bywaterconsortium.aspendiscovery.org

Issued by R3

About this certificate

This digital certificate with serial number 03:02:0c:dd:b7:b3:ec:b4:f9:23:ab:f4:e7:7a:84:af:47:9f was issued on by Let's Encrypt.

With 8 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=bywaterconsortium.aspendiscovery.org

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:02:0c:dd:b7:b3:ec:b4:f9:23:ab:f4:e7:7a:84:af:47:9f
Serial Number (int): 262034524488613827857980851788045186189215
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: f7:71:50:af:6b:1f:e1:0e:8a:92:97:eb:8d:23:55:53:fb:d9:7b:13
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 29:48:f4:67:bb:bd:7d:b5:b7:e3:67:a0:d1:6f:16:d2:a4:0c:86:9a
Fingerprint (sha256): 31:78:40:71:00:c2:6e:3d:e8:08:42:78:83:c0:69:10:11:e4:4d:6c:75:bc:ce:6f:98:f0:8a:da:13:f8:d2:e1

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate bywaterconsortium.aspendiscovery.org

8

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for bywaterconsortium.aspendiscovery.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

aspen-model.bywatersolutions.com
aspen-model2.bywatersolutions.com
aspen-sales01.bywatersolutions.com
bookmobile.aspendiscovery.org
bywaterconsortium.aspendiscovery.org
share-aspen-sales01.aspendiscovery.org
southwest.aspendiscovery.org
tribranches.aspendiscovery.org

Other certificates including the domain name aspendiscovery.org

(limited to 100 certificates)
catalog.plumcreeklibrary.net
catalog.eulesstx.gov
abbotsford.aspendiscovery.org
opac.westchesterlibraries.org
www.uintahlibrary.org
evpl.aspendiscovery.org
darien.aspendiscovery.org
cadl.aspendiscovery.org
vokal-aspen.bywatersolutions.com
catalog.eulesstx.gov
librarycat.marionfl.org
catalog.eulesstx.gov
mckinney.aspendiscovery.org
blackgold.org
mcpl.aspendiscovery.org
clams.aspendiscovery.org
opac.westchesterlibraries.org
gmilcs.aspendiscovery.org
acpl.us
spokane.aspendiscovery.org
catalog.sbplibrary.org
catalog.santafelibrary.org
monterey.aspendiscovery.org
bywaterconsortium.aspendiscovery.org
metrolibrary.aspendiscovery.org
help.aspendiscovery.org
mountainview.aspendiscovery.org
gmilcs.aspendiscovery.org
catalog.dubcolib.org
blackgold.org
gmilcs.aspendiscovery.org
catalog.dmpl.org
corvallis.aspendiscovery.org
clams.aspendiscovery.org
vokal-aspen.bywatersolutions.com
cedarpark.aspendiscovery.org
readokaloosa.org
ainsworth.aspendiscovery.org
blackgold.org
www.uintahlibrary.org
catalog.eulesstx.gov
blackgold.org
vokal-aspen.bywatersolutions.com
mountainview.aspendiscovery.org
catalog.sbplibrary.org
huntsville.aspendiscovery.org
bywaterconsortium.aspendiscovery.org
clams.aspendiscovery.org
clams.aspendiscovery.org
blackgold.org
cat.ryepubliclibrary.org
acpl.us
prosper.aspendiscovery.org
ramapo-koha.aspendiscovery.org
clams.aspendiscovery.org
acpl.us
corvallis.aspendiscovery.org
prosper.aspendiscovery.org
blackgold.org
pasco.aspendiscovery.org
ainsworth.aspendiscovery.org
catalog.slolibrary.org
metrolibrary.aspendiscovery.org
payson.aspendiscovery.org
fayetteville.aspendiscovery.org
readokaloosa.org
clams.aspendiscovery.org
catalog.losgatosca.gov
pcpls.aspendiscovery.org
aabrown.aspendiscovery.org
carnegiestout.aspendiscovery.org
catalog.ncwlibraries.org
blackgold.org
acpl.us
discover.knoxcountylibrary.org
abbott.aspendiscovery.org
fayetteville.aspendiscovery.org
acpl.us
clams.aspendiscovery.org
clams.aspendiscovery.org
maininc.aspendiscovery.org
catalog.eulesstx.gov
metroshare.aspendiscovery.org
pioneer.aspendiscovery.org
clams.aspendiscovery.org
abbotsford.aspendiscovery.org
gmilcs.aspendiscovery.org
metroshare.aspendiscovery.org
huntsville.aspendiscovery.org
catalog.ncwlibraries.org
rclstn.aspendiscovery.org
catalog.uintahlibrary.org
blackgold.org
epcounty.aspendiscovery.org
discover.knoxcountylibrary.org
acpl.us
gmilcs.aspendiscovery.org
epcounty.aspendiscovery.org
blackgold.org
catalog.helenplum.org

Certificate

The complete raw certificate details for bywaterconsortium.aspendiscovery.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGCDCCBPCgAwIBAgISAwIM3bez7LT5I6v053qEr0efMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAyMTgwODAzMTJaFw0yNDA1MTgwODAzMTFaMC8xLTArBgNVBAMT
JGJ5d2F0ZXJjb25zb3J0aXVtLmFzcGVuZGlzY292ZXJ5Lm9yZzCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMIJZxugvkC9oR36OxC8Rjyf2oVe7R8MiAST
HWiCBEI3lnQvSuKl/YcKVmLPS6dJl4akMrt2VHD6GZsoVbh2N4168n2i2mPMI5oZ
H6KFVio+tWrSrOrK/mt5ivwU8zhg9I+F+7jJ+Wdeyioctoefw8bvw4YB2Syda1vl
BrLP9qbaSiGUQGy2XK86T5ogSOf0Pz2fkqFai9FtrDSlz+2Wh67oVGVjpg8wV1TS
RfVchSVivgktA2B4m2YgUQUNTqD/R/Eu5SVLmVAjyX58lunHIuVD/oOkC+94r3Ng
CamCxkRzn7rOLwzY3YM45DPQem3f6DH3PURYM41d3R7LDQiYIhkCAwEAAaOCAxkw
ggMVMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU93FQr2sf4Q6KkpfrjSNVU/vZexMw
HwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBH
MCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKG
Fmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wggEhBgNVHREEggEYMIIBFIIgYXNwZW4t
bW9kZWwuYnl3YXRlcnNvbHV0aW9ucy5jb22CIWFzcGVuLW1vZGVsMi5ieXdhdGVy
c29sdXRpb25zLmNvbYIiYXNwZW4tc2FsZXMwMS5ieXdhdGVyc29sdXRpb25zLmNv
bYIdYm9va21vYmlsZS5hc3BlbmRpc2NvdmVyeS5vcmeCJGJ5d2F0ZXJjb25zb3J0
aXVtLmFzcGVuZGlzY292ZXJ5Lm9yZ4Imc2hhcmUtYXNwZW4tc2FsZXMwMS5hc3Bl
bmRpc2NvdmVyeS5vcmeCHHNvdXRod2VzdC5hc3BlbmRpc2NvdmVyeS5vcmeCHnRy
aWJyYW5jaGVzLmFzcGVuZGlzY292ZXJ5Lm9yZzATBgNVHSAEDDAKMAgGBmeBDAEC
ATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AEiw42vapkc0D+VqAvqdMOscUgHL
Vt0sgdm7v6s52IRzAAABjbt0hb8AAAQDAEYwRAIgBpgTCocLssH9lAa621wy7bW6
kfB69gp+KcxgT/CV0YACIGJcywxF/PWQUxv5h24cypZNczr06U1+iEw6y5tfswxV
AHYAO1N3dT4tuYBOizBbBv5AO2fYT8P0x70ADS1yb+H61BcAAAGNu3SHpgAABAMA
RzBFAiEAquXbVDAvSSCykW81PzC9BbfngWc1/jeKKVJvkUPDuq0CIFytxTN92Poj
neoMsQHXYEn/5XHYcVQuBtNtqs53ixKFMA0GCSqGSIb3DQEBCwUAA4IBAQCsyqst
NMU9mY/1069gwveUleVVbqO/G1yIyf7pz9YARcC2EzPajrOGF+BBNWAuzfMuf5qU
fVAFD5AsLxUath/jqyJ9UfsgJoloRHIgtOoSubJl8aWIhwFPY0Lvx0i6czjgXazD
4jpGcvI70KJhJaKxU6l8KPiJHQRaG+0lf2KSYl/y/h3HjUKMpflgQL7kwU1C8EPX
n5cMm8QadRb0GPVurlfEws2s649wA4JLxXc+ARXLhdKW1z8NT9bVCh1ocZC3+owe
ODr3GyNEq8QtMOxmhMK6E6UgWg9XjmUg6GKfEpOC/J+boAkNXs7d4rVaNZVhdNmQ
/s6CdOOxW8D8OZ8H
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwglnG6C+QL2hHfo7ELxG
PJ/ahV7tHwyIBJMdaIIEQjeWdC9K4qX9hwpWYs9Lp0mXhqQyu3ZUcPoZmyhVuHY3
jXryfaLaY8wjmhkfooVWKj61atKs6sr+a3mK/BTzOGD0j4X7uMn5Z17KKhy2h5/D
xu/DhgHZLJ1rW+UGss/2ptpKIZRAbLZcrzpPmiBI5/Q/PZ+SoVqL0W2sNKXP7ZaH
ruhUZWOmDzBXVNJF9VyFJWK+CS0DYHibZiBRBQ1OoP9H8S7lJUuZUCPJfnyW6cci
5UP+g6QL73ivc2AJqYLGRHOfus4vDNjdgzjkM9B6bd/oMfc9RFgzjV3dHssNCJgi
GQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 262034524488613827857980851788045186189215
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-18 08:03:12 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-18 08:03:11 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'bywaterconsortium.aspendiscovery.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24494867839805144045257040749328717421002358825870975688568373795775535122470114600336346713870497296243361750874189392464636714128087898451300269391744384996401485885722625715931051343539762079642709157230300589463162372980643563564209310853772618207853831740545677855329546069695723313473100850764876210467602699694541547176375502524510701290131737654065810286637676827311871122172554800806997139294578960764230419465170690275654502832583293836423860164775689500717276221476348166176563101369448605271325432301681033464183053965007590307288335182498649353679644928355118476458582192559744831669451154543732606902809
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f77150af6b1fe10e8a9297eb8d235553fbd97b13
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (280 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aspen-model.bywatersolutions.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aspen-model2.bywatersolutions.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aspen-sales01.bywatersolutions.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bookmobile.aspendiscovery.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bywaterconsortium.aspendiscovery.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'share-aspen-sales01.aspendiscovery.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'southwest.aspendiscovery.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tribranches.aspendiscovery.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef00750048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018dbb7485bf000004030046304402200698130a870bb2c1fd9406badb5c32edb5ba91f07af60a7e29cc604ff095d1800220625ccb0c45fcf590531bf9876e1cca964d733af4e94d7e884c3acb9b5fb30c550076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018dbb7487a60000040300473045022100aae5db54302f4920b2916f353f30bd05b7e7816735fe378a29526f9143c3baad02205cadc5337dd8fa239dea0cb101d76049ffe571d871542e06d36daace778b1285
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00accaab2d34c53d998ff5d3af60c2f79495e5556ea3bf1b5c88c9fee9cfd60045c0b61333da8eb38617e04135602ecdf32e7f9a947d50050f902c2f151ab61fe3ab227d51fb20268968447220b4ea12b9b265f1a58887014f6342efc748ba7338e05dacc3e23a4672f23bd0a26125a2b153a97c28f8891d045a1bed257f6292625ff2fe1dc78d428ca5f96040bee4c14d42f043d79f970c9bc41a7516f418f56eae57c4c2cdaceb8f7003824bc5773e0115cb85d296d73f0d4fd6d50a1d687190b7fa8c1e383af71b2344abc42d30ec6684c2ba13a5205a0f578e6520e8629f129382fc9f9ba0090d5ecedde2b55a35956174d990fece8274e3b15bc0fc399f07