lucrasports.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 0b:c2:93:be:8f:97:6b:bb:56:04:3c:2e:d3:00:a3:c7 was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=lucrasports.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0b:c2:93:be:8f:97:6b:bb:56:04:3c:2e:d3:00:a3:c7
Serial Number (int): 15631810156191858619820364797965280199
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 3f:ba:d2:32:86:c6:54:c6:5e:b3:5f:a0:44:6c:77:8d:a8:c8:c7:e7
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): 07:13:a7:2b:16:1e:41:2d:16:1b:f0:d8:5a:37:91:a5:61:47:f8:8e
Fingerprint (sha256): 1c:ee:d6:dc:c0:df:c5:e1:8c:a8:53:4c:f3:2e:7a:1b:e0:ab:60:a4:16:e7:8d:1a:68:53:77:0c:2a:09:96:71

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate lucrasports.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for lucrasports.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

lucrasports.com
*.lucrasports.com

Other certificates including the domain name lucrasports.com

(limited to 100 certificates)
us4certificate-1-202309281231.us4.opr1.com
us4certificate-2-202310111758.us4.opz1.com
us4certificate-2-202310200232.us4.opz1.com
dev-links.lucrasports.com
admin.staging.kichin.io
academiascrypto.com
www.redque.st
us4certificate-2-202310131347.us4.opz1.com
www.thefarmhouse.co.nz
resetpassword.gumb.app
us4certificate-2-202310091247.us4.opz1.com
us4certificate-1-202309261252.us4.opr1.com
us4certificate-1-202309131226.us4.opr1.com
auth.snowflake.cyberhaven.io
lucrasports.com
us4certificate-2-202310141252.us4.opz1.com
www.maulikbhargava.com
us4certificate-1-202309081745.us4.opr1.com
dev.aurora.bcc.media
us4certificate-1-202309261252.us4.opr1.com
staging-links.lucrasports.com
csworkindiauatpassword.creatorofone.in
us4certificate-2-202310150225.us4.opz1.com
us4certificate-2-202310141252.us4.opz1.com
us4certificate-2-202310110213.us4.opz1.com
us4certificate-1-202309071427.us4.opr1.com
us4certificate-2-202310120054.us4.opz1.com
us4certificate-2-202310190126.us4.opz1.com
www.brownonions.co
us4certificate-1-202309210251.us4.opr1.com
www.nathaliesaab.com
no-more-bin-days.co.uk
us4certificate-2-202310141811.us4.opz1.com
us4certificate-2-202312201311.us4.opz1.com
amitibank.com
realreporter.co
us4certificate-2-202405161249.us4.opz1.com
us4certificate-2-202310241337.us4.opz1.com
www.instaroute.com
aniketray.me
us4certificate-1-202309271229.us4.opr1.com
us4certificate-2-202310210516.us4.opz1.com
heid.sachso.edu.vn
us4certificate-1-202309201227.us4.opr1.com
us4certificate-2-202310190126.us4.opz1.com
us4certificate-1-202309191248.us4.opr1.com
www.dpualumni.com
us4certificate-1-202309111227.us4.opr1.com
us4certificate-2-202310130222.us4.opz1.com
us4certificate-2-202310261306.us4.opz1.com
chan.pushsocial.app
us4certificate-1-202309220521.us4.opr1.com
us4certificate-2-202310210516.us4.opz1.com
us4certificate-1-202309091255.us4.opr1.com
us4certificate-1-202309271229.us4.opr1.com
firstridehome.ca
us4certificate-2-202310050102.us4.opz1.com
us4certificate-1-202309111649.us4.opr1.com
us4certificate-2-202310200232.us4.opz1.com
us4certificate-2-202310091247.us4.opz1.com
us4certificate-1-202309100601.us4.opr1.com
us4certificate-2-202310120054.us4.opz1.com
us4certificate-1-202309111649.us4.opr1.com
www.carrieandrobin.com
us4certificate-2-202310050102.us4.opz1.com
us4certificate-1-202309210251.us4.opr1.com
www.dreammo.eu
us4certificate-1-202309100601.us4.opr1.com
cortrust.co.nz
us4certificate-1-202309141231.us4.opr1.com
lucrasports.com
firstridehome.ca
linkup-service.com
school.handtoy.com
micropropusa.com
us4certificate-2-202310170148.us4.opz1.com
us4certificate-2-202310130222.us4.opz1.com
guidedsafaris.com
us4certificate-1-202309151322.us4.opr1.com
www.instaroute.com
us4certificate-1-202309201227.us4.opr1.com
us4certificate-1-202309081745.us4.opr1.com
us4certificate-2-202402271234.us4.opz1.com
us4certificate-2-202310170148.us4.opz1.com
us4certificate-1-202309091255.us4.opr1.com
reactapp.nexumlegal.com.mx
us4certificate-1-202309281231.us4.opr1.com
us4certificate-1-202309201629.us4.opr1.com
app.podcastpage.io
www.arni.ro
us4certificate-2-202310141811.us4.opz1.com
us4certificate-1-202309151322.us4.opr1.com
us4certificate-2-202310110213.us4.opz1.com
us4certificate-2-202310150225.us4.opz1.com
lucrasports.com
guidedsafaris.com
us4certificate-2-202310111758.us4.opz1.com
us4certificate-1-202309141231.us4.opr1.com
admin.staging.kichin.io
us4certificate-1-202309220521.us4.opr1.com

Certificate

The complete raw certificate details for lucrasports.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF3zCCBMegAwIBAgIQC8KTvo+Xa7tWBDwu0wCjxzANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTI0MDQxNDAwMDAwMFoXDTI1MDUxMzIzNTk1OVowGjEY
MBYGA1UEAxMPbHVjcmFzcG9ydHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEApVk05BUjcIzviHHPqQHEp/U4tKgh+57pAxQKZ9vG88clm3d0EQKH
rDKNy3Wpv7VNOR2mR/NxoRLWcWhtL741j72FGwuLq1ijQrD5ngPaqpPxRG7Uj703
xYqLFe7LTWEM2gBiSDLarAmDJnVdExjFv3D2nS5lxoB9BKo2rnVQ0+Gk2SNzhqMW
RJnvbXhnLQu1jWtp5uceaf3KxbXFAatDauHHjd43GGzus0w+yPRGLuAlqOv7d+qz
oM0xpzSzPcotg+8tGOAS/rtqCgnpu22MfgNU2/7X7xyYgMdp6l9+L8Ph1hLbXSXX
QhFSX4yHx1rK7dveorxmOPGRuHrajdjUaQIDAQABo4IC/TCCAvkwHwYDVR0jBBgw
FoAUwDFSzVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFD+60jKGxlTGXrNfoERs
d42oyMfnMC0GA1UdEQQmMCSCD2x1Y3Jhc3BvcnRzLmNvbYIRKi5sdWNyYXNwb3J0
cy5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRw
Oi8vY3JsLnIybTAyLmFtYXpvbnRydXN0LmNvbS9yMm0wMi5jcmwwdQYIKwYBBQUH
AQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5yMm0wMi5hbWF6b250cnVz
dC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQucjJtMDIuYW1hem9udHJ1c3Qu
Y29tL3IybTAyLmNlcjAMBgNVHRMBAf8EAjAAMIIBgAYKKwYBBAHWeQIEAgSCAXAE
ggFsAWoAdgBOdaMnXJoQwzhbbNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAY7bR9JS
AAAEAwBHMEUCIQDz/MACnyooDZ/K6c3Rp/shmIJj3A3fXYymXqL2iUATSgIgOoLJ
Jmmwld5fxwjfoYl7tQP/y6CWgHIDJRSTcR3bPYkAdwB9WR4S4XgqexxhZ3xe/fjQ
h1wUoE6VnrkDL9kOjC55uAAAAY7bR9IHAAAEAwBIMEYCIQDLTIUKlTPDRhqm5sCr
pY3wSxKsfsmsJq4YPjR7UY/eOAIhAL3ovNDjlLwLPsKNTyLW2/GLhk4LFMaPrnGm
1XAH55cSAHcA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGO20fS
GgAABAMASDBGAiEAylEy10mWfo9Dwq5CE9dsVcKCOOa54gWz/WZsYbDI+3UCIQDl
GDLc8jA+JARdLN0/R7bIXhRXZ50sY71L0dx1y067ZDANBgkqhkiG9w0BAQsFAAOC
AQEATAE9j8RI/9pxhQ2qKzTREDyAybIH0V8af2DRA8n/hXfqGGbPk2FcOuhv0IdE
SPsljlK35S8DOb1TvN3qcPw+QHOJaO3naFRz37Ok39sDuOYGDd+kWqabKj1N2LWd
jTpaKHhfLfn7Ej4voGHp/PbFnvjKQLnMhMbFR94EedQY3ceAlF253aPHw6wsFgqy
ncSOgAAwjLeNTGg/7Dmmk+XRCaU/gtvLNONKGHfIZnR3I7UL0UJyEBZE5OwEM7Cp
PFWhs5xmaN45OJP1cquXaOSTSC3iFGCdRHym//eYZFUAIBxkeZ3qi+OitfEPVi1b
peivtqWk8AHH2B0kFNnltbYdiA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVk05BUjcIzviHHPqQHE
p/U4tKgh+57pAxQKZ9vG88clm3d0EQKHrDKNy3Wpv7VNOR2mR/NxoRLWcWhtL741
j72FGwuLq1ijQrD5ngPaqpPxRG7Uj703xYqLFe7LTWEM2gBiSDLarAmDJnVdExjF
v3D2nS5lxoB9BKo2rnVQ0+Gk2SNzhqMWRJnvbXhnLQu1jWtp5uceaf3KxbXFAatD
auHHjd43GGzus0w+yPRGLuAlqOv7d+qzoM0xpzSzPcotg+8tGOAS/rtqCgnpu22M
fgNU2/7X7xyYgMdp6l9+L8Ph1hLbXSXXQhFSX4yHx1rK7dveorxmOPGRuHrajdjU
aQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15631810156191858619820364797965280199
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-14 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-13 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'lucrasports.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20873309735963287387283355934323493271233345957688706027400471136704573502532002343056177529250630791336308257593382426224142798013616176843259701854605071114511652633624019312584192473454381255030867651078278650074134684558429989293159993867885141877591411431088624027759897213734878231072795509151183066035394526543554563731038176942153840463721536798306131829026435784480076651860319001801745020734645750527288286493021337874969353086366162212645030091432493405562947501035609361565252064065028108271661937227929086456307349135667326535970919553181108160613511277529820094416283460305469717995849965348243700765801
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3fbad23286c654c65eb35fa0446c778da8c8c7e7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lucrasports.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.lucrasports.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a0076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018edb47d2520000040300473045022100f3fcc0029f2a280d9fcae9cdd1a7fb21988263dc0ddf5d8ca65ea2f68940134a02203a82c92669b095de5fc708dfa1897bb503ffcba096807203251493711ddb3d890077007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018edb47d2070000040300483046022100cb4c850a9533c3461aa6e6c0aba58df04b12ac7ec9ac26ae183e347b518fde38022100bde8bcd0e394bc0b3ec28d4f22d6dbf18b864e0b14c68fae71a6d57007e79712007700e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018edb47d21a0000040300483046022100ca5132d749967e8f43c2ae4213d76c55c28238e6b9e205b3fd666c61b0c8fb75022100e51832dcf2303e24045d2cdd3f47b6c85e1457679d2c63bd4bd1dc75cb4ebb64
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004c013d8fc448ffda71850daa2b34d1103c80c9b207d15f1a7f60d103c9ff8577ea1866cf93615c3ae86fd0874448fb258e52b7e52f0339bd53bcddea70fc3e40738968ede7685473dfb3a4dfdb03b8e6060ddfa45aa69b2a3d4dd8b59d8d3a5a28785f2df9fb123e2fa061e9fcf6c59ef8ca40b9cc84c6c547de0479d418ddc780945db9dda3c7c3ac2c160ab29dc48e8000308cb78d4c683fec39a693e5d109a53f82dbcb34e34a1877c866747723b50bd14272101644e4ec0433b0a93c55a1b39c6668de393893f572ab9768e493482de214609d447ca6fff798645500201c64799dea8be3a2b5f10f562d5ba5e8afb6a5a4f001c7d81d2414d9e5b5b61d88