officewebapps-external.apl.com

- APL Limited -

Issued by Entrust Certification Authority - L1C

About this certificate

This digital certificate with serial number 4c:22:95:6c was issued on by Entrust, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

APL Limited

Organization: APL Limited
Locality: Singapore
Country: SG

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: www.entrust.net/rpa is incorporated by reference
Organization unit: (c) 2009 Entrust, Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 4c:22:95:6c
Serial Number (int): 1277334892
Serial Number lenght: 31 bits, 4 octets

SubjectKeyId: 47:b6:0b:7b:d9:fe:49:6a:5a:f1:16:74:f4:04:2d:87:45:b3:df:f1
AuthorityKeyId: 1e:f1:ab:89:06:f8:49:0f:01:33:77:ee:14:7a:ee:19:7c:93:28:4d

Fingerprint (sha1): 52:73:bc:09:66:fb:7c:0b:0b:64:8b:df:c9:28:e9:98:72:50:52:b8
Fingerprint (sha256): 17:7c:7f:54:eb:17:e3:27:5f:e6:d3:2d:54:a2:27:3f:aa:d0:4a:bf:6e:00:ec:e5:77:f1:f3:02:3e:06:7f:0c

Issuing Certificate URL: http://aia.entrust.net/2048-l1c.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1c.crl

Check the revocation status for certificate officewebapps-external.apl.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for officewebapps-external.apl.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA1 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

officewebapps-external.apl.com

Other certificates including the domain name apl.com

(limited to 100 certificates)
www.quantil.com
iap.apl.com
agentvpn.apl.com
*.apl.com
www.apl.com
gem.apl.com
webmail.apl.com
cma-cgm.com
survey.apl.com
www.quantil.com
www.quantil.com
usvpn.apl.com
sip-service.apl.com
survey.apl.com
lift.apl.com
sip-service.apl.com
officewebapps-external.apl.com
officewebapps-external.apl.com
lift.apl.com
tariff.apl.com
survey.apl.com
interchange-stg.apl.com
lyncpool01.d1.ad.apl.com
*.apl.com
sip-service.apl.com
homeport.apl.com
homeport.apl.com
aplinfo.apl.com
sgvpn2.apl.com
www.apl.com
voyage.apl.com
www.quantil.com
info.apl.com
homeport8.apl.com
snxncexpecl01.apac.apl.com
interchange-stg.apl.com
survey.apl.com
identity.apl.com
aplweb.apl.com
homeport.apl.com
mobile.apl.com
interchange-int.apl.com
www.apl.com
gem.apl.com
www.quantil.com
aplinfo.apl.com
www.quantil.com
apl.com
rbitgem.apl.com
apl.com
*.apl.com
interchange.apl.com
lift.apl.com
fson.apl.com
tariff.apl.com
voyage.apl.com
*.apl.com
webmail.apl.com
www.apl.com
homeport.apl.com
snxncexpecl01.apac.apl.com
*.apl.com
*.apl.com
www.apl.com
www.apl.com
lift.apl.com
ubusiness.apl.com
interchange.apl.com
homeport.apl.com
www.apl.com
homeport.apl.com
rbitgem.apl.com
www.apl.com
www.quantil.com
www.apl.com
www.apl.com
www.apl.com
officewebapps-external.apl.com
iap.apl.com
www.apl.com
officewebapps-internal.apl.com
webmail.apl.com
www.quantil.com
cma-cgm.com
www.apl.com
www.apl.com
cf-tariff.apl.com
sgvpn.apl.com
cma-cgm.com
aplinfo.apl.com
ocspool1.d1.ad.apl.com
homeport.apl.com
*.apl.com
fson.apl.com
homeport.apl.com
gccvat.apl.com
agentvpn.apl.com
webmail.apl.com
iam.apl.com
*.apl.com

Certificate

The complete raw certificate details for officewebapps-external.apl.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIETCKVbDANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xNDA0MDMwMjE5MDBaFw0xNzAzMjYw
ODI5MzNaMGAxCzAJBgNVBAYTAlNHMRIwEAYDVQQHEwlTaW5nYXBvcmUxFDASBgNV
BAoTC0FQTCBMaW1pdGVkMScwJQYDVQQDEx5vZmZpY2V3ZWJhcHBzLWV4dGVybmFs
LmFwbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDo50l5KHmC
75JRmItn+RDOmGv/4XACbZLZ16IWfUdp1Xnr/1pcL5MSwqD2BrJrYOvbO2ejf4oW
bwBon6aDLHMjlaz5xIPbHyZ//Pogjuct6qwyp2zuRd9H1vcl30kqU6an2CVRsLT1
hhRnRRCcC7jjYSqQCV0ktZyzljszWIi0ZU42TQqUFgFvr3jfuu+gRv5pJA73HF8N
fHK6L6YfocENMMVuC4i0FlsVitTQYtWprrBYU2qlhhS830hkz7vuJDGG6JPMWQVY
KKN66jMoxb+JkfMocdGbncp+Y01oG5X4UpvnlWyV3OZ+AozMpbv1z4P5ig5AtA0i
tNBC3VISJCvLAgMBAAGjggGDMIIBfzALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYI
KwYBBQUHAwEwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5l
dC9sZXZlbDFjLmNybDBkBggrBgEFBQcBAQRYMFYwIwYIKwYBBQUHMAGGF2h0dHA6
Ly9vY3NwLmVudHJ1c3QubmV0MC8GCCsGAQUFBzAChiNodHRwOi8vYWlhLmVudHJ1
c3QubmV0LzIwNDgtbDFjLmNlcjBKBgNVHSAEQzBBMDUGCSqGSIb2fQdLAjAoMCYG
CCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwBAgIw
KQYDVR0RBCIwIIIeb2ZmaWNld2ViYXBwcy1leHRlcm5hbC5hcGwuY29tMB8GA1Ud
IwQYMBaAFB7xq4kG+EkPATN37hR67hl8kyhNMB0GA1UdDgQWBBRHtgt72f5Jalrx
FnT0BC2HRbPf8TAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQAi+/6a9Dnq
7R9ZkBd/zTkJ6bw1/F0ox+NIIVG8MOiRFHCG1Vv7eGZVyEDRWHgL7Zdp9afvFNMG
gHs+ujAaLwtrgrnq3zn1PvcldWslr1QuziYzcyIJUNtrBZCpYPTVkGmNdAmrogvZ
IUnufLEw0qn3OGrSorzyAlyMzlq/U2E2wjRlbw44HbXkvc9aL7ey6i9p44knUyV8
2RXxBKSYvBIM+5fv+JVp6s72rzrOK5J49B3KgAWvtboHqJQme/DZRLwLe71dlJFz
sLxEzCI0azM2z8CFtzLShipGy2Mmt9AQc7ri6dW29rH3cOqsszHLHqTV/V7BNPmL
jvIHj3lejUAy
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6OdJeSh5gu+SUZiLZ/kQ
zphr/+FwAm2S2deiFn1HadV56/9aXC+TEsKg9gaya2Dr2ztno3+KFm8AaJ+mgyxz
I5Ws+cSD2x8mf/z6II7nLeqsMqds7kXfR9b3Jd9JKlOmp9glUbC09YYUZ0UQnAu4
42EqkAldJLWcs5Y7M1iItGVONk0KlBYBb69437rvoEb+aSQO9xxfDXxyui+mH6HB
DTDFbguItBZbFYrU0GLVqa6wWFNqpYYUvN9IZM+77iQxhuiTzFkFWCijeuozKMW/
iZHzKHHRm53KfmNNaBuV+FKb55VsldzmfgKMzKW79c+D+YoOQLQNIrTQQt1SEiQr
ywIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1277334892
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.entrust.net/rpa is incorporated by reference'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2009 Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1C'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2014-04-03 02:19:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-03-26 08:29:33 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Singapore'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'APL Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'officewebapps-external.apl.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29401338625050759711611175495764160291880285171668399466742338882213978667582372626767641581361230763400531469936830320830925244167852257589759121928209100692876796359393517932895448543718872191161726079748179977496416234313226245287413959119717825032968918991681830786581844206815947257889278994590919990708557884471506590387549978071800402932475048746682959679044029110760457993369663303318914070960649293864260719126438531569778425681234477162359552542360506842754188700615348358311850407456669789204181470245355433513385350102981290553188821277451936853041541189027570605216114295432753637025549941725487226432459
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1c.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (88 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/2048-l1c.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113533.7.75.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'officewebapps-external.apl.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1ef1ab8906f8490f013377ee147aee197c93284d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							47b60b7bd9fe496a5af11674f4042d8745b3dff1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0022fbfe9af439eaed1f5990177fcd3909e9bc35fc5d28c7e3482151bc30e891147086d55bfb786655c840d158780bed9769f5a7ef14d306807b3eba301a2f0b6b82b9eadf39f53ef725756b25af542ece263373220950db6b0590a960f4d590698d7409aba20bd92149ee7cb130d2a9f7386ad2a2bcf2025c8cce5abf536136c234656f0e381db5e4bdcf5a2fb7b2ea2f69e3892753257cd915f104a498bc120cfb97eff89569eacef6af3ace2b9278f41dca8005afb5ba07a894267bf0d944bc0b7bbd5d949173b0bc44cc22346b3336cfc085b732d2862a46cb6326b7d01073bae2e9d5b6f6b1f770eaacb331cb1ea4d5fd5ec134f98b8ef2078f795e8d4032