gitlab.service.nsw.gov.au

Issued by Amazon

About this certificate

This digital certificate with serial number 0d:be:6a:89:69:fd:2c:3e:3d:81:e5:a3:43:63:f0:d8 was issued on by Amazon.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=gitlab.service.nsw.gov.au

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0d:be:6a:89:69:fd:2c:3e:3d:81:e5:a3:43:63:f0:d8
Serial Number (int): 18268661170803768324308663039720419544
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 07:e1:87:70:6a:b0:33:c7:b8:08:b1:bb:9f:ce:56:37:5b:88:61:d9
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 21:f9:3f:55:a6:91:ad:4a:6c:4c:df:62:cd:c7:9a:1a:de:40:f8:c9
Fingerprint (sha256): 00:6d:76:2a:44:38:d1:92:76:d1:74:3e:b1:4c:3f:96:33:e8:6b:52:ae:95:63:9c:06:a2:ea:84:66:cc:f8:95

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate gitlab.service.nsw.gov.au

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for gitlab.service.nsw.gov.au

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

gitlab.service.nsw.gov.au

Other certificates including the domain name nsw.gov.au

(limited to 100 certificates)
glc-lyncfe.glc-dom.greatlakes.nsw.gov.au
wnswlhd.health.nsw.gov.au
virtela.simpplr.com
sni192047.cloudflaressl.com
helpdesk.regionalhousing.org.au
webpac.sutherlandshire.nsw.gov.au
*.sopa.nsw.gov.au
rsc.cdn77.org
test.cadastre.nsw.gov.au
support.licence.nsw.gov.au
incapsula.com
incapsula.com
search.det.nsw.edu.au
vsp.schn.health.nsw.gov.au
www.goulburn.nsw.gov.au
live.artgallery.nsw.gov.au
citrix.service.nsw.gov.au
ehub.enrol.education.nsw.gov.au
www.heti.nsw.gov.au
incapsula.com
archivemanager.health.nsw.gov.au
vpn.hawkesbury.nsw.gov.au
*.finance.nsw.gov.au
www.careforacarer.nsw.gov.au
ictsd.sureservegroup.co.uk
www.kogarah.nsw.gov.au
ictsd.sureservegroup.co.uk
pra.community.nsw.gov.au
PCS-PDS263.tmc.rta.nsw.gov.au
vmoirs.health.nsw.gov.au
objective-dev.transport.nsw.gov.au
employment.midwestern.nsw.gov.au
*.audit.nsw.gov.au
mpa.nsw.gov.au
mailsync.narrandera.nsw.gov.au
incapsula.com
*.int.smprimavera.aws.hosting.transport.nsw.gov.au
skypool1.det.nsw.edu.au
ssl758952.cloudflaressl.com
mhrt.nsw.gov.au
intranet.transport.nsw.gov.au
m.artgallery.nsw.gov.au
policingactivity.bocsar.nsw.gov.au
eventshub.nsw.gov.au
pointtopoint.nsw.gov.au
macroc.nsw.gov.au
oacciwtrn.oci.dcj.nsw.gov.au
ssl758953.cloudflaressl.com
www.energy.nsw.gov.au
cims-sit.hbcf.nsw.gov.au
fncw.nsw.gov.au
wollongong.nsw.gov.au
accessedge1.nswgov.ucfx.com
crl.nsw.gov.au
gitlab.service.nsw.gov.au
ssl375654.cloudflaressl.com
alpha.portal.data.nsw.gov.au
www.victimsservices.justice.nsw.gov.au
sni203116.cloudflaressl.com
www.pexa.osr.nsw.gov.au
msa.dev.education.nsw.gov.au
sni183646.cloudflaressl.com
5676582576324608-fe3.pantheonsite.io
sni183646.cloudflaressl.com
citrix.lb.rta.nsw.gov.au
sni192047.cloudflaressl.com
*.icac.nsw.gov.au
imperva.com
failover.graftongallery.nsw.gov.au
whatsonhelp.cityofsydney.nsw.gov.au
5638916786880512-fe1.pantheonsite.io
tmf-dashboard.icare.nsw.gov.au
uat.emos.nsw.gov.au
www.otsi.nsw.gov.au
events.energysaver.nsw.gov.au
*.unify.service.nsw.gov.au
www.kyogle.nsw.gov.au
web-workflow.sl.nsw.gov.au
camden.nsw.gov.au
cloud.comms.service.nsw.gov.au
sni192050.cloudflaressl.com
governor.nsw.gov.au
*.wls.dpi.nsw.gov.au
tools.dev.justconnect.justice.nsw.gov.au
api.uat01.onlineregistry.justice.nsw.gov.au
incapsula.com
locale-distro.morpht.com
apt-apigee-devs-profile-user-images-prod.cf.g.service.nsw.gov.au
imperva.com
eservices.byron.nsw.gov.au
snswlhd.health.nsw.gov.au
maritimemanagement.transport.nsw.gov.au
tst.smartandskilled.nsw.gov.au
www.hay.nsw.gov.au
*.audit.nsw.gov.au
incapsula.com
*.upperhunter.nsw.gov.au
sni.cloudflaressl.com
mail.yass.nsw.gov.au
archives.nsw.gov.au

Certificate

The complete raw certificate details for gitlab.service.nsw.gov.au in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgIQDb5qiWn9LD49geWjQ2Pw2DANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTA3MjMwMDAwMDBaFw0yMDA4MjMx
MjAwMDBaMCQxIjAgBgNVBAMTGWdpdGxhYi5zZXJ2aWNlLm5zdy5nb3YuYXUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzLKh97C7SmQN+iLbOoYEi/Ao1
rNViBcBmt5y0iZSKCHlBRAW/r1dV9hzLJYsV9gqukIsOWH/dzK9lmlCy6wNql3gy
Bv0hKccqN5pNBnXhgFhGlGHiuqDQ/WdcIEN2hGhSSpp/g/52GIJosRQr5HCri1JW
XDiNHnriuoU5FeNQJER6iilzEPKKEXx4mdeyxuMZSDlNdXPx/wpLwt7yfBrRrCPp
AedROnY//UnzEBWCJMEgEIDHNwYhCWSfgz3AwNIrFc29AEHFnBxVzyCDj7ZJDya8
JEgHb3S8qyuaKNVfpiQHiEmw9Pq9QIBnCWOG4/du0b/wWjLFcJ/eR6bROvytAgMB
AAGjggKGMIICgjAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNV
HQ4EFgQUB+GHcGqwM8e4CLG7n85WN1uIYdkwJAYDVR0RBB0wG4IZZ2l0bGFiLnNl
cnZpY2UubnN3Lmdvdi5hdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuc2Nh
MWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNybDAgBgNVHSAEGTAXMAsGCWCGSAGG
/WwBAjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRw
Oi8vb2NzcC5zY2ExYi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6
Ly9jcnQuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8E
AjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcApLkJkLQYWBSHuxOizGdwCjw1
mAT5G9+443fNDsgN3BAAAAFsHJUI4AAABAMASDBGAiEAoxUk10zLph+AWfzI5Glt
PDO4RlIqvKqcoJZzB+DLKpMCIQCFghqosn58nGWwWjbrMpYq1RJgK2WmAQXQTp1d
8lkARQB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABbByVCTIA
AAQDAEcwRQIhALB8zxemos6Bltym16tqHO9iUf6gHHsN3ft85tfGFDvSAiBOoLq+
N6CeMYf9+Zm7sA12LrbVFjnqEeWb6e9Q1UhDpDANBgkqhkiG9w0BAQsFAAOCAQEA
HlBZAnwEq7X01ZXnyKK9AK/LCeLWW1c2CXqEO9D8vpDtVRzM0JwvBLdpzBc9xHP0
QBcXiwDpIBVMdufqq0lXGTh9lgi1rlKUoNuTTA/hdUW3W2Adzk99BGXRxLF7WDsJ
cxmNjVwL7KGsgxC0G0AO+MgQNl8xUGVDcBpkY0jTf+jI1BBxamE9+b8k8fOGw5uC
HV19SjM+S1NNWpAR5fOS4GfDRjiqS1wHCZS5UuCofe2x1LS0EKc8aUbCF9HoH0QT
1H+RTGkz96kQJZkkBA40sLfY3sOCsTxpoVjs4lRIDeZoZSgkHiKtcGVMISI4o38h
FukM48E7YcRGAKogEDHvFA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyyofewu0pkDfoi2zqGB
IvwKNazVYgXAZrectImUigh5QUQFv69XVfYcyyWLFfYKrpCLDlh/3cyvZZpQsusD
apd4Mgb9ISnHKjeaTQZ14YBYRpRh4rqg0P1nXCBDdoRoUkqaf4P+dhiCaLEUK+Rw
q4tSVlw4jR564rqFORXjUCREeoopcxDyihF8eJnXssbjGUg5TXVz8f8KS8Le8nwa
0awj6QHnUTp2P/1J8xAVgiTBIBCAxzcGIQlkn4M9wMDSKxXNvQBBxZwcVc8gg4+2
SQ8mvCRIB290vKsrmijVX6YkB4hJsPT6vUCAZwljhuP3btG/8FoyxXCf3kem0Tr8
rQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 18268661170803768324308663039720419544
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-23 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-08-23 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'gitlab.service.nsw.gov.au'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22618678354017192759483800585110412987796788804725927486952559102699980215017725007572434569101187191107799114169902003991049416721100490918517829076878234962732915190448555195884211470780005457589456520237566729685261829531683397087234574679782385146887645040535561404296605339948467873400274842486631565625766328369729240843930599821511668557598254434421632619275649234339281333035353060986875264431105145592215559268909741028128220975275891317694265865424637517952169780320847036659397416407604976470745887580354762562793584190934245573447440034374790388559362584055095015147378014834467051208940767058844580510893
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							07e187706ab033c7b808b1bb9fce56375b8861d9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (29 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gitlab.service.nsw.gov.au'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f1007700a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016c1c9508e00000040300483046022100a31524d74ccba61f8059fcc8e4696d3c33b846522abcaa9ca0967307e0cb2a9302210085821aa8b27e7c9c65b05a36eb32962ad512602b65a60105d04e9d5df25900450076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016c1c9509320000040300473045022100b07ccf17a6a2ce8196dca6d7ab6a1cef6251fea01c7b0dddfb7ce6d7c6143bd202204ea0babe37a09e3187fdf999bbb00d762eb6d51639ea11e59be9ef50d54843a4
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001e5059027c04abb5f4d595e7c8a2bd00afcb09e2d65b5736097a843bd0fcbe90ed551cccd09c2f04b769cc173dc473f44017178b00e920154c76e7eaab495719387d9608b5ae5294a0db934c0fe17545b75b601dce4f7d0465d1c4b17b583b0973198d8d5c0beca1ac8310b41b400ef8c810365f31506543701a646348d37fe8c8d410716a613df9bf24f1f386c39b821d5d7d4a333e4b534d5a9011e5f392e067c34638aa4b5c070994b952e0a87dedb1d4b4b410a73c6946c217d1e81f4413d47f914c6933f7a910259924040e34b0b7d8dec382b13c69a158ece254480de6686528241e22ad70654c212238a37f2116e90ce3c13b61c44600aa201031ef14