*.ohchr.org
Issued by Sectigo RSA Domain Validation Secure Server CA
About this certificate
This digital certificate with serial number f8:e3:53:de:7f:88:f1:ae:9e:41:85:c9:c3:5b:56:61 was issued on by Sectigo Limited.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=*.ohchr.org
Sectigo Limited
Organization:
Sectigo Limited
State / Province:
Greater Manchester
Locality: Salford
Country: GB
Locality: Salford
Country: GB
This certificate will expire on
Certificate Details
Serial Number (hex): f8:e3:53:de:7f:88:f1:ae:9e:41:85:c9:c3:5b:56:61Serial Number (int): 330828895409665875077386503543729116769
Serial Number lenght: 128 bits, 16 octets
SubjectKeyId: 7f:44:93:dc:a8:b2:9f:31:ed:83:05:87:e2:c3:dd:ee:e7:54:f5:55
AuthorityKeyId: 8d:8c:5e:c4:54:ad:8a:e1:77:e9:9b:f9:9b:05:e1:b8:01:8d:61:e1
Fingerprint (sha1): 5b:2e:5a:83:8d:d4:ed:e9:c6:cf:2d:d8:41:9b:9b:a6:95:d3:25:88
Fingerprint (sha256): 80:fd:9b:e1:00:47:8c:af:f7:93:00:e9:c5:29:10:48:09:9b:b1:84:9f:38:24:3f:a7:22:cb:0d:e0:8f:95:59
Issuing Certificate URL: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
Revocation information
OCSP Server: http://ocsp.sectigo.comCheck the revocation status for certificate *.ohchr.org
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.ohchr.org
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.ohchr.org
ohchr.org
ohchr.org
Other certificates including the domain name ohchr.org
(limited to 100 certificates)
*.prod.ohchr.un-icc.cloud
sm.ohchr.org
*.test.ohchr.un-icc.cloud
cambodia.ohchr.org
romena.ohchr.org
sm.ohchr.org
cambodia.ohchr.org
sm.ohchr.org
sm.ohchr.org
sm.ohchr.org
bangkok.ohchr.org
*.prod.ohchr.un-icc.cloud
digitalhub.ohchr.org
cambodia.ohchr.org
sm.ohchr.org
bangkok.ohchr.org
sm.ohchr.org
cambodia.ohchr.org
romena.ohchr.org
europe.ohchr.org
dreamlighthelper.com
digitalhub.ohchr.org
webmail2.ohchr.org
auth.kindo.staging.boik.dev
www.westafrica.ohchr.org
webmail.ohchr.org
testrightsview.ohchr.org
webmail.ohchr.org
sm.ohchr.org
remote.ohchr.org
cambodia.ohchr.org
digitalhub.ohchr.org
cambodia.ohchr.org
*.prod.ohchr.un-icc.cloud
seoul.ohchr.org
*.ohchr.org
sm.ohchr.org
seoul.ohchr.org
westafrica.ohchr.org
searchlibrary.ohchr.org
sm.ohchr.org
waps.ohchr.org
fifa.shapegames.dev
seoul.ohchr.org
ngopub.ohchr.org
cambodia.ohchr.org
sm.ohchr.org
seoul.ohchr.org
*.in.ohchr.org
login.ohchr.org
sm.ohchr.org
sanctionsplatform.ohchr.org
www.westafrica.ohchr.org
webmail.ohchr.org
romena.ohchr.org
westafrica.ohchr.org
cambodia.ohchr.org
www.westafrica.ohchr.org
extranet.ohchr.org
rightsview.ohchr.org
webmail.ohchr.org
sm.ohchr.org
*.ohchr.org
spdb.ohchr.org
easset.ohchr.org
grants.ohchr.org
esurvey.ohchr.org
www.fotoramausa.com
pms.ohchr.org
testrightsview.ohchr.org
rightsviewtest.ohchr.org
grants.ohchr.org
www.digitalbharati.org
*.ohchr.org
sm.ohchr.org
digitalhub.ohchr.org
sm.ohchr.org
ngopub.ohchr.org
sm.ohchr.org
uganda.ohchr.org
*.ohchr.org
cambodia.ohchr.org
rightsviewtest.ohchr.org
rightsview.ohchr.org
fieldsmail.ohchr.org
*.prod.ohchr.un-icc.cloud
sm.ohchr.org
cambodia.ohchr.org
share.ohchr.org
CSWEB.OHCHR.ORG
romena.ohchr.org
sni.cloudflaressl.com
westafrica.ohchr.org
esurvey.ohchr.org
sm.ohchr.org
searchlibrary.ohchr.org
romena.ohchr.org
sm.ohchr.org
sm.ohchr.org
cambodia.ohchr.org
sm.ohchr.org
*.test.ohchr.un-icc.cloud
cambodia.ohchr.org
romena.ohchr.org
sm.ohchr.org
cambodia.ohchr.org
sm.ohchr.org
sm.ohchr.org
sm.ohchr.org
bangkok.ohchr.org
*.prod.ohchr.un-icc.cloud
digitalhub.ohchr.org
cambodia.ohchr.org
sm.ohchr.org
bangkok.ohchr.org
sm.ohchr.org
cambodia.ohchr.org
romena.ohchr.org
europe.ohchr.org
dreamlighthelper.com
digitalhub.ohchr.org
webmail2.ohchr.org
auth.kindo.staging.boik.dev
www.westafrica.ohchr.org
webmail.ohchr.org
testrightsview.ohchr.org
webmail.ohchr.org
sm.ohchr.org
remote.ohchr.org
cambodia.ohchr.org
digitalhub.ohchr.org
cambodia.ohchr.org
*.prod.ohchr.un-icc.cloud
seoul.ohchr.org
*.ohchr.org
sm.ohchr.org
seoul.ohchr.org
westafrica.ohchr.org
searchlibrary.ohchr.org
sm.ohchr.org
waps.ohchr.org
fifa.shapegames.dev
seoul.ohchr.org
ngopub.ohchr.org
cambodia.ohchr.org
sm.ohchr.org
seoul.ohchr.org
*.in.ohchr.org
login.ohchr.org
sm.ohchr.org
sanctionsplatform.ohchr.org
www.westafrica.ohchr.org
webmail.ohchr.org
romena.ohchr.org
westafrica.ohchr.org
cambodia.ohchr.org
www.westafrica.ohchr.org
extranet.ohchr.org
rightsview.ohchr.org
webmail.ohchr.org
sm.ohchr.org
*.ohchr.org
spdb.ohchr.org
easset.ohchr.org
grants.ohchr.org
esurvey.ohchr.org
www.fotoramausa.com
pms.ohchr.org
testrightsview.ohchr.org
rightsviewtest.ohchr.org
grants.ohchr.org
www.digitalbharati.org
*.ohchr.org
sm.ohchr.org
digitalhub.ohchr.org
sm.ohchr.org
ngopub.ohchr.org
sm.ohchr.org
uganda.ohchr.org
*.ohchr.org
cambodia.ohchr.org
rightsviewtest.ohchr.org
rightsview.ohchr.org
fieldsmail.ohchr.org
*.prod.ohchr.un-icc.cloud
sm.ohchr.org
cambodia.ohchr.org
share.ohchr.org
CSWEB.OHCHR.ORG
romena.ohchr.org
sni.cloudflaressl.com
westafrica.ohchr.org
esurvey.ohchr.org
sm.ohchr.org
searchlibrary.ohchr.org
romena.ohchr.org
sm.ohchr.org
sm.ohchr.org
cambodia.ohchr.org
Certificate
The complete raw certificate details for *.ohchr.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGKjCCBRKgAwIBAgIRAPjjU95/iPGunkGFycNbVmEwDQYJKoZIhvcNAQELBQAw gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD QTAeFw0yNDA0MTUwMDAwMDBaFw0yNTA1MTYyMzU5NTlaMBYxFDASBgNVBAMMCyou b2hjaHIub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+VilUSBo d5zEB5Vmsw1KRCZE+pURWUnaiP2XFtQYooMmdP6ZbPOCtBI8g1lmUVZptndPBfS9 S4QsbcpliVRy9Kv7ehyNBh3XosOXjS+GY6ZiauH8YiQ3HUEcaTL1OQGJgFVJ0mvD Id2bHs8J1q/uaawq1zL6X3FSZHxiClSaCaeDazCdrfnLlHLk19Q5ebIEp990Wv2I 2PeyXLRd6xMDmEnP/fQqsKjHNVY7lhmg6qLs6wdLOvz3r3tYxlfp+5nl5dWd+qFp p+7TxNLj5WjgdsRfZ3C2/RACKRFDP5jNauvHP0eIXp9KjIgUoiT3T3Hqn7rpnqT5 B1lzzyt4IoiwKQIDAQABo4IC9zCCAvMwHwYDVR0jBBgwFoAUjYxexFStiuF36Zv5 mwXhuAGNYeEwHQYDVR0OBBYEFH9Ek9yosp8x7YMFh+LD3e7nVPVVMA4GA1UdDwEB /wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF BQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUHAgEWF2h0 dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUHAQEEeDB2 ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FE b21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdo dHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAhBgNVHREEGjAYggsqLm9oY2hyLm9yZ4IJ b2hjaHIub3JnMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdwDPEVbu1S58r/OH W9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAY7i0hSMAAAEAwBIMEYCIQCQlfP25/8R mGJH/haRZ2yfjrXd+b2V12VCY2s15MMTIAIhALIercMFfzNwvKTdRQHbbx601LHj RzBIcKX2zkbAEJLmAHUAouMK5EXvva2bfjjtR2d3U9eCW4SU1yteGyzEuVCkR+cA AAGO4tIUKwAABAMARjBEAiBXlYq7RK7m6e88sJtQWM82sAAuenXTPCiNlte1RKMx PgIgfXkHDAZO5160irPvhLfZgAUXdy8BbNfw2J4iRlkMLXkAdQBOdaMnXJoQwzhb bNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAY7i0hQjAAAEAwBGMEQCIBUYYHdU12T1 3BBhQemae0sDEkdwgDT29jXbCoaIlbWwAiAWJWWHosokXawfVJ+VG6BXtzFKTpq/ FhB7+yDMrODfFzANBgkqhkiG9w0BAQsFAAOCAQEA1GQdysTkY/ivncVi6fxAeS4f cx9dYzWUEk15jfqL5zpyXKjKjvXG5x9VzIYOH7vLn0rQKDE/ouOYs5NmE1d7j8u/ 6gE8vH0Pg/4wp3HJn2iqqI/gUkiVfbVGzDihHj91OSwQGjYbpqmcd+2YlZv33CRR E6tNIxrKAVRpQBfomPLXHe35r5kRDfRFHmCqVSdB5LqXiUfkfDB0UGBM8K+e9Zd8 WWIDjA+5oSa72GDuZeQMV8foCDiHcgxyqfWXX65/aG5mPOd390QJxL+4cIUGeEBa o9ywnkEhj+8seMu4f4ffhHk0owYZKsqrjWi2KvEQh5hf1Rnx5fXsXoA81omWow== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+VilUSBod5zEB5Vmsw1K RCZE+pURWUnaiP2XFtQYooMmdP6ZbPOCtBI8g1lmUVZptndPBfS9S4QsbcpliVRy 9Kv7ehyNBh3XosOXjS+GY6ZiauH8YiQ3HUEcaTL1OQGJgFVJ0mvDId2bHs8J1q/u aawq1zL6X3FSZHxiClSaCaeDazCdrfnLlHLk19Q5ebIEp990Wv2I2PeyXLRd6xMD mEnP/fQqsKjHNVY7lhmg6qLs6wdLOvz3r3tYxlfp+5nl5dWd+qFpp+7TxNLj5Wjg dsRfZ3C2/RACKRFDP5jNauvHP0eIXp9KjIgUoiT3T3Hqn7rpnqT5B1lzzyt4Ioiw KQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 330828895409665875077386503543729116769 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Domain Validation Secure Server CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-15 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-16 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.ohchr.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 31477050794513826719046930941837710990416922211574654290555670804957493418756942530248410585969637761721509616674577275656287037304387368720686617556319945313211831333620524057298021331409818232330678124640083019457728344176975018360807234889672143815066181778707192841365391622705337224437412466340311723943168506632711097295756905007182378075584803064735070548030553171829115505997751768580823010195079675517024709374263638654669813660130667766935817554607933518346748669842878890456037686438839446678589620689076522218274326510782159588094347854500121086619897601969417408623568326739529969320100687293379380817961 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 8d8c5ec454ad8ae177e99bf99b05e1b8018d61e1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 7f4493dca8b29f31ed830587e2c3ddeee754f555 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (120 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ohchr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ohchr.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes) 0167007700cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018ee2d2148c00000403004830460221009095f3f6e7ff11986247fe1691676c9f8eb5ddf9bd95d76542636b35e4c31320022100b21eadc3057f3370bca4dd4501db6f1eb4d4b1e347304870a5f6ce46c01092e6007500a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018ee2d2142b0000040300463044022057958abb44aee6e9ef3cb09b5058cf36b0002e7a75d33c288d96d7b544a3313e02207d79070c064ee75eb48ab3ef84b7d9800517772f016cd7f0d89e2246590c2d790075004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018ee2d21423000004030046304402201518607754d764f5dc106141e99a7b4b031247708034f6f635db0a868895b5b0022016256587a2ca245dac1f549f951ba057b7314a4e9abf16107bfb20ccace0df17 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00d4641dcac4e463f8af9dc562e9fc40792e1f731f5d633594124d798dfa8be73a725ca8ca8ef5c6e71f55cc860e1fbbcb9f4ad028313fa2e398b3936613577b8fcbbfea013cbc7d0f83fe30a771c99f68aaa88fe05248957db546cc38a11e3f75392c101a361ba6a99c77ed98959bf7dc245113ab4d231aca0154694017e898f2d71dedf9af99110df4451e60aa552741e4ba978947e47c307450604cf0af9ef5977c5962038c0fb9a126bbd860ee65e40c57c7e8083887720c72a9f5975fae7f686e663ce777f74409c4bfb870850678405aa3dcb09e41218fef2c78cbb87f87df847934a306192acaab8d68b62af11087985fd519f1e5f5ec5e803cd68996a3