www.goodwillcfl.org

Issued by GlobalSign GCC R3 DV TLS CA 2020

About this certificate

This digital certificate with serial number 3d:ec:53:72:2a:18:22:7f:a3:8b:ae:31 was issued on by GlobalSign nv-sa.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=www.goodwillcfl.org

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate will expire on

Certificate Details

Serial Number (hex): 3d:ec:53:72:2a:18:22:7f:a3:8b:ae:31
Serial Number (int): 19164286154911216541517983281
Serial Number lenght: 94 bits, 12 octets

SubjectKeyId: 5b:bf:57:bc:01:af:9f:b2:11:6c:bc:c9:13:6d:96:4c:d8:5a:88:41
AuthorityKeyId: 0d:98:c0:73:7f:ab:bd:bd:d9:47:4b:49:ad:0a:4a:0c:ac:3e:c7:7c

Fingerprint (sha1): 5f:b6:ad:8c:17:1b:79:a4:76:be:b5:d6:2e:af:9b:80:25:da:ff:49
Fingerprint (sha256): b5:85:bc:7e:4d:93:e4:e4:80:75:d3:cf:7d:ff:cd:34:7e:60:cb:64:d9:0a:7e:e8:f0:ce:bb:4d:ad:d7:fd:45

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsgccr3dvtlsca2020.crt

Revocation information

OCSP Server: http://ocsp.globalsign.com/gsgccr3dvtlsca2020
CRL Distribution Point: http://crl.globalsign.com/gsgccr3dvtlsca2020.crl

Check the revocation status for certificate www.goodwillcfl.org

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.goodwillcfl.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.goodwillcfl.org
goodwillcfl.org

Other certificates including the domain name goodwillcfl.org

(limited to 100 certificates)
learning.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
goodwillcfl.org
fsus-22.freshservice.com
helpdesk.goodwillcfl.org
www.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
*.goodwillcfl.org
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
corp-fs01.goodwillcfl.org
learning.goodwillcfl.org
fsus-22.freshservice.com
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
sftp.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
www.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
corp-fs01.goodwillcfl.org
ds-ex01.goodwillcfl.org
learning.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
fsus-22.freshservice.com
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
fsus-22.freshservice.com
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
learning.goodwillcfl.org
fsus-22.freshservice.com
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
mail.goodwillcfl.org
fsus-22.freshservice.com
fsus-22.freshservice.com
fsus-22.freshservice.com
fsus-22.freshservice.com
*.goodwillcfl.org
ds-gpts01.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
www.goodwillcfl.org
fsus-22.freshservice.com
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
www.goodwillcfl.org
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
fsus-22.freshservice.com
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
sstp.goodwillcfl.org
fsus-22.freshservice.com
fsus-22.freshservice.com
helpdesk.goodwillcfl.org
fsus-22.freshservice.com
fsus-22.freshservice.com
fsus-22.freshservice.com
*.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org
helpdesk.goodwillcfl.org

Certificate

The complete raw certificate details for www.goodwillcfl.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGYDCCBUigAwIBAgIMPexTcioYIn+ji64xMA0GCSqGSIb3DQEBCwUAMFMxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSkwJwYDVQQDEyBH
bG9iYWxTaWduIEdDQyBSMyBEViBUTFMgQ0EgMjAyMDAeFw0yNDA0MDUxNjQxNTRa
Fw0yNTA1MDcxNjQxNTNaMB4xHDAaBgNVBAMTE3d3dy5nb29kd2lsbGNmbC5vcmcw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0jIvowfBT5Cj4/Vi7QRDV
LzqM3x+PQSZ874XB9biSvim6D+h0uMrbCmwtFM9Gca3BqU8OhLnn8fYnbJ0QFV64
u14md2vOATrn0kC2XjcwIDl+WSTFAt/TTwmSJbISlDPksUtnnnm+8d2gswOx72TR
yNhQcj1Tdxbo0BWST16c2tiSV44+MiBwGIlS/lPQK3HzKqnu515lOOX5KaCHp9+5
iaJiar2QL85v5UVhNzbsYoNs80A+G3qTWn5xqNcjxgPjvGs74FEVJOTJcezqunuQ
vtYky7X7oO6XmJ969shTYHjo1fs5E6Fs5coeXV9kPUaIuuuBUDxabhBdRp+UGtin
AgMBAAGjggNnMIIDYzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADCBkwYI
KwYBBQUHAQEEgYYwgYMwRgYIKwYBBQUHMAKGOmh0dHA6Ly9zZWN1cmUuZ2xvYmFs
c2lnbi5jb20vY2FjZXJ0L2dzZ2NjcjNkdnRsc2NhMjAyMC5jcnQwOQYIKwYBBQUH
MAGGLWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjNkdnRsc2NhMjAy
MDBWBgNVHSAETzBNMEEGCSsGAQQBoDIBCjA0MDIGCCsGAQUFBwIBFiZodHRwczov
L3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwQQYDVR0f
BDowODA2oDSgMoYwaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9nc2djY3IzZHZ0
bHNjYTIwMjAuY3JsMC8GA1UdEQQoMCaCE3d3dy5nb29kd2lsbGNmbC5vcmeCD2dv
b2R3aWxsY2ZsLm9yZzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYD
VR0jBBgwFoAUDZjAc3+rvb3ZR0tJrQpKDKw+x3wwHQYDVR0OBBYEFFu/V7wBr5+y
EWy8yRNtlkzYWohBMIIBgAYKKwYBBAHWeQIEAgSCAXAEggFsAWoAdwDm0jFjQHeM
wRBBBtdxuc7B0kD2loSG+7qHMh39HjeOUAAAAY6vI2ZmAAAEAwBIMEYCIQD7WLny
8585sXY+pfPPocZ1EiJx9caWnJT5GNVVsnAGkwIhAJSmDQJugqLZLCkPX0fj2oUZ
l129XiSxnm3cuEXoAVn2AHcAE0rfGrWYQgl4DG/vTHqRpBa3I0nOWFdq367ap8Kr
4CIAAAGOryNniwAABAMASDBGAiEAq19hV4OuHWjzO8U/n7s2w60O8nT3sVh+lb1u
lo7k4KQCIQD7g51NLsTQ6W+lX1Xh0ouDM7tweksHnsxWX0SJM//BtAB2AE51oydc
mhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjq8jZ20AAAQDAEcwRQIgfDzZ
9rX0DMUWj4qJPRXMjuCjm7Crs98P/lWb5TkSF9sCIQDdOk4a5ztvoZHHwO6R9ZHw
oH/mWr4hMJVEgD/do2XKEzANBgkqhkiG9w0BAQsFAAOCAQEAQzfy1EU0f/4ruEEk
K3pESaXDo2xVBxZqDP4+YQyBq9pRFBnIl/fzL37o3hFcjuvPWnUmGBCVQVs44L/M
DXBdcnPl68hp9Du0vsv+YWx7fDRPYyNu+D0LhdQjTX1xBLs48Jcu4AMBxqHM+7nY
3TKQ4SUb4mSzQysK55z2wi+2/5L4JsFha1CkI32smhZbp6co/Gt6D80koqtyBJzS
lFZ5JHuqVsrMnrTOl1TMcU4Sji0LGx9/C/LLGS2CDxCPdVhokWphAc8hw0Xt/08X
9+6koab6THK2iViQH92w/lvDRvkw/LRvDcxBgDDvktR95Cx8n9iMGwAPe0RGbuml
0QUoOg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9IyL6MHwU+Qo+P1Yu0EQ
1S86jN8fj0EmfO+FwfW4kr4pug/odLjK2wpsLRTPRnGtwalPDoS55/H2J2ydEBVe
uLteJndrzgE659JAtl43MCA5flkkxQLf008JkiWyEpQz5LFLZ555vvHdoLMDse9k
0cjYUHI9U3cW6NAVkk9enNrYkleOPjIgcBiJUv5T0Ctx8yqp7udeZTjl+Smgh6ff
uYmiYmq9kC/Ob+VFYTc27GKDbPNAPht6k1p+cajXI8YD47xrO+BRFSTkyXHs6rp7
kL7WJMu1+6Dul5ifevbIU2B46NX7OROhbOXKHl1fZD1GiLrrgVA8Wm4QXUaflBrY
pwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 19164286154911216541517983281
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign GCC R3 DV TLS CA 2020'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-05 16:41:54 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-07 16:41:53 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.goodwillcfl.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30871452483974942102388903058993497946485437470609792823991254550954006525667816160196659958665848140398702918383307215333405213609574458010200501351105138041231724897916353717079889312465055321943188950130894870669840646648464720592894634441049445928466128142344017769071069930947372053285473685334911828358015915080257194356495677418944526773626619841945686275698967564831902953680666999585222210907603288513271777021414825969924311734108553176618021715496599233756649328744670108369368648964053487569720633571165083835409733958553574656795444726044469322166698944306459640909361318416313605819654162827164767672487
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (134 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsgccr3dvtlsca2020.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.globalsign.com/gsgccr3dvtlsca2020'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.10 (globalsignDVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (58 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gsgccr3dvtlsca2020.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.goodwillcfl.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'goodwillcfl.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0d98c0737fabbdbdd9474b49ad0a4a0cac3ec77c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5bbf57bc01af9fb2116cbcc9136d964cd85a8841
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a007700e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018eaf2366660000040300483046022100fb58b9f2f39f39b1763ea5f3cfa1c675122271f5c6969c94f918d555b270069302210094a60d026e82a2d92c290f5f47e3da8519975dbd5e24b19e6ddcb845e80159f6007700134adf1ab5984209780c6fef4c7a91a416b72349ce58576adfaedaa7c2abe0220000018eaf23678b0000040300483046022100ab5f615783ae1d68f33bc53f9fbb36c3ad0ef274f7b1587e95bd6e968ee4e0a4022100fb839d4d2ec4d0e96fa55f55e1d28b8333bb707a4b079ecc565f448933ffc1b40076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018eaf23676d000004030047304502207c3cd9f6b5f40cc5168f8a893d15cc8ee0a39bb0abb3df0ffe559be5391217db022100dd3a4e1ae73b6fa191c7c0ee91f591f0a07fe65abe21309544803fdda365ca13
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004337f2d445347ffe2bb841242b7a4449a5c3a36c5507166a0cfe3e610c81abda511419c897f7f32f7ee8de115c8eebcf5a7526181095415b38e0bfcc0d705d7273e5ebc869f43bb4becbfe616c7b7c344f63236ef83d0b85d4234d7d7104bb38f0972ee00301c6a1ccfbb9d8dd3290e1251be264b3432b0ae79cf6c22fb6ff92f826c1616b50a4237dac9a165ba7a728fc6b7a0fcd24a2ab72049cd2945679247baa56cacc9eb4ce9754cc714e128e2d0b1b1f7f0bf2cb192d820f108f755868916a6101cf21c345edff4f17f7eea4a1a6fa4c72b68958901fddb0fe5bc346f930fcb46f0dcc418030ef92d47de42c7c9fd88c1b000f7b44466ee9a5d105283a