*.hellofresh.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 01:96:bd:b3:d0:cc:ca:29:80:0f:9f:5d:6d:eb:26:71 was issued on by Amazon.

With 35 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=*.hellofresh.com

Amazon

Organization: Amazon
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 01:96:bd:b3:d0:cc:ca:29:80:0f:9f:5d:6d:eb:26:71
Serial Number (int): 2111920146441777829824911506473166449
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: e9:2e:ff:ad:d9:43:92:a8:b5:fc:ab:7c:1a:a1:96:76:9b:a9:f2:d0
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): 37:19:75:f3:dd:bf:6d:ec:01:75:79:aa:f4:e3:72:94:fc:6e:93:09
Fingerprint (sha256): 1e:33:fb:aa:58:e1:80:90:1b:97:1d:e4:46:66:0a:e6:45:bc:9c:08:b5:d0:a1:1f:aa:18:a8:97:b9:73:d2:3a

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate *.hellofresh.com

35

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.hellofresh.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.hellofresh.com
*.hellofresh.ie
*.thepetstable.com
*.staging.hellofresh.io
*.hellofresh.co.uk
*.hellofresh.ca
*.hellofresh.se
*.hellofresh.co.nz
*.factor75.com
*.hellofresh.it
*.hellofresh.es
*.hellofresh.com.au
*.hellofresh.ch
*.everyplate.com.au
*.everyplate.com
*.hellofresh.io
*.staging.chefsplate.com
*.repasfactor.ca
*.hellofresh.de
*.hellofresh.no
*.hellofresh.nl
*.factormeals.ca
*.greenchef.com
*.hellofresh.at
*.staging-k8s.hellofresh.io
*.hellofresh.fr
*.goodchop.com
*.chefsplate.com
*.greenchef.co.uk
*.youfoodz.com
*.hellofresh.be
*.hellofresh.lu
*.greenchef.nl
*.hellofresh.jp
*.hellofresh.dk

Other certificates including the domain name hellofresh.com

(limited to 100 certificates)
s2-san.cloudinary.com
s2-san.cloudinary.com
*.hellofresh.com
incapsula.com
hellofresh.com
*.hellofresh.com
hellofresh.com
s3-cloudinary-pin.map.fastly.net
*.hellofresh.com
gtms.hft.hellofresh.com
s2-san.cloudinary.com
dam-us.hellofresh.com
s3-cloudinary-pin.map.fastly.net
hellofresh.com
*.hellofresh.com
partner.hellofresh.com
gtms.hft.hellofresh.com
s2-san.cloudinary.com
s2-cloudinary-pin.map.fastly.net
s2-san.cloudinary.com
mi.hellofresh.com
mi.hellofresh.com
intranet.hellofresh.com
s2-san.cloudinary.com
careers.hellofresh.com
s2-san.cloudinary.com
s3-cloudinary-pin.map.fastly.net
s2-san.cloudinary.com
*.hellofresh.com
s2-san.cloudinary.com
sentinel-prime.hellofresh.com
s2-san.cloudinary.com
try.hellofresh.com
partner.hellofresh.com
*.hellofresh.com
hft.hellofresh.se
s2-san.cloudinary.com
*.hellofresh.com
gtms.hft.hellofresh.com
hft.hellofresh.ca
s2-san.cloudinary.com
careers.hellofresh.com
*.hellofresh.com
*.hellofresh.com
tms.hft.hellofresh.at
mdm.hellofresh.com
s2-san.cloudinary.com
incapsula.com
hubspot.hellofresh.com
s2-san.cloudinary.com
sentinel-prime.hellofresh.com
hb.hellofresh.com
*.ops.hellofresh.com
*.hellofresh.com
akamai-san85.exacttarget.com
blog.hellofresh.com
incapsula.com
intranet.hellofresh.com
factormeals.com
incapsula.com
s2-san.cloudinary.com
intranet.hellofresh.com
hft.hellofresh.ca
share.hellofresh.com
lp.hellofresh.com
s2-san.cloudinary.com
tms.hft.hellofresh.com
s2-san.cloudinary.com
s2-san.cloudinary.com
careers.hellofresh.com
www.blog.hellofresh.com
support.hellofresh.com
incapsula.com
tms.hft.hellofresh.at
s2-san.cloudinary.com
s2-san.cloudinary.com
hb.hellofresh.com
hft.hellofresh.ca
tms.hft.hellofresh.at
*.hellofresh.com
s2-san.cloudinary.com
try.hellofresh.com
bici.hellofresh.com
hellofresh.com
blog.hellofresh.com
zest.hellofresh.com
s2-cloudinary-pin.map.fastly.net
sentinel-prime.hellofresh.com
careers.hellofresh.com
s2-san.cloudinary.com
akamai-san85.exacttarget.com
s3-cloudinary-pin.map.fastly.net
hellofresh.com
blog.hellofresh.com
s2-san.cloudinary.com
s2-san.cloudinary.com
s3-cloudinary-pin.map.fastly.net
blog.hellofresh.com
s2-san.cloudinary.com
blog.hellofresh.com

Certificate

The complete raw certificate details for *.hellofresh.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG1zCCBb+gAwIBAgIQAZa9s9DMyimAD59dbesmcTANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIyMTIwODAwMDAwMFoXDTI0MDEwNjIzNTk1OVowGzEZ
MBcGA1UEAwwQKi5oZWxsb2ZyZXNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKr2EE3VNk7Y3gYF3LOtZwEZTE4eNITFTXy8O6WQTws/GzCGZQ/9
y6YeKUkl24HPL8x4vV1OgQWHpZNlnBg+bH4BTuh98pRz/ofuRXh46Jz3fmjcUL9o
Rov4NGLm1KI6wum2zrHX73wIsb/h2BsuUoQufZL0kjsbJPZhA+u5e4o/nuynQCZG
HOrIYMi/cdU652vZepEo5lLTzHYZyrnRm1tS15EdZxiotq2UFyFvYLeW2EcuoS9R
fix98cgm6fnj4TCCvxBmgnlnpwLSGxJCT1Dsm9oi1XrU2fVo4Jhlk4EjE8qQxG/v
ejKt4KRWNQ9VkfvEF9gSS99iqx618prdYSsCAwEAAaOCA/QwggPwMB8GA1UdIwQY
MBaAFMAxUs1aUMOCfHRxzsvpnPl664LiMB0GA1UdDgQWBBTpLv+t2UOSqLX8q3wa
oZZ2m6ny0DCCApEGA1UdEQSCAogwggKEghAqLmhlbGxvZnJlc2guY29tgg8qLmhl
bGxvZnJlc2guaWWCEioudGhlcGV0c3RhYmxlLmNvbYIXKi5zdGFnaW5nLmhlbGxv
ZnJlc2guaW+CEiouaGVsbG9mcmVzaC5jby51a4IPKi5oZWxsb2ZyZXNoLmNhgg8q
LmhlbGxvZnJlc2guc2WCEiouaGVsbG9mcmVzaC5jby5ueoIOKi5mYWN0b3I3NS5j
b22CDyouaGVsbG9mcmVzaC5pdIIPKi5oZWxsb2ZyZXNoLmVzghMqLmhlbGxvZnJl
c2guY29tLmF1gg8qLmhlbGxvZnJlc2guY2iCEyouZXZlcnlwbGF0ZS5jb20uYXWC
ECouZXZlcnlwbGF0ZS5jb22CDyouaGVsbG9mcmVzaC5pb4IYKi5zdGFnaW5nLmNo
ZWZzcGxhdGUuY29tghAqLnJlcGFzZmFjdG9yLmNhgg8qLmhlbGxvZnJlc2guZGWC
DyouaGVsbG9mcmVzaC5ub4IPKi5oZWxsb2ZyZXNoLm5sghAqLmZhY3Rvcm1lYWxz
LmNhgg8qLmdyZWVuY2hlZi5jb22CDyouaGVsbG9mcmVzaC5hdIIbKi5zdGFnaW5n
LWs4cy5oZWxsb2ZyZXNoLmlvgg8qLmhlbGxvZnJlc2guZnKCDiouZ29vZGNob3Au
Y29tghAqLmNoZWZzcGxhdGUuY29tghEqLmdyZWVuY2hlZi5jby51a4IOKi55b3Vm
b29kei5jb22CDyouaGVsbG9mcmVzaC5iZYIPKi5oZWxsb2ZyZXNoLmx1gg4qLmdy
ZWVuY2hlZi5ubIIPKi5oZWxsb2ZyZXNoLmpwgg8qLmhlbGxvZnJlc2guZGswDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNV
HR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAyLmFtYXpvbnRydXN0LmNvbS9y
Mm0wMi5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0G
CCsGAQUFBzABhiFodHRwOi8vb2NzcC5yMm0wMi5hbWF6b250cnVzdC5jb20wNgYI
KwYBBQUHMAKGKmh0dHA6Ly9jcnQucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAy
LmNlcjAMBgNVHRMBAf8EAjAAMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3
DQEBCwUAA4IBAQASOyENbmTiM+o1N4z/O51OBY5hPneD2hpmRxoJ2jI6lH50/++t
8BkJQS3Rq0HxgIDQ4VuO23Js2LnNN3zWaVPdjxqSVzWf5QHJonyqkbYu7HBIKWCk
49/b3VEI+5/hAL3LsLJejqRRQ+70+i5UP+lKdx+Lx85afQX9wv0T3Ryz2VL7lph2
PclUNerYVspWtC/SGCARYvJVvi/Z2pgv8D4lFHq1wHuirGzbjRHA4JecrmALxnQq
siJbcG4H1A2b4lWxZ+m19jiy2ehlZ8yt/oZEKvAmcRnNx58NUJQJkV+Q8C3LyKYU
gR8S3/iDL6be8qaIEwHJqPN/X/aP7kVkkduS
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvYQTdU2TtjeBgXcs61n
ARlMTh40hMVNfLw7pZBPCz8bMIZlD/3Lph4pSSXbgc8vzHi9XU6BBYelk2WcGD5s
fgFO6H3ylHP+h+5FeHjonPd+aNxQv2hGi/g0YubUojrC6bbOsdfvfAixv+HYGy5S
hC59kvSSOxsk9mED67l7ij+e7KdAJkYc6shgyL9x1Trna9l6kSjmUtPMdhnKudGb
W1LXkR1nGKi2rZQXIW9gt5bYRy6hL1F+LH3xyCbp+ePhMIK/EGaCeWenAtIbEkJP
UOyb2iLVetTZ9WjgmGWTgSMTypDEb+96Mq3gpFY1D1WR+8QX2BJL32KrHrXymt1h
KwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2111920146441777829824911506473166449
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-12-08 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-06 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.hellofresh.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21581850370951701410407818351020924686869070274982127828310911910152465083969381891759989147792420813016898023602975197132020016843884534969398774248564613595869782537308311809817249457880860984844481236604719797926077836263768670226374571940238058822562367739371505869844005476932491489486210043154719950704000766412769065826650407952327597043733786337383182888916873118487949937349685208423941678730465214757933848190555725210359921235686654948770388322137692903961553862658405023080197235165371766972548988726854740078098843650837662431861760114861301523733226580918633181350352311127509981724015810046238920630571
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e92effadd94392a8b5fcab7c1aa196769ba9f2d0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (648 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.ie'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.thepetstable.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.staging.hellofresh.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.factor75.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.es'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.everyplate.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.everyplate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.staging.chefsplate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.repasfactor.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.no'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.factormeals.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.greenchef.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.at'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.staging-k8s.hellofresh.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.goodchop.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.chefsplate.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.greenchef.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.youfoodz.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.be'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.lu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.greenchef.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.jp'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hellofresh.dk'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00123b210d6e64e233ea35378cff3b9d4e058e613e7783da1a66471a09da323a947e74ffefadf01909412dd1ab41f18080d0e15b8edb726cd8b9cd377cd66953dd8f1a9257359fe501c9a27caa91b62eec70482960a4e3dfdbdd5108fb9fe100bdcbb0b25e8ea45143eef4fa2e543fe94a771f8bc7ce5a7d05fdc2fd13dd1cb3d952fb9698763dc95435ead856ca56b42fd218201162f255be2fd9da982ff03e25147ab5c07ba2ac6cdb8d11c0e0979cae600bc6742ab2225b706e07d40d9be255b167e9b5f638b2d9e86567ccadfe86442af0267119cdc79f0d509409915f90f02dcbc8a614811f12dff8832fa6def2a6881301c9a8f37f5ff68fee456491db92