*.benet.bertelsmann.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 02:5e:24:c1:85:04:b4:cd:b2:09:b4:5d:9f:d4:fe:bf was issued on by Amazon.

With 10 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=*.benet.bertelsmann.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 02:5e:24:c1:85:04:b4:cd:b2:09:b4:5d:9f:d4:fe:bf
Serial Number (int): 3147277395220398085937686061975404223
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: be:dd:9d:56:ee:e3:a8:85:82:5d:bc:49:9f:c3:27:9f:9f:cc:06:9b
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): c5:51:7b:e6:cf:fd:72:1a:45:cc:15:6d:0e:5e:36:03:2d:9b:23:1c
Fingerprint (sha256): 12:3c:72:38:24:a1:b8:da:31:83:76:44:2d:17:1e:c9:16:c6:e0:64:f4:df:71:b8:f1:c2:18:b5:15:2c:91:18

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate *.benet.bertelsmann.com

10

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.benet.bertelsmann.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.benet.bertelsmann.com
benet.bertelsmann.com
*.benet.bertelsmann.fr
greenport.guj.de
*.bertelsmann.de
*.prod.bertelsmann.de
*.benet.bertelsmann.de
benet.bertelsmann.fr
*.benet.bertelsmann.es
benet.bertelsmann.es

Other certificates including the domain name bertelsmann.com

(limited to 100 certificates)
www.invoice.bertelsmann.com
benet.bertelsmann.com
www.benet.bertelsmann.com
www.benet.bertelsmann.com
bwise-test.bertelsmann.com
forward.bertelsmann.com
invoice-admin.bertelsmann.com
becash.bertelsmann.com
*.benet.bertelsmann.com
alumni.bertelsmann.com
www.bertelsmann.com
www.im.bertelsmann.com
deac.bertelsmann.de
benet.bertelsmann.com
BECASH.BERTELSMANN.COM
becure-web.bertelsmann.com
globaldoc.bertelsmann.com
skypetmg.bertelsmann.de
www.benet.bertelsmann.com
api.bertelsmann.com
deac.bertelsmann.de
divisionalreportingserver.bertelsmann.de
skypetmg.bertelsmann.de
invoice.bertelsmann.com
becure-web.bertelsmann.com
socialcloud.bertelsmann.com
globaldoc-qa.bertelsmann.com
fund.bertelsmann.com
www.bertelsmann.com
forward.bertelsmann.com
aci.training.bertelsmann.com
www.bertelsmann.com
benet.bertelsmann.com
csacde.bertelsmann.de
dev.carl.bertelsmann.com
bertelsmann.de
becash.bertelsmann.com
peoplenet.bertelsmann.de
invoice.bertelsmann.com
bertelsmann.de
bertelsmann.de
gtlbml3lf0200.bagmail.net
alumni.bertelsmann.com
becure.bertelsmann.com
fund.bertelsmann.com
becash.bertelsmann.com
becash.bertelsmann.com
skypetmg.bertelsmann.de
becash.bertelsmann.com
sni13332gl.wpc.edgecastcdn.net
bertelsmann.de
bertelsmann.de
becure.bertelsmann.com
bwise-reporting.bertelsmann.com
alumni.bertelsmann.com
www.benet.bertelsmann.com
bertelsmann.de
becure.bertelsmann.com
skypetmg.bertelsmann.de
becure.bertelsmann.com
alumni.bertelsmann.com
gtlbml3lf0200.bagmail.net
www.benet.bertelsmann.com
peoplenet.bertelsmann.de
sni2872fgl.wpc.edgecastcdn.net
*.benet.bertelsmann.com
becure-web.bertelsmann.com
csacde.bertelsmann.de
www.bertelsmann.com
www.benet.bertelsmann.com
becure.bertelsmann.com
becash.bertelsmann.com
www.benet.bertelsmann.com
becash-test.bertelsmann.com
becure-web.bertelsmann.com
benet.bertelsmann.com
becure.bertelsmann.com
www.bertelsmann.com
www.benet.bertelsmann.com
forward.bertelsmann.com
skypetmg.bertelsmann.de
sni1a676gl.wpc.edgecastcdn.net
becash.bertelsmann.com
*.bertelsmann.com
*.bertelsmann.com
benet.bertelsmann.com
bebc.bertelsmann.com
benet.bertelsmann.com
becure.bertelsmann.com
api.bertelsmann.com
benet.bertelsmann.com
benet-ticker.bertelsmann.com
alumni.bertelsmann.com
bwise.bertelsmann.com
becash.bertelsmann.com
bwise-test.bertelsmann.com
sf-becure.mag.bertelsmann.com
benet.bertelsmann.de
gtlbml3lf0200.bagmail.net
api.bertelsmann.com

Certificate

The complete raw certificate details for *.benet.bertelsmann.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGojCCBYqgAwIBAgIQAl4kwYUEtM2yCbRdn9T+vzANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMDYyNDAwMDAwMFoXDTI0MDcyMjIzNTk1OVowIjEg
MB4GA1UEAwwXKi5iZW5ldC5iZXJ0ZWxzbWFubi5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC/pZzUvxj2xHZ29HzK6sbFU7tTKpXCyLTdsVZvx7in
bxiUQ/Dy/irG5SqZ4oxuQYMPM1+P1Gipn+8saNVzgJcVE2O8GsxI4I/ZNy9KmxuB
SlhZBj7SGSBF4job6LxB+Bd8SQTDhh8CJMcsP5k/hN6AjOjGJqeLDJKcos5+qjTi
mzyGKPlzdolNw9Fb14HPV6I3OGUE92/+i0Wx6jdYFJ8R536EdydysOAm+cA0gaby
Md4FzyDzOOfVr29QGNEwM0DVG6hKCQEwQ5DorAb34lg2oXRhS+YvF1OEd2+Wl6HD
He+8vQ6xUcHW+WzyhiGWAv3dhHqEy+vY2H2j3QrtPOv5AgMBAAGjggO4MIIDtDAf
BgNVHSMEGDAWgBTAMVLNWlDDgnx0cc7L6Zz5euuC4jAdBgNVHQ4EFgQUvt2dVu7j
qIWCXbxJn8Mnn5/MBpswgeoGA1UdEQSB4jCB34IXKi5iZW5ldC5iZXJ0ZWxzbWFu
bi5jb22CFWJlbmV0LmJlcnRlbHNtYW5uLmNvbYIWKi5iZW5ldC5iZXJ0ZWxzbWFu
bi5mcoIQZ3JlZW5wb3J0Lmd1ai5kZYIQKi5iZXJ0ZWxzbWFubi5kZYIVKi5wcm9k
LmJlcnRlbHNtYW5uLmRlghYqLmJlbmV0LmJlcnRlbHNtYW5uLmRlghRiZW5ldC5i
ZXJ0ZWxzbWFubi5mcoIWKi5iZW5ldC5iZXJ0ZWxzbWFubi5lc4IUYmVuZXQuYmVy
dGVsc21hbm4uZXMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAyLmFt
YXpvbnRydXN0LmNvbS9yMm0wMi5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwdQYI
KwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5yMm0wMi5hbWF6
b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQucjJtMDIuYW1hem9u
dHJ1c3QuY29tL3IybTAyLmNlcjAMBgNVHRMBAf8EAjAAMIIBfQYKKwYBBAHWeQIE
AgSCAW0EggFpAWcAdgDuzdBk1dsazsVct520zROiModGfLzs3sNRSFlGcR+1mwAA
AYjqxaDiAAAEAwBHMEUCIQCcbXXapLJD1GN3dx7BgEouV844tyXBOfMW2Ih6G0ue
DgIgHO/shrXN7PiYS2db9TG5EdTlVU339nXAo+noDro9etsAdQBIsONr2qZHNA/l
agL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAYjqxaDvAAAEAwBGMEQCIGx5Pu6VQMAG
344R1P0UXEw+Et1ZubNHdgepBvOl0up7AiAXa1/FDhODC0RN0lHtuk3w2jzpusDU
tw1NY4iTTj5tfwB2ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAAB
iOrFoLoAAAQDAEcwRQIgXxwozpP3DEJsekszpB8qa9yjJMO5ZVxHN+pKmE0myIoC
IQC2erlkglHJqd4q72bTjHcQX30joXJeV6pWdG7DGL56gjANBgkqhkiG9w0BAQsF
AAOCAQEAlpSZA9t2uXi/ZtdMh6Jn1bOlSAZdNEtgiXTro8dRllmjS2NC0k0fyfOU
zw86GV01NeMNfLHL4MS6PA4mt7b1iX0rNK42zCKWmToETj7L9zrdoCecNzTS6MsG
LwZB/ujwCbYZw0r2TrOce2divGcyPEfdlVRLUBgxJauMcKQCO50L5PJZ3zn3S1HO
Zk7a4r2Ea0/Ertpt4OZOZB3l5YljtvwU5x6yaAseiEMlyKFtfe9Mt3S1ul+gJ5YT
Ge7mVFHADegPACClMsfrqpYDV/eM5PNVkhuUik/zI8nOPCenoONO0BhobJnygUD6
u4yLTnVt/KVwqqwrmRn2ex/6A7xUHg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6Wc1L8Y9sR2dvR8yurG
xVO7UyqVwsi03bFWb8e4p28YlEPw8v4qxuUqmeKMbkGDDzNfj9RoqZ/vLGjVc4CX
FRNjvBrMSOCP2TcvSpsbgUpYWQY+0hkgReI6G+i8QfgXfEkEw4YfAiTHLD+ZP4Te
gIzoxianiwySnKLOfqo04ps8hij5c3aJTcPRW9eBz1eiNzhlBPdv/otFseo3WBSf
Eed+hHcncrDgJvnANIGm8jHeBc8g8zjn1a9vUBjRMDNA1RuoSgkBMEOQ6KwG9+JY
NqF0YUvmLxdThHdvlpehwx3vvL0OsVHB1vls8oYhlgL93YR6hMvr2Nh9o90K7Tzr
+QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 3147277395220398085937686061975404223
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-06-24 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-22 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.benet.bertelsmann.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24193182875814219865784540682229844956938909958975249450147212382907612952052042217049019661590717118344997338570311767660300739694219201501747347569701288473389340478197693574858420390879064491776520280619740731313200490556971387289877437288624000289675582318078586610537185779037759554397126640101331809932478898351799651091085952706384322466778882832341665113358479226034732225677305086893493582157195144768208729186128607811030961791914534927507781544771558399185548312564267594251945024020205016920126219446956482952199841796106711693609304791040507989183696025740644268704658331389070034915292685940968549837817
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							bedd9d56eee3a885825dbc499fc3279f9fcc069b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (226 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.benet.bertelsmann.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'benet.bertelsmann.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.benet.bertelsmann.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'greenport.guj.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.bertelsmann.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.prod.bertelsmann.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.benet.bertelsmann.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'benet.bertelsmann.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.benet.bertelsmann.es'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'benet.bertelsmann.es'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b00000188eac5a0e200000403004730450221009c6d75daa4b243d46377771ec1804a2e57ce38b725c139f316d8887a1b4b9e0e02201cefec86b5cdecf8984b675bf531b911d4e5554df7f675c0a3e9e80eba3d7adb00750048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d8847300000188eac5a0ef000004030046304402206c793eee9540c006df8e11d4fd145c4c3e12dd59b9b3477607a906f3a5d2ea7b0220176b5fc50e13830b444dd251edba4df0da3ce9bac0d4b70d4d6388934e3e6d7f007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab00000188eac5a0ba000004030047304502205f1c28ce93f70c426c7a4b33a41f2a6bdca324c3b9655c4737ea4a984d26c88a022100b67ab9648251c9a9de2aef66d38c77105f7d23a1725e57aa56746ec318be7a82
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0096949903db76b978bf66d74c87a267d5b3a548065d344b608974eba3c7519659a34b6342d24d1fc9f394cf0f3a195d3535e30d7cb1cbe0c4ba3c0e26b7b6f5897d2b34ae36cc2296993a044e3ecbf73adda0279c3734d2e8cb062f0641fee8f009b619c34af64eb39c7b6762bc67323c47dd95544b50183125ab8c70a4023b9d0be4f259df39f74b51ce664edae2bd846b4fc4aeda6de0e64e641de5e58963b6fc14e71eb2680b1e884325c8a16d7def4cb774b5ba5fa027961319eee65451c00de80f0020a532c7ebaa960357f78ce4f355921b948a4ff323c9ce3c27a7a0e34ed018686c99f28140fabb8c8b4e756dfca570aaac2b9919f67b1ffa03bc541e