livingwater.bible
Issued by R3
About this certificate
This digital certificate with serial number 04:83:85:71:41:c4:d0:f2:a5:5c:ba:88:df:db:7e:e5:e5:ac was issued on by Let's Encrypt.
With 19 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=livingwater.bible
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:83:85:71:41:c4:d0:f2:a5:5c:ba:88:df:db:7e:e5:e5:acSerial Number (int): 393203509180618343859962487475750199223724
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 97:56:98:89:7e:ea:02:0d:01:0a:50:32:40:15:79:ec:62:09:fc:b0
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): fd:ba:ee:ea:37:ae:d3:08:70:cd:6f:79:e3:2f:fc:ba:86:03:6b:a0
Fingerprint (sha256): 20:eb:32:10:2f:ea:a7:ae:59:e6:f9:91:75:fb:0d:ce:b8:16:4b:b6:31:a0:da:be:e0:24:28:0c:b9:27:44:4d
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate livingwater.bible
19
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for livingwater.bible
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
97f.net
actualiteamericaine.com
arbitrageur.com.mx
bestpornhq.com
credit4vip.com
distressedpropertiesforsale.com.awc420.com
doha4vip.com.keycommunicationsllc.com
jonhaventownhomes.com
lgbtqpayments.com
livingwater.bible
mcleodparalegal.com
mpksoftware.net.tubaexcerpts.com
odellgear.com
realestatedinosaurs.com
t-j.in
takebacktheculture.net
thekidscollege.com.arbitragecon.com
twittwe.com
uncanceledpatriots.com
actualiteamericaine.com
arbitrageur.com.mx
bestpornhq.com
credit4vip.com
distressedpropertiesforsale.com.awc420.com
doha4vip.com.keycommunicationsllc.com
jonhaventownhomes.com
lgbtqpayments.com
livingwater.bible
mcleodparalegal.com
mpksoftware.net.tubaexcerpts.com
odellgear.com
realestatedinosaurs.com
t-j.in
takebacktheculture.net
thekidscollege.com.arbitragecon.com
twittwe.com
uncanceledpatriots.com
Other certificates including the domain name livingwater.bible
(limited to 100 certificates)
Certificate
The complete raw certificate details for livingwater.bible in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGkzCCBXugAwIBAgISBIOFcUHE0PKlXLqI39t+5eWsMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEyMjQxMzMwMTBaFw0yNDAzMjMxMzMwMDlaMBwxGjAYBgNVBAMT EWxpdmluZ3dhdGVyLmJpYmxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAsQ4OYKqHYl3lT4ljTec1BmqZ46Ti8IIT1h0jt24qfO/YKmKPf80wvH2j2oeL Z/jWQMdMaLDYa+xu9zw+dYZylap8u6YLn4yx0I5mhQYdQsFbGYdi1x3syBsWIYMv Vci85fcva4UrHdIcxRIWHCYgKOl2yZdtfAFdSZ9eqQ4K6rCh+e5UU57vXb7Ftsk2 33DaIAK9aZJLl+9QtwMKyMsKseCaki4kYbXwKEPehKDeFjLsZKZHJWvVQVM5ESx8 c2dOvhvKewZNMWdLfJPMeTaAldzLSoDXKQCLd3+eZUiVRcLTa2x7WypDKXSUWUND uEmhTMofsEvfNifoKXjsRPLkKQIDAQABo4IDtzCCA7MwDgYDVR0PAQH/BAQDAgWg MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G A1UdDgQWBBSXVpiJfuoCDQEKUDJAFXnsYgn8sDAfBgNVHSMEGDAWgBQULrMXt1hW y65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6 Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iu b3JnLzCCAbwGA1UdEQSCAbMwggGvggc5N2YubmV0ghdhY3R1YWxpdGVhbWVyaWNh aW5lLmNvbYISYXJiaXRyYWdldXIuY29tLm14gg5iZXN0cG9ybmhxLmNvbYIOY3Jl ZGl0NHZpcC5jb22CKmRpc3RyZXNzZWRwcm9wZXJ0aWVzZm9yc2FsZS5jb20uYXdj NDIwLmNvbYIlZG9oYTR2aXAuY29tLmtleWNvbW11bmljYXRpb25zbGxjLmNvbYIV am9uaGF2ZW50b3duaG9tZXMuY29tghFsZ2J0cXBheW1lbnRzLmNvbYIRbGl2aW5n d2F0ZXIuYmlibGWCE21jbGVvZHBhcmFsZWdhbC5jb22CIG1wa3NvZnR3YXJlLm5l dC50dWJhZXhjZXJwdHMuY29tgg1vZGVsbGdlYXIuY29tghdyZWFsZXN0YXRlZGlu b3NhdXJzLmNvbYIGdC1qLmlughZ0YWtlYmFja3RoZWN1bHR1cmUubmV0giN0aGVr aWRzY29sbGVnZS5jb20uYXJiaXRyYWdlY29uLmNvbYILdHdpdHR3ZS5jb22CFnVu Y2FuY2VsZWRwYXRyaW90cy5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEGBgor BgEEAdZ5AgQCBIH3BIH0APIAdwA7U3d1Pi25gE6LMFsG/kA7Z9hPw/THvQANLXJv 4frUFwAAAYycO8HMAAAEAwBIMEYCIQCo969ROEg5XVjZA6j6sE2gUq/Eh40I99J8 QXQytI53RAIhAPWIud+y7/Drv3A5RLjPAXIrCcRm9s4IS9KHe6wan0nJAHcAouK/ 1h7eLy8HoNZObTen3GVDsMa1LqLat4r4mm31F9gAAAGMnDvB2QAABAMASDBGAiEA y86zYQDoRFkvLPWJyHvzRxUn48gF8pnhmiBX9nWEWkcCIQDG0o38ltRBwBw/MhFn A9D3Cw8IlgUYt++SnPkdUlHhzTANBgkqhkiG9w0BAQsFAAOCAQEAohgy5M/nbiIa s9L47ApM0MlqeTIUPOe2u4mDEWibO4nT1/T8nn/N9ZysLgtAi+tDCeiKcrIn4XCa drZNgdC644w7qvU+wTvcVkE3l2Tsq534U6OOs1q0gI2bHFhc9EMrjzuPrDMG2eIm 2m5vhyInvmA4JstxOS6WgVAq03lB0dIoV5Ppt7FJGU0SQl241HgNOyGLMvsQQm3j LzdxdwcQkjv5Ula1rvYizmfD8TeqOG/6ER12Y2QNlSv2Vniep/vcoavH2lCmHbVt 9qac3gHfBzy7i/h+oI9uK43mPxD9Xmj+IxvnkU7K7FVSyxIVCZKoSsAyolwXyo6B K9QKvxTsJw== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQ4OYKqHYl3lT4ljTec1 BmqZ46Ti8IIT1h0jt24qfO/YKmKPf80wvH2j2oeLZ/jWQMdMaLDYa+xu9zw+dYZy lap8u6YLn4yx0I5mhQYdQsFbGYdi1x3syBsWIYMvVci85fcva4UrHdIcxRIWHCYg KOl2yZdtfAFdSZ9eqQ4K6rCh+e5UU57vXb7Ftsk233DaIAK9aZJLl+9QtwMKyMsK seCaki4kYbXwKEPehKDeFjLsZKZHJWvVQVM5ESx8c2dOvhvKewZNMWdLfJPMeTaA ldzLSoDXKQCLd3+eZUiVRcLTa2x7WypDKXSUWUNDuEmhTMofsEvfNifoKXjsRPLk KQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 393203509180618343859962487475750199223724 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-24 13:30:10 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-23 13:30:09 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'livingwater.bible' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22351111331060130480634257010986800325382563564508594068938628266202230409987289233959125304154269579122092986882801423464219814102782508897823517850557200265230543556852030288959052552080116257422345306835988631013014171929230462141044598623551123384953741045276001483724136406864521735243836788268653716623723181753565681267547866713915539110169202256321733831587757523401037863328465971370227422748625480809621310449114082767389055595784427050546648292156574234592883288972645455452255630300900575557868393588802610004944933383742825207270387361181326622664421380798797677011314691996087074873540616826369403446313 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 975698897eea020d010a5032401579ec6209fcb0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (435 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '97f.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'actualiteamericaine.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'arbitrageur.com.mx' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bestpornhq.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'credit4vip.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'distressedpropertiesforsale.com.awc420.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'doha4vip.com.keycommunicationsllc.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jonhaventownhomes.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lgbtqpayments.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'livingwater.bible' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mcleodparalegal.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mpksoftware.net.tubaexcerpts.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'odellgear.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'realestatedinosaurs.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 't-j.in' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'takebacktheculture.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'thekidscollege.com.arbitragecon.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'twittwe.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'uncanceledpatriots.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) 00f20077003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018c9c3bc1cc0000040300483046022100a8f7af513848395d58d903a8fab04da052afc4878d08f7d27c417432b48e7744022100f588b9dfb2eff0ebbf703944b8cf01722b09c466f6ce084bd2877bac1a9f49c9007700a2e2bfd61ede2f2f07a0d64e6d37a7dc6543b0c6b52ea2dab78af89a6df517d80000018c9c3bc1d90000040300483046022100cbceb36100e844592f2cf589c87bf3471527e3c805f299e19a2057f675845a47022100c6d28dfc96d441c01c3f32116703d0f70b0f08960518b7ef929cf91d5251e1cd . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00a21832e4cfe76e221ab3d2f8ec0a4cd0c96a7932143ce7b6bb898311689b3b89d3d7f4fc9e7fcdf59cac2e0b408beb4309e88a72b227e1709a76b64d81d0bae38c3baaf53ec13bdc5641379764ecab9df853a38eb35ab4808d9b1c585cf4432b8f3b8fac3306d9e226da6e6f872227be603826cb71392e9681502ad37941d1d2285793e9b7b149194d12425db8d4780d3b218b32fb10426de32f3771770710923bf95256b5aef622ce67c3f137aa386ffa111d7663640d952bf656789ea7fbdca1abc7da50a61db56df6a69cde01df073cbb8bf87ea08f6e2b8de63f10fd5e68fe231be7914ecaec5552cb12150992a84ac032a25c17ca8e812bd40abf14ec27