shop.southbankcentre.co.uk

Issued by Thawte RSA CA 2018

About this certificate

This digital certificate with serial number 01:49:39:2a:ec:b1:45:23:05:02:da:0e:14:c1:2d:51 was issued on by DigiCert Inc.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=shop.southbankcentre.co.uk

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 01:49:39:2a:ec:b1:45:23:05:02:da:0e:14:c1:2d:51
Serial Number (int): 1709425164640960711296554056963665233
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: 85:52:f6:ad:d9:f9:0a:9a:e5:cf:f4:6c:45:25:96:c5:eb:04:4e:3d
AuthorityKeyId: a3:c8:5e:65:54:e5:30:78:c1:05:ea:07:0a:6a:59:cc:b9:fe:de:5a

Fingerprint (sha1): 21:5c:9d:61:6e:15:16:1e:fe:88:11:59:d2:10:1e:5d:f8:d5:6f:b4
Fingerprint (sha256): 12:a6:1d:44:8d:fa:f6:cb:6e:b0:b0:03:fa:ce:57:88:f1:6a:ef:46:41:52:b9:3d:62:de:b6:80:17:cc:56:b5

Issuing Certificate URL: http://cacerts.thawte.com/ThawteRSACA2018.crt

Revocation information

OCSP Server: http://status.thawte.com
CRL Distribution Point: http://cdp.thawte.com/ThawteRSACA2018.crl

Check the revocation status for certificate shop.southbankcentre.co.uk

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for shop.southbankcentre.co.uk

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

shop.southbankcentre.co.uk

Other certificates including the domain name southbankcentre.co.uk

(limited to 100 certificates)
platformsh.map.fastly.net
secure-euwe1-1.tessituranetwork.com
*.southbankcentre.co.uk
secure-euwe1-1.tessituranetwork.com
securessl-eu.tessituranetworkhost.com
ssl391556.cloudflaressl.com
securessl-eu.tessituranetworkhost.com
shop.southbankcentre.co.uk
tls.automattic.com
platformsh.map.fastly.net
platformsh.map.fastly.net
dns-vetting1-marita-ardnek.map.fastly.net
platformsh.map.fastly.net
ssl365218.cloudflaressl.com
platformsh.map.fastly.net
tls.automattic.com
mb.logicside.net
unlimited.southbankcentre.co.uk
platformsh.map.fastly.net
dns-vetting1-marita-ardnek.map.fastly.net
securessl-eu.tessituranetworkhost.com
x3.southbankcentre.co.uk
*.southbankcentre.co.uk
securessl-eu.tessituranetworkhost.com
platformsh.map.fastly.net
securessl-eu.tessituranetworkhost.com
dns-vetting1-marita-ardnek.map.fastly.net
platformsh.map.fastly.net
ssl365217.cloudflaressl.com
collections.southbankcentre.co.uk
securessl-eu.tessituranetworkhost.com
shop.southbankcentre.co.uk
*.southbankcentre.co.uk
ssl365218.cloudflaressl.com
platformsh.map.fastly.net
platformsh.map.fastly.net
platformsh.map.fastly.net
securessl-eu.tessituranetworkhost.com
platformsh.map.fastly.net
platformsh.map.fastly.net
platformsh.map.fastly.net
securessl-eu.tessituranetworkhost.com
*.southbankcentre.co.uk
platformsh.map.fastly.net
platformsh.map.fastly.net
dns-vetting1-marita-ardnek.map.fastly.net
*.southbankcentre.co.uk
resetpassword.gumb.app
dns-vetting1-marita-ardnek.map.fastly.net
unlimited.southbankcentre.co.uk
bynder.southbankcentre.co.uk
recruit.southbankcentre.co.uk
bynder.southbankcentre.co.uk
ammarweb.org
tls.automattic.com
bynder.southbankcentre.co.uk
platformsh.map.fastly.net
recruit.southbankcentre.co.uk
*.southbankcentre.co.uk
platformsh.map.fastly.net
platformsh.map.fastly.net
platformsh.map.fastly.net
platformsh.map.fastly.net
platformsh.map.fastly.net
platformsh.map.fastly.net
platformsh.map.fastly.net
platformsh.map.fastly.net
securessl-eu.tessituranetworkhost.com
dns-vetting1-marita-ardnek.map.fastly.net
securessl-eu.tessituranetworkhost.com
secure-euwe1-1.tessituranetwork.com
securessl-eu.tessituranetworkhost.com
platformsh.map.fastly.net
ssl365216.cloudflaressl.com
securessl-eu.tessituranetworkhost.com
platformsh.map.fastly.net
platformsh.map.fastly.net
unlimited.southbankcentre.co.uk
secure-euwe1-1.tessituranetwork.com
platformsh.map.fastly.net
*.southbankcentre.co.uk
totalrecalldts.co.uk
tls.automattic.com
shop.southbankcentre.co.uk
southbank.afterdigital.io
platformsh.map.fastly.net
x3.southbankcentre.co.uk
platformsh.map.fastly.net
platformsh.map.fastly.net
ssl365217.cloudflaressl.com
dns-vetting1-marita-ardnek.map.fastly.net
46thpreston.org.uk
dns-vetting1-marita-ardnek.map.fastly.net
ssl391555.cloudflaressl.com
southbank.afterdigital.io
unlimited.southbankcentre.co.uk
*.southbankcentre.co.uk
applications.southbankcentre.co.uk
platformsh.map.fastly.net
recruit.southbankcentre.co.uk

Certificate

The complete raw certificate details for shop.southbankcentre.co.uk in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIErTCCA5WgAwIBAgIQAUk5KuyxRSMFAtoOFMEtUTANBgkqhkiG9w0BAQsFADBc
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcN
MTcxMjEzMDAwMDAwWhcNMTkwMTEyMTIwMDAwWjAlMSMwIQYDVQQDExpzaG9wLnNv
dXRoYmFua2NlbnRyZS5jby51azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMxAViQuy02pJ03Dm8/H4c8k1Uv5xTesH5fnyXvTpsyAIzVjWTzyBGw1upig
plZrioU7rgbAKuAWAbFOyvgh2P2e6bBq2ieWwVk3YJ2qppfhnKEJvvf7/lNAuRHG
XcX0FSfy7FjsV5PsD+gPMqTh0MGFhk1zUExnaN4OLB9YshG5u870ZAbMKcSyHYms
0FkRgMXF13QGkNQjLJW8bMhJf9gDQ7QhYtMgSPLOpAuLoRpaIxgVltPRyblG3j9D
rPau+CDmaNExTjH1lD4MtztXA67vRIYOz4NcKQ78xhaCwv9ZOskj+u8hjgrWrQEJ
FTM32ZCcG+IaSOEa+XL/1SXwduMCAwEAAaOCAaAwggGcMB8GA1UdIwQYMBaAFKPI
XmVU5TB4wQXqBwpqWcy5/t5aMB0GA1UdDgQWBBSFUvat2fkKmuXP9GxFJZbF6wRO
PTAlBgNVHREEHjAcghpzaG9wLnNvdXRoYmFua2NlbnRyZS5jby51azAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQz
MDEwL6AtoCuGKWh0dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTgu
Y3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAECMCowKAYIKwYBBQUHAgEWHGh0dHBz
Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIBMG8GCCsGAQUFBwEBBGMw
YTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29tMDkGCCsGAQUF
BzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAnTKEr9yVKO3wR4ixH566
PirnIVuHzajXLDcdXakPJvpEWar5kOFh1dJzGAJgpRkCrdiR3DCwQJgiSTplqKtu
9IWqwbLAa5zDv9IguB4TLfK82ESPXz/lKZ59ypUNHohWqvFEYMD64itVkHX4UO3M
Vw1kHu3tNaypc6jLEJzhPXcV8A6AA/4ehE4WQ/BwaHh+M0lUH8UAQ8GNyY6Ue9o8
Hr253cUaylUVQzvEn+OXxlHgQLzZlWl2kr2YFDPa0nNouU7vSdPDpJPZfHzhfA/1
ZILMJhlVYyeuE3mVQt/e1T20+/efnb3usn42VKfyqdfM8EBMHchg5EEbUipwK4+m
Og==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEBWJC7LTaknTcObz8fh
zyTVS/nFN6wfl+fJe9OmzIAjNWNZPPIEbDW6mKCmVmuKhTuuBsAq4BYBsU7K+CHY
/Z7psGraJ5bBWTdgnaqml+GcoQm+9/v+U0C5EcZdxfQVJ/LsWOxXk+wP6A8ypOHQ
wYWGTXNQTGdo3g4sH1iyEbm7zvRkBswpxLIdiazQWRGAxcXXdAaQ1CMslbxsyEl/
2ANDtCFi0yBI8s6kC4uhGlojGBWW09HJuUbeP0Os9q74IOZo0TFOMfWUPgy3O1cD
ru9Ehg7Pg1wpDvzGFoLC/1k6ySP67yGOCtatAQkVMzfZkJwb4hpI4Rr5cv/VJfB2
4wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1709425164640960711296554056963665233
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-12-13 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-01-12 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'shop.southbankcentre.co.uk'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25784339718526239150517693993139373591732261437362281688507881445799541078796103311450206884169651835159457796539737935219604090646583817268675153291473183299030661647391757903199978329142506199624062239841412197733176878038049231692342676625780257063198226859657409842053786418425017820192052520613019603999476617436702166456017274240486070115413306096520843740255750188003268773461152426056105372485326339610656712202174187512205923023705574367656400901896298263645242360145896701164752031957271290461426466072037761903543672766144224384916431119199604073540801190739271023330707648147236693736352379009910797530851
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a3c85e6554e53078c105ea070a6a59ccb9fede5a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8552f6add9f90a9ae5cff46c452596c5eb044e3d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'shop.southbankcentre.co.uk'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (51 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009d3284afdc9528edf04788b11f9eba3e2ae7215b87cda8d72c371d5da90f26fa4459aaf990e161d5d273180260a51902add891dc30b0409822493a65a8ab6ef485aac1b2c06b9cc3bfd220b81e132df2bcd8448f5f3fe5299e7dca950d1e8856aaf14460c0fae22b559075f850edcc570d641eeded35aca973a8cb109ce13d7715f00e8003fe1e844e1643f07068787e3349541fc50043c18dc98e947bda3c1ebdb9ddc51aca5515433bc49fe397c651e040bcd995697692bd981433dad27368b94eef49d3c3a493d97c7ce17c0ff56482cc2619556327ae13799542dfded53db4fbf79f9dbdeeb27e3654a7f2a9d7ccf0404c1dc860e4411b522a702b8fa63a