*.nightlyma.t01.dup.dev.forcepoint.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 02:e3:9f:50:0a:b0:d3:ef:0e:e9:16:98:f1:03:fe:56 was issued on by Amazon.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=*.nightlyma.t01.dup.dev.forcepoint.com

Amazon

Organization: Amazon
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 02:e3:9f:50:0a:b0:d3:ef:0e:e9:16:98:f1:03:fe:56
Serial Number (int): 3840338623145841245868211249722162774
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 0d:16:77:d1:ff:da:4a:6e:5a:94:df:33:d0:eb:ca:17:75:64:0f:4a
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): 76:d7:f9:ef:d6:f7:2f:f2:f5:01:13:08:44:37:3f:60:7a:84:e5:8a
Fingerprint (sha256): 0e:8f:66:56:5e:10:53:e8:26:78:d3:29:37:b2:05:69:01:2f:d9:41:94:f9:5e:64:50:f9:bf:8e:13:a4:91:27

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate *.nightlyma.t01.dup.dev.forcepoint.com

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.nightlyma.t01.dup.dev.forcepoint.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.nightlyma.t01.dup.dev.forcepoint.com
*.t01.dup.dev.forcepoint.com
*.nightlyma.us-east-1.t01.dup.dev.forcepoint.com

Other certificates including the domain name forcepoint.com

(limited to 100 certificates)
*.nightly1102.neo.dev.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
*.nightly.neo.dev.forcepoint.com
*.nightly1017.dup.dev.forcepoint.com
*.nightlyma.neo.dev.forcepoint.com
*.nightly1220.dup.dev.forcepoint.com
j3.shared.global.fastly.net
hello.forcepoint.com
5635999187075072-fe3.pantheonsite.io
*.nightly.dup.dev.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
ceros1.map.fastly.net
bemol-status.linxcommerce.com.br
analyticsssl.forcepoint.com
*.nightly0824.dup.dev.forcepoint.com
*.nightly1217.neo.dev.forcepoint.com
*.nightly1207.dup.dev.forcepoint.com
ceros1.map.fastly.net
*.devops.neo.dev.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
webmailgov.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
passthrough.forcepoint.com
*.nightly.neo.dev.forcepoint.com
csg.status.forcepoint.com
csg.status.forcepoint.com
*.nightly1028.dup.dev.forcepoint.com
one.cvpn.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.nightly0216.neo.dev.forcepoint.com
*.nightly1214.dup.dev.forcepoint.com
go.forcepoint.com
bemol-status.linxcommerce.com.br
*.dev03.neo.dev.forcepoint.com
bemol-status.linxcommerce.com.br
*.nightly.neo.dev.forcepoint.com
*.nightly0113.neo.dev.forcepoint.com
5686147871145984-fe1.pantheonsite.io
ceros1.map.fastly.net
*.nightly0430.dup.dev.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.forcepoint.com
*.nightly0206.dup.dev.forcepoint.com
webmailgov.forcepoint.com
*.nightly.dup.dev.forcepoint.com
ceros1.map.fastly.net
vhfptwddlb.hec.forcepoint.com
*.nightly.neo.dev.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
*.nightly1205.dup.dev.forcepoint.com
*.nightlyma.dup.dev.forcepoint.com
ceros1.map.fastly.net
*.nightly.dup.dev.forcepoint.com
*.prd01.neo.forcepoint.com
analyticsssl.forcepoint.com
bemol-status.linxcommerce.com.br
fptqa.hec.forcepoint.com
*.nightly0412.dup.dev.forcepoint.com
ceros1.map.fastly.net
*.nightlyma.t01.dup.dev.forcepoint.com
*.nightly1219.dup.dev.forcepoint.com
*.nightly1211.neo.dev.forcepoint.com
bemol-status.linxcommerce.com.br
*.nightly0320.neo.dev.forcepoint.com
*.nightly1208.dup.dev.forcepoint.com
j3.shared.global.fastly.net
www.forcepoint.com
bemol-status.linxcommerce.com.br
*.nightlyma.dup.dev.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.nightly1113.dup.dev.forcepoint.com
*.nightly0116.dup.dev.forcepoint.com
*.nightly1209.dup.dev.forcepoint.com
*.nightly.dup.dev.forcepoint.com
*.nightlyma.t01.dup.dev.forcepoint.com
*.nightly0314.dup.dev.forcepoint.com
5635999187075072-fe3.pantheonsite.io
analyticsssl.forcepoint.com
*.nightly1115.neo.dev.forcepoint.com
j3.shared.global.fastly.net
skyfencenet.com
go.forcepoint.com
*.nightly1225.neo.dev.forcepoint.com
*.nightly0328.dup.dev.forcepoint.com
*.nightly0907.dup.dev.forcepoint.com
*.nightly1213.neo.dev.forcepoint.com
*.applications.policytest.ngfw.forcepoint.com
*.nightlyma.neo.dev.forcepoint.com
*.nightly.neo.dev.forcepoint.com
*.nightly0406.neo.dev.forcepoint.com
*.nightly0102.neo.dev.forcepoint.com
*.nightly.neo.dev.forcepoint.com
5686147871145984-fe1.pantheonsite.io
secure.forcepoint.com
*.download.forcepoint.com
*.nightly.dup.dev.forcepoint.com

Certificate

The complete raw certificate details for *.nightlyma.t01.dup.dev.forcepoint.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIQAuOfUAqw0+8O6RaY8QP+VjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIyMTIxMzAwMDAwMFoXDTI0MDExMjIzNTk1OVowMTEv
MC0GA1UEAwwmKi5uaWdodGx5bWEudDAxLmR1cC5kZXYuZm9yY2Vwb2ludC5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCksTZZayT8AoINtDs/KLDG
PCVgTawgba56+QTgcSYcXRPEypBBlfaT0MlJ6m7rwKlOw4/rwYsl9v3N6gmcsctk
gUZxqSG1/ABBGnUFrlljKa9vqLBRYH3eP5ST+CbxrVl2UqVpedhQIXoSZhcEmY18
yq84aqob+rRkjEMo6GGfjNJB6wkvZ1WcBMqNI+PeHrun5gaZGj80FVV/HDUPxzwE
HY5whAG6OrxNxd0/icAdBaqkcwFCsXyLuVXLwccUPpLcZ5RKyjt/EP3YxNAXGV9c
OOOYlBLpdbljar4UsAiDVlsiedN0rVBYmFViHMZs2fZwvBeeWbQ9hFCZ9rahEZUj
AgMBAAGjggHjMIIB3zAfBgNVHSMEGDAWgBTAMVLNWlDDgnx0cc7L6Zz5euuC4jAd
BgNVHQ4EFgQUDRZ30f/aSm5alN8z0OvKF3VkD0owgYEGA1UdEQR6MHiCJioubmln
aHRseW1hLnQwMS5kdXAuZGV2LmZvcmNlcG9pbnQuY29tghwqLnQwMS5kdXAuZGV2
LmZvcmNlcG9pbnQuY29tgjAqLm5pZ2h0bHltYS51cy1lYXN0LTEudDAxLmR1cC5k
ZXYuZm9yY2Vwb2ludC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIy
bTAyLmFtYXpvbnRydXN0LmNvbS9yMm0wMi5jcmwwEwYDVR0gBAwwCjAIBgZngQwB
AgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5yMm0w
Mi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQucjJtMDIu
YW1hem9udHJ1c3QuY29tL3IybTAyLmNlcjAMBgNVHRMBAf8EAjAAMBMGCisGAQQB
1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQATiMOolA/zauRAj8gtGJ85
8b6O4aD8WvUhmnm+5CSzK5WOmz/huxIBPD4oa23y42bl0Rxl9wKIctgU2yVJjb2s
QaEAl8BhkBgcw57dFzG2VUPsI7HQi0IwRblXXHDhbQk0WxKACXHEztRDAg6f9U+U
cEUCxICXkFtMDP9BKjmDVohfuM0Djbz1+T2Z+30vSXsiLJVhO90hOJp42wTKy4mk
5mVQ7s2EmLcCzu+hacGmZ6fg+zsb8zB+YL6Z/F5IMNv/nlIB5GJNqIK2tBDxBYsN
ULOveiqPHM2UlzP9ErFyOvoXnnXHPLOCDmCLlTWU07D9JUGgBcTHwGrM+bL4asb8
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLE2WWsk/AKCDbQ7Pyiw
xjwlYE2sIG2uevkE4HEmHF0TxMqQQZX2k9DJSepu68CpTsOP68GLJfb9zeoJnLHL
ZIFGcakhtfwAQRp1Ba5ZYymvb6iwUWB93j+Uk/gm8a1ZdlKlaXnYUCF6EmYXBJmN
fMqvOGqqG/q0ZIxDKOhhn4zSQesJL2dVnATKjSPj3h67p+YGmRo/NBVVfxw1D8c8
BB2OcIQBujq8TcXdP4nAHQWqpHMBQrF8i7lVy8HHFD6S3GeUSso7fxD92MTQFxlf
XDjjmJQS6XW5Y2q+FLAIg1ZbInnTdK1QWJhVYhzGbNn2cLwXnlm0PYRQmfa2oRGV
IwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 3840338623145841245868211249722162774
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-12-13 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-12 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.nightlyma.t01.dup.dev.forcepoint.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20790468657454431370999069440818948874692885321712005881192528904265854865830489068701697744677800322344496824930902138071696034112759901862081856294440148478487566233963415116356814443710572466171788729901991547483217901351836035681214991037115027565876713304534170793393633170568556894271288077386644428919109814432305839099735168532853778105250502086366995746400801427256837462154884013949855572280874654257549515041236372286467229972762661227651107924341358069543145394830642631080029190232909144550717305551513710697665726856168878230068991394105656744093373956153023756494448417106929420972439669212455495636259
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							0d1677d1ffda4a6e5a94df33d0ebca1775640f4a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (122 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.nightlyma.t01.dup.dev.forcepoint.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.t01.dup.dev.forcepoint.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.nightlyma.us-east-1.t01.dup.dev.forcepoint.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001388c3a8940ff36ae4408fc82d189f39f1be8ee1a0fc5af5219a79bee424b32b958e9b3fe1bb12013c3e286b6df2e366e5d11c65f7028872d814db25498dbdac41a10097c06190181cc39edd1731b65543ec23b1d08b423045b9575c70e16d09345b12800971c4ced443020e9ff54f94704502c48097905b4c0cff412a398356885fb8cd038dbcf5f93d99fb7d2f497b222c95613bdd21389a78db04cacb89a4e66550eecd8498b702ceefa169c1a667a7e0fb3b1bf3307e60be99fc5e4830dbff9e5201e4624da882b6b410f1058b0d50b3af7a2a8f1ccd949733fd12b1723afa179e75c73cb3820e608b953594d3b0fd2541a005c4c7c06accf9b2f86ac6fc