vcaballet.vancleefarpels.com

- Richemont International SA -

Issued by DigiCert Global CA G2

About this certificate

This digital certificate with serial number 0e:56:51:0e:6c:ca:0f:48:44:c1:26:f2:11:2e:1d:b5 was issued on by DigiCert Inc.

With 14 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Richemont International SA

Organization: Richemont International SA
Organization unit: VCA Akamai
State / Province: Genève
Locality: Bellevue
Country: CH

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0e:56:51:0e:6c:ca:0f:48:44:c1:26:f2:11:2e:1d:b5
Serial Number (int): 19057373488863644626596510318736580021
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 43:2e:34:b9:27:da:ae:67:62:01:15:e6:2d:a5:da:6b:e5:f9:23:62
AuthorityKeyId: 24:6e:2b:2d:d0:6a:92:51:51:25:69:01:aa:9a:47:a6:89:e7:40:20

Fingerprint (sha1): b7:c9:ea:00:ef:9e:2b:9f:5d:67:a4:39:a6:a5:52:8c:f7:2f:01:c7
Fingerprint (sha256): dd:ae:d7:2e:f7:c5:24:10:7d:29:10:1a:43:a5:8e:88:2c:b9:7b:ef:0a:b1:ab:05:fb:11:d7:91:88:f8:50:ec

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertGlobalCAG2.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertGlobalCAG2.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertGlobalCAG2.crl

Check the revocation status for certificate vcaballet.vancleefarpels.com

14

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for vcaballet.vancleefarpels.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.vcaportal.com
www.vancleefarpels.com
www.vancleefarpels.cn
www.lecolevancleefarpels.com
whenelegancemeetsart.vancleefarpels.com
weboutique.vancleefarpels.com
vcaballet.vancleefarpels.com
us.lecolevancleefarpels.com
media.weboutique.vancleefarpels.com
jp.lecolevancleefarpels.com
cn.vancleefarpels.com
bjexpo.vancleefarpels.com
api.weboutique.vancleefarpels.com
360workshopsvisit.vancleefarpels.com

Other certificates including the domain name vancleefarpels.com

(limited to 100 certificates)
secure.cn.vancleefarpels.com
intranet.richemont.com
intranet.richemont.com
weboutique.quality.vancleefarpels.com
intranet.richemont.com
weboutique.quality.vancleefarpels.com
dam.richemont.com
intranet.richemont.com
linemedia.preprod.richemont.com
presslounge.vancleefarpels.com
linemedia.preprod.richemont.com
media.richemont.com
www.vancleefarpels.com
www.preprod2.vancleefarpels.cn
diamondcheck.vancleefarpels.com
intranet.richemont.com
intranet.richemont.com
linemedia.preprod.richemont.com
dam.richemont.com
linemedia.preprod.richemont.com
intranet.richemont.com
www.vancleefarpels.com
www.quality.alange-soehne.com
vcaballet.vancleefarpels.com
weboutique.dev.vancleefarpels.com
linemedia.preprod.richemont.com
sihh2014.vancleefarpels.com
intranet.preprod.richemont.com
api.weboutique.quality.iwc.cn
linemedia.preprod.richemont.com
weboutique.preprod.vancleefarpels.com
linemedia.preprod.richemont.com
linemedia.preprod.richemont.com
vcaballet.vancleefarpels.com
www.quality.alange-soehne.com
media.richemont.com
vcaballet.vancleefarpels.com
weboutique.vancleefarpels.com
vcaballet.vancleefarpels.com
linemedia.preprod.richemont.com
weboutique.preprod.vancleefarpels.com
vcaballet.vancleefarpels.com
diamondcheck.vancleefarpels.com
www.quality.alange-soehne.com
intranet.staging.richemont.com
www.lecolevancleefarpels.com
intranet.quality.richemont.com
vcaballet.vancleefarpels.com
secure-www.vancleefarpels.com
weboutique.dev.vancleefarpels.com
intranet.dev.richemont.com
www.vancleefarpels.com
intranet.staging.richemont.com
8-seconds-of-luck.vancleefarpels.com
vcs.richemont.com
diamondcheck.vancleefarpels.com
intranet.richemont.com
linemedia.preprod.richemont.com
intranet.dev.richemont.com
intranet.richemont.com
linemedia.preprod.richemont.com
linemedia.preprod.richemont.com
dam.richemont.com
sihh2014.vancleefarpels.com
media.richemont.com
linemedia.preprod.richemont.com
www.quality.alange-soehne.com
yps.vancleefarpels.com
vcaballet.vancleefarpels.com
sihh2016.vancleefarpels.com
sihh2014.vancleefarpels.com
secure.www.vancleefarpels.com
intranet.richemont.com
vcaballet.vancleefarpels.com
weboutique.quality.vancleefarpels.com
linemedia.preprod.richemont.com
www.quality.alange-soehne.com
org-timenaturelove.vancleefarpels.com
intranet.staging.richemont.com
intranet.richemont.com
linemedia.preprod.richemont.com
sihh2014.vancleefarpels.com
sihh2014.vancleefarpels.com
sihh2014.vancleefarpels.com
intranet.richemont.com
www.quality.alange-soehne.com
linemedia.preprod.richemont.com
linemedia.preprod.richemont.com
intranet.richemont.com
www.vancleefarpels.com
linemedia.preprod.richemont.com
whenelegancemeetsart.quality.vancleefarpels.com
sihh2016.vancleefarpels.com
intranet.richemont.com
presslounge.vancleefarpels.com
api.weboutique.quality.iwc.cn
sihh2014.vancleefarpels.com
intranet.richemont.com
wwsip.richemont.com
sihh2016.vancleefarpels.com

Certificate

The complete raw certificate details for vcaballet.vancleefarpels.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG5TCCBc2gAwIBAgIQDlZRDmzKD0hEwSbyES4dtTANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVE
aWdpQ2VydCBHbG9iYWwgQ0EgRzIwHhcNMTgwOTEzMDAwMDAwWhcNMTkxMTE2MTIw
MDAwWjCBkzELMAkGA1UEBhMCQ0gxEDAOBgNVBAgMB0dlbsOodmUxETAPBgNVBAcT
CEJlbGxldnVlMSMwIQYDVQQKExpSaWNoZW1vbnQgSW50ZXJuYXRpb25hbCBTQTET
MBEGA1UECxMKVkNBIEFrYW1haTElMCMGA1UEAxMcdmNhYmFsbGV0LnZhbmNsZWVm
YXJwZWxzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsK6FXU
D3psArGStgHc1izG5A8ulxQgp7C4DdBd7rn9T8mEdmwBlwi9aNoDbHjooWPv5fpV
ERPlCtiYdKN5vy3WXt76BUMmpNjWjbRCzduFRvIPQvuOnlACiYYSC5Gphb5GAzYw
rM4caLXgFCIAeGcZcN8WdahJFw8lyZVyrZK3jUTxnF0FHXEHjoLTeQ+6NOXWcpbf
wZwfJRFIcDlKT/E9XO65pLejZsWF85fajhjdE5ss+nqyv7l5CQ37CnQf2m350rqi
lqClVWO/sL/jCclGagMDoK4i5YSUBGyx5FHQ03pKv83dd5mJCO6tWxwaC9wC+Qsz
aJiGdcPWJDh94FcCAwEAAaOCA4EwggN9MB8GA1UdIwQYMBaAFCRuKy3QapJRUSVp
AaqaR6aJ50AgMB0GA1UdDgQWBBRDLjS5J9quZ2IBFeYtpdpr5fkjYjCCAa0GA1Ud
EQSCAaQwggGgghF3d3cudmNhcG9ydGFsLmNvbYIWd3d3LnZhbmNsZWVmYXJwZWxz
LmNvbYIVd3d3LnZhbmNsZWVmYXJwZWxzLmNughx3d3cubGVjb2xldmFuY2xlZWZh
cnBlbHMuY29tgid3aGVuZWxlZ2FuY2VtZWV0c2FydC52YW5jbGVlZmFycGVscy5j
b22CHXdlYm91dGlxdWUudmFuY2xlZWZhcnBlbHMuY29tghx2Y2FiYWxsZXQudmFu
Y2xlZWZhcnBlbHMuY29tght1cy5sZWNvbGV2YW5jbGVlZmFycGVscy5jb22CI21l
ZGlhLndlYm91dGlxdWUudmFuY2xlZWZhcnBlbHMuY29tghtqcC5sZWNvbGV2YW5j
bGVlZmFycGVscy5jb22CFWNuLnZhbmNsZWVmYXJwZWxzLmNvbYIZYmpleHBvLnZh
bmNsZWVmYXJwZWxzLmNvbYIhYXBpLndlYm91dGlxdWUudmFuY2xlZWZhcnBlbHMu
Y29tgiQzNjB3b3Jrc2hvcHN2aXNpdC52YW5jbGVlZmFycGVscy5jb20wDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB3BgNVHR8E
cDBuMDWgM6Axhi9odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9i
YWxDQUcyLmNybDA1oDOgMYYvaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lD
ZXJ0R2xvYmFsQ0FHMi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggr
BgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIw
dAYIKwYBBQUHAQEEaDBmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9E
aWdpQ2VydEdsb2JhbENBRzIuY3J0MAkGA1UdEwQCMAAwEwYKKwYBBAHWeQIEAwEB
/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAGf0E5zFfa9rt9TLdobnB6ASW+kvRH5c
N65XvcFMEfCrFDM8Sy8jAmkV4IKpP3lJZi4/jl022blygQSizS0Vcnn8BXjjEoD2
aoPh5YwGJPq1fOWuAV04w0ONh00kPPsQ2TZjU9EnF7vA5T7/K5dv8gQpijRP4Mq+
PzPC0iUac1ft9zyhEZxATohoruLtq7Q1kDIb219DDcecrbQqmSakefcLfzR0mydZ
nFmrOavalQVdrq6H6UrY4etcryLpsK+evYpOV4SHjwUQ4Dn8+4Jpv4z/sY9ySF3o
Xr5n/r5LM57sNM3WlnGmcaZgIzypsXlsr73v4L74gGJUhQqwaYMukyA=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywroVdQPemwCsZK2AdzW
LMbkDy6XFCCnsLgN0F3uuf1PyYR2bAGXCL1o2gNseOihY+/l+lURE+UK2Jh0o3m/
LdZe3voFQyak2NaNtELN24VG8g9C+46eUAKJhhILkamFvkYDNjCszhxoteAUIgB4
Zxlw3xZ1qEkXDyXJlXKtkreNRPGcXQUdcQeOgtN5D7o05dZylt/BnB8lEUhwOUpP
8T1c7rmkt6NmxYXzl9qOGN0Tmyz6erK/uXkJDfsKdB/abfnSuqKWoKVVY7+wv+MJ
yUZqAwOgriLlhJQEbLHkUdDTekq/zd13mYkI7q1bHBoL3AL5CzNomIZ1w9YkOH3g
VwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 19057373488863644626596510318736580021
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Global CA G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-09-13 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-11-16 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Genève'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bellevue'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Richemont International SA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'VCA Akamai'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'vcaballet.vancleefarpels.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25631754626234405217639067411461343705247230326737573193820084488117433996861270812641945489336919722245191826046354132528972355776643382819484405614908526220157493253312905133409249901878277062936158447926937638922213757660294621876546768063605953975257559529054258293734439437477698571699703525648233212798525135817822836710089009841885863448021927238933532365439279472744351570650399782690047494123619062101645812749772954287927044414769682095723808812590387452725707586742001980967636972700680958621874859228997261903007694231532533181301359557236743947508994832649719952141264443548184307073768125678868049551447
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 246e2b2dd06a925151256901aa9a47a689e74020
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							432e34b927daae67620115e62da5da6be5f92362
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (420 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.vcaportal.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.vancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.vancleefarpels.cn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.lecolevancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'whenelegancemeetsart.vancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'weboutique.vancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vcaballet.vancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'us.lecolevancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.weboutique.vancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jp.lecolevancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cn.vancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bjexpo.vancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.weboutique.vancleefarpels.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '360workshopsvisit.vancleefarpels.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (112 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertGlobalCAG2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertGlobalCAG2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0067f4139cc57daf6bb7d4cb7686e707a0125be92f447e5c37ae57bdc14c11f0ab14333c4b2f23026915e082a93f7949662e3f8e5d36d9b9728104a2cd2d157279fc0578e31280f66a83e1e58c0624fab57ce5ae015d38c3438d874d243cfb10d9366353d12717bbc0e53eff2b976ff204298a344fe0cabe3f33c2d2251a7357edf73ca1119c404e8868aee2edabb43590321bdb5f430dc79cadb42a9926a479f70b7f34749b27599c59ab39abda95055daeae87e94ad8e1eb5caf22e9b0af9ebd8a4e5784878f0510e039fcfb8269bf8cffb18f72485de85ebe67febe4b339eec34cdd69671a671a660233ca9b1796cafbdefe0bef8806254850ab069832e9320