XP Investimentos S/A

- XP Investimentos S/A -

Issued by DigiCert Verified Mark RSA4096 SHA256 2021 CA1

About this certificate

This digital certificate with serial number 05:16:41:54:06:11:43:1e:a7:99:0c:64:07:e5:2b:59 was issued on by DigiCert, Inc..

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.

XP Investimentos S/A

Company registration number: 16.838.421/0001-26
Organization: XP Investimentos S/A
Address: Av. Chedid Jafet, 75 - Torre Sul - Vila Olímpia
Locality: São Paulo
Country: BR

DigiCert, Inc.

Organization: DigiCert, Inc.
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 05:16:41:54:06:11:43:1e:a7:99:0c:64:07:e5:2b:59
Serial Number (int): 6761695523480012891023511735043959641
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: c2:ab:c8:7f:e6:5b:3b:4e:f8:e3:fb:dc:a4:2c:7d:f0:0c:ec:9f:57
AuthorityKeyId: be:9f:bd:8d:57:6d:95:b5:ad:63:c3:97:4e:ab:a8:84:5d:3a:07:f5

Fingerprint (sha1): 4a:67:50:fe:30:c9:75:e8:8b:25:cc:08:39:8e:0c:47:29:29:12:67
Fingerprint (sha256): 6a:15:9a:21:ca:78:5b:94:57:ae:1d:1d:21:8e:11:a4:a0:43:98:58:83:b8:18:04:2d:7e:8c:8b:f3:fd:9b:0d

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertVerifiedMarkRSA4096SHA2562021CA1.crt

Revocation information

CRL Distribution Point: http://crl3.digicert.com/DigiCertVerifiedMarkRSA4096SHA2562021CA1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertVerifiedMarkRSA4096SHA2562021CA1.crl

Check the revocation status for certificate XP Investimentos S/A

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for XP Investimentos S/A

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Extended Key Usages

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

xpnews.com.br
xpinforma.com.br
xpi.com.br

Other certificates including the domain name

(limited to 100 certificates)

Certificate

The complete raw certificate details for XP Investimentos S/A in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIILITCCCQmgAwIBAgIQBRZBVAYRQx6nmQxkB+UrWTANBgkqhkiG9w0BAQsFADBf
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNzA1BgNVBAMT
LkRpZ2lDZXJ0IFZlcmlmaWVkIE1hcmsgUlNBNDA5NiBTSEEyNTYgMjAyMSBDQTEw
HhcNMjIwOTA3MDAwMDAwWhcNMjMwOTA3MjM1OTU5WjCCATwxEzARBgsrBgEEAYI3
PAIBAxMCQlIxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRswGQYDVQQF
ExIxNi44MzguNDIxLzAwMDEtMjYxCzAJBgNVBAYTAkJSMRMwEQYDVQQHDApTw6Nv
IFBhdWxvMTkwNwYDVQQJDDBBdi4gQ2hlZGlkIEphZmV0LCA3NSAtIFRvcnJlIFN1
bCAtIFZpbGEgT2zDrW1waWExHTAbBgNVBAoTFFhQIEludmVzdGltZW50b3MgUy9B
MR0wGwYDVQQDExRYUCBJbnZlc3RpbWVudG9zIFMvQTEfMB0GCisGAQQBg55fAQ0T
D1JlZ2lzdGVyZWQgTWFyazESMBAGCisGAQQBg55fAQMTAkJSMRkwFwYKKwYBBAGD
nl8BBBMJOTI1MjUxNTQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
uUNsQ9nORunrAW5IsWfj88+tGtd3rvebY7ksJczlKi+WHhi+0ENzLtR+03wGNnC1
31Dr2775vo8QQrK1qXpFrKjHwu31vdG/FgNID3qiCErP/XiF0B15+wGZJ1sCRWRJ
ikp+1LWddmRKQBrYySV22wx9znOzx7Fq4JwabNMP2OAjlKEKj43FKjQXTngbHYbv
nfzUsDwOocShUckoh3cUp/PMyu2wuAkXy+FFn1pst2SV4kmboIJj8x5Hz10An1qO
oV+1qA0wiI/cf/uicxHPgLOkRrLBHXA7sII5syjMylZ8sjYZnnRr7sfYddNFswhN
x+gzZMTWpTjykv9fzLJKFQIDAQABo4IF+DCCBfQwHwYDVR0jBBgwFoAUvp+9jVdt
lbWtY8OXTquohF06B/UwHQYDVR0OBBYEFMKryH/mWztO+OP73KQsffAM7J9XMDYG
A1UdEQQvMC2CDXhwbmV3cy5jb20uYnKCEHhwaW5mb3JtYS5jb20uYnKCCnhwaS5j
b20uYnIwEwYDVR0lBAwwCgYIKwYBBQUHAx8wgaUGA1UdHwSBnTCBmjBLoEmgR4ZF
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VmVyaWZpZWRNYXJrUlNB
NDA5NlNIQTI1NjIwMjFDQTEuY3JsMEugSaBHhkVodHRwOi8vY3JsNC5kaWdpY2Vy
dC5jb20vRGlnaUNlcnRWZXJpZmllZE1hcmtSU0E0MDk2U0hBMjU2MjAyMUNBMS5j
cmwwUAYDVR0gBEkwRzA3BgpghkgBhv1sAAIFMCkwJwYIKwYBBQUHAgEWG2h0dHA6
Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAMBgorBgEEAYOeXwEBMGQGCCsGAQUFBwEB
BFgwVjBUBggrBgEFBQcwAoZIaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Rp
Z2lDZXJ0VmVyaWZpZWRNYXJrUlNBNDA5NlNIQTI1NjIwMjFDQTEuY3J0MAwGA1Ud
EwEB/wQCMAAwggPgBggrBgEFBQcBDASCA9IwggPOooIDyqCCA8YwggPCMIIDvjCC
A7oWDWltYWdlL3N2Zyt4bWwwIzAhMAkGBSsOAwIaBQAEFPcoXd37yd9wzUjr9J7N
aBT7Utd1MIIDghaCA35kYXRhOmltYWdlL3N2Zyt4bWw7YmFzZTY0LEg0c0lBQUFB
QUFBQUNtMVRYVytiTUJSOURyL0M4NTRtMlk0L0FwZ290RnFycmF2VVNaVW1WWHVi
S0tFQmpVSUVoR1Q5OVR2WGFhYytqQWo3Mmo0KzU5eDd5ZWJ5OU55eXVSckdwdTl5
YnBUbXJPcktmdHQwdTV3ZnBpZnArZVZGdFBrZ0pidXB1bW9vcG41WXM4L2IvckZp
dDIxN0dLZXd4V3lpckRLQy9YaTRZVjlPKzM2WTJIMTcyTW5ianFtdytYRFdXTE5F
YWMydURrMjdaZm9UWTFLQ2ZweDM3MDFZemg2THNib2YrcWVtclhJK05kMGZ1Ujg1
YTdZNXZ5NmVpMjN4eS9Cb3dXQytHM05lVDlOK3ZWd2VqMGQxZEtvZmRrdXJ0VjZD
bFo4aDYxUGJkTC8vQnpSWmxpM0RLV2R6VXgyditsUE9OZFBNSmVFbEZlSllqL3Vp
aEpYOVVJM1ZNRmNjcnFkbWFxdUxuL2ViNVRtS05rTlZUZ3llMjV4Ly9Cb2V6bzdO
ZHFwelRseXNycHBkUFowWFMrRDN4VlMvNFkybEgyZEk4YnUxcWZMQ09xMU1iWjN5
cFZlWjBNTEV5a2lITUFUR2xscDZCQ2c5RnZKMXM1WjA0eUZjZm1GdlZLbXRuVkZw
dENoTmdyVVdObFl4YnEvT2dWMHBQMHVUUWs5cWxaUVNhMkZXeXRIZVNoaXZFdW1z
Y2lFS0NzQUFLRFJHME1IQmVZWndhaUZydkZOV1dNQk5DM0luckZWWnRKamxLbGIr
N3QwcFliVldjYkJvZERyTFdEa2tsZ0hnU0grRk13TmljdUptRW9WK3BySlNHcHhv
aWM5T2tuNEFLOWRTSFJJYVBFS1VScGdFV2IvWkF3VHA0SXFsTWxLNmNHZktzSzFw
SkNDSkVIdUxHbVlrWnU2TWhRdnZ6Mm43OTZCWDFyaW1OTXZBQStLTWFpS3NTa2tr
V3JRR1FRSkdrNUNwdUh3bEVhUUlCSkF4emQ5c2JFdWtuRktIVXRTWFFoUWU0bGtO
d1ZsbUxwUUhKQTd0UzBQbjVMOGUxa2djWmI1R2ZWUGh2VWhqa1NXd2hOa1lpeDRi
dDFMSk5aWTJRUTlGd0tIeTRsOFBYc0tIU2YrZGkrZ3Z6bm44UXg0RUFBQT0wEwYK
KwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggIBAD50A1hBS8va3FWn
dqdFDhWkcmPNGAWJSvoxENz3hAaADBSmrZCSRGChWI6ZcM3oud7UyORToo6sfVDi
JCiR3POh2klqjZqVnjZUN8lpD9Q1DJuGAoHBpsHMA9d3F1NOnFUBCCHQAC7gO34k
eSKvbSb0rdvJCmm1vBYS5njIh8eSkXldsPxSp6TOwuanvOd7H0fzBQMNglxwTUzk
oEZydsY9ApcHCVPym1tF0uegE537uqUgEvbzFosgYtns/KnXt+9dVxDW46SaoILm
WFdqNqKVnM2k9L6Dm7VmHqdOs3GSZFRAZ2mGIofxx0yVf+o57U2otuZeWGXj7urD
peOUGdWZ+cz3w9zZMsgWuz9C+3+4jCjqYTYXLJv1yIvhhZfma8UHp+H1mRDnTaw5
Y33WIoEcel/BrUp3HWdYj4BZi5ObwfbUcKsvrHZRrTUaL29jSa7RxBPDVu8u/znm
WPwvZqGIHfS+C81h2gyeNdvDGHCSY8kM8mO808DL5ZFAeV3/RAjeV3CWx5vrdYhD
aJ9Fo6KdG3+kg+YlQeRgyatt7pf28MhlpEUsmfp8gHzLWqBv+WdIXh9CL/2OKXF2
xDhDZZnjeswfajd8hfD+yznmgPO1QgaHH0/9xybwgtXp66NuiecIuUWv9y8ZIciE
t0JNPedlY/HPusM0Oz2uh+rxC57k
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUNsQ9nORunrAW5IsWfj
88+tGtd3rvebY7ksJczlKi+WHhi+0ENzLtR+03wGNnC131Dr2775vo8QQrK1qXpF
rKjHwu31vdG/FgNID3qiCErP/XiF0B15+wGZJ1sCRWRJikp+1LWddmRKQBrYySV2
2wx9znOzx7Fq4JwabNMP2OAjlKEKj43FKjQXTngbHYbvnfzUsDwOocShUckoh3cU
p/PMyu2wuAkXy+FFn1pst2SV4kmboIJj8x5Hz10An1qOoV+1qA0wiI/cf/uicxHP
gLOkRrLBHXA7sII5syjMylZ8sjYZnnRr7sfYddNFswhNx+gzZMTWpTjykv9fzLJK
FQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 6761695523480012891023511735043959641
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Verified Mark RSA4096 SHA256 2021 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-09-07 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-07 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '16.838.421/0001-26'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'São Paulo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Av. Chedid Jafet, 75 - Torre Sul - Vila Olímpia'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'XP Investimentos S/A'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'XP Investimentos S/A'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.53087.1.13
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Registered Mark'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.53087.1.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.53087.1.4
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '925251542'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23387333894950589594774411711656229622696891144195119862823355681544775809075763092355620852425381119276218846370353554331386034524430876748106804475904183923666203894045110292774490683072126315732503374971235500234817857860503962881533167678309690831288453701188487433221319421520504337712610017149090983348563171315802124599315985473787466740837939548123347885326491783556274904320831180717703560288244860187817365423767171400422384063046657298906414830194699708682117324650695554241835201852270061850972340928376800004542039123690233946804570218375862108256332277100637005156338603025879159305326395678589019376149
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName be9fbd8d576d95b5ad63c3974eaba8845d3a07f5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							c2abc87fe65b3b4ef8e3fbdca42c7df00cec9f57
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (47 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'xpnews.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'xpinforma.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'xpi.com.br'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.31
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (157 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertVerifiedMarkRSA4096SHA2562021CA1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertVerifiedMarkRSA4096SHA2562021CA1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.0.2.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.53087.1.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (88 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertVerifiedMarkRSA4096SHA2562021CA1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.12 (logoType)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (978 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|true] IA5String 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'image/svg+xml'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.14.3.2.26 (sha1)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
															f7285dddfbc9df70cd48ebf49ecd6814fb52d775
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'data:image/svg+xml;base64,H4sIAAAAAAAACm1TXW+bMBR9Dr/C854m2Y4/ApgotFqrravUSZUmVXubKKEBjUIEhGT99TvXaac+jAj72j4+59x7yeby9NyyuRrGpu9ybpTmrOrKftt0u5wfpifp+eVFtPkgJbupumoopn5Ys8/b/rFit217GKewxWyirDKC/Xi4YV9O+36Y2H172Mnbjqmw+XDWWLNEac2uDk27ZfoTY1KCfpx3701Yzh6Lsbof+qemrXI+Nd0fuR85a7Y5vy6ei23xy/BowWC+G3NeT9N+vVwej0d1dKofdkurtV6ClZ8h61PbdL//BzRZli3DKWdzUx2v+lPONdPMJeElFeJYj/uihJX9UI3VMFccrqdmaquLn/eb5TmKNkNVTgye25x//Boezo7NdqpzTlysrppdPZ0XS+D3xVS/4Y2lH2dI8bu1qfLCOq1MbZ3ypVeZ0MLEykiHMATGllp6BCg9FvJ1s5Z04yFcfmFvVKmtnVFptChNgrUWNlYxbq/OgV0pP0uTQk9qlZQSa2FWytHeShivEumsciEKCsAAKDRG0MHBeYZwaiFrvFNWWMBNC3InrFVZtJjlKlb+7t0pYbVWcbBodDrLWDkklgHgSH+FMwNicuJmEoV+prJSGpxoic9Okn4AK9dSHRIaPEKURpgEWb/ZAwTp4IqlMlK6cGfKsK1pJCCJEHuLGmYkZu6MhQvvz2n796BX1rimNMvAA+KMaiKsSkkkWrQGQQJGk5CpuHwlEaQIBJAxzd9sbEuknFKHUtSXQhQe4lkNwVlmLpQHJA7tS0Pn5L8e1kgcZb5GfVPhvUhjkSWwhNkYix4bt1LJNZY2QQ9FwKHy4l8PXsKHSf+di+gvznn8Qx4EAAA='
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		003e740358414bcbdadc55a776a7450e15a47263cd1805894afa3110dcf78406800c14a6ad90924460a1588e9970cde8b9ded4c8e453a28eac7d50e2242891dcf3a1da496a8d9a959e365437c9690fd4350c9b860281c1a6c1cc03d77717534e9c55010821d0002ee03b7e247922af6d26f4addbc90a69b5bc1612e678c887c79291795db0fc52a7a4cec2e6a7bce77b1f47f305030d825c704d4ce4a0467276c63d0297070953f29b5b45d2e7a0139dfbbaa52012f6f3168b2062d9ecfca9d7b7ef5d5710d6e3a49aa082e658576a36a2959ccda4f4be839bb5661ea74eb371926454406769862287f1c74c957fea39ed4da8b6e65e5865e3eeeac3a5e39419d599f9ccf7c3dcd932c816bb3f42fb7fb88c28ea6136172c9bf5c88be18597e66bc507a7e1f59910e74dac39637dd622811c7a5fc1ad4a771d67588f80598b939bc1f6d470ab2fac7651ad351a2f6f6349aed1c413c356ef2eff39e658fc2f66a1881df4be0bcd61da0c9e35dbc318709263c90cf263bcd3c0cbe59140795dff4408de577096c79beb758843689f45a3a29d1b7fa483e62541e460c9ab6dee97f6f0c865a4452c99fa7c807ccb5aa06ff967485e1f422ffd8e297176c438436599e37acc1f6a377c85f0fecb39e680f3b54206871f4ffdc726f082d5e9eba36e89e708b945aff72f1921c884b7424d3de76563f1cfbac3343b3dae87eaf10b9ee4