nn-audience-api.messaging-dev.awsma.nyt.net

Issued by Amazon

About this certificate

This digital certificate with serial number 09:c5:5d:29:b1:ec:4f:f0:3b:bc:4d:2d:7e:f5:4d:e8 was issued on by Amazon.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=nn-audience-api.messaging-dev.awsma.nyt.net

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 09:c5:5d:29:b1:ec:4f:f0:3b:bc:4d:2d:7e:f5:4d:e8
Serial Number (int): 12987824010707937319424293992490421736
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 86:72:ab:3d:89:f5:6c:3b:c1:2e:e8:60:cc:bc:79:ce:ba:0d:82:ad
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 10:31:67:ae:24:bd:87:43:7d:4f:22:3d:ee:d7:c7:eb:e9:8d:c6:f8
Fingerprint (sha256): 01:2c:f8:99:e1:73:10:05:d9:6f:09:de:bc:0c:80:34:3d:10:3c:5f:f4:56:37:7c:c2:c1:28:60:d1:fb:fe:ed

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b-1.crl

Check the revocation status for certificate nn-audience-api.messaging-dev.awsma.nyt.net

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for nn-audience-api.messaging-dev.awsma.nyt.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

nn-audience-api.messaging-dev.awsma.nyt.net

Other certificates including the domain name nyt.net

(limited to 100 certificates)
*.mx.us-west-2.dv-shared-stg.awsma.nyt.net
gai.rd.nyt.net
k0dvb.dv-dns.nyti.snd.nyt.net
sharedui.tech.nyt.net
hybrid-renderer.news.sbx.nyt.net
*.twistlock.us-east1-01.prd.dvsp-gcp.nyt.net
*.dv-prd.us-east-1-01.dev.dvsp.nyt.net
*.kube-system.us-west1-01.stg.dvsp-gcp.nyt.net
*.b2b.us-east-1-01.stg.dvsp.nyt.net
*.content-tagging.us-west-2-01.stg.dvsp.nyt.net
misp.infosec-prd.awsma.nyt.net
ic-slackbot-prd.dv-prd.awsma.nyt.net
midmirror.stg.nyt.net
tech.nyt.net
jks-messaging-sub.messaging-dev.awsma.nyt.net
newsdev.nyt.net
nn-audience-api.messaging-dev.awsma.nyt.net
appcatalog.dev.nyt.net
commerce.commerce-dev.awsma.nyt.net
ckraken.auth.prd.nyt.net
*.dv-engagements-lab.us-east1-01.stg.dvsp-gcp.nyt.net
gmax.tech.nyt.net
*.payflow.us-east-1-01.stg.dvsp.nyt.net
*.twistlock.us-east1-01.sbx.dvsp-gcp.nyt.net
identity.tech.nyt.net
news.sbx.nyt.net
hybrid-renderer.news.sbx.nyt.net
assets.nyt.net
ad-docs.nyt.net
slackapp.dev.nyt.net
*.account.us-east-1.dv-shared-prd.awsma.nyt.net
autoreplyslackbot.dv-demo-lab.awsma.nyt.net
hybrid-renderer.news.sbx.nyt.net
*.account.us-west-2.dv-shared-stg.awsma.nyt.net
httpbin-us-east1.news.stg.nyt.net
account-fe.account.nyti.stg.nyt.net
hyphen.dev.nyt.net
zuo-grandcentral-stg-lb.spg-dev.awsma.nyt.net
features.tech.nyt.net
twistlock-dev.devsecops.dv.nyt.net
*.kube-public.us-east1-01.dev.dvsp-gcp.nyt.net
*.dv-dev.us-east-1.dv-shared-dev.awsma.nyt.net
app-platforms.tech.nyt.net
nss-console-prd.nyt.net
*.data-collections.us-east-1.dv-shared-prd.awsma.nyt.net
*.dv-dns.us-east-1-01.sbx.dvsp.nyt.net
amp-docs.tech.nyt.net
*.kube-node-lease.us-west1-01.dev.dvsp-gcp.nyt.net
hyphen.tech.nyt.net
platform-stela.nyt.net
photo.nyt.net
pdf-invoices-bff.account.nyti.nyt.net
video-thumbnails.prd.nyt.net
nyt.net
*.auth-dev.us-west-2.dv-shared-dev.awsma.nyt.net
webgl.rd.nyt.net
edge.games.nyti.nyt.net
puzzles.dev.nyt.net
targeting.tech.nyt.net
activate-access-bff.account.nyti.stg.nyt.net
esx03-c01.prd.orf1.nyt.net
*.audio.us-east1-01.dev.dvsp-gcp.nyt.net
reader-revenue.tech.nyt.net
triage.dev.care-dev.awsma.nyt.net
mwcm-pub-lab-dev.growth-mc.nyti.stg.nyt.net
dossier.stg.nyt.net
*.games.us-east-1.dv-shared-dev.awsma.nyt.net
graphql-android.samizdat.nyti.nyt.net
lt0959-audience-api-rpc.messaging-dev.awsma.nyt.net
js1-messaging-sub-rpc.messaging-dev.awsma.nyt.net
p1-dev.dv.nyt.net
weddings-api.stg.nyt.net
*.tarplat.us-east1-01.dev.dvsp-gcp.nyt.net
meter.nyt.net
reactivation-dp.account.nyti.nyt.net
NYHQ-TEL-EXPWYC.lga2.nyt.net
user-attribute.auth.nyti.dev.nyt.net
leaderboards.games.sbx.nyt.net
hybrid-renderer.news.sbx.nyt.net
wit.nyt.net
cookies.games.dev.nyt.net
*.messaging.dv-shared-dev.awsma.nyt.net
lire-ui.auth.nyti.stg.nyt.net
hybrid-renderer.news.sbx.nyt.net
du-bot-newsroom.dev.nyt.net
esx01-c01.stg.lga1.nyt.net
puzzles.dev.nyt.net
static.auth.stg.nyt.net
annotations.rd.nyt.net
srlt3-push-send-service.messaging-dev.awsma.nyt.net
weddings-api-internal.stg.nyt.net
activate-access-bff-dev.nyt.net
jobs-dev.dv.nyt.net
climate.rd.nyt.net
workdayuserguides.nyt.net
grc.nyt.net
me12-audience-api-rpc.messaging-dev.awsma.nyt.net
frm01.nyt.net
*.wirecutter.us-east-1.dv-shared-stg.awsma.nyt.net
webgl-dev.rd.nyt.net

Certificate

The complete raw certificate details for nn-audience-api.messaging-dev.awsma.nyt.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEoTCCA4mgAwIBAgIQCcVdKbHsT/A7vE0tfvVN6DANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMjA2MDIwMDAwMDBaFw0yMzA3MDEy
MzU5NTlaMDYxNDAyBgNVBAMTK25uLWF1ZGllbmNlLWFwaS5tZXNzYWdpbmctZGV2
LmF3c21hLm55dC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr
VzMBkqsV8BCXeM1VUY4O+QXSHZdOw8pZGW0yjUUONdG40ZkctFRfNwiHcFwC7zcx
RhC1Sf9TCK/XLPoFOBRZijMs3c180TXRg0dDJCNYJRQidAJef2Mjn8/6LkrV6F08
cUL6k9LHkwcdigp5swR/REJseQ5Pwo3cP1mWqY09jpbKXHkGO2AZWSt4Se3us7rP
kRcygycUH2QV2kFZ21aFOXe48XZP2QAw+3FLOnLZg7Cfbz43juMcAl1vodnr+r45
glQ2WIPy76VODOEoDXeES6VhoSjUZo/2xyVT8qwJTrs0UfWz8UjTk525VoIx4NAM
auMo8CZMJ6/IfDwsZFShAgMBAAGjggGZMIIBlTAfBgNVHSMEGDAWgBRZpGYGUqB7
lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUhnKrPYn1bDvBLuhgzLx5zroNgq0wNgYD
VR0RBC8wLYIrbm4tYXVkaWVuY2UtYXBpLm1lc3NhZ2luZy1kZXYuYXdzbWEubnl0
Lm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1
c3QuY29tL3NjYTFiLTEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMHUGCCsGAQUF
BwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Auc2NhMWIuYW1hem9udHJ1
c3QuY29tMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LnNjYTFiLmFtYXpvbnRydXN0
LmNvbS9zY2ExYi5jcnQwDAYDVR0TAQH/BAIwADATBgorBgEEAdZ5AgQDAQH/BAIF
ADANBgkqhkiG9w0BAQsFAAOCAQEAcMkMGu9eVtvmI8ogkBUSTfhPiJ24PnBYyiZy
HaTULtrLbXX5NbFGiirHFSSrUVSYZGU5fPqI+xzBf1C3F3ZnimwzwlwOQcHkXHix
Rc69SwXVXyQ37x9yS+d3EFH95IhP2Qv9YCGwgoh+hJiypKk/BGXjx52/gsNztI6m
LRx8JHsJsowCsMRQAz+zJ0xzoCe7ikFgJSjR/2T6B+VKasSpUtmdqTnapNE/LkE4
SU2qdYWuzyUqhyeFDZi5uruw0k0o1P7FTsPpDmN+fAscbcudjybv6KBByQrXpJiN
G9TExPw8D9rzEvIVPnA/i8Thin3ZN3WLYgGSLFsg/7mnmGqEOg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1czAZKrFfAQl3jNVVGO
DvkF0h2XTsPKWRltMo1FDjXRuNGZHLRUXzcIh3BcAu83MUYQtUn/Uwiv1yz6BTgU
WYozLN3NfNE10YNHQyQjWCUUInQCXn9jI5/P+i5K1ehdPHFC+pPSx5MHHYoKebME
f0RCbHkOT8KN3D9ZlqmNPY6Wylx5BjtgGVkreEnt7rO6z5EXMoMnFB9kFdpBWdtW
hTl3uPF2T9kAMPtxSzpy2YOwn28+N47jHAJdb6HZ6/q+OYJUNliD8u+lTgzhKA13
hEulYaEo1GaP9sclU/KsCU67NFH1s/FI05OduVaCMeDQDGrjKPAmTCevyHw8LGRU
oQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 12987824010707937319424293992490421736
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-06-02 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-07-01 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nn-audience-api.messaging-dev.awsma.nyt.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21629749698411640194109391448826128862482555855762595798651460365038962725200398277531235592315756799820237747253998193182596691503990382365942393225500596084123932207640024539206081767915374596936729550118579118287668208186113177541155853413700628490303548039394021512094845804936222004328853945099318886347328589929187366503307310490313899399674219990486383328363080289828182264625775807138947263173426486314128115579792446266879896992131437229292621975098655854414918269204069962120144980199712155221342821502144500220848899835264926921703616823602755390297825874925054292868976691871081343033518820083460250817697
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8672ab3d89f56c3bc12ee860ccbc79ceba0d82ad
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (47 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nn-audience-api.messaging-dev.awsma.nyt.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0070c90c1aef5e56dbe623ca209015124df84f889db83e7058ca26721da4d42edacb6d75f935b1468a2ac71524ab5154986465397cfa88fb1cc17f50b71776678a6c33c25c0e41c1e45c78b145cebd4b05d55f2437ef1f724be7771051fde4884fd90bfd6021b082887e8498b2a4a93f0465e3c79dbf82c373b48ea62d1c7c247b09b28c02b0c450033fb3274c73a027bb8a41602528d1ff64fa07e54a6ac4a952d99da939daa4d13f2e4138494daa7585aecf252a8727850d98b9babbb0d24d28d4fec54ec3e90e637e7c0b1c6dcb9d8f26efe8a041c90ad7a4988d1bd4c4c4fc3c0fdaf312f2153e703f8bc4e18a7dd937758b6201922c5b20ffb9a7986a843a