*.eval.janrainengage.com

- JanRain, Inc. -

Issued by DigiCert SHA2 High Assurance Server CA

About this certificate

This digital certificate with serial number 05:23:d9:c9:96:dd:b2:bf:62:61:dd:8d:25:06:e1:5b was issued on by DigiCert Inc.

With 13 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

JanRain, Inc.

Organization: JanRain, Inc.
Organization unit: Operations
State / Province: OR
Locality: Portland
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 05:23:d9:c9:96:dd:b2:bf:62:61:dd:8d:25:06:e1:5b
Serial Number (int): 6832287623408724302119308647226335579
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 25:ab:0b:2d:4c:19:17:4b:27:c1:83:4e:ac:df:7f:b9:f8:c0:81:69
AuthorityKeyId: 51:68:ff:90:af:02:07:75:3c:cc:d9:65:64:62:a2:12:b8:59:72:3b

Fingerprint (sha1): 51:00:f0:e2:c6:04:39:aa:ac:ae:39:de:f1:95:72:0e:0b:67:8b:5a
Fingerprint (sha256): 54:1f:5e:00:d2:22:2c:20:22:e6:9d:a2:c2:a9:24:ba:31:48:1b:6e:6d:bd:b4:65:80:e6:91:4b:a0:0d:a3:9d

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/sha2-ha-server-g6.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ha-server-g6.crl

Check the revocation status for certificate *.eval.janrainengage.com

13

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.eval.janrainengage.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.eval.janrainengage.com
eval.janrainengage.com
uc11.janrainengage.com
atlas.myob.net
login.canada.com
login.kinek.com
login.npr.org
login.servicelive.com
signin.opensesame.com
signin.ifwerantheworld.com
signin.etoro.com
login.doctoroz.com
login.jobscout24.ch

Other certificates including the domain name janrainengage.com

(limited to 100 certificates)
*.rpxnow.com
uc17.janrainengage.com
uc13.janrainengage.com
uc12.janrainengage.com
uc16.janrainengage.com
uc13.janrainengage.com
uc18.janrainengage.com
uc16.janrainengage.com
uc18.janrainengage.com
uc18.janrainengage.com
uc14.janrainengage.com
uc16.janrainengage.com
uc17.janrainengage.com
uc16.janrainengage.com
uc16.janrainengage.com
uc16.janrainengage.com
*.rpxnow.com
uc17.janrainengage.com
uc13.janrainengage.com
uc17.janrainengage.com
uc18.janrainengage.com
uc16.janrainengage.com
uc17.janrainengage.com
*.eval.janrainengage.com
uc18.janrainengage.com
uc18.janrainengage.com
uc15.janrainengage.com
uc16.janrainengage.com
uc18.janrainengage.com
uc17.janrainengage.com
uc17.janrainengage.com
uc17.janrainengage.com
uc17.janrainengage.com
uc16.janrainengage.com
uc13.janrainengage.com
uc17.janrainengage.com
*.eval.janrainengage.com
uc15.janrainengage.com
uc09.janrainengage.com
*.eval.janraincapture.com
uc16.janrainengage.com
*.eval.janrainengage.com
uc18.janrainengage.com
uc17.janrainengage.com
uc18.janrainengage.com
uc17.janrainengage.com
uc15.janrainengage.com
uc17.janrainengage.com
uc18.janrainengage.com
uc18.janrainengage.com
uc16.janrainengage.com
uc17.janrainengage.com
uc18.janrainengage.com
uc17.janrainengage.com
uc17.janrainengage.com
*.eval.janrainengage.com
uc14.janrainengage.com
uc18.janrainengage.com
uc17.janrainengage.com
uc18.janrainengage.com
*.eval.janrainengage.com
uc16.janrainengage.com
uc16.janrainengage.com
uc17.janrainengage.com
uc15.janrainengage.com
uc15.janrainengage.com
uc18.janrainengage.com
uc17.janrainengage.com
uc17.janrainengage.com
*.rpxnow.com
uc18.janrainengage.com
*.rpxnow.com
*.rpxnow.com
uc18.janrainengage.com
uc09.janrainengage.com
uc17.janrainengage.com
uc18.janrainengage.com
uc17.janrainengage.com
uc17.janrainengage.com
uc19.janrainengage.com
uc17.janrainengage.com
uc17.janrainengage.com
uc18.janrainengage.com
uc16.janrainengage.com
uc17.janrainengage.com
*.rpxnow.com
uc16.janrainengage.com
uc15.janrainengage.com
uc17.janrainengage.com
uc12.janrainengage.com
uc18.janrainengage.com
uc09.janrainengage.com
uc16.janrainengage.com
uc18.janrainengage.com
uc18.janrainengage.com
uc18.janrainengage.com
uc09.janrainengage.com
uc18.janrainengage.com
uc16.janrainengage.com
uc18.janrainengage.com

Certificate

The complete raw certificate details for *.eval.janrainengage.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHbjCCBlagAwIBAgIQBSPZyZbdsr9iYd2NJQbhWzANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0xODA4MjMwMDAwMDBaFw0xOTA5MTMxMjAwMDBa
MH0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPUjERMA8GA1UEBxMIUG9ydGxhbmQx
FjAUBgNVBAoTDUphblJhaW4sIEluYy4xEzARBgNVBAsTCk9wZXJhdGlvbnMxITAf
BgNVBAMMGCouZXZhbC5qYW5yYWluZW5nYWdlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMyEvpe8rm05BOsMSAPHat5O9X/kSqSVEuefMgbgoEEj
JSSXvoDmnGr0GgmkxbxZYYFl+Ltxr7wvcKQSIE+EET2smuSAKSdz8UgL8Jclib21
iIZDqHFuNvg6jsc+n7bYVaeKQSuMXOhHp+ZlIhHCqaR0impqFoi1K/tRmCMs96he
0EunhTZQSpyOHfMjS4TtWAkoM8UYyR0nMRRqXxcKwR3i20hFLNwtOuH/uL17tFso
uNM+Vu+CeUJ/lQmIYrzKjEWOHMUq0zPeuT5phBA7D2o+ZPd593h/xH1gb/SInwA8
ZGhZeQ/caQ2pqhkpkIx10Cs/iigsnUEy0clNHK8zjwcCAwEAAaOCA/UwggPxMB8G
A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBQlqwstTBkX
SyfBg06s33+5+MCBaTCCAR4GA1UdEQSCARUwggERghgqLmV2YWwuamFucmFpbmVu
Z2FnZS5jb22CFmV2YWwuamFucmFpbmVuZ2FnZS5jb22CFnVjMTEuamFucmFpbmVu
Z2FnZS5jb22CDmF0bGFzLm15b2IubmV0ghBsb2dpbi5jYW5hZGEuY29tgg9sb2dp
bi5raW5lay5jb22CDWxvZ2luLm5wci5vcmeCFWxvZ2luLnNlcnZpY2VsaXZlLmNv
bYIVc2lnbmluLm9wZW5zZXNhbWUuY29tghpzaWduaW4uaWZ3ZXJhbnRoZXdvcmxk
LmNvbYIQc2lnbmluLmV0b3JvLmNvbYISbG9naW4uZG9jdG9yb3ouY29tghNsb2dp
bi5qb2JzY291dDI0LmNoMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGln
aWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2Ny
bDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBD
MDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2Vy
dC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzAB
hhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9j
YWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8A
dgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWVnp1PoAAAEAwBH
MEUCIQCSXrLUd5Jpnna/UfhFcsIdA8BqimLvNSd9C5DDpVVyRAIgXIQEzlmHOBka
i3fxWs1GEgcPUeOuoDmt5cTvWmbZEccAdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9K
tWDBtOr/XqCDDwAAAWVnp1O6AAAEAwBGMEQCIGY81mpZ+GKra8nmIxrt8ThWsoIm
hkwgzSQc0d67e6vDAiBoMtMoHXj7VrtRBk3/DGGKMfUv81w7oeinhVf7IIR9MTAN
BgkqhkiG9w0BAQsFAAOCAQEAPHCBejGBpZUiAmNVzQ3/yM9RftlniCZZCJj4UVlB
7s1B4rZXhFri1S8/JXE7mJ9VepEI0GH4jMbpr4Lq9OdpjWppsmED2OWaFIUBvtOq
LMPLw10zMeYSqt2mJmdwo+qrDpp7/FXCp//2zfhb4KBrogG2eoWGKtT0UNQEpeHE
22HNcXKDMtyCgFveDlnSJtD2a6yJF+Omzy40bQ9rvk6r66MlqBoFfzZTZOvl5UNM
8ZzFKf6X0A8a6bwTLSJZT/lvL7OTQJ2Fp+biwRP+x+j5g9EaPjykgIbRy4fprv71
LM9ePlFLZtE8G0Dk7qZGKCPWbnFQFMTlQqWFRb0+NkHVUw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIS+l7yubTkE6wxIA8dq
3k71f+RKpJUS558yBuCgQSMlJJe+gOacavQaCaTFvFlhgWX4u3GvvC9wpBIgT4QR
Paya5IApJ3PxSAvwlyWJvbWIhkOocW42+DqOxz6ftthVp4pBK4xc6Een5mUiEcKp
pHSKamoWiLUr+1GYIyz3qF7QS6eFNlBKnI4d8yNLhO1YCSgzxRjJHScxFGpfFwrB
HeLbSEUs3C064f+4vXu0Wyi40z5W74J5Qn+VCYhivMqMRY4cxSrTM965PmmEEDsP
aj5k93n3eH/EfWBv9IifADxkaFl5D9xpDamqGSmQjHXQKz+KKCydQTLRyU0crzOP
BwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 6832287623408724302119308647226335579
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 High Assurance Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-08-23 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-09-13 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'OR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Portland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'JanRain, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Operations'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.eval.janrainengage.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25818072967099366876875690820196613195179276890563040628600684391651536424232084370989075121382029505871611304593272175460428478642767429274143092209367662128850545495918491739993910622104815452380339571064403829968626465156179830473779700585712929394140194369623041744961562919659096051529109291475628447632836968207922814325853428861774723450329422549520101381886243400868130043148441981718661030367337984323514281382254416810962155495873545379787216166989441174234616087075728028300925976984010768899247625816683325132330357810339487352975012988216095953746725251265840055066898217511694281612504568657795353906951
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 5168ff90af0207753cccd9656462a212b859723b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							25ab0b2d4c19174b27c1834eacdf7fb9f8c08169
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (277 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.eval.janrainengage.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'eval.janrainengage.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uc11.janrainengage.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'atlas.myob.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'login.canada.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'login.kinek.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'login.npr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'login.servicelive.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'signin.opensesame.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'signin.ifwerantheworld.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'signin.etoro.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'login.doctoroz.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'login.jobscout24.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016567a753e80000040300473045022100925eb2d47792699e76bf51f84572c21d03c06a8a62ef35277d0b90c3a555724402205c8404ce598738191a8b77f15acd4612070f51e3aea039ade5c4ef5a66d911c70075008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016567a753ba00000403004630440220663cd66a59f862ab6bc9e6231aedf13856b28226864c20cd241cd1debb7babc302206832d3281d78fb56bb51064dff0c618a31f52ff35c3ba1e8a78557fb20847d31
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003c70817a3181a59522026355cd0dffc8cf517ed9678826590898f8515941eecd41e2b657845ae2d52f3f25713b989f557a9108d061f88cc6e9af82eaf4e7698d6a69b26103d8e59a148501bed3aa2cc3cbc35d3331e612aadda6266770a3eaab0e9a7bfc55c2a7fff6cdf85be0a06ba201b67a85862ad4f450d404a5e1c4db61cd71728332dc82805bde0e59d226d0f66bac8917e3a6cf2e346d0f6bbe4eabeba325a81a057f365364ebe5e5434cf19cc529fe97d00f1ae9bc132d22594ff96f2fb393409d85a7e6e2c113fec7e8f983d11a3e3ca48086d1cb87e9aefef52ccf5e3e514b66d13c1b40e4eea6462823d66e715014c4e542a58545bd3e3641d553