dpamkiauthorization.iam-oss.data.bmw.cloud

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 0b:86:06:0e:f1:cf:76:25:9a:41:54:ed:e1:0b:9f:c5 was issued on by Amazon.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=dpamkiauthorization.iam-oss.data.bmw.cloud

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0b:86:06:0e:f1:cf:76:25:9a:41:54:ed:e1:0b:9f:c5
Serial Number (int): 15317398611166331558382392047534055365
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: a4:9c:be:d1:67:d3:97:80:f9:fc:c5:0c:35:07:5b:05:8e:aa:52:f7
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): 9c:9d:a1:0a:93:1b:3c:e6:2d:b7:5f:4e:69:47:f5:67:22:69:cf:43
Fingerprint (sha256): 00:80:85:80:d8:b3:c3:fe:41:0b:38:45:ad:2c:7d:21:81:f0:1e:e1:54:6f:69:59:80:7e:59:79:5b:f5:e6:de

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate dpamkiauthorization.iam-oss.data.bmw.cloud

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for dpamkiauthorization.iam-oss.data.bmw.cloud

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

dpamkiauthorization.iam-oss.data.bmw.cloud

Other certificates including the domain name bmw.cloud

(limited to 100 certificates)
drhub-i.aws.bmw.cloud
api.emea.deperso-dev.data.bmw.cloud
dmws.geo.bmw.cloud
admin.smoss.apac.bmw.cloud
cdp.hst-dev.bmw.cloud
dmws.geo.bmw.cloud
cdhxchrfederation-test-service.iam-oss.data.bmw.cloud
tacde.aws.bmw.cloud
cdhxcoreexternal-authentication.iam-oss.data.bmw.cloud
dpamkiauthorization.iam-oss.data.bmw.cloud
cdhxlpaexternal-authentication.iam-oss.data.bmw.cloud
ra-container.cgbp-test.aws.bmw.cloud
sf-mco.aws.bmw.cloud
resources-dev9.data.bmw.cloud
impxmv1.impact-connector-dev.data.bmw.cloud
api.loyalty-dev.my.bmw.cloud
cdhxdev14idp.iam-int.data.bmw.cloud
api.aiforeng.aws.bmw.cloud
b2cds-neo-storybook.int.b2cds.eu-central-1.aws.bmw.cloud
dmws.geo.bmw.cloud
rvm-test.aws.bmw.cloud
api.rita-dev.azure.bmw.cloud
demo.tst.us-east-1.cgpb-test.aws.bmw.cloud
data-middleware.aws.bmw.cloud
cdhxlu2.api-dev.data.bmw.cloud
dmws.geo.bmw.cloud
vehicle360-ext-int.aws.bmw.cloud
us-east-1.api-dev.data.bmw.cloud
graphql.orbit-selfservice-test.aws.bmw.cloud
qa-wcmp.wcp-int.bmw.cloud
bus-portal.bmw.cloud
establish.test.digital-trust.bmw.cloud
bmw-int1.com
ktd.aws.bmw.cloud
ingress-ex10.dev.cgpb-test.aws.bmw.cloud
compare.int.stolo.eu-central-1.aws.bmw.cloud
ispi-dev.azure.bmw.cloud
b2b.prod.trainingsmedia.bmw.cloud
cdhxdev8authorization.iam-int.data.bmw.cloud
user-api.int.manage.aws.bmw.cloud
api.eu-central-1.playground.personalization.aws.bmw.cloud
authorization.fsspk2-iam.scratch.cdh-oss.bmw.cloud
ecs.eu-west-1.tst.cgpb-test.aws.bmw.cloud
api.digital-services.aws.bmw.cloud
ra-container-demo-tst.cgbp-test.aws.bmw.cloud
dev2.lineage-dev.data.bmw.cloud
sql-dev9.data.bmw.cloud
engage-th-uat.apac.bmw.cloud
frontend-api.chengdu.manage.aws.bmw.cloud
cdhxkguquicksight-updater.iam-dev.data.bmw.cloud
config.bmw-default.us-east-1.evecs-tst.bmw.cloud
content-e2e.bch-ipa.aws.bmw.cloud
graph-dev7.data.bmw.cloud
soc-rr.configure.bmw.cloud
dmws-int.geo-i.bmw.cloud
dvs-css-frontend.st4.dvscss.eu-central-1.aws.bmw.cloud
cdhxkgu-gutherkfederation-test-service.iam-oss.data.bmw.cloud
matrx-int.azure.bmw.cloud
fsspk1.fsspk1-api.scratch.cdh-oss.bmw.cloud
pr2quicksight-updater.iam-oss.data.bmw.cloud
lb.int.cosy.bmw.cloud
mini-next.configurator.bmw.cloud
mhx000metahub-config.metahub-dev.data.bmw.cloud
svmd.msdynamics.azure.bmw.cloud
demo.tst.eu-central-1.cgpb-test.aws.bmw.cloud
crm-adapter.aws.bmw.cloud
api.blava-int.aws.bmw.cloud
dev3.ingest-dev.data.bmw.cloud
subscriptions-dev3.data.bmw.cloud
dmws.geo.bmw.cloud
cdhxmorgraphql-api-dummy.iam-oss.data.bmw.cloud
bmw-int1.com
api.dev-user-guidance.data.bmw.cloud
portal.nkam-sit.azure.bmw.cloud
rvm-int.aws.bmw.cloud
dmws.geo.bmw.cloud
dmws.geo.bmw.cloud
cdhxdev10idp.iam-int.data.bmw.cloud
openvidu.viper.bmw.cloud
dmws.geo.bmw.cloud
demo.tst.us-east-1.cgpb-test.aws.bmw.cloud
dfms.bmwna-dealer-cms-reimagine-prod.us-east-1.aws.bmw.cloud
cdhxjr2.api-dev.data.bmw.cloud
media.assets.dev.nft.aws.bmw.cloud
cdhxcoreperformance-data.iam-oss.data.bmw.cloud
qa.mu.int.rossi-italy.bmw.cloud
ktd-aus.aws.bmw.cloud
configure.mini.com
cdhxdev3authentication.iam-int.data.bmw.cloud
pr0quicksight-assets.iam-oss.data.bmw.cloud
cdhxblsgraphql-api-dummy.iam-oss.data.bmw.cloud
admin-dev.azure.bmw.cloud
graph-dev13.data.bmw.cloud
pr1quicksight-updater.iam-oss.data.bmw.cloud
bmw-int1.com
ecs.eu-west-1.tst.cgpb-test.aws.bmw.cloud
dmws.geo.bmw.cloud
api.smms.apac.bmw.cloud
portal.data.bmw.cloud
issue-func.test-lppackagingapproval.azure.bmw.cloud

Certificate

The complete raw certificate details for dpamkiauthorization.iam-oss.data.bmw.cloud in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEkzCCA3ugAwIBAgIQC4YGDvHPdiWaQVTt4QufxTANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMTIyMDAwMDAwMFoXDTI1MDExNzIzNTk1OVowNTEz
MDEGA1UEAxMqZHBhbWtpYXV0aG9yaXphdGlvbi5pYW0tb3NzLmRhdGEuYm13LmNs
b3VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0c+2yKPTqWBByGZ
rekEOfGeYWHJyCxGaH5nLycAtk1lQ/Id0bnmOiJjxuDq1LmTqSGh5Fjff9N1qw49
vyjCRLsDxfBOjjGtUexyZcYMnxnQEkMU0G6u4b5Ib5QkBujSlh5hdjkaGNd1pE87
IghoPrB0swrqH5NGvv2j3RHuHhkyQaXblWVHG69Hn/X/uXBHFiFqHvn1UP65puxg
ncz0tZRinNaBzz6HG7vgrNs/H2cfKwUnLOJun4Jb7x9gZ/QDdu82dmh3lsf/6hvZ
yRGa7q4hh6KHB1wmgUxNe6oT7BC47dbJ1s0zdh0mRQBA08Ed29Spc3Xdio7+SnT5
pKoYRQIDAQABo4IBljCCAZIwHwYDVR0jBBgwFoAUwDFSzVpQw4J8dHHOy+mc+Xrr
guIwHQYDVR0OBBYEFKScvtFn05eA+fzFDDUHWwWOqlL3MDUGA1UdEQQuMCyCKmRw
YW1raWF1dGhvcml6YXRpb24uaWFtLW9zcy5kYXRhLmJtdy5jbG91ZDATBgNVHSAE
DDAKMAgGBmeBDAECATAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwucjJtMDIu
YW1hem9udHJ1c3QuY29tL3IybTAyLmNybDB1BggrBgEFBQcBAQRpMGcwLQYIKwYB
BQUHMAGGIWh0dHA6Ly9vY3NwLnIybTAyLmFtYXpvbnRydXN0LmNvbTA2BggrBgEF
BQcwAoYqaHR0cDovL2NydC5yMm0wMi5hbWF6b250cnVzdC5jb20vcjJtMDIuY2Vy
MAwGA1UdEwEB/wQCMAAwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQEL
BQADggEBADW2jGb5WR4Kk+NkQaFc23QsVg8c4iAO9w9Z1pV0HGtCmwogoqfW+gnb
ZfsoqHwB1SNj0HXrJ1EAYp/j+tsmRQjwZQ9tqAOWGSQqg9MifWZXRGL5wWDJi9cz
kpWAZO+nRzCLPJWXNnCzrVBdwZMNSg2EFjgwpTWqroIW0vvVmsvp+v7dPPcsQ7KK
4IQlOmGG9d4uzUGftAjh9mf5kIYj96loZqrwyQw9+AL5iY44nLNnvu6/43qq0HMk
dljnODwLMD+5bbPUM/+CaSZPNiKQpS8FtWDukQ7/jhj+icscs2zw7g/+xL9xGrLc
d7yJjm+wHLtPGMjoMWQJpzznH8lLK58=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0c+2yKPTqWBByGZrekE
OfGeYWHJyCxGaH5nLycAtk1lQ/Id0bnmOiJjxuDq1LmTqSGh5Fjff9N1qw49vyjC
RLsDxfBOjjGtUexyZcYMnxnQEkMU0G6u4b5Ib5QkBujSlh5hdjkaGNd1pE87Igho
PrB0swrqH5NGvv2j3RHuHhkyQaXblWVHG69Hn/X/uXBHFiFqHvn1UP65puxgncz0
tZRinNaBzz6HG7vgrNs/H2cfKwUnLOJun4Jb7x9gZ/QDdu82dmh3lsf/6hvZyRGa
7q4hh6KHB1wmgUxNe6oT7BC47dbJ1s0zdh0mRQBA08Ed29Spc3Xdio7+SnT5pKoY
RQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15317398611166331558382392047534055365
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-20 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-17 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'dpamkiauthorization.iam-oss.data.bmw.cloud'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24651601949238769485187751956240581300839460730592590932440109506406810142442483170829097001467014103825439648512573079347759072474679910424314322547262302769925748871729207972577175593160357405485677375479056283387575113234021139842071663805885501111696869731157495299880055897057510885442157619835127392551023732421997313559943380995605663823481006569613871069645593967828668287003886986101779666117205732748319702662771278183769944869158082959060881008623030077874746040688762925039086662566591472492731254158341948811294678798443403402611381315922036640713334377461546408694055118739687801387219477683856627865669
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a49cbed167d39780f9fcc50c35075b058eaa52f7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (46 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dpamkiauthorization.iam-oss.data.bmw.cloud'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0035b68c66f9591e0a93e36441a15cdb742c560f1ce2200ef70f59d695741c6b429b0a20a2a7d6fa09db65fb28a87c01d52363d075eb275100629fe3fadb264508f0650f6da8039619242a83d3227d66574462f9c160c98bd73392958064efa747308b3c95973670b3ad505dc1930d4a0d84163830a535aaae8216d2fbd59acbe9fafedd3cf72c43b28ae084253a6186f5de2ecd419fb408e1f667f9908623f7a96866aaf0c90c3df802f9898e389cb367beeebfe37aaad073247658e7383c0b303fb96db3d433ff8269264f362290a52f05b560ee910eff8e18fe89cb1cb36cf0ee0ffec4bf711ab2dc77bc898e6fb01cbb4f18c8e8316409a73ce71fc94b2b9f