www.kay.com

- Sterling Jewelers -

Issued by GeoTrust SSL CA - G3

About this certificate

This digital certificate with serial number 79:f7:14:ef:0b:42:ee:a8:41:60:2f:bb:ec:86:64:7f was issued on by GeoTrust Inc..

With 28 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

Sterling Jewelers

Organization: Sterling Jewelers
Organization unit: IT
State / Province: Ohio
Locality: Akron
Country: US

GeoTrust Inc.

Organization: GeoTrust Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 79:f7:14:ef:0b:42:ee:a8:41:60:2f:bb:ec:86:64:7f
Serial Number (int): 162119509401241088227308957023940797567
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: d2:6f:f7:96:f4:85:3f:72:3c:30:7d:23:da:85:78:9b:a3:7c:5a:7c

Fingerprint (sha1): c6:92:3a:b7:77:0c:7f:8a:0e:0e:88:dc:2e:96:39:80:a8:c3:18:18
Fingerprint (sha256): 58:27:9f:c1:5a:01:63:4f:08:4c:95:8d:0c:af:eb:69:ae:48:79:bf:8b:f4:37:bc:33:46:fc:93:34:f0:f7:2a

Issuing Certificate URL: http://gn.symcb.com/gn.crt

Revocation information

OCSP Server: http://gn.symcd.com
CRL Distribution Point: http://gn.symcb.com/gn.crl

Check the revocation status for certificate www.kay.com

28

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.kay.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.kayoutlet.com
feo1.kayoutlet.com
feo2.kayoutlet.com
kayoutlet.com
test3.kayoutlet.com
dev1.kayoutlet.com
test.kayoutlet.com
dev1.sterlingjewelers.com
test.sterlingjewelers.com
sterlingjewelers.com
test3.sterlingjewelers.com
feo1.sterlingjewelers.com
feo2.sterlingjewelers.com
www.sterlingjewelers.com
test.jared.com
feo2.jared.com
jared.com
www.jared.com
feo1.jared.com
dev1.jared.com
test3.jared.com
test3.kay.com
feo1.kay.com
feo2.kay.com
kay.com
test.kay.com
dev1.kay.com
www.kay.com

Other certificates including the domain name kay.com

(limited to 100 certificates)
imperva.com
sni191bdgl.wpc.edgecastcdn.net
test.kay.com
mstage.jared.com
credithub-test.azusnc-test.jewels.com
stores.kay.com
www2.kay.com
stores.kay.com
www.kay.com
*.classrings.kay.com
sni1d146gl.wpc.edgecastcdn.net
mstage.jared.com
origin-uat1.kay.com
www.kay.com
em.kay.com
t.kay.com
imperva.com
chat.kay.com
chat.kay.com
www.kay.com
credithub-dev.azusnc-test.jewels.com
credithub-test.azusnc-test.jewels.com
san2.yext-cdn.com
san2.yext-cdn.com
www.kay.com
test.kay.com
testbridal.kay.com
classrings.kay.com
san2.yext-cdn.com
classrings.kay.com
link.kay.com
link.kay.com
fashion.kay.com
bridal.kay.com
chat.kay.com
t.kay.com
www2.kay.com
www.kay.com
origin-uat1.kay.com
dtm.kay.com
www.kay.com
www.kay.com
test.kay.com
www.kay.com
signetqa.cbi-rings.com
bridal.kay.com
pay.sterlingjewelers.com
san2.yext-cdn.com
perf-creditapis.jewels.com
san2.yext-cdn.com
familyjewelry.kay.com
imperva.com
em.kay.com
locations.c2crestaurants.com
san2.yext-cdn.com
test.kay.com
stores.kay.com
chat.kay.com
www.kay.com
classrings.kay.com
chat.kay.com
san2.yext-cdn.com
em.kay.com
test.kay.com
testpersonalized.kay.com
www.kay.com
san2.yext-cdn.com
smetrics.kay.com
amp-uat3.kay.com
www.kay.com
pay.sterlingjewelers.com
www.kay.com
sni19bd6gl.wpc.edgecastcdn.net
www.kay.com
www.kay.com
pay.kay.com
origingreen.zales.com
*.kay.com
pages.email.kay.com
test.kay.com
jsorigin.zales.com
pt-stores.iqos.com.yext-cdn.com
familyjewelry.kay.com
www.kay.com
m.kay.com
creditapis.jewels.com
fpc.kay.com
credithub-test.azusnc-test.jewels.com
familyjewelry.kay.com
www.kay.com
classrings.kay.com
www.kay.com
classrings.kay.com
www.kay.com
personalized.jared.com
www.kay.com
www.kay.com
credithub-dev.azusnc-test.jewels.com
www.kay.com
www.kay.com

Certificate

The complete raw certificate details for www.kay.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG7TCCBdWgAwIBAgIQefcU7wtC7qhBYC+77IZkfzANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTYwNDE0MDAwMDAwWhcNMTcwNzE0MjM1
OTU5WjBrMQswCQYDVQQGEwJVUzENMAsGA1UECBMET2hpbzEOMAwGA1UEBxQFQWty
b24xGjAYBgNVBAoUEVN0ZXJsaW5nIEpld2VsZXJzMQswCQYDVQQLFAJJVDEUMBIG
A1UEAxQLd3d3LmtheS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDAanFCVJEgLATX0e/9TXoXqhMLNbtDARNOusLjq0TNx0Qtqcc40Ie9Xj2Y1lUC
szJNf0xVDoTJ5wafQUwn8WTnViTxk8OutY1FiGhD8MnfCLguV+VJpLT1A1fn6KTU
Ayb/tyoJAbAyW5C1cGOHu9jhE+1h46QCxq2uWcyBdCnFw6Hwxe4N/DnCjg5UOAAe
ypp7cWjsOj9liVQ2iXEWYUwVHKfKqEBGcTyig4m/UeUsOImAImMssTjksFldoMRW
EAIAbvLlpTH/yp3Fu81jlrT0OJL4lDwNEWmkZ3t34XBBQlRS7rXJJGOCW98Fwzmk
h1ID104HSfGyCTfuPknnuPTTAgMBAAGjggOyMIIDrjCCAhQGA1UdEQSCAgswggIH
ghF3d3cua2F5b3V0bGV0LmNvbYISZmVvMS5rYXlvdXRsZXQuY29tghJmZW8yLmth
eW91dGxldC5jb22CDWtheW91dGxldC5jb22CE3Rlc3QzLmtheW91dGxldC5jb22C
EmRldjEua2F5b3V0bGV0LmNvbYISdGVzdC5rYXlvdXRsZXQuY29tghlkZXYxLnN0
ZXJsaW5namV3ZWxlcnMuY29tghl0ZXN0LnN0ZXJsaW5namV3ZWxlcnMuY29tghRz
dGVybGluZ2pld2VsZXJzLmNvbYIadGVzdDMuc3RlcmxpbmdqZXdlbGVycy5jb22C
GWZlbzEuc3RlcmxpbmdqZXdlbGVycy5jb22CGWZlbzIuc3RlcmxpbmdqZXdlbGVy
cy5jb22CGHd3dy5zdGVybGluZ2pld2VsZXJzLmNvbYIOdGVzdC5qYXJlZC5jb22C
DmZlbzIuamFyZWQuY29tgglqYXJlZC5jb22CDXd3dy5qYXJlZC5jb22CDmZlbzEu
amFyZWQuY29tgg5kZXYxLmphcmVkLmNvbYIPdGVzdDMuamFyZWQuY29tgg10ZXN0
My5rYXkuY29tggxmZW8xLmtheS5jb22CDGZlbzIua2F5LmNvbYIHa2F5LmNvbYIM
dGVzdC5rYXkuY29tggxkZXYxLmtheS5jb22CC3d3dy5rYXkuY29tMAkGA1UdEwQC
MAAwDgYDVR0PAQH/BAQDAgWgMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9nbi5z
eW1jYi5jb20vZ24uY3JsMIGdBgNVHSAEgZUwgZIwgY8GBmeBDAECAjCBhDA/Bggr
BgEFBQcCARYzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBv
c2l0b3J5L2xlZ2FsMEEGCCsGAQUFBwICMDUMM2h0dHBzOi8vd3d3Lmdlb3RydXN0
LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdhbDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAU0m/3lvSFP3I8MH0j2oV4m6N8Wnww
VwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vZ24uc3ltY2QuY29t
MCYGCCsGAQUFBzAChhpodHRwOi8vZ24uc3ltY2IuY29tL2duLmNydDATBgorBgEE
AdZ5AgQDAQH/BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAurL9SCN4s8Z4uAd7VrjZ
/7Y44X2IQTuqWHek8ObEI5wdo/VbOcEGrosqnHYum4rE0Xx6T8pZivLVTcc0eVPU
fN2NKhfs5tiD5uct7iS2hVKr0Xi2Yk7lDnqxYb/3tFOW30VuQ7Ww0XmIyUsyCsAz
op9BAgUM7oOmrsjyny1gf+kZg29jKsc5qa/HX6GBkg8KINdA3YU4wPg1RSDv0qyV
gLI8twAKa0xwDuK9ZlpUgKGL9/EOvt44O3cDDIAvzyH17rLzSvNI+pOgW9AK/J9K
EUUm2fby9kDBXPrkuEaooK3OVx9Cyp68GqHyei2sFndmRaq6YupqQG4dAKaByDNn
yA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGpxQlSRICwE19Hv/U16
F6oTCzW7QwETTrrC46tEzcdELanHONCHvV49mNZVArMyTX9MVQ6EyecGn0FMJ/Fk
51Yk8ZPDrrWNRYhoQ/DJ3wi4LlflSaS09QNX5+ik1AMm/7cqCQGwMluQtXBjh7vY
4RPtYeOkAsatrlnMgXQpxcOh8MXuDfw5wo4OVDgAHsqae3Fo7Do/ZYlUNolxFmFM
FRynyqhARnE8ooOJv1HlLDiJgCJjLLE45LBZXaDEVhACAG7y5aUx/8qdxbvNY5a0
9DiS+JQ8DRFppGd7d+FwQUJUUu61ySRjglvfBcM5pIdSA9dOB0nxsgk37j5J57j0
0wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 162119509401241088227308957023940797567
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust SSL CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-04-14 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-07-14 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ohio'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Akron'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Sterling Jewelers'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'www.kay.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24290243266262942678752135227219522252275822262187575012478580782837561222861894805012664155944953798940751424523230578176102834860573340164759660502758680169408243987939762425629641012345798626989210844399156001118523010369598094213018244274215885762932562398725158653910815205207535386646042569254080803479555272109201209551440486119612945588309743939169823584313440686671529702568508071262211719401544508412838888610127523411529560176256194978463699496026652540823414987391606718434190160072110819612760303957360920319807863887463194112116239140497955261000573414349656619006559767118772426637463176655278383363283
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (523 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'feo1.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'feo2.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test3.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev1.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev1.sterlingjewelers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.sterlingjewelers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sterlingjewelers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test3.sterlingjewelers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'feo1.sterlingjewelers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'feo2.sterlingjewelers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sterlingjewelers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'feo2.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'feo1.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev1.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test3.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test3.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'feo1.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'feo2.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev1.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kay.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (149 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://www.geotrust.com/resources/repository/legal'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d26ff796f4853f723c307d23da85789ba37c5a7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gn.symcb.com/gn.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00bab2fd482378b3c678b8077b56b8d9ffb638e17d88413baa5877a4f0e6c4239c1da3f55b39c106ae8b2a9c762e9b8ac4d17c7a4fca598af2d54dc7347953d47cdd8d2a17ece6d883e6e72dee24b68552abd178b6624ee50e7ab161bff7b45396df456e43b5b0d17988c94b320ac033a29f4102050cee83a6aec8f29f2d607fe919836f632ac739a9afc75fa181920f0a20d740dd8538c0f8354520efd2ac9580b23cb7000a6b4c700ee2bd665a5480a18bf7f10ebede383b77030c802fcf21f5eeb2f34af348fa93a05bd00afc9f4a114526d9f6f2f640c15cfae4b846a8a0adce571f42ca9ebc1aa1f27a2dac16776645aaba62ea6a406e1d00a681c83367c8