bavli.genizah.org

- Friedberg Genizah Project, Inc. -

Issued by Thawte RSA CA 2018

About this certificate

This digital certificate with serial number 0b:89:34:6c:f6:3e:eb:b9:7f:bb:b7:2b:00:f1:e1:55 was issued on by DigiCert Inc.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Friedberg Genizah Project, Inc.

Organization: Friedberg Genizah Project, Inc.
State / Province: New Jersey
Locality: Lakewood
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0b:89:34:6c:f6:3e:eb:b9:7f:bb:b7:2b:00:f1:e1:55
Serial Number (int): 15333915941403666409303334596809711957
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: a5:e3:f1:4b:23:dc:58:2e:f6:c7:fd:5b:14:9c:da:8f:1a:22:bb:d0
AuthorityKeyId: a3:c8:5e:65:54:e5:30:78:c1:05:ea:07:0a:6a:59:cc:b9:fe:de:5a

Fingerprint (sha1): ec:93:0d:a6:8a:f0:1f:e6:64:b2:66:b8:0e:a6:8b:8e:67:fa:8e:a6
Fingerprint (sha256): ce:c8:1d:34:8e:fe:c8:2c:5b:c6:23:22:01:e3:a4:ac:3b:24:56:9b:ea:8c:f3:b1:8a:9d:6f:01:0a:6d:10:23

Issuing Certificate URL: http://cacerts.thawte.com/ThawteRSACA2018.crt

Revocation information

OCSP Server: http://status.thawte.com
CRL Distribution Point: http://cdp.thawte.com/ThawteRSACA2018.crl

Check the revocation status for certificate bavli.genizah.org

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for bavli.genizah.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

bavli.genizah.org

Other certificates including the domain name genizah.org

(limited to 100 certificates)
mail.genizah.org
manuscripts.genizah.org
vf.genizah.org
bavli.genizah.org
test.genizah.org
manuscriptstest.genizah.org
ssotest.genizah.org
bavlitest.genizah.org
genizah.org
test.genizah.org
ja.genizah.org
manuscriptstest.genizah.org
fgp.genizah.org
nachumsite.genizah.org
bavli.genizah.org
nachumsite.genizah.org
ssotest.genizah.org
mail.genizah.org
bavlitest.genizah.org
bavli.genizah.org
fgp.genizah.org
ja.genizah.org
fjms.genizah.org
bavli.genizah.org
*.genizah.org
fjms.genizah.org
vf.genizah.org
nachumsite.genizah.org
test.genizah.org
rambam.genizah.org
nachumsite.genizah.org
genizah.org
test.genizah.org
rambamtest.genizah.org
rambam.genizah.org
admin.genizah.org
bavli.genizah.org
manuscripts.genizah.org
fgp.genizah.org
manuscripts.genizah.org
ja.genizah.org
bavlitest.genizah.org
vf.genizah.org
fgp.genizah.org
admin.genizah.org
rambamtest.genizah.org
test.genizah.org
rambamtest.genizah.org
nachumsite.genizah.org
vf.genizah.org
fgp.genizah.org
admin.genizah.org
fjmstest.genizah.org
sso.genizah.org
rambam.genizah.org
fjmstest.genizah.org
admin.genizah.org
bavli.genizah.org
sso.genizah.org
fgp.genizah.org
genizah.org
bavli.genizah.org
mail.genizah.org
mail.genizah.org
vf.genizah.org
fgp.genizah.org
admin.genizah.org
rambamtest.genizah.org
elastic.genizah.org
bavli.genizah.org
fgp.genizah.org

Certificate

The complete raw certificate details for bavli.genizah.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgIQC4k0bPY+67l/u7crAPHhVTANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcN
MTgxMDE2MDAwMDAwWhcNMTkxMjE5MTIwMDAwWjB7MQswCQYDVQQGEwJVUzETMBEG
A1UECBMKTmV3IEplcnNleTERMA8GA1UEBxMITGFrZXdvb2QxKDAmBgNVBAoTH0Zy
aWVkYmVyZyBHZW5pemFoIFByb2plY3QsIEluYy4xGjAYBgNVBAMTEWJhdmxpLmdl
bml6YWgub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZu1qIlp
pjPHhfQR9hRuNJDM45OeYOJpD6F1c5po1of1VW7AIxHiRCev7HQyJFpIJA5Kpj93
6HjZJXbgZDALniyVb4Umgk1m2bURKcPjGdzcw036o++/plKUTd4mGd9WahaFr0Eu
bNlkWEICoX1wgP+qOmHNioaOfR9snaI7RDqRPVMjfFjM8PzmtIvPTUF5TS98SgwI
Ymn/yZEh0asg3SuN30vlGODIharsS+g1Z4DLYxECeThgqkoBNXYjVsGAIh/jAIaJ
bnuxyOrG9PkPz5S5Mqh0f8jPkMTEpDWHW318E/mbSuY9DH410Gt3FgHX92AFoQoD
Dcfw+g/Le+OuMQIDAQABo4ICnzCCApswHwYDVR0jBBgwFoAUo8heZVTlMHjBBeoH
CmpZzLn+3lowHQYDVR0OBBYEFKXj8Usj3Fgu9sf9WxSc2o8aIrvQMBwGA1UdEQQV
MBOCEWJhdmxpLmdlbml6YWgub3JnMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2Nk
cC50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5jcmwwTAYDVR0gBEUwQzA3Bglg
hkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29t
L0NQUzAIBgZngQwBAgIwbwYIKwYBBQUHAQEEYzBhMCQGCCsGAQUFBzABhhhodHRw
Oi8vc3RhdHVzLnRoYXd0ZS5jb20wOQYIKwYBBQUHMAKGLWh0dHA6Ly9jYWNlcnRz
LnRoYXd0ZS5jb20vVGhhd3RlUlNBQ0EyMDE4LmNydDAJBgNVHRMEAjAAMIIBBAYK
KwYBBAHWeQIEAgSB9QSB8gDwAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZk
No4e0YUAAAFme4/p1wAABAMARzBFAiASLtI4XgyPq92SO6hI8qQZ1L5XLptFL2Nt
6b7ZuSoF3gIhANDXCDusEqq669r6CFNgAPqLGu+A+KhA6YBuBi6gesutAHYAh3W/
51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFme4/qwwAABAMARzBFAiEA
+ZvpalcnHiwcpUQjS+J0u11fs+l12d2XvLJdN6+Q3wcCIEo/jmP2BV1QAPcH7L4z
sDJFWn9wNUcMHma1GKSis80EMA0GCSqGSIb3DQEBCwUAA4IBAQBRkS9+pZiiEmo8
xx+SBrQrE0xbbv7VC9cbQFY6NGHX92K2hFi+XMNhhBqke2H5lsJVTr+qxHdkMYou
5sRSgWj4OZ/fLCw3rs48VlCmlnQK82ZFQEthWC2Zp0Q9fEmaJFHlwxPtMjaparbS
Valj9+/g6qOYB+y96fIfNmSdGxiVQVYTb1kwwF0efcsZrnJsnucvC5RIfxh+gK45
QLkOQG/QEsmy88tRj5Pnb3RA8ii7xUdv+421bHdbY/oD2ITMOAvbGk53PDS9YRsc
Ergflmcl/c3pwDMVySfCrH/tTHs5ooMXzbcGtkqJnIxTMwswUWW3C6nVytUOR4gT
OqyXilLv
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZu1qIlppjPHhfQR9hRu
NJDM45OeYOJpD6F1c5po1of1VW7AIxHiRCev7HQyJFpIJA5Kpj936HjZJXbgZDAL
niyVb4Umgk1m2bURKcPjGdzcw036o++/plKUTd4mGd9WahaFr0EubNlkWEICoX1w
gP+qOmHNioaOfR9snaI7RDqRPVMjfFjM8PzmtIvPTUF5TS98SgwIYmn/yZEh0asg
3SuN30vlGODIharsS+g1Z4DLYxECeThgqkoBNXYjVsGAIh/jAIaJbnuxyOrG9PkP
z5S5Mqh0f8jPkMTEpDWHW318E/mbSuY9DH410Gt3FgHX92AFoQoDDcfw+g/Le+Ou
MQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15333915941403666409303334596809711957
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-10-16 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-12-19 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New Jersey'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Lakewood'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Friedberg Genizah Project, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'bavli.genizah.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24440776125399235134014260887073689544315876001910649798024512638318748491329145963362944895921525590700054365616731409293014272786976433278063639225385089686012135768012143473735726896093583916539227839560399534522027814369616073188260814483244260180012353816582576591360753990468714244043556103999428658191397184978485110744610487156120959210593325262521902915579039870687527351346847112151791486132321631389199921494837234885165770582160041805870213982632441750520426202683203337825075679778958940377552491308252210483216998008865107560496052910869731445377250105272787585336156448320764849743771870621386938756657
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a3c85e6554e53078c105ea070a6a59ccb9fede5a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a5e3f14b23dc582ef6c7fd5b149cda8f1a22bbd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (21 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bavli.genizah.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (51 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185000001667b8fe9d700000403004730450220122ed2385e0c8fabdd923ba848f2a419d4be572e9b452f636de9bed9b92a05de022100d0d7083bac12aabaebdafa08536000fa8b1aef80f8a840e9806e062ea07acbad0076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f000001667b8feac30000040300473045022100f99be96a57271e2c1ca544234be274bb5d5fb3e975d9dd97bcb25d37af90df0702204a3f8e63f6055d5000f707ecbe33b032455a7f7035470c1e66b518a4a2b3cd04
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0051912f7ea598a2126a3cc71f9206b42b134c5b6efed50bd71b40563a3461d7f762b68458be5cc361841aa47b61f996c2554ebfaac47764318a2ee6c4528168f8399fdf2c2c37aece3c5650a696740af36645404b61582d99a7443d7c499a2451e5c313ed3236a96ab6d255a963f7efe0eaa39807ecbde9f21f36649d1b18954156136f5930c05d1e7dcb19ae726c9ee72f0b94487f187e80ae3940b90e406fd012c9b2f3cb518f93e76f7440f228bbc5476ffb8db56c775b63fa03d884cc380bdb1a4e773c34bd611b1c12b81f966725fdcde9c03315c927c2ac7fed4c7b39a28317cdb706b64a899c8c53330b305165b70ba9d5cad50e4788133aac978a52ef