*.tools.investis.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 03:b5:e8:0a:94:ee:32:9a:97:b9:c2:b2:03:23:54:79 was issued on by Amazon.

With 7 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=*.tools.investis.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 03:b5:e8:0a:94:ee:32:9a:97:b9:c2:b2:03:23:54:79
Serial Number (int): 4932196076150968518340239102778233977
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: b6:7a:06:f5:74:b2:36:e9:37:10:47:69:ab:29:b2:4a:57:82:05:7e
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): 74:b3:cb:6b:54:cb:7d:e6:c4:b6:66:d8:c2:94:2a:08:26:65:fb:c0
Fingerprint (sha256): 1d:71:50:e7:c7:81:a3:70:79:ad:e9:d9:d0:de:10:56:e3:c6:47:3c:72:e2:5a:fb:5e:ae:c8:6e:35:63:9b:a5

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate *.tools.investis.com

7

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.tools.investis.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.tools.investis.com
*.investisdigital.com
*.quartalflife.com
*.flife.de
*.tfprivate.investis.com
*.tf.investis.com
*.ir2.flife.de

Other certificates including the domain name investis.com

(limited to 100 certificates)
incapsula.com
incapsula.com
*.stage-mid-euw3.investis.com
incapsula.com
incapsula.com
incapsula.com
incapsula.com
*.investis.com
production.investis.com
phoenix.investis.com
incapsula.com
press.investis.com
dr.production.phoenix.investis.com
incapsula.com
incapsula.com
incapsula.com
investisdigital.com
incapsula.com
incapsula.com
millicom.solutions.investis.com
incapsula.com
incapsula.com
incapsula.com
incapsula.com
incapsula.com
incapsula.com
*.tools.investis.com
incapsula.com
incapsula.com
incapsula.com
incapsula.com
incapsula.com
investis.com
incapsula.com
incapsula.com
tools.investis.com
prod-mid-euw3.investis.com
incapsula.com
*.dp-staging.investis.com
*.investis.com
incapsula.com
staging.myinvestis.com
incapsula.com
prod-use1.investis.com
*.investis.com
millicom.solutions.investis.com
incapsula.com
incapsula.com
incapsula.com
investis.com
prod-use1.investis.com
incapsula.com
deloitte-backoffice.solutions.staging.investis.com
visualisation.investis.com
incapsula.com
incapsula.com
calculator.rollsroyce.solutions.investis.com
incapsula.com
incapsula.com
incapsula.com
*.investis.com
incapsula.com
incapsula.com
staging.myinvestis.com
incapsula.com
tools.investis.com
*.cm.invdcloud-is.co.uk
incapsula.com
incapsula.com
incapsula.com
*.tf.investis.com
insurance.angloamerican.investis.com
incapsula.com
cvs.tools.investis.com
incapsula.com
*.stage-use1.investis.com
www.futurology.investis.com
incapsula.com
incapsula.com
production.investis.com
incapsula.com
*.prod-euw1.investis.com
investis.com
*.dib1-u1.investis.com
incapsula.com
*.investis.com
incapsula.com
investis.mx
research.investis.com
esi-test.html.investis.com
www.futurology.investis.com
*.tools.investis.com
tools.investis.com
incapsula.com
incapsula.com
prod-mid-euw3.investis.com
incapsula.com
incapsula.com
blog.investis.com
incapsula.com

Certificate

The complete raw certificate details for *.tools.investis.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGSTCCBTGgAwIBAgIQA7XoCpTuMpqXucKyAyNUeTANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTI0MDMyNjAwMDAwMFoXDTI1MDQyMzIzNTk1OVowHzEd
MBsGA1UEAwwUKi50b29scy5pbnZlc3Rpcy5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD9vWHiUU5mM38k+hGisXz5yqmqAnX84VgIUJfKcv8KSaXU
9BIJguPWboN4OEO49ix4du7wGKdGwT0tguaanWqa0Yh8HNB0IkY4lqtJBm8o57Bo
UpEZ7g8F1zmedfaZLhcFsVsqSE17ISxrQxTgkhp5idprcbeZxf+Jbo5KEpBzo0sf
IA9eIIag+oEXW8VxEYqBp8FzkJWNI0RTjMUV1ersLFBWVZAt4seigOjEy2kxg9PZ
JS01tGFAL7KdkhaCZDhy36VOT8oO+jHGzQnGwdxuciDQ0Yrkcy7r5p+zGgdQQoxL
B3XhthQyN/2S/Kbvdv2eXm1XeRslbEoQv2qU/qAJAgMBAAGjggNiMIIDXjAfBgNV
HSMEGDAWgBTAMVLNWlDDgnx0cc7L6Zz5euuC4jAdBgNVHQ4EFgQUtnoG9XSyNuk3
EEdpqymySleCBX4wgZUGA1UdEQSBjTCBioIUKi50b29scy5pbnZlc3Rpcy5jb22C
FSouaW52ZXN0aXNkaWdpdGFsLmNvbYISKi5xdWFydGFsZmxpZmUuY29tggoqLmZs
aWZlLmRlghgqLnRmcHJpdmF0ZS5pbnZlc3Rpcy5jb22CESoudGYuaW52ZXN0aXMu
Y29tgg4qLmlyMi5mbGlmZS5kZTATBgNVHSAEDDAKMAgGBmeBDAECATAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0
MDIwMKAuoCyGKmh0dHA6Ly9jcmwucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAy
LmNybDB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnIy
bTAyLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5yMm0w
Mi5hbWF6b250cnVzdC5jb20vcjJtMDIuY2VyMAwGA1UdEwEB/wQCMAAwggF8Bgor
BgEEAdZ5AgQCBIIBbASCAWgBZgB1AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6
ZLFimjnfAAABjnmH4RQAAAQDAEYwRAIgKcz3ynV0mSREklJiq2dknN1zMqV5mfJX
IFcDRfYsNDACIGG/IoedWRDQwh8UQvaTsKpdSu2X52ISf0eZwMhpuJ84AHUAfVke
EuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGOeYfgwAAABAMARjBEAiBb
3BPRgfGswrE7Vf4VZqwUXfMuC7ATznJ8X05BEwikywIgFHGyxgRvvCrWealRcsID
AVS7pnTrwfB2XLj4iVEfmW0AdgCi4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5
UKRH5wAAAY55h+F3AAAEAwBHMEUCIQC5VjaYxeGrEl7dXNmULppq1DjZuGOxWc6I
YVGZ4xzIigIgIzD+ozHLBJAvZJGEbaZEUNM4pPNwy8x2GmH92nLfAb0wDQYJKoZI
hvcNAQELBQADggEBAG8LGBRYhW7JwnNZSXTHDvtVHIiq+Nv8BbZ28JthNaJNtrB/
H/uTDTFeoai/sctwLHW/j4RzLHQtgX8f+7AvQiYm07Qvd3qBxZ+MCGYtC7XTljKf
BW39jBtVSSeBFeYQct33DN62liOUp8ItMxopNCdiofoeQlwcpQBv1Oh5IhuvVF/Y
SvbwmLd0H5Uw3pDp0nKqxvolcqVGGiIVjMZ5pSCijSpR0KxQdquwAs5McB9HW/mJ
GDRfDAIK0MDVSjy11EDrrWOP+nPTBmQ2w4viRIoSmbrE9G71iW3F6w5UhN4av3it
NJtHXGVCqUcYX9+AjjrfOz/vJXaqTIIgGGXymJ0=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/b1h4lFOZjN/JPoRorF8
+cqpqgJ1/OFYCFCXynL/Ckml1PQSCYLj1m6DeDhDuPYseHbu8BinRsE9LYLmmp1q
mtGIfBzQdCJGOJarSQZvKOewaFKRGe4PBdc5nnX2mS4XBbFbKkhNeyEsa0MU4JIa
eYnaa3G3mcX/iW6OShKQc6NLHyAPXiCGoPqBF1vFcRGKgafBc5CVjSNEU4zFFdXq
7CxQVlWQLeLHooDoxMtpMYPT2SUtNbRhQC+ynZIWgmQ4ct+lTk/KDvoxxs0JxsHc
bnIg0NGK5HMu6+afsxoHUEKMSwd14bYUMjf9kvym73b9nl5tV3kbJWxKEL9qlP6g
CQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 4932196076150968518340239102778233977
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-26 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-23 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.tools.investis.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 32031679078538514024048689097400869141774965602027243030172769018315236158062440839210610386357158190806930278192922596640741645574942501246434285135670730937123857251064837639201180540354078568982209908344226466639477674468591603634172277572447202553149207294562926649615942118645863533448639320246215124287367618774010626931296899663864623332468033986880523532747798551883402832550791313996881274323962277653738589617154956709082417476781581861667309730387963692434479163800834749788155178708521655889631236875809804678186053844355438832939140656989807899872213295730589902789608620512694728145180800316848692174857
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b67a06f574b236e937104769ab29b24a5782057e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (141 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.tools.investis.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.investisdigital.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.quartalflife.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.flife.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.tfprivate.investis.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.tf.investis.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ir2.flife.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes)
							01660075004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018e7987e1140000040300463044022029ccf7ca7574992444925262ab67649cdd7332a57999f25720570345f62c3430022061bf22879d5910d0c21f1442f693b0aa5d4aed97e762127f4799c0c869b89f380075007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018e7987e0c0000004030046304402205bdc13d181f1acc2b13b55fe1566ac145df32e0bb013ce727c5f4e411308a4cb02201471b2c6046fbc2ad679a95172c2030154bba674ebc1f0765cb8f889511f996d007600a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018e7987e1770000040300473045022100b9563698c5e1ab125edd5cd9942e9a6ad438d9b863b159ce88615199e31cc88a02202330fea331cb04902f6491846da64450d338a4f370cbcc761a61fdda72df01bd
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		006f0b181458856ec9c273594974c70efb551c88aaf8dbfc05b676f09b6135a24db6b07f1ffb930d315ea1a8bfb1cb702c75bf8f84732c742d817f1ffbb02f422626d3b42f777a81c59f8c08662d0bb5d396329f056dfd8c1b5549278115e61072ddf70cdeb6962394a7c22d331a29342762a1fa1e425c1ca5006fd4e879221baf545fd84af6f098b7741f9530de90e9d272aac6fa2572a5461a22158cc679a520a28d2a51d0ac5076abb002ce4c701f475bf98918345f0c020ad0c0d54a3cb5d440ebad638ffa73d3066436c38be2448a1299bac4f46ef5896dc5eb0e5484de1abf78ad349b475c6542a947185fdf808e3adf3b3fef2576aa4c82201865f2989d