*.ideastoaction.lafargeholcim.com

Issued by Sectigo RSA Domain Validation Secure Server CA

About this certificate

This digital certificate with serial number 88:6b:7f:0a:30:9a:e7:4d:38:16:2d:57:59:be:26:93 was issued on by Sectigo Limited.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=*.ideastoaction.lafargeholcim.com,OU=Domain Control Validated+OU=Issued through LafargeHolcim Ltd E-PKI Manager+OU=COMODO SSL Wildcard

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): 88:6b:7f:0a:30:9a:e7:4d:38:16:2d:57:59:be:26:93
Serial Number (int): 181333159863955621514701260865882957459
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: f7:b1:df:d6:33:a6:2c:ea:e7:6b:ce:03:bf:e7:63:af:4f:96:14:15
AuthorityKeyId: 8d:8c:5e:c4:54:ad:8a:e1:77:e9:9b:f9:9b:05:e1:b8:01:8d:61:e1

Fingerprint (sha1): 3e:47:dd:61:2b:cb:85:37:ce:39:1f:15:4a:9e:b6:c8:9e:21:f8:1f
Fingerprint (sha256): 49:4d:17:eb:4c:91:ed:d8:6a:81:25:7d:d5:1f:10:6a:42:c5:04:97:bd:74:10:a0:7a:7b:6f:0f:0d:4e:82:bc

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com

Check the revocation status for certificate *.ideastoaction.lafargeholcim.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.ideastoaction.lafargeholcim.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.ideastoaction.lafargeholcim.com
ideastoaction.lafargeholcim.com

Other certificates including the domain name lafargeholcim.com

(limited to 100 certificates)
indwebiz.lafargeholcim.com
itasia.lafargeholcim.com
brandportal.lafargeholcim.com
brandportal.lafargeholcim.com
vanity2.jiveon.com
share.lafargeholcim.com
intranet.lafargeholcim.com
brandportal.lafargeholcim.com
vanity2.jiveon.com
intranet.lafargeholcim.com
vanity2.jiveon.com
*.lafargeholcim.com
portal.zonda.lafargeholcim.com
fiori-mea.lafargeholcim.com
connect.lafargeholcim.com
lq3-logon.lafargeholcim.com
vanity2.jiveon.com
intranet.lafargeholcim.com
integrityline.holcim.com
jarvis.lafargeholcim.com
seawebiz.lafargeholcim.com
intranet.lafargeholcim.com
fiori-mea.lafargeholcim.com
jarvis.lafargeholcim.com
qa1-fiori.lafargeholcim.com
vanity2.jiveon.com
vanity2.jiveon.com
share.lafargeholcim.com
connect.lafargeholcim.com
dv1-fiori.lafargeholcim.com
connect.lafargeholcim.com
dv1-fiori.lafargeholcim.com
share.lafargeholcim.com
integrity.lafargeholcim.com
vanity2.jiveon.com
vanity2.jiveon.com
intranet-demo.lafargeholcim.com
brandportal.lafargeholcim.com
jarvis.lafargeholcim.com
intranet.lafargeholcim.com
vanity2.jiveon.com
intranet-demo.lafargeholcim.com
share.lafargeholcim.com
jarvis.lafargeholcim.com
vanity2.jiveon.com
financialreports.lafargeholcim.com
connect.lafargeholcim.com
vanity2.jiveon.com
vanity2.jiveon.com
connect.lafargeholcim.com
brandportal.lafargeholcim.com
indwebiz.lafargeholcim.com
*.lafargeholcim.com
*.ideastoaction.lafargeholcim.com
vanity2.jiveon.com
integrity.lafargeholcim.com
*.lafargeholcim.com
itemea.lafargeholcim.com
brandportal.lafargeholcim.com
share.lafargeholcim.com
lp1-mobile-logon.lafargeholcim.com
itemea.lafargeholcim.com
*.ideastoaction.lafargeholcim.com
itasia.lafargeholcim.com
portal.dev.zonda.lafargeholcim.com
integrity.lafargeholcim.com
share.lafargeholcim.com
vanity2.jiveon.com
itasia.lafargeholcim.com
vanity2.jiveon.com
brandportal.lafargeholcim.com
portal.qa.zonda.lafargeholcim.com
intranet.lafargeholcim.com
itasia.lafargeholcim.com
brandportal.lafargeholcim.com
vanity2.jiveon.com
brandportal.lafargeholcim.com
lp1-mobile-logon.lafargeholcim.com
intranet.lafargeholcim.com
vanity2.jiveon.com
*.lafargeholcim.com
share.lafargeholcim.com
indwebiz.lafargeholcim.com
share.lafargeholcim.com
*.lafargeholcim.com
vanity2.jiveon.com
www.holcim.com
vanity2.jiveon.com
connect.lafargeholcim.com
connect.lafargeholcim.com
brandportal.lafargeholcim.com
intranet.lafargeholcim.com
itemea.lafargeholcim.com
connect.lafargeholcim.com
vanity2.jiveon.com
vanity2.jiveon.com
vanity2.jiveon.com
football.lafargeholcim.com
connect.lafargeholcim.com
vanity2.jiveon.com

Certificate

The complete raw certificate details for *.ideastoaction.lafargeholcim.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIH6TCCBtGgAwIBAgIRAIhrfwowmudNOBYtV1m+JpMwDQYJKoZIhvcNAQELBQAw
gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE
AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xOTA2MTcwMDAwMDBaFw0yMTA3MTMyMzU5NTlaMIGmMSEwHwYDVQQLExhE
b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxNzA1BgNVBAsTLklzc3VlZCB0aHJvdWdo
IExhZmFyZ2VIb2xjaW0gTHRkIEUtUEtJIE1hbmFnZXIxHDAaBgNVBAsTE0NPTU9E
TyBTU0wgV2lsZGNhcmQxKjAoBgNVBAMMISouaWRlYXN0b2FjdGlvbi5sYWZhcmdl
aG9sY2ltLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+9XvQr
cTURpc3gSa87sj0DeIgSIIKp8s/0iOCukt1sBv6VhvZBZmAT6RLKeaKhd7MwZOpF
TuW77kUd/hHqNH7CkXnN4svGvAcNc88VTa2k1aIewsvwHnb8TRon5RRrEIMgO0g2
t+0pYMwMZsxmTq5uftUxk36PXbF5Hc9HzI6PflodaSURrTWurpSIo4U5SGt1gdS4
Btim91XnjP/Ju+H4OsulHH4DD0A0L5akvtrrKggIs+SWmm4LiG5I5Olj6zTXpPhN
eEvdpUIzlbFjrBlgNwtNx4Rp0ueD9OT7kO2oBx5Qkk3ifeffPuTdchQxyecBOwHG
glGG2IRa+vpqhz/N/rboMpJZnPMjXv0Sf3o7KmCgQHbQJVDKUVdoQeMS6LyvvMSg
PELjGsxXuKwmwKY4firgl5gfHxfc4qK6ZLbMSVt1H4jHBkBvy98l1sXGh/v5L2B8
eWn9DuOCmbzwWAtwGvBbPI/z6ry6c6UpJht4uTUOZjhdueDsPoFfTzJtSzeahJIO
c0sE9sFHveVXeFd68bDLWJkHLQgheBdOhDY89JdKktL/ZNIZxq+F/l6VrXzY0Xy7
y2P/xXZeAL3zHSN8aaBbxizkzslv1Pl2HUm4pAR8HquEOPWEVmCjc0nIeJAn93mi
FjO8QxTUI6AW6iJzI8i2rEUyLR2PbZ0OvyzTAgMBAAGjggMlMIIDITAfBgNVHSME
GDAWgBSNjF7EVK2K4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQU97Hf1jOmLOrna84D
v+djr0+WFBUwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcw
JTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIB
MIGEBggrBgEFBQcBAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGln
by5jb20vU2VjdGlnb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j
cnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tME0GA1UdEQRG
MESCISouaWRlYXN0b2FjdGlvbi5sYWZhcmdlaG9sY2ltLmNvbYIfaWRlYXN0b2Fj
dGlvbi5sYWZhcmdlaG9sY2ltLmNvbTCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFp
AHcAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFrZZl6CwAABAMA
SDBGAiEAjiWj/dSvRt9lwC9+/myZS+o7C1l33wv3d22GOQynyw8CIQC6zYj884cz
6jHXE1g44op5i29rAmxrW2sF8ihcqEKN9QB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+
2MsxtT/TM5a1toGoAAABa2Wf2vgAAAQDAEgwRgIhALbeDxV/eStuwYZ9EHMkeAXH
7iJSoHdO+9O35zpX1+3lAiEAjm5Sg4mGBVRVQcCDiDCoFDwoISNtTUR/IYbVkUO6
44sAdQBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWtlmXorAAAE
AwBGMEQCIBPPpBrd1Y3J4CaUQGyHSRElRGlFazuwtfNW+YNChQePAiBMU+FoExfy
cbQ6CsAXCk9vgbQrjwtUmGVlwl/qvcrAhzANBgkqhkiG9w0BAQsFAAOCAQEA1M7d
ykBPL+1Wmcr4+jRaA+zPHSGdhZB0SsCU5oGvv159pa7PlKzTXw9dwBxgtgBEyfmT
84pHPENkekL1is0HCZcyqwpSopmtbCWRDFP0m5E0P+QMthK+ewQuL65W+2hdsEXD
Ct8e66h1kyf3oUUl5+VXhe3LVEOBTqRO+u6AfSb/n16kzcig/APACLC4hI1YrTkw
us2ShdCnWSrQeJLCE4W3stbKl/zLphIY2oIGyz8nvZoDfRSxODPmW2W4NG6LAvIV
mIJIr4azpjd/fcAc33Q5GtBg2m9g9tkeHd/66n5ftto07giAiNsfRPge5X2lLVTT
mZv1c0h2ECnHGnn1Dw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr71e9CtxNRGlzeBJrzuy
PQN4iBIggqnyz/SI4K6S3WwG/pWG9kFmYBPpEsp5oqF3szBk6kVO5bvuRR3+Eeo0
fsKRec3iy8a8Bw1zzxVNraTVoh7Cy/AedvxNGiflFGsQgyA7SDa37SlgzAxmzGZO
rm5+1TGTfo9dsXkdz0fMjo9+Wh1pJRGtNa6ulIijhTlIa3WB1LgG2Kb3VeeM/8m7
4fg6y6UcfgMPQDQvlqS+2usqCAiz5JaabguIbkjk6WPrNNek+E14S92lQjOVsWOs
GWA3C03HhGnS54P05PuQ7agHHlCSTeJ9598+5N1yFDHJ5wE7AcaCUYbYhFr6+mqH
P83+tugyklmc8yNe/RJ/ejsqYKBAdtAlUMpRV2hB4xLovK+8xKA8QuMazFe4rCbA
pjh+KuCXmB8fF9ziorpktsxJW3UfiMcGQG/L3yXWxcaH+/kvYHx5af0O44KZvPBY
C3Aa8Fs8j/PqvLpzpSkmG3i5NQ5mOF254Ow+gV9PMm1LN5qEkg5zSwT2wUe95Vd4
V3rxsMtYmQctCCF4F06ENjz0l0qS0v9k0hnGr4X+XpWtfNjRfLvLY//Fdl4AvfMd
I3xpoFvGLOTOyW/U+XYdSbikBHweq4Q49YRWYKNzSch4kCf3eaIWM7xDFNQjoBbq
InMjyLasRTItHY9tnQ6/LNMCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 181333159863955621514701260865882957459
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Domain Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-17 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-07-13 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Domain Control Validated'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Issued through LafargeHolcim Ltd E-PKI Manager'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'COMODO SSL Wildcard'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.ideastoaction.lafargeholcim.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 716955547539577650449872874950480600315137907469426575147339042519490811446977192075472818767677171742340946519397828107577590385969106473585532253867248428348067003517828041626573492593473394014980482638865914914413140913342984635596751317352224696290953312975336736871447101340152499612669525076105229169136042410107734168884548942386664841144072307099270251820117076416789156281521549636649970354191167900033039702895010734234292578684760408299499715309988385100339858253280191795583457862137721730207213094247638403290877004867771105325595010618891141944178916021057554814743008972583067207726538456988539125196124968664062170644217377782960438530802792344674514441852043846215062558674783942148895138049669310457253492783393026290274922200330406280753509714812345332509319851046488370970077175586048537177172270758952446623848506148655941700451464285229829566492412889672168858470902711390942245698162578279331022215520156811804774689812795901498757087761270876864424494178140294805076941162809109780214089521852210224777207389363308368764664785530988465526319166070157291619880591674688207553567786554787906906398411173139403349421822379647224956906329503985732385020132742513237430808897971612719453860927366670752882884553939
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 8d8c5ec454ad8ae177e99bf99b05e1b8018d61e1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f7b1dfd633a62ceae76bce03bfe763af4f961415
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (120 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ideastoaction.lafargeholcim.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ideastoaction.lafargeholcim.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016b65997a0b00000403004830460221008e25a3fdd4af46df65c02f7efe6c994bea3b0b5977df0bf7776d86390ca7cb0f022100bacd88fcf38733ea31d7135838e28a798b6f6b026c6b5b6b05f2285ca8428df50077004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000016b659fdaf80000040300483046022100b6de0f157f792b6ec1867d1073247805c7ee2252a0774efbd3b7e73a57d7ede50221008e6e5283898605545541c0838830a8143c2821236d4d447f2186d59143bae38b0075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000016b65997a2b0000040300463044022013cfa41addd58dc9e02694406c874911254469456b3bb0b5f356f9834285078f02204c53e1681317f271b43a0ac0170a4f6f81b42b8f0b54986565c25feabdcac087
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00d4ceddca404f2fed5699caf8fa345a03eccf1d219d8590744ac094e681afbf5e7da5aecf94acd35f0f5dc01c60b60044c9f993f38a473c43647a42f58acd07099732ab0a52a299ad6c25910c53f49b91343fe40cb612be7b042e2fae56fb685db045c30adf1eeba8759327f7a14525e7e55785edcb5443814ea44efaee807d26ff9f5ea4cdc8a0fc03c008b0b8848d58ad3930bacd9285d0a7592ad07892c21385b7b2d6ca97fccba61218da8206cb3f27bd9a037d14b13833e65b65b8346e8b02f215988248af86b3a6377f7dc01cdf74391ad060da6f60f6d91e1ddffaea7e5fb6da34ee088088db1f44f81ee57da52d54d3999bf57348761029c71a79f50f