app2103.apac1.birst.com

Issued by Amazon RSA 2048 M01

About this certificate

This digital certificate with serial number 09:bf:65:52:b6:e4:90:4f:42:8e:0f:32:44:1e:0c:f5 was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=app2103.apac1.birst.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 09:bf:65:52:b6:e4:90:4f:42:8e:0f:32:44:1e:0c:f5
Serial Number (int): 12956835738726278278791130057858223349
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 2d:7e:a9:19:15:d5:58:01:6b:6e:35:61:d7:14:c0:22:c6:b1:a8:10
AuthorityKeyId: 81:b8:0e:63:8a:89:12:18:e5:fa:3b:3b:50:95:9f:e6:e5:90:13:85

Fingerprint (sha1): 10:67:58:14:d4:35:c1:e8:41:89:8c:39:1f:52:c7:8e:05:e9:8b:2b
Fingerprint (sha256): 06:79:f2:dc:fb:a3:10:91:d2:d5:71:e5:59:69:7d:6f:38:f9:2c:2d:87:a6:d0:f3:a5:fa:b6:d2:55:6b:49:16

Issuing Certificate URL: http://crt.r2m01.amazontrust.com/r2m01.cer

Revocation information

OCSP Server: http://ocsp.r2m01.amazontrust.com
CRL Distribution Point: http://crl.r2m01.amazontrust.com/r2m01.crl

Check the revocation status for certificate app2103.apac1.birst.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for app2103.apac1.birst.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

app2103.apac1.birst.com
*.app2103.apac1.birst.com

Other certificates including the domain name birst.com

(limited to 100 certificates)
webdav.birst.com
app3112.bws.birst.com
mrc.bws.birst.com
btm.birst.com
5663998322147328-fe1.pantheonsite.io
maps.bws.birst.com
app2101.apac1.birst.com
app2102.bws.birst.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
app2101.bws.birst.com
5663998322147328-fe1.pantheonsite.io
app2103.apac1.birst.com
sde.birst.com
5663998322147328-fe1.pantheonsite.io
login.bws.birst.com
5663998322147328-fe1.pantheonsite.io
rc.sde.birst.com
login.bws.birst.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
birstupdates.bws.birst.com
login.bws.birst.com
app2102.eu1.birst.com
5663998322147328-fe1.pantheonsite.io
vanity2.lithium.com
app2101.bws.birst.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
licensing.bws.birst.com
5663998322147328-fe1.pantheonsite.io
*.bws.birst.com
mrc.bws.birst.com
vanity1.jiveon.com
c43rc.bws.birst.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
login.bws.birst.com
5663998322147328-fe1.pantheonsite.io
stage.birst.com
5663998322147328-fe1.pantheonsite.io
app2102.apac2.birst.com
vanity2.lithium.com
app2103.bws.birst.com
freetrial.bws.birst.com
5663998322147328-fe1.pantheonsite.io
app2101.apac2.birst.com
5663998322147328-fe1.pantheonsite.io
mrc.apac1.birst.com
partners.birst.com
birstupdates.bws.birst.com
bwa.birst.com
login.apac1.birst.com
app.birst.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
rc.birst.com
app2102.eu1.birst.com
rc.birst.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
dev.www.birst.com
app2101.eu1.birst.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
stage.sde.birst.com
stage.sde.birst.com
5663998322147328-fe1.pantheonsite.io
static.captora.com
*.saml.birst.com
login.apac2.birst.com
5663998322147328-fe1.pantheonsite.io
btm.apac1.birst.com
mail.birst.com
5663998322147328-fe1.pantheonsite.io
app2102.apac1.birst.com
5663998322147328-fe1.pantheonsite.io
vanity1.jiveon.com
app2102.eu1.birst.com
app2101.bws.birst.com
login.bws.birst.com
vanity2.lithium.com
sslvpn.birst.com
app2103.bws.birst.com
vanity1.jiveon.com
static.captora.com
vanity1.jiveon.com
5663998322147328-fe1.pantheonsite.io
vanity1.jiveon.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
www.birst.com
app2103.apac2.birst.com
app2101.apac1.birst.com
vanity1.jiveon.com
5663998322147328-fe1.pantheonsite.io
app2101.apac1.birst.com

Certificate

The complete raw certificate details for app2103.apac1.birst.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF9DCCBNygAwIBAgIQCb9lUrbkkE9Cjg8yRB4M9TANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDcxNDAwMDAwMFoXDTI0MDgxMjIzNTk1OVowIjEg
MB4GA1UEAxMXYXBwMjEwMy5hcGFjMS5iaXJzdC5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC11cO2CXc3LAd43lj1XfWKr1zFW3Rz0H/Pmtdxv+YP
jBvVazpm19aVOqPe3LEAUbh1Hy4w5Jt1MWOVuL/TUJdfhY29+ZSEbpOaoycxErSt
v2QP3rc2+JjeIu/D4jH8lL4s7fDpUY1Fd8QUSfnRRJI6eRmeMotQgFO8dUV+Or5b
sZB8u5rQSnWcx5ODuWB6QJpmq9zLxQY+oklVQASuTrH5vojh33YsBCzrXPae0MHV
XPZSIzZYEQ0TxK4eM6LuuuGLC3cnwBFcVvmUtOsWV+awSC5raB0hUbf1WFh9e8Zz
82J+yRmbM3LWzgAFyMRd00KH/Ghh4lOTYIc8XAZCDBo5AgMBAAGjggMKMIIDBjAf
BgNVHSMEGDAWgBSBuA5jiokSGOX6OztQlZ/m5ZAThTAdBgNVHQ4EFgQULX6pGRXV
WAFrbjVh1xTAIsaxqBAwPQYDVR0RBDYwNIIXYXBwMjEwMy5hcGFjMS5iaXJzdC5j
b22CGSouYXBwMjEwMy5hcGFjMS5iaXJzdC5jb20wDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipo
dHRwOi8vY3JsLnIybTAxLmFtYXpvbnRydXN0LmNvbS9yMm0wMS5jcmwwEwYDVR0g
BAwwCjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRw
Oi8vb2NzcC5yMm0wMS5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6
Ly9jcnQucjJtMDEuYW1hem9udHJ1c3QuY29tL3IybTAxLmNlcjAMBgNVHRMBAf8E
AjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgDuzdBk1dsazsVct520zROi
ModGfLzs3sNRSFlGcR+1mwAAAYlRxiZnAAAEAwBHMEUCIA2mfs1QYA9BtJgZP01I
mJ8k+ITwsxJiM+GZlt02NZKwAiEAygz2OarsyDWxQgz2ji50f0YPy/o7YZV0jdwT
aRiig4UAdQBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAYlRxiaL
AAAEAwBGMEQCIC+RW4bcpIAwLZyA/lX5Sd/toPl1ud5DLo1V22Q31+FzAiAah9IW
ndf3Gbkw2dnNbsPTjhuppH26puOsOP/y/npgXAB2ANq2v2s/tbYin5vCu1xr6HCR
cWy7UYSFNL2kPTBI1/urAAABiVHGJiYAAAQDAEcwRQIgIqPxPF2t5CbeVVwMCa6T
RoOIk6mU94LQ00MNUycAnU8CIQD2tZoV3YCpHoEXCxc7f+G45hnDjI703L84jZ/1
g3oAQDANBgkqhkiG9w0BAQsFAAOCAQEAX5ue17mx2kfrK0vBRr92M3RBfu83Fbk5
gevK1jYKUcDkmxHI52AYHR2StEJbiB6aOMID0hlIh08I3nbbM3LcTye7jmkPNgmU
niLTDFAxJZ65VVxejXBZwyFuwibaihPbgmjR9aXgWnFXg5kgu7UORdXBi0ZK/fNC
2CHimRPMRlQ8UfYoZkOzCcc9kgFleJcgU4peFBZyggLMdhteCu/Wzh8SJI1hUYrx
Z4b5sx34L+j7RhySkvYiSVndEEZonvxhb27LzRaMETErgdhvTZaGzzyu6dTg9wKr
yDb1ZJh6Tq0ETAQxIrVRuz24JPBOl/8/hYhRHPlPzOkvioMu/yx0Cw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdXDtgl3NywHeN5Y9V31
iq9cxVt0c9B/z5rXcb/mD4wb1Ws6ZtfWlTqj3tyxAFG4dR8uMOSbdTFjlbi/01CX
X4WNvfmUhG6TmqMnMRK0rb9kD963NviY3iLvw+Ix/JS+LO3w6VGNRXfEFEn50USS
OnkZnjKLUIBTvHVFfjq+W7GQfLua0Ep1nMeTg7lgekCaZqvcy8UGPqJJVUAErk6x
+b6I4d92LAQs61z2ntDB1Vz2UiM2WBENE8SuHjOi7rrhiwt3J8ARXFb5lLTrFlfm
sEgua2gdIVG39VhYfXvGc/NifskZmzNy1s4ABcjEXdNCh/xoYeJTk2CHPFwGQgwa
OQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 12956835738726278278791130057858223349
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M01'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-07-14 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-08-12 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'app2103.apac1.birst.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22954544400767556976869951889397414780172813608734835927556225752898438426584507008586737380489211921926698535964288790247545384009501950101482657977677873047918427135524761149073293137538936692398769546028919381724762948653786844112069946135821136639552354060718279803102220739103449540893711705800672665762170219688555430969078861578093895047721942571816492108001507011430991376355326663865733779650664339969104257553014964675141363880899051362292469340973899038168892281595141390195810950023466983277566921163862200538696944535043030782730173740013539309040396013712792240128596278330254296490102886899556522138169
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 81b80e638a891218e5fa3b3b50959fe6e5901385
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							2d7ea91915d558016b6e3561d714c022c6b1a810
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'app2103.apac1.birst.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.app2103.apac1.birst.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m01.amazontrust.com/r2m01.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m01.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m01.amazontrust.com/r2m01.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018951c62667000004030047304502200da67ecd50600f41b498193f4d48989f24f884f0b3126233e19996dd363592b0022100ca0cf639aaecc835b1420cf68e2e747f460fcbfa3b6195748ddc136918a2838500750048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018951c6268b000004030046304402202f915b86dca480302d9c80fe55f949dfeda0f975b9de432e8d55db6437d7e17302201a87d2169dd7f719b930d9d9cd6ec3d38e1ba9a47dbaa6e3ac38fff2fe7a605c007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018951c626260000040300473045022022a3f13c5dade426de555c0c09ae9346838893a994f782d0d3430d5327009d4f022100f6b59a15dd80a91e81170b173b7fe1b8e619c38c8ef4dcbf388d9ff5837a0040
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		005f9b9ed7b9b1da47eb2b4bc146bf763374417eef3715b93981ebcad6360a51c0e49b11c8e760181d1d92b4425b881e9a38c203d21948874f08de76db3372dc4f27bb8e690f3609949e22d30c5031259eb9555c5e8d7059c3216ec226da8a13db8268d1f5a5e05a7157839920bbb50e45d5c18b464afdf342d821e29913cc46543c51f6286643b309c73d920165789720538a5e1416728202cc761b5e0aefd6ce1f12248d61518af16786f9b31df82fe8fb461c9292f6224959dd1046689efc616f6ecbcd168c11312b81d86f4d9686cf3caee9d4e0f702abc836f564987a4ead044c043122b551bb3db824f04e97ff3f8588511cf94fcce92f8a832eff2c740b