prod.columbiacardiology.org

- Columbia University -

Issued by InCommon RSA Server CA

About this certificate

This digital certificate with serial number 13:42:b8:2a:5a:cf:8a:f5:81:7e:1c:38:e0:ea:e7:93 was issued on by Internet2.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Columbia University

Organization: Columbia University
Organization unit: Information Technology
Address: 612 W 115 St
Postal code: 10025
State / Province: NY
Locality: New York
Country: US

Internet2

Organization: Internet2
Organization unit: InCommon
State / Province: MI
Locality: Ann Arbor
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 13:42:b8:2a:5a:cf:8a:f5:81:7e:1c:38:e0:ea:e7:93
Serial Number (int): 25601758831631152459054677128987207571
Serial Number lenght: 125 bits, 16 octets

SubjectKeyId: 35:13:02:b6:5a:92:59:d2:27:54:24:dc:8e:77:e2:ef:09:c9:4a:73
AuthorityKeyId: 1e:05:a3:77:8f:6c:96:e2:5b:87:4b:a6:b4:86:ac:71:00:0c:e7:38

Fingerprint (sha1): b7:aa:4b:81:5f:eb:20:7f:22:93:f7:a1:7d:b7:19:fa:cf:80:ca:c7
Fingerprint (sha256): 57:78:9e:18:c2:2b:77:27:e1:eb:af:76:aa:4f:07:6b:85:7e:ae:5e:29:09:1c:75:ca:a7:1c:aa:42:7c:77:7b

Issuing Certificate URL: http://crt.usertrust.com/InCommonRSAServerCA_2.crt

Revocation information

OCSP Server: http://ocsp.usertrust.com
CRL Distribution Point: http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

Check the revocation status for certificate prod.columbiacardiology.org

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for prod.columbiacardiology.org

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

prod.columbiacardiology.org
prod.columbia-lyme.org
prod.infectiousdiseases.cumc.columbia.edu
prod.stemcell.columbia.edu

Other certificates including the domain name columbiacardiology.org

(limited to 100 certificates)
dev.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
5757126366461952-fe4.pantheonsite.io
5767874312404992-fe2.pantheonsite.io
5767874312404992-fe2.pantheonsite.io
www.cumc.columbia.edu
dev.cumc.columbia.edu
dev.cumc.columbia.edu
5757126366461952-fe4.pantheonsite.io
dev.cumc.columbia.edu
prod.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
5757126366461952-fe4.pantheonsite.io
prod.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
5757126366461952-fe4.pantheonsite.io
www.cumc.columbia.edu
prod.cumc.columbia.edu
dev.cumc.columbia.edu
5757126366461952-fe4.pantheonsite.io
prod.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
5767874312404992-fe2.pantheonsite.io
5767874312404992-fe2.pantheonsite.io
dev.cumc.columbia.edu
dev.cumc.columbia.edu
prod.cumc.columbia.edu
columbiapsychiatry.org
5767874312404992-fe2.pantheonsite.io
5757126366461952-fe4.pantheonsite.io
dev.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
5757126366461952-fe4.pantheonsite.io
5767874312404992-fe2.pantheonsite.io
prod.columbiacardiology.org
5767874312404992-fe2.pantheonsite.io
prod.cumc.columbia.edu
dev.cumc.columbia.edu
cumc.columbia.edu
www.cumc.columbia.edu
www.cumc.columbia.edu
5757126366461952-fe4.pantheonsite.io
dev.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
prod.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
prod.cumc.columbia.edu
prod.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
columbiacardiology.org
5767874312404992-fe2.pantheonsite.io
prod.columbiacardiology.org
www.cumc.columbia.edu
prod.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
dev.cumc.columbia.edu
dev.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
5757126366461952-fe4.pantheonsite.io
5767874312404992-fe2.pantheonsite.io
5757126366461952-fe4.pantheonsite.io
5767874312404992-fe2.pantheonsite.io
5757126366461952-fe4.pantheonsite.io
www.cumc.columbia.edu
columbiapsychiatry.org
dev.cumc.columbia.edu
prod.cumc.columbia.edu
columbiadoctors.org
5767874312404992-fe2.pantheonsite.io
5767874312404992-fe2.pantheonsite.io
5767874312404992-fe2.pantheonsite.io
5767874312404992-fe2.pantheonsite.io
dev.cumc.columbia.edu
prod.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
dev.cumc.columbia.edu
www.cumc.columbia.edu
www.cumc.columbia.edu
www.cumc.columbia.edu
www.cumc.columbia.edu
prod.columbiacardiology.org
www.cumc.columbia.edu
5757126366461952-fe4.pantheonsite.io
prod.cumc.columbia.edu
columbiapsychiatry.org
5767874312404992-fe2.pantheonsite.io
www.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
www.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
dev.cumc.columbia.edu
www.cumc.columbia.edu
prod.cumc.columbia.edu
5767874312404992-fe2.pantheonsite.io
columbiacardiology.org
dev.cumc.columbia.edu
www.cumc.columbia.edu
columbiacardiology.org
5757126366461952-fe4.pantheonsite.io
5767874312404992-fe2.pantheonsite.io

Certificate

The complete raw certificate details for prod.columbiacardiology.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHADCCBeigAwIBAgIQE0K4KlrPivWBfhw44OrnkzANBgkqhkiG9w0BAQsFADB2
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xODA0MTcwMDAwMDBaFw0yMDA0MTYy
MzU5NTlaMIG5MQswCQYDVQQGEwJVUzEOMAwGA1UEERMFMTAwMjUxCzAJBgNVBAgT
Ak5ZMREwDwYDVQQHEwhOZXcgWW9yazEVMBMGA1UECRMMNjEyIFcgMTE1IFN0MRww
GgYDVQQKExNDb2x1bWJpYSBVbml2ZXJzaXR5MR8wHQYDVQQLExZJbmZvcm1hdGlv
biBUZWNobm9sb2d5MSQwIgYDVQQDExtwcm9kLmNvbHVtYmlhY2FyZGlvbG9neS5v
cmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDckxqsAX/5Eiz9MDgd
6t0GENA75L/V9een54gN76wq8ZMc1cjZD+RK/2dblJxbYw0isyIP+raRtbQUhPk8
7TorKYHwRR6viFUh1McuFpCnf1TrAJp4RNn/oVxk1fxOukZDBKkb+OJ0NMrjBXYp
h0l7YceHGNabvvM8TtxWvgc6sOb5R2M1V/eqGUKiJNcLtKwwWy69tvvQmd3p6ssq
tMKrpTobq1fGo32WdamF/060oUHGX6wmAnxLYQsotSei4JExOJEtPteg4cvYL/Mf
SEArg+QnBeGkJhnBdeAgRcbXtZ7IfcM6DeDqO45RubCu6SVOdH3HzxwKvYAhm6R6
CG36RMWvgOva0yA8EgYsVbbXgTBf0Avewu69vsSZgPcc63lSb04eA6CgRhjsxt2F
vU5778HogeZ2hTwNXza5DaQY/RIgQ0/Ykl3WiqTPQSDAdiTacVL6MSS8R1e11jlo
XPeYtey+XMGuhITbSiLiI3GvT2Nb7mqIfHktfvtf66h2Vk4xsvGHcglXXqLXwBAJ
OGiG3x9rJ7wqNtPauaEz7jAFLrjj7i/D/7kr2IIwjVg7OIjM3Mj6GrAWOmyXKgao
lTIkL1wI1UABkTEONcUtM0I7tQx7djyhQnQwhFvnw8lh0+janXHTP0pju71ylnmT
Q+iMAzYqBtV122GNfWQpAaAGqQIDAQABo4ICRDCCAkAwHwYDVR0jBBgwFoAUHgWj
d49sluJbh0umtIascQAM5zgwHQYDVR0OBBYEFDUTArZaklnSJ1Qk3I534u8JyUpz
MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjBnBgNVHSAEYDBeMFIGDCsGAQQBriMBBAMBATBCMEAGCCsG
AQUFBwIBFjRodHRwczovL3d3dy5pbmNvbW1vbi5vcmcvY2VydC9yZXBvc2l0b3J5
L2Nwc19zc2wucGRmMAgGBmeBDAECAjBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8v
Y3JsLmluY29tbW9uLXJzYS5vcmcvSW5Db21tb25SU0FTZXJ2ZXJDQS5jcmwwdQYI
KwYBBQUHAQEEaTBnMD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LnVzZXJ0cnVzdC5j
b20vSW5Db21tb25SU0FTZXJ2ZXJDQV8yLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTATBgorBgEEAdZ5AgQDAQH/BAIFADCBhQYDVR0R
BH4wfIIbcHJvZC5jb2x1bWJpYWNhcmRpb2xvZ3kub3JnghZwcm9kLmNvbHVtYmlh
LWx5bWUub3Jngilwcm9kLmluZmVjdGlvdXNkaXNlYXNlcy5jdW1jLmNvbHVtYmlh
LmVkdYIacHJvZC5zdGVtY2VsbC5jb2x1bWJpYS5lZHUwDQYJKoZIhvcNAQELBQAD
ggEBAHCK6A3g9W73+UGu0QVGDubc05E8SQR76YZsw586STbnmvRVe3P4bgGCalbO
vOo1cAo+BJhkBh0IB5i/T09iiFktAegVbupTA0F6bM8Wi1bLz43rc1CpqoN9C1x/
fz53CPt/lOuERZ/lKKJfYNqc8Xr5eBqvYRfo5HkU/IKRh0Z2HzwZ5E1iOOhykKbT
3YktmtWQPljchhcAPskfrzAEuXcnGQqaX/yWqlyhNUg+3j31ID2HiLJovvbeYtO9
mfXTWRjyLH9cDiem7sNtv9TtoDRfvC0LFR7062GLM1ku2LqlHKTZhrZIdhJrwe4K
hD+whL4WzMdt2k3F1IjM1OhNk6I=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3JMarAF/+RIs/TA4Herd
BhDQO+S/1fXnp+eIDe+sKvGTHNXI2Q/kSv9nW5ScW2MNIrMiD/q2kbW0FIT5PO06
KymB8EUer4hVIdTHLhaQp39U6wCaeETZ/6FcZNX8TrpGQwSpG/jidDTK4wV2KYdJ
e2HHhxjWm77zPE7cVr4HOrDm+UdjNVf3qhlCoiTXC7SsMFsuvbb70Jnd6erLKrTC
q6U6G6tXxqN9lnWphf9OtKFBxl+sJgJ8S2ELKLUnouCRMTiRLT7XoOHL2C/zH0hA
K4PkJwXhpCYZwXXgIEXG17WeyH3DOg3g6juOUbmwruklTnR9x88cCr2AIZukeght
+kTFr4Dr2tMgPBIGLFW214EwX9AL3sLuvb7EmYD3HOt5Um9OHgOgoEYY7Mbdhb1O
e+/B6IHmdoU8DV82uQ2kGP0SIENP2JJd1oqkz0EgwHYk2nFS+jEkvEdXtdY5aFz3
mLXsvlzBroSE20oi4iNxr09jW+5qiHx5LX77X+uodlZOMbLxh3IJV16i18AQCTho
ht8faye8KjbT2rmhM+4wBS644+4vw/+5K9iCMI1YOziIzNzI+hqwFjpslyoGqJUy
JC9cCNVAAZExDjXFLTNCO7UMe3Y8oUJ0MIRb58PJYdPo2p1x0z9KY7u9cpZ5k0Po
jAM2KgbVddthjX1kKQGgBqkCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 25601758831631152459054677128987207571
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'MI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ann Arbor'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-04-17 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-04-16 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '10025'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NY'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '612 W 115 St'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Columbia University'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Information Technology'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'prod.columbiacardiology.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 899865963418677953803862299065484878880960389483314195721303186660390668033548573909360464711537334862237118607952886042825578190491880327911433746925773924690086080262230445641740837553666974044511310241029307174131021095262566487465381149152413419476428342622153990511263261686713486950124082047172677726768121669488680540002436333892743963669831705818668816468867427751840512389212536441278640985073640986137955755895266974212909995403638044854537653721687809864373984288927456018837456457880655044007775242595101418514852200598477371096448812549181898435372317569385275944060256918323328873304711283830711599766664371044606140148577741417373185015327028734278174511270414303594435772846451754843222346850613458676556686240748687430031325578400814367309662960318134041968880305523352589597213605931426084600688208261875522614807074059201494827658996290830390419604965605278989850753590179413589455206851802325573110270807685947853694517753248801257390308143072087427800566780544623597771574449906424983967993448309216188418428389627785649206772971499135418757009880513929885495342274188321012042468224922194814018223945508376610043033875118853046633129015147852731561569145213335864180270284839561874995911962230711164944968058537
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1e05a3778f6c96e25b874ba6b486ac71000ce738
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							351302b65a9259d2275424dc8e77e2ef09c94a73
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (96 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.incommon.org/cert/repository/cps_ssl.pdf'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.incommon-rsa.org/InCommonRSAServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.usertrust.com/InCommonRSAServerCA_2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.usertrust.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prod.columbiacardiology.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prod.columbia-lyme.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prod.infectiousdiseases.cumc.columbia.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prod.stemcell.columbia.edu'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00708ae80de0f56ef7f941aed105460ee6dcd3913c49047be9866cc39f3a4936e79af4557b73f86e01826a56cebcea35700a3e049864061d080798bf4f4f6288592d01e8156eea5303417a6ccf168b56cbcf8deb7350a9aa837d0b5c7f7f3e7708fb7f94eb84459fe528a25f60da9cf17af9781aaf6117e8e47914fc82918746761f3c19e44d6238e87290a6d3dd892d9ad5903e58dc8617003ec91faf3004b97727190a9a5ffc96aa5ca135483ede3df5203d8788b268bef6de62d3bd99f5d35918f22c7f5c0e27a6eec36dbfd4eda0345fbc2d0b151ef4eb618b33592ed8baa51ca4d986b64876126bc1ee0a843fb084be16ccc76dda4dc5d488ccd4e84d93a2