application.bbva.poweredbydivido.com

Issued by Amazon RSA 2048 M03

About this certificate

This digital certificate with serial number 04:7e:c8:e4:fa:b0:6e:3d:44:4b:01:48:d8:62:10:8b was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=application.bbva.poweredbydivido.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 04:7e:c8:e4:fa:b0:6e:3d:44:4b:01:48:d8:62:10:8b
Serial Number (int): 5975216010841379349237806060292673675
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 51:2e:2a:2b:47:ed:a8:8f:df:e2:92:32:9d:47:de:7b:0f:1b:b9:5d
AuthorityKeyId: 55:d9:18:5f:d2:1c:cc:01:e1:58:b4:be:ab:d9:55:42:01:d7:2e:02

Fingerprint (sha1): 98:40:c5:b7:bb:3d:12:b2:22:4a:3a:f7:47:20:77:50:06:2b:10:d2
Fingerprint (sha256): 19:69:a4:36:09:d6:16:82:44:cc:c3:5e:af:6e:c9:c7:ce:75:65:a4:49:e8:0c:d5:7b:84:f3:7a:1a:fc:be:e9

Issuing Certificate URL: http://crt.r2m03.amazontrust.com/r2m03.cer

Revocation information

OCSP Server: http://ocsp.r2m03.amazontrust.com
CRL Distribution Point: http://crl.r2m03.amazontrust.com/r2m03.crl

Check the revocation status for certificate application.bbva.poweredbydivido.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for application.bbva.poweredbydivido.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

application.bbva.poweredbydivido.com
application.sandbox.bbva.poweredbydivido.com

Other certificates including the domain name poweredbydivido.com

(limited to 100 certificates)
lender.natwest.poweredbydivido.com
*.multi-eu.poweredbydivido.com
wattsandcostatus.propman.co.uk
apply.staging.santander.poweredbydivido.com
lender.sandbox.ing.poweredbydivido.com
*.sandbox.nordea.poweredbydivido.com
*.staging.nordea.poweredbydivido.com
application.bbva.poweredbydivido.com
status.vleo.net
status.tekloc.net
secure.staging.divido.com
*.testing.hsbc.poweredbydivido.com
status.eurabo.be
status.eurabo.be
apply.testing.bbva.poweredbydivido.com
status.scalerit.de
lender.staging.natwest.poweredbydivido.com
lender.staging.natwest.poweredbydivido.com
apply.testing.bbva.poweredbydivido.com
lender.staging.santander.poweredbydivido.com
wallis.status.app.vista.co
lender.santander.poweredbydivido.com
status.eurabo.be
lender.sandbox.santander.poweredbydivido.com
*.staging.nordea.poweredbydivido.com
lender.testing.natwest.poweredbydivido.com
status.eurabo.be
apply.bbva.poweredbydivido.com
lender.sandbox.ing.poweredbydivido.com
apply.sandbox.santander.poweredbydivido.com
status.eurabo.be
*.divido.com
status.tbft.org.uk
lender.sandbox.natwest.poweredbydivido.com
status.cs.redwood.com
testing.nordea.poweredbydivido.com
status.eurabo.be
*.divido.com
status.tekloc.net
lender.sandbox.santander.poweredbydivido.com
apply.ing.poweredbydivido.com
application.staging.bbva.poweredbydivido.com
secure.testing.divido.com
application.testing.ocs.poweredbydivido.com
status.eurabo.be
*.nordea.poweredbydivido.com
testing.nordea.poweredbydivido.com
secure.testing.divido.com
apply.santander.poweredbydivido.com
apply.natwest.poweredbydivido.com
status.hotel-spider.com
status.cs.redwood.com
lender.natwest.poweredbydivido.com
lender.sandbox.natwest.poweredbydivido.com
application.bbva.poweredbydivido.com
lender.natwest.poweredbydivido.com
status.eurabo.be
status.poweredbydivido.com
status.absis-ciborg.com
*.sandbox.nordea.poweredbydivido.com
status.cs.redwood.com
apply.santander.poweredbydivido.com
status.eurabo.be
apply.staging.ing.poweredbydivido.com
status.eurabo.be
application.staging.bbva.poweredbydivido.com
lender.sandbox.natwest.poweredbydivido.com
status.eurabo.be
lender.testing.natwest.poweredbydivido.com
apply.sandbox.santander.poweredbydivido.com
apply.natwest.poweredbydivido.com
status.eurabo.be
lender.natwest.poweredbydivido.com
*.sandbox.nordea.poweredbydivido.com
status.eurabo.be
status.scalerit.de
lender.ing.poweredbydivido.com
*.staging.bbva.poweredbydivido.com
status.eurabo.be
*.staging.hsbc.poweredbydivido.com
status-mena.obrela.com
status.eurabo.be
status.eurabo.be
lender.staging.ing.poweredbydivido.com
status2.allex.ai
lender.testing.ing.poweredbydivido.com
apply.testing.santander.poweredbydivido.com
*.divido.com
api.testing.ocs.poweredbydivido.com
*.sandbox.ocs.poweredbydivido.com
lender.testing.natwest.poweredbydivido.com
status.eurabo.be
apply.staging.natwest.poweredbydivido.com
status.premierforestgroup.com
status.tekloc.net
lender.sandbox.natwest.poweredbydivido.com
lender.testing.natwest.poweredbydivido.com
status.eurabo.be
status.eurabo.be
secure.testing.divido.com

Certificate

The complete raw certificate details for application.bbva.poweredbydivido.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGIjCCBQqgAwIBAgIQBH7I5Pqwbj1ESwFI2GIQizANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAzMB4XDTI0MDMxMjAwMDAwMFoXDTI1MDQwOTIzNTk1OVowLzEt
MCsGA1UEAxMkYXBwbGljYXRpb24uYmJ2YS5wb3dlcmVkYnlkaXZpZG8uY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5yXnVHmwi2C0KsNJLFUZOTPP
GC0addRA/sEf9QWXhkBXu19fEKk2DZRUd/jqROeT/Pic+vOmkaU58Sc0RNWmDDta
reJZE7kfDozYXtMIMKysxvrw0+JR1IoTvdWXET8ZG3iP/J1LARNqgqQwgmQD5tsL
2tgQl//XeD3eR6c2kb/WUDyFNxwxmbX0siiLNsY6a3rkMuJ/q7DQfVCBmp4VJ1VO
VX0/hGqYaxoMxXl6jyX5NGD+4DgCQyXuvEA+rCDwIt5m5D2dLo+6yOK8yOBty1q9
8oYfXiHxzzyTJHkvw6T6V78VO/bJ1c3amrvZZWKAUk7VJ9+CMKCw+ehmCZAguwID
AQABo4IDKzCCAycwHwYDVR0jBBgwFoAUVdkYX9IczAHhWLS+q9lVQgHXLgIwHQYD
VR0OBBYEFFEuKitH7aiP3+KSMp1H3nsPG7ldMF0GA1UdEQRWMFSCJGFwcGxpY2F0
aW9uLmJidmEucG93ZXJlZGJ5ZGl2aWRvLmNvbYIsYXBwbGljYXRpb24uc2FuZGJv
eC5iYnZhLnBvd2VyZWRieWRpdmlkby5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7
BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAzLmFtYXpvbnRydXN0LmNv
bS9yMm0wMy5jcmwwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8v
b2NzcC5yMm0wMy5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9j
cnQucjJtMDMuYW1hem9udHJ1c3QuY29tL3IybTAzLmNlcjAMBgNVHRMBAf8EAjAA
MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgBOdaMnXJoQwzhbbNTfP1LrHfDg
jhuNacCx+mSxYpo53wAAAY4yA/cfAAAEAwBHMEUCIAZnUxXDXf8hEROBuKUAEtEf
Wpj/8TSFrL6STY34+FmkAiEAzETkUmcnOtdU5EkQyhwm9vdj3MM7W4q2pjRQ8Uti
3R4AdgB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAAAY4yA/daAAAE
AwBHMEUCIQD3K2Pzuv+Cx9qc6AXvltxTnEIsmoNCQtn9w2q557Ry0gIgDlB9/w0i
iroVmA/BvejKAP5d1cpFQkSc35/ao+7chA0AdgDm0jFjQHeMwRBBBtdxuc7B0kD2
loSG+7qHMh39HjeOUAAAAY4yA/d+AAAEAwBHMEUCID9mTRv2Kw3DVDQQ/CbwXUTZ
L5aWicuca1qHFXFnPhAXAiEAvEHmROk/tYgeObTBixJvRJGYMURWd203bMveTWa/
vogwDQYJKoZIhvcNAQELBQADggEBACWACCuVuX6pZMaLbdkOZlfzXT5rCnRPzeK/
6mRJnt0f1WkIzsohzqHkevQ1hPpxff1MsluFKTqjEhfu4FTRd5V+bbARe9ZgS47y
QdAIOcnyJ1JSmfLwbCx6oTe8R9oF8zh77TTlQ+Zgaa9hdzLsnj8JQPwZ3wjX0C6l
U5RCXWKQiNJsy8wcCBTZfLeAr3im4qKM3I1n0JHevnwDJX5eokhkZRRoHa1+Ev+D
IsmK5PRTC4AsFfh/GQYqINS+10uCKdIaRf3069v4/pED+Y40bqqGPawvPVMf5k14
735xWDAJCEd/eV8RqX/JvI4txekjNaIB6tIm8qc6VAOHdDJWajk=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5yXnVHmwi2C0KsNJLFUZ
OTPPGC0addRA/sEf9QWXhkBXu19fEKk2DZRUd/jqROeT/Pic+vOmkaU58Sc0RNWm
DDtareJZE7kfDozYXtMIMKysxvrw0+JR1IoTvdWXET8ZG3iP/J1LARNqgqQwgmQD
5tsL2tgQl//XeD3eR6c2kb/WUDyFNxwxmbX0siiLNsY6a3rkMuJ/q7DQfVCBmp4V
J1VOVX0/hGqYaxoMxXl6jyX5NGD+4DgCQyXuvEA+rCDwIt5m5D2dLo+6yOK8yOBt
y1q98oYfXiHxzzyTJHkvw6T6V78VO/bJ1c3amrvZZWKAUk7VJ9+CMKCw+ehmCZAg
uwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 5975216010841379349237806060292673675
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M03'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-12 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-09 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'application.bbva.poweredbydivido.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29179739425086686468268065170468342531246332807531637836193940028818000387849690669953840388150553168275505280428024550937416367463263419558838649878702371628006241354489598286885206161319263329707666511060872242580784535621830786894069182668986642314208503482945317891051265310277145429622353128537015754050965838289905361017742061800051428457012565995883315714553397597425699744274627309847864379676942796395004883325741357114079090513889697284579442937265548385870598280391281095278455896812095097559336083668636188442191399589477052886641757232004946493690384596610495264742028287423193674186634406497296527139003
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 55d9185fd21ccc01e158b4beabd9554201d72e02
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							512e2a2b47eda88fdfe292329d47de7b0f1bb95d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (86 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'application.bbva.poweredbydivido.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'application.sandbox.bbva.poweredbydivido.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m03.amazontrust.com/r2m03.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m03.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m03.amazontrust.com/r2m03.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018e3203f71f0000040300473045022006675315c35dff21111381b8a50012d11f5a98fff13485acbe924d8df8f859a4022100cc44e45267273ad754e44910ca1c26f6f763dcc33b5b8ab6a63450f14b62dd1e0076007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018e3203f75a0000040300473045022100f72b63f3baff82c7da9ce805ef96dc539c422c9a834242d9fdc36ab9e7b472d202200e507dff0d228aba15980fc1bde8ca00fe5dd5ca4542449cdf9fdaa3eedc840d007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018e3203f77e000004030047304502203f664d1bf62b0dc3543410fc26f05d44d92f969689cb9c6b5a871571673e1017022100bc41e644e93fb5881e39b4c18b126f449198314456776d376ccbde4d66bfbe88
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		002580082b95b97ea964c68b6dd90e6657f35d3e6b0a744fcde2bfea64499edd1fd56908ceca21cea1e47af43584fa717dfd4cb25b85293aa31217eee054d177957e6db0117bd6604b8ef241d00839c9f227525299f2f06c2c7aa137bc47da05f3387bed34e543e66069af617732ec9e3f0940fc19df08d7d02ea55394425d629088d26ccbcc1c0814d97cb780af78a6e2a28cdc8d67d091debe7c03257e5ea248646514681dad7e12ff8322c98ae4f4530b802c15f87f19062a20d4bed74b8229d21a45fdf4ebdbf8fe9103f98e346eaa863dac2f3d531fe64d78ef7e7158300908477f795f11a97fc9bc8e2dc5e92335a201ead226f2a73a5403877432566a39