www.gov.uk

- Government Digital Service -

Issued by GlobalSign Organization Validation CA - SHA256 - G2

About this certificate

This digital certificate with serial number 33:87:bf:28:9f:ee:cb:54:b0:8a:75:60 was issued on by GlobalSign nv-sa.

With 13 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • 1 DNS name(s) are bare public suffixes: gov.uk The domain SHOULD NOT have a bare public suffix (awslabs certlint)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Government Digital Service

Organization: Government Digital Service
Organization unit: Government Digital Service
State / Province: Greater London
Locality: London
Country: GB

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 33:87:bf:28:9f:ee:cb:54:b0:8a:75:60
Serial Number (int): 15947843207928936555254281568
Serial Number lenght: 94 bits, 12 octets

SubjectKeyId: ae:10:4a:51:c8:ad:fa:a8:8d:f0:28:ce:1f:fd:ac:20:2f:b2:75:64
AuthorityKeyId: 96:de:61:f1:bd:1c:16:29:53:1c:c0:cc:7d:3b:83:00:40:e6:1a:7c

Fingerprint (sha1): 5d:00:18:3f:93:3b:0c:ad:a4:97:ec:22:3c:11:18:ba:c8:1c:42:a5
Fingerprint (sha256): 86:df:c8:2b:3a:cd:d2:e0:aa:2a:c6:6a:72:bc:da:e1:e8:8c:e8:cc:ec:a1:31:22:bf:bb:41:e5:21:a3:d4:ec

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt

Revocation information

OCSP Server: http://ocsp2.globalsign.com/gsorganizationvalsha2g2
CRL Distribution Point: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

Check the revocation status for certificate www.gov.uk

13

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.gov.uk

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.gov.uk
*.businesslink.gov.uk
*.direct.gov.uk
*.preview.alphagov.co.uk
*.production.alphagov.co.uk
*.publishing.service.gov.uk
*.cabinet-office.gov.uk
assets.digital.cabinet-office.gov.uk
service.gov.uk
data.gov.uk
dfid.gov.uk
www.data.gov.uk
gov.uk

Other certificates including the domain name www.gov.uk

(limited to 100 certificates)

Certificate

The complete raw certificate details for www.gov.uk in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIH5jCCBs6gAwIBAgIMM4e/KJ/uy1SwinVgMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTkwNDA0MTc0NDA1WhcNMjAxMTE0MTkwMTA0WjCBljELMAkGA1UEBhMC
R0IxFzAVBgNVBAgTDkdyZWF0ZXIgTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xIzAh
BgNVBAsTGkdvdmVybm1lbnQgRGlnaXRhbCBTZXJ2aWNlMSMwIQYDVQQKExpHb3Zl
cm5tZW50IERpZ2l0YWwgU2VydmljZTETMBEGA1UEAxMKd3d3Lmdvdi51azCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKii2iR6rMRSVERB2gsUwU2DlZuJ
vtPwOmfFewPJQk/+KmTYaQBVdbX02HEZ1yfTirY0W47JvF4nxOdVnNB0/uJwJpEm
2uqAliiVhqqC35UCDfEp4yLCSa9Od+TqYS1txdXnoe+TKHQI/aHy2/Bf+BMPMUSq
7QI88WlC4MGFO68xNufoBZ8fNyVSjYTQ0BArcaoAFfYnTuddyDEHirGJYhx0oHjb
Mz7RJUKKtXU0Yjhnfnk16Mvf3Ksl5vYbbx0T4RLyTS9QFBL+nJgUEcTfN1iCgnFV
uG2uoFzBAi6rOlR/vv8G2ymvL+h/FutZlO3LA29QmwzwHL2zLsyfOlk7cbECAwEA
AaOCBGEwggRdMA4GA1UdDwEB/wQEAwIFoDCBoAYIKwYBBQUHAQEEgZMwgZAwTQYI
KwYBBQUHMAKGQWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dz
b3JnYW5pemF0aW9udmFsc2hhMmcycjEuY3J0MD8GCCsGAQUFBzABhjNodHRwOi8v
b2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIwVgYD
VR0gBE8wTTBBBgkrBgEEAaAyARQwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cu
Z2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQICMAkGA1UdEwQCMAAw
SQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9n
c29yZ2FuaXphdGlvbnZhbHNoYTJnMi5jcmwwggEXBgNVHREEggEOMIIBCoIKd3d3
Lmdvdi51a4IVKi5idXNpbmVzc2xpbmsuZ292LnVrgg8qLmRpcmVjdC5nb3YudWuC
GCoucHJldmlldy5hbHBoYWdvdi5jby51a4IbKi5wcm9kdWN0aW9uLmFscGhhZ292
LmNvLnVrghsqLnB1Ymxpc2hpbmcuc2VydmljZS5nb3YudWuCFyouY2FiaW5ldC1v
ZmZpY2UuZ292LnVrgiRhc3NldHMuZGlnaXRhbC5jYWJpbmV0LW9mZmljZS5nb3Yu
dWuCDnNlcnZpY2UuZ292LnVrggtkYXRhLmdvdi51a4ILZGZpZC5nb3YudWuCD3d3
dy5kYXRhLmdvdi51a4IGZ292LnVrMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAdBgNVHQ4EFgQUrhBKUcit+qiN8CjOH/2sIC+ydWQwHwYDVR0jBBgwFoAU
lt5h8b0cFilTHMDMfTuDAEDmGnwwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2
AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABaelzYngAAAQDAEcw
RQIgI5Mjx+v+D6+R1XbhitqJiwStVJr6mzsYg7sT3/+wFcsCIQCjxAhD8sv3cRIn
0mvhCuY3JSj9ZzdPGQtWnCUrU2skoAB2AKS5CZC0GFgUh7sTosxncAo8NZgE+Rvf
uON3zQ7IDdwQAAABaelzYl4AAAQDAEcwRQIgPzD/fBJLGGdbG5TDQB808SY8CiOP
Fv7C9MRrHWekkLMCIQCdN5cU65MYFs/NlGnKHQ4kemNG2J40p2EsQBq4Nls8agB2
AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABaelzYqEAAAQDAEcw
RQIhAK+LzhIohBZNR1nlqFFvNieLxH92MH1LVhYWIHNm4q4oAiBEnEABIk77puQN
SmZcl08nM4Qvb1v4KEG5CIkt7X5kSjANBgkqhkiG9w0BAQsFAAOCAQEAY7MuBo1z
E1ZUsT3JMFclL8i2XPHlbZ9da3TxURDwHJop2ryw5BHgrG5AMV2gypsNYta0KH/d
ATLlvjNXij6BdH8XZ/0TnsxwOFp9m7WCjO37u4eXa9aLuXxCsd1b4sm853wnIAPT
zid0r2Wwmdytkj+nHa6ph31gqWPeFm2yeBqiN/VuaTnB3FJ1dzSMA/99NnBsKaip
W7++6r8N6QFbbSvrod9hD5hKNFqBI1Y6pJi56wTyIkMubFP091Uaa1lBpQtekbmf
ACvuGIVpynHxbXxKAGvbjBhijA78nW77VWTodowFYySeWfPJG6qqA6HCjoJOOniv
kccbhc5sre094A==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKLaJHqsxFJUREHaCxTB
TYOVm4m+0/A6Z8V7A8lCT/4qZNhpAFV1tfTYcRnXJ9OKtjRbjsm8XifE51Wc0HT+
4nAmkSba6oCWKJWGqoLflQIN8SnjIsJJr0535OphLW3F1eeh75ModAj9ofLb8F/4
Ew8xRKrtAjzxaULgwYU7rzE25+gFnx83JVKNhNDQECtxqgAV9idO513IMQeKsYli
HHSgeNszPtElQoq1dTRiOGd+eTXoy9/cqyXm9htvHRPhEvJNL1AUEv6cmBQRxN83
WIKCcVW4ba6gXMECLqs6VH++/wbbKa8v6H8W61mU7csDb1CbDPAcvbMuzJ86WTtx
sQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15947843207928936555254281568
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign Organization Validation CA - SHA256 - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-04-04 17:44:05 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-11-14 19:01:04 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater London'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'London'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Government Digital Service'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Government Digital Service'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.gov.uk'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21288340607262300330577062278970460071554155603674163199959900792717057473657893081543841939063450471154888850686845610331121265699685071410097471719947070778219362925955107391680564159160036706416748912680564258846946042834281586948456081281075656394072316833344126499720765490341396019677046697207113442751244480463142589742783349553968910540839917742590534960750984191170028437997880681558182991332869349158709496029812052875497528122690939579484928050336595208853569076290529149869111472699450391278356348309305204456747621199268288878243447694781709168205987088288924635034240906099897023495892991471315316339121
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (147 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsorganizationvalsha2g2'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (270 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.businesslink.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.direct.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.preview.alphagov.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.production.alphagov.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.publishing.service.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.cabinet-office.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'assets.digital.cabinet-office.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'service.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'data.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dfid.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.data.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gov.uk'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							ae104a51c8adfaa88df028ce1ffdac202fb27564
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 96de61f1bd1c1629531cc0cc7d3b830040e61a7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000169e973627800000403004730450220239323c7ebfe0faf91d576e18ada898b04ad549afa9b3b1883bb13dfffb015cb022100a3c40843f2cbf7711227d26be10ae6372528fd67374f190b569c252b536b24a0007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000169e973625e000004030047304502203f30ff7c124b18675b1b94c3401f34f1263c0a238f16fec2f4c46b1d67a490b30221009d379714eb931816cfcd9469ca1d0e247a6346d89e34a7612c401ab8365b3c6a0076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d91300000169e97362a10000040300473045022100af8bce122884164d4759e5a8516f36278bc47f76307d4b561616207366e2ae280220449c4001224efba6e40d4a665c974f2733842f6f5bf82841b908892ded7e644a
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0063b32e068d73135654b13dc93057252fc8b65cf1e56d9f5d6b74f15110f01c9a29dabcb0e411e0ac6e40315da0ca9b0d62d6b4287fdd0132e5be33578a3e81747f1767fd139ecc70385a7d9bb5828cedfbbb87976bd68bb97c42b1dd5be2c9bce77c272003d3ce2774af65b099dcad923fa71daea9877d60a963de166db2781aa237f56e6939c1dc527577348c03ff7d36706c29a8a95bbfbeeabf0de9015b6d2beba1df610f984a345a8123563aa498b9eb04f222432e6c53f4f7551a6b5941a50b5e91b99f002bee188569ca71f16d7c4a006bdb8c18628c0efc9d6efb5564e8768c0563249e59f3c91baaaa03a1c28e824e3a78af91c71b85ce6caded3de0