awsnonprod.libertycolombia.com

- Liberty Mutual Group -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 48:0c:06:d9:01:a4:21:56:f8:86:10:3e:76:4a:c1:98 was issued on by Entrust, Inc..

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Liberty Mutual Group

Organization: Liberty Mutual Group
State / Province: New Hampshire
Locality: Portsmouth
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 48:0c:06:d9:01:a4:21:56:f8:86:10:3e:76:4a:c1:98
Serial Number (int): 95766862146293154572660363898114458008
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: d3:f1:cf:c0:4a:cb:c6:90:ca:7d:e2:d1:b6:ef:08:10:fd:f8:39:25
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): d1:a9:55:79:4a:b2:b3:f2:28:73:fc:e8:91:a9:a1:b3:15:93:9c:2b
Fingerprint (sha256): f7:37:2a:6a:b0:bd:2b:f9:65:ca:c3:9b:01:fd:28:25:21:ca:cb:2f:eb:45:c2:91:ad:dd:64:9e:dc:f7:12:2b

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate awsnonprod.libertycolombia.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for awsnonprod.libertycolombia.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

awsnonprod.libertycolombia.com

Other certificates including the domain name libertycolombia.com

(limited to 100 certificates)
libertycolombia.com
cobognicesmb.libertycolombia.com
ews.libertycolombia.com
sip.libertycolombia.com
oficinaenlineaadm.libertycolombia.com
sas.libertyseguros.co
sip-kdc-03.libertymutual.com
soanonprod.libertycolombia.com
sip-pdc-03.libertymutual.com
bpm-uat.libertycolombia.com
co-reportes-dwh.libertycolombia.com
conferencia.libertyseguros.co
portaldev.libertycolombia.com
awsuat.libertycolombia.com
mailcol.libertycolombia.com
bpmuat.libertycolombia.com
bpmuat.libertycolombia.com
cero.libertycolombia.com
cobogavacrm01.libertycolombia.com
co-reportes-dwh.libertycolombia.com
oficinaenlineatrv.libertyseguros.co
soauat.libertycolombia.com
conferencia.libertyseguros.co
oficinaenlineadev.libertycolombia.com
cobogpldap2012.libertycolombia.com
ews.libertycolombia.com
soatest.libertycolombia.com
coawsprodsql04.libertycolombia.com
aru.libertycolombia.com
ews.libertycolombia.com
aplicaciones.libertyseguros.co
mailcol.libertycolombia.com
mailcol.libertycolombia.com.co
mailcol.libertycolombia.com
AplicacionesQA.libertycolombia.com
oficinaenlineaadm.libertyseguros.co
webmail.libertycolombia.com.co
conferencia.libertyseguros.co
aru.libertycolombia.com
cs-pool-03k.lm.lmig.com
cobogniceair01.libertycolombia.com
instaladores.libertycolombia.com
ews.libertycolombia.com
mailcol.libertycolombia.com
cobognicesent01.libertycolombia.com
sip.libertycolombia.com
evault11.libertycolombia.com
webmail.libertycolombia.com.co
sip.libertycolombia.com
cobogserv11.libertycolombia.com
sip.libertycolombia.com
aru.libertycolombia.com
ews.libertycolombia.com
cobogvcms.cms.libertycolombia.com
experianauthnoprod.libertycolombia.com
ews.libertycolombia.com
oficinaenlineauat.libertycolombia.com
colnxappresoag1.libertycolombia.com
COBOGNICEUS01.libertycolombia.com
sip.libertycolombia.com
cs-pool-03p.lm.lmig.com
awsnonprodci.libertycolombia.com
wsqa.libertycolombia.com
coboguscech.libertycolombia.com
soadev.libertycolombia.com
sip.libertycolombia.com
dynamic-pricing.libertycolombia.com
gitlab.libertycolombia.com
hybrid.libertycolombia.com
aru.libertycolombia.com
cobogexpresswayc.libertycolombia.com
ews.libertycolombia.com
wsqa.libertycolombia.com
soauat.libertycolombia.com
mailcol.libertycolombia.com
awsdev.libertycolombia.com
hybrid.libertycolombia.com
libertycolombia.com
webmail.libertycolombia.com.co
coawsprodsql04.libertycolombia.com
cobogniceair02.libertycolombia.com
soauat.libertycolombia.com
sas.libertyseguros.co
co-dev-reportes-dwh.libertycolombia.com
experianauthprod.libertycolombia.com
conferencia.libertyseguros.co
cobognicesear01.libertycolombia.com
core.libertycolombia.com
mailcol.libertycolombia.com
aru.libertycolombia.com
ews.libertycolombia.com
intermediariosdev.libertycolombia.com
cobognpldap01.libertycolombia.com
sip-kdc-03.libertymutual.com
awsnonprod.libertycolombia.com
sip.libertycolombia.com
soa1dev.libertycolombia.com
sas.libertyseguros.co
soa.libertycolombia.com

Certificate

The complete raw certificate details for awsnonprod.libertycolombia.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgIQSAwG2QGkIVb4hhA+dkrBmDANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
NDAxMzExNjQ3NDRaFw0yNTAyMjgxNjQ3NDNaMIGCMQswCQYDVQQGEwJVUzEWMBQG
A1UECBMNTmV3IEhhbXBzaGlyZTETMBEGA1UEBxMKUG9ydHNtb3V0aDEdMBsGA1UE
ChMUTGliZXJ0eSBNdXR1YWwgR3JvdXAxJzAlBgNVBAMTHmF3c25vbnByb2QubGli
ZXJ0eWNvbG9tYmlhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AOD4eZmECCY+cH2uFm7DifqfysV99PeZVp2f65gpwdjZ5mw50laEQa0NQMZuAxFi
k0B2DtYwwTvXKwDgorSDce260uOU9IWQ75ov92FizKDyE+vOuKq3NuSjTQhEXuWX
aSaft2XZpyqhG89D/d5N1QQl9FEBInOMG4R6pk31IuEfNV6S8eEka+Uua2JIMEyK
MKlYoDdYeRHeOnGlPj6lQHT1KUyimiYVkdArKot7p40okYb1vlH9F5jKFin+I1Cm
l7jqQ/7RLp2A+xZsRxNEGoOI7Bxy4Id2pHrmr1wqfWMyvQzcXhQ2EID1GiVzhSxG
ZPM4f+jLAKG75JAnHJPW44ECAwEAAaOCAXUwggFxMAwGA1UdEwEB/wQCMAAwHQYD
VR0OBBYEFNPxz8BKy8aQyn3i0bbvCBD9+DklMB8GA1UdIwQYMBaAFIKicHTdvFM/
z3vU981/p2DGCky/MGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDov
L29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVz
dC5uZXQvbDFrLWNoYWluMjU2LmNlcjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v
Y3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMCkGA1UdEQQiMCCCHmF3c25vbnBy
b2QubGliZXJ0eWNvbG9tYmlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMBMGA1UdIAQMMAowCAYGZ4EMAQICMBMGCisG
AQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQA7XQ6MBd4ugczN3hYq
Lx1inMnneC7jfwtpMXss9hq1VzAbp0ABH5CMJ5/v7GjNNY7RYSIPu3o2ycdwA0H/
PtxSwneEY2cqnwmLmFEqk0e7nROfUeD7SKWUPM+aOt6RWcr3iDd0eW++dANP7xKZ
IhLJKz2z/tv5ehInFTyeglOmEtzJXJWN+e9XF2r4mG7Zw3jm5JcX10lnSPnizanH
1RX7rq0WQ14LCvBqkprq+anGUKkYrsY79yCYlrsR36UEc9ngsOj3b5Cc62yEJelP
Z9u2FeraipapkNZe7HezlL+RPg5WB9sj1jESzmKYOvqw+IkJYU5DfOEQ1wa3l7Su
/UZM
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Ph5mYQIJj5wfa4WbsOJ
+p/KxX3095lWnZ/rmCnB2NnmbDnSVoRBrQ1Axm4DEWKTQHYO1jDBO9crAOCitINx
7brS45T0hZDvmi/3YWLMoPIT6864qrc25KNNCERe5ZdpJp+3ZdmnKqEbz0P93k3V
BCX0UQEic4wbhHqmTfUi4R81XpLx4SRr5S5rYkgwTIowqVigN1h5Ed46caU+PqVA
dPUpTKKaJhWR0Csqi3unjSiRhvW+Uf0XmMoWKf4jUKaXuOpD/tEunYD7FmxHE0Qa
g4jsHHLgh3akeuavXCp9YzK9DNxeFDYQgPUaJXOFLEZk8zh/6MsAobvkkCcck9bj
gQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 95766862146293154572660363898114458008
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-31 16:47:44 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-28 16:47:43 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New Hampshire'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Portsmouth'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Liberty Mutual Group'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'awsnonprod.libertycolombia.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28399907900928983477282850244196417141125686876935371550283286513656367179213349149392921436319019324717693143169663884241898122582339713580416923226589011520622089896193083709852648372255469383202201632704139028003551926228874938213261417857214623463893254765580992643743382260552281384199318054092224864555432305194777131759928640340306624935301807726555663597620058135382029232792269418211372114364455190029025607455396587466024147790381361188143257086001744348120626042613506813328593252558066706691744084113901528985744547390878731664056917963530064661057609531965188640411824787287886150904151058236765841580929
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d3f1cfc04acbc690ca7de2d1b6ef0810fdf83925
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'awsnonprod.libertycolombia.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003b5d0e8c05de2e81cccdde162a2f1d629cc9e7782ee37f0b69317b2cf61ab557301ba740011f908c279fefec68cd358ed161220fbb7a36c9c7700341ff3edc52c2778463672a9f098b98512a9347bb9d139f51e0fb48a5943ccf9a3ade9159caf7883774796fbe74034fef12992212c92b3db3fedbf97a1227153c9e8253a612dcc95c958df9ef57176af8986ed9c378e6e49717d7496748f9e2cda9c7d515fbaead16435e0b0af06a929aeaf9a9c650a918aec63bf7209896bb11dfa50473d9e0b0e8f76f909ceb6c8425e94f67dbb615eada8a96a990d65eec77b394bf913e0e5607db23d63112ce62983afab0f88909614e437ce110d706b797b4aefd464c