staging0.uploadcare.com

Issued by Amazon

About this certificate

This digital certificate with serial number 0c:4c:b0:bd:22:27:72:99:be:05:ad:56:8f:93:30:22 was issued on by Amazon.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=staging0.uploadcare.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0c:4c:b0:bd:22:27:72:99:be:05:ad:56:8f:93:30:22
Serial Number (int): 16348935199450774891282556461367111714
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 75:4f:d3:72:3d:32:55:9d:1a:a2:e2:33:a4:d2:9a:f1:1e:9a:ff:25
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 55:bb:6a:ec:fa:b1:af:58:bf:a8:fd:53:93:65:7a:2d:85:22:34:e6
Fingerprint (sha256): 21:7d:da:fd:1e:dc:0c:b4:8a:bd:f4:96:6c:f4:98:c9:bc:ea:75:67:34:40:81:0a:03:c9:c3:b3:bd:16:e8:3c

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate staging0.uploadcare.com

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for staging0.uploadcare.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

staging0.uploadcare.com
staging0.ucarecdn.com
*.staging0.uploadcare.com
*.staging0.ucarecdn.com

Other certificates including the domain name uploadcare.com

(limited to 100 certificates)
leiden-status.inqdoconnect.nl
robots-max.uploadcare.com
lp.uploadcare.com
facebook-example.uploadcare.com
ucarecdn.com
staging0.cfcdn.uploadcare.com
community.uploadcare.com
cloudstatus.azeti.net
cloudstatus.azeti.net
lp.uploadcare.com
robots-max.uploadcare.com
community.uploadcare.com
robots-max.uploadcare.com
help.uploadcare.com
help.uploadcare.com
bildstatus.de
cloudstatus.azeti.net
staging0-secure.cfcdn.uploadcare.com
teamcity.uploadcare.com
help.uploadcare.com
robots-max.uploadcare.com
uploadcare.com
lp.uploadcare.com
staging0.cfcdn.uploadcare.com
cloudstatus.azeti.net
leiden-status.inqdoconnect.nl
facebook-example.uploadcare.com
bildstatus.de
robots-max.uploadcare.com
staging0.cfcdn.uploadcare.com
teamcity.uploadcare.com
x.cfcdn.uploadcare.com
help.uploadcare.com
bildstatus.de
help.uploadcare.com
cx.uploadcare.com
leiden-status.inqdoconnect.nl
bildstatus.de
staging0.cfcdn.uploadcare.com
cloudstatus.azeti.net
*.uploadcare.com
cloudstatus.azeti.net
ucdn.brain-valley.com
leiden-status.inqdoconnect.nl
help.uploadcare.com
staging0.uploadcare.com
bildstatus.de
cloudstatus.azeti.net
kb.uploadcare.com
cx.uploadcare.com
leiden-status.inqdoconnect.nl
cloudstatus.azeti.net
robots-max.uploadcare.com
leiden-status.inqdoconnect.nl
leiden-status.inqdoconnect.nl
leiden-status.inqdoconnect.nl
community.uploadcare.com
kb.uploadcare.com
teamcity.uploadcare.com
st1.uploadcare.com
teamcity.uploadcare.com
kb.uploadcare.com
x.cfcdn.uploadcare.com
cloudstatus.azeti.net
*.uploadcare.com
uc.unum.la
staging0.uploadcare.com
cloudstatus.azeti.net
cloudstatus.azeti.net
cloudstatus.azeti.net
leiden-status.inqdoconnect.nl
teamcity.uploadcare.com
lp.uploadcare.com
teamcity.uploadcare.com
help.uploadcare.com
lp.uploadcare.com
cloudstatus.azeti.net
staging1.uploadcare.com
help.uploadcare.com
robots-max.uploadcare.com
facebook-example.uploadcare.com
staging0.uploadcare.com
leiden-status.inqdoconnect.nl
analytics.uploadcare.com
cloudstatus.azeti.net
x.uploadcare.com
leiden-status.inqdoconnect.nl
help.uploadcare.com
teamcity.uploadcare.com
bildstatus.de
robots-max.uploadcare.com
st1.staging0.uploadcare.com
facebook-example.uploadcare.com
cloudstatus.azeti.net
facebook-example.uploadcare.com
teamcity.uploadcare.com
cf-staging0.cfcdn.uploadcare.com
leiden-status.inqdoconnect.nl
lp.uploadcare.com
community.uploadcare.com

Certificate

The complete raw certificate details for staging0.uploadcare.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGLzCCBRegAwIBAgIQDEywvSIncpm+Ba1Wj5MwIjANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMTA3MTMwMDAwMDBaFw0yMjA4MTEy
MzU5NTlaMCIxIDAeBgNVBAMTF3N0YWdpbmcwLnVwbG9hZGNhcmUuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5ftVeybc6o/SPjDawXIfw5EgAss
axDMT+ujzlKAn5c8Le85gwRrJu8VquG//sFlyjAOh4gxxC1UVIjoCljPauZ0QHMR
8+tvibeJ0lh+PhvnmhNYszJz9sjwY6iS/KMMAprN+4ztwKuZFzA3rT7tOq/q9eVz
iHXYzBLkGfUkOSEahytqo8VWjzMGRCzqjo7N+sJ+Sp/ORgFtSFrmxI0VjtDmuXx3
DqPXHJVkvc22zu56wbg1yr0C8zh/ZK8tCQBZl5Ap3NCwmfVCprJ5UaJ09rYtErBD
J9amMFTdqE/7ZFccM0rvolomjdBwqWN7GAjLJqnLGG9QjzaLHcNZo0xuQQIDAQAB
o4IDOzCCAzcwHwYDVR0jBBgwFoAUWaRmBlKge5WSPKOUByeWdFv5PdAwHQYDVR0O
BBYEFHVP03I9MlWdGqLiM6TSmvEemv8lMG0GA1UdEQRmMGSCF3N0YWdpbmcwLnVw
bG9hZGNhcmUuY29tghVzdGFnaW5nMC51Y2FyZWNkbi5jb22CGSouc3RhZ2luZzAu
dXBsb2FkY2FyZS5jb22CFyouc3RhZ2luZzAudWNhcmVjZG4uY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0fBDQw
MjAwoC6gLIYqaHR0cDovL2NybC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIu
Y3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMHUGCCsGAQUFBwEBBGkwZzAtBggrBgEF
BQcwAYYhaHR0cDovL29jc3Auc2NhMWIuYW1hem9udHJ1c3QuY29tMDYGCCsGAQUF
BzAChipodHRwOi8vY3J0LnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi5jcnQw
DAYDVR0TAQH/BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYAKXm+8J45
OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF6nayYIAAABAMARzBFAiBCL66W
MgecVwMZm3dzpxTM0QNrYFzl2gj4QBHa8aJ74wIhAMZq9ZgBjh1JO+QcpFHivcXW
uvDyhGK0FS1vg5cFHJYNAHYAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSL
BeUAAAF6nayYsgAABAMARzBFAiBNy84FpFgKPslsiLZDsJwECyvZ4NWGnEZj2tvM
ZVU9hQIhANXnDUwWvV8034re/KQXo8pG8//Q6gCvD8lxKzp8P6GiAHYAQcjKsd8i
RkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF6nayYIQAABAMARzBFAiEA/t5k
nrKYhcpbCzuoI7ALAOO6xdAajFWCHJUhcXP+b/QCIDti1voBYLp5kfbH5K9dNb8W
PGeQVe3OhGczPlNoNgcRMA0GCSqGSIb3DQEBCwUAA4IBAQCT8B3dTQzNwgRROd7r
cwagyZutCbTSr8YCJKHzIiZQFRm0/Or8wRHmudgSL9ZwLKwadw+M25YoxzUQAed2
z2P6z4ckAetQQMl4XFlWvIcDFGZ+5O+FztQRDYG3OvCMMgiem2eZGEgYLayV1jNj
fzcG/zgUzxtk6YT/maCTFjfBFbHssLM0l0OFXru9t4jumnWhcChVCUnXN9ZkfVIe
ZehNNY8ZZeoWZhSvn/rL7Mvs+R+ZWr5DIkqyXwcaFU85eSnj5lRmhtBf6ECKIfCZ
ds1gNQimfwgqaM2BLhUhsWZl0pEYMa9kvLzrKeSnBHoWydkshGj8HzMT7Qfx8/wv
Q84y
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5ftVeybc6o/SPjDawXI
fw5EgAssaxDMT+ujzlKAn5c8Le85gwRrJu8VquG//sFlyjAOh4gxxC1UVIjoCljP
auZ0QHMR8+tvibeJ0lh+PhvnmhNYszJz9sjwY6iS/KMMAprN+4ztwKuZFzA3rT7t
Oq/q9eVziHXYzBLkGfUkOSEahytqo8VWjzMGRCzqjo7N+sJ+Sp/ORgFtSFrmxI0V
jtDmuXx3DqPXHJVkvc22zu56wbg1yr0C8zh/ZK8tCQBZl5Ap3NCwmfVCprJ5UaJ0
9rYtErBDJ9amMFTdqE/7ZFccM0rvolomjdBwqWN7GAjLJqnLGG9QjzaLHcNZo0xu
QQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 16348935199450774891282556461367111714
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-07-13 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-08-11 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'staging0.uploadcare.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21661668190667434002293124426073656005951835929559629051938481678470054112133621235896455654239080689391923520840088034285821016414247036349970591503176134356277738718776298842429102375189103501861850905699717234787737266569228781704988362019007104105765742428573256364769409998160303774792925151343881826728557385131762924691489174002117480861863480574575581248639741478316977605878308085372200933423373731614551844945186232935209082123384208549756236361916488060774176804733769652712930645220621110246498206887985987686308588343074185929760263522378145524698378434222768654259013988078758364167242418188191580057153
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							754fd3723d32559d1aa2e233a4d29af11e9aff25
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (102 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging0.uploadcare.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging0.ucarecdn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.staging0.uploadcare.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.staging0.ucarecdn.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680076002979bef09e393921f056739f63a577e5be577d9c600af8f94d5d265c255dc7840000017a9dac982000000403004730450220422fae9632079c5703199b7773a714ccd1036b605ce5da08f84011daf1a27be3022100c66af598018e1d493be41ca451e2bdc5d6baf0f28462b4152d6f8397051c960d00760051a3b0f5fd01799c566db837788f0ca47acc1b27cbf79e88429a0dfed48b05e50000017a9dac98b2000004030047304502204dcbce05a4580a3ec96c88b643b09c040b2bd9e0d5869c4663dadbcc65553d85022100d5e70d4c16bd5f34df8adefca417a3ca46f3ffd0ea00af0fc9712b3a7c3fa1a200760041c8cab1df22464a10c6a13a0942875e4e318b1b03ebeb4bc768f090629606f60000017a9dac98210000040300473045022100fede649eb29885ca5b0b3ba823b00b00e3bac5d01a8c55821c95217173fe6ff402203b62d6fa0160ba7991f6c7e4af5d35bf163c679055edce8467333e5368360711
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0093f01ddd4d0ccdc2045139deeb7306a0c99bad09b4d2afc60224a1f32226501519b4fceafcc111e6b9d8122fd6702cac1a770f8cdb9628c7351001e776cf63facf872401eb5040c9785c5956bc870314667ee4ef85ced4110d81b73af08c32089e9b67991848182dac95d633637f3706ff3814cf1b64e984ff99a0931637c115b1ecb0b3349743855ebbbdb788ee9a75a17028550949d737d6647d521e65e84d358f1965ea166614af9ffacbeccbecf91f995abe43224ab25f071a154f397929e3e6546686d05fe8408a21f09976cd603508a67f082a68cd812e1521b16665d2911831af64bcbceb29e4a7047a16c9d92c8468fc1f3313ed07f1f3fc2f43ce32