*.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 03:d1:fb:d8:ba:58:58:3c:54:69:ca:d4:73:24:57:e9 was issued on by Amazon.

With 7 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=*.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 03:d1:fb:d8:ba:58:58:3c:54:69:ca:d4:73:24:57:e9
Serial Number (int): 5077982086553160223481648766303623145
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 8c:fd:14:c2:71:4d:18:1d:9a:30:d1:7d:d6:28:a4:74:d5:05:00:dc
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): f7:e2:c5:ef:32:49:d9:e8:8b:c0:fb:79:4c:10:82:4c:9b:5a:d6:96
Fingerprint (sha256): 00:4f:d7:de:a1:bd:f5:32:6d:6f:65:7e:cf:75:37:51:f0:40:bd:c0:63:ff:be:ce:7e:1e:37:11:6b:3a:d8:30

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate *.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn

7

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn
*.iam.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn
*.iam2.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn
*.tls2.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn
*.scram2.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn
*.scram.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn
*.tls.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn

Other certificates including the domain name amazonaws.com.cn

(limited to 100 certificates)
s3.cn-northwest-1.amazonaws.com.cn
*.canary3496f720.utknk1.c2.kafka.cn-northwest-1.amazonaws.com.cn
*.canary2f55c250.6yywj3.c3.kafka.cn-northwest-1.amazonaws.com.cn
*.canary97dcd0c61386.gooyfy.c1.kafka.cn-north-1.amazonaws.com.cn
*.canary1f8805e087c3.tu6a4r.c1.kafka.cn-north-1.amazonaws.com.cn
*.cfnlaunchpadca.58m43m.c4.kafka.cn-northwest-1.amazonaws.com.cn
*.test10.w2yetm.c2.kafka.cn-northwest-1.amazonaws.com.cn
*.canaryc15b02e9.t88y5i.c4.kafka.cn-northwest-1.amazonaws.com.cn
*.gcsr1670079290cell.lvov73.c2.kafka.cn-north-1.amazonaws.com.cn
s3.cn-northwest-1.amazonaws.com.cn
c3pset6uu6psf5z6b7djkishha.cn-north-1.es.amazonaws.com.cn
canary.s3.cn-north-1.vpce.amazonaws.com.cn
*.privatelinkcanary0.yc7ect.c2.kafka.cn-north-1.amazonaws.com.cn
*.canary6e808f40ba73.d1i490.c1.kafka.cn-north-1.amazonaws.com.cn
*.gccanaryserver.viojmz.c4.kafka.cn-northwest-1.amazonaws.com.cn
s3.cn-north-1.amazonaws.com.cn
*.gccanaryserverless.gtbmcn.c2.kafka.cn-north-1.amazonaws.com.cn
*.gccanaryserver.y34xci.c3.kafka.cn-northwest-1.amazonaws.com.cn
*.canaryf335d056.0x21ts.c4.kafka.cn-northwest-1.amazonaws.com.cn
*.canary5e3b98ead0b9.p9kn5h.c2.kafka.cn-north-1.amazonaws.com.cn
*.canary-1e7d9f20e8d.now96m.c2.kafka.cn-north-1.amazonaws.com.cn
canary.s3.cn-north-1.vpce.amazonaws.com.cn
*.canary979ee1beda56.ozltwf.c4.kafka.cn-north-1.amazonaws.com.cn
*.canary8ca93964.e4yfol.c2.kafka.cn-northwest-1.amazonaws.com.cn
*.firefoxtbcreat.ik596e.c4.kafka.cn-northwest-1.amazonaws.com.cn
*.cfnlaunchpadcanary.3jua0u.c4.kafka.cn-north-1.amazonaws.com.cn
*.gccanaryserverless.on59qh.c2.kafka.cn-north-1.amazonaws.com.cn
lrzaa5a42vhrigxno2r3eughse.cn-northwest-1.es.amazonaws.com.cn
3licg3hwbasqh2s3mbaa43e44i.cn-northwest-1.es.amazonaws.com.cn
*.canary862e4293447c.6fmord.c3.kafka.cn-north-1.amazonaws.com.cn
canary.s3.cn-northwest-1.vpce.amazonaws.com.cn
*.canary5da44687.qdje6s.c1.kafka.cn-northwest-1.amazonaws.com.cn
*.gcsr1702011513.w5u9ni.c1.kafka.cn-northwest-1.amazonaws.com.cn
*.testmskcluster2023.a264cu.c4.kafka.cn-north-1.amazonaws.com.cn
e3s4mcykgdqwskjt4yfnjcvplm.cn-northwest-1.es.amazonaws.com.cn
s3.cn-north-1.amazonaws.com.cn
canary.s3.cn-north-1.vpce.amazonaws.com.cn
zp33ldehjurut56qpvvyignwcu.cn-northwest-1.es.amazonaws.com.cn
*.canary57d54d81.adfjg6.c4.kafka.cn-northwest-1.amazonaws.com.cn
plqhkzwvsorvp6jvchirqsebia.cn-northwest-1.es.amazonaws.com.cn
*.canary-5bcd7f8b343.utol99.c2.kafka.cn-north-1.amazonaws.com.cn
*.canary2b9a8106.sfhicu.c4.kafka.cn-northwest-1.amazonaws.com.cn
*.canary704b544ec27a.hx12kg.c3.kafka.cn-north-1.amazonaws.com.cn
*.testmskcluster2023.wwunyz.c4.kafka.cn-north-1.amazonaws.com.cn
*.cfnlaunchpadca.luyjcw.c2.kafka.cn-northwest-1.amazonaws.com.cn
*.canary102fc44a.ht1r7v.c2.kafka.cn-northwest-1.amazonaws.com.cn
*.canary125b55277948.jiwgs2.c4.kafka.cn-north-1.amazonaws.com.cn
*.execute-api.cn-north-1.amazonaws.com.cn
s3.cn-northwest-1.amazonaws.com.cn
canary.s3.cn-north-1.vpce.amazonaws.com.cn
*.gccanaryserver.e12zpj.c1.kafka.cn-northwest-1.amazonaws.com.cn
*.canary9493e9acdbf0.65fkbb.c2.kafka.cn-north-1.amazonaws.com.cn
j7kfriwwuf7bdefxyldbbxn3xi.cn-north-1.es.amazonaws.com.cn
*.gccanaryserverless.j19l71.c3.kafka.cn-north-1.amazonaws.com.cn
s3.cn-northwest-1.amazonaws.com.cn
canary.s3.cn-north-1.vpce.amazonaws.com.cn
*.canaryf637fadfd1b3.dy1tv6.c2.kafka.cn-north-1.amazonaws.com.cn
*.gccanaryserver.e8axaw.c3.kafka.cn-northwest-1.amazonaws.com.cn
*.canary-b1ddb9f.1oavs3.c1.kafka.cn-northwest-1.amazonaws.com.cn
pzm6mu3qqogtnhe43xvbgg5mqu.cn-north-1.es.amazonaws.com.cn
n6y7v4e7wbikszrkibyepwy7mi.cn-north-1.es.amazonaws.com.cn
*.gccanaryserver.4yjciv.c3.kafka.cn-northwest-1.amazonaws.com.cn
*.canary3da4cb72.70pf9i.c2.kafka.cn-northwest-1.amazonaws.com.cn
skylight-cm.cn-northwest-1.amazonaws.com.cn
*.gccanaryserverless.gjyh6w.c4.kafka.cn-north-1.amazonaws.com.cn
canary.s3.cn-north-1.vpce.amazonaws.com.cn
*.canarye81769aa.y3s17p.c2.kafka.cn-northwest-1.amazonaws.com.cn
*.gccanaryserver.lzzzoh.c4.kafka.cn-northwest-1.amazonaws.com.cn
canary.s3.cn-northwest-1.vpce.amazonaws.com.cn
*.canary-ffa9908d722.6td4gt.c3.kafka.cn-north-1.amazonaws.com.cn
*.canary8344e7dd5095.p7p3q4.c3.kafka.cn-north-1.amazonaws.com.cn
*.canarybbb126f0c041.8t96y8.c1.kafka.cn-north-1.amazonaws.com.cn
*.canary5f1bda26d48a.ftpcz9.c2.kafka.cn-north-1.amazonaws.com.cn
*.canaryafa0e54a.ygb5o4.c4.kafka.cn-northwest-1.amazonaws.com.cn
canary.s3.cn-north-1.vpce.amazonaws.com.cn
codedeploy-signer-cn-northwest-1.amazonaws.com.cn
twgpjwtbei6nsthlfpmzbl5hhy.cn-north-1.es.amazonaws.com.cn
canary.s3.cn-northwest-1.vpce.amazonaws.com.cn
*.canary0db4cb1e.oy6vos.c2.kafka.cn-northwest-1.amazonaws.com.cn
*.cfnlaunchpadcanary.5wt1zt.c3.kafka.cn-north-1.amazonaws.com.cn
*.gc-rc-sr-15867.xhwv4s.c1.kafka.cn-northwest-1.amazonaws.com.cn
*.cfnlaunchpadca.xj55qc.c4.kafka.cn-northwest-1.amazonaws.com.cn
*.kafkatos3withsasls.4llnmm.c3.kafka.cn-north-1.amazonaws.com.cn
hbn654jgaqpuftcce5yybvs2cy.cn-north-1.es.amazonaws.com.cn
uqoebdj5lch6aehczmdztetoha.cn-north-1.es.amazonaws.com.cn
*.gccanaryserverless.epmd6b.c4.kafka.cn-north-1.amazonaws.com.cn
*.gcsr1702033113.ld4gl7.c1.kafka.cn-northwest-1.amazonaws.com.cn
*.canary4668d574.oy05yh.c2.kafka.cn-northwest-1.amazonaws.com.cn
canary.s3.cn-north-1.vpce.amazonaws.com.cn
canary.s3.cn-north-1.vpce.amazonaws.com.cn
*.canaryc68700e9.0o7xf6.c2.kafka.cn-northwest-1.amazonaws.com.cn
*.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn
lrb4qjbh4wegaeyxfz3zuh7zci.cn-north-1.es.amazonaws.com.cn
tqrfxciqkhie6arj7v3xglbvn4.cn-northwest-1.es.amazonaws.com.cn
k2226wmzqdmgdfmmzwgqbqqvce.cn-northwest-1.es.amazonaws.com.cn
*.canary119ddc562fd4.jbrsi0.c2.kafka.cn-north-1.amazonaws.com.cn
*.canary1af0cacf.spzuhv.c1.kafka.cn-northwest-1.amazonaws.com.cn
*.gccanaryserver.2ebxjt.c4.kafka.cn-northwest-1.amazonaws.com.cn
*.canaryef38f1ce.7hlf6n.c2.kafka.cn-northwest-1.amazonaws.com.cn
*.gccanaryserverless.j3a68q.c1.kafka.cn-north-1.amazonaws.com.cn

Certificate

The complete raw certificate details for *.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGcDCCBVigAwIBAgIQA9H72LpYWDxUacrUcyRX6TANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMTIxMzAwMDAwMFoXDTI1MDExMDIzNTk1OVowSzFJ
MEcGA1UEAwxAKi5jYW5hcnljOGMyYTVlYy4zN244OTguYzMua2Fma2EuY24tbm9y
dGh3ZXN0LTEuYW1hem9uYXdzLmNvbS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIKC+utKb+lG+06n44qYBzjCu6rgfjK8ME5xyNk7NwboASgLjjRd
A0yunJb6hLBNpkfrKIa8fn3qga4RfZ2FJIP+7+cYsB2T6w8BJUwS0koj0iHe5GOd
BDIHT2ZkEdkdC200ofAZv00A1sTyvfp/0tkl70cmn0vlzc05lqvTSI8qqJILnpqV
CGQbJufghid+OGN0n1skk1hPFxKV5P0d2oIpoa7O8bc8eV89c/QGVcooSixYkVyX
E3l5VTMEbXuEuHMlVAfQ56wnXGKfqeuzSHv8x49M4Cg5vENAlADCl5U8H/BGNWTy
WwAB6v7Yxk1g+/2z/LEbHSGO48zNO0vlaSkCAwEAAaOCA10wggNZMB8GA1UdIwQY
MBaAFMAxUs1aUMOCfHRxzsvpnPl664LiMB0GA1UdDgQWBBSM/RTCcU0YHZow0X3W
KKR01QUA3DCCAfoGA1UdEQSCAfEwggHtgkAqLmNhbmFyeWM4YzJhNWVjLjM3bjg5
OC5jMy5rYWZrYS5jbi1ub3J0aHdlc3QtMS5hbWF6b25hd3MuY29tLmNugkQqLmlh
bS5jYW5hcnljOGMyYTVlYy4zN244OTguYzMua2Fma2EuY24tbm9ydGh3ZXN0LTEu
YW1hem9uYXdzLmNvbS5jboJFKi5pYW0yLmNhbmFyeWM4YzJhNWVjLjM3bjg5OC5j
My5rYWZrYS5jbi1ub3J0aHdlc3QtMS5hbWF6b25hd3MuY29tLmNugkUqLnRsczIu
Y2FuYXJ5YzhjMmE1ZWMuMzduODk4LmMzLmthZmthLmNuLW5vcnRod2VzdC0xLmFt
YXpvbmF3cy5jb20uY26CRyouc2NyYW0yLmNhbmFyeWM4YzJhNWVjLjM3bjg5OC5j
My5rYWZrYS5jbi1ub3J0aHdlc3QtMS5hbWF6b25hd3MuY29tLmNugkYqLnNjcmFt
LmNhbmFyeWM4YzJhNWVjLjM3bjg5OC5jMy5rYWZrYS5jbi1ub3J0aHdlc3QtMS5h
bWF6b25hd3MuY29tLmNugkQqLnRscy5jYW5hcnljOGMyYTVlYy4zN244OTguYzMu
a2Fma2EuY24tbm9ydGh3ZXN0LTEuYW1hem9uYXdzLmNvbS5jbjATBgNVHSAEDDAK
MAgGBmeBDAECATAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwucjJtMDIuYW1h
em9udHJ1c3QuY29tL3IybTAyLmNybDB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUH
MAGGIWh0dHA6Ly9vY3NwLnIybTAyLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcw
AoYqaHR0cDovL2NydC5yMm0wMi5hbWF6b250cnVzdC5jb20vcjJtMDIuY2VyMAwG
A1UdEwEB/wQCMAAwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQAD
ggEBAFRz83lXWg6wX2SrzxmwjpVvMVpdgxKVreCMTuETAfrP51D5rvT9qG2y6iOR
YdAGLgAA+EjHw4LPGPl/dF4+Eeoakk25mD8uJ0k59Z3GnTI1TcJ0zpUTa7c2H6cw
Kv4Lwtq0W+hcYxpuuxSqHP6uTABwdzeAyqSORCDPSLPydAG0JBsH5Qmp4LQfeMb1
cv/7fxdG9akJzp37Qjk6H5GvmBKNgV1ODefjNcfPr+fdWnu2mGzhzzWzW/yhetJ5
lVkBj9EIW5VkVsH+qpgJKZLZ6PVcAixgN7kwcfrD+iYMOFVGbD+xM7obn7NPHJa6
1NODxKL99azuhVTZoONcKzo6SoI=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoL660pv6Ub7TqfjipgH
OMK7quB+MrwwTnHI2Ts3BugBKAuONF0DTK6clvqEsE2mR+sohrx+feqBrhF9nYUk
g/7v5xiwHZPrDwElTBLSSiPSId7kY50EMgdPZmQR2R0LbTSh8Bm/TQDWxPK9+n/S
2SXvRyafS+XNzTmWq9NIjyqokguempUIZBsm5+CGJ344Y3SfWySTWE8XEpXk/R3a
gimhrs7xtzx5Xz1z9AZVyihKLFiRXJcTeXlVMwRte4S4cyVUB9DnrCdcYp+p67NI
e/zHj0zgKDm8Q0CUAMKXlTwf8EY1ZPJbAAHq/tjGTWD7/bP8sRsdIY7jzM07S+Vp
KQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 5077982086553160223481648766303623145
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-13 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-10 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 16475568366164327628829337423523656401756766768418613169727022912565316050314919926527386962979521547985176447504883534117886627337470206437339753625813860350120142438843431679853142789307691133621349727421965218022285729969524334327717134317867254098510639368922224277080277810065000536763810054833299077955373886940768173765199841268533276881787880095862723297507399749532486230922302147994036165788636649449044906355830763796302065999743913274370941877623786497552475132331917663447079570191611092775933243401556629762377497262720985062131371047950819831076956614686793816558666683600384492007580146558756215679273
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8cfd14c2714d181d9a30d17dd628a474d50500dc
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (497 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.iam.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.iam2.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.tls2.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.scram2.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.scram.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.tls.canaryc8c2a5ec.37n898.c3.kafka.cn-northwest-1.amazonaws.com.cn'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		005473f379575a0eb05f64abcf19b08e956f315a5d831295ade08c4ee11301facfe750f9aef4fda86db2ea239161d0062e0000f848c7c382cf18f97f745e3e11ea1a924db9983f2e274939f59dc69d32354dc274ce95136bb7361fa7302afe0bc2dab45be85c631a6ebb14aa1cfeae4c0070773780caa48e4420cf48b3f27401b4241b07e509a9e0b41f78c6f572fffb7f1746f5a909ce9dfb42393a1f91af98128d815d4e0de7e335c7cfafe7dd5a7bb6986ce1cf35b35bfca17ad2799559018fd1085b956456c1feaa98092992d9e8f55c022c6037b93071fac3fa260c3855466c3fb133ba1b9fb34f1c96bad4d383c4a2fdf5acee8554d9a0e35c2b3a3a4a82