www.alange-soehne.com

- Richemont International SA -

Issued by DigiCert Global CA G2

About this certificate

This digital certificate with serial number 0c:e0:56:11:6e:17:f6:77:fe:09:1a:75:ec:3f:e0:24 was issued on by DigiCert Inc.

With 11 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Richemont International SA

Organization: Richemont International SA
Organization unit: ALS
State / Province: Genève
Locality: Bellevue
Country: CH

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0c:e0:56:11:6e:17:f6:77:fe:09:1a:75:ec:3f:e0:24
Serial Number (int): 17115556113907788939608330444071755812
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: b7:3e:bf:4a:8b:90:19:05:a1:b8:a8:7a:76:a7:b3:0c:cc:21:2c:75
AuthorityKeyId: 24:6e:2b:2d:d0:6a:92:51:51:25:69:01:aa:9a:47:a6:89:e7:40:20

Fingerprint (sha1): 49:0e:a5:7b:9c:b2:a8:ae:f8:87:17:fd:98:d3:de:36:b6:8b:63:a1
Fingerprint (sha256): 4e:6d:da:4d:cb:08:4e:c4:34:3e:1b:b3:ac:bd:99:fe:2b:6d:6e:04:21:55:7e:02:e0:e4:f8:1b:25:0b:03:e8

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalCAG2.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalCAG2.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalCAG2.crl

Check the revocation status for certificate www.alange-soehne.com

11

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.alange-soehne.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

admin.www2.alange-soehne.com
admin.www.alange-soehne.com
akademieapp.alange-soehne.com
alange-soehne.com
api.akademieapp.alange-soehne.com
contact.alange-soehne.com
forms.alange-soehne.com
press.alange-soehne.com
retailinfo.alange-soehne.com
service.alange-soehne.com
www.alange-soehne.com

Other certificates including the domain name alange-soehne.com

(limited to 100 certificates)
www.quality.alange-soehne.com
scan.preprod2.cartier.com
spark.dev.piaget.com
dam.richemont.com
www.alange-soehne.com
media.richemont.com
www.alange-soehne.com
www.quality.alange-soehne.com
linemedia.preprod.richemont.com
dam.richemont.com
preview-secure.alange-soehne.com
*.alange-soehne.com
www.alange-soehne.com
www.quality.alange-soehne.com
www.alange-soehne.com
www.quality.alange-soehne.com
linemedia.preprod.richemont.com
scan.preprod2.cartier.com
api.weboutique.quality.iwc.cn
www.alange-soehne.com
www.quality.alange-soehne.com
media.richemont.com
scan.dev.cartier.com
linemedia.preprod.richemont.com
forms.alange-soehne.com
www.quality.alange-soehne.com
www.quality.alange-soehne.com
www.alange-soehne.com
cartiercare.preprod2.cartier.com
www.alange-soehne.com
www.quality.alange-soehne.com
spark.preprod.piaget.com
www.quality.alange-soehne.com
www.alange-soehne.com
www.quality.alange-soehne.com
admin.www2.alange-soehne.com
scan.cartier.com
www.alange-soehne.com
scan.preprod.cartier.com
www.quality.alange-soehne.com
www.alange-soehne.com
scan.preprod2.cartier.com
linemedia.preprod.richemont.com
linemedia.preprod.richemont.com
scan.dev2.cartier.com
dam.richemont.com
spark.piaget.com
forms.alange-soehne.com
contact.alange-soehne.com
message.alange-soehne.com
media.richemont.com
press.alange-soehne.com
www.quality.alange-soehne.com
*.alange-soehne.com
www.quality.alange-soehne.com
icm.alange-soehne.com
secure.alange-soehne.com
www.quality.alange-soehne.com
www.alange-soehne.com
service.alange-soehne.com
www.alange-soehne.com
*.quality.alange-soehne.com
www.quality.alange-soehne.com
scan.dev2.cartier.com
www.quality.alange-soehne.com
www.alange-soehne.com
api.weboutique.quality.iwc.cn
dealer.alange-soehne.com
cfrsa-stg.rogerdubuis.com
scan.preprod3.cartier.com
spark.qual.piaget.com
www.alange-soehne.com
service.alange-soehne.com
message.alange-soehne.com
scan.preprod.cartier.com
spark.qual.piaget.com
www.alange-soehne.com
www.alange-soehne.com
www.alange-soehne.com
www.alange-soehne.com
www.quality.alange-soehne.com
spark.test.piaget.com
media.richemont.com
www.alange-soehne.com
www.alange-soehne.com
scan.dev2.cartier.com
scan.dev.cartier.com
www.quality.alange-soehne.com
cfrsa-dev.rogerdubuis.com
www.alange-soehne.com
service.alange-soehne.com
www.alange-soehne.com
www.quality.alange-soehne.com
cfrsa-dev.rogerdubuis.com
scan.preprod.cartier.com
www.quality.alange-soehne.com
www.quality.alange-soehne.com
scan.dev.cartier.com
www.alange-soehne.com
service.alange-soehne.com

Certificate

The complete raw certificate details for www.alange-soehne.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHVzCCBj+gAwIBAgIQDOBWEW4X9nf+CRp17D/gJDANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVE
aWdpQ2VydCBHbG9iYWwgQ0EgRzIwHhcNMTkxMTA2MDAwMDAwWhcNMjAxMTMwMTIw
MDAwWjCBhTELMAkGA1UEBhMCQ0gxEDAOBgNVBAgMB0dlbsOodmUxETAPBgNVBAcT
CEJlbGxldnVlMSMwIQYDVQQKExpSaWNoZW1vbnQgSW50ZXJuYXRpb25hbCBTQTEM
MAoGA1UECxMDQUxTMR4wHAYDVQQDExV3d3cuYWxhbmdlLXNvZWhuZS5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDINAmA5+qWlgwfOwY4D+TnZ1EV
SQzf2GKcXfw2QtlQDmk5e5d68D2lXbiKMqG4seQ651AiXaaTAvDBFiSXYF+KSWT6
tnNbqA6aPv6Tv37W0yX/Q0o9OlH1jlA9GwuQVEU2NO1KNrAkb3/jLwSj1Up5iPzO
NlKSeexgHnv14/EsoORXDy1n5H4UNA/HwH9qIO7MEaeTC1hh5Dht4xTKtbYFWoST
v6HIu/DYsTDkJfCtnS34V1G9gJIKxCsoxtUL0VzliBfqPALPsOt3bsCF+Mdap3Ex
P/JgaChunIeq8Cgjpq3yzBRkNy08zJ5TMbNHSV+TtGGwHNQNh1BPc/iyG0FLAgMB
AAGjggQBMIID/TAfBgNVHSMEGDAWgBQkbist0GqSUVElaQGqmkemiedAIDAdBgNV
HQ4EFgQUtz6/SouQGQWhuKh6dqezDMwhLHUwggE6BgNVHREEggExMIIBLYIcYWRt
aW4ud3d3Mi5hbGFuZ2Utc29laG5lLmNvbYIbYWRtaW4ud3d3LmFsYW5nZS1zb2Vo
bmUuY29tgh1ha2FkZW1pZWFwcC5hbGFuZ2Utc29laG5lLmNvbYIRYWxhbmdlLXNv
ZWhuZS5jb22CIWFwaS5ha2FkZW1pZWFwcC5hbGFuZ2Utc29laG5lLmNvbYIZY29u
dGFjdC5hbGFuZ2Utc29laG5lLmNvbYIXZm9ybXMuYWxhbmdlLXNvZWhuZS5jb22C
F3ByZXNzLmFsYW5nZS1zb2VobmUuY29tghxyZXRhaWxpbmZvLmFsYW5nZS1zb2Vo
bmUuY29tghlzZXJ2aWNlLmFsYW5nZS1zb2VobmUuY29tghV3d3cuYWxhbmdlLXNv
ZWhuZS5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjB3BgNVHR8EcDBuMDWgM6Axhi9odHRwOi8vY3JsMy5kaWdpY2VydC5j
b20vRGlnaUNlcnRHbG9iYWxDQUcyLmNybDA1oDOgMYYvaHR0cDovL2NybDQuZGln
aWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsQ0FHMi5jcmwwTAYDVR0gBEUwQzA3Bglg
hkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29t
L0NQUzAIBgZngQwBAgIwdAYIKwYBBQUHAQEEaDBmMCQGCCsGAQUFBzABhhhodHRw
Oi8vb2NzcC5kaWdpY2VydC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNlcnRz
LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbENBRzIuY3J0MAkGA1UdEwQCMAAw
ggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS
6BqQlmQ2jh7RhQAAAW5AVSQ7AAAEAwBHMEUCIQDSHyYzJZEkGw6yefO2Jusz0NPh
e/btl1MWlMg4fApy5AIgQe/4s0DxZskR7APIIOz9brIdBi7Ol6ykJ8q1v6LwGS0A
dgBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAW5AVSPYAAAEAwBH
MEUCIGdlhwvGMGGDnkS1pLQ4knseBjx1iVeHkC1/7HpQJPAyAiEAvbEiqbycGsA5
60WWQUjuir4emUfjWQeZm5jEJay1aPQwDQYJKoZIhvcNAQELBQADggEBAGaD+taE
qgN18u2WtBZNM8YYE7GCh+91rX5Kmdyg12sc2fhvU1Ep9W6EVi7O3s2Kvo2D8uyJ
73Nya3YzTCoqGfyWvpsOn1zHsXzvftPmxgQbi6O+LrpaUGe4jukjWNGZX6lUXdCR
rskxWKMbIVPZ8czLsc3mDDN8sOHlul4v/7KWQx/7RG/86K0TPqphh0jq7+yFapH4
+enm+RTROUQga1AHQNmlg6QCCGzsCj03S4x3Sq875e9Af9i1dJ787AqipXNj9A+i
4pPGc1Wn9KrAA5yGoxcu3CVeYPcimVPbZDA9ZtQ92MQX+CNG0pvI9RHuqfQLlYgS
Obeo51qM6H1e/es=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDQJgOfqlpYMHzsGOA/k
52dRFUkM39hinF38NkLZUA5pOXuXevA9pV24ijKhuLHkOudQIl2mkwLwwRYkl2Bf
iklk+rZzW6gOmj7+k79+1tMl/0NKPTpR9Y5QPRsLkFRFNjTtSjawJG9/4y8Eo9VK
eYj8zjZSknnsYB579ePxLKDkVw8tZ+R+FDQPx8B/aiDuzBGnkwtYYeQ4beMUyrW2
BVqEk7+hyLvw2LEw5CXwrZ0t+FdRvYCSCsQrKMbVC9Fc5YgX6jwCz7Drd27AhfjH
WqdxMT/yYGgobpyHqvAoI6at8swUZDctPMyeUzGzR0lfk7RhsBzUDYdQT3P4shtB
SwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 17115556113907788939608330444071755812
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global CA G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-11-06 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-11-30 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Genève'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bellevue'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Richemont International SA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ALS'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.alange-soehne.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25273321455039311889357184473929466265082248618131859248047184771907226371465128072959232863687550946823405682605568500773801984303832581466949114497017371171952273767672290411379799247060914600517628626055991169293541535014146802579418260589982905519168818439883275296551127476087151057402668405073444438582598546236730247509696508593753920045359739109469213104787633767618421918986511962577952208889528019360483095824133649244691899632328408538667249261358355339267794188930252517412127150954891814904387758222683208498157708502253486551840366090033763944387130771739800800175079173879666534610936548074639356281163
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 246e2b2dd06a925151256901aa9a47a689e74020
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b73ebf4a8b901905a1b8a87a76a7b30ccc212c75
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (305 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'admin.www2.alange-soehne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'admin.www.alange-soehne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'akademieapp.alange-soehne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'alange-soehne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.akademieapp.alange-soehne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'contact.alange-soehne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'forms.alange-soehne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'press.alange-soehne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'retailinfo.alange-soehne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'service.alange-soehne.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.alange-soehne.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (112 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalCAG2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016e4055243b0000040300473045022100d21f26332591241b0eb279f3b626eb33d0d3e17bf6ed97531694c8387c0a72e4022041eff8b340f166c911ec03c820ecfd6eb21d062ece97aca427cab5bfa2f0192d0076005ea773f9df56c0e7b536487dd049e0327a919a0c84a1121284187596817145580000016e405523d8000004030047304502206765870bc63061839e44b5a4b438927b1e063c75895787902d7fec7a5024f032022100bdb122a9bc9c1ac039eb45964148ee8abe1e9947e35907999b98c425acb568f4
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		006683fad684aa0375f2ed96b4164d33c61813b18287ef75ad7e4a99dca0d76b1cd9f86f535129f56e84562ecedecd8abe8d83f2ec89ef73726b76334c2a2a19fc96be9b0e9f5cc7b17cef7ed3e6c6041b8ba3be2eba5a5067b88ee92358d1995fa9545dd091aec93158a31b2153d9f1cccbb1cde60c337cb0e1e5ba5e2fffb296431ffb446ffce8ad133eaa618748eaefec856a91f8f9e9e6f914d13944206b500740d9a583a402086cec0a3d374b8c774aaf3be5ef407fd8b5749efcec0aa2a57363f40fa2e293c67355a7f4aac0039c86a3172edc255e60f7229953db64303d66d43dd8c417f82346d29bc8f511eea9f40b95881239b7a8e75a8ce87d5efdeb