justworks.com

Issued by Amazon

About this certificate

This digital certificate with serial number 0d:97:4f:9a:31:cd:64:93:15:58:34:e9:61:9a:dc:79 was issued on by Amazon.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=justworks.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0d:97:4f:9a:31:cd:64:93:15:58:34:e9:61:9a:dc:79
Serial Number (int): 18065615297751451222453688565847743609
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: ab:62:e6:88:7e:46:cf:53:c3:73:98:c8:1d:2c:3e:12:45:3b:92:5e
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 95:3a:4e:c0:d6:8a:f6:ee:d6:38:51:93:0f:83:9f:fd:6e:c1:ad:b6
Fingerprint (sha256): 18:e9:39:47:3d:dd:c1:47:b9:7e:f4:64:78:07:22:88:cb:83:31:fb:87:8e:37:0c:48:4a:f9:74:80:21:8e:4b

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b-1.crl

Check the revocation status for certificate justworks.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for justworks.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

justworks.com

Other certificates including the domain name justworks.com

(limited to 100 certificates)
sni.cloudflaressl.com
tools.staging.benefits.secure.justworks.com
sni.cloudflaressl.com
sni.cloudflaressl.com
try.justworks.com
sni.cloudflaressl.com
rbstatus.empowerid.net
justworks.com
appstatus.justworks.com
tools.benefits.secure.justworks.com
scim.justworks.com
*.service.justworks.com
api-status.postmates.com
scim.justworks.com
go.justworks.com
tools.benefits.staging.justworks.com
help.justworks.com
help.justworks.com
justworks.com
staging.benefits.secure.justworks.com
payroll.justworks.com
go.justworks.com
rbstatus.empowerid.net
api-status.postmates.com
help.justworks.com
sni.cloudflaressl.com
justworks.com
get.justworks.com
*.justworks.com
leapfrog-ssl-50.gcs-web.com
okta.justworks.com
justworks.com
rbstatus.empowerid.net
go.justworks.com
get.justworks.com
appstatus.justworks.com
okta.justworks.com
leapfrog-ssl-50.gcs-web.com
help.justworks.com
*.vibe.justworks.com
neon.justworks.com
okta.justworks.com
*.contractor.justworks.com
oktapreview.justworks.com
okta.justworks.com
*.infra-nonprod.justworks.com
help.justworks.com
benefits.secure.justworks.com
justworks.com
rbstatus.empowerid.net
sni.cloudflaressl.com
rbstatus.empowerid.net
leapfrog-ssl-50.gcs-web.com
leapfrog-ssl-50.gcs-web.com
help.justworks.com
tour.neon.justworks.com
payroll.justworks.com
help.justworks.com
api-status.postmates.com
rbstatus.empowerid.net
neon.justworks.com
rbstatus.empowerid.net
help.justworks.com
api-status.postmates.com
rbstatus.empowerid.net
*.infra-sandbox.justworks.com
okta.justworks.com
staging-login.justworks.com
leapfrog-ssl-50.gcs-web.com
appstatus.justworks.com
go.justworks.com
justworks.com
help.justworks.com
api-status.postmates.com
leapfrog-ssl-50.gcs-web.com
go.justworks.com
events.justworks.com
sni.cloudflaressl.com
leapfrog-ssl-50.gcs-web.com
updates.justworks.com
leapfrog-ssl-50.gcs-web.com
get.justworks.com
justworks.com
leapfrog-ssl-50.gcs-web.com
*.justworks.com
*.tour.neon.justworks.com
sni.cloudflaressl.com
scim.justworks.com
leapfrog-ssl-50.gcs-web.com
updates.justworks.com
scim.justworks.com
get.justworks.com
leapfrog-ssl-50.gcs-web.com
leapfrog-ssl-50.gcs-web.com
*.data.justworks.com
*.staging.justworks.com
justworks.com
help.justworks.com
try.justworks.com
*.sandbox.vibe.justworks.com

Certificate

The complete raw certificate details for justworks.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF0jCCBLqgAwIBAgIQDZdPmjHNZJMVWDTpYZrceTANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMjA2MjMwMDAwMDBaFw0yMzA3MjIy
MzU5NTlaMBgxFjAUBgNVBAMTDWp1c3R3b3Jrcy5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDT6BxRf0BEakx8pAYQQbogMek4Cw8Ljs2lsRmFukKE
jVAH2dntYeOZIcT/hVLPmC0fnQ8tCMXtpFoxgJt5Z0aWZ3ipvwHkGvxEd/vFjLBX
uG+z1R9y5+S1Zh3Plzu3EFgTyAPJ/YcE9Ul4Td5pAVvEO4sSoWHlwNyIZAuBz4Hn
iloTjqp1hJaErSxF/QCYdRpHIZf1648yjdySiGG3QDr1o5MkO3FQ0iUzFMhn1aBn
H982zLPj0UJUTV5ba7p5dcpct7lZZpGXv/L3mKzXTK4aqySkmTQViSOsO99OFhQv
g0qopMjWHLO1REV2srUD+UH1Kl3U1upUuUnTFodzeYK/AgMBAAGjggLoMIIC5DAf
BgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUq2LmiH5G
z1PDc5jIHSw+EkU7kl4wGAYDVR0RBBEwD4INanVzdHdvcmtzLmNvbTAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2
MDQwMqAwoC6GLGh0dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFi
LTEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMHUGCCsGAQUFBwEBBGkwZzAtBggr
BgEFBQcwAYYhaHR0cDovL29jc3Auc2NhMWIuYW1hem9udHJ1c3QuY29tMDYGCCsG
AQUFBzAChipodHRwOi8vY3J0LnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi5j
cnQwDAYDVR0TAQH/BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA6D7Q
2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGBkL8uaQAABAMARjBEAiBc
wiEkFeroUvafKoBHQwDj2FgmSmL4hVSYweJ7x0k3xgIgNuUePNzzKlRuvOC4WfFP
849M/9XZN4nP+1taRucn83gAdwA1zxkbv7FsV78PrUxtQsu7ticgJlHqP+Eq76gD
wzvWTAAAAYGQvy6TAAAEAwBIMEYCIQD/sA5XrAN6ZaA5FvnbG3Z98D9nhBIRRqa1
nIIcZwKGwAIhAMEXIJSqW/MNx7DP0hkVHL9UYt/2cQzb6m994zkdS3v6AHYAs3N3
B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGBkL8uwgAABAMARzBFAiEA
9SY1eoUCQqoh9MYBIQf6UKiQE5Z9j/KsFuELlnl0N4ACICMn3atM2cvUiyP9MUtd
MFzENu0H0dyCPJn+CA0Tl/MdMA0GCSqGSIb3DQEBCwUAA4IBAQBVslQYWzYm7wCe
jxdKp8bPHydtqjBJzy+AvSJUF7+nALxiYlYAuaEHdvjTuBg0aFGHzLLaJh9zTlVA
gkj7atJGRgsV0pM+IOHUncW7UmLrzH2u2aVjwFIXDgGn/hiObZlrThosSHfkatR/
P9vX24+Xv37vto1URfG1bKyrOOsDyeZoroRR5GZAolPmWw+UASnTkMM+gO3y2ooP
oa57F5EulNiiIWaxzBccXDEJ/udIz7OJNz+0adApM+VEAPKMo1P5Ad9ILliAWney
pu03bIG49vN+R004bo5zLLsK0JXzhJOh/KF7auMFSUkrej/edG3Bjpk3xLUlGV1F
JFPt0zrh
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+gcUX9ARGpMfKQGEEG6
IDHpOAsPC47NpbEZhbpChI1QB9nZ7WHjmSHE/4VSz5gtH50PLQjF7aRaMYCbeWdG
lmd4qb8B5Br8RHf7xYywV7hvs9UfcufktWYdz5c7txBYE8gDyf2HBPVJeE3eaQFb
xDuLEqFh5cDciGQLgc+B54paE46qdYSWhK0sRf0AmHUaRyGX9euPMo3ckohht0A6
9aOTJDtxUNIlMxTIZ9WgZx/fNsyz49FCVE1eW2u6eXXKXLe5WWaRl7/y95is10yu
GqskpJk0FYkjrDvfThYUL4NKqKTI1hyztURFdrK1A/lB9Spd1NbqVLlJ0xaHc3mC
vwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 18065615297751451222453688565847743609
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-06-23 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-07-22 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'justworks.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26750740359752254819709977133837915640882818927507791357720869513190647738623394270731660016390242173044021929673181119518469558661192323287626392096096883710907335634017565034304385072831995012987315573991693868852425826501982044751472731395121174491102636685957886911800989724360330380080131386495496552091744406526620350245042364329881241487192487169501330010013118334460690273978541353976523576306245777788672392824593007946845850480848361830728582117939207407853116112262618305076399329914262770969807915707679621545400835429900022996759102648727540091157713134624879757984943847484267438215257242732585023013567
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							ab62e6887e46cf53c37398c81d2c3e12453b925e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (17 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'justworks.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007500e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e0000018190bf2e69000004030046304402205cc2212415eae852f69f2a80474300e3d858264a62f8855498c1e27bc74937c6022036e51e3cdcf32a546ebce0b859f14ff38f4cffd5d93789cffb5b5a46e727f37800770035cf191bbfb16c57bf0fad4c6d42cbbbb627202651ea3fe12aefa803c33bd64c0000018190bf2e930000040300483046022100ffb00e57ac037a65a03916f9db1b767df03f6784121146a6b59c821c670286c0022100c1172094aa5bf30dc7b0cfd219151cbf5462dff6710cdbea6f7de3391d4b7bfa007600b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a0000018190bf2ec20000040300473045022100f526357a850242aa21f4c6012107fa50a89013967d8ff2ac16e10b967974378002202327ddab4cd9cbd48b23fd314b5d305cc436ed07d1dc823c99fe080d1397f31d
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0055b254185b3626ef009e8f174aa7c6cf1f276daa3049cf2f80bd225417bfa700bc62625600b9a10776f8d3b81834685187ccb2da261f734e55408248fb6ad246460b15d2933e20e1d49dc5bb5262ebcc7daed9a563c052170e01a7fe188e6d996b4e1a2c4877e46ad47f3fdbd7db8f97bf7eefb68d5445f1b56cacab38eb03c9e668ae8451e46640a253e65b0f940129d390c33e80edf2da8a0fa1ae7b17912e94d8a22166b1cc171c5c3109fee748cfb389373fb469d02933e54400f28ca353f901df482e58805a77b2a6ed376c81b8f6f37e474d386e8e732cbb0ad095f38493a1fca17b6ae30549492b7a3fde746dc18e9937c4b525195d452453edd33ae1