*.apollo.stepstone.com

Issued by Amazon

About this certificate

This digital certificate with serial number 05:7a:8e:d6:39:da:1a:00:94:98:8e:d6:93:03:5a:db was issued on by Amazon.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=*.apollo.stepstone.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 05:7a:8e:d6:39:da:1a:00:94:98:8e:d6:93:03:5a:db
Serial Number (int): 7282497270560639105696879236142553819
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 4a:83:15:f7:2f:e5:ab:e6:90:7c:3c:ab:1c:63:e9:52:64:f9:a0:5f
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): ec:f6:2d:83:d4:00:ed:a2:64:6f:9e:03:14:c6:59:90:1a:31:9f:d8
Fingerprint (sha256): 0d:e0:22:6e:a6:22:ca:d2:cc:1f:1e:08:ba:09:96:e8:82:89:ef:dc:cc:3d:54:71:51:e9:30:09:2d:11:c5:9a

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate *.apollo.stepstone.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.apollo.stepstone.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.apollo.stepstone.com

Other certificates including the domain name stepstone.com

(limited to 100 certificates)
support.themallschool.org.uk
stepstone.de
salarysurvey.gc.stepstone.com
career.stepstone.com
helpcenter.stepstone.com
javascript-dev-test.skylight.gc.stepstone.com
stepstone.de
www.stepstone.de
*.dw.stepstone.com
people-dev.gc.stepstone.com
support.themallschool.org.uk
*.stepstone.com
defaulthost.gc.stepstone.com
helpdesk.stepstone.com
dep.stepstone.com
goldfish-api-uat.gc.stepstone.com
*.stepstone.com
stepstone.de
*.gc.stepstone.com
3hive-dev-test.skylight.gc.stepstone.com
vault2.gc.stepstone.com
*.stepstone.com
defaulthost.gc.stepstone.com
support.themallschool.org.uk
*.gc.stepstone.com
javascript-dev-test.skylight.gc.stepstone.com
questionnaire-dev.skylight.gc.stepstone.com
www.stepstone.de
vault3.gc.stepstone.com
*.gc.stepstone.com
stepstone.de
vault1.gc.stepstone.com
*.stepstone.com
*.apollo.stepstone.com
it.support.workingsolutions.com
*.gc.stepstone.com
*.live.dw.stepstone.com
www.stepstone.de
vault2.gc.stepstone.com
stepstone.de
developer-origin.gc.stepstone.com
nagios.gc.stepstone.com
vault3.gc.stepstone.com
questionnaire-dev.skylight.gc.stepstone.com
questionnaire-dev.skylight.gc.stepstone.com
stepstone.de
developer-dev.gc.stepstone.com
fsus-4.freshservice.com
www.stepstone.de
dashboard.labs.stepstone.com
daas.stepstone.com
www.stepstone.de
3hive-dev-test.skylight.gc.stepstone.com
*.uat.dw.stepstone.com
support.sdi-infra.org
helpcenter.stepstone.com
stepstone.de
helpcenter.stepstone.com
login.recruit-preprod.stepstone.com
stepstone.de
facade-uat2.gc.stepstone.com
mocksite-uat.skylight.gc.stepstone.com
goldfish-whitelabel.gc.stepstone.com
vault1.gc.stepstone.com
*.search.stepstone.com
defaulthost.gc.stepstone.com
fsus-8.freshservice.com
dw.stepstone.com
*.gc.stepstone.com
people-dev.gc.stepstone.com
goldfish-whitelabel.gc.stepstone.com
www-preview.stepstone.com
3hive-dev-test.skylight.gc.stepstone.com
questionnaire-uat.skylight.gc.stepstone.com
helpcenter.stepstone.com
goldfish-whitelabel.gc.stepstone.com
helpcenter.stepstone.com
fsus-8.freshservice.com
support.themallschool.org.uk
stepstone.de
survey-dev-test.gc.stepstone.com
*.dev.dw.stepstone.com
helpcenter.stepstone.com
javascript-dev-test.skylight.gc.stepstone.com
developer-dev.gc.stepstone.com
salarysurvey.gc.stepstone.com
career.stepstone.com
goldfish-api-dev-test.gc.stepstone.com
helpcenter.stepstone.com
whitecloud-resourceservice-demo.gc.stepstone.com
goldfish-api.gc.stepstone.com
*.search.stepstone.com
www.stepstone.de
*.dw.stepstone.com
*.stepstone.com
developer-dev.gc.stepstone.com
questionnaire-uat.skylight.gc.stepstone.com
*.ds.daas.stepstone.com
*.gc.stepstone.com
labs.stepstone.com

Certificate

The complete raw certificate details for *.apollo.stepstone.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEgjCCA2qgAwIBAgIQBXqO1jnaGgCUmI7WkwNa2zANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xODA1MTEwMDAwMDBaFw0xOTA2MTEx
MjAwMDBaMCExHzAdBgNVBAMMFiouYXBvbGxvLnN0ZXBzdG9uZS5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChLb9QEBCw0YthOmKqtNE1pZSbYdBs
Fsk6bc1m910nVbAORHS9EfbcTqm251lG2gmTI9F5bVbZYW3P4RlGGo8eLqvPF6Ds
QsS5hAe7bb+oT6jlGcLTRqx6Hi9CpLmmoyNIymXWgLRQF4QYBAUApmdvmH93Yc/M
gnBFB6cQYlHT/k6cHDWb4d+PFl3OyySEQs1w1Nh2wolCJsmf70eA/7cX463PLoSS
PIsR9PqlzvUVsxt1k4nnlf/D1Y4GB7j7aGT1EEifwdPfFyJzEupz6CnhLEbhXBj4
PWpjCqR+BTzuW2hhCQ0wQKR1d56lgPLQEgU+QDb1z54gkedGurnIAw4zAgMBAAGj
ggGPMIIBizAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4E
FgQUSoMV9y/lq+aQfDyrHGPpUmT5oF8wIQYDVR0RBBowGIIWKi5hcG9sbG8uc3Rl
cHN0b25lLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuc2NhMWIuYW1h
em9udHJ1c3QuY29tL3NjYTFiLmNybDAgBgNVHSAEGTAXMAsGCWCGSAGG/WwBAjAI
BgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2Nz
cC5zY2ExYi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQu
c2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8EAjAAMBMG
CisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAaegJZ2O8YAg2y
p8rnmHx6Xw0zxnvpndNjWuC/l4TKpTvmZsa1+znzFRW0twKGirP7EkOuKfjZbPHz
Ipf6wfdho3STyq85igc/yv+MsS+wZrGml88ATT6PGCPeZimfxL+yJQm2mt7tNXzz
HJ9dtlYloLZEQBdWJByIFcn37uq/LO6kwscvJEpQb234lAK7nYqteuuH3VXMPpGE
xclPJIpEuxYqBjPJ+91DKg7QBkCQQCVi1GlY32T9IuDyeWHATzpQhfOtbl20Acbi
5XfUErrn1DCuzLBbCl1Jn/BCwdzH4hpS5qKB0SQjmt9yLQz+7UR/JjYAW9BWMjPL
FnuZGeif
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoS2/UBAQsNGLYTpiqrTR
NaWUm2HQbBbJOm3NZvddJ1WwDkR0vRH23E6ptudZRtoJkyPReW1W2WFtz+EZRhqP
Hi6rzxeg7ELEuYQHu22/qE+o5RnC00aseh4vQqS5pqMjSMpl1oC0UBeEGAQFAKZn
b5h/d2HPzIJwRQenEGJR0/5OnBw1m+HfjxZdzsskhELNcNTYdsKJQibJn+9HgP+3
F+Otzy6EkjyLEfT6pc71FbMbdZOJ55X/w9WOBge4+2hk9RBIn8HT3xcicxLqc+gp
4SxG4VwY+D1qYwqkfgU87ltoYQkNMECkdXeepYDy0BIFPkA29c+eIJHnRrq5yAMO
MwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 7282497270560639105696879236142553819
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-05-11 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-11 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.apollo.stepstone.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20346925941544002949579141259739143664923752834950986913926169088894104665445124870703837717168020319823988404680423302710542044983563067115634966604268172337187977199306808231056888923677047006940087296232964111005583013290655231924765781846716951135586572775407238465689700323934958172087174177769117467969198918704570523340372360141129690756471749440141083167658014842803920509335745047869478035633542195896100900017825224091537279336507020959453243539199141560109806643548456147113271748793377015991372092805865096968406877951172318488573048006657176189843400143394089521407649281993282715120493431956936635649587
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							4a8315f72fe5abe6907c3cab1c63e95264f9a05f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.apollo.stepstone.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001a7a0259d8ef18020db2a7cae7987c7a5f0d33c67be99dd3635ae0bf9784caa53be666c6b5fb39f31515b4b702868ab3fb1243ae29f8d96cf1f32297fac1f761a37493caaf398a073fcaff8cb12fb066b1a697cf004d3e8f1823de66299fc4bfb22509b69adeed357cf31c9f5db65625a0b644401756241c8815c9f7eeeabf2ceea4c2c72f244a506f6df89402bb9d8aad7aeb87dd55cc3e9184c5c94f248a44bb162a0633c9fbdd432a0ed0064090402562d46958df64fd22e0f27961c04f3a5085f3ad6e5db401c6e2e577d412bae7d430aeccb05b0a5d499ff042c1dcc7e21a52e6a281d124239adf722d0cfeed447f2636005bd0563233cb167b9919e89f