api.netnation.com

Issued by GeoTrust TLS RSA CA G1

About this certificate

This digital certificate with serial number 01:7f:3f:9e:29:85:49:07:7c:f0:a8:54:50:2d:11:77 was issued on by DigiCert Inc.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=api.netnation.com

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 01:7f:3f:9e:29:85:49:07:7c:f0:a8:54:50:2d:11:77
Serial Number (int): 1989940019523563698296460784075346295
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: 39:2a:51:07:1c:9d:78:0c:db:2f:b5:53:02:be:8b:47:76:7b:fd:44
AuthorityKeyId: 94:4f:d4:5d:8b:e4:a4:e2:a6:80:fe:fd:d8:f9:00:ef:a3:be:02:57

Fingerprint (sha1): c1:27:72:7f:cd:2c:5f:96:41:5b:09:64:35:17:02:65:b5:78:30:bf
Fingerprint (sha256): 2c:77:03:67:90:9d:d9:1e:e8:49:a2:60:a4:2a:4d:4b:7d:15:c8:01:f7:62:97:b4:fc:63:9c:d5:ae:50:1e:a1

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl

Check the revocation status for certificate api.netnation.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for api.netnation.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

api.netnation.com

Other certificates including the domain name netnation.com

(limited to 100 certificates)
sitecontrol.netnation.com
spritessl.netnation.com
sitecontrol.netnation.com
api.netnation.com
freeway.netnation.com
0x.ca
webmail.netnation.com
webmail.netnation.com
webmail.netnation.com
webmail.netnation.com
padlock.netnation.com
secure1.sc.netnation.com
cart.netnation.com
*.netnation.com
api.netnation.com
0x.ca
api.netnation.com
sitecontrol.netnation.com
sitemail.netnation.com
cart.netnation.com
api.netnation.com
acctmgr.netnation.com
order.netnation.com
order.netnation.com
api.netnation.com
api.netnation.com
0x.ca
bladesssl.netnation.com
domains.netnation.com
acctmgr.netnation.com
webmail.netnation.com
safe.netnation.com
acctmgr.netnation.com
cart.netnation.com
sitecontrol.netnation.com
api.netnation.com
acctmgr.netnation.com
domains.netnation.com
freeway.netnation.com
webmail.netnation.com
stronghold.netnation.com
netnation.com
sitecontrol.netnation.com
cart.netnation.com
manage.netnation.com
cart.netnation.com
springerssl.netnation.com
0x.ca
lock.netnation.com
marblessl.netnation.com
cart.netnation.com
cart.netnation.com
domains.netnation.com
webmail.netnation.com
0x.ca
webmail.netnation.com
manage.netnation.com
ssl.netnation.com
netnation.com
0x.ca
acctmgr.netnation.com
acctmgr.netnation.com
sitemail.netnation.com
0x.ca
order.netnation.com
webmail.netnation.com
freeway.netnation.com
freeway.netnation.com
apt.netnation.com
*.netnation.com
sitecontrol.netnation.com
sitecontrol.netnation.com
order.netnation.com
api.netnation.com
0x.ca
api.netnation.com
0x.ca
sitecontrol.netnation.com
am.netnation.com
cart.netnation.com
urchin400.netnation.com
order.netnation.com
webmail.netnation.com
0x.ca
sitemail.netnation.com
staging.netnation.com
acctmgr.netnation.com
0x.ca
sitecontrol.netnation.com

Certificate

The complete raw certificate details for api.netnation.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGIDCCBQigAwIBAgIQAX8/nimFSQd88KhUUC0RdzANBgkqhkiG9w0BAQsFADBg
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZHZW9UcnVzdCBUTFMgUlNBIENBIEcx
MB4XDTI0MDIyMDAwMDAwMFoXDTI1MDIyNzIzNTk1OVowHDEaMBgGA1UEAxMRYXBp
Lm5ldG5hdGlvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx
y0O4EQegfJ2H5vWWqj4s44SCQrQG5qmj2/WWnRsG5F2ynf1pzmMQ76ANAL6CMLvG
v7ZUPLRhmT0wkppcYIZrgWWGW7YTgSJbZ0GdllQ0ke0HtsF26VqfQmcssC6lz4ne
w58ubWzX2hue7vvvXd3XrUzsBkKu8u8cP8sgddPcPJ/UkGuXMtpszoO17ejqH8bf
GZPeOSnVmxYIC2kiHSvd6b+P8q1wOoQXKY3eTSoTTjNiWDNJVDWtYOHJ/SoUYoB4
BiGKFhqA9NmcUQnTKZUkKYS9Hg9iA9Qcp4Y+ibtViuRIawIx26CJZY96aOhe0OAJ
LPDfUQ+qTYlwoFucVAqJAgMBAAGjggMYMIIDFDAfBgNVHSMEGDAWgBSUT9Rdi+Sk
4qaA/v3Y+QDvo74CVzAdBgNVHQ4EFgQUOSpRBxydeAzbL7VTAr6LR3Z7/UQwHAYD
VR0RBBUwE4IRYXBpLm5ldG5hdGlvbi5jb20wPgYDVR0gBDcwNTAzBgZngQwBAgEw
KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPwYDVR0f
BDgwNjA0oDKgMIYuaHR0cDovL2NkcC5nZW90cnVzdC5jb20vR2VvVHJ1c3RUTFNS
U0FDQUcxLmNybDB2BggrBgEFBQcBAQRqMGgwJgYIKwYBBQUHMAGGGmh0dHA6Ly9z
dGF0dXMuZ2VvdHJ1c3QuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vY2FjZXJ0cy5n
ZW90cnVzdC5jb20vR2VvVHJ1c3RUTFNSU0FDQUcxLmNydDAMBgNVHRMBAf8EAjAA
MIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdgBOdaMnXJoQwzhbbNTfP1LrHfDg
jhuNacCx+mSxYpo53wAAAY3HddS6AAAEAwBHMEUCIFmuX605A0WO7FmxYnTsVvWJ
DnBB5GMo7EEcMGupwjKrAiEAuuBfHkP5MOoyKk0FrzLOYLfmqn+yOgoyZ4HtVqn/
lvMAdQB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAAAY3HddTzAAAE
AwBGMEQCIAE/jdhcOXjZdiWCfGqcQpxyC/jFaVk1trIaNo+DuHLfAiBpowlagCtE
SWvXkzreksvlxHZwyE//Lr21pfG4GxaMxwB1AObSMWNAd4zBEEEG13G5zsHSQPaW
hIb7uocyHf0eN45QAAABjcd11RsAAAQDAEYwRAIgIJeGL776ZOnSim2iqGS+/GsE
z5tyyMQXhNSAomvb/VICIEv0gk/M3tV9+Z0fKos5+Q1PATpOhaGHIDoDIO+/uiKu
MA0GCSqGSIb3DQEBCwUAA4IBAQC8nusbE3akJ1VGIXD1X3UmiUZKV5XB71V4J07J
f8zyGIb21Iuu+DNLurUezIIhesGRolyXnA3iUoYV5e7gz6Krc3GYKbZY+b/7yS22
ZLF8hjtd1HTeRMPenIarjAl03ztZityWE2zMAzDosuPJVdpdZneaYINjJgUu9sDg
/M+9ZSLamZ/g+UaUUJL8zeirnEpgm3kwCPJIHEqVOphLUNeZYa+xIBVKOuaeRE4D
tGjvaSvjKHw3aCFbhKJ9W7zgiRlOOqX+Lr5uvdCJfpOJUPv6KlMo2f2ybXTjkNQU
W/kohuWYpgzLx0mKSo+7Yp9Vq4VwzINSsamugaT5B0erixV0
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsctDuBEHoHydh+b1lqo+
LOOEgkK0Buapo9v1lp0bBuRdsp39ac5jEO+gDQC+gjC7xr+2VDy0YZk9MJKaXGCG
a4Flhlu2E4EiW2dBnZZUNJHtB7bBdulan0JnLLAupc+J3sOfLm1s19obnu77713d
161M7AZCrvLvHD/LIHXT3Dyf1JBrlzLabM6Dte3o6h/G3xmT3jkp1ZsWCAtpIh0r
3em/j/KtcDqEFymN3k0qE04zYlgzSVQ1rWDhyf0qFGKAeAYhihYagPTZnFEJ0ymV
JCmEvR4PYgPUHKeGPom7VYrkSGsCMdugiWWPemjoXtDgCSzw31EPqk2JcKBbnFQK
iQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1989940019523563698296460784075346295
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust TLS RSA CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-20 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-27 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'api.netnation.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22444413453197302973798740290116799086871564236532716767251268843539035958686945238922505656395661878977666862211785240044103076867851328772908743073991382110036037941534896753289223591757526217494491066283841668527392694159988519959510341599663002702000047153423694737117240384988688644827909915947380717887034619791035183218595252105117718710760621753995394070679771820137632702303870239663689363637095184021664655431554370630200934142956202700657165035849743775434663986136234601438981352445709612636659872283270322633946507609749762491011684005505420849555914076847292119146112239376626896180409981469355777723017
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 944fd45d8be4a4e2a680fefdd8f900efa3be0257
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							392a51071c9d780cdb2fb55302be8b47767bfd44
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (21 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.netnation.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes)
							01660076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018dc775d4ba0000040300473045022059ae5fad3903458eec59b16274ec56f5890e7041e46328ec411c306ba9c232ab022100bae05f1e43f930ea322a4d05af32ce60b7e6aa7fb23a0a326781ed56a9ff96f30075007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018dc775d4f300000403004630440220013f8dd85c3978d97625827c6a9c429c720bf8c5695935b6b21a368f83b872df022069a3095a802b44496bd7933ade92cbe5c47670c84fff2ebdb5a5f1b81b168cc7007500e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018dc775d51b000004030046304402202097862fbefa64e9d28a6da2a864befc6b04cf9b72c8c41784d480a26bdbfd5202204bf4824fccded57df99d1f2a8b39f90d4f013a4e85a187203a0320efbfba22ae
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00bc9eeb1b1376a42755462170f55f752689464a5795c1ef5578274ec97fccf21886f6d48baef8334bbab51ecc82217ac191a25c979c0de2528615e5eee0cfa2ab73719829b658f9bffbc92db664b17c863b5dd474de44c3de9c86ab8c0974df3b598adc96136ccc0330e8b2e3c955da5d66779a60836326052ef6c0e0fccfbd6522da999fe0f946945092fccde8ab9c4a609b793008f2481c4a953a984b50d79961afb120154a3ae69e444e03b468ef692be3287c3768215b84a27d5bbce089194e3aa5fe2ebe6ebdd0897e938950fbfa2a5328d9fdb26d74e390d4145bf92886e598a60ccbc7498a4a8fbb629f55ab8570cc8352b1a9ae81a4f90747ab8b1574