digital.returnpath.com

Issued by Amazon

About this certificate

This digital certificate with serial number 0a:89:5f:46:2e:02:6c:8b:42:e0:4d:b3:8f:6c:8a:81 was issued on by Amazon.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=digital.returnpath.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0a:89:5f:46:2e:02:6c:8b:42:e0:4d:b3:8f:6c:8a:81
Serial Number (int): 14005557016591393909258270758742559361
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: e9:5d:af:a7:33:49:e1:63:ca:29:64:60:ff:9a:e7:2b:be:42:7f:39
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 19:4b:f3:6e:a8:87:c3:30:56:83:87:f8:b1:b2:3f:09:ca:a2:47:21
Fingerprint (sha256): 34:6a:8b:d0:11:b9:98:1f:df:80:42:97:b4:21:56:51:cc:0a:b3:b4:99:3a:70:7a:35:2a:22:58:ec:fe:47:e5

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate digital.returnpath.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for digital.returnpath.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

digital.returnpath.com

Other certificates including the domain name returnpath.com

(limited to 100 certificates)
pages.returnpath.com
help.returnpath.com
5663998322147328-fe1.pantheonsite.io
help.returnpath.com
apistatus.returnpath.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
*.returnpath.com
5663998322147328-fe1.pantheonsite.io
5675214360805376-fe2.pantheonsite.io
apistatus.returnpath.com
blog.returnpath.com
5675214360805376-fe2.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
apistatus.returnpath.com
5675214360805376-fe2.pantheonsite.io
apistatus.returnpath.com
5663998322147328-fe1.pantheonsite.io
apistatus.returnpath.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
apistatus.returnpath.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
5675214360805376-fe2.pantheonsite.io
billing.returnpath.com
andrei.sterda.com
5675214360805376-fe2.pantheonsite.io
apistatus.returnpath.com
pages.returnpath.com
5663998322147328-fe1.pantheonsite.io
apistatus.returnpath.com
5675214360805376-fe2.pantheonsite.io
5675214360805376-fe2.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
5675214360805376-fe2.pantheonsite.io
5675214360805376-fe2.pantheonsite.io
billing.returnpath.com
apistatus.returnpath.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
apistatus.returnpath.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
5675214360805376-fe2.pantheonsite.io
5675214360805376-fe2.pantheonsite.io
apistatus.returnpath.com
5675214360805376-fe2.pantheonsite.io
5675214360805376-fe2.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
andrei.sterda.com
apistatus.returnpath.com
5663998322147328-fe1.pantheonsite.io
email.returnpath.com
apistatus.returnpath.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
help.returnpath.com
5675214360805376-fe2.pantheonsite.io
5675214360805376-fe2.pantheonsite.io
apistatus.returnpath.com
5663998322147328-fe1.pantheonsite.io
apistatus.returnpath.com
5675214360805376-fe2.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
apistatus.returnpath.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
apistatus.returnpath.com
5675214360805376-fe2.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
5675214360805376-fe2.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
apistatus.returnpath.com
5675214360805376-fe2.pantheonsite.io
5675214360805376-fe2.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
apistatus.returnpath.com
5663998322147328-fe1.pantheonsite.io
andrei.sterda.com
5675214360805376-fe2.pantheonsite.io
apistatus.returnpath.com
5675214360805376-fe2.pantheonsite.io
apistatus.returnpath.com
apistatus.returnpath.com
email.returnpath.com
billing.returnpath.com
5663998322147328-fe1.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
apistatus.returnpath.com
andrei.sterda.com
apistatus.returnpath.com
blog.returnpath.com
5675214360805376-fe2.pantheonsite.io
5663998322147328-fe1.pantheonsite.io
5675214360805376-fe2.pantheonsite.io
5663998322147328-fe1.pantheonsite.io

Certificate

The complete raw certificate details for digital.returnpath.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgIQColfRi4CbItC4E2zj2yKgTANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTA4MTQwMDAwMDBaFw0yMDA5MTQx
MjAwMDBaMCExHzAdBgNVBAMTFmRpZ2l0YWwucmV0dXJucGF0aC5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7W+JHvwoHSP4v5pVUinSmwD3r7Qep
q+rJakuXEdwVxQEUfevu6uwawD9eCZbaxHLKhb7+mMaQOr6SrUQgL4Gncza8eilV
arqwzpp3J5k0+Gtrd6d2rt1xknlEBFpq5xOSpzfsG1PYUohaypgDWwkg/RzbJOmF
2LhIutniFclni4LudK+TZ4lS+Q1qFonXp7r43zhTny+Cj14l1SBeKsiew7rJiQ8p
9gCpA5XeK8Kk/TuKlF8eqTa7e0rOO4gR20WPxswWc6SI/w4Q4ID9T0HOf3ovUsVX
WUY+sO9YW6/3azKAKVIOM9r3fhr8fZ2H2VJwDydfAgxa+s3ZDRE7oVcRAgMBAAGj
ggKCMIICfjAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4E
FgQU6V2vpzNJ4WPKKWRg/5rnK75CfzkwIQYDVR0RBBowGIIWZGlnaXRhbC5yZXR1
cm5wYXRoLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuc2NhMWIuYW1h
em9udHJ1c3QuY29tL3NjYTFiLmNybDAgBgNVHSAEGTAXMAsGCWCGSAGG/WwBAjAI
BgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2Nz
cC5zY2ExYi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQu
c2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8EAjAAMIIB
BAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUuga
kJZkNo4e0YUAAAFsjbMrQgAABAMARzBFAiA8yqYDb2cFfDhNvyIIHa1zSBXz2NRa
+RFTlSNQ/7gWBAIhAIAIBfm3kiT1Y/8TsP3HWNg5HpYMNgp2HiP96v0L1xPJAHYA
h3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFsjbMrjgAABAMARzBF
AiEAoffIO8xMfyVcJWENImMJnySt6i4yjGIxVHdSiMvwoDYCIBVpJOJSx3RYk9yV
6VO46mXKfDiVntfTa/sEZxUPi0bkMA0GCSqGSIb3DQEBCwUAA4IBAQCawT3WjL8A
m1Ttw4Qzb7adaeaYluZa46D4XLnmD6tOWu+EVuY7ukq9fChPJYKWebnlj/ttX5em
/eySuaxoJRMPXyRIWqB3MnZmj2yQvq2YEJp0H7Xpzaa3X4dov2YBZGdDeYtjV+vY
jLozrsEmd5I+OfS+bACO8qgb1IotXtWzkRrP2CEXEAP1BTnGLuQGdhVu1EJEj6Gj
kW2sdJyFomczUIjhpbTQrqseRYY8AQBTYGx1f3OBX2NHrtst3Hm6kfRB1OJp5kjQ
Cbpm3Xr0hWs/cDIR3mBqp0acU0jvjb17fXQMP5bBx87FSAB1W1iCED4qmUj/MnQ5
bHF0VauEGQtJ
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1viR78KB0j+L+aVVIp0
psA96+0HqavqyWpLlxHcFcUBFH3r7ursGsA/XgmW2sRyyoW+/pjGkDq+kq1EIC+B
p3M2vHopVWq6sM6adyeZNPhra3endq7dcZJ5RARaaucTkqc37BtT2FKIWsqYA1sJ
IP0c2yTphdi4SLrZ4hXJZ4uC7nSvk2eJUvkNahaJ16e6+N84U58vgo9eJdUgXirI
nsO6yYkPKfYAqQOV3ivCpP07ipRfHqk2u3tKzjuIEdtFj8bMFnOkiP8OEOCA/U9B
zn96L1LFV1lGPrDvWFuv92sygClSDjPa934a/H2dh9lScA8nXwIMWvrN2Q0RO6FX
EQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 14005557016591393909258270758742559361
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-08-14 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-09-14 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'digital.returnpath.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23651872672036820431138819132531877496361895244288986881164375077861972089475524978647047636895441386307722188291376953033791389857009350048837916033289487959967621270779983995302845536149669802966000377400703237456426334787736507751026633397266980847278555779301993538531685589937939890973470213987578121671962024445526513659619044414971865596355776973575447984062411552141955551602787959633920167784941539341178893863424825946644451225185978822203267647073659601550829764785899550479016842098905654179850210531666444155255734424170000799931852168697955295261999161589208864607766941423515373669844862923914917009169
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e95dafa73349e163ca296460ff9ae72bbe427f39
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'digital.returnpath.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016c8db32b42000004030047304502203ccaa6036f67057c384dbf22081dad734815f3d8d45af91153952350ffb81604022100800805f9b79224f563ff13b0fdc758d8391e960c360a761e23fdeafd0bd713c90076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016c8db32b8e0000040300473045022100a1f7c83bcc4c7f255c25610d2263099f24adea2e328c623154775288cbf0a0360220156924e252c7745893dc95e953b8ea65ca7c38959ed7d36bfb0467150f8b46e4
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009ac13dd68cbf009b54edc384336fb69d69e69896e65ae3a0f85cb9e60fab4e5aef8456e63bba4abd7c284f25829679b9e58ffb6d5f97a6fdec92b9ac6825130f5f24485aa0773276668f6c90bead98109a741fb5e9cda6b75f8768bf6601646743798b6357ebd88cba33aec12677923e39f4be6c008ef2a81bd48a2d5ed5b3911acfd821171003f50539c62ee40676156ed442448fa1a3916dac749c85a267335088e1a5b4d0aeab1e45863c010053606c757f73815f6347aedb2ddc79ba91f441d4e269e648d009ba66dd7af4856b3f703211de606aa7469c5348ef8dbd7b7d740c3f96c1c7cec54800755b5882103e2a9948ff3274396c717455ab84190b49