www.nbcsportsathletedirect.com

Issued by Amazon RSA 2048 M01

About this certificate

This digital certificate with serial number 0d:62:1d:e3:03:3c:b3:12:dc:9d:fa:20:c4:87:d8:b6 was issued on by Amazon.

With 30 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=www.nbcsportsathletedirect.com

Amazon

Organization: Amazon
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0d:62:1d:e3:03:3c:b3:12:dc:9d:fa:20:c4:87:d8:b6
Serial Number (int): 17789415213013552321972285856924817590
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: ef:3c:34:45:e8:b1:57:58:7d:d8:4b:5d:af:e8:83:f8:01:2f:6d:19
AuthorityKeyId: 81:b8:0e:63:8a:89:12:18:e5:fa:3b:3b:50:95:9f:e6:e5:90:13:85

Fingerprint (sha1): e7:63:af:34:b7:3f:9d:65:9f:a7:03:bf:29:89:90:02:33:ef:69:38
Fingerprint (sha256): 09:c7:11:b0:d2:62:13:19:e6:c7:55:59:0d:33:ad:d4:98:1a:6f:5f:fa:06:7c:c7:a2:fa:d7:e0:fa:1c:a6:11

Issuing Certificate URL: http://crt.r2m01.amazontrust.com/r2m01.cer

Revocation information

OCSP Server: http://ocsp.r2m01.amazontrust.com
CRL Distribution Point: http://crl.r2m01.amazontrust.com/r2m01.crl

Check the revocation status for certificate www.nbcsportsathletedirect.com

30

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.nbcsportsathletedirect.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.nbcsportsathletedirect.com
nbcathletesdirect.net
nbcathletedirect.net
www.nbcsportsathletedirect.net
nbcsportnil.net
athletedirect.production.nbc-sports.brightspot.cloud
nbcsportathletesdirect.com
cms.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportathletedirect.net
nbcsportsathletedirect.net
static.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportsnil.com
nbcsportsad.net
nbcsad.brightspotcdn.com
*.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportad.net
brightspot.nbcsportsathletedirect.com
nbcathletesdirect.com
nbcathletedirect.com
nbcsportnil.com
nbcsportathletedirect.com
nbcsportsathletedirect.com
nbcsportad.com
verify.cms.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportathletesdirect.net
origin.athletedirect.production.nbc-sports.brightspot.cloud
verify.origin.athletedirect.production.nbc-sports.brightspot.cloud
*.origin.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportsnil.net
nbcsportsad.com

Other certificates including the domain name nbcsportsathletedirect.com

(limited to 100 certificates)
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
origin.athletedirect.production.nbc-sports.brightspot.cloud
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com

Certificate

The complete raw certificate details for www.nbcsportsathletedirect.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJvTCCCKWgAwIBAgIQDWId4wM8sxLcnfogxIfYtjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDQyNDAwMDAwMFoXDTI0MDUyMjIzNTk1OVowKTEn
MCUGA1UEAxMed3d3Lm5iY3Nwb3J0c2F0aGxldGVkaXJlY3QuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKBKqMy1qgeWPsohySSGR6csUCxKJFeM
RAn0NCMCWCsMOsq7ft5BvkWbIp9ZNWbwRHhZ4N0bMIGaLpRTmUR3v7ikX0X+H7Oy
wVkbJyINPCgAnEdfrh9k+IAOWhHthGaKg5GtUDLfpD73rEPvnDu/uPmcHg8brMMu
bSGz0otj7PPKyCyWOo8Z/cZ+EeXh4Lr7zN7LotWO/znpgI8A7uOpopbDgahPcyD4
QY5W3s6EqCEeXJ4NBZq5N0nOMFP4DUgBDjjmccysKwTIaMDVGgDKAK374siYGFRp
qLsN3tAxnv25YLzVI7VlkSTAAj9UUMF7Prk6Uw8ORyF+95993UmpiQIDAQABo4IG
zDCCBsgwHwYDVR0jBBgwFoAUgbgOY4qJEhjl+js7UJWf5uWQE4UwHQYDVR0OBBYE
FO88NEXosVdYfdhLXa/og/gBL20ZMIID/AYDVR0RBIID8zCCA++CHnd3dy5uYmNz
cG9ydHNhdGhsZXRlZGlyZWN0LmNvbYIVbmJjYXRobGV0ZXNkaXJlY3QubmV0ghRu
YmNhdGhsZXRlZGlyZWN0Lm5ldIIed3d3Lm5iY3Nwb3J0c2F0aGxldGVkaXJlY3Qu
bmV0gg9uYmNzcG9ydG5pbC5uZXSCNGF0aGxldGVkaXJlY3QucHJvZHVjdGlvbi5u
YmMtc3BvcnRzLmJyaWdodHNwb3QuY2xvdWSCGm5iY3Nwb3J0YXRobGV0ZXNkaXJl
Y3QuY29tgjhjbXMuYXRobGV0ZWRpcmVjdC5wcm9kdWN0aW9uLm5iYy1zcG9ydHMu
YnJpZ2h0c3BvdC5jbG91ZIIZbmJjc3BvcnRhdGhsZXRlZGlyZWN0Lm5ldIIabmJj
c3BvcnRzYXRobGV0ZWRpcmVjdC5uZXSCO3N0YXRpYy5hdGhsZXRlZGlyZWN0LnBy
b2R1Y3Rpb24ubmJjLXNwb3J0cy5icmlnaHRzcG90LmNsb3VkghBuYmNzcG9ydHNu
aWwuY29tgg9uYmNzcG9ydHNhZC5uZXSCGG5iY3NhZC5icmlnaHRzcG90Y2RuLmNv
bYI2Ki5hdGhsZXRlZGlyZWN0LnByb2R1Y3Rpb24ubmJjLXNwb3J0cy5icmlnaHRz
cG90LmNsb3Vkgg5uYmNzcG9ydGFkLm5ldIIlYnJpZ2h0c3BvdC5uYmNzcG9ydHNh
dGhsZXRlZGlyZWN0LmNvbYIVbmJjYXRobGV0ZXNkaXJlY3QuY29tghRuYmNhdGhs
ZXRlZGlyZWN0LmNvbYIPbmJjc3BvcnRuaWwuY29tghluYmNzcG9ydGF0aGxldGVk
aXJlY3QuY29tghpuYmNzcG9ydHNhdGhsZXRlZGlyZWN0LmNvbYIObmJjc3BvcnRh
ZC5jb22CP3ZlcmlmeS5jbXMuYXRobGV0ZWRpcmVjdC5wcm9kdWN0aW9uLm5iYy1z
cG9ydHMuYnJpZ2h0c3BvdC5jbG91ZIIabmJjc3BvcnRhdGhsZXRlc2RpcmVjdC5u
ZXSCO29yaWdpbi5hdGhsZXRlZGlyZWN0LnByb2R1Y3Rpb24ubmJjLXNwb3J0cy5i
cmlnaHRzcG90LmNsb3VkgkJ2ZXJpZnkub3JpZ2luLmF0aGxldGVkaXJlY3QucHJv
ZHVjdGlvbi5uYmMtc3BvcnRzLmJyaWdodHNwb3QuY2xvdWSCPSoub3JpZ2luLmF0
aGxldGVkaXJlY3QucHJvZHVjdGlvbi5uYmMtc3BvcnRzLmJyaWdodHNwb3QuY2xv
dWSCEG5iY3Nwb3J0c25pbC5uZXSCD25iY3Nwb3J0c2FkLmNvbTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIw
MKAuoCyGKmh0dHA6Ly9jcmwucjJtMDEuYW1hem9udHJ1c3QuY29tL3IybTAxLmNy
bDATBgNVHSAEDDAKMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUH
MAGGIWh0dHA6Ly9vY3NwLnIybTAxLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcw
AoYqaHR0cDovL2NydC5yMm0wMS5hbWF6b250cnVzdC5jb20vcjJtMDEuY2VyMAwG
A1UdEwEB/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB1AO7N0GTV2xrO
xVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABh7Np+2cAAAQDAEYwRAIgAVJtH9A+
HtY/DOhccRizSv7JxTsW4sUO62PREA1B5WACIAWWEv6D4w/LaWn4q6/QioPwJfho
RAZh8Okrfi2Ss0qzAHYAc9meiRtMlnigIH1HneayxhzQUV5xGSqMa4AQesF3crUA
AAGHs2n7gAAABAMARzBFAiEAuovd1sjXYOqovGvktcLGN0tokhT6quc0ZxDA+YLj
UKQCIBsyWDrhvIcoHvjApBfG8tHKYPVG+JdaIo8kIgFhIQjEAHcASLDja9qmRzQP
5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGHs2n7TQAABAMASDBGAiEA/CBqmDBH
tmJi5Abs9bFyASRmvYe2gAZuB4EJAkSIAzACIQCSQFtkznyeSQ3RogGDzTNX9yEm
N9pNehE6en04MS8ZtzANBgkqhkiG9w0BAQsFAAOCAQEAlK1lpntpEhYnEMDxBmuj
LIxPLo9l7+jTWNtaBh1Cpm0VjRW26m5/rCPTEviOBdSahh0pAXO47a+JTBehdz9G
+cR/oeur1IThnbThOb/1ks4NUzVsKQCv4+aNe94AP/Eh+HCl30p8W5dv5WqR9Umq
PR1md5ZF7NUZYJ9QDCcOKTHRelTlFJSun5mJD22t8owuvFlmM60QxDCHBLQvpi6b
h9Vm4iGRO9bQmgzMg0uCfibZXlCTd+rlgYkYgP4Uf/eqJYevNW5bxW92mNK5gtH4
m47KE45+OV1tTJ6w/xW+DAkLaB77k8YwkFxS5vj9aIDUzME7c8Ue/lxN5HuCBKUQ
MA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKBKqMy1qgeWPsohySSG
R6csUCxKJFeMRAn0NCMCWCsMOsq7ft5BvkWbIp9ZNWbwRHhZ4N0bMIGaLpRTmUR3
v7ikX0X+H7OywVkbJyINPCgAnEdfrh9k+IAOWhHthGaKg5GtUDLfpD73rEPvnDu/
uPmcHg8brMMubSGz0otj7PPKyCyWOo8Z/cZ+EeXh4Lr7zN7LotWO/znpgI8A7uOp
opbDgahPcyD4QY5W3s6EqCEeXJ4NBZq5N0nOMFP4DUgBDjjmccysKwTIaMDVGgDK
AK374siYGFRpqLsN3tAxnv25YLzVI7VlkSTAAj9UUMF7Prk6Uw8ORyF+95993Ump
iQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 17789415213013552321972285856924817590
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M01'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-04-24 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-22 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.nbcsportsathletedirect.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24316797306232668066646427162647699543836100516677118086546841850946230480167373852432834507408435065593029198971200490455114770955404057092318184162427448953895595104538803000265382339459843494003993589250663089363388961521781206394838107976153733846183697724757806277310322206393994429604695002807143617142288889644409331894258882041911860389486192238558020369084173317243002932550701988768951040692636251835005860760255852043537417849260924217696196319455408723133614722383411201760334206967462414645697555484956350163390450317177766154485899759491973004233814768347360168648687071044092655517245079612444774082953
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 81b80e638a891218e5fa3b3b50959fe6e5901385
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							ef3c3445e8b157587dd84b5dafe883f8012f6d19
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1011 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.nbcsportsathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcathletesdirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcathletedirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.nbcsportsathletedirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportnil.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportathletesdirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cms.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportathletedirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsathletedirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'static.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsnil.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsad.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsad.brightspotcdn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportad.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'brightspot.nbcsportsathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcathletesdirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportnil.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportad.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'verify.cms.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportathletesdirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'origin.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'verify.origin.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.origin.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsnil.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsad.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m01.amazontrust.com/r2m01.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m01.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m01.amazontrust.com/r2m01.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b00000187b369fb670000040300463044022001526d1fd03e1ed63f0ce85c7118b34afec9c53b16e2c50eeb63d1100d41e5600220059612fe83e30fcb6969f8abafd08a83f025f868440661f0e92b7e2d92b34ab300760073d99e891b4c9678a0207d479de6b2c61cd0515e71192a8c6b80107ac17772b500000187b369fb800000040300473045022100ba8bddd6c8d760eaa8bc6be4b5c2c6374b689214faaae7346710c0f982e350a402201b32583ae1bc87281ef8c0a417c6f2d1ca60f546f8975a228f242201612108c400770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d8847300000187b369fb4d0000040300483046022100fc206a983047b66262e406ecf5b172012466bd87b680066e078109024488033002210092405b64ce7c9e490dd1a20183cd3357f7212637da4d7a113a7a7d38312f19b7
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0094ad65a67b6912162710c0f1066ba32c8c4f2e8f65efe8d358db5a061d42a66d158d15b6ea6e7fac23d312f88e05d49a861d290173b8edaf894c17a1773f46f9c47fa1ebabd484e19db4e139bff592ce0d53356c2900afe3e68d7bde003ff121f870a5df4a7c5b976fe56a91f549aa3d1d66779645ecd519609f500c270e2931d17a54e51494ae9f99890f6dadf28c2ebc596633ad10c4308704b42fa62e9b87d566e221913bd6d09a0ccc834b827e26d95e509377eae581891880fe147ff7aa2587af356e5bc56f7698d2b982d1f89b8eca138e7e395d6d4c9eb0ff15be0c090b681efb93c630905c52e6f8fd6880d4ccc13b73c51efe5c4de47b8204a51030