mail.ddm.bilfinger.com

- Bilfinger Berger SE -

Issued by GeoTrust SSL CA

About this certificate

This digital certificate with serial number 01:51:57 was issued on by GeoTrust, Inc..

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • 1 DNS name(s) are bare public suffixes: ex-03-obh1-001 The domain SHOULD NOT have a bare public suffix (awslabs certlint)

Bilfinger Berger SE

Company registration number: Arqe1qz2G1sETUKIZUz0fxapEobH555U
Organization: Bilfinger Berger SE
Organization unit: Duro Dakovic Montaza d.d.
State / Province: Baden-Württemberg
Locality: Mannheim
Country: DE

GeoTrust, Inc.

Organization: GeoTrust, Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 01:51:57
Serial Number (int): 86359
Serial Number lenght: 17 bits, 3 octets

SubjectKeyId: 5b:eb:74:58:3f:42:69:92:ed:c2:3f:e2:ed:35:8a:c0:ee:c5:d0:3a
AuthorityKeyId: 42:79:54:1b:61:cd:55:2b:3e:63:d5:3c:48:57:f5:9f:fb:45:ce:4a

Fingerprint (sha1): 9f:a8:55:37:7d:7d:35:e4:e8:53:7a:dc:cb:1f:12:6a:1e:de:99:1f
Fingerprint (sha256): 87:6f:97:87:62:2b:3f:f2:0b:f5:c6:ae:26:3e:d3:15:85:e3:01:0f:d0:27:ed:d1:6d:b6:6a:f3:df:d6:8c:87

Issuing Certificate URL: http://gtssl-aia.geotrust.com/gtssl.crt

Revocation information

CRL Distribution Point: http://gtssl-crl.geotrust.com/crls/gtssl.crl

Check the revocation status for certificate mail.ddm.bilfinger.com

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for mail.ddm.bilfinger.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA1 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

8 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ex-03-obh1-001.comp03.int.top
autodiscover.ddm.bilfinger.com
ex-03-obh1-001
mail.ddm.bilfinger.com

Other certificates including the domain name bilfinger.com

(limited to 100 certificates)
www.cusa-is.bilfinger.com
www.procurement.bilfinger.com
r2c.bis.bilfinger.com
pm.bng.bilfinger.com
auth.bilfinger.net
slmobiletest.bilfinger.com
login.karriere.bilfinger.com
medialibrary.bilfinger.net
sv02111.res1.rlaone.net
world.tebodin.bilfinger.com
world.tebodin.bilfinger.com
ps.bis.bilfinger.com
ts.bng.bilfinger.com
portal.bng.bilfinger.com
fwms.facilitymanagement.bilfinger.com
oos.bilfinger.net
bnextwss.bng.bilfinger.com
lync.bilfinger.net
download.bng.bilfinger.com
pm.bng.bilfinger.com
reports.facilitymanagement.bilfinger.com
now.bilfinger.com
www.geraete.bilfinger.com
download.bng.bilfinger.com
*.bilfinger.com
portal.bng.bilfinger.com
westcon.bilfinger.com
www.geraete.bilfinger.com
autodiscover.bilfinger.net
ts.bng.bilfinger.com
www.qualprocurement.bilfinger.com
*.bilfinger.com
world.tebodin.bilfinger.com
bnextwss.bng.bilfinger.com
medialibrary.bilfinger.net
portal.bng.bilfinger.com
login.karriere.bilfinger.com
vpn.realestate.bilfinger.com
slmobileservice.bilfinger.com
nachunternehmerportal.arnholdt.bilfinger.com
download.bng.bilfinger.com
dms.nig.bilfinger.com
spamdigest.bilfinger.com
nachunternehmerportal.arnholdt.bilfinger.com
bnextwss.bng.bilfinger.com
login.karriere.bilfinger.com
profimiet-shop.bilfinger.com
tpm-feedback-qs.bilfinger.com
bis-vpnmuc.bilfinger.com
login.karriere.bilfinger.com
www.procurement.bilfinger.com
login.career.bilfinger.com
*.mmo.bilfinger.com
bnextwss.bng.bilfinger.com
www.download.power.bilfinger.com
portal.bng.bilfinger.com
tpm-feedback.bilfinger.com
csrreport.bilfinger.com
www.testprocurement.bilfinger.com
www.testprocurement.bilfinger.com
slmobileservice.bilfinger.com
login.career.bilfinger.com
www.identify-fs.bilfinger.com
fwms.facilitymanagement.bilfinger.com
www.qualprocurement.bilfinger.com
*.industrier.bilfinger.com
portal.bng.bilfinger.com
download.bng.bilfinger.com
www.piwik.bilfinger.com
bnextwss.bng.bilfinger.com
www.rbpoint-fs.bilfinger.com
pm.bng.bilfinger.com
www.sp-it.bilfinger.com
portal.bng.bilfinger.com
vpn-na.bilfinger.com
webmail.bilfinger.net
lync.bilfinger.net
portal.piping.bilfinger.com
www.testprocurement.bilfinger.com
transmission.bilfinger.com
norge.vcs.bilfinger.com
ts.bng.bilfinger.com
mail.ddm.bilfinger.com
vpn-na.bilfinger.com
login.karriere.bilfinger.com
*.mmo.bilfinger.com
www.procurement.bilfinger.com
world.tebodin.bilfinger.com
coz.infocenter.ch-fm.bilfinger.com
www.intranet-de-ch-fm.bilfinger.com
mis.bis.bilfinger.com
bbpsportal.bilfinger.com
www.btalent.civil.bilfinger.com
vo.bbs.bilfinger.com
jobs.bilfinger.com
www.procurement.bilfinger.com
bbpsportal.bilfinger.com
world.tebodin.bilfinger.com
fs-cloud.bilfinger.com
www.download.power.bilfinger.com

Certificate

The complete raw certificate details for mail.ddm.bilfinger.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIDAVFXMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT
MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM
IENBMB4XDTEyMDMyOTEyMjYxNVoXDTE1MDQwMTAxMjgzOVowgcsxKTAnBgNVBAUT
IEFycWUxcXoyRzFzRVRVS0laVXowZnhhcEVvYkg1NTVVMQswCQYDVQQGEwJERTEb
MBkGA1UECAwSQmFkZW4tV8O8cnR0ZW1iZXJnMREwDwYDVQQHEwhNYW5uaGVpbTEc
MBoGA1UEChMTQmlsZmluZ2VyIEJlcmdlciBTRTEiMCAGA1UECxMZRHVybyBEYWtv
dmljIE1vbnRhemEgZC5kLjEfMB0GA1UEAxMWbWFpbC5kZG0uYmlsZmluZ2VyLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKq0at8ZpJMUxTSbExYh
AUakcCshROiv01C4FbZsvHOjFEFBqWj/NLQsCMKQMt9JaDnHi83Wr14KVfbaXfr3
sN+rp9sja4h8IFLPmikp18FuYY5m2BlynwMgzFjULCHle+cXd6xPX/H6ldYmhzxi
AfDPzPbWXFvBWF384Gex3eJ6G2eOzZ+hqCo3/WbLzd8dvpBpAPhNxLAosXI37Nh/
enUvekoNeoyROzbN7RMnEC/0XeEgi5SKSSlhe7RFYknNd3JB8njkM8lr7EKOeDRC
N5IG7sFgTUhplNIuM2g9B/W7BovF47PiT45cyPEZSFLfl/zDfrFrK2MZMBgvyucX
zmUCAwEAAaOCAXcwggFzMB8GA1UdIwQYMBaAFEJ5VBthzVUrPmPVPEhX9Z/7Rc5K
MA4GA1UdDwEB/wQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
cAYDVR0RBGkwZ4IdZXgtMDMtb2JoMS0wMDEuY29tcDAzLmludC50b3CCHmF1dG9k
aXNjb3Zlci5kZG0uYmlsZmluZ2VyLmNvbYIOZXgtMDMtb2JoMS0wMDGCFm1haWwu
ZGRtLmJpbGZpbmdlci5jb20wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2d0c3Ns
LWNybC5nZW90cnVzdC5jb20vY3Jscy9ndHNzbC5jcmwwHQYDVR0OBBYEFFvrdFg/
QmmS7cI/4u01isDuxdA6MAwGA1UdEwEB/wQCMAAwQwYIKwYBBQUHAQEENzA1MDMG
CCsGAQUFBzAChidodHRwOi8vZ3Rzc2wtYWlhLmdlb3RydXN0LmNvbS9ndHNzbC5j
cnQwDQYJKoZIhvcNAQEFBQADggEBAA88zivhjxu0NhzxIE6f7jUeeJ0BpqsvwUmN
mPcckmsbeIQZgeZ7zPqwfnIT2cLun2Ga6pYqEMiJo53ZAzWDM4DaUT9Pz/4qEKzC
tdH/lncF7HW1+Dd9WkR4itdUjJi5alJlDN1v+US2LHD09m3wiMMW0AINop/eECKc
ET3+9pv00R9VANNMoIhkssb2e1dkXngVhu2EKHnIRTDmSu8CChZf+VS2dEB3ebsK
uXR7AhdiQfmF+2egitDxAy7zhCJwiof9HswtKyRKO3AoDahNMvVUtqEkRfeza8Bo
EP2i2ytuYn00Yjn6Sx124ATN7PJf3uO+YqHKfFPuog3/2n+BE3A=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrRq3xmkkxTFNJsTFiEB
RqRwKyFE6K/TULgVtmy8c6MUQUGpaP80tCwIwpAy30loOceLzdavXgpV9tpd+vew
36un2yNriHwgUs+aKSnXwW5hjmbYGXKfAyDMWNQsIeV75xd3rE9f8fqV1iaHPGIB
8M/M9tZcW8FYXfzgZ7Hd4nobZ47Nn6GoKjf9ZsvN3x2+kGkA+E3EsCixcjfs2H96
dS96Sg16jJE7Ns3tEycQL/Rd4SCLlIpJKWF7tEViSc13ckHyeOQzyWvsQo54NEI3
kgbuwWBNSGmU0i4zaD0H9bsGi8Xjs+JPjlzI8RlIUt+X/MN+sWsrYxkwGC/K5xfO
ZQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 86359
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust SSL CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2012-03-29 12:26:15 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-04-01 01:28:39 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Arqe1qz2G1sETUKIZUz0fxapEobH555U'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Baden-Württemberg'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Mannheim'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bilfinger Berger SE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Duro Dakovic Montaza d.d.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'mail.ddm.bilfinger.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21549479012930455052784862820341532479223040043405493184093726758765570109486968226402555413289931263139178534063927543554857383759467435971638124742656783377060205050015140790696943319136120601367868282615671096013115829522492245974294351973720901902743476450863943825083035814611391846678007794578611074078161890727919453095629691601963134409383772402316378803203720487480121796660142710074074039361385835256784338975389601678736292538405112659035596674563485561042066040115710193073951034107260096518409542092070606826893903161600905913111752310744865695663048999513850925344658701664321495490984494476295539248741
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 4279541b61cd552b3e63d53c4857f59ffb45ce4a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ex-03-obh1-001.comp03.int.top'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.ddm.bilfinger.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ex-03-obh1-001'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mail.ddm.bilfinger.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gtssl-crl.geotrust.com/crls/gtssl.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5beb74583f426992edc23fe2ed358ac0eec5d03a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gtssl-aia.geotrust.com/gtssl.crt'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000f3cce2be18f1bb4361cf1204e9fee351e789d01a6ab2fc1498d98f71c926b1b78841981e67bccfab07e7213d9c2ee9f619aea962a10c889a39dd90335833380da513f4fcffe2a10acc2b5d1ff967705ec75b5f8377d5a44788ad7548c98b96a52650cdd6ff944b62c70f4f66df088c316d0020da29fde10229c113dfef69bf4d11f5500d34ca08864b2c6f67b57645e781586ed842879c84530e64aef020a165ff954b674407779bb0ab9747b02176241f985fb67a08ad0f1032ef38422708a87fd1ecc2d2b244a3b70280da84d32f554b6a12445f7b36bc06810fda2db2b6e627d346239fa4b1d76e004cdecf25fdee3be62a1ca7c53eea20dffda7f811370