einsteinmed.edu

- Montefiore Medical Center -

Issued by DigiCert Global G2 TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 06:0c:1e:17:ba:9b:80:c6:75:fd:c8:3e:3d:58:60:c0 was issued on by DigiCert Inc.

With 15 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Montefiore Medical Center

Organization: Montefiore Medical Center
State / Province: New York
Locality: The Bronx
Country: US

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 06:0c:1e:17:ba:9b:80:c6:75:fd:c8:3e:3d:58:60:c0
Serial Number (int): 8038285889299963999835447441837547712
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 56:bb:d3:2f:d1:dd:5a:30:5a:64:c2:92:d3:43:58:dc:84:e0:bd:65
AuthorityKeyId: 74:85:80:c0:66:c7:df:37:de:cf:bd:29:37:aa:03:1d:be:ed:cd:17

Fingerprint (sha1): bb:d9:2a:d8:3a:2f:85:ef:0f:5f:59:fe:60:98:33:e6:a4:7c:4b:74
Fingerprint (sha256): 6e:95:9d:e9:a1:4a:cf:30:7c:3d:40:04:b8:d1:fd:e3:17:8c:57:69:cc:ca:ce:05:0f:25:ca:71:8a:c1:cd:7d

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl

Check the revocation status for certificate einsteinmed.edu

15

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for einsteinmed.edu

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

einsteinmed.edu
www.einsteinmed.edu
content.einsteinmed.edu
dev.einsteinmed.edu
dev-content.einsteinmed.edu
qa.einsteinmed.edu
qa-content.einsteinmed.edu
uat.einsteinmed.edu
uat-content.einsteinmed.edu
stage.einsteinmed.edu
stage-content.einsteinmed.edu
proxy.einsteinmed.edu
dev-proxy.einsteinmed.edu
origin.einsteinmed.edu
stage-origin.einsteinmed.edu

Other certificates including the domain name einsteinmed.edu

(limited to 100 certificates)
*.thescholr.com
*.thescholr.com
*.thescholr.com
itsupport.einsteinmed.edu
*.d8.theopenscholar.com
*.thescholr.com
*.d8.theopenscholar.com
*.thescholr.com
cg3.einsteinmed.edu
dev.einsteinmed.edu
magazine.einsteinmed.edu
interview.einsteinmed.edu
*.safecluster.einsteinmed.edu
*.safecluster.einsteinmed.edu
helpme.einsteinmed.edu
*.thescholr.com
*.thescholr.com
einsteinmed.edu
*.thescholr.com
academiccommons.einsteinmed.edu
libcal.einsteinmed.edu
montefioreeinstein.org
*.thescholr.com
montefioreeinstein.org
grad.apply.einsteinmed.edu
*.d8.theopenscholar.com
*.thescholr.com
*.d8.theopenscholar.com
interview.einsteinmed.edu
*.thescholr.com
beyondalbert.apply.einsteinmed.edu
einsteinmed.edu
*.thescholr.com
*.thescholr.com
einsteinmed.edu
*.d8.theopenscholar.com
printing.einsteinmed.edu
*.thescholr.com
media.einsteinmed.edu
*.thescholr.com
media.einsteinmed.edu
*.d8.theopenscholar.com
*.thescholr.com
transportation.einsteinmed.edu
*.thescholr.com
streaming.einsteinmed.edu
*.thescholr.com
eep.apply.einsteinmed.edu
*.d8.theopenscholar.com
cg4.einsteinmed.edu
einsteincsc.einsteinmed.edu
library.einsteinmed.edu
*.thescholr.com
*.thescholr.com
infoed.einsteinmed.edu
Montefiore.org
eng.einsteinmed.edu
*.thescholr.com
*.thescholr.com
intranet.einsteinmed.edu
Montefiore.org
einsteinmed.edu
magazine.einsteinmed.edu

Certificate

The complete raw certificate details for einsteinmed.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIRTCCBy2gAwIBAgIQBgweF7qbgMZ1/cg+PVhgwDANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjMw
OTEzMDAwMDAwWhcNMjQxMDEzMjM1OTU5WjByMQswCQYDVQQGEwJVUzERMA8GA1UE
CBMITmV3IFlvcmsxEjAQBgNVBAcTCVRoZSBCcm9ueDEiMCAGA1UEChMZTW9udGVm
aW9yZSBNZWRpY2FsIENlbnRlcjEYMBYGA1UEAxMPZWluc3RlaW5tZWQuZWR1MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxymf+yF5dHsPUvH8vJZVyg3r
zwoOzTSBKwYiDZddBwTjbJ5SKyJvUfisq4x5bblyY6O6Ngj3L3fk1ZSIZMUqlssm
bnsTdI+tUhH0uYRx9kL51EIa2mmlbW5r9ml9oxBm3e+uV/TUHINgErRAUmQfEk9m
lt6VHrlv6JU/hXcKvzoO5veeL9Rl/eddwqGEcuGh4PvB6lPKyQuOj5o8Xy07HjBy
SsoDx8ujMsDf1c1zsl+bCd8F1L8d2hsci03CtdpTX03LRATXWNimRX18h7tD05nk
3/jVcXOzftMkJb4idPU1bROjN2TYSajfIaYuZdmqJP6DSrR2tYbtIyau2seLSQID
AQABo4IE7jCCBOowHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYD
VR0OBBYEFFa70y/R3VowWmTCktNDWNyE4L1lMIIBfgYDVR0RBIIBdTCCAXGCD2Vp
bnN0ZWlubWVkLmVkdYITd3d3LmVpbnN0ZWlubWVkLmVkdYIXY29udGVudC5laW5z
dGVpbm1lZC5lZHWCE2Rldi5laW5zdGVpbm1lZC5lZHWCG2Rldi1jb250ZW50LmVp
bnN0ZWlubWVkLmVkdYIScWEuZWluc3RlaW5tZWQuZWR1ghpxYS1jb250ZW50LmVp
bnN0ZWlubWVkLmVkdYITdWF0LmVpbnN0ZWlubWVkLmVkdYIbdWF0LWNvbnRlbnQu
ZWluc3RlaW5tZWQuZWR1ghVzdGFnZS5laW5zdGVpbm1lZC5lZHWCHXN0YWdlLWNv
bnRlbnQuZWluc3RlaW5tZWQuZWR1ghVwcm94eS5laW5zdGVpbm1lZC5lZHWCGWRl
di1wcm94eS5laW5zdGVpbm1lZC5lZHWCFm9yaWdpbi5laW5zdGVpbm1lZC5lZHWC
HHN0YWdlLW9yaWdpbi5laW5zdGVpbm1lZC5lZHUwPgYDVR0gBDcwNTAzBgZngQwB
AgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwgZ8G
A1UdHwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lD
ZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMEigRqBEhkJodHRw
Oi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1
NjIwMjBDQTEtMS5jcmwwgYcGCCsGAQUFBwEBBHsweTAkBggrBgEFBQcwAYYYaHR0
cDovL29jc3AuZGlnaWNlcnQuY29tMFEGCCsGAQUFBzAChkVodHRwOi8vY2FjZXJ0
cy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBD
QTEtMS5jcnQwDAYDVR0TAQH/BAIwADCCAXsGCisGAQQB1nkCBAIEggFrBIIBZwFl
AHUA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGKkBUoUAAABAMA
RjBEAiA1lPfFdWiXKRqkY9xiq8zL9Nd/W/U+R3rn7BJKSJZYlAIgZst+m0QK4BA9
VZd3skdkYA3+qKjVKwctabWv2ytwYSkAdQBIsONr2qZHNA/lagL6nTDrHFIBy1bd
LIHZu7+rOdiEcwAAAYqQFShnAAAEAwBGMEQCIHlOaDrWz2IuklwiMTaGk5FmgRnx
pqKNnjNmWzvuF6tfAiAYQVk8Utm7fw038MizpTtqSQIKHVTjM2MWP49rk4Cy7gB1
ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAABipAVKEIAAAQDAEYw
RAIgRNEnYry7YKrtTqtd2fzZyEx/QxTnNWQs4s+2xGhKWmYCIEF9V/rOVI6bDmnl
/locZ/8yfkYVSrduQngGZ6DaeCDKMA0GCSqGSIb3DQEBCwUAA4IBAQBEY1mTYUvd
g5NeBrXpUF0VMzkVQtPFYwHrGBd+59kaBo4ybay2G/VvwNh5syTZIZp8A7Ag9Sku
eK0FTRn2A5fgGbapzWIKVVeIXbdgGDohOTscClDn5GZlEdn5K/6Q1qE6lW2aFEo7
aatTFqyVWkSVwztzJo8Cckio1TvANPbW2u2/1eC957JPcJuu7ff2X1CupXdlsHJE
vp146VQZ8JMrbCNsO9LBO0twyg82CTc9ZyDcQtpTLxo2psRudTuVw+FVkutwEtiw
nFw+D81EHtgvukyvhjDEnlZ24aP8s+SBVRqt/teBtkFCVi3QoyKgwOFbQLW+dOgH
rzy6U2jEDIQr
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxymf+yF5dHsPUvH8vJZV
yg3rzwoOzTSBKwYiDZddBwTjbJ5SKyJvUfisq4x5bblyY6O6Ngj3L3fk1ZSIZMUq
lssmbnsTdI+tUhH0uYRx9kL51EIa2mmlbW5r9ml9oxBm3e+uV/TUHINgErRAUmQf
Ek9mlt6VHrlv6JU/hXcKvzoO5veeL9Rl/eddwqGEcuGh4PvB6lPKyQuOj5o8Xy07
HjBySsoDx8ujMsDf1c1zsl+bCd8F1L8d2hsci03CtdpTX03LRATXWNimRX18h7tD
05nk3/jVcXOzftMkJb4idPU1bROjN2TYSajfIaYuZdmqJP6DSrR2tYbtIyau2seL
SQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 8038285889299963999835447441837547712
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global G2 TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-13 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-13 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'The Bronx'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Montefiore Medical Center'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'einsteinmed.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25141948704124058509491497283437312288192467197765442723974869576023777318866191271036921548270632897028875316177878252749154893834820606096655871499636182882431502955561203490830575356362177993090540031205160503241448698587120019639730244986696617527822102458632428916448895241252206236216622333512727320634933074076588102348172766283900605502068432339088316177715057925559707935564869304237227669850957581796801459982103895010662451859277740192338139616204119077971905897215862078044871792177985348975807244255564877794414849799022083332029539910486174946734058599801662169263585936027843923478082798389500790147913
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 748580c066c7df37decfbd2937aa031dbeedcd17
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							56bbd32fd1dd5a305a64c292d34358dc84e0bd65
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (373 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'content.einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev-content.einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa.einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qa-content.einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat.einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat-content.einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage.einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage-content.einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'proxy.einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev-proxy.einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'origin.einsteinmed.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage-origin.einsteinmed.edu'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (359 bytes)
							0165007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018a90152850000004030046304402203594f7c5756897291aa463dc62abcccbf4d77f5bf53e477ae7ec124a48965894022066cb7e9b440ae0103d559777b24764600dfea8a8d52b072d69b5afdb2b70612900750048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018a9015286700000403004630440220794e683ad6cf622e925c223136869391668119f1a6a28d9e33665b3bee17ab5f02201841593c52d9bb7f0d37f0c8b3a53b6a49020a1d54e33363163f8f6b9380b2ee007500dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018a901528420000040300463044022044d12762bcbb60aaed4eab5dd9fcd9c84c7f4314e735642ce2cfb6c4684a5a660220417d57face548e9b0e69e5fe5a1c67ff327e46154ab76e42780667a0da7820ca
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0044635993614bdd83935e06b5e9505d1533391542d3c56301eb18177ee7d91a068e326dacb61bf56fc0d879b324d9219a7c03b020f5292e78ad054d19f60397e019b6a9cd620a5557885db760183a21393b1c0a50e7e4666511d9f92bfe90d6a13a956d9a144a3b69ab5316ac955a4495c33b73268f027248a8d53bc034f6d6daedbfd5e0bde7b24f709baeedf7f65f50aea57765b07244be9d78e95419f0932b6c236c3bd2c13b4b70ca0f3609373d6720dc42da532f1a36a6c46e753b95c3e15592eb7012d8b09c5c3e0fcd441ed82fba4caf8630c49e5676e1a3fcb3e481551aadfed781b64142562dd0a322a0c0e15b40b5be74e807af3cba5368c40c842b