crm.fglife.com.tw

- Farglory Life Insurance Co., Ltd. -

Issued by TWCA Secure SSL Certification Authority

About this certificate

This digital certificate with serial number 47:e8:00:00:00:07:2c:cd:44:55:67:38:d3:3a:4e:01 was issued on by TAIWAN-CA.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Farglory Life Insurance Co., Ltd.

Organization: Farglory Life Insurance Co., Ltd.
State / Province: Taiwan
Locality: Taipei
Country: TW

TAIWAN-CA

Organization: TAIWAN-CA
Country: TW

This certificate will expire on

Certificate Details

Serial Number (hex): 47:e8:00:00:00:07:2c:cd:44:55:67:38:d3:3a:4e:01
Serial Number (int): 95579800571917781037358415468713102849
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 56:0b:1b:51:22:cc:46:cf:75:08:f3:29:25:82:0f:ef:58:68:13:91:db:d9:53:a8:6d:a4:18:df:8c:ff:60:ec
AuthorityKeyId: 92:e7:fa:62:16:71:8c:f3:97:71:42:c6:06:a7:e0:46:61:4b:5c:b6

Fingerprint (sha1): 3b:b6:56:3c:7a:e2:3e:2f:cd:96:98:ee:e4:81:f1:f0:fb:78:90:e9
Fingerprint (sha256): 96:8c:47:ac:bc:38:8a:57:ef:b4:c6:91:6f:d4:6d:76:57:02:8b:d8:45:a1:23:73:e3:59:af:5a:24:dd:bd:70

Issuing Certificate URL: http://sslserver.twca.com.tw/cacert/secure_sha2_2023G3.crt

Revocation information

OCSP Server: http://twcasslocsp.twca.com.tw/
CRL Distribution Point: http://sslserver.twca.com.tw/sslserver/Securessl_revoke_sha2_2023G3.crl

Check the revocation status for certificate crm.fglife.com.tw

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for crm.fglife.com.tw

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

crm.fglife.com.tw

Other certificates including the domain name fglife.com.tw

(limited to 100 certificates)
bw.fglife.com.tw
ex.fglife.com.tw
mdm.fglife.com.tw
app-customer.fglife.com.tw
cp.fglife.com.tw
ex3.fglife.com.tw
fgweb.fglife.com.tw
member.fglife.com.tw
uat.lia-share.fglife.com.tw
app-bank.fglife.com.tw
hr.fglife.com.tw
app-customer.fglife.com.tw
bw.fglife.com.tw
proposal.fglife.com.tw
hr.fglife.com.tw
member.fglife.com.tw
member.fglife.com.tw
uat.lia-share.fglife.com.tw
slm.fglife.com.tw
webmail.fglife.com.tw
app-customer.fglife.com.tw
test.fglife.com.tw
bw.fglife.com.tw
gip.fglife.com.tw
ex3.fglife.com.tw
ex.fglife.com.tw
bw.fglife.com.tw
accessibility.fglife.com.tw
sslvpn.fglife.com.tw
app2-ins.fglife.com.tw
app-broker.fglife.com.tw
fgweb.fglife.com.tw
luckygo.fglife.com.tw
webmail.fglife.com.tw
fgweb.fglife.com.tw
member.fglife.com.tw
app-broker.fglife.com.tw
app-customer.fglife.com.tw
www.fglife.com.tw
jcm.fglife.com.tw
app-bank.fglife.com.tw
www2.fglife.com.tw
bw.fglife.com.tw
online-ins.fglife.com.tw
member.fglife.com.tw
e-recruit.fglife.com.tw
app-broker.fglife.com.tw
bw.fglife.com.tw
realty.fglife.com.tw
slm.fglife.com.tw
www.fglife.com.tw
app-broker.fglife.com.tw
online-ins.fglife.com.tw
member.fglife.com.tw
lip.fglife.com.tw
lip.fglife.com.tw
lia-share.fglife.com.tw
mdm.fglife.com.tw
crm.fglife.com.tw
webmail.fglife.com.tw
hr.fglife.com.tw
webmail.fglife.com.tw
fgweb.fglife.com.tw
lia-share.fglife.com.tw
slm.fglife.com.tw
member.fglife.com.tw
sslvpn.fglife.com.tw
jcm.fglife.com.tw
fgweb.fglife.com.tw
online-ins.fglife.com.tw
app-agent.fglife.com.tw
app-agent.fglife.com.tw
ex.fglife.com.tw
app-ins-test.fglife.com.tw
app-ins-nbpr.fglife.com.tw
ex.fglife.com.tw
lip.fglife.com.tw
lia-share.fglife.com.tw
uat.lia-share.fglife.com.tw
accessibility.fglife.com.tw
www.fglife.com.tw
cas.fglife.com.tw
fatca.fglife.com.tw
cas.fglife.com.tw
member.fglife.com.tw
member.fglife.com.tw
fg-ao5.fglife.com.tw
app-broker.fglife.com.tw
sslvpn.fglife.com.tw
jcm.fglife.com.tw
realty.fglife.com.tw
www.fglife.com.tw
lip.fglife.com.tw
jira.fglife.com.tw
fg-ao5.fglife.com.tw
www2.fglife.com.tw
e-recruit.fglife.com.tw
member.fglife.com.tw
app2-ins-test.fglife.com.tw
webmail.fglife.com.tw

Certificate

The complete raw certificate details for crm.fglife.com.tw in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgIQR+gAAAAHLM1EVWc40zpOATANBgkqhkiG9w0BAQsFADBT
MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMTAwLgYDVQQDEydUV0NB
IFNlY3VyZSBTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMjQwNDI0MDg0
MjQzWhcNMjUwNDI0MTU1OTU5WjB3MQswCQYDVQQGEwJUVzEPMA0GA1UECBMGVGFp
d2FuMQ8wDQYDVQQHEwZUYWlwZWkxKjAoBgNVBAoTIUZhcmdsb3J5IExpZmUgSW5z
dXJhbmNlIENvLiwgTHRkLjEaMBgGA1UEAxMRY3JtLmZnbGlmZS5jb20udHcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/fcoO2e+fO2mVUJVF33oPVemd
8VAuoi5XHZJSC1Zf3ykP0DnAFsh7Fz2ExkRGauy7/r63E2Yk6Ag6cG4+TBJD27/i
g6rh7ogLowtoei8cFe7kBwt5pqpAyIeBLG/tOba3bJk9ed5Yr2yBd2+jFKUv9p44
lszSZAxAFH39hDzffDvR+1uuE4aNnneSqbWvEle4t8zonb1VXBQpgsbaLzpSITTM
j3axzEyf2fnUfXnPrp7PIp/5LGXVQ/8Mqh9obFQzF/7zKErGFTDPCUGgsPoNFljB
n+GmE9fPa+grOWhanX5sqqPfaIHZB7ahQZBb5bACJxAw3Fs3Wl7L9OVVG6XpAgMB
AAGjggHsMIIB6DAfBgNVHSMEGDAWgBSS5/piFnGM85dxQsYGp+BGYUtctjApBgNV
HQ4EIgQgVgsbUSLMRs91CPMpJYIP71hoE5Hb2VOobaQY34z/YOwwWAYDVR0fBFEw
TzBNoEugSYZHaHR0cDovL3NzbHNlcnZlci50d2NhLmNvbS50dy9zc2xzZXJ2ZXIv
U2VjdXJlc3NsX3Jldm9rZV9zaGEyXzIwMjNHMy5jcmwwHAYDVR0RBBUwE4IRY3Jt
LmZnbGlmZS5jb20udHcwgYMGCCsGAQUFBwEBBHcwdTBGBggrBgEFBQcwAoY6aHR0
cDovL3NzbHNlcnZlci50d2NhLmNvbS50dy9jYWNlcnQvc2VjdXJlX3NoYTJfMjAy
M0czLmNydDArBggrBgEFBQcwAYYfaHR0cDovL3R3Y2Fzc2xvY3NwLnR3Y2EuY29t
LnR3LzBKBgNVHSAEQzBBMDUGCysGAQQBgr8lAQEVMCYwJAYIKwYBBQUHAgEWGGh0
dHBzOi8vd3d3LnR3Y2EuY29tLnR3LzAIBgZngQwBAgIwDAYDVR0TAQH/BAIwADAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBMG
CisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQBk6D/b2MFi9Z1R
nUs/vFfzeIiUgkqghq0ZqTUECo7Z7zlwokUZcMXlTMDwMrQRcYOnPeFbpnvnZqNz
icB2h7lLOPKvDM4iQc7i4BlFNrEw2kNjyU0KMkQiVbItbyHRZHcTHEtE2B2GmOKI
sdL6Cv0HupyC8E6T01zrnsVm4qNMLGdhL0ew6EuS/O1khmfHww4b3A6cU3Wn90OR
b/DkeypbKh+8mk6RsFDQKEZbRvGY0zi49HwkIWYZeIaQN7dknl+rbR869GhGeD06
zMPlbC1MKrWTR7kZ/objYrlBo7fDuKTHr9KhyThHPRU45eQZ/99ijy/ca7mbIJiV
f3piIJkN
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv33KDtnvnztplVCVRd96
D1XpnfFQLqIuVx2SUgtWX98pD9A5wBbIexc9hMZERmrsu/6+txNmJOgIOnBuPkwS
Q9u/4oOq4e6IC6MLaHovHBXu5AcLeaaqQMiHgSxv7Tm2t2yZPXneWK9sgXdvoxSl
L/aeOJbM0mQMQBR9/YQ833w70ftbrhOGjZ53kqm1rxJXuLfM6J29VVwUKYLG2i86
UiE0zI92scxMn9n51H15z66ezyKf+Sxl1UP/DKofaGxUMxf+8yhKxhUwzwlBoLD6
DRZYwZ/hphPXz2voKzloWp1+bKqj32iB2Qe2oUGQW+WwAicQMNxbN1pey/TlVRul
6QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 95579800571917781037358415468713102849
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TW'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TAIWAN-CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TWCA Secure SSL Certification Authority'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-24 08:42:43 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-24 15:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TW'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Taiwan'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Taipei'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Farglory Life Insurance Co., Ltd.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'crm.fglife.com.tw'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24173545258831714180600161136157727283602834575157922925836748024166464445425597602724565955680785015716248812666639114042340672387842151114702094430631331705038010544046402537535154925610372299864387099854323913382581042895296828248855110402714509727773099360627229824851791755954961489024204444508360020579858081927041388771011197431980883078155326382048236813976876586534206073990057053191227928362883335302727905857738687288508262881587523630691157028916001823728533159137814032502019217729349837030956047155690497782763609660460397059410117035504164487335750886548573938385588933315483136317191796332019966518761
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 92e7fa6216718cf3977142c606a7e046614b5cb6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
							560b1b5122cc46cf7508f32925820fef58681391dbd953a86da418df8cff60ec
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (81 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sslserver.twca.com.tw/sslserver/Securessl_revoke_sha2_2023G3.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (21 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'crm.fglife.com.tw'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sslserver.twca.com.tw/cacert/secure_sha2_2023G3.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://twcasslocsp.twca.com.tw/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.40869.1.1.21
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.twca.com.tw/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0064e83fdbd8c162f59d519d4b3fbc57f3788894824aa086ad19a935040a8ed9ef3970a2451970c5e54cc0f032b4117183a73de15ba67be766a37389c07687b94b38f2af0cce2241cee2e0194536b130da4363c94d0a32442255b22d6f21d16477131c4b44d81d8698e288b1d2fa0afd07ba9c82f04e93d35ceb9ec566e2a34c2c67612f47b0e84b92fced648667c7c30e1bdc0e9c5375a7f743916ff0e47b2a5b2a1fbc9a4e91b050d028465b46f198d338b8f47c2421661978869037b7649e5fab6d1f3af46846783d3accc3e56c2d4c2ab59347b919fe86e362b941a3b7c3b8a4c7afd2a1c938473d1538e5e419ffdf628f2fdc6bb99b2098957f7a6220990d