cert2.roche.com

- F. Hoffmann-La Roche AG -

Issued by DigiCert SHA2 Secure Server CA

About this certificate

This digital certificate with serial number 0d:b5:cf:2c:2e:16:58:ef:1f:18:d7:18:ce:c0:fe:96 was issued on by DigiCert Inc.

With 83 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

F. Hoffmann-La Roche AG

Organization: F. Hoffmann-La Roche AG
State / Province: Basel-Stadt
Locality: Basel
Country: CH

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0d:b5:cf:2c:2e:16:58:ef:1f:18:d7:18:ce:c0:fe:96
Serial Number (int): 18223971635689143470998621280893206166
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 40:99:f7:6b:43:65:07:7f:49:b7:dc:56:4e:43:6c:9d:09:8e:f1:55
AuthorityKeyId: 0f:80:61:1c:82:31:61:d5:2f:28:e7:8d:46:38:b4:2c:e1:c6:d9:e2

Fingerprint (sha1): d6:17:b9:d9:cd:84:c4:fe:24:33:a4:7e:ed:9d:cf:55:68:65:7f:95
Fingerprint (sha256): 57:eb:e3:33:2d:dd:97:d1:34:b5:84:77:8b:7c:5c:5b:db:8c:4a:7f:1d:cd:6c:bd:08:26:4c:85:11:a5:0d:48

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/ssca-sha2-g6.crl
CRL Distribution Point: http://crl4.digicert.com/ssca-sha2-g6.crl

Check the revocation status for certificate cert2.roche.com

83

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for cert2.roche.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

cert2.roche.com
www.myhemlibra.com.au
ean.ocrevus.global
www.foundationmedicine.uk
lv.hcpnext.preprod.opengarden.rch.cm
www.roche.com.co
wiedzapacjenta.roche.pl
www.tecentriq.com.au
www.conflusion.com.sg
www.actemra.com.au
aet.hcpnext.preprod.opengarden.rch.cm
www.foundationmedicine.ch
www.rochehub.co.nz
www.roche.kz
www.foundationmedicine.com.au
uk.hcpnext.preprod.opengarden.rch.cm
www.foundationmedicine.es
qa.hcpnext.preprod.opengarden.rch.cm
sk.hcpnext.preprod.opengarden.rch.cm
ru.hcpnext.preprod.opengarden.rch.cm
aboutpv.roche.com
www.roche.com.hk
dk.hcpnext.preprod.opengarden.rch.cm
uk3.hcpnext.preprod.opengarden.rch.cm
www.hemlibra.com.au
www.foundationmedicine.lv
gr.hcpnext.preprod.opengarden.rch.cm
be.hcpnext.preprod.opengarden.rch.cm
www.roche.cl
www.roche.com.ec
www.foundationmedicine-cac.com
se.hcpnext.preprod.opengarden.rch.cm
www.foundationmedicine.bg
www.roche.co.id
www.roche-australia.com
www.roche.ba
hu.hcpnext.preprod.opengarden.rch.cm
www.pairs-paaform.roche.com
de.hcpnext.preprod.opengarden.rch.cm
www.roche.co.th
rs.hcpnext.preprod.opengarden.rch.cm
www.rocheindia.com
pairs-paaform.roche.com
www.roche.hr
www.foundationmedicine.dk
il.hcpnext.preprod.opengarden.rch.cm
www.roche.ua
showcase.hcpnext.preprod.opengarden.rch.cm
peripazienti.roche.it
www.pesquisaclinica.roche.com.br
www.foundationmedicine.fr
www.roche.nl
www.roche.ge
ee.hcpnext.preprod.opengarden.rch.cm
www.lymfominfo.se
www.mircera.com
www.rochesrbija.rs
www.rocheconnect.com
lt.hcpnext.preprod.opengarden.rch.cm
bg.hcpnext.preprod.opengarden.rch.cm
ssa.hcpnext.preprod.opengarden.rch.cm
www.roche.dk
hr.hcpnext.preprod.opengarden.rch.cm
si.hcpnext.preprod.opengarden.rch.cm
www.viataculimfom.ro
fi.hcpnext.preprod.opengarden.rch.cm
za.hcpnext.preprod.opengarden.rch.cm
www.aboutpv.roche.com
www.roche.no
www.roche.lt
www.roche.se
cz.hcpnext.preprod.opengarden.rch.cm
www.roche.be
www.roche.com.mx
no.hcpnext.preprod.opengarden.rch.cm
www.esbriet.eu
ie.hcpnext.preprod.opengarden.rch.cm
www.roche.ee
www.roche.com.tr
www.rochecanada.com
www.roche.com.pe
it.hcpnext.preprod.opengarden.rch.cm
ro.hcpnext.preprod.opengarden.rch.cm

Other certificates including the domain name roche.com

(limited to 100 certificates)
involve.roche.com
www.hpv16and18.com
easydrive-uat.roche.com
advancedanalytics.roche.com
main.rhelp.roche.com
sni.cloudflaressl.com
magentocloud28.map.fastly.net
rbalvprexd0.bas.roche.com
cieas01.roche.com
harmonytest.de
sequencing.roche.com
esource.roche.com
e-medical.roche.com
esource.roche.com
coaguchek.com
rsmsourcing.roche.com
deimos.roche.com
cert2.roche.com
sni.cloudflaressl.com
cdn.appstore.gene.com
shpivee1-01.roche.com
eews-dev.roche.com
myaccess.roche.com
ican.roche.com
sni.cloudflaressl.com
sni.cloudflaressl.com
cert3.roche.com
sni.cloudflaressl.com
sni.cloudflaressl.com
mrdivee2-02.netlab.roche.com
rodip.roche.com
nsrdcongresses.roche.com
rbavxsentry11.bas.roche.com
mobilesolution-dev.roche.com
wamua.roche.com
dialog-62-test.roche.com
rocheggcpac.roche.com
san-003.ceros.com
video.hive.roche.com
sni.cloudflaressl.com
rssg.roche.com
mftemeaext.roche.com
anadisuat01.sc1.roche.com
careers.roche.com
flow.roche.com
cert3.roche.com
sni.cloudflaressl.com
misp.roche.com
cert2.roche.com
careers.roche.com
api.rockwizz.roche.com
bitbucket-nala-qa.roche.com
careers.roche.com
wamdev.roche.com
sonar-dev-old.roche.com
diauxhub.roche.com
careers.roche.com
globalfms.roche.com
san-003.ceros.com
sc1lvflexq2.sc1.roche.com
easydrive-dev.roche.com
send-tst.roche.com
indigrow.roche.com
careers.roche.com
careers.roche.com
env5-remotedashboard.roche.com
mrd25.me
cert2.roche.com
*.esrv-hub-uat.roche.com
sb.eu.phcaa.science.roche.com
san-003.ceros.com
extaccess-nala.roche.com
magentocloud28.map.fastly.net
go.roche.com
magentocloud32.map.fastly.net
sni.cloudflaressl.com
ssl882748.cloudflaressl.com
sni.cloudflaressl.com
esrv-marketplace-dev.roche.com
careers.roche.com
imcore.roche.com
booster.roche.com
sni.cloudflaressl.com
akamai-san195.exacttarget.com
raumbuch.roche.com
pitas01.roche.com
sni.cloudflaressl.com
c1edb.roche.com
magentocloud45.map.fastly.net
shpivee1-01.roche.com
hpv16and18.com
hivemind.roche.com
searchsquad.roche.com
cferondanetrochedia-qa.roche.com
esign.roche.com
diaitsupport.roche.com
sni.cloudflaressl.com
magentocloud32.map.fastly.net
r32web.sap.roche.com
apis.cwp.roche.com

Certificate

The complete raw certificate details for cert2.roche.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIOvDCCDaSgAwIBAgIQDbXPLC4WWO8fGNcYzsD+ljANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTkwNzI1MDAwMDAwWhcN
MjAwNzA3MTIwMDAwWjBvMQswCQYDVQQGEwJDSDEUMBIGA1UECBMLQmFzZWwtU3Rh
ZHQxDjAMBgNVBAcTBUJhc2VsMSAwHgYDVQQKExdGLiBIb2ZmbWFubi1MYSBSb2No
ZSBBRzEYMBYGA1UEAxMPY2VydDIucm9jaGUuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAt4lpSxA+ejkWM+nOklubHfmv7nS221GXdxz444jCwgBD
uL7mFR7TKL9zELUGiW+RCpiKlC1usTG95ritMSyUoWLN7YIrJMkVIXkiBTxMUhLT
RlohgS02J3AQzsbB2Y3V2kYasdOMzSIoUkLmz/XmWqNpuEGCXqWZppBnEkWB+vdt
FVNml6TzNksr0TjaDaAOvSg5nkc07xTgx8TVPdFL1cO8IGjP3S4XdtQBbX05ifFD
sFjSj36w1XZFwhOC3BtP3VFMxS6wN1ZQv6dLFERrnlOH8TgODlDsDpmmX3Qrigwz
oFi+PqV1yYQ3OwL2HRKKA5o3WoPgulUCz2aWDHp4ZQIDAQABo4ILdDCCC3AwHwYD
VR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFECZ92tDZQd/
SbfcVk5DbJ0JjvFVMIIIsgYDVR0RBIIIqTCCCKWCD2NlcnQyLnJvY2hlLmNvbYIV
d3d3Lm15aGVtbGlicmEuY29tLmF1ghJlYW4ub2NyZXZ1cy5nbG9iYWyCGXd3dy5m
b3VuZGF0aW9ubWVkaWNpbmUudWuCJGx2LmhjcG5leHQucHJlcHJvZC5vcGVuZ2Fy
ZGVuLnJjaC5jbYIQd3d3LnJvY2hlLmNvbS5jb4IXd2llZHphcGFjamVudGEucm9j
aGUucGyCFHd3dy50ZWNlbnRyaXEuY29tLmF1ghV3d3cuY29uZmx1c2lvbi5jb20u
c2eCEnd3dy5hY3RlbXJhLmNvbS5hdYIlYWV0LmhjcG5leHQucHJlcHJvZC5vcGVu
Z2FyZGVuLnJjaC5jbYIZd3d3LmZvdW5kYXRpb25tZWRpY2luZS5jaIISd3d3LnJv
Y2hlaHViLmNvLm56ggx3d3cucm9jaGUua3qCHXd3dy5mb3VuZGF0aW9ubWVkaWNp
bmUuY29tLmF1giR1ay5oY3BuZXh0LnByZXByb2Qub3BlbmdhcmRlbi5yY2guY22C
GXd3dy5mb3VuZGF0aW9ubWVkaWNpbmUuZXOCJHFhLmhjcG5leHQucHJlcHJvZC5v
cGVuZ2FyZGVuLnJjaC5jbYIkc2suaGNwbmV4dC5wcmVwcm9kLm9wZW5nYXJkZW4u
cmNoLmNtgiRydS5oY3BuZXh0LnByZXByb2Qub3BlbmdhcmRlbi5yY2guY22CEWFi
b3V0cHYucm9jaGUuY29tghB3d3cucm9jaGUuY29tLmhrgiRkay5oY3BuZXh0LnBy
ZXByb2Qub3BlbmdhcmRlbi5yY2guY22CJXVrMy5oY3BuZXh0LnByZXByb2Qub3Bl
bmdhcmRlbi5yY2guY22CE3d3dy5oZW1saWJyYS5jb20uYXWCGXd3dy5mb3VuZGF0
aW9ubWVkaWNpbmUubHaCJGdyLmhjcG5leHQucHJlcHJvZC5vcGVuZ2FyZGVuLnJj
aC5jbYIkYmUuaGNwbmV4dC5wcmVwcm9kLm9wZW5nYXJkZW4ucmNoLmNtggx3d3cu
cm9jaGUuY2yCEHd3dy5yb2NoZS5jb20uZWOCHnd3dy5mb3VuZGF0aW9ubWVkaWNp
bmUtY2FjLmNvbYIkc2UuaGNwbmV4dC5wcmVwcm9kLm9wZW5nYXJkZW4ucmNoLmNt
ghl3d3cuZm91bmRhdGlvbm1lZGljaW5lLmJngg93d3cucm9jaGUuY28uaWSCF3d3
dy5yb2NoZS1hdXN0cmFsaWEuY29tggx3d3cucm9jaGUuYmGCJGh1LmhjcG5leHQu
cHJlcHJvZC5vcGVuZ2FyZGVuLnJjaC5jbYIbd3d3LnBhaXJzLXBhYWZvcm0ucm9j
aGUuY29tgiRkZS5oY3BuZXh0LnByZXByb2Qub3BlbmdhcmRlbi5yY2guY22CD3d3
dy5yb2NoZS5jby50aIIkcnMuaGNwbmV4dC5wcmVwcm9kLm9wZW5nYXJkZW4ucmNo
LmNtghJ3d3cucm9jaGVpbmRpYS5jb22CF3BhaXJzLXBhYWZvcm0ucm9jaGUuY29t
ggx3d3cucm9jaGUuaHKCGXd3dy5mb3VuZGF0aW9ubWVkaWNpbmUuZGuCJGlsLmhj
cG5leHQucHJlcHJvZC5vcGVuZ2FyZGVuLnJjaC5jbYIMd3d3LnJvY2hlLnVhgipz
aG93Y2FzZS5oY3BuZXh0LnByZXByb2Qub3BlbmdhcmRlbi5yY2guY22CFXBlcmlw
YXppZW50aS5yb2NoZS5pdIIgd3d3LnBlc3F1aXNhY2xpbmljYS5yb2NoZS5jb20u
YnKCGXd3dy5mb3VuZGF0aW9ubWVkaWNpbmUuZnKCDHd3dy5yb2NoZS5ubIIMd3d3
LnJvY2hlLmdlgiRlZS5oY3BuZXh0LnByZXByb2Qub3BlbmdhcmRlbi5yY2guY22C
EXd3dy5seW1mb21pbmZvLnNlgg93d3cubWlyY2VyYS5jb22CEnd3dy5yb2NoZXNy
YmlqYS5yc4IUd3d3LnJvY2hlY29ubmVjdC5jb22CJGx0LmhjcG5leHQucHJlcHJv
ZC5vcGVuZ2FyZGVuLnJjaC5jbYIkYmcuaGNwbmV4dC5wcmVwcm9kLm9wZW5nYXJk
ZW4ucmNoLmNtgiVzc2EuaGNwbmV4dC5wcmVwcm9kLm9wZW5nYXJkZW4ucmNoLmNt
ggx3d3cucm9jaGUuZGuCJGhyLmhjcG5leHQucHJlcHJvZC5vcGVuZ2FyZGVuLnJj
aC5jbYIkc2kuaGNwbmV4dC5wcmVwcm9kLm9wZW5nYXJkZW4ucmNoLmNtghR3d3cu
dmlhdGFjdWxpbWZvbS5yb4IkZmkuaGNwbmV4dC5wcmVwcm9kLm9wZW5nYXJkZW4u
cmNoLmNtgiR6YS5oY3BuZXh0LnByZXByb2Qub3BlbmdhcmRlbi5yY2guY22CFXd3
dy5hYm91dHB2LnJvY2hlLmNvbYIMd3d3LnJvY2hlLm5vggx3d3cucm9jaGUubHSC
DHd3dy5yb2NoZS5zZYIkY3ouaGNwbmV4dC5wcmVwcm9kLm9wZW5nYXJkZW4ucmNo
LmNtggx3d3cucm9jaGUuYmWCEHd3dy5yb2NoZS5jb20ubXiCJG5vLmhjcG5leHQu
cHJlcHJvZC5vcGVuZ2FyZGVuLnJjaC5jbYIOd3d3LmVzYnJpZXQuZXWCJGllLmhj
cG5leHQucHJlcHJvZC5vcGVuZ2FyZGVuLnJjaC5jbYIMd3d3LnJvY2hlLmVlghB3
d3cucm9jaGUuY29tLnRyghN3d3cucm9jaGVjYW5hZGEuY29tghB3d3cucm9jaGUu
Y29tLnBlgiRpdC5oY3BuZXh0LnByZXByb2Qub3BlbmdhcmRlbi5yY2guY22CJHJv
LmhjcG5leHQucHJlcHJvZC5vcGVuZ2FyZGVuLnJjaC5jbTAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6At
oCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+g
LaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBM
BgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3
dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYI
KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6
aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNl
cnZlckNBLmNydDAJBgNVHRMEAjAAMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUA
pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFsKPwH1gAABAMARjBE
AiBXflqp18MXc1+vZcqZrdbMOJ0GMjLmvVUemHzZaSxvYwIgc9tUGSyPHjCvUn2U
R5BAnvcfk6qNznfejOfO2kgtEi0AdgCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDB
tOr/XqCDDwAAAWwo/AgqAAAEAwBHMEUCIQC2UgfmRie1sOqEiu3cCW1hPUexpA8h
zWWqJTXVnYbppwIgOGBBeRFGtsY4ev9c/J/JUDqG+wUUiD2ZewL4YmCLhEIwDQYJ
KoZIhvcNAQELBQADggEBABvkZLLFoPrWIG70oHhesC6/+2yJWwfFmf1IoZP+t+5S
sfp0ALh7V8JyCjAFEPYyJ6jNdjBufm0/5hcLVox1Jf5oCTH9gMoMk3aQQ6kB0O2Y
eoHpkNSDPsW90+a66Rccyg25bwqfKF0SCZfgADahTfE5CBFyxxig2hx5KPSmjdx3
sLGB5fz5QsGDy9xoajLHcOcgSQRSqYZSk5HYVDNNgsgGTqAkc5qQzppdVnZXOISp
DWmc3PKYPBYsEzx69ETANxgO10Aw4nsMfED16FcHYDlAROYgm+brNjvPjdgSigyw
QSqzQrmEMsSpdKFU0kjjN2/tvjrBZnx5NaJ6qVdQhys=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4lpSxA+ejkWM+nOklub
Hfmv7nS221GXdxz444jCwgBDuL7mFR7TKL9zELUGiW+RCpiKlC1usTG95ritMSyU
oWLN7YIrJMkVIXkiBTxMUhLTRlohgS02J3AQzsbB2Y3V2kYasdOMzSIoUkLmz/Xm
WqNpuEGCXqWZppBnEkWB+vdtFVNml6TzNksr0TjaDaAOvSg5nkc07xTgx8TVPdFL
1cO8IGjP3S4XdtQBbX05ifFDsFjSj36w1XZFwhOC3BtP3VFMxS6wN1ZQv6dLFERr
nlOH8TgODlDsDpmmX3QrigwzoFi+PqV1yYQ3OwL2HRKKA5o3WoPgulUCz2aWDHp4
ZQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 18223971635689143470998621280893206166
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-25 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-07-07 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Basel-Stadt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Basel'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'F. Hoffmann-La Roche AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cert2.roche.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23169369847072410971252136424190219399039249615918563274755264874314890243260096114980538506941965126295655301283822485702101402332664629520860367367242218083918981308539416256062157264003135104512479797313513098274591317658684744296313531277043595764621317804629699491766893798173267779720064487984845499321116746409014943711790496858509394827609216511679025301530641941931970613739234330350554806341661022217271147384075984681891190480149506382657279423529018405095395676181465479104598633423012766250174151511930527914718194260018340351441299474436989779708661827067174888704015716730497270643762942135328388577381
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0f80611c823161d52f28e78d4638b42ce1c6d9e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							4099f76b4365077f49b7dc564e436c9d098ef155
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2217 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cert2.roche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.myhemlibra.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ean.ocrevus.global'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.foundationmedicine.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lv.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wiedzapacjenta.roche.pl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tecentriq.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.conflusion.com.sg'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.actemra.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aet.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.foundationmedicine.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rochehub.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.kz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.foundationmedicine.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uk.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.foundationmedicine.es'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sk.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ru.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aboutpv.roche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.com.hk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dk.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uk3.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hemlibra.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.foundationmedicine.lv'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gr.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'be.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.cl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.com.ec'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.foundationmedicine-cac.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'se.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.foundationmedicine.bg'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.co.id'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche-australia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.ba'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hu.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.pairs-paaform.roche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'de.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.co.th'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rs.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rocheindia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pairs-paaform.roche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.hr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.foundationmedicine.dk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'il.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.ua'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'showcase.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'peripazienti.roche.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.pesquisaclinica.roche.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.foundationmedicine.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.ge'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ee.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.lymfominfo.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.mircera.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rochesrbija.rs'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rocheconnect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lt.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bg.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ssa.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.dk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hr.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'si.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.viataculimfom.ro'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fi.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'za.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.aboutpv.roche.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.no'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.lt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cz.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.be'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.com.mx'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'no.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.esbriet.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ie.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.ee'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.com.tr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rochecanada.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.roche.com.pe'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'it.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ro.hcpnext.preprod.opengarden.rch.cm'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/ssca-sha2-g6.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/ssca-sha2-g6.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (112 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016c28fc07d600000403004630440220577e5aa9d7c317735faf65ca99add6cc389d063232e6bd551e987cd9692c6f63022073db54192c8f1e30af527d944790409ef71f93aa8dce77de8ce7ceda482d122d0076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016c28fc082a0000040300473045022100b65207e64627b5b0ea848aeddc096d613d47b1a40f21cd65aa2535d59d86e9a70220386041791146b6c6387aff5cfc9fc9503a86fb0514883d997b02f862608b8442
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001be464b2c5a0fad6206ef4a0785eb02ebffb6c895b07c599fd48a193feb7ee52b1fa7400b87b57c2720a300510f63227a8cd76306e7e6d3fe6170b568c7525fe680931fd80ca0c93769043a901d0ed987a81e990d4833ec5bdd3e6bae9171cca0db96f0a9f285d120997e00036a14df139081172c718a0da1c7928f4a68ddc77b0b181e5fcf942c183cbdc686a32c770e720490452a986529391d854334d82c8064ea024739a90ce9a5d5676573884a90d699cdcf2983c162c133c7af444c037180ed74030e27b0c7c40f5e8570760394044e6209be6eb363bcf8dd8128a0cb0412ab342b98432c4a974a154d248e3376fedbe3ac1667c7935a27aa95750872b