*.rmk.ee

- Riigimetsa Majandamise Keskus -

Issued by DigiCert SHA2 Secure Server CA

About this certificate

This digital certificate with serial number 05:c8:2d:cf:7b:8d:ca:4d:76:11:24:e2:ad:50:43:8b was issued on by DigiCert Inc.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Riigimetsa Majandamise Keskus

Organization: Riigimetsa Majandamise Keskus
Locality: Tallinn
Country: EE

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 05:c8:2d:cf:7b:8d:ca:4d:76:11:24:e2:ad:50:43:8b
Serial Number (int): 7685528497531419763639655294970119051
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: ef:40:26:b8:f4:96:cf:f8:cc:c8:07:a3:89:e7:b4:4d:67:31:74:65
AuthorityKeyId: 0f:80:61:1c:82:31:61:d5:2f:28:e7:8d:46:38:b4:2c:e1:c6:d9:e2

Fingerprint (sha1): b9:d4:d5:16:b2:31:0c:4c:4f:8c:75:6a:f2:92:fd:91:bc:0e:07:21
Fingerprint (sha256): 57:4d:87:00:98:20:88:b5:0b:d6:12:17:2f:54:5a:1c:79:cb:85:62:44:d9:97:48:74:c9:9a:47:3a:03:dd:a8

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/ssca-sha2-g6.crl
CRL Distribution Point: http://crl4.digicert.com/ssca-sha2-g6.crl

Check the revocation status for certificate *.rmk.ee

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.rmk.ee

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.rmk.ee
rmk.ee
media.rmk.ee

Other certificates including the domain name rmk.ee

(limited to 100 certificates)
customerportal.uk.rlb.com
*.rmk.ee
*.rmk.ee
kampaania.rmk.ee
*.rmk.ee
rmk-mobile-app-service.rmk.ee
yritused.rmk.ee
customerportal.uk.rlb.com
*.rmk.ee
*.rmk.ee
rmk-mobile-app-service.rmk.ee
*.rmk.ee
*.rmk.ee
kampaania.rmk.ee
filesender2.rmk.ee
*.rmk.ee
yritused.rmk.ee
*.rmk.ee
*.rmk.ee
*.rmk.ee
yritused.rmk.ee
yritused.rmk.ee
rmk.ee
ep.rmk.ee
rmk.ee
*.rmk.ee
filesender2.rmk.ee
filesender2.rmk.ee
rmk.ee
sslvpn.rmk.ee
*.rmk.ee
kampaania.rmk.ee
customerportal.uk.rlb.com
customerportal.uk.rlb.com
*.rmk.ee
rmk.ee
it.rmk.ee
maksed.rmk.ee
it.rmk.ee
customerportal.uk.rlb.com
rmk.ee
yritused.rmk.ee
*.rmk.ee
*.rmk.ee
customerportal.uk.rlb.com
rmk.ee
*.rmk.ee
*.rmk.ee
kampaania.rmk.ee
rmk.ee
customerportal.uk.rlb.com
yritused.rmk.ee
*.rmk.ee
*.rmk.ee
customerportal.uk.rlb.com
wfprwpa.rcs.it
*.rmk.ee
rmk.ee
puidumyykproxy.rmk.ee
rmk.ee
*.rmk.ee
customerportal.uk.rlb.com
customerportal.uk.rlb.com
rmk.ee
customerportal.uk.rlb.com
*.rmk.ee
kampaania.rmk.ee
customerportal.uk.rlb.com
kampaania.rmk.ee
rmk.ee
customerportal.uk.rlb.com
*.rmk.ee
kampaania.rmk.ee
rmk.ee
*.rmk.ee
*.rmk.ee
kampaania.rmk.ee
rmk.ee
kampaania.rmk.ee
*.rmk.ee
kampaania.rmk.ee
kampaania.rmk.ee
it.rmk.ee
*.rmk.ee
filesender2.rmk.ee
*.rmk.ee
customerportal.uk.rlb.com
rmk.ee
kampaania.rmk.ee
it.rmk.ee
rmk-mobile-app-service.rmk.ee
*.rmk.ee
kampaania.rmk.ee
wfprwpa.rcs.it
kampaania.rmk.ee
customerportal.uk.rlb.com
customerportal.uk.rlb.com
*.rmk.ee
rmk.ee
customerportal.uk.rlb.com

Certificate

The complete raw certificate details for *.rmk.ee in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHEzCCBfugAwIBAgIQBcgtz3uNyk12ESTirVBDizANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwMjE5MDAwMDAwWhcN
MjEwMzI3MTIwMDAwWjBaMQswCQYDVQQGEwJFRTEQMA4GA1UEBxMHVGFsbGlubjEm
MCQGA1UEChMdUmlpZ2ltZXRzYSBNYWphbmRhbWlzZSBLZXNrdXMxETAPBgNVBAMM
CCoucm1rLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOF45sQN
EivInC2q11TozmX9k57nJSC5v3kobHqByEr37ePvonQvhLBY5ezSeZD+d1vWa1gF
UFUIqLNvh/osa7GBUQk1j1lEp9X6hTq4qKylNcuX4i0/yJSqcMEtvpyE/KqiDCXl
V0pXWjKhX/VrL02hJtqj02ToSBUfDAya8VRk9TTOeYyBVJJQGQ0kTUb/EVrqX38B
OpTQQv2wj7VeZR2IVjeGLBfseJ0tRiMF3PDwyTpi5Kx1ll/weiTjhrlPObxodEip
I7KyWW0dPBsgLuENa6MCr7mWpnJOYmAarRlk6XWjmZM3PDA2hqH60+2AMBWUDB4P
Jx/fv+RidK+VqwIDAQABo4ID4DCCA9wwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeN
Rji0LOHG2eIwHQYDVR0OBBYEFO9AJrj0ls/4zMgHo4nntE1nMXRlMCkGA1UdEQQi
MCCCCCoucm1rLmVlggZybWsuZWWCDG1lZGlhLnJtay5lZTAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6At
oCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+g
LaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBM
BgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3
dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYI
KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6
aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNl
cnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIB9wYKKwYBBAHWeQIEAgSCAecEggHj
AeEAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWGuMIrOAAAE
AwBHMEUCICqZ8w3M/kRrns1n0i0kAq8LIg2ueN/qX2968RCe1KFCAiEAzNPXkucy
7EJx5Pby8nL3zYbTQuRnRnl9TV0i7jLwvdUAdgCHdb/nWXz4jEOZX73zbv9WjUdW
Nv9KtWDBtOr/XqCDDwAAAWGuMIsyAAAEAwBHMEUCIQDRkfpyN5DCy/IfdLq8Az7i
xjp82kNcTIhQ2AuKzFEhKgIgfZMnz474gm4TACBzHw7H8MFUDEpAktGYU4A+Sp2o
QGwAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWGuMIrzAAAE
AwBHMEUCIGlXh6kOVVKfqkAb/XBOaFYsvTrzKAT1eg7OeulxlsyPAiEA3iWkwFW4
vPXDnEFnBNAaskzJkfGcFEqpenqcPvABqgUAdwC72d+8H4pxtZOUI5eqkntHOFeV
CqtS6BqQlmQ2jh7RhQAAAWGuMIrxAAAEAwBIMEYCIQC5aYdIVAQUQNG8jxnyk0zw
eAQKr+AckaTeH9d53osmhQIhANdZB4JoPlK13a/5pbFZugxghgLz5l3BQ1b/5GqP
sGkkMA0GCSqGSIb3DQEBCwUAA4IBAQBf9gVbXjxsoYZOPdcb5QCr9YJ2YnwUg0XQ
UhNYPJX5RWGYkPfntr2odQ2GSh3D1WBMapJHhB5XAEMTuV2JgRohkYImfRY3mSwX
Wu9U85Nfuu0V+cuFc8ZqTConELmKk5rg/I1V5bf76qZOnOAAFLuKM8ikoFdq4tqE
+6F4pLA5vQlmRWs2IFqOckpPoi8ec7gOkTmMdVf3taUmrg0BiHBUGpSmlvuwH0Sn
z9BQ96Vu4JBI752fCTAk6I+qHJwHI5p7qZuQTa++5CLkmdB9tImI8s1SITOnjrbg
25SRk9oxykeSrPbyydLVJiBBBqeqVNEwiwjpJHnnNrLFB6Pe/gqt
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOF45sQNEivInC2q11To
zmX9k57nJSC5v3kobHqByEr37ePvonQvhLBY5ezSeZD+d1vWa1gFUFUIqLNvh/os
a7GBUQk1j1lEp9X6hTq4qKylNcuX4i0/yJSqcMEtvpyE/KqiDCXlV0pXWjKhX/Vr
L02hJtqj02ToSBUfDAya8VRk9TTOeYyBVJJQGQ0kTUb/EVrqX38BOpTQQv2wj7Ve
ZR2IVjeGLBfseJ0tRiMF3PDwyTpi5Kx1ll/weiTjhrlPObxodEipI7KyWW0dPBsg
LuENa6MCr7mWpnJOYmAarRlk6XWjmZM3PDA2hqH60+2AMBWUDB4PJx/fv+RidK+V
qwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 7685528497531419763639655294970119051
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-02-19 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-03-27 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'EE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Tallinn'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Riigimetsa Majandamise Keskus'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.rmk.ee'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24348939074319286535045308898673262384786299634165966556087067440662083717389242071151982929097422856801871650626501206263371826749649858594501718052989346774081216553140216286467005858650625043920551093268066875115408729895916821367156412405304255579995377649593709056646833293730093990432359477930592382920311829404774213601395526872174171188742380270272689925500111399716403438327266994746841719335253130739310376393521886368619498991474557422771022632204157654866193590575526139073140914956168432606947200977563547298202382896320326567353897491186042868309194209652128795094638199809589214417551365748921983800747
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0f80611c823161d52f28e78d4638b42ce1c6d9e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							ef4026b8f496cff8ccc807a389e7b44d67317465
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.rmk.ee'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rmk.ee'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.rmk.ee'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/ssca-sha2-g6.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/ssca-sha2-g6.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (112 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (487 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (483 bytes)
							01e1007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000161ae308ace000004030047304502202a99f30dccfe446b9ecd67d22d2402af0b220dae78dfea5f6f7af1109ed4a142022100ccd3d792e732ec4271e4f6f2f272f7cd86d342e46746797d4d5d22ee32f0bdd50076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f00000161ae308b320000040300473045022100d191fa723790c2cbf21f74babc033ee2c63a7cda435c4c8850d80b8acc51212a02207d9327cf8ef8826e130020731f0ec7f0c1540c4a4092d19853803e4a9da8406c007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb00000161ae308af300000403004730450220695787a90e55529faa401bfd704e68562cbd3af32804f57a0ece7ae97196cc8f022100de25a4c055b8bcf5c39c416704d01ab24cc991f19c144aa97a7a9c3ef001aa05007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000161ae308af10000040300483046022100b969874854041440d1bc8f19f2934cf078040aafe01c91a4de1fd779de8b2685022100d7590782683e52b5ddaff9a5b159ba0c608602f3e65dc14356ffe46a8fb06924
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		005ff6055b5e3c6ca1864e3dd71be500abf58276627c148345d05213583c95f945619890f7e7b6bda8750d864a1dc3d5604c6a9247841e57004313b95d89811a219182267d1637992c175aef54f3935fbaed15f9cb8573c66a4c2a2710b98a939ae0fc8d55e5b7fbeaa64e9ce00014bb8a33c8a4a0576ae2da84fba178a4b039bd0966456b36205a8e724a4fa22f1e73b80e91398c7557f7b5a526ae0d018870541a94a696fbb01f44a7cfd050f7a56ee09048ef9d9f093024e88faa1c9c07239a7ba99b904dafbee422e499d07db48988f2cd522133a78eb6e0db949193da31ca4792acf6f2c9d2d526204106a7aa54d1308b08e92479e736b2c507a3defe0aad