nancynano.lbl.gov

Issued by GTS CA 1D4

About this certificate

This digital certificate with serial number d5:3f:a8:6c:73:a3:b3:e0:10:f6:33:f0:8f:58:a7:3a was issued on by Google Trust Services LLC.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=nancynano.lbl.gov

Google Trust Services LLC

Organization: Google Trust Services LLC
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): d5:3f:a8:6c:73:a3:b3:e0:10:f6:33:f0:8f:58:a7:3a
Serial Number (int): 283456093841518420565233203442844477242
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 59:2a:f8:78:44:8f:9c:fa:45:ae:7c:9f:ce:a2:f9:26:13:95:2e:99
AuthorityKeyId: 25:e2:18:0e:b2:57:91:94:2a:e5:d4:5d:86:90:83:de:53:b3:b8:92

Fingerprint (sha1): 31:6a:5d:96:d0:8b:fc:4f:4b:24:8c:c3:c7:99:e7:65:12:12:7b:bf
Fingerprint (sha256): 01:9c:c3:e7:60:e5:8f:48:db:95:84:c0:03:23:f2:4f:5b:fc:6b:db:b6:f6:9e:00:c5:33:fd:15:7c:91:9d:50

Issuing Certificate URL: http://pki.goog/repo/certs/gts1d4.der

Revocation information

OCSP Server: http://ocsp.pki.goog/s/gts1d4/zSylIU0REVE
CRL Distribution Point: http://crls.pki.goog/gts1d4/mLboP8s_BtA.crl

Check the revocation status for certificate nancynano.lbl.gov

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for nancynano.lbl.gov

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

nancynano.lbl.gov

Other certificates including the domain name lbl.gov

(limited to 100 certificates)
sni.cloudflaressl.com
watershed.lbl.gov
5692462144159744-fe3.pantheonsite.io
nanowiki.lbl.gov
sciencesearch-ncem.lbl.gov
bcp.lbl.gov
sni.cloudflaressl.com
iprequest.lbl.gov
carpepm.almonds.com
sni.cloudflaressl.com
5648554290839552-fe1.pantheonsite.io
cuwip.physics.berkeley.edu
ess-dive.lbl.gov
slidecam-camera.lbl.gov
peabody.lbl.gov
pjfischer.lbl.gov
eesatough.lbl.gov
5769720821186560-fe3.pantheonsite.io
5756433131896832-fe1.pantheonsite.io
5631943370604544-fe1.pantheonsite.io
5757334940811264-fe4.pantheonsite.io
bsbip1-admin.lbl.gov
sni.cloudflaressl.com
5709068098338816-fe3.pantheonsite.io
5643365030821888-fe1.pantheonsite.io
ergoeval.lbl.gov
sni.cloudflaressl.com
ssl937631.cloudflaressl.com
qmm.lbl.gov
babe.lbl.gov
5756433131896832-fe1.pantheonsite.io
flexlab.lbl.gov
calendar.sdzsafaripark.org
conferences.lbl.gov
ee.lbl.gov
sni.cloudflaressl.com
foundry2.lbl.gov
sxworkshop.lbl.gov
5652720409116672-fe3.pantheonsite.io
postdocresources.lbl.gov
5768939674009600-fe3.pantheonsite.io
5650082896543744-fe3.pantheonsite.io
matgen8.lbl.gov
ssl937633.cloudflaressl.com
sni.cloudflaressl.com
www.3scale.net
sni.cloudflaressl.com
sni.cloudflaressl.com
5709068098338816-fe3.pantheonsite.io
5721489412194304-fe1.pantheonsite.io
sni.cloudflaressl.com
dnscontacts.lbl.gov
5650082896543744-fe3.pantheonsite.io
sni.cloudflaressl.com
cdn-test.battlefields.org
5695414665740288-fe2.pantheonsite.io
p3hpc2018.lbl.gov
5768939674009600-fe3.pantheonsite.io
phywebb.lbl.gov
sni.cloudflaressl.com
nancynano.lbl.gov
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
eapx02.lbl.gov
foundry2.lbl.gov
5656619568332800-fe3.pantheonsite.io
spt.lbl.gov
5656619568332800-fe3.pantheonsite.io
5769720821186560-fe3.pantheonsite.io
5709068098338816-fe3.pantheonsite.io
cascade.lbl.gov
waterenergy.lbl.gov
ecep.lbl.gov
callxpresswpm.lbl.gov
bl831.als.lbl.gov
5650082896543744-fe3.pantheonsite.io
chns120.courseresource.yale.edu
shirley.lbl.gov
www.3scale.net
sni.cloudflaressl.com
flexo.lbl.gov
5721489412194304-fe1.pantheonsite.io
energystorage.lbl.gov
www.3scale.net
friendsofberkeleylab.lbl.gov
ultrafast.lbl.gov
5643365030821888-fe1.pantheonsite.io
cuwip.physics.berkeley.edu
www.3scale.net
5649391675244544-fe2.pantheonsite.io
www-afrd.lbl.gov
5692462144159744-fe3.pantheonsite.io
ssl744665.cloudflaressl.com
onthemove.lbl.gov
5757334940811264-fe4.pantheonsite.io
5652720409116672-fe3.pantheonsite.io
sharp.lbl.gov
5692462144159744-fe3.pantheonsite.io

Certificate

The complete raw certificate details for nancynano.lbl.gov in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgIRANU/qGxzo7PgEPYz8I9YpzowDQYJKoZIhvcNAQELBQAw
RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
TEMxEzARBgNVBAMTCkdUUyBDQSAxRDQwHhcNMjMxMDExMDIyNDM5WhcNMjQwMTA5
MDMxMDQ4WjAcMRowGAYDVQQDExFuYW5jeW5hbm8ubGJsLmdvdjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMFQyDmyKdgwAmhJ7LZXHsRRMDenndxnt+0A
6zoiEwRPoCfNuvcrcvGzysfwyP4Uf4OMfXlCR/9mhyy/aEg4L4U567uI7vc5cK/a
SO1Zuau5r8yrLAqjAoglumkOYkgJvorLc7VAxEwE2BhOuGqiCf2mbah+VuqPD80P
4WHQ5e3F+DZ/PPb9iI8CDF7ZhPXozi++GNPsC3k2F21VewyfUWrSyq4j+dQZoOh0
SJZFuLDwsCSyjYpmCC9jGsPcMgfn62Q/5r1yIr7IdOXP9kRP+6GOwV4m+qlQZW61
N3NhLACzmM7S8/t6GE5W+ymQjEossqDtSVq51gb44z1UmfUiCtcCAwEAAaOCAncw
ggJzMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMB
Af8EAjAAMB0GA1UdDgQWBBRZKvh4RI+c+kWufJ/OovkmE5UumTAfBgNVHSMEGDAW
gBQl4hgOsleRlCrl1F2GkIPeU7O4kjB4BggrBgEFBQcBAQRsMGowNQYIKwYBBQUH
MAGGKWh0dHA6Ly9vY3NwLnBraS5nb29nL3MvZ3RzMWQ0L3pTeWxJVTBSRVZFMDEG
CCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMxZDQuZGVy
MBwGA1UdEQQVMBOCEW5hbmN5bmFuby5sYmwuZ292MCEGA1UdIAQaMBgwCAYGZ4EM
AQIBMAwGCisGAQQB1nkCBQMwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybHMu
cGtpLmdvb2cvZ3RzMWQ0L21MYm9QOHNfQnRBLmNybDCCAQMGCisGAQQB1nkCBAIE
gfQEgfEA7wB1AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABixzD
3RAAAAQDAEYwRAIgSULBJ/qzNwM75WnEOmLarygtrUj/4p2GgXQMQ+ajs6gCIGeu
rqjtnLWlRAIB1ro+MjInl/JK4ip9eHblwPDfgRNEAHYASLDja9qmRzQP5WoC+p0w
6xxSActW3SyB2bu/qznYhHMAAAGLHMPc/wAABAMARzBFAiEAxRy0KZUiGwMX3Q7d
TjEMlAxNN7ZPc+2npJIVbjU2nfgCIGZcYiazuli06lruO1rqFct8e3fS69r8peG/
lhljIe4eMA0GCSqGSIb3DQEBCwUAA4IBAQA6+CJSowG5nwVhQKLgWM17biQlgVIs
bunkmnMI8Uyo0HwY6IySjt7Yg3D2ZWbzZ+EoRinS3bV/6X8B/4wkH+RNjJUIkQBb
JRDtxYlqUt5I8+ebp/wru9TCOn1OgD5K+337L0mRmWV2bSBX9Um2Xnib0fbQrthZ
JGyraZsHy048B+LkqswmCMbND+FLo6+WR+Uijf1f4wno4FX2ZCCBHjDafeSf4aAz
ZoOV4OoVV9YXr6eL1mCEoaiUW7bMpsY2wNuwAqVVNUdPEeNbZopXpoDGgh7jRIz/
kKDxw5OuHCuYp94Ni6sPspIGqYtlDrLo5q5iN3FIpXnyVEATo162Io9T
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVDIObIp2DACaEnstlce
xFEwN6ed3Ge37QDrOiITBE+gJ8269yty8bPKx/DI/hR/g4x9eUJH/2aHLL9oSDgv
hTnru4ju9zlwr9pI7Vm5q7mvzKssCqMCiCW6aQ5iSAm+istztUDETATYGE64aqIJ
/aZtqH5W6o8PzQ/hYdDl7cX4Nn889v2IjwIMXtmE9ejOL74Y0+wLeTYXbVV7DJ9R
atLKriP51Bmg6HRIlkW4sPCwJLKNimYIL2Maw9wyB+frZD/mvXIivsh05c/2RE/7
oY7BXib6qVBlbrU3c2EsALOYztLz+3oYTlb7KZCMSiyyoO1JWrnWBvjjPVSZ9SIK
1wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 283456093841518420565233203442844477242
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Google Trust Services LLC'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GTS CA 1D4'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-11 02:24:39 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-09 03:10:48 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nancynano.lbl.gov'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24403828011611422089236339262988162581702052585359902459107099696139243358976310990972889659848769538412335831454240372811761564909604781766796559671068268830496417886416836539622204833169759936979624062847938645381190833699852865154761628547101934387445094892291266368042106049071064171722269152337510463999037682298032807388387403682769131823579620349178040126605457654780910150859201137382721373316552001355081610798309219743106453877377609969237153317518437787954884056984453006751460096474088728566372363918826457246853018730771138254060445894040945142256688451183834380074536366099103698585313877811581352544983
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							592af878448f9cfa45ae7c9fcea2f92613952e99
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 25e2180eb25791942ae5d45d869083de53b3b892
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (108 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.pki.goog/s/gts1d4/zSylIU0REVE'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://pki.goog/repo/certs/gts1d4.der'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (21 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nancynano.lbl.gov'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.5.3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (53 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crls.pki.goog/gts1d4/mLboP8s_BtA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef00750076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018b1cc3dd10000004030046304402204942c127fab337033be569c43a62daaf282dad48ffe29d8681740c43e6a3b3a8022067aeaea8ed9cb5a5440201d6ba3e32322797f24ae22a7d7876e5c0f0df81134400760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018b1cc3dcff0000040300473045022100c51cb42995221b0317dd0edd4e310c940c4d37b64f73eda7a492156e35369df80220665c6226b3ba58b4ea5aee3b5aea15cb7c7b77d2ebdafca5e1bf96196321ee1e
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003af82252a301b99f056140a2e058cd7b6e242581522c6ee9e49a7308f14ca8d07c18e88c928eded88370f66566f367e1284629d2ddb57fe97f01ff8c241fe44d8c950891005b2510edc5896a52de48f3e79ba7fc2bbbd4c23a7d4e803e4afb7dfb2f49919965766d2057f549b65e789bd1f6d0aed859246cab699b07cb4e3c07e2e4aacc2608c6cd0fe14ba3af9647e5228dfd5fe309e8e055f66420811e30da7de49fe1a033668395e0ea1557d617afa78bd66084a1a8945bb6cca6c636c0dbb002a55535474f11e35b668a57a680c6821ee3448cff90a0f1c393ae1c2b98a7de0d8bab0fb29206a98b650eb2e8e6ae62377148a579f2544013a35eb6228f53