af.thurmed.ch

Issued by SwissSign RSA TLS DV ICA 2022 - 1

About this certificate

This digital certificate with serial number 6e:c0:f8:1f:5d:32:7c:f8:89:f1:ed:f4:f8:70:d2:58:ac:5b:d4:d4 was issued on by SwissSign AG.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=af.thurmed.ch

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate will expire on

Certificate Details

Serial Number (hex): 6e:c0:f8:1f:5d:32:7c:f8:89:f1:ed:f4:f8:70:d2:58:ac:5b:d4:d4
Serial Number (int): 632292342388285031560072409651800111917706237140
Serial Number lenght: 159 bits, 20 octets

SubjectKeyId: 20:95:46:62:68:4f:1e:95:66:1d:e2:c4:7d:74:af:d1:c6:1b:39:2d
AuthorityKeyId: eb:bd:7f:49:93:8c:c9:ee:ec:a2:ba:f7:1c:d2:67:f0:83:b1:ea:de

Fingerprint (sha1): 93:2e:96:7f:1b:f4:33:2a:87:f7:56:9f:77:18:5e:e3:20:a2:d3:03
Fingerprint (sha256): 28:a8:2e:d6:9e:37:ec:bb:f9:7a:d4:23:7b:2a:4e:32:48:aa:28:36:0c:79:b3:4f:59:95:b5:91:95:96:4d:f7

Issuing Certificate URL: http://aia.swisssign.ch/air-1b863385-f4a9-47fa-88a5-2a5abfd4a167

Revocation information

OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
CRL Distribution Point: http://crl.swisssign.ch/cdp-679723b2-8641-4642-8500-f6d2ff37e6ba

Check the revocation status for certificate af.thurmed.ch

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for af.thurmed.ch

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

af.thurmed.ch

Other certificates including the domain name thurmed.ch

(limited to 100 certificates)
am.thurmed.ch
af.thurmed.ch
epd-prod.thurmed.ch
am.thurmed.ch
af.thurmed.ch
af.thurmed.ch
af.thurmed.ch
aft.thurmed.ch
epd-prod.thurmed.ch
epd-prod.thurmed.ch
expe.stgag.ch
epd-test.thurmed.ch
af.thurmed.ch
aft.thurmed.ch
stgag.ch
expe.stgag.ch
af.thurmed.ch
amt.thurmed.ch
epd-prod.thurmed.ch
amt.thurmed.ch
epd-test.thurmed.ch
stgag.ch

Certificate

The complete raw certificate details for af.thurmed.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIcTCCBlmgAwIBAgIUbsD4H10yfPiJ8e30+HDSWKxb1NQwDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE
AxMhU3dpc3NTaWduIFJTQSBUTFMgRFYgSUNBIDIwMjIgLSAxMB4XDTIzMTAwMjEz
NDc0NloXDTI0MTAwMjEzNDc0NlowGDEWMBQGA1UEAxMNYWYudGh1cm1lZC5jaDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOU/WtqNZxKhSTeZryaigW6R
qEylNf04g6S1r3q1p4r2HiBdMDdCaMArR5aOZVIwi8gTxm2lFnpeuHu/YRulz4k8
LOGbRKjyVJczAYkWFLzVo0YHeH2Tt9Qzw/v9l7SdpfOIzpqGCvEybgJl7a9F15ha
GiIH6q++B/tZ/kfuBBYPJKiUFbnb1CMvja1jCVlRXPL5y3mjffqHbFgN0F5rLw65
Tx6o00LjwACzB/CfrqlXI+fV4NuSxKv8xeZ1CLwqtLz6ridMUgz6ah2jkgLKT6EI
8z2ZlfUOfDaVVP8ndI2mVuxI/hiRNsVx8gS+xQOR/qkkt88JxeK9m62dLwHtQT0C
AwEAAaOCBHkwggR1MIGyBggrBgEFBQcBAQSBpTCBojBMBggrBgEFBQcwAoZAaHR0
cDovL2FpYS5zd2lzc3NpZ24uY2gvYWlyLTFiODYzMzg1LWY0YTktNDdmYS04OGE1
LTJhNWFiZmQ0YTE2NzBSBggrBgEFBQcwAYZGaHR0cDovL29jc3Auc3dpc3NzaWdu
LmNoL3NpZ24vb2NzLWFhY2NjZWQ1LTY2ZTgtNDA2OS05YjFiLWZkMjlhYjczZWZl
YzBvBgNVHSAEaDBmMAgGBmeBDAECATAIBgYEAI96AQYwUAYIYIV0AVkCAQEwRDBC
BggrBgEFBQcCARY2aHR0cHM6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vU3dp
c3NTaWduX0NQU19UTFMucGRmMFEGA1UdHwRKMEgwRqBEoEKGQGh0dHA6Ly9jcmwu
c3dpc3NzaWduLmNoL2NkcC02Nzk3MjNiMi04NjQxLTQ2NDItODUwMC1mNmQyZmYz
N2U2YmEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQE
AwIFoDAYBgNVHREEETAPgg1hZi50aHVybWVkLmNoMB0GA1UdDgQWBBQglUZiaE8e
lWYd4sR9dK/Rxhs5LTAfBgNVHSMEGDAWgBTrvX9Jk4zJ7uyiuvcc0mfwg7Hq3jCC
Am8GCisGAQQB1nkCBAIEggJfBIICWwJZAHcAVYHUwhaQNgFK6gubVzxT8MDkOHhw
JQgXL6OqHQcT0wwAAAGK8KUd7QAABAMASDBGAiEA7pnhEU82JtuVcLbWdzwyRiMc
OR2ZtVS1O2hsS5DAJNQCIQDPg4X7LlVuRQHvO3Fw7r+s/BT5kqVpOdIB55wrrOaZ
LAB3ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAABivClIDgAAAQD
AEgwRgIhAPJsVrXaPivZSHRMZjH48d4kvtViNXcYfluIUmZSwhonAiEAiExoaK5U
x5JyGOMDO40+fDmD4BobSqnvuyST+FUQXp0AdQB2/4g/Crb7lVHCYcz1h7o0tKTN
uyncaEIKn+ZnTFo6dAAAAYrwpSEHAAAEAwBGMEQCIG/AcWF4Rx+47oHrjNgzgoKQ
dnAn9DM0D2Wpe3xqKV7lAiADqu5v+oaPNk2Pu3OoVieI0gySz0QfgQ071heYF/Qd
0wB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABivClIfYAAAQD
AEcwRQIgbC/IKQHqDk9PM+xUlVVPcmOvADl8kS4NE+kAIlDXjloCIQDBF0+w1Gs7
tj5zsURSH9Ev4VecapTbUL8EMCz5GzuisgB2AIdPtQ3AKdmTHeVz6fKJno5FM7OS
04sKRiV0vw/usvweAAABivClJ2sAAAQDAEcwRQIgYGtrh5glRvSr/Kh91WuPE5Vf
8mjnteYH2+TKr4xFoFMCIQCCVpYof1GuIUgCs6gPDqUl8U9ipEZ3bBNYh3wA8uw1
8zANBgkqhkiG9w0BAQsFAAOCAgEAXdgIAceL5VDmn5ROrJklQpqzjS4AXb6RPp26
4kIQYlvwYbwb9a/cJjQRZjQo1oJKUofq3B8QP9BXYcmpPH/WTUOKJzBtve4tyyRO
qmzG8BhdmLblwP9dAUx+y2UW8BhY7G4Q4Iuf2OJLaMdarBhrkaK1SXbwHmR5MQ4A
MGl4sQDaHsTGe6B2TZ4ZrbplJNZKiP2A4koDsiZCmxTOl4v8iPYp+kNUFUBDnZJs
AvO9YSny8HG6JnvhMinCtdwc7V7Cbhqcw89Vca2SS77RqGCwzNk9JLfq9MwQcBf4
VZlT6VlTBMoF2SfRt1E1ocxM+XHLUHg51wOyPDFf+wN/XMwKJl8wW8uzdoLuvAZd
WK6aWuFHTfLm6qw0jwQPDcK4SCOH+XBCGY2mMN7MgbQp7AMuwAtIHqml2zcPbx7y
GwT9fPi2OpXPKjTPY+WWYpPRuIbwlO4qyBn2vrFOEUFPHyu5TBYcG6aTK0ThIDaY
Vt4ODUyNf/aMtj2jp1xKmZr5XK1degxQw9o6PWrnVgPlnWQ016adgaPpL3D48vf1
pZjxebDJdtxG7Wc+bqSE5SI591za0BQuea1SjeBxD8+x9DTGyJSfWDi6RKaHRYLu
XgQXNjv0c8jmZUR815M1Er3EUyBKugCKbCC/iDBbEOknba+lBmJ5SlLC6qqDCs4T
QZAAylI=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5T9a2o1nEqFJN5mvJqKB
bpGoTKU1/TiDpLWverWnivYeIF0wN0JowCtHlo5lUjCLyBPGbaUWel64e79hG6XP
iTws4ZtEqPJUlzMBiRYUvNWjRgd4fZO31DPD+/2XtJ2l84jOmoYK8TJuAmXtr0XX
mFoaIgfqr74H+1n+R+4EFg8kqJQVudvUIy+NrWMJWVFc8vnLeaN9+odsWA3QXmsv
DrlPHqjTQuPAALMH8J+uqVcj59Xg25LEq/zF5nUIvCq0vPquJ0xSDPpqHaOSAspP
oQjzPZmV9Q58NpVU/yd0jaZW7Ej+GJE2xXHyBL7FA5H+qSS3zwnF4r2brZ0vAe1B
PQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 632292342388285031560072409651800111917706237140
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS DV ICA 2022 - 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-02 13:47:46 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-02 13:47:46 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'af.thurmed.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28939813301493202516602804265139048342402048630248034210830795280428063188461835831139602150231516200233915271886792392097336033187306872783952663642660158543947671479097671419410440970029815174347081490387854381651337313712578621845143156970885324525040614122739028656428267987366322436097950038424151010575346271922719965985951567692127332157998321574963985198291951646069004029479328763218178163481849664014692908010392022254482770497429484255094257395730731991573588965770579568387110002933660553683581817606524576767697452558056035755458703197223053970486809428899258170374291497400939133844348073235325098213693
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-1b863385-f4a9-47fa-88a5-2a5abfd4a167'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-679723b2-8641-4642-8500-f6d2ff37e6ba'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (17 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'af.thurmed.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							20954662684f1e95661de2c47d74afd1c61b392d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ebbd7f49938cc9eeeca2baf71cd267f083b1eade
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (607 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (603 bytes)
							02590077005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000018af0a51ded0000040300483046022100ee99e1114f3626db9570b6d6773c3246231c391d99b554b53b686c4b90c024d4022100cf8385fb2e556e4501ef3b7170eebfacfc14f992a56939d201e79c2bace6992c007700dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018af0a520380000040300483046022100f26c56b5da3e2bd948744c6631f8f1de24bed5623577187e5b88526652c21a27022100884c6868ae54c7927218e3033b8d3e7c3983e01a1b4aa9efbb2493f855105e9d00750076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018af0a52107000004030046304402206fc0716178471fb8ee81eb8cd833828290767027f433340f65a97b7c6a295ee5022003aaee6ffa868f364d8fbb73a8562788d20c92cf441f810d3bd6179817f41dd3007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018af0a521f6000004030047304502206c2fc82901ea0e4f4f33ec5495554f7263af00397c912e0d13e9002250d78e5a022100c1174fb0d46b3bb63e73b144521fd12fe1579c6a94db50bf04302cf91b3ba2b2007600874fb50dc029d9931de573e9f2899e8e4533b392d38b0a462574bf0feeb2fc1e0000018af0a5276b00000403004730450220606b6b87982546f4abfca87dd56b8f13955ff268e7b5e607dbe4caaf8c45a053022100825696287f51ae214802b3a80f0ea525f14f62a446776c1358877c00f2ec35f3
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		005dd80801c78be550e69f944eac9925429ab38d2e005dbe913e9dbae24210625bf061bc1bf5afdc263411663428d6824a5287eadc1f103fd05761c9a93c7fd64d438a27306dbdee2dcb244eaa6cc6f0185d98b6e5c0ff5d014c7ecb6516f01858ec6e10e08b9fd8e24b68c75aac186b91a2b54976f01e6479310e00306978b100da1ec4c67ba0764d9e19adba6524d64a88fd80e24a03b226429b14ce978bfc88f629fa43541540439d926c02f3bd6129f2f071ba267be13229c2b5dc1ced5ec26e1a9cc3cf5571ad924bbed1a860b0ccd93d24b7eaf4cc107017f8559953e9595304ca05d927d1b75135a1cc4cf971cb507839d703b23c315ffb037f5ccc0a265f305bcbb37682eebc065d58ae9a5ae1474df2e6eaac348f040f0dc2b8482387f97042198da630decc81b429ec032ec00b481ea9a5db370f6f1ef21b04fd7cf8b63a95cf2a34cf63e5966293d1b886f094ee2ac819f6beb14e11414f1f2bb94c161c1ba6932b44e120369856de0e0d4c8d7ff68cb63da3a75c4a999af95cad5d7a0c50c3da3a3d6ae75603e59d6434d7a69d81a3e92f70f8f2f7f5a598f179b0c976dc46ed673e6ea484e52239f75cdad0142e79ad528de0710fcfb1f434c6c8949f5838ba44a6874582ee5e0417363bf473c8e665447cd7933512bdc453204aba008a6c20bf88305b10e9276dafa50662794a52c2eaaa830ace13419000ca52