idp.cepeo.on.ca

- Conseil des écoles publiques de l’Est de l’Ontario -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 0c:e5:71:7a:95:25:88:e1:00:00:00:00:50:ec:3e:77 was issued on by Entrust, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Conseil des écoles publiques de l’Est de l’Ontario

Organization: Conseil des écoles publiques de l’Est de l’Ontario
State / Province: Ontario
Locality: Ottawa
Country: CA

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0c:e5:71:7a:95:25:88:e1:00:00:00:00:50:ec:3e:77
Serial Number (int): 17142073554303148491851504211725139575
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 01:33:da:e9:f8:50:09:a5:04:71:cc:b0:21:b0:06:46:24:0a:52:0a
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 5a:b8:77:51:14:da:e2:e5:85:8d:73:35:39:4a:80:26:af:88:6c:f2
Fingerprint (sha256): d9:1d:1e:d3:fd:27:6a:2d:54:ee:db:ef:a4:d6:0f:4f:64:5d:ef:77:0a:9f:ce:71:cb:6b:76:8e:06:d9:b0:e0

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate idp.cepeo.on.ca

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for idp.cepeo.on.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

idp.cepeo.on.ca

Other certificates including the domain name cepeo.on.ca

(limited to 100 certificates)
cac.cepeo.on.ca
cadenas.cepeo.on.ca
sst.cepeo.on.ca
*.cepeo.on.ca
*.cepeo.on.ca
ei.cepeo.on.ca
www.dica.cepeo.on.ca
*.cepeo.on.ca
cac.cepeo.on.ca
sst.cepeo.on.ca
radar.cepeo.on.ca
portailparents.cepeo.on.ca
horizon2025.cepeo.on.ca
*.cepeo.on.ca
horizon2025.cepeo.on.ca
www.sems.cepeo.on.ca
cac.cepeo.on.ca
cac.cepeo.on.ca
centrale.cepeo.on.ca
portailparents.cepeo.on.ca
*.cepeo.on.ca
inscription.cepeo.on.ca
ei.cepeo.on.ca
assistance.cepeo.on.ca
horizon2025.cepeo.on.ca
cac.cepeo.on.ca
vpn.cepeo.on.ca
horizon2025.cepeo.on.ca
cac.cepeo.on.ca
www.sems.cepeo.on.ca
cac.cepeo.on.ca
giare.cepeo.on.ca
*.cepeo.on.ca
reussite.cepeo.on.ca
reussite.cepeo.on.ca
cac.cepeo.on.ca
cac.cepeo.on.ca
ei.cepeo.on.ca
cac.cepeo.on.ca
reussite.cepeo.on.ca
reussite.cepeo.on.ca
cac.cepeo.on.ca
*.cepeo.on.ca
www.sems.cepeo.on.ca
inscription.cepeo.on.ca
ei.cepeo.on.ca
reussite.cepeo.on.ca
sst.cepeo.on.ca
*.cepeo.on.ca
*.cepeo.on.ca
*.cepeo.on.ca
*.cepeo.on.ca
www.dica.cepeo.on.ca
idp.cepeo.on.ca
*.cepeo.on.ca
vpn.cepeo.on.ca
assistance.cepeo.on.ca
*.cepeo.on.ca
cadenas.cepeo.on.ca
horizon2025.cepeo.on.ca
giare.cepeo.on.ca
www.sems.cepeo.on.ca
horizon2025.cepeo.on.ca
inscription.cepeo.on.ca
idp.cepeo.on.ca
portailparents.cepeo.on.ca
radar.cepeo.on.ca
idp.cepeo.on.ca
giare.cepeo.on.ca
portailparents.cepeo.on.ca
inscription.cepeo.on.ca
idp.cepeo.on.ca
radar.cepeo.on.ca
sst.cepeo.on.ca
ei.cepeo.on.ca
horizon2025.cepeo.on.ca

Certificate

The complete raw certificate details for idp.cepeo.on.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG2zCCBcOgAwIBAgIQDOVxepUliOEAAAAAUOw+dzANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0x
OTAxMTYxODMyMTNaFw0yMDAxMzExOTAyMTNaMIGMMQswCQYDVQQGEwJDQTEQMA4G
A1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMUAwPgYDVQQKDDdDb25zZWls
IGRlcyDDqWNvbGVzIHB1YmxpcXVlcyBkZSBs4oCZRXN0IGRlIGzigJlPbnRhcmlv
MRgwFgYDVQQDEw9pZHAuY2VwZW8ub24uY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQGMcNa4OAGjLoGIhoU/Il33UukxMFc69sw03UjKlBKKknskwK
He1806um5dJPC+6dqu5p+bFQHugixSPf0lA5kCK76J+Spp8UxVZL809QgWelv1bK
vFKAq567oPdMICCpmWcW3EX6r3gc9W8ZIHAcCj7fHxIcPw6A35AH1kgh3snaV4ko
9l1MIu5QnBqTKbvgOAYGNHZcnavrCGJBG4NhrWQk6rmj3cOrF9JmAYV7WObn35qh
UZcNrBK0RQuo6Uip7+sMY8C2LDeAhvrAkPkVJoe+zDgeYQEo0SOVgVa1Atre5hY0
RfbTk2XLASY1u1GKgbs0beO2gToZAny0ed29AgMBAAGjggMHMIIDAzAaBgNVHREE
EzARgg9pZHAuY2VwZW8ub24uY2EwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2
AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABaFgK4hAAAAQDAEcw
RQIgE4LgkbjDMJlzTTL8p3e8TQrT+fQP2zOQ7S3w8q9KVmgCIQCucn0TtSjuM/Nm
QRYjKTE59f/eo5pEMGFnyCZC3s1XDAB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1
YMG06v9eoIMPAAABaFgK4kEAAAQDAEcwRQIgehAYnMhYrsXBf59UYIN3sQY8OY0Q
pRu4WtJnFL1BD1YCIQDpvXs5tNGtcz9U6poH/Oa/EgTeKTQLW3TPfoPDPk9IMgB1
AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABaFgK4iEAAAQDAEYw
RAIgfhi/RhJXdHyoCeMJt4B+SQg0rwEakFT6GBgejtqORacCIF/5Y5nVY2BurutU
D7GNYcfrZLOTlsBB0OQrzcuY84xBMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2Ny
bC5lbnRydXN0Lm5ldC9sZXZlbDFrLmNybDBLBgNVHSAERDBCMDYGCmCGSAGG+mwK
AQUwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYG
Z4EMAQICMGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQv
bDFrLWNoYWluMjU2LmNlcjAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpM
vzAdBgNVHQ4EFgQUATPa6fhQCaUEccywIbAGRiQKUgowCQYDVR0TBAIwADANBgkq
hkiG9w0BAQsFAAOCAQEAfNKO7NbQ6qZ02uvrJx8doTk8rVT/oYIG1ojLuFPLyC1s
0iS3m99aX0oKgY8pa4E50A4u+uSm2RoGHX8iXWvaPrmmfroKbS5RpP7aeZLIOEnf
wxEs4CqZYVZhuWI7k/1jGIQRrm25cB+S9OwaOJpSDx4V+JsBUJ97we5VL30gMSGJ
Q06NpYciPEEJaxBsiY2aUUbg4WhVQKraFOpzjgRws4s8FzM9ehQe7qNC5xOhHgs8
HoPq5StBvpunSPqzfiaMIQW2zsT8pa0ia0madz//zRFADqfS0YdtcVe5qwdSI8il
h8+Clf5HG6DkzOsgj8tHzg/XJRXgc/WEGTB0gqlKbw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BjHDWuDgBoy6BiIaFPy
Jd91LpMTBXOvbMNN1IypQSipJ7JMCh3tfNOrpuXSTwvunaruafmxUB7oIsUj39JQ
OZAiu+ifkqafFMVWS/NPUIFnpb9WyrxSgKueu6D3TCAgqZlnFtxF+q94HPVvGSBw
HAo+3x8SHD8OgN+QB9ZIId7J2leJKPZdTCLuUJwakym74DgGBjR2XJ2r6whiQRuD
Ya1kJOq5o93DqxfSZgGFe1jm59+aoVGXDawStEULqOlIqe/rDGPAtiw3gIb6wJD5
FSaHvsw4HmEBKNEjlYFWtQLa3uYWNEX205NlywEmNbtRioG7NG3jtoE6GQJ8tHnd
vQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 17142073554303148491851504211725139575
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-01-16 18:32:13 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-01-31 19:02:13 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ottawa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Conseil des écoles publiques de l’Est de l’Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'idp.cepeo.on.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26269785697497630054159297810451505513947536857596393240558470358756330270741505017632510961731809554731512620665461150590598790699508729164147253381149970670956404048938508783000058423378479801407991879583617876359471987489694088075325788910580471023196004315028696245638261390807052985617137087700740343472578534418827414998229176630252186110816121746078451880048933358435611594620389862417939145022400667736319844748299341924021017763865571337268132032971880430225764890967089678349016120084316749192283741786426512802551230138290490222661188073915091660801180214902896654974435372543739460436026106479840417406397
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (19 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'idp.cepeo.on.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							01670076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000168580ae210000004030047304502201382e091b8c33099734d32fca777bc4d0ad3f9f40fdb3390ed2df0f2af4a5668022100ae727d13b528ee33f366411623293139f5ffdea39a44306167c82642decd570c0076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f00000168580ae241000004030047304502207a10189cc858aec5c17f9f54608377b1063c398d10a51bb85ad26714bd410f56022100e9bd7b39b4d1ad733f54ea9a07fce6bf1204de29340b5b74cf7e83c33e4f4832007500ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb00000168580ae221000004030046304402207e18bf461257747ca809e309b7807e490834af011a9054fa18181e8eda8e45a702205ff96399d563606eaeeb540fb18d61c7eb64b39396c041d0e42bcdcb98f38c41
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							0133dae9f85009a50471ccb021b00646240a520a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		007cd28eecd6d0eaa674daebeb271f1da1393cad54ffa18206d688cbb853cbc82d6cd224b79bdf5a5f4a0a818f296b8139d00e2efae4a6d91a061d7f225d6bda3eb9a67eba0a6d2e51a4feda7992c83849dfc3112ce02a99615661b9623b93fd63188411ae6db9701f92f4ec1a389a520f1e15f89b01509f7bc1ee552f7d20312189434e8da587223c41096b106c898d9a5146e0e1685540aada14ea738e0470b38b3c17333d7a141eeea342e713a11e0b3c1e83eae52b41be9ba748fab37e268c2105b6cec4fca5ad226b499a773fffcd11400ea7d2d1876d7157b9ab075223c8a587cf8295fe471ba0e4cceb208fcb47ce0fd72515e073f58419307482a94a6f