q5ijjqpusel73ebpkthu6edvka.ap-northeast-1.es.amazonaws.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 08:01:6c:84:fc:82:65:79:4c:92:bd:ac:ad:e3:cd:05 was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=q5ijjqpusel73ebpkthu6edvka.ap-northeast-1.es.amazonaws.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 08:01:6c:84:fc:82:65:79:4c:92:bd:ac:ad:e3:cd:05
Serial Number (int): 10641217299640370102274678536722959621
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: ea:f6:a2:8e:a1:e6:2b:71:ad:2e:d1:f0:5c:58:3e:f2:30:c4:31:8e
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): 7f:a9:09:b7:66:9f:f2:bd:1b:ed:93:a7:9e:62:54:33:a6:c9:90:4c
Fingerprint (sha256): 00:01:0e:d1:9b:1f:96:59:f3:6b:9e:f4:c7:54:56:9e:68:8a:85:5d:b7:df:83:0a:29:4f:91:ee:97:3b:0b:7b

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate q5ijjqpusel73ebpkthu6edvka.ap-northeast-1.es.amazonaws.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for q5ijjqpusel73ebpkthu6edvka.ap-northeast-1.es.amazonaws.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

q5ijjqpusel73ebpkthu6edvka.ap-northeast-1.es.amazonaws.com
*.ap-northeast-1.es.amazonaws.com

Other certificates including the domain name amazonaws.com

(limited to 100 certificates)
*.canary-705cb9c9ce.4vp3ak.c1.kafka.ap-southeast-1.amazonaws.com
hcmsmyn7brxhvxc6zgbctvjh44.us-east-2.es.amazonaws.com
*.cfnlaunchpadcanarytest.wcpyzy.c4.kafka.eu-west-1.amazonaws.com
s3.ca-central-1.amazonaws.com
s3.af-south-1.amazonaws.com
s3.us-west-2.amazonaws.com
xbfwcx4qduhx25yb6chzuw4nni.ca-central-1.es.amazonaws.com
t3s2vk5yto255no6s4m7uc5pde.ap-northeast-1.es.amazonaws.com
*.canary-f22d3b00119a.oi5ic9.c2.kafka.ap-south-1.amazonaws.com
6fgy56efefwkdeodtkmmwkdswe.us-east-1.es.amazonaws.com
*.canary-780e819e93d7.s22kq9.c1.kafka.us-west-2.amazonaws.com
*.cfnlaunchpadcanaryt.uveli7.c4.kafka.ca-central-1.amazonaws.com
*.canary7a34ed13e7b2.8yk2jt.c5.kafka.us-west-2.amazonaws.com
*.canary-794dbee21039.jarqga.c3.kafka.eu-north-1.amazonaws.com
*.cfnlaunchpadcanarytest.witiix.c4.kafka.us-west-2.amazonaws.com
gi66xkoipe4iyd3xrf4h2fvpua.us-east-1.es.amazonaws.com
tibuxu36xjihnkqggn2ofga7y4.us-east-1.es.amazonaws.com
*.canary627ccb545bde.p1i713.c3.kafka.af-south-1.amazonaws.com
s3.us-east-1.amazonaws.com
canary.s3.us-gov-west-1.vpce.amazonaws.com
*.cfnlaunchpadcanarytest.ljisga.c4.kafka.eu-west-1.amazonaws.com
mu4e5dcryibbx.mrap.accesspoint.s3-global.amazonaws.com
q5ijjqpusel73ebpkthu6edvka.ap-northeast-1.es.amazonaws.com
*.cfnlaunchpadcanar.d467s7.c4.kafka.ap-northeast-2.amazonaws.com
yehmxtgn2qc4poy4tsiwars6rq.sa-east-1.es.amazonaws.com
canary.s3.ap-southeast-1.vpce.amazonaws.com
yn5tyh5p7kxvgl4j7ebsnumtzi.ap-south-1.es.amazonaws.com
s3.ap-southeast-2.amazonaws.com
*.cfnlaunchpadcanarytes.nt8ifz.c4.kafka.eu-north-1.amazonaws.com
7564oq2vskmng3y3oqttk5u7r4.us-east-1.es.amazonaws.com
*.canary95a41d09dc37.4jrpr0.c4.kafka.eu-north-1.amazonaws.com
canary.s3.il-central-1.vpce.amazonaws.com
*.cfnlaunchpadcanarytest.v6677v.c4.kafka.eu-west-3.amazonaws.com
puqxh6d3qxzzp3nzqp667pf2sq.me-south-1.es.amazonaws.com
*.cfnlaunchpadcanarytest.cbepqo.c4.kafka.sa-east-1.amazonaws.com
*.cfnlaunchpadcanaryt.cdul2k.c4.kafka.ca-central-1.amazonaws.com
*.cluster-cxnwqqspunxa.us-west-2.rds.amazonaws.com
canary.s3.us-east-1.vpce.amazonaws.com
*.cfnlaunchpadcanarytest.38r357.c4.kafka.eu-west-3.amazonaws.com
*.cfnlaunchpadcanar.vc86fp.c4.kafka.ap-northeast-1.amazonaws.com
*.replacementcanary-2.sod442.c1.kafka.eu-central-1.amazonaws.com
*.canary-38054043d9f7.poa07p.c2.kafka.ap-south-1.amazonaws.com
*.armupdateconfiga.6zw4yn.c1.kafka-gamma.us-west-2.amazonaws.com
tsf7epmr36d5w77wtdtluqtjc4.us-west-2.es.amazonaws.com
*.canary-47bc0dc98d40.qeyouk.c2.kafka.us-east-2.amazonaws.com
ardi-service-gamma.us-gov-west-1.amazonaws.com
ecs-a-1.us-gov-east-1.amazonaws.com
*.kafkamskcluster.ha9iy3.c2.kafka.eu-west-1.amazonaws.com
*.chrometbcreate17018877.12gtf9.c4.kafka.ap-east-1.amazonaws.com
*.cfnlaunchpadcanarytest.3p5lh7.c4.kafka.eu-west-3.amazonaws.com
*.ckfulidknuxh.us-east-1.redshift.amazonaws.com
*.cfnlaunchpadcanarytes.i4ii6f.c4.kafka.eu-south-1.amazonaws.com
*.cfnlaunchpadcanar.oxna9l.c4.kafka.ap-southeast-2.amazonaws.com
snowball.ap-southeast-2.amazonaws.com
*.canary-db7a37281f6d.03742e.c4.kafka.eu-west-3.amazonaws.com
clpgted7o6ujv7oq6f452hbvcy.us-gov-west-1.es.amazonaws.com
*.canary3a1737a7b1d2.37xanb.c1.kafka.me-south-1.amazonaws.com
3beolxhz5fv46rccqqzl2rekii.us-west-2.es.amazonaws.com
*.gc-rc-sr-1583945003.r41xxd.c1.kafka.ca-central-1.amazonaws.com
o4plilfaz3tt375be2hjlgkufy.us-east-1.es-nexus.amazonaws.com
llzhr46qwljcelzqvmbyayg73e.us-west-2.es.amazonaws.com
s3.ap-northeast-2.amazonaws.com
6blwbm2sbvxdeqtjt2rgwiqz5u.ca-central-1.es.amazonaws.com
*.canaryf7fe0b518e7.mm787h.c2.kafka.ap-southeast-4.amazonaws.com
ndn3w3adypi2bzgvcbd7kvyh5m.sa-east-1.es.amazonaws.com
6qboysqk6yo23za3vmtbymaop4.eu-west-1.es.amazonaws.com
canary.s3.ap-south-2.vpce.amazonaws.com
canary.s3.eu-south-1.vpce.amazonaws.com
*.replacementcanary-d.nwv4s1.c2.kafka.eu-central-1.amazonaws.com
*.canary-0a91a417f712.nfwvus.c4.kafka.eu-west-2.amazonaws.com
6nznveo3kitfemggrairlto7mq.us-east-2.es.amazonaws.com
*.cfnlaunchpadcanarytest.cax14p.c4.kafka.us-west-2.amazonaws.com
*.canary-c69e4350d57b.i043gg.c2.kafka.sa-east-1.amazonaws.com
bah6y7swgv45v7l7djflpxwwwq.ca-central-1.es.amazonaws.com
iot.ap-east-1.amazonaws.com
*.canaryd48d12394505.14l3pv.c1.kafka.ap-east-1.amazonaws.com
pto6jrl6qhbeqe6oe4x362mpxa.ap-southeast-2.es.amazonaws.com
tepmvrsdf3xydheyylxyrecgm4.ca-central-1.es.amazonaws.com
*.cfnlaunchpadcanar.c1pxt0.c4.kafka.ap-southeast-1.amazonaws.com
sy55psllz7gqa6zuvhaqgej5si.ap-south-1.es.amazonaws.com
cwkfpqeuisv5f3k2bhefmwmmyi.us-west-2.es.amazonaws.com
*.cfnlaunchpadcanarytest.riht0e.c4.kafka.us-east-2.amazonaws.com
*.canary-bacec8bf1.ec5hab.c2.kafka-gamma.us-west-2.amazonaws.com
*.cfnlaunchpadcanarytest.w4edt4.c3.kafka.ap-east-1.amazonaws.com
s3.us-west-2.amazonaws.com
canary.s3.us-gov-west-1.vpce.amazonaws.com
2nvh4kntwlmkqojlnkyp4n5ay4.us-east-1.es.amazonaws.com
*.cfnlaunchpadcanarytes.xk5az5.c4.kafka.ap-south-1.amazonaws.com
*.cfnlaunchpadcanaryt.7gcrhr.c4.kafka.eu-central-1.amazonaws.com
mduu39hksjzns.mrap.accesspoint.s3-global.amazonaws.com
ru5ziep6jdrjlypmzfjrxvmp5i.us-east-1.es.amazonaws.com
*.cfnlaunchpadcanarytest.b3tq5v.c4.kafka.sa-east-1.amazonaws.com
6kuummyzaevnqebemhdxspah7m.us-east-2.es.amazonaws.com
obuwh4h6cn2kpbgsdiivq35ism.me-south-1.es.amazonaws.com
*.canary-713dda14bc6c.kechxe.c1.kafka.us-east-2.amazonaws.com
*.canarye07e1d49f933.9d9goy.c2.kafka.ap-east-1.amazonaws.com
*.cfnlaunchpadcanar.vp1b7t.c4.kafka.ap-southeast-1.amazonaws.com
hij7u3gvqhtjlu6i6rtf2vs5fq.ca-central-1.es.amazonaws.com
cseualrgtz6nsjvu4ovkz36mlu.ap-northeast-1.es.amazonaws.com
*.cfnlaunchpadcanarytest.nvwq9x.c4.kafka.us-west-2.amazonaws.com

Certificate

The complete raw certificate details for q5ijjqpusel73ebpkthu6edvka.ap-northeast-1.es.amazonaws.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgIQCAFshPyCZXlMkr2srePNBTANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMTIwNTAwMDAwMFoXDTI1MDEwMzIzNTk1OVowRTFD
MEEGA1UEAxM6cTVpampxcHVzZWw3M2VicGt0aHU2ZWR2a2EuYXAtbm9ydGhlYXN0
LTEuZXMuYW1hem9uYXdzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALFDaLM5tNzyDIzgrkgSfTZfrvvBu8czVyq/w7SGR8Piu8hK/+gouxerdgD9
Tb2OMpXX3lZAS8/1L8XERGqaVQy5j0mCTG9Elzs/76d7xIUXHu2e7cy7OntDZ3YR
bk9dtx4v7m9EyycwM4OFH3zP4qm4Y5RcMaIgOzMvC5zsVwj19F31deUVZNBtm+xD
ott3MUB3u7OntTMELKqU5nvfScu6V2JjmRRZcosFfs/1e/kk0lqLpTmohm1IY16n
5npaftS1Q5oVkLSpZH1K7DPsjW30zeXRuRKn4COCOkuIc/juDBP+N/tYGrrqMCJf
mdwxR9dGVjG8z3mZjXpWhG99Z1MCAwEAAaOCAckwggHFMB8GA1UdIwQYMBaAFMAx
Us1aUMOCfHRxzsvpnPl664LiMB0GA1UdDgQWBBTq9qKOoeYrca0u0fBcWD7yMMQx
jjBoBgNVHREEYTBfgjpxNWlqanFwdXNlbDczZWJwa3RodTZlZHZrYS5hcC1ub3J0
aGVhc3QtMS5lcy5hbWF6b25hd3MuY29tgiEqLmFwLW5vcnRoZWFzdC0xLmVzLmFt
YXpvbmF3cy5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAs
hipodHRwOi8vY3JsLnIybTAyLmFtYXpvbnRydXN0LmNvbS9yMm0wMi5jcmwwdQYI
KwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5yMm0wMi5hbWF6
b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQucjJtMDIuYW1hem9u
dHJ1c3QuY29tL3IybTAyLmNlcjAMBgNVHRMBAf8EAjAAMBMGCisGAQQB1nkCBAMB
Af8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQB5k5ZHCxcwqcOOVpbSjrev07fQESJQ
QaC/2SO8QrPiL9WSONNVw+A4ZxEnA0zloKC98b/x6GavRX9Dsp100CNotqC5iwt/
i6hKm4RnFIpqLkxsQr71f2sN8+FHuq1VbppQ6V3O6HvETFQtGEB62eRObLNpDMHu
FAbwPKRcTlxkpU4b7RIYhvL+4l9XsZjcPavQl7vk9Gf3onP4pKCRHzjTt0F7cf4M
hy1i0Gc2xplxqbM/SsiAaOul/lMbf7JD7rzG1quF1AwgBmnHtanBzZT69zXdCg8D
9gDcpvuZ9KaptyTgEg6McO2WLfR1PCgWYZzXKFB6FUHV6/9mOanHcFWF
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUNoszm03PIMjOCuSBJ9
Nl+u+8G7xzNXKr/DtIZHw+K7yEr/6Ci7F6t2AP1NvY4yldfeVkBLz/UvxcREappV
DLmPSYJMb0SXOz/vp3vEhRce7Z7tzLs6e0NndhFuT123Hi/ub0TLJzAzg4UffM/i
qbhjlFwxoiA7My8LnOxXCPX0XfV15RVk0G2b7EOi23cxQHe7s6e1MwQsqpTme99J
y7pXYmOZFFlyiwV+z/V7+STSWoulOaiGbUhjXqfmelp+1LVDmhWQtKlkfUrsM+yN
bfTN5dG5EqfgI4I6S4hz+O4ME/43+1gauuowIl+Z3DFH10ZWMbzPeZmNelaEb31n
UwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 10641217299640370102274678536722959621
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-05 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-03 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'q5ijjqpusel73ebpkthu6edvka.ap-northeast-1.es.amazonaws.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22377420588273395447492506950119866706983413731573695309237269517778424491126770440972736899451121673410773152777148573610958415453552147876740129177987340140026658796476692192996791637614547380593489973278176727553172018085853415109602909841335252477321097830228485174723287518100731760171185132107523346254754380849998404708766036438050981133114662923334368869315076733590633491019150695614582313805740934736139413155469000797164570333711820349494959045075143793781533246162575585032716006226364446554396438057044716827765331123613072352062338096181284468322960447564354631383177207388534368634405908047006101497683
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							eaf6a28ea1e62b71ad2ed1f05c583ef230c4318e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (97 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'q5ijjqpusel73ebpkthu6edvka.ap-northeast-1.es.amazonaws.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ap-northeast-1.es.amazonaws.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00799396470b1730a9c38e5696d28eb7afd3b7d011225041a0bfd923bc42b3e22fd59238d355c3e038671127034ce5a0a0bdf1bff1e866af457f43b29d74d02368b6a0b98b0b7f8ba84a9b8467148a6a2e4c6c42bef57f6b0df3e147baad556e9a50e95dcee87bc44c542d18407ad9e44e6cb3690cc1ee1406f03ca45c4e5c64a54e1bed121886f2fee25f57b198dc3dabd097bbe4f467f7a273f8a4a0911f38d3b7417b71fe0c872d62d06736c69971a9b33f4ac88068eba5fe531b7fb243eebcc6d6ab85d40c200669c7b5a9c1cd94faf735dd0a0f03f600dca6fb99f4a6a9b724e0120e8c70ed962df4753c2816619cd728507a1541d5ebff6639a9c7705585