upto.axa.ch
Issued by R3
About this certificate
This digital certificate with serial number 04:66:73:15:88:a3:1a:ac:00:6c:7a:74:b7:de:74:ba:8b:89 was issued on by Let's Encrypt.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=upto.axa.ch
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 04:66:73:15:88:a3:1a:ac:00:6c:7a:74:b7:de:74:ba:8b:89Serial Number (int): 383310918182056155550473610532801518144393
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: b9:80:e9:a8:56:e3:cd:01:b3:93:64:91:ab:f6:6f:a9:c1:8e:52:bb
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): cd:eb:4d:b4:bd:91:c4:c3:b7:7a:38:49:02:b2:9f:e3:ae:4d:b9:d4
Fingerprint (sha256): 1b:b8:58:a5:c0:90:b6:48:75:c0:44:76:15:3b:ba:f9:73:d6:db:e3:d4:28:db:f8:7d:c4:86:a2:83:aa:c7:9e
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate upto.axa.ch
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for upto.axa.ch
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
upto.axa.ch
Other certificates including the domain name axa.ch
(limited to 100 certificates)
max-der-dachs.ch
newsroom-fr.axa.ch
newsroom-it.axa.ch
axa.ch
blues-and-jazz23.events.axa.ch
axasure.axa.ch
www.culture.axa.ch
error.axa.ch
acc-api.axa.ch
aw.acc.axa.ch
easylimit-acc.axa.ch
blog.axa.ch
salesmagazine.axa.ch
applications.acc.axa.ch
newsroom-fr.axa.ch
media-news.axa.ch
mail.media-news.axa.ch
newsroom-it.axa.ch
api.axa.ch
myaxa.axa.ch
panel.axa.ch
collab.axa.ch
patterns.axa.ch
myaxaforms.axa.ch
aw.axa.ch
silenccioapp.axa.ch
newsroom-it.axa.ch
www.allez-allez.app
protectionshop.axa.ch
axa.ch
*.axa.ch
roadsafety.axa.ch
insurance-check.axa.ch
ask.axa.ch
cyber-check.axa.ch
campaigns.axa.ch
oos.axa.ch
design.axa.com
silenccio.axa.ch
patterns.axa.ch
salesmagazine.axa.ch
acc-api.axa.ch
www.acc.axa.ch
roadsafety.axa.ch
axasure.axa.ch
mobiledesktop.axa.ch
myaxaforms.axa.ch
flexwork.axa.ch
aw.axa.ch
max-der-dachs.ch
sdc.axa.ch
silber24.events.axa.ch
campaigns.axa.ch
insurance-check.axa.ch
ebanking.axa.ch
mydriverecorder.axa.ch
newsroom.axa.ch
mobiledesktop.acc.axa.ch
www.postmeta.com
sdc.axa.ch
accentry.winterthur.com
brokermagazine.axa.ch
design.axa.com
cyber-check.axa.ch
blog.axa.ch
esg.services.axa.ch
newsroom-it.axa.ch
upto.axa.ch
construction.axa.ch
newsroom-fr.axa.ch
myaxaforms.axa.ch
design.axa.com
mw-myaxa.axa.ch
assertionsigner.sso.services.axa.ch
construction.axa.ch
www.axa.ch
panel.axa.ch
jobs.axa.ch
brandcenter.axa.ch
myaxa.axa.ch
mobiledesktop.axa.ch
roadsafety.axa.ch
crash.axa.ch
carainduction.com
jobs.axa.ch
gettheoutfit.honk.international
axa.ch
work.axa.ch
mw-myaxa.axa.ch
catch-game.axa.ch
events.axa.ch
myaxa.axa.ch
health.axa.ch
acc-api.axa.ch
partners.axa.ch
flexwork.axa.ch
hail.axa.ch
axa.ch
brandcenter.axa.ch
axahome.axa.ch
newsroom-fr.axa.ch
newsroom-it.axa.ch
axa.ch
blues-and-jazz23.events.axa.ch
axasure.axa.ch
www.culture.axa.ch
error.axa.ch
acc-api.axa.ch
aw.acc.axa.ch
easylimit-acc.axa.ch
blog.axa.ch
salesmagazine.axa.ch
applications.acc.axa.ch
newsroom-fr.axa.ch
media-news.axa.ch
mail.media-news.axa.ch
newsroom-it.axa.ch
api.axa.ch
myaxa.axa.ch
panel.axa.ch
collab.axa.ch
patterns.axa.ch
myaxaforms.axa.ch
aw.axa.ch
silenccioapp.axa.ch
newsroom-it.axa.ch
www.allez-allez.app
protectionshop.axa.ch
axa.ch
*.axa.ch
roadsafety.axa.ch
insurance-check.axa.ch
ask.axa.ch
cyber-check.axa.ch
campaigns.axa.ch
oos.axa.ch
design.axa.com
silenccio.axa.ch
patterns.axa.ch
salesmagazine.axa.ch
acc-api.axa.ch
www.acc.axa.ch
roadsafety.axa.ch
axasure.axa.ch
mobiledesktop.axa.ch
myaxaforms.axa.ch
flexwork.axa.ch
aw.axa.ch
max-der-dachs.ch
sdc.axa.ch
silber24.events.axa.ch
campaigns.axa.ch
insurance-check.axa.ch
ebanking.axa.ch
mydriverecorder.axa.ch
newsroom.axa.ch
mobiledesktop.acc.axa.ch
www.postmeta.com
sdc.axa.ch
accentry.winterthur.com
brokermagazine.axa.ch
design.axa.com
cyber-check.axa.ch
blog.axa.ch
esg.services.axa.ch
newsroom-it.axa.ch
upto.axa.ch
construction.axa.ch
newsroom-fr.axa.ch
myaxaforms.axa.ch
design.axa.com
mw-myaxa.axa.ch
assertionsigner.sso.services.axa.ch
construction.axa.ch
www.axa.ch
panel.axa.ch
jobs.axa.ch
brandcenter.axa.ch
myaxa.axa.ch
mobiledesktop.axa.ch
roadsafety.axa.ch
crash.axa.ch
carainduction.com
jobs.axa.ch
gettheoutfit.honk.international
axa.ch
work.axa.ch
mw-myaxa.axa.ch
catch-game.axa.ch
events.axa.ch
myaxa.axa.ch
health.axa.ch
acc-api.axa.ch
partners.axa.ch
flexwork.axa.ch
hail.axa.ch
axa.ch
brandcenter.axa.ch
axahome.axa.ch
Certificate
The complete raw certificate details for upto.axa.ch in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIE4zCCA8ugAwIBAgISBGZzFYijGqwAbHp0t950uouJMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDA1MDMyMTUxMjNaFw0yNDA4MDEyMTUxMjJaMBYxFDASBgNVBAMT C3VwdG8uYXhhLmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXOl YwULtEn9h6jfRdVtyvxeF13eOffVVfswkIFIvfZ3C1ZgA1/InO2a3oI82+vd2X2C tD5u3FHUwUaXYKdgQhbkM9p5xlwVeSoVo/nnbpx5BQlA9vwi6i/pHTI9wcGEOs6s vIcQPVDSKhcuHUwznnDXLhPmJ0esnyCUAzqrsci0zPrdVjGLQ1L83G8VjCN0BIJ/ aGJXWzPDHqY4aOBFdua3Hc6TLxUPqjrEQeYuNwj3UhxkCxJWBufrmIa3+xVBIzX8 g+tegy5wKBtEW3HhZ25ygXT5DPf8YndVHSxFncL8PVEsU3ZzVnpgRupK8i8Uwbaq WvTW7x7K/50tNJK8mwIDAQABo4ICDTCCAgkwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW BBS5gOmoVuPNAbOTZJGr9m+pwY5SuzAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDm H6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5v LmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAW BgNVHREEDzANggt1cHRvLmF4YS5jaDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQG CisGAQQB1nkCBAIEgfUEgfIA8AB2AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7 v6s52IRzAAABj0Cns5UAAAQDAEcwRQIgb4bi5DBSPOXz4Ao7Pp8zbwKlUQ6IvbDL f9pScYk5yc0CIQDJoFY0mgK5v2nm5iyrfA61cH0cKTC8K5vcxK/SJF+B+QB2AHb/ iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABj0Cns80AAAQDAEcwRQIg OYOsuxvdMp+9GSjYTd8eyY26fj/1CLEQBLKsXqYW0tUCIQCV//1O6CefEsKklSSu 2OWeXOjsuYT37Vs5UI/NUVlVODANBgkqhkiG9w0BAQsFAAOCAQEAL32+ZqmGJgt9 N9clq/iRxGFO2uqmdaKlArvmk2Ram/SnK5bqf1qyQ+biV8vnPAixVDXN2Gvoi3VG i6s8YUBwJy+ZECTOZeN65UhIBfs9xPPB+sI/i1HKCPgyr2aMwiMPXPSnKrs6G9we v+fZhn+o+mAZVS0v6lD2DerpkXwaDxJb0YU8MR5VWVTOVLw1qxj4OOslqkIrDyCE tMbPAki/yux/TQDRgcj3MqJ1oXtXoJnB8nEY9m7Ifm1dDsCIY0e2eFQKhMm5uNXz KWIqsQR2s4fRO1C8PNOyLwseIcRQqf627pRUBUbR/lVE624+Q+vwVZVWR0QvNa/6 SppzlJfZIw== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXOlYwULtEn9h6jfRdVt yvxeF13eOffVVfswkIFIvfZ3C1ZgA1/InO2a3oI82+vd2X2CtD5u3FHUwUaXYKdg QhbkM9p5xlwVeSoVo/nnbpx5BQlA9vwi6i/pHTI9wcGEOs6svIcQPVDSKhcuHUwz nnDXLhPmJ0esnyCUAzqrsci0zPrdVjGLQ1L83G8VjCN0BIJ/aGJXWzPDHqY4aOBF dua3Hc6TLxUPqjrEQeYuNwj3UhxkCxJWBufrmIa3+xVBIzX8g+tegy5wKBtEW3Hh Z25ygXT5DPf8YndVHSxFncL8PVEsU3ZzVnpgRupK8i8UwbaqWvTW7x7K/50tNJK8 mwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 383310918182056155550473610532801518144393 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-03 21:51:23 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-08-01 21:51:22 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'upto.axa.ch' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23916066827411967880894841107150679861458974065569451784750329230396925973863163300622125008261083573516196215132309204752518095377779810511488296137527511317401284766552002492373790297164478150954843076703518732200593586910018865359446321172921346055364442776853043393039485905369334015766553358659095902715545839839624918788901421174800906793734542809052742199336990098362067770709675354489967088915530956742985613920925523980442541178603020194543296328839512019589867609840573532311487883378506260513026895062182166120374674785864086600787489095388197476728559621448625843908932995015151939999981209970655477546139 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) b980e9a856e3cd01b3936491abf66fa9c18e52bb . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (15 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'upto.axa.ch' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f000760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018f40a7b395000004030047304502206f86e2e430523ce5f3e00a3b3e9f336f02a5510e88bdb0cb7fda52718939c9cd022100c9a056349a02b9bf69e6e62cab7c0eb5707d1c2930bc2b9bdcc4afd2245f81f900760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018f40a7b3cd000004030047304502203983acbb1bdd329fbd1928d84ddf1ec98dba7e3ff508b11004b2ac5ea616d2d502210095fffd4ee8279f12c2a49524aed8e59e5ce8ecb984f7ed5b39508fcd51595538 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 002f7dbe66a986260b7d37d725abf891c4614edaeaa675a2a502bbe693645a9bf4a72b96ea7f5ab243e6e257cbe73c08b15435cdd86be88b75468bab3c614070272f991024ce65e37ae5484805fb3dc4f3c1fac23f8b51ca08f832af668cc2230f5cf4a72abb3a1bdc1ebfe7d9867fa8fa6019552d2fea50f60deae9917c1a0f125bd1853c311e555954ce54bc35ab18f838eb25aa422b0f2084b4c6cf0248bfcaec7f4d00d181c8f732a275a17b57a099c1f27118f66ec87e6d5d0ec0886347b678540a84c9b9b8d5f329622ab10476b387d13b50bc3cd3b22f0b1e21c450a9feb6ee94540546d1fe5544eb6e3e43ebf055955647442f35affa4a9a739497d923