OS X Mavericks: List of available trusted root certificates

The OS X Trust Store contains trusted root certificates that are preinstalled with OS X.

About trust and certificates

The OS X v10.9.4 Mavericks Trust Store contains three categories of certificates:

Trusted root certificates are used to establish a chain of trust that's used to verify other certificates signed by the trusted roots, for example to establish a secure connection to a web server. When IT administrators create Configuration Profiles for OS X Mavericks, these trusted root certificates don't need to be included.

Always Ask certificates are untrusted but not blocked. When one of these certificates is used, you'll be prompted to choose whether or not to trust it.

Blocked certificates are believed to be compromised and will never be trusted.

This article lists the certificate trust policies for OS X Mavericks, and is updated when changes are made to the certificate list.

Trusted certificates

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, O=JPKI, OU=Prefectural Association For JPKI, OU=BridgeCA Trust: Always Validity Not Before: Dec 27 05:08:15 2003 GMT Not After : Dec 26 14:59:59 2013 GMT Subject: C=JP, O=JPKI, OU=Prefectural Association For JPKI, OU=BridgeCA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 CRL Distribution Points: DirName:/C=JP/O=JPKI/OU=Prefectural Association For JPKI/OU=BridgeCA X509v3 Subject Alternative Name: DirName:/C=JP/O=公的個人認証サービス/OU=都道府県協議会 X509v3 Subject Key Identifier: D4:17:32:20:AA:40:D9:11:D8:E6:99:99:08:0B:B5:FF:26:47:CA:7C

Version: 3 (0x2) Serial Number: 946059622 (0x3863b966) Signature Algorithm: sha1WithRSAEncryption Issuer: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) Trust: Always Validity Not Before: Dec 24 17:50:51 1999 GMT Not After : Dec 24 18:20:51 2019 GMT Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 Authority Key Identifier: keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 X509v3 Subject Key Identifier: 55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 1.2.840.113533.7.65.0: 0...V5.0:4.0....

Version: 3 (0x2) Serial Number: 57923 (0xe243) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AT, O=A-Trust Ges. f?r Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-Qual-01, CN=A-Trust-Qual-01 Trust: Always Validity Not Before: Nov 30 23:00:00 2004 GMT Not After : Nov 30 23:00:00 2014 GMT Subject: C=AT, O=A-Trust Ges. f?r Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-Qual-01, CN=A-Trust-Qual-01 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 4B:3C:8C:1D:85:E9:6F:AD X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 57928 (0xe248) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-Qual-02, CN=A-Trust-Qual-02 Trust: Always Validity Not Before: Dec 2 23:00:00 2004 GMT Not After : Dec 2 23:00:00 2014 GMT Subject: C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-Qual-02, CN=A-Trust-Qual-02 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 42:3D:2B:24:A6:C1:45:CE X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 57922 (0xe242) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AT, O=A-Trust, OU=A-Trust-nQual-01, CN=A-Trust-nQual-01 Trust: Always Validity Not Before: Nov 30 23:00:00 2004 GMT Not After : Nov 30 23:00:00 2014 GMT Subject: C=AT, O=A-Trust, OU=A-Trust-nQual-01, CN=A-Trust-nQual-01 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 4E:59:CE:C7:02:32:87:30 X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 93214 (0x16c1e) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-nQual-03, CN=A-Trust-nQual-03 Trust: Always Validity Not Before: Aug 17 22:00:00 2005 GMT Not After : Aug 17 22:00:00 2015 GMT Subject: C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-nQual-03, CN=A-Trust-nQual-03 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 44:6A:95:67:55:79:11:4F X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=AOL Time Warner Inc., OU=America Online Inc., CN=AOL Time Warner Root Certification Authority 1 Trust: Always Validity Not Before: May 29 06:00:00 2002 GMT Not After : Nov 20 15:03:00 2037 GMT Subject: C=US, O=AOL Time Warner Inc., OU=America Online Inc., CN=AOL Time Warner Root Certification Authority 1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: A1:36:30:16:CB:86:90:00:45:80:53:B1:8F:C8:D8:3D:7C:BE:5F:12 X509v3 Authority Key Identifier: keyid:A1:36:30:16:CB:86:90:00:45:80:53:B1:8F:C8:D8:3D:7C:BE:5F:12 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=AOL Time Warner Inc., OU=America Online Inc., CN=AOL Time Warner Root Certification Authority 2 Trust: Always Validity Not Before: May 29 06:00:00 2002 GMT Not After : Sep 28 23:43:00 2037 GMT Subject: C=US, O=AOL Time Warner Inc., OU=America Online Inc., CN=AOL Time Warner Root Certification Authority 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 4F:69:6D:03:7E:9D:9F:07:18:43:BC:B7:10:4E:D5:BF:A9:C4:20:28 X509v3 Authority Key Identifier: keyid:4F:69:6D:03:7E:9D:9F:07:18:43:BC:B7:10:4E:D5:BF:A9:C4:20:28 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 49 (0x31) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, O=Japanese Government, OU=ApplicationCA Trust: Always Validity Not Before: Dec 12 15:00:00 2007 GMT Not After : Dec 12 15:00:00 2017 GMT Subject: C=JP, O=Japanese Government, OU=ApplicationCA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 54:5A:CB:26:3F:71:CC:94:46:0D:96:53:EA:6B:48:D0:93:FE:42:75 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Alternative Name: DirName:/C=JP/O=日本国政府/OU=アプリケーションCA X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 57:0a:11:97:42:c4:e3:cc Signature Algorithm: sha256WithRSAEncryption Issuer: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA Trust: Always Validity Not Before: Sep 22 11:22:02 2011 GMT Not After : Sep 22 11:22:02 2030 GMT Subject: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Subject Key Identifier: 52:D8:88:3A:C8:9F:78:66:ED:89:F3:7B:38:70:94:C9:02:02:36:D0 X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:52:D8:88:3A:C8:9F:78:66:ED:89:F3:7B:38:70:94:C9:02:02:36:D0 X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Class 1 CA Root Trust: Always Validity Not Before: May 30 10:38:31 2000 GMT Not After : May 30 10:38:31 2020 GMT Subject: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Class 1 CA Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B DirName:/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root serial:01

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root Trust: Always Validity Not Before: May 30 10:48:38 2000 GMT Not After : May 30 10:48:38 2020 GMT Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A DirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root serial:01

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Public CA Root Trust: Always Validity Not Before: May 30 10:41:50 2000 GMT Not After : May 30 10:41:50 2020 GMT Subject: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Public CA Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 81:3E:37:D8:92:B0:1F:77:9F:5C:B4:AB:73:AA:E7:F6:34:60:2F:FA X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:81:3E:37:D8:92:B0:1F:77:9F:5C:B4:AB:73:AA:E7:F6:34:60:2F:FA DirName:/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root serial:01

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Qualified CA Root Trust: Always Validity Not Before: May 30 10:44:50 2000 GMT Not After : May 30 10:44:50 2020 GMT Subject: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Qualified CA Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 39:95:8B:62:8B:5C:C9:D4:80:BA:58:0F:97:3F:15:08:43:CC:98:A7 X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:39:95:8B:62:8B:5C:C9:D4:80:BA:58:0F:97:3F:15:08:43:CC:98:A7 DirName:/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root serial:01

Version: 3 (0x2) Serial Number: 74:97:25:8a:c7:3f:7a:54 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC Trust: Always Validity Not Before: Jan 29 14:20:24 2010 GMT Not After : Dec 31 14:20:24 2040 GMT Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC Subject Public Key Info: Public Key Algorithm: id-ecPublicKey X509v3 extensions: X509v3 Subject Key Identifier: 9A:AF:29:7A:C0:11:35:35:26:51:30:00:C3:6A:FE:40:D5:AE:D6:3C X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 6d:8c:14:46:b1:a6:0a:ee Signature Algorithm: sha384WithRSAEncryption Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Premium Trust: Always Validity Not Before: Jan 29 14:10:36 2010 GMT Not After : Dec 31 14:10:36 2040 GMT Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Subject Key Identifier: 9D:C0:67:A6:0C:22:D9:26:F5:45:AB:A6:65:52:11:27:D8:45:AC:63 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 7c:4f:04:39:1c:d4:99:2d Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Networking Trust: Always Validity Not Before: Jan 29 14:08:24 2010 GMT Not After : Dec 31 14:08:24 2030 GMT Subject: C=US, O=AffirmTrust, CN=AffirmTrust Networking Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 07:1F:D2:E7:9C:DA:C2:6E:A2:40:B4:B0:7A:50:10:50:74:C4:C8:BD X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 77:77:06:27:26:a9:b1:7c Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Commercial Trust: Always Validity Not Before: Jan 29 14:06:06 2010 GMT Not After : Dec 31 14:06:06 2030 GMT Subject: C=US, O=AffirmTrust, CN=AffirmTrust Commercial Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 9D:93:C6:53:8B:5E:CA:AF:3F:9F:1E:0F:E5:99:95:BC:24:F6:94:8F X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1 Trust: Always Validity Not Before: May 28 06:00:00 2002 GMT Not After : Nov 19 20:43:00 2037 GMT Subject: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 00:AD:D9:A3:F6:79:F6:6E:74:A9:7F:33:3D:81:17:D7:4C:CF:33:DE X509v3 Authority Key Identifier: keyid:00:AD:D9:A3:F6:79:F6:6E:74:A9:7F:33:3D:81:17:D7:4C:CF:33:DE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2 Trust: Always Validity Not Before: May 28 06:00:00 2002 GMT Not After : Sep 29 14:08:00 2037 GMT Subject: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 4D:45:C1:68:38:BB:73:A9:69:A1:20:E7:ED:F5:22:A1:23:14:D7:9E X509v3 Authority Key Identifier: keyid:4D:45:C1:68:38:BB:73:A9:69:A1:20:E7:ED:F5:22:A1:23:14:D7:9E X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 49 (0x31) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, O=LGPKI, OU=Application CA G2 Trust: Always Validity Not Before: Mar 31 15:00:00 2006 GMT Not After : Mar 31 14:59:59 2016 GMT Subject: C=JP, O=LGPKI, OU=Application CA G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 7F:B8:5D:8E:C4:18:6B:C6:7D:CC:2E:E9:AE:CE:34:E7:17:5D:E0:A1 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 CRL Distribution Points: DirName:/C=JP/O=LGPKI/OU=Application CA G2 X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:7F:B8:5D:8E:C4:18:6B:C6:7D:CC:2E:E9:AE:CE:34:E7:17:5D:E0:A1

Version: 3 (0x2) Serial Number: 01:e0:e5:b5:83:67:a3:e0 Signature Algorithm: sha384WithRSAEncryption Issuer: CN=Apple Root CA - G2, OU=Apple Certification Authority, O=Apple Inc., C=US Trust: Always Validity Not Before: Apr 30 18:10:09 2014 GMT Not After : Apr 30 18:10:09 2039 GMT Subject: CN=Apple Root CA - G2, OU=Apple Certification Authority, O=Apple Inc., C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Subject Key Identifier: C4:99:13:6C:18:03:C2:7B:C0:A3:A0:0D:7F:72:80:7A:1C:77:26:8D X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 2d:c5:fc:88:d2:c5:4b:95 Signature Algorithm: ecdsa-with-SHA384 Issuer: CN=Apple Root CA - G3, OU=Apple Certification Authority, O=Apple Inc., C=US Trust: Always Validity Not Before: Apr 30 18:19:06 2014 GMT Not After : Apr 30 18:19:06 2039 GMT Subject: CN=Apple Root CA - G3, OU=Apple Certification Authority, O=Apple Inc., C=US Subject Public Key Info: Public Key Algorithm: id-ecPublicKey X509v3 extensions: X509v3 Subject Key Identifier: BB:B0:DE:A1:58:33:88:9A:A4:8A:99:DE:BE:BD:EB:AF:DA:CB:24:AB X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 18:7a:a9:a8:c2:96:21:0c Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Root CA Trust: Always Validity Not Before: Feb 1 22:12:15 2012 GMT Not After : Feb 1 22:12:15 2027 GMT Subject: CN=Developer ID Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 57:17:ED:A2:CF:DC:7C:98:A1:10:E0:FC:BE:87:2D:2C:F2:E3:17:54 X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E X509v3 CRL Distribution Points: URI:http://crl.apple.com/root.crl X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign 1.2.840.113635.100.6.2.6: ..

Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Root CA Trust: Always Validity Not Before: Apr 25 21:40:36 2006 GMT Not After : Feb 9 21:40:36 2035 GMT Subject: C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E X509v3 Authority Key Identifier: keyid:2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E X509v3 Certificate Policies: Policy: 1.2.840.113635.100.5.1 CPS: https://www.apple.com/appleca/

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Apple Computer, Inc., OU=Apple Computer Certificate Authority, CN=Apple Root Certificate Authority Trust: Always Validity Not Before: Feb 10 00:18:14 2005 GMT Not After : Feb 10 00:18:14 2025 GMT Subject: C=US, O=Apple Computer, Inc., OU=Apple Computer Certificate Authority, CN=Apple Root Certificate Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E X509v3 Authority Key Identifier: keyid:2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E X509v3 Certificate Policies: Policy: 1.2.840.113635.100.5.1 CPS: https://www.apple.com/certificateauthority/terms.html X509v3 CRL Distribution Points: URI:https://www.apple.com/certificateauthority/root.crl Authority Information Access: CA Issuers - URI:https://www.apple.com/certificateauthority/casigners.html

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha384WithRSAEncryption Issuer: CN=Autoridad de Certificacion Raiz del Estado Venezolano, C=VE, L=Caracas, ST=Distrito Capital, O=Sistema Nacional de Certificacion Electronica, OU=Superintendencia de Servicios de Certificacion Electronica/emailAddress=acraiz@suscerte.gob.ve Trust: Always Validity Not Before: Dec 22 18:08:21 2010 GMT Not After : Dec 17 23:59:59 2030 GMT Subject: CN=Autoridad de Certificacion Raiz del Estado Venezolano, C=VE, L=Caracas, ST=Distrito Capital, O=Sistema Nacional de Certificacion Electronica, OU=Superintendencia de Servicios de Certificacion Electronica/emailAddress=acraiz@suscerte.gob.ve Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:2 X509v3 Issuer Alternative Name: DNS:suscerte.gob.ve, othername: X509v3 Subject Key Identifier: AD:BB:22:1D:C6:E0:D2:01:A8:FD:76:50:52:93:ED:98:C1:4D:AE:D3 X509v3 Authority Key Identifier: keyid:AD:BB:22:1D:C6:E0:D2:01:A8:FD:76:50:52:93:ED:98:C1:4D:AE:D3 DirName:/CN=Autoridad de Certificacion Raiz del Estado Venezolano/C=VE/L=Caracas/ST=Distrito Capital/O=Sistema Nacional de Certificacion Electronica/OU=Superintendencia de Servicios de Certificacion Electronica/emailAddress=acraiz@suscerte.gob.ve serial:01 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Alternative Name: DNS:suscerte.gob.ve, othername: X509v3 CRL Distribution Points: URI:hhtp://www.suscerte.gob.ve/lcr URI:ldap://acraiz.suscerte.gob.ve Authority Information Access: OCSP - URI:hhtp://ocsp.suscerte.gob.ve X509v3 Certificate Policies: Policy: 2.16.862.1.2 CPS: http://www.suscerte.gob.ve/dpc

Version: 3 (0x2) Serial Number: 1005814224 (0x3bf381d0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=ch, O=admin, OU=Services, OU=Certification Authorities, CN=Admin-Root-CA Trust: Always Validity Not Before: Nov 15 08:51:07 2001 GMT Not After : Nov 10 07:51:07 2021 GMT Subject: C=ch, O=admin, OU=Services, OU=Certification Authorities, CN=Admin-Root-CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: Policy: 2.16.756.1.17.3.1.0 CPS: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf X509v3 CRL Distribution Points: DirName:/CN=Admin-Root-CA/OU=Certification Authorities/OU=Services/O=admin/C=ch X509v3 Subject Key Identifier: 82:9F:FA:23:73:20:F1:97:8B:B2:4C:4D:BE:42:C5:7F:66:CD:64:E8 X509v3 Authority Key Identifier: keyid:82:9F:FA:23:73:20:F1:97:8B:B2:4C:4D:BE:42:C5:7F:66:CD:64:E8 DirName:/C=ch/O=admin/OU=Services/OU=Certification Authorities/CN=Admin-Root-CA serial:3B:F3:81:D0 X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=CH, O=admin, OU=Services, OU=Certification Authorities, CN=AdminCA-CD-T01 Trust: Always Validity Not Before: Jan 25 13:36:19 2006 GMT Not After : Jan 25 12:36:19 2016 GMT Subject: C=CH, O=admin, OU=Services, OU=Certification Authorities, CN=AdminCA-CD-T01 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Certificate Policies: Policy: 2.16.756.1.17.3.21.1 CPS: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 2A:C4:69:0A:A1:C6:55:C6:03:6E:70:CE:86:81:B3:A4:0F:AA:19:DB

Version: 3 (0x2) Serial Number: 33554617 (0x20000b9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root Trust: Always Validity Not Before: May 12 18:46:00 2000 GMT Not After : May 12 23:59:00 2025 GMT Subject: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0 X509v3 Basic Constraints: critical CA:TRUE, pathlen:3 X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha256WithRSAEncryption Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA Trust: Always Validity Not Before: Oct 26 08:38:03 2010 GMT Not After : Oct 26 08:38:03 2040 GMT Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: C9:80:77:E0:62:92:82:F5:46:9C:F3:BA:F7:4C:C3:DE:B8:A3:AD:39 X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha256WithRSAEncryption Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA Trust: Always Validity Not Before: Oct 26 08:28:58 2010 GMT Not After : Oct 26 08:28:58 2040 GMT Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 47:B8:CD:FF:E5:6F:EE:F8:B2:EC:2F:4E:0E:F9:25:B0:8E:3C:6B:C3 X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 CA 1 Trust: Always Validity Not Before: Oct 13 10:25:09 2006 GMT Not After : Oct 13 10:25:09 2016 GMT Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 CA 1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 3F:8D:9A:59:8B:FC:7B:7B:9C:A3:AF:38:B0:39:ED:90:71:80:D6:C8 X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha1WithRSAEncryption Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 1 Trust: Always Validity Not Before: May 9 14:13:03 2005 GMT Not After : May 9 14:13:03 2015 GMT Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 38:14:E6:C8:F0:A9:A4:03:F4:4E:3E:22:A3:5B:F2:D6:E0:AD:40:74 X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 1 (0x0) Serial Number: 8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3 Trust: Always Validity Not Before: Oct 1 00:00:00 1999 GMT Not After : Jul 16 23:59:59 2036 GMT Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit)

Version: 1 (0x0) Serial Number: 61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3 Trust: Always Validity Not Before: Oct 1 00:00:00 1999 GMT Not After : Jul 16 23:59:59 2036 GMT Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit)

Version: 1 (0x0) Serial Number: 9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 Trust: Always Validity Not Before: Oct 1 00:00:00 1999 GMT Not After : Jul 16 23:59:59 2036 GMT Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit)

Version: 1 (0x0) Serial Number: ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3 Trust: Always Validity Not Before: Oct 1 00:00:00 1999 GMT Not After : Jul 16 23:59:59 2036 GMT Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit)

Version: 3 (0x2) Serial Number: c3:03:9a:ee:50:90:6e:28 Signature Algorithm: sha1WithRSAEncryption Issuer: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R1 Trust: Always Validity Not Before: Jul 19 09:06:56 2012 GMT Not After : Jul 19 09:06:56 2042 GMT Subject: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 89:0A:B4:38:93:1A:E6:AB:EE:9B:91:18:F9:F5:3C:3E:35:D0:D3:82

Version: 3 (0x2) Serial Number: 92:b8:88:db:b0:8a:c1:63 Signature Algorithm: sha256WithRSAEncryption Issuer: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2 Trust: Always Validity Not Before: Jul 19 09:15:30 2012 GMT Not After : Jul 19 09:15:30 2042 GMT Subject: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: B5:99:F8:AF:B0:94:F5:E3:20:D6:0A:AD:CE:4E:56:A4:2E:6E:42:ED

Version: 3 (0x2) Serial Number: 1218379777 (0x489f0001) Signature Algorithm: sha1WithRSAEncryption Issuer: C=CN, O=China Internet Network Information Center, CN=China Internet Network Information Center EV Certificates Root Trust: Always Validity Not Before: Aug 31 07:11:25 2010 GMT Not After : Aug 31 07:11:25 2030 GMT Subject: C=CN, O=China Internet Network Information Center, CN=China Internet Network Information Center EV Certificates Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Authority Key Identifier: keyid:7C:72:4B:39:C7:C0:DB:62:A5:4F:9B:AA:18:34:92:A2:CA:83:82:59 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 7C:72:4B:39:C7:C0:DB:62:A5:4F:9B:AA:18:34:92:A2:CA:83:82:59

Version: 3 (0x2) Serial Number: 4e:81:2d:8a:82:65:e0:0b:02:ee:3e:35:02:46:e5:3d Signature Algorithm: sha1WithRSAEncryption Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority Trust: Always Validity Not Before: Dec 1 00:00:00 2006 GMT Not After : Dec 31 23:59:59 2029 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 0B:58:E5:8B:C6:4C:15:37:A4:40:A9:30:A9:21:BE:47:36:5A:56:FF X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 CRL Distribution Points: URI:http://crl.comodoca.com/COMODOCertificationAuthority.crl

Version: 3 (0x2) Serial Number: fe:dc:e3:01:0f:c9:48:ff Signature Algorithm: sha1WithRSAEncryption Issuer: C=FR, O=Dhimyotis, CN=Certigna Trust: Always Validity Not Before: Jun 29 15:13:05 2007 GMT Not After : Jun 29 15:13:05 2027 GMT Subject: C=FR, O=Dhimyotis, CN=Certigna Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 1A:ED:FE:41:39:90:B4:24:59:BE:01:F2:52:D5:45:F6:5A:39:DC:11 X509v3 Authority Key Identifier: keyid:1A:ED:FE:41:39:90:B4:24:59:BE:01:F2:52:D5:45:F6:5A:39:DC:11 DirName:/C=FR/O=Dhimyotis/CN=Certigna serial:FE:DC:E3:01:0F:C9:48:FF X509v3 Key Usage: critical Certificate Sign, CRL Sign Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA Trust: Always Validity Not Before: Oct 21 09:17:18 2013 GMT Not After : Oct 21 09:17:18 2033 GMT Subject: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: EF:91:4C:F5:A5:C3:30:E8:2F:08:EA:D3:71:22:A4:92:68:78:74:D9 X509v3 Authority Key Identifier: keyid:EF:91:4C:F5:A5:C3:30:E8:2F:08:EA:D3:71:22:A4:92:68:78:74:D9

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Autorité Racine Trust: Always Validity Not Before: Sep 17 08:28:59 2008 GMT Not After : Sep 17 08:28:59 2028 GMT Subject: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Autorité Racine Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 0D:8C:B6:61:DA:44:B8:D1:14:7D:C3:BE:7D:5E:48:F0:CE:CA:6A:B0 X509v3 Certificate Policies: Policy: 1.2.250.1.86.2.2.0.1.1

Version: 3 (0x2) Serial Number: b8:59:14:71:3f:57:df:8f:31:c0:33:3d:d2:d6:19:7a:23:17:b4:eb Signature Algorithm: sha512WithRSAEncryption Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2 Trust: Always Validity Not Before: Oct 6 08:39:56 2011 GMT Not After : Oct 6 08:39:56 2046 GMT Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: B6:A1:54:39:02:C3:A0:3F:8E:8A:BC:FA:D4:F8:1C:A6:D1:3A:0E:FD X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 15:c8:bd:65:47:5c:af:b8:97:00:5e:e4:06:d2:bc:9d Signature Algorithm: sha1WithRSAEncryption Issuer: C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority Trust: Always Validity Not Before: Dec 20 02:31:27 2004 GMT Not After : Dec 20 02:31:27 2034 GMT Subject: C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Subject Key Identifier: 1E:0C:F7:B6:67:F2:E1:92:26:09:45:C0:55:39:2E:77:3F:42:4A:A2 X509v3 Basic Constraints: CA:TRUE setCext-hashedRoot: 0/0-...0...+......0...g*.....E... V|.[x....S.....

Version: 1 (0x0) Serial Number: 4c:c7:ea:aa:98:3e:71:d3:93:10:f8:3d:3a:89:91:92 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network Trust: Always Validity Not Before: May 18 00:00:00 1998 GMT Not After : Aug 1 23:59:59 2028 GMT Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 1 (0x0) Serial Number: b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network Trust: Always Validity Not Before: May 18 00:00:00 1998 GMT Not After : Aug 1 23:59:59 2028 GMT Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 1 (0x0) Serial Number: 7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network Trust: Always Validity Not Before: May 18 00:00:00 1998 GMT Not After : Aug 1 23:59:59 2028 GMT Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 1 (0x0) Serial Number: 32:88:8e:9a:d2:f5:eb:13:47:f8:7f:c4:20:37:25:f8 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network Trust: Always Validity Not Before: May 18 00:00:00 1998 GMT Not After : Aug 1 23:59:59 2028 GMT Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 3 (0x2) Serial Number: 14:13:96:83:14:55:8c:ea:7b:63:e5:fc:34:87:77:44 Signature Algorithm: sha1WithRSAEncryption Issuer: CN=ComSign CA, O=ComSign, C=IL Trust: Always Validity Not Before: Mar 24 11:32:18 2004 GMT Not After : Mar 19 15:02:18 2029 GMT Subject: CN=ComSign CA, O=ComSign, C=IL Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE X509v3 CRL Distribution Points: URI:http://fedir.comsign.co.il/crl/ComSignCA.crl X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:4B:01:9B:3E:56:1A:65:36:76:CB:7B:97:AA:92:05:EE:32:E7:28:31 X509v3 Subject Key Identifier: 4B:01:9B:3E:56:1A:65:36:76:CB:7B:97:AA:92:05:EE:32:E7:28:31

Version: 3 (0x2) Serial Number: 8f:61:71:15:ba:79:58:17:8c:7d:11:3a:ac:d6:db:ae Signature Algorithm: sha256WithRSAEncryption Issuer: CN=ComSign Global Root CA, O=ComSign Ltd., C=IL Trust: Always Validity Not Before: Jul 18 10:24:54 2011 GMT Not After : Jul 16 10:24:55 2036 GMT Subject: CN=ComSign Global Root CA, O=ComSign Ltd., C=IL Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 CRL Distribution Points: URI:http://fedir.comsign.co.il/crl/comsignglobalrootca.crl URI:http://crl1.comsign.co.il/crl/comsignglobalrootca.crl X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 02:45:93:D8:0D:48:62:AC:69:BA:AE:06:5B:3E:FB:AA:26:91:50:B1 X509v3 Authority Key Identifier: keyid:02:45:93:D8:0D:48:62:AC:69:BA:AE:06:5B:3E:FB:AA:26:91:50:B1

Version: 3 (0x2) Serial Number: c7:28:47:09:b3:b8:6c:45:8c:1d:fa:24:f5:36:4e:e9 Signature Algorithm: sha1WithRSAEncryption Issuer: CN=ComSign Secured CA, O=ComSign, C=IL Trust: Always Validity Not Before: Mar 24 11:37:20 2004 GMT Not After : Mar 16 15:04:56 2029 GMT Subject: CN=ComSign Secured CA, O=ComSign, C=IL Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE X509v3 CRL Distribution Points: URI:http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:C1:4B:ED:70:B6:F7:3E:7C:00:3B:00:8F:C7:3E:0E:45:9F:1E:5D:EC X509v3 Subject Key Identifier: C1:4B:ED:70:B6:F7:3E:7C:00:3B:00:8F:C7:3E:0E:45:9F:1E:5D:EC

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services Trust: Always Validity Not Before: Jan 1 00:00:00 2004 GMT Not After : Dec 31 23:59:59 2028 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 CRL Distribution Points: URI:http://crl.comodoca.com/AAACertificateServices.crl URI:http://crl.comodo.net/AAACertificateServices.crl

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Secure Certificate Services Trust: Always Validity Not Before: Jan 1 00:00:00 2004 GMT Not After : Dec 31 23:59:59 2028 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Secure Certificate Services Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 3C:D8:93:88:C2:C0:82:09:CC:01:99:06:93:20:E9:9E:70:09:63:4F X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 CRL Distribution Points: URI:http://crl.comodoca.com/SecureCertificateServices.crl URI:http://crl.comodo.net/SecureCertificateServices.crl

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Trusted Certificate Services Trust: Always Validity Not Before: Jan 1 00:00:00 2004 GMT Not After : Dec 31 23:59:59 2028 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Trusted Certificate Services Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: C5:7B:58:BD:ED:DA:25:69:D2:F7:59:16:A8:B3:32:C0:7B:27:5B:F4 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 CRL Distribution Points: URI:http://crl.comodoca.com/TrustedCertificateServices.crl URI:http://crl.comodo.net/TrustedCertificateServices.crl

Version: 3 (0x2) Serial Number: 623603 (0x983f3) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009 Trust: Always Validity Not Before: Nov 5 08:35:58 2009 GMT Not After : Nov 5 08:35:58 2029 GMT Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: FD:DA:14:C4:9F:30:DE:21:BD:1E:42:39:FC:AB:63:23:49:E0:F1:84 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 CRL Distribution Points: URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%202009,O=D-Trust%20GmbH,C=DE?certificaterevocationlist URI:http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_2009.crl

Version: 3 (0x2) Serial Number: 623604 (0x983f4) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009 Trust: Always Validity Not Before: Nov 5 08:50:46 2009 GMT Not After : Nov 5 08:50:46 2029 GMT Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: D3:94:8A:4C:62:13:2A:19:2E:CC:AF:72:8A:7D:36:D7:9A:1C:DC:67 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 CRL Distribution Points: URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%20EV%202009,O=D-Trust%20GmbH,C=DE?certificaterevocationlist URI:http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_ev_2009.crl

Version: 3 (0x2) Serial Number: d0:1e:46:50:00:00:29:8c:00:00:00:02:00:00:00:02 Signature Algorithm: sha1WithRSAEncryption Issuer: O=Digital Signature Trust Co., CN=DST Root CA X4 Trust: Always Validity Not Before: Sep 13 06:22:50 2000 GMT Not After : Sep 13 06:22:50 2020 GMT Subject: O=Digital Signature Trust Co., CN=DST Root CA X4 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: F0:83:EA:73:C8:3F:5B:9B:5B:37:5F:F5:4C:8F:5A:F7:F4:86:48:BD

Version: 3 (0x2) Serial Number: 38 (0x26) Signature Algorithm: sha1WithRSAEncryption Issuer: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2 Trust: Always Validity Not Before: Jul 9 12:11:00 1999 GMT Not After : Jul 9 23:59:00 2019 GMT Subject: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 31:C3:79:1B:BA:F5:53:D7:17:E0:89:7A:2D:17:6C:0A:B3:2B:9D:33 X509v3 Basic Constraints: CA:TRUE, pathlen:5 X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA Trust: Always Validity Not Before: Nov 10 00:00:00 2006 GMT Not After : Nov 10 00:00:00 2031 GMT Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F X509v3 Authority Key Identifier: keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F

Version: 3 (0x2) Serial Number: 0b:93:1c:3a:d6:39:67:ea:67:23:bf:c3:af:9a:f4:4b Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2 Trust: Always Validity Not Before: Aug 1 12:00:00 2013 GMT Not After : Jan 15 12:00:00 2038 GMT Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: CE:C3:4A:B9:99:55:F2:B8:DB:60:BF:A9:7E:BD:56:B5:97:36:A7:D6

Version: 3 (0x2) Serial Number: 0b:a1:5a:fa:1d:df:a0:b5:49:44:af:cd:24:a0:6c:ec Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3 Trust: Always Validity Not Before: Aug 1 12:00:00 2013 GMT Not After : Jan 15 12:00:00 2038 GMT Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: CB:D0:BD:A9:E1:98:05:51:A1:4D:37:A2:83:79:CE:8D:1D:2A:E4:84

Version: 3 (0x2) Serial Number: 08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA Trust: Always Validity Not Before: Nov 10 00:00:00 2006 GMT Not After : Nov 10 00:00:00 2031 GMT Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55 X509v3 Authority Key Identifier: keyid:03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55

Version: 3 (0x2) Serial Number: 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 Trust: Always Validity Not Before: Aug 1 12:00:00 2013 GMT Not After : Jan 15 12:00:00 2038 GMT Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 4E:22:54:20:18:95:E6:E3:6E:E6:0F:FA:FA:B9:12:ED:06:17:8F:39

Version: 3 (0x2) Serial Number: 05:55:56:bc:f2:5e:a4:35:35:c3:a4:0f:d5:ab:45:72 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3 Trust: Always Validity Not Before: Aug 1 12:00:00 2013 GMT Not After : Jan 15 12:00:00 2038 GMT Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: B3:DB:48:A4:F9:A1:C5:D8:AE:36:41:CC:11:63:69:62:29:BC:4B:C6

Version: 3 (0x2) Serial Number: 02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA Trust: Always Validity Not Before: Nov 10 00:00:00 2006 GMT Not After : Nov 10 00:00:00 2031 GMT Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3 X509v3 Authority Key Identifier: keyid:B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3

Version: 3 (0x2) Serial Number: 05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c Signature Algorithm: sha384WithRSAEncryption Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4 Trust: Always Validity Not Before: Aug 1 12:00:00 2013 GMT Not After : Jan 15 12:00:00 2038 GMT Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F

Version: 3 (0x2) Serial Number: 4 (0x4) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD CLASS 3 Root CA Trust: Always Validity Not Before: May 19 13:13:00 2000 GMT Not After : May 14 13:13:00 2020 GMT Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD CLASS 3 Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Subject Key Identifier: 6C:9C:A5:F0:5C:8F:6D:41:8D:C4:17:3B:90:57:C2:0F:A3:CD:6D:FE X509v3 Basic Constraints: CA:TRUE

Version: 3 (0x2) Serial Number: 5 (0x5) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 2 Trust: Always Validity Not Before: Dec 13 15:00:10 2004 GMT Not After : Dec 5 15:00:10 2029 GMT Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 49:74:BB:0C:5E:BA:7A:FE:02:54:EF:7B:A0:C6:95:C6:09:80:70:96 X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 6a:68:3e:9c:51:9b:cb:53 Signature Algorithm: sha256WithRSAEncryption Issuer: C=TR, L=Ankara, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority Trust: Always Validity Not Before: Mar 5 12:09:48 2013 GMT Not After : Mar 3 12:09:48 2023 GMT Subject: C=TR, L=Ankara, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Subject Key Identifier: 2E:E3:DB:B2:49:D0:9C:54:79:5C:FA:27:2A:FE:CC:4E:D2:E8:4E:54 X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:2E:E3:DB:B2:49:D0:9C:54:79:5C:FA:27:2A:FE:CC:4E:D2:E8:4E:54 X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 4c:af:73:42:1c:8e:74:02 Signature Algorithm: sha1WithRSAEncryption Issuer: CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı, O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., C=TR Trust: Always Validity Not Before: Aug 17 00:21:09 2006 GMT Not After : Aug 14 00:31:09 2016 GMT Subject: CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı, O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., C=TR Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Authority Key Identifier: keyid:F6:B8:04:27:0E:56:16:D9:B9:63:D9:FD:A1:54:65:41:A0:08:48:2F X509v3 Subject Key Identifier: F6:B8:04:27:0E:56:16:D9:B9:63:D9:FD:A1:54:65:41:A0:08:48:2F X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: Policy: 2.16.840.1.101.3.2.1.12.1 Policy: 2.16.840.1.101.3.2.1.12.2

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=CA, ST=Ontario, L=Toronto, O=Echoworx Corporation, OU=Certification Services, CN=Echoworx Root CA2 Trust: Always Validity Not Before: Oct 6 10:49:13 2005 GMT Not After : Oct 7 10:49:13 2030 GMT Subject: C=CA, ST=Ontario, L=Toronto, O=Echoworx Corporation, OU=Certification Services, CN=Echoworx Root CA2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 3B:E1:81:1B:A0:AB:3F:3B:21:82:D5:E2:12:AE:AE:50:AB:14:A5:13 X509v3 Authority Key Identifier: keyid:3B:E1:81:1B:A0:AB:3F:3B:21:82:D5:E2:12:AE:AE:50:AB:14:A5:13 DirName:/C=CA/ST=Ontario/L=Toronto/O=Echoworx Corporation/OU=Certification Services/CN=Echoworx Root CA2 serial:00 X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.15505.10.1.3.1 CPS: http://www.echoworx.com/ca/root2/cps.pdf

Version: 3 (0x2) Serial Number: 1164660820 (0x456b5054) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority Trust: Always Validity Not Before: Nov 27 20:23:42 2006 GMT Not After : Nov 27 20:53:42 2026 GMT Subject: C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Private Key Usage Period: Not Before: Nov 27 20:23:42 2006 GMT, Not After: Nov 27 20:53:42 2026 GMT X509v3 Authority Key Identifier: keyid:68:90:E4:67:A4:A6:53:80:C7:86:66:A4:F1:F7:4B:43:FB:84:BD:6D X509v3 Subject Key Identifier: 68:90:E4:67:A4:A6:53:80:C7:86:66:A4:F1:F7:4B:43:FB:84:BD:6D 1.2.840.113533.7.65.0: 0...V7.1:4.0....

Version: 3 (0x2) Serial Number: a6:8b:79:29:00:00:00:00:50:d0:91:f9 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1 Trust: Always Validity Not Before: Dec 18 15:25:36 2012 GMT Not After : Dec 18 15:55:36 2037 GMT Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: B7:63:E7:1A:DD:8D:E9:08:A6:55:83:A4:E0:6A:50:41:65:11:42:49

Version: 3 (0x2) Serial Number: 1246989352 (0x4a538c28) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 Trust: Always Validity Not Before: Jul 7 17:25:54 2009 GMT Not After : Dec 7 17:55:54 2030 GMT Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 6A:72:26:7A:D0:1E:EF:7D:E7:3B:69:51:D4:6C:8D:9F:90:12:66:AB

Version: 3 (0x2) Serial Number: 927650371 (0x374ad243) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority Trust: Always Validity Not Before: May 25 16:09:40 1999 GMT Not After : May 25 16:39:40 2019 GMT Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 CRL Distribution Points: DirName:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority/CN=CRL1 URI:http://www.entrust.net/CRL/net1.crl X509v3 Private Key Usage Period: Not Before: May 25 16:09:40 1999 GMT, Not After: May 25 16:09:40 2019 GMT X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A X509v3 Subject Key Identifier: F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A X509v3 Basic Constraints: CA:TRUE 1.2.840.113533.7.65.0: 0 ..V4.0....

Version: 3 (0x2) Serial Number: 903804111 (0x35def4cf) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority Trust: Always Validity Not Before: Aug 22 16:41:51 1998 GMT Not After : Aug 22 16:41:51 2018 GMT Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 CRL Distribution Points: DirName:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority/CN=CRL1 X509v3 Private Key Usage Period: Not After: Aug 22 16:41:51 2018 GMT X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4 X509v3 Subject Key Identifier: 48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4 X509v3 Basic Constraints: CA:TRUE 1.2.840.113533.7.65.0: 0...V3.0c....

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1 Trust: Always Validity Not Before: Jun 21 04:00:00 1999 GMT Not After : Jun 21 04:00:00 2020 GMT Subject: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6C X509v3 Subject Key Identifier: BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6C

Version: 3 (0x2) Serial Number: 4 (0x4) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1 Trust: Always Validity Not Before: Jun 21 04:00:00 1999 GMT Not After : Jun 21 04:00:00 2020 GMT Subject: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1 X509v3 Subject Key Identifier: 4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1

Version: 3 (0x2) Serial Number: 930140085 (0x3770cfb5) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Equifax Secure, OU=Equifax Secure eBusiness CA-2 Trust: Always Validity Not Before: Jun 23 12:14:45 1999 GMT Not After : Jun 23 12:14:45 2019 GMT Subject: C=US, O=Equifax Secure, OU=Equifax Secure eBusiness CA-2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 CRL Distribution Points: DirName:/C=US/O=Equifax Secure/OU=Equifax Secure eBusiness CA-2/CN=CRL1 X509v3 Private Key Usage Period: Not After: Jun 23 12:14:45 2019 GMT X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:50:9E:0B:EA:AF:5E:B9:20:48:A6:50:6A:CB:FD:D8:20:7A:A7:82:76 X509v3 Subject Key Identifier: 50:9E:0B:EA:AF:5E:B9:20:48:A6:50:6A:CB:FD:D8:20:7A:A7:82:76 X509v3 Basic Constraints: CA:TRUE 1.2.840.113533.7.65.0: 0...V3.0c....

Version: 3 (0x2) Serial Number: 999181308 (0x3b8e4bfc) Signature Algorithm: sha1WithRSAEncryption Issuer: emailAddress=pki@sk.ee, C=EE, O=AS Sertifitseerimiskeskus, CN=Juur-SK Trust: Always Validity Not Before: Aug 30 14:23:01 2001 GMT Not After : Aug 26 14:23:01 2016 GMT Subject: emailAddress=pki@sk.ee, C=EE, O=AS Sertifitseerimiskeskus, CN=Juur-SK Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.10015.1.1.1 CPS: http://www.sk.ee/cps/ X509v3 CRL Distribution Points: URI:http://www.sk.ee/juur/crl/ X509v3 Subject Key Identifier: 04:AA:7A:47:A3:E4:89:AF:1A:CF:0A:40:A7:18:3F:6F:EF:E9:7D:BE X509v3 Authority Key Identifier: keyid:04:AA:7A:47:A3:E4:89:AF:1A:CF:0A:40:A7:18:3F:6F:EF:E9:7D:BE X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 29:36:47:aa:e3:8a:ac:86:4a:23:56:f2:ca:b7:61:af Signature Algorithm: sha1WithRSAEncryption Issuer: C=us, O=U.S. Government, OU=FBCA, CN=Common Policy Trust: Always Validity Not Before: Oct 15 15:58:00 2007 GMT Not After : Oct 15 16:08:00 2027 GMT Subject: C=us, O=U.S. Government, OU=FBCA, CN=Common Policy Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 2F:58:97:D8:A9:05:98:A5:56:1F:FB:D9:AB:75:EF:02:3C:36:34:C7 1.3.6.1.4.1.311.21.1: ..... 1.3.6.1.4.1.311.21.2: ..v.`...V).u..pc..G...

Version: 3 (0x2) Serial Number: 304 (0x130) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA Trust: Always Validity Not Before: Dec 1 16:45:27 2010 GMT Not After : Dec 1 16:45:27 2030 GMT Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE Subject Information Access: CA Repository - URI:http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c CA Repository - URI:ldap://ldap.fpki.gov/cn=Federal%20Common%20Policy%20CA,ou=FPKI,o=U.S.%20Government,c=US?cACertificate;binary,crossCertificatePair;binary X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: AD:0C:7A:75:5C:E5:F3:98:C4:79:98:0E:AC:28:FD:97:F4:E7:02:FC

Version: 3 (0x2) Serial Number: 53:ec:3b:ee:fb:b2:48:5f Signature Algorithm: sha1WithRSAEncryption Issuer: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 Trust: Always Validity Not Before: May 20 08:38:15 2009 GMT Not After : Dec 31 08:38:15 2030 GMT Subject: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 65:CD:EB:AB:35:1E:00:3E:7E:D5:74:C0:1C:B4:73:47:0E:1A:64:2F X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.firmaprofesional.com/cps

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority Trust: Always Validity Not Before: Jun 29 17:06:20 2004 GMT Not After : Jun 29 17:06:20 2034 GMT Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3 X509v3 Authority Key Identifier: keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3 DirName:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority serial:00 X509v3 Basic Constraints: CA:TRUE

Version: 1 (0x0) Serial Number: 421 (0x1a5) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root Trust: Always Validity Not Before: Aug 13 00:29:00 1998 GMT Not After : Aug 13 23:59:00 2018 GMT Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 3 (0x2) Serial Number: 3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2 Trust: Always Validity Not Before: Nov 5 00:00:00 2007 GMT Not After : Jan 18 23:59:59 2038 GMT Subject: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 15:5F:35:57:51:55:FB:25:B2:AD:03:69:FC:01:A3:FA:BE:11:55:D5

Version: 3 (0x2) Serial Number: 15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 Trust: Always Validity Not Before: Apr 2 00:00:00 2008 GMT Not After : Dec 1 23:59:59 2037 GMT Subject: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: C4:79:CA:8E:A1:4E:03:1D:1C:DC:6B:DB:31:5B:94:3E:3F:30:7F:2D

Version: 3 (0x2) Serial Number: 144470 (0x23456) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA Trust: Always Validity Not Before: May 21 04:00:00 2002 GMT Not After : May 21 04:00:00 2022 GMT Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E X509v3 Authority Key Identifier: keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E

Version: 3 (0x2) Serial Number: 04:00:00:00:00:01:21:58:53:08:a2 Signature Algorithm: sha256WithRSAEncryption Issuer: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign Trust: Always Validity Not Before: Mar 18 10:00:00 2009 GMT Not After : Mar 18 10:00:00 2029 GMT Subject: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 8F:F0:4B:7F:A8:2E:45:24:AE:4D:50:FA:63:9A:8B:DE:E2:DD:1B:BC

Version: 3 (0x2) Serial Number: 04:00:00:00:00:01:15:4b:5a:c3:94 Signature Algorithm: sha1WithRSAEncryption Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA Trust: Always Validity Not Before: Sep 1 12:00:00 1998 GMT Not After : Jan 28 12:00:00 2028 GMT Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B

Version: 3 (0x2) Serial Number: 2a:38:a4:1c:96:0a:04:de:42:b2:28:a5:0b:e8:34:98:02 Signature Algorithm: ecdsa-with-SHA256 Issuer: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign Trust: Always Validity Not Before: Nov 13 00:00:00 2012 GMT Not After : Jan 19 03:14:07 2038 GMT Subject: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign Subject Public Key Info: Public Key Algorithm: id-ecPublicKey X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 54:B0:7B:AD:45:B8:E2:40:7F:FB:0A:6E:FB:BE:33:C9:3C:A3:84:D5

Version: 3 (0x2) Serial Number: 60:59:49:e0:26:2e:bb:55:f9:0a:77:8a:71:f9:4a:d8:6c Signature Algorithm: ecdsa-with-SHA384 Issuer: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign Trust: Always Validity Not Before: Nov 13 00:00:00 2012 GMT Not After : Jan 19 03:14:07 2038 GMT Subject: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign Subject Public Key Info: Public Key Algorithm: id-ecPublicKey X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 3D:E6:29:48:9B:EA:07:CA:21:44:4A:26:DE:6E:DE:D2:83:D0:9F:59

Version: 3 (0x2) Serial Number: 04:00:00:00:00:01:0f:86:26:e6:0d Signature Algorithm: sha1WithRSAEncryption Issuer: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign Trust: Always Validity Not Before: Dec 15 08:00:00 2006 GMT Not After : Dec 15 08:00:00 2021 GMT Subject: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E X509v3 CRL Distribution Points: URI:http://crl.globalsign.net/root-r2.crl X509v3 Authority Key Identifier: keyid:9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 Trust: Always Validity Not Before: Sep 1 00:00:00 2009 GMT Not After : Dec 31 23:59:59 2037 GMT Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 3A:9A:85:07:10:67:28:B6:EF:F6:BD:05:41:6E:20:C1:94:DA:0F:DE

Version: 3 (0x2) Serial Number: 1000 (0x3e8) Signature Algorithm: sha1WithRSAEncryption Issuer: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1 Trust: Always Validity Not Before: May 15 05:13:14 2003 GMT Not After : May 15 04:52:29 2023 GMT Subject: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:3 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011 Trust: Always Validity Not Before: Dec 6 13:49:52 2011 GMT Not After : Dec 1 13:49:52 2031 GMT Subject: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Subject Key Identifier: A6:91:42:FD:13:61:4A:23:9E:08:A4:29:E5:D8:13:04:23:EE:41:25 X509v3 Name Constraints: Permitted: DNS:.gr DNS:.eu DNS:.edu DNS:.org email:.gr email:.eu email:.edu email:.org

Version: 3 (0x2) Serial Number: 10500000 (0xa037a0) Signature Algorithm: sha256WithRSAEncryption Issuer: C=CZ, CN=I.CA - Qualified Certification Authority, 09/2009, O=První certifikační autorita, a.s., OU=I.CA - Accredited Provider of Certification Services Trust: Always Validity Not Before: Sep 1 00:00:00 2009 GMT Not After : Sep 1 00:00:00 2019 GMT Subject: C=CZ, CN=I.CA - Qualified Certification Authority, 09/2009, O=První certifikační autorita, a.s., OU=I.CA - Accredited Provider of Certification Services Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Certificate Policies: Policy: X509v3 Any Policy X509v3 Subject Key Identifier: 79:CB:D0:23:E9:3A:67:70:91:74:4F:D3:51:E2:E0:20:FD:E1:28:FB

Version: 3 (0x2) Serial Number: 44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b Signature Algorithm: sha1WithRSAEncryption Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Trust: Always Validity Not Before: Sep 30 21:12:19 2000 GMT Not After : Sep 30 14:01:15 2021 GMT Subject: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10

Version: 3 (0x2) Serial Number: 0d:5e:99:0a:d6:9d:b7:78:ec:d8:07:56:3b:86:15:d9 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6 Trust: Always Validity Not Before: Nov 20 21:19:58 2003 GMT Not After : Nov 20 21:19:58 2017 GMT Subject: C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Non Repudiation, Certificate Sign, CRL Sign X509v3 Subject Alternative Name: email:pki-ops@trustdst.com X509v3 Certificate Policies: Policy: 2.16.840.1.101.3.2.1.1.1 CPS: http://www.trustdst.com/certificates/policy/ACES-index.html X509v3 Subject Key Identifier: 09:72:06:4E:18:43:0F:E5:D6:CC:C3:6A:8B:31:7B:78:8F:A8:83:B8

Version: 3 (0x2) Serial Number: 06:e8:46:27:2f:1f:0a:8f:d1:84:5c:e3:69:f6:d5 Signature Algorithm: sha1WithRSAEncryption Issuer: C=ES, O=IZENPE S.A., CN=Izenpe.com Trust: Always Validity Not Before: Dec 13 13:08:27 2007 GMT Not After : Dec 13 08:27:25 2037 GMT Subject: C=ES, O=IZENPE S.A., CN=Izenpe.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Subject Alternative Name: email:info@izenpe.com, DirName:/O=IZENPE S.A. - CIF A01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8/street=Avda del Mediterraneo Etorbidea 14 - 01010 Vitoria-Gasteiz X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 1D:1C:65:0E:A8:F2:25:7B:B4:91:CF:E4:B1:B1:E6:BD:55:74:6C:05

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=ES, O=IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8, L=Avda del Mediterraneo Etorbidea 3 - 01010 Vitoria-Gasteiz, CN=Izenpe.com/emailAddress=Info@izenpe.com Trust: Always Validity Not Before: Jan 30 23:00:00 2003 GMT Not After : Jan 30 23:00:00 2018 GMT Subject: C=ES, O=IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8, L=Avda del Mediterraneo Etorbidea 3 - 01010 Vitoria-Gasteiz, CN=Izenpe.com/emailAddress=Info@izenpe.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: EA:56:4F:EC:3C:83:A1:14:88:78:81:B2:2B:05:22:C0:07:41:5B:42

Version: 3 (0x2) Serial Number: b0:b7:5a:16:48:5f:bf:e1:cb:f5:8b:d7:19:e6:7d Signature Algorithm: sha256WithRSAEncryption Issuer: C=ES, O=IZENPE S.A., CN=Izenpe.com Trust: Always Validity Not Before: Dec 13 13:08:28 2007 GMT Not After : Dec 13 08:27:25 2037 GMT Subject: C=ES, O=IZENPE S.A., CN=Izenpe.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Subject Alternative Name: email:info@izenpe.com, DirName:/O=IZENPE S.A. - CIF A01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8/street=Avda del Mediterraneo Etorbidea 14 - 01010 Vitoria-Gasteiz X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 1D:1C:65:0E:A8:F2:25:7B:B4:91:CF:E4:B1:B1:E6:BD:55:74:6C:05

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11 Trust: Always Validity Not Before: Apr 8 04:56:47 2009 GMT Not After : Apr 8 04:56:47 2029 GMT Subject: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 5B:F8:4D:4F:B2:A5:86:D4:3A:D2:F1:63:9A:A0:BE:09:F6:57:B7:DE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 31:32:35:33:37:32:38:32:38:32:38 Signature Algorithm: sha256WithRSAEncryption Issuer: C=JP, O=Japanese Government, OU=GPKI, CN=ApplicationCA2 Root Trust: Always Validity Not Before: Mar 12 15:00:00 2013 GMT Not After : Mar 12 15:00:00 2033 GMT Subject: C=JP, O=Japanese Government, OU=GPKI, CN=ApplicationCA2 Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 56:A7:AC:AA:02:1D:B2:AC:3D:90:0E:A0:6F:2E:41:C6:76:E7:7B:DA X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Alternative Name: DirName:/C=JP/O=日本国政府/OU=政府認証基盤/CN=アプリケーションCA2 Root X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: e6:09:fe:7a:ea:00:68:8c:e0:24:b4:ed:20:1b:1f:ef:52:b4:44:d1 Signature Algorithm: sha1WithRSAEncryption Issuer: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA Trust: Always Validity Not Before: Dec 6 11:10:57 2011 GMT Not After : Dec 6 11:10:57 2031 GMT Subject: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 53:92:A3:7D:FF:82:76:F0:33:D4:EB:92:67:47:61:33:1B:68:3B:2A

Version: 3 (0x2) Serial Number: 974849029 (0x3a1b0405) Signature Algorithm: sha1WithRSAEncryption Issuer: C=DK, O=KMD, OU=KMD-CA, CN=KMD-CA Kvalificeret Person Trust: Always Validity Not Before: Nov 21 23:24:59 2000 GMT Not After : Nov 22 23:24:59 2015 GMT Subject: C=DK, O=KMD, OU=KMD-CA, CN=KMD-CA Kvalificeret Person Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Subject Key Identifier: 79:62:EA:9A:12:38:D8:9C:63:EC:38:9F:0E:C5:BE:0E:54:21:28:3D X509v3 Authority Key Identifier: keyid:79:62:EA:9A:12:38:D8:9C:63:EC:38:9F:0E:C5:BE:0E:54:21:28:3D

Version: 3 (0x2) Serial Number: 1003145554 (0x3bcac952) Signature Algorithm: sha1WithRSAEncryption Issuer: C=DK, O=KMD, OU=KMD-CA, CN=KMD-CA Server/mail=infoca@kmd-ca.dk Trust: Always Validity Not Before: Oct 16 19:19:21 1998 GMT Not After : Oct 12 19:19:21 2018 GMT Subject: C=DK, O=KMD, OU=KMD-CA, CN=KMD-CA Server/mail=infoca@kmd-ca.dk Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, O=Japanese Government, OU=MPHPT, OU=MPHPT Certification Authority Trust: Always Validity Not Before: Mar 14 07:50:26 2002 GMT Not After : Mar 13 14:59:59 2012 GMT Subject: C=JP, O=Japanese Government, OU=MPHPT, OU=MPHPT Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Authority Key Identifier: keyid:60:C2:F7:A4:BA:00:D2:1F:77:62:78:25:F0:66:FF:52:00:21:EF:7A X509v3 Subject Key Identifier: 60:C2:F7:A4:BA:00:D2:1F:77:62:78:25:F0:66:FF:52:00:21:EF:7A X509v3 Basic Constraints: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign Netscape Cert Type: SSL CA, Object Signing CA

Version: 3 (0x2) Serial Number: c2:7e:43:04:4e:47:3f:19 Signature Algorithm: sha256WithRSAEncryption Issuer: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu Trust: Always Validity Not Before: Jun 16 11:30:18 2009 GMT Not After : Dec 30 11:30:18 2029 GMT Subject: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: CB:0F:C6:DF:42:43:CC:3D:CB:B5:48:23:A1:1A:7A:A6:2A:BB:34:68 X509v3 Authority Key Identifier: keyid:CB:0F:C6:DF:42:43:CC:3D:CB:B5:48:23:A1:1A:7A:A6:2A:BB:34:68 X509v3 Subject Alternative Name: email:info@e-szigno.hu

Version: 3 (0x2) Serial Number: 49:41:2c:e4:00:10 Signature Algorithm: sha256WithRSAEncryption Issuer: C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány Trust: Always Validity Not Before: Dec 11 15:08:21 2008 GMT Not After : Dec 6 15:08:21 2028 GMT Subject: C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 21:30:C9:FB:00:D7:4E:98:DA:87:AA:2A:D0:A7:2E:B1:40:31:A7:4C X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 CRL Distribution Points: URI:http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl

Version: 1 (0x0) Serial Number: cd:ba:7f:56:f0:df:e4:bc:54:fe:22:ac:b3:72:aa:55 Signature Algorithm: md2WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority Trust: Always Validity Not Before: Jan 29 00:00:00 1996 GMT Not After : Aug 1 23:59:59 2028 GMT Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 1 (0x0) Serial Number: 2d:1b:fc:4a:17:8d:a3:91:eb:e7:ff:f5:8b:45:be:0b Signature Algorithm: md2WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority Trust: Always Validity Not Before: Jan 29 00:00:00 1996 GMT Not After : Aug 1 23:59:59 2028 GMT Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 1 (0x0) Serial Number: 70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf Signature Algorithm: md2WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority Trust: Always Validity Not Before: Jan 29 00:00:00 1996 GMT Not After : Aug 1 23:59:59 2028 GMT Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 3 (0x2) Serial Number: 279744 (0x444c0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA Trust: Always Validity Not Before: Oct 22 12:07:37 2008 GMT Not After : Dec 31 12:07:37 2029 GMT Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 08:76:CD:CB:07:FF:24:F6:C5:CD:ED:BB:90:BC:E2:84:37:46:75:F7 X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root Trust: Always Validity Not Before: Sep 30 16:13:43 2003 GMT Not After : Sep 30 16:13:44 2037 GMT Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:12 X509v3 CRL Distribution Points: URI:http://crl.chambersign.org/chambersroot.crl X509v3 Subject Key Identifier: E3:94:F5:B1:4D:E9:DB:A1:29:5B:57:8B:4D:76:06:76:E1:D1:A2:8A X509v3 Key Usage: critical Certificate Sign, CRL Sign Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 Subject Alternative Name: email:chambersroot@chambersign.org X509v3 Issuer Alternative Name: email:chambersroot@chambersign.org X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.17326.10.3.1 CPS: http://cps.chambersign.org/cps/chambersroot.html

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root Trust: Always Validity Not Before: Sep 30 16:14:18 2003 GMT Not After : Sep 30 16:14:18 2037 GMT Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:12 X509v3 CRL Distribution Points: URI:http://crl.chambersign.org/chambersignroot.crl X509v3 Subject Key Identifier: 43:9C:36:9F:B0:9E:30:4D:C6:CE:5F:AD:10:AB:E5:03:A5:FA:A9:14 X509v3 Key Usage: critical Certificate Sign, CRL Sign Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 Subject Alternative Name: email:chambersignroot@chambersign.org X509v3 Issuer Alternative Name: email:chambersignroot@chambersign.org X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.17326.10.1.1 CPS: http://cps.chambersign.org/cps/chambersignroot.html

Version: 3 (0x2) Serial Number: 0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02 Signature Algorithm: sha1WithRSAEncryption Issuer: O=RSA Security Inc, OU=RSA Security 2048 V3 Trust: Always Validity Not Before: Feb 22 20:39:23 2001 GMT Not After : Feb 22 20:39:23 2026 GMT Subject: O=RSA Security Inc, OU=RSA Security 2048 V3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:07:C3:51:30:A4:AA:E9:45:AE:35:24:FA:FF:24:2C:33:D0:B1:9D:8C X509v3 Subject Key Identifier: 07:C3:51:30:A4:AA:E9:45:AE:35:24:FA:FF:24:2C:33:D0:B1:9D:8C

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 Trust: Always Validity Not Before: Sep 30 04:20:49 2003 GMT Not After : Sep 30 04:20:49 2023 GMT Subject: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: A0:73:49:99:68:DC:85:5B:65:E3:9B:28:2F:57:9F:BD:33:BC:07:48 X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication EV RootCA1 Trust: Always Validity Not Before: Jun 6 02:12:32 2007 GMT Not After : Jun 6 02:12:32 2037 GMT Subject: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication EV RootCA1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 35:4A:F5:4D:AF:3F:D7:82:38:AC:AB:71:65:17:75:8C:9D:55:93:E6 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha256WithRSAEncryption Issuer: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2 Trust: Always Validity Not Before: May 29 05:00:39 2009 GMT Not After : May 29 05:00:39 2029 GMT Subject: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 0A:85:A9:77:65:05:98:7C:40:81:F8:0F:97:2C:38:F1:0A:EC:3C:CF X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority Trust: Always Validity Not Before: Jun 29 17:39:16 2004 GMT Not After : Jun 29 17:39:16 2034 GMT Subject: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 X509v3 Authority Key Identifier: keyid:BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 DirName:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority serial:00 X509v3 Basic Constraints: CA:TRUE

Version: 3 (0x2) Serial Number: 54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a Signature Algorithm: sha1WithRSAEncryption Issuer: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA/emailAddress=pki@sk.ee Trust: Always Validity Not Before: Oct 30 10:10:30 2010 GMT Not After : Dec 17 23:59:59 2030 GMT Subject: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA/emailAddress=pki@sk.ee Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 12:F2:5A:3E:EA:56:1C:BF:CD:06:AC:F1:F1:25:C9:A9:4B:D4:14:99 X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Code Signing, E-mail Protection, Time Stamping, OCSP Signing

Version: 3 (0x2) Serial Number: 36 (0x24) Signature Algorithm: sha1WithRSAEncryption Issuer: C=FI, O=Sonera, CN=Sonera Class1 CA Trust: Always Validity Not Before: Apr 6 10:49:13 2001 GMT Not After : Apr 6 10:49:13 2021 GMT Subject: C=FI, O=Sonera, CN=Sonera Class1 CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 47:E2:0C:8B:F6:53:88:52 X509v3 Key Usage: Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 29 (0x1d) Signature Algorithm: sha1WithRSAEncryption Issuer: C=FI, O=Sonera, CN=Sonera Class2 CA Trust: Always Validity Not Before: Apr 6 07:29:40 2001 GMT Not After : Apr 6 07:29:40 2021 GMT Subject: C=FI, O=Sonera, CN=Sonera Class2 CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 4A:A0:AA:58:84:D3:5E:3C X509v3 Key Usage: Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 10000013 (0x98968d) Signature Algorithm: sha256WithRSAEncryption Issuer: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA Trust: Always Validity Not Before: Dec 8 11:19:29 2010 GMT Not After : Dec 8 11:10:28 2022 GMT Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: FE:AB:00:90:98:9E:24:FC:A9:CC:1A:8A:FB:27:B8:BF:30:6E:A8:3B

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 Trust: Always Validity Not Before: Sep 1 00:00:00 2009 GMT Not After : Dec 31 23:59:59 2037 GMT Subject: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 7C:0C:32:1F:A7:D9:30:7F:C4:7D:68:A3:62:A8:A1:CE:AB:07:5B:27

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 Trust: Always Validity Not Before: Sep 1 00:00:00 2009 GMT Not After : Dec 31 23:59:59 2037 GMT Subject: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 9C:5F:00:DF:AA:01:D7:30:2B:38:88:A2:B8:6D:4A:9C:F2:11:91:83

Version: 3 (0x2) Serial Number: 59 (0x3b) Signature Algorithm: sha256WithRSAEncryption Issuer: C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2 Trust: Always Validity Not Before: Jan 1 01:00:01 2010 GMT Not After : Dec 31 23:59:01 2039 GMT Subject: C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 4B:C5:B4:40:6B:AD:1C:B3:A5:1C:65:6E:46:36:89:87:05:0C:0E:B6

Version: 3 (0x2) Serial Number: bb:40:1c:43:f5:5e:4f:b0 Signature Algorithm: sha1WithRSAEncryption Issuer: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2 Trust: Always Validity Not Before: Oct 25 08:30:35 2006 GMT Not After : Oct 25 08:30:35 2036 GMT Subject: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 5B:25:7B:96:A4:65:51:7E:B8:39:F3:C0:78:66:5E:E8:3A:E7:F0:EE X509v3 Authority Key Identifier: keyid:5B:25:7B:96:A4:65:51:7E:B8:39:F3:C0:78:66:5E:E8:3A:E7:F0:EE X509v3 Certificate Policies: Policy: 2.16.756.1.89.1.2.1.1 CPS: http://repository.swisssign.com/

Version: 3 (0x2) Serial Number: 4e:b2:00:67:0c:03:5d:4f Signature Algorithm: sha1WithRSAEncryption Issuer: C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2 Trust: Always Validity Not Before: Oct 25 08:36:00 2006 GMT Not After : Oct 25 08:36:00 2036 GMT Subject: C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 50:AF:CC:07:87:15:47:6F:38:C5:B4:65:D1:DE:95:AA:E9:DF:9C:CC X509v3 Authority Key Identifier: keyid:50:AF:CC:07:87:15:47:6F:38:C5:B4:65:D1:DE:95:AA:E9:DF:9C:CC X509v3 Certificate Policies: Policy: 2.16.756.1.89.1.1.1.1 CPS: http://repository.swisssign.com/

Version: 3 (0x2) Serial Number: 4f:1b:d4:2f:54:bb:2f:4b Signature Algorithm: sha1WithRSAEncryption Issuer: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2 Trust: Always Validity Not Before: Oct 25 08:32:46 2006 GMT Not After : Oct 25 08:32:46 2036 GMT Subject: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 17:A0:CD:C1:E4:41:B6:3A:5B:3B:CB:45:9D:BD:1C:C2:98:FA:86:58 X509v3 Authority Key Identifier: keyid:17:A0:CD:C1:E4:41:B6:3A:5B:3B:CB:45:9D:BD:1C:C2:98:FA:86:58 X509v3 Certificate Policies: Policy: 2.16.756.1.89.1.3.1.1 CPS: http://repository.swisssign.com/

Version: 3 (0x2) Serial Number: 1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6 Signature Algorithm: sha256WithRSAEncryption Issuer: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 2 Trust: Always Validity Not Before: Jun 24 08:38:14 2011 GMT Not After : Jun 25 07:38:14 2031 GMT Subject: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Policy Mappings: 2.16.756.1.83.2.1:2.16.756.1.83.2.1 X509v3 Basic Constraints: critical CA:TRUE, pathlen:7 X509v3 Subject Key Identifier: 4D:26:20:22:89:4B:D3:D5:A4:0A:A1:6F:DE:E2:12:81:C5:F1:3C:2E X509v3 Authority Key Identifier: keyid:4D:26:20:22:89:4B:D3:D5:A4:0A:A1:6F:DE:E2:12:81:C5:F1:3C:2E

Version: 3 (0x2) Serial Number: f2:fa:64:e2:74:63:d3:8d:fd:10:1d:04:1f:76:ca:58 Signature Algorithm: sha256WithRSAEncryption Issuer: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root EV CA 2 Trust: Always Validity Not Before: Jun 24 09:45:08 2011 GMT Not After : Jun 25 08:45:08 2031 GMT Subject: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root EV CA 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Policy Mappings: 2.16.756.1.83.2.2:2.16.756.1.83.2.2 X509v3 Basic Constraints: critical CA:TRUE, pathlen:3 X509v3 Subject Key Identifier: 45:D9:A5:81:6E:3D:88:4D:8D:71:D2:46:C1:6E:45:1E:F3:C4:80:9D X509v3 Authority Key Identifier: keyid:45:D9:A5:81:6E:3D:88:4D:8D:71:D2:46:C1:6E:45:1E:F3:C4:80:9D

Version: 3 (0x2) Serial Number: 21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 1 Public Primary Certification Authority - G4 Trust: Always Validity Not Before: Oct 5 00:00:00 2011 GMT Not After : Jan 18 23:59:59 2038 GMT Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 1 Public Primary Certification Authority - G4 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 65:C0:8D:25:F5:0C:BA:97:77:90:3F:9E:2E:E0:5A:F5:CE:D5:E1:E4

Version: 3 (0x2) Serial Number: 24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 1 Public Primary Certification Authority - G6 Trust: Always Validity Not Before: Oct 18 00:00:00 2011 GMT Not After : Dec 1 23:59:59 2037 GMT Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 1 Public Primary Certification Authority - G6 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 33:41:E8:C8:39:12:15:93:48:F2:96:32:2E:5A:F5:DA:94:5F:53:60

Version: 3 (0x2) Serial Number: 34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 2 Public Primary Certification Authority - G4 Trust: Always Validity Not Before: Oct 5 00:00:00 2011 GMT Not After : Jan 18 23:59:59 2038 GMT Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 2 Public Primary Certification Authority - G4 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 3D:32:F3:3A:A9:0C:90:84:F9:A2:8C:69:06:61:54:2F:87:72:FE:05

Version: 3 (0x2) Serial Number: 64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 2 Public Primary Certification Authority - G6 Trust: Always Validity Not Before: Oct 18 00:00:00 2011 GMT Not After : Dec 1 23:59:59 2037 GMT Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 2 Public Primary Certification Authority - G6 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 87:8C:20:95:C8:98:4A:D1:D6:80:06:4A:90:34:44:DF:1C:4D:BF:B0

Version: 3 (0x2) Serial Number: 4c:79:b5:9a:28:9c:76:31:64:f5:89:44:d0:91:02:de Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Public Primary Certification Authority - G4 Trust: Always Validity Not Before: Oct 18 00:00:00 2012 GMT Not After : Dec 1 23:59:59 2037 GMT Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Public Primary Certification Authority - G4 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 24:9D:BC:D2:71:F7:1D:C2:25:BE:22:F1:89:A5:2C:15:3B:34:1E:5E

Version: 3 (0x2) Serial Number: 65:63:71:85:d3:6f:45:c6:8f:7f:31:f9:09:87:92:82 Signature Algorithm: sha384WithRSAEncryption Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Public Primary Certification Authority - G6 Trust: Always Validity Not Before: Oct 18 00:00:00 2012 GMT Not After : Dec 1 23:59:59 2037 GMT Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Public Primary Certification Authority - G6 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 39:71:08:00:3E:DE:C8:86:E7:90:FF:E4:FD:21:0F:CE:24:19:16:F6

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2 Trust: Always Validity Not Before: Oct 1 10:40:14 2008 GMT Not After : Oct 1 23:59:59 2033 GMT Subject: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: BF:59:20:36:00:79:A0:A0:22:6B:8C:D5:F2:61:D2:B8:2C:CB:82:4A

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3 Trust: Always Validity Not Before: Oct 1 10:29:56 2008 GMT Not After : Oct 1 23:59:59 2033 GMT Subject: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: B5:03:F7:76:3B:61:82:6A:12:AA:18:53:EB:03:21:94:BF:FE:CE:CA

Version: 3 (0x2) Serial Number: 1044954564 (0x3e48bdc4) Signature Algorithm: sha1WithRSAEncryption Issuer: C=DK, O=TDC, CN=TDC OCES CA Trust: Always Validity Not Before: Feb 11 08:39:30 2003 GMT Not After : Feb 11 09:09:30 2037 GMT Subject: C=DK, O=TDC, CN=TDC OCES CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Certificate Policies: Policy: 1.2.208.169.1.1.1 CPS: http://www.certifikat.dk/repository Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 CRL Distribution Points: DirName:/C=DK/O=TDC/CN=TDC OCES CA/CN=CRL1 URI:http://crl.oces.certifikat.dk/oces.crl X509v3 Private Key Usage Period: Not Before: Feb 11 08:39:30 2003 GMT, Not After: Feb 11 09:09:30 2037 GMT X509v3 Authority Key Identifier: keyid:60:B5:85:EC:56:64:7E:12:19:27:67:1D:50:15:4B:73:AE:3B:F9:12 X509v3 Subject Key Identifier: 60:B5:85:EC:56:64:7E:12:19:27:67:1D:50:15:4B:73:AE:3B:F9:12 1.2.840.113533.7.65.0: 0...V6.0:4.0....

Version: 3 (0x2) Serial Number: 986490188 (0x3acca54c) Signature Algorithm: sha1WithRSAEncryption Issuer: C=DK, O=TDC Internet, OU=TDC Internet Root CA Trust: Always Validity Not Before: Apr 5 16:33:17 2001 GMT Not After : Apr 5 17:03:17 2021 GMT Subject: C=DK, O=TDC Internet, OU=TDC Internet Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 CRL Distribution Points: DirName:/C=DK/O=TDC Internet/OU=TDC Internet Root CA/CN=CRL1 X509v3 Private Key Usage Period: Not Before: Apr 5 16:33:17 2001 GMT, Not After: Apr 5 17:03:17 2021 GMT X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:6C:64:01:C7:FD:85:6D:AC:C8:DA:9E:50:08:85:08:B5:3C:56:A8:50 X509v3 Subject Key Identifier: 6C:64:01:C7:FD:85:6D:AC:C8:DA:9E:50:08:85:08:B5:3C:56:A8:50 X509v3 Basic Constraints: CA:TRUE 1.2.840.113533.7.65.0: 0...V5.0:4.0....

Version: 3 (0x2) Serial Number: 1267621891 (0x4b8e6003) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DK, O=TRUST2408, CN=TRUST2408 OCES Primary CA Trust: Always Validity Not Before: Mar 3 12:41:34 2010 GMT Not After : Dec 3 13:11:34 2037 GMT Subject: C=DK, O=TRUST2408, CN=TRUST2408 OCES Primary CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Certificate Policies: Policy: X509v3 Any Policy X509v3 CRL Distribution Points: URI:http://crl.oces.trust2408.com/oces.crl DirName:/C=DK/O=TRUST2408/CN=TRUST2408 OCES Primary CA/CN=CRL1 X509v3 Authority Key Identifier: keyid:F6:6D:F8:B1:48:B3:41:43:01:DB:86:44:E5:18:05:B7:5E:CC:06:37 X509v3 Subject Key Identifier: F6:6D:F8:B1:48:B3:41:43:01:DB:86:44:E5:18:05:B7:5E:CC:06:37

Version: 3 (0x2) Serial Number: 3262 (0xcbe) Signature Algorithm: sha256WithRSAEncryption Issuer: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA Trust: Always Validity Not Before: Jun 27 06:28:33 2012 GMT Not After : Dec 31 15:59:59 2030 GMT Subject: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: b6:4b:88:07:e2:23:ee:c8:5c:12:ad:a6:0e:06:a1:f2 Signature Algorithm: sha256WithRSAEncryption Issuer: C=TW, O=Government Root Certification Authority Trust: Always Validity Not Before: Sep 28 08:58:51 2012 GMT Not After : Dec 31 15:59:59 2037 GMT Subject: C=TW, O=Government Root Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: D5:67:1D:E0:9C:7A:2C:9C:CB:C5:98:E7:1D:07:26:2A:86:EC:74:CD X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 95:be:16:a0:f7:2e:46:f1:7b:39:82:72:fa:8b:cd:96 Signature Algorithm: sha1WithRSAEncryption Issuer: O=TeliaSonera, CN=TeliaSonera Root CA v1 Trust: Always Validity Not Before: Oct 18 12:00:50 2007 GMT Not After : Oct 18 12:00:50 2032 GMT Subject: O=TeliaSonera, CN=TeliaSonera Root CA v1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Subject Key Identifier: F0:8F:59:38:00:B3:F5:8F:9A:96:0C:D5:EB:FA:7B:AA:17:E8:13:12

Version: 3 (0x2) Serial Number: 0d:8e:15:12:e1:ac:bb:77:8d:38:e3:24:df:8c:30:f2 Signature Algorithm: sha1WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/emailAddress=personal-basic@thawte.com Trust: Always Validity Not Before: Jan 1 00:00:00 1996 GMT Not After : Jan 1 23:59:59 2021 GMT Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/emailAddress=personal-basic@thawte.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 12:3d:f0:e7:da:2a:22:47:a4:38:89:e0:8a:ee:c9:67 Signature Algorithm: sha1WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/emailAddress=personal-freemail@thawte.com Trust: Always Validity Not Before: Jan 1 00:00:00 1996 GMT Not After : Jan 1 23:59:59 2021 GMT Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/emailAddress=personal-freemail@thawte.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 40:05:b2:53:a0:1a:46:43:50:09:81:8f:12:10:76:ec Signature Algorithm: sha1WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/emailAddress=personal-premium@thawte.com Trust: Always Validity Not Before: Jan 1 00:00:00 1996 GMT Not After : Jan 1 23:59:59 2021 GMT Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/emailAddress=personal-premium@thawte.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54 Signature Algorithm: sha1WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com Trust: Always Validity Not Before: Aug 1 00:00:00 1996 GMT Not After : Jan 1 23:59:59 2021 GMT Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 34:a4:ff:f6:30:af:4c:a5:3c:33:17:42:a1:94:66:75 Signature Algorithm: sha1WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Trust: Always Validity Not Before: Aug 1 00:00:00 1996 GMT Not After : Jan 1 23:59:59 2021 GMT Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 67:c8:e1:e8:e3:be:1c:bd:fc:91:3b:8e:a6:23:87:49 Signature Algorithm: sha1WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA Trust: Always Validity Not Before: Jan 1 00:00:00 1997 GMT Not After : Jan 1 23:59:59 2021 GMT Subject: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 1b:1f:ad:b6:20:f9:24:d3:36:6b:f7:c7:f1:8c:a0:59 Signature Algorithm: sha1WithRSAEncryption Issuer: C=GB, O=Trustis Limited, OU=Trustis FPS Root CA Trust: Always Validity Not Before: Dec 23 12:14:06 2003 GMT Not After : Jan 21 11:36:54 2024 GMT Subject: C=GB, O=Trustis Limited, OU=Trustis FPS Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:BA:FA:71:25:79:8B:57:41:25:21:86:0B:71:EB:B2:64:0E:8B:21:67 X509v3 Subject Key Identifier: BA:FA:71:25:79:8B:57:41:25:21:86:0B:71:EB:B2:64:0E:8B:21:67

Version: 3 (0x2) Serial Number: 07:56:22:a4:e8:d4:8a:89:4d:f4:13:c8:f0:f8:ea:a5 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=SecureTrust Corporation, CN=Secure Global CA Trust: Always Validity Not Before: Nov 7 19:42:28 2006 GMT Not After : Dec 31 19:52:06 2029 GMT Subject: C=US, O=SecureTrust Corporation, CN=Secure Global CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: 1.3.6.1.4.1.311.20.2: ...C.A X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: AF:44:04:C2:41:7E:48:83:DB:4E:39:02:EC:EC:84:7A:E6:CE:C9:A4 X509v3 CRL Distribution Points: URI:http://crl.securetrust.com/SGCA.crl 1.3.6.1.4.1.311.21.1: ...

Version: 3 (0x2) Serial Number: 0c:f0:8e:5c:08:16:a5:ad:42:7f:f0:eb:27:18:59:d0 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=SecureTrust Corporation, CN=SecureTrust CA Trust: Always Validity Not Before: Nov 7 19:31:18 2006 GMT Not After : Dec 31 19:40:55 2029 GMT Subject: C=US, O=SecureTrust Corporation, CN=SecureTrust CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: 1.3.6.1.4.1.311.20.2: ...C.A X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 42:32:B6:16:FA:04:FD:FE:5D:4B:7A:C3:FD:F7:4C:40:1D:5A:43:AF X509v3 CRL Distribution Points: URI:http://crl.securetrust.com/STCA.crl 1.3.6.1.4.1.311.21.1: ...

Version: 3 (0x2) Serial Number: 17 (0x11) Signature Algorithm: sha1WithRSAEncryption Issuer: C=TR, L=Gebze - Kocaeli, O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK, OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE, OU=Kamu Sertifikasyon Merkezi, CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 Trust: Always Validity Not Before: Aug 24 11:37:07 2007 GMT Not After : Aug 21 11:37:07 2017 GMT Subject: C=TR, L=Gebze - Kocaeli, O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK, OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE, OU=Kamu Sertifikasyon Merkezi, CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: BD:88:87:C9:8F:F6:A4:0A:0B:AA:EB:C5:FE:91:23:9D:AB:4A:8A:32 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 8 (0x8) Signature Algorithm: sha1WithRSAEncryption Issuer: C=CN, O=UniTrust, CN=UCA Global Root Trust: Always Validity Not Before: Jan 1 00:00:00 2008 GMT Not After : Dec 31 00:00:00 2037 GMT Subject: C=CN, O=UniTrust, CN=UCA Global Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Basic Constraints: CA:TRUE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, IPSec End System, IPSec Tunnel, IPSec User, Time Stamping, OCSP Signing X509v3 Subject Key Identifier: D9:C3:D3:F8:80:92:67:CC:5D:D2:3A:A2:D7:71:A2:B4:C4:38:80:2D

Version: 3 (0x2) Serial Number: 9 (0x9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=CN, O=UniTrust, CN=UCA Root Trust: Always Validity Not Before: Jan 1 00:00:00 2004 GMT Not After : Dec 31 00:00:00 2029 GMT Subject: C=CN, O=UniTrust, CN=UCA Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Basic Constraints: CA:TRUE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, IPSec End System, IPSec Tunnel, IPSec User, Time Stamping, OCSP Signing X509v3 Subject Key Identifier: DB:1F:35:F3:6B:4C:FF:42:31:64:9B:CD:BB:5A:1E:1D:48:10:B7:EE

Version: 3 (0x2) Serial Number: 44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication and Email Trust: Always Validity Not Before: Jul 9 17:28:50 1999 GMT Not After : Jul 9 17:36:58 2019 GMT Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication and Email Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: Digital Signature, Non Repudiation, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 89:82:67:7D:C4:9D:26:70:00:4B:B4:50:48:7C:DE:3D:AE:04:6E:7D X509v3 CRL Distribution Points: URI:http://crl.usertrust.com/UTN-USERFirst-ClientAuthenticationandEmail.crl X509v3 Extended Key Usage: TLS Web Client Authentication, E-mail Protection

Version: 3 (0x2) Serial Number: 44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware Trust: Always Validity Not Before: Jul 9 18:10:42 1999 GMT Not After : Jul 9 18:19:22 2019 GMT Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: Digital Signature, Non Repudiation, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45 X509v3 CRL Distribution Points: URI:http://crl.usertrust.com/UTN-USERFirst-Hardware.crl X509v3 Extended Key Usage: TLS Web Server Authentication, IPSec End System, IPSec Tunnel, IPSec User

Version: 3 (0x2) Serial Number: 44:be:0c:8b:50:00:24:b4:11:d3:36:30:4b:c0:33:77 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications Trust: Always Validity Not Before: Jul 9 18:48:39 1999 GMT Not After : Jul 9 18:57:49 2019 GMT Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: Digital Signature, Non Repudiation, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: FA:86:C9:DB:E0:BA:E9:78:F5:4B:A8:D6:15:DF:F0:D3:E1:6A:14:3C X509v3 CRL Distribution Points: URI:http://crl.usertrust.com/UTN-USERFirst-NetworkApplications.crl

Version: 3 (0x2) Serial Number: 44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object Trust: Always Validity Not Before: Jul 9 18:31:20 1999 GMT Not After : Jul 9 18:40:36 2019 GMT Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: Digital Signature, Non Repudiation, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8 X509v3 CRL Distribution Points: URI:http://crl.usertrust.com/UTN-USERFirst-Object.crl X509v3 Extended Key Usage: Code Signing, Time Stamping, Microsoft Encrypted File System

Version: 3 (0x2) Serial Number: 44:be:0c:8b:50:00:21:b4:11:d3:2a:68:06:a9:ad:69 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC Trust: Always Validity Not Before: Jun 24 18:57:21 1999 GMT Not After : Jun 24 19:06:30 2019 GMT Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: Digital Signature, Non Repudiation, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 53:32:D1:B3:CF:7F:FA:E0:F1:A0:5D:85:4E:92:D2:9E:45:1D:B4:4F X509v3 CRL Distribution Points: URI:http://crl.usertrust.com/UTN-DATACorpSGC.crl X509v3 Extended Key Usage: TLS Web Server Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto

Version: 3 (0x2) Serial Number: 65568 (0x10020) Signature Algorithm: sha1WithRSAEncryption Issuer: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA Trust: Always Validity Not Before: Jun 11 10:46:39 2002 GMT Not After : Jun 11 10:46:39 2027 GMT Subject: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 63:06:86:a7:c5:37:65:a5:43:90:a8:6a:58:cc:d4:32 Signature Algorithm: sha1WithRSAEncryption Issuer: C=LV, O=VAS Latvijas Pasts - Vien.reg.Nr.40003052790, OU=Sertifikacijas pakalpojumi, CN=VAS Latvijas Pasts SSI(RCA) Trust: Always Validity Not Before: Sep 13 09:22:10 2006 GMT Not After : Sep 13 09:27:57 2024 GMT Subject: C=LV, O=VAS Latvijas Pasts - Vien.reg.Nr.40003052790, OU=Sertifikacijas pakalpojumi, CN=VAS Latvijas Pasts SSI(RCA) Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign qcStatements: 0 0......F.. X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: CC:C3:F5:66:FF:73:AC:38:5A:96:1B:21:89:B8:81:4C:1F:CB:5E:25 1.3.6.1.4.1.311.21.1: ... X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.25177.1.1.2 CPS: http://www.e-me.lv/repository

Version: 1 (0x0) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com Trust: Always Validity Not Before: Jun 25 22:23:48 1999 GMT Not After : Jun 25 22:23:48 2019 GMT Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 1 (0x0) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com Trust: Always Validity Not Before: Jun 26 00:19:54 1999 GMT Not After : Jun 26 00:19:54 2019 GMT Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 1 (0x0) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com Trust: Always Validity Not Before: Jun 26 00:22:33 1999 GMT Not After : Jun 26 00:22:33 2019 GMT Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 3 (0x2) Serial Number: 2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4 Trust: Always Validity Not Before: Nov 5 00:00:00 2007 GMT Not After : Jan 18 23:59:59 2038 GMT Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign 1.3.6.1.5.5.7.1.12: 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif X509v3 Subject Key Identifier: B3:16:91:FD:EE:A6:6E:E4:B5:2E:49:8F:87:78:81:80:EC:E5:B1:B5

Version: 3 (0x2) Serial Number: 40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority Trust: Always Validity Not Before: Apr 2 00:00:00 2008 GMT Not After : Dec 1 23:59:59 2037 GMT Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign 1.3.6.1.5.5.7.1.12: 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif X509v3 Subject Key Identifier: B6:77:FA:69:48:47:9F:53:12:D5:C2:EA:07:32:76:07:D1:97:07:19

Version: 3 (0x2) Serial Number: 18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 Trust: Always Validity Not Before: Nov 8 00:00:00 2006 GMT Not After : Jul 16 23:59:59 2036 GMT Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign 1.3.6.1.5.5.7.1.12: 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif X509v3 Subject Key Identifier: 7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33

Version: 1 (0x0) Serial Number: 3f:69:1e:81:9c:f0:9a:4a:f3:73:ff:b9:48:a2:e4:dd Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority Trust: Always Validity Not Before: Jan 29 00:00:00 1996 GMT Not After : Aug 2 23:59:59 2028 GMT Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 1 (0x0) Serial Number: 0a:ba:1e:00:62:32:e8:b4:36:26:5d:1f:7c:cd:89:66 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority Trust: Always Validity Not Before: Jan 29 00:00:00 1996 GMT Not After : Aug 2 23:59:59 2028 GMT Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 1 (0x0) Serial Number: 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority Trust: Always Validity Not Before: Jan 29 00:00:00 1996 GMT Not After : Aug 2 23:59:59 2028 GMT Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit)

Version: 3 (0x2) Serial Number: 5b:57:d7:a8:4c:b0:af:d9:d3:6f:4b:a0:31:b4:d6:e2 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VISA, OU=Visa International Service Association, CN=Visa Information Delivery Root CA Trust: Always Validity Not Before: Jun 27 17:42:42 2005 GMT Not After : Jun 29 17:42:42 2025 GMT Subject: C=US, O=VISA, OU=Visa International Service Association, CN=Visa Information Delivery Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: Policy: 2.23.131.2.1 CPS: 1.2.3.4.5 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 4F:8A:DA:76:FF:67:77:23:9A:A6:80:7D:7D:DB:88:75:85:F7:81:7A

Version: 3 (0x2) Serial Number: 13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root Trust: Always Validity Not Before: Jun 26 02:18:36 2002 GMT Not After : Jun 24 00:16:12 2022 GMT Subject: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 15:38:83:0F:3F:2C:3F:70:33:1E:CD:46:FE:07:8C:20:E0:D7:C3:B7

Version: 3 (0x2) Serial Number: 41:3d:72:c7:f4:6b:1f:81:43:7d:f1:d2:28:54:df:9a Signature Algorithm: sha1WithRSAEncryption Issuer: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA Trust: Always Validity Not Before: Dec 11 16:03:44 2005 GMT Not After : Dec 11 16:09:51 2037 GMT Subject: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: B3:03:7E:AE:36:BC:B0:79:D1:DC:94:26:B6:11:BE:21:B2:69:86:94 1.3.6.1.4.1.311.21.1: ...

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certificate Authority Trust: Always Validity Not Before: Dec 13 17:07:54 2007 GMT Not After : Dec 14 00:07:54 2022 GMT Subject: C=US, O=Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certificate Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 CRL Distribution Points: URI:http://crl.pki.wellsfargo.com/wsprca.crl X509v3 Key Usage: critical Digital Signature, Non Repudiation, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 26:95:19:10:D9:E8:A1:97:91:FF:DC:19:D9:B5:04:3E:D2:73:0A:6A X509v3 Authority Key Identifier: keyid:26:95:19:10:D9:E8:A1:97:91:FF:DC:19:D9:B5:04:3E:D2:73:0A:6A DirName:/C=US/O=Wells Fargo WellsSecure/OU=Wells Fargo Bank NA/CN=WellsSecure Public Root Certificate Authority serial:01

Version: 3 (0x2) Serial Number: 50:94:6c:ec:18:ea:d5:9c:4d:d5:97:ef:75:8f:a0:ad Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority Trust: Always Validity Not Before: Nov 1 17:14:04 2004 GMT Not After : Jan 1 05:37:19 2035 GMT Subject: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: 1.3.6.1.4.1.311.20.2: ...C.A X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: C6:4F:A2:3D:06:63:84:09:9C:CE:62:E4:04:AC:8D:5C:B5:E9:B6:1B X509v3 CRL Distribution Points: URI:http://crl.xrampsecurity.com/XGCA.crl 1.3.6.1.4.1.311.21.1: ...

Version: 3 (0x2) Serial Number: 30:30:30:30:39:37:33:37:35:37:33:38:36:30:30:30 Signature Algorithm: sha1WithRSAEncryption Issuer: C=FR, O=CertiNomis, OU=AC Racine - Root CA, CN=CertiNomis Trust: Always Validity Not Before: Nov 9 00:00:00 2000 GMT Not After : Nov 9 00:00:00 2012 GMT Subject: C=FR, O=CertiNomis, OU=AC Racine - Root CA, CN=CertiNomis Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: F8:5E:21:A3:A8:A3:15:E6:F8:B5:11:BB:FE:42:04:5D:4D:8E:82:7A

Version: 3 (0x2) Serial Number: 07:7e:52:93:7b:e0:15:e3:57:f0:69:8c:cb:ec:0c Signature Algorithm: sha1WithRSAEncryption Issuer: C=CO, O=Sociedad Cameral de Certificación Digital - Certicámara S.A., CN=AC Raíz Certicámara S.A. Trust: Always Validity Not Before: Nov 27 20:46:29 2006 GMT Not After : Apr 2 21:42:02 2030 GMT Subject: C=CO, O=Sociedad Cameral de Certificación Digital - Certicámara S.A., CN=AC Raíz Certicámara S.A. Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: D1:09:D0:E9:D7:CE:79:74:54:F9:3A:30:B3:F4:6D:2C:03:03:1B:68 X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.certicamara.com/dpc/

Version: 3 (0x2) Serial Number: 58:0b:05:6c:53:24:db:b2:50:57:18:5f:f9:e5:a6:50 Signature Algorithm: sha1WithRSAEncryption Issuer: C=BE, CN=Belgium Root CA Trust: Always Validity Not Before: Jan 26 23:00:00 2003 GMT Not After : Jan 26 23:00:00 2014 GMT Subject: C=BE, CN=Belgium Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: Policy: 2.16.56.1.1.1 CPS: http://repository.eid.belgium.be X509v3 Subject Key Identifier: 10:F0:0C:56:9B:61:EA:57:3A:B6:35:97:6D:9F:DD:B9:14:8E:DB:E6 Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 Authority Key Identifier: keyid:10:F0:0C:56:9B:61:EA:57:3A:B6:35:97:6D:9F:DD:B9:14:8E:DB:E6

Version: 3 (0x2) Serial Number: 2a:ff:be:9f:a2:f0:e9:87 Signature Algorithm: sha1WithRSAEncryption Issuer: C=BE, CN=Belgium Root CA2 Trust: Always Validity Not Before: Oct 4 10:00:00 2007 GMT Not After : Dec 15 08:00:00 2021 GMT Subject: C=BE, CN=Belgium Root CA2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: Policy: 2.16.56.9.1.1 CPS: http://repository.eid.belgium.be X509v3 Subject Key Identifier: 85:8A:EB:F4:C5:BB:BE:0E:59:03:94:DE:D6:80:01:15:E3:10:9C:39 Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 Authority Key Identifier: keyid:85:8A:EB:F4:C5:BB:BE:0E:59:03:94:DE:D6:80:01:15:E3:10:9C:39

Version: 3 (0x2) Serial Number: 20:06:05:16:70:02 Signature Algorithm: sha1WithRSAEncryption Issuer: C=RO, O=certSIGN, OU=certSIGN ROOT CA Trust: Always Validity Not Before: Jul 4 17:20:04 2006 GMT Not After : Jul 4 17:20:04 2031 GMT Subject: C=RO, O=certSIGN, OU=certSIGN ROOT CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Non Repudiation, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: E0:8C:9B:DB:25:49:B3:F1:7C:86:D6:B2:42:87:0B:D0:6B:A0:D9:E4

Version: 3 (0x2) Serial Number: 85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 Signature Algorithm: sha1WithRSAEncryption Issuer: C=FR, O=Certplus, CN=Class 2 Primary CA Trust: Always Validity Not Before: Jul 7 17:05:00 1999 GMT Not After : Jul 6 23:59:59 2019 GMT Subject: C=FR, O=Certplus, CN=Class 2 Primary CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE, pathlen:10 X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Subject Key Identifier: E3:73:2D:DF:CB:0E:28:0C:DE:DD:B3:A4:CA:79:B8:8E:BB:E8:30:89 Netscape Cert Type: SSL CA, S/MIME CA X509v3 CRL Distribution Points: URI:http://www.certplus.com/CRL/class2.crl

Version: 3 (0x2) Serial Number: 5f:f8:7b:28:2b:54:dc:8d:42:a3:15:b5:68:c9:ad:ff Signature Algorithm: sha1WithRSAEncryption Issuer: O=Cisco Systems, CN=Cisco Root CA 2048 Trust: Always Validity Not Before: May 14 20:17:12 2004 GMT Not After : May 14 20:25:42 2029 GMT Subject: O=Cisco Systems, CN=Cisco Root CA 2048 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 27:F3:C8:15:1E:6E:9A:02:09:16:AD:2B:A0:89:60:5F:DA:7B:2F:AA 1.3.6.1.4.1.311.21.1: ...

Version: 3 (0x2) Serial Number: 1228079105 (0x49330001) Signature Algorithm: sha1WithRSAEncryption Issuer: C=CN, O=CNNIC, CN=CNNIC ROOT Trust: Always Validity Not Before: Apr 16 07:09:14 2007 GMT Not After : Apr 16 07:09:14 2027 GMT Subject: C=CN, O=CNNIC, CN=CNNIC ROOT Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 Authority Key Identifier: keyid:65:F2:31:AD:2A:F7:F7:DD:52:96:0A:C7:02:C1:0E:EF:A6:D5:3B:11 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 65:F2:31:AD:2A:F7:F7:DD:52:96:0A:C7:02:C1:0E:EF:A6:D5:3B:11

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Trust: Always Validity Not Before: Mar 22 01:39:34 2006 GMT Not After : Mar 22 01:39:34 2016 GMT Subject: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 8D:B2:49:68:9D:72:08:25:B9:C0:27:F5:50:93:56:48:46:71:F9:8F X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Alternative Name: email:caoperator@disig.sk, URI:http://www.disig.sk/ca X509v3 CRL Distribution Points: URI:http://www.disig.sk/ca/crl/ca_disig.crl URI:http://ca.disig.sk/ca/crl/ca_disig.crl X509v3 Certificate Policies: Policy: 1.3.158.35975946.0.0.0.1.1.1

Version: 3 (0x2) Serial Number: 946069240 (0x3863def8) Signature Algorithm: sha1WithRSAEncryption Issuer: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) Trust: Always Validity Not Before: Dec 24 17:50:51 1999 GMT Not After : Jul 24 14:15:12 2029 GMT Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70

Version: 3 (0x2) Serial Number: 104 (0x68) Signature Algorithm: md5WithRSAEncryption Issuer: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Expressz (Class C) Tanusitvanykiado Trust: Always Validity Not Before: Feb 25 14:08:11 1999 GMT Not After : Feb 20 14:08:11 2019 GMT Subject: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Expressz (Class C) Tanusitvanykiado Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:4 X509v3 Key Usage: critical Certificate Sign, CRL Sign Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA Netscape Comment: FIGYELEM! Ezen tanusitvany a NetLock Kft. Altalanos Szolgaltatasi Felteteleiben leirt eljarasok alapjan keszult. A hitelesites folyamatat a NetLock Kft. termekfelelosseg-biztositasa vedi. A digitalis alairas elfogadasanak feltetele az eloirt ellenorzesi eljaras megtetele. Az eljaras leirasa megtalalhato a NetLock Kft. Internet honlapjan a https://www.netlock.net/docs cimen vagy kerheto az ellenorzes@netlock.net e-mail cimen. IMPORTANT! The issuance and the use of this certificate is subject to the NetLock CPS available at https://www.netlock.net/docs or by e-mail at cps@netlock.net.

Version: 3 (0x2) Serial Number: 18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority Trust: Always Validity Not Before: Nov 27 00:00:00 2006 GMT Not After : Jul 16 23:59:59 2036 GMT Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 2C:D5:50:41:97:15:8B:F0:8F:36:61:5B:4A:FB:6B:D9:99:C9:33:92

Version: 3 (0x2) Serial Number: 02:00:00:00:00:00:d6:78:b7:94:05 Signature Algorithm: md5WithRSAEncryption Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA Trust: Always Validity Not Before: Sep 1 12:00:00 1998 GMT Not After : Jan 28 12:00:00 2014 GMT Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 4 (0x4) Signature Algorithm: sha1WithRSAEncryption Issuer: C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 1 Trust: Always Validity Not Before: Aug 24 08:05:46 2005 GMT Not After : Aug 24 08:05:46 2025 GMT Subject: C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: BF:B6:27:D8:03:5A:76:65:4C:61:01:41:56:31:E5:8B:7B:3A:D9:CC X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha1WithRSAEncryption Issuer: C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 3 Trust: Always Validity Not Before: Nov 19 06:39:51 2004 GMT Not After : Nov 19 06:39:51 2014 GMT Subject: C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Authority Key Identifier: keyid:8F:81:F0:DA:A6:CD:74:3C:BE:66:F4:15:6B:46:A4:FE:06:28:CC:AA X509v3 Subject Key Identifier: 8F:81:F0:DA:A6:CD:74:3C:BE:66:F4:15:6B:46:A4:FE:06:28:CC:AA X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.rootca.or.kr/rca/cps.html X509v3 Subject Alternative Name: DirName:/CN=𝕜국정보보호진흥원 X509v3 Issuer Alternative Name: DirName:/CN=𝕜국정보보호진흥원 X509v3 Basic Constraints: critical CA:TRUE X509v3 Policy Constraints: Require Explicit Policy:0

Version: 3 (0x2) Serial Number: 259 (0x103) Signature Algorithm: md5WithRSAEncryption Issuer: C=HU, ST=Hungary, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado Trust: Always Validity Not Before: Feb 24 23:14:47 1999 GMT Not After : Feb 19 23:14:47 2019 GMT Subject: C=HU, ST=Hungary, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE, pathlen:4 Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA Netscape Comment: FIGYELEM! Ezen tanusitvany a NetLock Kft. Altalanos Szolgaltatasi Felteteleiben leirt eljarasok alapjan keszult. A hitelesites folyamatat a NetLock Kft. termekfelelosseg-biztositasa vedi. A digitalis alairas elfogadasanak feltetele az eloirt ellenorzesi eljaras megtetele. Az eljaras leirasa megtalalhato a NetLock Kft. Internet honlapjan a https://www.netlock.net/docs cimen vagy kerheto az ellenorzes@netlock.net e-mail cimen. IMPORTANT! The issuance and the use of this certificate is subject to the NetLock CPS available at https://www.netlock.net/docs or by e-mail at cps@netlock.net.

Version: 3 (0x2) Serial Number: 123 (0x7b) Signature Algorithm: sha1WithRSAEncryption Issuer: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado/emailAddress=info@netlock.hu Trust: Always Validity Not Before: Mar 30 01:47:11 2003 GMT Not After : Dec 15 01:47:11 2022 GMT Subject: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado/emailAddress=info@netlock.hu Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/emailAddress=personal-freemail@thawte.com Trust: Always Validity Not Before: Jan 1 00:00:00 1996 GMT Not After : Dec 31 23:59:59 2020 GMT Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/emailAddress=personal-freemail@thawte.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/emailAddress=personal-premium@thawte.com Trust: Always Validity Not Before: Jan 1 00:00:00 1996 GMT Not After : Dec 31 23:59:59 2020 GMT Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/emailAddress=personal-premium@thawte.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 100000 (0x186a0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=FI, ST=Finland, O=Vaestorekisterikeskus CA, OU=Certification Authority Services, OU=Varmennepalvelut, CN=VRK Gov. Root CA Trust: Always Validity Not Before: Dec 18 13:53:00 2002 GMT Not After : Dec 18 13:51:08 2023 GMT Subject: C=FI, ST=Finland, O=Vaestorekisterikeskus CA, OU=Certification Authority Services, OU=Varmennepalvelut, CN=VRK Gov. Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 Key Usage: critical Digital Signature, Non Repudiation, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: DB:E9:E1:9B:D2:D1:24:0B:FC:AB:E3:A0:67:EA:AE:9C:4B:77:F4:B0

Version: 3 (0x2) Serial Number: 985026699 (0x3ab6508b) Signature Algorithm: sha1WithRSAEncryption Issuer: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority Trust: Always Validity Not Before: Mar 19 18:33:33 2001 GMT Not After : Mar 17 18:33:33 2021 GMT Subject: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: Authority Information Access: OCSP - URI:https://ocsp.quovadisoffshore.com X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.8024.0.1 CPS: http://www.quovadis.bm X509v3 Subject Key Identifier: 8B:4B:6D:ED:D3:29:B9:06:19:EC:39:39:A9:F0:97:84:6A:CB:EF:DF X509v3 Authority Key Identifier: keyid:8B:4B:6D:ED:D3:29:B9:06:19:EC:39:39:A9:F0:97:84:6A:CB:EF:DF DirName:/C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority serial:3A:B6:50:8B X509v3 Key Usage: critical Certificate Sign, CRL Sign

Version: 3 (0x2) Serial Number: 1289 (0x509) Signature Algorithm: sha1WithRSAEncryption Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 Trust: Always Validity Not Before: Nov 24 18:27:00 2006 GMT Not After : Nov 24 18:23:33 2031 GMT Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 1A:84:62:BC:48:4C:33:25:04:D4:EE:D0:F6:03:C4:19:46:D1:94:6B X509v3 Authority Key Identifier: keyid:1A:84:62:BC:48:4C:33:25:04:D4:EE:D0:F6:03:C4:19:46:D1:94:6B DirName:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 serial:05:09

Version: 3 (0x2) Serial Number: 1478 (0x5c6) Signature Algorithm: sha1WithRSAEncryption Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 Trust: Always Validity Not Before: Nov 24 19:11:23 2006 GMT Not After : Nov 24 19:06:44 2031 GMT Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.8024.0.3 CPS: http://www.quovadisglobal.com/cps X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Subject Key Identifier: F2:C0:13:E0:82:43:3E:FB:EE:2F:67:32:96:35:5C:DB:B8:CB:02:D0 X509v3 Authority Key Identifier: keyid:F2:C0:13:E0:82:43:3E:FB:EE:2F:67:32:96:35:5C:DB:B8:CB:02:D0 DirName:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 serial:05:C6

Version: 3 (0x2) Serial Number: a3:da:42:7e:a4:b1:ae:da Signature Algorithm: sha1WithRSAEncryption Issuer: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008 Trust: Always Validity Not Before: Aug 1 12:29:50 2008 GMT Not After : Jul 31 12:29:50 2038 GMT Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:12 X509v3 Subject Key Identifier: F9:24:AC:0F:B2:B5:F8:79:C0:FA:60:88:1B:C4:D9:4D:02:9E:17:19 X509v3 Authority Key Identifier: keyid:F9:24:AC:0F:B2:B5:F8:79:C0:FA:60:88:1B:C4:D9:4D:02:9E:17:19 DirName:/C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008 serial:A3:DA:42:7E:A4:B1:AE:DA X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://policy.camerfirma.com

Version: 3 (0x2) Serial Number: c9:cd:d3:e9:d5:7d:23:ce Signature Algorithm: sha1WithRSAEncryption Issuer: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008 Trust: Always Validity Not Before: Aug 1 12:31:40 2008 GMT Not After : Jul 31 12:31:40 2038 GMT Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:12 X509v3 Subject Key Identifier: B9:09:CA:9C:1E:DB:D3:6C:3A:6B:AE:ED:54:F1:5B:93:06:35:2E:5E X509v3 Authority Key Identifier: keyid:B9:09:CA:9C:1E:DB:D3:6C:3A:6B:AE:ED:54:F1:5B:93:06:35:2E:5E DirName:/C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008 serial:C9:CD:D3:E9:D5:7D:23:CE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://policy.camerfirma.com

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Trust: Always Validity Not Before: Aug 1 00:00:00 1996 GMT Not After : Dec 31 23:59:59 2020 GMT Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com Trust: Always Validity Not Before: Aug 1 00:00:00 1996 GMT Not After : Dec 31 23:59:59 2020 GMT Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 10000012 (0x98968c) Signature Algorithm: sha256WithRSAEncryption Issuer: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2 Trust: Always Validity Not Before: Mar 26 11:18:17 2008 GMT Not After : Mar 25 11:03:10 2020 GMT Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.pkioverheid.nl/policies/root-policy-G2 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 91:68:32:87:15:1D:89:E2:B5:F1:AC:36:28:34:8D:0B:7C:62:88:EB

Version: 3 (0x2) Serial Number: 10000010 (0x98968a) Signature Algorithm: sha1WithRSAEncryption Issuer: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA Trust: Always Validity Not Before: Dec 17 09:23:49 2002 GMT Not After : Dec 16 09:15:38 2015 GMT Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.pkioverheid.nl/policies/root-policy X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: A8:7D:EB:BC:63:A4:74:13:74:00:EC:96:E0:D3:34:C1:2C:BF:6C:F8

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority Trust: Always Validity Not Before: Sep 17 19:46:36 2006 GMT Not After : Sep 17 19:46:36 2036 GMT Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE X509v3 Key Usage: Digital Signature, Key Encipherment, Key Agreement, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 4E:0B:EF:1A:A4:40:5B:A5:17:69:87:30:CA:34:68:43:D0:41:AE:F2 X509v3 CRL Distribution Points: URI:http://cert.startcom.org/sfsca-crl.crl URI:http://crl.startcom.org/sfsca-crl.crl X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.23223.1.1.1 CPS: http://cert.startcom.org/policy.pdf CPS: http://cert.startcom.org/intermediate.pdf Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA Netscape Comment: StartCom Free SSL Certification Authority

Version: 3 (0x2) Serial Number: 45 (0x2d) Signature Algorithm: sha256WithRSAEncryption Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority Trust: Always Validity Not Before: Sep 17 19:46:37 2006 GMT Not After : Sep 17 19:46:36 2036 GMT Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 4E:0B:EF:1A:A4:40:5B:A5:17:69:87:30:CA:34:68:43:D0:41:AE:F2 X509v3 Authority Key Identifier: keyid:4E:0B:EF:1A:A4:40:5B:A5:17:69:87:30:CA:34:68:43:D0:41:AE:F2 X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.23223.1.1.1 CPS: http://www.startssl.com/policy.pdf CPS: http://www.startssl.com/intermediate.pdf Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA Netscape Comment: StartCom Free SSL Certification Authority

Version: 3 (0x2) Serial Number: 5c:0b:85:5c:0b:e7:59:41:df:57:cc:3f:7f:9d:a8:36 Signature Algorithm: sha1WithRSAEncryption Issuer: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 1 Trust: Always Validity Not Before: Aug 18 12:06:20 2005 GMT Not After : Aug 18 22:06:20 2025 GMT Subject: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Policy Mappings: 2.16.756.1.83.0.1:2.16.756.1.83.0.1 X509v3 Basic Constraints: critical CA:TRUE, pathlen:7 X509v3 Authority Key Identifier: keyid:03:25:2F:DE:6F:82:01:3A:5C:2C:DC:2B:A1:69:B5:67:D4:8C:D3:FD X509v3 Subject Key Identifier: 03:25:2F:DE:6F:82:01:3A:5C:2C:DC:2B:A1:69:B5:67:D4:8C:D3:FD

Version: 3 (0x2) Serial Number: 06:10:c2:79:ab:77:3d:f2 Signature Algorithm: sha1WithRSAEncryption Issuer: C=CH, O=SwissSign, CN=SwissSign CA (RSA IK May 6 1999 18:00:58)/emailAddress=ca@SwissSign.com Trust: Always Validity Not Before: Nov 26 23:27:41 2000 GMT Not After : Nov 26 23:27:41 2031 GMT Subject: C=CH, O=SwissSign, CN=SwissSign CA (RSA IK May 6 1999 18:00:58)/emailAddress=ca@SwissSign.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Basic Constraints: CA:TRUE X509v3 Subject Key Identifier: 96:D7:71:CD:39:2A:D4:FC:88:B1:8A:AB:53:78:69:EF:8F:47:7E:16 X509v3 Authority Key Identifier: 0.

Version: 3 (0x2) Serial Number: 1d:a2:00:01:00:02:ec:b7:60:80:78:8d:b6:06 Signature Algorithm: sha1WithRSAEncryption Issuer: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA I Trust: Always Validity Not Before: Mar 22 15:54:28 2006 GMT Not After : Dec 31 22:59:59 2025 GMT Subject: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA I Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Authority Key Identifier: keyid:92:A4:75:2C:A4:9E:BE:81:44:EB:79:FC:8A:C5:95:A5:EB:10:75:73 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 92:A4:75:2C:A4:9E:BE:81:44:EB:79:FC:8A:C5:95:A5:EB:10:75:73

Version: 3 (0x2) Serial Number: 19:33:00:01:00:02:28:1a:9a:04:bc:f2:55:45 Signature Algorithm: sha1WithRSAEncryption Issuer: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA II Trust: Always Validity Not Before: Mar 22 15:58:34 2006 GMT Not After : Dec 31 22:59:59 2030 GMT Subject: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA II Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Authority Key Identifier: keyid:CD:D7:90:A1:6E:A3:BF:DB:30:D6:DA:32:25:90:0C:E6:39:1E:80:65 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: CD:D7:90:A1:6E:A3:BF:DB:30:D6:DA:32:25:90:0C:E6:39:1E:80:65

Version: 3 (0x2) Serial Number: 2e:6a:00:01:00:02:1f:d7:52:21:2c:11:5c:3b Signature Algorithm: sha1WithRSAEncryption Issuer: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 2 CA, CN=TC TrustCenter Class 2 CA II Trust: Always Validity Not Before: Jan 12 14:38:43 2006 GMT Not After : Dec 31 22:59:59 2025 GMT Subject: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 2 CA, CN=TC TrustCenter Class 2 CA II Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: E3:AB:54:4C:80:A1:DB:56:43:B7:91:4A:CB:F3:82:7A:13:5C:08:AB X509v3 CRL Distribution Points: URI:http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crl URI:ldap://www.trustcenter.de/CN=TC%20TrustCenter%20Class%202%20CA%20II,O=TC%20TrustCenter%20GmbH,OU=rootcerts,DC=trustcenter,DC=de?certificateRevocationList?base?

Version: 3 (0x2) Serial Number: 4a:47:00:01:00:02:e5:a0:5d:d6:3f:00:51:bf Signature Algorithm: sha1WithRSAEncryption Issuer: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 3 CA, CN=TC TrustCenter Class 3 CA II Trust: Always Validity Not Before: Jan 12 14:41:57 2006 GMT Not After : Dec 31 22:59:59 2025 GMT Subject: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 3 CA, CN=TC TrustCenter Class 3 CA II Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: D4:A2:FC:9F:B3:C3:D8:03:D3:57:5C:07:A4:D0:24:A7:C0:F2:00:D4 X509v3 CRL Distribution Points: URI:http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl URI:ldap://www.trustcenter.de/CN=TC%20TrustCenter%20Class%203%20CA%20II,O=TC%20TrustCenter%20GmbH,OU=rootcerts,DC=trustcenter,DC=de?certificateRevocationList?base?

Version: 3 (0x2) Serial Number: 05:c0:00:01:00:02:41:d0:06:0a:4d:ce:75:10 Signature Algorithm: sha1WithRSAEncryption Issuer: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 4 CA, CN=TC TrustCenter Class 4 CA II Trust: Always Validity Not Before: Mar 23 14:10:23 2006 GMT Not After : Dec 31 22:59:59 2025 GMT Subject: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 4 CA, CN=TC TrustCenter Class 4 CA II Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 1F:EA:BB:3E:25:1B:06:BD:A5:DD:62:05:7E:C6:4C:5A:BF:E8:0F:43

Version: 3 (0x2) Serial Number: 60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 Trust: Always Validity Not Before: Apr 2 00:00:00 2008 GMT Not After : Dec 1 23:59:59 2037 GMT Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: AD:6C:AA:94:60:9C:ED:E4:FF:FA:3E:0A:74:2B:63:03:F7:B6:59:BF

Version: 3 (0x2) Serial Number: 34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA Trust: Always Validity Not Before: Nov 17 00:00:00 2006 GMT Not After : Jul 16 23:59:59 2036 GMT Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 7B:5B:45:CF:AF:CE:CB:7A:FD:31:92:1A:6A:B6:F3:46:EB:57:48:50

Version: 3 (0x2) Serial Number: 35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2 Trust: Always Validity Not Before: Nov 5 00:00:00 2007 GMT Not After : Jan 18 23:59:59 2038 GMT Subject: C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 9A:D8:00:30:00:E7:6B:7F:85:18:EE:8B:B6:CE:8A:0C:F8:11:E1:BB

Version: 3 (0x2) Serial Number: 63:25:00:01:00:02:14:8d:33:15:02:e4:6c:f4 Signature Algorithm: sha1WithRSAEncryption Issuer: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA III Trust: Always Validity Not Before: Sep 9 08:15:27 2009 GMT Not After : Dec 31 23:59:59 2029 GMT Subject: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA III Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Authority Key Identifier: keyid:56:E7:E1:5B:25:43:80:E0:F6:8C:E1:71:BC:8E:E5:80:2F:C4:48:E2 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 56:E7:E1:5B:25:43:80:E0:F6:8C:E1:71:BC:8E:E5:80:2F:C4:48:E2

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=ANKARA, O=(c) 2005 TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. Trust: Always Validity Not Before: May 13 10:27:17 2005 GMT Not After : Mar 22 10:27:17 2015 GMT Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=ANKARA, O=(c) 2005 TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005 Trust: Always Validity Not Before: Nov 7 10:07:57 2005 GMT Not After : Sep 16 10:07:57 2015 GMT Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: D9:37:B3:4E:05:FD:D9:CF:9F:12:16:AE:B6:89:2F:EB:25:3A:88:1C X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007 Trust: Always Validity Not Before: Dec 25 18:37:19 2007 GMT Not After : Dec 22 18:37:19 2017 GMT Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Subject Key Identifier: 29:C5:90:AB:25:AF:11:E4:61:BF:A3:FF:88:61:91:E6:0E:FE:9C:81 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE

Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority Trust: Always Validity Not Before: Aug 28 07:24:33 2008 GMT Not After : Dec 31 15:59:59 2030 GMT Subject: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 6A:38:5B:26:8D:DE:8B:5A:F2:4F:7A:54:83:19:18:E3:08:35:A6:BA

Version: 3 (0x2) Serial Number: 105 (0x69) Signature Algorithm: md5WithRSAEncryption Issuer: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Uzleti (Class B) Tanusitvanykiado Trust: Always Validity Not Before: Feb 25 14:10:22 1999 GMT Not After : Feb 20 14:10:22 2019 GMT Subject: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Uzleti (Class B) Tanusitvanykiado Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:4 X509v3 Key Usage: critical Certificate Sign, CRL Sign Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA Netscape Comment: FIGYELEM! Ezen tanusitvany a NetLock Kft. Altalanos Szolgaltatasi Felteteleiben leirt eljarasok alapjan keszult. A hitelesites folyamatat a NetLock Kft. termekfelelosseg-biztositasa vedi. A digitalis alairas elfogadasanak feltetele az eloirt ellenorzesi eljaras megtetele. Az eljaras leirasa megtalalhato a NetLock Kft. Internet honlapjan a https://www.netlock.net/docs cimen vagy kerheto az ellenorzes@netlock.net e-mail cimen. IMPORTANT! The issuance and the use of this certificate is subject to the NetLock CPS available at https://www.netlock.net/docs or by e-mail at cps@netlock.net.

Always Ask certificates

Version: 3 (0x2) Serial Number: d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4 Signature Algorithm: sha1WithRSAEncryption Issuer: C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl Trust: Ask Validity Not Before: May 14 16:50:27 2007 GMT Not After : May 14 16:50:27 2017 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Extended Validation CA/emailAddress=info@diginotar.nl Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: Authority Information Access: OCSP - URI:http://validation.diginotar.nl X509v3 Authority Key Identifier: keyid:88:68:BF:E0:8E:35:C4:3B:38:6B:62:F7:28:3B:84:81:C8:0C:D7:4D X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.diginotar.nl/cps X509v3 CRL Distribution Points: URI:http://service.diginotar.nl/crl/root/latestCRL.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: BC:4E:2D:A7:D2:77:77:78:DF:3C:DD:B1:36:15:41:63:A4:E1:20:DE

Version: 3 (0x2) Serial Number: 20001983 (0x13134bf) Signature Algorithm: sha256WithRSAEncryption Issuer: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Organisatie CA - G2 Trust: Ask Validity Not Before: May 12 08:51:38 2010 GMT Not After : Mar 23 09:50:04 2020 GMT Subject: C=NL, O=DigiNotar B.V., CN=DigiNotar PKIoverheid CA Organisatie - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.diginotar.nl/cps/pkioverheid X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:39:10:8B:49:92:5C:DB:61:12:20:CD:49:9D:1A:8E:DA:9C:67:40:B9 DirName:/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G2 serial:98:96:F4 X509v3 CRL Distribution Points: URI:http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl X509v3 Subject Key Identifier: BC:5D:94:3B:D9:AB:7B:03:25:73:61:C2:DB:2D:EE:FC:AB:8F:65:A1

Version: 3 (0x2) Serial Number: 5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41 Signature Algorithm: sha1WithRSAEncryption Issuer: C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl Trust: Ask Validity Not Before: Apr 21 17:18:31 2005 GMT Not After : Apr 21 17:18:31 2025 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Qualified CA/emailAddress=info@diginotar.nl Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: Authority Information Access: OCSP - URI:http://validation.diginotar.nl X509v3 Authority Key Identifier: keyid:88:68:BF:E0:8E:35:C4:3B:38:6B:62:F7:28:3B:84:81:C8:0C:D7:4D X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Certificate Policies: Policy: 2.16.528.1.1001.1.3.3.1.5.2.6.4 CPS: http://www.diginotar.nl/cps X509v3 CRL Distribution Points: URI:http://service.diginotar.nl/crl/root/latestCRL.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: BC:4C:FB:DA:D2:6C:6A:01:A9:E9:BA:CA:E5:A3:7E:A2:24:8F:A2:19

Version: 3 (0x2) Serial Number: 36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38 Signature Algorithm: sha1WithRSAEncryption Issuer: C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl Trust: Ask Validity Not Before: Jul 24 13:27:58 2007 GMT Not After : Mar 29 13:27:58 2025 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Services 1024 CA/emailAddress=info@diginotar.nl Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: Authority Information Access: OCSP - URI:http://validation.diginotar.nl X509v3 Authority Key Identifier: keyid:88:68:BF:E0:8E:35:C4:3B:38:6B:62:F7:28:3B:84:81:C8:0C:D7:4D X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.diginotar.nl/cps X509v3 CRL Distribution Points: URI:http://service.diginotar.nl/crl/root/latestCRL.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: FE:DC:94:49:0C:6F:EF:5C:7F:C6:F1:12:99:4F:16:49:AD:FB:82:65

Version: 3 (0x2) Serial Number: f1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49 Signature Algorithm: sha1WithRSAEncryption Issuer: C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl Trust: Ask Validity Not Before: Feb 6 16:53:46 2006 GMT Not After : Mar 28 16:53:46 2025 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Services CA/emailAddress=info@diginotar.nl Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: Authority Information Access: OCSP - URI:http://validation.diginotar.nl X509v3 Authority Key Identifier: keyid:88:68:BF:E0:8E:35:C4:3B:38:6B:62:F7:28:3B:84:81:C8:0C:D7:4D X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Certificate Policies: Policy: 2.16.528.1.1001.1.1.1.1.5.2.6.4 CPS: http://www.diginotar.nl/cps X509v3 CRL Distribution Points: URI:http://service.diginotar.nl/crl/root/latestCRL.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 3C:70:11:95:A4:8B:DD:D6:FE:BD:EF:5A:6A:29:EE:12:EB:61:DD:53

Version: 3 (0x2) Serial Number: 0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4c Signature Algorithm: sha1WithRSAEncryption Issuer: C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl Trust: Ask Validity Not Before: May 16 17:19:36 2007 GMT Not After : Mar 31 18:19:21 2025 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 88:68:BF:E0:8E:35:C4:3B:38:6B:62:F7:28:3B:84:81:C8:0C:D7:4D

Version: 3 (0x2) Serial Number: 0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3e Signature Algorithm: sha256WithRSAEncryption Issuer: C=NL, O=DigiNotar, CN=DigiNotar Root CA G2/emailAddress=info@diginotar.nl Trust: Ask Validity Not Before: Jul 3 13:59:02 2009 GMT Not After : Jul 3 13:59:02 2029 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Root CA G2/emailAddress=info@diginotar.nl Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 29:0D:DB:3F:07:52:E5:0B:D4:21:68:2E:24:4A:DE:5B:5A:96:F2:21

Version: 3 (0x2) Serial Number: 20015536 (0x13169b0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Overheid CA Trust: Ask Validity Not Before: Jul 5 08:42:07 2007 GMT Not After : Jul 27 08:39:46 2015 GMT Subject: C=NL, O=DigiNotar B.V., CN=DigiNotar PKIoverheid CA Overheid en Bedrijven Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.diginotar.nl/cps/pkioverheid X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:0B:86:D6:0F:77:A3:68:B1:FB:64:09:C3:88:6E:5C:04:1C:57:E9:3D DirName:/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA serial:98:9A:79 X509v3 CRL Distribution Points: URI:http://crl.pkioverheid.nl/DomOvLatestCRL.crl X509v3 Subject Key Identifier: 4C:08:C9:8D:76:F1:98:C7:3E:DF:3C:D7:2F:75:0D:B1:76:79:97:CC

Version: 3 (0x2) Serial Number: 55:5b:9f:ce:0a:c9:87:f2:9a:c9:51:fb:c1:f3:73:c9 Signature Algorithm: sha1WithRSAEncryption Issuer: C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl Trust: Ask Validity Not Before: Jul 3 13:45:10 2009 GMT Not After : Jul 3 13:45:10 2019 GMT Subject: C=FR, O=EASEE-gas, CN=EASEE-gas CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: Authority Information Access: OCSP - URI:http://validation.diginotar.nl X509v3 Authority Key Identifier: keyid:88:68:BF:E0:8E:35:C4:3B:38:6B:62:F7:28:3B:84:81:C8:0C:D7:4D X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Certificate Policies: Policy: 2.16.528.1.1001.1.1.1.1.5.2.6.4 CPS: http://www.diginotar.nl/cps X509v3 CRL Distribution Points: URI:http://service.diginotar.nl/crl/root/latestCRL.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 76:64:3D:56:C3:E9:B1:BB:FF:C9:34:B2:AE:B3:DC:05:03:F8:B8:DD

Version: 3 (0x2) Serial Number: 18:21:d7:fb:71:84:a4:1f:fd:30:0e:28:2b:12:52:d1 Signature Algorithm: sha1WithRSAEncryption Issuer: C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl Trust: Ask Validity Not Before: Mar 31 19:21:33 2005 GMT Not After : Mar 31 19:21:33 2015 GMT Subject: C=NL, O=Nederlandse Orde van Advocaten, CN=Nederlandse Orde van Advocaten - Dutch Bar Association Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: Authority Information Access: OCSP - URI:http://validation.diginotar.nl X509v3 Authority Key Identifier: keyid:88:68:BF:E0:8E:35:C4:3B:38:6B:62:F7:28:3B:84:81:C8:0C:D7:4D X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Certificate Policies: Policy: 2.16.528.1.1001.1.1.1.1.5.2.6.4 CPS: http://www.diginotar.nl/cps X509v3 CRL Distribution Points: URI:http://service.diginotar.nl/crl/root/latestCRL.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: C7:F3:2A:6A:20:D5:A1:24:FC:DB:05:2E:20:CF:07:B3:2E:34:85:0E

Version: 3 (0x2) Serial Number: 19990015 (0x13105ff) Signature Algorithm: sha256WithRSAEncryption Issuer: C=NL, O=PKIoverheid TEST, CN=TRIAL PKIoverheid TEST Root CA - G2 Trust: Ask Validity Not Before: Oct 29 16:01:22 2008 GMT Not After : Mar 24 16:00:39 2020 GMT Subject: C=NL, O=PKIoverheid TEST, CN=TRIAL PKIoverheid Organisatie TEST CA - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.pkioverheid.nl/policies/TESTdom-org-policy-G2 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:11:56:07:49:A3:36:0B:CF:99:8D:F7:C7:04:94:F3:9B:06:A9:EE:79 X509v3 CRL Distribution Points: URI:http://crl.pkioverheid.nl/pkiotest/TESTRootLatestCRL-G2.crl X509v3 Subject Key Identifier: 60:5B:87:E8:90:85:8D:AD:CA:36:A3:D7:00:CA:81:D0:E1:36:97:1B

Version: 3 (0x2) Serial Number: 29990364 (0x1c99ddc) Signature Algorithm: sha256WithRSAEncryption Issuer: C=NL, O=PKIoverheid TEST, CN=TRIAL PKIoverheid Organisatie TEST CA - G2 Trust: Ask Validity Not Before: Mar 12 11:38:11 2010 GMT Not After : Mar 23 11:36:29 2020 GMT Subject: C=NL, O=DigiNotar B.V. TEST, CN=TRIAL DigiNotar PKIoverheid Organisatie TEST CA - G2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.pkioverheid.nl/policies/TESTdom-org-policy-G2 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:60:5B:87:E8:90:85:8D:AD:CA:36:A3:D7:00:CA:81:D0:E1:36:97:1B DirName:/C=NL/O=PKIoverheid TEST/CN=TRIAL PKIoverheid TEST Root CA - G2 serial:01:31:05:FF X509v3 CRL Distribution Points: URI:http://crl.pkioverheid.nl/pkiotest/TESTDomOrganisatieLatestCRL-G2.crl X509v3 Subject Key Identifier: 34:CF:35:50:61:9A:30:3C:66:27:81:27:2C:7A:70:8B:11:F3:2A:D0

Version: 3 (0x2) Serial Number: 36:f8:da:60:cb:29:18:a6:00:23:e8:4f:fa:48:71:18 Signature Algorithm: sha1WithRSAEncryption Issuer: C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl Trust: Ask Validity Not Before: Mar 26 14:31:06 2007 GMT Not After : Mar 26 14:31:06 2017 GMT Subject: C=NL, O=Delft University of Technology, CN=TU Delft CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: Authority Information Access: OCSP - URI:http://validation.diginotar.nl X509v3 Authority Key Identifier: keyid:88:68:BF:E0:8E:35:C4:3B:38:6B:62:F7:28:3B:84:81:C8:0C:D7:4D X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Certificate Policies: Policy: 2.16.528.1.1001.1.1.1.1.5.2.6.4 CPS: http://www.diginotar.nl/cps X509v3 CRL Distribution Points: URI:http://service.diginotar.nl/crl/root/latestCRL.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 32:57:0E:86:46:81:0B:A6:7B:32:B4:C4:DF:9A:4E:26:F3:B3:8E:5C

Blocked certificates

Version: 3 (0x2) Serial Number: 2087 (0x827) Signature Algorithm: sha1WithRSAEncryption Issuer: CN=TÜRKTRUST Elektronik Sunucu Sertifikası Hizmetleri, C=TR, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005 Trust: Never Validity Not Before: Aug 8 07:07:51 2011 GMT Not After : Jul 6 07:07:51 2021 GMT Subject: C=TR, ST=ANKARA, L=ANKARA, O=EGO, OU=EGO BILGI ISLEM, CN=*.EGO.GOV.TR Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Authority Key Identifier: keyid:AB:4E:36:03:30:D2:DB:D5:0A:68:BE:87:A5:50:6C:FC:F6:70:A5:25 X509v3 Subject Key Identifier: 64:FB:1B:86:3D:B8:4A:F2:44:82:F9:56:3D:EA:26:C0:F4:E3:B3:34 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Certificate Policies: Policy: 2.16.792.3.0.3.1.1.1 CPS: http://www.turktrust.com.tr/sue X509v3 Basic Constraints: critical CA:TRUE X509v3 CRL Distribution Points: URI:http://www.turktrust.com.tr/sil/TURKTRUST_SSL_SIL_s2.crl Authority Information Access: CA Issuers - URI:http://www.turktrust.com.tr/sertifikalar/TURKTRUST_Elektronik_Sunucu_Sertifikasi_Hizmetleri_s2.crt OCSP - URI:http://ocsp.turktrust.com.tr

Version: 3 (0x2) Serial Number: 0a:88:90:40:ce:12:6e:65:57:ae:c2:42:7b:4a:c1:fb Signature Algorithm: sha1WithRSAEncryption Issuer: C=TR, ST=ANKARA, L=ANKARA, O=EGO, OU=EGO BILGI ISLEM, CN=*.EGO.GOV.TR Trust: Never Validity Not Before: Dec 6 08:55:15 2012 GMT Not After : Jun 7 19:43:27 2013 GMT Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Alternative Name: DNS:*.google.com, DNS:*.android.com, DNS:*.appengine.google.com, DNS:*.cloud.google.com, DNS:*.google-analytics.com, DNS:*.google.ca, DNS:*.google.cl, DNS:*.google.co.in, DNS:*.google.co.jp, DNS:*.google.co.uk, DNS:*.google.com.ar, DNS:*.google.com.au, DNS:*.google.com.br, DNS:*.google.com.co, DNS:*.google.com.mx, DNS:*.google.com.tr, DNS:*.google.com.vn, DNS:*.google.de, DNS:*.google.es, DNS:*.google.fr, DNS:*.google.hu, DNS:*.google.it, DNS:*.google.nl, DNS:*.google.pl, DNS:*.google.pt, DNS:*.googleapis.cn, DNS:*.googlecommerce.com, DNS:*.gstatic.com, DNS:*.urchin.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com, DNS:*.youtube.com, DNS:*.ytimg.com, DNS:android.com, DNS:g.co, DNS:goo.gl, DNS:google-analytics.com, DNS:google.com, DNS:googlecommerce.com, DNS:urchin.com, DNS:youtu.be, DNS:youtube.com X509v3 Basic Constraints: critical CA:FALSE

Version: 3 (0x2) Serial Number: 1277161678 (0x4c1ff0ce) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Entrust, Inc., OU=www.entrust.net/rpa is incorporated by reference, OU=(c) 2009 Entrust, Inc., CN=Entrust Certification Authority - L1C Trust: Never Validity Not Before: Jun 4 18:08:53 2013 GMT Not After : Aug 4 04:02:43 2015 GMT Subject: C=US, ST=California, L=Cupertino, O=Apple Inc., CN=*.mail.me.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: URI:http://crl.entrust.net/level1c.crl Authority Information Access: OCSP - URI:http://ocsp.entrust.net CA Issuers - URI:http://aia.entrust.net/2048-l1c.cer X509v3 Certificate Policies: Policy: 1.2.840.113533.7.75.2 CPS: http://www.entrust.net/rpa Policy: 2.23.140.1.2.2 X509v3 Subject Alternative Name: DNS:*.mail.me.com, DNS:mail.me.com X509v3 Authority Key Identifier: keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D X509v3 Subject Key Identifier: 7E:CC:5B:D7:AA:1C:1D:69:E4:62:29:17:19:7A:FF:B2:32:54:E4:9A X509v3 Basic Constraints: CA:FALSE

Version: 3 (0x2) Serial Number: 120000505 (0x7270ff9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root Trust: Never Validity Not Before: Sep 20 09:45:32 2006 GMT Not After : Sep 20 09:44:06 2013 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Cyber CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6334.1.0 CPS: http://www.public-trust.com/CPS/OmniRoot.html X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:A6:0C:1D:9F:61:FF:07:17:B5:BF:38:46:DB:43:30:D5:8E:B0:52:06 DirName:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root serial:01:A5 X509v3 CRL Distribution Points: URI:http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl X509v3 Subject Key Identifier: AB:F9:68:DF:CF:4A:37:D7:7B:45:8C:5F:72:DE:40:44:C3:65:BB:C2

Version: 3 (0x2) Serial Number: 1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04 Signature Algorithm: sha1WithRSAEncryption Issuer: C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl Trust: Never Validity Not Before: Feb 6 16:07:02 2006 GMT Not After : Mar 28 16:07:02 2025 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Public CA 2025/emailAddress=info@diginotar.nl Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: Authority Information Access: OCSP - URI:http://validation.diginotar.nl X509v3 Authority Key Identifier: keyid:88:68:BF:E0:8E:35:C4:3B:38:6B:62:F7:28:3B:84:81:C8:0C:D7:4D X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Certificate Policies: Policy: 2.16.528.1.1001.1.1.1.1.5.2.6.4 CPS: http://www.diginotar.nl/cps X509v3 CRL Distribution Points: URI:http://service.diginotar.nl/crl/root/latestCRL.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: DF:33:C0:AF:92:FE:37:FC:B6:D8:16:16:D0:D9:B1:91:D5:FA:6E:A5

Version: 3 (0x2) Serial Number: 120000505 (0x7270ff9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root Trust: Never Validity Not Before: Sep 20 09:45:32 2006 GMT Not After : Sep 20 09:44:06 2013 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Cyber CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6334.1.0 CPS: http://www.public-trust.com/CPS/OmniRoot.html X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:A6:0C:1D:9F:61:FF:07:17:B5:BF:38:46:DB:43:30:D5:8E:B0:52:06 DirName:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root serial:01:A5 X509v3 CRL Distribution Points: URI:http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl X509v3 Subject Key Identifier: AB:F9:68:DF:CF:4A:37:D7:7B:45:8C:5F:72:DE:40:44:C3:65:BB:C2

Version: 3 (0x2) Serial Number: 120000515 (0x7271003) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root Trust: Never Validity Not Before: Sep 27 10:53:32 2006 GMT Not After : Sep 27 10:52:30 2011 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Cyber CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6334.1.0 CPS: http://www.public-trust.com/CPS/OmniRoot.html X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:A6:0C:1D:9F:61:FF:07:17:B5:BF:38:46:DB:43:30:D5:8E:B0:52:06 DirName:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root serial:01:A5 X509v3 CRL Distribution Points: URI:http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl X509v3 Subject Key Identifier: AB:F9:68:DF:CF:4A:37:D7:7B:45:8C:5F:72:DE:40:44:C3:65:BB:C2

Version: 3 (0x2) Serial Number: 120000525 (0x727100d) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root Trust: Never Validity Not Before: Oct 4 10:54:11 2006 GMT Not After : Oct 4 10:53:11 2011 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Cyber CA/emailAddress=info@diginotar.nl Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6334.1.0 CPS: http://www.public-trust.com/CPS/OmniRoot.html X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:A6:0C:1D:9F:61:FF:07:17:B5:BF:38:46:DB:43:30:D5:8E:B0:52:06 DirName:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root serial:01:A5 X509v3 CRL Distribution Points: URI:http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl X509v3 Subject Key Identifier: AB:F9:68:DF:CF:4A:37:D7:7B:45:8C:5F:72:DE:40:44:C3:65:BB:C2

Version: 3 (0x2) Serial Number: 1184644297 (0x469c3cc9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority Trust: Never Validity Not Before: Apr 26 05:00:00 2007 GMT Not After : Aug 14 20:12:36 2013 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, E-mail Protection X509v3 Certificate Policies: Policy: X509v3 Any Policy Authority Information Access: OCSP - URI:http://ocsp.entrust.net X509v3 CRL Distribution Points: URI:http://crl.entrust.net/server1.crl X509v3 Subject Key Identifier: 88:68:BF:E0:8E:35:C4:3B:38:6B:62:F7:28:3B:84:81:C8:0C:D7:4D X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A 1.2.840.113533.7.65.0: 0 ..V7.1....

Version: 3 (0x2) Serial Number: 1184640175 (0x469c2caf) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority Trust: Never Validity Not Before: Jul 26 15:57:39 2007 GMT Not After : Aug 26 16:27:39 2013 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, E-mail Protection X509v3 Certificate Policies: Policy: X509v3 Any Policy Authority Information Access: OCSP - URI:http://ocsp.entrust.net X509v3 CRL Distribution Points: URI:http://crl.entrust.net/server1.crl X509v3 Subject Key Identifier: 88:68:BF:E0:8E:35:C4:3B:38:6B:62:F7:28:3B:84:81:C8:0C:D7:4D X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A 1.2.840.113533.7.65.0: 0 ..V7.1....

Version: 3 (0x2) Serial Number: 1184640176 (0x469c2cb0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority Trust: Never Validity Not Before: Jul 26 15:59:00 2007 GMT Not After : Aug 26 16:29:00 2013 GMT Subject: C=NL, O=DigiNotar, CN=DigiNotar Services 1024 CA/emailAddress=info@diginotar.nl Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, E-mail Protection X509v3 Certificate Policies: Policy: X509v3 Any Policy Authority Information Access: OCSP - URI:http://ocsp.entrust.net X509v3 CRL Distribution Points: URI:http://crl.entrust.net/server1.crl X509v3 Subject Key Identifier: FE:DC:94:49:0C:6F:EF:5C:7F:C6:F1:12:99:4F:16:49:AD:FB:82:65 X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A 1.2.840.113533.7.65.0: 0 ..V7.1....

Version: 3 (0x2) Serial Number: 1276011370 (0x4c0e636a) Signature Algorithm: sha1WithRSAEncryption Issuer: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) Trust: Never Validity Not Before: Jul 16 17:23:37 2010 GMT Not After : Jul 16 17:53:37 2015 GMT Subject: C=MY, O=Digicert Sdn. Bhd., OU=457608-K, CN=Digisign Server ID - (Enrich) Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, E-mail Protection Authority Information Access: OCSP - URI:http://ocsp.entrust.net X509v3 Certificate Policies: Policy: 2.16.458.1.1 CPS: http://www.digicert.com.my/cps.htm X509v3 CRL Distribution Points: URI:http://crl.entrust.net/2048ca.crl X509v3 Subject Key Identifier: 4C:4E:CC:25:28:03:29:81 X509v3 Authority Key Identifier: keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70

Version: 3 (0x2) Serial Number: 120001705 (0x72714a9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root Trust: Never Validity Not Before: Jul 17 15:17:48 2007 GMT Not After : Jul 17 15:16:54 2012 GMT Subject: C=MY, O=Digicert Sdn. Bhd., OU=457608-K, CN=Digisign Server ID (Enrich) Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6334.1.0 CPS: http://cybertrust.omniroot.com/repository.cfm Policy: 2.16.458.1.1 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign X509v3 Authority Key Identifier: DirName:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root serial:01:A5 X509v3 CRL Distribution Points: URI:http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl X509v3 Subject Key Identifier: C6:16:93:4E:16:17:EC:16:AE:8C:94:76:F3:86:6D:C5:74:6E:84:77

Version: 3 (0x2) Serial Number: 1800000005 (0x6b49d205) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Organization Issuing CA, Level 2/emailAddress=ca@trustwave.com Trust: Never Validity Not Before: Apr 1 18:23:53 2010 GMT Not After : Mar 29 18:23:53 2020 GMT Subject: C=US, ST=Maryland, L=Columbia, O=Micros Systems, Inc., CN=Micros CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 X509v3 Subject Key Identifier: C6:6B:91:57:43:4E:5B:93:15:CA:C2:14:40:9E:2C:43:7E:EF:18:18 X509v3 Authority Key Identifier: keyid:92:08:64:B1:BB:9F:A4:91:5B:5E:AF:53:ED:E2:92:F3:DB:66:AD:31 X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.35539.3.3.3.3.3 CPS: http://ssl.trustwave.com/CA/micros

Version: 3 (0x2) Serial Number: 1100000188 (0x4190abbc) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority Trust: Never Validity Not Before: Dec 22 23:47:42 2008 GMT Not After : Dec 22 23:47:42 2028 GMT Subject: C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Organization Issuing CA, Level 2/emailAddress=ca@trustwave.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 92:08:64:B1:BB:9F:A4:91:5B:5E:AF:53:ED:E2:92:F3:DB:66:AD:31 X509v3 Authority Key Identifier: keyid:C6:4F:A2:3D:06:63:84:09:9C:CE:62:E4:04:AC:8D:5C:B5:E9:B6:1B X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 CRL Distribution Points: URI:http://crl.securetrust.com/XGCA.crl X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.30360.3.0 Policy: 1.3.6.1.4.1.30360.3.3.3.4.4.4.3 CPS: http://www.securetrust.com/legal/

Version: 3 (0x2) Serial Number: 2148 (0x864) Signature Algorithm: sha1WithRSAEncryption Issuer: CN=TÜRKTRUST Elektronik Sunucu Sertifikası Hizmetleri, C=TR, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005 Trust: Never Validity Not Before: Aug 8 07:07:51 2011 GMT Not After : Aug 5 07:07:51 2021 GMT Subject: C=TR, ST=Lefkosa, L=Lefkosa, O=KKTC Merkez Bankasi, CN=e-islem.kktcmerkezbankasi.org/emailAddress=ileti@kktcmerkezbankasi.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE

Published Date: