*.deronline.de
- DER Touristik Deutschland GmbH -
Issued by Thawte RSA CA 2018
About this certificate
This digital certificate with serial number 0f:29:4a:3e:80:d7:16:a2:15:7f:53:df:af:ff:3c:2a was issued on by DigiCert Inc.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
DER Touristik Deutschland GmbH
Organization:
DER Touristik Deutschland GmbH
Organization unit: DERTOUR
Organization unit: DERTOUR
State / Province:
Nordrhein-Westfalen
Locality: Köln
Country: DE
Locality: Köln
Country: DE
DigiCert Inc
Organization:
DigiCert Inc
Organization unit: www.digicert.com
Organization unit: www.digicert.com
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 0f:29:4a:3e:80:d7:16:a2:15:7f:53:df:af:ff:3c:2aSerial Number (int): 20152809958304519324660685309533436970
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: dd:f7:be:2c:94:5c:b3:03:05:a8:7e:02:9f:56:58:12:c2:aa:c5:77
AuthorityKeyId: a3:c8:5e:65:54:e5:30:78:c1:05:ea:07:0a:6a:59:cc:b9:fe:de:5a
Fingerprint (sha1): 9d:ed:d3:4f:2c:c2:ca:46:0a:57:34:27:ed:a0:cb:01:8d:58:8e:f6
Fingerprint (sha256): 4d:1f:9b:cc:67:c8:b3:0c:5f:f9:1d:78:30:90:33:77:43:27:9f:d7:14:73:cc:74:f9:a8:33:c3:46:11:6c:b9
Issuing Certificate URL: http://cacerts.thawte.com/ThawteRSACA2018.crt
Revocation information
OCSP Server: http://status.thawte.comCRL Distribution Point: http://cdp.thawte.com/ThawteRSACA2018.crl
Check the revocation status for certificate *.deronline.de
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.deronline.de
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.deronline.de
deronline.de
deronline.de
Other certificates including the domain name deronline.de
(limited to 100 certificates)
*.deronline.de
www.deronline.de
phxu.deronline.de
www.deronline.de
www6.deronline.de
*.deronline.de
www2.deronline.de
www1.deronline.de
www6.deronline.de
www1.deronline.de
www7.deronline.de
www3.deronline.de
www.deronline.de
*.deronline.de
*.deronline.de
www5.deronline.de
phxu-test.deronline.de
www.deronline.de
*.deronline.de
*.deronline.de
www2.deronline.de
phxu.deronline.de
www1.deronline.de
*.deronline.de
www2.deronline.de
www.deronline.de
www.deronline.de
phxu.deronline.de
www.deronline.de
www6.deronline.de
*.deronline.de
www2.deronline.de
www1.deronline.de
www6.deronline.de
www1.deronline.de
www7.deronline.de
www3.deronline.de
www.deronline.de
*.deronline.de
*.deronline.de
www5.deronline.de
phxu-test.deronline.de
www.deronline.de
*.deronline.de
*.deronline.de
www2.deronline.de
phxu.deronline.de
www1.deronline.de
*.deronline.de
www2.deronline.de
www.deronline.de
Certificate
The complete raw certificate details for *.deronline.de in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGIjCCBQqgAwIBAgIQDylKPoDXFqIVf1Pfr/88KjANBgkqhkiG9w0BAQsFADBc MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcN MTgwNjE5MDAwMDAwWhcNMTkwNjE5MTIwMDAwWjCBjzELMAkGA1UEBhMCREUxHDAa BgNVBAgTE05vcmRyaGVpbi1XZXN0ZmFsZW4xDjAMBgNVBAcMBUvDtmxuMScwJQYD VQQKEx5ERVIgVG91cmlzdGlrIERldXRzY2hsYW5kIEdtYkgxEDAOBgNVBAsTB0RF UlRPVVIxFzAVBgNVBAMMDiouZGVyb25saW5lLmRlMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA0KkVdrkwACqZnJEpn9tRFfjd4EHi1BszPqtzFEsQ7tm4 b7olJB+h8W9r3hVbpXCadUVGnpu9NZSBqWHvbRo51TeHGhQTgTKjGDtAWqFaT0+S NpfBl/5uT7bcqUVPAI8QhR+VJFn2SZTMf4oVkWTx9/ymEWIDeU3wj8iDwjR8XbNK Jq9a62EcXq5KAlFpfzoj4lkB8MbRzzyBEWkWEYaO14kqPoyVtMC5nQZTS1Jx0BXc mkm2qVSoDyGbutHxgekDurU+d8TAKF+3qnTPWPO19sTMq8amCNi8IM/oPxS+mkwC N8CBx/UMgLHdSJx6YyHLG8UciQhSnev+k2uK4p2HUwIDAQABo4ICqjCCAqYwHwYD VR0jBBgwFoAUo8heZVTlMHjBBeoHCmpZzLn+3lowHQYDVR0OBBYEFN33viyUXLMD Bah+Ap9WWBLCqsV3MCcGA1UdEQQgMB6CDiouZGVyb25saW5lLmRlggxkZXJvbmxp bmUuZGUwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF BQcDAjA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY2RwLnRoYXd0ZS5jb20vVGhh d3RlUlNBQ0EyMDE4LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsG AQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjBv BggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9zdGF0dXMudGhhd3Rl LmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL2NhY2VydHMudGhhd3RlLmNvbS9UaGF3 dGVSU0FDQTIwMTguY3J0MAkGA1UdEwQCMAAwggEEBgorBgEEAdZ5AgQCBIH1BIHy APAAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWQXVxvGAAAE AwBHMEUCIGydynaip1EjKbMuEA9v+OQBK/z0VWQJbFTvVa/9EWubAiEAvNEGK46V PfI8mUfWsxTF3eVURp+bx3BTJnvV6YWGBHcAdgCHdb/nWXz4jEOZX73zbv9WjUdW Nv9KtWDBtOr/XqCDDwAAAWQXVxx6AAAEAwBHMEUCIQCOv4kjASiAhDrDIEKk5mB9 V7+Id3ksRQaRVRfeMD4UVAIgaZ9vQ8HFdxxI9dsYnTQGV/wJedsjKbFLfnQ0wiii hYMwDQYJKoZIhvcNAQELBQADggEBAKehc3pw/Vk8kqHTRDKmQBIwLZP5EaBCcWYG msm8R8x0CoYTUpm4UK9K7jIgF/0xsMUOZy1HTlRoWdT7WPNkAyAba9NKdE/U8cZY BemPHz59MW8ZX/RdOpz1yYBHwsum/WnQy+OnKY5RAbd5ePBathXF5aKAKasYNUi8 ZgXOm2Tym4qu1tnonqDuELoZpVL1pQPHgVMY68fK6FyjxWmGnrSkPteFDib2MuXu MpA8rCwedarH4FUV4hDb54YFt2+ZSox2ekatw8iYlQ7sMk67Bt3jGWK6YrRNyvOL H4t5b2veUhWSqRQVI78zJtOS8813mMIQB6g+G1xN3BDQrF7es3M= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KkVdrkwACqZnJEpn9tR Ffjd4EHi1BszPqtzFEsQ7tm4b7olJB+h8W9r3hVbpXCadUVGnpu9NZSBqWHvbRo5 1TeHGhQTgTKjGDtAWqFaT0+SNpfBl/5uT7bcqUVPAI8QhR+VJFn2SZTMf4oVkWTx 9/ymEWIDeU3wj8iDwjR8XbNKJq9a62EcXq5KAlFpfzoj4lkB8MbRzzyBEWkWEYaO 14kqPoyVtMC5nQZTS1Jx0BXcmkm2qVSoDyGbutHxgekDurU+d8TAKF+3qnTPWPO1 9sTMq8amCNi8IM/oPxS+mkwCN8CBx/UMgLHdSJx6YyHLG8UciQhSnev+k2uK4p2H UwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 20152809958304519324660685309533436970 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte RSA CA 2018' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-06-19 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-19 12:00:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Nordrhein-Westfalen' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Köln' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DER Touristik Deutschland GmbH' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DERTOUR' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.deronline.de' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26340945783390950218128634068509885767432280416991893729915474898307975684877565591570879185129383959833570048339148033020830489033123127186169733879758722750790414775934248728686444001302518587892214502346363271825605622410127707687834953370405015830416899032152581789144542718717343928051776195990768033645807333643102931518588920587869118340130135186287195655020836990418176080331380899850409295993925150211417824102454128315192182549800368234223400632015852234515886514185017015742735671476133356690186705078185998969281580201907280610976178106579310248132250298926754927976170200402870426735756959589098860676947 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a3c85e6554e53078c105ea070a6a59ccb9fede5a . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) ddf7be2c945cb30305a87e029f565812c2aac577 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.deronline.de' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'deronline.de' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (51 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteRSACA2018.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteRSACA2018.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f0007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016417571bc6000004030047304502206c9dca76a2a7512329b32e100f6ff8e4012bfcf45564096c54ef55affd116b9b022100bcd1062b8e953df23c9947d6b314c5dde554469f9bc77053267bd5e9858604770076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016417571c7a00000403004730450221008ebf8923012880843ac32042a4e6607d57bf8877792c4506915517de303e14540220699f6f43c1c5771c48f5db189d340657fc0979db2329b14b7e7434c228a28583 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00a7a1737a70fd593c92a1d34432a64012302d93f911a0427166069ac9bc47cc740a86135299b850af4aee322017fd31b0c50e672d474e546859d4fb58f36403201b6bd34a744fd4f1c65805e98f1f3e7d316f195ff45d3a9cf5c98047c2cba6fd69d0cbe3a7298e5101b77978f05ab615c5e5a28029ab183548bc6605ce9b64f29b8aaed6d9e89ea0ee10ba19a552f5a503c7815318ebc7cae85ca3c569869eb4a43ed7850e26f632e5ee32903cac2c1e75aac7e05515e210dbe78605b76f994a8c767a46adc3c898950eec324ebb06dde31962ba62b44dcaf38b1f8b796f6bde521592a9141523bf3326d392f3cd7798c21007a83e1b5c4ddc10d0ac5edeb373