www.heel.de
Issued by GeoTrust Global TLS RSA4096 SHA256 2022 CA1
About this certificate
This digital certificate with serial number 0b:b0:f4:c2:27:c4:bb:19:25:07:a2:49:86:3e:70:8f was issued on by DigiCert, Inc..
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=www.heel.de
DigiCert, Inc.
Organization:
DigiCert, Inc.
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 0b:b0:f4:c2:27:c4:bb:19:25:07:a2:49:86:3e:70:8fSerial Number (int): 15540316491250771429474284499678163087
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: a9:11:b2:d5:a4:3b:90:ef:bc:24:c5:e9:22:68:81:7f:62:34:aa:3c
AuthorityKeyId: a5:b4:d6:eb:36:c4:e7:6b:a6:df:c4:64:0b:01:2a:20:04:b8:66:23
Fingerprint (sha1): 09:c1:16:d7:ff:9d:f9:18:6c:4f:c3:94:7d:54:85:a9:45:e6:93:ac
Fingerprint (sha256): 31:b1:b1:b3:7d:61:14:1e:2a:e5:dc:28:e7:47:88:1b:ff:a4:51:c4:32:ea:28:57:c7:18:3b:37:34:07:21:6d
Issuing Certificate URL: http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt
Revocation information
OCSP Server: http://ocsp.digicert.comCRL Distribution Point: http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl
CRL Distribution Point: http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl
Check the revocation status for certificate www.heel.de
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for www.heel.de
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
www.heel.de
Other certificates including the domain name heel.de
(limited to 100 certificates)
lauf.heel.de
lauf.heel.de
lauf.heel.de
lauf.heel.de
heel.de
karriere.heel.de
karriere.heel.de
heel.com
heel.de
heel.de
www.heel.de
heel.de
karriere.heel.de
heel.de
heel.de
heel.de
karriere.heel.de
heel.de
lauf.heel.de
secured.heel.de
heel.com
heel.de
heel.de
secured.heel.de
heel.de
secured.heel.de
www.heel.de
karriere.heel.de
*.heel.de
secured.heel.de
secured.heel.de
karriere.heel.de
heel.de
secured.heel.de
heel.de
lsac.heel.com
lauf.heel.de
karriere.heel.de
heel.com
lauf.heel.de
*.heel.de
karriere.heel.de
heel.de
heel.de
lauf.heel.de
heel.de
secured.heel.de
heel.de
karriere.heel.de
lauf.heel.de
karriere.heel.de
*.heel.de
lauf.heel.de
lauf.heel.de
lauf.heel.de
heel.de
karriere.heel.de
karriere.heel.de
heel.com
heel.de
heel.de
www.heel.de
heel.de
karriere.heel.de
heel.de
heel.de
heel.de
karriere.heel.de
heel.de
lauf.heel.de
secured.heel.de
heel.com
heel.de
heel.de
secured.heel.de
heel.de
secured.heel.de
www.heel.de
karriere.heel.de
*.heel.de
secured.heel.de
secured.heel.de
karriere.heel.de
heel.de
secured.heel.de
heel.de
lsac.heel.com
lauf.heel.de
karriere.heel.de
heel.com
lauf.heel.de
*.heel.de
karriere.heel.de
heel.de
heel.de
lauf.heel.de
heel.de
secured.heel.de
heel.de
karriere.heel.de
lauf.heel.de
karriere.heel.de
*.heel.de
Certificate
The complete raw certificate details for www.heel.de in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHhDCCBWygAwIBAgIQC7D0wifEuxklB6JJhj5wjzANBgkqhkiG9w0BAQsFADBc MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT K0dlb1RydXN0IEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN MjMxMTI3MDAwMDAwWhcNMjQwNTI3MjM1OTU5WjAWMRQwEgYDVQQDEwt3d3cuaGVl bC5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJQRzbLXkTwtn2WD TvPKMkeoAOKr7uiHH4LHFl2/4ZJ2FFJN2vDNTx6VtRQ1Sdj6E+lJXKmuG94D8MP4 yDncyBhhdtNJdgFy9xRBmEZHvCNgoM8tpjTI2cOmR4kec3sns4a+m5f0HI32r1EC 4BBAW4FC8qX6nNC8VzIlONrYYm2KBCd2gl+sm73HSrf0kdmSS6MkoKlJxZQOGcSl 54vpU1Ip2QxQUeCu8kpMrJ5JKEHIeyRjN2yziNM4vKrwPqM0qp4KBZiGiO2qB5LA KlKoPJNWYQjziiPCdJF5eLYi4sxVbYGI0O3XxcAQgOA+WgPmdaEZKjrceNIVsceE dBK0EpECAwEAAaOCA4YwggOCMB8GA1UdIwQYMBaAFKW01us2xOdrpt/EZAsBKiAE uGYjMB0GA1UdDgQWBBSpEbLVpDuQ77wkxekiaIF/YjSqPDAWBgNVHREEDzANggt3 d3cuaGVlbC5kZTA+BgNVHSAENzA1MDMGBmeBDAECATApMCcGCCsGAQUFBwIBFhto dHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0fBIGXMIGUMEigRqBEhkJo dHRwOi8vY3JsMy5kaWdpY2VydC5jb20vR2VvVHJ1c3RHbG9iYWxUTFNSU0E0MDk2 U0hBMjU2MjAyMkNBMS5jcmwwSKBGoESGQmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNv bS9HZW9UcnVzdEdsb2JhbFRMU1JTQTQwOTZTSEEyNTYyMDIyQ0ExLmNybDCBhwYI KwYBBQUHAQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j b20wUQYIKwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9HZW9U cnVzdEdsb2JhbFRMU1JTQTQwOTZTSEEyNTYyMDIyQ0ExLmNydDAMBgNVHRMBAf8E AjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdQB2/4g/Crb7lVHCYcz1h7o0 tKTNuyncaEIKn+ZnTFo6dAAAAYwQQ6t2AAAEAwBGMEQCIAjEWPUqlBMv5D4psDku 44avC5mzGiZ98YceMsE3e2PrAiAOQsNzhPPL0FycYMMNeUC5QfrrvVVxnfYg4lTi 08y1OgB2AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABjBBDqzQA AAQDAEcwRQIhAJp63J7UWgc+9PAgtwjKvtD/XBh6vHS/hkwiaDWIFvXQAiBJrDwR nW4omdU4Dmoifx8kXdwrta9558OczQ5nENlPegB2ANq2v2s/tbYin5vCu1xr6HCR cWy7UYSFNL2kPTBI1/urAAABjBBDqy4AAAQDAEcwRQIhAP1+CuN9j92xXoMhSaxu PxM8sEWzq90Hb0yBvdUsXDXAAiBFDSAuoOGosT41KEWhcUsOsc1piH4MN646xR+6 GHKAKDANBgkqhkiG9w0BAQsFAAOCAgEAXsQwi0eLCGswlUHUi2XNSCvVwISkI8gI JoSJ28gPjhG8utgo03VHOKRRsxIyR/JS2ly3O77/J+HBuDkQ4f7sc1RmB1FnAq+O PqPgGgn7mGCQA1K547Bj5GKDdAiVScBARLuG2N9ns5Bc0+Jd/wkVFLe5VJS4Ksnj V9Djfttai+SS2ULv8Uq0OSIQjKLeBT6r27lNTfR/ONscYXzhA6xWIvKMaP+WnCoD RTWsKkjolv5HMbVmmsR0XngBSQE+YnlfBtGn6ZDNEnMMjjpOr0QgPj8tM0HdnxUH YoBxo4irfXHTQi9WBZ7Be+T+DtL0kVf2NMDEaZ7Q6pc/5WtEqw7VR8DjF5FMbN0U Vw5grwrFCJ7coG1eusmpFAw5qbqMM973VimQf1DtLt9L/URSOBfQ7cV078zSXDxA ikxInhjfJHOV7AcS7V4eeIKFQdlEvamDiaroOczeV5UzblVko7Yp8/qNrwH1v1KW p/R+78S4tx/sBEkF8QUgrnpdKRvqBSp7i1sZnQOzxIk7FUl3PJT16ut0+J8VtM57 Ghc2gohe4MHIRQfyjCwaGwpRLyFIoX//2k0Uf8+odDvpGukj7sN6qVWOxKQnKknY XA294ruHAEGyFfHqzVFGjRvZ1k5hpuJLcpxU5gV6ox/qWuXUDGaB016okJhFHJml Fd8JVoZyrqE= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBHNsteRPC2fZYNO88oy R6gA4qvu6IcfgscWXb/hknYUUk3a8M1PHpW1FDVJ2PoT6Ulcqa4b3gPww/jIOdzI GGF200l2AXL3FEGYRke8I2Cgzy2mNMjZw6ZHiR5zeyezhr6bl/QcjfavUQLgEEBb gULypfqc0LxXMiU42thibYoEJ3aCX6ybvcdKt/SR2ZJLoySgqUnFlA4ZxKXni+lT UinZDFBR4K7ySkysnkkoQch7JGM3bLOI0zi8qvA+ozSqngoFmIaI7aoHksAqUqg8 k1ZhCPOKI8J0kXl4tiLizFVtgYjQ7dfFwBCA4D5aA+Z1oRkqOtx40hWxx4R0ErQS kQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 15540316491250771429474284499678163087 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Global TLS RSA4096 SHA256 2022 CA1' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-27 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-27 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.heel.de' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 18692048373044866777128264450638383876516602916446910588450424687940976748237460603019189496777023419722679062184277427825464547036610011198764487791759769680207691476058644274234970338877124869312476259411722304339541904753630496331363129946997255534679942682459895220474248666191975088223431567626003529839951174895807533639721198367324979262055541280231067067595368277896156704264305084290712506994884263764846246607368565819576848080968317722126641294984814553536498742100192052930461352557611698210738850074974355321796081389778501302244593027793038906725405401124885773047275663809691534285330327069143271215761 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a5b4d6eb36c4e76ba6dfc4640b012a2004b86623 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) a911b2d5a43b90efbc24c5e92268817f6234aa3c . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (15 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.heel.de' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes) 016700750076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018c1043ab760000040300463044022008c458f52a94132fe43e29b0392ee386af0b99b31a267df1871e32c1377b63eb02200e42c37384f3cbd05c9c60c30d7940b941faebbd55719df620e254e2d3ccb53a00760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018c1043ab3400000403004730450221009a7adc9ed45a073ef4f020b708cabed0ff5c187abc74bf864c2268358816f5d0022049ac3c119d6e2899d5380e6a227f1f245ddc2bb5af79e7c39ccd0e6710d94f7a007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018c1043ab2e0000040300473045022100fd7e0ae37d8fddb15e832149ac6e3f133cb045b3abdd076f4c81bdd52c5c35c00220450d202ea0e1a8b13e352845a1714b0eb1cd69887e0c37ae3ac51fba18728028 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 005ec4308b478b086b309541d48b65cd482bd5c084a423c808268489dbc80f8e11bcbad828d3754738a451b3123247f252da5cb73bbeff27e1c1b83910e1feec73546607516702af8e3ea3e01a09fb9860900352b9e3b063e4628374089549c04044bb86d8df67b3905cd3e25dff091514b7b95494b82ac9e357d0e37edb5a8be492d942eff14ab43922108ca2de053eabdbb94d4df47f38db1c617ce103ac5622f28c68ff969c2a034535ac2a48e896fe4731b5669ac4745e780149013e62795f06d1a7e990cd12730c8e3a4eaf44203e3f2d3341dd9f1507628071a388ab7d71d3422f56059ec17be4fe0ed2f49157f634c0c4699ed0ea973fe56b44ab0ed547c0e317914c6cdd14570e60af0ac5089edca06d5ebac9a9140c39a9ba8c33def75629907f50ed2edf4bfd44523817d0edc574efccd25c3c408a4c489e18df247395ec0712ed5e1e78828541d944bda98389aae839ccde5795336e5564a3b629f3fa8daf01f5bf5296a7f47eefc4b8b71fec044905f10520ae7a5d291bea052a7b8b5b199d03b3c4893b1549773c94f5eaeb74f89f15b4ce7b1a173682885ee0c1c84507f28c2c1a1b0a512f2148a17fffda4d147fcfa8743be91ae923eec37aa9558ec4a4272a49d85c0dbde2bb870041b215f1eacd51468d1bd9d64e61a6e24b729c54e6057aa31fea5ae5d40c6681d35ea89098451c99a515df09568672aea1