*.rfklive.com
Issued by Amazon
About this certificate
This digital certificate with serial number 0a:53:fd:83:64:c8:0d:5b:39:00:14:a5:f5:53:28:b0 was issued on by Amazon.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=*.rfklive.com
Amazon
Organization:
Amazon
Organization unit: Server CA 1B
Organization unit: Server CA 1B
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 0a:53:fd:83:64:c8:0d:5b:39:00:14:a5:f5:53:28:b0Serial Number (int): 13728382456816911883034311490517805232
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: c1:2d:75:96:ad:76:07:fe:e6:c9:97:ae:3d:1c:2f:8c:6c:42:32:9f
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0
Fingerprint (sha1): 97:79:d6:1f:90:b0:52:d1:20:a9:05:a9:de:91:39:82:1e:54:cf:28
Fingerprint (sha256): 20:6b:bd:98:fd:f2:8a:d8:26:4e:fb:ea:cd:99:6d:0a:d7:21:20:f5:7c:4a:10:42:91:5d:ed:63:98:fb:b2:79
Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt
Revocation information
OCSP Server: http://ocsp.sca1b.amazontrust.comCRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl
Check the revocation status for certificate *.rfklive.com
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.rfklive.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.rfklive.com
*.rfk.bcom.levistrauss.com
*.rfk.bcom.levistrauss.com
Other certificates including the domain name rfklive.com
(limited to 100 certificates)
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.uat.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.uat.rfklive.com
*.rfklive.com
Certificate
The complete raw certificate details for *.rfklive.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF6jCCBNKgAwIBAgIQClP9g2TIDVs5ABSl9VMosDANBgkqhkiG9w0BAQsFADBG MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMTA3MjYwMDAwMDBaFw0yMjA4MjQy MzU5NTlaMBgxFjAUBgNVBAMMDSoucmZrbGl2ZS5jb20wggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQCpM08Y3PD65GtsgwY931cyX8HZHEnm2OAp8uI9SUFZ qCia/eh5qdilQxVWmbdlBjMxYH2tyzx8LJvSonn8vkYmpqiJK58XWLPSlAiPbq59 MsdZ177CAkXuthFx4r+UrOJ+ODld2PgMl6Kvo03Tj8CXw6BubVLu5np0pRzeMCHi yA9WqWShIq5YCJ9bAGMoQJ/2KW5iuDQqeBXE8aqcOUNcYFIYVoLhqi+lU4Gm4d+l oCF8oV7k7dhWDuLERG/fNh033YhleBPzsocTYgx7cYLClWfYK3RdNG1eb3k+QZBc QE6d9O8Bx9hSI0OB+33PZ5hLfj3pDnx3jMLy3kRypVzzAgMBAAGjggMAMIIC/DAf BgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUwS11lq12 B/7myZeuPRwvjGxCMp8wNAYDVR0RBC0wK4INKi5yZmtsaXZlLmNvbYIaKi5yZmsu YmNvbS5sZXZpc3RyYXVzcy5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG CCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3Js LnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi5jcmwwEwYDVR0gBAwwCjAIBgZn gQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5z Y2ExYi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2Nh MWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8EAjAAMIIBfAYK KwYBBAHWeQIEAgSCAWwEggFoAWYAdQApeb7wnjk5IfBWc59jpXflvld9nGAK+PlN XSZcJV3HhAAAAXri+8rJAAAEAwBGMEQCIEI/JlBPpiKkRNgoxZj4fCz7cTf16rKm LlSo1++vxoEPAiBWiMxw5Do7ElWIv842QFIE9YT3sTeZVL15JOGigp6P4wB2AEHI yrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBilgb2AAABeuL7yvEAAAQDAEcwRQIh ANQjDXDrl8oEZtRGd4kOItMiVlHcq31buOy5MNSWs7FwAiB8vWcxEGfz3sCP8AP0 U/eMnk4l100/SLzqgq/6qWHW9wB1AN+lXqtogk8fbK3uuF9OPlrqzaISpGpejjsS wCBEXCpzAAABeuL7ywwAAAQDAEYwRAIgfs+bY6ugSDUwekQLCOD5pVy/1wCqSEHk gd4x6TpKZUwCIGSwIJgsSDlfnNtW8acjxsbpMnnQw8OhK5xaO4xuSvqAMA0GCSqG SIb3DQEBCwUAA4IBAQAQhmlijUhSLZCXFmYc0ZA2UTfBZBQ2d+U/QAIKdnLZ+c1G lsX88Up2P0rl0fJKAAEuCTQVjtab0tO0MkEE0UohLuIzz7lT0B/QoAcCfFu41vew VhxDZExtJXu/B02GIv/BbDGY6Z5qxgp1kCs7PVj2jLrLDrtQuHrjQo/PpGG64IHk /ZsxRGpVnzGBCmbLsqFGbVJPhjwNv7OYogmMdauP1wYV19yKuDnK2JMW1w/NyPxJ oU7o+N1WFkQHSFGFLd+l+Tva48/J4tUOVEkoQ4rJWsBBhtAZBfKHKhm4uvVpoWPV 7d5tPdi00fJMZlwDNuBke5w2y/p6rC+HHZDilSC5 -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTNPGNzw+uRrbIMGPd9X Ml/B2RxJ5tjgKfLiPUlBWagomv3oeanYpUMVVpm3ZQYzMWB9rcs8fCyb0qJ5/L5G JqaoiSufF1iz0pQIj26ufTLHWde+wgJF7rYRceK/lKzifjg5Xdj4DJeir6NN04/A l8Ogbm1S7uZ6dKUc3jAh4sgPVqlkoSKuWAifWwBjKECf9iluYrg0KngVxPGqnDlD XGBSGFaC4aovpVOBpuHfpaAhfKFe5O3YVg7ixERv3zYdN92IZXgT87KHE2IMe3GC wpVn2Ct0XTRtXm95PkGQXEBOnfTvAcfYUiNDgft9z2eYS3496Q58d4zC8t5EcqVc 8wIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 13728382456816911883034311490517805232 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-07-26 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-08-24 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.rfklive.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21359574936910347364626150505119561942743692910439035510486283505386013826128887867680940755614084245661671544785184707331331631419844364006563481115804049644390187264196241476782606540359000867388371195547476792310167880399099127883451326083973274251907137049664694767559509672695762401274210591532808761956263308765858920994607977490078443729194873562046635341595270628346676888645464729976398389416505943032834530756428821560087714489025583430061809327839973583251749875637356189119599401007265546686497900896394956158077855976730033640417578133939404819059365599412747790648038424394867529231222255825739084815603 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) c12d7596ad7607fee6c997ae3d1c2f8c6c42329f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (45 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.rfklive.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.rfk.bcom.levistrauss.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes) 01660075002979bef09e393921f056739f63a577e5be577d9c600af8f94d5d265c255dc7840000017ae2fbcac900000403004630440220423f26504fa622a444d828c598f87c2cfb7137f5eab2a62e54a8d7efafc6810f02205688cc70e43a3b125588bfce36405204f584f7b1379954bd7924e1a2829e8fe300760041c8cab1df22464a10c6a13a0942875e4e318b1b03ebeb4bc768f090629606f60000017ae2fbcaf10000040300473045022100d4230d70eb97ca0466d44677890e22d3225651dcab7d5bb8ecb930d496b3b17002207cbd67311067f3dec08ff003f453f78c9e4e25d74d3f48bcea82affaa961d6f7007500dfa55eab68824f1f6cadeeb85f4e3e5aeacda212a46a5e8e3b12c020445c2a730000017ae2fbcb0c000004030046304402207ecf9b63aba04835307a440b08e0f9a55cbfd700aa4841e481de31e93a4a654c022064b020982c48395f9cdb56f1a723c6c6e93279d0c3c3a12b9c5a3b8c6e4afa80 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00108669628d48522d909716661cd190365137c164143677e53f40020a7672d9f9cd4696c5fcf14a763f4ae5d1f24a00012e0934158ed69bd2d3b4324104d14a212ee233cfb953d01fd0a007027c5bb8d6f7b0561c43644c6d257bbf074d8622ffc16c3198e99e6ac60a75902b3b3d58f68cbacb0ebb50b87ae3428fcfa461bae081e4fd9b31446a559f31810a66cbb2a1466d524f863c0dbfb398a2098c75ab8fd70615d7dc8ab839cad89316d70fcdc8fc49a14ee8f8dd561644074851852ddfa5f93bdae3cfc9e2d50e544928438ac95ac04186d01905f2872a19b8baf569a163d5edde6d3dd8b4d1f24c665c0336e0647b9c36cbfa7aac2f871d90e29520b9