The main domain, like https://<sample-domain>.com is categorized as non-suspicious, its SAN domains are categorized as non-suspicious as well. The main domain is accessible without any problem.

However, the URL like https://<sample-domain>.com/<url-path> is blocked by a policy as suspicious certificate.

Current workaround is to raise a support ticket with Broadcom so Tech Support can work with the internal team on the URL categorization (not possible via sitereview site).