www.leafact.com

Issued by Trust Provider B.V. TLS RSA CA G1

About this certificate

This digital certificate with serial number 02:01:dd:ba:f7:ba:d9:a2:43:8a:6a:31:9c:d3:bc:37 was issued on by Trust Provider B.V..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=www.leafact.com

Trust Provider B.V.

Organization: Trust Provider B.V.
Organization unit: Domain Validated SSL
Country: NL

This certificate will expire on

Certificate Details

Serial Number (hex): 02:01:dd:ba:f7:ba:d9:a2:43:8a:6a:31:9c:d3:bc:37
Serial Number (int): 2668145514057686620853324122718190647
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 5f:41:47:cb:46:c5:d2:8f:2e:2f:04:84:3a:3c:5b:9f:84:21:a0:b4
AuthorityKeyId: f5:56:22:1f:d9:bf:6b:59:24:52:b0:e1:6a:cd:c0:e1:57:67:e9:e8

Fingerprint (sha1): 5a:dd:95:46:01:b3:9b:a7:ef:76:ad:b5:9b:6b:01:fe:50:b1:08:61
Fingerprint (sha256): 01:76:b7:f6:63:d3:a0:f6:06:1d:98:3e:24:7b:eb:5b:9b:1b:da:f8:a0:c4:5f:e6:7c:9a:0c:65:11:80:19:16

Issuing Certificate URL: http://cacerts.digitalcertvalidation.com/TrustProviderBVTLSRSACAG1.crt

Revocation information

OCSP Server: http://statusd.digitalcertvalidation.com
CRL Distribution Point: http://cdpd.digitalcertvalidation.com/TrustProviderBVTLSRSACAG1.crl

Check the revocation status for certificate www.leafact.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.leafact.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.leafact.com
leafact.com

Other certificates including the domain name leafact.com

(limited to 100 certificates)
www.leafact.com
leafact.com
www.leafact.com
leafact.com
www.leafact.com
www.leafact.com
leafact.com

Certificate

The complete raw certificate details for www.leafact.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHezCCBmOgAwIBAgIQAgHduve62aJDimoxnNO8NzANBgkqhkiG9w0BAQsFADB2
MQswCQYDVQQGEwJOTDEcMBoGA1UEChMTVHJ1c3QgUHJvdmlkZXIgQi5WLjEdMBsG
A1UECxMURG9tYWluIFZhbGlkYXRlZCBTU0wxKjAoBgNVBAMTIVRydXN0IFByb3Zp
ZGVyIEIuVi4gVExTIFJTQSBDQSBHMTAeFw0yNDAyMDgwMDAwMDBaFw0yNTAzMDgy
MzU5NTlaMBoxGDAWBgNVBAMTD3d3dy5sZWFmYWN0LmNvbTCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBALohSTybKwydRzjL9DKScsE6r+yXiHpQXETwRQSy
7UdiM7QVZ+HF8Psb2LCtBY54ISBCpNm+f1Z48rc2zV3loE4wD6rN+HdNMOuQ+Zz0
RoCoMc7S2VVcYczbIl5g+6+0CSV7GUKx1X2l0qvvcPmU0tHExwx2Fx9pErcx+IgT
XJpU0j/Ii5OCdqklgyfD8K/lIe1ZqnV74g0i5FmfOyAPXUBHBBSgTpwa8EfZDHtP
uvhGvt3xiiF0VgGcBJVGR5EOpmyulsYU4hJ5kwlJYR7t//KYECtYFWpGcQetCcHx
aG/dLp9en6ww4RbF3LAeWLxRIj8f8pocVVdlJ69o4NKpFyUH9dczsI1NtiJASIzs
Xd6le025z1GwTboZ5chDZej2b4dX9QCxbGMwEY/7MpE1TFoImvit3VrvgscykO7b
7JxurZZhEwgG5LmGCoCrAq1JARl8t6kDws89y6Qtma++khrWtu3V14+2HBwXTAt5
E8HSEjAfGjlaXiEHg7KUklGXA3ACL9GTStfqddPUKLViL+qeXtOnRn8qKB2nLCDf
kImUB9xXywBizYIzxC8Qsii4yKgD5WDhg7gfFzItpE9v0ZQmM1vCVlzJShPSP87J
Wkn73XRVojhadgUTQmPq1fnsFgeTjL3SZiF/8axOIUNpS7aLnW/AP3QePs1oC41f
HQhbAgMBAAGjggNfMIIDWzAfBgNVHSMEGDAWgBT1ViIf2b9rWSRSsOFqzcDhV2fp
6DAdBgNVHQ4EFgQUX0FHy0bF0o8uLwSEOjxbn4QhoLQwJwYDVR0RBCAwHoIPd3d3
LmxlYWZhY3QuY29tggtsZWFmYWN0LmNvbTA+BgNVHSAENzA1MDMGBmeBDAECATAp
MCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBUBgNVHR8E
TTBLMEmgR6BFhkNodHRwOi8vY2RwZC5kaWdpdGFsY2VydHZhbGlkYXRpb24uY29t
L1RydXN0UHJvdmlkZXJCVlRMU1JTQUNBRzEuY3JsMIGaBggrBgEFBQcBAQSBjTCB
ijA0BggrBgEFBQcwAYYoaHR0cDovL3N0YXR1c2QuZGlnaXRhbGNlcnR2YWxpZGF0
aW9uLmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaXRhbGNlcnR2
YWxpZGF0aW9uLmNvbS9UcnVzdFByb3ZpZGVyQlZUTFNSU0FDQUcxLmNydDAMBgNV
HRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgBOdaMnXJoQwzhb
bNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAY2Hnlm0AAAEAwBHMEUCIDrEGKSBmUJn
HHQ5UJaTgjT7wAF0Chg5al+sxynoHzPcAiEAnac0H/Bq3tnYH8HLkNhJuPb5Q26f
8K2Jkw8u3o0XOUcAdgB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAA
AY2HnlnbAAAEAwBHMEUCIBfpIubHvlucu6auepnhrzr8OaGW6eQtsN0qfS/4GIia
AiEAzk9SXw9ERA/nGKi2UtHI5GbijNTzNjG5hwVsMxleY6IAdgDm0jFjQHeMwRBB
Btdxuc7B0kD2loSG+7qHMh39HjeOUAAAAY2HnloGAAAEAwBHMEUCIQDbRyj2TApm
f0hEo+T9R/Iag3OXExfvt7RYy/Ob/5C42gIgU/rWhFYVTgH/i0PIo9xmTBDGDd7Q
gNzXlyiWKPAOiaUwDQYJKoZIhvcNAQELBQADggEBAA37EZnEs8bQhEBYlyy5p3qC
JciLJuthPIJdNOBtnUsiqw7Tq5cZx7enVksmA9CJi3/Bl/43FaKsWbviZejy8k0I
7uNRuSzqrNmn6hojSwKJ6VzvgBKRCVAvz1Bh9QmDkLa45ist+6CUlg42PmAivZxy
zwknTyfxYKrnkXCZCuLY5IF+Sb1Qq3kQWXNnf2iMuiXlr5gnsjHmNUIWTc8uygkB
4M41r9DFS3TL6xDo4t+CZ1VT/5sAHVvBvv4vR6fmuEf02R4PyohsVGPkKNi6w3VY
biANtAPHMsZLKPtof5D/kA/9w9YgBE/n4fscnZNvozwcIZDDptvvKiFwCxunxwA=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuiFJPJsrDJ1HOMv0MpJy
wTqv7JeIelBcRPBFBLLtR2IztBVn4cXw+xvYsK0FjnghIEKk2b5/VnjytzbNXeWg
TjAPqs34d00w65D5nPRGgKgxztLZVVxhzNsiXmD7r7QJJXsZQrHVfaXSq+9w+ZTS
0cTHDHYXH2kStzH4iBNcmlTSP8iLk4J2qSWDJ8Pwr+Uh7VmqdXviDSLkWZ87IA9d
QEcEFKBOnBrwR9kMe0+6+Ea+3fGKIXRWAZwElUZHkQ6mbK6WxhTiEnmTCUlhHu3/
8pgQK1gVakZxB60JwfFob90un16frDDhFsXcsB5YvFEiPx/ymhxVV2Unr2jg0qkX
JQf11zOwjU22IkBIjOxd3qV7TbnPUbBNuhnlyENl6PZvh1f1ALFsYzARj/sykTVM
Wgia+K3dWu+CxzKQ7tvsnG6tlmETCAbkuYYKgKsCrUkBGXy3qQPCzz3LpC2Zr76S
Gta27dXXj7YcHBdMC3kTwdISMB8aOVpeIQeDspSSUZcDcAIv0ZNK1+p109QotWIv
6p5e06dGfyooHacsIN+QiZQH3FfLAGLNgjPELxCyKLjIqAPlYOGDuB8XMi2kT2/R
lCYzW8JWXMlKE9I/zslaSfvddFWiOFp2BRNCY+rV+ewWB5OMvdJmIX/xrE4hQ2lL
toudb8A/dB4+zWgLjV8dCFsCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2668145514057686620853324122718190647
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Trust Provider B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Domain Validated SSL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Trust Provider B.V. TLS RSA CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-08 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-08 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.leafact.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 759344247288484683158094781272171709806823708340918659281893981221024126208789903249243491991167274110262616034923097681756003816237264146199887244743185003184800880041756482989000648868976879410423483557373293076823044889604093531619282503553192430067517118076960614777176178998883500030124067067450191230088298631211455287116350547561356071434445987135549764236835229623125712072087908696839841151689753472248140566554058414565953374057340286798353042210393673152043282725688826675292319298060919033833170625512322248075887443680181053289247516661132937420261053115775360405472931795146387713882786436251312674852142705007709005383910976603964731867504998424324668991163653228655226047999108435859822545410742007874853687427409580183111040324073248779131111408628654143183536071319779853121964154728577993821533255677940218712077193014817480969250622840756936408600914331104862390992819889483927007209511125912415173609141151084992274542106616980713279138566808597309663230166732864400643732640526769590330418197795180720188932002252905671925274982768003721898203724150359782440306224794624234649698541866095390859136053604442165903715547192130412777350277841939938746019033268512976411259145645477042422267515583238773511848527963
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f556221fd9bf6b592452b0e16acdc0e15767e9e8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5f4147cb46c5d28f2e2f04843a3c5b9f8421a0b4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.leafact.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'leafact.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (77 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdpd.digitalcertvalidation.com/TrustProviderBVTLSRSACAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (141 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://statusd.digitalcertvalidation.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digitalcertvalidation.com/TrustProviderBVTLSRSACAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d879e59b4000004030047304502203ac418a4819942671c74395096938234fbc001740a18396a5facc729e81f33dc0221009da7341ff06aded9d81fc1cb90d849b8f6f9436e9ff0ad89930f2ede8d1739470076007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018d879e59db0000040300473045022017e922e6c7be5b9cbba6ae7a99e1af3afc39a196e9e42db0dd2a7d2ff818889a022100ce4f525f0f44440fe718a8b652d1c8e466e28cd4f33631b987056c33195e63a2007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018d879e5a060000040300473045022100db4728f64c0a667f4844a3e4fd47f21a8373971317efb7b458cbf39bff90b8da022053fad68456154e01ff8b43c8a3dc664c10c60dded080dcd797289628f00e89a5
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000dfb1199c4b3c6d0844058972cb9a77a8225c88b26eb613c825d34e06d9d4b22ab0ed3ab9719c7b7a7564b2603d0898b7fc197fe3715a2ac59bbe265e8f2f24d08eee351b92ceaacd9a7ea1a234b0289e95cef80129109502fcf5061f5098390b6b8e62b2dfba094960e363e6022bd9c72cf09274f27f160aae79170990ae2d8e4817e49bd50ab79105973677f688cba25e5af9827b231e63542164dcf2eca0901e0ce35afd0c54b74cbeb10e8e2df82675553ff9b001d5bc1befe2f47a7e6b847f4d91e0fca886c5463e428d8bac375586e200db403c732c64b28fb687f90ff900ffdc3d620044fe7e1fb1c9d936fa33c1c2190c3a6dbef2a21700b1ba7c700