stamp2.login.microsoftonline.com

- Microsoft Corporation -

Issued by DigiCert SHA2 Secure Server CA

About this certificate

This digital certificate with serial number 09:3b:9b:43:f8:f2:6f:ee:07:8e:31:39:c3:30:e4:52 was issued on by DigiCert Inc.

With 9 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Microsoft Corporation

Organization: Microsoft Corporation
State / Province: Washington
Locality: Redmond
Country: US

DigiCert Inc

Organization: DigiCert Inc
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 09:3b:9b:43:f8:f2:6f:ee:07:8e:31:39:c3:30:e4:52
Serial Number (int): 12272546635538623208433325523973760082
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 7f:b3:5c:fb:66:4b:ef:b6:74:d6:e3:3a:67:1f:30:86:4c:9b:10:b3
AuthorityKeyId: 0f:80:61:1c:82:31:61:d5:2f:28:e7:8d:46:38:b4:2c:e1:c6:d9:e2

Fingerprint (sha1): 9c:cc:2a:d9:ee:8a:01:a0:2f:71:3e:06:0b:8c:b8:9e:e4:cb:07:35
Fingerprint (sha256): b7:95:fa:df:ec:6d:83:2f:52:3e:d1:f1:1a:4e:38:f3:c7:02:bb:3d:6c:d7:6d:3b:3c:5c:5e:4d:0f:64:b1:8d

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl
CRL Distribution Point: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl

Check the revocation status for certificate stamp2.login.microsoftonline.com

9

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for stamp2.login.microsoftonline.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

stamp2.login.microsoftonline.com
login.microsoftonline-int.com
login.microsoftonline-p.com
login.microsoftonline.com
login2.microsoftonline-int.com
login2.microsoftonline.com
loginex.microsoftonline-int.com
loginex.microsoftonline.com
stamp2.login.microsoftonline-int.com

Other certificates including the domain name microsoftonline.com

(limited to 100 certificates)
syncservice.microsoftonline.com
atv300.microsoftonline.com
becws-gov-us.microsoftonline.com
*.certauth.login.microsoftonline.com
api.cp.microsoft.com
login.microsoftonline.com
cert.ccs.login.microsoftonline.com
outlook.com
stamp2.login.microsoftonline.com
graph.windows.net
login.windows.net
*.sharepoint.com
login.windows.net
tip.passwordreset.microsoftonline.com
syncservice.microsoftonline.com
*.sharepoint.emea.microsoftonline.com
*.sharepoint.com
*.segmentation.bdm.microsoftonline.com
graph.windows.net
graph.windows.net
graph.windows.net
outlook.com
mail.apac.microsoftonline.com
login.windows.net
becws-gov-us.microsoftonline.com
outlook.com
management.microsoftonline.com
graph.windows.net
login.windows.net
graph.windows.net
rps-prd.microsoftonline.com
akamai-san17.exacttarget.com
portal.office.com
graph.windows.net
adminwebservice.microsoftonline.com
CompanyManager.microsoftonline.com
g.msn.com
graph.windows.net
syncservice.microsoftonline.com
portal.office.com
login.windows.net
graph.windows.net
portal.office.com
login.windows.net
syncservice.ccsctp.com
dcscheduler.msogov.us.microsoftonline.com
graph.windows.net
provisioningapi.microsoftonline.com
syncservice.microsoftonline.com
ssprdataencrypt.microsoftonline.com
syncservice.eu.microsoftonline.com
login.windows.net
graph.windows.net
login.windows.net
outlook.com
migreports.microsoftonline.com
login.windows.net
companymanager.microsoftonline.com
graph.windows.net
CompanyManager.microsoftonline.com
*.certauth.login.microsoftonline.com
commerce.microsoftonline.com
stamp2.login.microsoftonline.com
graph.windows.net
login.windows.net
syncservice.ccsctp.com
outlook.com
outlook.com
stamp2.login.microsoftonline.com
stamp2.login.microsoftonline.com
graph.windows.net
portal.office.com
syncservice.ccsctp.com
graph.windows.net
syncservice.gov.us.microsoftonline.com
login.windows.net
companymanager.microsoftonline.com
syncservice.ccsctp.com
graph.windows.net
stamp2.login.microsoftonline.com
outlook.com
graph.windows.net
outlook.com
*.mail.emea.microsoftonline.com
stamp2.login.microsoftonline.com
syncservice.microsoftonline.com
portal.office.com
ccs.login.microsoftonline.com
outlook.com
outlook.com
graph.windows.net
ocpclient.microsoftonline.com
login.windows.net
graph.windows.net
stamp2.login.microsoftonline.com
login.windows.net
*.sharepoint.com
graph.windows.net
outlook.com
*.sharepoint.com

Certificate

The complete raw certificate details for stamp2.login.microsoftonline.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIH2DCCBsCgAwIBAgIQCTubQ/jyb+4HjjE5wzDkUjANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjQwNTA5MDAwMDAwWhcN
MjUwNTA5MjM1OTU5WjB/MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv
bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0
aW9uMSkwJwYDVQQDEyBzdGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOVDe7fwGDuUUMndb6UE1SBs
RBp/cAlK3dnFXwq4ycSqWzPKXxrPck1cP7Ydcvk3LS/r7OJa46y/SJ6AA1PEilo4
ss7eJ64caFJ23ErO9Tv4BRnuR9Je2qmkGikY1Ok14xU5haJOY6n2NYxwaR6jmt6Q
lr9gIhfIILzOkDwf8gny25QnfxtkhLmAr44PUx03ENzCEuxudh7Ft8mMRvC89xkL
C/Wy1Qi2qUSsLF8jCBN/gWiHz9FFkXRA63c192VsPsEYKj+AsfLxF+I1+9mhZ3eu
8wdrwJ2UDWQ2yNHVOX3sloK05cjeljqUf6bgTL3NPiCvG2ap9BRRrpqQMXsn3T0C
AwEAAaOCBIAwggR8MB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0G
A1UdDgQWBBR/s1z7ZkvvtnTW4zpnHzCGTJsQszCCASYGA1UdEQSCAR0wggEZgiBz
dGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbYIdbG9naW4ubWljcm9zb2Z0
b25saW5lLWludC5jb22CG2xvZ2luLm1pY3Jvc29mdG9ubGluZS1wLmNvbYIZbG9n
aW4ubWljcm9zb2Z0b25saW5lLmNvbYIebG9naW4yLm1pY3Jvc29mdG9ubGluZS1p
bnQuY29tghpsb2dpbjIubWljcm9zb2Z0b25saW5lLmNvbYIfbG9naW5leC5taWNy
b3NvZnRvbmxpbmUtaW50LmNvbYIbbG9naW5leC5taWNyb3NvZnRvbmxpbmUuY29t
giRzdGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLWludC5jb20wPgYDVR0gBDcw
NTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5j
b20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2NybDMuZGlnaWNlcnQu
Y29tL0RpZ2ljZXJ0U0hBMlNlY3VyZVNlcnZlckNBLTEuY3JsMD+gPaA7hjlodHRw
Oi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaWNlcnRTSEEyU2VjdXJlU2VydmVyQ0Et
MS5jcmwwfgYIKwYBBQUHAQEEcjBwMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k
aWdpY2VydC5jb20wSAYIKwYBBQUHMAKGPGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0
LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS0yLmNydDAMBgNVHRMBAf8E
AjAAMIIBgQYKKwYBBAHWeQIEAgSCAXEEggFtAWsAdwDPEVbu1S58r/OHW9lpLpvp
GnFnSrAX7KwB0lt3zsw7CAAAAY9cAOFpAAAEAwBIMEYCIQCCX6FIHOXh4L0rp9Ef
To58HxGUJRX5vxwlyi37MSm5ywIhALigGf0vf2urQMcizIQEvxGgOgEtNggVtd0i
42lXnuRCAHcAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGPXADh
OAAABAMASDBGAiEA/EEmF3cPP7UXCpZwc+2k2OhU8e3yzojmBd99RdGo2ksCIQDM
Qmoyrau6i11v/QJNDEjmXpceGX+ZQdgsfCXj9e4yUAB3AObSMWNAd4zBEEEG13G5
zsHSQPaWhIb7uocyHf0eN45QAAABj1wA4VAAAAQDAEgwRgIhALmcRYehpEYfDTCo
phwE71TCn3Gqi6xlJjXpsxGJggNUAiEA5Qtn5QWXZdx3PGhrsqHmwrXy/OU/1jem
UmLKFF5NsEkwDQYJKoZIhvcNAQELBQADggEBACdkErvAnJETtUNYWwFH8d40yrfz
1CVCS7lqcIgAhUlbzW1u/lJQs0TL3VVu7RCidtnaUUDud3kQftrpbjGC7pAxf5BB
9BZjIMUKk4Ra6gSKlw+7d36PWAiDXH2nuuZTk3Q5xlU6j8nAED1kvh6vWHc4cY5c
WrI4t+GdLZxyNheYLiGkNNsAtQojjtfMpMDb+VZGMVsPePDd16CmXXHP8MPEcXFL
NWDqIqLD/l4FrzZEYu4AGkBAuFHinT7q5HpLq2ifDppQSW01c88E/LWGbHFMlPv1
X0jUT72A/ZXSPE3t7I37LhEyUzLz+KdJ7C9+BHfozGSYKYeWg68unCtqLYo=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5UN7t/AYO5RQyd1vpQTV
IGxEGn9wCUrd2cVfCrjJxKpbM8pfGs9yTVw/th1y+TctL+vs4lrjrL9InoADU8SK
Wjiyzt4nrhxoUnbcSs71O/gFGe5H0l7aqaQaKRjU6TXjFTmFok5jqfY1jHBpHqOa
3pCWv2AiF8ggvM6QPB/yCfLblCd/G2SEuYCvjg9THTcQ3MIS7G52HsW3yYxG8Lz3
GQsL9bLVCLapRKwsXyMIE3+BaIfP0UWRdEDrdzX3ZWw+wRgqP4Cx8vEX4jX72aFn
d67zB2vAnZQNZDbI0dU5feyWgrTlyN6WOpR/puBMvc0+IK8bZqn0FFGumpAxeyfd
PQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 12272546635538623208433325523973760082
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-09 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-09 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Washington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'stamp2.login.microsoftonline.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28941849080596455183212811167527146095779818073412275260367292174142274957929621517019063265617584194300036943698789889160991660307581841845882225010132061260551669957603800716867582140005734706054135846796395066768938317488029099247535228513586666217447836838556240417755545206958881347175474897773173438514392752817402698987076030802668113975031057756967463945146908552742048460088415239131848410088301325359745177990996639580043076192006655923308299406151131356032080236584150125556298337870120691280282153186239204296921114391845499728770592628640725857207675217341893944224126819319679531386171433679971695451453
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0f80611c823161d52f28e78d4638b42ce1c6d9e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							7fb35cfb664befb674d6e33a671f30864c9b10b3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (285 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stamp2.login.microsoftonline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'login.microsoftonline-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'login.microsoftonline-p.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'login.microsoftonline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'login2.microsoftonline-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'login2.microsoftonline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'loginex.microsoftonline-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'loginex.microsoftonline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stamp2.login.microsoftonline-int.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (133 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (114 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (369 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
							016b007700cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018f5c00e1690000040300483046022100825fa1481ce5e1e0bd2ba7d11f4e8e7c1f11942515f9bf1c25ca2dfb3129b9cb022100b8a019fd2f7f6bab40c722cc8404bf11a03a012d360815b5dd22e369579ee4420077007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018f5c00e1380000040300483046022100fc412617770f3fb5170a967073eda4d8e854f1edf2ce88e605df7d45d1a8da4b022100cc426a32adabba8b5d6ffd024d0c48e65e971e197f9941d82c7c25e3f5ee3250007700e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018f5c00e1500000040300483046022100b99c4587a1a4461f0d30a8a61c04ef54c29f71aa8bac652635e9b31189820354022100e50b67e5059765dc773c686bb2a1e6c2b5f2fce53fd637a65262ca145e4db049
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00276412bbc09c9113b543585b0147f1de34cab7f3d425424bb96a70880085495bcd6d6efe5250b344cbdd556eed10a276d9da5140ee7779107edae96e3182ee90317f9041f4166320c50a93845aea048a970fbb777e8f5808835c7da7bae653937439c6553a8fc9c0103d64be1eaf587738718e5c5ab238b7e19d2d9c723617982e21a434db00b50a238ed7cca4c0dbf95646315b0f78f0ddd7a0a65d71cff0c3c471714b3560ea22a2c3fe5e05af364462ee001a4040b851e29d3eeae47a4bab689f0e9a50496d3573cf04fcb5866c714c94fbf55f48d44fbd80fd95d23c4dedec8dfb2e11325332f3f8a749ec2f7e0477e8cc649829879683af2e9c2b6a2d8a