perc.sonypictures.com

- Sony Pictures Entertainment, Inc. -

Issued by DigiCert Global G2 TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 03:90:8c:33:4b:9a:20:22:53:5e:62:c2:1a:d3:ea:b7 was issued on by DigiCert Inc.

With 19 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Sony Pictures Entertainment, Inc.

Organization: Sony Pictures Entertainment, Inc.
State / Province: California
Locality: Culver City
Country: US

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 03:90:8c:33:4b:9a:20:22:53:5e:62:c2:1a:d3:ea:b7
Serial Number (int): 4738218336362264320306013458977254071
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 1c:2a:1a:3d:9c:e6:f4:18:2d:69:13:c2:8f:45:92:97:59:8f:f5:99
AuthorityKeyId: 74:85:80:c0:66:c7:df:37:de:cf:bd:29:37:aa:03:1d:be:ed:cd:17

Fingerprint (sha1): 66:38:19:cc:c0:1d:13:d5:ca:27:67:2b:aa:cb:60:56:cf:31:d6:57
Fingerprint (sha256): 7f:d6:b0:b8:a6:ca:6d:41:da:46:f2:02:37:d3:0f:5c:96:5b:ac:32:8c:19:70:5e:29:14:1a:bd:6c:cf:b7:7b

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl

Check the revocation status for certificate perc.sonypictures.com

19

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for perc.sonypictures.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

perc.sonypictures.com
www.sonypictures.net
www.sonypictures.in
www.sonypictures.com.co
www.sonypictures.hk
www.sonypictures.ch
www.sonypictures.kr
www.sonypictures.pl
ceema.sonypictures.com
www.sonychannel.com
www.axnwhite.com
www.axn.com
www.animaxtv.com
privacidadaxncolombia.axn.com
www2.axn.com
www2.axnwhite.com
www2.animaxtv.com
www2.sonychannel.com
www2.privacidadaxncolombia.axn.com

Other certificates including the domain name sonypictures.com

(limited to 100 certificates)
conectados.sonypictures.com
*.sonypictures.com
redeem.sonypictures.com
origin-flash.sonypictures.com
edge-micros1.sonypictures.com
secure.sonypictures.com
origin-flash.sonypictures.com
edge-micros2.sonypictures.com
brand.sonypictures.com
flash.sonypictures.com
microsites.sonypictures.com
extaz-qa.spe.sony.com
edge-micros2.sonypictures.com
edge-micros2.sonypictures.com
sites.sonypictures.com
sites.sonypictures.com
secure.sonypictures.com
globalassethub.sonypictures.com
www.stage6films.com
api.stg-stage-productionservices.sonypictures.com
pub.email.sonypictures.com
connect.sonypictures.com
sites.sonypictures.com
edge-micros1.sonypictures.com
edge-micros1.sonypictures.com
edge-micros1.sonypictures.com
globalassethub.sonypictures.com
stage-microsites.sonypictures.com
portals.sonypictures.com
microsites.sonypictures.com
image.20210419.200345.s6.et.yellsatcloud.com
globalassethub.sonypictures.com
portals.sonypictures.com
portals.sonypictures.com
conectados.sonypictures.com
edge-micros1.sonypictures.com
flash.sonypictures.com
sites.sonypictures.com
edge-portals.sonypictures.com
edge-micros1.sonypictures.com
globalassethub.sonypictures.com
edge-micros2.sonypictures.com
flash.sonypictures.com
pub.email.sonypictures.com
griffin.sonypictures.com
view.email.sonypictures.com
edge-micros1.sonypictures.com
edge-micros1.sonypictures.com
flash.sonypictures.com
microsites.sonypictures.com
sites.sonypictures.com
audiolibrary.sonypictures.com
edge-portals.sonypictures.com
stage-microsites.sonypictures.com
stage-microsites.sonypictures.com
akamai-san77.exacttarget.com
stage-microsites.sonypictures.com
www.sonypictures.co.uk
edge-portals.sonypictures.com
stage-microsites.sonypictures.com
stage-microsites.sonypictures.com
viewer.sonypictures.com
secure.sonypictures.com
edge-portals.sonypictures.com
sites2.sonypictures.com
edge-micros2.sonypictures.com
test.rewards.sonypictures.com
www.stage6films.com
test.rewards.sonypictures.com
microsites.sonypictures.com
stage-microsites.sonypictures.com
edge-micros1.sonypictures.com
gam.sonypictures.com
microsites.sonypictures.com
flash.sonypictures.com
view.email.games.sonypictures.com
rewards.sonypictures.com
test.redeem.sonypictures.com
edge-micros1.sonypictures.com
brand.sonypictures.com
gam.sonypictures.com
stage-microsites.sonypictures.com
perc.sonypictures.com
sony-prod.actioniq.mr-in.com
click.email.sonypictures.com
stage-edge-portals.sonypictures.com
stage-microsites.sonypictures.com
tweets.sonypictures.com
flash.sonypictures.com
rewards.sonypictures.com
pages.email.games.sonypictures.com
view.email.sonypictures.com
rewards.sonypictures.com
redeem.sonypictures.com
microsites.sonypictures.com
redeem.sonypictures.com
stage-microsites.sonypictures.com
microsites.sonypictures.com
microsites.sonypictures.com
origin-flash.sonypictures.com

Certificate

The complete raw certificate details for perc.sonypictures.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHFzCCBf+gAwIBAgIQA5CMM0uaICJTXmLCGtPqtzANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQw
MzA1MDAwMDAwWhcNMjUwMzIwMjM1OTU5WjCBhDELMAkGA1UEBhMCVVMxEzARBgNV
BAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0N1bHZlciBDaXR5MSowKAYDVQQKEyFT
b255IFBpY3R1cmVzIEVudGVydGFpbm1lbnQsIEluYy4xHjAcBgNVBAMTFXBlcmMu
c29ueXBpY3R1cmVzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJwPM+USXelZnT4BPi3ZSRuNHXBnN3BnBn4oC2EzwjfwqzTrt2W/mm1l3L6Ulpgy
+9PuKY1vN/NSCOI1lwd4abDeeN3yL3lWXTly42HV07FJJmvt9D0D3BMhozY1Vbs3
fDvyvzOkibV+GkszBV1L82EBq1XthYc6vhhWeXFQjBrukwdly9jpTEnyvlZ43UbX
tn6GAGKuNXThBLppdw1lzIcegArUXB0aWQppjU0J5fF1h02O2SP7+gpUmBzF12iq
z4HFSU3bSQ4v5ewLGIcWquWDUp9fR0a1EkkC/u9EXxUD3V9me20x7mlQ8DbbRqaK
tD9I3OQXB8w61aEnXvC9fA8CAwEAAaOCA60wggOpMB8GA1UdIwQYMBaAFHSFgMBm
x9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBQcKho9nOb0GC1pE8KPRZKXWY/1mTCC
AacGA1UdEQSCAZ4wggGaghVwZXJjLnNvbnlwaWN0dXJlcy5jb22CFHd3dy5zb255
cGljdHVyZXMubmV0ghN3d3cuc29ueXBpY3R1cmVzLmlughd3d3cuc29ueXBpY3R1
cmVzLmNvbS5jb4ITd3d3LnNvbnlwaWN0dXJlcy5oa4ITd3d3LnNvbnlwaWN0dXJl
cy5jaIITd3d3LnNvbnlwaWN0dXJlcy5rcoITd3d3LnNvbnlwaWN0dXJlcy5wbIIW
Y2VlbWEuc29ueXBpY3R1cmVzLmNvbYITd3d3LnNvbnljaGFubmVsLmNvbYIQd3d3
LmF4bndoaXRlLmNvbYILd3d3LmF4bi5jb22CEHd3dy5hbmltYXh0di5jb22CHXBy
aXZhY2lkYWRheG5jb2xvbWJpYS5heG4uY29tggx3d3cyLmF4bi5jb22CEXd3dzIu
YXhud2hpdGUuY29tghF3d3cyLmFuaW1heHR2LmNvbYIUd3d3Mi5zb255Y2hhbm5l
bC5jb22CInd3dzIucHJpdmFjaWRhZGF4bmNvbG9tYmlhLmF4bi5jb20wPgYDVR0g
BDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2Vy
dC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwgZ8GA1UdHwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMuZGlnaWNl
cnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3Js
MEigRqBEhkJodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxH
MlRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcmwwgYcGCCsGAQUFBwEBBHsweTAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFEGCCsGAQUFBzAChkVo
dHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JT
QVNIQTI1NjIwMjBDQTEtMS5jcnQwDAYDVR0TAQH/BAIwADATBgorBgEEAdZ5AgQD
AQH/BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAIZFiM0M5rWQH89j/P20yC5cbpEhM
9nLNUDybzrGi5WUM0+4v6Xh1icR+ovSafma3K/aS46DwLf5OLX2U83/T9K9F7dM/
oMdDXKYoNpxN/QqysjiewEOIRe9wDX2y3xupY97Ehk4zUMp/jXpKpnUXwIjpMUAf
MiQKfKk4jwQ/6w3u/bOm5pono2tSMnsqohasaLFAcYIYVaeQZ1zytN2iVbdSkOlk
/miaNzJKhTNiT29XoGPOp65UdK671KvtN2WbvelCeraNw1XhysdAGqBN8+uALqiH
bidoAUVkdX7QLOLdVy6cCmDGoJv8/QNQ30isYEQvpRRQme4OjnYV8AXm1Q==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnA8z5RJd6VmdPgE+LdlJ
G40dcGc3cGcGfigLYTPCN/CrNOu3Zb+abWXcvpSWmDL70+4pjW8381II4jWXB3hp
sN543fIveVZdOXLjYdXTsUkma+30PQPcEyGjNjVVuzd8O/K/M6SJtX4aSzMFXUvz
YQGrVe2Fhzq+GFZ5cVCMGu6TB2XL2OlMSfK+VnjdRte2foYAYq41dOEEuml3DWXM
hx6ACtRcHRpZCmmNTQnl8XWHTY7ZI/v6ClSYHMXXaKrPgcVJTdtJDi/l7AsYhxaq
5YNSn19HRrUSSQL+70RfFQPdX2Z7bTHuaVDwNttGpoq0P0jc5BcHzDrVoSde8L18
DwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 4738218336362264320306013458977254071
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global G2 TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-05 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-20 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Culver City'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sony Pictures Entertainment, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'perc.sonypictures.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19700672312438767604122694147232888740902228486188327765303370298801306366727938312681756026790497897260616956204358070456484995399037890623824686797769472845509718758486820244499284627988725771411487410430222209105706805025917572556276823739224342373412965859891038836775018427555191019213728250047458463469790524279641956378573123667885120282760207207306798341053926871478370522416254388657879323851510105777252626041584686092630375705169179549970792124441844671126719435566822542573998019434544333306134086686295245709428442520710317301303137174933509524583871441517988855431932965689622672133504755890287485484047
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 748580c066c7df37decfbd2937aa031dbeedcd17
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1c2a1a3d9ce6f4182d6913c28f459297598ff599
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (414 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'perc.sonypictures.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonypictures.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonypictures.in'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonypictures.com.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonypictures.hk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonypictures.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonypictures.kr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonypictures.pl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ceema.sonypictures.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonychannel.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.axnwhite.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.axn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.animaxtv.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'privacidadaxncolombia.axn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www2.axn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www2.axnwhite.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www2.animaxtv.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www2.sonychannel.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www2.privacidadaxncolombia.axn.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00219162334339ad6407f3d8ff3f6d320b971ba4484cf672cd503c9bceb1a2e5650cd3ee2fe9787589c47ea2f49a7e66b72bf692e3a0f02dfe4e2d7d94f37fd3f4af45edd33fa0c7435ca628369c4dfd0ab2b2389ec0438845ef700d7db2df1ba963dec4864e3350ca7f8d7a4aa67517c088e931401f32240a7ca9388f043feb0deefdb3a6e69a27a36b52327b2aa216ac68b14071821855a790675cf2b4dda255b75290e964fe689a37324a8533624f6f57a063cea7ae5474aebbd4abed37659bbde9427ab68dc355e1cac7401aa04df3eb802ea8876e2768014564757ed02ce2dd572e9c0a60c6a09bfcfd0350df48ac60442fa5145099ee0e8e7615f005e6d5