developerqa.sartorius.com

Issued by SwissSign RSA TLS DV ICA 2022 - 1

About this certificate

This digital certificate with serial number 73:2f:75:cc:23:1f:73:4b:b1:cf:10:7c:03:54:dd:08:05:4a:db:81 was issued on by SwissSign AG.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=developerqa.sartorius.com

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate will expire on

Certificate Details

Serial Number (hex): 73:2f:75:cc:23:1f:73:4b:b1:cf:10:7c:03:54:dd:08:05:4a:db:81
Serial Number (int): 657592335270815631924100342178824070239175236481
Serial Number lenght: 159 bits, 20 octets

SubjectKeyId: 0b:93:ce:39:87:6d:98:4d:0d:c9:8a:61:73:b3:fd:30:a0:bf:73:a4
AuthorityKeyId: eb:bd:7f:49:93:8c:c9:ee:ec:a2:ba:f7:1c:d2:67:f0:83:b1:ea:de

Fingerprint (sha1): e8:21:8c:ae:e8:ba:31:bd:00:6e:d7:c4:83:27:22:e1:93:db:6a:36
Fingerprint (sha256): 31:29:9a:8d:44:d0:b6:43:2a:83:7f:14:e6:3c:9e:3a:a6:47:3b:f0:f3:5c:2e:b4:40:72:82:a1:fd:50:54:64

Issuing Certificate URL: http://aia.swisssign.ch/air-1b863385-f4a9-47fa-88a5-2a5abfd4a167

Revocation information

OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
CRL Distribution Point: http://crl.swisssign.ch/cdp-679723b2-8641-4642-8500-f6d2ff37e6ba

Check the revocation status for certificate developerqa.sartorius.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for developerqa.sartorius.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

developerqa.sartorius.com

Other certificates including the domain name sartorius.com

(limited to 100 certificates)
cert00068-azurecdn.akamaized.net
go.sartorius.com
owa.sartorius.com
sentry-c1.sartorius.com
btconfigurator-dev.sartorius.com
sentry-access.sartorius.com
cert00068-azurecdn.akamaized.net
cert00068-azurecdn.akamaized.net
dam-qa.sartorius.com
api-internal.sartorius.com
eshop.sartorius.com
api-qa.sartorius.com
owa.sartorius.com
de05bwinterfacetest.sartorius.com
*.scp.sartorius.com
open-access.sartorius.com
*.scp.sartorius.com
cert00068-azurecdn.akamaized.net
cert00068-azurecdn.akamaized.net
cert00068-azurecdn.akamaized.net
su-adp-presentation.sartorius.com
open-access.sartorius.com
configurator-training.sartorius.com
www.shop-wer.de
shop.sartorius.com
dam-qa.sartorius.com
www.sartorius.com
ecoach.sartorius.com
cert00068-azurecdn.akamaized.net
cert00068-azurecdn.akamaized.net
dam-test.sartorius.com
cert00068-azurecdn.akamaized.net
upload.sartorius.com
btconfigurator.sartorius.com
jira.sartorius.com
de91vaucxwye01.sartorius.com
*.portal-q.sartorius.com
git.sartorius.com
ecoach.sartorius.com
configurator-training.sartorius.com
verical.sartorius.com
developerqa.sartorius.com
remote-access-dev.sartorius.com
eshop-qa.sartorius.com
sip-mobile.sartorius.com
cert00068-azurecdn.akamaized.net
cert00068-azurecdn.akamaized.net
developer-qa.sartorius.com
sce-experlogix.sartorius.com
cert00068-azurecdn.akamaized.net
config-data-downloads.sartorius.com
go.sartorius.com
uc-gw.sartorius.com
*.sartorius.com
btconfigurator-dev.sartorius.com
sartdam.sartorius.com
brm.sartorius.com
btconfigurator-dev3.sartorius.com
cert00068-azurecdn.akamaized.net
bi-test.sartorius.com
gonsap68.sartorius.com
cert00068-azurecdn.akamaized.net
ir-reports.sartorius.com
brm.sartorius.com
developer-qa.sartorius.com
bioprocess-test.sartorius.com
config-data-downloads.sartorius.com
*.scp.sartorius.com
mobile-test.sartorius.com
cert00068-azurecdn.akamaized.net
btconfigurator-dev.sartorius.com
cert00068-azurecdn.akamaized.net
git.sartorius.com
dex.sartorius.com
serviceshop.sartorius.de
owa.sartorius.com
dam-qa.sartorius.com
www.connect-upstream.com
cert00068-azurecdn.akamaized.net
cert00068-azurecdn.akamaized.net
sartdam.sartorius.com
cert00068-azurecdn.akamaized.net
btconfigurator-dev2.sartorius.com
serviceshop.sartorius.de
open-access.sartorius.com
jira.sartorius.com
owa.sartorius.com
cert00068-azurecdn.akamaized.net
config-data-downloads.sartorius.com
cert00068-azurecdn.akamaized.net
bi-test.sartorius.com
studio.sartorius.com
www.shop-wer.de
Sartorius Corporate Administration GmbH
delivery.wcms.qa.sartorius.com
lps-globalsalesmeeting.sartorius.com
mobile.sartorius.com
developer.sartorius.com
login-test.sartorius.com
btconfigurator-dev3.sartorius.com

Certificate

The complete raw certificate details for developerqa.sartorius.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGKzCCBBOgAwIBAgIUcy91zCMfc0uxzxB8A1TdCAVK24EwDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE
AxMhU3dpc3NTaWduIFJTQSBUTFMgRFYgSUNBIDIwMjIgLSAxMB4XDTIzMTAxMDA2
NTk1MFoXDTI0MTAxMDA2NTk1MFowJDEiMCAGA1UEAxMZZGV2ZWxvcGVycWEuc2Fy
dG9yaXVzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANaaEi90
TjAD1fUXnsTBNQJJiLan9zOer0/YnZUAwkxejk/MJ4c4vK9Pkj9fIqJk2veqeVH4
74WiPp2QcCkcJvj8lv5UhQHvMlRbavwGau4wXdVDzDgxHjbxTbRwauEhIFigq7R+
jN2HZYJSChJ0DpNZUFSKacEFwPCRuNVfcEPvz6Pk1qoFT2hVaRFIJtMF3xw9Zj46
gUuIQ4Nlh+jgOZPpPcfq3d3bif5lnjuN7BLL5IDhecP4LvM3z2N/87K5qE1Rj4Ip
bzdl03fiX6DN2LI73sCY3wlXR4UPhWInWODzR690q37T17LAX3jfesSHdxhzTrWd
PGjjPGKhcaOkrVUCAwEAAaOCAicwggIjMIGyBggrBgEFBQcBAQSBpTCBojBMBggr
BgEFBQcwAoZAaHR0cDovL2FpYS5zd2lzc3NpZ24uY2gvYWlyLTFiODYzMzg1LWY0
YTktNDdmYS04OGE1LTJhNWFiZmQ0YTE2NzBSBggrBgEFBQcwAYZGaHR0cDovL29j
c3Auc3dpc3NzaWduLmNoL3NpZ24vb2NzLWFhY2NjZWQ1LTY2ZTgtNDA2OS05YjFi
LWZkMjlhYjczZWZlYzBvBgNVHSAEaDBmMAgGBmeBDAECATAIBgYEAI96AQYwUAYI
YIV0AVkCAQEwRDBCBggrBgEFBQcCARY2aHR0cHM6Ly9yZXBvc2l0b3J5LnN3aXNz
c2lnbi5jb20vU3dpc3NTaWduX0NQU19UTFMucGRmMFEGA1UdHwRKMEgwRqBEoEKG
QGh0dHA6Ly9jcmwuc3dpc3NzaWduLmNoL2NkcC02Nzk3MjNiMi04NjQxLTQ2NDIt
ODUwMC1mNmQyZmYzN2U2YmEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MA4GA1UdDwEB/wQEAwIFoDAkBgNVHREEHTAbghlkZXZlbG9wZXJxYS5zYXJ0b3Jp
dXMuY29tMB0GA1UdDgQWBBQLk845h22YTQ3JimFzs/0woL9zpDAfBgNVHSMEGDAW
gBTrvX9Jk4zJ7uyiuvcc0mfwg7Hq3jATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkq
hkiG9w0BAQsFAAOCAgEAhwgjqd1ZmGNk3RVyPyYQkZO8NgHNvUg2enG525UxcFaq
5N1kfRd1+d3fdrpb7BUx553tp2SwLRVS6CFUylqtFh1Cc4qBjjbrF/GEmS3oR0Wb
ArD4VlbGk/DkKhJ1CjTIpmZDB6gQnDNUXHiZplxKu7FTEI9pRnmRRpFWbZZONVmy
6WxT+0IC+kGSs/7yyMZBrwT4AwORDlwLg/9AKTs2jgw/c8uPD9/jn15Ahr7Epdfc
bu1SwUMpIXeJ1vB+FwS0A02l9TwK5BPfq/eTf490OFIokXjn0CAX9Ih9hodkoHsz
etmG4eLI7l942g1T044os4k8Q+GwK8n8RqrcpZlhtejNkchmeiQ80p1yj4YUiAzP
ANcoHjUURJc6tlim9kTayooAuPThHAJu1RlCct7jJs2SYXbo15LHc5zqk5NxeZ3U
3QLZeL/Cjifgfu6hGWWisDRZvHVQLTgyVw+xO6I7E2YwJqwp3AgCM2DRXYb1CKfp
/TillLkOfMsm8Q+qAV/bKo7L2dqpv1Z2/u0qW4LGq+NelpdLpcQMvgx5dnZqxsOX
dMNTdtdrfvRxbSzAwgtTllj7iJ3JYigWe3Pw0yiQ9/YBxRbpk+0dGnGal6RH51Sn
Dir4qYDI3kyibKVM3rm8MfIWhfBlyGVNTyVNymPdvOmu4Dz6x2xal4TLgtJbB3Q=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1poSL3ROMAPV9ReexME1
AkmItqf3M56vT9idlQDCTF6OT8wnhzi8r0+SP18iomTa96p5UfjvhaI+nZBwKRwm
+PyW/lSFAe8yVFtq/AZq7jBd1UPMODEeNvFNtHBq4SEgWKCrtH6M3YdlglIKEnQO
k1lQVIppwQXA8JG41V9wQ+/Po+TWqgVPaFVpEUgm0wXfHD1mPjqBS4hDg2WH6OA5
k+k9x+rd3duJ/mWeO43sEsvkgOF5w/gu8zfPY3/zsrmoTVGPgilvN2XTd+JfoM3Y
sjvewJjfCVdHhQ+FYidY4PNHr3SrftPXssBfeN96xId3GHNOtZ08aOM8YqFxo6St
VQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 657592335270815631924100342178824070239175236481
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS DV ICA 2022 - 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-10 06:59:50 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-10 06:59:50 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'developerqa.sartorius.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27090972522518461448924673325620909808931212490436425786109666869511973671821409774985381704648443356060427637705747961242611124053729004935375290042447275887031392848428967583574447953845163213694862814871731094823236581983959597390083042314226153723460287373700058225342831803347359281725671937550870640657209883796910165627255824856133732491084384148056311257733515882659882052056493717124103862205445439674858892886856128963808689187696179978863074380791867491642103949849900283869985848490098652935281563961378930967123288313955653930281080451474700261912821334235818009462752247126311712370701437661348136004949
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-1b863385-f4a9-47fa-88a5-2a5abfd4a167'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-679723b2-8641-4642-8500-f6d2ff37e6ba'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (29 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'developerqa.sartorius.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							0b93ce39876d984d0dc98a6173b3fd30a0bf73a4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ebbd7f49938cc9eeeca2baf71cd267f083b1eade
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00870823a9dd59986364dd15723f26109193bc3601cdbd48367a71b9db95317056aae4dd647d1775f9dddf76ba5bec1531e79deda764b02d1552e82154ca5aad161d42738a818e36eb17f184992de847459b02b0f85656c693f0e42a12750a34c8a6664307a8109c33545c7899a65c4abbb153108f694679914691566d964e3559b2e96c53fb4202fa4192b3fef2c8c641af04f80303910e5c0b83ff40293b368e0c3f73cb8f0fdfe39f5e4086bec4a5d7dc6eed52c14329217789d6f07e1704b4034da5f53c0ae413dfabf7937f8f743852289178e7d02017f4887d868764a07b337ad986e1e2c8ee5f78da0d53d38e28b3893c43e1b02bc9fc46aadca59961b5e8cd91c8667a243cd29d728f8614880ccf00d7281e351444973ab658a6f644daca8a00b8f4e11c026ed5194272dee326cd926176e8d792c7739cea939371799dd4dd02d978bfc28e27e07eeea11965a2b03459bc75502d3832570fb13ba23b13663026ac29dc08023360d15d86f508a7e9fd38a594b90e7ccb26f10faa015fdb2a8ecbd9daa9bf5676feed2a5b82c6abe35e96974ba5c40cbe0c7976766ac6c39774c35376d76b7ef4716d2cc0c20b539658fb889dc96228167b73f0d32890f7f601c516e993ed1d1a719a97a447e754a70e2af8a980c8de4ca26ca54cdeb9bc31f21685f065c8654d4f254dca63ddbce9aee03cfac76c5a9784cb82d25b0774