYw4GhyJmMUv9vR8VSaA3c/+dQNXYqLALGR8vvepeAkBYcS5GeEaRg
bgPWZVZtKDmqAjsnAuza2fcjCZSPpeFvm1P8J0bVSB5gq+v+FFCBLqUILDm15ehO
T/jtnrY7KEqSlpx1QLRjqcU7bhajQJv61+K5ByrIk/PW/aY0rZdCO2TrFSZ0NC2U
qwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 17536162058618202542387594269906472815
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert EV RSA CA G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-22 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-28 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Delaware'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '2154254'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Citigroup Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.citi.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20300895316382936102747264525906848511836172207844178022679198347949378004864052981923295521122422681695531603826054752635991760050958128832772749995762546902737109869707007165494857697581573158735263771024366798829121995780509657423143714879876417494340370840400544370468921208886744396638953022857934083280115197261901812119706345888972430597250995466479901452049439405957159437358712913440149635001122857846876036473762907101971713707052237184957923172948531680117755803368598024289251386489764196058301100622778877956436823944413749357337243205540069088482629736638943390127944566805974938616804648475984862745771
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 6a4e50bf98689d5b7b2075d45901794866923206
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5f0d073c9888d9ed8d79a5a779db0cb4a5aad172
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1449 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'accitrade.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'accitrade.com.mx'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blog.citigroup.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bridgebuiltbyciti.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bridgebyciti.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'canvas.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cardservicesdirect.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'careers.citigroup.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.co.id'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.co.kr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.co.th'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.com.cn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.com.hk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.com.sg'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.com.vn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.hu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibank.pl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citibankonline.pl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citidirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citifx.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citigold.citibank.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citigold.co.kr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citigold.pl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citigroup.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citigroup.jp'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citimanager.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citipay.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citivelocity.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dinersclub.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'europe.citigold.citibank.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'homeownersupport.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ipb.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ipb.citibank.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ipb.citibank.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ipb.citibank.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ipbus.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ipbusclientappreciation.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recognitionprogram.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'universalcard.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'workday.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.blog.citigroup.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cardbenefits.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.careers.citigroup.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citibank.ae'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citibank.bh'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citibank.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citibank.hu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citibank.sk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citigold.citibank.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citigroup.jp'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citimanager.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citipay.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.citipricerewind.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.emergingmarkets.transactionservices.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.esources.transactionservices.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.europe.citigold.citibank.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ipb.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ipb.citibank.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ipb.citibank.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ipb.citibank.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ipbus.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ipbusclientappreciation.citi.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.mortgage.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.searscard.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.universalcard.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www4.citi.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.2.1 (DigiCert EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertEVRSACAG2.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertEVRSACAG2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (103 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertEVRSACAG2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007600cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018e67ad68bb0000040300473045022021c631a4d2e3e80d2b0dd442c6345ed5e78979b8ebc70e2f1cc1af154d699d90022100e89cbcd001a82253b5050e401ed7ade420509266cca0b7af32a09103688a139d0077007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018e67ad68bd0000040300483046022100941521ab8957df191f2df52b67f74b2f10dec81f77b8ca6f3ba698bb965cafc7022100bc9b98c0270af473b422cc22a54b6fc754b51b755245f353dec3963e4e2f61f5007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018e67ad68cc000004030047304502201ce8622bdac4e68e22bb5105dda7c51682a55c12e1f5584cbdb9e7f2d2e478db022100bdd3d3587bbb2bff438cf83ed6a4f36e65aad1be8e63a0c4f6701a88834fd161
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001c17b7f02783887d075cd83cddb33741b45e7bf01bb998f1fcfce6b1b58f2325b4b4cb24a7bc33f6540cdb6f37794f44eecf4ae78e714c5cc259e5fca5c654310adb43278738b5d044ed10129c264226864475aec21bdf91b873e3c96bfbf01433a66a968d7582b5a8abf9e1e98ea7d01d51de5c26e80530f879978149cbc55bdfd3267902c5d662ab3c7cd6cc0d4d06a8272b93c0db81b8f7d5c5e44b72eecd29967e3054015904f7967fbe71c48e1e42d9751162487876b6924b568dadf207209f80a0c7c219cb37b9aa8ec7bdd412bd1356ec1833791649f3a75c270ad8d2edd75bae0a0a17efcf665204d8c735d74d3fa74e57c91129ea9c933388381452