thestar.com

Issued by Amazon RSA 2048 M03

About this certificate

This digital certificate with serial number 04:c6:33:f8:0c:c2:fc:67:a8:d8:91:8c:18:60:63:00 was issued on by Amazon.

With 73 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=thestar.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 04:c6:33:f8:0c:c2:fc:67:a8:d8:91:8c:18:60:63:00
Serial Number (int): 6346040816553192810207947074522080000
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 45:05:fb:93:f2:01:04:d2:a0:88:da:12:53:d6:5d:84:2c:ca:b7:da
AuthorityKeyId: 55:d9:18:5f:d2:1c:cc:01:e1:58:b4:be:ab:d9:55:42:01:d7:2e:02

Fingerprint (sha1): 9b:94:48:9a:5a:3d:cd:63:40:50:21:e6:af:51:aa:0f:92:50:1d:b4
Fingerprint (sha256): a2:72:1d:99:52:fa:0c:a7:b1:62:dc:f1:48:d6:a1:d5:2a:a7:b1:38:a8:a1:d1:33:4e:8a:cf:37:78:fc:fc:eb

Issuing Certificate URL: http://crt.r2m03.amazontrust.com/r2m03.cer

Revocation information

OCSP Server: http://ocsp.r2m03.amazontrust.com
CRL Distribution Point: http://crl.r2m03.amazontrust.com/r2m03.crl

Check the revocation status for certificate thestar.com

73

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for thestar.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

thestar.com
durhamregion.com
*.insidehalton.com
cambridgetimes.ca
*.zuza.com
thespec.com
waterloochronicle.ca
thepeterboroughexaminer.com
*.wheels.ca
niagarafallsreview.ca
wheels.ca
*.caledonenterprise.com
niagarathisweek.com
*.therecord.com
*.hamiltonnews.com
caledonenterprise.com
*.mississauga.com
muskokaregion.com
zuza.com
stcatharinesstandard.ca
therecord.com
*.newhamburgindependent.ca
wellandtribune.ca
*.niagarathisweek.com
northbaynipissing.com
*.cambridgetimes.ca
orangeville.com
*.theifp.ca
*.yorkregion.com
toronto.com
theifp.ca
*.parrysound.com
goldbook.ca
admin.local.flamboroughreview.com
*.goldbook.ca
*.niagarafallsreview.ca
*.thestar.com
*.northumberlandnews.com
*.bramptonguardian.com
*.thepeterboroughexaminer.com
guelphmercury.com
yorkregion.com
northumberlandnews.com
*.thestar.ca
*.guelphmercury.com
ourwindsor.ca
sachem.ca
*.sachem.ca
parrysound.com
mykawartha.com
insidehalton.com
*.toronto.com
*.durhamregion.com
simcoe.com
hamiltonnews.com
*.orangeville.com
*.simcoe.com
*.thespec.com
*.flamboroughreview.com
*.ourwindsor.ca
*.muskokaregion.com
www.send.thestar.ca
*.stcatharinesstandard.ca
*.mykawartha.com
*.insideottawavalley.com
*.northbaynipissing.com
*.waterloochronicle.ca
insideottawavalley.com
newhamburgindependent.ca
flamboroughreview.com
*.wellandtribune.ca
bramptonguardian.com
mississauga.com

Other certificates including the domain name thestar.com

(limited to 100 certificates)
on.thestar.com
*.thestar.com
incapsula.com
thestar.com
s.thestar.com
s.thestar.com
imperva.com
*.thestar.com
*.thestar.com
on.thestar.com
*.thestar.com
on.thestar.com
thestar.ca
secure.thestar.com
thestar.ca
secure.thestar.com
s.thestar.com
dev-sale.thestar.com
startouch.thestar.com
incapsula.com
secure-9.adperfect.com
ets.thestar.com
secure.thestar.com
secure-8.adperfect.com
secure-9.adperfect.com
pixel.thestar.com
on.thestar.com
*.thestar.com
on.thestar.com
games.thestar.com
*.thestar.com
incapsula.com
imperva.com
on.thestar.com
games.thestar.com
*.thestar.com
charities-test.thestar.com
thestar.com
*.tablet.thestar.com
votecompass.thestar.com
tssweb.thestar.com
*.thestar.com
s.thestar.com
secure.thestar.com
startouch.thestar.com
ets.thestar.com
incapsula.com
on.thestar.com
secure.thestar.com
on.thestar.com
*.thestar.com
secure.thestar.com
s.thestar.com
s.thestar.com
on.thestar.com
on.thestar.com
*.thestar.com
incapsula.com
z737.thestar.com
secure-9.adperfect.com
s.thestar.com
*.thestar.com
secure-8.adperfect.com
secure.thestar.com
ftp.torstar.ca
incapsula.com
on.thestar.com
thestar.com
incapsula.com
on.thestar.com
sni283e5gl.wpc.edgecastcdn.net
*.tablet.thestar.com
s.thestar.com
secure.thestar.com
on.thestar.com
on.thestar.com
*.thestar.com
sni28385gl.wpc.edgecastcdn.net
incapsula.com
secure.thestar.com
thestar.com
on.thestar.com
*.thestar.com
campaign2015.thestar.com
t.eyereturn.com
*.thestar.com
secure.thestar.com
on.thestar.com
*.tablet.thestar.com
secure-8.adperfect.com
thestar.com
*.thestar.com
subscribe.thestar.com
*.thestar.com
contract.thestar.com
*.uat.tablet.thestar.com
on.thestar.com
get.thestar.com
thestar.ca
on.thestar.com

Certificate

The complete raw certificate details for thestar.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIILPDCCCiSgAwIBAgIQBMYz+AzC/Geo2JGMGGBjADANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAzMB4XDTIzMTEwNzAwMDAwMFoXDTI0MTIwNTIzNTk1OVowFjEU
MBIGA1UEAxMLdGhlc3Rhci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCi9PFmUPP84dqiHUCzi76wcFR7zF8s7JNj6bL3y6cMpueIEOivZrZ799t+
/yUOnFX+p8QcF4cE8sc//zog9AaKufUqkaybfntIjTo2WwbRVFoNtqNppyMQQCa4
ydp8klhQzqS5eTH1cW49OfbGLrj962TYmd7rRRgB08R/SFIlvM4wXKcPOVQnRE9l
i/rbsmk1fdh3MAz8wibdcU8DFB1WK8EIQxGvHM2w4mv/qLz4fQJ5XrDlEJcsA4c/
lOJ1ybIa9Igl2lOcsFsO/51f3DRV5oJ000hkbgPoZOj7XLQMmGLQTEclG6MYwx0Y
ygd0va6c8FMofkg8SbW+0nRzxU0XAgMBAAGjggheMIIIWjAfBgNVHSMEGDAWgBRV
2Rhf0hzMAeFYtL6r2VVCAdcuAjAdBgNVHQ4EFgQURQX7k/IBBNKgiNoSU9ZdhCzK
t9owggWNBgNVHREEggWEMIIFgIILdGhlc3Rhci5jb22CEGR1cmhhbXJlZ2lvbi5j
b22CEiouaW5zaWRlaGFsdG9uLmNvbYIRY2FtYnJpZGdldGltZXMuY2GCCiouenV6
YS5jb22CC3RoZXNwZWMuY29tghR3YXRlcmxvb2Nocm9uaWNsZS5jYYIbdGhlcGV0
ZXJib3JvdWdoZXhhbWluZXIuY29tggsqLndoZWVscy5jYYIVbmlhZ2FyYWZhbGxz
cmV2aWV3LmNhggl3aGVlbHMuY2GCFyouY2FsZWRvbmVudGVycHJpc2UuY29tghNu
aWFnYXJhdGhpc3dlZWsuY29tgg8qLnRoZXJlY29yZC5jb22CEiouaGFtaWx0b25u
ZXdzLmNvbYIVY2FsZWRvbmVudGVycHJpc2UuY29tghEqLm1pc3Npc3NhdWdhLmNv
bYIRbXVza29rYXJlZ2lvbi5jb22CCHp1emEuY29tghdzdGNhdGhhcmluZXNzdGFu
ZGFyZC5jYYINdGhlcmVjb3JkLmNvbYIaKi5uZXdoYW1idXJnaW5kZXBlbmRlbnQu
Y2GCEXdlbGxhbmR0cmlidW5lLmNhghUqLm5pYWdhcmF0aGlzd2Vlay5jb22CFW5v
cnRoYmF5bmlwaXNzaW5nLmNvbYITKi5jYW1icmlkZ2V0aW1lcy5jYYIPb3Jhbmdl
dmlsbGUuY29tggsqLnRoZWlmcC5jYYIQKi55b3JrcmVnaW9uLmNvbYILdG9yb250
by5jb22CCXRoZWlmcC5jYYIQKi5wYXJyeXNvdW5kLmNvbYILZ29sZGJvb2suY2GC
IWFkbWluLmxvY2FsLmZsYW1ib3JvdWdocmV2aWV3LmNvbYINKi5nb2xkYm9vay5j
YYIXKi5uaWFnYXJhZmFsbHNyZXZpZXcuY2GCDSoudGhlc3Rhci5jb22CGCoubm9y
dGh1bWJlcmxhbmRuZXdzLmNvbYIWKi5icmFtcHRvbmd1YXJkaWFuLmNvbYIdKi50
aGVwZXRlcmJvcm91Z2hleGFtaW5lci5jb22CEWd1ZWxwaG1lcmN1cnkuY29tgg55
b3JrcmVnaW9uLmNvbYIWbm9ydGh1bWJlcmxhbmRuZXdzLmNvbYIMKi50aGVzdGFy
LmNhghMqLmd1ZWxwaG1lcmN1cnkuY29tgg1vdXJ3aW5kc29yLmNhgglzYWNoZW0u
Y2GCCyouc2FjaGVtLmNhgg5wYXJyeXNvdW5kLmNvbYIObXlrYXdhcnRoYS5jb22C
EGluc2lkZWhhbHRvbi5jb22CDSoudG9yb250by5jb22CEiouZHVyaGFtcmVnaW9u
LmNvbYIKc2ltY29lLmNvbYIQaGFtaWx0b25uZXdzLmNvbYIRKi5vcmFuZ2V2aWxs
ZS5jb22CDCouc2ltY29lLmNvbYINKi50aGVzcGVjLmNvbYIXKi5mbGFtYm9yb3Vn
aHJldmlldy5jb22CDyoub3Vyd2luZHNvci5jYYITKi5tdXNrb2thcmVnaW9uLmNv
bYITd3d3LnNlbmQudGhlc3Rhci5jYYIZKi5zdGNhdGhhcmluZXNzdGFuZGFyZC5j
YYIQKi5teWthd2FydGhhLmNvbYIYKi5pbnNpZGVvdHRhd2F2YWxsZXkuY29tghcq
Lm5vcnRoYmF5bmlwaXNzaW5nLmNvbYIWKi53YXRlcmxvb2Nocm9uaWNsZS5jYYIW
aW5zaWRlb3R0YXdhdmFsbGV5LmNvbYIYbmV3aGFtYnVyZ2luZGVwZW5kZW50LmNh
ghVmbGFtYm9yb3VnaHJldmlldy5jb22CEyoud2VsbGFuZHRyaWJ1bmUuY2GCFGJy
YW1wdG9uZ3VhcmRpYW4uY29tgg9taXNzaXNzYXVnYS5jb20wEwYDVR0gBAwwCjAI
BgZngQwBAgEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAzLmFtYXpv
bnRydXN0LmNvbS9yMm0wMy5jcmwwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzAB
hiFodHRwOi8vb2NzcC5yMm0wMy5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKG
Kmh0dHA6Ly9jcnQucjJtMDMuYW1hem9udHJ1c3QuY29tL3IybTAzLmNlcjAMBgNV
HRMBAf8EAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdQDuzdBk1dsazsVc
t520zROiModGfLzs3sNRSFlGcR+1mwAAAYuqb9zFAAAEAwBGMEQCIDRIvGPmJ5rs
yvEBNoV6IOEtQMnRd+LJ67T+XzWvthGdAiBPB1/agnsn6npkzHKSDKXbLFUTLz/v
9gaDfp4/ZziuQwB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAAB
i6pv3N8AAAQDAEgwRgIhAP88urCXxI7ATGeQYM9DZBFWYS10opjiZqB/g3Hto5Nr
AiEAm7DZA/aNYmLmc4Ytw5JsONZtmtlFPGaKsCI4xHrOUqMAdwA/F0tP1yJHWJQd
ZRyEvg0S7ZA3fx+FauvBvyiF7PhkbgAAAYuqb90SAAAEAwBIMEYCIQDYa8vXSEfL
58E668b9eXT1TK/vywAcjK4BDuc4iwvANAIhAMkM/uR7H9KD9OC+YgoWYREyz7bE
6GDURnXFbTdFjbqRMA0GCSqGSIb3DQEBCwUAA4IBAQB54e1Nco/uBiS/qoqDw99J
IUjMO729lDqhq5soFzcAojB71vedviBkYZ1HWUU9Vn8pajo+L4guIoRha4Y4FO78
yV/VACWCfae0dnvVrhqvHUeMLwuUXjGigzYQWnPCXH/0BHBOsKp4w5CdS5HnSYM+
/iQKbU5Nizja0phXlUWqpHhJnL+PKA4GrzoFjsI8IxVwFCPazLQ2WDCAreXVuy87
fvqolPzG92db4nQ37Bf5gOk1neqQO+Q9lKNZm+vI7+j2bjPeysE7Q0Q3WiaM/kbI
V0N/xgyg7Xt8HnjNedPIcp4L5rz46Y1cFuEPFrIObUjH1xygXS72E9eX6igW0cyL
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovTxZlDz/OHaoh1As4u+
sHBUe8xfLOyTY+my98unDKbniBDor2a2e/fbfv8lDpxV/qfEHBeHBPLHP/86IPQG
irn1KpGsm357SI06NlsG0VRaDbajaacjEEAmuMnafJJYUM6kuXkx9XFuPTn2xi64
/etk2Jne60UYAdPEf0hSJbzOMFynDzlUJ0RPZYv627JpNX3YdzAM/MIm3XFPAxQd
VivBCEMRrxzNsOJr/6i8+H0CeV6w5RCXLAOHP5TidcmyGvSIJdpTnLBbDv+dX9w0
VeaCdNNIZG4D6GTo+1y0DJhi0ExHJRujGMMdGMoHdL2unPBTKH5IPEm1vtJ0c8VN
FwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 6346040816553192810207947074522080000
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M03'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-07 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-12-05 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'thestar.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20571391283513134587447259181372277602943434459160168374048340812971137861678804990285573306464729462602856847390577333499279069748917741681472547985789613541571582736354013859939424450580143738404720432582673838818137707477258972256910264340898240325344578663692155253733833744290080078211356320870107042471565560331618480211046721262915054484555160476259402813469195226864815234023786358904951693954849879033472680321700292523142346647589703478187975153975059431189611026399606275053510219933638109421688127128649635492239687906675458816712173252798432557834184426494200287518195206233086096357991974948013221432599
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 55d9185fd21ccc01e158b4beabd9554201d72e02
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							4505fb93f20104d2a088da1253d65d842ccab7da
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1412 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'thestar.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'durhamregion.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.insidehalton.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cambridgetimes.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.zuza.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'thespec.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'waterloochronicle.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'thepeterboroughexaminer.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.wheels.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'niagarafallsreview.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wheels.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.caledonenterprise.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'niagarathisweek.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.therecord.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hamiltonnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'caledonenterprise.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.mississauga.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'muskokaregion.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'zuza.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stcatharinesstandard.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'therecord.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.newhamburgindependent.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wellandtribune.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.niagarathisweek.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'northbaynipissing.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.cambridgetimes.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'orangeville.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.theifp.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.yorkregion.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'toronto.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'theifp.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.parrysound.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'goldbook.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'admin.local.flamboroughreview.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.goldbook.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.niagarafallsreview.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.thestar.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.northumberlandnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.bramptonguardian.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.thepeterboroughexaminer.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'guelphmercury.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'yorkregion.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'northumberlandnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.thestar.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.guelphmercury.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ourwindsor.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sachem.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sachem.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'parrysound.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mykawartha.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'insidehalton.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.toronto.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.durhamregion.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'simcoe.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hamiltonnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.orangeville.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.simcoe.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.thespec.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.flamboroughreview.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ourwindsor.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.muskokaregion.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.send.thestar.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.stcatharinesstandard.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.mykawartha.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.insideottawavalley.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.northbaynipissing.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.waterloochronicle.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'insideottawavalley.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'newhamburgindependent.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'flamboroughreview.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.wellandtribune.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bramptonguardian.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mississauga.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m03.amazontrust.com/r2m03.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m03.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m03.amazontrust.com/r2m03.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018baa6fdcc5000004030046304402203448bc63e6279aeccaf10136857a20e12d40c9d177e2c9ebb4fe5f35afb6119d02204f075fda827b27ea7a64cc72920ca5db2c55132f3feff606837e9e3f6738ae4300770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018baa6fdcdf0000040300483046022100ff3cbab097c48ec04c679060cf43641156612d74a298e266a07f8371eda3936b0221009bb0d903f68d6262e673862dc3926c38d66d9ad9453c668ab02238c47ace52a30077003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018baa6fdd120000040300483046022100d86bcbd74847cbe7c13aebc6fd7974f54cafefcb001c8cae010ee7388b0bc034022100c90cfee47b1fd283f4e0be620a16611132cfb6c4e860d44675c56d37458dba91
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0079e1ed4d728fee0624bfaa8a83c3df492148cc3bbdbd943aa1ab9b28173700a2307bd6f79dbe2064619d4759453d567f296a3a3e2f882e2284616b863814eefcc95fd50025827da7b4767bd5ae1aaf1d478c2f0b945e31a28336105a73c25c7ff404704eb0aa78c3909d4b91e749833efe240a6d4e4d8b38dad298579545aaa478499cbf8f280e06af3a058ec23c2315701423daccb436583080ade5d5bb2f3b7efaa894fcc6f7675be27437ec17f980e9359dea903be43d94a3599bebc8efe8f66e33decac13b4344375a268cfe46c857437fc60ca0ed7b7c1e78cd79d3c8729e0be6bcf8e98d5c16e10f16b20e6d48c7d71ca05d2ef613d797ea2816d1cc8b