childcare-provider-checker.tax.service.gov.uk

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 0c:a7:96:b8:20:38:e0:2f:f4:7e:6b:05:5e:b1:d7:41 was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=childcare-provider-checker.tax.service.gov.uk

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0c:a7:96:b8:20:38:e0:2f:f4:7e:6b:05:5e:b1:d7:41
Serial Number (int): 16820906474189035918900219071104669505
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 3a:78:43:07:47:b4:89:f1:f9:83:74:03:19:c6:18:ba:c7:06:fa:bc
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): a6:81:e8:a9:54:69:f0:80:7d:08:50:0c:60:7e:89:5f:2d:1a:39:45
Fingerprint (sha256): 17:f1:2e:ad:c0:65:12:30:54:c0:c2:8a:fb:2a:f7:d5:ab:bf:7c:44:82:93:4b:b0:54:46:fd:25:65:5b:19:6b

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate childcare-provider-checker.tax.service.gov.uk

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for childcare-provider-checker.tax.service.gov.uk

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

childcare-provider-checker.tax.service.gov.uk
www.childcare-provider-checker.tax.service.gov.uk

Other certificates including the domain name tax.service.gov.uk

(limited to 100 certificates)
landscape.production.tools.tax.service.gov.uk
developer.service.hmrc.gov.uk
kibana.mdtp-staging.telemetry.tax.service.gov.uk
tools-proxy.staging.tools.tax.service.gov.uk
admin.staging.tax.service.gov.uk
api.production.tax.service.gov.uk
testcert2.tools.sandbox.tax.service.gov.uk
api.externaltest.tax.service.gov.uk
api.development.tax.service.gov.uk
api-platform-status.production.tax.service.gov.uk
open.artefacts.tax.service.gov.uk
cip-canary-service-10-42.development.cip-paas.tax.service.gov.uk
dis.tax.service.gov.uk
childcare.tax.service.gov.uk
default.development.cip-paas.tax.service.gov.uk
childcare.tax.service.gov.uk
tools-proxy.staging.tools.tax.service.gov.uk
*.development.tax.service.gov.uk
kibana.internal-lab02.telemetry.tax.service.gov.uk
kibana.internal-lab02.telemetry.tax.service.gov.uk
cname-acs-fast-stream.qa.tax.service.gov.uk
api.integration.tax.service.gov.uk
lab02.build.tax.service.gov.uk
elasticsearch.internal-lab04.telemetry.tax.service.gov.uk
kibana.internal-lab03.telemetry.tax.service.gov.uk
tools-proxy.staging.tools.tax.service.gov.uk
platapps-live.tax.service.gov.uk
paas-sample-21-70.development.cip-paas.tax.service.gov.uk
grafana.internal-lab01.telemetry.tax.service.gov.uk
admin.development.tax.service.gov.uk
www.prototypes.tax.service.gov.uk
paas-sample-2501-165.development.cip-paas.tax.service.gov.uk
platapps-labs.tools.tax.service.gov.uk
kibana.internal-lab04.telemetry.tax.service.gov.uk
maps-11-987.development.cip-paas.tax.service.gov.uk
cname-api.integration.tax.service.gov.uk
*.live.platops.tax.service.gov.uk
kibana.internal-lab02.telemetry.tax.service.gov.uk
cip-canary-service-8-55.development.cip-paas.tax.service.gov.uk
online.hmrc.gov.uk
www.staging.tax.service.gov.uk
paas-sample-2439.sandbox.cip-paas.tax.service.gov.uk
cname-acs-fast-stream.development.tax.service.gov.uk
paas-sample-2501-159.development.cip-paas.tax.service.gov.uk
development.tax.service.gov.uk
api-platform-status.production.tax.service.gov.uk
status-tool.internal-lab01.telemetry.tax.service.gov.uk
kibana.internal-lab02.telemetry.tax.service.gov.uk
mdtp-system.platapps-labs.tax.service.gov.uk
maps-2501-160.development.cip-paas.tax.service.gov.uk
confluence.staging.tools.tax.service.gov.uk
default.development.cip-paas.tax.service.gov.uk
grafana-alerting.internal-lab01.telemetry.tax.service.gov.uk
elasticsearch.internal-lab02.telemetry.tax.service.gov.uk
elasticsearch.internal-staging.telemetry.tax.service.gov.uk
default.development.cip-paas.tax.service.gov.uk
selfservice.staging.tools.tax.service.gov.uk
*.tax.service.gov.uk
default.development.cip-paas.tax.service.gov.uk
jenkins-test.tools.management.tax.service.gov.uk
online.hmrc.gov.uk
mediastorage.staging.tools.tax.service.gov.uk
*.internal-lab03.telemetry.tax.service.gov.uk
*.staging.upscan.tax.service.gov.uk
*.labs.platops.tax.service.gov.uk
elasticsearch.internal-lab01.telemetry.tax.service.gov.uk
jira.staging.tools.tax.service.gov.uk
dis.qa.tax.service.gov.uk
tax.service.gov.uk
api-platform-status.production.tax.service.gov.uk
tools-proxy.staging.tools.tax.service.gov.uk
bank-account-insights.staging.cip-app.tax.service.gov.uk
platapps-labs.tax.service.gov.uk
test-transaction-engine.tax.service.gov.uk
cname-jons-ccn2.integration.tax.service.gov.uk
webchat-dev.tax.service.gov.uk
grafana.mdtp-qa.telemetry.tax.service.gov.uk
cip-canary-service-2-38.development.cip-paas.tax.service.gov.uk
default.development.cip-paas.tax.service.gov.uk
default.development.cip-paas.tax.service.gov.uk
dis.qa.tax.service.gov.uk
*.integration.tax.service.gov.uk
maps-16-567.development.cip-paas.tax.service.gov.uk
platapps-labs.tools.tax.service.gov.uk
childcare-provider-checker.tax.service.gov.uk
qa.tax.service.gov.uk
api-platform-status.production.tax.service.gov.uk
paas-sample-2-11.development.cip-paas.tax.service.gov.uk
lab02.artefacts.tax.service.gov.uk
cname-jons-transaction-engine.integration.tax.service.gov.uk
api.integration.tax.service.gov.uk
elasticsearch.internal-lab04.telemetry.tax.service.gov.uk
paas-sample-15-80.development.cip-paas.tax.service.gov.uk
grafana.internal-lab03.telemetry.tax.service.gov.uk
cip-credential-risking.development.cip-paas.tax.service.gov.uk
data-product-registry.development.cip-paas.tax.service.gov.uk
paas-sample-2732-150.development.cip-paas.tax.service.gov.uk
api-platform-status.production.tax.service.gov.uk
default.development.cip-paas.tax.service.gov.uk
paas-sample-2501-2501.sandbox.cip-paas.tax.service.gov.uk

Certificate

The complete raw certificate details for childcare-provider-checker.tax.service.gov.uk in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEzDCCA7SgAwIBAgIQDKeWuCA44C/0fmsFXrHXQTANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMDUyMzAwMDAwMFoXDTI0MDYyMDIzNTk1OVowODE2
MDQGA1UEAxMtY2hpbGRjYXJlLXByb3ZpZGVyLWNoZWNrZXIudGF4LnNlcnZpY2Uu
Z292LnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY6AEVmkV7Cz
aMvvxtjTdaJl5EH17PSMqVruIxxnby3cL9EWsAxCswGMVtmt6C1MmzIrQt/ElR8f
cZVYtTTDSHsoXfJHE51yyZtXn2aGk4A7O64mGC7eUqr44XpWeteKYrJI15IlrnMA
I/ip3tNZBtgvFWUFTVGA7JayxZFE2vEI1SYmIjdP/T5SbSVRr30hB2QBkOKMW3yG
bSaAepYKDDxcZaWiGUa6HlD8OYgrJoGorUA46I2siiPjeiGfeEa64jkoeCWLIBwY
4/HbG+nTUf5FzWiDWN+wyh+FIn4KsL4WNogdUWB0v7YzRNzgvRdIQwXAfqSigRmq
no6nf1xuNQIDAQABo4IBzDCCAcgwHwYDVR0jBBgwFoAUwDFSzVpQw4J8dHHOy+mc
+XrrguIwHQYDVR0OBBYEFDp4QwdHtInx+YN0AxnGGLrHBvq8MGsGA1UdEQRkMGKC
LWNoaWxkY2FyZS1wcm92aWRlci1jaGVja2VyLnRheC5zZXJ2aWNlLmdvdi51a4Ix
d3d3LmNoaWxkY2FyZS1wcm92aWRlci1jaGVja2VyLnRheC5zZXJ2aWNlLmdvdi51
azAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwucjJtMDIuYW1hem9udHJ1c3Qu
Y29tL3IybTAyLmNybDATBgNVHSAEDDAKMAgGBmeBDAECATB1BggrBgEFBQcBAQRp
MGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnIybTAyLmFtYXpvbnRydXN0LmNv
bTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5yMm0wMi5hbWF6b250cnVzdC5jb20v
cjJtMDIuY2VyMAwGA1UdEwEB/wQCMAAwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJ
KoZIhvcNAQELBQADggEBAE0MpPjXqZXTawhC0J10+eqqzZir205EgSUym/AZ9jUu
IOWDKLdVExWHR0XsJO9+tzk288/SIgCgO1j+xNsf7XQefJyMM/gmf2TNt5RtZ1Nt
wjt3yEZ1Pvdah+rgzz3WJkolJSo4hurt9ejF3KdGd8jusv4ETXfVwYHYvyuY9rkS
oz22yv9+3bPlum/tlGP70aZT+FpzWFvKCrE7l1X3qWlwoCEjfxb9IJMzPrLdXr+8
RlxPW+qQ+rzQN5bSbdRvCGPuzGVZ854pSsSbJCTvaCt6k4vUYmaM/d1jCvMkDCvx
j7JnfhNZwaySapP7pEak+bvZYHBs8SGWHKcSBdfDLoc=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY6AEVmkV7CzaMvvxtjT
daJl5EH17PSMqVruIxxnby3cL9EWsAxCswGMVtmt6C1MmzIrQt/ElR8fcZVYtTTD
SHsoXfJHE51yyZtXn2aGk4A7O64mGC7eUqr44XpWeteKYrJI15IlrnMAI/ip3tNZ
BtgvFWUFTVGA7JayxZFE2vEI1SYmIjdP/T5SbSVRr30hB2QBkOKMW3yGbSaAepYK
DDxcZaWiGUa6HlD8OYgrJoGorUA46I2siiPjeiGfeEa64jkoeCWLIBwY4/HbG+nT
Uf5FzWiDWN+wyh+FIn4KsL4WNogdUWB0v7YzRNzgvRdIQwXAfqSigRmqno6nf1xu
NQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 16820906474189035918900219071104669505
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-05-23 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-20 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'childcare-provider-checker.tax.service.gov.uk'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21404543038788542803570816995481023652054157681431800493907477400115926941959809642549316825930922870464459336110652115935496897438551088394491621155443694563276496786215732759517729897260776725106751266726773897375438437304260615215541191593089095973774394265162594493951702635840213050072706818950992994646646471894730918229707938817248274783831646865612523517072497227671595953468892847251696377754979608875080443327660016686097201679145204471280356613517985069630442161410069218668744426995864331699123123418729007426984442520761748488821136356519618465527700458434999582174456873429090002577443118234187541016117
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3a78430747b489f1f983740319c618bac706fabc
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'childcare-provider-checker.tax.service.gov.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.childcare-provider-checker.tax.service.gov.uk'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004d0ca4f8d7a995d36b0842d09d74f9eaaacd98abdb4e448125329bf019f6352e20e58328b7551315874745ec24ef7eb73936f3cfd22200a03b58fec4db1fed741e7c9c8c33f8267f64cdb7946d67536dc23b77c846753ef75a87eae0cf3dd6264a25252a3886eaedf5e8c5dca74677c8eeb2fe044d77d5c181d8bf2b98f6b912a33db6caff7eddb3e5ba6fed9463fbd1a653f85a73585bca0ab13b9755f7a96970a021237f16fd2093333eb2dd5ebfbc465c4f5bea90fabcd03796d26dd46f0863eecc6559f39e294ac49b2424ef682b7a938bd462668cfddd630af3240c2bf18fb2677e1359c1ac926a93fba446a4f9bbd960706cf121961ca71205d7c32e87