demo.bywatersolutions.com

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 03:8c:91:77:1c:fb:f3:c2:c6:ae:e9:5a:be:c4:28:d7:eb:90 was issued on by Let's Encrypt.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=demo.bywatersolutions.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:8c:91:77:1c:fb:f3:c2:c6:ae:e9:5a:be:c4:28:d7:eb:90
Serial Number (int): 309169745694796281291380815436035609062288
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: f4:0c:4b:39:1a:06:d5:79:2c:17:4f:8e:30:b5:1c:e6:a5:4f:15:6c
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): 0e:fc:df:7d:dd:10:0c:c4:4e:b8:cc:2c:0a:59:36:e7:f7:3d:4a:c3
Fingerprint (sha256): 0d:ba:2d:90:81:f2:04:f4:16:b9:ee:98:72:d9:33:4e:22:bb:6e:aa:86:9b:88:77:a5:78:0a:1e:c7:96:99:2d

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate demo.bywatersolutions.com

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for demo.bywatersolutions.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

catalog.bywatersolutions.com
demo.bywatersolutions.com
intranet.bywatersolutions.com
staff.demo.bywatersolutions.com

Other certificates including the domain name bywatersolutions.com

(limited to 100 certificates)
catalog.redlibrary.org
harrison.bywatersolutions.com
cin.bywatersolutions.com
audubon.bywatersolutions.com
harrison.bywatersolutions.com
arcadiapl.bywatersolutions.com
model.bywatersolutions.com
bedfordtx.bywatersolutions.com
harrison.bywatersolutions.com
washoe-aspen.bywatersolutions.com
koha.bywatersolutions.com
farmington.bywatersolutions.com
www.astinus.bywatersolutions.com
catalog.redlibrary.org
idsa.bywatersolutions.com
devs.bywatersolutions.com
staff.ajaxlibrary.ca
farmington.bywatersolutions.com
ticket.bywatersolutions.com
camden.bywatersolutions.com
disneytech.bywatersolutions.com
demo.bywatersolutions.com
bywatersolutions.com
kohacon2018.bywatersolutions.com
kohacon2018.bywatersolutions.com
dovernet.bywatersolutions.com
vokal-aspen.bywatersolutions.com
texlaw.bywatersolutions.com
bywatersolutions.com
ajaxon.bywatersolutions.com
collingswood.bywatersolutions.com
kids.meadvillelibrary.org
demo.bywatersolutions.com
ticket.bywatersolutions.com
samuelmerritt.bywatersolutions.com
catalog.dnredwoods.bywatersolutions.com
bywatersolutions.com
kids.meadvillelibrary.org
sdlaw.bywatersolutions.com
catalog.bethelu.bywatersolutions.com
kohacon2018.bywatersolutions.com
media.bywatersolutions.com
devs.bywatersolutions.com
esri.bywatersolutions.com
catalog.redlibrary.org
catalog.rahwaylibrary.org
texlaw.bywatersolutions.com
bywatersolutions.com
roundrock.bywatersolutions.com
risl.bywatersolutions.com
farmington.bywatersolutions.com
bywatersolutions.com
merial.bywatersolutions.com
demo.bywatersolutions.com
collingswood.bywatersolutions.com
devs.bywatersolutions.com
catalog.rahwaylibrary.org
kids.meadvillelibrary.org
catalog.rahwaylibrary.org
bywatersolutions.com
siskiyou.bywatersolutions.com
catalog.redlibrary.org
hkic.bywatersolutions.com
disneytech.bywatersolutions.com
esri.bywatersolutions.com
bywatersolutions.com
demo.bywatersolutions.com
uintah.bywatersolutions.com
catalog.redlibrary.org
catalog.rahwaylibrary.org
tnhsc.bywatersolutions.com
bywaterconsortium.aspendiscovery.org
kohacon2018.bywatersolutions.com
dovernet.bywatersolutions.com
demo.bywatersolutions.com
dovernet.bywatersolutions.com
aspen-arlingtontest.bywatersolutions.com
downtown.roseville-libki.bywatersolutions.com
help.aspendiscovery.org
kohacon2018.bywatersolutions.com
catamount.bywatersolutions.com
esri.bywatersolutions.com
ticket.bywatersolutions.com
catalog.rahwaylibrary.org
collingswood.bywatersolutions.com
kohacon2018.bywatersolutions.com
catalog.redlibrary.org
pals.bywatersolutions.com
aspen.bywatersolutions.com
ckls.bywatersolutions.com
catalog.rahwaylibrary.org
catalog.redlibrary.org
catalog.rahwaylibrary.org
ticket.bywatersolutions.com
ramapo.bywatersolutions.com
kohacon2018.bywatersolutions.com
harrison.bywatersolutions.com
kohacon2018.bywatersolutions.com
tlccat.bywatersolutions.com
demo.bywatersolutions.com

Certificate

The complete raw certificate details for demo.bywatersolutions.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISA4yRdxz788LGrulavsQo1+uQMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAxMDgwNzQzNDZaFw0x
OTA0MDgwNzQzNDZaMCQxIjAgBgNVBAMTGWRlbW8uYnl3YXRlcnNvbHV0aW9ucy5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqz3YdOwo+qs1b/Pr2
27HDn1KmkJAfhVqvDq3zJrJfVHtFKWKAoNy/we3GATNXuGACKPpS3Yjx1vRkfMKA
iR8mCUU07q47y+B/pwl9C8RYPlfmq/D5OZGTYPSBoOch2CkNg3zITc3BqV5GwA1e
cRvs8Q/IS+HscEo3aHD4ASlKe6Br4tOcWvWcWF2Gq4TaeCj1s8W7I35A1AXVs8Nu
aHY2Iad64xAQYv/8J7z28tYiG3MSX1AM4fd8JNkmABGzmXiDv2N/TWIbIrLnQ3Zv
o+GJkVonZVlk/kBMspUQXq9Zm/UM2sFO9Hr5IYIKyGTNhFjdafeAaCcktU+xu2N1
863lAgMBAAGjggLOMIICyjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPQMSzkaBtV5
LBdPjjC1HOalTxVsMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8G
CCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxl
dHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxl
dHNlbmNyeXB0Lm9yZy8wgYIGA1UdEQR7MHmCHGNhdGFsb2cuYnl3YXRlcnNvbHV0
aW9ucy5jb22CGWRlbW8uYnl3YXRlcnNvbHV0aW9ucy5jb22CHWludHJhbmV0LmJ5
d2F0ZXJzb2x1dGlvbnMuY29tgh9zdGFmZi5kZW1vLmJ5d2F0ZXJzb2x1dGlvbnMu
Y29tMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYB
BQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHWeQIE
AgSB9gSB8wDxAHYA4mlLribo6UAJ6IYbtjuD1D7n/nSI+6SPKJMBnd3x2/4AAAFo
LKHI2QAABAMARzBFAiEAk53yPWQQmY9Mir/MXws/pA6mR7p/gcoBmC9SCkNlgPUC
IBMkUiN9nYpD48qYhm8Ni35Mjj6u+ER2GQldoHbsPFaYAHcAKTxRllTIOWW6qlD8
WAfUt2+/WHopctykwwz05UVH9HgAAAFoLKHI1wAABAMASDBGAiEA14xYvzCeQdQH
HYVs1qbrvEmnXxoZ/oblo/4QQDj3BDUCIQDEjBLum2HF6E73FF8pXxPRoSBKBGQS
eeQVuB6FCxrRVTANBgkqhkiG9w0BAQsFAAOCAQEAYaqs5lJw86DzRD2D8Diae4GU
VdTsJ3M8LyM5ikTuUthhPnNB8IQltqK35xGrfTub65r3ZnCnIKx9KNWzINZKsvMQ
fAk7tlDAgDXq178jEwdSlvpFYtqAK5hf3jfMra7rw0BLL5XYGbOjJE5I/x/s+CnE
GCcbhVMM0oli2SEacpXOhHAmASQ99E1Kt3s+/cEGWx/cGtCF2apgUZ3szNUl6VU2
Y3XIcY4Kvz8lz3YIjcyBjNLQG1SkdOo0zZeTRydyh/c/DoI1wNJao8IiNu+IFQge
CtXm1NgPoyabW/IfkvWd6iLT2d2Ook7fs5GMoQrPtzLjG+pb23if8+sXxdptTg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqs92HTsKPqrNW/z69tux
w59SppCQH4Varw6t8yayX1R7RSligKDcv8HtxgEzV7hgAij6Ut2I8db0ZHzCgIkf
JglFNO6uO8vgf6cJfQvEWD5X5qvw+TmRk2D0gaDnIdgpDYN8yE3NwaleRsANXnEb
7PEPyEvh7HBKN2hw+AEpSnuga+LTnFr1nFhdhquE2ngo9bPFuyN+QNQF1bPDbmh2
NiGneuMQEGL//Ce89vLWIhtzEl9QDOH3fCTZJgARs5l4g79jf01iGyKy50N2b6Ph
iZFaJ2VZZP5ATLKVEF6vWZv1DNrBTvR6+SGCCshkzYRY3Wn3gGgnJLVPsbtjdfOt
5QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 309169745694796281291380815436035609062288
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-01-08 07:43:46 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-04-08 07:43:46 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'demo.bywatersolutions.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21562814865331433986918899542710899893696640019823399873122705463883384463966616656747132596867936117591937192555346688315147061669883635098450529504074693629093072295571558805866370327712828108617365021118142460132868564120937675238022141360220698632652753820163003431803485553274253418683339369666342501996058975129844064354559521920183655632202039007616537401289104910315539199460888859390822451823502589773226738913487921991106456277074853372060323248147425602894215730396397255049992318843583554825762673039159343165213927912657480809732657495949767840779538460952126818667182534859233805970454295889161353407973
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f40c4b391a06d5792c174f8e30b51ce6a54f156c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'catalog.bywatersolutions.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'demo.bywatersolutions.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'intranet.bywatersolutions.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staff.demo.bywatersolutions.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f1007600e2694bae26e8e94009e8861bb63b83d43ee7fe7488fba48f2893019dddf1dbfe000001682ca1c8d90000040300473045022100939df23d6410998f4c8abfcc5f0b3fa40ea647ba7f81ca01982f520a436580f50220132452237d9d8a43e3ca98866f0d8b7e4c8e3eaef8447619095da076ec3c5698007700293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478000001682ca1c8d70000040300483046022100d78c58bf309e41d4071d856cd6a6ebbc49a75f1a19fe86e5a3fe104038f70435022100c48c12ee9b61c5e84ef7145f295f13d1a1204a04641279e415b81e850b1ad155
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0061aaace65270f3a0f3443d83f0389a7b819455d4ec27733c2f23398a44ee52d8613e7341f08425b6a2b7e711ab7d3b9beb9af76670a720ac7d28d5b320d64ab2f3107c093bb650c08035ead7bf2313075296fa4562da802b985fde37ccadaeebc3404b2f95d819b3a3244e48ff1fecf829c418271b85530cd28962d9211a7295ce84702601243df44d4ab77b3efdc1065b1fdc1ad085d9aa60519decccd525e955366375c8718e0abf3f25cf76088dcc818cd2d01b54a474ea34cd979347277287f73f0e8235c0d25aa3c22236ef8815081e0ad5e6d4d80fa3269b5bf21f92f59dea22d3d9dd8ea24edfb3918ca10acfb732e31bea5bdb789ff3eb17c5da6d4e