partner-payment-oauth.snowflake.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 07:ff:46:75:f6:5c:3c:1a:57:48:fb:cd:91:4b:c3:b2 was issued on by Amazon.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=partner-payment-oauth.snowflake.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 07:ff:46:75:f6:5c:3c:1a:57:48:fb:cd:91:4b:c3:b2
Serial Number (int): 10630060784032879360808405363623445426
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 20:a6:14:3c:e5:fa:8a:1f:05:b5:d2:b1:06:84:b3:b4:55:6e:b5:8b
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): 5e:92:89:32:36:67:3f:c9:ce:4d:00:ed:35:7f:5c:e0:01:cc:f6:cd
Fingerprint (sha256): 0a:d1:87:cf:3d:6e:e0:3c:e9:b8:f8:ce:9b:5c:95:db:d0:1e:4d:76:21:05:f8:fc:5d:80:56:f5:86:7c:c6:fe

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate partner-payment-oauth.snowflake.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for partner-payment-oauth.snowflake.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

partner-payment-oauth.snowflake.com

Other certificates including the domain name snowflake.com

(limited to 100 certificates)
1e291ab3status.snowflake.com
1e291ab3status.snowflake.com
developer.status.atlassian.com
*.autotestcore2.eastus2.azure-dev.app.snowflake.com
attstatus.snowflake.com
glmatching.snowflake.com
finserv.snowflake.com
attstatus.snowflake.com
*.ordevautotest.us-west-2.aws-dev.app.snowflake.com
*.c1.eu-west-1.aws.app.snowflake.com
*.devtemptest2core1.us-west-2.aws-dev.app.snowflake.com
pricingautomation.snowflake.com
*.autotestc1.eastus2.azure-dev.app.snowflake.com
app1e-status.outreach.io
event.snowflake.com
*.m1.us-gov-west-1.aws-gov.app.snowflake.com
attstatus.snowflake.com
*.c1.us-east-1.aws.app.snowflake.com
lift.snowflake.com
*.oltp1.us-west-2.aws-dev.app.snowflake.com
community.snowflake.com
partner-payment-api.snowflake.com
snowamp.snowflake.com
abemcertified.abem.org
ciscokineticbeta.iotspdev.io
events.snowflake.com
attstatus.snowflake.com
developer.status.atlassian.com
utc-converter.snowflake.com
*.gfts.us-east-2.aws.app.snowflake.com
app-cdn-staging.app.snowflake.com
attstatus.snowflake.com
app-cdntest1.snowflake.com
usergroups.snowflake.com
attstatus.snowflake.com
snowamp-uat.snowflake.com
seone.snowflake.com
app1e-status.outreach.io
1e291ab3status.snowflake.com
events.snowflake.com
app1e-status.outreach.io
go.snowflake.com
developer.status.atlassian.com
seone-qa.snowflake.com
events.snowflake.com
attstatus.snowflake.com
ipe-em-ssm-activation-code-us-east-1.snowflake.com
demo.streamlit.snowflake.com
app1e-status.outreach.io
*.qa3.us-west-2.aws-dev.app.snowflake.com
sni204121.cloudflaressl.com
*.autotestc1.eastus2.azure-dev.app.snowflake.com
liftdev.snowflake.com
1e291ab3status.snowflake.com
*.capitalone.us-east-1.aws.app.snowflake.com
attstatus.snowflake.com
cleanroom-sso.snowflake.com
accredible.armanl.eu
1e291ab3status.snowflake.com
*.snowvmtest.us-west-2.aws-dev.app.snowflake.com
*.core2.us-west-2.aws-dev.app.snowflake.com
attstatus.snowflake.com
it-ds-chromadb.snowflake.com
*.ordevautotest1.us-west-2.aws-dev.app.snowflake.com
app1e-status.outreach.io
*.qa6.us-west-2.aws-dev.app.snowflake.com
app1e-status.outreach.io
app1e-status.outreach.io
corp-vpn.snowflake.com
argocd-it-dev.snowflake.com
app1e-status.outreach.io
*.ordevautotest1.us-west-2.aws-dev.app.snowflake.com
partner-payment-oauth.snowflake.com
events.snowflake.com
*.ordevautotest1.us-west-2.aws-dev.app.snowflake.com
events.snowflake.com
app.my-guitar-tabs.com
*.autotestcore2.eastus2.azure-dev.app.snowflake.com
*.t1.usgovvirginia.azure-gov.app.snowflake.com
abemcertified.abem.org
*.citi.us-east-2.aws.app.snowflake.com
*.devtemptest3core1.us-west-2.aws-dev.app.snowflake.com
api.developers.snowflake.com
lift.snowflake.com
leapfrog-ssl-33.gcs-web.com
*.c2.eastus2.azure-dev.app.snowflake.com
sni204121.cloudflaressl.com
events.snowflake.com
1e291ab3status.snowflake.com
app1e-status.outreach.io
app1e-status.outreach.io
*.c1.eu-west-1.aws.app.snowflake.com
sni204121.cloudflaressl.com
ciscokineticbeta.iotspdev.io
api.developers.snowflake.com
app-cdn-staging.app.snowflake.com
app1e-status.outreach.io
investment-data-cloud-uat.snowflake.com
snowamp.snowflake.com
winternet.snowflake.com

Certificate

The complete raw certificate details for partner-payment-oauth.snowflake.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF8DCCBNigAwIBAgIQB/9GdfZcPBpXSPvNkUvDsjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMTAwOTAwMDAwMFoXDTI0MTEwNzIzNTk1OVowLjEs
MCoGA1UEAxMjcGFydG5lci1wYXltZW50LW9hdXRoLnNub3dmbGFrZS5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLhX9Agg3XT2dKG0DJAflKHHMF
f+Vr2xPqzGwhFe+bKuLMYqN6TAsxd3MNPsCE6MlABINHTYbPcF9cCOUUKPsYeq/s
ikovbLXjiuHEp5sgtoBqJbF8FksgkSbplwtmoZUsoc6fvhyC9XTBhxrzpVL4u/WJ
ESGZES9ARrkkjmb6Fc1DHqoWfSMfwIJZ0R8Loy/B4/14fbYZpIXsTI4QAEajhmxa
N1/7pYnaQlGWvhln85CpHfpP4A/l27PCj6/Wnx/xbovdoAwWWEf2ZBR7oXqL21EI
k0fk/9u80nX5rHbPY5D3MvHlfcqnwUoGknXL1o6vxmyGCDLyOz1q2GyEtm+dAgMB
AAGjggL6MIIC9jAfBgNVHSMEGDAWgBTAMVLNWlDDgnx0cc7L6Zz5euuC4jAdBgNV
HQ4EFgQUIKYUPOX6ih8FtdKxBoSztFVutYswLgYDVR0RBCcwJYIjcGFydG5lci1w
YXltZW50LW9hdXRoLnNub3dmbGFrZS5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7
BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAyLmFtYXpvbnRydXN0LmNv
bS9yMm0wMi5jcmwwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8v
b2NzcC5yMm0wMi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9j
cnQucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNlcjAMBgNVHRMBAf8EAjAA
MIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdgDuzdBk1dsazsVct520zROiModG
fLzs3sNRSFlGcR+1mwAAAYsRzffoAAAEAwBHMEUCIQCHpoSH3SjMxp5CicZqsLiR
Whm8Sl7/m+kfDAHS7catXgIgZfqDHYuCVK2SOeE3tUo3IiRVlcvnW6gxRYDZ9rhx
sjYAdQBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAYsRzfeMAAAE
AwBGMEQCIDJizOOzv+Hk7nOfKWaiuN3VcMdiT5tUeWhO8QENFQpVAiAm4PgKpolo
pxaVq9T5RUEirpWkU44cegHO0bsrM6w97QB1ANq2v2s/tbYin5vCu1xr6HCRcWy7
UYSFNL2kPTBI1/urAAABixHN95gAAAQDAEYwRAIgbU4/bwW8m+qY0hWAIc8YqbvY
+0rqtV1kbVgbZAV7TCQCIEp3gf50kxIRSngE9Raerxj56yv19QwtoFW8niPIF/XH
MA0GCSqGSIb3DQEBCwUAA4IBAQAoqxwYPCR/A5AdZcgo4q5CWks76dWF4jHIdU7M
LAENlnJ3JaemPW6oCmCbEMa89cCy4VUDBlnIiax7lBEEyWxhjKYG6GLbu+7y4CJt
aJ775AKLsc8415ml5/hWhq3S998wkAX4vIb/psTjiPma+oBAtUCFRdes+aUYeYdL
dHmHfbFSTcy6MI1jXCs7/IqxZLqsyexn63WLYUOH7+h2cm0zPopQ/40u5B7N4v8L
URWk6LUGxkKMxQzpSaKSNio8uWIt+qBmuRcMZrajJWEVc/fp7MXZhud4SoCijIG/
7G3J66PZgqG9xw42AEKAsHHicQqlIWFXFEx/X2YmM1KL6Lzt
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4V/QIIN109nShtAyQH5
ShxzBX/la9sT6sxsIRXvmyrizGKjekwLMXdzDT7AhOjJQASDR02Gz3BfXAjlFCj7
GHqv7IpKL2y144rhxKebILaAaiWxfBZLIJEm6ZcLZqGVLKHOn74cgvV0wYca86VS
+Lv1iREhmREvQEa5JI5m+hXNQx6qFn0jH8CCWdEfC6MvweP9eH22GaSF7EyOEABG
o4ZsWjdf+6WJ2kJRlr4ZZ/OQqR36T+AP5duzwo+v1p8f8W6L3aAMFlhH9mQUe6F6
i9tRCJNH5P/bvNJ1+ax2z2OQ9zLx5X3Kp8FKBpJ1y9aOr8Zshggy8js9athshLZv
nQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 10630060784032879360808405363623445426
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-09 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-11-07 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'partner-payment-oauth.snowflake.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25692205770816002571782753525051914080279524916650411968792083004558044981095265949534083789196963610857347404449462595924345076828326226258744405554719618853116674942117847443647597379908134721198555921855277892790909920420972653328484164508165784925661809768347044309971601869238948037997957060694110875773761875863989470953844218438149631714702102065170543478810988102807056847879505341943147087813771584819028979893420521413043143153851704892715039320064466522951225865101619223978171241512702926532108320893471099915129997237871959341014739240391700100847800191970877067626104363053316652213268459224386019684253
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							20a6143ce5fa8a1f05b5d2b10684b3b4556eb58b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'partner-payment-oauth.snowflake.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes)
							0166007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018b11cdf7e8000004030047304502210087a68487dd28ccc69e4289c66ab0b8915a19bc4a5eff9be91f0c01d2edc6ad5e022065fa831d8b8254ad9239e137b54a3722245595cbe75ba8314580d9f6b871b23600750048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018b11cdf78c000004030046304402203262cce3b3bfe1e4ee739f2966a2b8ddd570c7624f9b5479684ef1010d150a55022026e0f80aa68968a71695abd4f9454122ae95a4538e1c7a01ced1bb2b33ac3ded007500dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018b11cdf798000004030046304402206d4e3f6f05bc9bea98d2158021cf18a9bbd8fb4aeab55d646d581b64057b4c2402204a7781fe749312114a7804f5169eaf18f9eb2bf5f50c2da055bc9e23c817f5c7
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0028ab1c183c247f03901d65c828e2ae425a4b3be9d585e231c8754ecc2c010d96727725a7a63d6ea80a609b10c6bcf5c0b2e155030659c889ac7b941104c96c618ca606e862dbbbeef2e0226d689efbe4028bb1cf38d799a5e7f85686add2f7df309005f8bc86ffa6c4e388f99afa8040b5408545d7acf9a51879874b7479877db1524dccba308d635c2b3bfc8ab164baacc9ec67eb758b614387efe876726d333e8a50ff8d2ee41ecde2ff0b5115a4e8b506c6428cc50ce949a292362a3cb9622dfaa066b9170c66b6a325611573f7e9ecc5d986e7784a80a28c81bfec6dc9eba3d982a1bdc70e36004280b071e2710aa5216157144c7f5f662633528be8bced