biel-galle.xenios.eu

Issued by Gandi RSA Domain Validation Secure Server CA 3

About this certificate

This digital certificate with serial number c1:8c:cb:d5:21:2c:86:67:4a:83:6d:9a:0e:db:6d:7c was issued on by Gandi.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=biel-galle.xenios.eu

Gandi

Organization: Gandi
Country: FR

This certificate will expire on

Certificate Details

Serial Number (hex): c1:8c:cb:d5:21:2c:86:67:4a:83:6d:9a:0e:db:6d:7c
Serial Number (int): 257272058961698628928489031602414513532
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 60:c1:df:37:ef:e5:9d:26:f1:05:98:33:43:4c:1b:60:38:a6:f0:53
AuthorityKeyId: 81:11:92:de:66:32:a5:b0:5b:33:3d:65:43:85:fc:d4:04:2d:f1:ae

Fingerprint (sha1): 4c:17:9a:e5:a0:f1:4d:ad:48:2c:f1:35:15:75:36:05:c0:bb:de:bf
Fingerprint (sha256): 0d:3c:58:44:c9:a3:20:2c:32:56:5a:65:cf:06:88:4a:5c:7c:b3:ab:a2:fc:21:85:de:b8:37:d2:8d:57:cc:25

Issuing Certificate URL: http://crt.sectigo.com/GandiRSADomainValidationSecureServerCA3.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com

Check the revocation status for certificate biel-galle.xenios.eu

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for biel-galle.xenios.eu

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

biel-galle.xenios.eu
www.biel-galle.xenios.eu

Other certificates including the domain name xenios.eu

(limited to 100 certificates)
massa.xenios.eu
evrard.xenios.eu
re3.xenios.eu
raxhon.xenios.eu
phsavdb.xenios.eu
castiaux.xenios.eu
raxhon.xenios.eu
phsavdb.xenios.eu
biel-galle.xenios.eu
biel-galle.xenios.eu
deguide.xenios.eu
brule-scieur.xenios.eu
raxhon.xenios.eu
schmitz-noel.xenios.eu
deguide.xenios.eu
schmitz-noel.xenios.eu
biel-galle.xenios.eu
j-paques.xenios.eu
actionre3.xenios.eu
brule-scieur.xenios.eu
biel-galle.xenios.eu
brule-scieur.xenios.eu
xharde.xenios.eu
schmitz-noel.xenios.eu
schmitz-noel.xenios.eu
www.xenios.eu
www.xenios.eu
www.xenios.eu
hostarii.xenios.eu
biel-galle.xenios.eu
biel-galle.xenios.eu
xenios.eu
schmitz-noel.xenios.eu
biel-galle.xenios.eu
crabbe.xenios.eu
biel-galle.xenios.eu
hostarii.xenios.eu
brule-scieur.xenios.eu
j-paques.xenios.eu
schmitz-noel.xenios.eu
tefnin.xenios.eu
castiaux.xenios.eu
deguide.xenios.eu
biel-galle.xenios.eu
brule-scieur.xenios.eu
www.xenios.eu
castiaux.xenios.eu
raxhon.xenios.eu
biel-galle.xenios.eu
crabbe.xenios.eu
deguide.xenios.eu
deguide.xenios.eu
hostarii.xenios.eu
hostarii.xenios.eu
j-paques.xenios.eu
raxhon.xenios.eu
j-paques.xenios.eu
www.xenios.eu
j-paques.xenios.eu
j-paques.xenios.eu
castiaux.xenios.eu
biel-galle.xenios.eu
castiaux.xenios.eu
hostarii.xenios.eu
extranet.xenios.eu
biel-galle.xenios.eu
castiaux.xenios.eu
remy.xenios.eu
crabbe.xenios.eu
phsavdb.xenios.eu
www.xenios.eu
deguide.xenios.eu
hostarii.xenios.eu
www.hostarii.xenios.eu
evrard.xenios.eu
castiaux.xenios.eu
evrard.xenios.eu
tefnin.xenios.eu
hostarii.xenios.eu
schmitz-noel.xenios.eu
raxhon.xenios.eu
raxhon.xenios.eu
phsavdb.xenios.eu
castiaux.xenios.eu
phsavdb.xenios.eu
crabbe.xenios.eu
evrard.xenios.eu
www.xenios.eu
hostarii.xenios.eu
brule-scieur.xenios.eu
deguide.xenios.eu
phsavdb.xenios.eu
remy.xenios.eu
biel-galle.xenios.eu
schmitz-noel.xenios.eu
huissier-christiane.xenios.eu

Certificate

The complete raw certificate details for biel-galle.xenios.eu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGkzCCBPugAwIBAgIRAMGMy9UhLIZnSoNtmg7bbXwwDQYJKoZIhvcNAQEMBQAw
VjELMAkGA1UEBhMCRlIxDjAMBgNVBAoTBUdhbmRpMTcwNQYDVQQDEy5HYW5kaSBS
U0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQSAzMB4XDTIzMTIx
MzAwMDAwMFoXDTI1MDEwODIzNTk1OVowHzEdMBsGA1UEAxMUYmllbC1nYWxsZS54
ZW5pb3MuZXUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfBonTAp3X
DGyzgxJFb675gmusk4MoJqYYdLD7MAq+haVNaNB453uu3ulAguf9wGiBQv81ndPq
blZW9HDs8pltFiEPNVp2bqRYAV1B0ZwKCumSqzGbte13Ca5NJyqIqKfKyU1mVDLT
nTNhXGpfDbYREU35239tzeAFUJFyue71FXuKwHaCx6TvYfZlll7Kfy/9sihO3WDP
nNqy/5kab6tWrpVQznqRjWgaVUcEiKW1o7e2UnHtCgYgB8hWtx7iDhpkBCJlsdey
CO1zi/G8V2EHhnruEZHVDAFPVjaynwCbJzyC2gHejicsoAWatI6hfrv8oGLjnuZs
cvnKZs1BE4yJAgMBAAGjggMRMIIDDTAfBgNVHSMEGDAWgBSBEZLeZjKlsFszPWVD
hfzUBC3xrjAdBgNVHQ4EFgQUYMHfN+/lnSbxBZgzQ0wbYDim8FMwDgYDVR0PAQH/
BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAhowJTAjBggrBgEFBQcCARYXaHR0
cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGDBggrBgEFBQcBAQR3MHUw
TgYIKwYBBQUHMAKGQmh0dHA6Ly9jcnQuc2VjdGlnby5jb20vR2FuZGlSU0FEb21h
aW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EzLmNydDAjBggrBgEFBQcwAYYXaHR0
cDovL29jc3Auc2VjdGlnby5jb20wOQYDVR0RBDIwMIIUYmllbC1nYWxsZS54ZW5p
b3MuZXWCGHd3dy5iaWVsLWdhbGxlLnhlbmlvcy5ldTCCAYAGCisGAQQB1nkCBAIE
ggFwBIIBbAFqAHcAzxFW7tUufK/zh1vZaS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGM
YrawIgAABAMASDBGAiEAhD5/hqnFo+vJitGjUHpQT3C0suRP9CXZ/pyA9QYmZJcC
IQCTrrhG71AV8AOMVkPEUHQbXkbVJI1X5jczjxOiTqgu2wB2AKLjCuRF772tm344
7Udnd1PXgluElNcrXhssxLlQpEfnAAABjGK2sAIAAAQDAEcwRQIhAJsjm3DINsUm
kW5zwaReNAajCVRXu62x0yjzEcU5G08/AiB0f6yy/DKvAxMF7Lb36T+ugMlwZ9K2
4YIg2Y7dcFWSmAB3AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAAB
jGK2r/8AAAQDAEgwRgIhAPBGQAAcwZFx/yBkAfBNA0San54Y5Nrnkzqif2/aagGQ
AiEAqGo7u9kVE3reo/uO0aoX+f3iyl04rwl/qRi0u5e7qW0wDQYJKoZIhvcNAQEM
BQADggGBADEGGdmGau/18bf4nxnhrDLfQTDqKdjVreXsdigdlTUVZPXhSm3n/xIr
gSXsLsah5opMLEDxhdV0SDR3FU0mV9nK6i3xkJzhbW/WIW0IPVy1U1kEkXyFJNEl
ZnT76xffeE+oN5buXtqNe6/XbY1UxkSyfZi4jYa1Wxt5f8CQPIYzRLj3NRqkl/tk
eN+jYchbHKJwk+UG0OX3u1Cg3ggC1rFLebn/NN2AR8PtLuXVfGx3YruzxAeyCyre
GxSI5WDauPOfdKhb2s7EkgEyCb7dPYsjOckwPUmIa/xVmtMpQ7Bboplze9LIriGQ
jK6MCRJFL63Eas92PmDtHLyj28SabkPr8curq+OqkDKyZ2pvp0NivRFvbybV0q4O
yPNh9M24JwdoNbOrFKO5x5Qx+fu6qbZCT91Sb8sEtRHAtGPnmSBiXdRq0plHTmcg
lQ7kDqdyE9ztefQNsRn//JG//O9KEp532+hbelp5vV1r3hWP68+4UhIcUN6ZlgQH
8mxgVlXP0g==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3waJ0wKd1wxss4MSRW+u
+YJrrJODKCamGHSw+zAKvoWlTWjQeOd7rt7pQILn/cBogUL/NZ3T6m5WVvRw7PKZ
bRYhDzVadm6kWAFdQdGcCgrpkqsxm7XtdwmuTScqiKinyslNZlQy050zYVxqXw22
ERFN+dt/bc3gBVCRcrnu9RV7isB2gsek72H2ZZZeyn8v/bIoTt1gz5zasv+ZGm+r
Vq6VUM56kY1oGlVHBIiltaO3tlJx7QoGIAfIVrce4g4aZAQiZbHXsgjtc4vxvFdh
B4Z67hGR1QwBT1Y2sp8Amyc8gtoB3o4nLKAFmrSOoX67/KBi457mbHL5ymbNQROM
iQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 257272058961698628928489031602414513532
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi RSA Domain Validation Secure Server CA 3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-13 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-08 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'biel-galle.xenios.eu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28154366200809159230009069975188274240190003820856137634331637283658644334569132085738343644207557551310555557795686050442924093596642634945858464648936352134014013452662250095950580746675319886534673433554228330251474281230918754210052646938327644530343410416374747437197065653326534926558481919965701102030909404427742262275089512332464712281879758141541501240900290179415701646884144184696492756095650197359718231405171434246511550677488997342421358100556125078002761773536822398098549616029877694741492777545959105051417230073067595559041677178739661200609377909977512017264620967485580715251221628591574684503177
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 811192de6632a5b05b333d654385fcd4042df1ae
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							60c1df37efe59d26f1059833434c1b6038a6f053
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.26
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/GandiRSADomainValidationSecureServerCA3.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'biel-galle.xenios.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.biel-galle.xenios.eu'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a007700cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018c62b6b0220000040300483046022100843e7f86a9c5a3ebc98ad1a3507a504f70b4b2e44ff425d9fe9c80f50626649702210093aeb846ef5015f0038c5643c450741b5e46d5248d57e637338f13a24ea82edb007600a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018c62b6b00200000403004730450221009b239b70c836c526916e73c1a45e3406a3095457bbadb1d328f311c5391b4f3f0220747facb2fc32af031305ecb6f7e93fae80c97067d2b6e18220d98edd705592980077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018c62b6afff0000040300483046022100f04640001cc19171ff206401f04d03449a9f9e18e4dae7933aa27f6fda6a0190022100a86a3bbbd915137adea3fb8ed1aa17f9fde2ca5d38af097fa918b4bb97bba96d
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (3072 bits)
		00310619d9866aeff5f1b7f89f19e1ac32df4130ea29d8d5ade5ec76281d95351564f5e14a6de7ff122b8125ec2ec6a1e68a4c2c40f185d574483477154d2657d9caea2df1909ce16d6fd6216d083d5cb5535904917c8524d1256674fbeb17df784fa83796ee5eda8d7bafd76d8d54c644b27d98b88d86b55b1b797fc0903c863344b8f7351aa497fb6478dfa361c85b1ca27093e506d0e5f7bb50a0de0802d6b14b79b9ff34dd8047c3ed2ee5d57c6c7762bbb3c407b20b2ade1b1488e560dab8f39f74a85bdacec492013209bedd3d8b2339c9303d49886bfc559ad32943b05ba299737bd2c8ae21908cae8c0912452fadc46acf763e60ed1cbca3dbc49a6e43ebf1cbababe3aa9032b2676a6fa74362bd116f6f26d5d2ae0ec8f361f4cdb827076835b3ab14a3b9c79431f9fbbaa9b6424fdd526fcb04b511c0b463e79920625dd46ad299474e6720950ee40ea77213dced79f40db119fffc91bffcef4a129e77dbe85b7a5a79bd5d6bde158febcfb852121c50de99960407f26c605655cfd2