secure.services.ikea.com
Issued by R3
About this certificate
This digital certificate with serial number 03:7c:b3:0b:dc:9d:0d:ce:b2:f7:8f:8e:22:d6:a8:30:e4:38 was issued on by Let's Encrypt.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=secure.services.ikea.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:7c:b3:0b:dc:9d:0d:ce:b2:f7:8f:8e:22:d6:a8:30:e4:38Serial Number (int): 303769864694561260740785281479174706488376
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 82:70:ff:32:de:6c:65:89:7f:a5:2a:fa:a0:7a:b5:59:c9:02:b0:48
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): fc:34:c6:bb:a4:d9:be:4e:19:b4:c5:3f:ed:a4:eb:a7:78:f9:67:60
Fingerprint (sha256): 04:31:a7:f1:ea:45:e7:00:4a:36:e4:07:0b:50:18:45:f3:17:04:e4:6d:18:60:8f:e3:b7:df:45:56:61:72:2a
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate secure.services.ikea.com
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for secure.services.ikea.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
secure.services.ikea.com
Other certificates including the domain name ikea.com
(limited to 100 certificates)
ikea.com
optiva.food.inter.ikea.com
support.home-design.ikea.com
ja-int-jobs.about.ikea.com
ikea.com
sso.qa.journeys.ikea.com
*.credential-provider.dh3-2.nebula.ikea.com
sv-int-jobs.about.ikea.com
ikea.com
fr-jobs.about.ikea.com
prod.6.slot.cdn.salesforce-communities.com
secure06.stage.lithium.com
ikea.com
franchisor.ikea.com
en-int-jobs.about.ikea.com
gfutils.com
ikea.com
*.glinux.dh3-1.nebula.ikea.com
ikea.com
everyday.ikea.com
es-int-jobs.about.ikea.com
*.om-performancetest-lab1.dh2-2.nebula.ikea.com
franchisor.ikea.com
ikea.com
ikea.com
sso.journeys.ikea.com
hub01.api.ikea.com
no-jobs.about.ikea.com
ikea.com
remote.ap-northeast-2.api.homesmart.ikea.com
ikea.com
*.s3.eun.nebula.ikea.com
hubble.lab.nebula.ikea.com
lt-int-jobs.about.ikea.com
sl-jobs.about.ikea.com
review.symfonisk.ikea.com
publications-ca-fr.ikea.com
sts.ikea.com
ikea.com
eu-west-3.iot.homesmart.ikea.com
sr-jobs.about.ikea.com
isfabdp.ikea.com
*.servicemesh.dh3-1.nebula.ikea.com
filewave.ikea.com
ms-jobs.about.ikea.com
de-ch-jobs.about.ikea.com
ikea.com
www.highlights.ikea.com
filewave.ikea.com
checkout.ua.staging.ikea.com
prod.6.slot.cdn.salesforce-communities.com
ikea.com
dev.t.qr.ikea.com
ikea.com
formularios.ikea.com
sustainableliving.ikea.com
ikea.com
ikea.com
en-global-jobs.about.ikea.com
goto.ikea.com
en-jobs.about.ikea.com
ae.accounts.ikea.com
da-jobs.about.ikea.com
*.credential-provider.dc8-1.nebula.ikea.com
*.ikea.com
*.demo-table1.dc7-1.nebula.ikea.com
secure.services.ikea.com
no-int-jobs.about.ikea.com
api.analytics.homesmart.ikea.com
qr.ikea.com
sr-int-jobs.about.ikea.com
eu-central-1.iot.homesmart.ikea.com
hr-int-jobs.about.ikea.com
dnstrd.ikea.com
api.nebulademo.spitzer.dev.nebula.ikea.com
ru-int-jobs.about.ikea.com
publications-jo-ar.ikea.com
publications-ext.ikea.com
pam-iig.ikea.com
idam.inter.ikea.com
oos.insideworkspaces.ikea.com
ikea.com
ikea.com
ikea.com
ikea.com
ikeadt.com
ikea.com
akamai-san41.exacttarget.com
usinincontact.ikea.com
secure.services.ikea.com
ikea.com
publications-ua-uk.ikea.com
everyday.ikea.com
ar-jobs.about.ikea.com
goto.ikea.com
Mail15.ikea.com
rana03.ikea.com
franchisor.ikea.com
ikea.com
ikea.com
optiva.food.inter.ikea.com
support.home-design.ikea.com
ja-int-jobs.about.ikea.com
ikea.com
sso.qa.journeys.ikea.com
*.credential-provider.dh3-2.nebula.ikea.com
sv-int-jobs.about.ikea.com
ikea.com
fr-jobs.about.ikea.com
prod.6.slot.cdn.salesforce-communities.com
secure06.stage.lithium.com
ikea.com
franchisor.ikea.com
en-int-jobs.about.ikea.com
gfutils.com
ikea.com
*.glinux.dh3-1.nebula.ikea.com
ikea.com
everyday.ikea.com
es-int-jobs.about.ikea.com
*.om-performancetest-lab1.dh2-2.nebula.ikea.com
franchisor.ikea.com
ikea.com
ikea.com
sso.journeys.ikea.com
hub01.api.ikea.com
no-jobs.about.ikea.com
ikea.com
remote.ap-northeast-2.api.homesmart.ikea.com
ikea.com
*.s3.eun.nebula.ikea.com
hubble.lab.nebula.ikea.com
lt-int-jobs.about.ikea.com
sl-jobs.about.ikea.com
review.symfonisk.ikea.com
publications-ca-fr.ikea.com
sts.ikea.com
ikea.com
eu-west-3.iot.homesmart.ikea.com
sr-jobs.about.ikea.com
isfabdp.ikea.com
*.servicemesh.dh3-1.nebula.ikea.com
filewave.ikea.com
ms-jobs.about.ikea.com
de-ch-jobs.about.ikea.com
ikea.com
www.highlights.ikea.com
filewave.ikea.com
checkout.ua.staging.ikea.com
prod.6.slot.cdn.salesforce-communities.com
ikea.com
dev.t.qr.ikea.com
ikea.com
formularios.ikea.com
sustainableliving.ikea.com
ikea.com
ikea.com
en-global-jobs.about.ikea.com
goto.ikea.com
en-jobs.about.ikea.com
ae.accounts.ikea.com
da-jobs.about.ikea.com
*.credential-provider.dc8-1.nebula.ikea.com
*.ikea.com
*.demo-table1.dc7-1.nebula.ikea.com
secure.services.ikea.com
no-int-jobs.about.ikea.com
api.analytics.homesmart.ikea.com
qr.ikea.com
sr-int-jobs.about.ikea.com
eu-central-1.iot.homesmart.ikea.com
hr-int-jobs.about.ikea.com
dnstrd.ikea.com
api.nebulademo.spitzer.dev.nebula.ikea.com
ru-int-jobs.about.ikea.com
publications-jo-ar.ikea.com
publications-ext.ikea.com
pam-iig.ikea.com
idam.inter.ikea.com
oos.insideworkspaces.ikea.com
ikea.com
ikea.com
ikea.com
ikea.com
ikeadt.com
ikea.com
akamai-san41.exacttarget.com
usinincontact.ikea.com
secure.services.ikea.com
ikea.com
publications-ua-uk.ikea.com
everyday.ikea.com
ar-jobs.about.ikea.com
goto.ikea.com
Mail15.ikea.com
rana03.ikea.com
franchisor.ikea.com
ikea.com
ikea.com
Certificate
The complete raw certificate details for secure.services.ikea.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgISA3yzC9ydDc6y94+OItaoMOQ4MA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzExMDIwMDI5MDdaFw0yNDAxMzEwMDI5MDZaMCMxITAfBgNVBAMT GHNlY3VyZS5zZXJ2aWNlcy5pa2VhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKK6rtqSEpmyF/PeZg1EwtwrMhfAI5B8PEDiGjRNS6M3taeOuat/ wISyAYzCaWa5+e+UlQ3783Zg0pt013yYAjxhDEQG74ubLxnsdH1t1iTfwN3MU2ee bArdNjJ4VUGoDRZlH7xtR18akXd4piDPhyUQpw3sGyGi3i1qIs66w0MLhUsCeu8+ Bi7W5Z2s8Mwg/5TkusVpIIFmqeoVpi3Z4dMgJ+X8bX8k3pqYaF8Rbd/brgyvgYmM 3rmefWdb//zNb5eRxzTvU+RgV9SsBHYigy97Y45aHR57zupTZET2YOgDt9eEgt6u 6aKkXUb4PLbWFdWwynOYGiYLKDUngW420XMCAwEAAaOCAScwggEjMA4GA1UdDwEB /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/ BAIwADAdBgNVHQ4EFgQUgnD/Mt5sZYl/pSr6oHq1WckCsEgwHwYDVR0jBBgwFoAU FC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzAB hhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5p LmxlbmNyLm9yZy8wIwYDVR0RBBwwGoIYc2VjdXJlLnNlcnZpY2VzLmlrZWEuY29t MBMGA1UdIAQMMAowCAYGZ4EMAQIBMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqG SIb3DQEBCwUAA4IBAQBad6XgkwHYy2XxwScQuIZBqJteuGLWFM6KFsraVQAbjXIj d/71DLPR1C6+hr5Mc4vbxAf3Q9tVd4dLqzfuUPXw88TcDgjdFGCgJc75XBP6M7yR ceFYwJffMZASbx9G28h27lRa6YcD8MhiB+4xMmTUFRC33rgLqS7zyMuWtaI3Iq2+ eNOV95RJsti/w7pSuMSOtNNVV9OvUKPm85F17fX2AAz4bPaUnDGn9SCOpBC88o4k FQ4ojaSNItQTaiWRVfx9mUc2RoF2A1sTNBGFZk0hfGJXBf9sw+RoNDnOKxkcXAmo 9iG8IbVxdAbp08s495LIzwyhHH8E4KUQzqtaYrDJ -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorqu2pISmbIX895mDUTC 3CsyF8AjkHw8QOIaNE1Loze1p465q3/AhLIBjMJpZrn575SVDfvzdmDSm3TXfJgC PGEMRAbvi5svGex0fW3WJN/A3cxTZ55sCt02MnhVQagNFmUfvG1HXxqRd3imIM+H JRCnDewbIaLeLWoizrrDQwuFSwJ67z4GLtblnazwzCD/lOS6xWkggWap6hWmLdnh 0yAn5fxtfyTemphoXxFt39uuDK+BiYzeuZ59Z1v//M1vl5HHNO9T5GBX1KwEdiKD L3tjjlodHnvO6lNkRPZg6AO314SC3q7poqRdRvg8ttYV1bDKc5gaJgsoNSeBbjbR cwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 303769864694561260740785281479174706488376 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-02 00:29:07 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-31 00:29:06 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'secure.services.ikea.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20542662233961733106090167571933517748247643035386733822264804833701411573671268933491190585532738074439649626074723324299297462606988749577150988407028569804552144838163452123168849466426784646399424423864655356988141102753293239160346892408585808996547800103028161357605540580015806783151444749736990286431193179543339866278273962902200878256316533251620272802029018703907282747818176495263618098839486038836742112450997105349766630403294468152019679456720165244074787496284307370571381771710727054067400104392918308834501088833701297240751104432829958043577602492582465510000317690604615785157595822740545681674611 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 8270ff32de6c65897fa52afaa07ab559c902b048 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.services.ikea.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 005a77a5e09301d8cb65f1c12710b88641a89b5eb862d614ce8a16cada55001b8d722377fef50cb3d1d42ebe86be4c738bdbc407f743db5577874bab37ee50f5f0f3c4dc0e08dd1460a025cef95c13fa33bc9171e158c097df3190126f1f46dbc876ee545ae98703f0c86207ee313264d41510b7deb80ba92ef3c8cb96b5a23722adbe78d395f79449b2d8bfc3ba52b8c48eb4d35557d3af50a3e6f39175edf5f6000cf86cf6949c31a7f5208ea410bcf28e24150e288da48d22d4136a259155fc7d994736468176035b13341185664d217c625705ff6cc3e4683439ce2b191c5c09a8f621bc21b5717406e9d3cb38f792c8cf0ca11c7f04e0a510ceab5a62b0c9