LyncExt.navient.com

- Navient Solutions, LLC -

Issued by DigiCert TLS RSA SHA256 2020 CA1

About this certificate

This digital certificate with serial number 09:56:45:76:e4:f7:5a:b2:98:77:fd:d4:a1:64:bb:5e was issued on by DigiCert Inc.

With 15 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Navient Solutions, LLC

Organization: Navient Solutions, LLC
State / Province: Indiana
Locality: Fishers
Country: US

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 09:56:45:76:e4:f7:5a:b2:98:77:fd:d4:a1:64:bb:5e
Serial Number (int): 12410998397945681904840895994809072478
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 22:fa:ca:f3:95:80:13:d7:62:7e:d5:6b:ef:51:8a:32:28:40:e5:38
AuthorityKeyId: b7:6b:a2:ea:a8:aa:84:8c:79:ea:b4:da:0f:98:b2:c5:95:76:b9:f4

Fingerprint (sha1): 1a:5b:d2:2a:db:69:50:38:0d:33:7a:68:30:46:96:a1:92:e6:13:38
Fingerprint (sha256): fb:24:bb:6d:2c:a3:36:cd:db:ae:f4:36:b9:6b:73:3e:4f:11:a9:ab:1c:f3:c9:89:78:c1:4a:8b:86:5f:80:38

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1.crl
CRL Distribution Point: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1.crl

Check the revocation status for certificate LyncExt.navient.com

15

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for LyncExt.navient.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

LyncExt.navient.com
filync13ext01.navient.com
filyncowa01.navient.com
lync.navient.com
lyncdiscover.HMRCORP.com
lyncdiscover.pioneer-credit.com
lyncdiscover.navient.com
lyncdiscover.studentassistcorp.com
lyncdiscover.gilacorp.com
aslync13ext01.navient.com
lyncdiscover.xtendhealthcare.net
lyncdiscover.duncansolutions.com
lyncdiscover.us.ad.usa-ed.net
lyncdiscover.xtendservices.net
lyncdiscover.xtendservices.com

Other certificates including the domain name navient.com

(limited to 100 certificates)
images.navient.com
rrp.navient.com
mediaserver.navient.com
payments.navient.com
panifiise010.navient.com
access.navient.com
tcpaupdateqa.navient.com
staging.gateway.msbpay.navient.com
www.navient.com
textresponsedev.navient.com
survey.navient.com
LyncExt.navient.com
b2bproxy.navient.com
accesslync.navient.com
leapfrog-ssl-4.gcs-web.com
leapfrog-ssl-4.gcs-web.com
payments.navient.com
upload.navient.com
bdm.navient.com
message.navient.com
go.navient.com
leapfrog-ssl-4.gcs-web.com
filegateway.navient.com
gogreen.navient.com
meteortest.navient.com
myaccount.navient.com
PEVSGW.navient.com
wsmb2bproxy.navient.com
myaccount.navient.com
exedge.navient.com
payments.navient.com
chat2.navient.com
twwsdlr.navient.com
services.navient.com
rsa.citrixcloud.navient.com
leapfrog-ssl-4.gcs-web.com
idrhelp.navient.com
assist.navient.com
leapfrog-ssl-4.gcs-web.com
rrp.navient.com
jobs.navient.com
gogreenqa.navient.com
leapfrog-ssl-4.gcs-web.com
acqueonapi-test.navient.com
vpgw.navient.com
ilp.navient.com
mediaserver.navient.com
punrasrly010.navient.com
tcpaupdateqa.navient.com
leapfrog-ssl-4.gcs-web.com
services2.navient.com
myaccount.navient.com
accesslync.navient.com
mediaserver.navient.com
services2.navient.com
preview-xtend.navient.com
twwsgw.navient.com
ilp.navient.com
accesslync.navient.com
Preview-xtend.navient.com
amzn-connect.navient.com
staging.gateway.msbpay.navient.com
mediaserver.cm.navient.com
fms.navient.com
rsa.citrixcloud.navient.com
punrfirly080.navient.com
leapfrog-ssl-4.gcs-web.com
*.navient.com
login.navient.com
www.navient.com
concierge-qa.navient.com
wsmb2bresp.navient.com
jobs.navient.com
rrp.navient.com
exedge.navient.com
www.navient.com
leapfrog-ssl-4.gcs-web.com
den1.navient.com
fms.navient.com
leapfrog-ssl-4.gcs-web.com
rsa.citrix.navient.com
navient.com
twwsdlr.navient.com
ree.navient.com
meteor.navient.com
webadvisor.navient.com
extnavi.usa-ed.net
leapfrog-ssl-4.gcs-web.com
sdu.navient.com
ssp.navient.com
webmail.navient.com
paymentstest.navient.com
gogreen.navient.com
go.navient.com
access-dr.navient.com
leapfrog-ssl-4.gcs-web.com
meteor.navient.com
services2.navient.com
vdi2.navient.com
message.navient.com

Certificate

The complete raw certificate details for LyncExt.navient.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIH7TCCBtWgAwIBAgIQCVZFduT3WrKYd/3UoWS7XjANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMTAxMTIwMDAwMDBa
Fw0yMjAyMTIyMzU5NTlaMHAxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdJbmRpYW5h
MRAwDgYDVQQHEwdGaXNoZXJzMR8wHQYDVQQKExZOYXZpZW50IFNvbHV0aW9ucywg
TExDMRwwGgYDVQQDExNMeW5jRXh0Lm5hdmllbnQuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAwBAqVHYDKiKLIzgBYYGA5c+UG1thSlWC7d6BGYIP
NuIDcRa4uk55mH/fj84oRqEz9pjWCGV6VJE8/q3moPqdcJVXULY5/ZLvdUtZwhTG
CaFhwUt2lmxFtnkwJSEQj1WKOVGjPrISTKjh7xpIa1tIhmbOA1u+XK1cxISPpUmw
XP4w76rxkH9XHZcKpY/udsVGaMZ2SyrXOCSryWDy6kdnLAl6IUnfo9VIfYkUnsnh
qNss5C4KZ0sGLR7khoKvDtx9DntbvTQYeH66ySSVMb1oIwSs2D/JXcJ3qgSzpnHf
6nSvuzg6U2uSVU7nRS7/xpNGbbSVQsg5ymmMYTjOK2j6kwIDAQABo4IEojCCBJ4w
HwYDVR0jBBgwFoAUt2ui6qiqhIx56rTaD5iyxZV2ufQwHQYDVR0OBBYEFCL6yvOV
gBPXYn7Va+9RijIoQOU4MIIBugYDVR0RBIIBsTCCAa2CE0x5bmNFeHQubmF2aWVu
dC5jb22CGWZpbHluYzEzZXh0MDEubmF2aWVudC5jb22CF2ZpbHluY293YTAxLm5h
dmllbnQuY29tghBseW5jLm5hdmllbnQuY29tghhseW5jZGlzY292ZXIuSE1SQ09S
UC5jb22CH2x5bmNkaXNjb3Zlci5waW9uZWVyLWNyZWRpdC5jb22CGGx5bmNkaXNj
b3Zlci5uYXZpZW50LmNvbYIibHluY2Rpc2NvdmVyLnN0dWRlbnRhc3Npc3Rjb3Jw
LmNvbYIZbHluY2Rpc2NvdmVyLmdpbGFjb3JwLmNvbYIZYXNseW5jMTNleHQwMS5u
YXZpZW50LmNvbYIgbHluY2Rpc2NvdmVyLnh0ZW5kaGVhbHRoY2FyZS5uZXSCIGx5
bmNkaXNjb3Zlci5kdW5jYW5zb2x1dGlvbnMuY29tgh1seW5jZGlzY292ZXIudXMu
YWQudXNhLWVkLm5ldIIebHluY2Rpc2NvdmVyLnh0ZW5kc2VydmljZXMubmV0gh5s
eW5jZGlzY292ZXIueHRlbmRzZXJ2aWNlcy5jb20wDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBiwYDVR0fBIGDMIGAMD6gPKA6
hjhodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYy
MDIwQ0ExLmNybDA+oDygOoY4aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lD
ZXJ0VExTUlNBU0hBMjU2MjAyMENBMS5jcmwwSwYDVR0gBEQwQjA2BglghkgBhv1s
AQEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgG
BmeBDAECAjB9BggrBgEFBQcBAQRxMG8wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
LmRpZ2ljZXJ0LmNvbTBHBggrBgEFBQcwAoY7aHR0cDovL2NhY2VydHMuZGlnaWNl
cnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS5jcnQwDAYDVR0TAQH/
BAIwADCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ACl5vvCeOTkh8FZzn2Old+W+
V32cYAr4+U1dJlwlXceEAAABdvjQYhcAAAQDAEcwRQIgbZmicM6GT6szZS3859W6
hHUjVTveHMGR4DQBc5i5lRYCIQCon0/As2jQfD/VsGWep6k/sEXWZZUfOtBwSotj
JwUQcAB3ACJFRQdZVSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABdvjQYnAA
AAQDAEgwRgIhAPH4G9MWFG4S9Fm87KPCgCxEMHJSFRU81PCCCJeEtZspAiEAwnYz
69uxgTRk0xRAG+GMsMAPcMyvPHCYLXR/9xPvATgwDQYJKoZIhvcNAQELBQADggEB
AA5WrNqrbB5CkYvQ5LMW8RPS7/4zymqJxazTXZ9k/Hro399xPIt9nim/GzaLNDXV
LyVBxdDBA/oMydNUdnXoey1W/oC4CvsbSBShdN5yCcbUPLl3P+GaRth0xxVBJfsa
nBtdavzIdkhNWUNPYkOtCwjEBvOSVoPqdOQK969lX1qRLLDqUSKrN0L/X/DM7dEf
U7mMjt0Z0JeqJ0evGaVWrL/z6WRa+dteUcsBtfMAC3ZUMbjesNs3I1L++Uglgnsx
vvO7DfPUndQDgZdzvglLkrr0/E0hRnU1yuHJdHv8yhOw3vB2kHLpww5f9EF3W/95
hsHjqIIB+mXMZYOYLuPY3Fs=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBAqVHYDKiKLIzgBYYGA
5c+UG1thSlWC7d6BGYIPNuIDcRa4uk55mH/fj84oRqEz9pjWCGV6VJE8/q3moPqd
cJVXULY5/ZLvdUtZwhTGCaFhwUt2lmxFtnkwJSEQj1WKOVGjPrISTKjh7xpIa1tI
hmbOA1u+XK1cxISPpUmwXP4w76rxkH9XHZcKpY/udsVGaMZ2SyrXOCSryWDy6kdn
LAl6IUnfo9VIfYkUnsnhqNss5C4KZ0sGLR7khoKvDtx9DntbvTQYeH66ySSVMb1o
IwSs2D/JXcJ3qgSzpnHf6nSvuzg6U2uSVU7nRS7/xpNGbbSVQsg5ymmMYTjOK2j6
kwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 12410998397945681904840895994809072478
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert TLS RSA SHA256 2020 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-01-12 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-02-12 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Indiana'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Fishers'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Navient Solutions, LLC'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'LyncExt.navient.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24245725985294991496762082540800500486104433587997388820224009457149434699266736894083013131455447619294485374765335119195591078608179562871384893204919392101680046979328887967863660712804889624507352733354319507684486458435710607580166500009137491636670251475074660888216866736244972140547317982378283863800275137176237983381143216784985761912467417463038166107617275695319311910048929862029515931002025870149455888754903131867142666483037447036130494600934601796469119389368585051067222288479076473059365484481270300417294794917302204754075279466983984462927533785679134416368072775717447076549204166051055851338387
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							22facaf3958013d7627ed56bef518a322840e538
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (433 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'LyncExt.navient.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'filync13ext01.navient.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'filyncowa01.navient.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lync.navient.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.HMRCORP.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.pioneer-credit.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.navient.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.studentassistcorp.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.gilacorp.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aslync13ext01.navient.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.xtendhealthcare.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.duncansolutions.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.us.ad.usa-ed.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.xtendservices.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lyncdiscover.xtendservices.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (131 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (113 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f10076002979bef09e393921f056739f63a577e5be577d9c600af8f94d5d265c255dc78400000176f8d06217000004030047304502206d99a270ce864fab33652dfce7d5ba847523553bde1cc191e034017398b99516022100a89f4fc0b368d07c3fd5b0659ea7a93fb045d665951f3ad0704a8b63270510700077002245450759552456963fa12ff1f76d86e0232663adc04b7f5dc6835c6ee20f0200000176f8d062700000040300483046022100f1f81bd316146e12f459bceca3c2802c4430725215153cd4f082089784b59b29022100c27633ebdbb1813464d314401be18cb0c00f70ccaf3c70982d747ff713ef0138
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000e56acdaab6c1e42918bd0e4b316f113d2effe33ca6a89c5acd35d9f64fc7ae8dfdf713c8b7d9e29bf1b368b3435d52f2541c5d0c103fa0cc9d3547675e87b2d56fe80b80afb1b4814a174de7209c6d43cb9773fe19a46d874c7154125fb1a9c1b5d6afcc876484d59434f6243ad0b08c406f3925683ea74e40af7af655f5a912cb0ea5122ab3742ff5ff0ccedd11f53b98c8edd19d097aa2747af19a556acbff3e9645af9db5e51cb01b5f3000b765431b8deb0db372352fef94825827b31bef3bb0df3d49dd403819773be094b92baf4fc4d21467535cae1c9747bfcca13b0def0769072e9c30e5ff441775bff7986c1e3a88201fa65cc6583982ee3d8dc5b