novica.ca

Issued by GeoTrust Global TLS RSA4096 SHA256 2022 CA1

About this certificate

This digital certificate with serial number 0e:a4:9f:ea:ca:a0:59:bd:3b:6f:f6:10:42:0c:e0:a1 was issued on by DigiCert, Inc..

With 27 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=novica.ca

DigiCert, Inc.

Organization: DigiCert, Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0e:a4:9f:ea:ca:a0:59:bd:3b:6f:f6:10:42:0c:e0:a1
Serial Number (int): 19463972131015366801569266944384491681
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 19:92:a2:22:af:5d:8d:7f:83:6b:47:d5:50:16:70:a0:2b:5f:78:43
AuthorityKeyId: a5:b4:d6:eb:36:c4:e7:6b:a6:df:c4:64:0b:01:2a:20:04:b8:66:23

Fingerprint (sha1): 49:96:5b:e8:4b:56:ef:5f:11:48:37:6c:f7:18:ff:28:2a:00:90:28
Fingerprint (sha256): f0:ed:13:25:97:49:05:14:2f:3c:16:57:ed:f3:7f:87:f2:b1:22:35:a8:89:a3:92:c6:96:2a:79:a6:bf:03:0f

Issuing Certificate URL: http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl
CRL Distribution Point: http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl

Check the revocation status for certificate novica.ca

27

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for novica.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

novica.ca
*.novica.ca
*.worldartisanday.org
worldartisanday.org
*.worldartisanday.com
worldartisanday.com
artisanday.com
*.artisanday.org
*.artisansday.com
*.artisanday.com
artisansday.org
artisanday.org
artisansday.com
*.artisansday.org
*.worldartisansday.org
worldartisansday.org
*.worldartisansday.com
worldartisansday.com
handmade.com
*.handmade.com
novica.co.uk
*.novica.co.uk
novica.uk
*.novica.uk
*.es.novica.com
*.novica.es
novica.es

Other certificates including the domain name novica.ca

(limited to 100 certificates)
novica.ca
novica.ca
novica.com
novica.com
novica.com
novica.ca
novica.com
novica.com
novica.com
novica.com
novica.com
novica.ca
novica.ca
novica.ca
novica.ca
secure.novica.com
novica.ca

Certificate

The complete raw certificate details for novica.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJUTCCBzmgAwIBAgIQDqSf6sqgWb07b/YQQgzgoTANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT
K0dlb1RydXN0IEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN
MjMwMTE3MDAwMDAwWhcNMjMxMDI5MjM1OTU5WjAUMRIwEAYDVQQDEwlub3ZpY2Eu
Y2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkhsywIyd6SAUP54sn
r1B3y8RhFm5oKBoNKavO+x0rR7XIJoZ67RCj5TbJdMGY0Zt/mAVPRiHBA3Zf8mzM
Q1pu/IQZf9eaTv4lJYlYPoJV8kFIurmyj1yvV2HRvLaEWbpzToVt8nVA20i3s6Uj
Jje3eSdFHrS5x55hcUoYWiK3X/G5nT6GtUafFxxqt0+6939MjCD5dG+fj8TC3nMn
LF5yWK7o0btU8nQZhXwbn9/fPe7naPQbROUrEN+MWieGGdUMqmu/2AO7enEyFKV9
b1qN50/QdsEr7jHzwePSvKxeRw4ipOmiAYWn/geMvEwev5ktKLxAFQXh3WmtKZ6W
Wr59AgMBAAGjggVVMIIFUTAfBgNVHSMEGDAWgBSltNbrNsTna6bfxGQLASogBLhm
IzAdBgNVHQ4EFgQUGZKiIq9djX+Da0fVUBZwoCtfeEMwggHiBgNVHREEggHZMIIB
1YIJbm92aWNhLmNhggsqLm5vdmljYS5jYYIVKi53b3JsZGFydGlzYW5kYXkub3Jn
ghN3b3JsZGFydGlzYW5kYXkub3JnghUqLndvcmxkYXJ0aXNhbmRheS5jb22CE3dv
cmxkYXJ0aXNhbmRheS5jb22CDmFydGlzYW5kYXkuY29tghAqLmFydGlzYW5kYXku
b3JnghEqLmFydGlzYW5zZGF5LmNvbYIQKi5hcnRpc2FuZGF5LmNvbYIPYXJ0aXNh
bnNkYXkub3Jngg5hcnRpc2FuZGF5Lm9yZ4IPYXJ0aXNhbnNkYXkuY29tghEqLmFy
dGlzYW5zZGF5Lm9yZ4IWKi53b3JsZGFydGlzYW5zZGF5Lm9yZ4IUd29ybGRhcnRp
c2Fuc2RheS5vcmeCFioud29ybGRhcnRpc2Fuc2RheS5jb22CFHdvcmxkYXJ0aXNh
bnNkYXkuY29tggxoYW5kbWFkZS5jb22CDiouaGFuZG1hZGUuY29tggxub3ZpY2Eu
Y28udWuCDioubm92aWNhLmNvLnVrgglub3ZpY2EudWuCCyoubm92aWNhLnVrgg8q
LmVzLm5vdmljYS5jb22CCyoubm92aWNhLmVzgglub3ZpY2EuZXMwDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0fBIGX
MIGUMEigRqBEhkJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vR2VvVHJ1c3RHbG9i
YWxUTFNSU0E0MDk2U0hBMjU2MjAyMkNBMS5jcmwwSKBGoESGQmh0dHA6Ly9jcmw0
LmRpZ2ljZXJ0LmNvbS9HZW9UcnVzdEdsb2JhbFRMU1JTQTQwOTZTSEEyNTYyMDIy
Q0ExLmNybDA+BgNVHSAENzA1MDMGBmeBDAECATApMCcGCCsGAQUFBwIBFhtodHRw
Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYcGCCsGAQUFBwEBBHsweTAkBggrBgEF
BQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFEGCCsGAQUFBzAChkVodHRw
Oi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vR2VvVHJ1c3RHbG9iYWxUTFNSU0E0MDk2
U0hBMjU2MjAyMkNBMS5jcnQwCQYDVR0TBAIwADCCAYEGCisGAQQB1nkCBAIEggFx
BIIBbQFrAHcA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGFwek3
7QAABAMASDBGAiEAk9CmzTGbP/FSY16UEH2btQ3YAZsbzviyRzNdrZXUXOgCIQD3
JFrOuGoJ9w8HQD57XvZDrEHtkuULOlASl0zh6gPauAB3ALNzdwfhhFD4Y4bWBanc
EQlKeS2xZwwLh9zwAw55NqWaAAABhcHpOEgAAAQDAEgwRgIhAIuZ+ZNPdMx3svw3
8hKxCnhcSnf/4h0dh3us5D/rDnXgAiEAq5kh8BOSNDCsYQJGkdDxanKJnuWaIh5j
OFxV0k97hLYAdwC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYXB
6TgGAAAEAwBIMEYCIQCXvClMe11PXPlBBzhno3s9BratdFbq0QuNCX2NgZU+ywIh
AINfS3urDdutuh1u4ebpqk+NrCwcoHcA85Orjq7QyoVvMA0GCSqGSIb3DQEBCwUA
A4ICAQAfwAoJKJuop7I6lGxfALEQcCKaJX8xS+pnH99VccI73VtAqc1eqBf/huwX
zi2SpY/q+4OyeHY56vz5fCVGLlib+eC+GxaiwCzu87Pa4rCieztii2R9v4oRtvZu
8at8ZzZ+wfW5ARZ/7dfDsJlg9D2SHlM/vGRCG7BYhtIpx+k5ECJl2bgLbEVp9vqm
ngW33Ovob6kbfk+7LIuyhncVTbFX+iewZippcTj5U5j7L4pykXHCxO3CxBXWvwHO
LVQx8Z5xtLr6/KmcNDH4XIxmSijQdt/L/SIBwY94Q0vYOHDGrBYFeyVrt0GZWtU3
GireeHmhiId4B5LeFrJR/B2DJPiPVIUQdnqz6pW4kiqk1nedi2GBBz0rRKO4ktnY
Hdq96dp0sGvFcFY5P6Pwd0h/GN9eO8kWgy+UyjshFwgokfVKeuWeaip3DpyS+MZT
+yru5bGctH7lGxHAqs6Vcz+C6T0KPQnMDx4EyBQqDX/zIZbPZ+IpTHZXd+7FQVvO
f63nRc7K9KFAiL2+B8PM2CXqUFfr2cJETNf3CB1nfrzCKbx4sFG3JYBbUWEXqg0O
kEQe6vbbDNG+3DnvAc7VD3Ynx+lm5ufpLNcmy6gBbkE5SmxSjl1wAmIHn7WnTZwF
1/0MeY/QjgyiR8CeQjJSOSndeRoTiRySCqFnRUwLF4Xaoh217w==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIbMsCMnekgFD+eLJ69Q
d8vEYRZuaCgaDSmrzvsdK0e1yCaGeu0Qo+U2yXTBmNGbf5gFT0YhwQN2X/JszENa
bvyEGX/Xmk7+JSWJWD6CVfJBSLq5so9cr1dh0by2hFm6c06FbfJ1QNtIt7OlIyY3
t3knRR60uceeYXFKGFoit1/xuZ0+hrVGnxccardPuvd/TIwg+XRvn4/Ewt5zJyxe
cliu6NG7VPJ0GYV8G5/f3z3u52j0G0TlKxDfjFonhhnVDKprv9gDu3pxMhSlfW9a
jedP0HbBK+4x88Hj0rysXkcOIqTpogGFp/4HjLxMHr+ZLSi8QBUF4d1prSmellq+
fQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 19463972131015366801569266944384491681
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Global TLS RSA4096 SHA256 2022 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-17 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-29 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'novica.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20769554156223149402740069217432473361796809483640350193167759098371365226018462425414982613935223080890649792770363135613419892954271248607751329145723650587342201773740973552070453903184693961559197689149112297716823221296568425486236007845039420687590884757759783340745794191730555208982099363616756225999415824624085877232673776666471345297189409275627211155970260075398923615577804645511781457562709143032618984962342050857345047759189451277099999674041408874369125497271840201825967264451641623401558303076597810271146577260118819203749495054746010506686917524546675213143691541757607217422534602547050592255613
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a5b4d6eb36c4e76ba6dfc4640b012a2004b86623
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1992a222af5d8d7f836b47d5501670a02b5f7843
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (473 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novica.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novica.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.worldartisanday.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'worldartisanday.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.worldartisanday.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'worldartisanday.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'artisanday.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.artisanday.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.artisansday.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.artisanday.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'artisansday.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'artisanday.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'artisansday.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.artisansday.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.worldartisansday.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'worldartisansday.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.worldartisansday.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'worldartisansday.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'handmade.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.handmade.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novica.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novica.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novica.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novica.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.es.novica.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novica.es'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novica.es'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (369 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
							016b007700e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e00000185c1e937ed000004030048304602210093d0a6cd319b3ff152635e94107d9bb50dd8019b1bcef8b247335dad95d45ce8022100f7245aceb86a09f70f07403e7b5ef643ac41ed92e50b3a5012974ce1ea03dab8007700b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a00000185c1e9384800000403004830460221008b99f9934f74cc77b2fc37f212b10a785c4a77ffe21d1d877bace43feb0e75e0022100ab9921f013923430ac61024691d0f16a72899ee59a221e63385c55d24f7b84b6007700b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb49900000185c1e93806000004030048304602210097bc294c7b5d4f5cf941073867a37b3d06b6ad7456ead10b8d097d8d81953ecb022100835f4b7bab0ddbadba1d6ee1e6e9aa4f8dac2c1ca07700f393ab8eaed0ca856f
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		001fc00a09289ba8a7b23a946c5f00b11070229a257f314bea671fdf5571c23bdd5b40a9cd5ea817ff86ec17ce2d92a58feafb83b2787639eafcf97c25462e589bf9e0be1b16a2c02ceef3b3dae2b0a27b3b628b647dbf8a11b6f66ef1ab7c67367ec1f5b901167fedd7c3b09960f43d921e533fbc64421bb05886d229c7e939102265d9b80b6c4569f6faa69e05b7dcebe86fa91b7e4fbb2c8bb28677154db157fa27b0662a697138f95398fb2f8a729171c2c4edc2c415d6bf01ce2d5431f19e71b4bafafca99c3431f85c8c664a28d076dfcbfd2201c18f78434bd83870c6ac16057b256bb741995ad5371a2ade7879a18887780792de16b251fc1d8324f88f548510767ab3ea95b8922aa4d6779d8b6181073d2b44a3b892d9d81ddabde9da74b06bc57056393fa3f077487f18df5e3bc916832f94ca3b2117082891f54a7ae59e6a2a770e9c92f8c653fb2aeee5b19cb47ee51b11c0aace95733f82e93d0a3d09cc0f1e04c8142a0d7ff32196cf67e2294c765777eec5415bce7fade745cecaf4a14088bdbe07c3ccd825ea5057ebd9c2444cd7f7081d677ebcc229bc78b051b725805b516117aa0d0e90441eeaf6db0cd1bedc39ef01ced50f7627c7e966e6e7e92cd726cba8016e41394a6c528e5d700262079fb5a74d9c05d7fd0c798fd08e0ca247c09e4232523929dd791a13891c920aa167454c0b1785daa21db5ef