card.tesco.com

- Tesco PLC -

Issued by Entrust Certification Authority - L1M

About this certificate

This digital certificate with serial number 52:4c:55:52:8a:c4:ec:21:bc:f4:f8:f3:5a:40:85:32 was issued on by Entrust, Inc..

With 15 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Tesco PLC

Company registration number: 00445790
Organization: Tesco PLC
Locality: Welwyn Garden City
Country: GB

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2014 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 52:4c:55:52:8a:c4:ec:21:bc:f4:f8:f3:5a:40:85:32
Serial Number (int): 109393040760084380956380594619442824498
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: fb:4d:e7:59:80:64:21:3c:a0:d3:18:98:07:31:b3:df:8f:9d:be:83
AuthorityKeyId: c3:f7:d0:b5:2a:30:ad:af:0d:91:21:70:39:54:dd:bc:89:70:c7:3a

Fingerprint (sha1): de:e5:97:c2:7f:d0:76:6b:de:48:98:b6:55:5f:ed:1a:8a:63:af:41
Fingerprint (sha256): 57:75:63:7a:a1:a8:84:0a:87:61:bf:de:80:10:dc:7b:e1:57:5e:8f:08:ee:61:ad:42:51:06:01:ca:20:87:db

Issuing Certificate URL: http://aia.entrust.net/l1m-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1m.crl

Check the revocation status for certificate card.tesco.com

15

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for card.tesco.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

card.tesco.com
card.ourtesco.com
card.tesco.ie
fizetes.tesco.hu
karta.itesco.sk
karty.tesco.hu
kartya.itesco.cz
payment.ourtesco.com
payment.tesco.com
payment.tesco.ie
platba.itesco.cz
platba.itesco.sk
portal.tescogiftcards.com
tescogiftcards.com
www.tescogiftcards.com

Other certificates including the domain name tesco.com

(limited to 100 certificates)
origin-wdc.customerorder-ppe.api.tesco.com
mmslauat.my.tesco.com
enterprise.ui.tesco.com
payplus.tesco.com
digitalcontent.tesco.com
www.cedarcom.co.uk
tescolocation.api.tesco.com
ppe.tesco.com
ppe.digitalcontent.tesco.com
origin-aws1.cec.tesco.com
insight.dev.global.tesco.org
origin-euw.pricepromotion.api.tesco.com
clj-wdc-api.global.tesco.org
click.mail.tesco.com
enterprise2.ui.tesco.com
origin-wdc.supplychain.tesco.com
csmailings.tesco.com
ppe.tesco.com
origin-eun.price-promomgrtn-ppe.api.tesco.com
customer-service.tesco.com
locationsurvey.tesco.com
ppe.tesco.com
origin-pwdcz1d1.tpc.tesco.com
origin-wdc.profile-system-ppe.api.tesco.com
origin-aws1.storedvalue.api.tesco.com
payment-ppe.api.tesco.com
enterprise.api.tesco.com
origin-ld8.activedirectory.api.tesco.com
redirects.tesco.com
origin-aws1.search.api.tesco.com
preprod.origin-aws1.contentservice.tesco.com
origin-wdc.payplus-ppe4-ppe.api.tesco.com
cdo.qa.cdo.tesco.com
origin-wdc.customerorder.api.tesco.com
enterprise.ui.tescolotus.com
origin-eun.price-promocmd-perf.api.tesco.com
tracking.customerexperience.tesco.com
search-ppe.sys.api.tesco.com
redirects.tesco.com
origin-wdc.di-ppe.task.api.tesco.com
cdo.prod.cdo.tesco.com
origin-aws1.media-ingestion.digitalcontent-ppe.api.tesco.com
cdo.tesco.com
origin-aws1.price-ppe.api.tesco.com
cdo.prod.cdo.tesco.com
tracking.customerexperience.tesco.com
assets-ppe.api.tesco.com
Origin-wdc.customerprofile.api.tesco.com
cec.tesco.com
origin-wdc.secure-ppe.tesco.com
digitalcontent.tesco.com
thowa.tesco.com
payment.api.tesco.com
sellers.tesco.com
origin-aws1.fulfilment-ppe.tesco.com
origin-aws1.int.mca.tesco.com
origin-wdc.supplierorder-supplierslot-ppe.api.tesco.com
m3.tesco.com
ppe.api.tesco.com
origin-cdc-payplus-ppe.tesco.com
contact.api.tesco.com
hybrid.tesco.org
tescostoreprefs.tesco.com
storedvalue.api.tesco.com
redirects.tesco.com
ppe.digitalcontent.tesco.com
origin-wdc.supplierorder-ppe.api.tesco.com
authoring-assets.ppe.eun.app.digitalcontent.tesco.com
webmail.cn.tesco.com
enterprise.api.tesco.com
origin-aws1.www.tesco.com
enterprise.api.tesco.com
enterprise.ui.tesco.com
origin-aws1.cec.tesco.com
origin-aws1.int.mca.tesco.com
origin-wdc.secure-assets-til.ap.tesco.com
origin-wdc.orderfulfilment.api.tesco.com
api-ppe.tesco.com
origin-aws.digitalcontent.api.tesco.com
origin-aws1.payment-ppe.api.tesco.com
card.sys-api.tesco.com
origin-euw.price-promoquery-dev.api.tesco.com
authoring-ppe.assets.tesco.com
origin-eun.pricepromotion.api.tesco.com
enterprise1.ui.tesco.com
origin-wdc-tul.www.tesco.com
origin-euw.price-promoquery-ppe.api.tesco.com
identity.api.tesco.com
api.analytics.mobile.tesco.com
Origin-wdc.identity.api.tesco.com
origin-pcdcz2d4.tpc.tesco.com
origin-sdc.tap2system.api.tesco.com
origin-wdc.rangeplan-txt.sys-api.tesco.com
partners.tesco.com
enterprise2.ui.tesco.com
origin-aws1.price.api.tesco.com
shipping-transport.api.tesco.com
origin-aws1.ccc-portal-ppe.tesco.com
ppe.tesco.com
redirects.tesco.com

Certificate

The complete raw certificate details for card.tesco.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGljCCBX6gAwIBAgIQUkxVUorE7CG89PjzWkCFMjANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDE0IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxTTAeFw0y
MzA4MjkwOTM3MTZaFw0yNDA3MTkwOTM3MTVaMIGeMQswCQYDVQQGEwJHQjEbMBkG
A1UEBxMSV2Vsd3luIEdhcmRlbiBDaXR5MRMwEQYLKwYBBAGCNzwCAQMTAkdCMRIw
EAYDVQQKEwlUZXNjbyBQTEMxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9u
MREwDwYDVQQFEwgwMDQ0NTc5MDEXMBUGA1UEAxMOY2FyZC50ZXNjby5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFJ8g3af3OWi/gcfQXRfUDwPu/
TPwBwDgH5D1aVn/DjjvZ2urnU+f/tnOjcpabhR03ImknJNeGTqPt53Cn/AR2VJxc
ZHHij4jUz40vhU8sOlAkj4ge76t6ZKogDsi7oOp1gXeAMPQxVJlatzA7PQbXEigd
ZlG572RcJKHOexb9DzHtLTSpNY6ClCglME8ZmtrvA6hIRock+cJ+EEWzbHD55LGK
JHH12T/q2UPbeJKnBlc1kBoK7dhAU9BbjO8eTCbipH4vk0VScWrnWE5VFaicRMf4
m85z0j78C5LrPwz5GvxskqqWaf+8laU0Kal4S1W1RxpLV9D2gYzi1CzEad/nAgMB
AAGjggKwMIICrDAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT7TedZgGQhPKDTGJgH
MbPfj52+gzAfBgNVHSMEGDAWgBTD99C1KjCtrw2RIXA5VN28iXDHOjBoBggrBgEF
BQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMG
CCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxbS1jaGFpbjI1Ni5j
ZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZl
bDFtLmNybDCCASoGA1UdEQSCASEwggEdgg5jYXJkLnRlc2NvLmNvbYIRY2FyZC5v
dXJ0ZXNjby5jb22CDWNhcmQudGVzY28uaWWCEGZpemV0ZXMudGVzY28uaHWCD2th
cnRhLml0ZXNjby5za4IOa2FydHkudGVzY28uaHWCEGthcnR5YS5pdGVzY28uY3qC
FHBheW1lbnQub3VydGVzY28uY29tghFwYXltZW50LnRlc2NvLmNvbYIQcGF5bWVu
dC50ZXNjby5pZYIQcGxhdGJhLml0ZXNjby5jeoIQcGxhdGJhLml0ZXNjby5za4IZ
cG9ydGFsLnRlc2NvZ2lmdGNhcmRzLmNvbYISdGVzY29naWZ0Y2FyZHMuY29tghZ3
d3cudGVzY29naWZ0Y2FyZHMuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwSwYDVR0gBEQwQjA3BgpghkgBhvpsCgECMCkw
JwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAHBgVngQwB
ATATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0BAQsFAAOCAQEASCpeN9HZ
FXCKa7HQ0IuNJwDAxgZNDP7j4nGnYp7B1B/qLpPqgU4vkw0CDohhkvIEeI0XIlKw
GjC2FMoxa2yzJHPuM9dYbmb+1eGXJQZXZxFAv2A4i50SuqTpvXztSkTHSKgtnRZP
WpQxP92STlwZhzy7JjK+ZAdFdDbLED0lzyPwNzNbR2URWR+3IDF/q2DeFzShC6ul
dm+GKxizOP/duHWKtfkWp4m3U5REFpliAEXCexnKGVUDu1SHeMduwq88HcHwqwuc
TTI6Ywd3fTkiFuu/wh5em7r5tyEBMZ7LyTACDqWU1P4ti2JCsJsjdmsU/0aWoLWu
s4pPqb+bY32G2A==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSfIN2n9zlov4HH0F0X1
A8D7v0z8AcA4B+Q9WlZ/w4472drq51Pn/7Zzo3KWm4UdNyJpJyTXhk6j7edwp/wE
dlScXGRx4o+I1M+NL4VPLDpQJI+IHu+remSqIA7Iu6DqdYF3gDD0MVSZWrcwOz0G
1xIoHWZRue9kXCShznsW/Q8x7S00qTWOgpQoJTBPGZra7wOoSEaHJPnCfhBFs2xw
+eSxiiRx9dk/6tlD23iSpwZXNZAaCu3YQFPQW4zvHkwm4qR+L5NFUnFq51hOVRWo
nETH+JvOc9I+/AuS6z8M+Rr8bJKqlmn/vJWlNCmpeEtVtUcaS1fQ9oGM4tQsxGnf
5wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 109393040760084380956380594619442824498
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2014 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1M'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-08-29 09:37:16 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-19 09:37:15 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Welwyn Garden City'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Tesco PLC'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00445790'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'card.tesco.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24888563360775866919405700869695646977112898385560553543581933515641019390818928794249052955369731221816794520077127723111733170950344714393129521142146240850980978714720906764349611675162342658338257326130477822876148326080813155863271722157231695613553313319701568441251088922021532461166625403576700462232362577151555538239330859508290970304758841130519422239099828892172603474520061346751971916344214323501683372945297073252318301613921682988380349564663880455520321177807568433019694115982578872225140125909718010613211536804805471211411183489598256756509367338214759234516685644402467339440667051357539943440359
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							fb4de7598064213ca0d318980731b3df8f9dbe83
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c3f7d0b52a30adaf0d9121703954ddbc8970c73a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1m-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1m.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (289 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'card.tesco.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'card.ourtesco.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'card.tesco.ie'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fizetes.tesco.hu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'karta.itesco.sk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'karty.tesco.hu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kartya.itesco.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'payment.ourtesco.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'payment.tesco.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'payment.tesco.ie'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'platba.itesco.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'platba.itesco.sk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'portal.tescogiftcards.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tescogiftcards.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tescogiftcards.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.2 (Entrust EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00482a5e37d1d915708a6bb1d0d08b8d2700c0c6064d0cfee3e271a7629ec1d41fea2e93ea814e2f930d020e886192f204788d172252b01a30b614ca316b6cb32473ee33d7586e66fed5e197250657671140bf60388b9d12baa4e9bd7ced4a44c748a82d9d164f5a94313fdd924e5c19873cbb2632be6407457436cb103d25cf23f037335b476511591fb720317fab60de1734a10baba5766f862b18b338ffddb8758ab5f916a789b75394441699620045c27b19ca195503bb548778c76ec2af3c1dc1f0ab0b9c4d323a6307777d392216ebbfc21e5e9bbaf9b72101319ecbc930020ea594d4fe2d8b6242b09b23766b14ff4696a0b5aeb38a4fa9bf9b637d86d8