www.leafact.com
Issued by Trust Provider B.V. TLS RSA CA G1
About this certificate
This digital certificate with serial number 02:01:dd:ba:f7:ba:d9:a2:43:8a:6a:31:9c:d3:bc:37 was issued on by Trust Provider B.V..
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=www.leafact.com
Trust Provider B.V.
Organization:
Trust Provider B.V.
Organization unit: Domain Validated SSL
Organization unit: Domain Validated SSL
Country:
NL
This certificate will expire on
Certificate Details
Serial Number (hex): 02:01:dd:ba:f7:ba:d9:a2:43:8a:6a:31:9c:d3:bc:37Serial Number (int): 2668145514057686620853324122718190647
Serial Number lenght: 122 bits, 16 octets
SubjectKeyId: 5f:41:47:cb:46:c5:d2:8f:2e:2f:04:84:3a:3c:5b:9f:84:21:a0:b4
AuthorityKeyId: f5:56:22:1f:d9:bf:6b:59:24:52:b0:e1:6a:cd:c0:e1:57:67:e9:e8
Fingerprint (sha1): 5a:dd:95:46:01:b3:9b:a7:ef:76:ad:b5:9b:6b:01:fe:50:b1:08:61
Fingerprint (sha256): 01:76:b7:f6:63:d3:a0:f6:06:1d:98:3e:24:7b:eb:5b:9b:1b:da:f8:a0:c4:5f:e6:7c:9a:0c:65:11:80:19:16
Issuing Certificate URL: http://cacerts.digitalcertvalidation.com/TrustProviderBVTLSRSACAG1.crt
Revocation information
OCSP Server: http://statusd.digitalcertvalidation.comCRL Distribution Point: http://cdpd.digitalcertvalidation.com/TrustProviderBVTLSRSACAG1.crl
Check the revocation status for certificate www.leafact.com
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for www.leafact.com
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
www.leafact.com
leafact.com
leafact.com
Other certificates including the domain name leafact.com
(limited to 100 certificates)
Certificate
The complete raw certificate details for www.leafact.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHezCCBmOgAwIBAgIQAgHduve62aJDimoxnNO8NzANBgkqhkiG9w0BAQsFADB2 MQswCQYDVQQGEwJOTDEcMBoGA1UEChMTVHJ1c3QgUHJvdmlkZXIgQi5WLjEdMBsG A1UECxMURG9tYWluIFZhbGlkYXRlZCBTU0wxKjAoBgNVBAMTIVRydXN0IFByb3Zp ZGVyIEIuVi4gVExTIFJTQSBDQSBHMTAeFw0yNDAyMDgwMDAwMDBaFw0yNTAzMDgy MzU5NTlaMBoxGDAWBgNVBAMTD3d3dy5sZWFmYWN0LmNvbTCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBALohSTybKwydRzjL9DKScsE6r+yXiHpQXETwRQSy 7UdiM7QVZ+HF8Psb2LCtBY54ISBCpNm+f1Z48rc2zV3loE4wD6rN+HdNMOuQ+Zz0 RoCoMc7S2VVcYczbIl5g+6+0CSV7GUKx1X2l0qvvcPmU0tHExwx2Fx9pErcx+IgT XJpU0j/Ii5OCdqklgyfD8K/lIe1ZqnV74g0i5FmfOyAPXUBHBBSgTpwa8EfZDHtP uvhGvt3xiiF0VgGcBJVGR5EOpmyulsYU4hJ5kwlJYR7t//KYECtYFWpGcQetCcHx aG/dLp9en6ww4RbF3LAeWLxRIj8f8pocVVdlJ69o4NKpFyUH9dczsI1NtiJASIzs Xd6le025z1GwTboZ5chDZej2b4dX9QCxbGMwEY/7MpE1TFoImvit3VrvgscykO7b 7JxurZZhEwgG5LmGCoCrAq1JARl8t6kDws89y6Qtma++khrWtu3V14+2HBwXTAt5 E8HSEjAfGjlaXiEHg7KUklGXA3ACL9GTStfqddPUKLViL+qeXtOnRn8qKB2nLCDf kImUB9xXywBizYIzxC8Qsii4yKgD5WDhg7gfFzItpE9v0ZQmM1vCVlzJShPSP87J Wkn73XRVojhadgUTQmPq1fnsFgeTjL3SZiF/8axOIUNpS7aLnW/AP3QePs1oC41f HQhbAgMBAAGjggNfMIIDWzAfBgNVHSMEGDAWgBT1ViIf2b9rWSRSsOFqzcDhV2fp 6DAdBgNVHQ4EFgQUX0FHy0bF0o8uLwSEOjxbn4QhoLQwJwYDVR0RBCAwHoIPd3d3 LmxlYWZhY3QuY29tggtsZWFmYWN0LmNvbTA+BgNVHSAENzA1MDMGBmeBDAECATAp MCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0P AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBUBgNVHR8E TTBLMEmgR6BFhkNodHRwOi8vY2RwZC5kaWdpdGFsY2VydHZhbGlkYXRpb24uY29t L1RydXN0UHJvdmlkZXJCVlRMU1JTQUNBRzEuY3JsMIGaBggrBgEFBQcBAQSBjTCB ijA0BggrBgEFBQcwAYYoaHR0cDovL3N0YXR1c2QuZGlnaXRhbGNlcnR2YWxpZGF0 aW9uLmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaXRhbGNlcnR2 YWxpZGF0aW9uLmNvbS9UcnVzdFByb3ZpZGVyQlZUTFNSU0FDQUcxLmNydDAMBgNV HRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgBOdaMnXJoQwzhb bNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAY2Hnlm0AAAEAwBHMEUCIDrEGKSBmUJn HHQ5UJaTgjT7wAF0Chg5al+sxynoHzPcAiEAnac0H/Bq3tnYH8HLkNhJuPb5Q26f 8K2Jkw8u3o0XOUcAdgB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAA AY2HnlnbAAAEAwBHMEUCIBfpIubHvlucu6auepnhrzr8OaGW6eQtsN0qfS/4GIia AiEAzk9SXw9ERA/nGKi2UtHI5GbijNTzNjG5hwVsMxleY6IAdgDm0jFjQHeMwRBB Btdxuc7B0kD2loSG+7qHMh39HjeOUAAAAY2HnloGAAAEAwBHMEUCIQDbRyj2TApm f0hEo+T9R/Iag3OXExfvt7RYy/Ob/5C42gIgU/rWhFYVTgH/i0PIo9xmTBDGDd7Q gNzXlyiWKPAOiaUwDQYJKoZIhvcNAQELBQADggEBAA37EZnEs8bQhEBYlyy5p3qC JciLJuthPIJdNOBtnUsiqw7Tq5cZx7enVksmA9CJi3/Bl/43FaKsWbviZejy8k0I 7uNRuSzqrNmn6hojSwKJ6VzvgBKRCVAvz1Bh9QmDkLa45ist+6CUlg42PmAivZxy zwknTyfxYKrnkXCZCuLY5IF+Sb1Qq3kQWXNnf2iMuiXlr5gnsjHmNUIWTc8uygkB 4M41r9DFS3TL6xDo4t+CZ1VT/5sAHVvBvv4vR6fmuEf02R4PyohsVGPkKNi6w3VY biANtAPHMsZLKPtof5D/kA/9w9YgBE/n4fscnZNvozwcIZDDptvvKiFwCxunxwA= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuiFJPJsrDJ1HOMv0MpJy wTqv7JeIelBcRPBFBLLtR2IztBVn4cXw+xvYsK0FjnghIEKk2b5/VnjytzbNXeWg TjAPqs34d00w65D5nPRGgKgxztLZVVxhzNsiXmD7r7QJJXsZQrHVfaXSq+9w+ZTS 0cTHDHYXH2kStzH4iBNcmlTSP8iLk4J2qSWDJ8Pwr+Uh7VmqdXviDSLkWZ87IA9d QEcEFKBOnBrwR9kMe0+6+Ea+3fGKIXRWAZwElUZHkQ6mbK6WxhTiEnmTCUlhHu3/ 8pgQK1gVakZxB60JwfFob90un16frDDhFsXcsB5YvFEiPx/ymhxVV2Unr2jg0qkX JQf11zOwjU22IkBIjOxd3qV7TbnPUbBNuhnlyENl6PZvh1f1ALFsYzARj/sykTVM Wgia+K3dWu+CxzKQ7tvsnG6tlmETCAbkuYYKgKsCrUkBGXy3qQPCzz3LpC2Zr76S Gta27dXXj7YcHBdMC3kTwdISMB8aOVpeIQeDspSSUZcDcAIv0ZNK1+p109QotWIv 6p5e06dGfyooHacsIN+QiZQH3FfLAGLNgjPELxCyKLjIqAPlYOGDuB8XMi2kT2/R lCYzW8JWXMlKE9I/zslaSfvddFWiOFp2BRNCY+rV+ewWB5OMvdJmIX/xrE4hQ2lL toudb8A/dB4+zWgLjV8dCFsCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 2668145514057686620853324122718190647 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Trust Provider B.V.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Domain Validated SSL' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Trust Provider B.V. TLS RSA CA G1' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-08 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-08 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.leafact.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 759344247288484683158094781272171709806823708340918659281893981221024126208789903249243491991167274110262616034923097681756003816237264146199887244743185003184800880041756482989000648868976879410423483557373293076823044889604093531619282503553192430067517118076960614777176178998883500030124067067450191230088298631211455287116350547561356071434445987135549764236835229623125712072087908696839841151689753472248140566554058414565953374057340286798353042210393673152043282725688826675292319298060919033833170625512322248075887443680181053289247516661132937420261053115775360405472931795146387713882786436251312674852142705007709005383910976603964731867504998424324668991163653228655226047999108435859822545410742007874853687427409580183111040324073248779131111408628654143183536071319779853121964154728577993821533255677940218712077193014817480969250622840756936408600914331104862390992819889483927007209511125912415173609141151084992274542106616980713279138566808597309663230166732864400643732640526769590330418197795180720188932002252905671925274982768003721898203724150359782440306224794624234649698541866095390859136053604442165903715547192130412777350277841939938746019033268512976411259145645477042422267515583238773511848527963 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f556221fd9bf6b592452b0e16acdc0e15767e9e8 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 5f4147cb46c5d28f2e2f04843a3c5b9f8421a0b4 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.leafact.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'leafact.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (77 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdpd.digitalcertvalidation.com/TrustProviderBVTLSRSACAG1.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (141 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://statusd.digitalcertvalidation.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digitalcertvalidation.com/TrustProviderBVTLSRSACAG1.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes) 01680076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d879e59b4000004030047304502203ac418a4819942671c74395096938234fbc001740a18396a5facc729e81f33dc0221009da7341ff06aded9d81fc1cb90d849b8f6f9436e9ff0ad89930f2ede8d1739470076007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018d879e59db0000040300473045022017e922e6c7be5b9cbba6ae7a99e1af3afc39a196e9e42db0dd2a7d2ff818889a022100ce4f525f0f44440fe718a8b652d1c8e466e28cd4f33631b987056c33195e63a2007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018d879e5a060000040300473045022100db4728f64c0a667f4844a3e4fd47f21a8373971317efb7b458cbf39bff90b8da022053fad68456154e01ff8b43c8a3dc664c10c60dded080dcd797289628f00e89a5 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 000dfb1199c4b3c6d0844058972cb9a77a8225c88b26eb613c825d34e06d9d4b22ab0ed3ab9719c7b7a7564b2603d0898b7fc197fe3715a2ac59bbe265e8f2f24d08eee351b92ceaacd9a7ea1a234b0289e95cef80129109502fcf5061f5098390b6b8e62b2dfba094960e363e6022bd9c72cf09274f27f160aae79170990ae2d8e4817e49bd50ab79105973677f688cba25e5af9827b231e63542164dcf2eca0901e0ce35afd0c54b74cbeb10e8e2df82675553ff9b001d5bc1befe2f47a7e6b847f4d91e0fca886c5463e428d8bac375586e200db403c732c64b28fb687f90ff900ffdc3d620044fe7e1fb1c9d936fa33c1c2190c3a6dbef2a21700b1ba7c700