triebel-guntools.de

Issued by Encryption Everywhere DV TLS CA - G2

About this certificate

This digital certificate with serial number 04:4e:6f:9d:e6:77:3b:03:f3:b7:5d:6a:8b:59:32:64 was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=triebel-guntools.de

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 04:4e:6f:9d:e6:77:3b:03:f3:b7:5d:6a:8b:59:32:64
Serial Number (int): 5724174995718593245526503478919770724
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: d1:0b:42:e1:a6:af:a6:2a:06:f9:aa:68:41:48:f5:a2:26:80:2a:63
AuthorityKeyId: 78:df:91:90:5f:ee:de:ac:f6:c5:75:eb:d5:4c:55:53:ef:24:4a:b6

Fingerprint (sha1): ef:ca:32:a0:87:1c:c0:44:c1:62:3f:ba:08:11:be:ab:00:34:48:3e
Fingerprint (sha256): 2e:80:f2:05:88:85:4d:f5:6d:04:67:f7:df:62:85:af:34:b1:9e:f8:3e:5f:5c:fc:0b:b8:29:51:5f:35:25:e6

Issuing Certificate URL: http://cacerts.digicert.com/EncryptionEverywhereDVTLSCA-G2.crt

Revocation information

OCSP Server: http://ocsp.digicert.com

Check the revocation status for certificate triebel-guntools.de

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for triebel-guntools.de

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

triebel-guntools.de
www.triebel-guntools.de

Other certificates including the domain name triebel-guntools.de

(limited to 100 certificates)
moebel-gruber.mediaflip.de
jobst-wohnwelt.mediaflip.de
moebel-mmz.mediaflip.de
ruesen.mediaflip.de
ruesen.mediaflip.de
moebel-zuck.mediaflip.de
trop.mediaflip.de
jobst-wohnwelt.mediaflip.de
trop.mediaflip.de
moebel-mmz.mediaflip.de
moebel-mai.mediaflip.de
ruesen.mediaflip.de
moebel-zuck.mediaflip.de
moebel-mmz.mediaflip.de
trop.mediaflip.de
moebel-gruber.mediaflip.de
moebelundobjekt.mediaflip.de
moebel-meyer.mediaflip.de
ruesen.mediaflip.de
ruesen.mediaflip.de
ruesen.mediaflip.de
triebel-guntools.de
catalog.triebel-guntools.de
triebel-guntools.de
moebel-gruber.mediaflip.de
moebel-gruber.mediaflip.de
moebel-meyer.mediaflip.de
mobila.mediaflip.de
moebel-mai.mediaflip.de
moebel-mai.mediaflip.de
moebel-mai.mediaflip.de
jobst-wohnwelt.mediaflip.de
jobst-wohnwelt.mediaflip.de
trop.mediaflip.de
moebel-mmz.mediaflip.de
triebel-guntools.de
moebel-gruber.mediaflip.de
ruesen.mediaflip.de
ruesen.mediaflip.de
jobst-wohnwelt.mediaflip.de
moebel-mai.mediaflip.de
moebel-mmz.mediaflip.de
moebelundobjekt.mediaflip.de
jobst-wohnwelt.mediaflip.de
moebel-mmz.mediaflip.de
wohnland-hauber.mediaflip.de
trop.mediaflip.de
ruesen.mediaflip.de
trop.mediaflip.de
triebel-guntools.de
moebel-mai.mediaflip.de
jobst-wohnwelt.mediaflip.de
moebel-mai.mediaflip.de
moebel-meyer.mediaflip.de
jobst-wohnwelt.mediaflip.de
moebel-meyer.mediaflip.de
moebel-gruber.mediaflip.de
trop.mediaflip.de
ruesen.mediaflip.de
ruesen.mediaflip.de
jobst-wohnwelt.mediaflip.de
ruesen.mediaflip.de
moebel-mai.mediaflip.de
hoffmann-moebel.mediaflip.de
hoffmann-moebel.mediaflip.de
triebel-guntools.de
ruesen.mediaflip.de
moebel-mai.mediaflip.de
moebel-gruber.mediaflip.de
moebel-mmz.mediaflip.de
moebel-gruber.mediaflip.de
moebel-gruber.mediaflip.de
moebel-zuck.mediaflip.de
ruesen.mediaflip.de
moebel-mai.mediaflip.de
moebelundobjekt.mediaflip.de
moebel-mmz.mediaflip.de
ruesen.mediaflip.de
moebel-gruber.mediaflip.de
moebelundobjekt.mediaflip.de
moebel-mai.mediaflip.de
moebel-mai.mediaflip.de
hummerich.mediaflip.de
moebel-mmz.mediaflip.de
moebel-mai.mediaflip.de
trop.mediaflip.de
moebel-meyer.mediaflip.de
moebel-meyer.mediaflip.de
moebel-mai.mediaflip.de
moebel-mai.mediaflip.de
moebel-mmz.mediaflip.de
moebel-mai.mediaflip.de
epaper-fr.transgourmet.ch
mobila.mediaflip.de
trop.mediaflip.de
trop.mediaflip.de
trop.mediaflip.de
moebel-mmz.mediaflip.de
epaper-fr.transgourmet.ch
trop.mediaflip.de

Certificate

The complete raw certificate details for triebel-guntools.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGGTCCBQGgAwIBAgIQBE5vneZ3OwPzt11qi1kyZDANBgkqhkiG9w0BAQsFADBu
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
RFYgVExTIENBIC0gRzIwHhcNMjQwMjA0MDAwMDAwWhcNMjUwMjAzMjM1OTU5WjAe
MRwwGgYDVQQDExN0cmllYmVsLWd1bnRvb2xzLmRlMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAn52eQxp+uDrA+7JoKgPA1AFIMPbpv8R76kcFUz6gBKOg
m2cZ+uKMma/U1GPbnBzFvHwkarA81i/bqKyTnA4pnwlO5BvsNCA75B37J1UTp+0R
ud4FyhR/NGVM4HB0oW05oQCqcyPy+Q3a3GIvr8S9Cr+tKY6jeKNUXTqDaiiQ3Orb
g2GIbH06kWlzgtoCRYYA0Mc9BjgkOTZ1mfXHc8GUuXWHxYR04PBsSVijz2Jwjqya
C0k64v1k+v+j0Pp6hQzZhglckQ93J94lzbXCG/BosE8ca1gfIa6k8EslohyoDK9t
eCYC0rDDnXcDM2s/8LaTbZl92OkFybimGBHge7X2KQIDAQABo4IDATCCAv0wHwYD
VR0jBBgwFoAUeN+RkF/u3qz2xXXr1UxVU+8kSrYwHQYDVR0OBBYEFNELQuGmr6Yq
BvmqaEFI9aImgCpjMDcGA1UdEQQwMC6CE3RyaWViZWwtZ3VudG9vbHMuZGWCF3d3
dy50cmllYmVsLWd1bnRvb2xzLmRlMD4GA1UdIAQ3MDUwMwYGZ4EMAQIBMCkwJwYI
KwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGABggrBgEFBQcB
AQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBKBggr
BgEFBQcwAoY+aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0VuY3J5cHRpb25F
dmVyeXdoZXJlRFZUTFNDQS1HMi5jcnQwDAYDVR0TAQH/BAIwADCCAYAGCisGAQQB
1nkCBAIEggFwBIIBbAFqAHcATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKa
Od8AAAGNdCDivwAABAMASDBGAiEAhhe06zMwM4su2UC7QRbynNVWAt4tQW/yJHwp
DV/yKu8CIQD4BJThh6k0lP55DJRcmLqDyzae9dxm61uoS1/m/He8AgB3AH1ZHhLh
eCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4AAABjXQg4uUAAAQDAEgwRgIhAPML
f08Qu3z9YS/SjtkJm0idrt4hT0IPsPfW/NryQljXAiEA9Rm4Iv+oyTZi9t8kkgZC
9+dGl7l0akerJERmhm+wY+EAdgDm0jFjQHeMwRBBBtdxuc7B0kD2loSG+7qHMh39
HjeOUAAAAY10IOMNAAAEAwBHMEUCICggJs2ESjHRlJTgWdn6aJ/kxThT8iKec5Qd
8F0J7uVdAiEA6W+XB4aoQa143HnFP2/2bJanojXDUVkejATF1I/w0gQwDQYJKoZI
hvcNAQELBQADggEBAKNSwL4VVI3Gz4qgY5vlgU+B/M9SSfcCwkJFWZ//baPCsVyc
rE8pAC966wloXbAkHfqYmyzCH/60+f0/qgycYsxqNhaJ+ffBwF2hoXex2KDrzh8x
e2GJu2ih27QWLKhO2M9DsOt6HayJNXQ1TtniChk18WGb+I835uu0Ul4Pzml2G2sf
H5aClgUV0bEcdibxrTXyr0T9tEQ4ZWvTeyO8gj3il3Xe5jpWaFLjN++RXUGn1GkE
opBZYXHXucWv/cr7TQZ7R4MO1SYPQ7Go39ubRaCHqxAJuyM7u70xXcnFGQ3fu+ta
tK0CzVymqmncok4DqwD1CYL3xETWakoZ7PBzplM=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn52eQxp+uDrA+7JoKgPA
1AFIMPbpv8R76kcFUz6gBKOgm2cZ+uKMma/U1GPbnBzFvHwkarA81i/bqKyTnA4p
nwlO5BvsNCA75B37J1UTp+0Rud4FyhR/NGVM4HB0oW05oQCqcyPy+Q3a3GIvr8S9
Cr+tKY6jeKNUXTqDaiiQ3Orbg2GIbH06kWlzgtoCRYYA0Mc9BjgkOTZ1mfXHc8GU
uXWHxYR04PBsSVijz2JwjqyaC0k64v1k+v+j0Pp6hQzZhglckQ93J94lzbXCG/Bo
sE8ca1gfIa6k8EslohyoDK9teCYC0rDDnXcDM2s/8LaTbZl92OkFybimGBHge7X2
KQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 5724174995718593245526503478919770724
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Encryption Everywhere DV TLS CA - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-04 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-03 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'triebel-guntools.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20149614926483015559572045280989886798491012829489201274268608448663480995105356525041701013534943105317663082478267696857740427579257297885147632399638782971421564871094755049281763656263169367923646644301613816234397267388970937048857022821328935628811447730688841194540456410277015777841216266370640256382012221172205256484240343510008944220651467318528862935532937315143279804678024560672000622295402175192953949023117917333922227183630463197955600863321837846923817905230525082550887995097275489271729602142342330466422865094420295475830306866768201852944701779768913730343883728145594466208304246675524707284521
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 78df91905feedeacf6c575ebd54c5553ef244ab6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d10b42e1a6afa62a06f9aa684148f5a226802a63
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (48 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'triebel-guntools.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.triebel-guntools.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (116 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/EncryptionEverywhereDVTLSCA-G2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a0077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d7420e2bf00000403004830460221008617b4eb3330338b2ed940bb4116f29cd55602de2d416ff2247c290d5ff22aef022100f80494e187a93494fe790c945c98ba83cb369ef5dc66eb5ba84b5fe6fc77bc020077007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018d7420e2e50000040300483046022100f30b7f4f10bb7cfd612fd28ed9099b489daede214f420fb0f7d6fcdaf24258d7022100f519b822ffa8c93662f6df24920642f7e74697b9746a47ab244466866fb063e1007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018d7420e30d00000403004730450220282026cd844a31d19494e059d9fa689fe4c53853f2229e73941df05d09eee55d022100e96f970786a841ad78dc79c53f6ff66c96a7a235c351591e8c04c5d48ff0d204
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00a352c0be15548dc6cf8aa0639be5814f81fccf5249f702c24245599fff6da3c2b15c9cac4f29002f7aeb09685db0241dfa989b2cc21ffeb4f9fd3faa0c9c62cc6a361689f9f7c1c05da1a177b1d8a0ebce1f317b6189bb68a1dbb4162ca84ed8cf43b0eb7a1dac893574354ed9e20a1935f1619bf88f37e6ebb4525e0fce69761b6b1f1f9682960515d1b11c7626f1ad35f2af44fdb44438656bd37b23bc823de29775dee63a566852e337ef915d41a7d46904a290596171d7b9c5affdcafb4d067b47830ed5260f43b1a8dfdb9b45a087ab1009bb233bbbbd315dc9c5190ddfbbeb5ab4ad02cd5ca6aa69dca24e03ab00f50982f7c444d66a4a19ecf073a653