artifactscan.us-1.cloudone.trendmicro.com

Issued by Amazon RSA 2048 M01

About this certificate

This digital certificate with serial number 0a:e6:19:64:8b:95:45:04:d4:f3:f6:7f:62:35:e0:65 was issued on by Amazon.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=artifactscan.us-1.cloudone.trendmicro.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0a:e6:19:64:8b:95:45:04:d4:f3:f6:7f:62:35:e0:65
Serial Number (int): 14487023261567384046503160776685379685
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 64:bc:8b:9c:96:61:35:d3:fb:e4:f0:30:20:8f:88:2c:a9:31:0f:fd
AuthorityKeyId: 81:b8:0e:63:8a:89:12:18:e5:fa:3b:3b:50:95:9f:e6:e5:90:13:85

Fingerprint (sha1): ea:b9:6c:64:e7:fc:20:bb:74:e2:58:e5:b7:81:fa:2d:8d:08:25:58
Fingerprint (sha256): 03:9d:54:3f:c3:e7:55:4a:29:98:00:c8:ef:7c:fc:d9:d5:0b:0b:39:8d:32:59:26:7f:3f:9b:11:91:51:30:fb

Issuing Certificate URL: http://crt.r2m01.amazontrust.com/r2m01.cer

Revocation information

OCSP Server: http://ocsp.r2m01.amazontrust.com
CRL Distribution Point: http://crl.r2m01.amazontrust.com/r2m01.crl

Check the revocation status for certificate artifactscan.us-1.cloudone.trendmicro.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for artifactscan.us-1.cloudone.trendmicro.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

artifactscan.us-1.cloudone.trendmicro.com

Other certificates including the domain name trendmicro.com

(limited to 100 certificates)
sec-adv.trendmicro.com
sls-xdrrxrs131test.dev-us-east-2.parsley.trendmicro.com
*.storage.trendmicro.com
*.trendmicro.com
tmx.trendmicro.com
int.sspm.trendmicro.com
prdu-selectsupportemea.trendmicro.com
vanity3.lithium.com
sam.trendmicro.com
*.trendmicro.com
*.etdl.trendmicro.com
xdr.nacloud.trendmicro.com
filestorage.sg-1.dev-cloudone.trendmicro.com
*.eks.trendmicro.com
file-uk.trendmicro.com
sec-adv-admin.trendmicro.com
twcommercial01.jenkinsci.trendmicro.com
vanity7.jiveon.com
*.p1rd1.sps-endpoint-beta.trendmicro.com
newsletters.trendmicro.com
p225b2.dev-us-east-2.parsley.trendmicro.com
renewonlinestg.trendmicro.com
audit.trend-us-1.cloudone.trendmicro.com
devops-jenkins-pci.luwak.trendmicro.com
doctorlevel.trendmicro.com
www.trendmicro.com
misp.research.trendmicro.com
*.prod-eu-central-1.wfxdr.trendmicro.com
stg.fbbot.tmcc.csoc.trendmicro.com
vault-stg.trendmicro.com
liberalapi-tmp.sdi.trendnet.org
tableau-consumer.trendmicro.com
documents.trendmicro.com
*.trendmicro.com
iotserver-staging.trendmicro.com
newsroom.trendmicro.com
*.iws.trendmicro.com
*.osscan.trendmicro.com
*.alpha.consumervpn.trendmicro.com
tmpn.trendmicro.com
*.auth.trendmicro.com
intsearch.trendmicro.com
vanity4.lithium.com
ocm-it.br.secops.trendmicro.com
*.dc1.beta.storage.trendmicro.com
trendeorders-emea-staging.trendmicro.com
*.giss.trendmicro.com
doctorone.baplsstage.trendmicro.com
*.appletuner.trendmicro.com
cloudresources.jp-1.cloudone.trendmicro.com
dashboard.app-protect.trendmicro.com
*.giss.trendmicro.com
*.login-stg.trendmicro.com
projects.us-1.cloudone.trendmicro.com
tmcc.trendmicro.com
accounts.trend-us-1.dev-cloudone.trendmicro.com
licenseupdate2.trendmicro.com
sdl-int.visionone.trendmicro.com
au-phase.activeupdate.trendmicro.com
sls-xdrrp190b8.dev-us-east-1.parsley.trendmicro.com
premiumservices.trendmicro.com
*.manage.trendmicro.com
cloudaccounts-ui-us.xdr.trendmicro.com
api.securityportal-stg.trendmicro.com
*.beta.consumervpn.trendmicro.com
go2.trendmicro.com
gpt-playground-plugin-jp.trendmicro.com
*.jarvis.trendmicro.com
projects.au-1.dev-cloudone.trendmicro.com
*.consumervpn.trendmicro.com
*.trendmicro.com
conformity.us-1.staging-cloudone.trendmicro.com
sslauto.itdev.trendmicro.com
dispatch01.trendmicro.com
iamservice.trendmicro.com
event-forwarder.ca-1.cloudone.trendmicro.com
siteseal01.trendmicro.com
cloudaccounts.in-1.cloudone.trendmicro.com
*.ml-tool.trendmicro.com
us.imhs-ws.trendmicro.com
*.trendmicro.com
corpit-dispatch.trendmicro.com
deepsecurity.trendmicro.com
artifactscan.us-1.cloudone.trendmicro.com
*.trendmicro.com
*.p1qa2.sps-endpoint-beta.trendmicro.com
*.isday.trendmicro.com
*.devhw.sps-endpoint-beta.trendmicro.com
drilsnr.trendmicro.com
workload.us-1.cloudone.trendmicro.com
jr.trendmicro.com
*.wfbs-svc.trendmicro.com
*.test.giss.trendmicro.com
rule.tip.trendmicro.com
*.giss.trendmicro.com
mcs.trendmicro.com
mktdatamart.trendmicro.com
filestorage.ca-1.cloudone.trendmicro.com
tsm.dev-cloudone.trendmicro.com
*.trendmicro.com

Certificate

The complete raw certificate details for artifactscan.us-1.cloudone.trendmicro.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgIQCuYZZIuVRQTU8/Z/YjXgZTANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDUwMzAwMDAwMFoXDTI0MDYwMTIzNTk1OVowNDEy
MDAGA1UEAxMpYXJ0aWZhY3RzY2FuLnVzLTEuY2xvdWRvbmUudHJlbmRtaWNyby5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgZ4Al3JUCjdsT2/XV
wNTZdxsiOswE7ZcYS0CKMN59UrvTxACxYV6/6IXehZ1ElOzjvqSxN9FXu/7YHr4H
I41nyt3Iag8EbuWW+HFtBMoDUAmJSsCJefGmjb3dOJPCjd/TqK2IIz6+8ettMwbw
pxareLv0h4kz9LvPEqcntO/Zf/IgNZmlBAdaXHrUs672Pya5b7qtjn/o+JQwBcdU
kjnSZ795SvRhzSpYJgkm3WDPBhZF3pQXfJXYsjSJF5of3nwQiQ505AWFW3pSl1vx
Z4RuQNCsFElr6ST6tPUzNx2Tp1fwzNj3wdAQNoq8WfhI77lCuA66+Lkkx++bFBdG
bwetAgMBAAGjggMCMIIC/jAfBgNVHSMEGDAWgBSBuA5jiokSGOX6OztQlZ/m5ZAT
hTAdBgNVHQ4EFgQUZLyLnJZhNdP75PAwII+ILKkxD/0wNAYDVR0RBC0wK4IpYXJ0
aWZhY3RzY2FuLnVzLTEuY2xvdWRvbmUudHJlbmRtaWNyby5jb20wDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAy
MDCgLqAshipodHRwOi8vY3JsLnIybTAxLmFtYXpvbnRydXN0LmNvbS9yMm0wMS5j
cmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUF
BzABhiFodHRwOi8vb2NzcC5yMm0wMS5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUH
MAKGKmh0dHA6Ly9jcnQucjJtMDEuYW1hem9udHJ1c3QuY29tL3IybTAxLmNlcjAM
BgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgDuzdBk1dsa
zsVct520zROiModGfLzs3sNRSFlGcR+1mwAAAYffMm+uAAAEAwBHMEUCIQC+GtVq
zMD7jPCwfvqGQVvnQg0BdOsF1OuCMXpU6zvyVAIgTeHkHRXdZGSRuFPYy1S8f2tO
7E7jnz1o8rs8ZdElDD0AdwBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdy
tQAAAYffMm/+AAAEAwBIMEYCIQCW2U355yd9pXq3IA94vfRhfzHxCB0cxV2ksk2Q
d0zBrgIhALY8kT6GYMmYwcsMYwJ9BebjHoRdux6upu6CPz1J8fQkAHUASLDja9qm
RzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGH3zJvxwAABAMARjBEAiAsoi2Z
25wt1zXkTygSrB2ugqsLJjpUyFZXSqcAAHRHAwIgSd80cIhi0U1hTW4SnfkUl4XH
1WfUQh+IYnwhOxHGsOIwDQYJKoZIhvcNAQELBQADggEBAIWJKa8niSfS8rz1mUB1
5JwGPZZRal5Y+NF6x7hcA3RuUg33ylLhoBijKBRGneBAuzPdr1PaAm4EKsmLVo4G
JZCbwkkQaVwyTZhPIES2AUANBGO2xtuQ3ezwCD9jvvj3TZ8mNztkkxEbqPxmS+Vk
r+YnWyaEc/0/13Z2rbov8ZahaXhrcHF97sVj0o2HLeU671xVForRmixw7HFQZSVx
x1+BNJdU081E1kG5lUw8XaJbUxmEAqvvbNt5NXbBHVgegJWEi3+aIqMu/jCBDeP1
AyfLY+ZJe3K4WhntHUSrjr/A7MRyYgcvf/2hQPgTRqipnzMLOe4QMenV7pIRtZtm
zOc=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGeAJdyVAo3bE9v11cDU
2XcbIjrMBO2XGEtAijDefVK708QAsWFev+iF3oWdRJTs476ksTfRV7v+2B6+ByON
Z8rdyGoPBG7llvhxbQTKA1AJiUrAiXnxpo293TiTwo3f06itiCM+vvHrbTMG8KcW
q3i79IeJM/S7zxKnJ7Tv2X/yIDWZpQQHWlx61LOu9j8muW+6rY5/6PiUMAXHVJI5
0me/eUr0Yc0qWCYJJt1gzwYWRd6UF3yV2LI0iReaH958EIkOdOQFhVt6Updb8WeE
bkDQrBRJa+kk+rT1Mzcdk6dX8MzY98HQEDaKvFn4SO+5QrgOuvi5JMfvmxQXRm8H
rQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 14487023261567384046503160776685379685
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M01'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-05-03 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-01 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'artifactscan.us-1.cloudone.trendmicro.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20249166831658239421962452256631578920294335514796002699297372884103298964093681324594502607947605024441988361362438960962092931457201298723735078785293295864152793861242688957665580477004350751170850836622913318280278033658465427289084470335622159227581695280732299556459981976122773985541404464909450977729832804762583086974728723461995091433650914476690538346332733858113450177332808037181716401443395426367142759194984630178948808539065253744120843260899596979029329981002603253553930307062136538344702379659436894605601424639793708825562453779157045775702397910603121769218896616812426650726060929749295211415469
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 81b80e638a891218e5fa3b3b50959fe6e5901385
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							64bc8b9c966135d3fbe4f030208f882ca9310ffd
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (45 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'artifactscan.us-1.cloudone.trendmicro.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m01.amazontrust.com/r2m01.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m01.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m01.amazontrust.com/r2m01.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b00000187df326fae0000040300473045022100be1ad56accc0fb8cf0b07efa86415be7420d0174eb05d4eb82317a54eb3bf25402204de1e41d15dd646491b853d8cb54bc7f6b4eec4ee39f3d68f2bb3c65d1250c3d00770073d99e891b4c9678a0207d479de6b2c61cd0515e71192a8c6b80107ac17772b500000187df326ffe000004030048304602210096d94df9e7277da57ab7200f78bdf4617f31f1081d1cc55da4b24d90774cc1ae022100b63c913e8660c998c1cb0c63027d05e6e31e845dbb1eaea6ee823f3d49f1f42400750048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d8847300000187df326fc7000004030046304402202ca22d99db9c2dd735e44f2812ac1dae82ab0b263a54c856574aa70000744703022049df34708862d14d614d6e129df9149785c7d567d4421f88627c213b11c6b0e2
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00858929af278927d2f2bcf5994075e49c063d96516a5e58f8d17ac7b85c03746e520df7ca52e1a018a32814469de040bb33ddaf53da026e042ac98b568e0625909bc24910695c324d984f2044b601400d0463b6c6db90ddecf0083f63bef8f74d9f26373b6493111ba8fc664be564afe6275b268473fd3fd77676adba2ff196a169786b70717deec563d28d872de53aef5c55168ad19a2c70ec7150652571c75f81349754d3cd44d641b9954c3c5da25b53198402abef6cdb793576c11d581e8095848b7f9a22a32efe30810de3f50327cb63e6497b72b85a19ed1d44ab8ebfc0ecc47262072f7ffda140f81346a8a99f330b39ee1031e9d5ee9211b59b66cce7