welcome.alfabank.ru

- AO ALFA-BANK -

Issued by GlobalSign RSA OV SSL CA 2018

About this certificate

This digital certificate with serial number 4e:2a:e4:09:c7:e8:8b:ba:18:1c:7b:4c was issued on by GlobalSign nv-sa.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

AO ALFA-BANK

Organization: AO ALFA-BANK
State / Province: Moscow
Locality: Moscow
Country: RU

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 4e:2a:e4:09:c7:e8:8b:ba:18:1c:7b:4c
Serial Number (int): 24191682530472437767894498124
Serial Number lenght: 95 bits, 12 octets

SubjectKeyId: 87:94:5b:63:7b:95:43:f2:bd:78:ac:04:d9:14:86:26:ef:d7:c1:74
AuthorityKeyId: f8:ef:7f:f2:cd:78:67:a8:de:6f:8f:24:8d:88:f1:87:03:02:b3:eb

Fingerprint (sha1): f6:cb:4f:53:c5:62:eb:db:e6:c8:f2:e5:b2:5d:0d:50:d7:94:df:4a
Fingerprint (sha256): 03:25:c2:28:16:39:51:e6:6b:c4:f2:e3:65:84:0d:af:00:5a:54:6b:9a:7d:3e:2c:08:08:ea:c5:15:ad:ab:76

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt

Revocation information

OCSP Server: http://ocsp.globalsign.com/gsrsaovsslca2018

Check the revocation status for certificate welcome.alfabank.ru

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for welcome.alfabank.ru

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

welcome.alfabank.ru

Other certificates including the domain name alfabank.ru

(limited to 100 certificates)
traveler2.alfabank.ru
agent.alfabank.ru
agent.alfabank.ru
digital.alfabank.ru
ib.alfabank.ru
travelernext.alfabank.ru
zp.alfabank.ru
anketa.alfabank.ru
ib.alfabank.ru
club.alfabank.ru
pilots.alfabank.ru
emp-lead.alfabank.ru
digp.alfabank.ru
alfapartners.alfabank.ru
click.alfabank.ru
welcome.alfabank.ru
cit.alfabank.ru
ctxvdi.alfabank.ru
my.alfabank.ru
settings.alfabank.ru
reg.alfabank.ru
trading.alfabank.ru
groupib-ac.alfabank.ru
anketa.alfabank.ru
rko.alfabank.ru
sense.alfabank.ru
payment.alfabank.ru
id.alfabank.ru
traveler2.alfabank.ru
job.alfabank.ru
zp.alfabank.ru
potok.alfabank.ru
alfapeople.alfabank.ru
telework.alfabank.ru
trade.alfabank.ru
click.alfabank.ru
link.alfabank.ru
travelervip.alfabank.ru
acs.alfabank.ru
emp-anketa.alfabank.ru
message.alfabank.ru
id-hub-sandbox.alfabank.ru
mind.alfabank.ru
testlink.alfabank.ru
blackstar.alfabank.ru
ecom.alfabank.ru
travelernext.alfabank.ru
sandbox.alfabank.ru
travelervip.alfabank.ru
alfago.alfabank.ru
click.alfabank.ru
travel.alfabank.ru
alfabank.ru
investments.alfabank.ru
CC.ALFABANK.RU
design.alfabank.ru
chatkb.alfabank.ru
design.alfabank.ru
link.alfabank.ru
nalog.alfabank.ru
zp.alfabank.ru
private.auth.alfabank.ru
store.alfabank.ru
private.auth.alfabank.ru
alfabank.ru
welcome.alfabank.ru
scf.alfabank.ru
club.alfabank.ru
usability.alfabank.ru
private.auth.alfabank.ru
link.alfabank.ru
digp.alfabank.ru
rko.alfabank.ru
alfapartners.alfabank.ru
megaplan.alfabank.ru
alfainvest.alfabank.ru
guarantees.alfabank.ru
click.alfabank.ru
digp.alfabank.ru
pay2.alfabank.ru
traveler2.alfabank.ru
ipoteka.alfabank.ru
testamcalls.alfabank.ru
abm.alfabank.ru
learn.alfabank.ru
alfabank.ru
atv.alfabank.ru
online.alfabank.ru
kassa.alfabank.ru
pay.alfabank.ru
online.alfabank.ru
baas.alfabank.ru
metrics.alfabank.ru
pilots.alfabank.ru
alfapartners.alfabank.ru
my.alfabank.ru
push.alfabank.ru
api.alfabank.ru
pay2.alfabank.ru
partner.alfabank.ru

Certificate

The complete raw certificate details for welcome.alfabank.ru in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIMTirkCcfoi7oYHHtMMA0GCSqGSIb3DQEBCwUAMFAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1H
bG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yMjEyMTEwOTE2MDFaFw0y
NDAxMTIwOTE2MDBaMGQxCzAJBgNVBAYTAlJVMQ8wDQYDVQQIEwZNb3Njb3cxDzAN
BgNVBAcTBk1vc2NvdzEVMBMGA1UEChMMQU8gQUxGQS1CQU5LMRwwGgYDVQQDExN3
ZWxjb21lLmFsZmFiYW5rLnJ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs3RIsbLS4UFbiyDyf6TlNPuKrta4I0uV6i7bgLD78x7NKcIFLv3aFzd/EV2j
1eUT5OZfNcy/i7IKakii+SuEvi747kWCEbWFQt3TmfYj5pg+rJjeOUgoDAFeOwta
L8Rq5orgZtR6ZnanxUZMot7P6NhJzRgbobMDLBhTF1kGTX4/7dsH2BKMjx3g6C23
U2rvzuJF0PnWK9BPHqztq9MkNlUsiWuS3s6Z5SATBLzvWdQF8P4hvdbsSq0yn3QR
3cG0QvFDxMXUtjB208FT0tHT9jt8NQavLpzgSCXRQOOKdl/3qzENOwo8k1krf1BG
wLy3x+oqkxylEr13t9+JwK2BJQIDAQABo4IBnDCCAZgwDgYDVR0PAQH/BAQDAgWg
MIGOBggrBgEFBQcBAQSBgTB/MEQGCCsGAQUFBzAChjhodHRwOi8vc2VjdXJlLmds
b2JhbHNpZ24uY29tL2NhY2VydC9nc3JzYW92c3NsY2EyMDE4LmNydDA3BggrBgEF
BQcwAYYraHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vZ3Nyc2FvdnNzbGNhMjAx
ODBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUFBwIBFiZodHRwczov
L3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwCQYDVR0T
BAIwADAeBgNVHREEFzAVghN3ZWxjb21lLmFsZmFiYW5rLnJ1MB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBT473/yzXhnqN5vjySNiPGH
AwKz6zAdBgNVHQ4EFgQUh5RbY3uVQ/K9eKwE2RSGJu/XwXQwEwYKKwYBBAHWeQIE
AwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBADpti2Czco/66LmtP+x45SURolI3
k+nDfZyd5A9jqEy2JQg2H4/TurLfLoWLOSJmm25RbbCHJzMotl0MmWtNqfIVliD5
koQYUrwxUnvkoV3rn39MwptwKXIjQEqG5ZsyiqeZbRZ8qy+R6lhX+dw/yw6fOkoP
Uh5e+Bwye9A37Z8VVXGn0bp6uu8RjSkyF688dwMucinAM7MEUWpSEl38abVOJfHR
aGM2sfJV+fz6pSs92+9hRcPumrnuw9xpTM+8NY8DKqOUXmWBxOm9K3LIOHmfOlpk
dHnrovBZ6tMY0hKoLVACRsEJsbQfGIpbP7LZSdg9pS+HQlJndyI1q4vgn3c=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3RIsbLS4UFbiyDyf6Tl
NPuKrta4I0uV6i7bgLD78x7NKcIFLv3aFzd/EV2j1eUT5OZfNcy/i7IKakii+SuE
vi747kWCEbWFQt3TmfYj5pg+rJjeOUgoDAFeOwtaL8Rq5orgZtR6ZnanxUZMot7P
6NhJzRgbobMDLBhTF1kGTX4/7dsH2BKMjx3g6C23U2rvzuJF0PnWK9BPHqztq9Mk
NlUsiWuS3s6Z5SATBLzvWdQF8P4hvdbsSq0yn3QR3cG0QvFDxMXUtjB208FT0tHT
9jt8NQavLpzgSCXRQOOKdl/3qzENOwo8k1krf1BGwLy3x+oqkxylEr13t9+JwK2B
JQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 24191682530472437767894498124
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign RSA OV SSL CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-12-11 09:16:01 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-12 09:16:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'RU'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Moscow'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Moscow'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'AO ALFA-BANK'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'welcome.alfabank.ru'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22653998347479192959450453338005038887074888403602800914306232982434434584150676032502703341131962529476500802389292850902735442667432795125232040753765901541098365178176788150751060759367498388356759611825867200361592482487925445983327553189992160788512851650376272962922632268412894345211196832724480342376410319212328719630604345506051394377338335708061157026614128181200164698984633000460535153661583103027814860115970883428598743181949731025615440987499501517206686102262666328455561953693321827803478812645875808565970110848999053665750019675322841130316800875285711245217883786568357136097798601196729740919077
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (129 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.globalsign.com/gsrsaovsslca2018'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (23 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'welcome.alfabank.ru'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f8ef7ff2cd7867a8de6f8f248d88f1870302b3eb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							87945b637b9543f2bd78ac04d9148626efd7c174
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003a6d8b60b3728ffae8b9ad3fec78e52511a2523793e9c37d9c9de40f63a84cb62508361f8fd3bab2df2e858b3922669b6e516db087273328b65d0c996b4da9f2159620f992841852bc31527be4a15deb9f7f4cc29b70297223404a86e59b328aa7996d167cab2f91ea5857f9dc3fcb0e9f3a4a0f521e5ef81c327bd037ed9f155571a7d1ba7abaef118d293217af3c77032e7229c033b304516a52125dfc69b54e25f1d1686336b1f255f9fcfaa52b3ddbef6145c3ee9ab9eec3dc694ccfbc358f032aa3945e6581c4e9bd2b72c838799f3a5a647479eba2f059ead318d212a82d500246c109b1b41f188a5b3fb2d949d83da52f87425267772235ab8be09f77