www.saechsische-staatsbaeder.de

- Sächsische Staatsbäder GmbH -

Issued by GeoTrust TLS RSA CA G1

About this certificate

This digital certificate with serial number 0e:80:f9:c2:ac:02:18:ad:99:71:00:62:57:f7:d9:2d was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Sächsische Staatsbäder GmbH

Organization: Sächsische Staatsbäder GmbH
Organization unit: IT-Abteilung
State / Province: Sachsen
Locality: Bad Elster
Country: DE

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0e:80:f9:c2:ac:02:18:ad:99:71:00:62:57:f7:d9:2d
Serial Number (int): 19278871682370073270371772071964825901
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: d0:85:f5:38:30:9c:0e:68:c3:21:97:0f:76:db:af:44:9f:ce:f8:15
AuthorityKeyId: 94:4f:d4:5d:8b:e4:a4:e2:a6:80:fe:fd:d8:f9:00:ef:a3:be:02:57

Fingerprint (sha1): e8:a8:21:27:87:76:a9:27:f3:78:ae:cf:6e:14:b8:5b:40:42:2b:88
Fingerprint (sha256): df:4a:ce:fc:ba:f4:e9:89:8d:49:6b:f1:b9:8e:7a:1c:4a:31:3c:27:44:3c:24:c2:33:6b:56:ab:14:0e:60:bd

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl

Check the revocation status for certificate www.saechsische-staatsbaeder.de

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.saechsische-staatsbaeder.de

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.saechsische-staatsbaeder.de
saechsische-staatsbaeder.de

Other certificates including the domain name saechsische-staatsbaeder.de

(limited to 100 certificates)
saechsische-staatsbaeder.web.mageprofis.de
2021.saechsische-staatsbaeder.de
saechsische-staatsbaeder.web.mageprofis.de
2021.saechsische-staatsbaeder.de
www.saechsische-staatsbaeder.de
2021.saechsische-staatsbaeder.de
saechsische-staatsbaeder.web.mageprofis.de
saechsische-staatsbaeder.web.mageprofis.de
soletherme.saechsische-staatsbaeder.de
saechsische-staatsbaeder.web.mageprofis.de
saechsische-staatsbaeder.web.mageprofis.de
soletherme.saechsische-staatsbaeder.de
2021.saechsische-staatsbaeder.de
2021.saechsische-staatsbaeder.de
soletherme.saechsische-staatsbaeder.de
www.saechsische-staatsbaeder.de
saechsische-staatsbaeder.web.mageprofis.de
2021.saechsische-staatsbaeder.de
www.saechsische-staatsbaeder.de
saechsische-staatsbaeder.web.mageprofis.de
saechsische-staatsbaeder.web.mageprofis.de

Certificate

The complete raw certificate details for www.saechsische-staatsbaeder.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGXzCCBUegAwIBAgIQDoD5wqwCGK2ZcQBiV/fZLTANBgkqhkiG9w0BAQsFADBg
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZHZW9UcnVzdCBUTFMgUlNBIENBIEcx
MB4XDTE4MDQwNDAwMDAwMFoXDTE5MDYwMzEyMDAwMFowgZ0xCzAJBgNVBAYTAkRF
MRAwDgYDVQQIEwdTYWNoc2VuMRMwEQYDVQQHEwpCYWQgRWxzdGVyMSYwJAYDVQQK
DB1Tw6RjaHNpc2NoZSBTdGFhdHNiw6RkZXIgR21iSDEVMBMGA1UECxMMSVQtQWJ0
ZWlsdW5nMSgwJgYDVQQDEx93d3cuc2FlY2hzaXNjaGUtc3RhYXRzYmFlZGVyLmRl
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVyS8K/73vYK8Nt4HTCJ
jJYUqtH3cnlSyWmLjIQ4FsxI/jzc68CUf/35+NIE+iucd4oIvmnpClwNBm0dx5XC
7MS88vn/E2FyldnBv6KTSD1PYnWWJJglbc0TsTKe+VTioOIPOOGXn0zqaIVZrAR/
oV6J50Aj7+qCBcwLCi3Jv+ni/Bc6tAp2RqOaYPOWO5eOtAR/fREU3JLVukyjXJFr
RtvmBGGb/o09UuA8hgjq2KL0I9fdXD58ymJaE4sVbqvS6dOC64wDxRep012nsJ/5
DdnamUFr87pPgF+KGD0FDgRIsmblO9Vij2AWT+BHOnhLOnjByse72EN6h7FYKP5b
/QIDAQABo4IC1TCCAtEwHwYDVR0jBBgwFoAUlE/UXYvkpOKmgP792PkA76O+Alcw
HQYDVR0OBBYEFNCF9TgwnA5owyGXD3bbr0SfzvgVMEcGA1UdEQRAMD6CH3d3dy5z
YWVjaHNpc2NoZS1zdGFhdHNiYWVkZXIuZGWCG3NhZWNoc2lzY2hlLXN0YWF0c2Jh
ZWRlci5kZTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9jZHAuZ2VvdHJ1c3QuY29t
L0dlb1RydXN0VExTUlNBQ0FHMS5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEw
KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZn
gQwBAgIwdgYIKwYBBQUHAQEEajBoMCYGCCsGAQUFBzABhhpodHRwOi8vc3RhdHVz
Lmdlb3RydXN0LmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL2NhY2VydHMuZ2VvdHJ1
c3QuY29tL0dlb1RydXN0VExTUlNBQ0FHMS5jcnQwCQYDVR0TBAIwADCCAQMGCisG
AQQB1nkCBAIEgfQEgfEA7wB1ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaO
HtGFAAABYo31PpEAAAQDAEYwRAIgDY7vx8LN21Mrpfu697ETxW3V8dGLyflFWhkM
JOYiG6ECIBerIUwSiOvwetpm8VS6/in23yLJLe0+ggNgMXPA3ocgAHYAb1N2rDHw
MRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFijfU/4QAABAMARzBFAiA+NzBx
1iMk6L96wV2q1dhsvcE9r8LrDqUxhFSG7UTQeAIhAOThpqe4VCuWTfTw1L2My6PV
JkzGd6T2rvGSE1XTpmliMA0GCSqGSIb3DQEBCwUAA4IBAQBDf2TF8iGH7iK09jxF
UARJIQzUBp1L3YF81aVQ5riC8EIUdpY7WW0hvPbxWiwG3KFCR+PFTab/0MCcJzeS
GkQTjfVJZR1QSpJV4jlrLzgMtrDyQDtDrlHqR3zoKzCGZ35fsohcC5S9vkDektyf
UvLz3VgxqVpnX20y9Y29K8mPbmksOwTr9gNNYfs9styIQ+wf1eRE6Y35VA8+kQTV
v8TBfdWCcyPFtDRATL6dxvTc13VuTV0a3Drugd5+lQ2anSi1SoXQyo1+SqKuUlnV
nADVxb9t9yEYxqUcXVx0o3xpv29cQkMtqcpp/ohj4WnQIosKJ0S4p7tiKWSQGqdX
SLKg
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVyS8K/73vYK8Nt4HTCJ
jJYUqtH3cnlSyWmLjIQ4FsxI/jzc68CUf/35+NIE+iucd4oIvmnpClwNBm0dx5XC
7MS88vn/E2FyldnBv6KTSD1PYnWWJJglbc0TsTKe+VTioOIPOOGXn0zqaIVZrAR/
oV6J50Aj7+qCBcwLCi3Jv+ni/Bc6tAp2RqOaYPOWO5eOtAR/fREU3JLVukyjXJFr
RtvmBGGb/o09UuA8hgjq2KL0I9fdXD58ymJaE4sVbqvS6dOC64wDxRep012nsJ/5
DdnamUFr87pPgF+KGD0FDgRIsmblO9Vij2AWT+BHOnhLOnjByse72EN6h7FYKP5b
/QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 19278871682370073270371772071964825901
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust TLS RSA CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-04-04 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-03 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sachsen'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bad Elster'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Sächsische Staatsbäder GmbH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IT-Abteilung'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.saechsische-staatsbaeder.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23904689572033632765408725389594068874365302680981503195462167998595213287454005486945889435777724614664938403810776693702510244781254899577822037010156335310554130857867657691058728550483386648405446826150282723501143602966025656182799888074262884269285620584656404080167931828493682495282209892165951421449632731502514852867081157562836608860761241039818105792341877603783567564478611688923003903977048882890048693769914197515376659106373010148360418309438818087568106482288194835857179627977452543594043153417275955638673887762108855746458106945181227063503988348549704197639470247245006713736618033313887735929853
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 944fd45d8be4a4e2a680fefdd8f900efa3be0257
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d085f538309c0e68c321970f76dbaf449fcef815
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (64 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.saechsische-staatsbaeder.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'saechsische-staatsbaeder.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007500bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185000001628df53e91000004030046304402200d8eefc7c2cddb532ba5fbbaf7b113c56dd5f1d18bc9f9455a190c24e6221ba1022017ab214c1288ebf07ada66f154bafe29f6df22c92ded3e8203603173c0de87200076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d913000001628df53fe1000004030047304502203e373071d62324e8bf7ac15daad5d86cbdc13dafc2eb0ea531845486ed44d078022100e4e1a6a7b8542b964df4f0d4bd8ccba3d5264cc677a4f6aef1921355d3a66962
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00437f64c5f22187ee22b4f63c45500449210cd4069d4bdd817cd5a550e6b882f0421476963b596d21bcf6f15a2c06dca14247e3c54da6ffd0c09c2737921a44138df549651d504a9255e2396b2f380cb6b0f2403b43ae51ea477ce82b3086677e5fb2885c0b94bdbe40de92dc9f52f2f3dd5831a95a675f6d32f58dbd2bc98f6e692c3b04ebf6034d61fb3db2dc8843ec1fd5e444e98df9540f3e9104d5bfc4c17dd5827323c5b434404cbe9dc6f4dcd7756e4d5d1adc3aee81de7e950d9a9d28b54a85d0ca8d7e4aa2ae5259d59c00d5c5bf6df72118c6a51c5d5c74a37c69bf6f5c42432da9ca69fe8863e169d0228b0a2744b8a7bb622964901aa75748b2a0