*.monk.ca

Issued by RapidSSL SHA256 CA

About this certificate

This digital certificate with serial number 3b:b1:21:d3:f9:f6:ab:53:ed:6a:f8:d0:ec:5c:b2:95 was issued on by GeoTrust Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

Certificate Subject

CN=*.monk.ca

GeoTrust Inc.

Organization: GeoTrust Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 3b:b1:21:d3:f9:f6:ab:53:ed:6a:f8:d0:ec:5c:b2:95
Serial Number (int): 79344174409289884276469946331273409173
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: 97:c2:27:50:9e:c2:c9:ec:0c:88:32:c8:7c:ad:e2:a6:01:4f:da:6f

Fingerprint (sha1): fe:0e:c5:f3:a5:f3:73:4e:21:b1:ab:89:9d:80:d7:9c:21:ce:e0:5e
Fingerprint (sha256): 11:44:09:da:64:e2:fc:36:88:62:5d:9a:90:f6:61:5a:3c:78:ff:7b:ef:a7:68:88:27:74:15:4a:26:73:b4:7f

Issuing Certificate URL: http://gp.symcb.com/gp.crt

Revocation information

OCSP Server: http://gp.symcd.com
CRL Distribution Point: http://gp.symcb.com/gp.crl

Check the revocation status for certificate *.monk.ca

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.monk.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.monk.ca
monk.ca

Other certificates including the domain name monk.ca

(limited to 100 certificates)
bts.monk.ca
sni242241.cloudflaressl.com
www.monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
flyers.monk.ca
bts.monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
*.monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
*.monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
www.monk.ca
sni242241.cloudflaressl.com
vps.monk.ca
*.monk.ca
*.monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
monk.ca
*.monk.ca
sni242241.cloudflaressl.com
myclips.monk.ca
sni.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
*.monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
myclips.monk.ca
*.monk.ca
sni242241.cloudflaressl.com
kms.monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
*.monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
flyertown.ca
sni242241.cloudflaressl.com
vps.monk.ca
sni242241.cloudflaressl.com
*.monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
*.monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
*.monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
*.monk.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
flyertown.ca
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com
sni242241.cloudflaressl.com

Certificate

The complete raw certificate details for *.monk.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF2zCCBMOgAwIBAgIQO7Eh0/n2q1PtavjQ7FyylTANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
UmFwaWRTU0wgU0hBMjU2IENBMB4XDTE3MDkyODAwMDAwMFoXDTE5MTAwNDIzNTk1
OVowFDESMBAGA1UEAwwJKi5tb25rLmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAy2pWZZ33Z2bFPVXn1HX3jcKqzP0ld2L2xN7oK9yJWVFN6pxNY99J
S5nlsSMS6R/pHEgQSMCXvxIJatMtcg/GGJ+ds5xOJhC30K5W0fac9RdiRUK7teeB
06pAB4fa2Y35jZmL2tufwk42qHX8a10VaN7LP4R3VEG4yXWley+eoNvK2GoRlb3W
kwRPQjprj28GR3/LnnCv91vwYBSrYuFByn6s9XrYCr9FQxnQeBQLSWQjdwvXAgAv
HxWnqf5q37Vt7vFvsP9a6gD2X+Xf0Q9bpGxUN6MwHOsHy/VTiRsS8YGHdoHJlzDH
+kKXLFCPvHyIfVqUZINzh/loKEsSkzn8XwIDAQABo4IC+TCCAvUwHQYDVR0RBBYw
FIIJKi5tb25rLmNhggdtb25rLmNhMAkGA1UdEwQCMAAwKwYDVR0fBCQwIjAgoB6g
HIYaaHR0cDovL2dwLnN5bWNiLmNvbS9ncC5jcmwwbwYDVR0gBGgwZjBkBgZngQwB
AgEwWjAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cucmFwaWRzc2wuY29tL2xlZ2Fs
MCwGCCsGAQUFBwICMCAMHmh0dHBzOi8vd3d3LnJhcGlkc3NsLmNvbS9sZWdhbDAf
BgNVHSMEGDAWgBSXwidQnsLJ7AyIMsh8reKmAU/abzAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFcGCCsGAQUFBwEBBEswSTAf
BggrBgEFBQcwAYYTaHR0cDovL2dwLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0
cDovL2dwLnN5bWNiLmNvbS9ncC5jcnQwggGABgorBgEEAdZ5AgQCBIIBcASCAWwB
agB3AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABXsqdk9oAAAQD
AEgwRgIhAJsGEPUihGqHM3HfpOCl0fLQL+/gQ0JOORCF8nzmL7EjAiEAnfDw8sgP
0+sZFg4XbVD8kQvhgmfED0QR12W2RsZTZ58AdgCkuQmQtBhYFIe7E6LMZ3AKPDWY
BPkb37jjd80OyA3cEAAAAV7KnZQhAAAEAwBHMEUCIQCZevczoWke3nCKcy3Fre1f
wcw4ckkI1hPDSJEmsbEDUQIgclN4V5LLLZY4hR6qzygV8GgZaRrl+Ia7W8MbJBZP
IJIAdwDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAV7KnZXZAAAE
AwBIMEYCIQD/am9atMpVcDea4Cof4zJPQwW9HvBODGRF9ccr9kMgogIhAJ7UNSZV
sQYSyyRd/KS3ZHd5Lo4HmZ/ie06javnngmX2MA0GCSqGSIb3DQEBCwUAA4IBAQAy
ZkynqqXEPdf+kPKsbkPyIYDNhG2oFT17kMOxZeYX/5ZNUzZN3l+708MNU4UksrJL
oZ1wHRMiZLmLGhZjW6REs2YbTIgE7bc6cLseLcBVXCAv66+q5EnlMs1T7LRDeF5/
nt0BczwFpy6jL5rE7c/FgJkToytPpyiu5ONUB1XNb7mvVgJfODyH0dpTG0aDskfy
jeZM9s+3eQxs21rZsPnTKeJaoVhQT3vBaMzU4B+HYfT7w4rC2Eq4KFXoKsowYLRd
iii5oXhDUJvvZ4Do19Qm4WZJkXcFgcd9r51M41fycwwJaELsBgkxeioPvR22OICE
QnxfwPBxngjpLslKXwAB
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2pWZZ33Z2bFPVXn1HX3
jcKqzP0ld2L2xN7oK9yJWVFN6pxNY99JS5nlsSMS6R/pHEgQSMCXvxIJatMtcg/G
GJ+ds5xOJhC30K5W0fac9RdiRUK7teeB06pAB4fa2Y35jZmL2tufwk42qHX8a10V
aN7LP4R3VEG4yXWley+eoNvK2GoRlb3WkwRPQjprj28GR3/LnnCv91vwYBSrYuFB
yn6s9XrYCr9FQxnQeBQLSWQjdwvXAgAvHxWnqf5q37Vt7vFvsP9a6gD2X+Xf0Q9b
pGxUN6MwHOsHy/VTiRsS8YGHdoHJlzDH+kKXLFCPvHyIfVqUZINzh/loKEsSkzn8
XwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 79344174409289884276469946331273409173
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'RapidSSL SHA256 CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-09-28 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-04 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.monk.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25678812877821572119829083621069663807306538506471666341201179950471970653029053184779856653246620981935089679046390659284624471862761065211403268019591025783036723505623087590190192875685533760484300133637329850452800078190287174170836371243311003888545255833799289814299491654704515201295818562630438457911069286595432427467514636108795181903819314369601924286214400459417970480818208388028678499911754912770283091315339411545291913361387990589406621504842047339254141609614553754606972285636814695720447553422034669611393962794963659993453902949374538684498853722702352902235184577120084057503946786221374238751839
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.monk.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'monk.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gp.symcb.com/gp.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.rapidssl.com/legal'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://www.rapidssl.com/legal'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 97c227509ec2c9ec0c8832c87cade2a6014fda6f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gp.symcd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gp.symcb.com/gp.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a007700ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc0000015eca9d93da00000403004830460221009b0610f522846a873371dfa4e0a5d1f2d02fefe043424e391085f27ce62fb1230221009df0f0f2c80fd3eb19160e176d50fc910be18267c40f4411d765b646c653679f007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000015eca9d94210000040300473045022100997af733a1691ede708a732dc5aded5fc1cc38724908d613c3489126b1b1035102207253785792cb2d9638851eaacf2815f06819691ae5f886bb5bc31b24164f2092007700ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000015eca9d95d90000040300483046022100ff6a6f5ab4ca5570379ae02a1fe3324f4305bd1ef04e0c6445f5c72bf64320a20221009ed4352655b10612cb245dfca4b76477792e8e07999fe27b4ea36af9e78265f6
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0032664ca7aaa5c43dd7fe90f2ac6e43f22180cd846da8153d7b90c3b165e617ff964d53364dde5fbbd3c30d538524b2b24ba19d701d132264b98b1a16635ba444b3661b4c8804edb73a70bb1e2dc0555c202febafaae449e532cd53ecb443785e7f9edd01733c05a72ea32f9ac4edcfc5809913a32b4fa728aee4e3540755cd6fb9af56025f383c87d1da531b4683b247f28de64cf6cfb7790c6cdb5ad9b0f9d329e25aa158504f7bc168ccd4e01f8761f4fbc38ac2d84ab82855e82aca3060b45d8a28b9a17843509bef6780e8d7d426e1664991770581c77daf9d4ce357f2730c096842ec0609317a2a0fbd1db6388084427c5fc0f0719e08e92ec94a5f0001