*.grupoimprosa.com

- Grupo Financiero Improsa -

Issued by DigiCert Global G2 TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 08:56:a7:88:4d:f7:b1:7a:29:71:87:ea:4c:df:e6:b2 was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Grupo Financiero Improsa

Organization: Grupo Financiero Improsa
Locality: San Jose
Country: CR

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 08:56:a7:88:4d:f7:b1:7a:29:71:87:ea:4c:df:e6:b2
Serial Number (int): 11083759457677022474239737165531571890
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: b8:4a:d9:8d:9a:f0:40:cf:00:f1:86:04:5b:c4:2d:fe:ab:06:0f:99
AuthorityKeyId: 74:85:80:c0:66:c7:df:37:de:cf:bd:29:37:aa:03:1d:be:ed:cd:17

Fingerprint (sha1): 42:13:9e:f0:7e:16:ca:5b:d5:53:2b:48:d8:b7:79:b5:c2:2e:96:8f
Fingerprint (sha256): 95:98:d6:d0:69:fb:72:f1:5b:83:97:a7:e9:61:84:4b:20:e0:ec:69:53:3b:d3:8a:42:c6:18:8b:f1:4c:2c:c6

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl

Check the revocation status for certificate *.grupoimprosa.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.grupoimprosa.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.grupoimprosa.com
grupoimprosa.com

Other certificates including the domain name grupoimprosa.com

(limited to 100 certificates)
www.grupoimprosa.com
mesadeayuda.grupoimprosa.com
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
www.grupoimprosa.com
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
GrupoImprosa.com
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
mesadeayuda.grupoimprosa.com
comprobante.grupoimprosa.com
GrupoImprosa.com
tllservicedesk.thelearninglab.com.sg
www.grupoimprosa.com
www.grupoimprosa.com
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
mesadeayuda.grupoimprosa.com
tllservicedesk.thelearninglab.com.sg
*.grupoimprosa.com
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
mesadeayuda.grupoimprosa.com
tllservicedesk.thelearninglab.com.sg
GrupoImprosa.com
www.grupoimprosa.com
tllservicedesk.thelearninglab.com.sg
tllservicedesk.thelearninglab.com.sg
www.grupoimprosa.com
helpdesk.gershautism.com
SE-SUITE.grupoimprosa.com
tllservicedesk.thelearninglab.com.sg

Certificate

The complete raw certificate details for *.grupoimprosa.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIH5TCCBs2gAwIBAgIQCFaniE33sXopcYfqTN/msjANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQw
MjIxMDAwMDAwWhcNMjUwMjIwMjM1OTU5WjBgMQswCQYDVQQGEwJDUjERMA8GA1UE
BxMIU2FuIEpvc2UxITAfBgNVBAoTGEdydXBvIEZpbmFuY2llcm8gSW1wcm9zYTEb
MBkGA1UEAwwSKi5ncnVwb2ltcHJvc2EuY29tMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEAruDvXGg9IIrg888vlbAxHx1ndPFgc2bw2rU1WjGxmhRaxcUi
ZkSWwkiVZ/xL0RUovfYfGeLg0aqS0dIZSbnR/y50iA313fSgS22MmXslJabhAG0A
ygBWfXO4a5Nnq06eHTmOZUTFZL/yh7PhvpuFEry7DuMMCekZ9MkHzJTyM0oQCiYF
9hfySApQidQjO8b1Lxkbu7Wn/1UohwxIfV+LzwgPog5jnpDMu5BhIt3KmJsDx9pw
+PzHEnHdAKnq8dHfd9ORI64Z1goNtIMYWWRWe0/D0vL7NLDJLOHuecic3NbKcbmS
XjlQLckzfVjVhsWtONDJtHO8G8Ie+gARPfPcpgpIk9zrnl8JDYsBaOi19W2NvEbR
fWhZ4GIYGsOUnDAdOR5Cou3upUzqHhYaWD4hKb6R1+D1SyQnuf1QyTC/LNkedJPe
mv4FqesfPVBq29/s370IbWQOOP5ATRtVC5Ec5qgNWRBdkuwvSatVeYcYJ433Ci8W
47xzo22kND46s7M5eqEFTghChzhlpol2G/tll1HbswTJXrGT3IXHgmAO7Oo9BWrZ
9j+CljT1gJusRu6ddg5psE4CBRsKojknNY8ykz1suC0VawsCP+5jV84qK8nXDUyP
7p4Lw8vZiEUd2NBtGB/HVaB/fpGgsBGhR/PWR9o8QmkGtfAbnc8TYjxzbYcCAwEA
AaOCA6AwggOcMB8GA1UdIwQYMBaAFHSFgMBmx9833s+9KTeqAx2+7c0XMB0GA1Ud
DgQWBBS4StmNmvBAzwDxhgRbxC3+qwYPmTAvBgNVHREEKDAmghIqLmdydXBvaW1w
cm9zYS5jb22CEGdydXBvaW1wcm9zYS5jb20wPgYDVR0gBDcwNTAzBgZngQwBAgIw
KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZ8GA1Ud
HwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0
R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMEigRqBEhkJodHRwOi8v
Y3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIw
MjBDQTEtMS5jcmwwgYcGCCsGAQUFBwEBBHsweTAkBggrBgEFBQcwAYYYaHR0cDov
L29jc3AuZGlnaWNlcnQuY29tMFEGCCsGAQUFBzAChkVodHRwOi8vY2FjZXJ0cy5k
aWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEt
MS5jcnQwDAYDVR0TAQH/BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA
TnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGNzXCLjQAABAMARjBE
AiAGf2Yd1pnZEkV9f4ktfoWxgpYOAwyLgkR1jLluUHCwxwIgUNbOsHgeluaWtBtk
E5EYbQvKd2D13FSsSxe/RTwpYgQAdwB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkD
L9kOjC55uAAAAY3NcIvPAAAEAwBIMEYCIQCbanWtiIwJGbH8pjb4AvcKuKkoWiAk
hI8fnnWn3aSpFAIhAKmh0mDjyWemzJ/5tHmGUbnfzriDDa32v+bs831x73tyAHYA
5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGNzXCL8gAABAMARzBF
AiAFp0Z3xmUVmFDfKJzlN50P8CN9NlT1U6gxgz5+g0A3HAIhAMrbgoh25y0TFphs
MMMMm4FVDqLUgl67tnX+EgDU7yL1MA0GCSqGSIb3DQEBCwUAA4IBAQDGhdcZ21z5
J+5r2v1hzYN4rev6rt9Q2cHvGtCBdA9PMNaRDm64/+OzOxAx8WdPgd42CMlsLsBu
wu7i0S/NtuQc7zIRpbDSmfX74tnsrkaM8GzZ3UPHVUQEsGgNyRH81BoqxG/YkNZV
TM63heNpJ0vFy5G557rNT7ohDGJGcBImvYv1PQYSiatDXKQXHU00632l2xWmFeoy
3twfe36YFR6Us3NhE0u6Yc4un/zUSexJ3uAPLLZPVTrvgFCXmYQ5xRthAMymtlAu
mA6oQjavLrsN9vweqo5fa5g1vrkF49wdrBWgL4nxZkUqwazP4yGPinbEJoVTtc+O
xXml7Rcq7Z5I
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAruDvXGg9IIrg888vlbAx
Hx1ndPFgc2bw2rU1WjGxmhRaxcUiZkSWwkiVZ/xL0RUovfYfGeLg0aqS0dIZSbnR
/y50iA313fSgS22MmXslJabhAG0AygBWfXO4a5Nnq06eHTmOZUTFZL/yh7PhvpuF
Ery7DuMMCekZ9MkHzJTyM0oQCiYF9hfySApQidQjO8b1Lxkbu7Wn/1UohwxIfV+L
zwgPog5jnpDMu5BhIt3KmJsDx9pw+PzHEnHdAKnq8dHfd9ORI64Z1goNtIMYWWRW
e0/D0vL7NLDJLOHuecic3NbKcbmSXjlQLckzfVjVhsWtONDJtHO8G8Ie+gARPfPc
pgpIk9zrnl8JDYsBaOi19W2NvEbRfWhZ4GIYGsOUnDAdOR5Cou3upUzqHhYaWD4h
Kb6R1+D1SyQnuf1QyTC/LNkedJPemv4FqesfPVBq29/s370IbWQOOP5ATRtVC5Ec
5qgNWRBdkuwvSatVeYcYJ433Ci8W47xzo22kND46s7M5eqEFTghChzhlpol2G/tl
l1HbswTJXrGT3IXHgmAO7Oo9BWrZ9j+CljT1gJusRu6ddg5psE4CBRsKojknNY8y
kz1suC0VawsCP+5jV84qK8nXDUyP7p4Lw8vZiEUd2NBtGB/HVaB/fpGgsBGhR/PW
R9o8QmkGtfAbnc8TYjxzbYcCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 11083759457677022474239737165531571890
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global G2 TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-21 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-20 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'San Jose'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Grupo Financiero Improsa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.grupoimprosa.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 713442656717640132706795213302249025855864926892737320370590969271848069735047039655253417272631546468954771384838589723865054181786837643395541157304280190189216412111111379005254426943260295698526516454711592121507529362572183872540109353824939144008986285492062749108669822473499203820953720063614299158539537332018836156770945603395350499478067236035990397728930253878642008156879754972266080788864245145184779210904099462483504052862516509417072358135801787300114523349239696189699962858537142560314971189333087204684063511993214938566943342171314822241209135971124951173172013944325946820615007082136302252603751161941368278593779770315720382573612224470678672204693041824699124421710206474943307626317798193875242670667122280836324858786181742587625119476219676429049304986581061701771356071997676800365118912834408912493166591638951973956802021382048345231633641808021178844323768203156171742920239954198593162053349907198409671766138475060923092260369856473967708797963198319902006786476047437189569156655258967686944210408161908631543764334215403302900912280200213304918837503491772147233278501258353708507618442075637247200829832444213730893413139029120252354211464463605696331259809719471294218186971907667429932284472711
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 748580c066c7df37decfbd2937aa031dbeedcd17
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b84ad98d9af040cf00f186045bc42dfeab060f99
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.grupoimprosa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'grupoimprosa.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680075004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018dcd708b8d00000403004630440220067f661dd699d912457d7f892d7e85b182960e030c8b8244758cb96e5070b0c7022050d6ceb0781e96e696b41b641391186d0bca7760f5dc54ac4b17bf453c2962040077007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018dcd708bcf00000403004830460221009b6a75ad888c0919b1fca636f802f70ab8a9285a2024848f1f9e75a7dda4a914022100a9a1d260e3c967a6cc9ff9b4798651b9dfceb8830dadf6bfe6ecf37d71ef7b72007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018dcd708bf20000040300473045022005a74677c665159850df289ce5379d0ff0237d3654f553a831833e7e8340371c022100cadb828876e72d1316986c30c30c9b81550ea2d4825ebbb675fe1200d4ef22f5
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00c685d719db5cf927ee6bdafd61cd8378adebfaaedf50d9c1ef1ad081740f4f30d6910e6eb8ffe3b33b1031f1674f81de3608c96c2ec06ec2eee2d12fcdb6e41cef3211a5b0d299f5fbe2d9ecae468cf06cd9dd43c7554404b0680dc911fcd41a2ac46fd890d6554cceb785e369274bc5cb91b9e7bacd4fba210c6246701226bd8bf53d061289ab435ca4171d4d34eb7da5db15a615ea32dedc1f7b7e98151e94b37361134bba61ce2e9ffcd449ec49dee00f2cb64f553aef805097998439c51b6100cca6b6502e980ea84236af2ebb0df6fc1eaa8e5f6b9835beb905e3dc1dac15a02f89f166452ac1accfe3218f8a76c4268553b5cf8ec579a5ed172aed9e48