portal.int.gbl.oneid-prd.fsxt.net

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 0c:ec:2e:7c:35:78:5e:d6:ef:c2:2e:89:61:26:5e:9a was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=portal.int.gbl.oneid-prd.fsxt.net

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0c:ec:2e:7c:35:78:5e:d6:ef:c2:2e:89:61:26:5e:9a
Serial Number (int): 17177060839715354027010332982063292058
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 92:9d:d7:31:f4:06:66:04:75:9b:a8:99:5e:36:3a:07:6a:3a:31:3b
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): 4c:32:c4:6d:4f:29:bd:fc:af:f6:c8:79:7c:94:9d:76:d8:51:86:43
Fingerprint (sha256): 09:50:2b:97:92:0e:c2:20:15:c2:a2:7f:dd:af:dd:4d:47:47:8d:9b:31:61:96:49:f6:3d:5f:fc:29:83:49:cf

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate portal.int.gbl.oneid-prd.fsxt.net

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for portal.int.gbl.oneid-prd.fsxt.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

portal.int.gbl.oneid-prd.fsxt.net
portal.withsecure.com

Other certificates including the domain name fsxt.net

(limited to 100 certificates)
ew1-rds-be-ci-rabbitmq-02.rds-ci.fsxt.net
management-api-jamie-brand.cspm-ci.fsxt.net
niemee-test.aws-dev.fsxt.net
live.epp.elements-stg.withsecure.com
accounts-apac-ci.fsxt.net
portal.radar.elements-stg.withsecure.com
fss-ci.fsxt.net
niemee-test.aws-dev.fsxt.net
a.accounts-emea-stg.fsxt.net
avenue-master-admin.fsxt.net
accounts-na-stg.fsxt.net
accounts-ci-integration.fsxt.net
*.facs-stg.fsxt.net
oh-ci.fsxt.net
sieportal.devtoo-ci.fsxt.net
static.accounts-stg.fsxt.net
ew1-rds-ds-stg-bigdata.rds-stg.fsxt.net
psblive.psb-stg.f-secure.com
portal.int.gbl.oneid-prd.fsxt.net
accounts-ci-integration.fsxt.net
fss-ci.fsxt.net
*.my.fsxt.net
static.accounts-stg.fsxt.net
latest.psb-ci.fsxt.net
*.my.fsxt.net
logos-zia.logos.fsxt.net
health.login.int.gbl.oneid-unstable.fsxt.net
accounts-ci-integration.fsxt.net
cognito.auth.mdr-ci.fsxt.net
wsplat-dev.aws-sandbox-2021.fsxt.net
*.push-parthe.aws-dev.fsxt.net
us2.analytics.psb.fsxt.net
connect-ci.fsxt.net
portal.radar-ci.fsxt.net
quickscan-stg.fsxt.net
rusticrule.logos.fsxt.net
*.fusion-stg.fsxt.net
psblive.analytics.psb-stg.fsxt.net
management-api-kornal.cspm-ci.fsxt.net
accounts-ci-integration.fsxt.net
portal4client.ta.fsxt.net
portal.cp.elements-stg.withsecure.com
tormja.attr-ci.fsxt.net
accounts-ci-integration.fsxt.net
playground-stg.fsxt.net
*.facs-stg.fsxt.net
portal-elb.cp-ci.fsxt.net
sharpdome.logos.fsxt.net
tinyladder.logos.fsxt.net
ew1-rds-ds-ci-bigdata.rds-ci.fsxt.net
sieportal.devtoo-stg.fsxt.net
rus-api.radar-stg.fsxt.net
unstable.push-ci.fsxt.net
accounts-ci-integration.fsxt.net
static.accounts-apac-stg.fsxt.net
portal.cp-stg.fsxt.net
arcticsauna.logos.fsxt.net
ew1-rds-be-stg-rabbitmq-01.rds-stg.fsxt.net
polarzeus.logos.fsxt.net
*.accounts-emea-ci.fsxt.net
portal.cp-stg.fsxt.net
dev.radar-ci.fsxt.net
*.fusion-ci.fsxt.net
data-api-simon.cspm-ci.fsxt.net
auth.ci.ccr-ci.fsxt.net
onlinehelp-qe.aws-dev.fsxt.net
*.facs-stg.fsxt.net
playground-stg.fsxt.net
ew1-rds-be-stg-rabbitmq-01.rds-stg.fsxt.net
stable.attr-stg.fsxt.net
portal.int.gbl.oneid-unstable.fsxt.net
onlinehelp-qe.aws-dev.fsxt.net
avenue-master-admin.fsxt.net
*.my.fsxt.net
token.accounts-na-stg.fsapi.com
playground-ci.fsxt.net
a.accounts-na-stg.fsxt.net
playground-ci.fsxt.net
perf.push-ci.fsxt.net
auth.shiksh.ccr-ci.fsxt.net
token.accounts-apac-ci-integration.fsapi.com
*.rdrv2-ci.fsxt.net
*.accounts-emea-stg.fsxt.net
ew1-rds-ds-stg-bigdata.rds-stg.fsxt.net
accounts-ci-integration.fsxt.net
radar-stg.fsxt.net
static.accounts-stg.fsxt.net
auth.dev.ccr-ci.fsxt.net
latest.analytics.psb-ci.fsxt.net
ctf.playground-ci.fsxt.net
idpadmin.accounts-emea-ci-integration.fsxt.net
accounts-ci.fsxt.net
accounts.int.gbl.oneid-unstable.fsxt.net
ew1-rds-ds-ci-bigdata.rds-ci.fsxt.net
elements-stg.fsxt.net
skyblue-psb.fsxt.net
api.mptest1.fsxt.net
seattle.aws-dev.fsxt.net
data-api-simon.cspm-ci.fsxt.net
mdr-artifacts.rds-stg.fsxt.net

Certificate

The complete raw certificate details for portal.int.gbl.oneid-prd.fsxt.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIQDOwufDV4Xtbvwi6JYSZemjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTI0MDEwNTAwMDAwMFoXDTI1MDIwMzIzNTk1OVowLDEq
MCgGA1UEAxMhcG9ydGFsLmludC5nYmwub25laWQtcHJkLmZzeHQubmV0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVwLYUMNySqNGcJxgp4G8RtalYSn
BnLQjsTGrSMSEJoR62XQnbBeSgMe7xsa8RhABf/Flb31dneoabuaZGdLLnE1FZ8F
fFHy/SI2acSoR/cxjhLclbPLpBxEQPdNHBDUObJQUVwSrbaSZqb0NwNeDQWie5RG
GnubMkPrf3OjB7RSurOTQQ13vkVRWcIoJXEcRZoRhh5X1hWIWvkD6y1LhQf5mCr3
ETwDaxJjqxFJ4Wr931YOBz3YuwNhZjddza2bBOdlf2O30Bi/BCepxFRHfVS86QGw
juDGHH6Y9oVSKi9oZCXVjxda43ZTnP3PUdQF6yKuFwqld/rnj+6KjkJn6QIDAQAB
o4IDETCCAw0wHwYDVR0jBBgwFoAUwDFSzVpQw4J8dHHOy+mc+XrrguIwHQYDVR0O
BBYEFJKd1zH0BmYEdZuomV42OgdqOjE7MEMGA1UdEQQ8MDqCIXBvcnRhbC5pbnQu
Z2JsLm9uZWlkLXByZC5mc3h0Lm5ldIIVcG9ydGFsLndpdGhzZWN1cmUuY29tMBMG
A1UdIAQMMAowCAYGZ4EMAQIBMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5y
Mm0wMi5hbWF6b250cnVzdC5jb20vcjJtMDIuY3JsMHUGCCsGAQUFBwEBBGkwZzAt
BggrBgEFBQcwAYYhaHR0cDovL29jc3AucjJtMDIuYW1hem9udHJ1c3QuY29tMDYG
CCsGAQUFBzAChipodHRwOi8vY3J0LnIybTAyLmFtYXpvbnRydXN0LmNvbS9yMm0w
Mi5jZXIwDAYDVR0TAQH/BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA
TnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGM1vzj1wAABAMARjBE
AiBcVrmAnE1L5zOLVlZWzCJk3zNfFLawrisWPSX1nSQ+DQIgC/wg5NFrHUsGcX14
z0DmLMkRheH7y/piOyYl2R5sFW8AdwB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkD
L9kOjC55uAAAAYzW/OPcAAAEAwBIMEYCIQC0tDcTBZ9a4rx0ybo14eu38D87yJVv
9Rm2IQSae7yEJQIhAIWqdcIXXLqkL4Fk4SO+RcOosV8OZaxP1NjyXHwW0OBCAHYA
5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGM1vzj/AAABAMARzBF
AiEAh9o3dONzh51gskMatCPQW2Ddhi0vPOsPkuE2DN2KW8MCIHCMHTJLg5H/A5Ya
o+spcMJFZa9iagWplcaIJHVWH6eyMA0GCSqGSIb3DQEBCwUAA4IBAQAJQOj0rcuC
pFbq+XgSk7jwBO5k3R6DmLpfp+U2pPxrig3o6AMkoDI9hBj86U+87mtUxNZS3i0V
gWpeVQb/bxUxZTa4zsw9gJYeYFawI1Q9O9FIl9j4Su0Wj7P9Xp/W4ZknFajfnmnK
77O4NdgwKvGHruQskou14hFMXdB8OIVnMtSVaMHJEYiomwOQGhXGvR8Bs82bfe/g
dT/G/ISiDJKbGwNhbEPn959UIaNSpsE4/VqEt7gD/TCk25VhoKgWu/aNwiYAgR7/
HQ7IA71yuKNS+UG7+61hCyUuxyYuNXuytiFB0nX4M6As1b9j/3BXkyrFPhQcXg1P
Dwy0ASI5IRyM
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVwLYUMNySqNGcJxgp4G
8RtalYSnBnLQjsTGrSMSEJoR62XQnbBeSgMe7xsa8RhABf/Flb31dneoabuaZGdL
LnE1FZ8FfFHy/SI2acSoR/cxjhLclbPLpBxEQPdNHBDUObJQUVwSrbaSZqb0NwNe
DQWie5RGGnubMkPrf3OjB7RSurOTQQ13vkVRWcIoJXEcRZoRhh5X1hWIWvkD6y1L
hQf5mCr3ETwDaxJjqxFJ4Wr931YOBz3YuwNhZjddza2bBOdlf2O30Bi/BCepxFRH
fVS86QGwjuDGHH6Y9oVSKi9oZCXVjxda43ZTnP3PUdQF6yKuFwqld/rnj+6KjkJn
6QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 17177060839715354027010332982063292058
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-05 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-03 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'portal.int.gbl.oneid-prd.fsxt.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17844989811578402028677230238315690283618611840402198564415003122685888583121019301013734065517572466210642964470237804743256830256326542571424505939614968627890015988287321068763124049306689655386025251047237436484717413760724020710868663223671568485193572177160421697557796503351931117737862899157055154871187894283521721455636605921107536508078542902647717854625743272742359559250255250657961360515214580291803077631861947904707809765461534986058924118430793357429898213871870240566546582490062229237229877580625789920004437690871110289158643520273139898850751363919627711521479886833865643125791245314122754189289
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							929dd731f4066604759ba8995e363a076a3a313b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (60 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'portal.int.gbl.oneid-prd.fsxt.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'portal.withsecure.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680075004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018cd6fce3d7000004030046304402205c56b9809c4d4be7338b565656cc2264df335f14b6b0ae2b163d25f59d243e0d02200bfc20e4d16b1d4b06717d78cf40e62cc91185e1fbcbfa623b2625d91e6c156f0077007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018cd6fce3dc0000040300483046022100b4b43713059f5ae2bc74c9ba35e1ebb7f03f3bc8956ff519b621049a7bbc842502210085aa75c2175cbaa42f8164e123be45c3a8b15f0e65ac4fd4d8f25c7c16d0e042007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018cd6fce3fc000004030047304502210087da3774e373879d60b2431ab423d05b60dd862d2f3ceb0f92e1360cdd8a5bc30220708c1d324b8391ff03961aa3eb2970c24565af626a05a995c6882475561fa7b2
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000940e8f4adcb82a456eaf9781293b8f004ee64dd1e8398ba5fa7e536a4fc6b8a0de8e80324a0323d8418fce94fbcee6b54c4d652de2d15816a5e5506ff6f15316536b8cecc3d80961e6056b023543d3bd14897d8f84aed168fb3fd5e9fd6e1992715a8df9e69caefb3b835d8302af187aee42c928bb5e2114c5dd07c38856732d49568c1c91188a89b03901a15c6bd1f01b3cd9b7defe0753fc6fc84a20c929b1b03616c43e7f79f5421a352a6c138fd5a84b7b803fd30a4db9561a0a816bbf68dc22600811eff1d0ec803bd72b8a352f941bbfbad610b252ec7262e357bb2b62141d275f833a02cd5bf63ff7057932ac53e141c5e0d4f0f0cb4012239211c8c