cognito.dev.neighbourly.co.nz

Issued by Amazon RSA 2048 M03

About this certificate

This digital certificate with serial number 01:23:24:74:1f:0b:9a:27:b8:f0:35:7a:bc:37:4a:1b was issued on by Amazon.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=cognito.dev.neighbourly.co.nz

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 01:23:24:74:1f:0b:9a:27:b8:f0:35:7a:bc:37:4a:1b
Serial Number (int): 1511697752654279420365846334022306331
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: c6:da:25:d8:df:22:28:e5:36:d5:a2:b9:a5:86:76:7e:b2:7c:77:5a
AuthorityKeyId: 55:d9:18:5f:d2:1c:cc:01:e1:58:b4:be:ab:d9:55:42:01:d7:2e:02

Fingerprint (sha1): 3f:46:8e:b6:56:46:1c:f8:18:19:10:be:10:37:c7:b6:32:75:42:fd
Fingerprint (sha256): 10:42:c2:52:21:69:65:89:76:85:35:f5:d1:31:b0:a5:3e:84:85:c2:27:a6:42:14:c2:b3:b4:28:49:fb:4b:e3

Issuing Certificate URL: http://crt.r2m03.amazontrust.com/r2m03.cer

Revocation information

OCSP Server: http://ocsp.r2m03.amazontrust.com
CRL Distribution Point: http://crl.r2m03.amazontrust.com/r2m03.crl

Check the revocation status for certificate cognito.dev.neighbourly.co.nz

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for cognito.dev.neighbourly.co.nz

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

cognito.dev.neighbourly.co.nz

Other certificates including the domain name neighbourly.co.nz

(limited to 100 certificates)
cdn.nikolay.dev.neighbourly.co.nz
cdn.thai.dev.neighbourly.co.nz
kalamazooshopping.mlive.com
local.flamboroughreview.com
lb.preprod.dev.neighbourly.co.nz
local.theameryfreepress.com
local.panolawatchman.com
local.thefirsthundredmiles.com
*.neighbourly.co.nz
local.crestonnews.com
c3.shared.global.fastly.net
cdn.stuff-coupon.thai.dev.neighbourly.co.nz
c3.shared.global.fastly.net
lb.jimmy.dev.neighbourly.co.nz
cdn.inyoung.dev.neighbourly.co.nz
somni.neighbourly.co.nz
lb.oliver.dev.neighbourly.co.nz
local.thegazette.com
*.devint.neighbourly.co.nz
cdn.oliver.dev.neighbourly.co.nz
shop.neighbourly.co.nz
eastern-courier.origami.neighbourly.co.nz
local.dissexpress.co.uk
local.bensonnews-sun.com
cdn.stuff-coupon.thai.dev.neighbourly.co.nz
*.neighbourly.co.nz
cognito.dev.neighbourly.co.nz
lb.stuff-coupon.oliver.dev.neighbourly.co.nz
c3.shared.global.fastly.net
local.summitdaily.com
local.alexcityoutlook.com
local.wahpetondailynews.com
local.pilotweb.aero
local.daily-chronicle.com
conroe.communityimpact.com
nor-west-news.origami.neighbourly.co.nz
lb.stuff-coupon.thai.dev.neighbourly.co.nz
peterborough.mykawartha.com
neighbourly.co.nz
c3.shared.global.fastly.net
lb.staging5.dev.neighbourly.co.nz
lb.anil.dev.neighbourly.co.nz
somni.neighbourly.co.nz
local.airgunshooting.co.uk
lb.karan.dev.neighbourly.co.nz
c3.shared.global.fastly.net
lb.property-admin.dev.neighbourly.co.nz
auth.dev.neighbourly.co.nz
*.devint.neighbourly.co.nz
lb.stuff-coupon.staging.dev.neighbourly.co.nz
local.centraloregon.pamplinmedia.com
the-nelson-leader.origami.neighbourly.co.nz
cdn.oliver.dev.neighbourly.co.nz
local.news-banner.com
flintshopping.mlive.com
local.ftimes.com
*.neighbourly.co.nz
local.dglobe.com
lb.duong.dev.neighbourly.co.nz
c3.shared.global.fastly.net
c3.shared.global.fastly.net
*.neighbourly.co.nz
western-leader.origami.neighbourly.co.nz
lb.neighbourly-user-data.oliver.dev.neighbourly.co.nz
cdn.preprod.dev.neighbourly.co.nz
portperry.durhamregion.com
shop.neighbourly.co.nz
c3.shared.global.fastly.net
local.willcoxrangenews.com
tomball.communityimpact.com
*.neighbourly.co.nz
api.user-data.neighbourly.co.nz
cdn.stuff-coupon.staging.dev.neighbourly.co.nz
lb.oliver2.dev.neighbourly.co.nz
georgina.yorkregion.com
cdn.duong.dev.neighbourly.co.nz
c3.shared.global.fastly.net
local.ottawasun.com
shop.neighbourly.co.nz
newhomes.yorkregion.com
lb.jeremy.dev.neighbourly.co.nz
c3.shared.global.fastly.net
*.dev.neighbourly.co.nz
local.hertsad.co.uk
lb.shershad-property.dev.neighbourly.co.nz
c3.shared.global.fastly.net
*.neighbourly.co.nz
cdn.rafik.dev.neighbourly.co.nz
lb.oliver2.dev.neighbourly.co.nz
*.neighbourly.co.nz
lb.jennie.dev.neighbourly.co.nz
km.local.kentonline.co.uk
local.bemidjipioneer.com
local.cambstimes.co.uk
c3.shared.global.fastly.net
whangarei-leader.origami.neighbourly.co.nz
local.wisbechstandard.co.uk
somni.neighbourly.co.nz
cdn.staging4.dev.neighbourly.co.nz
local.moodycountyenterprise.com

Certificate

The complete raw certificate details for cognito.dev.neighbourly.co.nz in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF5zCCBM+gAwIBAgIQASMkdB8Lmie48DV6vDdKGzANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAzMB4XDTI0MDUwMzAwMDAwMFoXDTI1MDYwMTIzNTk1OVowKDEm
MCQGA1UEAxMdY29nbml0by5kZXYubmVpZ2hib3VybHkuY28ubnowggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2JeO8DTYNvSnNGXW5Od2yhq5U3yXO7piL
asX3eomOcbrv+otBto56CCY4lst2dU2pYrdnOSQc2WLLwwDnu8yyHXeuOj+d6833
7Ap4ckvf7m5kVFDBmByTt6aIn4ig+rmyPYI1bAwxInJs269Hdoc5wtvN0AqB6UZq
6wnV6lS7Mo78iMV8AtuzYdigrv2PMYXlStR5jVTgOTkEZ5Geh+2TnA42Pbp7VRIN
/Qv7mWgtpGJ7hyo54HpV2fjzAheueRE8a9bSYC4kw7DiFWw9H7RpWdVLtH5WAjTW
ryoXKnxWwJMKSFXmb0ScIC4VatsY97zEhR0GLIageJ2rCcq9M+OJAgMBAAGjggL3
MIIC8zAfBgNVHSMEGDAWgBRV2Rhf0hzMAeFYtL6r2VVCAdcuAjAdBgNVHQ4EFgQU
xtol2N8iKOU21aK5pYZ2frJ8d1owKAYDVR0RBCEwH4IdY29nbml0by5kZXYubmVp
Z2hib3VybHkuY28ubnowEwYDVR0gBAwwCjAIBgZngQwBAgEwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCg
LqAshipodHRwOi8vY3JsLnIybTAzLmFtYXpvbnRydXN0LmNvbS9yMm0wMy5jcmww
dQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5yMm0wMy5h
bWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQucjJtMDMuYW1h
em9udHJ1c3QuY29tL3IybTAzLmNlcjAMBgNVHRMBAf8EAjAAMIIBfwYKKwYBBAHW
eQIEAgSCAW8EggFrAWkAdgBOdaMnXJoQwzhbbNTfP1LrHfDgjhuNacCx+mSxYpo5
3wAAAY88Yq/cAAAEAwBHMEUCIAs+I07VrZ1Yf+PUkTH7O+Mn2rSX2w63LHiBbkyq
GQl7AiEAxy7TLSWX5sOIAoydrK8uKiNaZo+M/OI2lwmWg/ifs5oAdwB9WR4S4Xgq
exxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAAAY88Yq/2AAAEAwBIMEYCIQCePxlH
BtSambG2PtB1jdB+yNIcJ8h0Zm7JhshRMBu2VQIhAOWkrSTE6RJpcDPF4bshgnum
S0pS9BakQuKYaiKb3OfHAHYA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43
jlAAAAGPPGKwGgAABAMARzBFAiEAh6CUBBLwnAUAY4oA0qis6xGkxuhQjSVZrz+e
yKGKX/sCIFSRm5x7HhZs9oF6lP8QyfVa+ekUjJWo/IX2mHqZXm74MA0GCSqGSIb3
DQEBCwUAA4IBAQCdGLnIp653di6tvkRjUnis06CGRLMVVJpWHoKbYjbqd5QCuXMp
NcsNkC/w4gmz02ZRu5+cZreC3VtNCEqX/p5d2lSra1+6JEFYMsDfGUKMdyZvg5nr
2TjfLz6IU8LFREI+2jdo0+5l70hrmFBvg1gJxIllrMkiAgqWNGhExEmPnaCqpv9C
dE0gIv8NzyI+FXF68kng2P+nS1m0hlWZSfhcCTk8KlnOE5bApXIpWJTzV+FTRBaY
N6LsuNgLF82mqbtbTkyh5IL5Zudw54lF8GxgVlqdv1zKnxchFVisZVDg9KdWPBeU
jDfPdzJRErNrXOK1/RFdfnhRXWR1mSojW4Hc
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiXjvA02Db0pzRl1uTnd
soauVN8lzu6Yi2rF93qJjnG67/qLQbaOeggmOJbLdnVNqWK3ZzkkHNliy8MA57vM
sh13rjo/nevN9+wKeHJL3+5uZFRQwZgck7emiJ+IoPq5sj2CNWwMMSJybNuvR3aH
OcLbzdAKgelGausJ1epUuzKO/IjFfALbs2HYoK79jzGF5UrUeY1U4Dk5BGeRnoft
k5wONj26e1USDf0L+5loLaRie4cqOeB6Vdn48wIXrnkRPGvW0mAuJMOw4hVsPR+0
aVnVS7R+VgI01q8qFyp8VsCTCkhV5m9EnCAuFWrbGPe8xIUdBiyGoHidqwnKvTPj
iQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1511697752654279420365846334022306331
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M03'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-03 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-06-01 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cognito.dev.neighbourly.co.nz'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22994055556123220103355841599764297618058398022088830642904170314719976055153015859772419953231968763224564608924000588809991796974186921888228517819494068716790641745915141140082351003712002221711601776427223046733315061512864726024610095520383798119708438140827491607181947380704575100492760360265443932829520872447734199935194351395915995370298239484479612444490337515414781311561349132525374354207775872933504718998885227933187486341466548886645716154214660034527404911577577849751601825878407661469522469236331274703480858199905636886504817683734788820617404190859610056886269472802835621008096786124460975711113
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 55d9185fd21ccc01e158b4beabd9554201d72e02
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							c6da25d8df2228e536d5a2b9a586767eb27c775a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (33 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cognito.dev.neighbourly.co.nz'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m03.amazontrust.com/r2m03.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m03.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m03.amazontrust.com/r2m03.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							01690076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018f3c62afdc000004030047304502200b3e234ed5ad9d587fe3d49131fb3be327dab497db0eb72c78816e4caa19097b022100c72ed32d2597e6c388028c9dacaf2e2a235a668f8cfce23697099683f89fb39a0077007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018f3c62aff600000403004830460221009e3f194706d49a99b1b63ed0758dd07ec8d21c27c874666ec986c851301bb655022100e5a4ad24c4e912697033c5e1bb21827ba64b4a52f416a442e2986a229bdce7c7007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018f3c62b01a000004030047304502210087a0940412f09c0500638a00d2a8aceb11a4c6e8508d2559af3f9ec8a18a5ffb022054919b9c7b1e166cf6817a94ff10c9f55af9e9148c95a8fc85f6987a995e6ef8
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009d18b9c8a7ae77762eadbe44635278acd3a08644b315549a561e829b6236ea779402b9732935cb0d902ff0e209b3d36651bb9f9c66b782dd5b4d084a97fe9e5dda54ab6b5fba24415832c0df19428c77266f8399ebd938df2f3e8853c2c544423eda3768d3ee65ef486b98506f835809c48965acc922020a96346844c4498f9da0aaa6ff42744d2022ff0dcf223e15717af249e0d8ffa74b59b486559949f85c09393c2a59ce1396c0a572295894f357e15344169837a2ecb8d80b17cda6a9bb5b4e4ca1e482f966e770e78945f06c60565a9dbf5cca9f17211558ac6550e0f4a7563c17948c37cf77325112b36b5ce2b5fd115d7e78515d6475992a235b81dc