dotace-lidskaprava.vlada.cz

Issued by RapidSSL Global TLS RSA4096 SHA256 2022 CA1

About this certificate

This digital certificate with serial number 0f:eb:47:60:fe:f9:ae:a9:ce:f6:25:e9:05:f3:f5:03 was issued on by DigiCert, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=dotace-lidskaprava.vlada.cz

DigiCert, Inc.

Organization: DigiCert, Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0f:eb:47:60:fe:f9:ae:a9:ce:f6:25:e9:05:f3:f5:03
Serial Number (int): 21160057434425923072124888571251520771
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 7c:2e:44:20:a8:bd:43:91:31:15:14:1d:16:fa:a9:21:83:96:02:84
AuthorityKeyId: f0:9c:85:fd:a2:9f:7d:8f:c9:68:bb:d5:d4:89:4d:1d:be:d3:90:ff

Fingerprint (sha1): 9f:a1:d5:f0:2d:9f:3c:64:8f:8f:52:26:15:bc:b4:46:ea:ce:65:d9
Fingerprint (sha256): e0:63:13:78:de:ac:76:6c:0c:4c:1a:d0:f7:c6:6d:29:41:ef:13:0c:a1:b2:c9:47:32:4e:f6:94:0f:c6:7e:f2

Issuing Certificate URL: http://cacerts.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crl
CRL Distribution Point: http://crl4.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crl

Check the revocation status for certificate dotace-lidskaprava.vlada.cz

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for dotace-lidskaprava.vlada.cz

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

dotace-lidskaprava.vlada.cz
www.dotace-lidskaprava.vlada.cz

Other certificates including the domain name vlada.cz

(limited to 100 certificates)
dotace-lidskaprava.vlada.cz
*.vlada.cz
oo.vlada.cz
sslvpn.vlada.cz
zakazky.vlada.cz
dapmobile.vlada.cz
zakazky.vlada.cz
*.vlada.cz
sslvpn.vlada.cz
sslvpn.vlada.cz
dotace-drogy.vlada.cz
wifiuvcr.vlada.cz
*.vlada.cz
cloud.vlada.cz
albatros.odok.cz
*.vlada.cz
vlada.cz
vlada.cz
oo.vlada.cz
zakazky.vlada.cz
vlada.cz
pis3.vlada.cz
www.vlada.cz
dotace-lidskaprava.vlada.cz
vlada.cz
www.vlada.cz
sslvpn.vlada.cz
zakazky.vlada.cz
dotace-lidskaprava.vlada.cz
zakazky.vlada.cz
dotace-drogy.vlada.cz
dotace-drogy.vlada.cz
alvao.vlada.cz
vlada.cz
dotace-lidskaprava.vlada.cz
vlada.cz
vlada.cz
vlada.cz
vlada.cz
cloud.vlada.cz
cixp.vlada.cz
dotace-drogy.vlada.cz
dotace-drogy.vlada.cz
wifiuvcr.vlada.cz
vlada.cz
dotace-lidskaprava.vlada.cz
dotace-lidskaprava.vlada.cz
pis3.vlada.cz
wifiuvcr.vlada.cz
*.vlada.cz
sslvpn.vlada.cz
antispam01.vlada.cz
dotace-lidskaprava.vlada.cz
www.vlada.cz
wifiuvcr.vlada.cz
cloud.vlada.cz
sslvpn2.vlada.cz
antispam02.vlada.cz
pis3.vlada.cz
vlada.cz
dapmobile.vlada.cz
*.vlada.cz
dotace-lidskaprava.vlada.cz
dotace-lidskaprava.vlada.cz
www.vlada.cz

Certificate

The complete raw certificate details for dotace-lidskaprava.vlada.cz in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHwjCCBaqgAwIBAgIQD+tHYP75rqnO9iXpBfP1AzANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT
K1JhcGlkU1NMIEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN
MjIxMTAyMDAwMDAwWhcNMjMxMTAyMjM1OTU5WjAmMSQwIgYDVQQDExtkb3RhY2Ut
bGlkc2thcHJhdmEudmxhZGEuY3owggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDDpjGflEgV9ach/2QD+4mPELIu+LIT06EKGNCDpC09xtpQL+jKvpadXEGX
+ZibWVL5gyp4VeccjaT7PvNrCTmYZNGJqXJuigFF5S6XbD1UPf9SsXxNqQmzmWzA
YFr/9K2uwwQ6JTBrzcvJOWz5mnviKVU532agiJm2ZVF8cIxsU7oUmp6mPTPdmGw0
jgwZq8c+wd2vg/Qf6YU6fOcVCLzmkvW7QITwFSKL7hXIVZky3Xnf2em36Uq5ROv5
U8UvGJ3o90LCzE3h1PzRrI/csdQJzxQNU6JWpQzxfsFwBXUh/lLphfUAVm9BJSsb
CIaUwXAKLMCqVRZYsPSJ8ihpdfc5AgMBAAGjggO0MIIDsDAfBgNVHSMEGDAWgBTw
nIX9op99j8lou9XUiU0dvtOQ/zAdBgNVHQ4EFgQUfC5EIKi9Q5ExFRQdFvqpIYOW
AoQwRwYDVR0RBEAwPoIbZG90YWNlLWxpZHNrYXByYXZhLnZsYWRhLmN6gh93d3cu
ZG90YWNlLWxpZHNrYXByYXZhLnZsYWRhLmN6MA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZ8GA1UdHwSBlzCBlDBIoEagRIZC
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL1JhcGlkU1NMR2xvYmFsVExTUlNBNDA5
NlNIQTI1NjIwMjJDQTEuY3JsMEigRqBEhkJodHRwOi8vY3JsNC5kaWdpY2VydC5j
b20vUmFwaWRTU0xHbG9iYWxUTFNSU0E0MDk2U0hBMjU2MjAyMkNBMS5jcmwwPgYD
VR0gBDcwNTAzBgZngQwBAgEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdp
Y2VydC5jb20vQ1BTMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6
Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMu
ZGlnaWNlcnQuY29tL1JhcGlkU1NMR2xvYmFsVExTUlNBNDA5NlNIQTI1NjIwMjJD
QTEuY3J0MAkGA1UdEwQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB1AOg+
0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhDkAEtwAAAQDAEYwRAIg
R+A531Kf16aCGajJeykGGbTfndVQSM+KKggtOQcyY60CIBE1LtwqFiKrdJ+Z10L1
J0r1MBLcbqXgAj+Dyngd0fZCAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PAD
Dnk2pZoAAAGEOQATHwAABAMARjBEAiB4DwX4R+0ce9OjNnUW6NLjbTtO7Q+YwQbG
Isp7LcU+1gIgZ4tgxetBTuu12hk3X+Ah6BwMZ80LNgl456T1h5bAAG0AdwC3Pvsk
35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYQ5ABLhAAAEAwBIMEYCIQCV
Jg8RhWR9rlMGjNfu+PdadHmXy8fr26CX8xav0oZKxQIhAJZAIMJky4Yn8mmX5saw
1i4xPcAPHVfvhOyJNwEk4gw2MA0GCSqGSIb3DQEBCwUAA4ICAQCdSlMBgItR6bbL
ehcNh/tISf8u7lPLYineHr1LF6ApTxtjRaQSg3FADu6V98Xd1Se4+Fx/ETxG4nyk
XPMcwPJ5XsCdWUxHN1px0T9rS6YQJjPlv/aHwArGEpyApD7yigyo9iCZi21rk8pL
2Xuw+3DofxypZaYhY/JVIVVArJopoBXMDOeVeDb7gXnQVJhrbPlAsm7WPY/OCWXf
GI1pmkxNafgdnzDDclRI3Y91P/eChPSuTK9CQ0CcD/Bj5L0MWM8U1oapB/01/RY4
W+jxFCADzWt1HtUFNOTQ1j5i7NS1eJO/LoLL2Xqkm5BlWkxiFBN0cE0Xdf/odQsC
eIpl1yUXX5kk7Hy6tZ+MSVHNH22dxBdRrMK7v+5SYqY+GwY+v+52Iq4BE2gTK+wU
dJFcV5aKbwX7QJ20+wiVlCg8blE2UPoHGa9Nx/FNd9z6HLAPz+vSo9ZKM4H5CP3P
HeUiJMgofRHQ0Fsy6t9NJetKiAvx7PsTgCWr5y1QAru26TIsbPE2QVVlyje2RPai
2dHfdh+de86cCJYFwzJmXQP++TZ7EZWV6mRPivWcKmQxgf9/sWZ+q67t4nMGgW0k
1m9i88rcRBw8+zn0kFxIM4mia/0+rY7JXCR5Fstr8BTlQ334bKHTuG94zotNCkCX
yU2WZe1Zyih2KsPdZaYeDskvikcyVw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6Yxn5RIFfWnIf9kA/uJ
jxCyLviyE9OhChjQg6QtPcbaUC/oyr6WnVxBl/mYm1lS+YMqeFXnHI2k+z7zawk5
mGTRialybooBReUul2w9VD3/UrF8TakJs5lswGBa//StrsMEOiUwa83LyTls+Zp7
4ilVOd9moIiZtmVRfHCMbFO6FJqepj0z3ZhsNI4MGavHPsHdr4P0H+mFOnznFQi8
5pL1u0CE8BUii+4VyFWZMt1539npt+lKuUTr+VPFLxid6PdCwsxN4dT80ayP3LHU
Cc8UDVOiVqUM8X7BcAV1If5S6YX1AFZvQSUrGwiGlMFwCizAqlUWWLD0ifIoaXX3
OQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 21160057434425923072124888571251520771
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'RapidSSL Global TLS RSA4096 SHA256 2022 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-11-02 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-02 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'dotace-lidskaprava.vlada.cz'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24698422705933763698550160956300770057266072929264642873630541791353447546390464400012000132146005720050851139656591369531307799977562423479273430530371888072488347599900150875705189931902110150373251850704703251519792471894240539186371142800157008868504285216237225648336481741370276071912162738917803440633148916419211335760326111181451567849991935726183928759253396267898912603953710127709904146482191428519348773872137132337224072970583470059335253644492781283753021191561930907371842718227331406636169543577627275955381388345654026388997198005617944768341931219246886376913509105557647247249792407433487221913401
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f09c85fda29f7d8fc968bbd5d4894d1dbed390ff
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							7c2e4420a8bd43913115141d16faa92183960284
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (64 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dotace-lidskaprava.vlada.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dotace-lidskaprava.vlada.cz'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/RapidSSLGlobalTLSRSA4096SHA2562022CA1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007500e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e00000184390012dc0000040300463044022047e039df529fd7a68219a8c97b290619b4df9dd55048cf8a2a082d39073263ad022011352edc2a1622ab749f99d742f5274af53012dc6ea5e0023f83ca781dd1f642007500b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a000001843900131f00000403004630440220780f05f847ed1c7bd3a3367516e8d2e36d3b4eed0f98c106c622ca7b2dc53ed60220678b60c5eb414eebb5da19375fe021e81c0c67cd0b360978e7a4f58796c0006d007700b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb49900000184390012e1000004030048304602210095260f1185647dae53068cd7eef8f75a747997cbc7ebdba097f316afd2864ac5022100964020c264cb8627f26997e6c6b0d62e313dc00f1d57ef84ec89370124e20c36
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		009d4a5301808b51e9b6cb7a170d87fb4849ff2eee53cb6229de1ebd4b17a0294f1b6345a4128371400eee95f7c5ddd527b8f85c7f113c46e27ca45cf31cc0f2795ec09d594c47375a71d13f6b4ba6102633e5bff687c00ac6129c80a43ef28a0ca8f620998b6d6b93ca4bd97bb0fb70e87f1ca965a62163f255215540ac9a29a015cc0ce7957836fb8179d054986b6cf940b26ed63d8fce0965df188d699a4c4d69f81d9f30c3725448dd8f753ff78284f4ae4caf4243409c0ff063e4bd0c58cf14d686a907fd35fd16385be8f1142003cd6b751ed50534e4d0d63e62ecd4b57893bf2e82cbd97aa49b90655a4c62141374704d1775ffe8750b02788a65d725175f9924ec7cbab59f8c4951cd1f6d9dc41751acc2bbbfee5262a63e1b063ebfee7622ae011368132bec1474915c57968a6f05fb409db4fb089594283c6e513650fa0719af4dc7f14d77dcfa1cb00fcfebd2a3d64a3381f908fdcf1de52224c8287d11d0d05b32eadf4d25eb4a880bf1ecfb138025abe72d5002bbb6e9322c6cf136415565ca37b644f6a2d9d1df761f9d7bce9c089605c332665d03fef9367b119595ea644f8af59c2a643181ff7fb1667eabaeede27306816d24d66f62f3cadc441c3cfb39f4905c483389a26bfd3ead8ec95c247916cb6bf014e5437df86ca1d3b86f78ce8b4d0a4097c94d9665ed59ca28762ac3dd65a61e0ec92f8a473257