health.mitre.org

- The Mitre Corporation -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 44:5c:c9:92:f8:e5:89:ec:a6:ba:8e:f7:10:c4:06:67 was issued on by Entrust, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

The Mitre Corporation

Organization: The Mitre Corporation
State / Province: Virginia
Locality: McLean
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 44:5c:c9:92:f8:e5:89:ec:a6:ba:8e:f7:10:c4:06:67
Serial Number (int): 90869283433031322345671341625632360039
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 63:1d:9a:7a:1f:54:fb:32:fa:48:a4:89:fc:a3:0c:91:b2:a0:30:fd
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): d3:83:80:5e:49:e6:66:4f:de:7e:7e:79:2a:95:c0:37:2a:da:b4:e9
Fingerprint (sha256): c3:5e:29:72:7e:d2:85:03:49:3c:d1:35:f8:c2:ed:ad:42:c3:fe:b3:af:9b:f3:f5:94:1b:8a:57:57:7c:4c:a0

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate health.mitre.org

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for health.mitre.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

health.mitre.org
www.health.mitre.org

Other certificates including the domain name mitre.org

(limited to 100 certificates)
acquia-sites.com
acquia-sites.com
acsc.mitre.org
wiki.mitre.org
acquia-sites.com
acquia-sites.com
eiv.mitre.org
acquia-sites.com
remote.mitre.org
acquia-sites.com
acsc.mitre.org
remote.mitre.org
c19hcc.mitre.org
car.mitre.org
squint.mitre.org
pedias.mitre.org
acquia-sites.com
git.codev.mitre.org
space.mitre.org
mbridge.mitre.org
collaborate.mitre.org
c2e.mitre.org
dsil-hzn-conn02.dsil.mitre.org
AC2600-INTB2.mitre.org
partners.mitre.org
mhtc.mitre.org
partners.mitre.org
acquia-sites.com
mhtc.mitre.org
cicd.codev.mitre.org
fleetforecaster.mitre.org
attack.mitre.org
uscg.sa2.mitre.org
acquia-sites.com
cti-taxii.mitre.org
gps-modnavdb.mitre.org
gps-mclean.mitre.org
acquia-sites.com
remote.mitre.org
haecesftpbb.partnersp.mitre.org
register.mitre.org
acquia-sites.com
mhtc.mitre.org
projectcrucible.org
acquia-sites.com
partners.mitre.org
acquia-sites.com
gnssta.mitre.org
partnerspki.mitre.org
login.codev.mitre.org
remote.mitre.org
sts.mitre.org
sitm.mitre.org
sts.mitre.org
collaborate.mitre.org
mrt.mitre.org
gps-mclean.mitre.org
gps-bedford.mitre.org
portal.acsc.mitre.org
tracker.codev.mitre.org
pollen.mitre.org
attack.mitre.org
bot.mitre.org
review.codev.mitre.org
sites.mitre.org
acquia-sites.com
san-3-s12.tlsprovisioning.exacttarget.com
c2e.mitre.org
jobs.mitre.org
msm.mitre.org
jobs.mitre.org
ems.mitre.org
apex-vpn-portal.mitre.org
ACCESSMW.MITRE.ORG
synthea.mitre.org
assessments.mitre.org
remote.mitre.org
jobs.mitre.org
remote.mitre.org
car.mitre.org
bridge.mitre.org
blast.mitre.org
tracker.codev.mitre.org
acquia-sites.com
image.email.plasticbank.com
www.mitrechallenge.mitre.org
visuals2.mitre.org
tracker.codev.mitre.org
attack.mitre.org
handshake.mitre.org
acsc.mitre.org
armylab.mitre.org
acquia-sites.com
acquia-sites.com
aida.mitre.org
gps-mclean.mitre.org
remote.mitre.org
attack.mitre.org
cti-taxii.mitre.org
attack.mitre.org

Certificate

The complete raw certificate details for health.mitre.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgIQRFzJkvjlieymuo73EMQGZzANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
MTEyMTQxNTQxMzZaFw0yMzAxMTMxNTQxMzZaMGwxCzAJBgNVBAYTAlVTMREwDwYD
VQQIEwhWaXJnaW5pYTEPMA0GA1UEBxMGTWNMZWFuMR4wHAYDVQQKExVUaGUgTWl0
cmUgQ29ycG9yYXRpb24xGTAXBgNVBAMTEGhlYWx0aC5taXRyZS5vcmcwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHt8BhG4pd1GYVT1et6y3QDuVVLVJV
kH3hgMfUR65TclcK8zhd46jdNqXm0PSPoKxfZUfBaQzkAFDWdD1yvy8FqYQ4DUoK
Gtsz3g8PLEGy2OyiIBPwZDMmzAvV4ew6Mb3dxSnkbPIrRBBdfeYz7jmWjDkw9F0h
5dOCx5SrVczgEPndFoQ6f9LY7bpFOF7mhFVcJT6pmwPFpkl9atgFbbIxWyxNc6Us
5qcdS3ndqyN4YtcaqFfZaMKkQAAVur4+vSzyS/tMDYqIBprF73J/Gd1rHpnPF598
yCX9SQyizPgC+FYN091p4agUAHSkJXAZyeiEUXxUg0eg8yp5FclIQ0czAgMBAAGj
ggG2MIIBsjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRjHZp6H1T7MvpIpIn8owyR
sqAw/TAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzBoBggrBgEFBQcB
AQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMGCCsG
AQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1jaGFpbjI1Ni5jZXIw
MwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFr
LmNybDAxBgNVHREEKjAoghBoZWFsdGgubWl0cmUub3JnghR3d3cuaGVhbHRoLm1p
dHJlLm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMEwGA1UdIARFMEMwNwYKYIZIAYb6bAoBBTApMCcGCCsGAQUFBwIBFhto
dHRwczovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMBMGCisGAQQB1nkC
BAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQC3gXRGFVEMBkfEoOehpbgpLEnP
VATLD9udHOAPbNyk9q2SC4R2zPOFU5yl+49/xSy/8j2n7q2C5jjlA/MTxDrRarWe
kH+hM8VkrQ/lFe78IQG3h9lFjo70bDHfa7+JwkVQlICddROXLdOPaVRujplKoY8i
fnO/KR47NOYCJzxnb6eLz2AvH+Lr+Wg7xXuMF3ny37F7qmy8hAiYydvcVOxH508O
vDplZBtfJdooo4RlHVEy5/NFu+CGUquBR9r9mKaeNOoqLIWL909qvo5i2rAKV6zx
1CFZaK4tYYoEmN8o+PSqh35iIZPaFyB5dD5mLZDdhWFzG49KsYPUj9of4C6+
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7fAYRuKXdRmFU9Xrest
0A7lVS1SVZB94YDH1EeuU3JXCvM4XeOo3Tal5tD0j6CsX2VHwWkM5ABQ1nQ9cr8v
BamEOA1KChrbM94PDyxBstjsoiAT8GQzJswL1eHsOjG93cUp5GzyK0QQXX3mM+45
low5MPRdIeXTgseUq1XM4BD53RaEOn/S2O26RThe5oRVXCU+qZsDxaZJfWrYBW2y
MVssTXOlLOanHUt53asjeGLXGqhX2WjCpEAAFbq+Pr0s8kv7TA2KiAaaxe9yfxnd
ax6ZzxeffMgl/UkMosz4AvhWDdPdaeGoFAB0pCVwGcnohFF8VINHoPMqeRXJSENH
MwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 90869283433031322345671341625632360039
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-12-14 15:41:36 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-13 15:41:36 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Virginia'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'McLean'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'The Mitre Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'health.mitre.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25212033921020565752541519830046494915161195885732599371874411016807212842641601177136450735690045698753738238000990523819747189128301557016701057691959574827094150498022846804077778764810240552865735524450983644607056531093034119468778137574766804007777654577372505215655108618706448942894298423286050334133172433574027669883325898635777273770892307409538518957902033513275277057033733193825446056147564101143369916920379850449557215289206743621621348172781692184068168568664047213308433380584899015698592237569537696407357198369420920155838440865631459926279741520815301462568292307390744969171298646375297515210547
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							631d9a7a1f54fb32fa48a489fca30c91b2a030fd
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (42 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'health.mitre.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.health.mitre.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b781744615510c0647c4a0e7a1a5b8292c49cf5404cb0fdb9d1ce00f6cdca4f6ad920b8476ccf385539ca5fb8f7fc52cbff23da7eead82e638e503f313c43ad16ab59e907fa133c564ad0fe515eefc2101b787d9458e8ef46c31df6bbf89c2455094809d7513972dd38f69546e8e994aa18f227e73bf291e3b34e602273c676fa78bcf602f1fe2ebf9683bc57b8c1779f2dfb17baa6cbc840898c9dbdc54ec47e74f0ebc3a65641b5f25da28a384651d5132e7f345bbe08652ab8147dafd98a69e34ea2a2c858bf74f6abe8e62dab00a57acf1d4215968ae2d618a0498df28f8f4aa877e622193da172079743e662d90dd8561731b8f4ab183d48fda1fe02ebe