*.saskatoon.ca

- City of Saskatoon -

Issued by DigiCert TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 0c:37:e8:17:d9:0a:1c:43:4f:4f:f8:76:ed:a2:14:f2 was issued on by DigiCert Inc.

With 7 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

City of Saskatoon

Organization: City of Saskatoon
State / Province: Saskatchewan
Locality: Saskatoon
Country: CA

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0c:37:e8:17:d9:0a:1c:43:4f:4f:f8:76:ed:a2:14:f2
Serial Number (int): 16241019685084660867369441570744046834
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: fa:5f:c8:e2:04:54:f5:15:33:73:c4:c9:bd:2b:79:89:a3:7b:0a:da
AuthorityKeyId: b7:6b:a2:ea:a8:aa:84:8c:79:ea:b4:da:0f:98:b2:c5:95:76:b9:f4

Fingerprint (sha1): 25:12:76:72:cb:57:85:6d:75:3a:59:57:cc:6e:d2:7d:2c:1f:0a:5f
Fingerprint (sha256): 6d:4e:c5:5c:87:fb:65:7f:ad:1f:1e:48:d6:33:fb:e3:06:db:88:40:1d:d4:aa:e2:f0:04:6f:69:ca:73:be:6f

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl

Check the revocation status for certificate *.saskatoon.ca

7

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.saskatoon.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.saskatoon.ca
webconnect.saskatoon.ca
webmail.saskatoon.ca
mail.saskatoon.ca
autodiscover.saskatoon.ca
fs.saskatoon.ca
saskatoon.ca

Other certificates including the domain name saskatoon.ca

(limited to 100 certificates)
*.saskatoon.ca
webmail.saskatoon.ca
sip.saskatoon.ca
websrvdirector.saskatoon.ca
leisure.saskatoon.ca
leisure.saskatoon.ca
saskatoon.ca
secure7.saskatoon.ca
webconnect.saskatoon.ca
leisureonline.saskatoon.ca
saskatoon.ca
d10transitdev.saskatoon.ca
saskatoon.ca
webdev.saskatoon.ca
webmail.saskatoon.ca
saskatoon.ca
webmail.saskatoon.ca
saskatoon.ca
login.saskatoon.ca
*.saskatoon.ca
*.saskatoon.ca
d10webdev.saskatoon.ca
saskatoon.ca
saskatoon.ca
amp.saskatoon.ca
websrvdirector.saskatoon.ca
sip.lynctest.saskatoon.ca
saskatoon.ca
saskatoon.ca
websrvdirector.saskatoon.ca
stgext4.saskatoon.ca
webmail.saskatoon.ca
federation3.saskatoon.ca
leisureonline.saskatoon.ca
postoffice.saskatoon.ca
new2.saskatoon.ca
*.saskatoon.ca
leisureonline.saskatoon.ca
websrvdirector.saskatoon.ca
fs.saskatoon.ca
webmail.saskatoon.ca
learning.saskatoon.ca
leisureonline.saskatoon.ca
login.saskatoon.ca
webmail.saskatoon.ca
*.saskatoon.ca
webconnect.saskatoon.ca
*.hec.fusion.saskatoon.ca
*.saskatoon.ca
saskatoon.ca
learning.saskatoon.ca
ww9.saskatoon.ca
saskatoon.ca
sip.saskatoon.ca
saskatoon.ca
transitdev.saskatoon.ca
federation2.saskatoon.ca
federation.saskatoon.ca
websrvdirector.saskatoon.ca
webconnect.saskatoon.ca
amp.saskatoon.ca
webmail.saskatoon.ca
websrvdirector.saskatoon.ca
saskatoon.ca
*.saskatoon.ca
saskatoon.ca
saskatoon.ca
amp.saskatoon.ca
ww9.saskatoon.ca
rpbackgis2.saskatoon.ca
saskatoon.ca
federation.saskatoon.ca
careers.saskatoon.ca
saskatoon.ca
leisure.saskatoon.ca
webmail.saskatoon.ca
webmail.saskatoon.ca
careers.saskatoon.ca
saskatoon.ca
leisure.saskatoon.ca
amp.saskatoon.ca
leisureonline.saskatoon.ca
*.saskatoon.ca
*.saskatoon.ca
ww9.saskatoon.ca
apps2.saskatoon.ca
websrvdirector.saskatoon.ca
port365.saskatoon.ca
federation.saskatoon.ca
webconnect.saskatoon.ca
*.saskatoon.ca
saskatoon.ca
federation3.saskatoon.ca
d10transitprd.saskatoon.ca

Certificate

The complete raw certificate details for *.saskatoon.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHNzCCBh+gAwIBAgIQDDfoF9kKHENPT/h27aIU8jANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMzA5MTgwMDAwMDBa
Fw0yNDEwMTgyMzU5NTlaMG0xCzAJBgNVBAYTAkNBMRUwEwYDVQQIEwxTYXNrYXRj
aGV3YW4xEjAQBgNVBAcTCVNhc2thdG9vbjEaMBgGA1UEChMRQ2l0eSBvZiBTYXNr
YXRvb24xFzAVBgNVBAMMDiouc2Fza2F0b29uLmNhMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAyUvrxD0Ob0LEcsYsIBNC3bW53j+xMWu8udL0pJRePKkg
5GAl6TSQ/W8ordmwNBflSKyfBwpd82y5uBNuNqbM8B8E5BMvtlQIz7Y/qI0On84P
kUOxkfMi9QvfD1qnfaGsV9By8JYaNTG2/rP3BN9E/185CDehQrN+rHG4n1RF8q9p
5OO4CiqdUyBnZjgbyvq+JlN0COkwSAMo+kr7hY9u9xZUoHJjwOpwr66glbGiebnW
jbExN+6P+o6GBKvtxgIxXZwopoaZsK7OItGrh8qFuKnclxC21kOUekVHaYMYRcJ5
ifdk5ft03t5SwO44WlNXMwO+EMrldmCi8ixNcun/YwIDAQABo4ID7zCCA+swHwYD
VR0jBBgwFoAUt2ui6qiqhIx56rTaD5iyxZV2ufQwHQYDVR0OBBYEFPpfyOIEVPUV
M3PEyb0reYmjewraMIGXBgNVHREEgY8wgYyCDiouc2Fza2F0b29uLmNhghd3ZWJj
b25uZWN0LnNhc2thdG9vbi5jYYIUd2VibWFpbC5zYXNrYXRvb24uY2GCEW1haWwu
c2Fza2F0b29uLmNhghlhdXRvZGlzY292ZXIuc2Fza2F0b29uLmNhgg9mcy5zYXNr
YXRvb24uY2GCDHNhc2thdG9vbi5jYTA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcG
CCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjwYDVR0fBIGH
MIGEMECgPqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNS
U0FTSEEyNTYyMDIwQ0ExLTQuY3JsMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2Vy
dC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTQuY3JsMH8GCCsGAQUF
BwEBBHMwcTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkG
CCsGAQUFBzAChj1odHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRU
TFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAwGA1UdEwEB/wQCMAAwggF9BgorBgEE
AdZ5AgQCBIIBbQSCAWkBZwB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZx
H7WbAAABiqn/0YsAAAQDAEcwRQIgTDsDGi0zOZdHdPSpOvXnbqj8KwoIudvRb8vk
xgkeSpwCIQC15tEQr0TgEsQYkymiq6XKK72Eamrv9nC6Ymn+vfQLIgB1AEiw42va
pkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABiqn/0cEAAAQDAEYwRAIgfS42
Bvfyz5y50hkJwVqTA6rMP8kt8jZfvtbWWZuxzu8CIF2frtXl05DWDNhU/mlgB4di
TPL4rZjoQrGspKw8q52EAHYA2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX
+6sAAAGKqf/RrgAABAMARzBFAiBcKsBIKvICFOAtDsAsg9XM1QdcjXG88JM0qWLK
eHA8vgIhAPbnDSwZ06ke4Py/M4m0bPiOH2FOGpa836VbOVTDnqadMA0GCSqGSIb3
DQEBCwUAA4IBAQA3UIsgVf5AjvrSqtIqq2ZjXT3ftnrSRr31Aa5pVWXButtohbln
uDAyviYCZFeIsMLmsCsWnHaGfkBgwS7BJv2i76I5mNUnohgwC19F172fFmZsHnWV
JD8S1CqzrTPs6s+UvP/yr8TPq6cSGHx8fJobtsnN1kVSJrnX9UnEgCwuKHlYe6CJ
qPforthkmbh2rqqBKlt0CBYPVJxI6yi3NXcCtjGdpVo5gP4t9n4SLvXWHx7c8Ex8
H6u0VZm6FfLILxPAPF4FvpB2ndBQ/TsAct3IOwGHcq9MTLf9h0orM9BQVA2RtXqS
3MymZle6fGiF5YQM59a2qWVbvMVRZgGesrKA
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUvrxD0Ob0LEcsYsIBNC
3bW53j+xMWu8udL0pJRePKkg5GAl6TSQ/W8ordmwNBflSKyfBwpd82y5uBNuNqbM
8B8E5BMvtlQIz7Y/qI0On84PkUOxkfMi9QvfD1qnfaGsV9By8JYaNTG2/rP3BN9E
/185CDehQrN+rHG4n1RF8q9p5OO4CiqdUyBnZjgbyvq+JlN0COkwSAMo+kr7hY9u
9xZUoHJjwOpwr66glbGiebnWjbExN+6P+o6GBKvtxgIxXZwopoaZsK7OItGrh8qF
uKnclxC21kOUekVHaYMYRcJ5ifdk5ft03t5SwO44WlNXMwO+EMrldmCi8ixNcun/
YwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 16241019685084660867369441570744046834
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-18 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-18 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Saskatchewan'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Saskatoon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'City of Saskatoon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.saskatoon.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25411337320422458739695153553508277498734741967840372562023040151435286810678322971782465882118653287124303236239316892049242615680835040282268572534991555132999462916479887295544485937447679291532121451392777795550896135186624467428690828359798357555134658549269960619332312755184701844777892405201567401784065966692974378134218150196980104542006633563000715727631263695640631442502013588917503851637064587190526974478176367371270411325349282801528736958079499127530266172707806219240536394535768105297917216284246655927264626214294463194391297308926824005191428420946950770385639335741910905388463598592118315679587
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							fa5fc8e20454f5153373c4c9bd2b7989a37b0ada
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (143 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.saskatoon.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webconnect.saskatoon.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webmail.saskatoon.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mail.saskatoon.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.saskatoon.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fs.saskatoon.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'saskatoon.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (115 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018aa9ffd18b000004030047304502204c3b031a2d3339974774f4a93af5e76ea8fc2b0a08b9dbd16fcbe4c6091e4a9c022100b5e6d110af44e012c4189329a2aba5ca2bbd846a6aeff670ba6269febdf40b2200750048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018aa9ffd1c1000004030046304402207d2e3606f7f2cf9cb9d21909c15a9303aacc3fc92df2365fbed6d6599bb1ceef02205d9faed5e5d390d60cd854fe69600787624cf2f8ad98e842b1aca4ac3cab9d84007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018aa9ffd1ae000004030047304502205c2ac0482af20214e02d0ec02c83d5ccd5075c8d71bcf09334a962ca78703cbe022100f6e70d2c19d3a91ee0fcbf3389b46cf88e1f614e1a96bcdfa55b3954c39ea69d
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0037508b2055fe408efad2aad22aab66635d3ddfb67ad246bdf501ae695565c1badb6885b967b83032be2602645788b0c2e6b02b169c76867e4060c12ec126fda2efa23998d527a218300b5f45d7bd9f16666c1e7595243f12d42ab3ad33eceacf94bcfff2afc4cfaba712187c7c7c9a1bb6c9cdd6455226b9d7f549c4802c2e2879587ba089a8f7e8aed86499b876aeaa812a5b7408160f549c48eb28b7357702b6319da55a3980fe2df67e122ef5d61f1edcf04c7c1fabb45599ba15f2c82f13c03c5e05be90769dd050fd3b0072ddc83b018772af4c4cb7fd874a2b33d050540d91b57a92dccca66657ba7c6885e5840ce7d6b6a9655bbcc55166019eb2b280