my-neighborhood.xrhost.c1.statefarm

Issued by Amazon RSA 2048 M01

About this certificate

This digital certificate with serial number 05:dd:ff:bd:51:71:23:d2:ca:dc:28:68:0a:07:dd:93 was issued on by Amazon.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=my-neighborhood.xrhost.c1.statefarm

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 05:dd:ff:bd:51:71:23:d2:ca:dc:28:68:0a:07:dd:93
Serial Number (int): 7798824598437486226748349216929078675
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: bd:0f:26:67:79:1d:6c:e6:26:f6:5f:ff:43:14:f8:94:b8:cb:84:68
AuthorityKeyId: 81:b8:0e:63:8a:89:12:18:e5:fa:3b:3b:50:95:9f:e6:e5:90:13:85

Fingerprint (sha1): 89:25:0a:f0:9d:10:92:fe:7f:80:d5:cb:df:a5:c9:68:d7:70:5c:b6
Fingerprint (sha256): 1d:fe:d8:9d:9d:37:4d:f1:88:ee:f4:e1:b2:1e:ed:59:de:57:86:83:cc:3d:e4:ba:ff:bd:16:27:9a:ef:c7:45

Issuing Certificate URL: http://crt.r2m01.amazontrust.com/r2m01.cer

Revocation information

OCSP Server: http://ocsp.r2m01.amazontrust.com
CRL Distribution Point: http://crl.r2m01.amazontrust.com/r2m01.crl

Check the revocation status for certificate my-neighborhood.xrhost.c1.statefarm

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for my-neighborhood.xrhost.c1.statefarm

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

my-neighborhood.xrhost.c1.statefarm

Other certificates including the domain name c1.statefarm

(limited to 100 certificates)
repaireligibility-1733283.claims.test.c1.statefarm
interactions.claimsvc.sandbox.test.c1.statefarm
repaireligibility-1736884.claims.test.c1.statefarm
rentaleligibility-1713142.claims.test.c1.statefarm
status-guidance.claims.c1.statefarm
viewcol.claimsvc.clmsbx.test.c1.statefarm
telematics.aa.enrollment.env10.tl1.test.c1.statefarm
test.driveforsafety.test.goodneighbors.com
ecrmclaimsfacade-env3.amccdev.test.c1.statefarm
*.apis.alncacq.test.c1.statefarm
ocd.research.c1.statefarm
driveforsafety.whs.c1.statefarm
fireqfcapi.claimsvc.sandbox.test.c1.statefarm
repaireligibility-1490984.claims.test.c1.statefarm
www.developer.c1.statefarm
mediadownload-bus.claimsvc.test.c1.statefarm
repaireligibility-1748488.claims.test.c1.statefarm
facade-env1.ecrmclaims.amccdev.test.c1.statefarm
claims.telematicsfilterapitest1.research.c1.statefarm
*.apis.alncacq.test.c1.statefarm
cicr-api.commxper.test.c1.statefarm
repaireligibility-1727262.claims.test.c1.statefarm
telematics.aa.eligibility.env10.tl1.test.c1.statefarm
roadsideassistance.claims.test.statefarm.com
rentaleligibility-1298191.claims.test.c1.statefarm
*.tl1.c1.statefarm
api.claims.sandbox.c1.statefarm
mpcv-api.claims.clmsbx.test.c1.statefarm
rentaleligibility-perf.claims.test.c1.statefarm
claimprefexp.claims.sandbox.c1.statefarm
mpcv-ui.claims.clmsbx.test.c1.statefarm
repaireligibility-1286757.claims.test.c1.statefarm
info-exp.claimsvc.c1.statefarm
facade-env1.ecrmclaims.amccdev.test.c1.statefarm
api.infosec.c1.statefarm
*.oic.claims.test.c1.statefarm
arsondog.whs.research.c1.statefarm
photovideocapture.claims.test.statefarm.com
verify.cim.test.c1.statefarm
api.infosec.c1.statefarm
manage-tasks.claimsvc.test.c1.statefarm
rentaleligibility-1290042.claims.test.c1.statefarm
repaireligibility-1490984.claims.test.c1.statefarm
help-faqs.claims.test.c1.statefarm
media-mfe.claims.sandbox.c1.statefarm
providers.rental.claimsvc.c1.statefarm
telematics.aa.enrollment.test10.tl1.test.c1.statefarm
driveforsafety.whs.c1.statefarm
checkout.hub.claims.statefarm.com
cornhole-api.xrhost.c1.statefarm
developer.c1.statefarm
managestorage.claimsvc.sandbox.test.c1.statefarm
qualfc-env4.claims.sandbox.test.c1.statefarm
nachuntar.xrhost.test.c1.statefarm
repaireligibility-1286757.claims.test.c1.statefarm
closeclaimapi-exp.claimsvc.test.c1.statefarm
repaireligibility-1735606.claims.test.c1.statefarm
crashreports.test7.tl1.test.c1.statefarm
plapcaws-prod-actions.pcmngd02.c1.statefarm
rentaleligibility-1743787.claims.test.c1.statefarm
rentaleligibility-1746348.claims.test.c1.statefarm
facade-env4.ecrmclaims.amccint.test.c1.statefarm
towexperienceapi-exp.claimsvc.test.c1.statefarm
roadsideassistance.claims.statefarm.com
sf-aqua-security.research.c1.statefarm
*.apis.alncacq.test.c1.statefarm
uimod-mfe.dcpm-sandbox.test.c1.statefarm
driveforsafety.whs.test.c1.statefarm
cornhole-api.xrhost.c1.statefarm
media-mfe.claims.c1.statefarm
driveforsafety.whs.test.c1.statefarm
api.rapid-reimbursement.claims.s.test.c1.statefarm
photovideocapture.claims.test.c1.statefarm
repaireligibility-1297024.claims.test.c1.statefarm
api.infosec.c1.statefarm
prepsub-exp.claims.sandbox.test.c1.statefarm
selfie-experience.xrhost.test.c1.statefarm
driveforsafety.whs.test.c1.statefarm
manage-tasks.claimsvc.sandbox.test.c1.statefarm
rentaleligibility-1292675.claims.test.c1.statefarm
rentaleligibility-1745749.claims.test.c1.statefarm
driveforsafety.whs.test.c1.statefarm
media-mfe.claims.sandbox.test.c1.statefarm
driveforsafety.whs.test.c1.statefarm
sf-aqua-security.research.c1.statefarm
rentaleligibility-1740151.claims.test.c1.statefarm
repaireligibility-1730977.claims.test.c1.statefarm
ecrmclaimsfacade-env3.amccdev.test.c1.statefarm
rentaleligibility-1483369.claims.test.c1.statefarm
gnc-virtualmeeting.amccint.c1.statefarm
rss.claims.test.c1.statefarm
mddl-dev.c1.statefarm
digitalqfc.claims.test.c1.statefarm
rentaleligibility-1736987.claims.test.c1.statefarm
ocd.test.c1.statefarm
repaireligibility-1735402.claims.test.c1.statefarm
assignments.rental.claimsvc.c1.statefarm
rentaleligibility-1483369.claims.test.c1.statefarm
premiumchange-api.pcu.conncen.c1.statefarm
driveforsafety.whs.c1.statefarm

Certificate

The complete raw certificate details for my-neighborhood.xrhost.c1.statefarm in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEhTCCA22gAwIBAgIQBd3/vVFxI9LK3ChoCgfdkzANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDUyNDAwMDAwMFoXDTI0MDYyMTIzNTk1OVowLjEs
MCoGA1UEAxMjbXktbmVpZ2hib3Job29kLnhyaG9zdC5jMS5zdGF0ZWZhcm0wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxfnFvbhj38pNYMz41NnnxExfH
C2Ojbs/s4wBiKMMfM78/JKwizaZoE/l46a2G8/K2L+AOehY+95glfW0NSy4IC76J
LVvb87rO1qfaAzut/b5F0x+6Qm5BP22Bv2zj44uZJQ8e1gdaJDSH2iB6Zey+I9jB
Z2raKM5C2RvGlR8fB0LOfsSu6JTnbeVlMKu+bW3uzdPKQnvrzbvPY1acLnpfp8ki
01Z4s59PUV5n6+3+RsybxkUmHVXpEVWXwMISFyKWfXSdAm//JiFRxNUfoPVdsQ37
xfVdk/dYemutQa1Uknxmf4yBqowD4q8KUg+RphEFZM1oeku+B/9gl+1VQQw/AgMB
AAGjggGPMIIBizAfBgNVHSMEGDAWgBSBuA5jiokSGOX6OztQlZ/m5ZAThTAdBgNV
HQ4EFgQUvQ8mZ3kdbOYm9l//QxT4lLjLhGgwLgYDVR0RBCcwJYIjbXktbmVpZ2hi
b3Job29kLnhyaG9zdC5jMS5zdGF0ZWZhcm0wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRw
Oi8vY3JsLnIybTAxLmFtYXpvbnRydXN0LmNvbS9yMm0wMS5jcmwwEwYDVR0gBAww
CjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8v
b2NzcC5yMm0wMS5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9j
cnQucjJtMDEuYW1hem9udHJ1c3QuY29tL3IybTAxLmNlcjAMBgNVHRMBAf8EAjAA
MBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQA/i8cP7VUA
KIGvL0vZqldEzKXOcpVvX1BLGNhgv/qzJKAlRwbmiAmHwfVNSxh/tkjlw9PPrkNS
EEM7KIejFWxGO1+JnE0vDbF/sWL8Cxd6+3T+DXjQZzcD4jTimofV/GKK87YzJ2nT
4UxY+iqSTN0W1cjI87SzwWwkA2/yi8acS3s0GafOiBFuRb/BxZdMeuzaP0ZRAi/Q
hDEN+JHNyetBJ2hdUCgHTYkALlkeimI233D1+l/mrvxKMp70VxcicDByIIJT/Iq+
rtbWG06mEL54qulGT408uL9hYZnFEJav92Zw1iYES8RSPptDx1dN8PGrvzebTnud
208zJd8sQ5OU
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsX5xb24Y9/KTWDM+NTZ5
8RMXxwtjo27P7OMAYijDHzO/PySsIs2maBP5eOmthvPyti/gDnoWPveYJX1tDUsu
CAu+iS1b2/O6ztan2gM7rf2+RdMfukJuQT9tgb9s4+OLmSUPHtYHWiQ0h9ogemXs
viPYwWdq2ijOQtkbxpUfHwdCzn7EruiU523lZTCrvm1t7s3TykJ76827z2NWnC56
X6fJItNWeLOfT1FeZ+vt/kbMm8ZFJh1V6RFVl8DCEhciln10nQJv/yYhUcTVH6D1
XbEN+8X1XZP3WHprrUGtVJJ8Zn+MgaqMA+KvClIPkaYRBWTNaHpLvgf/YJftVUEM
PwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 7798824598437486226748349216929078675
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M01'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-05-24 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-21 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'my-neighborhood.xrhost.c1.statefarm'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22406531398695456461565188184485882155546978496627906387803172084714073524074734158348147915669918220163606794583603876151484330358599373936977295604063416882686595664853459752408094796844188024396427816430660007269830689647348135102043658393030268201804386042768701432413123552247544658893723224352033009855716658846710653433248372512773152776510432155323020270276145719178682893844280646029281276626524580104152402253479644796838387710153752253020456686414344959992385483835508680103380806242168881151431806274589447829413604893927209372570718570427078790473754612993303101687836449214673570123912963872047230946367
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 81b80e638a891218e5fa3b3b50959fe6e5901385
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							bd0f2667791d6ce626f65fff4314f894b8cb8468
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'my-neighborhood.xrhost.c1.statefarm'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m01.amazontrust.com/r2m01.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m01.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m01.amazontrust.com/r2m01.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003f8bc70fed55002881af2f4bd9aa5744cca5ce72956f5f504b18d860bffab324a0254706e6880987c1f54d4b187fb648e5c3d3cfae435210433b2887a3156c463b5f899c4d2f0db17fb162fc0b177afb74fe0d78d0673703e234e29a87d5fc628af3b6332769d3e14c58fa2a924cdd16d5c8c8f3b4b3c16c24036ff28bc69c4b7b3419a7ce88116e45bfc1c5974c7aecda3f4651022fd084310df891cdc9eb4127685d5028074d89002e591e8a6236df70f5fa5fe6aefc4a329ef4571722703072208253fc8abeaed6d61b4ea610be78aae9464f8d3cb8bf616199c51096aff76670d626044bc4523e9b43c7574df0f1abbf379b4e7b9ddb4f3325df2c439394