candmz01.brenntag.ca
- Brenntag Canada Inc. -
Issued by Entrust Certification Authority - L1K
About this certificate
This digital certificate with serial number 74:2d:f4:cb:9b:cb:7d:b9:00:00:00:00:50:f4:21:fb was issued on by Entrust, Inc..
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Brenntag Canada Inc.
Organization:
Brenntag Canada Inc.
State / Province:
Ontario
Locality: Toronto
Country: CA
Locality: Toronto
Country: CA
Entrust, Inc.
Organization:
Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 74:2d:f4:cb:9b:cb:7d:b9:00:00:00:00:50:f4:21:fbSerial Number (int): 154429065909160772075517733664153936379
Serial Number lenght: 127 bits, 16 octets
SubjectKeyId: c3:45:42:1d:24:9c:c7:72:73:63:28:8d:70:59:c8:5e:a2:4e:fc:b3
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf
Fingerprint (sha1): 89:79:49:36:1d:c5:1d:4e:ca:eb:8e:c4:06:85:5d:3d:90:78:5c:2b
Fingerprint (sha256): eb:29:24:86:b8:0a:b4:a9:b9:82:81:54:ae:f5:09:6c:c9:12:03:d9:bf:48:ee:a8:8e:2b:83:08:f7:11:71:91
Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer
Revocation information
OCSP Server: http://ocsp.entrust.netCRL Distribution Point: http://crl.entrust.net/level1k.crl
Check the revocation status for certificate candmz01.brenntag.ca
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for candmz01.brenntag.ca
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
candmz01.brenntag.ca
www.candmz01.brenntag.ca
www.candmz01.brenntag.ca
Other certificates including the domain name brenntag.ca
(limited to 100 certificates)
eagle.brenntag.ca
candmz01.brenntag.ca
eagle2.brenntag.ca
candmz01.brenntag.ca
eagle.brenntag.ca
candmz02.brenntag.ca
somosmanada.turnosweb.app
www.shvaana.nl
eagle2.brenntag.ca
eagle2.brenntag.ca
candmz01.brenntag.ca
eagle.brenntag.ca
95-biztalk.brenntag.ca
canpgw.brenntag.ca
www.book360.us
candmz01.brenntag.ca
www.angularmaterial.dev
grapikitstudio.com
candmz04.brenntag.ca
candmz04.brenntag.ca
candmz01.brenntag.ca
candmz02.brenntag.ca
mail.brenntag.ca
candmz01.brenntag.ca
vendor.elitindirim.com
candmz01.brenntag.ca
somosmanada.turnosweb.app
onboarding.brenntag.ca
mail.brenntag.ca
candmz04.brenntag.ca
candmz01.brenntag.ca
candmz04.brenntag.ca
webmail.brenntag.ca
candmz04.brenntag.ca
candmz01.brenntag.ca
eagle2.brenntag.ca
candmz01.brenntag.ca
eagle.brenntag.ca
candmz02.brenntag.ca
somosmanada.turnosweb.app
www.shvaana.nl
eagle2.brenntag.ca
eagle2.brenntag.ca
candmz01.brenntag.ca
eagle.brenntag.ca
95-biztalk.brenntag.ca
canpgw.brenntag.ca
www.book360.us
candmz01.brenntag.ca
www.angularmaterial.dev
grapikitstudio.com
candmz04.brenntag.ca
candmz04.brenntag.ca
candmz01.brenntag.ca
candmz02.brenntag.ca
mail.brenntag.ca
candmz01.brenntag.ca
vendor.elitindirim.com
candmz01.brenntag.ca
somosmanada.turnosweb.app
onboarding.brenntag.ca
mail.brenntag.ca
candmz04.brenntag.ca
candmz01.brenntag.ca
candmz04.brenntag.ca
webmail.brenntag.ca
candmz04.brenntag.ca
Certificate
The complete raw certificate details for candmz01.brenntag.ca in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFcDCCBFigAwIBAgIQdC30y5vLfbkAAAAAUPQh+zANBgkqhkiG9w0BAQsFADCB ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0x OTA3MDkyMDQyMjlaFw0yMTA4MTcyMTEyMjlaMG8xCzAJBgNVBAYTAkNBMRAwDgYD VQQIEwdPbnRhcmlvMRAwDgYDVQQHEwdUb3JvbnRvMR0wGwYDVQQKExRCcmVubnRh ZyBDYW5hZGEgSW5jLjEdMBsGA1UEAxMUY2FuZG16MDEuYnJlbm50YWcuY2EwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7amDyHg53X+8TII8UXsJbHNAs ODohrzAffw5voc1bcw94KrafHOFYT2xdC1nojmrne6jakwGSq/Ak7VUiscPunpLf f4FAG3+b9ZLJDt5qjI71DDGO/GZ69rFO1XiHmYRWg718zDUT3+7GOyurH6blWBCY l4KAn9e3Gmx+vq9pygvVzv8FNf4mN7U2KX8If03G57rr5N3xzbHfFGlt3e8otsnp mdLplWLwiI5CGHN01kvCOX2A0j/scDFrMHOkTyB4i3Kkrn30RFt4+iiMi8Ep0C1N BZWXs8irvZJgbuODVlk64Jf1BO2RdmdgoHY5ibojyZHILZLfhhI7GIRuEYrZAgMB AAGjggG6MIIBtjATBgorBgEEAdZ5AgQDAQH/BAIFADA5BgNVHREEMjAwghRjYW5k bXowMS5icmVubnRhZy5jYYIYd3d3LmNhbmRtejAxLmJyZW5udGFnLmNhMA4GA1Ud DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMwYDVR0f BCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFrLmNybDBL BgNVHSAERDBCMDYGCmCGSAGG+mwKAQUwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3 dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMGgGCCsGAQUFBwEBBFwwWjAjBggr BgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0 dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAfBgNVHSMEGDAW gBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQUw0VCHSScx3JzYyiNcFnI XqJO/LMwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA0TNiOarxa0YGKiyF lDf/brsxFFMttME9ZwBVI5B+7LvkuhBVBS3Zz9uaCP5OfNfZzi8+y5HpI+xhF00y oiTtH+su1R7TclIRf9tnVJeLt1tkOK8CX6r9iA+MFA+wzjhxzBndNN7mQImgAbYg Mv6vw4fmfknm6ILdMzo5DVWZtP2j4yu+sK4XwMrRi2R1/R8TPnnOoBjqjWl/aJHp hkE15JX7ByB4fJZvaBRn3VIiTzZ8bpab49Qrm6vzqCxMJGJa6iDkIJUPY1AQ7ioZ n2HcowxJr4wrQJPNkjbgAPAIChcfUytHfnMXryW0nTar1M0/rihlEtakg275PZAp xmS8Kw== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2pg8h4Od1/vEyCPFF7C WxzQLDg6Ia8wH38Ob6HNW3MPeCq2nxzhWE9sXQtZ6I5q53uo2pMBkqvwJO1VIrHD 7p6S33+BQBt/m/WSyQ7eaoyO9QwxjvxmevaxTtV4h5mEVoO9fMw1E9/uxjsrqx+m 5VgQmJeCgJ/Xtxpsfr6vacoL1c7/BTX+Jje1Nil/CH9Nxue66+Td8c2x3xRpbd3v KLbJ6ZnS6ZVi8IiOQhhzdNZLwjl9gNI/7HAxazBzpE8geItypK599ERbePoojIvB KdAtTQWVl7PIq72SYG7jg1ZZOuCX9QTtkXZnYKB2OYm6I8mRyC2S34YSOxiEbhGK 2QIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 154429065909160772075517733664153936379 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-09 20:42:29 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-08-17 21:12:29 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Toronto' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Brenntag Canada Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'candmz01.brenntag.ca' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23659020317980652973505007627810998877365052050246262558567997298285706329086454474541844201799826085907977657624382089847449012110441467465378372234964872670425230274952243094708449837027684643006955661572347214140363988473770153109221251398193707803374864079526676651743390869889179826623367341714447206932981868923169100917748404525251680919465709113539392348063860100867336288912202113432667231459908610583438718931220205170515828846372723783605303143835167741304446817659863032389483762793392345612540084880703701018856885378320308983518910530785355781071505883319227072351765190540517278018269198449666218363609 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'candmz01.brenntag.ca' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.candmz01.brenntag.ca' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) c345421d249cc7727363288d7059c85ea24efcb3 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00d1336239aaf16b46062a2c859437ff6ebb3114532db4c13d67005523907eecbbe4ba1055052dd9cfdb9a08fe4e7cd7d9ce2f3ecb91e923ec61174d32a224ed1feb2ed51ed37252117fdb6754978bb75b6438af025faafd880f8c140fb0ce3871cc19dd34dee64089a001b62032feafc387e67e49e6e882dd333a390d5599b4fda3e32bbeb0ae17c0cad18b6475fd1f133e79cea018ea8d697f6891e9864135e495fb0720787c966f681467dd52224f367c6e969be3d42b9babf3a82c4c24625aea20e420950f635010ee2a199f61dca30c49af8c2b4093cd9236e000f0080a171f532b477e7317af25b49d36abd4cd3fae286512d6a4836ef93d9029c664bc2b