digas.spiegel.de

Issued by GTS CA 1D4

About this certificate

This digital certificate with serial number 5d:a6:f8:b5:10:53:73:cd:0a:75:61:28:22:4f:93:f9 was issued on by Google Trust Services LLC.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=digas.spiegel.de

Google Trust Services LLC

Organization: Google Trust Services LLC
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 5d:a6:f8:b5:10:53:73:cd:0a:75:61:28:22:4f:93:f9
Serial Number (int): 124485169269445726117151578124907942905
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 73:6d:05:72:4e:78:2d:29:03:37:46:92:ca:c5:e2:9d:10:43:db:a5
AuthorityKeyId: 25:e2:18:0e:b2:57:91:94:2a:e5:d4:5d:86:90:83:de:53:b3:b8:92

Fingerprint (sha1): 90:06:b6:78:9f:3f:2e:ed:38:65:dc:85:a1:c8:29:5e:e5:83:35:14
Fingerprint (sha256): 02:65:ca:4b:6a:04:96:42:b6:e9:15:1f:2f:4c:43:40:20:62:ca:da:0a:96:21:3d:e8:f0:d0:e9:94:81:98:fd

Issuing Certificate URL: http://pki.goog/repo/certs/gts1d4.der

Revocation information

OCSP Server: http://ocsp.pki.goog/s/gts1d4/qTbQ6x6Zyqs
CRL Distribution Point: http://crls.pki.goog/gts1d4/oMerlZrw32M.crl

Check the revocation status for certificate digas.spiegel.de

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for digas.spiegel.de

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

digas.spiegel.de

Other certificates including the domain name spiegel.de

(limited to 100 certificates)
jira.spiegel.de
service.spiegel.de
pushmanagement-ui.review.nextgen-services.spiegel.de
staging.sportwetten.spiegel.de
tippspiel.spiegel.de
gutscheine.spiegel.de
ssl.1.damoh.spiegel.de
digas.spiegel.de
amazonproductprovider.qs.nextgen-services.spiegel.de
shop.spiegel.de
imode.spiegel.de
review.assets.spiegel.de
newsletterversand.spiegel.de
vcdn02.spiegel.de
sftp.spiegel.de
qs.spiegel.de
vcdn1-secure.hls.spiegel.de
advent.spiegel.de
digasred.spiegel.de
SPIEGEL-Verlag Rudolf Augstein GmbH & Co KG
video-secure.spiegel.de
apiegel.de
cdnstatic.secure.spiegel.de
gcp.qs.www.spiegel.de
akademie.spiegel.de
cms.review.www.spiegel.de
arztsuche.spiegel.de
vcdn01.spiegel.de
einestages.spiegel.de
magazin.spiegel.de
eurojackpot.spiegel.de
derspiegel.eu
arztsuche.spiegel.de
m.spiegel.de
derspiegel.eu
gcp.dev.www.spiegel.de
advent.spiegel.de
www.spiegel.de
akamai-san8.exacttarget.com
newsletterversand2.spiegel.de
bento.app
fa.review.wisl.spiegel.de
gcp.prod.www.spiegel.de
tracker.it.spiegel.de
www.stepstone.de
m.spiegel.de
click.angebote.spiegel.de
einsurance.spiegel.de
cloud.angebote.spiegel.de
sams.spiegel.de
aubapi.spiegel.de
arztsuche.spiegel.de
review.www.spiegel.de
review.journalsuite.spiegel.de
service.spiegel.de
contentgarden.spiegel.de
static.gruppenkonto.spiegel.de
www.weltski.de
review.journalsuite.spiegel.de
bento.app
cdn.secure.spiegel.de
cdn.secure.spiegel.de
www.weltski.de
bento.app

sportwetten.spiegel.de
click.angebote.spiegel.de
dev.www.spiegel.de
digas-review.axelspringer.de
m.eurojackpot.spiegel.de
prod.warden.spiegel.de
service.spiegel.de
view.angebote.spiegel.de
kopfsache.spiegel.de
www.weltski.de
ivwbox.spiegel.de
www.stepstone.de
aubapi.spiegel.de
contentstation-qs.spiegel.de
microshop.spiegel.de
gluecksspirale.spiegel.de
streaming.hls.spiegel.de
dev.fanexperts.spiegel.de
dev.talk.spiegel.de
sportwetten.spiegel.de
lotto.spiegel.de
microshop.spiegel.de
spiele.spiegel.de
staging.sportwetten.spiegel.de
elvis-qs.spiegel.de
vpn.spiegel.de
eurojackpot.spiegel.de
dev.www.spiegel.de
cdnsource.review.www.spiegel.de
osp.spiegel.de
spiegel-de.spiegel.de
static.gruppenkonto.spiegel.de
sats.spiegel.de
grafana.review.cm.spiegel.de
magazin.spiegel.de

Certificate

The complete raw certificate details for digas.spiegel.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgIQXab4tRBTc80KdWEoIk+T+TANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM
QzETMBEGA1UEAxMKR1RTIENBIDFENDAeFw0yMzA2MTIxOTI0MjBaFw0yMzA5MTAx
OTUzMDBaMBsxGTAXBgNVBAMTEGRpZ2FzLnNwaWVnZWwuZGUwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDCLl0gBpieR6nGUjgNVOYPjM4hPu3fJ3kbPu3X
fFEmlH2ucYbfjvpS5Zk9v+nc51PXxPd0Wr/XOOphyCPNI4TYeLGiDUSHZmRnI4VJ
vC+P3htQME0JSDuNhFDwA51A5INYx+Gfzd7YnbaTScPU60z0P6CJkULK86hN3wef
bTrxJwGbSwCRkL+c6UKaI6O+G6CcQT9gYuTtbXaLgWO8AdnqeoRvnyZpKdhLd5S2
LWMuiUmJquqjJ7BixGiIHqIAd0LtxRpLV9EZoNLxO+bUd067tfblsZwAQtijvcN0
eAuyH9gfTYbic0biPOjaeDfOPdB2D5HAzGO2IpL7PZBE52K7AgMBAAGjggJ4MIIC
dDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
BAIwADAdBgNVHQ4EFgQUc20Fck54LSkDN0aSysXinRBD26UwHwYDVR0jBBgwFoAU
JeIYDrJXkZQq5dRdhpCD3lOzuJIweAYIKwYBBQUHAQEEbDBqMDUGCCsGAQUFBzAB
hilodHRwOi8vb2NzcC5wa2kuZ29vZy9zL2d0czFkNC9xVGJRNng2WnlxczAxBggr
BgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMWQ0LmRlcjAb
BgNVHREEFDASghBkaWdhcy5zcGllZ2VsLmRlMCEGA1UdIAQaMBgwCAYGZ4EMAQIB
MAwGCisGAQQB1nkCBQMwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybHMucGtp
Lmdvb2cvZ3RzMWQ0L29NZXJsWnJ3MzJNLmNybDCCAQUGCisGAQQB1nkCBAIEgfYE
gfMA8QB2AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABiLFH7sMA
AAQDAEcwRQIhAL3cYkQcGxCNQ+sz26PxvXfc1D0EJnHYHkPz4Lr8qV+vAiAxZwK9
a5BZqP+6Op7W2NjdXZzOVG5Jw/QVqvtVpH0ivwB3ALc++yTfnE26dfI5xbpY9Gxd
/ELPep81xJ4dCYEl7bSZAAABiLFH7tMAAAQDAEgwRgIhAKzABypvGZ2+uhHtl1BJ
aancEbLivnYrGqcpGyDs85bmAiEA2+DED1eA8ubB1AZaisSuW71vojt74T9+jkgl
sQmwkwAwDQYJKoZIhvcNAQELBQADggEBADkUfFkEMjmpiNw/aJMp4I69/LqleI/x
VSSPJkrgAsqiHiX8TZAMYRkGJ0+VwLSzJ7oJQPCwNo+m6gQRXCKo5Aqj+6pAg7JH
U4JKjKJK8REppxBzNjVQM21yhsViCH5+iGVaPRn2XmoVviZlwklc5k7XoOy6yRQb
RqxXD0jOF6mrdRwG+/PsWxxjkOaaXmv8moN3ktCO1kQcq9iMxIAoZCADMqI73LzQ
Emy9ShiqVrJ1DRlyG30DdL83ELnIEQ8izYg/JM2wGeTEDAu7QIo3buJHrfXJc/DC
fueG6mfOLX6/6b8fmqI0Q+XuwedddufnR6PirLKnjyqS4m25mrHzMw8=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwi5dIAaYnkepxlI4DVTm
D4zOIT7t3yd5Gz7t13xRJpR9rnGG3476UuWZPb/p3OdT18T3dFq/1zjqYcgjzSOE
2Hixog1Eh2ZkZyOFSbwvj94bUDBNCUg7jYRQ8AOdQOSDWMfhn83e2J22k0nD1OtM
9D+giZFCyvOoTd8Hn2068ScBm0sAkZC/nOlCmiOjvhugnEE/YGLk7W12i4FjvAHZ
6nqEb58maSnYS3eUti1jLolJiarqoyewYsRoiB6iAHdC7cUaS1fRGaDS8Tvm1HdO
u7X25bGcAELYo73DdHgLsh/YH02G4nNG4jzo2ng3zj3Qdg+RwMxjtiKS+z2QROdi
uwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 124485169269445726117151578124907942905
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Google Trust Services LLC'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GTS CA 1D4'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-06-12 19:24:20 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-10 19:53:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'digas.spiegel.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24513093990474334083472912057306566610590176736679954572697776153785040424653749132337500287308405051176521704782940632207212524112963495072754796405866735393307601372760021401514893899278068052526537915892724863193284806363708900296765722823254174496790242342440853380099166418059172004571383195549787461684648342649542293957897092382095125936954736040152289680331890354880063908873408438874870767343928312887510983219567178449381713894687599218263362689340025070445356051924843486367876071016785989406400179697465823361990978275099863285935573000713096770422152567528036004832638650082717415397883183026841800106683
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							736d05724e782d2903374692cac5e29d1043dba5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 25e2180eb25791942ae5d45d869083de53b3b892
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (108 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.pki.goog/s/gts1d4/qTbQ6x6Zyqs'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://pki.goog/repo/certs/gts1d4.der'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'digas.spiegel.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.5.3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (53 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crls.pki.goog/gts1d4/oMerlZrw32M.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f1007600e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e00000188b147eec30000040300473045022100bddc62441c1b108d43eb33dba3f1bd77dcd43d042671d81e43f3e0bafca95faf0220316702bd6b9059a8ffba3a9ed6d8d8dd5d9cce546e49c3f415aafb55a47d22bf007700b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb49900000188b147eed30000040300483046022100acc0072a6f199dbeba11ed97504969a9dc11b2e2be762b1aa7291b20ecf396e6022100dbe0c40f5780f2e6c1d4065a8ac4ae5bbd6fa23b7be13f7e8e4825b109b09300
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0039147c59043239a988dc3f689329e08ebdfcbaa5788ff155248f264ae002caa21e25fc4d900c611906274f95c0b4b327ba0940f0b0368fa6ea04115c22a8e40aa3fbaa4083b24753824a8ca24af11129a71073363550336d7286c562087e7e88655a3d19f65e6a15be2665c2495ce64ed7a0ecbac9141b46ac570f48ce17a9ab751c06fbf3ec5b1c6390e69a5e6bfc9a837792d08ed6441cabd88cc4802864200332a23bdcbcd0126cbd4a18aa56b2750d19721b7d0374bf3710b9c8110f22cd883f24cdb019e4c40c0bbb408a376ee247adf5c973f0c27ee786ea67ce2d7ebfe9bf1f9aa23443e5eec1e75d76e7e747a3e2acb2a78f2a92e26db99ab1f3330f