www.hydrosulphite.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 03:d0:31:0e:7e:24:53:ca:9b:6a:2a:3e:18:07:02:68 was issued on by Amazon.

With 17 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=www.hydrosulphite.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 03:d0:31:0e:7e:24:53:ca:9b:6a:2a:3e:18:07:02:68
Serial Number (int): 5068676720233874157852060391330742888
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 2f:95:f3:b0:95:a3:bf:b1:2a:1f:62:21:98:21:52:94:45:e1:29:e2
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): 6a:0a:b0:ae:4b:85:23:10:b8:dc:75:cf:6e:31:74:fa:ca:16:4a:8d
Fingerprint (sha256): 08:3b:c7:69:1a:bc:59:b7:36:96:ac:ae:99:e4:e9:a6:f0:d9:ec:95:2e:70:4c:41:2b:71:13:be:f8:d4:d9:5e

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate www.hydrosulphite.com

17

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.hydrosulphite.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.hydrosulphite.com
partner.agro.basf.com
revxfields.com
hydrosulphite.com
glysantin.org.cn
experience.partnerportal.basf.com
managereresource.north-america.intranet.basf.com
www.glysantin.ws
www.agrigenio.es
axant-flex.com
www.aroma-ingredients.basf.com
www.glysantin.sk
teraxxa-wins.com
basf-sonatrach-propanchem.com
pestcontrol-secure.basf.us
www.glysantin.tw
www.hydrosulfite.com

Other certificates including the domain name hydrosulphite.com

(limited to 100 certificates)

Certificate

The complete raw certificate details for www.hydrosulphite.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHVzCCBj+gAwIBAgIQA9AxDn4kU8qbaio+GAcCaDANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTI0MDExOTAwMDAwMFoXDTI1MDIxNzIzNTk1OVowIDEe
MBwGA1UEAxMVd3d3Lmh5ZHJvc3VscGhpdGUuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEArSrhZnrzYLfA3bJv9eGcY+dg/qaFxJDOUTOtIHXSDTJe
FGLGYKXMOdegBaGE/DQ1/rpgUfOWt1Eh4J1Lv/v77zMl7czbLP3V9Tr+sYoJ7ZYS
0AvyEQ4dOgJ5cCm4y7qMvEDMHicGuM7TPKXhemDOi36VwkFYL25vMMJmo6f47W/Z
53HyYqrWEGQuIPqqKy2XQf1BOJWaJPdyDGcqA0eRO1bt1sUqXWqoT4q55eR7aZUx
QHZLfw7kFOkdXEjXFFsxqOcbcO+jf3gTqZR4NZXmCoDpBylmUkurwZp4ioCFoBv2
Y7DJN8MwmJhVcPy+fuXD8W17oT0aZSZLis/GuDLgAwIDAQABo4IEbzCCBGswHwYD
VR0jBBgwFoAUwDFSzVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFC+V87CVo7+x
Kh9iIZghUpRF4SniMIIBoAYDVR0RBIIBlzCCAZOCFXd3dy5oeWRyb3N1bHBoaXRl
LmNvbYIVcGFydG5lci5hZ3JvLmJhc2YuY29tgg5yZXZ4ZmllbGRzLmNvbYIRaHlk
cm9zdWxwaGl0ZS5jb22CEGdseXNhbnRpbi5vcmcuY26CIWV4cGVyaWVuY2UucGFy
dG5lcnBvcnRhbC5iYXNmLmNvbYIwbWFuYWdlcmVyZXNvdXJjZS5ub3J0aC1hbWVy
aWNhLmludHJhbmV0LmJhc2YuY29tghB3d3cuZ2x5c2FudGluLndzghB3d3cuYWdy
aWdlbmlvLmVzgg5heGFudC1mbGV4LmNvbYIed3d3LmFyb21hLWluZ3JlZGllbnRz
LmJhc2YuY29tghB3d3cuZ2x5c2FudGluLnNrghB0ZXJheHhhLXdpbnMuY29tgh1i
YXNmLXNvbmF0cmFjaC1wcm9wYW5jaGVtLmNvbYIacGVzdGNvbnRyb2wtc2VjdXJl
LmJhc2YudXOCEHd3dy5nbHlzYW50aW4udHeCFHd3dy5oeWRyb3N1bGZpdGUuY29t
MBMGA1UdIAQMMAowCAYGZ4EMAQIBMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2Ny
bC5yMm0wMi5hbWF6b250cnVzdC5jb20vcjJtMDIuY3JsMHUGCCsGAQUFBwEBBGkw
ZzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3AucjJtMDIuYW1hem9udHJ1c3QuY29t
MDYGCCsGAQUFBzAChipodHRwOi8vY3J0LnIybTAyLmFtYXpvbnRydXN0LmNvbS9y
Mm0wMi5jZXIwDAYDVR0TAQH/BAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFn
AHcATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGNIIRZrAAABAMA
SDBGAiEAh/PMSr0pJDhLKxzbRmPwEY4GLM6CMBxowWOmsh7OAjoCIQDF5ZyAwjUs
iwf6MFeZQJ4KCBnDEUShw9IYaPyLwRG2bQB1AH1ZHhLheCp7HGFnfF79+NCHXBSg
TpWeuQMv2Q6MLnm4AAABjSCEWU8AAAQDAEYwRAIgeTsAdH+1w4unAhb1hrAGL+S5
H1McKEXe2rwSWwcnp7MCIHDrjqmODG2tfKnssRrMCIntOcVUZcvZwuvhlcaR0M1M
AHUA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGNIIRZdQAABAMA
RjBEAiBAv5zp5S1TorBrp7IxXd+wudRcNcx5yI87Nq4mlteltQIgG9AmtWYlSPBW
bYMkdqqIWzoaOrMxYgMbGBqj7TWb+1UwDQYJKoZIhvcNAQELBQADggEBAHgu77s1
xLLnp+/IuQH4m5pRfgRBM7YVE2nM96T/QJicezaw51ND4XQeH5TpbnwUHQMdZ6bw
QWPEmnjXqFObMUu19OzFtYu1bksmPuJw6q0V1/VstsmBpjxc4kR31qIzadxeX8iA
LqGXaRlBhUhl7o+TmEihHyDXAf65oH0/KE6031IwuipxAK5d9u1VDcfOjZmQ5I23
ARsdLR5CpEB/zrtSs4MOn+f1RDAApEObyHYWwyuhuF64V9dgSrK6OSnvr6B1wZlt
uJjtJ0GYo2xA6E/GjNAwln3OzB3xViw4JNlN71PVJ5vNbtR7g2hm+iGBoQaTxPd7
E86i2DOtbIGlFYU=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSrhZnrzYLfA3bJv9eGc
Y+dg/qaFxJDOUTOtIHXSDTJeFGLGYKXMOdegBaGE/DQ1/rpgUfOWt1Eh4J1Lv/v7
7zMl7czbLP3V9Tr+sYoJ7ZYS0AvyEQ4dOgJ5cCm4y7qMvEDMHicGuM7TPKXhemDO
i36VwkFYL25vMMJmo6f47W/Z53HyYqrWEGQuIPqqKy2XQf1BOJWaJPdyDGcqA0eR
O1bt1sUqXWqoT4q55eR7aZUxQHZLfw7kFOkdXEjXFFsxqOcbcO+jf3gTqZR4NZXm
CoDpBylmUkurwZp4ioCFoBv2Y7DJN8MwmJhVcPy+fuXD8W17oT0aZSZLis/GuDLg
AwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 5068676720233874157852060391330742888
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-19 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-17 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.hydrosulphite.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21860371906963225532198497672693709777901549153671041013692741461960959871852283188732508175822830015917515786987481156712358308953984680501879729672855324838140379890107834605351831151288218284709802052241341104108948706691696115862467182859832699263865588833004907727245313020598906116638881470714415536635319316478538345386181353821627105151307477418870769952477797705508335271824895922913365219345321770297339010030299092326470978499451026385349044204671154303605712445992579039219474229824958944494938609785607060561546296020426341688130930197693418122537986237841110274310355010240063100766389423033496357756931
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							2f95f3b095a3bfb12a1f62219821529445e129e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (407 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hydrosulphite.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'partner.agro.basf.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'revxfields.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hydrosulphite.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'glysantin.org.cn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'experience.partnerportal.basf.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'managereresource.north-america.intranet.basf.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.glysantin.ws'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.agrigenio.es'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'axant-flex.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.aroma-ingredients.basf.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.glysantin.sk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'teraxxa-wins.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'basf-sonatrach-propanchem.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pestcontrol-secure.basf.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.glysantin.tw'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hydrosulfite.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							01670077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d208459ac000004030048304602210087f3cc4abd2924384b2b1cdb4663f0118e062cce82301c68c163a6b21ece023a022100c5e59c80c2352c8b07fa305799409e0a0819c31144a1c3d21868fc8bc111b66d0075007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018d2084594f00000403004630440220793b00747fb5c38ba70216f586b0062fe4b91f531c2845dedabc125b0727a7b3022070eb8ea98e0c6dad7ca9ecb11acc0889ed39c55465cbd9c2ebe195c691d0cd4c007500e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018d208459750000040300463044022040bf9ce9e52d53a2b06ba7b2315ddfb0b9d45c35cc79c88f3b36ae2696d7a5b502201bd026b5662548f0566d832476aa885b3a1a3ab33162031b181aa3ed359bfb55
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00782eefbb35c4b2e7a7efc8b901f89b9a517e044133b6151369ccf7a4ff40989c7b36b0e75343e1741e1f94e96e7c141d031d67a6f04163c49a78d7a8539b314bb5f4ecc5b58bb56e4b263ee270eaad15d7f56cb6c981a63c5ce24477d6a23369dc5e5fc8802ea197691941854865ee8f939848a11f20d701feb9a07d3f284eb4df5230ba2a7100ae5df6ed550dc7ce8d9990e48db7011b1d2d1e42a4407fcebb52b3830e9fe7f5443000a4439bc87616c32ba1b85eb857d7604ab2ba3929efafa075c1996db898ed274198a36c40e84fc68cd030967dcecc1df1562c3824d94def53d5279bcd6ed47b836866fa2181a10693c4f77b13cea2d833ad6c81a51585