[cabfpub] Application for SHA-1 Issuance

Andrew Ayer andrew at sslmate.com
Sat Jul 16 10:11:02 MST 2016


Hi Dean,

Could you resend this email, CCing a representative of the Subscriber,
as required by Step One of the
"Post Jan 2016 SHA­-1 Issuance Request Procedure Version 1.1"?  Besides
being a requirement, I have several questions and it would streamline
the process if the Subscriber could see them.

Regards,
Andrew

On Fri, 15 Jul 2016 23:48:00 +0000
Dean Coclin <Dean_Coclin at symantec.com> wrote:

> Enclosed please find the application for SHA-1 issuance presented on
> behalf of our client. Note that the application was fully completed
> by the client. 
> 
> In addition, please find the TBS certificates generated by Symantec.
> 
> Accompanying each TBSCertificate is a crt.sh link to the
> corresponding SHA-2 certificate issued by our online system as a
> prerequisite, so that we capture evidence of authentication and
> verification of the information in the certificate. The
> TBSCertificates differ from these certificates by Issuer name,
> because our online systems can sign only with SHA-2 issuers. And
> since the Issuer name is different, corresponding extensions (CDP,
> AIA, AKI) are different as well.
> 
> The TBSCertificates do not include public keys from older CT-logged
> certificates; they include public keys that correspond to private
> keys that were recently generated on the servers and that await the
> approval of these requests. The customer uses a CDN that uses OpenSSL
> to generate key pairs from a secure server. A separate secure server
> is used for private key pass-phrase retention.
> 
> As this is the first time this is being done, there may be follow-up
> questions or items that were inadvertently omitted which we are happy
> to address. 
> 
> We ask that the community give good consideration to this request.
> 
> One thing you will notice is the validity date extends to Feb 10,
> 2017. In the payment industry, 31 December is an absolutely horrible
> time to make a change as it represents one of the peak times for
> traffic. The client has aligned the date with the published Microsoft
> end date for SHA-1.
> 
> Thank you,
> 
> Dean Coclin
> Symantec
> 
> 
> To reconstitute the TBSCertificate in binary DER form, use the Linux
> command:
> base64 --decode > tbs.der
> Then paste in a block of text from below, followed by an EOF
> (control-D).
> 
> ----------
> https://crt.sh/?id=24605911
> 
>     0:d=0  hl=4 l=1064 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :1742B08A1110D4AAA17A559AFA0B045C
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 139 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  39 cons: SET               
>   335:d=3  hl=2 l=  37 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  30 prim: PRINTABLESTRING
> :TDS-2-Ashburn-SCA-bbL6gMDyTZU8
>   374:d=2  hl=2 l=  31 cons: SET               
>   376:d=3  hl=2 l=  29 cons: SEQUENCE          
>   378:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   383:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :ssl1.tsysacquiring.net
>   407:d=1  hl=4 l= 290 cons: SEQUENCE          
>   411:d=2  hl=2 l=  13 cons: SEQUENCE          
>   413:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   424:d=3  hl=2 l=   0 prim: NULL              
>   426:d=2  hl=4 l= 271 prim: BIT STRING        
>   701:d=1  hl=4 l= 363 cons: cont [ 3 ]        
>   705:d=2  hl=4 l= 359 cons: SEQUENCE          
>   709:d=3  hl=2 l=   9 cons: SEQUENCE          
>   711:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 716:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 720:d=3  hl=2 l=  97 cons: SEQUENCE          
>   722:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 727:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
> 2F2F642E73796D63622E636F6D2F727061
>   819:d=3  hl=2 l=  43 cons: SEQUENCE          
>   821:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   826:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
> 6C
>   864:d=3  hl=2 l=  29 cons: SEQUENCE          
>   866:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 871:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   895:d=3  hl=2 l=  14 cons: SEQUENCE          
>   897:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   902:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   905:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   911:d=3  hl=2 l=  87 cons: SEQUENCE          
>   913:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 923:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
> 7274
>  1000:d=3  hl=2 l=  33 cons: SEQUENCE          
>  1002:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1007:d=4  hl=2 l=  26 prim: OCTET STRING      [HEX
> DUMP]:3018821673736C312E74737973616371756972696E672E6E6574
>  1035:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1037:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1042:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> 
> MIIEKKADAgECAhAXQrCKERDUqqF6VZr6CwRcMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjCBizELMAkGA1UEBhMCVVMxEDAO
> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcTCENvbHVtYnVzMQ0wCwYDVQQKEwRUU1lTMScwJQYDVQQL
> Ex5URFMtMi1Bc2hidXJuLVNDQS1iYkw2Z01EeVRaVTgxHzAdBgNVBAMTFnNzbDEudHN5c2FjcXVp
> cmluZy5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5XHs9lBDLNT2EZOFSgMVx
> wlPWoBitXir1IDgTWASyLl3oaJR3D5nA1XbR
> +DsHdMmRK72MKTAfpK2xThpqRziBn00Zkfs9kt1r
> yx6NM9S/6q8/539B9YXuf6Y8L656Lkvx8G8fN7i/gdAbHXX11a8l9Owtq4S0KL6qpA4IxpFtiEZX
> jpNFD5WgDlZMN8RUvJY1TPQU2eTxAnYZkAkgu300Xj3HlqMn7bfRswr5p1X1nPklfbHGPsSxxeLW
> nqXQfIUPPNKeZzMrH3vt/R3f5q2Kx2A0G/jiXXJxsOa6tTk0aR5XrPjDsVUbClJ8FG/Iu/V5YzcN
> ExGKRNeX8hHmakZ9AgMBAAGjggFrMIIBZzAJBgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQIC
> MEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0
> dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5j
> b20vc2UuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAw
> VwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUF
> BzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAhBgNVHREEGjAYghZzc2wxLnRzeXNhY3F1
> aXJpbmcubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1fzimbWMO8RgC1
> 
> ----------
> https://crt.sh/?id=24605923
> 
>     0:d=0  hl=4 l=1063 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :28AEB56BBD95511DCD4FD0B65CBD1BDB
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 138 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  38 cons: SET               
>   335:d=3  hl=2 l=  36 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  29 prim: PRINTABLESTRING
> :TDS-2-Dallas-SCA-v2PmB4cxayEu
>   373:d=2  hl=2 l=  31 cons: SET               
>   375:d=3  hl=2 l=  29 cons: SEQUENCE          
>   377:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   382:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :ssl1.tsysacquiring.net
>   406:d=1  hl=4 l= 290 cons: SEQUENCE          
>   410:d=2  hl=2 l=  13 cons: SEQUENCE          
>   412:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   423:d=3  hl=2 l=   0 prim: NULL              
>   425:d=2  hl=4 l= 271 prim: BIT STRING        
>   700:d=1  hl=4 l= 363 cons: cont [ 3 ]        
>   704:d=2  hl=4 l= 359 cons: SEQUENCE          
>   708:d=3  hl=2 l=   9 cons: SEQUENCE          
>   710:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 715:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 719:d=3  hl=2 l=  97 cons: SEQUENCE          
>   721:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 726:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
> 2F2F642E73796D63622E636F6D2F727061
>   818:d=3  hl=2 l=  43 cons: SEQUENCE          
>   820:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   825:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
> 6C
>   863:d=3  hl=2 l=  29 cons: SEQUENCE          
>   865:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 870:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   894:d=3  hl=2 l=  14 cons: SEQUENCE          
>   896:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   901:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   904:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   910:d=3  hl=2 l=  87 cons: SEQUENCE          
>   912:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 922:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
> 7274
>   999:d=3  hl=2 l=  33 cons: SEQUENCE          
>  1001:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1006:d=4  hl=2 l=  26 prim: OCTET STRING      [HEX
> DUMP]:3018821673736C312E74737973616371756972696E672E6E6574
>  1034:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1036:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1041:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> 
> MIIEJ6ADAgECAhAorrVrvZVRHc1P0LZcvRvbMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjCBijELMAkGA1UEBhMCVVMxEDAO
> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcTCENvbHVtYnVzMQ0wCwYDVQQKEwRUU1lTMSYwJAYDVQQL
> Ex1URFMtMi1EYWxsYXMtU0NBLXYyUG1CNGN4YXlFdTEfMB0GA1UEAxMWc3NsMS50c3lzYWNxdWly
> aW5nLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKt0Mjt3xu4Do5vODg338zxh
> P9WQxuqAolZc
> +2cRgzHPWa0MIMbXq7F15cVdkm83uXMF0vGZx4s7Ja0pMEJ3o07EIvZI6bb/OCua
> xnorucw5p34GOF7gVIXmEGBPoUv4g6AmLIemmKLP7bd7
> +Yw506wTsDbISk4r6K3bn3mdPmJkgWus
> 3NYVbFZbVniZwZ4/u2x6MB8yo8ldHtdfjDNlemk5vtvgWbLHGKhQCFJM/g1kg08
> +snr2bCNWyA+A i5v65+ydfU+mg2lVGdKh8QP6Aj+o8B+AVwYCVsmn3jrM
> +BItpAcrWpv7e/oym9j0TwesssKLtfjq
> 1zlhRNZt8kJVMXsCAwEAAaOCAWswggFnMAkGA1UdEwQCMAAwYQYDVR0gBFowWDBWBgZngQwBAgIw
> TDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0
> cHM6Ly9kLnN5bWNiLmNvbS9ycGEwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNv
> bS9zZS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDBX
> BggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zZS5zeW1jZC5jb20wJgYIKwYBBQUH
> MAKGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3J0MCEGA1UdEQQaMBiCFnNzbDEudHN5c2FjcXVp
> cmluZy5uZXQwHwYDVR0jBBgwFoAU15t82CKgFffdrV/OKZtYw7xGALU=
> 
> ----------
> https://crt.sh/?id=24605938
> 
>     0:d=0  hl=4 l=1052 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :16A1C0BCE737C9297E2EB0590415884C
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 133 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  39 cons: SET               
>   335:d=3  hl=2 l=  37 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  30 prim: PRINTABLESTRING
> :TDS-2-Ashburn-SCA-bbL6gMDyTZU8
>   374:d=2  hl=2 l=  25 cons: SET               
>   376:d=3  hl=2 l=  23 cons: SEQUENCE          
>   378:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   383:d=4  hl=2 l=  16 prim: PRINTABLESTRING   :ssl1.vitalps.net
>   401:d=1  hl=4 l= 290 cons: SEQUENCE          
>   405:d=2  hl=2 l=  13 cons: SEQUENCE          
>   407:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   418:d=3  hl=2 l=   0 prim: NULL              
>   420:d=2  hl=4 l= 271 prim: BIT STRING        
>   695:d=1  hl=4 l= 357 cons: cont [ 3 ]        
>   699:d=2  hl=4 l= 353 cons: SEQUENCE          
>   703:d=3  hl=2 l=   9 cons: SEQUENCE          
>   705:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 710:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 714:d=3  hl=2 l=  97 cons: SEQUENCE          
>   716:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 721:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
> 2F2F642E73796D63622E636F6D2F727061
>   813:d=3  hl=2 l=  43 cons: SEQUENCE          
>   815:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   820:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
> 6C
>   858:d=3  hl=2 l=  29 cons: SEQUENCE          
>   860:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 865:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   889:d=3  hl=2 l=  14 cons: SEQUENCE          
>   891:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   896:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   899:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   905:d=3  hl=2 l=  87 cons: SEQUENCE          
>   907:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 917:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
> 7274
>   994:d=3  hl=2 l=  27 cons: SEQUENCE          
>   996:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1001:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
> DUMP]:3012821073736C312E766974616C70732E6E6574
>  1023:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1025:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1030:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> 
> MIIEHKADAgECAhAWocC85zfJKX4usFkEFYhMMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjCBhTELMAkGA1UEBhMCVVMxEDAO
> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcTCENvbHVtYnVzMQ0wCwYDVQQKEwRUU1lTMScwJQYDVQQL
> Ex5URFMtMi1Bc2hidXJuLVNDQS1iYkw2Z01EeVRaVTgxGTAXBgNVBAMTEHNzbDEudml0YWxwcy5u
> ZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqJmFGeFWvyPveYotAazkntNh3bbM7
> ek5XTaKtYrlPcbeHk6GxGNMqBt
> +q6enleihTLZVuSC1kLt1TImgBEIhKcGns3DWqb3pd4mSYlMy5
> ni3RwANjFwV3bUD2kpSec05EXkr83PO+vJ+4IGukepDxyubxpUlHLGKjN0bZj5Rhyh
> +Z3K6g/UIo a2I9qGxsq27Dyl1weJf7AoO3lFroAXa
> +0d3kFWeWQjpKSfBJJD6IfTa5ekE58hWKyMDgKgsdYmTx
> tK7/RgAOVwbeKvdxuHvxQzjDR6gIVit13pTre2R7YrUbL8BVjBJqfa3uMdEknfH2ar7fQjvUxQny
> G1piJKgLAgMBAAGjggFlMIIBYTAJBgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYI
> KwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8v
> ZC5zeW1jYi5jb20vcnBhMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2Uu
> Y3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYB
> BQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpo
> dHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAbBgNVHREEFDASghBzc2wxLnZpdGFscHMubmV0MB8G
> A1UdIwQYMBaAFNebfNgioBX33a1fzimbWMO8RgC1
> 
> ----------
> https://crt.sh/?id=24603563
> 
>     0:d=0  hl=4 l=1051 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :461A77CD27D2E3E75E6A5CB1B84727B5
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 132 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  38 cons: SET               
>   335:d=3  hl=2 l=  36 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  29 prim: PRINTABLESTRING
> :TDS-2-Dallas-SCA-v2PmB4cxayEu
>   373:d=2  hl=2 l=  25 cons: SET               
>   375:d=3  hl=2 l=  23 cons: SEQUENCE          
>   377:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   382:d=4  hl=2 l=  16 prim: PRINTABLESTRING   :ssl1.vitalps.net
>   400:d=1  hl=4 l= 290 cons: SEQUENCE          
>   404:d=2  hl=2 l=  13 cons: SEQUENCE          
>   406:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   417:d=3  hl=2 l=   0 prim: NULL              
>   419:d=2  hl=4 l= 271 prim: BIT STRING        
>   694:d=1  hl=4 l= 357 cons: cont [ 3 ]        
>   698:d=2  hl=4 l= 353 cons: SEQUENCE          
>   702:d=3  hl=2 l=   9 cons: SEQUENCE          
>   704:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 709:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 713:d=3  hl=2 l=  97 cons: SEQUENCE          
>   715:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 720:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
> 2F2F642E73796D63622E636F6D2F727061
>   812:d=3  hl=2 l=  43 cons: SEQUENCE          
>   814:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   819:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
> 6C
>   857:d=3  hl=2 l=  29 cons: SEQUENCE          
>   859:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 864:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   888:d=3  hl=2 l=  14 cons: SEQUENCE          
>   890:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   895:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   898:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   904:d=3  hl=2 l=  87 cons: SEQUENCE          
>   906:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 916:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
> 7274
>   993:d=3  hl=2 l=  27 cons: SEQUENCE          
>   995:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1000:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
> DUMP]:3012821073736C312E766974616C70732E6E6574
>  1022:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1024:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1029:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> 
> MIIEG6ADAgECAhBGGnfNJ9Lj515qXLG4Rye1MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjCBhDELMAkGA1UEBhMCVVMxEDAO
> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcTCENvbHVtYnVzMQ0wCwYDVQQKEwRUU1lTMSYwJAYDVQQL
> Ex1URFMtMi1EYWxsYXMtU0NBLXYyUG1CNGN4YXlFdTEZMBcGA1UEAxMQc3NsMS52aXRhbHBzLm5l
> dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj1EBOQa
> +LD1QAw1S75YJYGRvTsrrMw 1eg6Wkt2s9lY5wzQf61AH+KKPK
> +uwI5xEPUfilYt5iKAGa9mdAXfdiYKJV7lfAbC6LUOzYkS3QSu xM
> +SQIf3cc5OYI3BzK0UDCYwEopHzpUGxQ2KYet94C6gILdzm8eBL3klBxbM
> +HLA8w16g1RgCUx7 Q/OoqLMsaPzj+KZZz
> +aeKAECkDj8rts00LGPK3O404//qJlzmmiva50y3C/nmWTkgpn0v0aaH0BM
> ReEOGT5ds9giXWThHwjFXTEGMyZbK5/QOMXe0qOgmWCc5TbjuAEW4Gt
> +VdkOs/B9W8a/JPCL16fx
> eFEOdQMCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggr
> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9k
> LnN5bWNiLmNvbS9ycGEwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9zZS5j
> cmwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDBXBggrBgEF
> BQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zZS5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0
> dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3J0MBsGA1UdEQQUMBKCEHNzbDEudml0YWxwcy5uZXQwHwYD
> VR0jBBgwFoAU15t82CKgFffdrV/OKZtYw7xGALU=
> 
> ----------
> https://crt.sh/?id=24605901
> 
>     0:d=0  hl=4 l=1052 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :31A4E0A5A052CB270BAAFEB9EDCA561C
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 133 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  39 cons: SET               
>   335:d=3  hl=2 l=  37 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  30 prim: PRINTABLESTRING
> :TDS-2-Ashburn-SCA-bbL6gMDyTZU8
>   374:d=2  hl=2 l=  25 cons: SET               
>   376:d=3  hl=2 l=  23 cons: SEQUENCE          
>   378:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   383:d=4  hl=2 l=  16 prim: PRINTABLESTRING   :ssl2.vitalps.net
>   401:d=1  hl=4 l= 290 cons: SEQUENCE          
>   405:d=2  hl=2 l=  13 cons: SEQUENCE          
>   407:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   418:d=3  hl=2 l=   0 prim: NULL              
>   420:d=2  hl=4 l= 271 prim: BIT STRING        
>   695:d=1  hl=4 l= 357 cons: cont [ 3 ]        
>   699:d=2  hl=4 l= 353 cons: SEQUENCE          
>   703:d=3  hl=2 l=   9 cons: SEQUENCE          
>   705:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 710:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 714:d=3  hl=2 l=  97 cons: SEQUENCE          
>   716:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 721:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
> 2F2F642E73796D63622E636F6D2F727061
>   813:d=3  hl=2 l=  43 cons: SEQUENCE          
>   815:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   820:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
> 6C
>   858:d=3  hl=2 l=  29 cons: SEQUENCE          
>   860:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 865:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   889:d=3  hl=2 l=  14 cons: SEQUENCE          
>   891:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   896:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   899:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   905:d=3  hl=2 l=  87 cons: SEQUENCE          
>   907:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 917:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
> 7274
>   994:d=3  hl=2 l=  27 cons: SEQUENCE          
>   996:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1001:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
> DUMP]:3012821073736C322E766974616C70732E6E6574
>  1023:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1025:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1030:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> 
> MIIEHKADAgECAhAxpOCloFLLJwuq/rntylYcMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjCBhTELMAkGA1UEBhMCVVMxEDAO
> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcTCENvbHVtYnVzMQ0wCwYDVQQKEwRUU1lTMScwJQYDVQQL
> Ex5URFMtMi1Bc2hidXJuLVNDQS1iYkw2Z01EeVRaVTgxGTAXBgNVBAMTEHNzbDIudml0YWxwcy5u
> ZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDayoZKABDEsmXoYERyW4PyXjw9a7Cn
> /6ms3Jq5S6E5Jn6HUJpSUMO+YoRkh
> +t/DczoWHuveq7tBGAMtJUk6Y38zboXo58zDLCGngnt7Odg
> H2JxJTBzJ0HW5vqT2R/7oanGZCAEim7FUyJ70prvsfgygqsZq9k7C4DOs1U2Zj2Lq
> +VrSUZgtLB2
> sG0dKRPGFed3xSqtseOduqROCcivqp9zNjbnSH8QqVJ1ubIp01rGhKsWsD1BKPPsT7k93MybqRpj
> FMBuAcCvHfURgk4RRAJp0KlZAuemGHbZSq/jWNJsTTTeft1uRjMBBnN3GLf61mWUZJBKZyLrPJu7
> u3Ci
> +ZUnAgMBAAGjggFlMIIBYTAJBgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYI
> KwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8v
> ZC5zeW1jYi5jb20vcnBhMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2Uu
> Y3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYB
> BQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpo
> dHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAbBgNVHREEFDASghBzc2wyLnZpdGFscHMubmV0MB8G
> A1UdIwQYMBaAFNebfNgioBX33a1fzimbWMO8RgC1
> 
> ----------
> https://crt.sh/?id=24605897
> 
>     0:d=0  hl=4 l=1051 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :7513714F7C3FDF897563334107892069
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 132 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  38 cons: SET               
>   335:d=3  hl=2 l=  36 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  29 prim: PRINTABLESTRING
> :TDS-2-Dallas-SCA-v2PmB4cxayEu
>   373:d=2  hl=2 l=  25 cons: SET               
>   375:d=3  hl=2 l=  23 cons: SEQUENCE          
>   377:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   382:d=4  hl=2 l=  16 prim: PRINTABLESTRING   :ssl2.vitalps.net
>   400:d=1  hl=4 l= 290 cons: SEQUENCE          
>   404:d=2  hl=2 l=  13 cons: SEQUENCE          
>   406:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   417:d=3  hl=2 l=   0 prim: NULL              
>   419:d=2  hl=4 l= 271 prim: BIT STRING        
>   694:d=1  hl=4 l= 357 cons: cont [ 3 ]        
>   698:d=2  hl=4 l= 353 cons: SEQUENCE          
>   702:d=3  hl=2 l=   9 cons: SEQUENCE          
>   704:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 709:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 713:d=3  hl=2 l=  97 cons: SEQUENCE          
>   715:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 720:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
> 2F2F642E73796D63622E636F6D2F727061
>   812:d=3  hl=2 l=  43 cons: SEQUENCE          
>   814:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   819:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
> 6C
>   857:d=3  hl=2 l=  29 cons: SEQUENCE          
>   859:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 864:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   888:d=3  hl=2 l=  14 cons: SEQUENCE          
>   890:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   895:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   898:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   904:d=3  hl=2 l=  87 cons: SEQUENCE          
>   906:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 916:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
> 7274
>   993:d=3  hl=2 l=  27 cons: SEQUENCE          
>   995:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1000:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
> DUMP]:3012821073736C322E766974616C70732E6E6574
>  1022:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1024:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1029:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> 
> MIIEG6ADAgECAhB1E3FPfD/fiXVjM0EHiSBpMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjCBhDELMAkGA1UEBhMCVVMxEDAO
> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcTCENvbHVtYnVzMQ0wCwYDVQQKEwRUU1lTMSYwJAYDVQQL
> Ex1URFMtMi1EYWxsYXMtU0NBLXYyUG1CNGN4YXlFdTEZMBcGA1UEAxMQc3NsMi52aXRhbHBzLm5l
> dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLHs/6/uOTbCYF6B3q8
> +RWzXsPxVjSR
> 7UkIif4A8Jw181U/le7mqAB3UsK6CAgsgUw1fYq7vmeDJIwcIzSACwuTTc6VIeSQBhmeduqB5gw1
> ciubkQtBlxqvJ7baNcmk8/IaaYjEJHcy4ycXdd4RMEaOTvtk5
> +oH8Im7H9WNla4cxU4GUKqtLnGr 5ZF9YnKrmY2dX4Wy2lX
> +sieJXoIhxgg1Xkb4sto4YkpKG0Xl9YP2GMl0XAJtnrjqcKhuJaA1iZPy
> E4GwWrl9m5pzOQOK5aGpoNump16x5B75xglVHZwb6jBMkEHjavNaPR4eh7/+RIUYD6cGBZUaQkTQ
> lBKjBGkCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggr
> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9k
> LnN5bWNiLmNvbS9ycGEwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9zZS5j
> cmwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDBXBggrBgEF
> BQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zZS5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0
> dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3J0MBsGA1UdEQQUMBKCEHNzbDIudml0YWxwcy5uZXQwHwYD
> VR0jBBgwFoAU15t82CKgFffdrV/OKZtYw7xGALU=
> 
> ----------
> https://crt.sh/?id=24605892
> 
>     0:d=0  hl=4 l=1052 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :0A401380CA911598A9C5D39E1F07D576
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 133 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  39 cons: SET               
>   335:d=3  hl=2 l=  37 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  30 prim: PRINTABLESTRING
> :TDS-2-Ashburn-SCA-bbL6gMDyTZU8
>   374:d=2  hl=2 l=  25 cons: SET               
>   376:d=3  hl=2 l=  23 cons: SEQUENCE          
>   378:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   383:d=4  hl=2 l=  16 prim: PRINTABLESTRING   :ssl3.vitalps.net
>   401:d=1  hl=4 l= 290 cons: SEQUENCE          
>   405:d=2  hl=2 l=  13 cons: SEQUENCE          
>   407:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   418:d=3  hl=2 l=   0 prim: NULL              
>   420:d=2  hl=4 l= 271 prim: BIT STRING        
>   695:d=1  hl=4 l= 357 cons: cont [ 3 ]        
>   699:d=2  hl=4 l= 353 cons: SEQUENCE          
>   703:d=3  hl=2 l=   9 cons: SEQUENCE          
>   705:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 710:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 714:d=3  hl=2 l=  97 cons: SEQUENCE          
>   716:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 721:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
> 2F2F642E73796D63622E636F6D2F727061
>   813:d=3  hl=2 l=  43 cons: SEQUENCE          
>   815:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   820:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
> 6C
>   858:d=3  hl=2 l=  29 cons: SEQUENCE          
>   860:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 865:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   889:d=3  hl=2 l=  14 cons: SEQUENCE          
>   891:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   896:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   899:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   905:d=3  hl=2 l=  87 cons: SEQUENCE          
>   907:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 917:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
> 7274
>   994:d=3  hl=2 l=  27 cons: SEQUENCE          
>   996:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1001:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
> DUMP]:3012821073736C332E766974616C70732E6E6574
>  1023:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1025:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1030:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> 
> MIIEHKADAgECAhAKQBOAypEVmKnF054fB9V2MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjCBhTELMAkGA1UEBhMCVVMxEDAO
> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcTCENvbHVtYnVzMQ0wCwYDVQQKEwRUU1lTMScwJQYDVQQL
> Ex5URFMtMi1Bc2hidXJuLVNDQS1iYkw2Z01EeVRaVTgxGTAXBgNVBAMTEHNzbDMudml0YWxwcy5u
> ZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3RCW/fjCam4nILKe3bEcUD3u8y2XK
> lxDSe/EyOa2MwHakXx4JBqbBtE2SySlO6HvxJ9sbAnjKU
> +3/+KsPZGXJDDllq7JmsRNps3hAdsHA 95h0TKAZDTR6Yk5pwv
> +huIyMfT1NRuEA1HUsv0l8tdyRenL8Aap0+p9Dqohqc+FiE8UaDEECSORw
> BCGJ0jlkhqrLkOsu5aeM7xa9et5GMFQEYGehhjCWZYA2medvdi2nmKbTB3zVFlCiiC8lzzM7GPmB
> B3M3o3C7jC8xFo2O/LvZ1mmeFcFJ0cCLhzjp6hrJ
> +ohk8zdHvB4Kkpa43gfrX1gwDOikQjEUBbz/
> NpQeG561AgMBAAGjggFlMIIBYTAJBgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYI
> KwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8v
> ZC5zeW1jYi5jb20vcnBhMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2Uu
> Y3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYB
> BQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpo
> dHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAbBgNVHREEFDASghBzc2wzLnZpdGFscHMubmV0MB8G
> A1UdIwQYMBaAFNebfNgioBX33a1fzimbWMO8RgC1
> 
> ----------
> https://crt.sh/?id=24605907
> 
>     0:d=0  hl=4 l=1051 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :2FC508AE1FA00566CD09574181A46C7B
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 132 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  38 cons: SET               
>   335:d=3  hl=2 l=  36 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  29 prim: PRINTABLESTRING
> :TDS-2-Dallas-SCA-v2PmB4cxayEu
>   373:d=2  hl=2 l=  25 cons: SET               
>   375:d=3  hl=2 l=  23 cons: SEQUENCE          
>   377:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   382:d=4  hl=2 l=  16 prim: PRINTABLESTRING   :ssl3.vitalps.net
>   400:d=1  hl=4 l= 290 cons: SEQUENCE          
>   404:d=2  hl=2 l=  13 cons: SEQUENCE          
>   406:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   417:d=3  hl=2 l=   0 prim: NULL              
>   419:d=2  hl=4 l= 271 prim: BIT STRING        
>   694:d=1  hl=4 l= 357 cons: cont [ 3 ]        
>   698:d=2  hl=4 l= 353 cons: SEQUENCE          
>   702:d=3  hl=2 l=   9 cons: SEQUENCE          
>   704:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 709:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 713:d=3  hl=2 l=  97 cons: SEQUENCE          
>   715:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 720:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
> 2F2F642E73796D63622E636F6D2F727061
>   812:d=3  hl=2 l=  43 cons: SEQUENCE          
>   814:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   819:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
> 6C
>   857:d=3  hl=2 l=  29 cons: SEQUENCE          
>   859:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 864:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   888:d=3  hl=2 l=  14 cons: SEQUENCE          
>   890:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   895:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   898:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   904:d=3  hl=2 l=  87 cons: SEQUENCE          
>   906:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 916:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
> 7274
>   993:d=3  hl=2 l=  27 cons: SEQUENCE          
>   995:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1000:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
> DUMP]:3012821073736C332E766974616C70732E6E6574
>  1022:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1024:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1029:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> 
> MIIEG6ADAgECAhAvxQiuH6AFZs0JV0GBpGx7MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjCBhDELMAkGA1UEBhMCVVMxEDAO
> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcTCENvbHVtYnVzMQ0wCwYDVQQKEwRUU1lTMSYwJAYDVQQL
> Ex1URFMtMi1EYWxsYXMtU0NBLXYyUG1CNGN4YXlFdTEZMBcGA1UEAxMQc3NsMy52aXRhbHBzLm5l
> dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsySNCCFICJMRLTsgByyGZM4zXNijK4
> 6btR22h40+G9clnoUWIPPvpPM3ZHiZ7
> +CJe0xCZGFvPlQkc1R8wUV/YroP2pyQfQ0jehUCzfY4Wk dROIfXW3ZpvInDj
> +45NWbUR3Zf4xgolXTNlKS3FjROKnH+QPXgevypFpUFY7+j6Q1+onuTcj5tkb
> nt9UYqyUjSV2uQicwHnUuReyWcNLftcpfYzFK5aRXaU5V0lfjW/Ee8SF8PljmVQt8t45jGqMFY1T
> HAH1Fl+QEdvOGLXBW6nmkuDTeS6RYmhEYUlIbpbPsHGESo+
> +DdPYvDcMmh881MvY5Fs4wfHgqcNa
> aaQNmlcCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggr
> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9k
> LnN5bWNiLmNvbS9ycGEwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9zZS5j
> cmwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDBXBggrBgEF
> BQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zZS5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0
> dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3J0MBsGA1UdEQQUMBKCEHNzbDMudml0YWxwcy5uZXQwHwYD
> VR0jBBgwFoAU15t82CKgFffdrV/OKZtYw7xGALU=
> 
> ----------
> 
> 
> 
> 


More information about the Public mailing list