benet.bertelsmann.com

Issued by RapidSSL SHA256 CA - G2

About this certificate

This digital certificate with serial number 37:e6:85:cb:41:ea:f8:39:1c:94:12:01:d4:bd:a4:d5 was issued on by GeoTrust Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

Certificate Subject

CN=benet.bertelsmann.com

GeoTrust Inc.

Organization: GeoTrust Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 37:e6:85:cb:41:ea:f8:39:1c:94:12:01:d4:bd:a4:d5
Serial Number (int): 74304481709828245912687026241120609493
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: 4c:f4:bf:e8:3b:be:c2:24:f3:1b:47:3b:b5:6e:48:8e:16:ab:af:12

Fingerprint (sha1): 94:f2:27:2a:63:31:9b:39:3e:e8:11:0f:0c:89:7c:39:db:f8:57:1c
Fingerprint (sha256): 04:cc:c6:7e:83:71:52:0e:b2:1b:8c:e9:6e:7a:9e:bf:56:e3:c8:31:dc:aa:83:5a:3a:f8:4f:38:a6:ec:80:71

Issuing Certificate URL: http://gs.symcb.com/gs.crt

Revocation information

OCSP Server: http://gs.symcd.com
CRL Distribution Point: http://gs.symcb.com/gs.crl

Check the revocation status for certificate benet.bertelsmann.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for benet.bertelsmann.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

benet.bertelsmann.com

Other certificates including the domain name bertelsmann.com

(limited to 100 certificates)
www.invoice.bertelsmann.com
benet.bertelsmann.com
www.benet.bertelsmann.com
www.benet.bertelsmann.com
bwise-test.bertelsmann.com
forward.bertelsmann.com
invoice-admin.bertelsmann.com
becash.bertelsmann.com
*.benet.bertelsmann.com
alumni.bertelsmann.com
www.bertelsmann.com
www.im.bertelsmann.com
deac.bertelsmann.de
benet.bertelsmann.com
BECASH.BERTELSMANN.COM
becure-web.bertelsmann.com
globaldoc.bertelsmann.com
skypetmg.bertelsmann.de
www.benet.bertelsmann.com
api.bertelsmann.com
deac.bertelsmann.de
divisionalreportingserver.bertelsmann.de
skypetmg.bertelsmann.de
invoice.bertelsmann.com
becure-web.bertelsmann.com
socialcloud.bertelsmann.com
globaldoc-qa.bertelsmann.com
fund.bertelsmann.com
www.bertelsmann.com
forward.bertelsmann.com
aci.training.bertelsmann.com
www.bertelsmann.com
benet.bertelsmann.com
csacde.bertelsmann.de
dev.carl.bertelsmann.com
bertelsmann.de
becash.bertelsmann.com
peoplenet.bertelsmann.de
invoice.bertelsmann.com
bertelsmann.de
bertelsmann.de
gtlbml3lf0200.bagmail.net
alumni.bertelsmann.com
becure.bertelsmann.com
fund.bertelsmann.com
becash.bertelsmann.com
becash.bertelsmann.com
skypetmg.bertelsmann.de
becash.bertelsmann.com
sni13332gl.wpc.edgecastcdn.net
bertelsmann.de
bertelsmann.de
becure.bertelsmann.com
bwise-reporting.bertelsmann.com
alumni.bertelsmann.com
www.benet.bertelsmann.com
bertelsmann.de
becure.bertelsmann.com
skypetmg.bertelsmann.de
becure.bertelsmann.com
alumni.bertelsmann.com
gtlbml3lf0200.bagmail.net
www.benet.bertelsmann.com
peoplenet.bertelsmann.de
sni2872fgl.wpc.edgecastcdn.net
*.benet.bertelsmann.com
becure-web.bertelsmann.com
csacde.bertelsmann.de
www.bertelsmann.com
www.benet.bertelsmann.com
becure.bertelsmann.com
becash.bertelsmann.com
www.benet.bertelsmann.com
becash-test.bertelsmann.com
becure-web.bertelsmann.com
benet.bertelsmann.com
becure.bertelsmann.com
www.bertelsmann.com
www.benet.bertelsmann.com
forward.bertelsmann.com
skypetmg.bertelsmann.de
sni1a676gl.wpc.edgecastcdn.net
becash.bertelsmann.com
*.bertelsmann.com
*.bertelsmann.com
benet.bertelsmann.com
bebc.bertelsmann.com
benet.bertelsmann.com
becure.bertelsmann.com
api.bertelsmann.com
benet.bertelsmann.com
benet-ticker.bertelsmann.com
alumni.bertelsmann.com
bwise.bertelsmann.com
becash.bertelsmann.com
bwise-test.bertelsmann.com
sf-becure.mag.bertelsmann.com
benet.bertelsmann.de
gtlbml3lf0200.bagmail.net
api.bertelsmann.com

Certificate

The complete raw certificate details for benet.bertelsmann.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF7DCCBNSgAwIBAgIQN+aFy0Hq+DkclBIB1L2k1TANBgkqhkiG9w0BAQsFADBH
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMX
UmFwaWRTU0wgU0hBMjU2IENBIC0gRzIwHhcNMTcwODA0MDAwMDAwWhcNMTkwNTAz
MjM1OTU5WjAgMR4wHAYDVQQDDBViZW5ldC5iZXJ0ZWxzbWFubi5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6rj3w+618d96o/JBShu2hEUPj7gbf
Ze/8a+6uFXuBI/joQ9sJxdCO92GZt+KGPlOEe14LGG+odLn7IEPLBokE+zTw7Z54
ue6yJ5Yxa+cm8ROgUbJqnW9eUvXFvNwQYr0W+c/PQqqi2lnARcO61/hvJ1jnR6wC
D/uV2GiFr7cWP2DtsRO71Cmbjc8abYOcBjj5whlXEnAuiIFdZTqJpIMVzP2KvMcn
8yXaje9JrvjHVCotc7spR6NUBYhTkfzDr6gIN9YsfCmSVxMnTw8pVkya6LCJOzso
PLJo6lDFzhPtdh7wCsrs68Tl0cL43cbRZ+aDTKgJUz3XozyjX11dIMTDAgMBAAGj
ggL5MIIC9TAgBgNVHREEGTAXghViZW5ldC5iZXJ0ZWxzbWFubi5jb20wCQYDVR0T
BAIwADArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vZ3Muc3ltY2IuY29tL2dzLmNy
bDBvBgNVHSAEaDBmMGQGBmeBDAECATBaMCoGCCsGAQUFBwIBFh5odHRwczovL3d3
dy5yYXBpZHNzbC5jb20vbGVnYWwwLAYIKwYBBQUHAgIwIAweaHR0cHM6Ly93d3cu
cmFwaWRzc2wuY29tL2xlZ2FsMB8GA1UdIwQYMBaAFEz0v+g7vsIk8xtHO7VuSI4W
q68SMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vZ3Muc3ltY2Qu
Y29tMCYGCCsGAQUFBzAChhpodHRwOi8vZ3Muc3ltY2IuY29tL2dzLmNydDCCAX0G
CisGAQQB1nkCBAIEggFtBIIBaQFnAHUA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiN
PRHEzbbsvswAAAFdrEyUPwAABAMARjBEAiAZfa2LcNaERm217w56EAdbdr1Vmkx6
ngWCU+EALklxDQIgSQ53Rlm1FPZ/C3X9TmXCpHkjmenOphn9W8TiRV7+z4EAdwCk
uQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAV2sTJR3AAAEAwBIMEYC
IQCYfTOSojiH1D0EwhtF7ORlFiaPZTwKnMbL9SmXg2djwwIhAPorm+uGmGd4zo4I
X2s7gyjYKcSgwaZ9XxNjcVgibJhvAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiD
AMR7iXqo/csAAAFdrEyUfQAABAMARjBEAiAxlSoW+TYVLMR0QC6AW+y9RHTZpwNK
iOrkuEb/gKPhjQIgCszsqKoFpyo4rIlJrvfm+tmRoejNdvQk3DWW9hkXkqUwDQYJ
KoZIhvcNAQELBQADggEBAG3XUkgkrYFN2V5+DYFFOiQFDlUVkOlvXqsVEfKUUd5q
AtkkISthDAg/QbIHTdNuADR/tPlugrcaCdgk64JCGtAD2XbCdXfynN3L35sBsq8N
bC3USbHAZUi5ffNJ2tIZseafj5X8i4Pz46nSmJY0DGjLHhDl50I1qdVE5qFuHen1
OtCKj7pUMf8tOsCj70/jiWXfYF/AYFzZG5+UTpNFEhTp6284j3VAMXDzcCKF+fcK
N8PvpNCB1CirqGbRnqE1hqW0gYMz0cFLE80OEICBWvZ7V53SknmAhP/dkrASpbaG
b+3awHkBm4wPsLGx9VLnadeuyi6+ybqe/XCuHhGyZCI=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuq498PutfHfeqPyQUobt
oRFD4+4G32Xv/GvurhV7gSP46EPbCcXQjvdhmbfihj5ThHteCxhvqHS5+yBDywaJ
BPs08O2eeLnusieWMWvnJvEToFGyap1vXlL1xbzcEGK9FvnPz0KqotpZwEXDutf4
bydY50esAg/7ldhoha+3Fj9g7bETu9Qpm43PGm2DnAY4+cIZVxJwLoiBXWU6iaSD
Fcz9irzHJ/Ml2o3vSa74x1QqLXO7KUejVAWIU5H8w6+oCDfWLHwpklcTJ08PKVZM
muiwiTs7KDyyaOpQxc4T7XYe8ArK7OvE5dHC+N3G0Wfmg0yoCVM916M8o19dXSDE
wwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 74304481709828245912687026241120609493
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'RapidSSL SHA256 CA - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-08-04 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-05-03 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'benet.bertelsmann.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23566246635707998845476774978838466699821174514184831139814230182819927812202714149541411179449629522838902997720398969427919643073583785644501900601188138744345274330482619454011167592706822331482033159501851980849592950449256125977133663161962062936523167126357344494431089925891021565973089267693833984135137977267680074006819022619508806778818210882672842689387509503990596823361516726488748253205320021083430650555715951330707367964069846410104694840670176736910503382177178879044927975756846456626547841306769083462315405989141772763091697352734439119754292359452404793422633723294892900050370492604960670270659
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'benet.bertelsmann.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gs.symcb.com/gs.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.rapidssl.com/legal'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://www.rapidssl.com/legal'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 4cf4bfe83bbec224f31b473bb56e488e16abaf12
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gs.symcd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gs.symcb.com/gs.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007500ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc0000015dac4c943f00000403004630440220197dad8b70d684466db5ef0e7a10075b76bd559a4c7a9e058253e1002e49710d0220490e774659b514f67f0b75fd4e65c2a4792399e9cea619fd5bc4e2455efecf81007700a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000015dac4c94770000040300483046022100987d3392a23887d43d04c21b45ece46516268f653c0a9cc6cbf52997836763c3022100fa2b9beb86986778ce8e085f6b3b8328d829c4a0c1a67d5f13637158226c986f007500ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000015dac4c947d0000040300463044022031952a16f936152cc474402e805becbd4474d9a7034a88eae4b846ff80a3e18d02200acceca8aa05a72a38ac8949aef7e6fad991a1e8cd76f424dc3596f6191792a5
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		006dd7524824ad814dd95e7e0d81453a24050e551590e96f5eab1511f29451de6a02d924212b610c083f41b2074dd36e00347fb4f96e82b71a09d824eb82421ad003d976c27577f29cddcbdf9b01b2af0d6c2dd449b1c06548b97df349dad219b1e69f8f95fc8b83f3e3a9d29896340c68cb1e10e5e74235a9d544e6a16e1de9f53ad08a8fba5431ff2d3ac0a3ef4fe38965df605fc0605cd91b9f944e93451214e9eb6f388f75403170f3702285f9f70a37c3efa4d081d428aba866d19ea13586a5b4818333d1c14b13cd0e1080815af67b579dd292798084ffdd92b012a5b6866feddac079019b8c0fb0b1b1f552e769d7aeca2ebec9ba9efd70ae1e11b26422