backend.nl-rh.dev.aws.op-palvelut.net

Issued by Amazon RSA 2048 M01

About this certificate

This digital certificate with serial number 07:3a:86:d4:9f:50:48:17:ad:58:b0:a1:cd:f8:ad:78 was issued on by Amazon.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=backend.nl-rh.dev.aws.op-palvelut.net

Amazon

Organization: Amazon
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 07:3a:86:d4:9f:50:48:17:ad:58:b0:a1:cd:f8:ad:78
Serial Number (int): 9608483876851944534973641318542650744
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: cd:5a:98:51:4e:a9:10:c3:79:ca:2a:26:51:3f:7f:23:d1:4b:69:f4
AuthorityKeyId: 81:b8:0e:63:8a:89:12:18:e5:fa:3b:3b:50:95:9f:e6:e5:90:13:85

Fingerprint (sha1): ea:22:57:38:b0:77:e8:5b:34:42:cb:72:93:83:57:d9:4c:01:8a:41
Fingerprint (sha256): 0f:16:ec:1e:5a:ec:43:6f:bd:12:e6:37:01:21:53:08:16:5a:99:4d:ec:80:f2:91:c3:6f:07:a4:43:d5:4e:00

Issuing Certificate URL: http://crt.r2m01.amazontrust.com/r2m01.cer

Revocation information

OCSP Server: http://ocsp.r2m01.amazontrust.com
CRL Distribution Point: http://crl.r2m01.amazontrust.com/r2m01.crl

Check the revocation status for certificate backend.nl-rh.dev.aws.op-palvelut.net

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for backend.nl-rh.dev.aws.op-palvelut.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

backend.nl-rh.dev.aws.op-palvelut.net

Other certificates including the domain name op-palvelut.net

(limited to 100 certificates)
www124.jyty.op-palvelut.net
op-palvelut.net
hae-korvausta.qa.op-auttaja.aws.op-palvelut.net
mtls-apis.psd2-sandbox-test.jty.op-palvelut.net
hae-korvausta.test.op-auttaja.aws.op-palvelut.net
idp.teco.hty.op-palvelut.net
jtyvordsm.jty.op-palvelut.net
smn-sandbox.test.aws.op-palvelut.net
*.kehi.op-auttaja.aws.op-palvelut.net
smn.dev.aws.op-palvelut.net
sni.cloudflaressl.com
*.rip.test.aws.op-palvelut.net
*.dev.op-auttaja.aws.op-palvelut.net
xp200uatsip11.Digiaspa.jty.op-palvelut.net
sni.cloudflaressl.com
sni.cloudflaressl.com
scl.dev.internal.aws.op-palvelut.net
www.opgwjty2.jty.op-palvelut.net
*.mtls-apis.jty.op-palvelut.net
*.idbroker-staging.aws.op-palvelut.net
webmail.op-palvelut.net
*.idbroker-staging.aws.op-palvelut.net
JTY.DA.OP-PALVELUT.NET
eta.op-palvelut.net
sni.cloudflaressl.com
services.jty.op-palvelut.net
*.uat.op-auttaja.aws.op-palvelut.net
jtyvaasrtcmsr1.jty.op-palvelut.net
isam-mgmt.jty.op-palvelut.net
opa-manager.staging.aws.op-palvelut.net
rip.test.aws.op-palvelut.net
kehicgiiissr1.pohjola.fi
*.bravo.dev.internal.aws.op-palvelut.net
*.opa-manager.dev.aws.op-palvelut.net
sni.cloudflaressl.com
smn.dev.aws.op-palvelut.net
sni.cloudflaressl.com
*.avw.test.aws.op-palvelut.net
messaging.op-atlas-dev.aws.op-palvelut.net
*.apiauth.aws.op-palvelut.net
sni.cloudflaressl.com
ditjty45.op-palvelut.net
oidc-client-registration.jty.op-palvelut.net
sni.cloudflaressl.com
optiger.aws.kehi.op-palvelut.net
hae-korvausta.test.op-auttaja.aws.op-palvelut.net
backend.nl-rh.dev.aws.op-palvelut.net
hae-korvausta.test.op-auttaja.aws.op-palvelut.net
allekirjoitus.jty.op-palvelut.net
*.aws.kehi.op-palvelut.net
sni.cloudflaressl.com
internalidp.jty.op-palvelut.net
jtyvordsm.jty.op-palvelut.net
*.sst.aws.jty.op-palvelut.net
*.securitytesting-dev.aws.op-palvelut.net
alkjty45.jty.op-palvelut.net
icpmaster.jty.op-palvelut.net
*.apiauth.aws.op-palvelut.net
eta.op-palvelut.net
govapi.test.aws.op-palvelut.net
hae-korvausta.qa.op-auttaja.aws.op-palvelut.net
rip.test.aws.op-palvelut.net
*.rip.test.aws.op-palvelut.net
kontio.kehi.op-palvelut.net
scl.dev.aws.op-palvelut.net
xp200uatcim12.digiaspa.jty.op-palvelut.net
mobile.hty.op-palvelut.net
jtyvaasvresr1.jty.op-palvelut.net
aws.bdw.kehi.op-palvelut.net
app.kortteli.dev.aws.op-palvelut.net
softagram.devtools.dev.aws.op-palvelut.net
idm.dev.op-auttaja.aws.op-palvelut.net
jtyvVortoke.exj.op-palvelut.net
*.idbroker-dev.aws.op-palvelut.net
*.op-atlas-dev.aws.op-palvelut.net
scl.dev.aws.op-palvelut.net
rip.test.aws.op-palvelut.net
mobile.jty.op-palvelut.net
*.nano-dev.aws.op-palvelut.net
teco-proxy.op-palvelut.net
xp400uatgir.digiaspa.jty.op-palvelut.net
jtyabacsr.jty.op-palvelut.net
7ocilpefpap01.op-palvelut.fi
siirto.jty.op-palvelut.net
opla.kehi.op-palvelut.net
*.openplatform.aws.op-palvelut.net
test.siirto.op-palvelut.net
avw.test.aws.op-palvelut.net
in.tupas.hty.op-palvelut.net
opladraft.jty.op-palvelut.net
api.hty.op-palvelut.net
eta.op-palvelut.net
*.qa.op-auttaja.aws.op-palvelut.net
scl.dev.aws.op-palvelut.net
fasfas.opa-manager.dev.aws.op-palvelut.net
*.dev.op-auttaja.aws.op-palvelut.net
7ocilpefpap01.op-palvelut.fi
opgw.jty.op-palvelut.net
idp.broker.teco.hty.op-palvelut.net
7ocilpefpap01.op-palvelut.fi

Certificate

The complete raw certificate details for backend.nl-rh.dev.aws.op-palvelut.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF9jCCBN6gAwIBAgIQBzqG1J9QSBetWLChzfiteDANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDIxNDAwMDAwMFoXDTIzMDYwMTIzNTk1OVowMDEu
MCwGA1UEAxMlYmFja2VuZC5ubC1yaC5kZXYuYXdzLm9wLXBhbHZlbHV0Lm5ldDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ6E0TQga36yN1q8zTkmze58
ew1j0nQ4VWLOsekWUPNZeSgGqX4evykKLoSqELQcIYZSmZQ81e1yI1IP+/tEGoJ2
9rbbH07x16nuw2vrTC4PNPbTxi7VzqqucOCOwh9AW/DcPM7U5czT5sSZEm+SMiNQ
nw3ikXEO+VYX825a5MEjraT0q1bWszFs+m1t8lBXcdotJ2o4WNhLlQ4Li1bjrcji
6lYzxLNfqkf1E5BtK/9MdgpXar3yUMqeycMGGOr+ZCjUJ4n8+AbVokTxv6DHm7cs
ynsM6emNWI/o046tMyAm+SKoo42jRuZ413ad7hXx6RjRuiPTeJHV8y0jojKJc1cC
AwEAAaOCAv4wggL6MB8GA1UdIwQYMBaAFIG4DmOKiRIY5fo7O1CVn+blkBOFMB0G
A1UdDgQWBBTNWphRTqkQw3nKKiZRP38j0Utp9DAwBgNVHREEKTAngiViYWNrZW5k
Lm5sLXJoLmRldi5hd3Mub3AtcGFsdmVsdXQubmV0MA4GA1UdDwEB/wQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYq
aHR0cDovL2NybC5yMm0wMS5hbWF6b250cnVzdC5jb20vcjJtMDEuY3JsMBMGA1Ud
IAQMMAowCAYGZ4EMAQIBMHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0
cDovL29jc3AucjJtMDEuYW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAChipodHRw
Oi8vY3J0LnIybTAxLmFtYXpvbnRydXN0LmNvbS9yMm0wMS5jZXIwDAYDVR0TAQH/
BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYA6D7Q2j71BjUy51covIlr
yQPTy9ERa+zraeF3fW0GvW4AAAGGTlJ+5AAABAMARzBFAiAovcHJFhC9hxGzyuH0
jTZMlSrmJ3XnaOewGK8TRVaM2QIhAJCECzJ43R5UW3Nl480yvcA2/CPRgU+HSwKC
hpxEkRI8AHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGGTlJ/
LwAABAMARzBFAiBq+ntRuw82apOJo6AQOLDU6kTK9ErZyfyAfkACt//34wIhAMCp
YsWQ1V6gcAzFm5oyKkLJ9uApiqKoFRTNl4Kk4S9FAHYAtz77JN+cTbp18jnFulj0
bF38Qs96nzXEnh0JgSXttJkAAAGGTlJ++gAABAMARzBFAiBTcCAgTaQwN905lEIv
YdPaN8f8p4CL+widaP9DleNvDgIhAM2Fv+6NfP5evOODKw+MtvCaZbgOsOoKTqg+
8XzyGHE1MA0GCSqGSIb3DQEBCwUAA4IBAQDVLLxn6/8F0Z9/artZLq648ih+SM9Q
BTcs7gFYhJbJQxAmHqkrA+VDvtL3Vdiui4trOoWxLx1T0UMazLAtF+mLMBZR/KtY
9bLQein7K8cVUb4Xm5OkG8am2UMb8ST2LbnJtGlCzCAo84gFXyW5K/bStRKh69NU
LUfs69J2gUjME/cg7FAxo1OLgJWLRo529NIX1zmVkNe9d3jL71S1/drawNOmifaQ
G+S9V5Lkhy2FLog84zWncS7LqJeaP9CBGBtZvtaPp8pqMbphVNCU4rr7ahUObBk6
aUY9zYajiIG5rvMkrgSNjYBhtgccA1PVkWAKxppaYPy3Kh9VihUQCDEI
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoTRNCBrfrI3WrzNOSbN
7nx7DWPSdDhVYs6x6RZQ81l5KAapfh6/KQouhKoQtBwhhlKZlDzV7XIjUg/7+0Qa
gnb2ttsfTvHXqe7Da+tMLg809tPGLtXOqq5w4I7CH0Bb8Nw8ztTlzNPmxJkSb5Iy
I1CfDeKRcQ75VhfzblrkwSOtpPSrVtazMWz6bW3yUFdx2i0najhY2EuVDguLVuOt
yOLqVjPEs1+qR/UTkG0r/0x2CldqvfJQyp7JwwYY6v5kKNQnifz4BtWiRPG/oMeb
tyzKewzp6Y1Yj+jTjq0zICb5IqijjaNG5njXdp3uFfHpGNG6I9N4kdXzLSOiMolz
VwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 9608483876851944534973641318542650744
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M01'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-02-14 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-06-01 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'backend.nl-rh.dev.aws.op-palvelut.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20011146787782942346528311506012095972141288814833810425390174003181693180892271807869218282245221038652481780967048462122946881125163859442927426854363092110962503044450349193458150027105479956447100707830291577133593492002633875314149199376036458090690804675428612204890231628707113682748635487862700401960584741242033069778467645858816605108662650212309174545839172648030898286715969541128327013503681812929698699143595127115648536208414505601754149840468832104758429500218642416490050973419903828760074259181519184469833514113541700225899184278541830670369231561879835047320844206903663070111585171813546146231127
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 81b80e638a891218e5fa3b3b50959fe6e5901385
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							cd5a98514ea910c379ca2a26513f7f23d14b69f4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (41 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'backend.nl-rh.dev.aws.op-palvelut.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m01.amazontrust.com/r2m01.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m01.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m01.amazontrust.com/r2m01.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007600e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e000001864e527ee40000040300473045022028bdc1c91610bd8711b3cae1f48d364c952ae62775e768e7b018af1345568cd902210090840b3278dd1e545b7365e3cd32bdc036fc23d1814f874b0282869c4491123c007600b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a000001864e527f2f000004030047304502206afa7b51bb0f366a9389a3a01038b0d4ea44caf44ad9c9fc807e4002b7fff7e3022100c0a962c590d55ea0700cc59b9a322a42c9f6e0298aa2a81514cd9782a4e12f45007600b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb499000001864e527efa00000403004730450220537020204da43037dd3994422f61d3da37c7fca7808bfb089d68ff4395e36f0e022100cd85bfee8d7cfe5ebce3832b0f8cb6f09a65b80eb0ea0a4ea83ef17cf2187135
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00d52cbc67ebff05d19f7f6abb592eaeb8f2287e48cf5005372cee01588496c94310261ea92b03e543bed2f755d8ae8b8b6b3a85b12f1d53d1431accb02d17e98b301651fcab58f5b2d07a29fb2bc71551be179b93a41bc6a6d9431bf124f62db9c9b46942cc2028f388055f25b92bf6d2b512a1ebd3542d47ecebd2768148cc13f720ec5031a3538b80958b468e76f4d217d7399590d7bd7778cbef54b5fddadac0d3a689f6901be4bd5792e4872d852e883ce335a7712ecba8979a3fd081181b59bed68fa7ca6a31ba6154d094e2bafb6a150e6c193a69463dcd86a38881b9aef324ae048d8d8061b6071c0353d591600ac69a5a60fcb72a1f558a1510083108