www.lululemon.com

- Lululemon Athletica Canada inc. -

Issued by GeoTrust TLS ECC CA G1

About this certificate

This digital certificate with serial number 09:d1:35:55:0e:5b:7b:4d:a0:d0:5d:7d:30:47:b2:f8 was issued on by DigiCert Inc.

With 8 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Lululemon Athletica Canada inc.

Organization: Lululemon Athletica Canada inc.
State / Province: British Columbia
Locality: Vancouver
Country: CA

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 09:d1:35:55:0e:5b:7b:4d:a0:d0:5d:7d:30:47:b2:f8
Serial Number (int): 13049323712044213751646615423412581112
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: f3:c0:fa:32:3f:11:80:17:80:66:67:32:62:55:7a:96:68:36:a3:8d
AuthorityKeyId: bd:82:cf:47:7b:1e:8c:22:85:fe:8c:a8:1f:c3:e1:b2:df:fd:a6:99

Fingerprint (sha1): 2b:cd:19:09:4b:08:18:2f:49:2e:e8:01:7c:50:73:df:ec:e1:ec:dd
Fingerprint (sha256): ab:f2:08:2e:df:3a:7a:19:6e:24:a3:03:c6:65:c1:3f:63:55:1d:2c:7d:3a:14:3a:a3:3f:16:6c:70:67:74:ba

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustTLSECCCAG1.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustTLSECCCAG1.crl

Check the revocation status for certificate www.lululemon.com

8

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.lululemon.com

Public Key Algorithm

ECDSA

Key Size

256

Signature Algorithm

ECDSA with SHA256

Key Usage

Digital Signature
Key Agreement

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.lululemon.com
lululemon.ca
lululemon.com
lululemon.org
mirrorhook.lululemon.com
mysweatypursuits.com
www.lululemon.ca
www.lululemon.org

Other certificates including the domain name lululemon.com

(limited to 100 certificates)
vanity22.jiveon.com
*.strategicsales.lululemon.com
lululemon.com
stage.lululemon.com
lululemon.com
vanity22.jiveon.com
stage.lululemon.com
eu.lululemon.com
*.lululemon.com
leapfrog-ssl-28.gcs-web.com
whatwelove.lululemon.com
secure5s.scene7.com
*.lululemon.com
imperva.com
cdn.lululemon.com.au
test.preprod-apis.lululemon.com
smetrics.lululemon.com
vanity22.jiveon.com
cdn.lululemon.com.au
preview.apis.lululemon.com
grin.lululemon.com
sso-signing.lululemon.com
sni.cloudflaressl.com
lululemon.com.au
lululemon.com
stage.lululemon.com
sni.cloudflaressl.com
ehc-dev.lululemon.com
*.lululemon.com
imperva.com
akamai-san90.exacttarget.com
imperva.com
stage.lululemon.com
vanity22.jiveon.com
leapfrog-ssl-28.gcs-web.com
leapfrog-ssl-28.gcs-web.com
click.e.lululemon.com
stage.lululemon.com
whatwelove.lululemon.com
whatwelove.lululemon.com
akamai-san90.exacttarget.com
*.lllatg.com
vanity22.jiveon.com
investor.lululemon.com
lululemon.com
lululemon.ca
ehc-dev.lululemon.com
delivery.lululemon.com
lululemon.com
cdn.lululemon.com.au
eu.lululemon.com
vanity22.jiveon.com
smetrics.lululemon.com
secure5s.scene7.com
secure5s.scene7.com
ehc-dev.lululemon.com
akamai-san90.exacttarget.com
cloudflare-sandbox.lululemon.com
lll.flow.anaplan.qa.lululemon.com
sni.cloudflaressl.com
www.lululemon.com
repair.lululemon.com
secure5s.scene7.com
lululemon.com
ehc-dev.lululemon.com
test.preprod-apis.lululemon.com
vanity22.jiveon.com
leapfrog-ssl-28.gcs-web.com
*.atg.lululemon.com
leapfrog-ssl-28.gcs-web.com
*.lululemon.com
apim-stage.tokenapi.lululemon.com
cdn.lululemon.com.au
stage.lululemon.com
theghostrace.lululemon.com
grin.lululemon.com
vanity22.jiveon.com
prod.apis.lllext.com
lululemon.com
owa.lululemon.com
leapfrog-ssl-28.gcs-web.com
www.lululemon.com
ehc-dev.lululemon.com
cdn.lululemon.com.au
vanity22.jiveon.com
lululemon.ca
vanity22.jiveon.com
ehc-dev.lululemon.com
sso-encryption.lululemon.com
www.lululemon.com
eu.lululemon.com
lululemon.com
apim-stage.tokenapi.lululemon.com
prod.apis.lllext.com
vanity22.jiveon.com
www.lululemon.com
sni.cloudflaressl.com
www.lululemon.com
cloud.e.lululemon.com
view.e.lululemon.com

Certificate

The complete raw certificate details for www.lululemon.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEFDCCA7qgAwIBAgIQCdE1VQ5be02g0F19MEey+DAKBggqhkjOPQQDAjBgMQsw
CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
ZGlnaWNlcnQuY29tMR8wHQYDVQQDExZHZW9UcnVzdCBUTFMgRUNDIENBIEcxMB4X
DTI0MDEyOTAwMDAwMFoXDTI1MDIyODIzNTk1OVowgYIxCzAJBgNVBAYTAkNBMRkw
FwYDVQQIExBCcml0aXNoIENvbHVtYmlhMRIwEAYDVQQHEwlWYW5jb3V2ZXIxKDAm
BgNVBAoTH0x1bHVsZW1vbiBBdGhsZXRpY2EgQ2FuYWRhIGluYy4xGjAYBgNVBAMT
EXd3dy5sdWx1bGVtb24uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzrEF
KE3oWFwgyAmhxtBNT5opfudGq/zx2VG8EiW7ljv56YQSD7v4roUqmK75ylLJ0qeE
+Bj6lbLUgzi33g0gTaOCAjEwggItMB8GA1UdIwQYMBaAFL2Cz0d7Howihf6MqB/D
4bLf/aaZMB0GA1UdDgQWBBTzwPoyPxGAF4BmZzJiVXqWaDajjTCBnwYDVR0RBIGX
MIGUghF3d3cubHVsdWxlbW9uLmNvbYIMbHVsdWxlbW9uLmNhgg1sdWx1bGVtb24u
Y29tgg1sdWx1bGVtb24ub3JnghhtaXJyb3Job29rLmx1bHVsZW1vbi5jb22CFG15
c3dlYXR5cHVyc3VpdHMuY29tghB3d3cubHVsdWxlbW9uLmNhghF3d3cubHVsdWxl
bW9uLm9yZzA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRw
Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgOIMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8v
Y2RwLmdlb3RydXN0LmNvbS9HZW9UcnVzdFRMU0VDQ0NBRzEuY3JsMHYGCCsGAQUF
BwEBBGowaDAmBggrBgEFBQcwAYYaaHR0cDovL3N0YXR1cy5nZW90cnVzdC5jb20w
PgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNlcnRzLmdlb3RydXN0LmNvbS9HZW9UcnVz
dFRMU0VDQ0NBRzEuY3J0MAwGA1UdEwEB/wQCMAAwEwYKKwYBBAHWeQIEAwEB/wQC
BQAwCgYIKoZIzj0EAwIDSAAwRQIhAOxVPGiJ2WKZQzZQsWH8kCMKTB7pKgguogTY
B/8Dg8itAiByXjmarzP3hk7nt3TPQGCrbmC/BjfoSh93f0zAQkHP4g==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzrEFKE3oWFwgyAmhxtBNT5opfudG
q/zx2VG8EiW7ljv56YQSD7v4roUqmK75ylLJ0qeE+Bj6lbLUgzi33g0gTQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 13049323712044213751646615423412581112
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.4.3.2 (ecdsaWithSHA256)
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust TLS ECC CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-29 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-28 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'British Columbia'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Vancouver'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Lululemon Athletica Canada inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.lululemon.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.2.1 (ecPublicKey)
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.3.1.7 (prime256v1)
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (520 bits)
				0004ceb105284de8585c20c809a1c6d04d4f9a297ee746abfcf1d951bc1225bb963bf9e984120fbbf8ae852a98aef9ca52c9d2a784f818fa95b2d48338b7de0d204d
 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName bd82cf477b1e8c2285fe8ca81fc3e1b2dffda699
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f3c0fa323f1180178066673262557a966836a38d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.lululemon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lululemon.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lululemon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lululemon.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mirrorhook.lululemon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mysweatypursuits.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.lululemon.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.lululemon.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (5 bits)
							0388
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustTLSECCCAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustTLSECCCAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.4.3.2 (ecdsaWithSHA256)
 . . . . [c:0|t:3|false] BIT STRING (568 bits)
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 106896431189289502164412817306836837671796132502859677576710000943368614693037
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 51730145932406119186740862426660026350739618429063013351111966670414975979490