aws-ap-northeast-1a-lms.rbx.com

Issued by Amazon RSA 2048 M03

About this certificate

This digital certificate with serial number 0a:56:fa:86:6a:d2:cb:55:2e:21:8d:3c:79:9a:6b:1c was issued on by Amazon.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=aws-ap-northeast-1a-lms.rbx.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0a:56:fa:86:6a:d2:cb:55:2e:21:8d:3c:79:9a:6b:1c
Serial Number (int): 13743898739718089408993929140486433564
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 48:e4:fd:27:b9:72:dd:ba:5d:26:b4:0f:f2:f7:79:9d:10:66:1c:ec
AuthorityKeyId: 55:d9:18:5f:d2:1c:cc:01:e1:58:b4:be:ab:d9:55:42:01:d7:2e:02

Fingerprint (sha1): 5d:51:49:d4:d6:b4:b4:eb:ef:d7:1a:da:dc:77:2e:1e:76:9f:e0:82
Fingerprint (sha256): 12:34:d1:8c:3b:79:d1:e1:ce:2b:d8:2c:65:a9:ca:de:03:cf:3a:6b:ac:67:48:3f:f8:e0:51:5c:d3:d3:c9:41

Issuing Certificate URL: http://crt.r2m03.amazontrust.com/r2m03.cer

Revocation information

OCSP Server: http://ocsp.r2m03.amazontrust.com
CRL Distribution Point: http://crl.r2m03.amazontrust.com/r2m03.crl

Check the revocation status for certificate aws-ap-northeast-1a-lms.rbx.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for aws-ap-northeast-1a-lms.rbx.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

aws-ap-northeast-1a-lms.rbx.com

Other certificates including the domain name rbx.com

(limited to 100 certificates)
github-prod1.rbx.com
dev-confluence-dns-name.rbx.com
codecov.rbx.com
bpo-vpn.rbx.com
xray-stage.rbx.com
*.prod.ml.rbx.com
*.public.rbx.com
trino-airflowdev-os-blue.di.rbx.com
aws-us-east-2a-lms.rbx.com
bpo-vpn.rbx.com
confluence-stage-legacy.rbx.com
anchore-stage.rbx.com
testing.rbx.com
vault-stage.rbx.com
github-dev.rbx.com
*.rbx.com
anchore.rbx.com
ml-platform-prod-us-east-1-1-6-1-serving.prod.ml.rbx.com
github-dev.rbx.com
cdctl-devpoller.rbx.com
events.rbx.com
edge-st3-usw1.rbx.com
*.astro.dev-hluo.dic.rbx.com
github-dev-dr.rbx.com
ml-platform-infra-use1-1-5-3.prod.ml.rbx.com
github-dev-dr.rbx.com
teamcity-test.rbx.com
github-dev-dr.rbx.com
artifactory-stage-aa.rbx.com
aws-eu-west-2a-lms.rbx.com
*.ml-platform-dev-internal.prod.ml.rbx.com
ipe-stage-vault.rbx.com
*.astro.dev-core.dic.rbx.com
*.astro.dev-core.dic.rbx.com
artifactory-dev.rbx.com
ros.rbx.com
github-dev.rbx.com
ghaas-test-url.rbx.com
github-dev.rbx.com
ml-platform-stage-use1-1-5-3-serving.prod.ml.rbx.com
ml-platform-stage-use1-1-5-3.prod.ml.rbx.com
ml-platform-infra-use1-1-5-3-serving.prod.ml.rbx.com
confluence-dev.rbx.com
report.rbx.com
*.prod.ml.rbx.com
bpo-vpn.rbx.com
starburst-trino-etl.di.rbx.com
arti-stage-use2.rbx.com
artifactory-edge1.rbx.com
teamcity-ge-dev.rbx.com
github-dev.rbx.com
knomad-development-sitetest2-us-west-1a.rbx.com
aws-us-west-2b-lms.rbx.com
dev-druid-dc-1.di.rbx.com
edge-stage-usw1.rbx.com
*.artifactory.rbx.com
aws-us-west-2b-lms.rbx.com
github-dev.rbx.com
github-dev.rbx.com
artifactory-edge1.rbx.com
jfmc-stage.rbx.com
aws-us-west-1a-lms.rbx.com
edge-prod-usw1.rbx.com
ros-dev.rbx.com
artifactory-edge1.rbx.com
dev-confluence-dns-name.rbx.com
teamcity-test.rbx.com
artifactory-uswest1.rbx.com
dev-confluence-dns-name.rbx.com
vault-demo.rbx.com
aws-eu-west-2c-lms.rbx.com
discourse.rbx.com
*.astro.dev-sroy.dic.rbx.com
discourse.rbx.com
astro-dev.di.rbx.com
ghe-stage1-new.rbx.com
superset-dev.di.rbx.com
*.public.rbx.com
artifactory-edge1.rbx.com
arti-prod-usw1-1.rbx.com
knomad-development-sitetest3-us-west-1.rbx.com
aws-us-east-1b-lms.rbx.com
aws-us-east-1c-lms.rbx.com
staging.noteable.ml.rbx.com
core.airflow2.di.rbx.com
edge-st3-use2.rbx.com
aws-eu-central-1a-lms.rbx.com
jwks-dev.lca.rbx.com
ros-dev.rbx.com
aws-us-east-1a-lms.rbx.com
starburst-green.di.rbx.com
aws-us-east-2a-lms.rbx.com
tfe.rbx.com
aws-eu-west-2a-lms.rbx.com
arti-stage-usw1.rbx.com
aws-ap-northeast-1a-lms.rbx.com
*.data-platform.airflow2.di.rbx.com
fossa-stage.rbx.com
dev-confluence-dns-name.rbx.com
ros-stg.rbx.com

Certificate

The complete raw certificate details for aws-ap-northeast-1a-lms.rbx.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF6zCCBNOgAwIBAgIQClb6hmrSy1UuIY08eZprHDANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAzMB4XDTI0MDEyMzAwMDAwMFoXDTI1MDIyMTIzNTk1OVowKjEo
MCYGA1UEAxMfYXdzLWFwLW5vcnRoZWFzdC0xYS1sbXMucmJ4LmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMoAJ9uKQTO67WNjXACWqaU5E6DUflsm
dobIBC+wlm7KB05TM570xqg1YPLM2w5nHBNnLJETL8sOzPWr95CfhzdETzJJrPzw
RZw2tsJ7H52jfv+d83DpA5CzqJiEw2frQFFGKsO9XIPvfLTTSfWRTmrUmD1Opm9y
wPAZb1QA42vmmeaDfuc6kY27FuuWQKkmkn9a0Tg9J21rvqHIcyepBPXgU9+ckJMT
vzNwHak5YHvKMo86KkuKoQI9hedm32F1tT6B6MsYYJHYYKsNzvkHAmwVwQ7CJ7Qn
ukJ2Vs4DTvWch75uP0XVIDGREWwl+5ZBezZYhKFwpFevgm5KbyWjLPMCAwEAAaOC
AvkwggL1MB8GA1UdIwQYMBaAFFXZGF/SHMwB4Vi0vqvZVUIB1y4CMB0GA1UdDgQW
BBRI5P0nuXLdul0mtA/y93mdEGYc7DAqBgNVHREEIzAhgh9hd3MtYXAtbm9ydGhl
YXN0LTFhLWxtcy5yYnguY29tMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0fBDQw
MjAwoC6gLIYqaHR0cDovL2NybC5yMm0wMy5hbWF6b250cnVzdC5jb20vcjJtMDMu
Y3JsMHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3AucjJt
MDMuYW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LnIybTAz
LmFtYXpvbnRydXN0LmNvbS9yMm0wMy5jZXIwDAYDVR0TAQH/BAIwADCCAX8GCisG
AQQB1nkCBAIEggFvBIIBawFpAHcATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpk
sWKaOd8AAAGNM83deAAABAMASDBGAiEA34bgSBdRGdp0EEuno2o5AZG9XCZS6LS2
PK8ZyFJGn9YCIQDVfwU5n3CzkEyPdRvFkIqwbgoz93Vi+dLaG5ECsBgp9QB2AH1Z
HhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4AAABjTPN3O8AAAQDAEcwRQIg
MvmEGMddHGmnMWsEWTpgoh+eOChpUpxUU8xcPxQ+MkoCIQDe0Mc1fCiKAMqzmYXH
FkjfOTl+dESp3Q9NXINFJz8RUwB2AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocy
Hf0eN45QAAABjTPN3RUAAAQDAEcwRQIgIIJ2j2IcXhdttClIJaXpVWhZ+LWFFMF8
a01alloypDQCIQCm+06PjgAxvUWHO/0aZM/2Ai2DzPllZBU333+fZCaBRDANBgkq
hkiG9w0BAQsFAAOCAQEAeucHRMB3pHZUML+BQItBMgka1RcZ0qNfq1c11zCjz/CI
Pq281WNdyQEiSLlAQmjx2uqKPbUPhF4Ir/osr+a3A3+951+4igC83HzTo5uJBk6k
DkCt4pghcIRQhR2c+/Q3Kpy09W7o1kyyz0ClX4V2ZJl14/5I6fFGn//NxdtwFTtB
+2zqtNFfmwMzJj8x4ju7mAwmqEmgZyWEUN6rS6mcQjfh3HrjubuPp8ZeywktN/5b
UTjTS+atQznT4wf06tnnFwZDQoR1mwv6AU/PJHjl/eo6mggb7MS4Cznhdbgy4zen
/XyvcaoxdrAPbRAPqZJln6/PipM1U4l/tyzdVGlbzA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygAn24pBM7rtY2NcAJap
pTkToNR+WyZ2hsgEL7CWbsoHTlMznvTGqDVg8szbDmccE2cskRMvyw7M9av3kJ+H
N0RPMkms/PBFnDa2wnsfnaN+/53zcOkDkLOomITDZ+tAUUYqw71cg+98tNNJ9ZFO
atSYPU6mb3LA8BlvVADja+aZ5oN+5zqRjbsW65ZAqSaSf1rROD0nbWu+ochzJ6kE
9eBT35yQkxO/M3AdqTlge8oyjzoqS4qhAj2F52bfYXW1PoHoyxhgkdhgqw3O+QcC
bBXBDsIntCe6QnZWzgNO9ZyHvm4/RdUgMZERbCX7lkF7NliEoXCkV6+CbkpvJaMs
8wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 13743898739718089408993929140486433564
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M03'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-23 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-21 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'aws-ap-northeast-1a-lms.rbx.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25500214378551722245463654791566638333936118981195828058387526213026777259699382680150403365131914335730877246362208134475872839066712141829627087265846333092832615254487055024494484363345177717437217975358306362523922929620503860029414681062514770449231619308741817700955838853591644961575246676162571668588971290137748125349739694139581690857331121701250420377388013139930834049552716631041176729735586678174151232431351446239259603224491544873181709451789484357029521828668689448725970615749888145905004121800397454652823031011388608667536352443439049561203045365508470928053961239508402700808646223966578118175987
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 55d9185fd21ccc01e158b4beabd9554201d72e02
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							48e4fd27b972ddba5d26b40ff2f7799d10661cec
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (35 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aws-ap-northeast-1a-lms.rbx.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m03.amazontrust.com/r2m03.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m03.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m03.amazontrust.com/r2m03.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							01690077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d33cddd780000040300483046022100df86e048175119da74104ba7a36a390191bd5c2652e8b4b63caf19c852469fd6022100d57f05399f70b3904c8f751bc5908ab06e0a33f77562f9d2da1b9102b01829f50076007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018d33cddcef0000040300473045022032f98418c75d1c69a7316b04593a60a21f9e382869529c5453cc5c3f143e324a022100ded0c7357c288a00cab39985c71648df39397e7444a9dd0f4d5c8345273f1153007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018d33cddd15000004030047304502202082768f621c5e176db4294825a5e9556859f8b58514c17c6b4d5a965a32a434022100a6fb4e8f8e0031bd45873bfd1a64cff6022d83ccf965641537df7f9f64268144
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		007ae70744c077a4765430bf81408b4132091ad51719d2a35fab5735d730a3cff0883eadbcd5635dc9012248b9404268f1daea8a3db50f845e08affa2cafe6b7037fbde75fb88a00bcdc7cd3a39b89064ea40e40ade29821708450851d9cfbf4372a9cb4f56ee8d64cb2cf40a55f8576649975e3fe48e9f1469fffcdc5db70153b41fb6ceab4d15f9b0333263f31e23bbb980c26a849a067258450deab4ba99c4237e1dc7ae3b9bb8fa7c65ecb092d37fe5b5138d34be6ad4339d3e307f4ead9e71706434284759b0bfa014fcf2478e5fdea3a9a081becc4b80b39e175b832e337a7fd7caf71aa3176b00f6d100fa992659fafcf8a933553897fb72cdd54695bcc