digitaltaxplatform-uat.deloitte.be

- Deloitte Touche Tohmatsu Services, LLC -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 4d:59:e3:f1:21:59:a8:ba:08:75:93:51:74:52:34:1f was issued on by Entrust, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Deloitte Touche Tohmatsu Services, LLC

Organization: Deloitte Touche Tohmatsu Services, LLC
State / Province: New York
Locality: New York
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 4d:59:e3:f1:21:59:a8:ba:08:75:93:51:74:52:34:1f
Serial Number (int): 102817293307136713250747118262491952159
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: f3:61:51:15:22:d1:37:a4:78:63:9d:14:89:be:53:a5:26:4f:77:30
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 27:f6:19:c0:1e:2b:d5:08:60:de:be:50:06:cd:6a:ac:5e:5f:5f:75
Fingerprint (sha256): 49:12:24:cf:7a:95:2a:9b:8a:21:af:ed:c4:4f:4e:43:19:e1:64:04:43:74:a3:8c:92:fe:63:be:bd:f3:de:20

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate digitaltaxplatform-uat.deloitte.be

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for digitaltaxplatform-uat.deloitte.be

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

digitaltaxplatform-uat.deloitte.be
digitaltaxplatform-int-uat.deloitte.be

Other certificates including the domain name deloitte.be

(limited to 100 certificates)
swift-trustdelivered.deloitte.be
digitalaccountant.deloitte.be
readz.com
survey.gradwell.com
*.deloitte.be
readz.com
*.app.deloitte.be
*.deloitte.be
*.deloitte.be
survey.westernwindowsystems.com
readz.com
supportsurvey.control4.com
readz.com
usap42.us.deloitte.com
usap42.us.deloitte.com
readz.com
usap42.us.deloitte.com
*.deloitte.be
*.deloitte.be
meet.deloitte.nl
registerfast50.deloitte.be
readz.com
cody-test.getgetfeedbackback.com
meet.deloitte.nl
car-ua.deloitte.be
readz.com
tasc-ua.deloitte.be
*.deloitte.be
digitaltaxadvisor-perf.deloitte.be
readz.com
readz.com
readz.com
certificates.getfeedback.com
meet.deloitte.nl
dttbecmg.deloitte.be
usap42.us.deloitte.com
readz.com
survey.boomtownroi.com
readz.com
sip.gsinet.be
readz.com
readz.com
readz.com
readz.com
*.deloitte.be
readz.com
readz.com
usap42.us.deloitte.com
rdtax-uat.deloitte.be
readz.com
readz.com
usap41.us.deloitte.com
supportsurvey.control4.com
feedback.liftago.com
readz.com
readz.com
feedback.nanotempertech.com
customdomain.getfeedback.com
meet.deloitte.nl
readz.com
usap42.us.deloitte.com
readz.com
readz.com
survey.westernwindowsystems.com
survey.adstream.com
rdtax-perf.deloitte.be
*.deloitte.be
*.deloitte.be
readz.com
mobile-consumer-survey.deloitte.be
readz.com
readz.com
feedback.auditorservice.com
readz.com
sip.deloitte.nl
knowledgehub-functions.deloitte.be
readz.com
*.deloitte.be
usap42.us.deloitte.com
readz.com
sms.cic.deloitte.be
sip.deloitte.nl
mobile-consumer-survey.deloitte.be
digitaltaxplatform-uat.deloitte.be
readz.com
*.deloitte.be
entitymanagement-uat-dpass.deloitte.be
readz.com
*.deloitte.be
readz.com
readz.com
customdomain.getfeedback.com
*.deloitte.be
feedback.nextdc.com
readz.com
registerfast50.deloitte.be
readz.com
password.deloitte.be
feedback.inap.com
feedback.auditorservice.com

Certificate

The complete raw certificate details for digitaltaxplatform-uat.deloitte.be in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIQTVnj8SFZqLoIdZNRdFI0HzANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDA0MTYwNjU3NDBaFw0yNTA0MTYwNjU3MzlaMIGRMQswCQYDVQQGEwJVUzERMA8G
A1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMS8wLQYDVQQKEyZEZWxv
aXR0ZSBUb3VjaGUgVG9obWF0c3UgU2VydmljZXMsIExMQzErMCkGA1UEAxMiZGln
aXRhbHRheHBsYXRmb3JtLXVhdC5kZWxvaXR0ZS5iZTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAOajR9NK++qihfqgq+tt81eq/GlKU4hGePB9Tvm4/SkB
lr6LESvbJdKRntIlL9UeM56wKCRP/Q/IwTHjkF774qMdJxMIFBMfxpfdYyc39+kt
ApXATzb/0hoLsgw61+MOqaJ8ac7mxd72BREWzJ+djsdXkeLvEQhocDRAnD/qdIIw
bBoFyANGib6P/YN5xMWeZXDZUCCp5UOGhTdks6LyFdxK2pIlcgZb/ZpUv1eDvuym
c8xggCRaGomLwtBsyq7Zk2xriolBcd/3B1+XwxVNfVokqSwbw35VJ4D/MvYwMS6S
InRcjLh1/X7fecps0Qn+GAVDRjvjS12cIR4+ESrtGRUCAwEAAaOCAaEwggGdMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFPNhURUi0TekeGOdFIm+U6UmT3cwMB8GA1Ud
IwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MGgGCCsGAQUFBwEBBFwwWjAjBggr
BgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0
dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAzBgNVHR8ELDAq
MCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMFUGA1Ud
EQROMEyCImRpZ2l0YWx0YXhwbGF0Zm9ybS11YXQuZGVsb2l0dGUuYmWCJmRpZ2l0
YWx0YXhwbGF0Zm9ybS1pbnQtdWF0LmRlbG9pdHRlLmJlMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gBAwwCjAIBgZn
gQwBAgIwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAEVT
dHmPTWVQcgeDz/73zbauN/g6VeOLwG8Ns/LUInunX6vg6Gnq5LG8NqzN5S6ngr8h
WrHHdnqDAzPPFdb7lmpYpYeoFdIGaKk47v8d3WtInDf9fBJiz/GfmivdkGyXxtZi
Y+yEA6bZ1nSNJFTrjjHhb8aFzkJkZ6j4ncRemh0fjtsbyIazACftttwXIrRQO8lV
JBsp3xNcxIxoiI6Kwh8ymB7YWE3jbb9syf1u/C8rF/aLbxqXidYohmFp5tRzYcSs
AdSH+Zgwqby36QGseCNMMSdnZIRIpI7AzG7QIIA9GkqZDgikVkp3bBeJhpaK3pid
bmx+wClIrJAdclvaWt0=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5qNH00r76qKF+qCr623z
V6r8aUpTiEZ48H1O+bj9KQGWvosRK9sl0pGe0iUv1R4znrAoJE/9D8jBMeOQXvvi
ox0nEwgUEx/Gl91jJzf36S0ClcBPNv/SGguyDDrX4w6ponxpzubF3vYFERbMn52O
x1eR4u8RCGhwNECcP+p0gjBsGgXIA0aJvo/9g3nExZ5lcNlQIKnlQ4aFN2SzovIV
3ErakiVyBlv9mlS/V4O+7KZzzGCAJFoaiYvC0GzKrtmTbGuKiUFx3/cHX5fDFU19
WiSpLBvDflUngP8y9jAxLpIidFyMuHX9ft95ymzRCf4YBUNGO+NLXZwhHj4RKu0Z
FQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 102817293307136713250747118262491952159
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-16 06:57:40 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-16 06:57:39 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Deloitte Touche Tohmatsu Services, LLC'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'digitaltaxplatform-uat.deloitte.be'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29115326791084043349740093108245470801796824341588822329866026853076167291687870488592625192611837073063817932845923221853145670209795410112584583359518826192009630668991022390100636654013213490919941437836787599816611331603533368633103912554820803397013385233069414636484254206796124949661700768988228245186474062811160847471727675932154420957003089760555127407932023728150200969097013525670367037632392767181649974340676797765740475153327629188651281664077544226321899608558801697926496443722297347411576388526034728064105542950687222171772606760877150567874045110256908306224985928438514440152260019703037687568661
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f361511522d137a478639d1489be53a5264f7730
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (78 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'digitaltaxplatform-uat.deloitte.be'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'digitaltaxplatform-int-uat.deloitte.be'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00455374798f4d6550720783cffef7cdb6ae37f83a55e38bc06f0db3f2d4227ba75fabe0e869eae4b1bc36accde52ea782bf215ab1c7767a830333cf15d6fb966a58a587a815d20668a938eeff1ddd6b489c37fd7c1262cff19f9a2bdd906c97c6d66263ec8403a6d9d6748d2454eb8e31e16fc685ce426467a8f89dc45e9a1d1f8edb1bc886b30027edb6dc1722b4503bc955241b29df135cc48c68888e8ac21f32981ed8584de36dbf6cc9fd6efc2f2b17f68b6f1a9789d628866169e6d47361c4ac01d487f99830a9bcb7e901ac78234c312767648448a48ec0cc6ed020803d1a4a990e08a4564a776c178986968ade989d6e6c7ec02948ac901d725bda5add