vpn.berlin.thinkproject.com

Issued by Thawte TLS RSA CA G1

About this certificate

This digital certificate with serial number 07:d1:01:81:ca:69:7e:01:6d:3e:46:ca:fe:76:25:d7 was issued on by DigiCert Inc.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=vpn.berlin.thinkproject.com

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 07:d1:01:81:ca:69:7e:01:6d:3e:46:ca:fe:76:25:d7
Serial Number (int): 10389816579414262315926129300303390167
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 30:79:e0:1b:63:74:1c:62:66:20:23:df:74:f0:df:c7:c2:0e:18:25
AuthorityKeyId: a5:8c:fe:32:cc:eb:0f:2c:d4:19:c6:08:b8:00:24:88:5d:c3:c5:b7

Fingerprint (sha1): f8:5f:59:db:f2:c3:07:5d:bc:38:2d:18:2d:1d:9f:39:79:e3:b2:40
Fingerprint (sha256): 29:9b:1f:fb:dc:75:68:ef:6b:cc:c4:5a:23:ce:3f:76:b4:5f:13:04:a5:26:bf:78:0b:b1:a9:cc:a3:9a:95:57

Issuing Certificate URL: http://cacerts.thawte.com/ThawteTLSRSACAG1.crt

Revocation information

OCSP Server: http://status.thawte.com
CRL Distribution Point: http://cdp.thawte.com/ThawteTLSRSACAG1.crl

Check the revocation status for certificate vpn.berlin.thinkproject.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for vpn.berlin.thinkproject.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

vpn.berlin.thinkproject.com

Other certificates including the domain name thinkproject.com

(limited to 100 certificates)
its-status.colby.edu
dns.sterda.com
*.thinkproject.com
lp.thinkproject.com
forticlient-status.forticloud.com
its-status.colby.edu
its-status.colby.edu
dns.sterda.com
its-status.colby.edu
its-status.colby.edu
forticlient-status.forticloud.com
status-internal-olmasvw6.thinkproject.com
*.testlab.thinkproject.com
status-internal-olmasvw6.thinkproject.com
dns.sterda.com
its-status.colby.edu
group.thinkproject.com
status-internal-olmasvw6.thinkproject.com
tp18.mediatack.info
forticlient-status.forticloud.com
its-status.colby.edu
its-status.colby.edu
its-status.colby.edu
forticlient-status.forticloud.com
status-internal-olmasvw6.thinkproject.com
*.service.thinkproject.com
forticlient-status.forticloud.com
*.hosting.thinkproject.com
its-status.colby.edu
sslvpn.thinkproject.com
tp18.mediatack.info
*.thinkproject.com
forticlient-status.forticloud.com
its-status.colby.edu
its-status.colby.edu
vpn.berlin.thinkproject.com
its-status.colby.edu
status-internal-olmasvw6.thinkproject.com
sslvpn.thinkproject.com
its-status.colby.edu
*.berlin.thinkproject.com
jumpa.thinkproject.com
its-status.colby.edu
sslvpn.thinkproject.com
its-status.colby.edu
status-internal-olmasvw6.thinkproject.com
*.thinkproject.com
its-status.colby.edu
dns.sterda.com
its-status.colby.edu
*.thinkproject.com
*.thinkproject.com
status-internal-olmasvw6.thinkproject.com
status-internal-olmasvw6.thinkproject.com
dns.sterda.com
status-internal-olmasvw6.thinkproject.com
*.hosting.thinkproject.com
status-internal-olmasvw6.thinkproject.com
*.thinkproject.com
its-status.colby.edu
status-internal-olmasvw6.thinkproject.com
its-status.colby.edu
its-status.colby.edu
its-status.colby.edu
service.thinkproject.com
its-status.colby.edu
dns.sterda.com
*.thinkproject.com
its-status.colby.edu
forticlient-status.forticloud.com
forticlient-status.forticloud.com
forticlient-status.forticloud.com
its-status.colby.edu
status-internal-olmasvw6.thinkproject.com
status-internal-olmasvw6.thinkproject.com
forticlient-status.forticloud.com
status-internal-olmasvw6.thinkproject.com
forticlient-status.forticloud.com
*.testlab.thinkproject.com
status-internal-olmasvw6.thinkproject.com
status-internal-olmasvw6.thinkproject.com
status-internal-olmasvw6.thinkproject.com
jumpb.thinkproject.com
its-status.colby.edu
group.thinkproject.com
forticlient-status.forticloud.com
its-status.colby.edu
thinkproject.com
status-internal-olmasvw6.thinkproject.com
forticlient-status.forticloud.com
its-status.colby.edu
its-status.colby.edu
its-status.colby.edu
status-internal-olmasvw6.thinkproject.com
its-status.colby.edu
its-status.colby.edu
its-status.colby.edu
status-internal-olmasvw6.thinkproject.com
its-status.colby.edu
dns.sterda.com

Certificate

The complete raw certificate details for vpn.berlin.thinkproject.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIQB9EBgcppfgFtPkbK/nYl1zANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRUaGF3dGUgVExTIFJTQSBDQSBHMTAe
Fw0xOTA1MDMwMDAwMDBaFw0yMTA1MDIxMjAwMDBaMCYxJDAiBgNVBAMTG3Zwbi5i
ZXJsaW4udGhpbmtwcm9qZWN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALI7RW9h1NJmq1yzmEuRAJIDWZZGM8/tKOtPETT63qREHbI/OP2MvTGw
uDdZv7W7A2ZTGoUM3I6hryYmBY4BlQhJbj+EYcHgpnlWbIA9F1oOBYL7G9sWBgEq
ajMIDVXI5B1B6nOQljWqwWYQmOAQUNMHOJSnCEI6aybJG5YNnaqWYGzy8JizuhzD
Gt23+r9RulyrT2H6khVKaKMQ7rXlqlvrG5oiijpHi/05yLPyGMqdbIE/jQILq//y
qMIEXFfZB3dCa/sIR9lf2TULMOiC60vUqsIBn6Dc898e0SOqcrDq0qGGC9NXL1cf
Jn8tfWdx/rCiaNKE2sosWXqvlke1y/MCAwEAAaOCAbgwggG0MB8GA1UdIwQYMBaA
FKWM/jLM6w8s1BnGCLgAJIhdw8W3MB0GA1UdDgQWBBQweeAbY3QcYmYgI9908N/H
wg4YJTAmBgNVHREEHzAdght2cG4uYmVybGluLnRoaW5rcHJvamVjdC5jb20wDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNV
HR8ENDAyMDCgLqAshipodHRwOi8vY2RwLnRoYXd0ZS5jb20vVGhhd3RlVExTUlNB
Q0FHMS5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQIwKjAoBggrBgEFBQcCARYc
aHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgEwcAYIKwYBBQUH
AQEEZDBiMCQGCCsGAQUFBzABhhhodHRwOi8vc3RhdHVzLnRoYXd0ZS5jb20wOgYI
KwYBBQUHMAKGLmh0dHA6Ly9jYWNlcnRzLnRoYXd0ZS5jb20vVGhhd3RlVExTUlNB
Q0FHMS5jcnQwCQYDVR0TBAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG
9w0BAQsFAAOCAQEAkCcUqjI3f4aXPLyUiwqV10s/QM8WIDQDfw+a6tHEgHsUoRRs
u5/cu4NmwQ/GODP6qmGWg/WEkqchipZSjVD/qDYdfgznvnxyo81gIdkfdf/b1Hsq
pJWJVUWl0vJbKj+8hspGoOFi1JA5UH5rexjpy6gVLGWAzXfsjJj+mNnKHJ+at9B1
rZ4g2CITBTGQcvzgYcNS73bQQkdyIW5m2WNoebL+i44NTp5nbSA8ILL2SensK3sJ
gDXut/plysJgH+5gj6CyzoIV8Evepbui9Zgmut6Lkut5c4ASTXSDYQ+xRKBSMqFP
g3TazO77cWaqEMgSiOZ3DCHxbnrUuBox/zna5w==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjtFb2HU0marXLOYS5EA
kgNZlkYzz+0o608RNPrepEQdsj84/Yy9MbC4N1m/tbsDZlMahQzcjqGvJiYFjgGV
CEluP4RhweCmeVZsgD0XWg4Fgvsb2xYGASpqMwgNVcjkHUHqc5CWNarBZhCY4BBQ
0wc4lKcIQjprJskblg2dqpZgbPLwmLO6HMMa3bf6v1G6XKtPYfqSFUpooxDuteWq
W+sbmiKKOkeL/TnIs/IYyp1sgT+NAgur//KowgRcV9kHd0Jr+whH2V/ZNQsw6ILr
S9SqwgGfoNzz3x7RI6pysOrSoYYL01cvVx8mfy19Z3H+sKJo0oTayixZeq+WR7XL
8wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 10389816579414262315926129300303390167
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte TLS RSA CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-05-03 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-05-02 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'vpn.berlin.thinkproject.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22499646017201797827362881696486825052623638987842310220746179719963089198591184331301091626452553654114616784878545952779636317451074698597141495358129078250180133774948479541005743497070097162072912520139797548458243917368501105415340338869339659247391444066300438728798190083254178891763899092692821371856392757417180493462242343667103398835399007367175029794324482565280345855472273594397171078988794860818338347731645243792589021463520857121351954397967763126960674951483072230708110684747244690000483787136652011312688895218416947688980187379206667689826287230429544914755050159812255527147167031167936519064563
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a58cfe32cceb0f2cd419c608b80024885dc3c5b7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3079e01b63741c62662023df74f0dfc7c20e1825
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (31 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vpn.berlin.thinkproject.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteTLSRSACAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteTLSRSACAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00902714aa32377f86973cbc948b0a95d74b3f40cf162034037f0f9aead1c4807b14a1146cbb9fdcbb8366c10fc63833faaa619683f58492a7218a96528d50ffa8361d7e0ce7be7c72a3cd6021d91f75ffdbd47b2aa495895545a5d2f25b2a3fbc86ca46a0e162d49039507e6b7b18e9cba8152c6580cd77ec8c98fe98d9ca1c9f9ab7d075ad9e20d8221305319072fce061c352ef76d0424772216e66d9636879b2fe8b8e0d4e9e676d203c20b2f649e9ec2b7b098035eeb7fa65cac2601fee608fa0b2ce8215f04bdea5bba2f59826bade8b92eb797380124d7483610fb144a05232a14f8374dacceefb7166aa10c81288e6770c21f16e7ad4b81a31ff39dae7