api.digitalstudios.discovery.com

Issued by Amazon

About this certificate

This digital certificate with serial number 0d:f0:ba:8b:4e:7c:a4:b5:51:57:42:2f:3f:43:31:a4 was issued on by Amazon.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=api.digitalstudios.discovery.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0d:f0:ba:8b:4e:7c:a4:b5:51:57:42:2f:3f:43:31:a4
Serial Number (int): 18529898756443649052560814146184229284
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 74:cc:c2:1c:c2:74:11:be:6b:70:5e:7f:39:61:a9:de:8d:2a:28:cc
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 94:f8:da:03:49:a5:d6:ed:c1:ea:ae:1a:82:8a:7f:ae:c2:9a:e0:95
Fingerprint (sha256): 06:8c:7f:3e:d6:08:91:2f:6b:12:b1:9f:ba:a5:b3:a8:64:a8:97:13:fe:e1:f2:ce:fc:7b:e0:cd:f3:df:36:23

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate api.digitalstudios.discovery.com

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for api.digitalstudios.discovery.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

api.digitalstudios.discovery.com
*.api.digitalstudios.discovery.com
*.api.digitalstudiosproduct.discovery.com

Other certificates including the domain name discovery.com

(limited to 100 certificates)
tvlistings-qa.discovery.com
insider.discovery.com
indiamail.discovery.com
*.disco-api.com
*.discovery.com
passwordsafe-dev.discovery.com
*.nw.discovery.com
email.discovery.com
AWUZAPONARPRO01.dci.discovery.com
*.infra.discovery.com
iasm.discovery.com
adsalesdesign.discovery.com
deliver-qa.discovery.com
blacklineqa1.discovery.com
*.qa2.sauce.digitalstudios.discovery.com
creaapcps01.discovery.com
dev-momentum.discovery.com
insider.discovery.com
adsalesdesign.discovery.com
lnmail1.discovery.com
ir.corporate.discovery.com
japan.discovery.com
dtag-jsreport.devops.discovery.com
discovery.com
lync2013.dci.discovery.com
woody.discovery.com
auth.discovery.com
MUMAAPLYNCSBC02.dci.discovery.com
www.mexico.discovery.com
access.discovery.com
sapsanprd.discovery.com
hybridmail.discovery.com
corporate.discovery.com
*.sauce.digitalstudios.discovery.com
screening.discovery.com
dads.discovery.com
oktaadmin.discovery.com
remote.discovery.com
securestore.discovery.com
lnmail1.discovery.com
ssa.discovery.com
*.dev.discovery.com
adsalesdesign.discovery.com
store.discovery.com
cxoqa.discovery.com
inlet.discovery.com
images.dds.discovery.com
www.adsalesevents.discovery.com
api.digitalstudios.discovery.com
tlssyslog.discovery.com
org.discovery.com
games.discovery.com
leapfrog-ssl-4.gcs-web.com
citrix-director.discovery.com
edgepool2013.discovery.com
insider.discovery.com
deliver-uat.discovery.com
gohelp.discovery.com
*.bcqa.discovery.com
hrmobileinboxsba.discovery.com
www.food.com
dgoauth-qa.discovery.com
cloud-qa.discovery.com
access.discovery.com
*.discovery.com
entrada.discovery.com
lync2013.dci.discovery.com
soundfx.discovery.com
*.videogo.sauce.digitalstudios.discovery.com
straapiptv.discovery.com
lync2013.dci.discovery.com
strrapotxt01.discovery.com
*.prod.discovery.com
discovery.com
blacklineqa1.discovery.com
people.discovery.com
preprod.projectcat.discovery.com
gohelp.discovery.com
dtag-api.devops.discovery.com
tkyzaplyncsba01.dci.discovery.com
strzadtraps01.dci.discovery.com
insider.discovery.com
www.consumerproducts.discovery.com
CXO.discovery.com
*.disco-api.com
linkit-stage.dci.discovery.com
gohelp.discovery.com
lnmail5.discovery.com
www.adsalesevents.discovery.com
auth.discovery.com
epak.discovery.com
gohelp.discovery.com
www.food.com
bk.inotes.discovery.com
*.nw.discovery.com
photoassets.discovery.com
leapfrog-ssl-4.gcs-web.com
access.discovery.com
discovery.com
KTCZIPWRKSFT01.dci.discovery.com

Certificate

The complete raw certificate details for api.digitalstudios.discovery.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF2jCCBMKgAwIBAgIQDfC6i058pLVRV0IvP0MxpDANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMDAyMDkwMDAwMDBaFw0yMTAzMDkx
MjAwMDBaMCsxKTAnBgNVBAMTIGFwaS5kaWdpdGFsc3R1ZGlvcy5kaXNjb3Zlcnku
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Rw7EndL4GmD/7y+
pWmqOMhzwME9ZHT1hdZjMVDUH1EIN/AYGtRUrD76XSC9j3Fb9f6DCRmzwllmIUA9
G71WyD4Gp1NkktpUnIGjpFMsUamz3tZoMPQnNRiihbUTM2D8naqOgFFcURDRzljf
PXh+2VLvFH0WLoJY4ZfSFeZskyWiOCxo6k7G5y70OwPaT+E6M/2vOJ6Gzcw8QXEU
YjrRX0085FjWaH2i6A3m32BIaQDhXPlHvXYJwJ5pRYuQExPkw4jA5p7XNCYWtzO2
N6HVCa4HZbHt9CJEAzXRuzqpZvsWVjR4B3EVL/ZZ4cODseo4q5x6Opsj3Js+LK4h
6OBfcwIDAQABo4IC3TCCAtkwHwYDVR0jBBgwFoAUWaRmBlKge5WSPKOUByeWdFv5
PdAwHQYDVR0OBBYEFHTMwhzCdBG+a3Befzlhqd6NKijMMHoGA1UdEQRzMHGCIGFw
aS5kaWdpdGFsc3R1ZGlvcy5kaXNjb3ZlcnkuY29tgiIqLmFwaS5kaWdpdGFsc3R1
ZGlvcy5kaXNjb3ZlcnkuY29tgikqLmFwaS5kaWdpdGFsc3R1ZGlvc3Byb2R1Y3Qu
ZGlzY292ZXJ5LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuc2NhMWIu
YW1hem9udHJ1c3QuY29tL3NjYTFiLmNybDAgBgNVHSAEGTAXMAsGCWCGSAGG/WwB
AjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8v
b2NzcC5zY2ExYi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9j
cnQuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8EAjAA
MIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAu9nfvB+KcbWTlCOXqpJ7RzhXlQqr
UugakJZkNo4e0YUAAAFwJ6+bTAAABAMASDBGAiEA9FdTEFYvGJ6p4UEbleO4uBrB
WyRioylKu9v2qo2hgoICIQDKnGFaowMb3Hfto8AIkp54rWPsoD7hXziRAkaRi/KU
RQB3AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABcCevm68AAAQD
AEgwRgIhAJUdn4rfRb0KMFY7hpDZqAfcG2STOHfCcc/Xaeb3VeZuAiEAkOr/cP4A
2MK2d4b/p5Wl2RFb7DeiInR7jro3YRlUUZUwDQYJKoZIhvcNAQELBQADggEBAIk6
EfDFAdEP6mYswHKT2E8IsW8saMrMT1kAKOxqGPmrlOqp0sytmvEsjkoBHhPEQfCE
fMtYXW6mfv+ExFH6x4s/u5EQNscc2MNp4wT6KS6AUBxKVMYsfUUEvNuLhZQcG/X+
f0726BRGg69Q9000GbMa8iC5jmgRhC/Y/piipJcri1XacBPz4hFKNKmNl4y6b5q1
hp6u79aHQMFFRQPagH7HMvAQIU0YlHwZlmrNyICe/gwR5syj5LDXsR4eUE8ZYIWT
azPL8dbx/t6HywLZ57pm8bDxV1Aui8Xx3GC0BrV31yt8E44hzAlAPp5h0ZtWIcda
HolFCGE/rFubtHOyAM0=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Rw7EndL4GmD/7y+pWmq
OMhzwME9ZHT1hdZjMVDUH1EIN/AYGtRUrD76XSC9j3Fb9f6DCRmzwllmIUA9G71W
yD4Gp1NkktpUnIGjpFMsUamz3tZoMPQnNRiihbUTM2D8naqOgFFcURDRzljfPXh+
2VLvFH0WLoJY4ZfSFeZskyWiOCxo6k7G5y70OwPaT+E6M/2vOJ6Gzcw8QXEUYjrR
X0085FjWaH2i6A3m32BIaQDhXPlHvXYJwJ5pRYuQExPkw4jA5p7XNCYWtzO2N6HV
Ca4HZbHt9CJEAzXRuzqpZvsWVjR4B3EVL/ZZ4cODseo4q5x6Opsj3Js+LK4h6OBf
cwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 18529898756443649052560814146184229284
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-02-09 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-03-09 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'api.digitalstudios.discovery.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27407633279562126505982782082681570992751532392507923690432945884642432595062291367908142980944101345622962637522732730021746025555362745956591860279074890589126071779511940217163871887412728954697806179513646733703508530030391823560945505321947551020602747036222498826734217795512540622632900136635070106636006487193525189538354243921686332607479783660116735501007969817824166772491400093203927369171752970241728192493785477948662856688599980593108784975934244210540405891380981899535411388410839790932241333956129845498717918343748019281720042886607900393021157219039216236056207449212706108680152490915657173458803
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							74ccc21cc27411be6b705e7f3961a9de8d2a28cc
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (115 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.digitalstudios.discovery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.api.digitalstudios.discovery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.api.digitalstudiosproduct.discovery.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
							00f2007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000017027af9b4c0000040300483046022100f4575310562f189ea9e1411b95e3b8b81ac15b2462a3294abbdbf6aa8da18282022100ca9c615aa3031bdc77eda3c008929e78ad63eca03ee15f38910246918bf294450077008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000017027af9baf0000040300483046022100951d9f8adf45bd0a30563b8690d9a807dc1b64933877c271cfd769e6f755e66e02210090eaff70fe00d8c2b67786ffa795a5d9115bec37a222747b8eba376119545195
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00893a11f0c501d10fea662cc07293d84f08b16f2c68cacc4f590028ec6a18f9ab94eaa9d2ccad9af12c8e4a011e13c441f0847ccb585d6ea67eff84c451fac78b3fbb911036c71cd8c369e304fa292e80501c4a54c62c7d4504bcdb8b85941c1bf5fe7f4ef6e8144683af50f74d3419b31af220b98e6811842fd8fe98a2a4972b8b55da7013f3e2114a34a98d978cba6f9ab5869eaeefd68740c1454503da807ec732f010214d18947c19966acdc8809efe0c11e6cca3e4b0d7b11e1e504f196085936b33cbf1d6f1fede87cb02d9e7ba66f1b0f157502e8bc5f1dc60b406b577d72b7c138e21cc09403e9e61d19b5621c75a1e894508613fac5b9bb473b200cd