legacy.denverpost.com

Issued by GTS CA 1D4

About this certificate

This digital certificate with serial number 9b:b2:ea:71:bb:0a:5e:83:0a:94:4d:ef:7e:d6:8e:77 was issued on by Google Trust Services LLC.

With 52 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=legacy.denverpost.com

Google Trust Services LLC

Organization: Google Trust Services LLC
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 9b:b2:ea:71:bb:0a:5e:83:0a:94:4d:ef:7e:d6:8e:77
Serial Number (int): 206959323281997010635240731891157339767
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 68:16:66:54:ea:e9:80:83:bb:dc:3c:38:f1:29:dd:1c:5c:f0:1a:c2
AuthorityKeyId: 25:e2:18:0e:b2:57:91:94:2a:e5:d4:5d:86:90:83:de:53:b3:b8:92

Fingerprint (sha1): 62:ad:2a:20:86:62:01:dd:6c:61:38:df:bd:ea:91:95:59:3e:5f:c1
Fingerprint (sha256): 5c:a0:07:78:84:c2:2c:35:64:67:74:55:a7:4f:06:84:d5:a7:16:29:ae:1a:ac:e5:59:c7:0b:21:42:a0:00:d9

Issuing Certificate URL: http://pki.goog/repo/certs/gts1d4.der

Revocation information

OCSP Server: http://ocsp.pki.goog/s/gts1d4/wExTUp7e-KU
CRL Distribution Point: http://crls.pki.goog/gts1d4/YZlDxvtMlVM.crl

Check the revocation status for certificate legacy.denverpost.com

52

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for legacy.denverpost.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

legacy.denverpost.com
mobileobits.advocate-news.com
obituaries.advocate-news.com
mobileobits.gazettes.com
obituaries.gazettes.com
mobileobits.mendocinobeacon.com
obituaries.mendocinobeacon.com
obituaries.nydailynews.com
obits.ocregister.com
obituaries.pilotonline.com
mobileobits.pvnews.com
obituaries.pvnews.com
dailytribune.rememberingmi.us
grandtraverse.rememberingmi.us
macombdaily.rememberingmi.us
morningstarpublishing.rememberingmi.us
sourcenewspapers.rememberingmi.us
theleader.rememberingmi.us
themorningsun.rememberingmi.us
theoaklandpress.rememberingmi.us
voicenews.rememberingmi.us
trentonian.rememberingnj.us
dailyfreeman.rememberingny.us
oneidadispatch.rememberingny.us
saratogian.rememberingny.us
troyrecord.rememberingny.us
morningjournal.rememberingoh.us
news-herald.rememberingoh.us
berksmontnews.rememberingpa.us
buckslocalnews.rememberingpa.us
dailylocal.rememberingpa.us
delconewsnetwork.rememberingpa.us
delcotimes.rememberingpa.us
mainlinemedianews.rememberingpa.us
montgomerynews.rememberingpa.us
phoenixvillenews.rememberingpa.us
pottsmerc.rememberingpa.us
southernchestercountyweeklies.rememberingpa.us
southjerseylocalnews.rememberingpa.us
thereporteronline.rememberingpa.us
timesherald.rememberingpa.us
obituaries.tbrnews.com
membership.mcall.com
chicagomag.com
insidebiz.com
www.insidebiz.com
membership.sun-sentinel.com
membership.orlandosentinel.com
membership.pilotonline.com
membership.dailypress.com
membership.courant.com
membership.nydailynews.com

Other certificates including the domain name denverpost.com

(limited to 100 certificates)
cdn-le4.arkadiumhosted.com
myaccount.mercurynews.com
dns-vetting1-jeffg-noah.map.fastly.net
denverpost.com
dns-vetting1m.map.fastly.net
jobs.bayareanewsgroup.com
hiring.wandtv.com
dns-vetting1a.map.fastly.net
dns-vetting1a.map.fastly.net
twp.denverpost.com
dns-vetting1h.map.fastly.net
businessdirectory.denverpost.com
dns-vetting1j.map.fastly.net
hiring.wandtv.com
dns-vetting1a.map.fastly.net
dns-vetting1j.map.fastly.net
cdn-le4.arkadiumhosted.com
dns-vetting1a.map.fastly.net
businessdirectory.denverpost.com
dns-vetting1a.map.fastly.net
cdn-le4.arkadiumhosted.com
jobs.bayareanewsgroup.com
cdn-le4.arkadiumhosted.com
dfm.map.fastly.net
jobs.bayareanewsgroup.com
ads.denverpost.com
dns-vetting1j.map.fastly.net
dns-vetting1-jeffg-noah.map.fastly.net
dns-vetting1j.map.fastly.net
dns-vetting1-jeffg-noah.map.fastly.net
dns-vetting1a.map.fastly.net
dns-vetting1a.map.fastly.net
dns-vetting1a.map.fastly.net
dns-vetting1i.map.fastly.net
dfm.map.fastly.net
mylocal.denverpost.com
dns-vetting1a.map.fastly.net
dns-vetting1a.map.fastly.net
legacy.denverpost.com
twp.denverpost.com
dns-vetting1m.map.fastly.net
mylocal.denverpost.com
vpn.medianewsgroup.com
jobs.bayareanewsgroup.com
dfm.map.fastly.net
twp.denverpost.com
test.checkout.mercurynews.com
hiring.wandtv.com
test.myaccount.mercurynews.com
dns-vetting1j.map.fastly.net
dns-vetting1m.map.fastly.net
dfm.map.fastly.net
mylocal.denverpost.com
dns-vetting1a.map.fastly.net
cdn-le4.arkadiumhosted.com
dns-vetting1j.map.fastly.net
dfm.map.fastly.net
dev.myaccount.mercurynews.com
dns-vetting1m.map.fastly.net
promote.denverpost.com
businessdirectory.denverpost.com
blogs.denverpost.com
twp.denverpost.com
dns-vetting1a.map.fastly.net
dns-vetting1m.map.fastly.net
dns-vetting1j.map.fastly.net
ads.denverpost.com
businessdirectory.denverpost.com
dns-vetting1a.map.fastly.net
jobs.bayareanewsgroup.com
dns-vetting1j.map.fastly.net
cdn-le4.arkadiumhosted.com
dns-vetting1j.map.fastly.net
denverpost.com
dptv.denverpost.com
dns-vetting1a.map.fastly.net
twp.denverpost.com
twp.denverpost.com
dfm.map.fastly.net
dfm.map.fastly.net
dfm.map.fastly.net
hiring.wandtv.com
dns-vetting1j.map.fastly.net
dns-vetting1m.map.fastly.net
games.denverpost.com
cdn-le4.arkadiumhosted.com
dns-vetting1a.map.fastly.net
dns-vetting1h.map.fastly.net
dns-vetting1a.map.fastly.net
twp.denverpost.com
mg2access.mercurynews.com
hiring.wandtv.com
businessdirectory.denverpost.com
ssl.smugmug.com
dns-vetting1a.map.fastly.net
secure.www.denverpost.com
dns-vetting1m.map.fastly.net
dns-vetting1j.map.fastly.net
uploads.denverpost.com
ssl.smugmug.com

Certificate

The complete raw certificate details for legacy.denverpost.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIILYDCCCkigAwIBAgIRAJuy6nG7Cl6DCpRN737WjncwDQYJKoZIhvcNAQELBQAw
RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
TEMxEzARBgNVBAMTCkdUUyBDQSAxRDQwHhcNMjQwMzE1MTMwODUxWhcNMjQwNjEz
MTM1NDU2WjAgMR4wHAYDVQQDExVsZWdhY3kuZGVudmVycG9zdC5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdA6nISjegOvSWgFvh1VDleFjXSlI4
gbtHg3OuauH64AExenIFlePmyzQy51RlmxISoQnrnyJsY37e0NP4SKAnJvgXaSN/
nLoEX03MNDQM1z7ZgpGhNoVapupPF2i/MzRrzCNFE7p9On8ALSQmV67+XkYwIyCc
DY1xDRvWZznOjrCUk+Gt3X4dH0pCBRliicTzVxF4e8zEjov9pFhCKnLUQellbDvY
btC6BRsuhrlyT99dELiHEp+mzutzuztx7JkUiz9NcGJZXDWZcbzpKesrOLsvNuAr
skn0xCn0o4mPAcUtJvZtwV25GK0ZEwCeTx2nNhTDgEdHTopqYlxnWBSvAgMBAAGj
gghtMIIIaTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUaBZmVOrpgIO73Dw48SndHFzwGsIwHwYDVR0j
BBgwFoAUJeIYDrJXkZQq5dRdhpCD3lOzuJIweAYIKwYBBQUHAQEEbDBqMDUGCCsG
AQUFBzABhilodHRwOi8vb2NzcC5wa2kuZ29vZy9zL2d0czFkNC93RXhUVXA3ZS1L
VTAxBggrBgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMWQ0
LmRlcjCCBg0GA1UdEQSCBgQwggYAghVsZWdhY3kuZGVudmVycG9zdC5jb22CHW1v
YmlsZW9iaXRzLmFkdm9jYXRlLW5ld3MuY29tghxvYml0dWFyaWVzLmFkdm9jYXRl
LW5ld3MuY29tghhtb2JpbGVvYml0cy5nYXpldHRlcy5jb22CF29iaXR1YXJpZXMu
Z2F6ZXR0ZXMuY29tgh9tb2JpbGVvYml0cy5tZW5kb2Npbm9iZWFjb24uY29tgh5v
Yml0dWFyaWVzLm1lbmRvY2lub2JlYWNvbi5jb22CGm9iaXR1YXJpZXMubnlkYWls
eW5ld3MuY29tghRvYml0cy5vY3JlZ2lzdGVyLmNvbYIab2JpdHVhcmllcy5waWxv
dG9ubGluZS5jb22CFm1vYmlsZW9iaXRzLnB2bmV3cy5jb22CFW9iaXR1YXJpZXMu
cHZuZXdzLmNvbYIdZGFpbHl0cmlidW5lLnJlbWVtYmVyaW5nbWkudXOCHmdyYW5k
dHJhdmVyc2UucmVtZW1iZXJpbmdtaS51c4IcbWFjb21iZGFpbHkucmVtZW1iZXJp
bmdtaS51c4ImbW9ybmluZ3N0YXJwdWJsaXNoaW5nLnJlbWVtYmVyaW5nbWkudXOC
IXNvdXJjZW5ld3NwYXBlcnMucmVtZW1iZXJpbmdtaS51c4IadGhlbGVhZGVyLnJl
bWVtYmVyaW5nbWkudXOCHnRoZW1vcm5pbmdzdW4ucmVtZW1iZXJpbmdtaS51c4Ig
dGhlb2FrbGFuZHByZXNzLnJlbWVtYmVyaW5nbWkudXOCGnZvaWNlbmV3cy5yZW1l
bWJlcmluZ21pLnVzght0cmVudG9uaWFuLnJlbWVtYmVyaW5nbmoudXOCHWRhaWx5
ZnJlZW1hbi5yZW1lbWJlcmluZ255LnVzgh9vbmVpZGFkaXNwYXRjaC5yZW1lbWJl
cmluZ255LnVzghtzYXJhdG9naWFuLnJlbWVtYmVyaW5nbnkudXOCG3Ryb3lyZWNv
cmQucmVtZW1iZXJpbmdueS51c4IfbW9ybmluZ2pvdXJuYWwucmVtZW1iZXJpbmdv
aC51c4IcbmV3cy1oZXJhbGQucmVtZW1iZXJpbmdvaC51c4IeYmVya3Ntb250bmV3
cy5yZW1lbWJlcmluZ3BhLnVzgh9idWNrc2xvY2FsbmV3cy5yZW1lbWJlcmluZ3Bh
LnVzghtkYWlseWxvY2FsLnJlbWVtYmVyaW5ncGEudXOCIWRlbGNvbmV3c25ldHdv
cmsucmVtZW1iZXJpbmdwYS51c4IbZGVsY290aW1lcy5yZW1lbWJlcmluZ3BhLnVz
giJtYWlubGluZW1lZGlhbmV3cy5yZW1lbWJlcmluZ3BhLnVzgh9tb250Z29tZXJ5
bmV3cy5yZW1lbWJlcmluZ3BhLnVzgiFwaG9lbml4dmlsbGVuZXdzLnJlbWVtYmVy
aW5ncGEudXOCGnBvdHRzbWVyYy5yZW1lbWJlcmluZ3BhLnVzgi5zb3V0aGVybmNo
ZXN0ZXJjb3VudHl3ZWVrbGllcy5yZW1lbWJlcmluZ3BhLnVzgiVzb3V0aGplcnNl
eWxvY2FsbmV3cy5yZW1lbWJlcmluZ3BhLnVzgiJ0aGVyZXBvcnRlcm9ubGluZS5y
ZW1lbWJlcmluZ3BhLnVzghx0aW1lc2hlcmFsZC5yZW1lbWJlcmluZ3BhLnVzghZv
Yml0dWFyaWVzLnRicm5ld3MuY29tghRtZW1iZXJzaGlwLm1jYWxsLmNvbYIOY2hp
Y2Fnb21hZy5jb22CDWluc2lkZWJpei5jb22CEXd3dy5pbnNpZGViaXouY29tghtt
ZW1iZXJzaGlwLnN1bi1zZW50aW5lbC5jb22CHm1lbWJlcnNoaXAub3JsYW5kb3Nl
bnRpbmVsLmNvbYIabWVtYmVyc2hpcC5waWxvdG9ubGluZS5jb22CGW1lbWJlcnNo
aXAuZGFpbHlwcmVzcy5jb22CFm1lbWJlcnNoaXAuY291cmFudC5jb22CGm1lbWJl
cnNoaXAubnlkYWlseW5ld3MuY29tMCEGA1UdIAQaMBgwCAYGZ4EMAQIBMAwGCisG
AQQB1nkCBQMwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybHMucGtpLmdvb2cv
Z3RzMWQ0L1labER4dnRNbFZNLmNybDCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3
AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABjkJxtvMAAAQDAEgw
RgIhAOZGJqmhj1uuqgyJR8+ON2zKrtKb9BUI6hRkYnO9DBjcAiEAvFrNUHLZpbaw
b7CHUIiy5CY8FQJPLB2W/FhM12/iPYIAdwBIsONr2qZHNA/lagL6nTDrHFIBy1bd
LIHZu7+rOdiEcwAAAY5Ccbb3AAAEAwBIMEYCIQD2UTixLVL/gWdaEhvQJ00QgTIi
8U4Azm4xikMMhrDDhwIhAMOuMiC7/wx89pjh3KzcUC0FpZ+0y9xxZyftwMDtwn30
MA0GCSqGSIb3DQEBCwUAA4IBAQCgrADcKs8cX8c6PXyY/jc8WmUnJ0VT3qgFQddh
MzAxyG7sv0Zgv4Xjp+B6AZb7yHpIffi3aZQ5xCNZHnKOxJGQobpI3IKu/68bb/FM
HQaA/f/SQowIUfDy2kRa4bGmD3PzCVmqK/fmpUeHeFYxD5biWuRBC6EpJDPR6wl0
Q9hK+MaQtgtJrTrnGukXHUiXuGd0LaW45LkAeJdYd4Hoy1N0XNu0QRjij2a/FU9O
J8t7SBxCIAloKiRizhVXAi+fArNxcFeoH2aLZerMBqCp0QJXNqjGatvXh5/5UvY5
h8rsmdNg79OfhL5fE33ZRc76koOdbtHKafYx4Sk8qexgInnS
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3QOpyEo3oDr0loBb4dVQ
5XhY10pSOIG7R4Nzrmrh+uABMXpyBZXj5ss0MudUZZsSEqEJ658ibGN+3tDT+Eig
Jyb4F2kjf5y6BF9NzDQ0DNc+2YKRoTaFWqbqTxdovzM0a8wjRRO6fTp/AC0kJleu
/l5GMCMgnA2NcQ0b1mc5zo6wlJPhrd1+HR9KQgUZYonE81cReHvMxI6L/aRYQipy
1EHpZWw72G7QugUbLoa5ck/fXRC4hxKfps7rc7s7ceyZFIs/TXBiWVw1mXG86Snr
Kzi7LzbgK7JJ9MQp9KOJjwHFLSb2bcFduRitGRMAnk8dpzYUw4BHR06KamJcZ1gU
rwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 206959323281997010635240731891157339767
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Google Trust Services LLC'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GTS CA 1D4'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-15 13:08:51 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-13 13:54:56 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'legacy.denverpost.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27900471794874284103346297464338391514925471267438582943522844026132725305784398128188118416945948272170610532022795099335509040906549231731948200455424618256337298472015563909384394914473529517194462131011466952327220027606575819092376056254271969599292126955627864492769215869632835766381560480771314579009309095639913008479335150920182330355531225325842347997596004611795374955801106335834470059427130570254718045047839734103395637945466310409454240228339850136322021837525783070921121934794346679397730851369558342799486085319172206658006671238498639144971500950306213756038893149725107371190092195418479978353839
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							68166654eae98083bbdc3c38f129dd1c5cf01ac2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 25e2180eb25791942ae5d45d869083de53b3b892
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (108 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.pki.goog/s/gts1d4/wExTUp7e-KU'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://pki.goog/repo/certs/gts1d4.der'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1540 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'legacy.denverpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mobileobits.advocate-news.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'obituaries.advocate-news.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mobileobits.gazettes.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'obituaries.gazettes.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mobileobits.mendocinobeacon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'obituaries.mendocinobeacon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'obituaries.nydailynews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'obits.ocregister.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'obituaries.pilotonline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mobileobits.pvnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'obituaries.pvnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dailytribune.rememberingmi.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'grandtraverse.rememberingmi.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'macombdaily.rememberingmi.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'morningstarpublishing.rememberingmi.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sourcenewspapers.rememberingmi.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'theleader.rememberingmi.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'themorningsun.rememberingmi.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'theoaklandpress.rememberingmi.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'voicenews.rememberingmi.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'trentonian.rememberingnj.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dailyfreeman.rememberingny.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oneidadispatch.rememberingny.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'saratogian.rememberingny.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'troyrecord.rememberingny.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'morningjournal.rememberingoh.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'news-herald.rememberingoh.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'berksmontnews.rememberingpa.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'buckslocalnews.rememberingpa.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dailylocal.rememberingpa.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'delconewsnetwork.rememberingpa.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'delcotimes.rememberingpa.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mainlinemedianews.rememberingpa.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'montgomerynews.rememberingpa.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'phoenixvillenews.rememberingpa.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pottsmerc.rememberingpa.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'southernchestercountyweeklies.rememberingpa.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'southjerseylocalnews.rememberingpa.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'thereporteronline.rememberingpa.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'timesherald.rememberingpa.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'obituaries.tbrnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'membership.mcall.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'chicagomag.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'insidebiz.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.insidebiz.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'membership.sun-sentinel.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'membership.orlandosentinel.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'membership.pilotonline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'membership.dailypress.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'membership.courant.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'membership.nydailynews.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.5.3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (53 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crls.pki.goog/gts1d4/YZlDxvtMlVM.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
							00f200770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018e4271b6f30000040300483046022100e64626a9a18f5baeaa0c8947cf8e376ccaaed29bf41508ea14646273bd0c18dc022100bc5acd5072d9a5b6b06fb0875088b2e4263c15024f2c1d96fc584cd76fe23d8200770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018e4271b6f70000040300483046022100f65138b12d52ff81675a121bd0274d10813222f14e00ce6e318a430c86b0c387022100c3ae3220bbff0c7cf698e1dcacdc502d05a59fb4cbdc716727edc0c0edc27df4
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00a0ac00dc2acf1c5fc73a3d7c98fe373c5a6527274553dea80541d761333031c86eecbf4660bf85e3a7e07a0196fbc87a487df8b7699439c423591e728ec49190a1ba48dc82aeffaf1b6ff14c1d0680fdffd2428c0851f0f2da445ae1b1a60f73f30959aa2bf7e6a547877856310f96e25ae4410ba1292433d1eb097443d84af8c690b60b49ad3ae71ae9171d4897b867742da5b8e4b9007897587781e8cb53745cdbb44118e28f66bf154f4e27cb7b481c422009682a2462ce1557022f9f02b3717057a81f668b65eacc06a0a9d1025736a8c66adbd7879ff952f63987caec99d360efd39f84be5f137dd945cefa92839d6ed1ca69f631e1293ca9ec602279d2