ffaa-main.edge.bluestate.digital

Issued by Amazon

About this certificate

This digital certificate with serial number 02:5f:b5:2d:0f:4a:c7:2f:5a:3c:7b:98:b3:d5:7e:7c was issued on by Amazon.

With 17 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=ffaa-main.edge.bluestate.digital

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 02:5f:b5:2d:0f:4a:c7:2f:5a:3c:7b:98:b3:d5:7e:7c
Serial Number (int): 3155398879268890747160866405142068860
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 20:cb:ab:90:99:f5:be:c9:3e:d1:41:f0:40:92:d1:e6:df:f8:1e:de
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): da:10:91:e1:ee:da:88:6c:72:3a:c2:f9:92:c1:20:7e:b1:1c:89:b0
Fingerprint (sha256): 03:87:d5:3b:5b:c4:a8:29:28:60:fe:b7:59:f9:9d:fa:e6:b2:81:16:dc:07:80:9c:10:cb:e2:e7:11:67:94:cc

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate ffaa-main.edge.bluestate.digital

17

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ffaa-main.edge.bluestate.digital

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ffaa-main.edge.bluestate.digital
main-ffaa.bsd.net
secure.mayorslgbt.org
action.americacompetes.org
ffaa.bsd.net
action.mayorslgbt.org
main-ffaa.api.bsd.net
ffaa.api.bsd.net
main-ffaa.cp.bsd.net
secure.americacompetes.org
action.forallusa.org
act.4allusa.org
secure.mocompetes.org
ffaa.cp.bsd.net
ffaa.bluestatedigital.com
action.mocompetes.org
secure.forallusa.org

Other certificates including the domain name bluestate.digital

(limited to 100 certificates)
rockefeller-context.edge.bluestate.digital
biss-main.edge.bluestate.digital
dccc-stephaniemurphy.edge.bluestate.digital
deeds-main.edge.bluestate.digital
battletx-main.edge.bluestate.digital
inslee-main.edge.bluestate.digital
glsen-southernnevada.edge.bluestate.digital
commonwealth-main.edge.bluestate.digital
holdthehouse-main.edge.bluestate.digital
pocan-main.edge.bluestate.digital
lkitchen-sandbox.edge.bluestate.digital
ymcala-santaclarita.edge.bluestate.digital
jimhimes-main.edge.bluestate.digital
herding-main.edge.bluestate.digital
neademo-main.edge.bluestate.digital
haleystevens-main.edge.bluestate.digital
ctdems-main.edge.bluestate.digital
uchicago-main.edge.bluestate.digital
timesup-main.edge.bluestate.digital
forwardmaj-main.edge.bluestate.digital
stageplays-main.edge.bluestate.digital
madems-main.edge.bluestate.digital
commonwealth-main.edge.bluestate.digital
winpac-main.edge.bluestate.digital
precisiondemo-main.edge.bluestate.digital
mrosata-oa.int.edge.bluestate.digital
petersmi-main.edge.bluestate.digital
lebua-main.edge.bluestate.digital
northam-main.edge.bluestate.digital
test4-test4.edge.bluestate.digital
warren-gusn.edge.bluestate.digital
freemarry-georgia.edge.bluestate.digital
iowadems-main.edge.bluestate.digital
ccoons-main.edge.bluestate.digital
seiumaster-fightfor15childcare.edge.bluestate.digital
tonko-main.edge.bluestate.digital
chop-main.edge.bluestate.digital
mccready-main.edge.bluestate.digital
seodemo-main.edge.bluestate.digital
glsen-downeastmaine.edge.bluestate.digital
venturefund-main.edge.bluestate.digital
tnchk-main.edge.bluestate.digital
manning-main.edge.bluestate.digital
*.esse-macros-demo-project-docker.bluestate.digital
seiumaster-fightfor15.edge.bluestate.digital
horsford-main.edge.bluestate.digital
ditchfund-main.edge.bluestate.digital
betsy-main.edge.bluestate.digital
tomwolf-main.edge.bluestate.digital
bustos-main.edge.bluestate.digital
bsykes-main.edge.bluestate.digital
latinovictory-main.edge.bluestate.digital
glsen-austin.edge.bluestate.digital
google-main.edge.bluestate.digital
tulsi-main.edge.bluestate.digital
civicnation-bettermakeroom.edge.bluestate.digital
repgovernors-main.edge.bluestate.digital
stream-api-int.bluestate.digital
civicnation-allinchallenge.edge.bluestate.digital
brownley-main.edge.bluestate.digital
tuc-main.edge.bluestate.digital
bustos-main.edge.bluestate.digital
fairness-floridadecides.edge.bluestate.digital
vsinitiative-main.edge.bluestate.digital
guycaron-main.edge.bluestate.digital
mackler-main.edge.bluestate.digital
nwica-sandbox.edge.bluestate.digital
ourbodies-main.edge.bluestate.digital
economie-main.edge.bluestate.digital
mackler-main.edge.bluestate.digital
equalpac-main.edge.bluestate.digital
client-database-api-int.bluestate.digital
lonelywhale-main.edge.bluestate.digital
glsen-connecticut.edge.bluestate.digital
porter-main.edge.bluestate.digital
searchlondon-main.edge.bluestate.digital
glsen-columbus.edge.bluestate.digital
wagr-main.edge.bluestate.digital
businessfwd-main.edge.bluestate.digital
bsddemo2014-main.edge.bluestate.digital
crfb-main.edge.bluestate.digital
glsen-colliercounty.edge.bluestate.digital
freemarry-wyomingunites.edge.bluestate.digital
opportunity-main.edge.bluestate.digital
hubproject-peoplegreater.edge.bluestate.digital
*.bluestatedigital.com
court13-main.edge.bluestate.digital
test4-branch.edge.bluestate.digital
glsen-dallasglsen.edge.bluestate.digital
seiumaster-1199ne.edge.bluestate.digital
autoprov-api-int.bluestate.digital
papac-main.edge.bluestate.digital
nrdclive-main.edge.bluestate.digital
berimdemo-main.edge.bluestate.digital
ffaa-main.edge.bluestate.digital
framework-int.bluestate.digital
sinema-main.edge.bluestate.digital
warnerforva-main.edge.bluestate.digital
googlemiyagi-afen.edge.bluestate.digital
gwindham-main.edge.bluestate.digital

Certificate

The complete raw certificate details for ffaa-main.edge.bluestate.digital in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIQAl+1LQ9Kxy9aPHuYs9V+fDANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMDAzMDIwMDAwMDBaFw0yMTA0MDIx
MjAwMDBaMCsxKTAnBgNVBAMTIGZmYWEtbWFpbi5lZGdlLmJsdWVzdGF0ZS5kaWdp
dGFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+HQQ2NCdqsunNd0k
pxCXEf7yI2lPPu/JyC5k5UKc/GsHdk/ddgwppMiL/EtQlyavTURrc4+fZc3OPG0+
VWM12AhYfdwqXqVwa1lSVRURF4EKCwQ1GNV2QejfBa9KnAwVLWDpZzcyunTY6njm
TA4dUCldtqurit6w7r+pV0URbwhIm05nT/Af8wcOyVdgFsDwsUI4c7RaCmOoT+4B
8Qd3ksJMUw3qYNiJkqhCwPL7zWmg6HLXe55VrY77NtucaiefXqNDI8nHhpu0W6Dx
INQpxBV8271Uurq57kTg+uKOqMAGDaOeWZu1MmjlQ51qqTxFo0aSdcpwygjcyD6H
rI+iTwIDAQABo4IC/DCCAvgwHwYDVR0jBBgwFoAUWaRmBlKge5WSPKOUByeWdFv5
PdAwHQYDVR0OBBYEFCDLq5CZ9b7JPtFB8ECS0ebf+B7eMIIBjAYDVR0RBIIBgzCC
AX+CIGZmYWEtbWFpbi5lZGdlLmJsdWVzdGF0ZS5kaWdpdGFsghFtYWluLWZmYWEu
YnNkLm5ldIIVc2VjdXJlLm1heW9yc2xnYnQub3JnghphY3Rpb24uYW1lcmljYWNv
bXBldGVzLm9yZ4IMZmZhYS5ic2QubmV0ghVhY3Rpb24ubWF5b3JzbGdidC5vcmeC
FW1haW4tZmZhYS5hcGkuYnNkLm5ldIIQZmZhYS5hcGkuYnNkLm5ldIIUbWFpbi1m
ZmFhLmNwLmJzZC5uZXSCGnNlY3VyZS5hbWVyaWNhY29tcGV0ZXMub3JnghRhY3Rp
b24uZm9yYWxsdXNhLm9yZ4IPYWN0LjRhbGx1c2Eub3JnghVzZWN1cmUubW9jb21w
ZXRlcy5vcmeCD2ZmYWEuY3AuYnNkLm5ldIIZZmZhYS5ibHVlc3RhdGVkaWdpdGFs
LmNvbYIVYWN0aW9uLm1vY29tcGV0ZXMub3JnghRzZWN1cmUuZm9yYWxsdXNhLm9y
ZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1c3Qu
Y29tL3NjYTFiLmNybDAgBgNVHSAEGTAXMAsGCWCGSAGG/WwBAjAIBgZngQwBAgEw
dQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5zY2ExYi5h
bWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2NhMWIuYW1h
em9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8EAjAAMBMGCisGAQQB1nkC
BAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAm/h+iSj6jx6FNvG6S4KH+hgUU
fDJYdyxrRXUAYS+2fm6cHviY6gai08iMCgMuNZmptVdGmILt0p5r57prMbAQcIjv
9l+7qxaYInauXVCVOWx1/KzEP9N5d697ieCh/1K3ukYnP8WyKOFlzDbNFuoCanb4
z3zStm8QWQP0Gk+zel5owCahq5QL8K9FN3aXEzaGr0uWHXg66WgIdPPrHvuS0g8T
VwDNcTy0rAWoxyNIFcoWaBBRf89MNQ8uubXb0Lsss6ubyiAJOkIA3MPZ019eEYwo
reshkmsXUuewYAAE0V9A1pCsig7GFJkqy7VLzb79/2+Mq+80ADccf9R8C6KP
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+HQQ2NCdqsunNd0kpxCX
Ef7yI2lPPu/JyC5k5UKc/GsHdk/ddgwppMiL/EtQlyavTURrc4+fZc3OPG0+VWM1
2AhYfdwqXqVwa1lSVRURF4EKCwQ1GNV2QejfBa9KnAwVLWDpZzcyunTY6njmTA4d
UCldtqurit6w7r+pV0URbwhIm05nT/Af8wcOyVdgFsDwsUI4c7RaCmOoT+4B8Qd3
ksJMUw3qYNiJkqhCwPL7zWmg6HLXe55VrY77NtucaiefXqNDI8nHhpu0W6DxINQp
xBV8271Uurq57kTg+uKOqMAGDaOeWZu1MmjlQ51qqTxFo0aSdcpwygjcyD6HrI+i
TwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 3155398879268890747160866405142068860
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-02 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-04-02 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ffaa-main.edge.bluestate.digital'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 31364333814818719670547134787428133688947322246293877224002900668780107688051865751464647274071132039269774335032128826227873584063212840754137668846971709792367168886901654014328198265223155929701901395909984626362307356604518197792404187993275418751938988170579812681080912894442756184772178991775065789266220216986070781005569403917242947667661152481372263717325496930155091292492232127084948253977841898516765342112404018647228136673705309859747408177003473517766029031476629654415064398797630552364848960277209983399709114108045624491605977918534056931471501164186003335163735870774359017394278816065281388945999
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							20cbab9099f5bec93ed141f04092d1e6dff81ede
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (387 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ffaa-main.edge.bluestate.digital'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'main-ffaa.bsd.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.mayorslgbt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'action.americacompetes.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ffaa.bsd.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'action.mayorslgbt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'main-ffaa.api.bsd.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ffaa.api.bsd.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'main-ffaa.cp.bsd.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.americacompetes.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'action.forallusa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'act.4allusa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.mocompetes.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ffaa.cp.bsd.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ffaa.bluestatedigital.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'action.mocompetes.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.forallusa.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0026fe1fa24a3ea3c7a14dbc6e92e0a1fe8605147c3258772c6b457500612fb67e6e9c1ef898ea06a2d3c88c0a032e3599a9b557469882edd29e6be7ba6b31b0107088eff65fbbab16982276ae5d5095396c75fcacc43fd37977af7b89e0a1ff52b7ba46273fc5b228e165cc36cd16ea026a76f8cf7cd2b66f105903f41a4fb37a5e68c026a1ab940bf0af45377697133686af4b961d783ae9680874f3eb1efb92d20f135700cd713cb4ac05a8c7234815ca166810517fcf4c350f2eb9b5dbd0bb2cb3ab9bca20093a4200dcc3d9d35f5e118c28adeb21926b1752e7b0600004d15f40d690ac8a0ec614992acbb54bcdbefdff6f8cabef3400371c7fd47c0ba28f