cdn.hbomax.com

Issued by Amazon

About this certificate

This digital certificate with serial number 03:43:eb:4a:3a:5b:2d:ba:51:80:a0:62:2d:9d:df:53 was issued on by Amazon.

With 8 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=cdn.hbomax.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:43:eb:4a:3a:5b:2d:ba:51:80:a0:62:2d:9d:df:53
Serial Number (int): 4340340124077824030615516303773785939
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: d8:8e:78:ce:57:99:8d:c9:e9:4d:77:0f:73:5f:2c:44:92:b5:81:f1
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 47:85:21:5a:3d:1e:40:7b:66:f0:b8:31:3b:c8:b9:82:5a:01:a4:3e
Fingerprint (sha256): 1f:cb:64:6c:96:67:11:59:10:69:b1:43:5f:26:f6:ba:b5:9a:4b:21:36:98:17:fa:10:d1:54:09:be:48:21:ce

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b-1.crl

Check the revocation status for certificate cdn.hbomax.com

8

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for cdn.hbomax.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

cdn.hbomax.com
hls3.qapro11.cf.cdn.hbomax.com
smooth.pro17.cf.cdn.hbomax.com
dash.pro42.cf.cdn.hbomax.com
dash.qapro42.cf.cdn.hbomax.com
*.cf.cdn.hbomax.com
smooth.qapro17.cf.cdn.hbomax.com
hls3.pro11.cf.cdn.hbomax.com

Other certificates including the domain name hbomax.com

(limited to 100 certificates)
dash.pro42.akm.cdn.hbogo.com
terraform-fix-test.micro.hbomax.com
view.cx.hbomax.com
hbomax.com
dmx-web.play.codex-int.hbo.com
kpn.play.codex-int.hbo.com
hbo.map.fastly.net
listen.hbomax.com
dash.pro42.akm.cdn.hbogo.com
listen.hbomax.com
play.hbomax.com
hbomax.com
vizio.play.codex-int.hbo.com
imagespecs.micro.hbomax.com
press.hbomax.com
press.hbomax.com
admin-test.micro.hbomax.com
test45.micro.hbomax.com
help.hbomax.com
trk.hbomax.com
turner.com
scooby-doo.micro.hbomax.com
vizio.play.codex-int.hbo.com
vf-tivo.play.codex-int.hbo.com
ssl766512.cloudflaressl.com
hbomax.com
hbo.map.fastly.net
hbonow.com
play.hbomax.com
san-3-s6.tlsprovisioning.exacttarget.com
xtv.play.codex-int.hbo.com
kpn.play.codex-int.hbo.com
san-3-s6.tlsprovisioning.exacttarget.com
listen.hbomax.com
cms.orbit.hbomax.com
cms.orbit.hbomax.com
ssl766511.cloudflaressl.com
hbo.map.fastly.net
san-3-s6.tlsprovisioning.exacttarget.com
turner.com
hbo.map.fastly.net
dmx-web.play.codex-int.hbo.com
hbomax.com
hbo.map.fastly.net
hbo.map.fastly.net
hbomax.com
shows.hbomax.com
trk.hbomax.com
hbo.map.fastly.net
shared-ingress-protected-prod-us-1-us-west-2.api.hbo.com
partners.hbomax.com
click.cx.hbomax.com
ablink.mail.hbomax.com
hbo.map.fastly.net
san-3-s6.tlsprovisioning.exacttarget.com
play.hbomax.com
listen.hbomax.com
hbomax.com
play.hbomax.com
raised-by-wolves.micro.hbomax.com
turner.com
ziggo.play.codex-int.hbo.com
ablink.email.hbomax.com
turner.com
xtv.play.codex-int.hbo.com
vf-tivo.play.codex-int.hbo.com
play.hbomax.com
turner.com
test-statushub-three.micro.hbomax.com
hbomaximagespecs.com
cdn.hbomax.com
ssl766511.cloudflaressl.com
cox.play.codex-int.hbo.com
shared-ingress-protected-eu-1-eu-west-1.api.hbo.com
ablink.mail.hbomax.com
san-3-s6.tlsprovisioning.exacttarget.com
hbo.map.fastly.net
hbomax.com
cms.orbit.hbomax.com
qa.partner.hbomax.com
cloud.cx.hbomax.com
listen.hbomax.com
cms.orbit.hbomax.com
unpregnant.micro.hbo.com
hbo.map.fastly.net
hbo.map.fastly.net
vf-tivo.play.codex-int.hbo.com
partners.hbomax.com
ingest.orbit.hbomax.com
cdn.hbomax.com
hbomax.com
poc.cdn.hbomax.com
dmx-web.play.codex-int.hbo.com
atdl-contest.micro.hbomax.com
listen.hbomax.com
activate.hbomax.com
hbo.map.fastly.net
vf-sagemcom.play.codex-int.hbo.com
shared-ingress-protected-eu-1-eu-central-1.api.hbo.com
shared-ingress-protected-eu-1-eu-central-1.api.hbo.com

Certificate

The complete raw certificate details for cdn.hbomax.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGqjCCBZKgAwIBAgIQA0PrSjpbLbpRgKBiLZ3fUzANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMTEyMDgwMDAwMDBaFw0yMzAxMDQy
MzU5NTlaMBkxFzAVBgNVBAMTDmNkbi5oYm9tYXguY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAilpbd4g2zwP4OmnupQ+A3uqYe7ncewupCKX0wgzs
hedHR3/145B/6BY1VUn4ZtRFwSH3FlCeJfV5fxBjQM8zAdotMvcTm5uwnwGW4ShF
oE+oBcJptrXA7II/VFElxsphOO0CVV+ZdOhG4c9mn2nRUj6qwzckY8mUtC0/UTMf
oFdg/okpTKmnagqbhX8tKbiQe1LCjjZ4MTAfbffQSF4GI/bEnY0/XnjRWlq3MW/M
F8d66xjIw+0XR3FCS1S1M9F48o2ulcKZ9FpaFuwb16ONoCl1189rT0maoSB5vkX6
8ihZNBYFnGTbX7P2HdPug0LxaR/ONkjLwi0jZwksfVOMFQIDAQABo4IDvzCCA7sw
HwYDVR0jBBgwFoAUWaRmBlKge5WSPKOUByeWdFv5PdAwHQYDVR0OBBYEFNiOeM5X
mY3J6U13D3NfLESStYHxMIHuBgNVHREEgeYwgeOCDmNkbi5oYm9tYXguY29tgh5o
bHMzLnFhcHJvMTEuY2YuY2RuLmhib21heC5jb22CHnNtb290aC5wcm8xNy5jZi5j
ZG4uaGJvbWF4LmNvbYIcZGFzaC5wcm80Mi5jZi5jZG4uaGJvbWF4LmNvbYIeZGFz
aC5xYXBybzQyLmNmLmNkbi5oYm9tYXguY29tghMqLmNmLmNkbi5oYm9tYXguY29t
giBzbW9vdGgucWFwcm8xNy5jZi5jZG4uaGJvbWF4LmNvbYIcaGxzMy5wcm8xMS5j
Zi5jZG4uaGJvbWF4LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuc2Nh
MWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLTEuY3JsMBMGA1UdIAQMMAowCAYGZ4EM
AQIBMHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Auc2Nh
MWIuYW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LnNjYTFi
LmFtYXpvbnRydXN0LmNvbS9zY2ExYi5jcnQwDAYDVR0TAQH/BAIwADCCAX4GCisG
AQQB1nkCBAIEggFuBIIBagFoAHUA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3
fW0GvW4AAAF9mXfDxwAABAMARjBEAiBZIk5fvvV2uiFvDc+2WikPqF5b/ZMNxI77
6a3CfxuesQIgS+mD41CUbe9C/DW5/j+rTqddnGUn+wG16DU1GWYxxn4AdwA1zxkb
v7FsV78PrUxtQsu7ticgJlHqP+Eq76gDwzvWTAAAAX2Zd8OhAAAEAwBIMEYCIQCN
7PZbJ4pASpVzcFiJFu6idvnuis3S5a0rZmrdRRV+jwIhALByTg/+63p0JDSyUoWe
m3+9iZQ6Zn27v4PKSaXJ0a8rAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PAD
Dnk2pZoAAAF9mXfDxgAABAMARzBFAiEAiGksqwPWCZlH3Fj3evtf4+E6I/6JLO5p
5H4rzz4xrbYCIGJh9Zzf6TSCjXfJbNQN5Ch4SVWdJ/dCzxh4QG/aT1X5MA0GCSqG
SIb3DQEBCwUAA4IBAQCUpwV/AEKybTu3bYq+4j91J+WY92KhLSkXYkuPdDQU8brW
9nFBRwa271oom73K8J5EhonvTxDn81lUAoEUrdVlPiI6VMEopzJQqEr+pWOoaOhK
DhyGKSYzZ9IxYKEsljM62A3AkjWh5NgeWKHdDsFyWe2hrgEIrI32j4oSxGMk4J3N
i9F2rUQAFS6s4jCZcTtjPMLSheK4uONab6jUKcJBL/gKdaTIKolzc+KbV6WsaU58
OZWCiUYyv1k0ITeJMiWxv2MhCVYBZnUnzieunrmDbRIGDWLahFi79olnk5ScPu/X
u2JVYl28/QIV4a/hxSqnWhYhSL2JeJY/QPCZYBtO
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilpbd4g2zwP4OmnupQ+A
3uqYe7ncewupCKX0wgzshedHR3/145B/6BY1VUn4ZtRFwSH3FlCeJfV5fxBjQM8z
AdotMvcTm5uwnwGW4ShFoE+oBcJptrXA7II/VFElxsphOO0CVV+ZdOhG4c9mn2nR
Uj6qwzckY8mUtC0/UTMfoFdg/okpTKmnagqbhX8tKbiQe1LCjjZ4MTAfbffQSF4G
I/bEnY0/XnjRWlq3MW/MF8d66xjIw+0XR3FCS1S1M9F48o2ulcKZ9FpaFuwb16ON
oCl1189rT0maoSB5vkX68ihZNBYFnGTbX7P2HdPug0LxaR/ONkjLwi0jZwksfVOM
FQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 4340340124077824030615516303773785939
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-12-08 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-04 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cdn.hbomax.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17465442926985378759073512511401195701599663741081004502012813105748788826738084497263315580716650174977409729324833307597022677931277910612303490797142624125707739574328140674746221969101249361876786310544429657464317895431984843732167239958170370814920963229970924449377093311839640728586376424274991040412732733252573235391263426847877559605809918433566424170990489506952915637693543313858568659460831388225235960322032512847043864012507239762827915800948929041527461146379544144113201056319575455980445718343644121754898711572103020171480303118334751051796049822434171212809131742379141190920445954676708131179541
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d88e78ce57998dc9e94d770f735f2c4492b581f1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (230 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdn.hbomax.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hls3.qapro11.cf.cdn.hbomax.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'smooth.pro17.cf.cdn.hbomax.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dash.pro42.cf.cdn.hbomax.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dash.qapro42.cf.cdn.hbomax.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.cf.cdn.hbomax.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'smooth.qapro17.cf.cdn.hbomax.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hls3.pro11.cf.cdn.hbomax.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007500e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e0000017d9977c3c70000040300463044022059224e5fbef576ba216f0dcfb65a290fa85e5bfd930dc48efbe9adc27f1b9eb102204be983e350946def42fc35b9fe3fab4ea75d9c6527fb01b5e83535196631c67e00770035cf191bbfb16c57bf0fad4c6d42cbbbb627202651ea3fe12aefa803c33bd64c0000017d9977c3a100000403004830460221008decf65b278a404a957370588916eea276f9ee8acdd2e5ad2b666add45157e8f022100b0724e0ffeeb7a742434b252859e9b7fbd89943a667dbbbf83ca49a5c9d1af2b007600b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a0000017d9977c3c6000004030047304502210088692cab03d6099947dc58f77afb5fe3e13a23fe892cee69e47e2bcf3e31adb602206261f59cdfe934828d77c96cd40de4287849559d27f742cf1878406fda4f55f9
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0094a7057f0042b26d3bb76d8abee23f7527e598f762a12d2917624b8f743414f1bad6f671414706b6ef5a289bbdcaf09e448689ef4f10e7f35954028114add5653e223a54c128a73250a84afea563a868e84a0e1c8629263367d23160a12c96333ad80dc09235a1e4d81e58a1dd0ec17259eda1ae0108ac8df68f8a12c46324e09dcd8bd176ad4400152eace23099713b633cc2d285e2b8b8e35a6fa8d429c2412ff80a75a4c82a897373e29b57a5ac694e7c399582894632bf59342137893225b1bf6321095601667527ce27ae9eb9836d12060d62da8458bbf6896793949c3eefd7bb6255625dbcfd0215e1afe1c52aa75a162148bd8978963f40f099601b4e