avon.com

- Avon Cosmeticos Ltda. -

Issued by DigiCert SHA2 Extended Validation Server CA

About this certificate

This digital certificate with serial number 01:2e:a0:dc:5e:4a:39:51:25:ca:f1:1b:31:38:28:3e was issued on by DigiCert Inc.

With 95 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Avon Cosmeticos Ltda.

Company registration number: 56.991.441/0001-57
Organization: Avon Cosmeticos Ltda.
State / Province: São Paulo
Locality: São Paulo
Country: BR

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 01:2e:a0:dc:5e:4a:39:51:25:ca:f1:1b:31:38:28:3e
Serial Number (int): 1571336296191177454895278614398904382
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: cf:9e:14:d5:24:5b:31:8b:46:73:70:d8:c1:36:c2:f1:81:7d:13:2a
AuthorityKeyId: 3d:d3:50:a5:d6:a0:ad:ee:f3:4a:60:0a:65:d3:21:d4:f8:f8:d6:0f

Fingerprint (sha1): da:ac:99:10:9b:d2:66:2f:e9:64:bf:a8:53:5e:bd:d3:a8:92:9a:72
Fingerprint (sha256): d5:01:32:58:b2:c4:df:9b:ef:1c:a6:34:3d:9f:92:f6:39:8e:fd:8f:34:ff:12:86:91:96:fe:92:f4:6c:51:e5

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/sha2-ev-server-g3.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ev-server-g3.crl

Check the revocation status for certificate avon.com

95

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for avon.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

avon.com
avon.cl
avon.co
avon.co.za
avon.com.ec
avon.com.gt
avon.com.hn
avon.com.ni
avon.com.pe
avon.com.sv
avon.ee
avon.lv
canopy.poc.avon.com
cl.avon.com
ec.avon.com
eem.br.avon.com
eem.co.avon.com
emear-static.avon.com
emear-static.avonqaf.com
emear-static.avonqah.com
emear-static.avonqam.com
emear-static.avonqap.com
emear-static.avonuat.com
gt.avon.com
hn.avon.com
justine.co.za
la.agws3.avon.com
latam-static.avon.com
latam-static.avonqaf.com
latam-static.avonqah.com
latam-static.avonqam.com
latam-static.avonqap.com
latam-static.avonuat.com
mra.azuapi.avon.com
my.avon.co
my.avon.co.za
my.avon.com.ec
my.avon.com.pe
my.avon.ee
my.avon.lv
my.avon.mx
my.justine.co.za
ni.avon.com
pe.avon.com
rep.avon.bg
rep.avon.com.pt
rep.avon.de
rep.avon.fi
rep.avon.lt
rep.avon.rs
rep.avoncosmetics.gr
static-qaf.config.avon.com
static.avon.com.tr
static.avon.com.ua
static.avon.it
static.config.avon.com
static.rep.avon.bg
sv.avon.com
webeservices3qaf.avon.com
webeservicesdls1.avon.com
webeservicesdls2.avon.com
webeservicesdls3.avon.com
www-o.avon.co.ma
www.al.avon.com
www.avon.ba
www.avon.cl
www.avon.com.ec
www.avon.com.gt
www.avon.com.hn
www.avon.com.ni
www.avon.com.pe
www.avon.com.sv
www.avon.com.ua
www.avon.ee
www.avon.ge
www.avon.hr
www.avon.hu
www.avon.lv
www.avon.md
www.avon.me
www.avon.si
www.avon.sk
www.avoncosmetics.com.mk
www.avoncosmetics.cz
www.avoncosmetics.ro
www.cl.avon.com
www.ec.avon.com
www.eg.avon.com
www.gt.avon.com
www.hn.avon.com
www.ma.avon.com
www.ni.avon.com
www.pe.avon.com
www.sa.avon.com
www.sv.avon.com

Other certificates including the domain name avon.com

(limited to 100 certificates)
ssl8.ipaper.io
ssl9.ipaper.io
ssl8.icommarketing.com
ssl9.ipaper.io
www.avon.my
qaf.link.avon.com
ecom.youravon.com
*.uk.avon.com
leadsservicesru.avon.com
ecom.youravon.com
z3-b45c.kxcdn.com
dev.ve.avon.com
on.avon.com
ryestgw.na.avon.com
autodiscover.domino.avonfoundation.org
ssl9.ipaper.io
ssl8.icommarketing.com
autodiscover.domino.avonfoundation.org
ssl8.ipaper.io
mobileapi.avon.com
qafmab.bg.avon.com
emear-lpa.avon.com
avon.com
connectshg.avon.com
connectar.avon.com
gabi03.com
uatssmab.ar.avon.com
ssl8.icommarketing.com
webeservicesru.avon.com
ssl8.icommarketing.com
ecom4.pr.avon.com
uatmab.static.co.avon.com
www.kr.avon.com
ssl9.ipaper.io
ssl8.icommarketing.com
uatmab.co.avon.com
static1.br.avon.com
qaf.eenew.avon.com
avon.kz
core-order-eu-dev.api-dev.aws.avon.com
qafmab.static.co.avon.com
ssl8.icommarketing.com
view.email.usa.avon.com
ssl8.icommarketing.com
www.avon.com.mx
ssl8.icommarketing.com
www.sa.avon.com
eem.co.avon.com
qaf.eenew.avon.com
dev.sv.avon.com
static1.br.avon.com
*.uk.avon.com
www.uy.avon.com
qaf.jtnew.avon.com
connectuk.avon.com
www.my.avon.com
dev.ec.avon.com
drmsp.cn.avon.com
simulator.avon.com
ssl9.ipaper.io
uatmab.static.ro.avon.com
choiceservicesqaf.avon.com
www.tr.avon.com
qafss.ar.avon.com
shop.avon.com
connectsuffern.avon.com
qaf.lvnew.avon.com
uat.mobilecms.avon.com
ssl8.ipaper.io
dev.pe.avon.com
avonaccess.na.avon.com
qap.mx.avon.com
www.al.avon.com
www.ni.avon.com
www.uy.avon.com
br.avon.com
www.sv.avon.com
www.tw.avon.com
br.avon.com
choiceservices-ru.avon.com
*.arpdev.avon.com
eem.br.avon.com
drupal.avon.com.ar
imshare.avon.com
static1.br.avon.com
*.ro.avon.com
dev.pa.avon.com
ssl9.ipaper.io
catalog.avonnow.com
link.customer.avon.com
author.pl.avon.com
ecom4.pr.avon.com
www.avon2win.avon.com.pt
qafmab.co.avon.com
newsin.bullets.app
*.hu.avon.com
dev.gt.avon.com
link.customer.avon.com
avononline.pl.avon.com
autodiscover.domino.avonfoundation.org

Certificate

The complete raw certificate details for avon.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIINfjCCDGagAwIBAgIQAS6g3F5KOVElyvEbMTgoPjANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTIzMDExODAwMDAwMFoXDTI0MDExODIz
NTk1OVowgbsxEzARBgsrBgEEAYI3PAIBAxMCQlIxHTAbBgNVBA8MFFByaXZhdGUg
T3JnYW5pemF0aW9uMRswGQYDVQQFExI1Ni45OTEuNDQxLzAwMDEtNTcxCzAJBgNV
BAYTAkJSMRMwEQYDVQQIDApTw6NvIFBhdWxvMRMwEQYDVQQHDApTw6NvIFBhdWxv
MR4wHAYDVQQKExVBdm9uIENvc21ldGljb3MgTHRkYS4xETAPBgNVBAMTCGF2b24u
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA96kazGQWT/OMwk+X
6y/F4AP5Nm8WAEAwG+2VS19JSeyOYPOYP8hpv467s5cOp9EQofK+YouioOXTV0Sf
xxD2t+Ea31UXsReV9Rr2u9EmkablHF8wsNxTSR8Ru5PiUzF77bx+fQZBUvFj788l
Q3P5ySwRXAJJptzpkHzkBRRovghmqk6Ee+UIUzQ032b3hMzDs3CXSgKzjqNAO8a2
njSxkHzscDK5q6xJMiu3gha42l/F8HAJ5MgiUMaH8PmAM9TQeWrukN6JKz5mIMiD
SzOipqsuaSIIrK0JPzsYzWwlYA9xmDUFnxW4MDISFzKf/2f/qe9m062WM5Bt88IQ
bX4WOwIDAQABo4IJwTCCCb0wHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj4
1g8wHQYDVR0OBBYEFM+eFNUkWzGLRnNw2ME2wvGBfRMqMIIGbgYDVR0RBIIGZTCC
BmGCCGF2b24uY29tggdhdm9uLmNsggdhdm9uLmNvggphdm9uLmNvLnphggthdm9u
LmNvbS5lY4ILYXZvbi5jb20uZ3SCC2F2b24uY29tLmhuggthdm9uLmNvbS5uaYIL
YXZvbi5jb20ucGWCC2F2b24uY29tLnN2ggdhdm9uLmVlggdhdm9uLmx2ghNjYW5v
cHkucG9jLmF2b24uY29tggtjbC5hdm9uLmNvbYILZWMuYXZvbi5jb22CD2VlbS5i
ci5hdm9uLmNvbYIPZWVtLmNvLmF2b24uY29tghVlbWVhci1zdGF0aWMuYXZvbi5j
b22CGGVtZWFyLXN0YXRpYy5hdm9ucWFmLmNvbYIYZW1lYXItc3RhdGljLmF2b25x
YWguY29tghhlbWVhci1zdGF0aWMuYXZvbnFhbS5jb22CGGVtZWFyLXN0YXRpYy5h
dm9ucWFwLmNvbYIYZW1lYXItc3RhdGljLmF2b251YXQuY29tggtndC5hdm9uLmNv
bYILaG4uYXZvbi5jb22CDWp1c3RpbmUuY28uemGCEWxhLmFnd3MzLmF2b24uY29t
ghVsYXRhbS1zdGF0aWMuYXZvbi5jb22CGGxhdGFtLXN0YXRpYy5hdm9ucWFmLmNv
bYIYbGF0YW0tc3RhdGljLmF2b25xYWguY29tghhsYXRhbS1zdGF0aWMuYXZvbnFh
bS5jb22CGGxhdGFtLXN0YXRpYy5hdm9ucWFwLmNvbYIYbGF0YW0tc3RhdGljLmF2
b251YXQuY29tghNtcmEuYXp1YXBpLmF2b24uY29tggpteS5hdm9uLmNvgg1teS5h
dm9uLmNvLnphgg5teS5hdm9uLmNvbS5lY4IObXkuYXZvbi5jb20ucGWCCm15LmF2
b24uZWWCCm15LmF2b24ubHaCCm15LmF2b24ubXiCEG15Lmp1c3RpbmUuY28uemGC
C25pLmF2b24uY29tggtwZS5hdm9uLmNvbYILcmVwLmF2b24uYmeCD3JlcC5hdm9u
LmNvbS5wdIILcmVwLmF2b24uZGWCC3JlcC5hdm9uLmZpggtyZXAuYXZvbi5sdIIL
cmVwLmF2b24ucnOCFHJlcC5hdm9uY29zbWV0aWNzLmdyghpzdGF0aWMtcWFmLmNv
bmZpZy5hdm9uLmNvbYISc3RhdGljLmF2b24uY29tLnRyghJzdGF0aWMuYXZvbi5j
b20udWGCDnN0YXRpYy5hdm9uLml0ghZzdGF0aWMuY29uZmlnLmF2b24uY29tghJz
dGF0aWMucmVwLmF2b24uYmeCC3N2LmF2b24uY29tghl3ZWJlc2VydmljZXMzcWFm
LmF2b24uY29tghl3ZWJlc2VydmljZXNkbHMxLmF2b24uY29tghl3ZWJlc2Vydmlj
ZXNkbHMyLmF2b24uY29tghl3ZWJlc2VydmljZXNkbHMzLmF2b24uY29tghB3d3ct
by5hdm9uLmNvLm1hgg93d3cuYWwuYXZvbi5jb22CC3d3dy5hdm9uLmJhggt3d3cu
YXZvbi5jbIIPd3d3LmF2b24uY29tLmVjgg93d3cuYXZvbi5jb20uZ3SCD3d3dy5h
dm9uLmNvbS5oboIPd3d3LmF2b24uY29tLm5pgg93d3cuYXZvbi5jb20ucGWCD3d3
dy5hdm9uLmNvbS5zdoIPd3d3LmF2b24uY29tLnVhggt3d3cuYXZvbi5lZYILd3d3
LmF2b24uZ2WCC3d3dy5hdm9uLmhyggt3d3cuYXZvbi5odYILd3d3LmF2b24ubHaC
C3d3dy5hdm9uLm1kggt3d3cuYXZvbi5tZYILd3d3LmF2b24uc2mCC3d3dy5hdm9u
LnNrghh3d3cuYXZvbmNvc21ldGljcy5jb20ubWuCFHd3dy5hdm9uY29zbWV0aWNz
LmN6ghR3d3cuYXZvbmNvc21ldGljcy5yb4IPd3d3LmNsLmF2b24uY29tgg93d3cu
ZWMuYXZvbi5jb22CD3d3dy5lZy5hdm9uLmNvbYIPd3d3Lmd0LmF2b24uY29tgg93
d3cuaG4uYXZvbi5jb22CD3d3dy5tYS5hdm9uLmNvbYIPd3d3Lm5pLmF2b24uY29t
gg93d3cucGUuYXZvbi5jb22CD3d3dy5zYS5hdm9uLmNvbYIPd3d3LnN2LmF2b24u
Y29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3No
YTItZXYtc2VydmVyLWczLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQu
Y29tL3NoYTItZXYtc2VydmVyLWczLmNybDBKBgNVHSAEQzBBMAsGCWCGSAGG/WwC
ATAyBgVngQwBATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNv
bS9DUFMwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au
ZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5kaWdpY2Vy
dC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0EuY3J0
MAkGA1UdEwQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AHb/iD8KtvuV
UcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABhcLTqHQAAAQDAEcwRQIgbPlMSEsb
Nd9gmiyHPvCIlr9/VIs7SZSv+Auu0SkxYukCIQDJHqY4ao6mVfXNqtQcoN7/4dhh
yr20IgjW07QTT7PQ3gB2AHPZnokbTJZ4oCB9R53mssYc0FFecRkqjGuAEHrBd3K1
AAABhcLTqJkAAAQDAEcwRQIgTm0qekyfxlLR2Z89XDrljRm3nsx6Y+Cf9nZKh1jZ
9poCIQCb8nkP4KjY9gy1uX8Y4Rca/PBNOFbq/kft3o+Vb+PgaAB3AEiw42vapkc0
D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABhcLTqF8AAAQDAEgwRgIhAOIQKbxm
9SJSCK3suHPHRPJg0/D5jOCFiqkPPnjDVkV0AiEA6xWawSq1U2VdgcbWVPA6y1Oy
GZ+LHw3anw5KVAvecbQwDQYJKoZIhvcNAQELBQADggEBAIsPUF0WS6nT3hVnfU9y
yHV/GX5AqSJQK4mbwGVH6YtGQZB5ixLf3745Du0z2FnN7qnMz3bcIKLtLaOLS4yR
ITR3RQg3t76NGKl13PP27UUWsCGsja6ixxAi7d1ijKZRXejXbxykVhP+1oUDAfeC
8l7AgoIiK4TUBJNK4OPFsrxI+Heec5wRv8lZK8MkeNmAxkbg+oQkB5+qu1RP7+7A
yEoQRN5W0+1wZlMzyiE84Tf9QH+FtAGJfCgPna1ced2TlxgTqkMKosMxhfMdYqx6
LyOrkCcdsW7OSR5d8SWxoYQlKh17ZS/9s00cJXdARS5uoVhuXCbQeXjTwF4O8NqC
XmM=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA96kazGQWT/OMwk+X6y/F
4AP5Nm8WAEAwG+2VS19JSeyOYPOYP8hpv467s5cOp9EQofK+YouioOXTV0SfxxD2
t+Ea31UXsReV9Rr2u9EmkablHF8wsNxTSR8Ru5PiUzF77bx+fQZBUvFj788lQ3P5
ySwRXAJJptzpkHzkBRRovghmqk6Ee+UIUzQ032b3hMzDs3CXSgKzjqNAO8a2njSx
kHzscDK5q6xJMiu3gha42l/F8HAJ5MgiUMaH8PmAM9TQeWrukN6JKz5mIMiDSzOi
pqsuaSIIrK0JPzsYzWwlYA9xmDUFnxW4MDISFzKf/2f/qe9m062WM5Bt88IQbX4W
OwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1571336296191177454895278614398904382
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Extended Validation Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-18 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-18 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '56.991.441/0001-57'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'São Paulo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'São Paulo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Avon Cosmeticos Ltda.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'avon.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 31264249952881772070931913540519708604857882151304872527021272615844546207105493688584635836150577379227935611684942972658748789988420653295088381635938750433626964336884317567987931771040161430891087557284002249542492063813043573417619436543078608348292310080438269648883719269116893362626205648889017123087578335984469119235771132467593809790768782283150382030415222858187703529220131001953857820130633969545541179728224838226305055937373337918494245452521758063720863795239766496593700710713570597700479454741246533786638997436760370740690358315943018619040713781138261805310571283338016207475689190703061922616891
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 3dd350a5d6a0adeef34a600a65d321d4f8f8d60f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							cf9e14d5245b318b467370d8c136c2f1817d132a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1637 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'avon.cl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'avon.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'avon.co.za'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'avon.com.ec'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'avon.com.gt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'avon.com.hn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'avon.com.ni'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'avon.com.pe'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'avon.com.sv'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'avon.ee'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'avon.lv'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'canopy.poc.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cl.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ec.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'eem.br.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'eem.co.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'emear-static.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'emear-static.avonqaf.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'emear-static.avonqah.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'emear-static.avonqam.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'emear-static.avonqap.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'emear-static.avonuat.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gt.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hn.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'justine.co.za'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'la.agws3.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'latam-static.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'latam-static.avonqaf.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'latam-static.avonqah.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'latam-static.avonqam.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'latam-static.avonqap.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'latam-static.avonuat.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mra.azuapi.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'my.avon.co'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'my.avon.co.za'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'my.avon.com.ec'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'my.avon.com.pe'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'my.avon.ee'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'my.avon.lv'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'my.avon.mx'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'my.justine.co.za'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ni.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pe.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rep.avon.bg'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rep.avon.com.pt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rep.avon.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rep.avon.fi'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rep.avon.lt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rep.avon.rs'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rep.avoncosmetics.gr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'static-qaf.config.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'static.avon.com.tr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'static.avon.com.ua'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'static.avon.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'static.config.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'static.rep.avon.bg'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sv.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webeservices3qaf.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webeservicesdls1.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webeservicesdls2.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webeservicesdls3.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-o.avon.co.ma'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.al.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.ba'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.cl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.com.ec'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.com.gt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.com.hn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.com.ni'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.com.pe'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.com.sv'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.com.ua'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.ee'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.ge'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.hr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.hu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.lv'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.md'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.me'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.si'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avon.sk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avoncosmetics.com.mk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avoncosmetics.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.avoncosmetics.ro'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cl.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ec.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.eg.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.gt.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hn.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ma.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ni.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.pe.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sa.avon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sv.avon.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ev-server-g3.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ev-server-g3.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.2.1 (DigiCert EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (124 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							016900760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a7400000185c2d3a874000004030047304502206cf94c484b1b35df609a2c873ef08896bf7f548b3b4994aff80baed1293162e9022100c91ea6386a8ea655f5cdaad41ca0deffe1d861cabdb42208d6d3b4134fb3d0de00760073d99e891b4c9678a0207d479de6b2c61cd0515e71192a8c6b80107ac17772b500000185c2d3a899000004030047304502204e6d2a7a4c9fc652d1d99f3d5c3ae58d19b79ecc7a63e09ff6764a8758d9f69a0221009bf2790fe0a8d8f60cb5b97f18e1171afcf04d3856eafe47edde8f956fe3e06800770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d8847300000185c2d3a85f0000040300483046022100e21029bc66f5225208adecb873c744f260d3f0f98ce0858aa90f3e78c3564574022100eb159ac12ab553655d81c6d654f03acb53b2199f8b1f0dda9f0e4a540bde71b4
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		008b0f505d164ba9d3de15677d4f72c8757f197e40a922502b899bc06547e98b464190798b12dfdfbe390eed33d859cdeea9cccf76dc20a2ed2da38b4b8c91213477450837b7be8d18a975dcf3f6ed4516b021ac8daea2c71022eddd628ca6515de8d76f1ca45613fed6850301f782f25ec08282222b84d404934ae0e3c5b2bc48f8779e739c11bfc9592bc32478d980c646e0fa8424079faabb544fefeec0c84a1044de56d3ed70665333ca213ce137fd407f85b401897c280f9dad5c79dd93971813aa430aa2c33185f31d62ac7a2f23ab90271db16ece491e5df125b1a184252a1d7b652ffdb34d1c257740452e6ea1586e5c26d07978d3c05e0ef0da825e63