picks.nba.com
Issued by Amazon RSA 2048 M01
About this certificate
This digital certificate with serial number 0e:eb:46:84:76:64:f7:49:94:0c:8f:12:e7:10:87:18 was issued on by Amazon.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=picks.nba.com
Amazon
Organization:
Amazon
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 0e:eb:46:84:76:64:f7:49:94:0c:8f:12:e7:10:87:18Serial Number (int): 19830811966175505735862030275525510936
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: 0e:4f:05:e0:6a:d0:0e:89:e8:99:84:3c:24:bb:6f:fc:2a:ab:1f:fb
AuthorityKeyId: 81:b8:0e:63:8a:89:12:18:e5:fa:3b:3b:50:95:9f:e6:e5:90:13:85
Fingerprint (sha1): 91:f2:ed:a7:66:a1:5f:94:0b:9b:92:66:60:19:a1:00:70:be:0a:cc
Fingerprint (sha256): 05:ee:a9:fa:2f:be:99:81:44:9b:8f:b6:a4:84:3c:6d:f0:e2:41:45:c0:be:33:83:b6:90:85:ad:47:b8:13:14
Issuing Certificate URL: http://crt.r2m01.amazontrust.com/r2m01.cer
Revocation information
OCSP Server: http://ocsp.r2m01.amazontrust.comCRL Distribution Point: http://crl.r2m01.amazontrust.com/r2m01.crl
Check the revocation status for certificate picks.nba.com
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for picks.nba.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
picks.nba.com
t.picks.nba.com
t.picks.nba.com
Other certificates including the domain name nba.com
(limited to 100 certificates)
sp.gosanangelo.com
www-all.nba.com
secure.nba.com
global.nba.com
classroom.nba.com
allball.blogs.nba.com
takrun.org
stage.nba.com
hk.nba.com
cmp.channelpartner.de
store.nba.com
google-videos-qa.nba.com
nbaevents.nba.com
ct-sand.nba.com
r2.shared.global.fastly.net
audience.nba.com
webmail.hk.nba.com
google-videos-dev.nba.com
sdc.turner.com
www-all.nba.com
fidelity.nba.com
on.nba.com
ca.nba.com
nbafantasy.nba.com
fantasy.india.nba.com
nba.com
mvpvote.nba.com
sni330fgl.wpc.edgecastcdn.net
a.data.nba.com
techtips.nba.com
audience.nba.com
madants.gleague.nba.com
r2.shared.global.fastly.net
esinniobiwaquareeb.live
nba.com
store.nba.com
account-staging.nba.com
account.nba.com
play.nba.com
sdc.turner.com
www-all.nba.com
hk.nba.com
store.nba.com
*.nba.com
nba.com
nbae-support.nba.com
*.global.nba.com
*.nba.com
sni330fgl.wpc.edgecastcdn.net
google-videos-qa.nba.com
polls.turner.com
hk.nba.com
aspera.nba.com
exec.nba.com
webmail.sh.nba.com
returns.store.nba.com
www.turner.com
teamvideo.nba.com
ik.imagekit.io
dleaguestore.nba.com
akamai-san88.exacttarget.com
www-all.nba.com
dev.turner.com
vpnsh.nba.com
lrmedia.nba.com
vegasexpo.nba.com
www.sidekick.management
ik.imagekit.io
assets.nba.com
r2.shared.global.fastly.net
nbafantasy.nba.com
www.vegasexpo.nba.com
checkin.nba.com
*.internal.nba.com
sa1gl.wpc.edgecastcdn.net
www.turner.com
picks.nba.com
ct.nba.com
ik.imagekit.io
centercourtlive.nba.com
sdc.turner.com
audience.lab.nba.com
*.nba.com
*.nba.com
stage.nba.com
vpnhk.nba.com
consent.planetradio.co.uk
emediate.com.br
google-videos-qa.nba.com
global.nba.com
content.nba.com
gr.leaguepass.nba.com
stage.nba.com
smetrics.global.nba.com
nbaevents.nba.com
www.docsupport.nba.com
mydepartment.nba.com
audience.lab.nba.com
exec.nba.com
photostore.nba.com
www-all.nba.com
secure.nba.com
global.nba.com
classroom.nba.com
allball.blogs.nba.com
takrun.org
stage.nba.com
hk.nba.com
cmp.channelpartner.de
store.nba.com
google-videos-qa.nba.com
nbaevents.nba.com
ct-sand.nba.com
r2.shared.global.fastly.net
audience.nba.com
webmail.hk.nba.com
google-videos-dev.nba.com
sdc.turner.com
www-all.nba.com
fidelity.nba.com
on.nba.com
ca.nba.com
nbafantasy.nba.com
fantasy.india.nba.com
nba.com
mvpvote.nba.com
sni330fgl.wpc.edgecastcdn.net
a.data.nba.com
techtips.nba.com
audience.nba.com
madants.gleague.nba.com
r2.shared.global.fastly.net
esinniobiwaquareeb.live
nba.com
store.nba.com
account-staging.nba.com
account.nba.com
play.nba.com
sdc.turner.com
www-all.nba.com
hk.nba.com
store.nba.com
*.nba.com
nba.com
nbae-support.nba.com
*.global.nba.com
*.nba.com
sni330fgl.wpc.edgecastcdn.net
google-videos-qa.nba.com
polls.turner.com
hk.nba.com
aspera.nba.com
exec.nba.com
webmail.sh.nba.com
returns.store.nba.com
www.turner.com
teamvideo.nba.com
ik.imagekit.io
dleaguestore.nba.com
akamai-san88.exacttarget.com
www-all.nba.com
dev.turner.com
vpnsh.nba.com
lrmedia.nba.com
vegasexpo.nba.com
www.sidekick.management
ik.imagekit.io
assets.nba.com
r2.shared.global.fastly.net
nbafantasy.nba.com
www.vegasexpo.nba.com
checkin.nba.com
*.internal.nba.com
sa1gl.wpc.edgecastcdn.net
www.turner.com
picks.nba.com
ct.nba.com
ik.imagekit.io
centercourtlive.nba.com
sdc.turner.com
audience.lab.nba.com
*.nba.com
*.nba.com
stage.nba.com
vpnhk.nba.com
consent.planetradio.co.uk
emediate.com.br
google-videos-qa.nba.com
global.nba.com
content.nba.com
gr.leaguepass.nba.com
stage.nba.com
smetrics.global.nba.com
nbaevents.nba.com
www.docsupport.nba.com
mydepartment.nba.com
audience.lab.nba.com
exec.nba.com
photostore.nba.com
Certificate
The complete raw certificate details for picks.nba.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF1zCCBL+gAwIBAgIQDutGhHZk90mUDI8S5xCHGDANBgkqhkiG9w0BAQsFADA8 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g UlNBIDIwNDggTTAxMB4XDTIzMDIyMDAwMDAwMFoXDTIzMDkxNTIzNTk1OVowGDEW MBQGA1UEAxMNcGlja3MubmJhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBANREvMv3OOq70VNuA/XR2s5WkkHzsgdPSCrIEoZ5UJjtulg4Z4Ly1drJ WPJGleWHPeARXcdDQxRcH36AkHIUE/YeEuPAYWoQOrWEiShdU8m4sQjRiNpKiToW 9ZJrlv5t0v/VJOMWFymMwef7QoLb0Bov6kg/HfZGxiGLEr70zZ7jX8skyX6cCeYA ImZXJ37RvJnOJ6ORB32+JVmRDcl4XfUb5dymOkmHMUq9n+/b3hD4CYGRrCEVKjh5 kBK6O2W19GQsQd2iBWzwjwGA7XstNalXUdZa8OHxSI/vqKdEXwFojYnA4No5FQmv nXPVyQLVN2Ogd/vf6j/gA1oOKj8jNZcCAwEAAaOCAvcwggLzMB8GA1UdIwQYMBaA FIG4DmOKiRIY5fo7O1CVn+blkBOFMB0GA1UdDgQWBBQOTwXgatAOieiZhDwku2/8 Kqsf+zApBgNVHREEIjAggg1waWNrcy5uYmEuY29tgg90LnBpY2tzLm5iYS5jb20w DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7 BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAxLmFtYXpvbnRydXN0LmNv bS9yMm0wMS5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBn MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5yMm0wMS5hbWF6b250cnVzdC5jb20w NgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQucjJtMDEuYW1hem9udHJ1c3QuY29tL3Iy bTAxLmNlcjAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgA dwDoPtDaPvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAYZw8RNEAAAEAwBI MEYCIQCwYudOAKImuz+//psJnXvE5Px4ldtEKoravTnUnoHVowIhAO77QgWVIxb+ 2c7yB2Fo4GWbnygC65kY4QdvNJNxsU4tAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFn DAuH3PADDnk2pZoAAAGGcPETkgAABAMARjBEAiAxJ0MaSARo57UoW1LhhvZTXA3M RLXZdlAWIjmR3/hbQwIgMCFRd5BI9LgcTXTvEfEjjPSWTYpmdZw11zTL0ua9814A dgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYZw8RNHAAAEAwBH MEUCIQDIm+uRvBkDqtcuOrZS7dybYJNROwUT2ZXMfu/LbhoQhwIgU2U4qotPHxVb FQDthRkwereQNndsGz10opL+o4rs7CIwDQYJKoZIhvcNAQELBQADggEBAMB6U0uO xQlj2lEfb44hSAaks5o/kxIK6IMX9/7gQhb1/BG/arYeliYnV6merZytwtrHfXRA WeVCDeCsMGmR2Hl3t1ABE6BwZuojyE7rtXk9y0DfunEQ8I+7FsPrUMYmSwJ0uaQA fujzlGS761nNVxpd3c0KBY/9F/eAhZWpQQN7OfgcrHqG5WvXzLZb1OfUAlFTHawV bvy0X/m7Z1GtOKZWOPhZxGbHnWsci2Tq40Mz51+ENOJTf6gWK82/DGEl22kNBS7q FS+wD45bDqU7Y94s2J5YQuqrD1s58z1cNGveRUO8NR9UOto8ko2rCbVuWdweHRuV KaReocpP5fn969c= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ES8y/c46rvRU24D9dHa zlaSQfOyB09IKsgShnlQmO26WDhngvLV2slY8kaV5Yc94BFdx0NDFFwffoCQchQT 9h4S48BhahA6tYSJKF1TybixCNGI2kqJOhb1kmuW/m3S/9Uk4xYXKYzB5/tCgtvQ Gi/qSD8d9kbGIYsSvvTNnuNfyyTJfpwJ5gAiZlcnftG8mc4no5EHfb4lWZENyXhd 9Rvl3KY6SYcxSr2f79veEPgJgZGsIRUqOHmQEro7ZbX0ZCxB3aIFbPCPAYDtey01 qVdR1lrw4fFIj++op0RfAWiNicDg2jkVCa+dc9XJAtU3Y6B3+9/qP+ADWg4qPyM1 lwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 19830811966175505735862030275525510936 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M01' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-02-20 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-15 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'picks.nba.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26796416371087876856906917944872868594802967346557699675241445569545305667611670879158200920766080009122724219645817229166345806994354212048784308129901509651284671835430452956356913114599401091804710144820491959240301254824533375734258825969765655000747320201962554311468657126117732430018176240965308362422735516013912039219781680157267218576801331721310839925736477611679590549944889600585675990225470059469019623682496398770699876231675957370085868491702997839728125370172211490865026333523939767108820296061939110712073824312862171646875660458099934686704193300356666565157541858139573748034980751485941403825559 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 81b80e638a891218e5fa3b3b50959fe6e5901385 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 0e4f05e06ad00e89e899843c24bb6ffc2aab1ffb . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'picks.nba.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 't.picks.nba.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m01.amazontrust.com/r2m01.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m01.amazontrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m01.amazontrust.com/r2m01.cer' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes) 0168007700e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e0000018670f113440000040300483046022100b062e74e00a226bb3fbffe9b099d7bc4e4fc7895db442a8adabd39d49e81d5a3022100eefb4205952316fed9cef2076168e0659b9f2802eb9918e1076f349371b14e2d007500b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a0000018670f11392000004030046304402203127431a480468e7b5285b52e186f6535c0dcc44b5d9765016223991dff85b430220302151779048f4b81c4d74ef11f1238cf4964d8a66759c35d734cbd2e6bdf35e007600b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb4990000018670f113470000040300473045022100c89beb91bc1903aad72e3ab652eddc9b6093513b0513d995cc7eefcb6e1a10870220536538aa8b4f1f155b1500ed8519307ab79036776c1b3d74a292fea38aecec22 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00c07a534b8ec50963da511f6f8e214806a4b39a3f93120ae88317f7fee04216f5fc11bf6ab61e96262757a99ead9cadc2dac77d744059e5420de0ac306991d87977b7500113a07066ea23c84eebb5793dcb40dfba7110f08fbb16c3eb50c6264b0274b9a4007ee8f39464bbeb59cd571a5dddcd0a058ffd17f7808595a941037b39f81cac7a86e56bd7ccb65bd4e7d40251531dac156efcb45ff9bb6751ad38a65638f859c466c79d6b1c8b64eae34333e75f8434e2537fa8162bcdbf0c6125db690d052eea152fb00f8e5b0ea53b63de2cd89e5842eaab0f5b39f33d5c346bde4543bc351f543ada3c928dab09b56e59dc1e1d1b9529a45ea1ca4fe5f9fdebd7