target-builder-api.prod.services.ec2.dmtio.net

Issued by Amazon

About this certificate

This digital certificate with serial number 09:21:24:ac:9c:c7:6f:74:a2:22:a0:b6:b1:82:80:2f was issued on by Amazon.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=target-builder-api.prod.services.ec2.dmtio.net

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 09:21:24:ac:9c:c7:6f:74:a2:22:a0:b6:b1:82:80:2f
Serial Number (int): 12135141600906340185895228209627299887
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 2e:5e:3b:fd:c2:98:96:31:c2:d4:28:ef:f3:96:fc:5c:e0:88:f7:54
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 82:70:33:ac:bd:5c:0e:86:64:78:5d:ab:fb:e5:f5:a6:a3:72:a6:cd
Fingerprint (sha256): 29:ba:20:75:5c:d1:9d:88:41:1c:44:47:b5:d5:10:29:0c:71:eb:aa:1a:85:63:ee:99:46:80:f1:11:1f:90:a1

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate target-builder-api.prod.services.ec2.dmtio.net

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for target-builder-api.prod.services.ec2.dmtio.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

target-builder-api.prod.services.ec2.dmtio.net

Other certificates including the domain name dmtio.net

(limited to 100 certificates)
customs.services.dmtio.net
tls.backplane.io
staging-jira-p2.services.dmtio.net
coredev-cms3-service-proxy-cnn.train.services.ec2.dmtio.net
mssdoc.turner.com
deployit.services.dmtio.net
argonaut.services.dmtio.net
coredev-cnn-dynaimage.prod.services.ec2.dmtio.net
*.morgz.dmtio.net
gp.cso.warnermedia.com
*.planetdraco.net
dev.contrail.cnn.com
argonaut.dev.services.ec2.dmtio.net
mss-vault.turner.com
globalprotect.tbsbest.com
grafana-www.services.dmtio.net
cnnmoney-section-content-service.prod.services.ec2.dmtio.net
*.doc.dmtio.net
cnnmoney-section-content-service.prod.services.ec2.dmtio.net
*.doc.dmtio.net
cartoon-sayin-moderation.prod.56m.dmtio.net
coredev-capi-ptolemy.prod.services.ec2.dmtio.net
*.doc.dmtio.net
registry.services.dmtio.net
coredev-cnn-dynaimage.prod.services.ec2.dmtio.net
tbs.services.dmtio.net
s.livedata.dmtio.net
*.doc.dmtio.net
nba-drupal.int.services.ec2.dmtio.net
target-builder-api.prod.services.ec2.dmtio.net
coredev-capi-ptolemy.preview.services.ec2.dmtio.net
staging-confluence-p2.services.dmtio.net
deployit.services.dmtio.net
turnerdotcom-qa.services.dmtio.net
rancher-mss.services.cop.dmtio.net
staging-confluence-p2.services.dmtio.net
rancher-mss.services.cop.dmtio.net
coredev-cnn-dynaimage.prod.services.ec2.dmtio.net
*.doc.warnermediagroup.com
argonaut.services.dmtio.net
coredev-entertainment-dynaimage.prod.services.ec2.dmtio.net
staging-confluence-p2.services.dmtio.net
coredev-nba-dynaimage.prod.services.ec2.dmtio.net
coredev-tnt-dynaimage.prod.services.ec2.dmtio.net
argonaut.dev.services.ec2.dmtio.net
*.planetdraco.net
customs.services.dmtio.net
argonaut.services.dmtio.net
rancher-sox.services.56m.dmtio.net
coredev-capi-ptolemy.prod-2.services.ec2.dmtio.net
coredev-tnt-dynaimage.prod.services.ec2.dmtio.net
staging-confluence.services.dmtio.net
gp.cso.warnermedia.com
coredev-cnn-dynaimage.prod.services.ec2.dmtio.net
customs.services.dmtio.net
staging-jira-p2.services.dmtio.net
s.livedata.dmtio.net
coredev-tnt-dynaimage.prod.services.ec2.dmtio.net
gitlab.services.dmtio.net
satis.draco.services.dmtio.net
tbs.services.dmtio.net
staging-jira-p2.services.dmtio.net
cnnmoney-section-content-service.prod.services.ec2.dmtio.net
target-builder-api.staging.services.ec2.dmtio.net
cnnmoney-section-content-service.prod.services.ec2.dmtio.net
nba-teamsite-auth.services.dmtio.net
tbs.services.dmtio.net
cnnmoney-section-content-service.prod.services.ec2.dmtio.net
livedataint.56m.dmtio.net
argonaut.dev.services.ec2.dmtio.net
auth.services.dmtio.net
tectonic-prod.services.cop.dmtio.net
rancher-sox.services.56m.dmtio.net
poc.services.dmtio.net
helmit.services.dmtio.net
*.ca.us-east-1.dmtio.net
rancher-mss.services.56m.dmtio.net
tbs-dejavu-www.prod-editorial.services.ec2.dmtio.net
ceph-s3.services.dmtio.net
rancher-sox.services.cop.dmtio.net
coredev-nba-dynaimage.prod.services.ec2.dmtio.net
rancher-mss.services.56m.dmtio.net
coredev-tbs-dynaimage.prod.services.ec2.dmtio.net
livedataint.56m.dmtio.net
*.doc.warnermediagroup.com
s.livedata.dmtio.net
staging-jira-p2.services.dmtio.net
auth.services.dmtio.net
nasm1isil1.turner.com
coredev-cms3-service-proxy-cnn.prod.services.ec2.dmtio.net
auth.services.dmtio.net
idb.services.dmtio.net
satis.draco.services.dmtio.net
coredev-nba-dynaimage.prod.services.ec2.dmtio.net
tnt.services.dmtio.net
coredev-nba-dynaimage.prod.services.ec2.dmtio.net
*.doc.warnermediagroup.com
nba-teamsite-auth.services.dmtio.net
pga.morgz.dmtio.net
idb.services.dmtio.net

Certificate

The complete raw certificate details for target-builder-api.prod.services.ec2.dmtio.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEsjCCA5qgAwIBAgIQCSEkrJzHb3SiIqC2sYKALzANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xODEwMTkwMDAwMDBaFw0xOTExMTkx
MjAwMDBaMDkxNzA1BgNVBAMTLnRhcmdldC1idWlsZGVyLWFwaS5wcm9kLnNlcnZp
Y2VzLmVjMi5kbXRpby5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDTB9e2qZ+bQdi3V7T5+qa15QXu29I5vCGfK3r+PFp6pU4ECYnNxcEjE6bEQTG4
lCXniZslrPQOQS9EJEFrRd3dhQ0j7r3NP0DDD4kJICTYNQgex6KWPmUs0FUb4fKJ
bkq+iKLyKBlDX48edNlIddH5rxB/bOTqv4G5pvEM06YnyhY/12Ij/HUkm8Oi7OfH
gvTMloqz7YjZDAn1rwgOVCbriY+xJUkLFigKfzkbFzNhmmuVfiq/YDGhcostUwFq
K+A0XDgFs11FaVJK+BWNdeWL3IrE0aar4jHcV5nN/QE1ySYJ2QjaefWKmKCulRpa
HivQ52RiuqV2dt+dQHJXx+7hAgMBAAGjggGnMIIBozAfBgNVHSMEGDAWgBRZpGYG
UqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQULl47/cKYljHC1Cjv85b8XOCI91Qw
OQYDVR0RBDIwMIIudGFyZ2V0LWJ1aWxkZXItYXBpLnByb2Quc2VydmljZXMuZWMy
LmRtdGlvLm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuc2NhMWIuYW1h
em9udHJ1c3QuY29tL3NjYTFiLmNybDAgBgNVHSAEGTAXMAsGCWCGSAGG/WwBAjAI
BgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2Nz
cC5zY2ExYi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQu
c2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8EAjAAMBMG
CisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQA882OqenMyhgaD
lfAUWv27de3Zh0FSf4qSZ6lsGHMT94TFH3XwjxpgA5jwGcsX2mMOPzsg1Cvd/2Qy
1ZOWK4DamHqbdQOKCaBVweN1wUAMOc6iSnFqobakhU7xR0P9nNILFxcFFId/B6K+
SGI/E85y9BKHsjpc4S8SefB9zsL54OlS6VMvheT/21aG8pFH9yU2ptvMDjd98cTj
aGLrvycBNpBdjIBP5liBWiK0umwsECLSqCWYLTvvUxjMrm86XOG701lMaw+gxQ5M
pZufhJ0w1UqLe2AA7yXlmRQ12vReqYFlvYAyT/dVf6Wa8n9fSJ0502l5xmbfsaOp
acJWO0yt
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wfXtqmfm0HYt1e0+fqm
teUF7tvSObwhnyt6/jxaeqVOBAmJzcXBIxOmxEExuJQl54mbJaz0DkEvRCRBa0Xd
3YUNI+69zT9Aww+JCSAk2DUIHseilj5lLNBVG+HyiW5Kvoii8igZQ1+PHnTZSHXR
+a8Qf2zk6r+BuabxDNOmJ8oWP9diI/x1JJvDouznx4L0zJaKs+2I2QwJ9a8IDlQm
64mPsSVJCxYoCn85GxczYZprlX4qv2AxoXKLLVMBaivgNFw4BbNdRWlSSvgVjXXl
i9yKxNGmq+Ix3FeZzf0BNckmCdkI2nn1ipigrpUaWh4r0OdkYrqldnbfnUByV8fu
4QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 12135141600906340185895228209627299887
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-10-19 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-11-19 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'target-builder-api.prod.services.ec2.dmtio.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26640149693302662777712386699493118644579969120381715501952555235768014369998871665521439757303274020994648523928526497758241713259725123422339174171017246942523399015906106998378626065449953413132412709234998865222691287422789555761117226785304163549587834420289543239616635456493644786142282801523936011469228571851883857787012082452728055878984965798450304877168888533728067796156547574715135429865324551189984401570915750672803649263411506244857318565044331437629491313150227035072486682945118360949965679496953403309103941830904939275296531944832687716550965324211634840305031609371754885770727025763226982280929
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							2e5e3bfdc2989631c2d428eff396fc5ce088f754
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'target-builder-api.prod.services.ec2.dmtio.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003cf363aa7a733286068395f0145afdbb75edd98741527f8a9267a96c187313f784c51f75f08f1a600398f019cb17da630e3f3b20d42bddff6432d593962b80da987a9b75038a09a055c1e375c1400c39cea24a716aa1b6a4854ef14743fd9cd20b17170514877f07a2be48623f13ce72f41287b23a5ce12f1279f07dcec2f9e0e952e9532f85e4ffdb5686f29147f72536a6dbcc0e377df1c4e36862ebbf270136905d8c804fe658815a22b4ba6c2c1022d2a825982d3bef5318ccae6f3a5ce1bbd3594c6b0fa0c50e4ca59b9f849d30d54a8b7b6000ef25e5991435daf45ea98165bd80324ff7557fa59af27f5f489d39d36979c666dfb1a3a969c2563b4cad