reverseproxy.onenote.com

- Microsoft Corporation -

Issued by Microsoft Azure TLS Issuing CA 06

About this certificate

This digital certificate with serial number 33:00:d9:11:1d:a9:77:2c:31:ad:e3:2d:81:00:00:00:d9:11:1d was issued on by Microsoft Corporation.

With 13 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Microsoft Corporation

Organization: Microsoft Corporation
State / Province: WA
Locality: Redmond
Country: US

Microsoft Corporation

Organization: Microsoft Corporation
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 33:00:d9:11:1d:a9:77:2c:31:ad:e3:2d:81:00:00:00:d9:11:1d
Serial Number (int): 1137411869149573330157728311936447303875367197
Serial Number lenght: 150 bits, 19 octets

SubjectKeyId: 8b:22:83:d3:f0:76:d6:71:6e:36:1a:33:f8:b1:df:e5:fd:08:cb:96
AuthorityKeyId: d5:c1:67:3a:c2:a3:9d:f4:77:52:5b:59:12:38:29:e6:55:68:bb:a5

Fingerprint (sha1): 8b:35:fe:27:6c:36:6d:dc:bc:0d:73:3b:c8:23:ea:bf:43:cf:57:fa
Fingerprint (sha256): b0:f7:45:f1:7c:1c:eb:78:5f:d0:3d:d8:a9:80:5b:cf:2f:02:7a:ba:dd:43:82:41:7c:d5:d8:54:81:c1:0c:cd

Issuing Certificate URL: http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2006%20-%20xsign.crt

Revocation information

OCSP Server: http://oneocsp.microsoft.com/ocsp
CRL Distribution Point: http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20TLS%20Issuing%20CA%2006.crl

Check the revocation status for certificate reverseproxy.onenote.com

13

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for reverseproxy.onenote.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

12 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

reverseproxy.onenote.com
onenote.co
onenote.co.uk
onenote.mobi
onenote.net
onenote.org
*.dev.onenote.com
onenote.com
*.onenote.com
onenote.office.com
*.reverseproxy.onenote.com
edusupport.microsoft.com
todosupport.microsoft.com

Other certificates including the domain name onenote.com

(limited to 100 certificates)
hierarchyapi.onenote.com
site.edog.onenote.com
apimonolith.onenote.com
mergesync.onenote.com
augmentationbg.onenote.com
contentsync.onenote.com
npkrsag.koreasouth.cloudapp.azure.com
reverseproxy.onenote.com
lookup.onenote.com
lookup.onenote.com
handwritingreco.edog.onenote.com
studentagency.edog.onenote.com
learningtools.onenote.com
apimonolith.onenote.com
handwritingreco.onenote.com
npinwag.westindia.cloudapp.azure.com
cdn.onenote.net
site.onenote.com
npneuag.northeurope.cloudapp.azure.com
classnotebookapi.edog.onenote.com
augmentationbg.edog.onenote.com
pagecontentretriever.onenote.com
handwritingreco.onenote.com
pagecontentsync.onenote.com
userinfo.onenote.com
pagecontentsync.edog.onenote.com
site.edog.onenote.com
pagecontentgc.edog.onenote.com
pagecontentretriever.edog.onenote.com
cdn.onenote.net
assignments.onenote.com
nbdistribution.edog.onenote.com
mergesync.onenote.com
pagecontentretriever.onenote.com
npinwag.westindia.cloudapp.azure.com
pagecontentgc.edog.onenote.com
onenoteonlinesync.onenote.com
hierarchyapi.edog.onenote.com
cdn.onenote.net
learningtools.onenote.com
pagecontentgc.onenote.com
appsforoffice.edog.onenote.com
hierarchyapi.onenote.com
npkrcag.koreacentral.cloudapp.azure.com
assignments.onenote.com
handwritingreco.edog.onenote.com
realtimesync.onenote.com
reverseproxy.edog.onenote.com
hierarchyretriever.edog.onenote.com
onenote.com
cdn.onenote.net
npeusag.eastus.cloudapp.azure.com
site.edog.onenote.com
cdn.onenote.net
apiwebhooks.onenote.com
assignments.edog.onenote.com
officeaddins.meetingdetails.onenote.com
lookup.onenote.com
cdn.onenote.net
reverseproxy.edog.onenote.com
entitystorage.edog.onenote.com
contentsync.onenote.com
pagecontentretriever.edog.onenote.com
pagecontentgc.onenote.com
bingindexing.edog.onenote.com
pagecontentretriever.onenote.com
officeaddins.meetingdetails.edog.onenote.com
nbdistribution.onenote.com
o365notification.edog.onenote.com
officeaddins.meetingdetails.edog.onenote.com
educonnect.assignments.onenote.com
npkrcag.koreacentral.cloudapp.azure.com
niscusag.southcentralus.cloudapp.azure.com
whiteboard.edog.onenote.com
site-cdn.onenote.net
notificationshub.edog.onenote.com
pagecontentgc.onenote.com
npjpeag.japaneast.cloudapp.azure.com
o365notification.edog.onenote.com
userinfo.onenote.com
hierarchyretriever.onenote.com
userinfo.edog.onenote.com
appsforoffice.onenote.com
niscusag.southcentralus.cloudapp.azure.com
pagecontentgc.onenote.com
site-cdn.onenote.net
npneuag.northeurope.cloudapp.azure.com
classnotebookapi.edog.onenote.com
cdn.onenote.net
lookup.edog.onenote.com
apiwebhooks.onenote.com
mergesync.edog.onenote.com
onenoteonlinesync.edog.onenote.com
edunotebookssite.onenote.com
reverseproxy.onenote.com
lookup.edog.onenote.com
onenote.com
educonnect.assignments.onenote.com
pagecontentgc.edog.onenote.com
bingindexing.onenote.com

Certificate

The complete raw certificate details for reverseproxy.onenote.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJQDCCByigAwIBAgITMwDZER2pdywxreMtgQAAANkRHTANBgkqhkiG9w0BAQwF
ADBZMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MSowKAYDVQQDEyFNaWNyb3NvZnQgQXp1cmUgVExTIElzc3VpbmcgQ0EgMDYwHhcN
MjMwOTI4MDkzNDQwWhcNMjQwNjI3MjM1OTU5WjBvMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCV0ExEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD
b3Jwb3JhdGlvbjEhMB8GA1UEAxMYcmV2ZXJzZXByb3h5Lm9uZW5vdGUuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycGHUvLEI+5RZAjsxNOJ+frU
7aY27i39x7538Kosj+MaiXVFCJ9kIkewTUDXqQRQQyhyQet7Ae4rX186fGTKAqt2
MtA7N1jc2HNatucmb/QJchW3L3QCF93M+ctxRDVC8vOXlz9e38HhBW986Ml2yPNk
1gWQE28eqj+4pKQCW8MU29O/2hn54MseLF05qOub28h0GXcmM5kNK4XXTLkb/ons
4zgbWVZy3mOHNjXqT8BLjxTF8AoeYe0svlF8P930BBoJBgMltNa1fyEOxWR2CkoN
01Ch6J9VjV7KmhHvqYOZuabLh6jxIaAl/DhBTEko14RjsI3TogZtCQrDMKWsCQID
AQABo4IE6TCCBOUwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AHb/iD8KtvuV
UcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABitstI28AAAQDAEcwRQIgIWMrbNpl
Gx8pAwBtSPWGTjYOcVFXpuBALGUCO6IZSwICIQDeRpxl7pHdIPfWmSS8YazFAa7a
Sg+UkNYw/80kBSJzXwB2ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/ur
AAABitstJW8AAAQDAEcwRQIhAIOUZMqT3ehV4FCrd/++zXtryx9dsy0454TeGjBi
k43RAiBWaodK3jEeDvEx5YsnXTagUeD8TOMU+Y84sJOzNgKUbgB3AEiw42vapkc0
D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABitstJE8AAAQDAEgwRgIhAKOOlkNf
Nny+f0C6y5Z/qwoJhC+PEqV53cT0G4RTN1HzAiEA5J8ObOxZ6Ept3peKsOkLBf1X
eMsr5THAunuyaC8Ed8IwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggr
BgEFBQcDATA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiHvdcbgefrRoKBnS6O
0AyH8NodXYKE5WmC86c+AgFkAgEmMIGuBggrBgEFBQcBAQSBoTCBnjBtBggrBgEF
BQcwAoZhaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNy
b3NvZnQlMjBBenVyZSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDA2JTIwLSUyMHhz
aWduLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9zb2Z0LmNv
bS9vY3NwMB0GA1UdDgQWBBSLIoPT8HbWcW42GjP4sd/l/QjLljAOBgNVHQ8BAf8E
BAMCBaAwgfwGA1UdEQSB9DCB8YIYcmV2ZXJzZXByb3h5Lm9uZW5vdGUuY29tggpv
bmVub3RlLmNvgg1vbmVub3RlLmNvLnVrggxvbmVub3RlLm1vYmmCC29uZW5vdGUu
bmV0ggtvbmVub3RlLm9yZ4IRKi5kZXYub25lbm90ZS5jb22CC29uZW5vdGUuY29t
gg0qLm9uZW5vdGUuY29tghJvbmVub3RlLm9mZmljZS5jb22CGioucmV2ZXJzZXBy
b3h5Lm9uZW5vdGUuY29tghhlZHVzdXBwb3J0Lm1pY3Jvc29mdC5jb22CGXRvZG9z
dXBwb3J0Lm1pY3Jvc29mdC5jb20wDAYDVR0TAQH/BAIwADBkBgNVHR8EXTBbMFmg
V6BVhlNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3Nv
ZnQlMjBBenVyZSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDA2LmNybDBmBgNVHSAE
XzBdMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1p
Y3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQIC
MB8GA1UdIwQYMBaAFNXBZzrCo530d1JbWRI4KeZVaLulMB0GA1UdJQQWMBQGCCsG
AQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQwFAAOCAgEABIX2AsBOKeTAxr3N
8AG2aXX2AJ2qQbS2BPdgBpAF65EW5EmV+2q3XbTK7qqQEz8DZZCn/ldzWBCjoQLf
RMEbcDLDmlWkFVTKNoc8impdAbLjgKb4rx6bVBWAH6Kannl0rIaS3km00zOj9kQS
2g7BJM+5H8Suotxs2LpxIM2pPCO++t1+Wu+7wMi6aWfLL2c94EoE9i788YQfXyVD
B0YwYt8FfCRmcobAnqVoCgAm5ABxEvkUpF8OPe4vfWBD190MsNe5Ao5M9Po+AUE+
fyv4mmUjN6yY1q0bxbCLOoXcBdOSp5BgZJ1OGt0+jKTQZiRfqwGYextq27IU/Zzj
OrdWlefgVxO/JSO6qAjs06+n9H47m09VlUJ5gOUZGGwIqOkl8EOiIm3lTQiitPQt
EWkuSxM79dCYctTnCJmN6ITnqjbMKd3UFLt4yCDCP9s+WJkpTqwbIhISdMtA1bJJ
/Ng8TyuvMR4pn6cIvAVtcpAITLtvCnMaGvqIOsc/D27rwf+amyhMtm44CY/djL9f
/st5P4muRMfqvYxLLGs5KNv1BYaR+r6OkRYhZ+kDBanlhN/04wYDPAG1JvfHtZCR
n6SqoxYo19BylljDa1fOEHkudMYADY+T7nt0rOsKWPNR3nmkPATXXBT3vq8gjvtC
P9jJHAuIzuPR97w8lilrcY0yNM0=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycGHUvLEI+5RZAjsxNOJ
+frU7aY27i39x7538Kosj+MaiXVFCJ9kIkewTUDXqQRQQyhyQet7Ae4rX186fGTK
Aqt2MtA7N1jc2HNatucmb/QJchW3L3QCF93M+ctxRDVC8vOXlz9e38HhBW986Ml2
yPNk1gWQE28eqj+4pKQCW8MU29O/2hn54MseLF05qOub28h0GXcmM5kNK4XXTLkb
/ons4zgbWVZy3mOHNjXqT8BLjxTF8AoeYe0svlF8P930BBoJBgMltNa1fyEOxWR2
CkoN01Ch6J9VjV7KmhHvqYOZuabLh6jxIaAl/DhBTEko14RjsI3TogZtCQrDMKWs
CQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1137411869149573330157728311936447303875367197
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Azure TLS Issuing CA 06'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-28 09:34:40 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-27 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'WA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'reverseproxy.onenote.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25469331812311500507484298189126261261908240600274084140089362884212293226255649352070602269056761858182893315836086359479062445724539676715748757787990360909895100765930441326525172955526968161846439239742672193855191767424613301000504449634721078315721263177054707255484279121213473384813880658570407824029942363599247961513208309338111465445680611184263041708510376039775316870927025199359323803353789334400719812057915529162158995379791460734260596642565712717810020999689813369327291309725196436864346758033287914876849435903138586653593036325556748389273488775638640481622361891472170072080764436094051565284361
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							016900760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018adb2d236f0000040300473045022021632b6cda651b1f2903006d48f5864e360e715157a6e0402c65023ba2194b02022100de469c65ee91dd20f7d69924bc61acc501aeda4a0f9490d630ffcd240522735f007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018adb2d256f0000040300473045022100839464ca93dde855e050ab77ffbecd7b6bcb1f5db32d38e784de1a3062938dd10220566a874ade311e0ef131e58b275d36a051e0fc4ce314f98f38b093b33602946e00770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018adb2d244f0000040300483046022100a38e96435f367cbe7f40bacb967fab0a09842f8f12a579ddc4f41b84533751f3022100e49f0e6cec59e84a6dde978ab0e90b05fd5778cb2be531c0ba7bb2682f0477c2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (47 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.15690651.3798470.4214446.239628.16526621.93.4272873.6083518
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 38
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (161 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2006%20-%20xsign.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://oneocsp.microsoft.com/ocsp'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8b2283d3f076d6716e361a33f8b1dfe5fd08cb96
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'reverseproxy.onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.mobi'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.dev.onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'onenote.office.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.reverseproxy.onenote.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edusupport.microsoft.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'todosupport.microsoft.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (93 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20TLS%20Issuing%20CA%2006.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (95 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.76.509.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pkiops/Docs/Repository.htm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d5c1673ac2a39df477525b59123829e65568bba5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		000485f602c04e29e4c0c6bdcdf001b66975f6009daa41b4b604f760069005eb9116e44995fb6ab75db4caeeaa90133f036590a7fe57735810a3a102df44c11b7032c39a55a41554ca36873c8a6a5d01b2e380a6f8af1e9b5415801fa29a9e7974ac8692de49b4d333a3f64412da0ec124cfb91fc4aea2dc6cd8ba7120cda93c23befadd7e5aefbbc0c8ba6967cb2f673de04a04f62efcf1841f5f254307463062df057c24667286c09ea5680a0026e4007112f914a45f0e3dee2f7d6043d7dd0cb0d7b9028e4cf4fa3e01413e7f2bf89a652337ac98d6ad1bc5b08b3a85dc05d392a79060649d4e1add3e8ca4d066245fab01987b1b6adbb214fd9ce33ab75695e7e05713bf2523baa808ecd3afa7f47e3b9b4f5595427980e519186c08a8e925f043a2226de54d08a2b4f42d11692e4b133bf5d09872d4e708998de884e7aa36cc29ddd414bb78c820c23fdb3e5899294eac1b22121274cb40d5b249fcd83c4f2baf311e299fa708bc056d7290084cbb6f0a731a1afa883ac73f0f6eebc1ff9a9b284cb66e38098fdd8cbf5ffecb793f89ae44c7eabd8c4b2c6b3928dbf5058691fabe8e91162167e90305a9e584dff4e306033c01b526f7c7b590919fa4aaa31628d7d0729658c36b57ce10792e74c6000d8f93ee7b74aceb0a58f351de79a43c04d75c14f7beaf208efb423fd8c91c0b88cee3d1f7bc3c96296b718d3234cd