applenews.meredithcorp.io

Issued by Amazon

About this certificate

This digital certificate with serial number 05:0f:8a:65:42:4a:34:8f:6e:8f:19:5c:ad:2f:1c:2e was issued on by Amazon.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=applenews.meredithcorp.io

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 05:0f:8a:65:42:4a:34:8f:6e:8f:19:5c:ad:2f:1c:2e
Serial Number (int): 6726831426888039017931977423412206638
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: fa:62:07:85:bb:fa:2d:d1:09:43:1b:80:ba:72:43:b6:90:88:51:09
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 5a:b1:b1:0a:cb:21:3c:d3:77:77:11:f2:71:1b:80:0e:c3:7a:46:66
Fingerprint (sha256): 29:a8:66:28:80:41:4f:08:cc:3a:b2:12:72:19:b5:07:d8:40:3b:28:92:bb:11:23:ae:01:a9:3b:92:2c:f4:6a

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate applenews.meredithcorp.io

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for applenews.meredithcorp.io

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

applenews.meredithcorp.io
www.applenews.meredithcorp.io
applenews.timeinc.net
www.applenews.timeinc.net

Other certificates including the domain name meredithcorp.io

(limited to 100 certificates)
shared-services.meredithcorp.io
*.format-manager.meredithcorp.io
meredithcorp.io
meredithcorp.io
feeds.meredithcorp.io
*.meredithcorp.io
stage.authzadmin.meredithcorp.io
ugcuploader.meredithcorp.io
profiles-swagger.meredithcorp.io
*.dsa.meredithcorp.io
dsar.meredithcorp.io
*.cms.meredithcorp.io
meredithcorp.io
meredithcorp.io
splunk.meredithcorp.io
*.video.meredithcorp.io
feeds.meredithcorp.io
*.accountservices.meredithcorp.io
meredithcorp.io
syndication-stage.meredithcorp.io
*.meredithcorp.io
applenews.meredithcorp.io
*.meredithcorp.io
pollsquiz.meredithcorp.io
user-activity.meredithcorp.io
meredithcorp.io
*.format-manager.meredithcorp.io
*.meredithcorp.io
*.meredithcorp.io
atg-reconciliation.meredithcorp.io
stamp.meredithcorp.io
meredithcorp.io
applenews.meredithcorp.io
user.meredithcorp.io
*.accountservices.meredithcorp.io
ui.meredithcorp.io
*.dsa.meredithcorp.io
aws-accounts-viewer.meredithcorp.io
*.meredithcorp.io
email-reputation.meredithcorp.io
registration.meredithcorp.io
feeds.meredithcorp.io
segment.meredithcorp.io
*.pollsquiz.meredithcorp.io
formatmanager.meredithcorp.io
ui.meredithcorp.io
meredithcorp.io
stage.feeds.meredithcorp.io
legacy-images.meredithcorp.io
*.ugc.meredithcorp.io
email-tools.meredithcorp.io
*.meredithcorp.io
feeds.meredithcorp.io
stage.authzadmin.meredithcorp.io
feeds.meredithcorp.io
meredithcorp.io
stage-ugcuploader.timeinc.com
stage.authzadmin.meredithcorp.io
meredithcorp.io
anf.meredithcorp.io
meredithcorp.io
feeds.meredithcorp.io
*.meredithcorp.io
newsletter.meredithcorp.io
stage-ugcuploader.timeinc.com
email-tools.meredithcorp.io
*.meredithcorp.io
pollsquiz.meredithcorp.io
meredithcorp.io
*.meredithcorp.io
ugcuploader.meredithcorp.io
feeds.meredithcorp.io
muse.meredithcorp.io
*.meredithcorp.io
*.meredithcorp.io
meredithcorp.io
meredithcorp.io
*.ugc.meredithcorp.io
*.accountservices.meredithcorp.io
meredithcorp.io
meredithcorp.io
*.feeds.meredithcorp.io
digitaledition.syndication-stage.meredithcorp.io
digitaledition.syndication.meredithcorp.io
meredithcorp.io
meredithcorp.io
meredithcorp.io
anf.meredithcorp.io
c360-scheduler.meredithcorp.io
*.video.meredithcorp.io
meredithcorp.io
munki.meredithcorp.io
user-saves.meredithcorp.io
dar.meredithcorp.io
*.ugc.meredithcorp.io
*.meredithcorp.io
meredithcorp.io
meredithcorp.io
*.accountservices.meredithcorp.io
munki.meredithcorp.io

Certificate

The complete raw certificate details for applenews.meredithcorp.io in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIQBQ+KZUJKNI9ujxlcrS8cLjANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMDAyMTMwMDAwMDBaFw0yMTAzMTMx
MjAwMDBaMCQxIjAgBgNVBAMTGWFwcGxlbmV3cy5tZXJlZGl0aGNvcnAuaW8wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa+pig/e7nyLM3kzJEsTJefWzg
cP75fdPXVYS3dnqSr9xEvkU/977DGaPQnf1u4fxehCpyKDBAY6JJhLxuqht672nc
YiJf/rYFTIRC9OCDGnLJxRMh4kBjKUCicB9JPZGblG1pgoz1meCJ01zRixycNdCZ
10KtmD5McQKJ3Wwhd8iE3jR8LtBbmRd4nv2flbIfE4uGsyXH7AmoU5ckXry7NxTb
WJD9wpuESj4D5C0Jt6fjQjaB4p8AMdIwUN+Iy2gKCv82rckyZbiF4rnKwZ8dxmqP
p/Xv1YFez8MrEG6m1ITD1a6ZyBDFcXefWFmpPvYzq2Pfgm/dIivTUS9OmhbnAgMB
AAGjggHjMIIB3zAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNV
HQ4EFgQU+mIHhbv6LdEJQxuAunJDtpCIUQkwdQYDVR0RBG4wbIIZYXBwbGVuZXdz
Lm1lcmVkaXRoY29ycC5pb4Idd3d3LmFwcGxlbmV3cy5tZXJlZGl0aGNvcnAuaW+C
FWFwcGxlbmV3cy50aW1laW5jLm5ldIIZd3d3LmFwcGxlbmV3cy50aW1laW5jLm5l
dDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1c3Qu
Y29tL3NjYTFiLmNybDAgBgNVHSAEGTAXMAsGCWCGSAGG/WwBAjAIBgZngQwBAgEw
dQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5zY2ExYi5h
bWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2NhMWIuYW1h
em9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8EAjAAMBMGCisGAQQB1nkC
BAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQC68q6RFvPi8rBqPhHMezoBxglj
oYI+UxJq8XU6vKSiBpZ5e7H+LPfy5MRK+qcx+VvvkdYKlGQTHS3WwfALRMy54E0G
9LhXinEqYtlJ/UZ7pv+rBJbpHucEd/ELOtA8PgKNDN5NbTgoxi1EzQWfsHBEGLx+
nOJHUb1d5zt+4g4UID1o0zfsJ6ouMpuMRlAMwbcSKO88Uznwh37IdfxLi8sAyaV+
Vv++0T/Qw1yjbbslD3TlrgNzUQZ7M/Dkt5jDAqGEz0heAeJ6o+qdIfFGFHBlPd7G
lDt9GLV3j07HIzuBDCo4YElqQ2LyDTS3LmY67GlXaP7FwEvwAYH1MG5ThxRW
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvqYoP3u58izN5MyRLEy
Xn1s4HD++X3T11WEt3Z6kq/cRL5FP/e+wxmj0J39buH8XoQqcigwQGOiSYS8bqob
eu9p3GIiX/62BUyEQvTggxpyycUTIeJAYylAonAfST2Rm5RtaYKM9ZngidNc0Ysc
nDXQmddCrZg+THECid1sIXfIhN40fC7QW5kXeJ79n5WyHxOLhrMlx+wJqFOXJF68
uzcU21iQ/cKbhEo+A+QtCben40I2geKfADHSMFDfiMtoCgr/Nq3JMmW4heK5ysGf
HcZqj6f179WBXs/DKxBuptSEw9WumcgQxXF3n1hZqT72M6tj34Jv3SIr01EvTpoW
5wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 6726831426888039017931977423412206638
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-02-13 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-03-13 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'applenews.meredithcorp.io'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19564272559869775595186025434921010958340823216887243930998403783725656813223856722029186702213265896691348666554105915357876888844387628791398432669030670530189227714934019399899111428616633132331266698546720902183624326139991919792004097675644773993041230282493461280564267118630559592448809673747321598291853159803856164893920479818812416734957168335122715397148165664359844164019525989320076232100219350619105088440668393775585803679913401178613828719475616667801340533182020196064558235053365403921619837565909560863593836873092269217590087631177993672593402579787492245740790199625710187811046290035235943487207
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							fa620785bbfa2dd109431b80ba7243b690885109
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'applenews.meredithcorp.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.applenews.meredithcorp.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'applenews.timeinc.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.applenews.timeinc.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00baf2ae9116f3e2f2b06a3e11cc7b3a01c60963a1823e53126af1753abca4a20696797bb1fe2cf7f2e4c44afaa731f95bef91d60a9464131d2dd6c1f00b44ccb9e04d06f4b8578a712a62d949fd467ba6ffab0496e91ee70477f10b3ad03c3e028d0cde4d6d3828c62d44cd059fb0704418bc7e9ce24751bd5de73b7ee20e14203d68d337ec27aa2e329b8c46500cc1b71228ef3c5339f0877ec875fc4b8bcb00c9a57e56ffbed13fd0c35ca36dbb250f74e5ae037351067b33f0e4b798c302a184cf485e01e27aa3ea9d21f1461470653ddec6943b7d18b5778f4ec7233b810c2a3860496a4362f20d34b72e663aec695768fec5c04bf00181f5306e53871456