sst.irstea.fr

- Direction des Systeme d'information -

Issued by TERENA SSL CA 3

About this certificate

This digital certificate with serial number 01:4f:88:ea:78:70:12:ef:95:26:19:bb:f4:15:5e:0b was issued on by TERENA.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Direction des Systeme d'information

Organization: Direction des Systeme d'information
Organization unit: DSI
State / Province: Ile de France
Locality: Antony
Country: FR

TERENA

Organization: TERENA
State / Province: Noord-Holland
Locality: Amsterdam
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 01:4f:88:ea:78:70:12:ef:95:26:19:bb:f4:15:5e:0b
Serial Number (int): 1742196431978982513064447826296397323
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: a7:25:a9:4a:25:64:0b:a3:3f:d3:9e:1b:61:6c:0c:33:f7:22:b0:76
AuthorityKeyId: 67:fd:88:20:14:27:98:c7:09:d2:25:19:bb:e9:51:11:63:75:50:62

Fingerprint (sha1): 10:85:6c:f5:a3:e9:2a:dc:5c:8b:e7:5e:76:bd:20:29:c9:c4:43:f2
Fingerprint (sha256): ba:7f:f9:98:a2:85:57:0b:71:ec:0f:12:3c:a7:fa:82:c0:b4:46:31:2c:ed:26:40:b9:90:d5:0c:ce:e2:e5:60

Issuing Certificate URL: http://cacerts.digicert.com/TERENASSLCA3.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/TERENASSLCA3.crl
CRL Distribution Point: http://crl4.digicert.com/TERENASSLCA3.crl

Check the revocation status for certificate sst.irstea.fr

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for sst.irstea.fr

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

sst.irstea.fr
sst.cemagref.fr

Other certificates including the domain name irstea.fr

(limited to 100 certificates)
passport.irstea.fr
vocabulaires.test.irstea.fr
gmd.irstea.fr
deepomics.test.irstea.fr
acme.irstea.fr
energie-step-diagnostic.irstea.fr
energie-step-diagnostic.irstea.fr
gitlab.irstea.fr
demdoc.irstea.fr
accesdistant.irstea.fr
sam.irstea.fr
agirh.test.irstea.fr
sgadmin-elise.irstea.fr
iwa-gmp-tg.irstea.fr
idp.test.irstea.fr
*.irstea.fr
irsteadoc.dev.irstea.fr
heart.irstea.fr
auth.irstea.fr
agirh.irstea.fr
piwik.irstea.fr
ldap.irstea.fr
metacatalogue-theia.cines.teledetection.fr
sturwild.irstea.fr
agirh.dev.irstea.fr
kanban.irstea.fr
resa.irstea.fr
wiki.irstea.fr
pad-public.irstea.fr
energie-step-diagnostic.test.irstea.fr
agirh.irstea.fr
is.irstea.fr
transect.irstea.fr
bdoh.irstea.fr
deas.irstea.fr
*.rosetta.irstea.fr
mdl4eo-cartes.irstea.fr
base-des-conventions.irstea.fr
demdoc.irstea.fr
deepomics-api.irstea.fr
bdoh.irstea.fr
energie-step-diagnostic.test.irstea.fr
iwa-gmp-tg.irstea.fr
svn.irstea.fr
plantedefi.irstea.fr
agirh.irstea.fr
plandefi.recette.irstea.fr
wwtmod2016.irstea.fr
svn.lyon.cemagref.fr
domfeu.irstea.fr
sondage.irstea.fr
actisurtt.cemagref.fr
heart.irstea.fr
ldap.irstea.fr
agirh.irstea.fr
isdevtools.irstea.fr
sygade.irstea.fr
hydroeco.irstea.fr
pasi.irstea.fr
deepomics-api.irstea.fr
sondage.irstea.fr
is.irstea.fr
grainpact.inrae.fr
base-des-conventions.recette.irstea.fr
sygade.irstea.fr
riverhydraulics.inrae.fr
r2d2-2050.irstea.fr
mattermost.irstea.fr
www.irstea.fr
annuaire.irstea.fr
acme.irstea.fr
vulnefeux.irstea.fr
dysperse.inrae.fr
activites.irstea.fr
extraflo.irstea.fr
deepomics-api.test.irstea.fr
forge-irti.irstea.fr
piwik.irstea.fr
digues2019.inrae.fr
*.rosetta.irstea.fr
sam.irstea.fr
pmad.irstea.fr
mapliz.irstea.fr
webmail.irstea.fr
garabie.test.irstea.fr
bdc-simple.recette.irstea.fr
irsteadoc.irstea.fr
gitlab.irstea.fr
activites.irstea.fr
chimitheque.irstea.fr
idp.irstea.fr
usactcal.irstea.fr
passport-iam.test.irstea.fr
coupesrases.irstea.fr
resa.irstea.fr
sturwild.irstea.fr
vocabulaires.irstea.fr
passport-iam.recette.irstea.fr
sympa.irstea.fr
hydroscope.irstea.fr

Certificate

The complete raw certificate details for sst.irstea.fr in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgIQAU+I6nhwEu+VJhm79BVeCzANBgkqhkiG9w0BAQsFADBk
MQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJ
QW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wg
Q0EgMzAeFw0xNTExMjUwMDAwMDBaFw0xODExMjkxMjAwMDBaMIGKMQswCQYDVQQG
EwJGUjEWMBQGA1UECBMNSWxlIGRlIEZyYW5jZTEPMA0GA1UEBxMGQW50b255MSww
KgYDVQQKEyNEaXJlY3Rpb24gZGVzIFN5c3RlbWUgZCdpbmZvcm1hdGlvbjEMMAoG
A1UECxMDRFNJMRYwFAYDVQQDEw1zc3QuaXJzdGVhLmZyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAxvX8C6zBL2m4x9J6H8duxxpgip6bJpWRHaECvQ6B
Yp/HaGC8mxfLpahnaFxqtrncJrnFwSpDoxGPWAAdKjezSIc/SCdB7OUfHRtPXe/E
2PS2T7AYxe7cWQiJuK2zlBoJM43X41lpPhKgV0KYrfjeLeLUYwlsOCY/amzPDIVs
ChW9iXjJslOGT88l6rTJ843FYOy9yb3JNpbnjD7e+kXwfRpxGUwCELg6ab1pt7cH
89pe6cImu90k3yiNWWsSEx1WOzO6ZgswggW2e69hBbGHI9a63YrmGJT75wEFdbox
A37F8OKEIn3pIZiLxx32cCdJEAYNCN/tb/oNXGw1SmTv7wIDAQABo4IB1zCCAdMw
HwYDVR0jBBgwFoAUZ/2IIBQnmMcJ0iUZu+lREWN1UGIwHQYDVR0OBBYEFKclqUol
ZAujP9OeG2FsDDP3IrB2MCkGA1UdEQQiMCCCDXNzdC5pcnN0ZWEuZnKCD3NzdC5j
ZW1hZ3JlZi5mcjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0
LmNvbS9URVJFTkFTU0xDQTMuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2Vy
dC5jb20vVEVSRU5BU1NMQ0EzLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAq
MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeB
DAECAjBuBggrBgEFBQcBAQRiMGAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
Z2ljZXJ0LmNvbTA4BggrBgEFBQcwAoYsaHR0cDovL2NhY2VydHMuZGlnaWNlcnQu
Y29tL1RFUkVOQVNTTENBMy5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsF
AAOCAQEAc7BpAzAFTjkxICYdWBM7I9BGHmNjep6f+O+wAFtwwHV8qr1RVxO12RLB
KsjiNCa14j0vrRf85v2Uf/UemXFqxtLAOIaMqsS01oqfAII70HrGMh80EKy9mR98
KUBLPsULEz43SQsdB/u8/tYZJzJrvWyQsBmiZiPIHfZ7SuqmxQxffy+dOHtfjcV9
bmqNKISMLVFJmgTFOuWKNAN7+35g7Yb/ezHgWbIZ7FQ6JisppIYxC+jwadVGnp5I
2AGtY0tK/AgqC0Cl+sFYzgv/iwGcErji9WeeE7H3/6LpqXAP/UFBKv23sWO16q0J
hAyNmvvLbD+UHTi/PaxqaOVbGW9V5Q==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvX8C6zBL2m4x9J6H8du
xxpgip6bJpWRHaECvQ6BYp/HaGC8mxfLpahnaFxqtrncJrnFwSpDoxGPWAAdKjez
SIc/SCdB7OUfHRtPXe/E2PS2T7AYxe7cWQiJuK2zlBoJM43X41lpPhKgV0KYrfje
LeLUYwlsOCY/amzPDIVsChW9iXjJslOGT88l6rTJ843FYOy9yb3JNpbnjD7e+kXw
fRpxGUwCELg6ab1pt7cH89pe6cImu90k3yiNWWsSEx1WOzO6ZgswggW2e69hBbGH
I9a63YrmGJT75wEFdboxA37F8OKEIn3pIZiLxx32cCdJEAYNCN/tb/oNXGw1SmTv
7wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1742196431978982513064447826296397323
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Noord-Holland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amsterdam'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TERENA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'TERENA SSL CA 3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-11-25 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-11-29 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ile de France'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Antony'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Direction des Systeme d'information'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DSI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'sst.irstea.fr'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25116483887329172662013945006937644536810353709050560511490023095412381293771753018113230151537018444366895490160649048537232770997122448794270572751373140946275669755166632840513127605298183447822602417103691091628897676967414417008532237792887415792424027976184901726528213270391956008567597671556493828378356619724453217803338876490232185694639787673309125137451832384860830222109471830873305936808292076624522133446720619504554548656168737325042053683001539368680110459868422119523865671434674010341003328270451795342052579480532925581520497350586438576752722117102792639266580052947747514434612414737558645567471
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 67fd8820142798c709d22519bbe9511163755062
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a725a94a25640ba33fd39e1b616c0c33f722b076
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sst.irstea.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sst.cemagref.fr'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/TERENASSLCA3.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/TERENASSLCA3.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (98 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/TERENASSLCA3.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0073b0690330054e393120261d58133b23d0461e63637a9e9ff8efb0005b70c0757caabd515713b5d912c12ac8e23426b5e23d2fad17fce6fd947ff51e99716ac6d2c038868caac4b4d68a9f00823bd07ac6321f3410acbd991f7c29404b3ec50b133e37490b1d07fbbcfed61927326bbd6c90b019a26623c81df67b4aeaa6c50c5f7f2f9d387b5f8dc57d6e6a8d28848c2d51499a04c53ae58a34037bfb7e60ed86ff7b31e059b219ec543a262b29a486310be8f069d5469e9e48d801ad634b4afc082a0b40a5fac158ce0bff8b019c12b8e2f5679e13b1f7ffa2e9a9700ffd41412afdb7b163b5eaad09840c8d9afbcb6c3f941d38bf3dac6a68e55b196f55e5