*.edit.huffpost.net

Issued by Amazon

About this certificate

This digital certificate with serial number 02:9c:a0:6d:28:ff:ad:f6:92:0d:2f:45:e5:18:c7:8a was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=*.edit.huffpost.net

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 02:9c:a0:6d:28:ff:ad:f6:92:0d:2f:45:e5:18:c7:8a
Serial Number (int): 3471708135596061172619232455605929866
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: da:d5:1c:fa:41:9e:bf:71:d0:1c:a4:ac:2d:41:de:d6:06:75:10:24
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): c9:d1:66:30:d8:c8:48:cb:ba:5b:ad:24:6e:17:f0:a0:ca:a2:3b:b9
Fingerprint (sha256): 08:5b:d9:0c:f3:54:9f:21:69:77:8c:56:2c:3b:09:53:b2:4f:ec:ce:47:93:34:3f:8a:37:3e:fd:09:17:69:c9

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate *.edit.huffpost.net

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.edit.huffpost.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.edit.huffpost.net
edit.huffpost.net

Other certificates including the domain name huffpost.net

(limited to 100 certificates)
staging-securedrop.huffpost.net
*.app-west.buzzfeed.io
*.edit.huffpost.net
staging-elections.huffpost.net
accounts.huffingtonpost.com
*.edit.huffpost.net
accounts.huffingtonpost.com
*.edit.huffpost.net
staging-securedrop.huffpost.net
production-securedrop.huffpost.net
staging-securedrop.huffpost.net
accounts.huffingtonpost.com
*.prod.buzzfeed.io
docker.huffpost.net
*.app-west.buzzfeed.io
*.prod.buzzfeed.io
staging-securedrop.huffpost.net
secrets.huffpost.net
staging-athena-mongo-cms.huffpost.net
*.prod.buzzfeed.io
staging-securedrop.huffpost.net
*.blog.huffpost.net
*.edit.huffpost.net
origin-identifiers.huffpost.net
huffpost.net
*.preview.huffpost.net
*.stage.buzzfeed.io
*.edit.huffpost.net
accounts.huffingtonpost.com
*.prod.buzzfeed.io
yamas.huffpost.net
*.stage.buzzfeed.io
staging-athena-mongo-cms.huffpost.net
*.preview.huffpost.net
*.app-west.buzzfeed.io
*.preview.huffpost.net
*.app-west.buzzfeed.io
*.tools.huffpost.net
*.blog.huffpost.net
accounts.huffingtonpost.com
origin-identifiers.huffpost.net
42.huffpost.net
*.preview.huffpost.net
*.prod.buzzfeed.io
*.stage.buzzfeed.io
staging-elections.huffpost.net
secrets.huffpost.net
*.app-west.buzzfeed.io
origin-identifiers.huffpost.net
*.stage.buzzfeed.io
*.app-west.buzzfeed.io
production-securedrop.huffpost.net
*.content-internal.huffpost.net
*.app-west.buzzfeed.io
staging-elections.huffpost.net
*.unstable.buzzfeed.io
*.edit.huffpost.net
*.prod.buzzfeed.io
*.app-west.buzzfeed.io
*.app-west.buzzfeed.io
staging-elections.huffpost.net
huffpost.net
*.content-internal.huffpost.net
*.preview.huffpost.net
*.preview.huffpost.net
*.unstable.buzzfeed.io
gamp.huffpost.net
secrets.huffpost.net
accounts.huffingtonpost.com
*.huffpost.net
*.prod.buzzfeed.io
*.unstable.buzzfeed.io
*.tools.huffpost.net
*.blog.huffpost.net
*.edit.huffpost.net
huffpost.net
*.tools.huffpost.net
*.stage.buzzfeed.io
*.stage.buzzfeed.io
production-securedrop.huffpost.net
*.huffpost.net
*.app-west.buzzfeed.io
*.prod.buzzfeed.io
*.huffpost.net
origin-identifiers.huffpost.net
*.prod.buzzfeed.io
*.app-west.buzzfeed.io
*.preview.huffpost.net
*.stage.buzzfeed.io
*.unstable.buzzfeed.io
huffpost.net
accounts.huffingtonpost.com
*.prod.buzzfeed.io
docker.huffpost.net
*.prod.buzzfeed.io
production-securedrop.huffpost.net
docker.huffpost.net
jumpmanjumpmanjumpman.huffpost.net
*.tools.huffpost.net
*.edit.huffpost.net

Certificate

The complete raw certificate details for *.edit.huffpost.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF8TCCBNmgAwIBAgIQApygbSj/rfaSDS9F5RjHijANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMTA0MDgwMDAwMDBaFw0yMjA1MDcy
MzU5NTlaMB4xHDAaBgNVBAMMEyouZWRpdC5odWZmcG9zdC5uZXQwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeIn6q5bUTiU6VHIPT8o2tCCzGWnZCY059
J6NlAfKF4DMXK+1sN02Wx838vCrqND+LvHR6rhgwXVdglRSXcHh8+DmHX03zupgz
yAd5EpUPcVx6BHxOVeDKXZwLigii13PYMTiW23kJWuy3+AGAdTTju2a9K02uT41D
waGkeNfx7Q4cKIR+i3268QHT/toZaufGnt0pljIUHRtbVmZO0T0ytcAwK7mkr7gS
2w1Js+I7zyLQ11P0krj9gXknngKgYMjo+q6QRwXEosb96joRsTcKkZxoPUBG/3xu
+qhl1xMqhkEyQVmNu008xfIgkirgCZ7I5T2SaQD+Y1VCk4QfGTrvAgMBAAGjggMB
MIIC/TAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQU
2tUc+kGev3HQHKSsLUHe1gZ1ECQwMQYDVR0RBCowKIITKi5lZGl0Lmh1ZmZwb3N0
Lm5ldIIRZWRpdC5odWZmcG9zdC5uZXQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8v
Y3JsLnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi5jcmwwEwYDVR0gBAwwCjAI
BgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2Nz
cC5zY2ExYi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQu
c2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8EAjAAMIIB
gAYKKwYBBAHWeQIEAgSCAXAEggFsAWoAdwApeb7wnjk5IfBWc59jpXflvld9nGAK
+PlNXSZcJV3HhAAAAXiyhYHhAAAEAwBIMEYCIQCm6hNH+bAGifqioetuoFcbtEAW
oQlQrYBOBx4NUIyABAIhANd/afTkIWwfHFzpmVMMwcgsHAgTgqZhqa0313kARAuC
AHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt/XcaDXG7iDwIAAAF4soWBfwAABAMA
RzBFAiAvXrrdAqfJ9hJ7nP6ITCJ1jpS8qKLIkTQFvbBoV4aUewIhALQwvnF9abeE
qh1iAU6ty3yMh7UcSwRjPgWoPh0GoQEzAHcAUaOw9f0BeZxWbbg3eI8MpHrMGyfL
956IQpoN/tSLBeUAAAF4soWBqAAABAMASDBGAiEA9aNSHCmJyxlkfTGZzc5WtO0F
pyE4TabWvdNDRmbdqX8CIQCGjQXOQyLCf/Mux7ZHWargNXqcoYjQRSokgO5mbxHv
/jANBgkqhkiG9w0BAQsFAAOCAQEAsWu79DaXnRyz3K4KLrP56qTmiN5VBxIuKpu/
LPQWsrYv0TR/g31IIpNIyfhDOcbuNkYJ4SUWEnf9t1iFn35lQk82fCFKhr2FQZ5a
PAoG/d5RiOsjVUpnaGjqCv81+gaLCmYqjxX2W/lNbR5Q43PvvabdW4UL0u2hUmh1
klAp5EarvyXB6Y4jt+PsP1rEnXLRMFsQ/mYyymw16ujJo+WSJfUezh5ZwKy5BrzW
nHpG1MIUzN68tSzQ9KpDtZzb2fg9rRKqRVZ4ztvXuDcN+bJryqMUee/wLCM11g+k
2LufvUOzzLecOw/dzP+6LOH9A/z831jfNC6pr+C/T/3VhGGIGw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3iJ+quW1E4lOlRyD0/KN
rQgsxlp2QmNOfSejZQHyheAzFyvtbDdNlsfN/Lwq6jQ/i7x0eq4YMF1XYJUUl3B4
fPg5h19N87qYM8gHeRKVD3FcegR8TlXgyl2cC4oIotdz2DE4ltt5CVrst/gBgHU0
47tmvStNrk+NQ8GhpHjX8e0OHCiEfot9uvEB0/7aGWrnxp7dKZYyFB0bW1ZmTtE9
MrXAMCu5pK+4EtsNSbPiO88i0NdT9JK4/YF5J54CoGDI6PqukEcFxKLG/eo6EbE3
CpGcaD1ARv98bvqoZdcTKoZBMkFZjbtNPMXyIJIq4AmeyOU9kmkA/mNVQpOEHxk6
7wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 3471708135596061172619232455605929866
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-04-08 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-05-07 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.edit.huffpost.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28041913719943147957118082888848703755490522443187712817020644675324474656365789543705755395198544294666719638691156724777487094923960620580266151990397812799472377002818490564621527215915531905474780761851170169462755215021654382586893717545922566988407159788905084201238543683216238116810673248773216028886697157327498512856057829676473479719676986523576389770640946002508340393707019317620582227281992798047949851417887790489878870506937725179193096032687594987679971535343806253603999317996812731789865469475061068129331936991575414428481368804471177585577950020399052120582312004129278435139864283426749599529711
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							dad51cfa419ebf71d01ca4ac2d41ded606751024
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (42 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.edit.huffpost.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edit.huffpost.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a0077002979bef09e393921f056739f63a577e5be577d9c600af8f94d5d265c255dc78400000178b28581e10000040300483046022100a6ea1347f9b00689faa2a1eb6ea0571bb44016a10950ad804e071e0d508c8004022100d77f69f4e4216c1f1c5ce999530cc1c82c1c081382a661a9ad37d77900440b820076002245450759552456963fa12ff1f76d86e0232663adc04b7f5dc6835c6ee20f0200000178b285817f000004030047304502202f5ebadd02a7c9f6127b9cfe884c22758e94bca8a2c8913405bdb0685786947b022100b430be717d69b784aa1d62014eadcb7c8c87b51c4b04633e05a83e1d06a1013300770051a3b0f5fd01799c566db837788f0ca47acc1b27cbf79e88429a0dfed48b05e500000178b28581a80000040300483046022100f5a3521c2989cb19647d3199cdce56b4ed05a721384da6d6bdd3434666dda97f022100868d05ce4322c27ff32ec7b64759aae0357a9ca188d0452a2480ee666f11effe
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b16bbbf436979d1cb3dcae0a2eb3f9eaa4e688de5507122e2a9bbf2cf416b2b62fd1347f837d48229348c9f84339c6ee364609e125161277fdb758859f7e65424f367c214a86bd85419e5a3c0a06fdde5188eb23554a676868ea0aff35fa068b0a662a8f15f65bf94d6d1e50e373efbda6dd5b850bd2eda1526875925029e446abbf25c1e98e23b7e3ec3f5ac49d72d1305b10fe6632ca6c35eae8c9a3e59225f51ece1e59c0acb906bcd69c7a46d4c214ccdebcb52cd0f4aa43b59cdbd9f83dad12aa455678cedbd7b8370df9b26bcaa31479eff02c2335d60fa4d8bb9fbd43b3ccb79c3b0fddccffba2ce1fd03fcfcdf58df342ea9afe0bf4ffdd58461881b