screening.discovery.com

Issued by Amazon RSA 2048 M03

About this certificate

This digital certificate with serial number 0b:5c:87:41:33:ee:0f:89:c0:a2:4e:88:63:ff:a2:61 was issued on by Amazon.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=screening.discovery.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0b:5c:87:41:33:ee:0f:89:c0:a2:4e:88:63:ff:a2:61
Serial Number (int): 15101942555817868368994664525292610145
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 9b:90:60:19:78:d5:8f:65:40:2d:f3:30:89:70:96:23:70:1a:a0:e7
AuthorityKeyId: 55:d9:18:5f:d2:1c:cc:01:e1:58:b4:be:ab:d9:55:42:01:d7:2e:02

Fingerprint (sha1): b5:8e:57:6f:1f:d9:6c:dc:45:3b:c7:1c:57:6a:20:99:57:74:af:48
Fingerprint (sha256): 03:ee:90:6b:9b:77:c6:9c:47:07:c3:27:4d:be:93:4c:7c:7d:26:cd:98:d4:3f:1d:3b:64:01:30:8f:32:7b:ea

Issuing Certificate URL: http://crt.r2m03.amazontrust.com/r2m03.cer

Revocation information

OCSP Server: http://ocsp.r2m03.amazontrust.com
CRL Distribution Point: http://crl.r2m03.amazontrust.com/r2m03.crl

Check the revocation status for certificate screening.discovery.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for screening.discovery.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

screening.discovery.com

Other certificates including the domain name discovery.com

(limited to 100 certificates)
tvlistings-qa.discovery.com
insider.discovery.com
indiamail.discovery.com
*.disco-api.com
*.discovery.com
passwordsafe-dev.discovery.com
*.nw.discovery.com
email.discovery.com
AWUZAPONARPRO01.dci.discovery.com
*.infra.discovery.com
iasm.discovery.com
adsalesdesign.discovery.com
deliver-qa.discovery.com
blacklineqa1.discovery.com
*.qa2.sauce.digitalstudios.discovery.com
creaapcps01.discovery.com
dev-momentum.discovery.com
insider.discovery.com
adsalesdesign.discovery.com
lnmail1.discovery.com
ir.corporate.discovery.com
japan.discovery.com
dtag-jsreport.devops.discovery.com
discovery.com
lync2013.dci.discovery.com
woody.discovery.com
auth.discovery.com
MUMAAPLYNCSBC02.dci.discovery.com
www.mexico.discovery.com
access.discovery.com
sapsanprd.discovery.com
hybridmail.discovery.com
corporate.discovery.com
*.sauce.digitalstudios.discovery.com
screening.discovery.com
dads.discovery.com
oktaadmin.discovery.com
remote.discovery.com
securestore.discovery.com
lnmail1.discovery.com
ssa.discovery.com
*.dev.discovery.com
adsalesdesign.discovery.com
store.discovery.com
cxoqa.discovery.com
inlet.discovery.com
images.dds.discovery.com
www.adsalesevents.discovery.com
api.digitalstudios.discovery.com
tlssyslog.discovery.com
org.discovery.com
games.discovery.com
leapfrog-ssl-4.gcs-web.com
citrix-director.discovery.com
edgepool2013.discovery.com
insider.discovery.com
deliver-uat.discovery.com
gohelp.discovery.com
*.bcqa.discovery.com
hrmobileinboxsba.discovery.com
www.food.com
dgoauth-qa.discovery.com
cloud-qa.discovery.com
access.discovery.com
*.discovery.com
entrada.discovery.com
lync2013.dci.discovery.com
soundfx.discovery.com
*.videogo.sauce.digitalstudios.discovery.com
straapiptv.discovery.com
lync2013.dci.discovery.com
strrapotxt01.discovery.com
*.prod.discovery.com
discovery.com
blacklineqa1.discovery.com
people.discovery.com
preprod.projectcat.discovery.com
gohelp.discovery.com
dtag-api.devops.discovery.com
tkyzaplyncsba01.dci.discovery.com
strzadtraps01.dci.discovery.com
insider.discovery.com
www.consumerproducts.discovery.com
CXO.discovery.com
*.disco-api.com
linkit-stage.dci.discovery.com
gohelp.discovery.com
lnmail5.discovery.com
www.adsalesevents.discovery.com
auth.discovery.com
epak.discovery.com
gohelp.discovery.com
www.food.com
bk.inotes.discovery.com
*.nw.discovery.com
photoassets.discovery.com
leapfrog-ssl-4.gcs-web.com
access.discovery.com
discovery.com
KTCZIPWRKSFT01.dci.discovery.com

Certificate

The complete raw certificate details for screening.discovery.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF2zCCBMOgAwIBAgIQC1yHQTPuD4nAok6IY/+iYTANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAzMB4XDTIzMTAwMTAwMDAwMFoXDTI0MTAyOTIzNTk1OVowIjEg
MB4GA1UEAxMXc2NyZWVuaW5nLmRpc2NvdmVyeS5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC0vSPDPyBvbx4vKt2hy0dWtKZtCAPEKyAHFoIIiQxr
QTnadpxSDDxR4gr6729rFHVw4nz19x6AEYtxHaTU1K9x4zAV+G2djQHwDVFXuWVh
71saTUUhFmX8oGv4gCRCCdm6uLzJ115488IST1hpnqfHInl3zVcAzMfKAcI8zoMp
aKU4G5tiUCxvX7Y/cxOiOUUz7TQlgt84RSP2XnDYU+9urK7w3pqnmgu9whImyKXH
2JZTdPh4OIJTfSFcPJfNkxc1SeAFv5lBZU+ZmMrEzwqM3KqCCgYsJV1KACl5RXIQ
Uh7QgEsRiR3GX/V0q5H5rDVKLjgTLSb+pEW44+M7D7ANAgMBAAGjggLxMIIC7TAf
BgNVHSMEGDAWgBRV2Rhf0hzMAeFYtL6r2VVCAdcuAjAdBgNVHQ4EFgQUm5BgGXjV
j2VALfMwiXCWI3AaoOcwIgYDVR0RBBswGYIXc2NyZWVuaW5nLmRpc2NvdmVyeS5j
b20wEwYDVR0gBAwwCjAIBgZngQwBAgEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8v
Y3JsLnIybTAzLmFtYXpvbnRydXN0LmNvbS9yMm0wMy5jcmwwdQYIKwYBBQUHAQEE
aTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5yMm0wMy5hbWF6b250cnVzdC5j
b20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQucjJtMDMuYW1hem9udHJ1c3QuY29t
L3IybTAzLmNlcjAMBgNVHRMBAf8EAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFr
AWkAdwB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYrpykXiAAAE
AwBIMEYCIQD+P77ubExWstwslPqn92V151qfusIS//6XEaARYOn4mAIhAMbrXdO7
++9U2yKiRIhkcTOsyAIaTBteRHjFzeKR7xnMAHYASLDja9qmRzQP5WoC+p0w6xxS
ActW3SyB2bu/qznYhHMAAAGK6cpGAgAABAMARzBFAiBPh2CarojvJfEhZh6efWjb
kQn6ORL7LWE2tCjEXUSwWgIhAP+HVXMJJ3EQZ6ayv0/kMOLdEmTXAgFpS9TIHbHH
pQeuAHYA2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGK6cpF1AAA
BAMARzBFAiEAx4iAG34uuQyQ4DxkF2o6wlOrC+USapH/RIn5+2H0siYCIFgHelyl
+P/5FT6nktrTgHQEhaew8OC2zHyJaK1HFQrNMA0GCSqGSIb3DQEBCwUAA4IBAQCw
eryIjBPI2zM1qCGWArYVH2sNzsISh0iJOQl/U1yUwwCXpldLGs8YAsVcs1Xkn1Gy
TY2L8bdlIQRL7cuoeDzSwV9WZUwXFfiWnFzsoqfIXFzEfY3Qgtb8zfml+y43UL6m
xAcFOJ53pTdh2vwZopJsOSRSmw5GnX5KdtIyMh8TB2ack6OeTOSndpdPH9DhzwGt
3/I6e/afQQTWTMX1JLA0gEXb5aXzeID93TWmXzaMVWV3rEhmGePli9V9/Ub1zkew
pN+DI7eAHGWatJ55FHaZ2zp48EYKlj7TFavz/ThRAMuDCrCUtmdGiqUXRwqU0Bnp
xRlCwW812FTYppzJwsi0
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtL0jwz8gb28eLyrdoctH
VrSmbQgDxCsgBxaCCIkMa0E52nacUgw8UeIK+u9vaxR1cOJ89fcegBGLcR2k1NSv
ceMwFfhtnY0B8A1RV7llYe9bGk1FIRZl/KBr+IAkQgnZuri8yddeePPCEk9YaZ6n
xyJ5d81XAMzHygHCPM6DKWilOBubYlAsb1+2P3MTojlFM+00JYLfOEUj9l5w2FPv
bqyu8N6ap5oLvcISJsilx9iWU3T4eDiCU30hXDyXzZMXNUngBb+ZQWVPmZjKxM8K
jNyqggoGLCVdSgApeUVyEFIe0IBLEYkdxl/1dKuR+aw1Si44Ey0m/qRFuOPjOw+w
DQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15101942555817868368994664525292610145
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M03'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-01 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-29 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'screening.discovery.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22816163155118470405337699455977842364530963761914583229822854973558460061697263264966227744202429093594149110605532861330669187374212241871219651549739993229748920208246925463383106888717427840092774605601418677149789939890517991446103946914239578701332722943050265389916956043811794606308307443292200531148624729463887215512809836586638305532908225737049752715814720209111422805741094890709453012152027393532276794197363023692230509935917448270102238489038886875933502998634819403288664255311445226598266982985138768310674495049943563556317453817981006163267816156679729481122517175113251086049341455135819674136589
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 55d9185fd21ccc01e158b4beabd9554201d72e02
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							9b90601978d58f65402df33089709623701aa0e7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (27 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'screening.discovery.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m03.amazontrust.com/r2m03.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m03.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m03.amazontrust.com/r2m03.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							016900770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018ae9ca45e20000040300483046022100fe3fbeee6c4c56b2dc2c94faa7f76575e75a9fbac212fffe9711a01160e9f898022100c6eb5dd3bbfbef54db22a24488647133acc8021a4c1b5e4478c5cde291ef19cc00760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018ae9ca4602000004030047304502204f87609aae88ef25f121661e9e7d68db9109fa3912fb2d6136b428c45d44b05a022100ff8755730927711067a6b2bf4fe430e2dd1264d70201694bd4c81db1c7a507ae007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018ae9ca45d40000040300473045022100c788801b7e2eb90c90e03c64176a3ac253ab0be5126a91ff4489f9fb61f4b226022058077a5ca5f8fff9153ea792dad380740485a7b0f0e0b6cc7c8968ad47150acd
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b07abc888c13c8db3335a8219602b6151f6b0dcec21287488939097f535c94c30097a6574b1acf1802c55cb355e49f51b24d8d8bf1b76521044bedcba8783cd2c15f56654c1715f8969c5ceca2a7c85c5cc47d8dd082d6fccdf9a5fb2e3750bea6c40705389e77a53761dafc19a2926c3924529b0e469d7e4a76d232321f1307669c93a39e4ce4a776974f1fd0e1cf01addff23a7bf69f4104d64cc5f524b0348045dbe5a5f37880fddd35a65f368c556577ac486619e3e58bd57dfd46f5ce47b0a4df8323b7801c659ab49e79147699db3a78f0460a963ed315abf3fd385100cb830ab094b667468aa517470a94d019e9c51942c16f35d854d8a69cc9c2c8b4