www.kay.com

- Sterling Jewelers, Inc -

Issued by GeoTrust RSA CA 2018

About this certificate

This digital certificate with serial number 01:dd:80:03:ae:b9:b7:30:f7:ae:e6:26:b7:a5:8f:63 was issued on by DigiCert Inc.

With 96 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Sterling Jewelers, Inc

Organization: Sterling Jewelers, Inc
State / Province: Ohio
Locality: Akron
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 01:dd:80:03:ae:b9:b7:30:f7:ae:e6:26:b7:a5:8f:63
Serial Number (int): 2479322041709775817316609243679657827
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: 8f:8d:3a:64:cf:e5:52:a8:a9:c0:eb:51:3b:1d:32:54:3c:b8:8e:14
AuthorityKeyId: 90:58:ff:b0:9c:75:a8:51:54:77:b1:ed:f2:a3:43:16:38:9e:6c:c5

Fingerprint (sha1): 47:8e:ef:e3:3d:4e:fd:d3:13:41:80:cc:9f:0a:65:9f:71:c4:75:b8
Fingerprint (sha256): 77:bf:c3:78:70:e5:ee:1c:72:09:c8:69:24:3f:2c:a7:ba:a4:ac:70:99:81:8f:f0:42:58:34:ab:62:43:7f:00

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustRSACA2018.crl

Check the revocation status for certificate www.kay.com

96

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.kay.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.kay.com
dev1.banter.com
dev1.jared.com
dev1.kay.com
dev1.kayoutlet.com
dev2.banter.com
dev2.jared.com
dev2.kay.com
dev2.kayoutlet.com
dev3.banter.com
dev3.jared.com
dev3.kay.com
dev3.kayoutlet.com
dev4.banter.com
dev4.jared.com
dev4.kay.com
dev4.kayoutlet.com
dev5.banter.com
dev5.jared.com
dev5.kay.com
dev5.kayoutlet.com
perf.banter.com
perf.jared.com
perf.kay.com
perf.kayoutlet.com
perfecomapi.jewels.com
trn1.gordonsjewelers.com
trn1.jared.com
trn1.kay.com
trn1.kayoutlet.com
trn1.pagoda.com
trn1.peoplesjewellers.com
trn1.zales.com
trn1.zalesoutlet.com
uat1.banter.com
uat1.jared.com
uat1.kay.com
uat1.kayoutlet.com
uat1ecomapi.jewels.com
uat2.banter.com
uat2.jared.com
uat2.kay.com
uat2.kayoutlet.com
uat2ecomapi.jewels.com
uat3.banter.com
uat3.jared.com
uat3.kay.com
uat3.kayoutlet.com
uat3ecomapi.jewels.com
uat4.banter.com
uat4.jared.com
uat4.kay.com
uat4.kayoutlet.com
uat4ecomapi.jewels.com
uat5.banter.com
uat5.jared.com
uat5.kay.com
uat5.kayoutlet.com
uat5ecomapi.jewels.com
uat6.banter.com
uat6.gordonsjewelers.com
uat6.jared.com
uat6.kay.com
uat6.kayoutlet.com
uat6.pagoda.com
uat6.peoplesjewellers.com
uat6.zales.com
uat6.zalesoutlet.com
uat6ecomapi.jewels.com
uat7.banter.com
uat7.gordonsjewelers.com
uat7.jared.com
uat7.kay.com
uat7.kayoutlet.com
uat7.peoplesjewellers.com
uat7.zales.com
uat7.zalesoutlet.com
uat7ecomapi.jewels.com
uat8.banter.com
uat8.gordonsjewelers.com
uat8.jared.com
uat8.kay.com
uat8.kayoutlet.com
uat8.peoplesjewellers.com
uat8.zales.com
uat8.zalesoutlet.com
uat8ecomapi.jewels.com
uat9.banter.com
uat9.gordonsjewelers.com
uat9.jared.com
uat9.kay.com
uat9.kayoutlet.com
uat9.peoplesjewellers.com
uat9.zales.com
uat9.zalesoutlet.com
uat9ecomapi.jewels.com

Other certificates including the domain name kay.com

(limited to 100 certificates)
imperva.com
sni191bdgl.wpc.edgecastcdn.net
test.kay.com
mstage.jared.com
stores.kay.com
www2.kay.com
stores.kay.com
www.kay.com
*.classrings.kay.com
sni1d146gl.wpc.edgecastcdn.net
mstage.jared.com
origin-uat1.kay.com
www.kay.com
em.kay.com
t.kay.com
imperva.com
chat.kay.com
chat.kay.com
www.kay.com
credithub-dev.azusnc-test.jewels.com
credithub-test.azusnc-test.jewels.com
san2.yext-cdn.com
san2.yext-cdn.com
www.kay.com
test.kay.com
testbridal.kay.com
classrings.kay.com
san2.yext-cdn.com
classrings.kay.com
link.kay.com
link.kay.com
fashion.kay.com
bridal.kay.com
chat.kay.com
t.kay.com
www2.kay.com
www.kay.com
origin-uat1.kay.com
dtm.kay.com
www.kay.com
www.kay.com
test.kay.com
www.kay.com
signetqa.cbi-rings.com
bridal.kay.com
pay.sterlingjewelers.com
san2.yext-cdn.com
perf-creditapis.jewels.com
san2.yext-cdn.com
familyjewelry.kay.com
imperva.com
em.kay.com
locations.c2crestaurants.com
san2.yext-cdn.com
test.kay.com
stores.kay.com
chat.kay.com
www.kay.com
classrings.kay.com
chat.kay.com
san2.yext-cdn.com
em.kay.com
test.kay.com
testpersonalized.kay.com
www.kay.com
san2.yext-cdn.com
smetrics.kay.com
amp-uat3.kay.com
www.kay.com
pay.sterlingjewelers.com
www.kay.com
sni19bd6gl.wpc.edgecastcdn.net
www.kay.com
www.kay.com
pay.kay.com
*.kay.com
pages.email.kay.com
test.kay.com
pt-stores.iqos.com.yext-cdn.com
familyjewelry.kay.com
www.kay.com
m.kay.com
fpc.kay.com
credithub-test.azusnc-test.jewels.com
familyjewelry.kay.com
www.kay.com
classrings.kay.com
www.kay.com
classrings.kay.com
www.kay.com
personalized.jared.com
www.kay.com
www.kay.com
credithub-dev.azusnc-test.jewels.com
www.kay.com
www.kay.com
www.kay.com
san2.yext-cdn.com
*.kay.com
em.kay.com

Certificate

The complete raw certificate details for www.kay.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIINXzCCDEegAwIBAgIQAd2AA665tzD3ruYmt6WPYzANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe
Fw0yNDAxMjMwMDAwMDBaFw0yNTAxMjMyMzU5NTlaMGMxCzAJBgNVBAYTAlVTMQ0w
CwYDVQQIEwRPaGlvMQ4wDAYDVQQHEwVBa3JvbjEfMB0GA1UEChMWU3Rlcmxpbmcg
SmV3ZWxlcnMsIEluYzEUMBIGA1UEAxMLd3d3LmtheS5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDgINPGSYCNdAxcynGLt9vityZ3IRsoZc9JMjY4
axtoS4QAsH86qzkAy4OGivoPxwWjDMArP6OfJ7myBB3mqrFH7Q9MqUgcVe+aGynr
9fXXjJ1r3XsaIkVRq4q4144mYOl7PgNGCLN8QvN5t+6gDzKe6e+eFq8y/9PikMQO
TIZcvOwA6CbZABAyqEQVZmAnR+xKQH8i0MDsHqIPhhUSXaj+PPAy6xkYR+0yPMMM
WD8zpSfzJN4KIijkMrWguSmpasYDpmqCg3HyaKdU3tgpdRIl0q4gg/TgcgMJSzM3
+klMkysctRaaJc0hXTm5URHS2v++Nk+hQG7Fb+Y1e4Q8KvRTAgMBAAGjggoSMIIK
DjAfBgNVHSMEGDAWgBSQWP+wnHWoUVR3se3yo0MWOJ5sxTAdBgNVHQ4EFgQUj406
ZM/lUqipwOtROx0yVDy4jhQwggcSBgNVHREEggcJMIIHBYILd3d3LmtheS5jb22C
D2RldjEuYmFudGVyLmNvbYIOZGV2MS5qYXJlZC5jb22CDGRldjEua2F5LmNvbYIS
ZGV2MS5rYXlvdXRsZXQuY29tgg9kZXYyLmJhbnRlci5jb22CDmRldjIuamFyZWQu
Y29tggxkZXYyLmtheS5jb22CEmRldjIua2F5b3V0bGV0LmNvbYIPZGV2My5iYW50
ZXIuY29tgg5kZXYzLmphcmVkLmNvbYIMZGV2My5rYXkuY29tghJkZXYzLmtheW91
dGxldC5jb22CD2RldjQuYmFudGVyLmNvbYIOZGV2NC5qYXJlZC5jb22CDGRldjQu
a2F5LmNvbYISZGV2NC5rYXlvdXRsZXQuY29tgg9kZXY1LmJhbnRlci5jb22CDmRl
djUuamFyZWQuY29tggxkZXY1LmtheS5jb22CEmRldjUua2F5b3V0bGV0LmNvbYIP
cGVyZi5iYW50ZXIuY29tgg5wZXJmLmphcmVkLmNvbYIMcGVyZi5rYXkuY29tghJw
ZXJmLmtheW91dGxldC5jb22CFnBlcmZlY29tYXBpLmpld2Vscy5jb22CGHRybjEu
Z29yZG9uc2pld2VsZXJzLmNvbYIOdHJuMS5qYXJlZC5jb22CDHRybjEua2F5LmNv
bYISdHJuMS5rYXlvdXRsZXQuY29tgg90cm4xLnBhZ29kYS5jb22CGXRybjEucGVv
cGxlc2pld2VsbGVycy5jb22CDnRybjEuemFsZXMuY29tghR0cm4xLnphbGVzb3V0
bGV0LmNvbYIPdWF0MS5iYW50ZXIuY29tgg51YXQxLmphcmVkLmNvbYIMdWF0MS5r
YXkuY29tghJ1YXQxLmtheW91dGxldC5jb22CFnVhdDFlY29tYXBpLmpld2Vscy5j
b22CD3VhdDIuYmFudGVyLmNvbYIOdWF0Mi5qYXJlZC5jb22CDHVhdDIua2F5LmNv
bYISdWF0Mi5rYXlvdXRsZXQuY29tghZ1YXQyZWNvbWFwaS5qZXdlbHMuY29tgg91
YXQzLmJhbnRlci5jb22CDnVhdDMuamFyZWQuY29tggx1YXQzLmtheS5jb22CEnVh
dDMua2F5b3V0bGV0LmNvbYIWdWF0M2Vjb21hcGkuamV3ZWxzLmNvbYIPdWF0NC5i
YW50ZXIuY29tgg51YXQ0LmphcmVkLmNvbYIMdWF0NC5rYXkuY29tghJ1YXQ0Lmth
eW91dGxldC5jb22CFnVhdDRlY29tYXBpLmpld2Vscy5jb22CD3VhdDUuYmFudGVy
LmNvbYIOdWF0NS5qYXJlZC5jb22CDHVhdDUua2F5LmNvbYISdWF0NS5rYXlvdXRs
ZXQuY29tghZ1YXQ1ZWNvbWFwaS5qZXdlbHMuY29tgg91YXQ2LmJhbnRlci5jb22C
GHVhdDYuZ29yZG9uc2pld2VsZXJzLmNvbYIOdWF0Ni5qYXJlZC5jb22CDHVhdDYu
a2F5LmNvbYISdWF0Ni5rYXlvdXRsZXQuY29tgg91YXQ2LnBhZ29kYS5jb22CGXVh
dDYucGVvcGxlc2pld2VsbGVycy5jb22CDnVhdDYuemFsZXMuY29tghR1YXQ2Lnph
bGVzb3V0bGV0LmNvbYIWdWF0NmVjb21hcGkuamV3ZWxzLmNvbYIPdWF0Ny5iYW50
ZXIuY29tghh1YXQ3LmdvcmRvbnNqZXdlbGVycy5jb22CDnVhdDcuamFyZWQuY29t
ggx1YXQ3LmtheS5jb22CEnVhdDcua2F5b3V0bGV0LmNvbYIZdWF0Ny5wZW9wbGVz
amV3ZWxsZXJzLmNvbYIOdWF0Ny56YWxlcy5jb22CFHVhdDcuemFsZXNvdXRsZXQu
Y29tghZ1YXQ3ZWNvbWFwaS5qZXdlbHMuY29tgg91YXQ4LmJhbnRlci5jb22CGHVh
dDguZ29yZG9uc2pld2VsZXJzLmNvbYIOdWF0OC5qYXJlZC5jb22CDHVhdDgua2F5
LmNvbYISdWF0OC5rYXlvdXRsZXQuY29tghl1YXQ4LnBlb3BsZXNqZXdlbGxlcnMu
Y29tgg51YXQ4LnphbGVzLmNvbYIUdWF0OC56YWxlc291dGxldC5jb22CFnVhdDhl
Y29tYXBpLmpld2Vscy5jb22CD3VhdDkuYmFudGVyLmNvbYIYdWF0OS5nb3Jkb25z
amV3ZWxlcnMuY29tgg51YXQ5LmphcmVkLmNvbYIMdWF0OS5rYXkuY29tghJ1YXQ5
LmtheW91dGxldC5jb22CGXVhdDkucGVvcGxlc2pld2VsbGVycy5jb22CDnVhdDku
emFsZXMuY29tghR1YXQ5LnphbGVzb3V0bGV0LmNvbYIWdWF0OWVjb21hcGkuamV3
ZWxzLmNvbTA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRw
Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8v
Y2RwLmdlb3RydXN0LmNvbS9HZW9UcnVzdFJTQUNBMjAxOC5jcmwwdQYIKwYBBQUH
AQEEaTBnMCYGCCsGAQUFBzABhhpodHRwOi8vc3RhdHVzLmdlb3RydXN0LmNvbTA9
BggrBgEFBQcwAoYxaHR0cDovL2NhY2VydHMuZ2VvdHJ1c3QuY29tL0dlb1RydXN0
UlNBQ0EyMDE4LmNydDAMBgNVHRMBAf8EAjAAMIIBgAYKKwYBBAHWeQIEAgSCAXAE
ggFsAWoAdwBOdaMnXJoQwzhbbNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAY0zp9Iu
AAAEAwBIMEYCIQDa1/t5CWANKc5W5UADqbvncmvxtynrL61WqZHzSpCtlQIhAMF2
+KMQhr3Z4GC6Mgmgfo8XkmKeQZc/b7Oxw+8wtGREAHcAfVkeEuF4KnscYWd8Xv34
0IdcFKBOlZ65Ay/ZDowuebgAAAGNM6fSIQAABAMASDBGAiEAh0UjA5yq3Hfq4Q+R
Bkq++uU1+22+UdVl8rLqdzAFZYYCIQCScKA1zG3eF0UjPaYAYCl8LkdID9WzBh8f
M6w+LgR0gwB2AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45QAAABjTOn
0kQAAAQDAEcwRQIhAOPfYiXfbPSIhDshz2pTeiV6l0Yvw3IHPRrRg1ojAYVyAiAY
ZpYMocnx8Pi6q7TTtv7bywiIgPCzmrjS33LTgpVvmjANBgkqhkiG9w0BAQsFAAOC
AQEAgmclzS+Bx3NmxpphpbyhIJWkm3ZqEFrNSNw9ylRQFRKnPRa1ob2QlHBlKzW7
XEmxSwOnvC28wIpDLG0045f6N/cgl/W37e/SztRxxTx574wmSryqz2/MVrPAgE1i
D9XgadicYhCJWVV9HfecUHDiDWZJkvDzlCmcdnVYyDb+gLxTon6fBc+iiP08Cu0q
k7lRkbglqQ0r935SOAuFZKG1foXyiF1VhVPDoRUoEu/aOHSS6fOguC4BfUrUuRAk
C1PcvQRjzyoKeukscLGOsrCRBuoGur8qeUP0ql37JFgazT1JIZa29zIIhYZAIDjt
SUzGW1eBOzCQCBNVk9NvpOS1Tg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4CDTxkmAjXQMXMpxi7fb
4rcmdyEbKGXPSTI2OGsbaEuEALB/Oqs5AMuDhor6D8cFowzAKz+jnye5sgQd5qqx
R+0PTKlIHFXvmhsp6/X114yda917GiJFUauKuNeOJmDpez4DRgizfELzebfuoA8y
nunvnhavMv/T4pDEDkyGXLzsAOgm2QAQMqhEFWZgJ0fsSkB/ItDA7B6iD4YVEl2o
/jzwMusZGEftMjzDDFg/M6Un8yTeCiIo5DK1oLkpqWrGA6ZqgoNx8minVN7YKXUS
JdKuIIP04HIDCUszN/pJTJMrHLUWmiXNIV05uVER0tr/vjZPoUBuxW/mNXuEPCr0
UwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2479322041709775817316609243679657827
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-23 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-23 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ohio'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Akron'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sterling Jewelers, Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.kay.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28293568029921115991031186916782732896037325138032866056592556215610962632975134561595685272247589539008215659739103828975046345405195876243551296101147230784236293574938189744619605077098126735004687399483893951163526040018283084481610980933738795150181439132371592780761828973628436495115635889325198836849170643854161464965887963194557651804352032953774714584910653660243667511517383470217986836196229752438617753351705524845160151560758134923865919684012883829523087884755949349451728269176613210104520283213104715563397522049129787387475939728864520206508203133685711343970891395576210387268181260756858169914451
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9058ffb09c75a8515477b1edf2a34316389e6cc5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8f8d3a64cfe552a8a9c0eb513b1d32543cb88e14
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1801 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev1.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev1.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev1.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev1.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev2.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev2.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev2.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev2.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev3.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev3.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev3.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev3.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev4.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev4.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev4.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev4.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev5.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev5.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev5.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev5.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'perf.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'perf.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'perf.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'perf.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'perfecomapi.jewels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'trn1.gordonsjewelers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'trn1.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'trn1.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'trn1.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'trn1.pagoda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'trn1.peoplesjewellers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'trn1.zales.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'trn1.zalesoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat1.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat1.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat1.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat1.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat1ecomapi.jewels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat2.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat2.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat2.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat2.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat2ecomapi.jewels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat3.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat3.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat3.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat3.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat3ecomapi.jewels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat4.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat4.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat4.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat4.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat4ecomapi.jewels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat5.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat5.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat5.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat5.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat5ecomapi.jewels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat6.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat6.gordonsjewelers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat6.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat6.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat6.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat6.pagoda.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat6.peoplesjewellers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat6.zales.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat6.zalesoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat6ecomapi.jewels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat7.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat7.gordonsjewelers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat7.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat7.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat7.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat7.peoplesjewellers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat7.zales.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat7.zalesoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat7ecomapi.jewels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat8.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat8.gordonsjewelers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat8.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat8.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat8.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat8.peoplesjewellers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat8.zales.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat8.zalesoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat8ecomapi.jewels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat9.banter.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat9.gordonsjewelers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat9.jared.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat9.kay.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat9.kayoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat9.peoplesjewellers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat9.zales.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat9.zalesoutlet.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uat9ecomapi.jewels.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a0077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d33a7d22e0000040300483046022100dad7fb7909600d29ce56e54003a9bbe7726bf1b729eb2fad56a991f34a90ad95022100c176f8a31086bdd9e060ba3209a07e8f1792629e41973f6fb3b1c3ef30b464440077007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018d33a7d2210000040300483046022100874523039caadc77eae10f91064abefae535fb6dbe51d565f2b2ea77300565860221009270a035cc6dde1745233da60060297c2e47480fd5b3061f1f33ac3e2e047483007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018d33a7d2440000040300473045022100e3df6225df6cf488843b21cf6a537a257a97462fc372073d1ad1835a2301857202201866960ca1c9f1f0f8baabb4d3b6fedbcb088880f0b39ab8d2df72d382956f9a
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00826725cd2f81c77366c69a61a5bca12095a49b766a105acd48dc3dca54501512a73d16b5a1bd909470652b35bb5c49b14b03a7bc2dbcc08a432c6d34e397fa37f72097f5b7edefd2ced471c53c79ef8c264abcaacf6fcc56b3c0804d620fd5e069d89c62108959557d1df79c5070e20d664992f0f394299c767558c836fe80bc53a27e9f05cfa288fd3c0aed2a93b95191b825a90d2bf77e52380b8564a1b57e85f2885d558553c3a1152812efda387492e9f3a0b82e017d4ad4b910240b53dcbd0463cf2a0a7ae92c70b18eb2b09106ea06babf2a7943f4aa5dfb24581acd3d492196b6f732088586402038ed494cc65b57813b309008135593d36fa4e4b54e