*.prd01.neo.forcepoint.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 0c:97:ce:f1:3c:f9:df:37:17:43:71:d4:82:de:4c:3e was issued on by Amazon.

With 5 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=*.prd01.neo.forcepoint.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0c:97:ce:f1:3c:f9:df:37:17:43:71:d4:82:de:4c:3e
Serial Number (int): 16738970064294444850904142263684582462
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 61:14:d9:94:f9:42:ea:38:2a:99:1f:1a:da:30:a9:f3:a9:dd:b0:ee
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): ba:ea:29:c3:8b:70:70:75:d1:c3:07:80:0d:33:b7:fa:fd:d1:88:29
Fingerprint (sha256): 0b:a8:a7:9f:c7:3c:e9:ba:57:f1:f8:8a:c2:e2:e0:74:69:0d:80:d7:22:26:a8:f1:85:20:db:81:03:06:15:ae

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate *.prd01.neo.forcepoint.com

5

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.prd01.neo.forcepoint.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.prd01.neo.forcepoint.com
*.prd01.us-east-1.neo.forcepoint.com
*.prd01.eu-central-1.neo.forcepoint.com
*.prd01.ap-south-1.neo.forcepoint.com
*.neo.forcepoint.com

Other certificates including the domain name forcepoint.com

(limited to 100 certificates)
*.nightly1102.neo.dev.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
*.nightly.neo.dev.forcepoint.com
*.nightly1017.dup.dev.forcepoint.com
*.nightlyma.neo.dev.forcepoint.com
*.nightly1220.dup.dev.forcepoint.com
j3.shared.global.fastly.net
hello.forcepoint.com
5635999187075072-fe3.pantheonsite.io
*.nightly.dup.dev.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
ceros1.map.fastly.net
bemol-status.linxcommerce.com.br
analyticsssl.forcepoint.com
*.nightly0824.dup.dev.forcepoint.com
*.nightly1217.neo.dev.forcepoint.com
*.nightly1207.dup.dev.forcepoint.com
ceros1.map.fastly.net
*.devops.neo.dev.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
webmailgov.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
passthrough.forcepoint.com
*.nightly.neo.dev.forcepoint.com
csg.status.forcepoint.com
csg.status.forcepoint.com
*.nightly1028.dup.dev.forcepoint.com
one.cvpn.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.nightly0216.neo.dev.forcepoint.com
*.nightly1214.dup.dev.forcepoint.com
go.forcepoint.com
bemol-status.linxcommerce.com.br
*.dev03.neo.dev.forcepoint.com
bemol-status.linxcommerce.com.br
*.nightly.neo.dev.forcepoint.com
*.nightly0113.neo.dev.forcepoint.com
5686147871145984-fe1.pantheonsite.io
ceros1.map.fastly.net
*.nightly0430.dup.dev.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.forcepoint.com
*.nightly0206.dup.dev.forcepoint.com
webmailgov.forcepoint.com
*.nightly.dup.dev.forcepoint.com
ceros1.map.fastly.net
vhfptwddlb.hec.forcepoint.com
*.nightly.neo.dev.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
*.nightly1205.dup.dev.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
ceros1.map.fastly.net
*.nightly.dup.dev.forcepoint.com
*.prd01.neo.forcepoint.com
analyticsssl.forcepoint.com
bemol-status.linxcommerce.com.br
fptqa.hec.forcepoint.com
*.nightly0412.dup.dev.forcepoint.com
ceros1.map.fastly.net
*.nightlyma.t01.dup.dev.forcepoint.com
*.nightly1219.dup.dev.forcepoint.com
*.nightly1211.neo.dev.forcepoint.com
bemol-status.linxcommerce.com.br
*.nightly0320.neo.dev.forcepoint.com
*.nightly1208.dup.dev.forcepoint.com
j3.shared.global.fastly.net
www.forcepoint.com
bemol-status.linxcommerce.com.br
*.nightlyma.dup.dev.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.nightly1113.dup.dev.forcepoint.com
*.nightly0116.dup.dev.forcepoint.com
*.nightly1209.dup.dev.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.nightlyma.t01.dup.dev.forcepoint.com
*.nightly0314.dup.dev.forcepoint.com
5635999187075072-fe3.pantheonsite.io
analyticsssl.forcepoint.com
*.nightly1115.neo.dev.forcepoint.com
j3.shared.global.fastly.net
skyfencenet.com
go.forcepoint.com
*.nightly1225.neo.dev.forcepoint.com
*.nightly0328.dup.dev.forcepoint.com
*.nightly0907.dup.dev.forcepoint.com
*.nightly1213.neo.dev.forcepoint.com
*.applications.policytest.ngfw.forcepoint.com
*.nightlyma.neo.dev.forcepoint.com
*.nightly.neo.dev.forcepoint.com
*.nightly0406.neo.dev.forcepoint.com
*.nightly0102.neo.dev.forcepoint.com
*.nightly.neo.dev.forcepoint.com
5686147871145984-fe1.pantheonsite.io
secure.forcepoint.com
*.download.forcepoint.com
*.nightly.dup.dev.forcepoint.com

Certificate

The complete raw certificate details for *.prd01.neo.forcepoint.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIQDJfO8Tz53zcXQ3HUgt5MPjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMDYwMzAwMDAwMFoXDTI0MDcwMjIzNTk1OVowJTEj
MCEGA1UEAwwaKi5wcmQwMS5uZW8uZm9yY2Vwb2ludC5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCuvX2nFqt89ni9pwcCKFOtBi7hXH80uDfFFIKd
Ea0RBwCZuKoMm29j8AHjScs8FbGNsjX3dpuWKkpuu1sNNXiETkmyqjbHjLjE9BqU
127VKDSsLokLUh29//TCsxFQc0L7RAfTEgUmbljT6LfaEhsTEQdas2qOx81RCDxe
EIGJfY3LlJW4BFsKWS7YFgCaZV3A5eC5YV9kng6ENvxU8V4UKfs6DBUtm7K8/DBr
4QeHlZrNUDZVxbj8wOrN71cLGvf0GGpLfi2kJyRE5j4PhF04QNim0Hg6KVbYBBg4
vEW7nQeI6faY4PkEoq2td+clX0E1+12S0nWb4LeibgVGZCdjAgMBAAGjggIVMIIC
ETAfBgNVHSMEGDAWgBTAMVLNWlDDgnx0cc7L6Zz5euuC4jAdBgNVHQ4EFgQUYRTZ
lPlC6jgqmR8a2jCp86ndsO4wgbMGA1UdEQSBqzCBqIIaKi5wcmQwMS5uZW8uZm9y
Y2Vwb2ludC5jb22CJCoucHJkMDEudXMtZWFzdC0xLm5lby5mb3JjZXBvaW50LmNv
bYInKi5wcmQwMS5ldS1jZW50cmFsLTEubmVvLmZvcmNlcG9pbnQuY29tgiUqLnBy
ZDAxLmFwLXNvdXRoLTEubmVvLmZvcmNlcG9pbnQuY29tghQqLm5lby5mb3JjZXBv
aW50LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwucjJtMDIuYW1hem9u
dHJ1c3QuY29tL3IybTAyLmNybDATBgNVHSAEDDAKMAgGBmeBDAECATB1BggrBgEF
BQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnIybTAyLmFtYXpvbnRy
dXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5yMm0wMi5hbWF6b250cnVz
dC5jb20vcjJtMDIuY2VyMAwGA1UdEwEB/wQCMAAwEwYKKwYBBAHWeQIEAwEB/wQC
BQAwDQYJKoZIhvcNAQELBQADggEBAKZWp46OcOgobxT+3jZcrIQ/wOEAFxPJnAIS
//1bi1jKhaUph6W+Qua/4yNHjaOvN7sTcgIC7pjelrzGfQ9OYFKACJJU4R0LUmyo
MkrxuSC50f81BzhRBwnfyvPVZe0DZktwdX8ffXYCD3J08Df3HRpJfqJLulW8VOqD
16kI8hWea7reGwdT8r3K+uVbnZberkgbOAhEEkWtF36aj+thJPyIfuEIVzcVyoGt
mhwsM2gh2q8N5V5xd7vSznKC85og0c85uwjJQ1hpX+9GLhq1+G+OkVYLxPL3nNLA
eYZlz2HKA1yFArlxZPvyXg4/Mon3TuzKn8tNLu0zgc8BnWgVv4Q=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArr19pxarfPZ4vacHAihT
rQYu4Vx/NLg3xRSCnRGtEQcAmbiqDJtvY/AB40nLPBWxjbI193ablipKbrtbDTV4
hE5Jsqo2x4y4xPQalNdu1Sg0rC6JC1Idvf/0wrMRUHNC+0QH0xIFJm5Y0+i32hIb
ExEHWrNqjsfNUQg8XhCBiX2Ny5SVuARbClku2BYAmmVdwOXguWFfZJ4OhDb8VPFe
FCn7OgwVLZuyvPwwa+EHh5WazVA2VcW4/MDqze9XCxr39BhqS34tpCckROY+D4Rd
OEDYptB4OilW2AQYOLxFu50HiOn2mOD5BKKtrXfnJV9BNftdktJ1m+C3om4FRmQn
YwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 16738970064294444850904142263684582462
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-06-03 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-02 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.prd01.neo.forcepoint.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22058906475380142307854789242416451762619090603974927745582278313925485103335187176194714702059433517071935874248106538216653923123247328398170003402692733169640443672388997926323854738130355920239851578691258517824554175826722861182127138789252732105386776139242648829835389587702786795582431592707901045021164226122108870447946659955721641619981366350624570060286350517399947683851859124824586471856923434578659878723224823123123205025814393739602905723559310597560215265994874994761809404759408146518446288807835405652666256726240434279955413331126936447992365116535533165135613501588491909130603971095663126783843
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6114d994f942ea382a991f1ada30a9f3a9ddb0ee
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (171 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd01.neo.forcepoint.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd01.us-east-1.neo.forcepoint.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd01.eu-central-1.neo.forcepoint.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prd01.ap-south-1.neo.forcepoint.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.neo.forcepoint.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00a656a78e8e70e8286f14fede365cac843fc0e1001713c99c0212fffd5b8b58ca85a52987a5be42e6bfe323478da3af37bb13720202ee98de96bcc67d0f4e605280089254e11d0b526ca8324af1b920b9d1ff350738510709dfcaf3d565ed03664b70757f1f7d76020f7274f037f71d1a497ea24bba55bc54ea83d7a908f2159e6bbade1b0753f2bdcafae55b9d96deae481b3808441245ad177e9a8feb6124fc887ee108573715ca81ad9a1c2c336821daaf0de55e7177bbd2ce7282f39a20d1cf39bb08c94358695fef462e1ab5f86f8e91560bc4f2f79cd2c0798665cf61ca035c8502b97164fbf25e0e3f3289f74eecca9fcb4d2eed3381cf019d6815bf84