query.prodpciconn2.us-west-2.tktm.io
Issued by R3
About this certificate
This digital certificate with serial number 03:79:0a:27:29:57:37:7a:3e:0c:4c:c9:a4:3e:09:6a:a6:9a was issued on by Let's Encrypt.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=query.prodpciconn2.us-west-2.tktm.io
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 03:79:0a:27:29:57:37:7a:3e:0c:4c:c9:a4:3e:09:6a:a6:9aSerial Number (int): 302524519810738439381909844483822458676890
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 35:89:67:6c:20:39:97:83:58:44:1e:52:b5:7f:8d:fd:01:cc:fa:ee
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): a3:de:9b:ec:58:65:b9:7c:7e:ca:5f:8e:37:b5:bd:97:fe:74:33:df
Fingerprint (sha256): 33:d5:e6:67:1c:65:71:09:79:47:57:24:fa:4b:89:d1:09:e0:98:e3:59:68:13:c0:00:5d:ce:5a:22:20:ae:63
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate query.prodpciconn2.us-west-2.tktm.io
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for query.prodpciconn2.us-west-2.tktm.io
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
query.prodpciconn2.us-west-2.tktm.io
Other certificates including the domain name tktm.io
(limited to 100 certificates)
*.cctm.dev1.nonprod3.us-east-1.tktm.io
*.nam.prd214.prodpci4.us-west-2.tktm.io
synthetics-monitoring-backend.prd214.prod9.us-east-1.tktm.io
fraud-3ds-service.prd115.preprodpci4.us-west-2.tktm.io
*.prd1688.prodpci9.us-east-1.tktm.io
pxy.cts.prod2.pci-tmaws.io
app.shared-data.prod1.us-east-1.prod-tmaws.io
prd130.preprod10.us-west-2.tktm.io
fraud-3ds-service.prd2279.qapci1.nonprod3.us-east-1.tktm.io
gateway-ui.prd1902.nonprod9.us-east-1.tktm.io
*.titan.prod3.us-east-1.tktm.io
ticketmaster6.map.fastly.net
thanos-query-devx.nonprod9.us-east-1.tktm.io
app.loyalty-service.preprod3.us-east-1.tktm.io
kiali.sandbox5.us-east-1.tktm.io
ticketmaster6.map.fastly.net
ticketmaster6.map.fastly.net
prometheus-k8s.nonprod9.us-east-1.tktm.io
ticketmaster6.map.fastly.net
*.sandbox5.us-east-1.tktm.io
*.dev.amex-otl.develop.prd150.nonprod3.us-east-1.tktm.io
ticketmaster6.map.fastly.net
*.nam.prd214.nonprod5.us-east-1.tktm.io
ticketmaster6.map.fastly.net
checkout.tmc.prd3392.prod10.us-west-2.tktm.io
ra.prd2269.preprodpci5.us-east-1.tktm.io
ticketmaster6.map.fastly.net
ra.prd2269.prodpci6.us-west-2.tktm.io
pxy.pci.cts.dev2.nonprod-tmaws.io
*.nam.prd214.prodpci4.us-west-2.tktm.io
app.parkwhiz-service.qa.prd235.nonprod3.us-east-1.tktm.io
fraud-3ds-service.prd115.prodpci4.us-west-2.tktm.io
bucket.prodpciconn1.us-east-1.tktm.io
ticketmaster6.map.fastly.net
*.checkout.nonprod5.us-east-1.tktm.io
ticketmaster6.map.fastly.net
pxy.cts.preprod2.pci-tmaws.io
lightstep.prodpci.eu-central-1.tktm.io
k8s.prodpciconn2.us-west-2.tktm.io
distributor.mimir.nonprod9.us-east-1.tktm.io
*.titan.preprod3.us-east-1.tktm.io
*.prd1902.nonprod5.us-east-1.tktm.io
*.nam.prd214.nonprod3.us-east-1.tktm.io
*.nam.prd214.prodpci6.us-west-2.tktm.io
*.em.prd214.prod6.us-west-2.tktm.io
ticketmaster6.map.fastly.net
*.prd1688.prodpci9.us-east-1.tktm.io
*.titan.prod4.us-west-2.tktm.io
*.titan.nonprod3.us-east-1.tktm.io
qa1-monoql.titan.nonprod-tmaws.io
fraud-3ds-service.preprodpci5.us-east-1.tktm.io
*.bdt.nonprod3.us-east-1.tktm.io
ticketmaster6.map.fastly.net
gangway.prodpciconn1.us-east-1.tktm.io
*.nam.prd214.prodpci3.us-east-1.tktm.io
ticketmaster6.map.fastly.net
ticketmaster6.map.fastly.net
ticketmaster6.map.fastly.net
prometheus-hpa.nonprod9.us-east-1.tktm.io
k8s.nonprod9.us-east-1.tktm.io
inventory.tktm.io
ticketmaster6.map.fastly.net
grafana-dr.sharedsvcs3.eu-central-1.tktm.io
ticketmaster6.map.fastly.net
*.prd1688.prodpci5.us-east-1.tktm.io
*.bdt.nonprod3.us-east-1.tktm.io
app.cors-proxy.prod.prd2166.prod5.us-east-1.tktm.io
querier.mimir.sandbox11.us-east-1.tktm.io
ticketmaster6.map.fastly.net
*.beta.ticketmaster.ae
prometheus-hpa.prodpciconn2.us-west-2.tktm.io
*.nam.prd214.preprodpci6.us-west-2.tktm.io
ticketmaster6.map.fastly.net
query.prodpciconn2.us-west-2.tktm.io
*.slas-service.prod.prd2166.prod5.us-east-1.tktm.io
*.nam.prd214.prodpci3.us-east-1.tktm.io
*.em.prd214.preprod6.us-west-2.tktm.io
fraud-3ds-service.prd2279.preprodpci3.us-east-1.tktm.io
ra.prd245.prodpci4.us-west-2.tktm.io
ticketmaster6.map.fastly.net
app.tmp-python-app.dev1.nonprod9.us-east-1.tktm.io
ticketmaster6.map.fastly.net
*.fraud-3ds-service.prd115.dev1.nonprod3.us-east-1.tktm.io
controller.prd1224.nonprod3.us-east-1.tktm.io
app.tmp-python-app.preprod.preprod9.us-east-1.tktm.io
*.prd124.prod3.us-east-1.tktm.io
ticketmaster6.map.fastly.net
*.prd146.preprod4.us-west-2.tktm.io
log-fastly.tm1.prod9.us-east-1.tktm.io
*.prod8.us-west-2.tktm.io
*.prd1688.prodpci3.us-east-1.tktm.io
*.fraud-3ds-service.prd2279.dev1.nonprod3.us-east-1.tktm.io
*.insurance-service.prd1721.prod6.us-west-2.tktm.io
fraud-3ds-service.prodpci6.us-west-2.tktm.io
*.nonprod7.us-east-1.tktm.io
ticketmaster6.map.fastly.net
ticketmaster6.map.fastly.net
dbdm.prd1688.prod3.us-east-1.tktm.io
ticketmaster6.map.fastly.net
synth-monitoring-stg-backend.prd214.prod9.us-east-1.tktm.io
*.nam.prd214.prodpci4.us-west-2.tktm.io
synthetics-monitoring-backend.prd214.prod9.us-east-1.tktm.io
fraud-3ds-service.prd115.preprodpci4.us-west-2.tktm.io
*.prd1688.prodpci9.us-east-1.tktm.io
pxy.cts.prod2.pci-tmaws.io
app.shared-data.prod1.us-east-1.prod-tmaws.io
prd130.preprod10.us-west-2.tktm.io
fraud-3ds-service.prd2279.qapci1.nonprod3.us-east-1.tktm.io
gateway-ui.prd1902.nonprod9.us-east-1.tktm.io
*.titan.prod3.us-east-1.tktm.io
ticketmaster6.map.fastly.net
thanos-query-devx.nonprod9.us-east-1.tktm.io
app.loyalty-service.preprod3.us-east-1.tktm.io
kiali.sandbox5.us-east-1.tktm.io
ticketmaster6.map.fastly.net
ticketmaster6.map.fastly.net
prometheus-k8s.nonprod9.us-east-1.tktm.io
ticketmaster6.map.fastly.net
*.sandbox5.us-east-1.tktm.io
*.dev.amex-otl.develop.prd150.nonprod3.us-east-1.tktm.io
ticketmaster6.map.fastly.net
*.nam.prd214.nonprod5.us-east-1.tktm.io
ticketmaster6.map.fastly.net
checkout.tmc.prd3392.prod10.us-west-2.tktm.io
ra.prd2269.preprodpci5.us-east-1.tktm.io
ticketmaster6.map.fastly.net
ra.prd2269.prodpci6.us-west-2.tktm.io
pxy.pci.cts.dev2.nonprod-tmaws.io
*.nam.prd214.prodpci4.us-west-2.tktm.io
app.parkwhiz-service.qa.prd235.nonprod3.us-east-1.tktm.io
fraud-3ds-service.prd115.prodpci4.us-west-2.tktm.io
bucket.prodpciconn1.us-east-1.tktm.io
ticketmaster6.map.fastly.net
*.checkout.nonprod5.us-east-1.tktm.io
ticketmaster6.map.fastly.net
pxy.cts.preprod2.pci-tmaws.io
lightstep.prodpci.eu-central-1.tktm.io
k8s.prodpciconn2.us-west-2.tktm.io
distributor.mimir.nonprod9.us-east-1.tktm.io
*.titan.preprod3.us-east-1.tktm.io
*.prd1902.nonprod5.us-east-1.tktm.io
*.nam.prd214.nonprod3.us-east-1.tktm.io
*.nam.prd214.prodpci6.us-west-2.tktm.io
*.em.prd214.prod6.us-west-2.tktm.io
ticketmaster6.map.fastly.net
*.prd1688.prodpci9.us-east-1.tktm.io
*.titan.prod4.us-west-2.tktm.io
*.titan.nonprod3.us-east-1.tktm.io
qa1-monoql.titan.nonprod-tmaws.io
fraud-3ds-service.preprodpci5.us-east-1.tktm.io
*.bdt.nonprod3.us-east-1.tktm.io
ticketmaster6.map.fastly.net
gangway.prodpciconn1.us-east-1.tktm.io
*.nam.prd214.prodpci3.us-east-1.tktm.io
ticketmaster6.map.fastly.net
ticketmaster6.map.fastly.net
ticketmaster6.map.fastly.net
prometheus-hpa.nonprod9.us-east-1.tktm.io
k8s.nonprod9.us-east-1.tktm.io
inventory.tktm.io
ticketmaster6.map.fastly.net
grafana-dr.sharedsvcs3.eu-central-1.tktm.io
ticketmaster6.map.fastly.net
*.prd1688.prodpci5.us-east-1.tktm.io
*.bdt.nonprod3.us-east-1.tktm.io
app.cors-proxy.prod.prd2166.prod5.us-east-1.tktm.io
querier.mimir.sandbox11.us-east-1.tktm.io
ticketmaster6.map.fastly.net
*.beta.ticketmaster.ae
prometheus-hpa.prodpciconn2.us-west-2.tktm.io
*.nam.prd214.preprodpci6.us-west-2.tktm.io
ticketmaster6.map.fastly.net
query.prodpciconn2.us-west-2.tktm.io
*.slas-service.prod.prd2166.prod5.us-east-1.tktm.io
*.nam.prd214.prodpci3.us-east-1.tktm.io
*.em.prd214.preprod6.us-west-2.tktm.io
fraud-3ds-service.prd2279.preprodpci3.us-east-1.tktm.io
ra.prd245.prodpci4.us-west-2.tktm.io
ticketmaster6.map.fastly.net
app.tmp-python-app.dev1.nonprod9.us-east-1.tktm.io
ticketmaster6.map.fastly.net
*.fraud-3ds-service.prd115.dev1.nonprod3.us-east-1.tktm.io
controller.prd1224.nonprod3.us-east-1.tktm.io
app.tmp-python-app.preprod.preprod9.us-east-1.tktm.io
*.prd124.prod3.us-east-1.tktm.io
ticketmaster6.map.fastly.net
*.prd146.preprod4.us-west-2.tktm.io
log-fastly.tm1.prod9.us-east-1.tktm.io
*.prod8.us-west-2.tktm.io
*.prd1688.prodpci3.us-east-1.tktm.io
*.fraud-3ds-service.prd2279.dev1.nonprod3.us-east-1.tktm.io
*.insurance-service.prd1721.prod6.us-west-2.tktm.io
fraud-3ds-service.prodpci6.us-west-2.tktm.io
*.nonprod7.us-east-1.tktm.io
ticketmaster6.map.fastly.net
ticketmaster6.map.fastly.net
dbdm.prd1688.prod3.us-east-1.tktm.io
ticketmaster6.map.fastly.net
synth-monitoring-stg-backend.prd214.prod9.us-east-1.tktm.io
Certificate
The complete raw certificate details for query.prodpciconn2.us-west-2.tktm.io in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIEIjCCAwqgAwIBAgISA3kKJylXN3o+DEzJpD4JaqaaMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDA0MDIwODI3NTJaFw0yNDA3MDEwODI3NTFaMC8xLTArBgNVBAMT JHF1ZXJ5LnByb2RwY2ljb25uMi51cy13ZXN0LTIudGt0bS5pbzCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAJt4BL/KtpDQPkBL0BXay8jyYdrxP3Wqfqeh 1dFPu4ZW0Dl5kgnT4hgpM1WpBbUQD6CHKCBxqyKzu0N2sqVCiidBhVXDCF9nGwF+ v6pDO3KvrInH+a23m7j8xYnsM2yzunUFyx0Yh3VwTbJ9b/3FykD24YLDkq0IaAjz g6b06Le2mEK1k3c1r8XIi0Yov3108Us5YW6wfpPz8Uf+eD3CBIaHytzqN25G7to+ f7w+qaa5FJji02F71liKBCPgvnrYHXx7kosmV75rexZZPh+/XfckHeyRTlrRod3j 3QsJbnsY0IgJLw3Qzib7LO3HBHjkp30YWrAO9/T13CohZU0bLaMCAwEAAaOCATMw ggEvMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUNYlnbCA5l4NYRB5StX+N/QHM+u4w HwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBH MCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKG Fmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wLwYDVR0RBCgwJoIkcXVlcnkucHJvZHBj aWNvbm4yLnVzLXdlc3QtMi50a3RtLmlvMBMGA1UdIAQMMAowCAYGZ4EMAQIBMBMG CisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQB4bPdo6iNhAOBB J6LXqAKvYvGG+VwJpWHmCGwH94IedXsblwmA9oaZgH2sJrfezhZxvkKw8s6UwFKe oQeKxjdJIEHS4Vk6G8fXGr+pUC8Aod0a8GaPIHaVnsOxz8xjluyy397+ZP21Eqc/ lHLC1MyUAFccBiVjps31Hv+AsU3Et6gOqAdE/p+amq0Odl3sTnTILQRaTFoafF9o ssWyDej8Sui20xykSq4dRsBjY/1V+WwMjHOG3vt6VmahYNpF4RQTH8AYPWl6hrWV qFSSXGqtDJ0WKUgGn1Xv2SiTNNAGyBleir6eQTKICsdKct4tpoaThZ72mscct9Am LJsHfpKi -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3gEv8q2kNA+QEvQFdrL yPJh2vE/dap+p6HV0U+7hlbQOXmSCdPiGCkzVakFtRAPoIcoIHGrIrO7Q3aypUKK J0GFVcMIX2cbAX6/qkM7cq+sicf5rbebuPzFiewzbLO6dQXLHRiHdXBNsn1v/cXK QPbhgsOSrQhoCPODpvTot7aYQrWTdzWvxciLRii/fXTxSzlhbrB+k/PxR/54PcIE hofK3Oo3bkbu2j5/vD6pprkUmOLTYXvWWIoEI+C+etgdfHuSiyZXvmt7Flk+H79d 9yQd7JFOWtGh3ePdCwluexjQiAkvDdDOJvss7ccEeOSnfRhasA739PXcKiFlTRst owIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 302524519810738439381909844483822458676890 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-02 08:27:52 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-01 08:27:51 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'query.prodpciconn2.us-west-2.tktm.io' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19626120623283130135489471828197799973659198815272595891905876997586542214729814713555130356647332111254412889503835199534232288197155870912512219486239830652227501224993295902887004361725882118358820359242483324331593431503801473002831481230449409332518711814254364112348542462424145983382884913570440323286407373492869846072204499605571872043193896585791740967568899130419593887814942783611979557903985934576303459317801035390546147008539474238657045058982508487215963235083964483448444107607779502857592575228964282930262869639336344388189404935721395123208687274086370895277022149276515406285236763964709703200163 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 3589676c2039978358441e52b57f8dfd01ccfaee . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'query.prodpciconn2.us-west-2.tktm.io' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00786cf768ea236100e04127a2d7a802af62f186f95c09a561e6086c07f7821e757b1b970980f68699807dac26b7dece1671be42b0f2ce94c0529ea1078ac637492041d2e1593a1bc7d71abfa9502f00a1dd1af0668f2076959ec3b1cfcc6396ecb2dfdefe64fdb512a73f9472c2d4cc9400571c062563a6cdf51eff80b14dc4b7a80ea80744fe9f9a9aad0e765dec4e74c82d045a4c5a1a7c5f68b2c5b20de8fc4ae8b6d31ca44aae1d46c06363fd55f96c0c8c7386defb7a5666a160da45e114131fc0183d697a86b595a854925c6aad0c9d162948069f55efd9289334d006c8195e8abe9e4132880ac74a72de2da68693859ef69ac71cb7d0262c9b077e92a2