spena.sonypictures.net

- Sony Pictures Entertainment -

Issued by DigiCert Global CA G2

About this certificate

This digital certificate with serial number 0b:c7:92:37:a3:c5:d5:2a:cc:bc:4c:74:d9:b4:17:cb was issued on by DigiCert Inc.

With 16 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Sony Pictures Entertainment

Organization: Sony Pictures Entertainment
Organization unit: Internet Systems Technology
State / Province: California
Locality: Culver City
Country: US

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0b:c7:92:37:a3:c5:d5:2a:cc:bc:4c:74:d9:b4:17:cb
Serial Number (int): 15657740668518798369360091400103008203
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: d1:da:6c:ae:21:ed:c9:c6:2f:bc:c7:7d:0a:91:ad:97:6a:ce:54:cc
AuthorityKeyId: 24:6e:2b:2d:d0:6a:92:51:51:25:69:01:aa:9a:47:a6:89:e7:40:20

Fingerprint (sha1): 64:5a:5e:35:f8:c9:52:a5:95:93:d1:24:dd:8d:b4:0d:8c:de:f6:f5
Fingerprint (sha256): 5b:3c:12:05:90:3c:5b:f0:2e:71:02:b5:01:ae:24:ce:b8:a5:00:f9:3a:ac:04:55:d9:a4:49:97:01:31:e6:b5

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalCAG2.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalCAG2.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalCAG2.crl

Check the revocation status for certificate spena.sonypictures.net

16

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for spena.sonypictures.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

spena.sonypictures.net
stage-spena.sonypictures.net
*.onetvasia.com
*.gemtvasia.com
*.axn-asia.com
*.axn-taiwan.com
*.sonychannelasia.com
*.animax-asia.com
*.animax-taiwan.com
*.animaxhd-tw.com
*.gemtvasia-hk.com
*.gemtvasia-id.com
*.gemtvasia-ph.com
*.gemtvasia-sg.com
*.gemtvasia-th.com
*.gemtvasia-vn.com

Other certificates including the domain name sonypictures.net

(limited to 100 certificates)
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
portals.sonypictures.net
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
spena.sonypictures.net
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
portals.sonypictures.net
stage-perc.sonypictures.com
flash.sonypictures.com
portals.sonypictures.net
flash.sonypictures.com
flash.sonypictures.com
stage-perc.sonypictures.com
portals.sonypictures.net
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
stage-perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
stage-perc.sonypictures.com
flash.sonypictures.com
spena.sonypictures.net
portals.sonypictures.net
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
stage-perc.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
stage-perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
spena.sonypictures.net
sites.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
portals.sonypictures.net
flash.sonypictures.com
stage-perc.sonypictures.com
sites.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
spena.sonypictures.net
portals.sonypictures.net
stage-perc.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
portals.sonypictures.net
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
stage-perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
portals.sonypictures.net
flash.sonypictures.com
perc.sonypictures.com
portals.sonypictures.net
perc.sonypictures.com
flash.sonypictures.com

Certificate

The complete raw certificate details for spena.sonypictures.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHjzCCBnegAwIBAgIQC8eSN6PF1SrMvEx02bQXyzANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVE
aWdpQ2VydCBHbG9iYWwgQ0EgRzIwHhcNMTgwOTExMDAwMDAwWhcNMTkwOTEyMTIw
MDAwWjCBpTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNV
BAcTC0N1bHZlciBDaXR5MSQwIgYDVQQKExtTb255IFBpY3R1cmVzIEVudGVydGFp
bm1lbnQxJDAiBgNVBAsTG0ludGVybmV0IFN5c3RlbXMgVGVjaG5vbG9neTEfMB0G
A1UEAxMWc3BlbmEuc29ueXBpY3R1cmVzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALzur7Kam9Ah/nn/YWL/V/oh16hKlkPECd3ev6FH6B3MwDIL
kJvHt4Vt98HpdGZnV3z0+9cfKwT1t0y7RuefR4VBh+CIm0nUygA1UzqRNfR3O9Nl
QkTwk9SE+gfV+0UczFEy8SCVYbPcWRiQ8B0U6bJ6pPPKhCw+EHfmWJmBNT7FTNWP
6aJcfpy0XshcUWr6SqWq8kfMpXSiic9nznDqM5WF+zpi10xZkJUMslwEPVr1leIi
KmqcjrrinCLWRHhY/lDWIUc92ZXyD8kaagyZUc18TN91zfE/ISafLFjYuRHThiUn
4jeya6yUtO420MGCXzt69J8K0ONa2GRtkQS4XekCAwEAAaOCBBkwggQVMB8GA1Ud
IwQYMBaAFCRuKy3QapJRUSVpAaqaR6aJ50AgMB0GA1UdDgQWBBTR2myuIe3Jxi+8
x30Kka2Xas5UzDCCAVEGA1UdEQSCAUgwggFEghZzcGVuYS5zb255cGljdHVyZXMu
bmV0ghxzdGFnZS1zcGVuYS5zb255cGljdHVyZXMubmV0gg8qLm9uZXR2YXNpYS5j
b22CDyouZ2VtdHZhc2lhLmNvbYIOKi5heG4tYXNpYS5jb22CECouYXhuLXRhaXdh
bi5jb22CFSouc29ueWNoYW5uZWxhc2lhLmNvbYIRKi5hbmltYXgtYXNpYS5jb22C
EyouYW5pbWF4LXRhaXdhbi5jb22CESouYW5pbWF4aGQtdHcuY29tghIqLmdlbXR2
YXNpYS1oay5jb22CEiouZ2VtdHZhc2lhLWlkLmNvbYISKi5nZW10dmFzaWEtcGgu
Y29tghIqLmdlbXR2YXNpYS1zZy5jb22CEiouZ2VtdHZhc2lhLXRoLmNvbYISKi5n
ZW10dmFzaWEtdm4uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwdwYDVR0fBHAwbjA1oDOgMYYvaHR0cDovL2NybDMuZGln
aWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsQ0FHMi5jcmwwNaAzoDGGL2h0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbENBRzIuY3JsMEwGA1UdIARF
MEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2lj
ZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHQGCCsGAQUFBwEBBGgwZjAkBggrBgEFBQcw
AYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMD4GCCsGAQUFBzAChjJodHRwOi8v
Y2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxDQUcyLmNydDAJBgNV
HRMEAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYApLkJkLQYWBSHuxOizGdw
Cjw1mAT5G9+443fNDsgN3BAAAAFlycWSegAABAMARzBFAiEA0chgKQdNApxLukiU
Fw9PMTSEQyCd4V6QCI3ouPEmolgCIBSQSWxm45K1gwRN2SZ2MXWpR8RZfD8mJVVN
pQKIJdQoAHcAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFlycWT
VQAABAMASDBGAiEAvV+7Fz+nA4TbndR38yxHdYpk7ZmEszegNStFzh0HMPMCIQDl
TLMLjRhAKWxH1my71R7lpqyeaFhpaBlxhOwYKaiSDjANBgkqhkiG9w0BAQsFAAOC
AQEAEBwy4onIDVGQ8qDN9ikW/JAtrzWK2FKw+2FpgwFUvrPeKtp3o0A1rP4TqJeh
CFoptZJc1XxSWVwXy1HTN/R2aphq+GIxiTuL2/CYzcygpfIVdiwEWMTtfr0tG9iU
EE/1ecs1INQVF7S6hKDiYQWJtPBO5K6xUPDTncxYl3+LzKBOh4a06480wXlqR7Dv
WjkyqqI6b4arBv8AfrtDp1zcWoMxBUP3ebQZo0AWFOEp9lRhN0/7V8nEv0ovzB2v
XK0xZsMnvcLkEukiy/VPsyzGc6uI6ICKoZjKlVyx+EONY/NYQTglp+evkH2w7L0t
3+GNtdZHZRYRyM6hwU8nTNIkPQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvO6vspqb0CH+ef9hYv9X
+iHXqEqWQ8QJ3d6/oUfoHczAMguQm8e3hW33wel0ZmdXfPT71x8rBPW3TLtG559H
hUGH4IibSdTKADVTOpE19Hc702VCRPCT1IT6B9X7RRzMUTLxIJVhs9xZGJDwHRTp
snqk88qELD4Qd+ZYmYE1PsVM1Y/polx+nLReyFxRavpKparyR8yldKKJz2fOcOoz
lYX7OmLXTFmQlQyyXAQ9WvWV4iIqapyOuuKcItZEeFj+UNYhRz3ZlfIPyRpqDJlR
zXxM33XN8T8hJp8sWNi5EdOGJSfiN7JrrJS07jbQwYJfO3r0nwrQ41rYZG2RBLhd
6QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15657740668518798369360091400103008203
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global CA G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-09-11 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-09-12 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Culver City'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sony Pictures Entertainment'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet Systems Technology'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'spena.sonypictures.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23850501944294473016716532997645627012715630525591288912504305661629858133019068150759317049142703744865090776692714300326343023354090335802022091228772038828610135220473634514528561282776261028834183810768827620232360511547748735351993121273769241162825204764719631630511406904283081192809493609278505232356384120984194347414310505628132474061991875339394059449348191165416701283503336367011902811566190111269167456226798145204573702088192230842653260456291777747138662054057773842108851346555152480449210402731657481577985808059585166209811171617860106604055296436789161028153704477512286652594419669306281198902761
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 246e2b2dd06a925151256901aa9a47a689e74020
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d1da6cae21edc9c62fbcc77d0a91ad976ace54cc
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (328 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'spena.sonypictures.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage-spena.sonypictures.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.onetvasia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.axn-asia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.axn-taiwan.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sonychannelasia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.animax-asia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.animax-taiwan.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.animaxhd-tw.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia-hk.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia-id.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia-ph.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia-sg.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia-th.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia-vn.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (112 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalCAG2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f1007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000165c9c5927a0000040300473045022100d1c86029074d029c4bba4894170f4f31348443209de15e90088de8b8f126a25802201490496c66e392b583044dd926763175a947c4597c3f2625554da5028825d4280077008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f00000165c9c593550000040300483046022100bd5fbb173fa70384db9dd477f32c47758a64ed9984b337a0352b45ce1d0730f3022100e54cb30b8d1840296c47d66cbbd51ee5a6ac9e68586968197184ec1829a8920e
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00101c32e289c80d5190f2a0cdf62916fc902daf358ad852b0fb6169830154beb3de2ada77a34035acfe13a897a1085a29b5925cd57c52595c17cb51d337f4766a986af86231893b8bdbf098cdcca0a5f215762c0458c4ed7ebd2d1bd894104ff579cb3520d41517b4ba84a0e2610589b4f04ee4aeb150f0d39dcc58977f8bcca04e8786b4eb8f34c1796a47b0ef5a3932aaa23a6f86ab06ff007ebb43a75cdc5a83310543f779b419a3401614e129f65461374ffb57c9c4bf4a2fcc1daf5cad3166c327bdc2e412e922cbf54fb32cc673ab88e8808aa198ca955cb1f8438d63f358413825a7e7af907db0ecbd2ddfe18db5d647651611c8cea1c14f274cd2243d