test.domaine2.secureweb.inalco.com

- Industrial Alliance Insurance and Financial Services Inc. -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 58:33:04:d7:93:ed:19:c0:b2:ae:27:1c:3b:b5:51:58 was issued on by Entrust, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Industrial Alliance Insurance and Financial Services Inc.

Organization: Industrial Alliance Insurance and Financial Services Inc.
State / Province: Quebec
Locality: Québec
Country: CA

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 58:33:04:d7:93:ed:19:c0:b2:ae:27:1c:3b:b5:51:58
Serial Number (int): 117236968978332161674902952515640578392
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: fe:31:b4:95:19:85:f8:f0:25:bf:9c:48:af:58:6d:65:39:d0:dd:0a
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 55:3b:28:56:2b:93:70:0e:90:e5:de:86:8b:c8:a3:60:e5:45:87:90
Fingerprint (sha256): 69:49:59:b4:2e:07:30:15:ef:d4:ec:44:82:1e:a9:95:ea:62:ea:21:65:01:48:9a:a3:6a:8d:13:f6:2a:63:6e

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate test.domaine2.secureweb.inalco.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for test.domaine2.secureweb.inalco.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

test.domaine2.secureweb.inalco.com

Other certificates including the domain name inalco.com

(limited to 100 certificates)
poupon.inalco.com
www.inalco.com
securefonc.inalco.com
webmail.inalco.com
rave01.inalco.com
poupon.inalco.com
ei.secureweb.inalco.com
intg.api.inalco.com
imageserver.secureweb.inalco.com
inalco.com
iamobile.inalco.com
fr.wiki-crm.kronos-web.com
www.inalco.com
gestionclients.intg.inalco.com
inalco.com
poupon.inalco.com
www.inalco.com
inalco.com
we.secureweb.inalco.com
inalco.com
www.iaretirement.inalco.com
imageserver.secureweb.accp.ia.iafg.net
we.intg.secureweb.inalco.com
imageserver.secureweb.inalco.com
bambin.inalco.com
poupon.inalco.com
*.intg.secureweb.ia.ca
api.ia.ca
ia-cem.accp.secureweb.inalco.com
www.inalco.com
fs41.inalco.com
*.inalco.com
webmail.ia.ca
fs41.inalco.com
poupon.inalco.com
accp.api.ia.ca
secure2.inalco.com
imageserver.secureweb.inalco.com
imageserver.secureweb.inalco.com
iagtools.inalco.com
*.secureweb.inalco.com
*.intg.secureweb.ia.ca
imageserver.secureweb.inalco.com
fs01.inalco.com
secure.inalco.com
poupon.inalco.com
*.external.inalco.com
secure2.inalco.com
fr.wiki-crm.kronos-web.com
login.service.dealers.inalco.com
AWSSOIA.inalco.com
webadmin.inalco.com
imageserver.secureweb.inalco.com
rave01.inalco.com
www.inalco.com
accp.api.inalco.com
www.inalco.com
ia-cem.secureweb.inalco.com
fs01.inalco.com
stmartin.inalco.com
inalco.com
poupon.inalco.com
webmail.ia.ca
statss.inalco.com
secure.inalco.com
inalco.com
fs01.inalco.com
fr.wiki-crm.kronos-web.com
we.secureweb.inalco.com
iagtools.inalco.com
extranet.inalco.com
www.inalco.com
inalco.com
inalco.com
www.inalco.com
fnct.api.inalco.com
novus.inalco.com
bambin.inalco.com
test.domaine2.secureweb.inalco.com
proxy.accp.secureweb.inalco.com
www.inalco.com
www.inalco.com
poupon.inalco.com
ia-cem.accp.secureweb.inalco.com
imageserver.secureweb.inalco.com
*.secureweb.inalco.com
bambin.inalco.com
inalco.com
fs41.inalco.com
proxy.secureweb.inalco.com
fr.wiki-crm.kronos-web.com
imageserver.secureweb.accp.ia.iafg.net
*.accp.webrequests.inalco.com
*.webrequests.inalco.com
IAGTOOLS.inalco.com
imageserver.secureweb.inalco.com
*.inalco.com
webmail.ia.ca
proxy.intg.secureweb.inalco.com
*.secureweb.inalco.com

Certificate

The complete raw certificate details for test.domaine2.secureweb.inalco.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgIQWDME15PtGcCyriccO7VRWDANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDA1MTYxNDEwMzlaFw0yNTA1MTYxNDEwMzhaMIGhMQswCQYDVQQGEwJDQTEPMA0G
A1UECBMGUXVlYmVjMRAwDgYDVQQHDAdRdcOpYmVjMUIwQAYDVQQKEzlJbmR1c3Ry
aWFsIEFsbGlhbmNlIEluc3VyYW5jZSBhbmQgRmluYW5jaWFsIFNlcnZpY2VzIElu
Yy4xKzApBgNVBAMTInRlc3QuZG9tYWluZTIuc2VjdXJld2ViLmluYWxjby5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1BgEF5ALKH8qJ6Xw+WWD4
BiC0K9SF/ONAM6srHSafSmiOMLwMSpEHJlLk/ln+zHUTf3qlRPO2fyBglwk+iRiu
9YpeDAF9sL399+zvvM4vHiAx6T5PfkwO4ydLPttEEDVLsG4Sdiasf9aKBXRglVtU
Q36ZQBsSdktmPMHf5WkD7WkgVOK2bYhZD6YOhbGQsO2rI01Tpb3rouw2LotDRQ0d
j8potDdK8tzxUs0Vq1Tn/rLr9vgUuDybI6nbY9A+rjzKlqiE5Ehg0F1QoFqJFBK9
Iw37sVnbCR91UM9Rl25fgZNQF0uv0aR9eYdQ/B83WECzeWzVdLO0uCR7GGQl47+9
AgMBAAGjggF5MIIBdTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT+MbSVGYX48CW/
nEivWG1lOdDdCjAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzBoBggr
BgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0
MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1jaGFpbjI1
Ni5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9s
ZXZlbDFrLmNybDAtBgNVHREEJjAkgiJ0ZXN0LmRvbWFpbmUyLnNlY3VyZXdlYi5p
bmFsY28uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwEwYDVR0gBAwwCjAIBgZngQwBAgIwEwYKKwYBBAHWeQIEAwEB/wQC
BQAwDQYJKoZIhvcNAQELBQADggEBAKcgjvFCpvXZbs5N4bUtAga23ZP8KZpzBwR+
thpUx6qCewFPLOiO3FGxmPdkrX65iD0ExQVRXLfjqVfdn5c34jQMhT8gf/XrgbwQ
OOfx27F2MaGVB7wZZYqcQmeKbwAXY6JcKuN1PR+8udId02dGUBMsgjstxh+Hs2Dk
R39ZYu8fKCXPKkhZtMi0OjDfU2Ye2jvTY/LpVGuSA4cV3uVciuTVC2q/gE8jzQFE
XYqYYpXkGSM5R3LESyBHOwG0hJCD/hl5US/SHfZVFmAzPZYvBWA7xa27+KCb/cWi
rcci1txJr31stNacx1gX6kuzPZ2qeiDBXiKOLEHnwbZ221RYEes=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQYBBeQCyh/Kiel8Pllg
+AYgtCvUhfzjQDOrKx0mn0pojjC8DEqRByZS5P5Z/sx1E396pUTztn8gYJcJPokY
rvWKXgwBfbC9/ffs77zOLx4gMek+T35MDuMnSz7bRBA1S7BuEnYmrH/WigV0YJVb
VEN+mUAbEnZLZjzB3+VpA+1pIFTitm2IWQ+mDoWxkLDtqyNNU6W966LsNi6LQ0UN
HY/KaLQ3SvLc8VLNFatU5/6y6/b4FLg8myOp22PQPq48ypaohORIYNBdUKBaiRQS
vSMN+7FZ2wkfdVDPUZduX4GTUBdLr9GkfXmHUPwfN1hAs3ls1XSztLgkexhkJeO/
vQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 117236968978332161674902952515640578392
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-16 14:10:39 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-16 14:10:38 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Quebec'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Québec'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Industrial Alliance Insurance and Financial Services Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'test.domaine2.secureweb.inalco.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22852093879696595855623202879089649700307828472977087830822900572837941762443576698417067807771895009455694177440034661788032006004917583719990865374428825948609817005904083254460663298849409159468452729778496013489187832772388892528601943623757081475610775144496079440304174121152605629363583286516340899367658939548250603904435183806502947467650759479569883862789408155762836215397120767046044477302390146254786604057715923002426286787267052519259452311334146480718103323461592569273887506964983462004133314173565035994493303359117147785012036220500145744405064196078901838095241800433545385912516995957760222019517
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							fe31b4951985f8f025bf9c48af586d6539d0dd0a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.domaine2.secureweb.inalco.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00a7208ef142a6f5d96ece4de1b52d0206b6dd93fc299a7307047eb61a54c7aa827b014f2ce88edc51b198f764ad7eb9883d04c505515cb7e3a957dd9f9737e2340c853f207ff5eb81bc1038e7f1dbb17631a19507bc19658a9c42678a6f001763a25c2ae3753d1fbcb9d21dd3674650132c823b2dc61f87b360e4477f5962ef1f2825cf2a4859b4c8b43a30df53661eda3bd363f2e9546b92038715dee55c8ae4d50b6abf804f23cd01445d8a986295e41923394772c44b20473b01b4849083fe1979512fd21df6551660333d962f05603bc5adbbf8a09bfdc5a2adc722d6dc49af7d6cb4d69cc75817ea4bb33d9daa7a20c15e228e2c41e7c1b676db545811eb