s1-sp.com
Issued by Amazon RSA 2048 M03
About this certificate
This digital certificate with serial number 0a:52:2e:1a:6d:e1:a1:6c:9f:e9:94:46:08:43:f9:80 was issued on by Amazon.
With 6 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=s1-sp.com
Amazon
Organization:
Amazon
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 0a:52:2e:1a:6d:e1:a1:6c:9f:e9:94:46:08:43:f9:80Serial Number (int): 13718983385029644627004760486433782144
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: ef:13:70:02:35:55:8d:2b:11:3d:69:dc:8b:9d:46:42:d1:e4:5c:36
AuthorityKeyId: 55:d9:18:5f:d2:1c:cc:01:e1:58:b4:be:ab:d9:55:42:01:d7:2e:02
Fingerprint (sha1): 7d:2d:3f:3d:aa:86:4e:20:a5:8d:50:30:e1:c1:62:cf:e2:24:6d:13
Fingerprint (sha256): 37:95:31:09:cf:11:dc:c7:cb:4c:55:a6:9c:f8:d0:c9:6f:52:24:b4:c0:e8:d3:5e:34:38:1a:07:66:db:a9:5b
Issuing Certificate URL: http://crt.r2m03.amazontrust.com/r2m03.cer
Revocation information
OCSP Server: http://ocsp.r2m03.amazontrust.comCRL Distribution Point: http://crl.r2m03.amazontrust.com/r2m03.crl
Check the revocation status for certificate s1-sp.com
6
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for s1-sp.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
s1-sp.com
*.search-stage-spnoweb.system1.company
*.stage-spnoweb.system1.company
*.stage-spnoweb.s1-sp.com
*.system1.company
*.s1-sp.com
*.search-stage-spnoweb.system1.company
*.stage-spnoweb.system1.company
*.stage-spnoweb.s1-sp.com
*.system1.company
*.s1-sp.com
Other certificates including the domain name s1-sp.com
(limited to 100 certificates)
s1-sp.com
s1-sp.com
blog.s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
pubwp-admin-prod.k.system1.company
s1-sp.com
carsgenius.com
carsgenius.com
*.reviews.howstuffworks.com
static-stage.s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
blog.s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
carsgenius.com
s1-sp.com
search-us-east-1.platform-prod.system1.company
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
carsgenius.com
app.s1-sp.com
s1-sp.com
s1-sp.com
stage.blog.s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
carsgenius.com
*.reviews.howstuffworks.com
s1-sp.com
static-prod.s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
carsgenius.com
app.s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
carsgenius.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
add.s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
carsgenius.com
s1-sp.com
add.s1-sp.com
carsgenius.com
s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
carsgenius.com
s1-sp.com
blog.s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
pubwp-admin-prod.k.system1.company
s1-sp.com
carsgenius.com
carsgenius.com
*.reviews.howstuffworks.com
static-stage.s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
blog.s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
carsgenius.com
s1-sp.com
search-us-east-1.platform-prod.system1.company
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
carsgenius.com
app.s1-sp.com
s1-sp.com
s1-sp.com
stage.blog.s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
carsgenius.com
*.reviews.howstuffworks.com
s1-sp.com
static-prod.s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
carsgenius.com
app.s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
carsgenius.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
s1-sp.com
add.s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
carsgenius.com
s1-sp.com
add.s1-sp.com
carsgenius.com
s1-sp.com
carsgenius.com
s1-sp.com
s1-sp.com
carsgenius.com
s1-sp.com
carsgenius.com
Certificate
The complete raw certificate details for s1-sp.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIE2DCCA8CgAwIBAgIQClIuGm3hoWyf6ZRGCEP5gDANBgkqhkiG9w0BAQsFADA8 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g UlNBIDIwNDggTTAzMB4XDTIzMTIxNDAwMDAwMFoXDTI1MDExMTIzNTk1OVowFDES MBAGA1UEAxMJczEtc3AuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAvpYCeBhLH+0CKgFEOlsjZsedh4HmW3EuIc7pFnQfAdyHyucDFs9xVKOgEkfK PziaeqhRtSdaqBIaoWt0A0SH1DIqMqzPEzQcIbrHdkjtlxJ9g65HHLz9CDBej848 OSM2BWiC2LOPEFQCPECGNPHiw8FwsBQdfux8vQA40sQTSg/WeE6Ml4A99ywroJFb ecVmljuU8LgAg8TymPkpfzVHn6AqYc29woRuwNI0XLDgfY/IHccnFVbvshhn+cjb yLjx1vwSM/RJUjJXaXEuj/bl+qYFXZuns5Zp63/4KgR7VAGPBJx+RxvajwK/e6+e y52sQpkd21evtXr2WSSVGm2ZcQIDAQABo4IB/DCCAfgwHwYDVR0jBBgwFoAUVdkY X9IczAHhWLS+q9lVQgHXLgIwHQYDVR0OBBYEFO8TcAI1VY0rET1p3IudRkLR5Fw2 MIGaBgNVHREEgZIwgY+CCXMxLXNwLmNvbYImKi5zZWFyY2gtc3RhZ2Utc3Bub3dl Yi5zeXN0ZW0xLmNvbXBhbnmCHyouc3RhZ2Utc3Bub3dlYi5zeXN0ZW0xLmNvbXBh bnmCGSouc3RhZ2Utc3Bub3dlYi5zMS1zcC5jb22CESouc3lzdGVtMS5jb21wYW55 ggsqLnMxLXNwLmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATAOBgNVHQ8BAf8EBAMC BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAu oCyGKmh0dHA6Ly9jcmwucjJtMDMuYW1hem9udHJ1c3QuY29tL3IybTAzLmNybDB1 BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnIybTAzLmFt YXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5yMm0wMy5hbWF6 b250cnVzdC5jb20vcjJtMDMuY2VyMAwGA1UdEwEB/wQCMAAwEwYKKwYBBAHWeQIE AwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAB7H54Q+53pCJCbYNNmY+TdmEjIN TQ/96WxhU/Y2vGx1UaTVEPplx4EyzkCdlntojb/wkv1S/73I4ZHmA3/7l8VtTkA9 N80Sgz2TIOoozwzBFh6cbYdhWSa4UBhr2PW0SsEsn5WNqWx7t70OXwTKyxnc1UU5 PmA98eaQiwPPXB7+LehE/4v5MqGArBmYJGVcvDbUrZa8CfYXhs9fKNkdoXmPswN1 WUBXDZHK6XvH7P6YdcFOweULzx3K2CRl1WPb7EDA4hBsxHUzUm1MRl9XFfJ5JB1x 9FBUucFytccxpFF75/oM1Iakkp27ye9yMF8niamX2h8EA6BAmGh6Am2AKDA= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpYCeBhLH+0CKgFEOlsj Zsedh4HmW3EuIc7pFnQfAdyHyucDFs9xVKOgEkfKPziaeqhRtSdaqBIaoWt0A0SH 1DIqMqzPEzQcIbrHdkjtlxJ9g65HHLz9CDBej848OSM2BWiC2LOPEFQCPECGNPHi w8FwsBQdfux8vQA40sQTSg/WeE6Ml4A99ywroJFbecVmljuU8LgAg8TymPkpfzVH n6AqYc29woRuwNI0XLDgfY/IHccnFVbvshhn+cjbyLjx1vwSM/RJUjJXaXEuj/bl +qYFXZuns5Zp63/4KgR7VAGPBJx+RxvajwK/e6+ey52sQpkd21evtXr2WSSVGm2Z cQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 13718983385029644627004760486433782144 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M03' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-14 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-11 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 's1-sp.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24059250456495278117930035517805065457210304757706796210952309878830165015769506280312781687610701910089647705809887544786711121279572832082691225113261326186849565053731776591918997817966960766138007292310397312571030657011748984491953508818663218530756720960957411390780079349907862457461060509123974092683654545165228164939125788956322898228870799883992981549748472758852322120545728358573768263877053402717595818788339022267888915983598273513665115842793665144671604818249247462946852117081123944021443171770502045589402432923133751720024158559684207359860520245415907624435310242918838281933130047820694482164081 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 55d9185fd21ccc01e158b4beabd9554201d72e02 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) ef13700235558d2b113d69dc8b9d4642d1e45c36 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (146 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 's1-sp.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.search-stage-spnoweb.system1.company' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.stage-spnoweb.system1.company' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.stage-spnoweb.s1-sp.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.system1.company' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.s1-sp.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m03.amazontrust.com/r2m03.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m03.amazontrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m03.amazontrust.com/r2m03.cer' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 001ec7e7843ee77a422426d834d998f9376612320d4d0ffde96c6153f636bc6c7551a4d510fa65c78132ce409d967b688dbff092fd52ffbdc8e191e6037ffb97c56d4e403d37cd12833d9320ea28cf0cc1161e9c6d87615926b850186bd8f5b44ac12c9f958da96c7bb7bd0e5f04cacb19dcd545393e603df1e6908b03cf5c1efe2de844ff8bf932a180ac199824655cbc36d4ad96bc09f61786cf5f28d91da1798fb303755940570d91cae97bc7ecfe9875c14ec1e50bcf1dcad82465d563dbec40c0e2106cc47533526d4c465f5715f279241d71f45054b9c172b5c731a4517be7fa0cd486a4929dbbc9ef72305f2789a997da1f0403a04098687a026d802830