www.crosscountry.com

Issued by Amazon

About this certificate

This digital certificate with serial number 0d:5a:12:6c:e1:90:b2:22:11:d9:a2:a2:c0:83:65:37 was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=www.crosscountry.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0d:5a:12:6c:e1:90:b2:22:11:d9:a2:a2:c0:83:65:37
Serial Number (int): 17747644372295511842469961962239518007
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 48:3e:29:62:04:da:54:a7:66:a5:ad:d9:2b:b4:6e:a8:40:8d:00:5d
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 79:e4:24:04:3b:5a:83:3c:c8:25:d0:ec:be:e3:65:51:39:92:bc:36
Fingerprint (sha256): 2c:16:b1:27:9a:fd:e8:c0:c1:e0:6c:4e:47:7c:db:0a:6b:cc:31:a6:2c:2d:87:f5:f2:0e:33:3d:65:90:28:a5

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b-1.crl

Check the revocation status for certificate www.crosscountry.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.crosscountry.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.crosscountry.com
crosscountry.com

Other certificates including the domain name crosscountry.com

(limited to 100 certificates)
leapfrog-ssl-21.gcs-web.com
cross-country-boston.monstermediaworks.ca
www.cross-country-walnut-creek.monstermediaworks.ca
www.cross-country-walnut-creek.monstermediaworks.ca
salesforceservice.crosscountry.com
leapfrog-ssl-21.gcs-web.com
leapfrog-ssl-21.gcs-web.com
cross-country-chicago.monstermediaworks.ca
salesforceservice.crosscountry.com
cross-country-baltimore.monstermediaworks.ca
tsswebsvc.msnhealth.net
npv2.crosscountry.com
rds.crosscountry.com
www.cross-country-walnut-creek.monstermediaworks.ca
cross-country-baltimore.monstermediaworks.ca
go.crosscountry.com
cross-country-sayre.monstermediaworks.ca
smsgateway.crosscountry.com
cross-country-sayre.monstermediaworks.ca
opportunities.m.crosscountry.com
salesforceservice.crosscountry.com
tsswebsvc.msnhealth.net
cross-country-chicago.monstermediaworks.ca
lyncweb.ccrn.com
cross-country-boston.monstermediaworks.ca
www.crosscountrytravcorps.com
npv3.crosscountry.com
apps.crosscountry.com
evaluation.crosscountry.com
leapfrog-ssl-21.gcs-web.com
evaluation.crosscountry.com
npv.crosscountry.com
cross-country-boston.monstermediaworks.ca
hybrid.crosscountry.com
cross-country-chicago.monstermediaworks.ca
tsswebsvc.msnhealth.net
npv3.crosscountry.com
shop.crosscountry.com
tsswebsvc.msnhealth.net
mail.crosscountry.com
npv.crosscountry.com
www.cross-country-walnut-creek.monstermediaworks.ca
go.crosscountry.com
cross-country-sayre.monstermediaworks.ca
app.crosscountry.com
www.crosscountry.com
cross-country-boston.monstermediaworks.ca
evaluation.crosscountry.com
cross-country-chicago.monstermediaworks.ca
sso.crosscountry.com
cross-country-boston.monstermediaworks.ca
cross-country-chicago.monstermediaworks.ca
tsswebsvc.msnhealth.net
cross-country-boston.monstermediaworks.ca
cross-country-boston.monstermediaworks.ca
*.crosscountry.com
www.cross-country-walnut-creek.monstermediaworks.ca
cross-country-baltimore.monstermediaworks.ca
evaluation.crosscountry.com
sharefile.crosscountry.com
cross-country-chicago.monstermediaworks.ca
survey.crosscountry.com
leapfrog-ssl-21.gcs-web.com
salesforceservice.crosscountry.com
www.cross-country-walnut-creek.monstermediaworks.ca
leapfrog-ssl-21.gcs-web.com
*.crosscountry.com
cross-country-sayre.monstermediaworks.ca
cross-country-baltimore.monstermediaworks.ca
cross-country-boston.monstermediaworks.ca
go.crosscountry.com
www.crosscountrytravcorps.com
shop.crosscountry.com
cross-country-baltimore.monstermediaworks.ca
assets.crosscountry.com
*.crosscountry.com
sso.crosscountry.com
devcssis.crosscountry.com
hybrid.crosscountry.com
leapfrog-ssl-21.gcs-web.com
cross-country-baltimore.monstermediaworks.ca
www.prod.crosscountry.com
maintenance.crosscountry.com
cross-country-boston.monstermediaworks.ca
hybrid.crosscountry.com
mail.crosscountry.com
cross-country-baltimore.monstermediaworks.ca
smsgateway.crosscountry.com
salesforceservice.crosscountry.com
npv.crosscountry.com
files.crosscountry.com
www.dev.crosscountry.com
mobilegateway.crosscountry.com
app.crosscountry.com
www.cross-country-walnut-creek.monstermediaworks.ca
leapfrog-ssl-21.gcs-web.com
npv2.crosscountry.com
www.stage.crosscountry.com
leapfrog-ssl-21.gcs-web.com
assets.crosscountry.com

Certificate

The complete raw certificate details for www.crosscountry.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF8jCCBNqgAwIBAgIQDVoSbOGQsiIR2aKiwINlNzANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMjA4MDgwMDAwMDBaFw0yMzA5MDYy
MzU5NTlaMB8xHTAbBgNVBAMTFHd3dy5jcm9zc2NvdW50cnkuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt19A5qDTsh2F5SBZ9uHF0R1SkJLWixhp
9uoiTYOLanxqD9w/50TCXzhXHFvEWQraHnuCzDOlw6DDJ9EfpRZF4MRyM995q/96
Z8Gu7TrixfIo5YGagjzio5Q7hq1qsUZVrM5JGIol8/zmSnG3DXSaZi964h1pE4dF
q+M6RKLE7J8YwOfID4wZ3wiaLncloeOO/LS6xpixj0bI/kvajtprQR67EtkG+DGV
a5JmhQQUYDMjYkXS4AAO+ktT/9b67iS901Rxv2nw+xLntYLI+73XdfhV/pGZFZSe
4nMz94BqiVQp3rkBD13z5fuqh+uihrzxvQu7QlzucUoHWtNDghS0vQIDAQABo4ID
ATCCAv0wHwYDVR0jBBgwFoAUWaRmBlKge5WSPKOUByeWdFv5PdAwHQYDVR0OBBYE
FEg+KWIE2lSnZqWt2Su0bqhAjQBdMDEGA1UdEQQqMCiCFHd3dy5jcm9zc2NvdW50
cnkuY29tghBjcm9zc2NvdW50cnkuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDov
L2NybC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWItMS5jcmwwEwYDVR0gBAww
CjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8v
b2NzcC5zY2ExYi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9j
cnQuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8EAjAA
MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCt9776fP8QyIudPZwePhhqtGcp
Xc+xDCTKhYY069yCigAAAYJ+tlzIAAAEAwBHMEUCICltI7teFPylRtj7ZYcWt8fb
a+8KIIQBVIRpMpwbzrrfAiEAnqLJNpO6ciyk1N8TCgm29SNLHuemjKUbHe/mO77d
DNYAdgA1zxkbv7FsV78PrUxtQsu7ticgJlHqP+Eq76gDwzvWTAAAAYJ+tlzLAAAE
AwBHMEUCIDgUZtA4wcy+3139UX15pSwlFD+zVe90vssK9cMoWhhPAiEAjr/v8k4Q
q5t38/SpYgg41YvP4cgvp1qs+uxJ11+4F/gAdgCzc3cH4YRQ+GOG1gWp3BEJSnkt
sWcMC4fc8AMOeTalmgAAAYJ+tl0kAAAEAwBHMEUCIQCDhO5UwC7lVyeC0Qsn1Fav
fHSiUD02g4z14T4cSiMfSgIgaCEuU0OCAr/NjgSeq7dwF2NGE0OH6v2Iy7KcMfKH
vzkwDQYJKoZIhvcNAQELBQADggEBALeKwB94q7J3A9zMmMeKt1xrXTgmb2a5kErz
nUrvtCdGeM53nlaUHV5xt7vKZXtkusdjsLlsfinFOG60EUA5MimKOKpOO0g0xW+X
NkMAAcrolI7zg4Yuyc/eTXccEgWmI6IS25y+JEwpTi4wCam8LcfnQISTrR5YOgky
ldcuHsysPo/TyWvlr7djdLnEfplf6JThYdbaP31cfheoNF3w3tx74uF9uKUkjxIa
kBnXh7/p61BP+45uFGWc4fWEJ2nwjjb8a2o1FLZtZCgPZVV2keG5ONfqWImCNU9y
fv2xGZkURmotfn5dEH+VlOQH6GqujcxbFKpw1ErmbxgrDOcWV/0=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt19A5qDTsh2F5SBZ9uHF
0R1SkJLWixhp9uoiTYOLanxqD9w/50TCXzhXHFvEWQraHnuCzDOlw6DDJ9EfpRZF
4MRyM995q/96Z8Gu7TrixfIo5YGagjzio5Q7hq1qsUZVrM5JGIol8/zmSnG3DXSa
Zi964h1pE4dFq+M6RKLE7J8YwOfID4wZ3wiaLncloeOO/LS6xpixj0bI/kvajtpr
QR67EtkG+DGVa5JmhQQUYDMjYkXS4AAO+ktT/9b67iS901Rxv2nw+xLntYLI+73X
dfhV/pGZFZSe4nMz94BqiVQp3rkBD13z5fuqh+uihrzxvQu7QlzucUoHWtNDghS0
vQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 17747644372295511842469961962239518007
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-08-08 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-06 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.crosscountry.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23148581069703513023150332327632683244409341297503872798169088311542631864689475557400585496534981065700482090798802735728085619080909173635636027286602303799068670000336567388028669812607470999071614712702458553920549393387306629057860079784589353508346228138947967793568975740707627484157761118477082025236147956426697707566079554647617801410155642018115089115045937367068613474313632839592613918534895246135505438049339975270931868492281833847314604914812226589956739338632573090828247791095485192496984283239084386688786655652663306208277783947893730588733971686315743683968706534750944205586502341279496076047549
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							483e296204da54a766a5add92bb46ea8408d005d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (42 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.crosscountry.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'crosscountry.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007600adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a000001827eb65cc800000403004730450220296d23bb5e14fca546d8fb658716b7c7db6bef0a208401548469329c1bcebadf0221009ea2c93693ba722ca4d4df130a09b6f5234b1ee7a68ca51b1defe63bbedd0cd600760035cf191bbfb16c57bf0fad4c6d42cbbbb627202651ea3fe12aefa803c33bd64c000001827eb65ccb00000403004730450220381466d038c1ccbedf5dfd517d79a52c25143fb355ef74becb0af5c3285a184f0221008ebfeff24e10ab9b77f3f4a9620838d58bcfe1c82fa75aacfaec49d75fb817f8007600b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a000001827eb65d2400000403004730450221008384ee54c02ee5572782d10b27d456af7c74a2503d36838cf5e13e1c4a231f4a022068212e53438202bfcd8e049eabb770176346134387eafd88cbb29c31f287bf39
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b78ac01f78abb27703dccc98c78ab75c6b5d38266f66b9904af39d4aefb4274678ce779e56941d5e71b7bbca657b64bac763b0b96c7e29c5386eb411403932298a38aa4e3b4834c56f9736430001cae8948ef383862ec9cfde4d771c1205a623a212db9cbe244c294e2e3009a9bc2dc7e7408493ad1e583a093295d72e1eccac3e8fd3c96be5afb76374b9c47e995fe894e161d6da3f7d5c7e17a8345df0dedc7be2e17db8a5248f121a9019d787bfe9eb504ffb8e6e14659ce1f5842769f08e36fc6b6a3514b66d64280f65557691e1b938d7ea588982354f727efdb1199914466a2d7e7e5d107f9594e407e86aae8dcc5b14aa70d44ae66f182b0ce71657fd