www.progressmichigan.org

- Progress Michigan -

Issued by GeoTrust Extended Validation SSL CA - G2

About this certificate

This digital certificate with serial number 50:1e:8b:c8:ee:ba:ff:88:3a:28:66:cc:42:00:9a:66 was issued on by GeoTrust Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

Progress Michigan

Company registration number: 70170K
Organization: Progress Michigan
State / Province: Michigan
Locality: Lansing
Country: US

GeoTrust Inc.

Organization: GeoTrust Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 50:1e:8b:c8:ee:ba:ff:88:3a:28:66:cc:42:00:9a:66
Serial Number (int): 106496843743000224352546412736779688550
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: 6f:26:56:d9:5c:e7:f7:c9:04:20:f8:1e:ba:7c:91:27:2f:8c:fa:07

Fingerprint (sha1): 1f:2f:c6:bd:bd:a8:64:27:dc:48:9a:0e:07:62:7d:1a:d7:8c:e9:82
Fingerprint (sha256): 78:bd:3e:9d:12:0f:33:d1:05:94:c2:bd:70:26:88:d9:5e:6b:e6:a7:d0:17:b9:3e:1c:56:d0:cd:ee:a4:54:7e

Issuing Certificate URL: http://gtextval2-aia.geotrust.com/gtextval2.cer

Revocation information

OCSP Server: http://gtextval2-ocsp.geotrust.com
CRL Distribution Point: http://gtextval2-crl.geotrust.com/gtextval2.crl

Check the revocation status for certificate www.progressmichigan.org

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.progressmichigan.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA1 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

8 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.progressmichigan.org
progressmichigan.org

Other certificates including the domain name progressmichigan.org

(limited to 100 certificates)
www.sunshinesquad.progressmichigan.org
act.one.org
progressmichiganeducation.org
sni.cloudflaressl.com
act.johnfetterman.com
progressmichigan.org
www-default.actionkit.com
progressmichigan.org
www-default.actionkit.com
thoughtsthenaction.com
www-default.actionkit.com
sunshinesquad.progressmichigan.org
action.wemove.eu
thoughtsthenaction.com
www-default.actionkit.com
webmail.progressmichigan.org
www-default.actionkit.com
betsyandbill.com
workingformichigan.org
webmail.progressmichigan.org
www-default.actionkit.com
progressmichigan.org
act.medicare4all.org
shadyschuette.com
www.fixyourride.progressmichigan.org
www-default.actionkit.com
sunshinesquad.progressmichigan.org
act.leftnet.org
www-default.actionkit.com
progressmichiganeducation.org
thoughtsthenaction.com
shadyschuette.com
sunshinesquad.progressmichigan.org
peoplesmillion.whitehelmets.org
www-default.actionkit.com
sunshinesquad.progressmichigan.org
progressmichiganeducation.org
progressmichiganeducation.org
www-default.actionkit.com
thoughtsthenaction.com
mail.progressmichigan.com
shadyschuette.com
sni.cloudflaressl.com
act.lucaskunce.com
www-default.actionkit.com
thoughtsthenaction.com
thoughtsthenaction.com
act.elizabethwarren.com
act.campaigntoendqualifiedimmunity.org
action.pollinis.org
sunshinesquad.progressmichigan.org
webmail.secondchances4youth.org
progressmichigan.org
mccd.progressmichigan.org
thoughtsthenaction.com
www-default.actionkit.com
act.one.org
sunshinesquad.progressmichigan.org
progressmichigan.org
progressmichigan.org
mail.snyderfails.com
webmail.progressmichigan.org
sunshinesquad.progressmichigan.org
progressmichigan.com
progressmichigan.org
act.progressnc.org
progressmichigan.org
www-default.actionkit.com
sunshinesquad.progressmichigan.org
www-default.actionkit.com
mail.readymichigan.org
www-default.actionkit.com
progressmichigan.org
www-default.actionkit.com
act.progressmichigan.org
www-default.actionkit.com
progressmichigan.com
sunshinesquad.progressmichigan.org
progressmichigan.org
progressmipoliticalaction.progressmichigan.org
mccd.progressmichigan.org
www.progressmichigan.org
progressmichigan.org
sunshinesquad.progressmichigan.org
www-default.actionkit.com
faithfulamerica.org
michiganlecet.com
sni.cloudflaressl.com
sunshinesquad.progressmichigan.org
thoughtsthenaction.com
www-default.actionkit.com
act.progressga.org
act.ruraldemocratsturnoutfund.com
action.pollinis.org
thoughtsthenaction.com
greatlakesbeacon.org
act.defendvotingrights.org
sunshinesquad.progressmichigan.org
www-default.actionkit.com
www-default.actionkit.com

Certificate

The complete raw certificate details for www.progressmichigan.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgIQUB6LyO66/4g6KGbMQgCaZjANBgkqhkiG9w0BAQUFADBY
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo
R2VvVHJ1c3QgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTU0wgQ0EgLSBHMjAeFw0xNDAy
MjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHLMRMwEQYLKwYBBAGCNzwCAQMTAlVT
MRMwEQYLKwYBBAGCNzwCAQIUAk1JMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXph
dGlvbjEPMA0GA1UEBRMGNzAxNzBLMQswCQYDVQQGEwJVUzERMA8GA1UECBQITWlj
aGlnYW4xEDAOBgNVBAcUB0xhbnNpbmcxGjAYBgNVBAoUEVByb2dyZXNzIE1pY2hp
Z2FuMSEwHwYDVQQDFBh3d3cucHJvZ3Jlc3NtaWNoaWdhbi5vcmcwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPehNpMBmKrt7xIw6YvO1tzq8mXBOSW3Gb
8GCt57Ke83vh0oSHqNsS0dJGDDX7GjE4ARCPrOsMOQGXR3Cy6RiCjOG+l7n7cQOY
OZ2UpXOWs8RUnBiF/7HXWBvyHTyxMaaWkOGBbeVqNkLViQCFoXOh8mOq7OFQBn0W
KbORpj3b8MJFsgd18ZsfjIZLnxBd7dXurOPqB6EqWvCpubmm3WKRJ2tmIonNgBWt
ch5mR0lgL5dPXkRWvaZm4y+Z8am8XVS2eb6LCnaBFsZ8I368mw+cw/3Cc4A5njQi
JrbUrq+vHXH5IlM62DJuh7RKDh0g605DRW2JTSC6NcdHuTTSL7tFAgMBAAGjggGm
MIIBojA5BgNVHREEMjAwghh3d3cucHJvZ3Jlc3NtaWNoaWdhbi5vcmeCFHByb2dy
ZXNzbWljaGlnYW4ub3JnMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMEAGA1Ud
HwQ5MDcwNaAzoDGGL2h0dHA6Ly9ndGV4dHZhbDItY3JsLmdlb3RydXN0LmNvbS9n
dGV4dHZhbDIuY3JsMEsGA1UdIAREMEIwQAYJKwYBBAHwIgEGMDMwMQYIKwYBBQUH
AgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFG8mVtlc5/fJBCD4
Hrp8kScvjPoHMHsGCCsGAQUFBwEBBG8wbTAuBggrBgEFBQcwAYYiaHR0cDovL2d0
ZXh0dmFsMi1vY3NwLmdlb3RydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2d0
ZXh0dmFsMi1haWEuZ2VvdHJ1c3QuY29tL2d0ZXh0dmFsMi5jZXIwDQYJKoZIhvcN
AQEFBQADggEBAAoU6IXTgFnkGmMo1b35QllaMQGUAkk+I8QOiqW956+eeHccDMhF
PhVbcV9EWMo0G+qN7T4Zelrf9nxJRZx6fgj95FTGDlR+/wCOTvyy00Gd8zy962+u
dt/PFW6TzVth7BRJW5lc9F26lZSmhlpYY3q8e8wfX7xS7ow5wAFPkZJObFSuHvGB
8G7SIGZbUIcAZn4CPCi+ej3ACLWWvMEiTD2knLZE3jty9vJavIscyBv17Z1OTkAM
BiTfqPJpD7thzXBsLoAmjVgOlWIRsk+dzlSJCoxOKTyXv6m88Rp36tDvvSh7+xf6
JC58OqJ6/Z9z33cZP0VQYbw65Yfnpe3c/Js=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3oTaTAZiq7e8SMOmLzt
bc6vJlwTkltxm/BgreeynvN74dKEh6jbEtHSRgw1+xoxOAEQj6zrDDkBl0dwsukY
gozhvpe5+3EDmDmdlKVzlrPEVJwYhf+x11gb8h08sTGmlpDhgW3lajZC1YkAhaFz
ofJjquzhUAZ9FimzkaY92/DCRbIHdfGbH4yGS58QXe3V7qzj6gehKlrwqbm5pt1i
kSdrZiKJzYAVrXIeZkdJYC+XT15EVr2mZuMvmfGpvF1Utnm+iwp2gRbGfCN+vJsP
nMP9wnOAOZ40Iia21K6vrx1x+SJTOtgyboe0Sg4dIOtOQ0VtiU0gujXHR7k00i+7
RQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 106496843743000224352546412736779688550
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Extended Validation SSL CA - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2014-02-20 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-02-20 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'MI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '70170K'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Michigan'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Lansing'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Progress Michigan'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'www.progressmichigan.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26191526960288831330348698772014329501690384038872620317802728468385348522112973362487326699256849427917405024588929530381147848006026781982404779412256680098287516238125091889864475660989141043454538179522367214823801266544328743683650103234700314980654061061457117885245294376209329163465596689461404396271119990205727791851873683196539915594093661840760265620932202646753315638208290816027508808803554631398990162663344811448365858325340198749965277892018683107699527554318462551279909750742365342745669010175427995203060687614007551940774505684653398082136369299027017647369509391629026828276788144042585980123973
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.progressmichigan.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'progressmichigan.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (57 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gtextval2-crl.geotrust.com/gtextval2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.14370.1.6 (GeoTrust EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.geotrust.com/resources/cps'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 6f2656d95ce7f7c90420f81eba7c91272f8cfa07
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (111 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gtextval2-ocsp.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gtextval2-aia.geotrust.com/gtextval2.cer'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000a14e885d38059e41a6328d5bdf942595a31019402493e23c40e8aa5bde7af9e78771c0cc8453e155b715f4458ca341bea8ded3e197a5adff67c49459c7a7e08fde454c60e547eff008e4efcb2d3419df33cbdeb6fae76dfcf156e93cd5b61ec14495b995cf45dba9594a6865a58637abc7bcc1f5fbc52ee8c39c0014f91924e6c54ae1ef181f06ed220665b508700667e023c28be7a3dc008b596bcc1224c3da49cb644de3b72f6f25abc8b1cc81bf5ed9d4e4e400c0624dfa8f2690fbb61cd706c2e80268d580e956211b24f9dce54890a8c4e293c97bfa9bcf11a77ead0efbd287bfb17fa242e7c3aa27afd9f73df77193f455061bc3ae587e7a5eddcfc9b