OV SSL/TLS Certificate for *.banestes.com.br Issued to BANESTES SA BANCO DO ESTADO DO ESPIRITO SANTO

Certificate is witin its validity period

Issued by DigiCert Inc (GeoTrust TLS RSA CA G1)

About the *.banestes.com.br OV SSL/TLS Certificate

This certificate with serial number 08:22:6b:3a:03:ca:88:a3:3c:87:18:3e:49:aa:a0:71 for *.banestes.com.br was issued on by DigiCert Inc.

With 2 subject alternative names, this certificate can be used to secure multiple FQDNs. This OV SSL/TLS Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this OV SSL/TLS Certificate review for *.banestes.com.br provides you with the detailed information you were looking for.


We have identified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

DigiCert Inc

Organization: DigiCert Inc
Organizational unit: www.digicert.com
Country: US

This X.509 certificate will expire on

Certificate Details

Serial Number (hex): 08:22:6b:3a:03:ca:88:a3:3c:87:18:3e:49:aa:a0:71
Serial Number (int): 10812536873703830976716062144678502513
Serial Number Length: 124 bits, 16 octets

Subject Key Identifier: b6:7e:4d:73:5c:6d:c2:c1:5c:ea:f8:43:04:35:18:d4:c4:be:dd:19
Authority Key Identifier: 94:4f:d4:5d:8b:e4:a4:e2:a6:80:fe:fd:d8:f9:00:ef:a3:be:02:57

Fingerprint (SHA-1): c9:ee:5a:87:94:47:ed:f2:36:be:38:13:42:4f:e3:a3:b2:6d:06:52
Fingerprint (SHA-256): 2a:9b:54:6e:d6:0b:cc:f2:00:d0:1b:48:d1:19:3c:83:c4:74:f9:53:31:b7:26:03:92:42:c7:22:99:6f:48:6b

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt

Revocation Information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl

Check the revocation status for certificate *.banestes.com.br
2
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details of the X.509 certificate for *.banestes.com.br

Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Key Encipherment
Digital Signature
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10
CA Certificate
This is not a CA certificate

Subject Alternative Names

X.509 Certificate

The complete raw X.509 certificate details for *.banestes.com.br in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGpjCCBY6gAwIBAgIQCCJrOgPKiKM8hxg+SaqgcTANBgkqhkiG9w0BAQsFADBg
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZHZW9UcnVzdCBUTFMgUlNBIENBIEcx
MB4XDTI0MDcyMzAwMDAwMFoXDTI1MDgyMzIzNTk1OVowgY4xCzAJBgNVBAYTAkJS
MRgwFgYDVQQIDA9Fc3DDrXJpdG8gU2FudG8xETAPBgNVBAcMCFZpdMOzcmlhMTYw
NAYDVQQKEy1CQU5FU1RFUyBTQSBCQU5DTyBETyBFU1RBRE8gRE8gRVNQSVJJVE8g
U0FOVE8xGjAYBgNVBAMMESouYmFuZXN0ZXMuY29tLmJyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA2yCFjOGdq6JyXJymD6LQFALFXD+WkibLCXDE71zm
eSPhgHJjK2wv6pWkpUAoiUxJ+fF1RTfndqgtXPM7+u2auxY10WBhR1TO/0SchaT8
23Wz55ky/W9wZ3/c4N6/m73i7cj3/+gOPy+HMesUgjcBlLhOe2ryxO3v9koWg3cw
cuSeatc/bUVhb92gZgGlCk2Cu6un3SUyOA4iF898hfl0s99tciMI/d2Z8Me8QA7i
sLD7bmwpvmd4BSbUlO7fzlG267krZLirbOaJ4j11QneAN3Y+mzA7wQCVXBoAOXNl
NnY36keammyiwdIPG/JN+mX6nBs+3EebHFjNJtdWR861YwIDAQABo4IDKzCCAycw
HwYDVR0jBBgwFoAUlE/UXYvkpOKmgP792PkA76O+AlcwHQYDVR0OBBYEFLZ+TXNc
bcLBXOr4QwQ1GNTEvt0ZMC0GA1UdEQQmMCSCESouYmFuZXN0ZXMuY29tLmJygg9i
YW5lc3Rlcy5jb20uYnIwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcC
ARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPwYDVR0fBDgwNjA0oDKgMIYu
aHR0cDovL2NkcC5nZW90cnVzdC5jb20vR2VvVHJ1c3RUTFNSU0FDQUcxLmNybDB2
BggrBgEFBQcBAQRqMGgwJgYIKwYBBQUHMAGGGmh0dHA6Ly9zdGF0dXMuZ2VvdHJ1
c3QuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vY2FjZXJ0cy5nZW90cnVzdC5jb20v
R2VvVHJ1c3RUTFNSU0FDQUcxLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHW
eQIEAgSCAW4EggFqAWgAdgAS8U40vVNyTIQGGcOPP3oT+Oe1YoeInG0wBYTr5YYm
OgAAAZDhfinrAAAEAwBHMEUCIDoJs5nCKjoBQ/RbWU2/ZxZkWMLiOFe6v6lGZmVb
mgCHAiEAqIqc377zmXl+xhCsipoaYSuhsBDoOa4ZuzEjTs4LwoQAdgB9WR4S4Xgq
exxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAAAZDhfiokAAAEAwBHMEUCIQD5eP3J
Muc+c9ElC3tEGBxbPgayng+r7aj71O+F3m8PgwIgIPLmi4YJOh48C9kkdVVfYwxz
JqbIb25RSRDtTCL8HnUAdgDm0jFjQHeMwRBBBtdxuc7B0kD2loSG+7qHMh39HjeO
UAAAAZDhfipAAAAEAwBHMEUCIQDCf3bp45BOvuFeFIrDa4dPcKKokzk9jp7dR6IV
r5ttkQIgNlvqwkkKf5b1RrPYpP0IePrpAEDahX4CQ83bPTSJ7DQwDQYJKoZIhvcN
AQELBQADggEBAKO2Z1Xuu6xEyFMDOndR6w4v0A2TUAwPofIpIxEK5KN5FEj1HlGO
bCT+nyVEk5U/vg6ze0xLboqJAa954GRcnfzXJiYmbdqMxXLw2uXFcQH9NnKzI0ys
Pe3R9ehj6HfZ/hOumLwTYPWPjzKd1Le9HhLVxhGk8AaklOgv56RhX9L4ISvw7d7D
CWhmgAsRX66YP2BtDLqKB773wvdnFF4s+RuTAPBQc7DUgVAe1RCdmwhYgHjQJDvu
Q5UBPwieESvVQyIoFW6cFwPTVwDHKBRc2zNhqNQ2nJw1gRE3PcJnsOs483MZa7zM
6I51Tp1jPXXXsKBFqsKc1OOaivcwDMAF3p4=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yCFjOGdq6JyXJymD6LQ
FALFXD+WkibLCXDE71zmeSPhgHJjK2wv6pWkpUAoiUxJ+fF1RTfndqgtXPM7+u2a
uxY10WBhR1TO/0SchaT823Wz55ky/W9wZ3/c4N6/m73i7cj3/+gOPy+HMesUgjcB
lLhOe2ryxO3v9koWg3cwcuSeatc/bUVhb92gZgGlCk2Cu6un3SUyOA4iF898hfl0
s99tciMI/d2Z8Me8QA7isLD7bmwpvmd4BSbUlO7fzlG267krZLirbOaJ4j11QneA
N3Y+mzA7wQCVXBoAOXNlNnY36keammyiwdIPG/JN+mX6nBs+3EebHFjNJtdWR861
YwIDAQAB
-----END PUBLIC KEY-----

ASN.1 Decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 10812536873703830976716062144678502513
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust TLS RSA CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-23 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-08-23 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Espírito Santo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Vitória'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BANESTES SA BANCO DO ESTADO DO ESPIRITO SANTO'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.banestes.com.br'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27662225826141158730726751386856876663902583695613093666688263902310988811840085405505050641592820445450387599491985466829395663720913259677138868114809040931229821926884193051114400668646918844427497574873143840882333253215660836391441763322169793968945598565472871091799350769530464438140589586603721874635507669159626892658196849807628380014775398117623051208898056648827586111274230243804660475553370801406885091633025751388064785640965383792671587037923780976845597333170337797069764864127841728652651457598279442624465276226209319097460057225758054642046778478565861768294939804680893776389388292615546268988771
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 944fd45d8be4a4e2a680fefdd8f900efa3be0257
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b67e4d735c6dc2c15ceaf843043518d4c4bedd19
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.banestes.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'banestes.com.br'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							016800760012f14e34bd53724c840619c38f3f7a13f8e7b56287889c6d300584ebe586263a00000190e17e29eb000004030047304502203a09b399c22a3a0143f45b594dbf67166458c2e23857babfa94666655b9a0087022100a88a9cdfbef399797ec610ac8a9a1a612ba1b010e839ae19bb31234ece0bc2840076007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b800000190e17e2a240000040300473045022100f978fdc932e73e73d1250b7b44181c5b3e06b29e0fabeda8fbd4ef85de6f0f83022020f2e68b86093a1e3c0bd92475555f630c7326a6c86f6e514910ed4c22fc1e75007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e5000000190e17e2a400000040300473045022100c27f76e9e3904ebee15e148ac36b874f70a2a893393d8e9edd47a215af9b6d910220365beac2490a7f96f546b3d8a4fd0878fae90040da857e0243cddb3d3489ec34
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . [c:0|t:5|false] NULL []
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00a3b66755eebbac44c853033a7751eb0e2fd00d93500c0fa1f22923110ae4a3791448f51e518e6c24fe9f254493953fbe0eb37b4c4b6e8a8901af79e0645c9dfcd72626266dda8cc572f0dae5c57101fd3672b3234cac3dedd1f5e863e877d9fe13ae98bc1360f58f8f329dd4b7bd1e12d5c611a4f006a494e82fe7a4615fd2f8212bf0eddec3096866800b115fae983f606d0cba8a07bef7c2f767145e2cf91b9300f05073b0d481501ed5109d9b08588078d0243bee4395013f089e112bd5432228156e9c1703d35700c728145cdb3361a8d4369c9c358111373dc267b0eb38f373196bbccce88e754e9d633d75d7b0a045aac29cd4e39a8af7300cc005de9e