basilisk.liacs.nl

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 03:86:e8:9e:b2:b5:ad:09:18:a5:6d:ea:bb:0d:a4:23:60:12 was issued on by Let's Encrypt.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=basilisk.liacs.nl

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:86:e8:9e:b2:b5:ad:09:18:a5:6d:ea:bb:0d:a4:23:60:12
Serial Number (int): 307243899865275001797741965465049635184658
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: fc:78:31:03:15:ac:fe:ec:f4:bf:87:91:b3:57:45:12:5f:29:7a:ad
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): cb:2d:a9:7e:8e:91:19:53:c3:38:2e:14:3c:23:56:8b:ea:e8:fb:c2
Fingerprint (sha256): 20:10:fd:a3:ba:00:91:d4:35:e0:8f:ac:e9:36:14:23:0a:25:7a:6c:38:0d:a2:6f:85:e6:c4:c2:6a:e2:a6:8b

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate basilisk.liacs.nl

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for basilisk.liacs.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

basilisk.liacs.nl
deconvolution.liacs.nl

Other certificates including the domain name liacs.nl

(limited to 100 certificates)
tls.automattic.com
deleidscheflesch.nl
tls.automattic.com
deleidscheflesch.nl
git.liacs.nl
deleidscheflesch.nl
git.liacs.nl
deleidscheflesch.nl
basilisk.liacs.nl
deleidscheflesch.nl
naco.liacs.nl
deleidscheflesch.nl
bio-imaging.liacs.nl
deleidscheflesch.nl
erumpent.liacs.nl
erumpent.liacs.nl
tornado-p-https.web.leidenuniv.nl
keep.leidenuniv.nl
tornado-p-https.web.leidenuniv.nl
tornado-p-https.web.leidenuniv.nl
deleidscheflesch.nl
deleidscheflesch.nl
basilisk.liacs.nl
elaborant.com
deleidscheflesch.nl
deleidscheflesch.nl
naco.liacs.nl
iohanalyzer.liacs.nl
lcm.liacs.nl
git.liacs.nl
deleidscheflesch.nl
tornado-p-https.web.leidenuniv.nl
deleidscheflesch.nl
tls.automattic.com
git.liacs.nl
basilisk.liacs.nl
deleidscheflesch.nl
computingfrontiers.org
ada.liacs.leidenuniv.nl
basilisk.liacs.nl
basilisk.liacs.nl
tls.automattic.com
tornado-p-https.web.leidenuniv.nl
cyttron.org
tls.automattic.com
lcm.liacs.nl
elaborant.com
keep.leidenuniv.nl
deleidscheflesch.nl
deleidscheflesch.nl
tls.automattic.com
press.liacs.nl
git.liacs.nl
deleidscheflesch.nl
cf19.liacs.nl
lithium.liacs.nl
bio-imaging.liacs.nl
tls.automattic.com
bio-imaging.liacs.nl
lithium.liacs.nl
deleidscheflesch.nl
deleidscheflesch.nl
deleidscheflesch.nl
tls.automattic.com
cml.liacs.nl
bio-imaging.liacs.nl
bio-imaging.liacs.nl
bio-imaging.liacs.nl
deleidscheflesch.nl
basilisk.liacs.nl
deleidscheflesch.nl
deleidscheflesch.nl
basilisk.liacs.nl
deleidscheflesch.nl
naco.liacs.nl
deleidscheflesch.nl
deleidscheflesch.nl
keep.leidenuniv.nl
tls.automattic.com
erumpent.liacs.nl
git.liacs.nl
git.liacs.nl
erumpent.liacs.nl
deleidscheflesch.nl
elaborant.com
deleidscheflesch.nl
naco.liacs.nl
git.liacs.nl
cml.liacs.nl
keep.leidenuniv.nl
lcm.liacs.nl
naco.liacs.nl
bio-imaging.liacs.nl
press.liacs.nl
press.liacs.nl
deleidscheflesch.nl
theory.liacs.nl
deleidscheflesch.nl
bio-imaging.liacs.nl
erumpent.liacs.nl

Certificate

The complete raw certificate details for basilisk.liacs.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgISA4bonrK1rQkYpW3quw2kI2ASMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAyMDcyMjUyMjlaFw0x
OTA1MDgyMjUyMjlaMBwxGjAYBgNVBAMTEWJhc2lsaXNrLmxpYWNzLm5sMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyRUZwn0qKGbmDx91cin68HtWt6q
7YLkJVS20souAUfdpg/82RNSe4KC/1HgAg4njGgf1oizF37pZHW6r0cR9jUDW2Bp
fIsGxSHmWNhxnuNl3nKiE6JcmfP2tzdn+c342iKMjwESBdpHdG1VZmYQigqGJyTV
VBReqQxMSAu4q2DZBjVQGZKEbsAyMyI+WuBDa5UzWxfnP6O4iCkd9Rm+RP5WbSGy
E6vUm9hoYyS6xXOe01xafdaQlffACeTXZ8ILnmSryjthPrYb6p3ZFk9jigGKG7mk
t0HUkud3f6c0ji1vO+lZ9AJ6KJNifu5uBBiLhHKZ4ac/D4CtfO1iQmpUAwIDAQAB
o4ICfTCCAnkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT8eDEDFaz+7PS/h5GzV0US
Xyl6rTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcB
AQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw
dC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw
dC5vcmcvMDQGA1UdEQQtMCuCEWJhc2lsaXNrLmxpYWNzLm5sghZkZWNvbnZvbHV0
aW9uLmxpYWNzLm5sMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEB
MCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBAwYK
KwYBBAHWeQIEAgSB9ASB8QDvAHUAdH7agzGtMxCRIZzOJU9CcMK//V5CIAjGNzV5
5hB7zFYAAAFoymCGFgAABAMARjBEAiBfuT4RizFiN0Jys1ETut5wIyogxG0/gp41
c1m6KiVJUgIgX9MPGpELtOVOImT/LEnisFkPaUAmx0X+qIkmzaRfL7EAdgBj8tvN
6DvMLM8LcoQnV2szpI1hd4+9daY4scdoVEvYjQAAAWjKYIhHAAAEAwBHMEUCIBgx
YtIlYx6OW9hbKdbrOsi4pCMfd4RtIXkC1hquXc36AiEAnWK1mKwSOAkSHlR2Wyp+
S/aBrGG04ulKrM94PT3T69YwDQYJKoZIhvcNAQELBQADggEBAH7SINAyExXYRAuE
7mowD5kPJ8e6vpvpQ1wN05RcUEaO1YYGRuYWQcLr7LlVAAGJeAJwGmGLq6FCshI2
whF9rhEeXXjBhrsxA9M9LkPMyxIo14si6cXU8m8gM5GuaJ1fYTdmToDdEnNOigfW
6FhrNa8Nwi2YAnnq+se88deA6k3f5/x1huteMRp9CP0k8V0FnhXPLzsMT8joZ13N
tohwYap6HSzP1R9UgOzRisbsmfgiHxaRP5S7Shwa4jlAJdBt2QCCecsDWSEORBHQ
f2Efvy4I+vFK27F/2WfCvWTZVNmQBeMPpmDheTvGk+3mylwI/vri1QrwXBiWuMqj
Cw4919A=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyRUZwn0qKGbmDx91cin
68HtWt6q7YLkJVS20souAUfdpg/82RNSe4KC/1HgAg4njGgf1oizF37pZHW6r0cR
9jUDW2BpfIsGxSHmWNhxnuNl3nKiE6JcmfP2tzdn+c342iKMjwESBdpHdG1VZmYQ
igqGJyTVVBReqQxMSAu4q2DZBjVQGZKEbsAyMyI+WuBDa5UzWxfnP6O4iCkd9Rm+
RP5WbSGyE6vUm9hoYyS6xXOe01xafdaQlffACeTXZ8ILnmSryjthPrYb6p3ZFk9j
igGKG7mkt0HUkud3f6c0ji1vO+lZ9AJ6KJNifu5uBBiLhHKZ4ac/D4CtfO1iQmpU
AwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 307243899865275001797741965465049635184658
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-02-07 22:52:29 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-05-08 22:52:29 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'basilisk.liacs.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24634384309790038204354314339305652115654912854562567028751116231994179170955034647165620462781606912740331283733148185194531462110139450990072877847345784522490495395931054350432774461229855007514279918001429391292019020238245802017024236227010441525125324018429751796480376156563763938632639736618364206191427176015161261386268970745504070168188312295891027003245907084170643138865950744662413452889366013683369813480404238108960449939479392402815276110370953660448771273954564213849147293513769785045098170952137087625917606994107804497374420010769694847766009724983146089389083210587691941250239007742253251318787
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							fc78310315acfeecf4bf8791b35745125f297aad
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (45 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'basilisk.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'deconvolution.liacs.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007500747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc5600000168ca608616000004030046304402205fb93e118b3162374272b35113bade70232a20c46d3f829e357359ba2a25495202205fd30f1a910bb4e54e2264ff2c49e2b0590f694026c745fea88926cda45f2fb100760063f2dbcde83bcc2ccf0b728427576b33a48d61778fbd75a638b1c768544bd88d00000168ca60884700000403004730450220183162d225631e8e5bd85b29d6eb3ac8b8a4231f77846d217902d61aae5dcdfa0221009d62b598ac123809121e54765b2a7e4bf681ac61b4e2e94aaccf783d3dd3ebd6
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		007ed220d0321315d8440b84ee6a300f990f27c7babe9be9435c0dd3945c50468ed5860646e61641c2ebecb9550001897802701a618baba142b21236c2117dae111e5d78c186bb3103d33d2e43cccb1228d78b22e9c5d4f26f203391ae689d5f6137664e80dd12734e8a07d6e8586b35af0dc22d980279eafac7bcf1d780ea4ddfe7fc7586eb5e311a7d08fd24f15d059e15cf2f3b0c4fc8e8675dcdb6887061aa7a1d2ccfd51f5480ecd18ac6ec99f8221f16913f94bb4a1c1ae2394025d06dd9008279cb0359210e4411d07f611fbf2e08faf14adbb17fd967c2bd64d954d99005e30fa660e1793bc693ede6ca5c08fefae2d50af05c1896b8caa30b0e3dd7d0