spena.sonypictures.net

- Sony Pictures Entertainment -

Issued by DigiCert Global CA G2

About this certificate

This digital certificate with serial number 0b:8e:04:f0:21:e1:52:1d:86:bd:41:c5:c6:a9:9e:d0 was issued on by DigiCert Inc.

With 16 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Sony Pictures Entertainment

Organization: Sony Pictures Entertainment
Organization unit: Internet Systems Technology
State / Province: California
Locality: Culver City
Country: US

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0b:8e:04:f0:21:e1:52:1d:86:bd:41:c5:c6:a9:9e:d0
Serial Number (int): 15358914262428839567549767351475478224
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 16:2b:34:a5:a3:9e:d7:19:e8:57:36:c1:1f:b8:b2:b7:e5:b7:21:0d
AuthorityKeyId: 24:6e:2b:2d:d0:6a:92:51:51:25:69:01:aa:9a:47:a6:89:e7:40:20

Fingerprint (sha1): 8d:45:c8:e7:3c:7a:5c:34:eb:e5:29:91:ad:80:bb:7b:1e:e1:fb:a4
Fingerprint (sha256): 81:eb:0c:3c:23:68:a2:3a:49:cc:d8:0c:0d:23:b4:5e:ae:c9:8a:5f:46:18:ad:d9:a8:f2:12:c1:5b:23:ea:43

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalCAG2.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalCAG2.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalCAG2.crl

Check the revocation status for certificate spena.sonypictures.net

16

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for spena.sonypictures.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

spena.sonypictures.net
stage-spena.sonypictures.net
*.onetvasia.com
*.gemtvasia.com
*.axn-asia.com
*.axn-taiwan.com
*.sonychannelasia.com
*.animax-asia.com
*.animax-taiwan.com
*.animaxhd-tw.com
*.gemtvasia-hk.com
*.gemtvasia-id.com
*.gemtvasia-ph.com
*.gemtvasia-sg.com
*.gemtvasia-th.com
*.gemtvasia-vn.com

Other certificates including the domain name sonypictures.net

(limited to 100 certificates)
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
portals.sonypictures.net
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
spena.sonypictures.net
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
portals.sonypictures.net
stage-perc.sonypictures.com
flash.sonypictures.com
portals.sonypictures.net
flash.sonypictures.com
flash.sonypictures.com
stage-perc.sonypictures.com
portals.sonypictures.net
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
stage-perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
stage-perc.sonypictures.com
flash.sonypictures.com
spena.sonypictures.net
portals.sonypictures.net
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
stage-perc.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
stage-perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
spena.sonypictures.net
sites.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
portals.sonypictures.net
flash.sonypictures.com
stage-perc.sonypictures.com
sites.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
spena.sonypictures.net
portals.sonypictures.net
stage-perc.sonypictures.com
flash.sonypictures.com
perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
portals.sonypictures.net
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
stage-perc.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
flash.sonypictures.com
portals.sonypictures.net
flash.sonypictures.com
perc.sonypictures.com
portals.sonypictures.net
perc.sonypictures.com
flash.sonypictures.com

Certificate

The complete raw certificate details for spena.sonypictures.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHjzCCBnegAwIBAgIQC44E8CHhUh2GvUHFxqme0DANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVE
aWdpQ2VydCBHbG9iYWwgQ0EgRzIwHhcNMTkwOTEzMDAwMDAwWhcNMjAwOTEzMTIw
MDAwWjCBpTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNV
BAcTC0N1bHZlciBDaXR5MSQwIgYDVQQKExtTb255IFBpY3R1cmVzIEVudGVydGFp
bm1lbnQxJDAiBgNVBAsTG0ludGVybmV0IFN5c3RlbXMgVGVjaG5vbG9neTEfMB0G
A1UEAxMWc3BlbmEuc29ueXBpY3R1cmVzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKiWdB0HEc4bnVsrmzMsnx5YmU0a7hJGLraM3kfWpQ1S7TsM
zaJC+AJURFO4MmH/JUkATW5H5V9q27mYB8l3ef1iA4TpIbkg+um9jw/I8p/LjtFp
mW+Khvll2+/UTzIdIUzXjzS2lQy04ArklYh8G4wH0zwQE7X2EPAZcy9CGdM483Ko
c5k7WH686ug00dlQL6XyOnTq+9aw/9GR1TBvs1FvpPiPj95URW3mYy0kYnIwcvIE
7VGBPiu6LhLthMYk2ZQ2ea95fJE/FsVM91wmKanMx/v/cVmuu9Ggh2P7XYUYDkC3
QkBQAz+CJ8pgYgwEWbjxdNgCsRD6Ke1RJMIzqPUCAwEAAaOCBBkwggQVMB8GA1Ud
IwQYMBaAFCRuKy3QapJRUSVpAaqaR6aJ50AgMB0GA1UdDgQWBBQWKzSlo57XGehX
NsEfuLK35bchDTCCAVEGA1UdEQSCAUgwggFEghZzcGVuYS5zb255cGljdHVyZXMu
bmV0ghxzdGFnZS1zcGVuYS5zb255cGljdHVyZXMubmV0gg8qLm9uZXR2YXNpYS5j
b22CDyouZ2VtdHZhc2lhLmNvbYIOKi5heG4tYXNpYS5jb22CECouYXhuLXRhaXdh
bi5jb22CFSouc29ueWNoYW5uZWxhc2lhLmNvbYIRKi5hbmltYXgtYXNpYS5jb22C
EyouYW5pbWF4LXRhaXdhbi5jb22CESouYW5pbWF4aGQtdHcuY29tghIqLmdlbXR2
YXNpYS1oay5jb22CEiouZ2VtdHZhc2lhLWlkLmNvbYISKi5nZW10dmFzaWEtcGgu
Y29tghIqLmdlbXR2YXNpYS1zZy5jb22CEiouZ2VtdHZhc2lhLXRoLmNvbYISKi5n
ZW10dmFzaWEtdm4uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwdwYDVR0fBHAwbjA1oDOgMYYvaHR0cDovL2NybDMuZGln
aWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsQ0FHMi5jcmwwNaAzoDGGL2h0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbENBRzIuY3JsMEwGA1UdIARF
MEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2lj
ZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHQGCCsGAQUFBwEBBGgwZjAkBggrBgEFBQcw
AYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMD4GCCsGAQUFBzAChjJodHRwOi8v
Y2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxDQUcyLmNydDAJBgNV
HRMEAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYApLkJkLQYWBSHuxOizGdw
Cjw1mAT5G9+443fNDsgN3BAAAAFtLNqrUgAABAMARzBFAiEAzyvGXM5EY0m0YV8s
Y0yA8hnwQKzi72kNKFQLJwLDAAgCIGlKjRRyNI7WmIrN8iIlsITpVGYrk/afvvz7
usstSHsVAHcAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFtLNqr
xAAABAMASDBGAiEAheXTL2q+5C8QTxYqE+22FZZ2WiuuFiRGgsdZbO+WCBkCIQDl
eDezl12ueywUOYfFYhMN0Bv2NCJq677a8QSqZ3q9WjANBgkqhkiG9w0BAQsFAAOC
AQEA0uNsSZ8kuktu5+ig7HG6HxfNu0MZJRhHuau9Q7ddVFFMTgKADd6q74vHl4qC
wr5ErwqbNuEcOSvxjZ4tmJO2tGi5AXWFyYofqwOlWEGI1tibJA7abHus8JUkit0P
3tWFLCG1knkFgU3H6uvspIMLRdnCHrOfFgu3hH7fYGU7AX7+IU1AFU8NDT7+kv8n
waf8uIcGmKAAgZ3/EXo4W0svdSFZqx6n1IHuWgoV2A+hDLiimXAwehEkP/0nQ767
OTBc2a2z4Q2f/HkLS2xCpVoOfgyLzDwkinaOBKCb1c35frqxYkr550of1ZfkgQC4
eVMjOoWCQk1PwiDb3SXPAT1sQQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJZ0HQcRzhudWyubMyyf
HliZTRruEkYutozeR9alDVLtOwzNokL4AlREU7gyYf8lSQBNbkflX2rbuZgHyXd5
/WIDhOkhuSD66b2PD8jyn8uO0WmZb4qG+WXb79RPMh0hTNePNLaVDLTgCuSViHwb
jAfTPBATtfYQ8BlzL0IZ0zjzcqhzmTtYfrzq6DTR2VAvpfI6dOr71rD/0ZHVMG+z
UW+k+I+P3lRFbeZjLSRicjBy8gTtUYE+K7ouEu2ExiTZlDZ5r3l8kT8WxUz3XCYp
qczH+/9xWa670aCHY/tdhRgOQLdCQFADP4InymBiDARZuPF02AKxEPop7VEkwjOo
9QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15358914262428839567549767351475478224
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global CA G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-09-13 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-09-13 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Culver City'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sony Pictures Entertainment'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet Systems Technology'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'spena.sonypictures.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21282226653794360024435940109673431953638763301949720117435267681223006529586441030597352024519700909943643824410646723049688322391552985898645694223553329371154033580371102356106638782863705244961204885468450743222092443774636934643957509273900809613051809176993939974111723208970848923711364648186677115060390648206620417678138371579225791717774053928112806731821122862688999545499694323458956505757462062301598754680478616327904212245705915847320200104461945109745260124502370131464742063598068480152071494248922171644611839830737301682867860056992231278480828513648781170560266817871927976718577752511489366010101
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 246e2b2dd06a925151256901aa9a47a689e74020
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							162b34a5a39ed719e85736c11fb8b2b7e5b7210d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (328 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'spena.sonypictures.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stage-spena.sonypictures.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.onetvasia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.axn-asia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.axn-taiwan.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sonychannelasia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.animax-asia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.animax-taiwan.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.animaxhd-tw.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia-hk.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia-id.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia-ph.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia-sg.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia-th.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gemtvasia-vn.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (112 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalCAG2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f1007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016d2cdaab520000040300473045022100cf2bc65cce446349b4615f2c634c80f219f040ace2ef690d28540b2702c300080220694a8d1472348ed6988acdf22225b084e954662b93f69fbefcfbbacb2d487b150077008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016d2cdaabc4000004030048304602210085e5d32f6abee42f104f162a13edb61596765a2bae16244682c7596cef960819022100e57837b3975dae7b2c143987c562130dd01bf634226aebbedaf104aa677abd5a
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00d2e36c499f24ba4b6ee7e8a0ec71ba1f17cdbb4319251847b9abbd43b75d54514c4e02800ddeaaef8bc7978a82c2be44af0a9b36e11c392bf18d9e2d9893b6b468b9017585c98a1fab03a5584188d6d89b240eda6c7bacf095248add0fded5852c21b5927905814dc7eaebeca4830b45d9c21eb39f160bb7847edf60653b017efe214d40154f0d0d3efe92ff27c1a7fcb8870698a000819dff117a385b4b2f752159ab1ea7d481ee5a0a15d80fa10cb8a29970307a11243ffd2743bebb39305cd9adb3e10d9ffc790b4b6c42a55a0e7e0c8bcc3c248a768e04a09bd5cdf97ebab1624af9e74a1fd597e48100b87953233a8582424d4fc220dbdd25cf013d6c41