tacde.aws.bmw.cloud

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 04:a6:35:dd:4a:5b:92:f7:90:8c:47:63:06:ec:ec:21 was issued on by Amazon.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=tacde.aws.bmw.cloud

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 04:a6:35:dd:4a:5b:92:f7:90:8c:47:63:06:ec:ec:21
Serial Number (int): 6179925761801951077534898053140245537
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 72:1f:14:95:37:a4:57:c4:bf:e5:0e:1e:1c:cb:cd:d7:11:4a:93:e5
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): c2:55:4b:b4:2c:89:76:e4:7f:92:c4:6e:56:ad:ab:08:0c:e8:61:ac
Fingerprint (sha256): 00:71:c1:89:66:ef:ae:67:b0:ed:ef:1e:c1:b9:80:df:f0:aa:c0:73:e8:76:73:9a:ae:04:d2:8f:94:fc:67:53

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate tacde.aws.bmw.cloud

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for tacde.aws.bmw.cloud

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

tacde.aws.bmw.cloud

Other certificates including the domain name bmw.cloud

(limited to 100 certificates)
drhub-i.aws.bmw.cloud
api.emea.deperso-dev.data.bmw.cloud
dmws.geo.bmw.cloud
admin.smoss.apac.bmw.cloud
cdp.hst-dev.bmw.cloud
dmws.geo.bmw.cloud
cdhxchrfederation-test-service.iam-oss.data.bmw.cloud
tacde.aws.bmw.cloud
cdhxcoreexternal-authentication.iam-oss.data.bmw.cloud
dpamkiauthorization.iam-oss.data.bmw.cloud
cdhxlpaexternal-authentication.iam-oss.data.bmw.cloud
ra-container.cgbp-test.aws.bmw.cloud
sf-mco.aws.bmw.cloud
resources-dev9.data.bmw.cloud
impxmv1.impact-connector-dev.data.bmw.cloud
api.loyalty-dev.my.bmw.cloud
cdhxdev14idp.iam-int.data.bmw.cloud
api.aiforeng.aws.bmw.cloud
b2cds-neo-storybook.int.b2cds.eu-central-1.aws.bmw.cloud
dmws.geo.bmw.cloud
rvm-test.aws.bmw.cloud
api.rita-dev.azure.bmw.cloud
demo.tst.us-east-1.cgpb-test.aws.bmw.cloud
data-middleware.aws.bmw.cloud
cdhxlu2.api-dev.data.bmw.cloud
dmws.geo.bmw.cloud
vehicle360-ext-int.aws.bmw.cloud
us-east-1.api-dev.data.bmw.cloud
graphql.orbit-selfservice-test.aws.bmw.cloud
qa-wcmp.wcp-int.bmw.cloud
bus-portal.bmw.cloud
establish.test.digital-trust.bmw.cloud
bmw-int1.com
ktd.aws.bmw.cloud
ingress-ex10.dev.cgpb-test.aws.bmw.cloud
compare.int.stolo.eu-central-1.aws.bmw.cloud
ispi-dev.azure.bmw.cloud
b2b.prod.trainingsmedia.bmw.cloud
cdhxdev8authorization.iam-int.data.bmw.cloud
user-api.int.manage.aws.bmw.cloud
api.eu-central-1.playground.personalization.aws.bmw.cloud
authorization.fsspk2-iam.scratch.cdh-oss.bmw.cloud
ecs.eu-west-1.tst.cgpb-test.aws.bmw.cloud
api.digital-services.aws.bmw.cloud
ra-container-demo-tst.cgbp-test.aws.bmw.cloud
dev2.lineage-dev.data.bmw.cloud
sql-dev9.data.bmw.cloud
engage-th-uat.apac.bmw.cloud
frontend-api.chengdu.manage.aws.bmw.cloud
cdhxkguquicksight-updater.iam-dev.data.bmw.cloud
config.bmw-default.us-east-1.evecs-tst.bmw.cloud
content-e2e.bch-ipa.aws.bmw.cloud
graph-dev7.data.bmw.cloud
soc-rr.configure.bmw.cloud
dmws-int.geo-i.bmw.cloud
dvs-css-frontend.st4.dvscss.eu-central-1.aws.bmw.cloud
cdhxkgu-gutherkfederation-test-service.iam-oss.data.bmw.cloud
matrx-int.azure.bmw.cloud
fsspk1.fsspk1-api.scratch.cdh-oss.bmw.cloud
pr2quicksight-updater.iam-oss.data.bmw.cloud
lb.int.cosy.bmw.cloud
mini-next.configurator.bmw.cloud
mhx000metahub-config.metahub-dev.data.bmw.cloud
svmd.msdynamics.azure.bmw.cloud
demo.tst.eu-central-1.cgpb-test.aws.bmw.cloud
crm-adapter.aws.bmw.cloud
api.blava-int.aws.bmw.cloud
dev3.ingest-dev.data.bmw.cloud
subscriptions-dev3.data.bmw.cloud
dmws.geo.bmw.cloud
cdhxmorgraphql-api-dummy.iam-oss.data.bmw.cloud
bmw-int1.com
api.dev-user-guidance.data.bmw.cloud
portal.nkam-sit.azure.bmw.cloud
rvm-int.aws.bmw.cloud
dmws.geo.bmw.cloud
dmws.geo.bmw.cloud
cdhxdev10idp.iam-int.data.bmw.cloud
openvidu.viper.bmw.cloud
dmws.geo.bmw.cloud
demo.tst.us-east-1.cgpb-test.aws.bmw.cloud
dfms.bmwna-dealer-cms-reimagine-prod.us-east-1.aws.bmw.cloud
cdhxjr2.api-dev.data.bmw.cloud
media.assets.dev.nft.aws.bmw.cloud
cdhxcoreperformance-data.iam-oss.data.bmw.cloud
qa.mu.int.rossi-italy.bmw.cloud
ktd-aus.aws.bmw.cloud
configure.mini.com
cdhxdev3authentication.iam-int.data.bmw.cloud
pr0quicksight-assets.iam-oss.data.bmw.cloud
cdhxblsgraphql-api-dummy.iam-oss.data.bmw.cloud
admin-dev.azure.bmw.cloud
graph-dev13.data.bmw.cloud
pr1quicksight-updater.iam-oss.data.bmw.cloud
bmw-int1.com
ecs.eu-west-1.tst.cgpb-test.aws.bmw.cloud
dmws.geo.bmw.cloud
api.smms.apac.bmw.cloud
portal.data.bmw.cloud
issue-func.test-lppackagingapproval.azure.bmw.cloud

Certificate

The complete raw certificate details for tacde.aws.bmw.cloud in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIQBKY13UpbkveQjEdjBuzsITANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTI0MDYwNTAwMDAwMFoXDTI1MDcwNDIzNTk1OVowHjEc
MBoGA1UEAxMTdGFjZGUuYXdzLmJtdy5jbG91ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOiKYTeb/dbWdo6Ce2hgmH4vti6dAeeJz1tAPsG4X3EIgfXt
rDDdRF3pXEHwFUFtnGKiyWTiAjH3O83cEIUoi5gWy1/8yt6yU1lSE88BHoZoiHWX
s3IA5IYtbTH6LL5WQBQvY3PtH7KKWsR1pbLhX0yXHDltf6UjmDOMJMlZ2JFHfOaN
iYAWysuryTauUhaRKSa8YSdvuRk4NLcYuTpZy3QFfpYS3vobMOV12VbUTP17T5bq
pgjY/PQ6HRdFzp/YvWWTXe++0Xt8OQ4Az7dceM8zmcpo+NEwCW/UYeLq18U4G0pZ
xZN943Ev8uWLwRlMSKW1ddHa75AokgOhdaLIUVcCAwEAAaOCAX8wggF7MB8GA1Ud
IwQYMBaAFMAxUs1aUMOCfHRxzsvpnPl664LiMB0GA1UdDgQWBBRyHxSVN6RXxL/l
Dh4cy83XEUqT5TAeBgNVHREEFzAVghN0YWNkZS5hd3MuYm13LmNsb3VkMBMGA1Ud
IAQMMAowCAYGZ4EMAQIBMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5yMm0w
Mi5hbWF6b250cnVzdC5jb20vcjJtMDIuY3JsMHUGCCsGAQUFBwEBBGkwZzAtBggr
BgEFBQcwAYYhaHR0cDovL29jc3AucjJtMDIuYW1hem9udHJ1c3QuY29tMDYGCCsG
AQUFBzAChipodHRwOi8vY3J0LnIybTAyLmFtYXpvbnRydXN0LmNvbS9yMm0wMi5j
ZXIwDAYDVR0TAQH/BAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0B
AQsFAAOCAQEApfcf6hc1DworhnhkuluX7rDFBfWzRHVBqeyEgzCGml11tLZwwjSV
04Z1OVk7raofz6NTLM1bLZ/IUmHQM/Ped+Jv5iNtSDZstQA7t4MLYSv+XHq6Ar84
MIbgErR1Ef9HBeCUr2AiGDAKtbT8Z5vZmrcohfreF5D9exUoSgu92+x+YNlwJ2JX
SrJpEckq8G3JzmQS7f1AdqfAXbZjEQKtQN16EiYWUeWyo5W6054VY/r+BZubeb0G
2YWw+aUQyTHK5o+ykYRJOh+7NSR3A0rOjbk0c9a3QHII5/3jHiEK4GZ7VA++SOJs
jc2V/C3RASoftVxUmpiB9OG95eJ22LJQyQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6IphN5v91tZ2joJ7aGCY
fi+2Lp0B54nPW0A+wbhfcQiB9e2sMN1EXelcQfAVQW2cYqLJZOICMfc7zdwQhSiL
mBbLX/zK3rJTWVITzwEehmiIdZezcgDkhi1tMfosvlZAFC9jc+0fsopaxHWlsuFf
TJccOW1/pSOYM4wkyVnYkUd85o2JgBbKy6vJNq5SFpEpJrxhJ2+5GTg0txi5OlnL
dAV+lhLe+hsw5XXZVtRM/XtPluqmCNj89DodF0XOn9i9ZZNd777Re3w5DgDPt1x4
zzOZymj40TAJb9Rh4urXxTgbSlnFk33jcS/y5YvBGUxIpbV10drvkCiSA6F1oshR
VwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 6179925761801951077534898053140245537
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-05 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-07-04 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'tacde.aws.bmw.cloud'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29355524352458413059832341423337356057264960705384350359532378738285423921184297903815890641637177113063511953596932190965969035365154769181018829040451103666017764382165466332289970048335920344885423710172466521924033468987161895639227260517079247940542267605156444525889333520490974984451132916802120246181692419703331203239082274004124328881610428905803820492001813540481635377558932204089425351823672724549987736285746308452153009408084232280274230247904038821408835947891379890618620878840911303479879314386262863275873648914342006865099093289120188817801780167491836646748987221817447875144110032736308792152407
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							721f149537a457c4bfe50e1e1ccbcdd7114a93e5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (23 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tacde.aws.bmw.cloud'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00a5f71fea17350f0a2b867864ba5b97eeb0c505f5b3447541a9ec848330869a5d75b4b670c23495d3867539593badaa1fcfa3532ccd5b2d9fc85261d033f3de77e26fe6236d48366cb5003bb7830b612bfe5c7aba02bf383086e012b47511ff4705e094af602218300ab5b4fc679bd99ab72885fade1790fd7b15284a0bbddbec7e60d9702762574ab26911c92af06dc9ce6412edfd4076a7c05db6631102ad40dd7a12261651e5b2a395bad39e1563fafe059b9b79bd06d985b0f9a510c931cae68fb29184493a1fbb352477034ace8db93473d6b7407208e7fde31e210ae0667b540fbe48e26c8dcd95fc2dd1012a1fb55c549a9881f4e1bde5e276d8b250c9