*.travelbank.com

- U.S. Bank, National Association -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 47:07:70:c7:63:51:a5:7b:76:38:8e:62:9a:04:07:ab was issued on by Entrust, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

U.S. Bank, National Association

Organization: U.S. Bank, National Association
State / Province: Minnesota
Locality: Richfield
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 47:07:70:c7:63:51:a5:7b:76:38:8e:62:9a:04:07:ab
Serial Number (int): 94413821205756440526900534535551977387
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: b7:41:30:cc:ff:a7:51:8c:4d:ed:13:17:e8:ac:e0:07:3b:61:eb:84
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 71:ac:5c:08:85:4a:1b:24:bf:59:d2:1d:17:44:59:b3:69:59:a2:b5
Fingerprint (sha256): 4d:b9:e7:c6:e9:94:35:dc:cb:51:4f:dd:82:f1:1c:b3:7b:34:10:33:b8:f3:3b:e6:3b:88:a1:64:cb:03:30:a1

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate *.travelbank.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.travelbank.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.travelbank.com

Other certificates including the domain name travelbank.com

(limited to 100 certificates)
estatus.facturame.mx
softwarealternatives.net
estatus.facturame.mx
estatus.facturame.mx
www.elaina.nl
estatus.facturame.mx
turtleapp.com.au
prod.travelbank.com
estatus.facturame.mx
uat.travelbank.com
estatus.facturame.mx
robertholmberg.fi
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
www.easycrypto.com.au
estatus.facturame.mx
instashop.bio
www.patrickodenborg.com
admin.cidadegestao.com.br
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
status.beeketing.com
cdn.love4succulents.com
estatus.facturame.mx
app.mcsloyconstruction.com
docs.travelbank.com
support.travelbank.com
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
www.bendayan.com.br
*.vpc.travelbank.com
estatus.facturame.mx
estatus.facturame.mx
docs.travelbank.com
beta-app.travelbank.com
estatus.facturame.mx
cmckenzie.net
estatus.facturame.mx
firebasetest.mglsk.be
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
www.designhero.app
estatus.facturame.mx
aoseulado.edenred.pt
marketplace.travelbank.com
salesloft.travelbank.com
estatus.facturame.mx
liberetti.com
estatus.facturame.mx
estatus.facturame.mx
*.travelbank.com
*.travelbank.com
estatus.facturame.mx
centaureducation.com
silinna.com
estatus.facturame.mx
estatus.facturame.mx
email.travelbank.com
docs.travelbank.com
estatus.facturame.mx
email.travelbank.com
status.beeketing.com
aharecharge.com
estatus.facturame.mx
estatus.facturame.mx
*.vpc.travelbank.com
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
status.beeketing.com
estatus.facturame.mx
estatus.facturame.mx
travelbank.com
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
actions.content.b-dev.brd.so
dlh-hayati-kotim.rinjani-parahita.com
www.promounters.com
salesloft.travelbank.com
www.thatfreshlist.com
www.suomhosty.fi
estatus.facturame.mx
estatus.facturame.mx
estatus.facturame.mx
create.appsaur.com
email.travelbank.com
designhero.app

Certificate

The complete raw certificate details for *.travelbank.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGljCCBX6gAwIBAgIQRwdwx2NRpXt2OI5imgQHqzANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDAzMjcxMjQ2MTlaFw0yNTAzMjcxMjQ2MThaMHoxCzAJBgNVBAYTAlVTMRIwEAYD
VQQIEwlNaW5uZXNvdGExEjAQBgNVBAcTCVJpY2hmaWVsZDEoMCYGA1UEChMfVS5T
LiBCYW5rLCBOYXRpb25hbCBBc3NvY2lhdGlvbjEZMBcGA1UEAwwQKi50cmF2ZWxi
YW5rLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMpGO/+Uk/fi
tf8pP/FlaKduQz9h9pG9vJfcx1aAevdZSRcpagBpibwKiWfp+5k/KWoSKDE5jrr0
bmOpWn0Jyhlxg6k7qWeY2OPiNBweDrvWt3X/YVzIvfJlgGm0u+NDi2WX1/GK47rc
i4D4Pit8XUUKs4t5wPNp/bQGMGe0v9pvS6epNVPvFObyplB+aaz3i47KwJdrhpqU
HkrPfDrMYz+7Gw8KFefM90PPNqtruug2x8o3mE0f6F8eqMtikJZtFt1mWnvHQTNc
8u5rDr7z30UAkP6pemlyC6TvdLXNMYmb8vySf8aqG9ZDR3AVSaRPGK5mivSW7iR0
l6qa0qts0UkCAwEAAaOCAtUwggLRMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFLdB
MMz/p1GMTe0TF+is4Ac7YeuEMB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DG
Cky/MGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50
cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFr
LWNoYWluMjU2LmNlcjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1
c3QubmV0L2xldmVsMWsuY3JsMBsGA1UdEQQUMBKCECoudHJhdmVsYmFuay5jb20w
DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAT
BgNVHSAEDDAKMAgGBmeBDAECAjCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcA
5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGOf/J1FgAABAMASDBG
AiEA6Zg+cd97boT1r31XY+8qLCafRtr4DrniN+XRg4o4WG4CIQCKVm6hOfSLniMY
zJl6hpknlExwomXDv6PBh8l4IOg3PAB1AE51oydcmhDDOFts1N8/Uusd8OCOG41p
wLH6ZLFimjnfAAABjn/ydQMAAAQDAEYwRAIgZ8dOqNNZwg1M2Sw8lRTxDcr8VMb9
JkPyxAaKjXNo1NYCIAM5gUx4gvXyKlJtldN292K0TvdVREfi+EQHJYT/lgjvAHcA
ouMK5EXvva2bfjjtR2d3U9eCW4SU1yteGyzEuVCkR+cAAAGOf/J1QAAABAMASDBG
AiEAudLKBGxyXVxITY+tgSRSvu2sXh1XRPzR8hT3+jqepc8CIQDyYT+w7eE/9YvG
FWCYQKBPI1K8jR2LsIGF+/PgIUnxOjANBgkqhkiG9w0BAQsFAAOCAQEAGZYl7yNM
H1EPdyUepFRDbGJtRrYKRQCz3I9erXvUSNFXp/z/ZEWV3htSTM6UvKXY9t9TRVFB
ZSrnXWtiHrj011J6ZOgPF0EfWKAeAmxpjtJcQaJ6o1+mPVuLCP6O0NRkwuA9lAZr
6R1AjOCoeMIVzFzFOV8UZ0Nn+65HC8LXd0sNQ8yL+0kWElxJQuqz1x6BBCr/Jv7c
l+CvGHq/h0ta+mtOT3p1fBVbiquFV4wPR8iSDw/eHQggQHOUNxdqO2XQIgxVv3f5
2WlX7nL1QpJ/I6Guhn0CV8yu68Gy7WCZUF/GztxL+afNusB1gLAkRh3DAMPl4Pfl
CI90RQn3DUnY5g==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykY7/5ST9+K1/yk/8WVo
p25DP2H2kb28l9zHVoB691lJFylqAGmJvAqJZ+n7mT8pahIoMTmOuvRuY6lafQnK
GXGDqTupZ5jY4+I0HB4Ou9a3df9hXMi98mWAabS740OLZZfX8YrjutyLgPg+K3xd
RQqzi3nA82n9tAYwZ7S/2m9Lp6k1U+8U5vKmUH5prPeLjsrAl2uGmpQeSs98Osxj
P7sbDwoV58z3Q882q2u66DbHyjeYTR/oXx6oy2KQlm0W3WZae8dBM1zy7msOvvPf
RQCQ/ql6aXILpO90tc0xiZvy/JJ/xqob1kNHcBVJpE8YrmaK9JbuJHSXqprSq2zR
SQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 94413821205756440526900534535551977387
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-27 12:46:19 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-27 12:46:18 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Minnesota'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Richfield'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'U.S. Bank, National Association'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.travelbank.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25534771461120660379606804983118467648968702418676623604183839846229277812465014954089480766367002490741966608203127785749277125056583058355000299787449907448488410608726871392150005251952118783559392176606353041295943719234956105234127533700170451998826006113226820709936156089381744162937953812702540952031499872697024561966408048236191540857961529552567435699032024662485519151150022906529467524311017460070790369445225808173701853015702884022907363313268865416605154331924656421425746719566566293793538354612502702214517894149591041583807474756370864907953408276683775880180965462494619146944503944053884424343881
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b74130ccffa7518c4ded1317e8ace0073b61eb84
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.travelbank.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007700e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018e7ff275160000040300483046022100e9983e71df7b6e84f5af7d5763ef2a2c269f46daf80eb9e237e5d1838a38586e0221008a566ea139f48b9e2318cc997a869927944c70a265c3bfa3c187c97820e8373c0075004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018e7ff275030000040300463044022067c74ea8d359c20d4cd92c3c9514f10dcafc54c6fd2643f2c4068a8d7368d4d602200339814c7882f5f22a526d95d376f762b44ef7554447e2f844072584ff9608ef007700a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018e7ff275400000040300483046022100b9d2ca046c725d5c484d8fad812452beedac5e1d5744fcd1f214f7fa3a9ea5cf022100f2613fb0ede13ff58bc615609840a04f2352bc8d1d8bb08185fbf3e02149f13a
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00199625ef234c1f510f77251ea454436c626d46b60a4500b3dc8f5ead7bd448d157a7fcff644595de1b524cce94bca5d8f6df53455141652ae75d6b621eb8f4d7527a64e80f17411f58a01e026c698ed25c41a27aa35fa63d5b8b08fe8ed0d464c2e03d94066be91d408ce0a878c215cc5cc5395f14674367fbae470bc2d7774b0d43cc8bfb4916125c4942eab3d71e81042aff26fedc97e0af187abf874b5afa6b4e4f7a757c155b8aab85578c0f47c8920f0fde1d082040739437176a3b65d0220c55bf77f9d96957ee72f542927f23a1ae867d0257ccaeebc1b2ed6099505fc6cedc4bf9a7cdbac07580b024461dc300c3e5e0f7e5088f744509f70d49d8e6