insights.nuodb.com

Issued by Amazon

About this certificate

This digital certificate with serial number 05:e4:07:65:93:d5:e1:3a:64:12:ed:80:51:3c:4a:c0 was issued on by Amazon.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=insights.nuodb.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 05:e4:07:65:93:d5:e1:3a:64:12:ed:80:51:3c:4a:c0
Serial Number (int): 7830133687335020819111583193992284864
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 79:f8:39:e5:df:1e:bb:82:07:0c:0b:b7:cc:f4:a9:9f:6a:3d:c2:17
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 13:3d:26:a6:38:68:bb:97:a6:28:a2:30:0b:3b:60:eb:f8:c4:dc:29
Fingerprint (sha256): 03:ef:b2:3b:3a:44:ae:3b:f1:a1:d3:ae:49:1f:dc:fe:a9:f3:38:6d:27:ca:2b:57:b3:2d:c3:7b:20:aa:2f:7a

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate insights.nuodb.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for insights.nuodb.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

insights.nuodb.com

Other certificates including the domain name nuodb.com

(limited to 100 certificates)
tracking.duckvideo.co
5649521866440704-fe3.pantheonsite.io
agency.ibex.co
5691127080419328-fe4.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
agency.ibex.co
5760744339537920-fe2.pantheonsite.io
agency.ibex.co
insights.nuodb.com
agency.ibex.co
agency.ibex.co
5760744339537920-fe2.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
app.nova.ai
5760744339537920-fe2.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
5691127080419328-fe4.pantheonsite.io
insights-test.nuodb.com
5649521866440704-fe3.pantheonsite.io
cheetah.apstra.com
discover.newswire.com
5760744339537920-fe2.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
5760744339537920-fe2.pantheonsite.io
insights-test.nuodb.com
5691127080419328-fe4.pantheonsite.io
5760744339537920-fe2.pantheonsite.io
insights-qa.nuodb.com
5716646702350336-fe3.pantheonsite.io
s.bbot.menu
5760744339537920-fe2.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
vpn.nuodb.com
5760744339537920-fe2.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
5760744339537920-fe2.pantheonsite.io
5760744339537920-fe2.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
5760744339537920-fe2.pantheonsite.io
5760744339537920-fe2.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
5691127080419328-fe4.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
agency.ibex.co
5649521866440704-fe3.pantheonsite.io
5760744339537920-fe2.pantheonsite.io
5760744339537920-fe2.pantheonsite.io
5691127080419328-fe4.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
nuodb.com
5649521866440704-fe3.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
sales.blueriveranalytics.com
5691127080419328-fe4.pantheonsite.io
agency.ibex.co
5716646702350336-fe3.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
support.nuodb.com
5649521866440704-fe3.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
5760744339537920-fe2.pantheonsite.io
5760744339537920-fe2.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
5760744339537920-fe2.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
*.internal.nuodb.com
5649521866440704-fe3.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
5649521866440704-fe3.pantheonsite.io
5691127080419328-fe4.pantheonsite.io
5760744339537920-fe2.pantheonsite.io
sales.decent.com
5649521866440704-fe3.pantheonsite.io
5760744339537920-fe2.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
support.nuodb.com
5649521866440704-fe3.pantheonsite.io
sales.xcelservicesgroup.net
5691127080419328-fe4.pantheonsite.io
redirect-prd-ssl6.itvpc.3ds.com
5649521866440704-fe3.pantheonsite.io
5716646702350336-fe3.pantheonsite.io
agency.ibex.co
5716646702350336-fe3.pantheonsite.io
support.nuodb.com

Certificate

The complete raw certificate details for insights.nuodb.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIQBeQHZZPV4TpkEu2AUTxKwDANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTEwMjAwMDAwMDBaFw0yMDExMjAx
MjAwMDBaMB0xGzAZBgNVBAMTEmluc2lnaHRzLm51b2RiLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAOM9WWQAq/cckZsiPW/nVQKqchyzWdlXp1g3
RDrDKMTz5nkaDmGKJSycbVZKsRJ83KamSVcRT8zhuZB3THz+5y7p8TJGLyMpUnbU
fX8PqB4Leon9AsUWao2cjRWEI2obkjM5+dvrF1mmjVxNSSm08vP7AspG8OQNGvLL
5J2q3K+GXj+M4+aftiaLFknXqwpLxAdAvAKyiqG1P1SXMs6Ig003veeKS+fUDuHE
8a6QdolyZdIJyJG9tUipa9w8q6HiycnGR8zbGWxxJXRI2MQlYsTmvY5GFLRKh6It
hbcK9Y5qZocjNLC7UkN6mgG8982Ax+HsvdPw/dTxVzBUZpl91kECAwEAAaOCAn0w
ggJ5MB8GA1UdIwQYMBaAFFmkZgZSoHuVkjyjlAcnlnRb+T3QMB0GA1UdDgQWBBR5
+Dnl3x67ggcMC7fM9Kmfaj3CFzAdBgNVHREEFjAUghJpbnNpZ2h0cy5udW9kYi5j
b20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnNjYTFiLmFtYXpvbnRydXN0
LmNvbS9zY2ExYi5jcmwwIAYDVR0gBBkwFzALBglghkgBhv1sAQIwCAYGZ4EMAQIB
MHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Auc2NhMWIu
YW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LnNjYTFiLmFt
YXpvbnRydXN0LmNvbS9zY2ExYi5jcnQwDAYDVR0TAQH/BAIwADCCAQMGCisGAQQB
1nkCBAIEgfQEgfEA7wB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGF
AAABbebuC+kAAAQDAEcwRQIhAJxYackXs6sGTr9XLoa6fRxWwBZQrrqI5jKeN1vF
ygpzAiBxhvNLzM9jgqKsFSNB2dp9eJENgWMxmAndtejyS/QEjgB1AId1v+dZfPiM
Q5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABbebuDBkAAAQDAEYwRAIgKasmV4ex
pjncVXQSdlBhwt8Z663mhELD9vy5K43d4JUCIFW41yjhlJhsBoX69sz0dgPMfDal
Cl+5zxGwGqPIIyeyMA0GCSqGSIb3DQEBCwUAA4IBAQAoTMddICUqIgXtvASVrk0s
WZAfLicAxieusgvNHD30C87abuot7Tt01lDXnTvs0ZFWGl9FqyI2tx8Z/0ZsjjWt
C7dvoP1MXhxAlyeayvulyUgRmZnmhxfjqqV6et6XPnAyOm2JA4ILF0lXKmVytZ5L
YfR+ztoV1W3LyfmK0ZLs43zVnV6w3duVnVHu1OwajeLm9Elz5C9NkNT6kMGI/hCh
OcSOJKnCe7uZIodQpjuHNO/YnGSJ6uSPcPlkMhGeB266yz/moSjcMLnVwEI8T4R/
vswnauQ7nxVLKzuis/TWYYQi7uR2gRbIUp6lXWNIkiYXODBKG40fT+3QwHN/TJbd
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4z1ZZACr9xyRmyI9b+dV
AqpyHLNZ2VenWDdEOsMoxPPmeRoOYYolLJxtVkqxEnzcpqZJVxFPzOG5kHdMfP7n
LunxMkYvIylSdtR9fw+oHgt6if0CxRZqjZyNFYQjahuSMzn52+sXWaaNXE1JKbTy
8/sCykbw5A0a8svknarcr4ZeP4zj5p+2JosWSderCkvEB0C8ArKKobU/VJcyzoiD
TTe954pL59QO4cTxrpB2iXJl0gnIkb21SKlr3DyroeLJycZHzNsZbHEldEjYxCVi
xOa9jkYUtEqHoi2Ftwr1jmpmhyM0sLtSQ3qaAbz3zYDH4ey90/D91PFXMFRmmX3W
QQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 7830133687335020819111583193992284864
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-20 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-11-20 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'insights.nuodb.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28686347636545547760057015978930185802041583986719013302751827149541273740898157196126558761758847558941079225978138580996680696208724425952386278686392226445711182269147687695936113145184365131974060035177541756448538585373267217277245210309969567967450974353545987954124085832145878716144113581207260868725289106547045260980908809607403466919817891722417866584067884148534740920035153590424850001598370676956710564038894224852354470995344018066692436482413384404307785491328675546484372916700298277687900586037132411127912200227759585992661489811476725810362967077444897013025101274603492229014881530877653307741761
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							79f839e5df1ebb82070c0bb7ccf4a99f6a3dc217
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'insights.nuodb.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016de6ee0be900000403004730450221009c5869c917b3ab064ebf572e86ba7d1c56c01650aeba88e6329e375bc5ca0a7302207186f34bcccf6382a2ac152341d9da7d78910d8163319809ddb5e8f24bf4048e0075008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016de6ee0c190000040300463044022029ab265787b1a639dc557412765061c2df19ebade68442c3f6fcb92b8ddde095022055b8d728e194986c0685faf6ccf47603cc7c36a50a5fb9cf11b01aa3c82327b2
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00284cc75d20252a2205edbc0495ae4d2c59901f2e2700c627aeb20bcd1c3df40bceda6eea2ded3b74d650d79d3becd191561a5f45ab2236b71f19ff466c8e35ad0bb76fa0fd4c5e1c4097279acafba5c948119999e68717e3aaa57a7ade973e70323a6d8903820b1749572a6572b59e4b61f47eceda15d56dcbc9f98ad192ece37cd59d5eb0dddb959d51eed4ec1a8de2e6f44973e42f4d90d4fa90c188fe10a139c48e24a9c27bbb99228750a63b8734efd89c6489eae48f70f96432119e076ebacb3fe6a128dc30b9d5c0423c4f847fbecc276ae43b9f154b2b3ba2b3f4d6618422eee4768116c8529ea55d634892261738304a1b8d1f4fedd0c0737f4c96dd