prodslot.southerncross.co.nz

- Southern Cross Medical Care Society -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 48:2b:b5:33:18:d1:bd:94:50:fb:a2:e3:ed:00:09:06 was issued on by Entrust, Inc..

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Southern Cross Medical Care Society

Organization: Southern Cross Medical Care Society
Locality: Auckland
Country: NZ

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 48:2b:b5:33:18:d1:bd:94:50:fb:a2:e3:ed:00:09:06
Serial Number (int): 95931359625886690612159432666438961414
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 6d:eb:73:af:7a:8f:82:1f:f2:28:47:08:b6:8b:79:d3:08:03:8a:b9
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): ec:50:0a:89:d1:5d:84:02:92:a6:14:e8:fd:b3:28:e8:7c:44:1a:3b
Fingerprint (sha256): 5d:4f:84:ab:64:19:27:2c:94:dd:46:a4:dd:95:cd:68:16:e2:b6:a4:87:c8:90:60:28:5d:0b:f8:62:7b:af:2b

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate prodslot.southerncross.co.nz

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for prodslot.southerncross.co.nz

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

prodslot.southerncross.co.nz
prodslot.southerncrosslife.co.nz
life-prodslot.southerncross.co.nz

Other certificates including the domain name southerncross.co.nz

(limited to 100 certificates)
dev.southerncross.co.nz

provider-identity-pp.southerncross.co.nz
hospitals.southerncross.co.nz
cm-pp.southerncross.co.nz
npos.southerncross.co.nz
brandkit.southerncross.co.nz
identity.southerncross.co.nz
apply.southerncross.co.nz
u.southerncross.co.nz


brandkit.southerncross.co.nz
assets.hospitals.southerncross.co.nz
sam-facade.southerncross.co.nz
dev.southerncross.co.nz
aplogo.southerncross.co.nz
hospitals.southerncross.co.nz
aimee-pp.ts.southerncross.co.nz
southerncrosshospitals.co.nz
hospitals.southerncross.co.nz
pp.southerncross.co.nz
easyclaim.southerncross.co.nz
identity.southerncross.co.nz
kete.southerncross.co.nz
beingwell.southerncross.co.nz
careers.southerncross.co.nz
providers.southerncross.co.nz

hospitals.southerncross.co.nz
hospitals.southerncross.co.nz
southerncross.co.nz

southerncrosshospitals.co.nz
prodslot.southerncross.co.nz
brandkit.southerncross.co.nz
assets.hospitals.southerncross.co.nz
hospitals.southerncross.co.nz
hospitals.southerncross.co.nz
*.ts.southerncross.co.nz
*.api-sit.southerncross.co.nz
brandkit.southerncross.co.nz
finance.southerncross.co.nz
aplogo.southerncross.co.nz
jobs.southerncross.co.nz
aplogo.southerncross.co.nz
*.api-sit.southerncross.co.nz
customer360.pr.southerncross.co.nz
gateway-orb.southerncross.co.nz
assets.hospitals.southerncross.co.nz
identity.southerncross.co.nz
easyclaim16.ts.southerncross.co.nz
identity.southerncross.co.nz
uat.hospitals.southerncross.co.nz
identity-signing.southerncross.co.nz
aplogo.southerncross.co.nz
*.southerncross.co.nz
schs-workflow.southerncross.co.nz
hospitals.southerncross.co.nz
identity-pp.southerncross.co.nz
viewpoint.southerncross.co.nz
hospitals.southerncross.co.nz
hospitals.southerncross.co.nz
*.api-sit.southerncross.co.nz
aimee-pp.ts.southerncross.co.nz
uat.hospitals.southerncross.co.nz
uat.hospitals.southerncross.co.nz

my.southerncross.co.nz
*.surfly.southerncross.co.nz
email.southerncross.co.nz
*.mapi-sit.southerncross.co.nz
hospitals.southerncross.co.nz
*.mapi-test.southerncross.co.nz
provider-identity-pp.southerncross.co.nz
uat.hospitals.southerncross.co.nz
southerncrosshospitals.co.nz
hospitals.southerncross.co.nz
*.southerncross.co.nz
*.api-dev.southerncross.co.nz
gateway-orb.southerncross.co.nz
pp.southerncross.co.nz
hospitals.southerncross.co.nz
*.mapi-test.southerncross.co.nz
gateway-bri.southerncross.co.nz
aplogo.southerncross.co.nz
aplogo.southerncross.co.nz
mapi.southerncross.co.nz
cm-dev.southerncross.co.nz
prodslot.southerncross.co.nz
*.beingwell.southerncross.co.nz
aimee-pp.ts.southerncross.co.nz
uat.hospitals.southerncross.co.nz
hospitals.southerncross.co.nz
www.southerncross.co.nz
www.viewpoint.southerncross.co.nz
brandkit.southerncross.co.nz
viewpoint.southerncross.co.nz
easy-claim-help.southerncross.co.nz
southerncross.co.nz

Certificate

The complete raw certificate details for prodslot.southerncross.co.nz in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgIQSCu1MxjRvZRQ+6Lj7QAJBjANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDA1MDcwNTAxMjVaFw0yNTA1MTAwNTAxMjRaMHUxCzAJBgNVBAYTAk5aMREwDwYD
VQQHEwhBdWNrbGFuZDEsMCoGA1UEChMjU291dGhlcm4gQ3Jvc3MgTWVkaWNhbCBD
YXJlIFNvY2lldHkxJTAjBgNVBAMTHHByb2RzbG90LnNvdXRoZXJuY3Jvc3MuY28u
bnowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiJPdHOLI/f2Fzt3ld
cYVgL2BhdmHly22Rp9hYgqFDU/heA4nXHcE/bZcxB2wsvtLRlfg+q90+YtJu3/w4
1PDK6CHh3kqGB2ormXqn3NSZb63JQxhSfvRCFthU9QyTxFhEKWebgfFQy9tA7SAc
BAVN7lazFY/7xAuXRIBbLML9OJZFUeh+AOp9I7estTC0uIgvsmi49q6I2/aBkvxc
9QKp6GlFcom1EYuprujp9NmPjU7eqchXfDe54peywPyEtIYODwNiZVgwXoYMb85B
0W/GaqPoK2uuQD/X1aX+0L1hKFeTrrH5eLpRzlO55Qg8W6iq3LLtnAfFVWdN30fv
ld1pAgMBAAGjggG4MIIBtDAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRt63Oveo+C
H/IoRwi2i3nTCAOKuTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzBo
BggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3Qu
bmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1jaGFp
bjI1Ni5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5l
dC9sZXZlbDFrLmNybDBsBgNVHREEZTBjghxwcm9kc2xvdC5zb3V0aGVybmNyb3Nz
LmNvLm56giBwcm9kc2xvdC5zb3V0aGVybmNyb3NzbGlmZS5jby5ueoIhbGlmZS1w
cm9kc2xvdC5zb3V0aGVybmNyb3NzLmNvLm56MA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gBAwwCjAIBgZngQwBAgIw
EwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAM5VSPlAOnxm
v+19pnH4SnmQs8D3QNI++mYlulGiIVwDU0f6yPDNujAY8Guh2UOmEmhqPWfDbzsd
jX/rgDNBcXHBVnMiF9mJndZERvpV+gOME44wtX4FSfvnNmXFJhNlVXVNmhTyrvdG
EQQrdg6B5pL3XI0WMEW4+33c3xXzGe5WavZORhW/bs3cYfRifxDsKHEXZRV8uEZk
gaMmJNMSk9bjR6/yv+MVX1/y4ulW4DwBwgP5hU/Hs0i/HfKtDMBMATs7nFGjwbma
h33S0cuYyKoH2dN48dYbAgwUqBimlpz29O8yd8PCD0pJmF1rsphNcwkkX8fpW4Y3
Pz1n4w851c8=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiT3RziyP39hc7d5XXGF
YC9gYXZh5cttkafYWIKhQ1P4XgOJ1x3BP22XMQdsLL7S0ZX4PqvdPmLSbt/8ONTw
yugh4d5KhgdqK5l6p9zUmW+tyUMYUn70QhbYVPUMk8RYRClnm4HxUMvbQO0gHAQF
Te5WsxWP+8QLl0SAWyzC/TiWRVHofgDqfSO3rLUwtLiIL7JouPauiNv2gZL8XPUC
qehpRXKJtRGLqa7o6fTZj41O3qnIV3w3ueKXssD8hLSGDg8DYmVYMF6GDG/OQdFv
xmqj6CtrrkA/19Wl/tC9YShXk66x+Xi6Uc5TueUIPFuoqtyy7ZwHxVVnTd9H75Xd
aQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 95931359625886690612159432666438961414
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-07 05:01:25 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-10 05:01:24 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NZ'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Auckland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Southern Cross Medical Care Society'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'prodslot.southerncross.co.nz'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20468833984221186118084030669175217808553896538430455286328001765611148893705566578482455936077610178015835936341584167217672794657145418576993666293760990906773702674386209398518351787641646459589482854773728399814441448996023485004792994414354899872354254898000634224836971809794965350147329820577842169507783667181251064203791516431496351224566396530165599892038870043125973860799389789004810097807465713938596969634383282194423622013074624115914100479000015576525890633596394769555094656741120702855516045371624674120357462355194897399877341945088058038133899690925233502791431377435332511293156055495444809506153
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6deb73af7a8f821ff2284708b68b79d308038ab9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (101 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prodslot.southerncross.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prodslot.southerncrosslife.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'life-prodslot.southerncross.co.nz'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00ce5548f9403a7c66bfed7da671f84a7990b3c0f740d23efa6625ba51a2215c035347fac8f0cdba3018f06ba1d943a612686a3d67c36f3b1d8d7feb8033417171c156732217d9899dd64446fa55fa038c138e30b57e0549fbe73665c526136555754d9a14f2aef74611042b760e81e692f75c8d163045b8fb7ddcdf15f319ee566af64e4615bf6ecddc61f4627f10ec28711765157cb8466481a32624d31293d6e347aff2bfe3155f5ff2e2e956e03c01c203f9854fc7b348bf1df2ad0cc04c013b3b9c51a3c1b99a877dd2d1cb98c8aa07d9d378f1d61b020c14a818a6969cf6f4ef3277c3c20f4a49985d6bb2984d7309245fc7e95b86373f3d67e30f39d5cf