diff --git a/lib/PayPro.js b/lib/PayPro.js
index 7a3736c..4dfe6c6 100644
--- a/lib/PayPro.js
+++ b/lib/PayPro.js
@@ -107,6 +107,19 @@ PayPro.prototype.x509Verify = function() {
     var sigAlg = PayPro.getAlgorithm(c.signatureAlgorithm.algorithm, 1);
     var sig = c.signature.data;
 
+    //
+    // Check Validity of Certificates
+    //
+    var validityVerified = true;
+    var now = Date.now();
+    var cBefore = c.tbsCertificate.validity.notBefore.value;
+    var cAfter = c.tbsCertificate.validity.notAfter.value;
+    var nBefore = nc.tbsCertificate.validity.notBefore.value;
+    var nAfter = nc.tbsCertificate.validity.notAfter.value;
+    if (cBefore > now || cAfter < now || nBefore > now || nAfter < now) {
+      validityVerified = false;
+    }
+
     //
     // Check the Issuer matches the Subject of the next certificate:
     //
@@ -132,7 +145,6 @@ PayPro.prototype.x509Verify = function() {
     // Handle Cert Extensions
     // http://tools.ietf.org/html/rfc5280#section-4.2
     //
-
     var ext;
     var eid;
     var extensions = {
@@ -153,30 +165,31 @@ PayPro.prototype.x509Verify = function() {
         switch (eid[3]) {
           // Basic Constraints
           case 19:
-            extensions.basicConstraints = ext;
+            extensions.basicConstraints = ext.extnValue;
             break;
           // Key Usage
           case 15:
-            extensions.keyUsage = ext;
+            extensions.keyUsage = ext.extnValue;
             break;
           // Subject Key Identifier
           case 14:
-            extensions.subjectKeyIdentifier = ext;
+            extensions.subjectKeyIdentifier = ext.extnValue;
             break;
           // Authority Key Identifier
           case 35:
-            extensions.authKeyIdentifier = ext;
+            extensions.authKeyIdentifier = ext.extnValue;
             break;
           // CRL Distribution Points
           case 31:
-            extensions.CRLDistributionPoints = ext;
+            extensions.CRLDistributionPoints = ext.extnValue;
             break;
           // Certificate Policies
           case 32:
-            extensions.certificatePolicies = ext;
+            extensions.certificatePolicies = ext.extnValue;
             break;
           // Unknown Extension (not documented anywhere, probably non-standard)
           default:
+            extensions.unknown.push(ext);
             extensions.standardUnknown.push(ext);
             break;
         }
@@ -185,10 +198,16 @@ PayPro.prototype.x509Verify = function() {
       }
     }
 
+    var rejectUnknown = !!extensions.unknown.filter(function(ext) {
+      return ext.critical;
+    }).length;
+
     print(c);
     print(nc);
-    print('issuerVerified: %s', issuerVerified);
     print(extensions);
+    print('issuerVerified: %s', issuerVerified);
+    print('rejectUnknown: %s', rejectUnknown);
+    print('validityVerified: %s', validityVerified);
 
     //
     // Create a To-Be-Signed Certificate to verify using asn1.js: