ssl.1.damoh.fitforfun.de

Issued by R3

About this certificate

This digital certificate with serial number 03:6a:18:88:b1:ba:bd:1c:d7:53:62:cf:a9:a1:4c:7c:02:28 was issued on by Let's Encrypt.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=ssl.1.damoh.fitforfun.de

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:6a:18:88:b1:ba:bd:1c:d7:53:62:cf:a9:a1:4c:7c:02:28
Serial Number (int): 297439399917953281392121587342119194591784
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: e6:a5:29:0e:ba:9b:48:ce:55:7e:41:66:cc:71:27:e8:b9:de:6f:6f
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 6b:f8:d2:39:1a:16:f2:d2:07:6f:ab:03:49:ea:b2:3a:25:d0:5b:3a
Fingerprint (sha256): 2d:7e:43:ec:a0:e3:8b:17:dd:8f:31:6b:e3:33:6b:04:f2:36:98:14:c5:58:42:ce:b8:c1:76:c1:80:2b:1c:69

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate ssl.1.damoh.fitforfun.de

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ssl.1.damoh.fitforfun.de

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ssl.1.damoh.fitforfun.de
ssl.2.damoh.fitforfun.de
ssl.3.damoh.fitforfun.de

Other certificates including the domain name fitforfun.de

(limited to 100 certificates)
branded-stories.fitforfun.de
x.bunte.de
community.fitforfun.de
bf-tools.net
bf-tools.net
mms.burda-forward.de
promo.fitforfun.de
consent.planetradio.co.uk
shopping.fitforfun.de
*.fitforfun.de
kzsicw.fitforfun.de
bf-tools.net
tags.fitforfun.de
bf-tools.net
bf-tools.net
ssl.1.damoh.fitforfun.de
bf-tools.net
branded-stories.fitforfun.de
branded-story.fitforfun.de
*.sandbox-sp.fitforfun.de
cmp.bestcheck.de
tags.fitforfun.de
community.fitforfun.de
data-f06c8efc81.fitforfun.de
branded-story.fitforfun.de
cmp.bestcheck.de
shop.fitforfun.de
bf-tools.net
mms.burda-forward.de
cmp.bestcheck.de
cmp.bestcheck.de
damoh.fitforfun.de
*.sp.fitforfun.de
mms.chip.de
bf-tools.net
bf-tools.net
bf-tools.net
bf-tools.net
mms.chip.de
a.tfag.de
ssl.1.damoh.fitforfun.de
ssl.1.damoh.fitforfun.de
cmp.bestcheck.de
cmp.bestcheck.de
cmp.bestcheck.de
kzsicw.fitforfun.de
mms.chip.de
*.fitforfun.de
tags.fitforfun.de
tags.fitforfun.de
tags.fitforfun.de
cmp.bestcheck.de
cmp.bestcheck.de
kzsicw.fitforfun.de
data-f06c8efc81.fitforfun.de
bf-tools.net
cmp.bestcheck.de
cmp.bestcheck.de
*.fitforfun.de
ssl.1.damoh.fitforfun.de
cmp.bestcheck.de
bf-tools.net
shopping.fitforfun.de
shopping.fitforfun.de
community.fitforfun.de
mms.burda-forward.de
mms.burda-forward.de
ssl.1.damoh.fitforfun.de
branded-stories.fitforfun.de
cmp.bestcheck.de
bf-tools.net
branded-story.fitforfun.de
branded-stories.fitforfun.de
z.fitforfun.de
bf-tools.net
*.sp.fitforfun.de
shopping.fitforfun.de
mms.burda-forward.de
x.bunte.de
branded-stories.fitforfun.de
rt.fitforfun.de
bf-tools.net
bf-tools.net
bf-tools.net
cmp.bestcheck.de
cmp.bestcheck.de
bf-tools.net
blackfriday.fitforfun.de
blackfriday.fitforfun.de
mms.burda-forward.de
a.tfag.de
cmp.bestcheck.de
ivwbox.fitforfun.de
mms.burda-forward.de
bf-tools.net
cmp.bestcheck.de
kzsicw.fitforfun.de
a.tfag.de
a.tfag.de
data-ba3ff52f53.fitforfun.de

Certificate

The complete raw certificate details for ssl.1.damoh.fitforfun.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGMDCCBRigAwIBAgISA2oYiLG6vRzXU2LPqaFMfAIoMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzEwMDQwNzM4MDFaFw0yNDAxMDIwNzM4MDBaMCMxITAfBgNVBAMT
GHNzbC4xLmRhbW9oLmZpdGZvcmZ1bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBAL3oS+GnJTDzs2m1FNp+xrGFVrKN/aDUfxk1B72ILdPBoU7084mH
vR2FLIs0i3JzG04/v8EGMXzhgAfPpnD31MgpccfdsklSNgZBcUkoI3K+5zf+37cg
CcUMynWZDNfGXWwcB4LwN6lKhoUU1nXTNfSSYOZFTa/5aYnhlrc9Vazufd5T1luw
9S7R7/4PW9pQ5VIzhVsjZm8VrmTrujL3hbTKXnc/VFeuS8kybhBqBP15PhEH6h+D
1f+NU10w8lZiYKaSrWNNOOX62iXJKgyc7MKFKxuMTh3vgYJHrx7AgIG12cBN+jqh
n2/96BMD8aNolwOSyN1Qd4f4Wq6g7wNwv4nl1oKbUo+yZAg9Z05N4AODiPos/MLG
fgIqsEt/bGTvM3vr5x139Df45z646JKCbbx317iWKU0ZgUOjI1E36k4GSXJjDrz+
Xya/i0kg6YiEHSo9eGWYpMut8tQ9L/CnCWSvZqtSH5EJhjM6ppoh6K4bR6UaA37r
9xkXlIzgHs6eMGBkaeeBOK2RnN+zpFhmOzZB5YWkldtrUMN6tek2cu5QII+3wyJ6
WxXfI4PrRrXxGMAAGjk9lHbNWhBfaqUxYXa58cBtVQeK1nqWvDewEU5qYxYsTA9F
y0XbzV2cx4mTi12cNK0EoUWyzN+WB9T43gAbt+hXvTcspKU3hKdYTKPXAgMBAAGj
ggJNMIICSTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOalKQ66m0jOVX5BZsxxJ+i5
3m9vMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEB
BEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUF
BzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMFcGA1UdEQRQME6CGHNzbC4xLmRh
bW9oLmZpdGZvcmZ1bi5kZYIYc3NsLjIuZGFtb2guZml0Zm9yZnVuLmRlghhzc2wu
My5kYW1vaC5maXRmb3JmdW4uZGUwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEDBgor
BgEEAdZ5AgQCBIH0BIHxAO8AdQA7U3d1Pi25gE6LMFsG/kA7Z9hPw/THvQANLXJv
4frUFwAAAYr51ju6AAAEAwBGMEQCIAP83lwTDgtV12ZpdmWX8E8kQkgHO/OHF9kM
N7tpf6EHAiAHsy123LV5KRZgz7tbj/l1TB430xTb6KDQudf9/+N5wgB2AO7N0GTV
2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABivnWO64AAAQDAEcwRQIgZwDq
BPK/l2dUmG2M9+/9XZE/2+7QI2gXOMZeS+/4BpACIQDZmvv3zLuhoOdCJ1BJ16a5
wXtar/Wh+obL2zulpEvI/DANBgkqhkiG9w0BAQsFAAOCAQEAtpUxXC6vMfWiWa6P
jQXFPOh36OoP9FGOmdx720wy2drPqOlPsOUzPFvqSZcLHjMqEMlerTKrkr7sMtDz
UXPU7qZi6vbVwSERNiXDJHiYhKSnKIggwGBoJlxghP178DuUK63OgolHJuOJopsg
2xI9wPX9GOx+yJ9VZ9zmHqPD1zBMoFGf3udnFvvWs+ffMXf1cg28f0cKAPIdnp1+
sUl3TP0wK2Or1otCr83M+nRqQqf13BvFzMQq+6nzPawGYGj0sntg6c8zJrMsSKH+
CcdWc8M3IUke/7tUh+y1IUKJ84UNiJQkvMk79G+RDOTBQ5jFj/9frcsSu8SlcrDJ
40k+MQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvehL4aclMPOzabUU2n7G
sYVWso39oNR/GTUHvYgt08GhTvTziYe9HYUsizSLcnMbTj+/wQYxfOGAB8+mcPfU
yClxx92ySVI2BkFxSSgjcr7nN/7ftyAJxQzKdZkM18ZdbBwHgvA3qUqGhRTWddM1
9JJg5kVNr/lpieGWtz1VrO593lPWW7D1LtHv/g9b2lDlUjOFWyNmbxWuZOu6MveF
tMpedz9UV65LyTJuEGoE/Xk+EQfqH4PV/41TXTDyVmJgppKtY0045fraJckqDJzs
woUrG4xOHe+BgkevHsCAgbXZwE36OqGfb/3oEwPxo2iXA5LI3VB3h/harqDvA3C/
ieXWgptSj7JkCD1nTk3gA4OI+iz8wsZ+AiqwS39sZO8ze+vnHXf0N/jnPrjokoJt
vHfXuJYpTRmBQ6MjUTfqTgZJcmMOvP5fJr+LSSDpiIQdKj14ZZiky63y1D0v8KcJ
ZK9mq1IfkQmGMzqmmiHorhtHpRoDfuv3GReUjOAezp4wYGRp54E4rZGc37OkWGY7
NkHlhaSV22tQw3q16TZy7lAgj7fDInpbFd8jg+tGtfEYwAAaOT2Uds1aEF9qpTFh
drnxwG1VB4rWepa8N7ARTmpjFixMD0XLRdvNXZzHiZOLXZw0rQShRbLM35YH1Pje
ABu36Fe9NyykpTeEp1hMo9cCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 297439399917953281392121587342119194591784
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-04 07:38:01 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-02 07:38:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ssl.1.damoh.fitforfun.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 774754629945624665628229371972110039593538289276858708747026019836931501303813793156794593619674606892704151972429973274197937171364658527243096632589050660382912932149214507797470876541128696632165470215927323404539643018649466256749431710939205007851984147428479341218343157313595465937843621338690607052855703809006876247076237300307953804030224337650816478248368979444052720321195840281235888334169299654250279043310971418072916959957031399493946225519748462434993729268772803976769359319021903599547409582121025797496018540879204561194960074922112999207142254095632032961806806439130687689686339927605779523463493911694895727394164882357067431498735336731230273376847794956623106549452991502225598499153488512894944612269831594469060736696935484170800168737035043724136523152337850503599059252397472275681760344753192193899397583382269530201122886664989407140390101427651292047567291258643096883063956075256269602781301171721197609766302355949642823345686228127874028518098889399044249275820902874262919352194082726169484300199792905183938893590010261718282189759480337889986145009997841763857188462372507213471710987152271659757342642635569244838696563396123353488881523478974864562207520943005750167054367305953022241720280023
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e6a5290eba9b48ce557e4166cc7127e8b9de6f6f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (80 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ssl.1.damoh.fitforfun.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ssl.2.damoh.fitforfun.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ssl.3.damoh.fitforfun.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef0075003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018af9d63bba0000040300463044022003fcde5c130e0b55d76669766597f04f244248073bf38717d90c37bb697fa107022007b32d76dcb579291660cfbb5b8ff9754c1e37d314dbe8a0d0b9d7fdffe379c2007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018af9d63bae000004030047304502206700ea04f2bf976754986d8cf7effd5d913fdbeed023681738c65e4beff80690022100d99afbf7ccbba1a0e742275049d7a6b9c17b5aaff5a1fa86cbdb3ba5a44bc8fc
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b695315c2eaf31f5a259ae8f8d05c53ce877e8ea0ff4518e99dc7bdb4c32d9dacfa8e94fb0e5333c5bea49970b1e332a10c95ead32ab92beec32d0f35173d4eea662eaf6d5c121113625c324789884a4a7288820c06068265c6084fd7bf03b942badce82894726e389a29b20db123dc0f5fd18ec7ec89f5567dce61ea3c3d7304ca0519fdee76716fbd6b3e7df3177f5720dbc7f470a00f21d9e9d7eb149774cfd302b63abd68b42afcdccfa746a42a7f5dc1bc5ccc42afba9f33dac066068f4b27b60e9cf3326b32c48a1fe09c75673c33721491effbb5487ecb5214289f3850d889424bcc93bf46f910ce4c14398c58fff5fadcb12bbc4a572b0c9e3493e31