aws-eu-central-1a-lms.rbx.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 0e:34:b3:02:c6:e2:03:1c:b9:d9:71:2a:85:3c:51:b5 was issued on by Amazon.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=aws-eu-central-1a-lms.rbx.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0e:34:b3:02:c6:e2:03:1c:b9:d9:71:2a:85:3c:51:b5
Serial Number (int): 18882822148959275811730818266306466229
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 41:11:a9:b4:f6:fa:d5:92:b2:93:fb:59:8e:1d:7b:88:cc:05:3f:00
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): 5e:a9:1d:4c:e4:c1:f1:d0:45:c2:73:35:ce:c2:da:cf:c5:37:ce:97
Fingerprint (sha256): 0f:f5:0e:ef:d8:8f:eb:e7:6a:96:2f:9f:21:d4:78:18:28:e2:78:39:40:76:e4:e2:b4:93:67:29:9e:2a:ad:1b

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate aws-eu-central-1a-lms.rbx.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for aws-eu-central-1a-lms.rbx.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

aws-eu-central-1a-lms.rbx.com

Other certificates including the domain name rbx.com

(limited to 100 certificates)
github-prod1.rbx.com
dev-confluence-dns-name.rbx.com
codecov.rbx.com
bpo-vpn.rbx.com
xray-stage.rbx.com
*.prod.ml.rbx.com
*.public.rbx.com
trino-airflowdev-os-blue.di.rbx.com
aws-us-east-2a-lms.rbx.com
bpo-vpn.rbx.com
confluence-stage-legacy.rbx.com
anchore-stage.rbx.com
testing.rbx.com
vault-stage.rbx.com
github-dev.rbx.com
*.rbx.com
anchore.rbx.com
ml-platform-prod-us-east-1-1-6-1-serving.prod.ml.rbx.com
github-dev.rbx.com
cdctl-devpoller.rbx.com
events.rbx.com
edge-st3-usw1.rbx.com
*.astro.dev-hluo.dic.rbx.com
github-dev-dr.rbx.com
ml-platform-infra-use1-1-5-3.prod.ml.rbx.com
github-dev-dr.rbx.com
teamcity-test.rbx.com
github-dev-dr.rbx.com
artifactory-stage-aa.rbx.com
aws-eu-west-2a-lms.rbx.com
*.ml-platform-dev-internal.prod.ml.rbx.com
ipe-stage-vault.rbx.com
*.astro.dev-core.dic.rbx.com
*.astro.dev-core.dic.rbx.com
artifactory-dev.rbx.com
ros.rbx.com
github-dev.rbx.com
ghaas-test-url.rbx.com
github-dev.rbx.com
ml-platform-stage-use1-1-5-3-serving.prod.ml.rbx.com
ml-platform-stage-use1-1-5-3.prod.ml.rbx.com
ml-platform-infra-use1-1-5-3-serving.prod.ml.rbx.com
confluence-dev.rbx.com
report.rbx.com
*.prod.ml.rbx.com
bpo-vpn.rbx.com
starburst-trino-etl.di.rbx.com
arti-stage-use2.rbx.com
artifactory-edge1.rbx.com
teamcity-ge-dev.rbx.com
github-dev.rbx.com
knomad-development-sitetest2-us-west-1a.rbx.com
aws-us-west-2b-lms.rbx.com
dev-druid-dc-1.di.rbx.com
edge-stage-usw1.rbx.com
*.artifactory.rbx.com
aws-us-west-2b-lms.rbx.com
github-dev.rbx.com
github-dev.rbx.com
artifactory-edge1.rbx.com
jfmc-stage.rbx.com
aws-us-west-1a-lms.rbx.com
edge-prod-usw1.rbx.com
ros-dev.rbx.com
artifactory-edge1.rbx.com
dev-confluence-dns-name.rbx.com
teamcity-test.rbx.com
artifactory-uswest1.rbx.com
dev-confluence-dns-name.rbx.com
vault-demo.rbx.com
aws-eu-west-2c-lms.rbx.com
discourse.rbx.com
*.astro.dev-sroy.dic.rbx.com
discourse.rbx.com
astro-dev.di.rbx.com
ghe-stage1-new.rbx.com
superset-dev.di.rbx.com
*.public.rbx.com
artifactory-edge1.rbx.com
arti-prod-usw1-1.rbx.com
knomad-development-sitetest3-us-west-1.rbx.com
aws-us-east-1b-lms.rbx.com
aws-us-east-1c-lms.rbx.com
staging.noteable.ml.rbx.com
core.airflow2.di.rbx.com
edge-st3-use2.rbx.com
aws-eu-central-1a-lms.rbx.com
jwks-dev.lca.rbx.com
ros-dev.rbx.com
aws-us-east-1a-lms.rbx.com
starburst-green.di.rbx.com
aws-us-east-2a-lms.rbx.com
tfe.rbx.com
aws-eu-west-2a-lms.rbx.com
arti-stage-usw1.rbx.com
aws-ap-northeast-1a-lms.rbx.com
*.data-platform.airflow2.di.rbx.com
fossa-stage.rbx.com
dev-confluence-dns-name.rbx.com
ros-stg.rbx.com

Certificate

The complete raw certificate details for aws-eu-central-1a-lms.rbx.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF5TCCBM2gAwIBAgIQDjSzAsbiAxy52XEqhTxRtTANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTI0MDExODAwMDAwMFoXDTI1MDIxNjIzNTk1OVowKDEm
MCQGA1UEAxMdYXdzLWV1LWNlbnRyYWwtMWEtbG1zLnJieC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+9bw1hAYP20He+YeHBxJg/imZq87y40rr
TCWv/qena7N41KgKJbZ2hl4vIBDtJdF1OXZ0lMUHwLKx7eVLiVk+MOD0vsBeL/dG
RgB3Ityf+E6zYzQ8tw4OA+ZH4xhI7dU+quMtQ/hkvxc1ux5vTCBALjjgqY6ceZCn
prqeZ5vCET8y40sV7cqvJmrwARxZNt0evU67S0Qk0Fo7GD58g3ly6vh2TnUUJ/Gj
YJGJqDp9WthlaM+/yJ6loTiSy/Glwhqv/TGHocvlFvTNrYYaNY550OmygkTFsrlk
XbtH4ub7Fp/iMmkLs1Rz+NlRuCGl5mn6UDVOo64jdnmRAS6vxrM1AgMBAAGjggL1
MIIC8TAfBgNVHSMEGDAWgBTAMVLNWlDDgnx0cc7L6Zz5euuC4jAdBgNVHQ4EFgQU
QRGptPb61ZKyk/tZjh17iMwFPwAwKAYDVR0RBCEwH4IdYXdzLWV1LWNlbnRyYWwt
MWEtbG1zLnJieC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCg
LqAshipodHRwOi8vY3JsLnIybTAyLmFtYXpvbnRydXN0LmNvbS9yMm0wMi5jcmww
dQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5yMm0wMi5h
bWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQucjJtMDIuYW1h
em9udHJ1c3QuY29tL3IybTAyLmNlcjAMBgNVHRMBAf8EAjAAMIIBfQYKKwYBBAHW
eQIEAgSCAW0EggFpAWcAdQBOdaMnXJoQwzhbbNTfP1LrHfDgjhuNacCx+mSxYpo5
3wAAAY0Z9mSZAAAEAwBGMEQCIEZECzYO+r6v8v6q243xwv5iT0nL+l/eH/ELGslC
brjUAiBgGjCEUxwH3qqDz1FtopKI/18m5G0GvkY1cg5S/2HYAgB2AH1ZHhLheCp7
HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4AAABjRn2ZNkAAAQDAEcwRQIgRF9qpBQi
wGUs0km+k6Qbda1DosqtMHoBqLeXVTcvYr8CIQCcJ+vb2d/Bz3HqIMBNJGXDTVXQ
H17+lQyXI6tQgzM3TAB2AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45Q
AAABjRn2ZQAAAAQDAEcwRQIhAIje5pkwF2JICV+3uV1VxjT61B6NeNr7Xcp+KLuv
b4VQAiAyOF6HOCvYPoPib0kL1rvDYLdx0H05L0CFquDACbbf1DANBgkqhkiG9w0B
AQsFAAOCAQEAakGaa6/Cvt+IGK7BqypHnlQHedi+FvQJOJA4lb5adHHNwKC0ShiY
SO4hVZ91rSaaSRNSpWIhFe57XeQASgRQWldfo6IYZ1k00PZ03T/DMDzThAPfsxrv
3vLdqiGtT9icerwveDeaCGKcMVVetX4ds4ThyWE0BCuJmDJlmduQN+rJZ76wsiWA
WL6QKH2mB3kRpvaDddNBQJD2+SPR0iNly4ddW0L40uYhTQL3gBVLtQD6ckKxS1Lv
PJG+MMo187GWbguzuUHaoxkoMxneS5GEgg0HZu4L24GG8R7DFakMrj9nX3u2s/qw
dzDQSgLyzkhZWczvLXE4RFMY/nsTnoS8eA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvW8NYQGD9tB3vmHhwcS
YP4pmavO8uNK60wlr/6np2uzeNSoCiW2doZeLyAQ7SXRdTl2dJTFB8Cyse3lS4lZ
PjDg9L7AXi/3RkYAdyLcn/hOs2M0PLcODgPmR+MYSO3VPqrjLUP4ZL8XNbseb0wg
QC444KmOnHmQp6a6nmebwhE/MuNLFe3KryZq8AEcWTbdHr1Ou0tEJNBaOxg+fIN5
cur4dk51FCfxo2CRiag6fVrYZWjPv8iepaE4ksvxpcIar/0xh6HL5Rb0za2GGjWO
edDpsoJExbK5ZF27R+Lm+xaf4jJpC7NUc/jZUbghpeZp+lA1TqOuI3Z5kQEur8az
NQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 18882822148959275811730818266306466229
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-18 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-16 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'aws-eu-central-1a-lms.rbx.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24106454482833191869623840815309642030523230722830702882490396155874659946536371018939442648020649719849253241963438832577274408439308906787560641149098683606975299238743364463833104516464453231774776642327528584953540977673127705845162008066321087869351737539167101164241164998062695284754493111918279314742562622699463140078653312947362559290005198855471402871409519749627996522652902992364705323389648557844212697636154464470164439734743438662642534825164732577770820631256177450677099597811788332588449453547843360771084359449021451637424624696805760763805340028979805831288584615021021321063742321888705852650293
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							4111a9b4f6fad592b293fb598e1d7b88cc053f00
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (33 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aws-eu-central-1a-lms.rbx.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							01670075004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d19f664990000040300463044022046440b360efabeaff2feaadb8df1c2fe624f49cbfa5fde1ff10b1ac9426eb8d40220601a3084531c07deaa83cf516da29288ff5f26e46d06be4635720e52ff61d8020076007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018d19f664d900000403004730450220445f6aa41422c0652cd249be93a41b75ad43a2caad307a01a8b79755372f62bf0221009c27ebdbd9dfc1cf71ea20c04d2465c34d55d01f5efe950c9723ab508333374c007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018d19f66500000004030047304502210088dee69930176248095fb7b95d55c634fad41e8d78dafb5dca7e28bbaf6f8550022032385e87382bd83e83e26f490bd6bbc360b771d07d392f4085aae0c009b6dfd4
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		006a419a6bafc2bedf8818aec1ab2a479e540779d8be16f40938903895be5a7471cdc0a0b44a189848ee21559f75ad269a491352a5622115ee7b5de4004a04505a575fa3a218675934d0f674dd3fc3303cd38403dfb31aefdef2ddaa21ad4fd89c7abc2f78379a08629c31555eb57e1db384e1c96134042b8998326599db9037eac967beb0b2258058be90287da6077911a6f68375d3414090f6f923d1d22365cb875d5b42f8d2e6214d02f780154bb500fa7242b14b52ef3c91be30ca35f3b1966e0bb3b941daa319283319de4b9184820d0766ee0bdb8186f11ec315a90cae3f675f7bb6b3fab07730d04a02f2ce485959ccef2d7138445318fe7b139e84bc78