rmk.ee
Issued by R10
About this certificate
This digital certificate with serial number 04:58:67:fe:7b:f8:3c:69:e9:13:18:c0:0c:06:6f:da:55:21 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=rmk.ee
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 04:58:67:fe:7b:f8:3c:69:e9:13:18:c0:0c:06:6f:da:55:21Serial Number (int): 378532223857455148243556322531002428314913
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 25:a6:6d:cf:8b:38:8d:44:89:16:dd:07:6e:1a:89:d4:1c:b3:b5:53
AuthorityKeyId: bb:bc:c3:47:a5:e4:bc:a9:c6:c3:a4:72:0c:10:8d:a2:35:e1:c8:e8
Fingerprint (sha1): 1e:10:00:a2:3b:0d:6b:d1:6c:e2:a8:b9:4e:25:0b:26:b7:96:a5:b7
Fingerprint (sha256): 22:35:68:1d:06:88:1d:73:66:53:3a:3a:c1:78:23:3a:08:c7:56:88:eb:93:fd:8f:28:01:a2:a0:9e:83:71:e3
Issuing Certificate URL: http://r10.i.lencr.org/
Revocation information
OCSP Server: http://r10.o.lencr.orgCheck the revocation status for certificate rmk.ee
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for rmk.ee
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
rmk.ee
www.rmk.ee
www.rmk.ee
Other certificates including the domain name rmk.ee
(limited to 100 certificates)
customerportal.uk.rlb.com
*.rmk.ee
*.rmk.ee
kampaania.rmk.ee
*.rmk.ee
rmk-mobile-app-service.rmk.ee
yritused.rmk.ee
customerportal.uk.rlb.com
*.rmk.ee
*.rmk.ee
rmk-mobile-app-service.rmk.ee
*.rmk.ee
*.rmk.ee
kampaania.rmk.ee
filesender2.rmk.ee
*.rmk.ee
yritused.rmk.ee
*.rmk.ee
*.rmk.ee
*.rmk.ee
yritused.rmk.ee
yritused.rmk.ee
rmk.ee
ep.rmk.ee
rmk.ee
*.rmk.ee
filesender2.rmk.ee
filesender2.rmk.ee
rmk.ee
sslvpn.rmk.ee
*.rmk.ee
kampaania.rmk.ee
customerportal.uk.rlb.com
customerportal.uk.rlb.com
*.rmk.ee
rmk.ee
it.rmk.ee
maksed.rmk.ee
it.rmk.ee
customerportal.uk.rlb.com
rmk.ee
yritused.rmk.ee
*.rmk.ee
*.rmk.ee
customerportal.uk.rlb.com
rmk.ee
*.rmk.ee
*.rmk.ee
kampaania.rmk.ee
rmk.ee
customerportal.uk.rlb.com
yritused.rmk.ee
*.rmk.ee
*.rmk.ee
customerportal.uk.rlb.com
wfprwpa.rcs.it
*.rmk.ee
rmk.ee
puidumyykproxy.rmk.ee
rmk.ee
*.rmk.ee
customerportal.uk.rlb.com
customerportal.uk.rlb.com
rmk.ee
customerportal.uk.rlb.com
*.rmk.ee
kampaania.rmk.ee
customerportal.uk.rlb.com
kampaania.rmk.ee
rmk.ee
customerportal.uk.rlb.com
*.rmk.ee
kampaania.rmk.ee
rmk.ee
*.rmk.ee
*.rmk.ee
kampaania.rmk.ee
rmk.ee
kampaania.rmk.ee
*.rmk.ee
kampaania.rmk.ee
kampaania.rmk.ee
it.rmk.ee
*.rmk.ee
filesender2.rmk.ee
*.rmk.ee
customerportal.uk.rlb.com
rmk.ee
kampaania.rmk.ee
it.rmk.ee
rmk-mobile-app-service.rmk.ee
*.rmk.ee
kampaania.rmk.ee
wfprwpa.rcs.it
kampaania.rmk.ee
customerportal.uk.rlb.com
customerportal.uk.rlb.com
*.rmk.ee
rmk.ee
customerportal.uk.rlb.com
*.rmk.ee
*.rmk.ee
kampaania.rmk.ee
*.rmk.ee
rmk-mobile-app-service.rmk.ee
yritused.rmk.ee
customerportal.uk.rlb.com
*.rmk.ee
*.rmk.ee
rmk-mobile-app-service.rmk.ee
*.rmk.ee
*.rmk.ee
kampaania.rmk.ee
filesender2.rmk.ee
*.rmk.ee
yritused.rmk.ee
*.rmk.ee
*.rmk.ee
*.rmk.ee
yritused.rmk.ee
yritused.rmk.ee
rmk.ee
ep.rmk.ee
rmk.ee
*.rmk.ee
filesender2.rmk.ee
filesender2.rmk.ee
rmk.ee
sslvpn.rmk.ee
*.rmk.ee
kampaania.rmk.ee
customerportal.uk.rlb.com
customerportal.uk.rlb.com
*.rmk.ee
rmk.ee
it.rmk.ee
maksed.rmk.ee
it.rmk.ee
customerportal.uk.rlb.com
rmk.ee
yritused.rmk.ee
*.rmk.ee
*.rmk.ee
customerportal.uk.rlb.com
rmk.ee
*.rmk.ee
*.rmk.ee
kampaania.rmk.ee
rmk.ee
customerportal.uk.rlb.com
yritused.rmk.ee
*.rmk.ee
*.rmk.ee
customerportal.uk.rlb.com
wfprwpa.rcs.it
*.rmk.ee
rmk.ee
puidumyykproxy.rmk.ee
rmk.ee
*.rmk.ee
customerportal.uk.rlb.com
customerportal.uk.rlb.com
rmk.ee
customerportal.uk.rlb.com
*.rmk.ee
kampaania.rmk.ee
customerportal.uk.rlb.com
kampaania.rmk.ee
rmk.ee
customerportal.uk.rlb.com
*.rmk.ee
kampaania.rmk.ee
rmk.ee
*.rmk.ee
*.rmk.ee
kampaania.rmk.ee
rmk.ee
kampaania.rmk.ee
*.rmk.ee
kampaania.rmk.ee
kampaania.rmk.ee
it.rmk.ee
*.rmk.ee
filesender2.rmk.ee
*.rmk.ee
customerportal.uk.rlb.com
rmk.ee
kampaania.rmk.ee
it.rmk.ee
rmk-mobile-app-service.rmk.ee
*.rmk.ee
kampaania.rmk.ee
wfprwpa.rcs.it
kampaania.rmk.ee
customerportal.uk.rlb.com
customerportal.uk.rlb.com
*.rmk.ee
rmk.ee
customerportal.uk.rlb.com
Certificate
The complete raw certificate details for rmk.ee in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIE6DCCA9CgAwIBAgISBFhn/nv4PGnpExjADAZv2lUhMA0GCSqGSIb3DQEBCwUA MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD EwNSMTAwHhcNMjQwNjEzMTgyNDE0WhcNMjQwOTExMTgyNDEzWjARMQ8wDQYDVQQD EwZybWsuZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwjPsieerI +EJXybhS/wakXlNgSrPAXY3W5gVn2rH1XxR/ABEOmip/qDOIYM1BSdeKl7MdSl1m pv8QkFTsLqFZX2XuWeF8IhDHatAQiRLkGL/1kvKOEjub++C1znj7MQFwPU5oLU0m UoVyBjUyrVq+2C1k1m7H5sDkVexUy0N5sORYIdBk1ZhvWlZ+GKjIPJx/a9jbB9Qe gkqqHRgm7kklphygmRyttjJ3fW6+o60HyAjcK3bV7MaAO6DCtEZPp2g0PXkjPo/C pi0xxYf/16dojuOo16LJyzOINokI12/mucUEmIlRaYS9eA7i50pveJod3txuba5x IO7dUlLi5A+FAgMBAAGjggIWMIICEjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCWm bc+LOI1EiRbdB24aidQcs7VTMB8GA1UdIwQYMBaAFLu8w0el5LypxsOkcgwQjaI1 4cjoMFcGCCsGAQUFBwEBBEswSTAiBggrBgEFBQcwAYYWaHR0cDovL3IxMC5vLmxl bmNyLm9yZzAjBggrBgEFBQcwAoYXaHR0cDovL3IxMC5pLmxlbmNyLm9yZy8wHQYD VR0RBBYwFIIGcm1rLmVlggp3d3cucm1rLmVlMBMGA1UdIAQMMAowCAYGZ4EMAQIB MIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUASLDja9qmRzQP5WoC+p0w6xxSActW 3SyB2bu/qznYhHMAAAGQEw7IZgAABAMARjBEAiBnpCy+5ne+cPdkJwOBlX5fB04t 3X/kn3DgFN1oYWt7kgIgTuP8hpRhgOycE+pk7TrYOo0AhaMJukEeIN/FrInmGmAA dwB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAZATDsilAAAEAwBI MEYCIQDD5eDgSD+mbNuyA3kpur25r9sQ1256y1bG7N/S8ktIpQIhANCJ0XSM217b WP75ctJV9v8tm1TKMvcS+gItg5JWls7fMA0GCSqGSIb3DQEBCwUAA4IBAQCiIr8i IaqlvI9DVzrOMO9HzvxvMLCpZpPSTJXsa2c55gl8HcJKiP5uLLsKtLx/FSVJC7Ku No9TwrD/468lc9UPuO5nj9VEXO4oZIIMqdNpWFkUR6Q4vnfk7sEGcTWRZC/TKBb/ W/MHg3a/weK744Gq9G39pT2dqOYs91ydJW92pSjxP45nZf+2atdLEWvs4eUVrjcX jztFjZycJCTaQufoFnmC0MdQk9efAG8h+h4HQxEfKUMkFSX+b9ZL+K6BaP5CncAO W+lXdOzgZIPDde+PH1T+P26cXwWlvp7nmQzC67JDebf/b1EOjnEn8sq7KA03r4jy z9kuSFpFCah25SAE -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Iz7InnqyPhCV8m4Uv8G pF5TYEqzwF2N1uYFZ9qx9V8UfwARDpoqf6gziGDNQUnXipezHUpdZqb/EJBU7C6h WV9l7lnhfCIQx2rQEIkS5Bi/9ZLyjhI7m/vgtc54+zEBcD1OaC1NJlKFcgY1Mq1a vtgtZNZux+bA5FXsVMtDebDkWCHQZNWYb1pWfhioyDycf2vY2wfUHoJKqh0YJu5J JaYcoJkcrbYyd31uvqOtB8gI3Ct21ezGgDugwrRGT6doND15Iz6PwqYtMcWH/9en aI7jqNeiycsziDaJCNdv5rnFBJiJUWmEvXgO4udKb3iaHd7cbm2ucSDu3VJS4uQP hQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 378532223857455148243556322531002428314913 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R10' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-13 18:24:14 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-09-11 18:24:13 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'rmk.ee' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30366713511455463964059641870722466559659262543824612596398166650268634488649536975027087073655214730200548535389010537299267896314390550013306325508014834436027568622997099820208555269420475051460948223200497067951618760388044950695227403262776630615963774879595651191798459861698026523034437829874782526308590277833728404359109045799900664251236947642280552720470739201933152673002791922376076848988143820326912011861033986939850720698051814992660978441528844375503789980902515169310576862177213089781478364505249529511608332394430333334768951124265492398517873582229030649387007299827525387162474421228381346729861 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 25a66dcf8b388d448916dd076e1a89d41cb3b553 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName bbbcc347a5e4bca9c6c3a4720c108da235e1c8e8 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r10.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r10.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rmk.ee' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rmk.ee' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f000750048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d8847300000190130ec8660000040300463044022067a42cbee677be70f764270381957e5f074e2ddd7fe49f70e014dd68616b7b9202204ee3fc86946180ec9c13ea64ed3ad83a8d0085a309ba411e20dfc5ac89e61a6000770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a7400000190130ec8a50000040300483046022100c3e5e0e0483fa66cdbb2037929babdb9afdb10d76e7acb56c6ecdfd2f24b48a5022100d089d1748cdb5edb58fef972d255f6ff2d9b54ca32f712fa022d83925696cedf . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00a222bf2221aaa5bc8f43573ace30ef47cefc6f30b0a96693d24c95ec6b6739e6097c1dc24a88fe6e2cbb0ab4bc7f1525490bb2ae368f53c2b0ffe3af2573d50fb8ee678fd5445cee2864820ca9d36958591447a438be77e4eec106713591642fd32816ff5bf3078376bfc1e2bbe381aaf46dfda53d9da8e62cf75c9d256f76a528f13f8e6765ffb66ad74b116bece1e515ae37178f3b458d9c9c2424da42e7e8167982d0c75093d79f006f21fa1e0743111f2943241525fe6fd64bf8ae8168fe429dc00e5be95774ece06483c375ef8f1f54fe3f6e9c5f05a5be9ee7990cc2ebb24379b7ff6f510e8e7127f2cabb280d37af88f2cfd92e485a4509a876e52004