*.hellofresh.com

Issued by Amazon

About this certificate

This digital certificate with serial number 06:0b:ac:ee:dc:af:25:32:dc:e4:1f:f6:2f:26:b5:6a was issued on by Amazon.

With 33 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=*.hellofresh.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 06:0b:ac:ee:dc:af:25:32:dc:e4:1f:f6:2f:26:b5:6a
Serial Number (int): 8035990739206324668504371224608421226
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: b5:dd:92:2f:b6:00:6a:06:d9:05:d9:cb:6b:01:ec:ff:f9:92:11:9a
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): d3:94:c8:90:18:7b:1d:36:3f:6c:99:a3:e3:f5:16:73:77:f3:da:01
Fingerprint (sha256): 06:28:7c:c9:2e:22:74:a8:be:71:80:9c:d4:a9:ac:24:03:3b:a3:3a:ab:f5:03:1d:f8:cc:0a:e0:4c:0c:8b:84

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate *.hellofresh.com

33

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.hellofresh.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.hellofresh.com
*.everyplate.com.au
*.live-k8s.hellofresh.io
hellofresh.co.nz
hellofresh.at
hellofresh.co.uk
*.hellofresh.com.au
hellofresh.lu
hellofresh.com.au
*.everyplate.com
hellofresh.ca
*.hellofresh.ch
*.hellofresh.at
*.hellofresh.be
*.hellofresh.co.nz
everyplate.com.au
hellofresh.fr
hellofresh.ch
hellofresh.se
*.hellofresh.se
hellofresh.nl
hellofresh.de
hellofresh.be
*.hellofresh.de
*.hellofresh.fr
hellofresh.dk
hellofresh.com
everyplate.com
*.hellofresh.nl
*.hellofresh.co.uk
*.hellofresh.dk
*.hellofresh.lu
*.hellofresh.ca

Other certificates including the domain name hellofresh.com

(limited to 100 certificates)
s2-san.cloudinary.com
s2-san.cloudinary.com
*.hellofresh.com
incapsula.com
hellofresh.com
*.hellofresh.com
hellofresh.com
s3-cloudinary-pin.map.fastly.net
*.hellofresh.com
gtms.hft.hellofresh.com
s2-san.cloudinary.com
dam-us.hellofresh.com
s3-cloudinary-pin.map.fastly.net
hellofresh.com
*.hellofresh.com
partner.hellofresh.com
gtms.hft.hellofresh.com
s2-san.cloudinary.com
s2-cloudinary-pin.map.fastly.net
s2-san.cloudinary.com
mi.hellofresh.com
mi.hellofresh.com
intranet.hellofresh.com
s2-san.cloudinary.com
careers.hellofresh.com
s2-san.cloudinary.com
s3-cloudinary-pin.map.fastly.net
s2-san.cloudinary.com
*.hellofresh.com
s2-san.cloudinary.com
sentinel-prime.hellofresh.com
s2-san.cloudinary.com
try.hellofresh.com
partner.hellofresh.com
*.hellofresh.com
hft.hellofresh.se
s2-san.cloudinary.com
*.hellofresh.com
gtms.hft.hellofresh.com
hft.hellofresh.ca
s2-san.cloudinary.com
careers.hellofresh.com
*.hellofresh.com
*.hellofresh.com
tms.hft.hellofresh.at
mdm.hellofresh.com
s2-san.cloudinary.com
incapsula.com
hubspot.hellofresh.com
s2-san.cloudinary.com
sentinel-prime.hellofresh.com
hb.hellofresh.com
*.ops.hellofresh.com
*.hellofresh.com
akamai-san85.exacttarget.com
blog.hellofresh.com
incapsula.com
intranet.hellofresh.com
factormeals.com
incapsula.com
s2-san.cloudinary.com
intranet.hellofresh.com
hft.hellofresh.ca
share.hellofresh.com
lp.hellofresh.com
s2-san.cloudinary.com
tms.hft.hellofresh.com
s2-san.cloudinary.com
s2-san.cloudinary.com
careers.hellofresh.com
www.blog.hellofresh.com
support.hellofresh.com
incapsula.com
tms.hft.hellofresh.at
s2-san.cloudinary.com
s2-san.cloudinary.com
hb.hellofresh.com
hft.hellofresh.ca
tms.hft.hellofresh.at
*.hellofresh.com
s2-san.cloudinary.com
try.hellofresh.com
bici.hellofresh.com
hellofresh.com
blog.hellofresh.com
zest.hellofresh.com
s2-cloudinary-pin.map.fastly.net
sentinel-prime.hellofresh.com
careers.hellofresh.com
s2-san.cloudinary.com
akamai-san85.exacttarget.com
s3-cloudinary-pin.map.fastly.net
hellofresh.com
blog.hellofresh.com
s2-san.cloudinary.com
s2-san.cloudinary.com
s3-cloudinary-pin.map.fastly.net
blog.hellofresh.com
s2-san.cloudinary.com
blog.hellofresh.com

Certificate

The complete raw certificate details for *.hellofresh.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGpDCCBYygAwIBAgIQBgus7tyvJTLc5B/2Lya1ajANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMDAzMDMwMDAwMDBaFw0yMTA0MDMx
MjAwMDBaMBsxGTAXBgNVBAMMECouaGVsbG9mcmVzaC5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCT8Gb5qY9k1JWM7w9UwJai0U6qobERIF+Jpyyo
LOsNKCmmoeMSM+9rVN6u873oUBWOZSggnbd8YlxMT5XvGG38eEIExQMFqH57e4AS
nyA2JF2LfeAz3Z5G9L0UGlBtzVelWptZjfGOHc6fznz+E78m0N/WBqfjZG79sEZX
CjGBkVEG4HSNsMa3HlNoBowZtst2FK3G09Jm4/q3pJhtklFWi3PuO10rl25lZW3a
w8T2uc4Xr15qoug+GXFYT7AP/je5K/d/i++P/n8SxMKWlIhVMTSU9b7Vp09CFNxI
PkfRlA7cqDQ6O5IJV65Fs/xetmFcJU4U4rEZoKU4PZAQJFGtAgMBAAGjggO3MIID
szAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUtd2S
L7YAagbZBdnLawHs//mSEZowggJHBgNVHREEggI+MIICOoIQKi5oZWxsb2ZyZXNo
LmNvbYITKi5ldmVyeXBsYXRlLmNvbS5hdYIYKi5saXZlLWs4cy5oZWxsb2ZyZXNo
LmlvghBoZWxsb2ZyZXNoLmNvLm56gg1oZWxsb2ZyZXNoLmF0ghBoZWxsb2ZyZXNo
LmNvLnVrghMqLmhlbGxvZnJlc2guY29tLmF1gg1oZWxsb2ZyZXNoLmx1ghFoZWxs
b2ZyZXNoLmNvbS5hdYIQKi5ldmVyeXBsYXRlLmNvbYINaGVsbG9mcmVzaC5jYYIP
Ki5oZWxsb2ZyZXNoLmNogg8qLmhlbGxvZnJlc2guYXSCDyouaGVsbG9mcmVzaC5i
ZYISKi5oZWxsb2ZyZXNoLmNvLm56ghFldmVyeXBsYXRlLmNvbS5hdYINaGVsbG9m
cmVzaC5mcoINaGVsbG9mcmVzaC5jaIINaGVsbG9mcmVzaC5zZYIPKi5oZWxsb2Zy
ZXNoLnNlgg1oZWxsb2ZyZXNoLm5sgg1oZWxsb2ZyZXNoLmRlgg1oZWxsb2ZyZXNo
LmJlgg8qLmhlbGxvZnJlc2guZGWCDyouaGVsbG9mcmVzaC5mcoINaGVsbG9mcmVz
aC5ka4IOaGVsbG9mcmVzaC5jb22CDmV2ZXJ5cGxhdGUuY29tgg8qLmhlbGxvZnJl
c2gubmyCEiouaGVsbG9mcmVzaC5jby51a4IPKi5oZWxsb2ZyZXNoLmRrgg8qLmhl
bGxvZnJlc2gubHWCDyouaGVsbG9mcmVzaC5jYTAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0
dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNybDAgBgNVHSAE
GTAXMAsGCWCGSAGG/WwBAjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsG
AQUFBzABhiFodHRwOi8vb2NzcC5zY2ExYi5hbWF6b250cnVzdC5jb20wNgYIKwYB
BQUHMAKGKmh0dHA6Ly9jcnQuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNy
dDAMBgNVHRMBAf8EAjAAMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEB
CwUAA4IBAQAWTytwHvJn4DpVYr1L2PZmnWUiWQMBrZKnSA0NAFQJsbtOzmxWLmwO
X2d6JnB4YWcbHJZXpUiVnf9mIt9Yq3IiXecrop3cND//3R7Q2c8LAxGhNnM7mWj/
KQM+Y8pTyBmcdO5QJ0E5lTHhILn48OQkcQ1KgrEZxucKc5fXpf3pCVFKWslliAOg
VMN+tuw0/48W5H50GC+pg63rmRutUo4Cjbz9oLnzRottBjRko3mRIYl82RrhgwRX
0SLb8nLmnjjy9M8wCkdzbkZJSt9obe/dmYMLfH37RzzJC+glmiAKgHuJAYYyiRVX
lGnUCgmr+HvLJ4viQ0I9Gn7ULx2+ZQej
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/Bm+amPZNSVjO8PVMCW
otFOqqGxESBfiacsqCzrDSgppqHjEjPva1TervO96FAVjmUoIJ23fGJcTE+V7xht
/HhCBMUDBah+e3uAEp8gNiRdi33gM92eRvS9FBpQbc1XpVqbWY3xjh3On858/hO/
JtDf1gan42Ru/bBGVwoxgZFRBuB0jbDGtx5TaAaMGbbLdhStxtPSZuP6t6SYbZJR
Votz7jtdK5duZWVt2sPE9rnOF69eaqLoPhlxWE+wD/43uSv3f4vvj/5/EsTClpSI
VTE0lPW+1adPQhTcSD5H0ZQO3Kg0OjuSCVeuRbP8XrZhXCVOFOKxGaClOD2QECRR
rQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 8035990739206324668504371224608421226
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-03 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-04-03 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.hellofresh.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 18675577596327018007626925237292303482613131334877860124843544300277056350299308000508225189059885601848688077226534961832746316779373241780092558812599304435450154781241156688243840109047145601397460205302986719882766204033319278931517690863947899583058788182163914320832439322985515187286020420572437044233847149700521128639355536585785301066140175884474847986109470194689702442834636713894737829113515692179045928177194817268656959676511654515366810450133036346951820691016313495153328525850812311338880524368540265161200060534394113852754624595325954118445998372959566309536124002391055375955483330266549574717869
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b5dd922fb6006a06d905d9cb6b01ecfff992119a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (574 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.everyplate.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.live-k8s.hellofresh.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.at'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.lu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.everyplate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.at'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.be'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'everyplate.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.be'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.dk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hellofresh.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'everyplate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.dk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.lu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00164f2b701ef267e03a5562bd4bd8f6669d6522590301ad92a7480d0d005409b1bb4ece6c562e6c0e5f677a26707861671b1c9657a548959dff6622df58ab72225de72ba29ddc343fffdd1ed0d9cf0b0311a136733b9968ff29033e63ca53c8199c74ee502741399531e120b9f8f0e424710d4a82b119c6e70a7397d7a5fde909514a5ac9658803a054c37eb6ec34ff8f16e47e74182fa983adeb991bad528e028dbcfda0b9f3468b6d063464a3799121897cd91ae1830457d122dbf272e69e38f2f4cf300a47736e46494adf686defdd99830b7c7dfb473cc90be8259a200a807b890186328915579469d40a09abf87bcb278be243423d1a7ed42f1dbe6507a3