*.impresafunebrepepiepantini.it
Issued by Actalis Domain Validation Server CA G3
About this certificate
This digital certificate with serial number 53:a6:3b:4c:33:97:bf:84:a4:06:93:0e:6d:49:00:0e was issued on by Actalis S.p.A..
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=*.impresafunebrepepiepantini.it
Actalis S.p.A.
Organization:
Actalis S.p.A.
State / Province:
Bergamo
Locality: Ponte San Pietro
Country: IT
Locality: Ponte San Pietro
Country: IT
This certificate will expire on
Certificate Details
Serial Number (hex): 53:a6:3b:4c:33:97:bf:84:a4:06:93:0e:6d:49:00:0eSerial Number (int): 111189047628138953088434867695579103246
Serial Number lenght: 127 bits, 16 octets
SubjectKeyId: 0c:54:3c:2b:9b:6b:12:ae:5d:3f:f7:a4:10:f2:ee:c1:13:d0:93:83
AuthorityKeyId: 42:83:6d:80:7c:09:84:67:fd:80:57:ab:f1:26:f5:77:c8:22:82:71
Fingerprint (sha1): 5e:0e:29:88:e1:1b:71:b6:16:61:93:e7:44:c9:1e:0d:67:e8:74:b9
Fingerprint (sha256): 07:33:f8:d5:f5:f6:d8:a8:a8:19:f1:8d:21:23:3b:b5:61:20:c4:a2:18:85:9a:cb:b3:13:61:25:87:4c:09:dd
Issuing Certificate URL: http://cacert.actalis.it/certs/actalis-autdvg3
Revocation information
OCSP Server: http://ocsp06.actalis.it/VA/AUTHDV-G3CRL Distribution Point: http://crl06.actalis.it/Repository/AUTHDV-G3/getLastCRL
Check the revocation status for certificate *.impresafunebrepepiepantini.it
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.impresafunebrepepiepantini.it
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Client Authentication
Server Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
impresafunebrepepiepantini.it
*.impresafunebrepepiepantini.it
*.impresafunebrepepiepantini.it
Other certificates including the domain name impresafunebrepepiepantini.it
(limited to 100 certificates)
www.impresafunebrepepiepantini.it
*.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
*.impresafunebrepepiepantini.it
*.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
*.impresafunebrepepiepantini.it
*.impresafunebrepepiepantini.it
*.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
*.impresafunebrepepiepantini.it
*.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
www.impresafunebrepepiepantini.it
*.impresafunebrepepiepantini.it
*.impresafunebrepepiepantini.it
Certificate
The complete raw certificate details for *.impresafunebrepepiepantini.it in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHpDCCBYygAwIBAgIQU6Y7TDOXv4SkBpMObUkADjANBgkqhkiG9w0BAQsFADCB hDELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRl IFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMS8wLQYDVQQDDCZB Y3RhbGlzIERvbWFpbiBWYWxpZGF0aW9uIFNlcnZlciBDQSBHMzAeFw0yMzExMDUw NTI3MzZaFw0yNDEyMDUwNTI3MzVaMCoxKDAmBgNVBAMMHyouaW1wcmVzYWZ1bmVi cmVwZXBpZXBhbnRpbmkuaXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDQ07dIp+91hlNadYgqYgy1FkXY9fZK3vxtK/RH4TsEaElKNQaXs5lItrco/BUP GV2Nb6FDix9XFWXSMwLW0cOl6W5tBNYsHsqEA8iF0Y6aJNB4pT4o2gZrEA/FFXho bkha31KgmGrTLb43tV20z18f7OzJwWGP5t1buGhyvaU5PiPP4tJu5XBa8GYrFOto tj4YN8QDzYjDkGRWSV/bHuzcAcACUTGkFqeIVN//OykOSFUUQRJjpENhSAt0tfN8 GpvNmGAWvQIZa5c0gqvgNkJsU1EOKO4BTbRBbF5ZBucLkc2X+WVr/5ffP2ljkhgo TRP2Ud9it+8zuNnOqAs/FsiTAgMBAAGjggNpMIIDZTAMBgNVHRMBAf8EAjAAMB8G A1UdIwQYMBaAFEKDbYB8CYRn/YBXq/Em9XfIIoJxMH0GCCsGAQUFBwEBBHEwbzA6 BggrBgEFBQcwAoYuaHR0cDovL2NhY2VydC5hY3RhbGlzLml0L2NlcnRzL2FjdGFs aXMtYXV0ZHZnMzAxBggrBgEFBQcwAYYlaHR0cDovL29jc3AwNi5hY3RhbGlzLml0 L1ZBL0FVVEhEVi1HMzBJBgNVHREEQjBAgh1pbXByZXNhZnVuZWJyZXBlcGllcGFu dGluaS5pdIIfKi5pbXByZXNhZnVuZWJyZXBlcGllcGFudGluaS5pdDBRBgNVHSAE SjBIMDwGBiuBHwEXATAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hY3RhbGlz Lml0L2FyZWEtZG93bmxvYWQwCAYGZ4EMAQIBMB0GA1UdJQQWMBQGCCsGAQUFBwMC BggrBgEFBQcDATBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsMDYuYWN0YWxp cy5pdC9SZXBvc2l0b3J5L0FVVEhEVi1HMy9nZXRMYXN0Q1JMMB0GA1UdDgQWBBQM VDwrm2sSrl0/96QQ8u7BE9CTgzAOBgNVHQ8BAf8EBAMCBaAwggF9BgorBgEEAdZ5 AgQCBIIBbQSCAWkBZwB2AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRz AAABi538lQcAAAQDAEcwRQIgd9jVKPL9/FQCr7sBo27Yo0a7dB8bn2XTqNJ/rTUk WeECIQC8+tIOEdyipZGXnz4Nm6ZSwuFwT3Ml8KXSNt/w7ObD/gB2AHb/iD8KtvuV UcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABi538kzQAAAQDAEcwRQIhAOSAM0W0 IrpMq9pZMmTzT4hFCvThpDjneVRLGuc8LNgeAiBKHeRAex98t9tBOeJmhmmUYuSq I0w4Beq65UbccWdEMwB1AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7Wb AAABi538k2MAAAQDAEYwRAIgWBRElmudahEtwAvpeZS1x7ZT5INkLBCCaGlChbDy RF0CIEFX883Dzmz7CzBSPft7IZhbarc+MU68mgTrKU8zOgzyMA0GCSqGSIb3DQEB CwUAA4ICAQCsetP+XRS6I5vhdn/7dV4m6QLIGJWzI/83rWKmu3V8hsQ7/PpGahZn 2CHPl1WNkf8NVBx3DYKFYMCCtyc8YlVaebq0Uw5nVm5Z7zlBqzI61Zi3TPS61I+X 1hdG3755etQB3QMBuuhuQCDRnfJxNPQYZNrviXNBh5Vt7VTRRRzWu47rsk3TiEZ1 2LB0C4do5W67gM/tDsqv2bXYyI4vmLRngCgjCXB6FIz10p6m4eT8VQdVmI0MwJa3 G4RYpbQR8ng0Z93u4PYOAcfBP2H+jQOYuPwI41ehlRXhZM4EdeB0LEHOwMFKeew1 WFtUiiKP9Os+sqJTSo6HoacVA+OUuvGIuWi70iLHeT4PqhZRIRYT4YnT3K2hft1s aMKhPCuJ8HzBAyBy4w6tLXu0y0LfpgfuaOeFnyVcCQbtYzxyM5AgSdBF9BSSoYwx YgGct7123TtyvjIPKYuEFKn+leq2hp64v2nvWcEb8bUmflzd7h5f6rQytBKEL/zn VuY5eWi3BDhmv1Aa4jVF6rTolPnrBQEL1kvra/eqmp9uLue0azAkVBUea4csInxn U8FBu9ZrNILrxMEpL2OEldgpxnCn7reNP6YqSBHZAkxwNf9i6MpsnnvpJP1ypQya aXPIB3UwD4Sq9f+csafsJdgdj/AQPRM/+xy+4GiTl5GqhDnFs/wIkQ== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0NO3SKfvdYZTWnWIKmIM tRZF2PX2St78bSv0R+E7BGhJSjUGl7OZSLa3KPwVDxldjW+hQ4sfVxVl0jMC1tHD pelubQTWLB7KhAPIhdGOmiTQeKU+KNoGaxAPxRV4aG5IWt9SoJhq0y2+N7VdtM9f H+zsycFhj+bdW7hocr2lOT4jz+LSbuVwWvBmKxTraLY+GDfEA82Iw5BkVklf2x7s 3AHAAlExpBaniFTf/zspDkhVFEESY6RDYUgLdLXzfBqbzZhgFr0CGWuXNIKr4DZC bFNRDijuAU20QWxeWQbnC5HNl/lla/+X3z9pY5IYKE0T9lHfYrfvM7jZzqgLPxbI kwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 111189047628138953088434867695579103246 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IT' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Bergamo' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Ponte San Pietro' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Actalis S.p.A.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Actalis Domain Validation Server CA G3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-05 05:27:36 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-12-05 05:27:35 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.impresafunebrepepiepantini.it' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26361968460144526298154805779027858990654549363393723923053471068042586738332888334655191229661091321979081586352576156817456103490023927323204968730832764774713435350949079424546072354686390835048078973727881226774221099884978970483912765207060650870518001012545705506618821619920910623334519241455527098465316770716689990044986951003262971048150534410765843846700800827972402061239002682011229042390626289172385778356555170602234341537106442469260133880687918858584175680928112065381381771542693801272927169371346386920559788560125522644718979705813883760989759980556469928488920594293456135227335916569258423142547 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 42836d807c098467fd8057abf126f577c8228271 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (113 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacert.actalis.it/certs/actalis-autdvg3' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp06.actalis.it/VA/AUTHDV-G3' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'impresafunebrepepiepantini.it' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.impresafunebrepepiepantini.it' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.159.1.23.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.actalis.it/area-download' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (65 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl06.actalis.it/Repository/AUTHDV-G3/getLastCRL' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 0c543c2b9b6b12ae5d3ff7a410f2eec113d09383 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes) 016700760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018b9dfc95070000040300473045022077d8d528f2fdfc5402afbb01a36ed8a346bb741f1b9f65d3a8d27fad352459e1022100bcfad20e11dca2a591979f3e0d9ba652c2e1704f7325f0a5d236dff0ece6c3fe00760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018b9dfc93340000040300473045022100e4803345b422ba4cabda593264f34f88450af4e1a438e779544b1ae73c2cd81e02204a1de4407b1f7cb7db4139e26686699462e4aa234c3805eabae546dc71674433007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018b9dfc936300000403004630440220581444966b9d6a112dc00be97994b5c7b653e483642c108268694285b0f2445d02204157f3cdc3ce6cfb0b30523dfb7b21985b6ab73e314ebc9a04eb294f333a0cf2 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 00ac7ad3fe5d14ba239be1767ffb755e26e902c81895b323ff37ad62a6bb757c86c43bfcfa466a1667d821cf97558d91ff0d541c770d828560c082b7273c62555a79bab4530e67566e59ef3941ab323ad598b74cf4bad48f97d61746dfbe797ad401dd0301bae86e4020d19df27134f41864daef89734187956ded54d1451cd6bb8eebb24dd3884675d8b0740b8768e56ebb80cfed0ecaafd9b5d8c88e2f98b46780282309707a148cf5d29ea6e1e4fc550755988d0cc096b71b8458a5b411f2783467ddeee0f60e01c7c13f61fe8d0398b8fc08e357a19515e164ce0475e0742c41cec0c14a79ec35585b548a228ff4eb3eb2a2534a8e87a1a71503e394baf188b968bbd222c7793e0faa1651211613e189d3dcada17edd6c68c2a13c2b89f07cc1032072e30ead2d7bb4cb42dfa607ee68e7859f255c0906ed633c7233902049d045f41492a18c3162019cb7bd76dd3b72be320f298b8414a9fe95eab6869eb8bf69ef59c11bf1b5267e5cddee1e5feab432b412842ffce756e6397968b7043866bf501ae23545eab4e894f9eb05010bd64beb6bf7aa9a9f6e2ee7b46b302454151e6b872c227c6753c141bbd66b3482ebc4c1292f638495d829c670a7eeb78d3fa62a4811d9024c7035ff62e8ca6c9e7be924fd72a50c9a6973c80775300f84aaf5ff9cb1a7ec25d81d8ff0103d133ffb1cbee068939791aa8439c5b3fc0891