medicalscoring.cardif.be

- BNP PARIBAS SA -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 41:f6:97:12:59:63:ef:ff:b0:84:89:0c:c2:5d:04:e4 was issued on by Entrust, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

BNP PARIBAS SA

Organization: BNP PARIBAS SA
Locality: Montreuil
Country: FR

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 41:f6:97:12:59:63:ef:ff:b0:84:89:0c:c2:5d:04:e4
Serial Number (int): 87680188850841158886828199715383608548
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: fa:5a:56:d8:f4:75:36:dc:81:5a:b3:b8:bd:2b:47:c2:f6:15:f7:af
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): a2:71:b8:e8:8f:2b:7d:4e:98:61:2a:af:72:f0:f9:00:29:e2:15:10
Fingerprint (sha256): 75:3e:94:5e:3d:16:a7:57:f1:62:16:2d:82:d6:d5:8a:14:52:98:63:4c:80:50:7c:75:25:8a:a0:e1:87:51:5a

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate medicalscoring.cardif.be

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for medicalscoring.cardif.be

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

medicalscoring.cardif.be

Other certificates including the domain name cardif.be

(limited to 100 certificates)
bnp16b.bnpparibas.com
bnp12b.bnpparibas.com
sign.cardif.be
bnp12b.bnpparibas.com
medicalscoring.cardif.be
registration.cardif.be
bnp12b.bnpparibas.com
bnp12b.bnpparibas.com
bnp12b.bnpparibas.com
bnp16b.bnpparibas.com
bnp16b.bnpparibas.com
bnp04b.bnpparibas.com
bnp12b.bnpparibas.com
www.hypoprotect.cardif.be
bnp16b.bnpparibas.com
bnp16b.bnpparibas.com
mobiprotect.cardif.be
Test.CreditProtection.Cardif.be
bnp12b.bnpparibas.com
bnp12b.bnpparibas.com
bnp16b.bnpparibas.com
www.admin.finagora.cardif.be
bnp12b.bnpparibas.com
bnp12b.bnpparibas.com
bnp12b.bnpparibas.com
srd.cardif.be
bnp12b.bnpparibas.com
consult.cardif.be
bnp12b.bnpparibas.com
bnp04b.bnpparibas.com
bnp12b.bnpparibas.com
bnp04b.bnpparibas.com
bnp12b.bnpparibas.com
finagora.cardif.be
bnp12b.bnpparibas.com
bnp12b.bnpparibas.com
edc.bnpparibascardif.com
hypoprotect.cardif.be
imp.cardif.be
bnp04b.bnpparibas.com
consult.cardif.be
bnp04b.bnpparibas.com
edc.bnpparibascardif.com
bnp12b.bnpparibas.com
tarificationws.cardif.be
tarificationws.cardif.be
srd.cardif.be
bnp12b.bnpparibas.com
bnp04b.bnpparibas.com
bnp04b.bnpparibas.com
www.subscribtion.cardif.be
bnp12b.bnpparibas.com
bnp04b.bnpparibas.com
bnp12b.bnpparibas.com
bnp04b.bnpparibas.com
www.finagora.cardif.be
medicalscoring.cardif.be
hypoprotect.cardif.be
medicalscoring.cardif.be
www.finagora.cardif.be
bnp12b.bnpparibas.com
CreditProtection.Cardif.be
www.finagora.cardif.be
bnp16b.bnpparibas.com
bnp04b.bnpparibas.com
bnp04b.bnpparibas.com
bnp12b.bnpparibas.com
finagora.cardif.be
srd.cardif.be
bnp12b.bnpparibas.com
tarificationws.cardif.be
medicalscoring.cardif.be
bnp04b.bnpparibas.com
consult.cardif.be
bnp12b.bnpparibas.com
medical.cardif.be
bnp12b.bnpparibas.com
www.finagora.cardif.be
oauth.cardif.be
bnp12b.bnpparibas.com
sign.cardif.be
www.finagora.cardif.be
bnp12b.bnpparibas.com
www.finagora.cardif.be
bnp12b.bnpparibas.com
bnp04b.bnpparibas.com
srd.cardif.be
bnp16b.bnpparibas.com
bnp12b.bnpparibas.com
mobiprotect.cardif.be
test.creditprotection.cardif.be
bnp12b.bnpparibas.com
www.finagora.cardif.be
imp.cardif.be
www.subscribtion.cardif.be
bnp04b.bnpparibas.com
srd.cardif.be
srd.cardif.be
bnp04b.bnpparibas.com
www.finagora.cardif.be

Certificate

The complete raw certificate details for medicalscoring.cardif.be in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgIQQfaXEllj7/+whIkMwl0E5DANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
MTEyMDYwODU3MTJaFw0yMzAxMDUwODU3MTJaMF0xCzAJBgNVBAYTAkZSMRIwEAYD
VQQHEwlNb250cmV1aWwxFzAVBgNVBAoTDkJOUCBQQVJJQkFTIFNBMSEwHwYDVQQD
ExhtZWRpY2Fsc2NvcmluZy5jYXJkaWYuYmUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoOL9nz58tqDYYbmNH5E6aoAzCQMMfTSW+/QuE9/lokeyrWrmc
VD1ke4mUvcztbT73LJTYjT8vRhiOSdlRSQDPBpzK/NzE8BYA8909oHsCtwuSVXb6
6B9TltNE3vNeLKobrvUk9945iiKycgK5eAIe6UEJqMLVxmTStAx7sGcJwiptC2ir
GjhpPmUr7VFa7qiQodvVPQ/aKXzCN4vjZ8neKNsic5Jhfjdq3X8IM3dIlZE5WwFx
fPtOGCsZOF/dlioEkcmFegg8A+RlLGXx4pcFPKco58Lx9R0r1Nci7xhaNT2XSVhI
oeJO+t7KxrZx9TRiwYgK/iQQVCoyOtlnjkbpAgMBAAGjggGoMIIBpDAMBgNVHRMB
Af8EAjAAMB0GA1UdDgQWBBT6WlbY9HU23IFas7i9K0fC9hX3rzAfBgNVHSMEGDAW
gBSConB03bxTP8971PfNf6dgxgpMvzBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUH
MAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8v
YWlhLmVudHJ1c3QubmV0L2wxay1jaGFpbjI1Ni5jZXIwMwYDVR0fBCwwKjAooCag
JIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFrLmNybDAjBgNVHREEHDAa
ghhtZWRpY2Fsc2NvcmluZy5jYXJkaWYuYmUwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBMBgNVHSAERTBDMDcGCmCGSAGG+mwK
AQUwKTAnBggrBgEFBQcCARYbaHR0cHM6Ly93d3cuZW50cnVzdC5uZXQvcnBhMAgG
BmeBDAECAjATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0BAQsFAAOCAQEA
ggUaZf6HeVBlMhRwqrFHarZ+r9fyrwscw1Us2JI8LzcSt9TcUbqKKuW00JrbArIT
QoY0XuQh055DivWx3XtottCZGox9QmtYfl0P5dq0ZgwNjuWLkqgu+rCwQzthXIvZ
F3CoD46wsGQgYDbPcCjOinPoo6s8qeVaTHBLaWG7XO11V59V9xeRg5oNblhA7N5c
bH2TKV7SfBuZl2+SGCpYEc3tNizfjq/Wo6cnpMx4HFRV3ddrm2s0YtuKhEXkL9o4
KWm0zCoAO72W4tDTcZCxGjyvsb19PsKPbpUlaFAo6lCIVLvWSnL7eQA7A5Y9uED0
uS8yaKSCj0+HbtzXP5h8fg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDi/Z8+fLag2GG5jR+RO
mqAMwkDDH00lvv0LhPf5aJHsq1q5nFQ9ZHuJlL3M7W0+9yyU2I0/L0YYjknZUUkA
zwacyvzcxPAWAPPdPaB7ArcLklV2+ugfU5bTRN7zXiyqG671JPfeOYoisnICuXgC
HulBCajC1cZk0rQMe7BnCcIqbQtoqxo4aT5lK+1RWu6okKHb1T0P2il8wjeL42fJ
3ijbInOSYX43at1/CDN3SJWROVsBcXz7ThgrGThf3ZYqBJHJhXoIPAPkZSxl8eKX
BTynKOfC8fUdK9TXIu8YWjU9l0lYSKHiTvreysa2cfU0YsGICv4kEFQqMjrZZ45G
6QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 87680188850841158886828199715383608548
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-12-06 08:57:12 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-05 08:57:12 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Montreuil'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BNP PARIBAS SA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'medicalscoring.cardif.be'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21236018557164137393661927471514771988680658741369586391826647812613750308682281338736415629225921353868632575939758754087782424616831755524614866960973236858211844842833503543363988536621721158800900009847006527198133714071400680025768666543933891292910088156420513183218812085343284060807862570600659811815645412289024145845097296127109502191654635324259137414069421356977533725882395219679627640251384158575319780506296226962239174532849996197553327150940419626015645804874342136299713801823484305232160957855512440014693409914143617367176455415788846107916951500917107144908214788639687405851986731147622634899177
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							fa5a56d8f47536dc815ab3b8bd2b47c2f615f7af
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'medicalscoring.cardif.be'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0082051a65fe87795065321470aab1476ab67eafd7f2af0b1cc3552cd8923c2f3712b7d4dc51ba8a2ae5b4d09adb02b2134286345ee421d39e438af5b1dd7b68b6d0991a8c7d426b587e5d0fe5dab4660c0d8ee58b92a82efab0b0433b615c8bd91770a80f8eb0b064206036cf7028ce8a73e8a3ab3ca9e55a4c704b6961bb5ced75579f55f71791839a0d6e5840ecde5c6c7d93295ed27c1b99976f92182a5811cded362cdf8eafd6a3a727a4cc781c5455ddd76b9b6b3462db8a8445e42fda382969b4cc2a003bbd96e2d0d37190b11a3cafb1bd7d3ec28f6e9525685028ea508854bbd64a72fb79003b03963db840f4b92f3268a4828f4f876edcd73f987c7e