www.huffingtonpost.com

Issued by Amazon RSA 2048 M01

About this certificate

This digital certificate with serial number 02:ed:bd:c1:be:5f:ca:41:c8:65:9d:71:d3:7f:75:58 was issued on by Amazon.

With 12 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=www.huffingtonpost.com

Amazon

Organization: Amazon
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 02:ed:bd:c1:be:5f:ca:41:c8:65:9d:71:d3:7f:75:58
Serial Number (int): 3892879072410996262923601516259407192
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 7e:e5:b3:42:3b:36:a5:e6:6e:7a:11:12:3f:ee:2c:b1:f7:7f:9e:93
AuthorityKeyId: 81:b8:0e:63:8a:89:12:18:e5:fa:3b:3b:50:95:9f:e6:e5:90:13:85

Fingerprint (sha1): 35:71:8d:94:73:2a:2f:c5:24:bf:c2:dc:8f:c2:91:31:11:c3:07:ff
Fingerprint (sha256): 0d:c8:73:ae:d5:95:ac:39:b9:18:0e:4e:cc:ee:87:5f:a5:fa:f9:2d:e4:b5:82:76:96:ad:28:cc:6b:a8:00:0f

Issuing Certificate URL: http://crt.r2m01.amazontrust.com/r2m01.cer

Revocation information

OCSP Server: http://ocsp.r2m01.amazontrust.com
CRL Distribution Point: http://crl.r2m01.amazontrust.com/r2m01.crl

Check the revocation status for certificate www.huffingtonpost.com

12

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.huffingtonpost.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.huffingtonpost.com
preview.m.huffpost.com
*.huffpo.net
*.use1.huffpo.net
*.preview.www.huffingtonpost.com
*.mapi.huffpost.com
*.www.huffingtonpost.com
*.preview.m.huffpost.com
preview.www.huffingtonpost.com
m.huffpost.com
mapi.huffpost.com
*.m.huffpost.com

Other certificates including the domain name huffingtonpost.com

(limited to 100 certificates)
qa5.add.my.aol.com
*.preview.www.huffpost.com
qa.mapi.huffpost.com
*.app-west.buzzfeed.io
*.aol.com
*.add.my.aol.com
pr.huffingtonpost.com
img.huffingtonpost.com
www.huffingtonpost.com
*.contributor.huffingtonpost.com
content.huffingtonpost.com
staging-userapi.huffingtonpost.com
img.staging.huffingtonpost.com
accounts.huffingtonpost.com
qa.mapi.huffpost.com
src5.yahoo.com
beta-origin-cambria-alb.huffpo.net
staging.www.huffingtonpost.com
*.aol.com
stage.guce.oath.com
production-kraken-valencia-preview.use1.huffpo.net
accounts.huffingtonpost.com
*.search.yahoo.com
secure.huffingtonpost.com
b.aol.com
*.aol.com
huffingtonpost.com
athena.huffingtonpost.com
huffingtonpost.com
src1.yahoo.com
*.search.yahoo.com
trunk.guce.oath.com
trunk.guce.oath.com
qa.preview.www.huffpost.com
staging.www.huffingtonpost.com
www.huffpost.com
huffingtonpost.com
accounts.huffingtonpost.com
ifthisartcouldvote.huffingtonpost.com
www.huffpost.com
dev.search.yahoo.com
origin-kraken.huffpo.net
beta-origin-cambria-alb.huffpo.net
*.search.yahoo.com
qa.preview.www.huffpost.com
www.huffingtonpost.com
stage.guce.oath.com
www.huffingtonpost.com
*.assets.huffingtonpost.com
origin-img.huffingtonpost.com
elections.huffingtonpost.com
src5.yahoo.com
src5.yahoo.com
*.aol.com
*.contributor.huffingtonpost.com
*.search.yahoo.com
*.prod.buzzfeed.io
ifthisartcouldvote.huffingtonpost.com
origin-kraken.huffpo.net
src5.yahoo.com
staging-athena-mongo-cms.huffpost.net
ifthisartcouldvote.huffingtonpost.com
news.huffingtonpost.com
*.assets.huffingtonpost.com
stage.guce.oath.com
*.prod.buzzfeed.io
content.staging.huffingtonpost.com
dev.search.yahoo.com
ifthisartcouldvote.huffingtonpost.com
*.search.yahoo.com
guce.oath.com
www.huffingtonpost.com
editorial.huffingtonpost.com
src1.yahoo.com
staging.www.huffingtonpost.com
qa.preview.www.huffpost.com
*.search.yahoo.com
editorial.huffingtonpost.com
*.stage.buzzfeed.io
src6.yahoo.com
accounts.huffingtonpost.com
*.prod.buzzfeed.io
*.stage.buzzfeed.io
src1.yahoo.com
src6.yahoo.com
*.preview.www.huffpost.com
staging.preview.www.huffpost.com
secure.huffingtonpost.com
secure.huffingtonpost.com
ifthisartcouldvote.huffingtonpost.com
*.app-west.buzzfeed.io
huffingtonpost.com
ws.huffingtonpost.com
qa.mapi.huffpost.com
secure.huffingtonpost.com
*.add.my.aol.com
preview.www.huffpost.com
origin-kraken.huffpo.net
trunk.guce.oath.com
sp.huffingtonpost.com

Certificate

The complete raw certificate details for www.huffingtonpost.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG1jCCBb6gAwIBAgIQAu29wb5fykHIZZ1x0391WDANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDMwNDAwMDAwMFoXDTI0MDQwMTIzNTk1OVowITEf
MB0GA1UEAxMWd3d3Lmh1ZmZpbmd0b25wb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALZ5kI3sMuMp8+1UNX0EiRLqLCR/LtQCEJ+zY7kgZxGR
H+7R1ohLu84yAZbdxI4gQ4k6cTcLuv06Ya5Ynp68fD9DS9+aHib4bG9JJIl1KTOG
xgXzar6qaeSa64Uxtj149Els3giQr8W6CQAL5oF+YebE3+WgS2H/PbwUhwH9lT/9
N5HHh3lU47R+gJNQTgLsLwKbco8XGmmGM4FYhtc6w1uzupZjvtnni+kmC4e8NdJ8
yO43oK5GhwJvHjqqDE5ikUaCUF6OIgXUsRtrrwpLMhpccUgi9DAkoYK1uLpKYE0M
DWbnrdOm40OfIVe0froQtNNa44RDIieI27zhMVRAhk0CAwEAAaOCA+0wggPpMB8G
A1UdIwQYMBaAFIG4DmOKiRIY5fo7O1CVn+blkBOFMB0GA1UdDgQWBBR+5bNCOzal
5m56ERI/7iyx93+ekzCCAR4GA1UdEQSCARUwggERghZ3d3cuaHVmZmluZ3RvbnBv
c3QuY29tghZwcmV2aWV3Lm0uaHVmZnBvc3QuY29tggwqLmh1ZmZwby5uZXSCESou
dXNlMS5odWZmcG8ubmV0giAqLnByZXZpZXcud3d3Lmh1ZmZpbmd0b25wb3N0LmNv
bYITKi5tYXBpLmh1ZmZwb3N0LmNvbYIYKi53d3cuaHVmZmluZ3RvbnBvc3QuY29t
ghgqLnByZXZpZXcubS5odWZmcG9zdC5jb22CHnByZXZpZXcud3d3Lmh1ZmZpbmd0
b25wb3N0LmNvbYIObS5odWZmcG9zdC5jb22CEW1hcGkuaHVmZnBvc3QuY29tghAq
Lm0uaHVmZnBvc3QuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5yMm0w
MS5hbWF6b250cnVzdC5jb20vcjJtMDEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIB
MHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3AucjJtMDEu
YW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LnIybTAxLmFt
YXpvbnRydXN0LmNvbS9yMm0wMS5jZXIwDAYDVR0TAQH/BAIwADCCAX0GCisGAQQB
1nkCBAIEggFtBIIBaQFnAHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEf
tZsAAAGGqr7vaQAABAMARzBFAiAjMYzac8DYCFTR538mCAChO5hfGjJD/hOkK+Wj
pMEupQIhAOd+FlY/BQq7b+AaqmqDTHjLbdCnTLYVpG3ZqH3Z+MPvAHUAc9meiRtM
lnigIH1HneayxhzQUV5xGSqMa4AQesF3crUAAAGGqr7v0AAABAMARjBEAiBsu1Sm
4lENQbPUn9AH4jS1VZIIlAZMpjlQMQeDEAuklQIgVG5qnxrDh2hAzi61LoeWQUaJ
wzdD/XduCGZ8LCyPelQAdgBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiE
cwAAAYaqvu+UAAAEAwBHMEUCIQDqIXtdWbL5rKx+WNWNEnBApaHynH5cucWI+Q35
a8dPzQIgSsUZDOsNBReIVF8dQbKAajtOHBHfcBjysqXQfUhyd0UwDQYJKoZIhvcN
AQELBQADggEBACWK2ClHlY7bpLmUdV6EM1Ia2pQ5ySOFxD+ZGvY1Ljdvc8uOJiKT
enaTGNlKVOpznTVZqnY8iqFGsAwmdWocB6Q5Gok13g3+/3kWlGBPvP4FY+MCqFLJ
IngnYUab9inWQTcZ5s5orFuj9MIK3grq/VAZISJD5sZbHwxc/LQfHoNwDi7WJpGw
bEeDT1Hc9lD2AOAB8a3inO7DftkWvJ3fq0pz7ysYxWytUBgOHofhFXDEEXokraoi
nxt6sFMfV8v9pcpwp2XXsbhmWRXLnbOLi3he/XnMWr1NhKL0WXUOb9jquI7b6RAm
q0F47YQZLWK4hbx9safKMRJDvDWk4Rm/SKw=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnmQjewy4ynz7VQ1fQSJ
EuosJH8u1AIQn7NjuSBnEZEf7tHWiEu7zjIBlt3EjiBDiTpxNwu6/Tphrlienrx8
P0NL35oeJvhsb0kkiXUpM4bGBfNqvqpp5JrrhTG2PXj0SWzeCJCvxboJAAvmgX5h
5sTf5aBLYf89vBSHAf2VP/03kceHeVTjtH6Ak1BOAuwvAptyjxcaaYYzgViG1zrD
W7O6lmO+2eeL6SYLh7w10nzI7jegrkaHAm8eOqoMTmKRRoJQXo4iBdSxG2uvCksy
GlxxSCL0MCShgrW4ukpgTQwNZuet06bjQ58hV7R+uhC001rjhEMiJ4jbvOExVECG
TQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 3892879072410996262923601516259407192
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M01'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-03-04 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-01 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.huffingtonpost.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23035317274623626789839297860838589796705950214448440102433673548738489853188279377522794053251266532256273483730432136110161177450797891948773146628929177034795508422354109992487581759682271051532880260189619793031821889722204280427431304895019658708642464785045953252990875048204961944761334905573691923836959859024762240342131994974144624172261485273389828484503701385147623788924344692175054075086464239550375980331378192202094496117019756572142700438358489518203272726522697722795340165583727100679289876103654008688921843351720947605910377477281232397067415206801937076581168092764640378434807688037639705888333
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 81b80e638a891218e5fa3b3b50959fe6e5901385
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							7ee5b3423b36a5e66e7a11123fee2cb1f77f9e93
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (277 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.huffingtonpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'preview.m.huffpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.huffpo.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.use1.huffpo.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.preview.www.huffingtonpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.mapi.huffpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.www.huffingtonpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.preview.m.huffpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'preview.www.huffingtonpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'm.huffpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mapi.huffpost.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.m.huffpost.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m01.amazontrust.com/r2m01.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m01.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m01.amazontrust.com/r2m01.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b00000186aabeef690000040300473045022023318cda73c0d80854d1e77f260800a13b985f1a3243fe13a42be5a3a4c12ea5022100e77e16563f050abb6fe01aaa6a834c78cb6dd0a74cb615a46dd9a87dd9f8c3ef00750073d99e891b4c9678a0207d479de6b2c61cd0515e71192a8c6b80107ac17772b500000186aabeefd0000004030046304402206cbb54a6e2510d41b3d49fd007e234b555920894064ca63950310783100ba4950220546e6a9f1ac3876840ce2eb52e8796414689c33743fd776e08667c2c2c8f7a5400760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d8847300000186aabeef940000040300473045022100ea217b5d59b2f9acac7e58d58d127040a5a1f29c7e5cb9c588f90df96bc74fcd02204ac5190ceb0d051788545f1d41b2806a3b4e1c11df7018f2b2a5d07d48727745
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00258ad82947958edba4b994755e8433521ada9439c92385c43f991af6352e376f73cb8e2622937a769318d94a54ea739d3559aa763c8aa146b00c26756a1c07a4391a8935de0dfeff791694604fbcfe0563e302a852c922782761469bf629d6413719e6ce68ac5ba3f4c20ade0aeafd5019212243e6c65b1f0c5cfcb41f1e83700e2ed62691b06c47834f51dcf650f600e001f1ade29ceec37ed916bc9ddfab4a73ef2b18c56cad50180e1e87e11570c4117a24adaa229f1b7ab0531f57cbfda5ca70a765d7b1b8665915cb9db38b8b785efd79cc5abd4d84a2f459750e6fd8eab88edbe91026ab4178ed84192d62b885bc7db1a7ca311243bc35a4e119bf48ac