member.fglife.com.tw

- Farglory Life Insurance Co., Ltd. -

Issued by TWCA Secure SSL Certification Authority

About this certificate

This digital certificate with serial number 47:e8:00:00:00:06:eb:0c:32:3c:05:2d:a6:e0:f4:13 was issued on by TAIWAN-CA.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Farglory Life Insurance Co., Ltd.

Organization: Farglory Life Insurance Co., Ltd.
State / Province: Taiwan
Locality: Taipei
Country: TW

TAIWAN-CA

Organization: TAIWAN-CA
Country: TW

This certificate will expire on

Certificate Details

Serial Number (hex): 47:e8:00:00:00:06:eb:0c:32:3c:05:2d:a6:e0:f4:13
Serial Number (int): 95579800571917470522011241348602065939
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 59:f2:51:28:7f:3e:ad:3e:65:51:e2:2f:1d:4c:de:ac:19:16:20:13:55:c7:8c:42:70:d8:00:cf:ca:5f:9e:fc
AuthorityKeyId: 92:e7:fa:62:16:71:8c:f3:97:71:42:c6:06:a7:e0:46:61:4b:5c:b6

Fingerprint (sha1): cd:2d:fa:33:67:f7:a8:06:d2:3d:9f:45:51:7c:80:cf:44:07:3d:b8
Fingerprint (sha256): 9e:28:93:f1:a2:e5:0f:cd:90:12:07:5d:c8:9c:11:29:6d:5a:bb:b2:60:ec:a6:54:b4:45:bb:b1:19:0a:aa:83

Issuing Certificate URL: http://sslserver.twca.com.tw/cacert/secure_sha2_2023G3.crt

Revocation information

OCSP Server: http://twcasslocsp.twca.com.tw/
CRL Distribution Point: http://sslserver.twca.com.tw/sslserver/Securessl_revoke_sha2_2023G3.crl

Check the revocation status for certificate member.fglife.com.tw

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for member.fglife.com.tw

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

member.fglife.com.tw

Other certificates including the domain name fglife.com.tw

(limited to 100 certificates)
ex.fglife.com.tw
mdm.fglife.com.tw
app-customer.fglife.com.tw
ex3.fglife.com.tw
fgweb.fglife.com.tw
member.fglife.com.tw
uat.lia-share.fglife.com.tw
app-bank.fglife.com.tw
hr.fglife.com.tw
bw.fglife.com.tw
proposal.fglife.com.tw
hr.fglife.com.tw
member.fglife.com.tw
member.fglife.com.tw
uat.lia-share.fglife.com.tw
slm.fglife.com.tw
webmail.fglife.com.tw
app-customer.fglife.com.tw
test.fglife.com.tw
bw.fglife.com.tw
gip.fglife.com.tw
ex3.fglife.com.tw
ex.fglife.com.tw
accessibility.fglife.com.tw
sslvpn.fglife.com.tw
app2-ins.fglife.com.tw
app-broker.fglife.com.tw
fgweb.fglife.com.tw
luckygo.fglife.com.tw
webmail.fglife.com.tw
fgweb.fglife.com.tw
member.fglife.com.tw
app-broker.fglife.com.tw
www.fglife.com.tw
jcm.fglife.com.tw
app-bank.fglife.com.tw
www2.fglife.com.tw
bw.fglife.com.tw
online-ins.fglife.com.tw
member.fglife.com.tw
e-recruit.fglife.com.tw
app-broker.fglife.com.tw
bw.fglife.com.tw
realty.fglife.com.tw
slm.fglife.com.tw
www.fglife.com.tw
online-ins.fglife.com.tw
member.fglife.com.tw
lip.fglife.com.tw
lip.fglife.com.tw
lia-share.fglife.com.tw
mdm.fglife.com.tw
crm.fglife.com.tw
hr.fglife.com.tw
webmail.fglife.com.tw
fgweb.fglife.com.tw
lia-share.fglife.com.tw
slm.fglife.com.tw
member.fglife.com.tw
sslvpn.fglife.com.tw
jcm.fglife.com.tw
online-ins.fglife.com.tw
app-agent.fglife.com.tw
app-agent.fglife.com.tw
ex.fglife.com.tw
app-ins-test.fglife.com.tw
app-ins-nbpr.fglife.com.tw
ex.fglife.com.tw
lip.fglife.com.tw
lia-share.fglife.com.tw
uat.lia-share.fglife.com.tw
accessibility.fglife.com.tw
www.fglife.com.tw
cas.fglife.com.tw
fatca.fglife.com.tw
cas.fglife.com.tw
member.fglife.com.tw
member.fglife.com.tw
fg-ao5.fglife.com.tw
sslvpn.fglife.com.tw
jcm.fglife.com.tw
realty.fglife.com.tw
www.fglife.com.tw
lip.fglife.com.tw
jira.fglife.com.tw
fg-ao5.fglife.com.tw
www2.fglife.com.tw
e-recruit.fglife.com.tw
member.fglife.com.tw
app2-ins-test.fglife.com.tw
cas.fglife.com.tw
sslvpn.fglife.com.tw
app-bank.fglife.com.tw
hr.fglife.com.tw
www.fglife.com.tw

Certificate

The complete raw certificate details for member.fglife.com.tw in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgIQR+gAAAAG6wwyPAUtpuD0EzANBgkqhkiG9w0BAQsFADBT
MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMTAwLgYDVQQDEydUV0NB
IFNlY3VyZSBTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMjQwMzA0MDcy
NDM1WhcNMjUwNDAzMTU1OTU5WjB6MQswCQYDVQQGEwJUVzEPMA0GA1UECBMGVGFp
d2FuMQ8wDQYDVQQHEwZUYWlwZWkxKjAoBgNVBAoTIUZhcmdsb3J5IExpZmUgSW5z
dXJhbmNlIENvLiwgTHRkLjEdMBsGA1UEAxMUbWVtYmVyLmZnbGlmZS5jb20udHcw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzbZJt55Fhr/Q9/6pzcns1
fx0376j3T/XjVEnAJzG2R20Y4XNO/wOy83BjE+fYFhJElL21tUmMWUI2vZs1BvL+
HZ3QK2Bn5Ph7B+OsrR4HSu0m9Tjm3ItxoT2OdAHcVNQ8ECGmpJWM4+dsqFXMCM+Y
/h7+kjpKxG0WN5iGj9e/6cGSiHzNRSkEkkYrFqUX6wxfW1N+7VmEd1esQXI+MT3J
c8bIfYA56xMxJxXEZMffrnidI3oYMBB+uf0/NcRVWVZe1f2YrxR01DFSUsKDUz24
HfQ0XhP3o6Hu9D2fMVx12lLrRHCaEE42OXWEe+kLtK5M8jKk0BbxpT7BH9Zx8RL7
AgMBAAGjggHvMIIB6zAfBgNVHSMEGDAWgBSS5/piFnGM85dxQsYGp+BGYUtctjAp
BgNVHQ4EIgQgWfJRKH8+rT5lUeIvHUzerBkWIBNVx4xCcNgAz8pfnvwwWAYDVR0f
BFEwTzBNoEugSYZHaHR0cDovL3NzbHNlcnZlci50d2NhLmNvbS50dy9zc2xzZXJ2
ZXIvU2VjdXJlc3NsX3Jldm9rZV9zaGEyXzIwMjNHMy5jcmwwHwYDVR0RBBgwFoIU
bWVtYmVyLmZnbGlmZS5jb20udHcwgYMGCCsGAQUFBwEBBHcwdTBGBggrBgEFBQcw
AoY6aHR0cDovL3NzbHNlcnZlci50d2NhLmNvbS50dy9jYWNlcnQvc2VjdXJlX3No
YTJfMjAyM0czLmNydDArBggrBgEFBQcwAYYfaHR0cDovL3R3Y2Fzc2xvY3NwLnR3
Y2EuY29tLnR3LzBKBgNVHSAEQzBBMDUGCysGAQQBgr8lAQEVMCYwJAYIKwYBBQUH
AgEWGGh0dHBzOi8vd3d3LnR3Y2EuY29tLnR3LzAIBgZngQwBAgIwDAYDVR0TAQH/
BAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQCw+i9n
ZEwEHICNvi+6VGijaR2S27hpIsMDeVGD9Hw7PLnQVbRGGE5NxnP+wEOb/s0b4d6Y
wtnKMAz0qCWZgbRY7DUqLGjoHRyhOSoalbO/xqIFojpi6uqkjw8JC2bGlRDgVWvK
Ofxz1ao3a/NAyWJYAMa5Fmt04ACQC+UWhhdqQ8IKbO3t/33+xkRe8c97F18WpKjc
z30oZ+i28BbxwzHlim5of9hfINHUBG6Fw3mcsyP+EJ6xn1yCQPDdWgNHrNktv7Xv
NWok2Lc63ANFvRfy2AdYyDWGSmY52EEmjas/Ilkn7r6Dh67W/TkLpEz0zoCG6Avf
QX8vTNvAv6kiBWP4
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs22SbeeRYa/0Pf+qc3J7
NX8dN++o90/141RJwCcxtkdtGOFzTv8DsvNwYxPn2BYSRJS9tbVJjFlCNr2bNQby
/h2d0CtgZ+T4ewfjrK0eB0rtJvU45tyLcaE9jnQB3FTUPBAhpqSVjOPnbKhVzAjP
mP4e/pI6SsRtFjeYho/Xv+nBkoh8zUUpBJJGKxalF+sMX1tTfu1ZhHdXrEFyPjE9
yXPGyH2AOesTMScVxGTH3654nSN6GDAQfrn9PzXEVVlWXtX9mK8UdNQxUlLCg1M9
uB30NF4T96Oh7vQ9nzFcddpS60RwmhBONjl1hHvpC7SuTPIypNAW8aU+wR/WcfES
+wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 95579800571917470522011241348602065939
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TW'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TAIWAN-CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TWCA Secure SSL Certification Authority'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-04 07:24:35 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-03 15:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TW'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Taiwan'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Taipei'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Farglory Life Insurance Co., Ltd.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'member.fglife.com.tw'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22650688550750931152661364120875717882019922082757149378417378431733294275043666282971002154203246752758974694972899080537047094885064325657399468666897430689564393712512287993658751812543926898640223206998413059804596080358418392849494765651455700404721152175699556669540355458091250449521856684472151331970126961429063700777455605510812094256344037255259471987221309788042830929598524998966709709624612475805153608998978827881474681053634391752842664739227448590690286739689866448243697249058729434873752797327092448480026975516483524166061915154352666597254300122357930467771257098720315582305050461721886498820859
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 92e7fa6216718cf3977142c606a7e046614b5cb6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
							59f251287f3ead3e6551e22f1d4cdeac1916201355c78c4270d800cfca5f9efc
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (81 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sslserver.twca.com.tw/sslserver/Securessl_revoke_sha2_2023G3.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'member.fglife.com.tw'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://sslserver.twca.com.tw/cacert/secure_sha2_2023G3.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://twcasslocsp.twca.com.tw/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.40869.1.1.21
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.twca.com.tw/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b0fa2f67644c041c808dbe2fba5468a3691d92dbb86922c303795183f47c3b3cb9d055b446184e4dc673fec0439bfecd1be1de98c2d9ca300cf4a8259981b458ec352a2c68e81d1ca1392a1a95b3bfc6a205a23a62eaeaa48f0f090b66c69510e0556bca39fc73d5aa376bf340c9625800c6b9166b74e000900be51686176a43c20a6cededff7dfec6445ef1cf7b175f16a4a8dccf7d2867e8b6f016f1c331e58a6e687fd85f20d1d4046e85c3799cb323fe109eb19f5c8240f0dd5a0347acd92dbfb5ef356a24d8b73adc0345bd17f2d80758c835864a6639d841268dab3f225927eebe8387aed6fd390ba44cf4ce8086e80bdf417f2f4cdbc0bfa9220563f8