*.xempus.com

Issued by Thawte TLS RSA CA G1

About this certificate

This digital certificate with serial number 07:92:89:c6:da:ff:34:b7:21:36:95:e9:c4:f2:63:8a was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=*.xempus.com

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 07:92:89:c6:da:ff:34:b7:21:36:95:e9:c4:f2:63:8a
Serial Number (int): 10065465756908631213538521396366435210
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 1c:43:5d:c1:ad:ed:91:c7:d8:cd:2c:1d:db:98:e1:fd:92:a9:81:5f
AuthorityKeyId: a5:8c:fe:32:cc:eb:0f:2c:d4:19:c6:08:b8:00:24:88:5d:c3:c5:b7

Fingerprint (sha1): a7:e9:72:95:76:db:9c:0e:d8:98:f6:a3:1f:b0:86:df:33:f3:6c:e8
Fingerprint (sha256): 91:e7:16:be:ba:9c:ca:7f:a3:0b:7e:24:3a:43:ad:46:8c:00:da:00:7f:ff:34:27:66:5c:fd:08:18:41:d4:e6

Issuing Certificate URL: http://cacerts.thawte.com/ThawteTLSRSACAG1.crt

Revocation information

OCSP Server: http://status.thawte.com
CRL Distribution Point: http://cdp.thawte.com/ThawteTLSRSACAG1.crl

Check the revocation status for certificate *.xempus.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.xempus.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.xempus.com
xempus.com

Other certificates including the domain name xempus.com

(limited to 100 certificates)
status.itsnationwide.com
overturstatus.allegion.com
webstatus.engr.ucdavis.edu
webstatus.engr.ucdavis.edu
webstatus.engr.ucdavis.edu
webstatus.engr.ucdavis.edu
webstatus.engr.ucdavis.edu
status.managementcouncil.org
status.qualyteam.com.br
status.logicpath.com
videoberatung.xempus.com
webstatus.engr.ucdavis.edu
webstatus.engr.ucdavis.edu
partner-status.verify.interac-id.ca
status.fringesecure.com
webstatus.engr.ucdavis.edu
webstatus.engr.ucdavis.edu
status.madeinleander.com
status.itsnationwide.com
status.zoho.jp
*.xempus.com
status.blitzrocks.net
webstatus.engr.ucdavis.edu
status.fringesecure.com
status.managementcouncil.org
status.itsnationwide.com
status.zoho.jp
webstatus.engr.ucdavis.edu
status.mscloud.ca
status-salus-na.uleeco.com
status.elmohub.com.au
webstatus.engr.ucdavis.edu
status.startlink.com.br
webstatus.engr.ucdavis.edu
status.console.macrometa.io
status.mybookingplatform.com
overturstatus.allegion.com
status.madeinleander.com
status.metaserve.cloud
webstatus.engr.ucdavis.edu
status.ahima.app
status.mybookingplatform.com
status.mybookingplatform.com
status.hub.verifiedidentitysolutions.com
status.logicpath.com
status.managementcouncil.org
status.albania10.com.br
status.elmohub.com.au
webstatus.engr.ucdavis.edu
status.teamtexter.io
videoberatung.xempus.com
*.xempus.com
webstatus.engr.ucdavis.edu
webstatus.engr.ucdavis.edu
status.startlink.com.br
status.startlink.com.br
status-namer-attest.gtil.gt.com
webstatus.engr.ucdavis.edu
webstatus.engr.ucdavis.edu
status.hub.verifiedidentitysolutions.com
status.managementcouncil.org
status.plantdemand.com
status.eicatalyst.com
status.blitzrocks.net
status.fringesecure.com
status.elmohub.com.au
status.qualyteam.com.br
status.startlink.com.br
webstatus.engr.ucdavis.edu
webstatus.engr.ucdavis.edu
webstatus.engr.ucdavis.edu
maintenance.xempus.com
status.zoho.jp
status.albania10.com.br
status.dev.ulaval.ca
status.elmohub.com.au
status.logicpath.com
status-salus-na.uleeco.com
webstatus.engr.ucdavis.edu
old.xbav.de
xempus.com
webstatus.engr.ucdavis.edu
status.tecfiscal.linx.com.br
status.teamtexter.io
webstatus.engr.ucdavis.edu
status.eicatalyst.com
apimonitoring.carletoninc.com
partner-status.verify.interac-id.ca
status.logicpath.com
webstatus.engr.ucdavis.edu
status.teamtexter.io
status.success.ai
status-namer-attest.gtil.gt.com
status.madeinleander.com
status.hub.verifiedidentitysolutions.com
webstatus.engr.ucdavis.edu
webstatus.engr.ucdavis.edu
status.itsnationwide.com

Certificate

The complete raw certificate details for *.xempus.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGGTCCBQGgAwIBAgIQB5KJxtr/NLchNpXpxPJjijANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRUaGF3dGUgVExTIFJTQSBDQSBHMTAe
Fw0yNDAyMTAwMDAwMDBaFw0yNTAzMTAyMzU5NTlaMBcxFTATBgNVBAMMDCoueGVt
cHVzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ+l/SYJoOBv
Yfr8S2v8wAss7o5PLhPSpwlmG3ft3ODF10BbNgssxcU14kJwotYWrKhfw44H2xmy
iQs2z7c9N8NaWxlZppC2icxb/toxK+pe5LNeoVelD0xZEe3ws7nfjpCgG8Vjt/K6
bV4jclgkwatw5AYJ9Bp55LeAGLRysfS1n5aPLAfudmxhHWzR6XRszpqhlbDNAAQm
yLBSMfl7kt53zPGelZDx8MbU5SeIlq2yFwBQUHwXZ+5foilCYceP8ScXwztsrNVF
qMVxX/qfCrbQ1kQpTaKEGPXUjkpuC2GlJPzbuQzZoR1gaIVn/6NSnZL0FZjKqIO7
93vOBFm47/sCAwEAAaOCAxgwggMUMB8GA1UdIwQYMBaAFKWM/jLM6w8s1BnGCLgA
JIhdw8W3MB0GA1UdDgQWBBQcQ13Bre2Rx9jNLB3bmOH9kqmBXzAjBgNVHREEHDAa
ggwqLnhlbXB1cy5jb22CCnhlbXB1cy5jb20wPgYDVR0gBDcwNTAzBgZngQwBAgEw
KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0f
BDQwMjAwoC6gLIYqaHR0cDovL2NkcC50aGF3dGUuY29tL1RoYXd0ZVRMU1JTQUNB
RzEuY3JsMHAGCCsGAQUFBwEBBGQwYjAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1
cy50aGF3dGUuY29tMDoGCCsGAQUFBzAChi5odHRwOi8vY2FjZXJ0cy50aGF3dGUu
Y29tL1RoYXd0ZVRMU1JTQUNBRzEuY3J0MAwGA1UdEwEB/wQCMAAwggF/BgorBgEE
AdZ5AgQCBIIBbwSCAWsBaQB3AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFi
mjnfAAABjZK0v1YAAAQDAEgwRgIhAKKocEpO68wQ0RwAUmMoNZxuSVaGWIdkcANT
13rzrHhSAiEAnVuKooIXxyK2491SqDwBgab0c/7pwUQIsbAV+FYbe60AdgB9WR4S
4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAAAY2StL97AAAEAwBHMEUCIAbB
6wFgdakChM77sZ87Whf9v4WoKP7oq/MtzqKLIJOXAiEA0xRwUm1KryuP6EA9MWXk
E6txGR8P/f5kBo8eT0CP6rgAdgDm0jFjQHeMwRBBBtdxuc7B0kD2loSG+7qHMh39
HjeOUAAAAY2StL+pAAAEAwBHMEUCIFy0CUV/onEVoQMksChFlwELrOqxFxhUmxha
SCkpkjoZAiEAzBjYODzDFtb+R2x2brj/r1uYCe5TIpjRj9rC+rCHZAwwDQYJKoZI
hvcNAQELBQADggEBABFK1ZpB7eVHhz4gga/hG6rtcEQ2FXLmoT4bMPFX82SKn2d+
L9xWnuP/eR3guUVP7ySZ18Y1C8yHHQBB86O5NQS/NCIz+6Fqj3CkZhGGMedXJ/Ho
qbNyxwDDBNwyDWw8xdf/x5ug1eyMpJMYqxb1Acwmo2GloQm39qBGWEXr0cI1I9Tl
B/rsYJtN+wRCVyfRFrVMOo9O1cL/znvBMvVWPGpK9n0Cb9WqaQYEfltyEZZqHxnl
hPIC8Q8bXBsTBsG5NkiSI1VjjB+iWMjUTAKaMnZoGSK85wTQDYno5NlrcoYPf0JI
h3ST5pPH5sq69/KPcBp1YCHPG/RfHiFCHu1theg=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6X9Jgmg4G9h+vxLa/zA
Cyzujk8uE9KnCWYbd+3c4MXXQFs2CyzFxTXiQnCi1hasqF/DjgfbGbKJCzbPtz03
w1pbGVmmkLaJzFv+2jEr6l7ks16hV6UPTFkR7fCzud+OkKAbxWO38rptXiNyWCTB
q3DkBgn0Gnnkt4AYtHKx9LWflo8sB+52bGEdbNHpdGzOmqGVsM0ABCbIsFIx+XuS
3nfM8Z6VkPHwxtTlJ4iWrbIXAFBQfBdn7l+iKUJhx4/xJxfDO2ys1UWoxXFf+p8K
ttDWRClNooQY9dSOSm4LYaUk/Nu5DNmhHWBohWf/o1KdkvQVmMqog7v3e84EWbjv
+wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 10065465756908631213538521396366435210
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte TLS RSA CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-10 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-10 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.xempus.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20153742647958542717410573560408432437376295805467482580080141878913596037941716252216234354709005521124901228172511327895229047119614732569466623121381240311212423663342648972469988639731927535607090077914272200771163564536803202030359356414907648835800028055585633245228273817191538423931706494987336749445214169077335986753656463011779254284834418607026204954165639395638260054713392405183451849705766363674726900285087256299562141126270584054532558500722302630958693951740730468243456927870343707308059255144417411778744560386661383111521951007673825657085752644136403649161233717013336092821196041530304884174843
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a58cfe32cceb0f2cd419c608b80024885dc3c5b7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1c435dc1aded91c7d8cd2c1ddb98e1fd92a9815f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.xempus.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'xempus.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteTLSRSACAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteTLSRSACAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							01690077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d92b4bf560000040300483046022100a2a8704a4eebcc10d11c00526328359c6e495686588764700353d77af3ac78520221009d5b8aa28217c722b6e3dd52a83c0181a6f473fee9c14408b1b015f8561b7bad0076007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018d92b4bf7b0000040300473045022006c1eb016075a90284cefbb19f3b5a17fdbf85a828fee8abf32dcea28b209397022100d31470526d4aaf2b8fe8403d3165e413ab71191f0ffdfe64068f1e4f408feab8007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018d92b4bfa9000004030047304502205cb409457fa27115a10324b0284597010baceab11718549b185a482929923a19022100cc18d8383cc316d6fe476c766eb8ffaf5b9809ee532298d18fdac2fab087640c
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00114ad59a41ede547873e2081afe11baaed7044361572e6a13e1b30f157f3648a9f677e2fdc569ee3ff791de0b9454fef2499d7c6350bcc871d0041f3a3b93504bf342233fba16a8f70a466118631e75727f1e8a9b372c700c304dc320d6c3cc5d7ffc79ba0d5ec8ca49318ab16f501cc26a361a5a109b7f6a0465845ebd1c23523d4e507faec609b4dfb04425727d116b54c3a8f4ed5c2ffce7bc132f5563c6a4af67d026fd5aa6906047e5b7211966a1f19e584f202f10f1b5c1b1306c1b93648922355638c1fa258c8d44c029a3276681922bce704d00d89e8e4d96b72860f7f4248877493e693c7e6cabaf7f28f701a756021cf1bf45f1e21421eed6d85e8