stg.client.marsh-afrs.com

- Marsh & McLennan Companies, Inc. -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number a7:ac:2d:00:79:90:e7:54:00:00:00:00:50:ee:0a:d7 was issued on by Entrust, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Marsh & McLennan Companies, Inc.

Organization: Marsh & McLennan Companies, Inc.
State / Province: New York
Locality: New York
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): a7:ac:2d:00:79:90:e7:54:00:00:00:00:50:ee:0a:d7
Serial Number (int): 222875063101803969374803407059611945687
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: a0:49:c3:06:db:e7:23:45:d3:75:ad:26:e0:2f:f2:06:44:ac:5d:f2
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): bc:1d:7f:5e:15:d7:5a:31:ab:24:d3:51:99:fb:8f:26:0f:2e:6d:86
Fingerprint (sha256): a9:bf:0d:ea:dc:cb:29:d9:20:e9:85:54:32:fd:b7:68:37:f4:b1:2a:8e:fc:71:6c:06:5c:9e:97:f1:bc:0d:5c

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate stg.client.marsh-afrs.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for stg.client.marsh-afrs.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

stg.client.marsh-afrs.com

Other certificates including the domain name marsh-afrs.com

(limited to 100 certificates)
citrixdr.marsh-afrs.com
marshactive.marsh-afrs.com
staging.marshactive.marsh-afrs.com
extranet.marsh-afrs.com
client.marsh-afrs.com
extranet.marsh-afrs.com
client.marsh-afrs.com
staging.marshactive.marsh-afrs.com
marshactive.marsh-afrs.com
client.marsh-afrs.com
citrix.marsh-afrs.com
staging.marshactive.marsh-afrs.com
extranet.marsh-afrs.com
extranet.marsh-afrs.com
extranet.marsh-afrs.com
marshactive.marsh-afrs.com
stg.client.marsh-afrs.com
extranet.marsh-afrs.com
staging.marshactive.marsh-afrs.com
citrixdr.marsh-afrs.com
qa.client.marsh-afrs.com
client.marsh-afrs.com
marshactive.marsh-afrs.com
marshactive.marsh-afrs.com
client.marsh-afrs.com
client.marsh-afrs.com
marshactive.marsh-afrs.com
client.marsh-afrs.com
client.marsh-afrs.com
staging.marshactive.marsh-afrs.com

Certificate

The complete raw certificate details for stg.client.marsh-afrs.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGcDCCBVigAwIBAgIRAKesLQB5kOdUAAAAAFDuCtcwDQYJKoZIhvcNAQELBQAw
gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
MjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs
BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcN
MTkwMjI1MDQ1NTUzWhcNMjEwMzAzMDUyNTQ5WjCBgjELMAkGA1UEBhMCVVMxETAP
BgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhOZXcgWW9yazEpMCcGA1UECgwgTWFy
c2ggJiBNY0xlbm5hbiBDb21wYW5pZXMsIEluYy4xIjAgBgNVBAMTGXN0Zy5jbGll
bnQubWFyc2gtYWZycy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQDDBru5SP0pNJ3mXqf9K6+3qUZ/7O4oMoa9xmInmkFgqFuqCm6hz715gId8VJOw
yHFOW9rOHHslApvMgUReqgAgrKl8XziqNX2WJK61Y3bC5Bo/5Fc2ZCt2tKLXwCWh
D/gpFJz8fHXGAOEfXo6MN0tJqpfEG9WPamomjNKt8FqKiUOTNUmW15fGzoxMd7vk
KJX1V4mdA/utwxDAVG6Jnj3q/6iX2D3D/ZfiOog5ZnK196OafsHByY6WG+lKkLw4
EqVOVwehNAqX1I7rC4eG6hmpNreMaJVJJFYFqKUEUW5xJAJM5bJJVdVYk1ycBleR
70OzP97vEabxbIKG4H9osKDh3Y2h+zoNv+NFKZRvXS1pP/NIC5JRDyjUuEqhgtBq
d9tOr6Z3tBYZrb4KhewJlbmmECBiFK9xSSLbzgSbqfgYr6ktnfjNHE0yrih8uQ51
RCdVeeVjW8tD5sjfJ62N9Wdb2VZSRRQ1mF6g8H2FOyyUdCZJw32cDuqlBjVNJr3S
fqir0k8yO0eox87ttshPrbLriofcv/A4fTAQzPInxtSbdzLycmjeTP1JJkiWReEO
NstXiIku9jkaXkltEp59s9GtWclfs46ut2KAmyQKV7kg9liMp6+PbxMagvqiTAEk
Pbl+4PptDdZftztnisWvnpRc1TFgN7Yc4vehQVvfX+blwQIDAQABo4IBpTCCAaEw
EwYKKwYBBAHWeQIEAwEB/wQCBQAwJAYDVR0RBB0wG4IZc3RnLmNsaWVudC5tYXJz
aC1hZnJzLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5u
ZXQvbGV2ZWwxay5jcmwwSwYDVR0gBEQwQjA2BgpghkgBhvpsCgEFMCgwJgYIKwYB
BQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMAgGBmeBDAECAjBoBggr
BgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0
MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1jaGFpbjI1
Ni5jZXIwHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8wHQYDVR0OBBYE
FKBJwwbb5yNF03WtJuAv8gZErF3yMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQAD
ggEBAJqLpukimUHf0QmxNU6A1V2bdXhwN3ixIJnqg91PBqm8sQ4PWfadxJ5+i15Y
IkGfquMphPLvayhuLriRku+mQfa1TWffS5GIO1xa7yRYt5S1dN0UNmcCnULFHuIK
HgYFBtbdF66geAJeuNFi9Z1Q8uqCcoZyS2F4OChbf+Ox8anVlr/AqHTYvTLKabLS
xfEyDso5vLyF33XCKuk8qKYg+4DUSsDS3LKBy0AggBwa3PFAQksfQ4d7nGWdm4uX
qEnwh7Yw0ZjU4JM4a+ZrQlPqdNIs5eyNHHfH7ANjVl4RqVun6KdExMUbkLgZ5sI/
4LtCMoolJFRxCTdAaLSFKPHzDIk=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwwa7uUj9KTSd5l6n/Suv
t6lGf+zuKDKGvcZiJ5pBYKhbqgpuoc+9eYCHfFSTsMhxTlvazhx7JQKbzIFEXqoA
IKypfF84qjV9liSutWN2wuQaP+RXNmQrdrSi18AloQ/4KRSc/Hx1xgDhH16OjDdL
SaqXxBvVj2pqJozSrfBaiolDkzVJlteXxs6MTHe75CiV9VeJnQP7rcMQwFRuiZ49
6v+ol9g9w/2X4jqIOWZytfejmn7BwcmOlhvpSpC8OBKlTlcHoTQKl9SO6wuHhuoZ
qTa3jGiVSSRWBailBFFucSQCTOWySVXVWJNcnAZXke9Dsz/e7xGm8WyChuB/aLCg
4d2Nofs6Db/jRSmUb10taT/zSAuSUQ8o1LhKoYLQanfbTq+md7QWGa2+CoXsCZW5
phAgYhSvcUki284Em6n4GK+pLZ34zRxNMq4ofLkOdUQnVXnlY1vLQ+bI3yetjfVn
W9lWUkUUNZheoPB9hTsslHQmScN9nA7qpQY1TSa90n6oq9JPMjtHqMfO7bbIT62y
64qH3L/wOH0wEMzyJ8bUm3cy8nJo3kz9SSZIlkXhDjbLV4iJLvY5Gl5JbRKefbPR
rVnJX7OOrrdigJskCle5IPZYjKevj28TGoL6okwBJD25fuD6bQ3WX7c7Z4rFr56U
XNUxYDe2HOL3oUFb31/m5cECAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 222875063101803969374803407059611945687
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-02-25 04:55:53 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-03-03 05:25:49 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Marsh & McLennan Companies, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'stg.client.marsh-afrs.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 795637895806848850254445666699847781616383259028015389608189593163727094355814482156084572858579907701386770841037017995807415393282021008224347958427249355249783975659657743642167382748690250211289309961346100922423810304839753073154476934702839916896275169095829948920676598840042279134545853309224553784613402544899914345828733862377744572922041285748148489720553875474809731881420665435100244452260587527092250738422814917049431177954300733479837092809680616205292355606696356312991746624109599021838427752448873472816515726132783850530293898964383932647163881922978943510349360092154302955466896973850007164525822191753440639747286194655366810390037271612370547436569721270527969445610365805094900974632148172907550004875611537731835067900055359815938937036108818347285832482203620478489899214462078603267342647278136928273866919912282787419243336895442719028093265719589100245553956612317170099080130761385970938150666473929701939193315487802253894904252190939010772267872857413719171866112266828481122987590044940863406601927536060105989544572409582885713954955358171268056379959118089373838847800137443356268212597820872615297076887345088537790526912507079729231035765229107486390805863996473103191615991727097601369095726529
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (29 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg.client.marsh-afrs.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a049c306dbe72345d375ad26e02ff20644ac5df2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009a8ba6e9229941dfd109b1354e80d55d9b7578703778b12099ea83dd4f06a9bcb10e0f59f69dc49e7e8b5e5822419faae32984f2ef6b286e2eb89192efa641f6b54d67df4b91883b5c5aef2458b794b574dd143667029d42c51ee20a1e060506d6dd17aea078025eb8d162f59d50f2ea827286724b617838285b7fe3b1f1a9d596bfc0a874d8bd32ca69b2d2c5f1320eca39bcbc85df75c22ae93ca8a620fb80d44ac0d2dcb281cb4020801c1adcf140424b1f43877b9c659d9b8b97a849f087b630d198d4e093386be66b4253ea74d22ce5ec8d1c77c7ec0363565e11a95ba7e8a744c4c51b90b819e6c23fe0bb42328a2524547109374068b48528f1f30c89