coffinaward.berkeley.edu

Issued by R3

About this certificate

This digital certificate with serial number 04:0a:40:42:aa:10:14:bc:76:8f:b5:d9:13:b0:82:eb:84:74 was issued on by Let's Encrypt.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=coffinaward.berkeley.edu

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:0a:40:42:aa:10:14:bc:76:8f:b5:d9:13:b0:82:eb:84:74
Serial Number (int): 351937384128856969894771619580651007345780
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: a9:84:ee:2f:b0:80:bb:63:af:6f:c4:43:85:34:6a:f3:79:f0:45:27
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): ba:61:e1:8f:a7:12:6f:59:96:c0:4a:79:7f:fc:3b:52:6a:fc:d4:15
Fingerprint (sha256): 00:7b:1b:03:a6:f7:2f:6f:3e:08:58:5d:29:73:05:ae:f3:2d:c0:b5:06:33:fa:8a:15:be:79:8d:56:1e:bc:4a

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate coffinaward.berkeley.edu

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for coffinaward.berkeley.edu

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

coffinaward.berkeley.edu

Other certificates including the domain name berkeley.edu

(limited to 100 certificates)
5631131353350144-fe1.pantheonsite.io
iris.eecs.berkeley.edu
vc.berkeley.edu
goldenkey.berkeley.edu
157ac.berkeley.edu
dynamics.berkeley.edu
dsec-pa01.ist.berkeley.edu
eps.berkeley.edu
5767281011326976-fe3.pantheonsite.io
test-web-lws.edu.help
isab.berkeley.edu
riverrestoration.ced.berkeley.edu
tsa.berkeley.edu
urbansustainability.berkeley.edu
carpepm.almonds.com
telemonitoring.berkeley.edu
ucmc.berkeley.edu
5693048138760192-fe2.pantheonsite.io
skiteam.berkeley.edu
5685265389584384-fe2.pantheonsite.io
robobears.berkeley.edu
asa.berkeley.edu
bleex.me.berkeley.edu
5732694713434112-fe3.pantheonsite.io
5695872079757312-fe3.pantheonsite.io
cuwip.physics.berkeley.edu
pawsandclaws.berkeley.edu
goldenapple.berkeley.edu
5690145009303552-fe2.pantheonsite.io
puzzle.berkeley.edu
bc.berkeley.edu
accredible.tutor.com
cs184.eecs.berkeley.edu
5702666986455040-fe2.pantheonsite.io
esw.berkeley.edu
5745580152193024-fe4.pantheonsite.io
mcbcdna.berkeley.edu
biomechanics.berkeley.edu
www.site.demog.berkeley.edu
foresight.berkeley.edu
5657535201673216-fe3.pantheonsite.io
gdso.berkeley.edu
mcbcdna.berkeley.edu
zhoulab.berkeley.edu
edam.berkeley.edu
it.uahs.arizona.edu
braintree-qa.udar.berkeley.edu
admissions.emeritus.org
astep.berkeley.edu
journalofethics.berkeley.edu
5695872079757312-fe3.pantheonsite.io
orchestra.berkeley.edu
cluster3.technolutions.net
yearbook.berkeley.edu
communityinnovation.berkeley.edu
as-axolotl-qa.ist.berkeley.edu
coffinaward.berkeley.edu
libguides.law.berkeley.edu
sinberbest.berkeley.edu
dwx.berkeley.edu
5645628478586880-fe4.pantheonsite.io
ide.berkeley.edu
securessl-pst1.tessituranetworkhost.com
startup.berkeley.edu
labmon.qnl-internal.berkeley.edu
caldesignlab.berkeley.edu
wordsoundlife.berkeley.edu
5702351037923328-fe2.pantheonsite.io
astral.berkeley.edu
bioehs.berkeley.edu
interucconference.berkeley.edu
5702666986455040-fe2.pantheonsite.io
mtab.berkeley.edu
exhibits.ced.berkeley.edu
ucdc.edu
cluster3.technolutions.net
chrzan.mse.berkeley.edu
olab.berkeley.edu
proxy.kchsieh-dev0.api.berkeley.edu
ecoengine.berkeley.edu
southindiansociety.berkeley.edu
reservemapper.berkeley.edu
5704980631650304-fe4.pantheonsite.io
5693048138760192-fe2.pantheonsite.io
fp2.law.berkeley.edu
ce3.berkeley.edu
sailing.berkeley.edu
veteran.berkeley.edu
cryoem.berkeley.edu
solr.urel.berkeley.edu
qtsab.berkeley.edu
pasae.berkeley.edu
ulab.berkeley.edu
5636647567753216-fe1.pantheonsite.io
uav.berkeley.edu
nimitz.berkeley.edu
millslab.berkeley.edu
parking.berkeley.edu
prototype.berkeley.edu
nartc.fcm.arizona.edu

Certificate

The complete raw certificate details for coffinaward.berkeley.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF/TCCBOWgAwIBAgISBApAQqoQFLx2j7XZE7CC64R0MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzEwMTIwNjA1MzNaFw0yNDAxMTAwNjA1MzJaMCMxITAfBgNVBAMT
GGNvZmZpbmF3YXJkLmJlcmtlbGV5LmVkdTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBANeoEah5SEjl+ZLowJ2CWCVs8IrNtqPrea1jMb473La0uEfW87uv
gjcM98RnQO3ixiKXvdDm+KSYlu5r8zef81w7FKCXrgi8uiOeS5Fin6sW8vUhYWM0
8S5D5c5DT6TSG///eOinGScY/36QGDJImvpO59CQ51VrVb8TceS4dvWup4hf9xHJ
1orMOVYShSmx8dvZ08K9euQpHmcTtW0knpfvPO30TOpI0fkjLr5QAnwIHJjVI9Z7
7YgNlLO3p8YA7yKjlzSu/dELTjKbqWVVrLPh46rodbZcK6CZqNwW/oDmrvUKgE50
FIG+U9BOI3Of8HiEUzQ1XAVv81fyP7zwrsCQZ8jKBLAb98nLhSd4TyMtDoUA3Ys5
6FCyPqhP3RsY0RWwFSYPmxjqDypQesErLSnPf7Fe0dvyNpvc3AbFzk5nQQMRWys0
Wi2LrmyImcYjj1TgPpvVQ1gea0ZJFf0/e6Z2mARwhPou8A8Ogg8PKhN9eTGAj3VB
FzhKRQ/hQcVVDyNUvIQDwBgjBD4Rrz+LT4XOW/8yr5aFEz2RzgwGutNmx7xd5iQy
GLxZJiaX7/xqLft4XxHvY+HhyhOBzY+2Jy/vgqeX2hFzHSkeuixf972HZIVDwT0s
LoIgl9PHYCDBtv3SHUPx8GmWAchgL04JwJcBSwnpKATiT4huQn1B4NiNAgMBAAGj
ggIaMIICFjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKmE7i+wgLtjr2/EQ4U0avN5
8EUnMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEB
BEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUF
BzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCMGA1UdEQQcMBqCGGNvZmZpbmF3
YXJkLmJlcmtlbGV5LmVkdTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB
1nkCBAIEgfUEgfIA8AB2ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQX
AAABiyK0dK0AAAQDAEcwRQIgfnp239WgkVpOZYHfkK2Y4srdZ3tA9HS0YG4x3kRx
kcECIQCCzWrF7tY/0lhcd110ONOcFJ3oUizdvpsUF/lmN3vhYwB2AHb/iD8KtvuV
UcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABiyK0dOsAAAQDAEcwRQIhAIPiNiEw
4/vVMXjAb2ygiEk3boKv5IFb11mSvBdE+vhpAiBe19+y62Vx7CqxSRHSeS+4MR6G
09YPWU79BrgP4MBg1TANBgkqhkiG9w0BAQsFAAOCAQEAEAcwnsq5l7Jzq00bXw4M
uNWL9z0kkO0FSh/Iw2oQtOGW2P8SFC30u13mARBh9ZPXsF8hRl/byboYapBwpZdR
nskIi1pDHAnd1iysMb+VsLyJI/OAUAC/g1ORNU5hPyQFqKuZIr3w06nKl227n819
lLfspDvqdIdBIQVNtDt9h+2Eq1Py2c5PSs88xwFrZKWC1cKbEeISzABqiJufRhN5
HYgRurL6q1ZuvD4jO3VTD68iP7w/Qx7uhyH7u8tpPSHyFdQBHPPW+8+aPv1Utjk7
B7bB7fRWxGBXeoI/X+jVPPUhHGgwq2HZHq+mZQPY6QSkY5EWePIhXsq5ZNGle5mL
jQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA16gRqHlISOX5kujAnYJY
JWzwis22o+t5rWMxvjvctrS4R9bzu6+CNwz3xGdA7eLGIpe90Ob4pJiW7mvzN5/z
XDsUoJeuCLy6I55LkWKfqxby9SFhYzTxLkPlzkNPpNIb//946KcZJxj/fpAYMkia
+k7n0JDnVWtVvxNx5Lh29a6niF/3EcnWisw5VhKFKbHx29nTwr165CkeZxO1bSSe
l+887fRM6kjR+SMuvlACfAgcmNUj1nvtiA2Us7enxgDvIqOXNK790QtOMpupZVWs
s+Hjquh1tlwroJmo3Bb+gOau9QqATnQUgb5T0E4jc5/weIRTNDVcBW/zV/I/vPCu
wJBnyMoEsBv3ycuFJ3hPIy0OhQDdiznoULI+qE/dGxjRFbAVJg+bGOoPKlB6wSst
Kc9/sV7R2/I2m9zcBsXOTmdBAxFbKzRaLYuubIiZxiOPVOA+m9VDWB5rRkkV/T97
pnaYBHCE+i7wDw6CDw8qE315MYCPdUEXOEpFD+FBxVUPI1S8hAPAGCMEPhGvP4tP
hc5b/zKvloUTPZHODAa602bHvF3mJDIYvFkmJpfv/Got+3hfEe9j4eHKE4HNj7Yn
L++Cp5faEXMdKR66LF/3vYdkhUPBPSwugiCX08dgIMG2/dIdQ/HwaZYByGAvTgnA
lwFLCekoBOJPiG5CfUHg2I0CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 351937384128856969894771619580651007345780
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-12 06:05:33 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-10 06:05:32 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'coffinaward.berkeley.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 879801840268291909313801505987858500266977394647307375658001527437621468307083952705256997341856421251509058856703423411087561149667037590512289057505827444372586331974850586208368538840481560217982590395845858048335570667747762871818175703240588679944348162279713863321819553973208102427585112906568345740115711761227182794236773456181079871584528366619828337361216481397729659858569244833107777935213142132241122412892366433592763594028687156942627853343949300517208420335865052096726955719875913077329256145174336929518063230922555236448158436263250820162252474805844708017198501327763499449018223001066588411618135009499929525515240325922798159733983815174820658095048638782350242135684175937779591100571767193455510500634003042699838402840378023819439422246311462919721013724230628061926264170348659966010172189465689834242149522040273394905273463484931821714710081334336228420607440937641399373479707513289196705006529723744169186541584856782359068598578896797096040891274326134806399892404102100419284792602880811470334809797228886121238884019466961105425924297742860420435923061902230271701813592773528046316067524816198672337798747260665259397357228599341419918686740168218174490493069403503135213909379586585480046372247693
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a984ee2fb080bb63af6fc44385346af379f04527
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'coffinaward.berkeley.edu'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f00076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018b22b474ad000004030047304502207e7a76dfd5a0915a4e6581df90ad98e2cadd677b40f474b4606e31de447191c102210082cd6ac5eed63fd2585c775d7438d39c149de8522cddbe9b1417f966377be16300760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018b22b474eb000004030047304502210083e2362130e3fbd53178c06f6ca08849376e82afe4815bd75992bc1744faf86902205ed7dfb2eb6571ec2ab14911d2792fb8311e86d3d60f594efd06b80fe0c060d5
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001007309ecab997b273ab4d1b5f0e0cb8d58bf73d2490ed054a1fc8c36a10b4e196d8ff12142df4bb5de6011061f593d7b05f21465fdbc9ba186a9070a597519ec9088b5a431c09ddd62cac31bf95b0bc8923f3805000bf835391354e613f2405a8ab9922bdf0d3a9ca976dbb9fcd7d94b7eca43bea74874121054db43b7d87ed84ab53f2d9ce4f4acf3cc7016b64a582d5c29b11e212cc006a889b9f4613791d8811bab2faab566ebc3e233b75530faf223fbc3f431eee8721fbbbcb693d21f215d4011cf3d6fbcf9a3efd54b6393b07b6c1edf456c460577a823f5fe8d53cf5211c6830ab61d91eafa66503d8e904a463911678f2215ecab964d1a57b998b8d