ecarsproxy-frm.ars.sante.fr

- Ministere en charge des affaires sanitaires et sociales -

Issued by AC Infrastructure

About this certificate

This digital certificate with serial number bb:3d:93:28:68:c9:f9:0d:50:c6:18:57:2d:a6:1d:bb:52:d0:54:45 was issued on by Ministere en charge des affaires sanitaires et sociales.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • The Subject Alternate Name extension MUST contain only 'dnsName' and 'ipaddress' name types. (BRs: 7.1.4.2.1)
  • The DER encoded certificate serial number is 21 octets long. If this is surprising to you, note that DER integers are signed and that SNs that are 20 octets long with an MSB of 1 will be automatically prefixed with 0x00, thus bumping it up to 21 octets long. SN: 00BB3D932868C9F90D50C618572DA61DBB52D05445 Certificates must not have a DER encoded serial number longer than 20 octets (RFC 5280: 4.1.2.2)
  • The common name field in subscriber certificates must include only names from the SAN extension (BRs: 7.1.4.2.2)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Subscriber certificates authorityInformationAccess extension should contain the HTTP URL of the issuing CA’s certificate (BRs: 7.1.2.3)
  • Subscriber certificates using the SHA-1 algorithm SHOULD NOT have an expiration date later than 1 Jan 2017 (BRs: 7.1.3)

Ministere en charge des affaires sanitaires et sociales

Organization: Ministere en charge des affaires sanitaires et sociales
Organization unit: 0002 110 036 035 00019
Country: FR

Ministere en charge des affaires sanitaires et sociales

Organization: Ministere en charge des affaires sanitaires et sociales
Organization unit: 0002 110 036 035 00019
Country: FR

This certificate has expire since

Certificate Details

Serial Number (hex): bb:3d:93:28:68:c9:f9:0d:50:c6:18:57:2d:a6:1d:bb:52:d0:54:45
Serial Number (int): 1068954438857783419242179632340710571878208525381
Serial Number lenght: 160 bits, 20 octets

SubjectKeyId: 19:61:6d:22:91:c0:e3:17:14:ed:a6:40:c1:4d:a5:90:af:e1:ae:0c
AuthorityKeyId: d4:91:c5:02:73:37:5a:16:62:0b:61:37:56:fe:21:df:81:f4:85:3a

Fingerprint (sha1): 3e:37:51:0c:62:ec:84:c6:7e:cc:a5:b2:30:a2:ac:ee:e8:7a:23:4a
Fingerprint (sha256): 25:a5:15:a1:73:51:e1:3f:c7:cb:4e:95:e6:36:07:56:c8:d0:7b:8b:77:d4:fc:83:f3:e6:ca:47:d3:68:0f:2f


Revocation information

OCSP Server: http://igcocsp.sante.gouv.fr/EQUIPMENTS/ocsp/OCSP_AC_Infrastructure
CRL Distribution Point: http://igccrl.sante.gouv.fr/EQUIPMENTS/crl/AC_Infrastructure-crl-1.crl

Check the revocation status for certificate ecarsproxy-frm.ars.sante.fr

0

DNS Names

1

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ecarsproxy-frm.ars.sante.fr

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA1 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

[email protected]

Other certificates including the domain name sante.fr

(limited to 100 certificates)
www.ocean-indien.paps.sante.fr
*.briques.sante.fr
*.briques.sante.fr
mon-rdv-dondesang.efs.sante.fr
auth.efs.sante.fr
actualites.wiztopic.com
atih.sante.fr
sni.cloudflaressl.com
coopps.ars.sante.fr
actualites.wiztopic.com
re7.efs.sante.fr
actualites.wiztopic.com
pdlo-mentor.efs.sante.fr
re7.donneurs.efs.sante.fr
cms.efs.sante.fr
ra.efs.sante.fr
ecars-ppc.ars.sante.fr
ecarsproxy-ppc.ars.sante.fr
applis.atih.sante.fr
qualhas.atih.sante.fr
www.hauts-de-france.paps.sante.fr
secours.sipg.sante.fr
*.asc.paca.sante.fr
mon-rdv-dondesang.efs.sante.fr
*.guichet-unique.paca.sante.fr
mail.atih.sante.fr
www.sipg.sante.fr
www.ocean-indien.ars.sante.fr
www.projet-regional-de-sante-pays-de-la-loire.ars.sante.fr
lesagoras.paca.ars.sante.fr
donneurs.efs.sante.fr
www.cls-bretagne.ars.sante.fr
atih.sante.fr
www.democratie-sanitaire-pays-de-la-loire.ars.sante.fr
www.cng.sante.fr
mon-rdv-dondesang.efs.sante.fr
*.annuaire.sante.fr
re7.oudonner.api.efs.sante.fr
www.mini-site1.ars.sante.fr
cms.efs.sante.fr
www.mini-site1.ars.sante.fr
ecarsextranet.ars.sante.fr
ecarsproxy.ars.sante.fr
coopps.ars.sante.fr
mtsfp-vm-sante-ars-recette.accelance.net
ars.sante.fr
paps.sante.fr
inscriptions.cestanous.efs.sante.fr
sslcertificate2.queue-it.net
www.epmsi.atih.sante.fr
actualites.wiztopic.com
sslcertificate2.queue-it.net
mtsfp-sante-papsars-recette.accelance.net
webconf.intranet.atih.sante.fr
mtsfp-vm-sante-ars-preprod.accelance.net
www.epmsi.atih.sante.fr
cawi.esteban.invs.sante.fr
es-mayotte.ars.sante.fr
mtsfp-sante-papsars-recette.accelance.net
www.paps.pp.ars.sante.fr
sivss.sante.fr
www.guyane.paps.sante.fr
www.mini-site1.ars.sante.fr
*.inpes.sante.fr
sslcertificate2.queue-it.net
ecarsextranet.ars.sante.fr
applis.atih.sante.fr
actualites.wiztopic.com
actualites.wiztopic.com
arhgos.ars.sante.fr
mail.atih.sante.fr
donneurs.efs.sante.fr
ecars-frm.ars.sante.fr
tdb-esms.atih.sante.fr
www.cng.sante.fr
imotep.ars.sante.fr
paca-sport-sante.fr
www.corse.ars.sante.fr
www.efs.sante.fr
*.ansm.sante.fr
paca-sport-sante.fr
mti.efs.sante.fr
ecarsextranet-frm.ars.sante.fr
sslcertificate2.queue-it.net
www.ansm.sante.fr
imotep.ars.sante.fr
*.efs.sante.fr
actualites.wiztopic.com
dondesang.efs.sante.fr
arceidf.ars.sante.fr
ra.efs.sante.fr
partage.ars.sante.fr
www.epmsi.atih.sante.fr
www.efs.sante.fr
partenaires.annuaire.sante.fr
sni.cloudflaressl.com
form.api.efs.sante.fr
ecarsproxy-frm.ars.sante.fr
*.efs.sante.fr
ecarsextranet-frm.ars.sante.fr

Certificate

The complete raw certificate details for ecarsproxy-frm.ars.sante.fr in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIVALs9kyhoyfkNUMYYVy2mHbtS0FRFMA0GCSqGSIb3DQEB
BQUAMIGMMQswCQYDVQQGEwJGUjFAMD4GA1UECgw3TWluaXN0ZXJlIGVuIGNoYXJn
ZSBkZXMgYWZmYWlyZXMgc2FuaXRhaXJlcyBldCBzb2NpYWxlczEfMB0GA1UECwwW
MDAwMiAxMTAgMDM2IDAzNSAwMDAxOTEaMBgGA1UEAwwRQUMgSW5mcmFzdHJ1Y3R1
cmUwHhcNMTUwMjExMTMwOTI5WhcNMTcwODExMTIwOTI5WjCBljELMAkGA1UEBhMC
RlIxQDA+BgNVBAoTN01pbmlzdGVyZSBlbiBjaGFyZ2UgZGVzIGFmZmFpcmVzIHNh
bml0YWlyZXMgZXQgc29jaWFsZXMxHzAdBgNVBAsTFjAwMDIgMTEwIDAzNiAwMzUg
MDAwMTkxJDAiBgNVBAMTG2VjYXJzcHJveHktZnJtLmFycy5zYW50ZS5mcjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9O6SM0OUTts134vIJQ+m7TYimW
0xTrP1k4f5aydcBQcz5ZmqJGPlyTDn5LkSx6mRRygCI6W2Eus8rYatb5B7M1hcij
eJ7XRWsWMG09hPAh2V/srJ/BaBsKD1twc0ek4ditqSv75gyOPNPZ9jVZXErV2mwD
SmbbMV20apN8mBid3yWnfgq1wTMRw/iKKZslshK2Chm1Urv08b6EWSfGBkaFSyiQ
rDeoKHYd6T+Tf8cWTVi/S8buTW5RysslriyWp7LiVwakNOMv7Bamti85pVA5xYnV
7zN97sGTsIXwPDs3XqnQlQXFupcgEShjc3/IUqTyyVL4U6pcaXhxgq8WPcMCAwEA
AaOCAXUwggFxMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQUGWFtIpHA4xcU7aZA
wU2lkK/hrgwwGAYDVR0gBBEwDzANBgsqgXoBgTMBAwEBATBXBgNVHR8EUDBOMEyg
SqBIhkZodHRwOi8vaWdjY3JsLnNhbnRlLmdvdXYuZnIvRVFVSVBNRU5UUy9jcmwv
QUNfSW5mcmFzdHJ1Y3R1cmUtY3JsLTEuY3JsMF8GCCsGAQUFBwEBBFMwUTBPBggr
BgEFBQcwAYZDaHR0cDovL2lnY29jc3Auc2FudGUuZ291di5mci9FUVVJUE1FTlRT
L29jc3AvT0NTUF9BQ19JbmZyYXN0cnVjdHVyZTATBgNVHSUEDDAKBggrBgEFBQcD
ATAJBgNVHRMEAjAAMCsGA1UdEQQkMCKBIGRhdmlkLmxlbWFpdHJlQHNnLnNvY2lh
bC5nb3V2LmZyMB8GA1UdIwQYMBaAFNSRxQJzN1oWYgthN1b+Id+B9IU6MA0GCSqG
SIb3DQEBBQUAA4IBAQC7oyGLg7n1KfVaJvHABos4H5bAvM5gkW8NE19BnTeUjRd2
rXs8a0B+AtjWphMwlZspiGH3bqgtsiT0l6upLT+fz+ltThR8mzbj975/RcarcCP9
LZz3e4ogyo8QIdYeLbkAgo6kJvjrhPKLDtKCm0cfd3s4ag5B9eIvO9dme1IGkLFj
/zU2Qmt5xxd/S6YX9o+5T0FrC2muqLarrf0xesjZ+rLiPQMPX0OM7AKBmbhA+7xd
Ot3JcH9zICQijQSRkbcWvwqwY4rhO9dQ2yqGn66y0rb1l7EURdMArTY0+GtWk3ac
hE4H79zCDaBaXlNi9uw4mMJz1BFm8BA/jbLWzWNn
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr07pIzQ5RO2zXfi8glD6
btNiKZbTFOs/WTh/lrJ1wFBzPlmaokY+XJMOfkuRLHqZFHKAIjpbYS6zythq1vkH
szWFyKN4ntdFaxYwbT2E8CHZX+ysn8FoGwoPW3BzR6Th2K2pK/vmDI4809n2NVlc
StXabANKZtsxXbRqk3yYGJ3fJad+CrXBMxHD+IopmyWyErYKGbVSu/TxvoRZJ8YG
RoVLKJCsN6godh3pP5N/xxZNWL9Lxu5NblHKyyWuLJansuJXBqQ04y/sFqa2Lzml
UDnFidXvM33uwZOwhfA8OzdeqdCVBcW6lyARKGNzf8hSpPLJUvhTqlxpeHGCrxY9
wwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1068954438857783419242179632340710571878208525381
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Ministere en charge des affaires sanitaires et sociales'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '0002 110 036 035 00019'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'AC Infrastructure'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-02-11 13:09:29 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-08-11 12:09:29 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ministere en charge des affaires sanitaires et sociales'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '0002 110 036 035 00019'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ecarsproxy-frm.ars.sante.fr'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22130615682267628802730625187291781976935800402625224374425183877863740919055458821798508435377240340208418977035363743356023011946835190462071769622010992200717940149453424749697075725000921500354223005808417669988852603462875113142819909856127452672514166394510254776741728392492437156592506106155072580300101300681884600269345854275935195386108709441118324140497497980033804064376651421353860023990788378080256146322702461423568179334600549074697709311303849131598639094456674210233958296356612137908822228358484172261253490108140928392958678566632831440674134345071763894458282097030240056864506365451999412370883
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							19616d2291c0e31714eda640c14da590afe1ae0c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (17 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.250.1.179.1.3.1.1.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (80 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://igccrl.sante.gouv.fr/EQUIPMENTS/crl/AC_Infrastructure-crl-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://igcocsp.sante.gouv.fr/EQUIPMENTS/ocsp/OCSP_AC_Infrastructure'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:1|false] IA5String '[email protected]'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d491c50273375a16620b613756fe21df81f4853a
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00bba3218b83b9f529f55a26f1c0068b381f96c0bcce60916f0d135f419d37948d1776ad7b3c6b407e02d8d6a61330959b298861f76ea82db224f497aba92d3f9fcfe96d4e147c9b36e3f7be7f45c6ab7023fd2d9cf77b8a20ca8f1021d61e2db900828ea426f8eb84f28b0ed2829b471f777b386a0e41f5e22f3bd7667b520690b163ff3536426b79c7177f4ba617f68fb94f416b0b69aea8b6abadfd317ac8d9fab2e23d030f5f438cec028199b840fbbc5d3addc9707f732024228d049191b716bf0ab0638ae13bd750db2a869faeb2d2b6f597b11445d300ad3634f86b5693769c844e07efdcc20da05a5e5362f6ec3898c273d41166f0103f8db2d6cd6367