4sbm4svmdwc4hja5kjqsbsabaq.us-gov-west-1.es.amazonaws.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 0f:ca:b4:2f:21:71:62:1d:44:98:ab:34:36:96:76:4e was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=4sbm4svmdwc4hja5kjqsbsabaq.us-gov-west-1.es.amazonaws.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0f:ca:b4:2f:21:71:62:1d:44:98:ab:34:36:96:76:4e
Serial Number (int): 20990918470000146019155072123753887310
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 3d:c9:db:1d:2c:3a:d3:49:29:3b:58:06:dc:d9:65:43:d6:db:f4:52
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): 9a:bc:31:13:e5:ea:ab:e6:d5:27:87:74:d4:6b:b6:a2:e9:ef:32:a5
Fingerprint (sha256): 00:00:2f:e7:c4:bf:13:1a:d5:52:fa:a1:23:46:da:87:b3:03:b1:1e:37:a6:20:b2:c4:2f:7f:06:27:42:53:d9

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate 4sbm4svmdwc4hja5kjqsbsabaq.us-gov-west-1.es.amazonaws.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for 4sbm4svmdwc4hja5kjqsbsabaq.us-gov-west-1.es.amazonaws.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

4sbm4svmdwc4hja5kjqsbsabaq.us-gov-west-1.es.amazonaws.com
*.us-gov-west-1.es.amazonaws.com

Other certificates including the domain name amazonaws.com

(limited to 100 certificates)
fd7q5ahpgwxzgzjeydx7ued3dy.ap-south-1.es.amazonaws.com
*.canary0410ddc89fc.0ivg9b.c1.kafka.ap-northeast-1.amazonaws.com
*.canary-705cb9c9ce.4vp3ak.c1.kafka.ap-southeast-1.amazonaws.com
3wmpdnfzuawkweauyeqwsz3sgq.us-west-2.es.amazonaws.com
*.canaryc0e5744bf8d.uoc6j4.c1.kafka.ap-northeast-1.amazonaws.com
sbk73gdfu64w3u3odwhm6dbuoq.eu-west-1.es.amazonaws.com
phgarilyufhxfvyv6rqey2igyu.us-east-1.es.amazonaws.com
f3goayqxx4fiacneubnhrs2cgq.eu-west-2.es.amazonaws.com
c7xnkrjzni2nspnmpruzcqwubm.us-east-2.es.amazonaws.com
*.canary7835b1affed0.feiwkl.c4.kafka.us-west-2.amazonaws.com
4sbm4svmdwc4hja5kjqsbsabaq.us-gov-west-1.es.amazonaws.com
*.canary38977f6d5fd.kv8cye.c2.kafka.ap-northeast-2.amazonaws.com
hcmsmyn7brxhvxc6zgbctvjh44.us-east-2.es.amazonaws.com
urnomx4z6o62opvpawsmrldfgi.ap-northeast-1.es.amazonaws.com
anwrzykp2vpsprhdokjkngddxa.ca-central-1.es.amazonaws.com
wszph7yr32vodaalq32pln2prm.ap-southeast-2.es.amazonaws.com
*.cfnlaunchpadcanarytest.wcpyzy.c4.kafka.eu-west-1.amazonaws.com
s3.ca-central-1.amazonaws.com
e5iadkz6kufmsrdnube75tyk5i.us-east-1.es.amazonaws.com
*.canary2fbbe3f61b0.2a500w.c3.kafka.ap-northeast-3.amazonaws.com
s3.af-south-1.amazonaws.com
tonu2tlhyv2hnvxxjjcljq4hse.eu-south-1.es.amazonaws.com
*.privatelinkcanary99.2y21fq.c1.kafka.me-central-1.amazonaws.com
s3.us-west-2.amazonaws.com
75illtecsvqox63ith2tndwefy.eu-west-3.es.amazonaws.com
ivieaesvmhx54vsi4vondj6pii.eu-west-1.es.amazonaws.com
xbfwcx4qduhx25yb6chzuw4nni.ca-central-1.es.amazonaws.com
t3s2vk5yto255no6s4m7uc5pde.ap-northeast-1.es.amazonaws.com
*.canary98fa3fe4e22.j417x5.c3.kafka.ap-northeast-3.amazonaws.com
*.canary14c480c2d0b0.grolaw.c1.kafka.me-south-1.amazonaws.com
*.cfnlaunchpadcanaryt.cbx9rj.c2.kafka.ca-central-1.amazonaws.com
*.canary-f22d3b00119a.oi5ic9.c2.kafka.ap-south-1.amazonaws.com
xqqjcyq6o3rc7hrs6ifusrns7u.us-east-1.es.amazonaws.com
vyjursg4ukjf5kznu7cve3pjyq.us-gov-west-1.es.amazonaws.com
2unyopxibvxjbcdkcsruu4l45q.ap-south-1.es.amazonaws.com
*.canaryd05eda50d241.ngnrw3.c1.kafka.eu-south-1.amazonaws.com
*.canarybc7767eb5f29.0b02sv.c3.kafka.eu-central-1.amazonaws.com
6fgy56efefwkdeodtkmmwkdswe.us-east-1.es.amazonaws.com
*.canary-780e819e93d7.s22kq9.c1.kafka.us-west-2.amazonaws.com
*.cfnlaunchpadcanaryt.uveli7.c4.kafka.ca-central-1.amazonaws.com
swmuby362d5wtp5s63kelca7ii.eu-west-1.es.amazonaws.com
*.canary7a34ed13e7b2.8yk2jt.c5.kafka.us-west-2.amazonaws.com
*.canary-794dbee21039.jarqga.c3.kafka.eu-north-1.amazonaws.com
fqhhh775oulwnzldm2ritqslkq.ca-central-1.es.amazonaws.com
*.cfnlaunchpadcanarytest.witiix.c4.kafka.us-west-2.amazonaws.com
s3.ap-northeast-1.amazonaws.com
canary.s3.eu-west-1.vpce.amazonaws.com
canary.s3.ap-east-1.vpce.amazonaws.com
gi66xkoipe4iyd3xrf4h2fvpua.us-east-1.es.amazonaws.com
*.canary71f0b6d9d316.7xg10s.c1.kafka.eu-north-1.amazonaws.com
*.crossaccountplcanary58.mjznox.c2.kafka.us-west-1.amazonaws.com
6cnaqybkcuth7uqc34ajchw6ka.eu-south-1.es.amazonaws.com
tibuxu36xjihnkqggn2ofga7y4.us-east-1.es.amazonaws.com
*.canary08a8ec26d9eb.wuy2me.c3.kafka.eu-west-2.amazonaws.com
et47rj34herpq75rm3eixepj5e.af-south-1.es.amazonaws.com
ef5as23rljk2mjo54xzzh5b7di.af-south-1.es.amazonaws.com
*.testcluster.kqyp1f.c1.kafka.eu-west-1.amazonaws.com
*.canary627ccb545bde.p1i713.c3.kafka.af-south-1.amazonaws.com
*.cfnlaunchpadcanar.kakne3.c2.kafka.ap-southeast-3.amazonaws.com
hwfsk72lrrbczq4xfsiky5xdr4.ap-northeast-1.es.amazonaws.com
*.privatelinkcanary.o7q1h1.c4.kafka.ap-northeast-2.amazonaws.com
*.mskcluster3adgsux.xy0lqw.c2.kafka.ap-southeast-2.amazonaws.com
*.canaryb6a73c05894.ek92py.c5.kafka.ap-southeast-2.amazonaws.com
of4277ngujbbpuzcronoz7wjlq.ca-central-1.es.amazonaws.com
s3.us-east-1.amazonaws.com
canary.s3.us-gov-west-1.vpce.amazonaws.com
utb3zgxrn2e7mnhv5qgyiesdca.ap-southeast-2.es.amazonaws.com
ked5qqiaknxppr2ptfyq2z2hde.us-east-1.es-staging.amazonaws.com
epkq25frxidtqwzhpiu5na74ji.eu-west-1.es.amazonaws.com
*.cfnlaunchpadcanarytest.ljisga.c4.kafka.eu-west-1.amazonaws.com
*.cfnlaunchpadcanar.ty6puv.c2.kafka.ap-northeast-1.amazonaws.com
mu4e5dcryibbx.mrap.accesspoint.s3-global.amazonaws.com
q5ijjqpusel73ebpkthu6edvka.ap-northeast-1.es.amazonaws.com
*.cfnlaunchpadcanar.d467s7.c4.kafka.ap-northeast-2.amazonaws.com
yehmxtgn2qc4poy4tsiwars6rq.sa-east-1.es.amazonaws.com
canary.s3.us-east-2.vpce.amazonaws.com
*.cfnlaunchpadcanarytest.0p17bp.c4.kafka.eu-west-2.amazonaws.com
*.canary1f27ad4e8b21.bygyhq.c12.kafka.us-west-2.amazonaws.com
x7wbdyq4xqtsrtdnlvlj4rx5gi.ap-southeast-1.es.amazonaws.com
aksq7v2h2fenvkvlrjkssmhq6e.ap-southeast-1.es.amazonaws.com
jsfmlpyxlx5qdt3mvq6kb3zlzq.ap-south-1.es.amazonaws.com
mdfexzp7737t7.mrap.accesspoint.s3-global.amazonaws.com
*.canaryc37b8d367289.e4esek.c1.kafka.me-central-1.amazonaws.com
canary.s3.ap-southeast-1.vpce.amazonaws.com
m3stir3x9kx5m.mrap.accesspoint.s3-global.amazonaws.com
canary-s3ccp.mrap.accesspoint.s3-global.amazonaws.com
s3.eu-west-3.amazonaws.com
yn5tyh5p7kxvgl4j7ebsnumtzi.ap-south-1.es.amazonaws.com
lv4nfgokzyyh5kz4o4rlyrrgue.ap-south-1.es.amazonaws.com
*.canary4b55750240dc.th0lsm.c3.kafka.eu-west-3.amazonaws.com
s3.ap-southeast-2.amazonaws.com
*.canaryfcf3b606202d.ecc8c4.c4.kafka.us-west-1.amazonaws.com
*.cfnlaunchpadcanarytes.nt8ifz.c4.kafka.eu-north-1.amazonaws.com
ifcscxtvwwmh2twskdrbegweee.eu-west-1.es-staging.amazonaws.com
v6lvvq543ktmo2r457edtbnh4m.us-west-2.es.amazonaws.com
*.canaryb57f1b7d6b29.ego5xb.c3.kafka.us-gov-east-1.amazonaws.com
7564oq2vskmng3y3oqttk5u7r4.us-east-1.es.amazonaws.com
*.canary95a41d09dc37.4jrpr0.c4.kafka.eu-north-1.amazonaws.com
canary.s3.il-central-1.vpce.amazonaws.com
yaggdu4bqrmbpikf5h7ff4e6oy.us-east-1.es.amazonaws.com

Certificate

The complete raw certificate details for 4sbm4svmdwc4hja5kjqsbsabaq.us-gov-west-1.es.amazonaws.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQD8q0LyFxYh1EmKs0NpZ2TjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMTIxNzAwMDAwMFoXDTI1MDExNTIzNTk1OVowRDFC
MEAGA1UEAxM5NHNibTRzdm1kd2M0aGphNWtqcXNic2FiYXEudXMtZ292LXdlc3Qt
MS5lcy5hbWF6b25hd3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArs6CCl9ekBZwP979nOGu29KT23b1URUhQeTl5qJn5VhVTLk9KH8GfGtK8vJ/
4LlQf25h3A2lhE2Ccc8O4InYDpVU/lv+MQe9tMjpK0L7HFrXe4edVEKTUqYEbqyO
0CKjyNjBHLmFD3mtQUSU4XTrB9uuuM7QZ/p/ADNS/AM5iHFZ2WmXW/6Zyhv/4J0d
dHpn/jbeNwhIqaC35qApgKMvIw4WMLKHVBGNjPhHRdmN5EKLbCRxJ/LlCczePzOI
eSkEMcdK+4ikM5BF0RgeGgYKWFzr0yZBTu6AFf8tA4EJmxI+WhxGLgPfyDEJ7cLC
aZNmf6Bgu3+wFP9G7JD3DReeqwIDAQABo4IBxzCCAcMwHwYDVR0jBBgwFoAUwDFS
zVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFD3J2x0sOtNJKTtYBtzZZUPW2/RS
MGYGA1UdEQRfMF2COTRzYm00c3ZtZHdjNGhqYTVranFzYnNhYmFxLnVzLWdvdi13
ZXN0LTEuZXMuYW1hem9uYXdzLmNvbYIgKi51cy1nb3Ytd2VzdC0xLmVzLmFtYXpv
bmF3cy5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipo
dHRwOi8vY3JsLnIybTAyLmFtYXpvbnRydXN0LmNvbS9yMm0wMi5jcmwwdQYIKwYB
BQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5yMm0wMi5hbWF6b250
cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQucjJtMDIuYW1hem9udHJ1
c3QuY29tL3IybTAyLmNlcjAMBgNVHRMBAf8EAjAAMBMGCisGAQQB1nkCBAMBAf8E
AgUAMA0GCSqGSIb3DQEBCwUAA4IBAQBtJWI/iCPu42avHdxNpXobz9aFbb2u2u6F
0OTXxVUtiZVnZLdffsSdSAczaA0hoyCQqyowTo12+vjEghCo2aQXA1bVjUMh8Z2k
wojFhkkp1PyrwhG/qmaihFSfDb4/jjsVaoXaXS0dpRSA46zPpofobZAO7mGS+02f
d7/kcHPpgkrTTfAZdnQeSZEfYrPgGcdHZzYEhwasccQHMCJJ56qeujgwF4ZIbgTF
KnVJ8aC7KZwxglSI9O5K6YPSaZf3LAVB2LrYW9Gx8itMx47yt/WuE2m3KrHgqJtF
GCwUDAOat2MB67vyx5Zw7tRucQlbcU40Dcj4Mhz8rT75QuU98fDj
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArs6CCl9ekBZwP979nOGu
29KT23b1URUhQeTl5qJn5VhVTLk9KH8GfGtK8vJ/4LlQf25h3A2lhE2Ccc8O4InY
DpVU/lv+MQe9tMjpK0L7HFrXe4edVEKTUqYEbqyO0CKjyNjBHLmFD3mtQUSU4XTr
B9uuuM7QZ/p/ADNS/AM5iHFZ2WmXW/6Zyhv/4J0ddHpn/jbeNwhIqaC35qApgKMv
Iw4WMLKHVBGNjPhHRdmN5EKLbCRxJ/LlCczePzOIeSkEMcdK+4ikM5BF0RgeGgYK
WFzr0yZBTu6AFf8tA4EJmxI+WhxGLgPfyDEJ7cLCaZNmf6Bgu3+wFP9G7JD3DRee
qwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 20990918470000146019155072123753887310
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-17 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-15 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '4sbm4svmdwc4hja5kjqsbsabaq.us-gov-west-1.es.amazonaws.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22067297939845300721425227367704721627521719571006678094464108929463675556095959763366991971887580519664444488914583865742744423969053425834818059470529228878747467066460104313080481798077199266517464408668762176979225983177847703373855326386605664689094101111204461418179896091739002083207546362847422577651038449597739111120297055034636056692339532053098695136447479802195175455941509969359766424307761867838654456791173874575211626395693996661909519809353220011580200360969097971884694780221044516253492700568495497788261057119389169458310865943262089146600162850524267603741671549884483179053732466667322351263403
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3dc9db1d2c3ad349293b5806dcd96543d6dbf452
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (95 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '4sbm4svmdwc4hja5kjqsbsabaq.us-gov-west-1.es.amazonaws.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.us-gov-west-1.es.amazonaws.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		006d25623f8823eee366af1ddc4da57a1bcfd6856dbdaedaee85d0e4d7c5552d89956764b75f7ec49d480733680d21a32090ab2a304e8d76faf8c48210a8d9a4170356d58d4321f19da4c288c5864929d4fcabc211bfaa66a284549f0dbe3f8e3b156a85da5d2d1da51480e3accfa687e86d900eee6192fb4d9f77bfe47073e9824ad34df01976741e49911f62b3e019c7476736048706ac71c407302249e7aa9eba38301786486e04c52a7549f1a0bb299c31825488f4ee4ae983d26997f72c0541d8bad85bd1b1f22b4cc78ef2b7f5ae1369b72ab1e0a89b45182c140c039ab76301ebbbf2c79670eed46e71095b714e340dc8f8321cfcad3ef942e53df1f0e3