pix-h.stone.com.br

- STONE INSTITUICAO DE PAGAMENTO S.A -

Issued by GlobalSign RSA OV SSL CA 2018

About this certificate

This digital certificate with serial number 6f:28:9c:9c:63:71:c1:75:be:cb:a1:1c was issued on by GlobalSign nv-sa.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

STONE INSTITUICAO DE PAGAMENTO S.A

Organization: STONE INSTITUICAO DE PAGAMENTO S.A
State / Province: SAO PAULO
Locality: SAO PAULO
Country: BR

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate will expire on

Certificate Details

Serial Number (hex): 6f:28:9c:9c:63:71:c1:75:be:cb:a1:1c
Serial Number (int): 34401932696983012152361853212
Serial Number lenght: 95 bits, 12 octets

SubjectKeyId: bf:ef:f2:8c:3c:e8:ab:7d:c2:45:2e:ac:df:4b:e0:41:80:17:a3:cf
AuthorityKeyId: f8:ef:7f:f2:cd:78:67:a8:de:6f:8f:24:8d:88:f1:87:03:02:b3:eb

Fingerprint (sha1): f0:26:cb:a8:92:18:a8:6a:91:8a:77:04:f4:da:20:15:83:d5:26:ca
Fingerprint (sha256): 20:48:46:18:cb:e2:c8:e2:85:df:1a:fa:94:0a:0b:fd:fe:1a:e5:01:e5:0d:4e:7f:08:d7:d3:44:db:6e:b2:52

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt

Revocation information

OCSP Server: http://ocsp.globalsign.com/gsrsaovsslca2018

Check the revocation status for certificate pix-h.stone.com.br

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for pix-h.stone.com.br

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

pix-h.stone.com.br

Other certificates including the domain name stone.com.br

(limited to 100 certificates)
sni.cloudflaressl.com
helpdesk.azdelta.be
www.fatwestie.com
infraprojectsbuy4.stone.com.br
sni.cloudflaressl.com
sdkios.stone.com.br
bots.hyra.io
alpaca.status.merchlogix.com
credenciamento.stone.com.br
gateway.stone.com.br
sni.cloudflaressl.com
login.sandbox.stone.com.br
conciliacao.stone.com.br
conciliacao.stone.com.br
sdx.ton.stone.com.br
bots.hyra.io
*.stone.com.br
urlshortner.5tigerjelly.com
sni.cloudflaressl.com
split.stone.com.br
helpdesk.azdelta.be
*.stone.com.br
fsus-3.freshservice.com
login.sandbox.stone.com.br
poidownloadmanager.stone.com.br
bots.hyra.io
split.stone.com.br
jobprog.com
sdkandroid.stone.com.br
split.stone.com.br
bots.hyra.io
login.stone.com.br
alpaca.status.merchlogix.com
tesuga.atosium.com
sdkios.stone.com.br
alpaca.status.merchlogix.com
lp.stone.com.br
minha-stg.stone.com.br
bots.hyra.io
sni.cloudflaressl.com
pardot.stone.com.br
bots.hyra.io
helpdesk.azdelta.be
sni.cloudflaressl.com
bots.hyra.io
minha.stone.com.br
sni.cloudflaressl.com
sni.cloudflaressl.com
bots.hyra.io
split.stone.com.br
bots.hyra.io
redash.stone.com.br
bots.hyra.io
*.openbank.stone.com.br
sdx.ton.stone.com.br
bots.hyra.io
conciliacao.stone.com.br
sni.cloudflaressl.com
bots.hyra.io
cliente.peepi.com.br
sdkpos.stone.com.br
conciliacao.stone.com.br
joybit.org
login.stone.com.br
stone.com.br
sdkandroid.stone.com.br
sdkandroid.stone.com.br
bots.hyra.io
helpdesk.azdelta.be
www.duasxicaras.com.br
online.stone.com.br
stica.stone.com.br
portal-iso.stone.com.br
*.openbank.stone.com.br
finhance.io
alpaca.status.merchlogix.com
helpdesk.azdelta.be
sni1c614gl.wpc.edgecastcdn.net
bots.hyra.io
dev.banco.stone.com.br
ton.stone.com.br
bots.hyra.io
alpaca.status.merchlogix.com
apps.onttplay.com.br
bots.hyra.io
microtefdocs.stone.com.br
sdkpos.stone.com.br
ton.stone.com.br
emprestimo.portal-staging.stone.com.br
pix-h.stone.com.br
sni.cloudflaressl.com
sni.cloudflaressl.com
stica.stone.com.br
emprestimo.staging.portal.stone.com.br
alpaca.status.merchlogix.com
alpaca.status.merchlogix.com
cliente.peepi.com.br
cliente.peepi.com.br
stica.stone.com.br
bots.hyra.io

Certificate

The complete raw certificate details for pix-h.stone.com.br in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIMbyicnGNxwXW+y6EcMA0GCSqGSIb3DQEBCwUAMFAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1H
bG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yNDAyMjAxNjMyMDFaFw0y
NTAzMTgxOTMxMDRaMH8xCzAJBgNVBAYTAkJSMRIwEAYDVQQIEwlTQU8gUEFVTE8x
EjAQBgNVBAcTCVNBTyBQQVVMTzErMCkGA1UEChMiU1RPTkUgSU5TVElUVUlDQU8g
REUgUEFHQU1FTlRPIFMuQTEbMBkGA1UEAxMScGl4LWguc3RvbmUuY29tLmJyMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9eoNcr3u/uFkSTycYsd93ji
f0DRirNhpO0GWmKiMdkWfKfzsVQbYr59UbeDmPWqXKSG5mH8KuQFzvM8TZXilXuT
PP7gbQBi4ZhbOB1n1ZQy5IFnA7avvDptMB6kOVcf0gp1UUGE6MXB9lmI8pmeO6eJ
nmYlfEaw5bWcX1/DgoJcripbIyoj9kmf7ejEQfDQ88APi5Gz0GB9LQiQ8Lurp4g3
nzObVUszJ7awNkL3rhMK6LEwodFKLtg4VSG4DD3yvDn5HJNe8O0riOOC1VfChB5y
L2S9AA1t8hfioXszFNWqO1MuijAGxkag0XBCkyN2mgjg7rUFCAjAksCoaofK+QID
AQABo4IBnjCCAZowDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwgY4GCCsG
AQUFBwEBBIGBMH8wRAYIKwYBBQUHMAKGOGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2ln
bi5jb20vY2FjZXJ0L2dzcnNhb3Zzc2xjYTIwMTguY3J0MDcGCCsGAQUFBzABhito
dHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9nc3JzYW92c3NsY2EyMDE4MFYGA1Ud
IARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmds
b2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjAdBgNVHREEFjAUghJw
aXgtaC5zdG9uZS5jb20uYnIwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MB8GA1UdIwQYMBaAFPjvf/LNeGeo3m+PJI2I8YcDArPrMB0GA1UdDgQWBBS/7/KM
POirfcJFLqzfS+BBgBejzzATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0B
AQsFAAOCAQEAajmJrHsijkOEsvWhdug9TYZUi1dpsdzp5oW7dqcylKOjSXzOnx/F
seRzoNsn+s5Z4RODgfKKgaOMrzvoKMG3kHtWB1LYp8ABAyrNQD5hcDEkhPB3QXDN
BBGZU1eqVLjT5jwl4QPlHPJH57tUc0IN4o/WaGIN9k30BFO2ttV0/v4fqJnhL3gf
INPd2CgU/Zrl9mT2EEnKiYxLgcYm6s0xmur3zhFDENKu3F0BupOvUAhK1nYCGZQP
aiy6WuvgPziHSWny1+JOMV5WGuPqjievxUnNMiitI/UZq7rOFogAECQLxa3i2a2B
05Uvljne8WG1BOo6FrCJhoichRaPt5EHNQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9eoNcr3u/uFkSTycYsd
93jif0DRirNhpO0GWmKiMdkWfKfzsVQbYr59UbeDmPWqXKSG5mH8KuQFzvM8TZXi
lXuTPP7gbQBi4ZhbOB1n1ZQy5IFnA7avvDptMB6kOVcf0gp1UUGE6MXB9lmI8pme
O6eJnmYlfEaw5bWcX1/DgoJcripbIyoj9kmf7ejEQfDQ88APi5Gz0GB9LQiQ8Lur
p4g3nzObVUszJ7awNkL3rhMK6LEwodFKLtg4VSG4DD3yvDn5HJNe8O0riOOC1VfC
hB5yL2S9AA1t8hfioXszFNWqO1MuijAGxkag0XBCkyN2mgjg7rUFCAjAksCoaofK
+QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 34401932696983012152361853212
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign RSA OV SSL CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-20 16:32:01 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-18 19:31:04 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SAO PAULO'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SAO PAULO'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'STONE INSTITUICAO DE PAGAMENTO S.A'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'pix-h.stone.com.br'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25227767153376365134790735556266183125134888329854889636236900859441111515334367745899747503107044537777107766603845140555383268266055462460397130340276163383434504350810846821334559602409004239773613792669088787178608577094262510227371605494896767575604544784000991995435204589811302622168532927560920469380305254297106928913345811986456955671621330661486151974955714123056553073757701218496794105309002153083645067645328571465191685195695134486297328213112575433052673409491681295379396857874817476314996050778172229878365226076940962804251056564195147772170172667132576330070828789836211083452257011210787551169273
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (129 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.globalsign.com/gsrsaovsslca2018'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pix-h.stone.com.br'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f8ef7ff2cd7867a8de6f8f248d88f1870302b3eb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							bfeff28c3ce8ab7dc2452eacdf4be0418017a3cf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		006a3989ac7b228e4384b2f5a176e83d4d86548b5769b1dce9e685bb76a73294a3a3497cce9f1fc5b1e473a0db27face59e1138381f28a81a38caf3be828c1b7907b560752d8a7c001032acd403e6170312484f0774170cd0411995357aa54b8d3e63c25e103e51cf247e7bb5473420de28fd668620df64df40453b6b6d574fefe1fa899e12f781f20d3ddd82814fd9ae5f664f61049ca898c4b81c626eacd319aeaf7ce114310d2aedc5d01ba93af50084ad6760219940f6a2cba5aebe03f38874969f2d7e24e315e561ae3ea8e27afc549cd3228ad23f519abbace16880010240bc5ade2d9ad81d3952f9639def161b504ea3a16b08986889c85168fb7910735