www.bcorporation.net

- B Lab Company -

Issued by DigiCert SHA2 Secure Server CA

About this certificate

This digital certificate with serial number 0d:4d:46:5c:c1:bd:aa:82:0a:64:16:04:a9:10:73:53 was issued on by DigiCert Inc.

With 16 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

B Lab Company

Organization: B Lab Company
Organization unit: Technology
State / Province: Pennsylvania
Locality: Berwyn
Country: US

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0d:4d:46:5c:c1:bd:aa:82:0a:64:16:04:a9:10:73:53
Serial Number (int): 17681197920934194080949403161780581203
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: ce:0a:7d:8b:ec:28:44:bb:8b:d9:25:a3:a7:c7:b4:06:57:2f:3c:f8
AuthorityKeyId: 0f:80:61:1c:82:31:61:d5:2f:28:e7:8d:46:38:b4:2c:e1:c6:d9:e2

Fingerprint (sha1): 3a:c2:e3:dd:36:a5:e1:03:15:ce:6f:36:86:35:01:82:2f:34:d4:5a
Fingerprint (sha256): ba:36:2d:da:1b:a0:e6:d5:43:f0:6b:bd:b8:6a:b7:36:69:b1:2b:2e:13:e0:fb:fc:c2:11:1f:f1:d8:1c:cb:ad

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/ssca-sha2-g6.crl
CRL Distribution Point: http://crl4.digicert.com/ssca-sha2-g6.crl

Check the revocation status for certificate www.bcorporation.net

16

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.bcorporation.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.bcorporation.net
bcorporation.net
www.bimpactassessment.net
b-analytics.net
bimpactassessment.net
alta-staging.bcorporation.net
alta-staging.bcorporation.eu
alta-staging.bcorporation.uk
alta-staging.bcorporation.com.au
bcorporation.eu
bcorporation.uk
bcorporation.com.au
benefitcorp.net
staging.b-analytics.net
www.benefitcorp.net
www.b-analytics.net

Other certificates including the domain name bcorporation.net

(limited to 100 certificates)
help.pbskids.org
best-for-colorado.bimpactassessment.net
bcorporation.net
www.bcorporation.net
giirs.net
pardot.bcorporation.net
giirs.net
fdus-48.freshdesk.com
*.bcorporation.net
help.pbskids.org
usca.bcorporation.net
best-for-colorado.bimpactassessment.net
giirs.net
giirs.net
rev.bcorporation.net
www.bcorporation.net
best-for-colorado.bimpactassessment.net
www.bcorporation.net
www.bcorporation.net
rev-uk.bcorporation.net
rev-au.bcorporation.net
beta.bimpactassessment.net
help.pbskids.org
rev.bcorporation.net
www.bcorporation.net
rev-au.bcorporation.net
connect.bcorporation.net
fdus-48.freshdesk.com
www.bcorporation.net
best-for-colorado.bimpactassessment.net
b-lab-kb.bcorporation.net
bcorporation.net
help.pbskids.org
fdus-48.freshdesk.com
connect.bcorporation.net
survey.bcorporation.net
rev-uk.bcorporation.net
b-impact.com
giirs.net
rev-au.bcorporation.net
www.bcorporation.net
bcorporation.net
help.pbskids.org
rev-uk.bcorporation.net
fdus-48.freshdesk.com
beta.bimpactassessment.net
bcorporation.net
rev.bcorporation.net
giirs.net
pardot.bcorporation.net
rev-au.bcorporation.net
rev-eu.bcorporation.net
bcorporation.net
www.bcorporation.net
giirs.net
survey.bcorporation.net
champions-retreat.bcorporation.net
champions-retreat.bcorporation.net
www.bcorporation.net
best-for-colorado.bimpactassessment.net
help.pbskids.org
rev.bcorporation.net
best-for-colorado.bimpactassessment.net
best-for-colorado.bimpactassessment.net
connect.bcorporation.net
bcorporation.net
help.pbskids.org
fdus-48.freshdesk.com
giirs.net
www.bcorporation.net
www.bcorporation.net
best-for-colorado.bimpactassessment.net
www.bcorporation.net
giirs.net
survey.bcorporation.net
bcorporation.net
champions-retreat.bcorporation.net
www.bcorporation.net
rev-au.bcorporation.net
fdus-48.freshdesk.com
help.pbskids.org
help.pbskids.org
www.bcorporation.net
b-analytics.net
help.pbskids.org
giirs.net
rev-eu.bcorporation.net
rev-eu.bcorporation.net
fdus-48.freshdesk.com
www.bcorporation.net
connect.bcorporation.net
champions-retreat.bcorporation.net
giirs.net
giirs.net
help.pbskids.org
rev-eu.bcorporation.net
help.pbskids.org
bcorporation.net
bcorporation.net
survey.bcorporation.net

Certificate

The complete raw certificate details for www.bcorporation.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGrjCCBZagAwIBAgIQDU1GXMG9qoIKZBYEqRBzUzANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTkwODI5MDAwMDAwWhcN
MjAwNTA4MTIwMDAwWjCBgTELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBlbm5zeWx2
YW5pYTEPMA0GA1UEBxMGQmVyd3luMRYwFAYDVQQKEw1CIExhYiBDb21wYW55MRMw
EQYDVQQLEwpUZWNobm9sb2d5MR0wGwYDVQQDExR3d3cuYmNvcnBvcmF0aW9uLm5l
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+ECTKjPnj71jo6RGgx
/hXdNHDvvKbfcydIQ+qcyftSuWtcjvUaO6sNMXPgcU9UQRA1fbOmQzH6DTiQLF9g
vGNuBKW0dpcMNhR4pn04rAKXQBY4PZKVkeo6yyi5vMfu/tg/wl3V8r5FUENDz8uk
eYQ9BpzCNZnkxow2yos7z3jOW/AHB/XgzNh8IDMJQHPnbBbpTShqjYGguk0rWBFZ
5v3lWnlCEKAE9xz64aPmTUI+90XU36x6ZO+eS+T1x/8lbbL+VdJ1/1oX0j/iTMWU
HyxNm1Oqhxd/FARfGEN0jcMqqyxo2uG2Ei3xnWgzMZ/k9zSwgy3aQ8RyQiMl4b1z
wH0CAwEAAaOCA1MwggNPMB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtni
MB0GA1UdDgQWBBTOCn2L7ChEu4vZJaOnx7QGVy88+DCCAYAGA1UdEQSCAXcwggFz
ghR3d3cuYmNvcnBvcmF0aW9uLm5ldIIQYmNvcnBvcmF0aW9uLm5ldIIZd3d3LmJp
bXBhY3Rhc3Nlc3NtZW50Lm5ldIIPYi1hbmFseXRpY3MubmV0ghViaW1wYWN0YXNz
ZXNzbWVudC5uZXSCHWFsdGEtc3RhZ2luZy5iY29ycG9yYXRpb24ubmV0ghxhbHRh
LXN0YWdpbmcuYmNvcnBvcmF0aW9uLmV1ghxhbHRhLXN0YWdpbmcuYmNvcnBvcmF0
aW9uLnVrgiBhbHRhLXN0YWdpbmcuYmNvcnBvcmF0aW9uLmNvbS5hdYIPYmNvcnBv
cmF0aW9uLmV1gg9iY29ycG9yYXRpb24udWuCE2Jjb3Jwb3JhdGlvbi5jb20uYXWC
D2JlbmVmaXRjb3JwLm5ldIIXc3RhZ2luZy5iLWFuYWx5dGljcy5uZXSCE3d3dy5i
ZW5lZml0Y29ycC5uZXSCE3d3dy5iLWFuYWx5dGljcy5uZXQwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+g
LaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAv
oC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmww
TAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93
d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKG
Omh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVT
ZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADAN
BgkqhkiG9w0BAQsFAAOCAQEAMJGczOVf9/9i4oKSv4ygaKi3k478gfAmZg1SJPxj
1wHINjMjQZxQYlLiKihaJr0+jolozcr+VogWKYLFEca+XYmq7zSxcjlbpiQWVnm8
egoOnUvu+0JxMqnAVaHy6Q9DntDjHwOk79vBSpx2TfOH77KilaOT7BrPOJzjVkH9
7rERNXh9h45ZdsQL6qG+q/7unkaBzJBVALkiruJQUlS0aqk93cYNp34EpWydT3Gl
MGdfd4sU3CS1HmEEj7TuB0FIEdupYixaldhBoJnQdHHSnSFVk9LmQ/SuvV7UzBBL
xWDSgzMfSpU7r8AGSjkjUgB4t/wWC0lCBQBBC/xWQkiehw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4QJMqM+ePvWOjpEaDH+
Fd00cO+8pt9zJ0hD6pzJ+1K5a1yO9Ro7qw0xc+BxT1RBEDV9s6ZDMfoNOJAsX2C8
Y24EpbR2lww2FHimfTisApdAFjg9kpWR6jrLKLm8x+7+2D/CXdXyvkVQQ0PPy6R5
hD0GnMI1meTGjDbKizvPeM5b8AcH9eDM2HwgMwlAc+dsFulNKGqNgaC6TStYEVnm
/eVaeUIQoAT3HPrho+ZNQj73RdTfrHpk755L5PXH/yVtsv5V0nX/WhfSP+JMxZQf
LE2bU6qHF38UBF8YQ3SNwyqrLGja4bYSLfGdaDMxn+T3NLCDLdpDxHJCIyXhvXPA
fQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 17681197920934194080949403161780581203
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-08-29 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-05-08 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Pennsylvania'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Berwyn'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'B Lab Company'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Technology'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.bcorporation.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26196438471182821211222451825981416691163045953871388009962373920705445508241290661174477090696383788970398918393317812056948995721107209960598418495762849833705498908934648593991162997585189030984595802706160928509284164306690543617906827722100246398247989410150375469737689596606236374253558407428596988580946460582547361799503101926592953636710591653776438646926029487852866566817629120441662808215543010398748535191313154838971160637030311013849226825352074196457277330651547972824428774648547625228338874292264167982033799178228213684065046903146278252131296445367414879218885630908269707800073266628567065935997
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0f80611c823161d52f28e78d4638b42ce1c6d9e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							ce0a7d8bec2844bb8bd925a3a7c7b406572f3cf8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (375 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.bcorporation.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bcorporation.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.bimpactassessment.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'b-analytics.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bimpactassessment.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'alta-staging.bcorporation.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'alta-staging.bcorporation.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'alta-staging.bcorporation.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'alta-staging.bcorporation.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bcorporation.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bcorporation.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bcorporation.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'benefitcorp.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.b-analytics.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.benefitcorp.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.b-analytics.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/ssca-sha2-g6.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/ssca-sha2-g6.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (112 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0030919ccce55ff7ff62e28292bf8ca068a8b7938efc81f026660d5224fc63d701c8363323419c506252e22a285a26bd3e8e8968cdcafe5688162982c511c6be5d89aaef34b172395ba624165679bc7a0a0e9d4beefb427132a9c055a1f2e90f439ed0e31f03a4efdbc14a9c764df387efb2a295a393ec1acf389ce35641fdeeb11135787d878e5976c40beaa1beabfeee9e4681cc905500b922aee2505254b46aa93dddc60da77e04a56c9d4f71a530675f778b14dc24b51e61048fb4ee07414811dba9622c5a95d841a099d07471d29d215593d2e643f4aebd5ed4cc104bc560d283331f4a953bafc0064a3923520078b7fc160b49420500410bfc5642489e87