aspen.bywatersolutions.com

Issued by R3

About this certificate

This digital certificate with serial number 03:9e:fa:1f:a0:90:86:2d:1c:b8:ee:8c:8a:3d:ce:10:32:60 was issued on by Let's Encrypt.

With 5 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=aspen.bywatersolutions.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:9e:fa:1f:a0:90:86:2d:1c:b8:ee:8c:8a:3d:ce:10:32:60
Serial Number (int): 315433942985573778229904249730614617453152
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 4c:70:1e:01:10:a9:73:97:2b:46:58:fa:4f:c6:b9:81:ca:b2:6a:87
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): ad:0e:0a:a0:78:b0:77:3b:48:29:d4:72:97:04:87:80:a8:a1:76:40
Fingerprint (sha256): 3b:a4:3f:1c:ae:bf:25:8d:18:1c:86:a8:91:fc:d9:67:7b:47:cc:b3:ea:ce:20:a0:ba:c2:60:0c:5e:21:8c:2c

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate aspen.bywatersolutions.com

5

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for aspen.bywatersolutions.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

aspen.bywatersolutions.com
bywatersolutions.com
folio.bywatersolutions.com
koha.bywatersolutions.com
www.bywatersolutions.com

Other certificates including the domain name bywatersolutions.com

(limited to 100 certificates)
catalog.redlibrary.org
harrison.bywatersolutions.com
pals.bywatersolutions.com
cin.bywatersolutions.com
audubon.bywatersolutions.com
harrison.bywatersolutions.com
arcadiapl.bywatersolutions.com
model.bywatersolutions.com
bedfordtx.bywatersolutions.com
harrison.bywatersolutions.com
washoe-aspen.bywatersolutions.com
koha.bywatersolutions.com
farmington.bywatersolutions.com
www.astinus.bywatersolutions.com
catalog.redlibrary.org
idsa.bywatersolutions.com
devs.bywatersolutions.com
staff.ajaxlibrary.ca
farmington.bywatersolutions.com
ticket.bywatersolutions.com
camden.bywatersolutions.com
disneytech.bywatersolutions.com
demo.bywatersolutions.com
bywatersolutions.com
kohacon2018.bywatersolutions.com
kohacon2018.bywatersolutions.com
dovernet.bywatersolutions.com
vokal-aspen.bywatersolutions.com
texlaw.bywatersolutions.com
bywatersolutions.com
ajaxon.bywatersolutions.com
collingswood.bywatersolutions.com
kids.meadvillelibrary.org
demo.bywatersolutions.com
ticket.bywatersolutions.com
samuelmerritt.bywatersolutions.com
catalog.dnredwoods.bywatersolutions.com
bywatersolutions.com
kids.meadvillelibrary.org
sdlaw.bywatersolutions.com
catalog.bethelu.bywatersolutions.com
abbott.bywatersolutions.com
kohacon2018.bywatersolutions.com
media.bywatersolutions.com
devs.bywatersolutions.com
esri.bywatersolutions.com
catalog.redlibrary.org
catalog.rahwaylibrary.org
texlaw.bywatersolutions.com
bywatersolutions.com
roundrock.bywatersolutions.com
risl.bywatersolutions.com
farmington.bywatersolutions.com
bywatersolutions.com
merial.bywatersolutions.com
demo.bywatersolutions.com
collingswood.bywatersolutions.com
devs.bywatersolutions.com
catalog.rahwaylibrary.org
kids.meadvillelibrary.org
catalog.rahwaylibrary.org
bywatersolutions.com
siskiyou.bywatersolutions.com
catalog.redlibrary.org
hkic.bywatersolutions.com
disneytech.bywatersolutions.com
esri.bywatersolutions.com
bywatersolutions.com
demo.bywatersolutions.com
millbrook.bywatersolutions.com
uintah.bywatersolutions.com
vokal-aspen.bywatersolutions.com
catalog.redlibrary.org
catalog.rahwaylibrary.org
tnhsc.bywatersolutions.com
bywaterconsortium.aspendiscovery.org
kohacon2018.bywatersolutions.com
dovernet.bywatersolutions.com
demo.bywatersolutions.com
dovernet.bywatersolutions.com
aspen-arlingtontest.bywatersolutions.com
downtown.roseville-libki.bywatersolutions.com
help.aspendiscovery.org
kohacon2018.bywatersolutions.com
catamount.bywatersolutions.com
esri.bywatersolutions.com
ticket.bywatersolutions.com
catalog.rahwaylibrary.org
collingswood.bywatersolutions.com
kohacon2018.bywatersolutions.com
catalog.redlibrary.org
pals.bywatersolutions.com
aspen.bywatersolutions.com
ckls.bywatersolutions.com
catalog.rahwaylibrary.org
catalog.redlibrary.org
catalog.rahwaylibrary.org
ticket.bywatersolutions.com
ramapo.bywatersolutions.com
kohacon2018.bywatersolutions.com

Certificate

The complete raw certificate details for aspen.bywatersolutions.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFazCCBFOgAwIBAgISA576H6CQhi0cuO6Mij3OEDJgMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzEwMDIyMjAwMTdaFw0yMzEyMzEyMjAwMTZaMCUxIzAhBgNVBAMT
GmFzcGVuLmJ5d2F0ZXJzb2x1dGlvbnMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnymbcgNp5GvSKBOXwPfgeK6FVimJnMD4ERTceQLUfkBaEK6m
ibvi4oIrm1p/fw1rCIOwUB0MrMIo0+d9jWFjfTB3awE5lEaQ47EHd+hi13WZ998D
Y8upJPBFHOpK9/7k7gLrsYCKYV5YkUZAiXgyPJEQHh/AShVhrXcTzkoMdSVatkre
A/0p4rVkkTVOqRC8UQ6Z2AoGqX1RKxOOYRAbY/epjvN334zW7mkK6uzMQ8r1F8XK
G5hiOMe5XMWtBwb4Ow2FLWOn0yygThWUmpcurQZ/mbgIbRPNTPKTU6DiC0JZYpug
ZIbrVXOMYvUNwiyb+LRcifRVL3JWCIWhk7+fhQIDAQABo4IChjCCAoIwDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
Af8EAjAAMB0GA1UdDgQWBBRMcB4BEKlzlytGWPpPxrmByrJqhzAfBgNVHSMEGDAW
gBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUH
MAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3Iz
LmkubGVuY3Iub3JnLzCBjgYDVR0RBIGGMIGDghphc3Blbi5ieXdhdGVyc29sdXRp
b25zLmNvbYIUYnl3YXRlcnNvbHV0aW9ucy5jb22CGmZvbGlvLmJ5d2F0ZXJzb2x1
dGlvbnMuY29tghlrb2hhLmJ5d2F0ZXJzb2x1dGlvbnMuY29tghh3d3cuYnl3YXRl
cnNvbHV0aW9ucy5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5
AgQCBIH1BIHyAPAAdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAA
AYrynvD0AAAEAwBGMEQCIHLcXwS+sGq4zUlXhXnCxTzK4VuHljuklq6EBOie/PTU
AiA+u81hT0DrE4BupYoFkV4X3UCXXYic8Dnr+qZDT7AHoQB3AOg+0No+9QY1MudX
KLyJa8kD08vREWvs62nhd31tBr1uAAABivKe8YQAAAQDAEgwRgIhAPLICST7yOLv
/MMbUC2+RvHcUQypIUPHHrDrkUmO/wg3AiEA1rSQPYIUxWDodNI+X1f9VxSJWbr8
7XVkpZQ7x1Gg4xUwDQYJKoZIhvcNAQELBQADggEBABJ05Aqoc4WVnyYhT2MZkD9v
ONroBtavUf1PraAbRozuDpqkwYtOFPKSLFiWw16/9sgYQUOBivV5VDxtzhZrdl4M
bo1N15Iv7mOnUVMn+xjF84hn1LS5OiYTFv3G+UHuTxkbkULC99Bq5wdiXFGKLAdt
vOG9+dHQwN2zHNWsZDF6L8XVW14fX8+lkWIwjAvDf/jL0m9xJnGwOuVZFl7Iexzz
lhFlGXyyPitXtU4iWMJPVzlp3R4JzCtf8NJ68elzhz5nuwb8019oOPr6GSZxspxs
RB9L9mx023vAU2XyTda+N9+NQH15PBF9kClCbyLqZ2PhGMAw61zyKC3NIHN0s3E=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnymbcgNp5GvSKBOXwPfg
eK6FVimJnMD4ERTceQLUfkBaEK6mibvi4oIrm1p/fw1rCIOwUB0MrMIo0+d9jWFj
fTB3awE5lEaQ47EHd+hi13WZ998DY8upJPBFHOpK9/7k7gLrsYCKYV5YkUZAiXgy
PJEQHh/AShVhrXcTzkoMdSVatkreA/0p4rVkkTVOqRC8UQ6Z2AoGqX1RKxOOYRAb
Y/epjvN334zW7mkK6uzMQ8r1F8XKG5hiOMe5XMWtBwb4Ow2FLWOn0yygThWUmpcu
rQZ/mbgIbRPNTPKTU6DiC0JZYpugZIbrVXOMYvUNwiyb+LRcifRVL3JWCIWhk7+f
hQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 315433942985573778229904249730614617453152
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-02 22:00:17 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-31 22:00:16 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'aspen.bywatersolutions.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20092407768782156637891914267691617870808904374365541572422638031092506190070570142743949673480918730799563506646990420359696725248778353000483568531108469809807053865909463920621929761791014534941892090907625835822246855997594777316226217450353622707596566955949073831407226917731694187042855894138711249502222747806607013694464810902168338361336288325385165828067103055607681552690182592327207709154901552337571382023446791507654660386638967946054091194302464173917417227360040227828800882017153991537771980036143873997173779584247331299015448017880166757816432103321220545069338466908077932884754204046383843876741
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							4c701e0110a973972b4658fa4fc6b981cab26a87
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (134 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aspen.bywatersolutions.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bywatersolutions.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'folio.bywatersolutions.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'koha.bywatersolutions.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.bywatersolutions.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007500b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb4990000018af29ef0f40000040300463044022072dc5f04beb06ab8cd49578579c2c53ccae15b87963ba496ae8404e89efcf4d402203ebbcd614f40eb13806ea58a05915e17dd40975d889cf039ebfaa6434fb007a1007700e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e0000018af29ef1840000040300483046022100f2c80924fbc8e2effcc31b502dbe46f1dc510ca92143c71eb0eb91498eff0837022100d6b4903d8214c560e874d23e5f57fd57148959bafced7564a5943bc751a0e315
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001274e40aa87385959f26214f6319903f6f38dae806d6af51fd4fada01b468cee0e9aa4c18b4e14f2922c5896c35ebff6c8184143818af579543c6dce166b765e0c6e8d4dd7922fee63a7515327fb18c5f38867d4b4b93a261316fdc6f941ee4f191b9142c2f7d06ae707625c518a2c076dbce1bdf9d1d0c0ddb31cd5ac64317a2fc5d55b5e1f5fcfa59162308c0bc37ff8cbd26f712671b03ae559165ec87b1cf3961165197cb23e2b57b54e2258c24f573969dd1e09cc2b5ff0d27af1e973873e67bb06fcd35f6838fafa192671b29c6c441f4bf66c74db7bc05365f24dd6be37df8d407d793c117d9029426f22ea6763e118c030eb5cf2282dcd207374b371