int-tucanada.lifelock.com

Issued by Amazon

About this certificate

This digital certificate with serial number 07:e0:69:74:68:5e:01:a7:d7:93:21:cc:2a:71:43:e5 was issued on by Amazon.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=int-tucanada.lifelock.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 07:e0:69:74:68:5e:01:a7:d7:93:21:cc:2a:71:43:e5
Serial Number (int): 10469809342581535446145358081631011813
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: bb:94:86:7d:96:15:ae:f2:40:8d:9d:30:26:73:ad:57:92:7b:23:12
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 78:fd:15:d6:45:b7:b1:f7:07:d5:aa:af:fa:da:cd:5a:aa:77:3d:22
Fingerprint (sha256): 07:0d:d9:40:ec:7e:85:db:5e:d7:7c:16:28:2a:19:33:17:51:0c:c2:9d:02:49:38:dd:bc:8e:80:3f:e3:2d:47

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b-1.crl

Check the revocation status for certificate int-tucanada.lifelock.com

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for int-tucanada.lifelock.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

int-tucanada.lifelock.com
int-tucan-alerts.lifelock.com
int1-dp-tucacralrt-ext.dev.aws.lifelock.com
int1-dp-tucacralrt.dev.aws.lifelock.com

Other certificates including the domain name lifelock.com

(limited to 100 certificates)
pcissl001.insnw.net
sehf4.mgmt.aws.lifelock.com
prod1-fe-dwm.prod.aws.lifelock.com
txm-finapp-stage.lifelock.com
pcissl001.insnw.net
duo.lifelock.com
www-stage.norton.com
qa-us.np.norton.com
pcissl001.insnw.net
llprivacy-int.norton.com
mtls.dev.aws.lifelock.com
view.email.lifelock.com
int-constell.lifelock.com
www.lifelock.com
ent-jenkins.lifelock.com
*.stage.aws.lifelock.com
dev-techops-jenkins.lifelock.com
myaccess.lifelock.com
www.norton.com
prod1-fe-dsp.prod.aws.lifelock.com
int2-fe-dsp.dev.aws.lifelock.com
dev-techops-jenkins.lifelock.com
4iq.lifelock.com
infolock.lifelock.com
dev-stash.lifelock.com
agentdesktop.lifelock.com
akamai-san18.exacttarget.com
*.lifelock.com
pki-int.mgmt.aws.lifelock.com
teampassv3.dev.aws.lifelock.com
prod1-green-fe-dsp.prod.aws.lifelock.com
pages.email.lifelock.com
nortonlifelock.com
int-tucanada.lifelock.com
txm-finapp.lifelock.com
dev1-fe-cct.dev.aws.lifelock.com
www.norton.com
pcissl001.insnw.net
equifax.lifelock.com
ent-jenkins.lifelock.com
pki-int.stage.aws.lifelock.com
infoburst.prod.aws.lifelock.com
pki-int.corp.aws.lifelock.com
akamai-san18.exacttarget.com
searchsafe.lifelock.com
teampassv3.dev.aws.lifelock.com
akamai-san18.exacttarget.com
*.dev.aws.lifelock.com
pcissl001.insnw.net
int2-fe-dsp.dev.aws.lifelock.com
dev1-fe-cct.dev.aws.lifelock.com
chefci.lifelock.com
www.norton.com
voltage-pp-0000.lifelock.com
dev1-fe-dsp.dev.aws.lifelock.com
dev-techops-jenkins.lifelock.com
int1-fe-pm-fe.lifelock.com
stage-wiki.lifelock.com
jira.lifelock.com
www-stage.norton.com
pcissl001.insnw.net
store.lifelock.com
pki-int.stage.aws.lifelock.com
infolock.lifelock.com
stage-www.lifelock.com
int1-fe-dwm.dev.aws.lifelock.com
dev-duo.lifelock.com
int1-fe-dsp.dev.aws.lifelock.com
media5.adlegend.com
pcissl001.insnw.net
pki-int.corp.aws.lifelock.com
tucanada.lifelock.com
stage4-www.lifelock.com
int1-fe-memex-api-ext.dev.aws.lifelock.com
int1-fe-memex-api-ext.dev.aws.lifelock.com
dev1-green-fe-dwm.dev.aws.lifelock.com
chefci.dev.aws.lifelock.com
dev-partner-docs.norton.com
int2-fe-dsp.dev.aws.lifelock.com
voltage-pp-0000.lifelock.com
prod1-fe-dwm.prod.aws.lifelock.com
prod1-fe-cct.prod.aws.lifelock.com
*.dev.aws.lifelock.com
dev1-fe-memex-api-ext.dev.aws.lifelock.com
stage-asyswcceem-m01.stage.aws.lifelock.com
int1-fe-dsp.dev.aws.lifelock.com
voltage-pp-0000.dev.lifelock.com
tableau.prod.aws.lifelock.com
transfer.lifelock.com
equifax.lifelock.com
pki-int.prod.aws.lifelock.com
int1-fe-dsp-b.dev.aws.lifelock.com
splunk-hf-1.mgmt.aws.lifelock.com
stage-transfer.lifelock.com
pcissl001.insnw.net
int1-fe-dsp-b.dev.aws.lifelock.com
prod1-fe-dwm.prod.aws.lifelock.com
support-devdigital.norton.com
store.lifelock.com
old-stash.lifelock.com

Certificate

The complete raw certificate details for int-tucanada.lifelock.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIQB+BpdGheAafXkyHMKnFD5TANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMjA4MTQwMDAwMDBaFw0yMzA5MTIy
MzU5NTlaMCQxIjAgBgNVBAMTGWludC10dWNhbmFkYS5saWZlbG9jay5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU0rDBciC4BK4LySWVI+HiWmZn
Xz7fG3uMAJQxueoPRBkVikUOsqrm6ZFsCKOBDbDjy6ZsV7tvdxxbLkLIbB0Ke3Zl
9bJnKEjjkCf210/jN8viQuTLZDtUTHr9K+LeD5DEhmj+W2XN+Jx+dwdkTRwlTfi4
WV8oXnAfa5HOz7gS0nEuZEdG9iDP5PEBKp51KM2BfcekUM8m8xmT76jXRuGBbDDP
+sfFUfnuYxydw60rOMCAJiuaQmWFc/2MJdbq5n9bKbnCaOgj4ZszSAOLCoaeJJuD
a2kzHX1SMIhyfaSAY/7F19dNqLubhqpdY+/PdClv+fFSbq8U+nq+8FdRI09LAgMB
AAGjggH/MIIB+zAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNV
HQ4EFgQUu5SGfZYVrvJAjZ0wJnOtV5J7IxIwgZsGA1UdEQSBkzCBkIIZaW50LXR1
Y2FuYWRhLmxpZmVsb2NrLmNvbYIdaW50LXR1Y2FuLWFsZXJ0cy5saWZlbG9jay5j
b22CK2ludDEtZHAtdHVjYWNyYWxydC1leHQuZGV2LmF3cy5saWZlbG9jay5jb22C
J2ludDEtZHAtdHVjYWNyYWxydC5kZXYuYXdzLmxpZmVsb2NrLmNvbTAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2
MDQwMqAwoC6GLGh0dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFi
LTEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMHUGCCsGAQUFBwEBBGkwZzAtBggr
BgEFBQcwAYYhaHR0cDovL29jc3Auc2NhMWIuYW1hem9udHJ1c3QuY29tMDYGCCsG
AQUFBzAChipodHRwOi8vY3J0LnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi5j
cnQwDAYDVR0TAQH/BAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0B
AQsFAAOCAQEAAEQApIf/hOYP8v+1A+eQmt3lAJQIueFd3kIsEAwsga/t1yoQm7dy
nt1fXj8GsOVuVamm+NQ7+jHMJy9ohOUbV0R/Uv6UvqT5M7uz7bdCW66BpsYQ8yXy
IeSkIWF7G9NXOEO7qrieiXqqf0Fu52Qtb91GoPR2nKp4qs+XZL44JKlsB5lrFqWH
bPjyZnHjmKQk5/W0PoC+k/r2iPquP+K8xFXsQUHibXVqg1ocv3zJrFiRxBnRoTJT
PuuHzyxTZOveKmkb5wa0X5Y0Y8uZRBt7YbBoxMsA292oAVEeSI334CxyqY8jvwag
i9SHDxMH5HehClG4wFopHj0CUB4s36v21Q==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NKwwXIguASuC8kllSPh
4lpmZ18+3xt7jACUMbnqD0QZFYpFDrKq5umRbAijgQ2w48umbFe7b3ccWy5CyGwd
Cnt2ZfWyZyhI45An9tdP4zfL4kLky2Q7VEx6/Svi3g+QxIZo/ltlzficfncHZE0c
JU34uFlfKF5wH2uRzs+4EtJxLmRHRvYgz+TxASqedSjNgX3HpFDPJvMZk++o10bh
gWwwz/rHxVH57mMcncOtKzjAgCYrmkJlhXP9jCXW6uZ/Wym5wmjoI+GbM0gDiwqG
niSbg2tpMx19UjCIcn2kgGP+xdfXTai7m4aqXWPvz3Qpb/nxUm6vFPp6vvBXUSNP
SwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 10469809342581535446145358081631011813
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-08-14 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-12 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'int-tucanada.lifelock.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26866415986793905587629260880465003619725563841751432303939046396652163470041695558195037085071090104703558399603998997849177917972651429189739847456458514456102015470197894977717966605283329755156150472550018212833511639967692153320965965706600070252948776635628578691566114275730693893356624098435283212498855998921847648300100699231822946571440621284249054839649147656579296967103145972128833849351552182014582874783961251341648821654055186403389266598212514888328219555540314170450394621596923923291776875742701168616362425182254914555763119164195432898194770747440329183644352757000629311512183368907345870671691
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							bb94867d9615aef2408d9d302673ad57927b2312
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (147 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'int-tucanada.lifelock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'int-tucan-alerts.lifelock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'int1-dp-tucacralrt-ext.dev.aws.lifelock.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'int1-dp-tucacralrt.dev.aws.lifelock.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00004400a487ff84e60ff2ffb503e7909adde5009408b9e15dde422c100c2c81afedd72a109bb7729edd5f5e3f06b0e56e55a9a6f8d43bfa31cc272f6884e51b57447f52fe94bea4f933bbb3edb7425bae81a6c610f325f221e4a421617b1bd3573843bbaab89e897aaa7f416ee7642d6fdd46a0f4769caa78aacf9764be3824a96c07996b16a5876cf8f26671e398a424e7f5b43e80be93faf688faae3fe2bcc455ec4141e26d756a835a1cbf7cc9ac5891c419d1a132533eeb87cf2c5364ebde2a691be706b45f963463cb99441b7b61b068c4cb00dbdda801511e488df7e02c72a98f23bf06a08bd4870f1307e477a10a51b8c05a291e3d02501e2cdfabf6d5