vaccines.modernatx.com

Issued by Amazon

About this certificate

This digital certificate with serial number 06:89:23:1c:1a:c3:56:15:26:28:a7:c6:20:98:ca:6e was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=vaccines.modernatx.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 06:89:23:1c:1a:c3:56:15:26:28:a7:c6:20:98:ca:6e
Serial Number (int): 8687424755336202134226419987013749358
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 37:fe:87:fc:44:9c:41:da:35:71:49:41:f5:c6:5b:2c:ab:0d:70:a3
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): cd:34:2f:ee:06:35:39:89:17:6e:a3:56:09:b2:cb:f5:b9:66:af:9b
Fingerprint (sha256): 3c:2f:2d:13:34:b4:97:cf:a7:96:88:b0:f4:52:93:48:d5:94:0b:f8:00:36:1d:01:77:c8:fd:54:a2:e8:d4:d0

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b-1.crl

Check the revocation status for certificate vaccines.modernatx.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for vaccines.modernatx.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

vaccines.modernatx.com
www.vaccines.modernatx.com

Other certificates including the domain name modernatx.com

(limited to 100 certificates)
cert1.a2.atm.aqfer.net
leapfrog-ssl-14.gcs-web.com
www.jlbiz.dev
content.modernatx.com
lb.poc-dev.modernatx.com
leapfrog-ssl-14.gcs-web.com
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
*.eua.modernatx.com
leapfrog-ssl-14.gcs-web.com
lb.qa.modernatx.com
content.modernatx.com
*.modernatx.com
leapfrog-ssl-14.gcs-web.com
leapfrog-ssl-14.gcs-web.com
leapfrog-ssl-14.gcs-web.com
*.modernatx.com
leapfrog-ssl-14.gcs-web.com
*.eua.modernatx.com
sandbox.sbx.dev-blsp.modernatx.com
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
stg.api.d4e.modernatx.com
auth.modernatx.com
smetrics.modernatx.com
cert1.a2.atm.aqfer.net
leapfrog-ssl-14.gcs-web.com
cert1.a2.atm.aqfer.net
i.modernatx.com
dev.api.d4e.modernatx.com
cert1.a2.atm.aqfer.net
leapfrog-ssl-14.gcs-web.com
stg.gating.modernatx.com
mrna-access.modernatx.com
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
leapfrog-ssl-14.gcs-web.com
verify.livelifeapp.com
leapfrog-ssl-14.gcs-web.com
prime.modernatx.com
publication-data.modernatx.com
tools.preview.modernatx.com
leapfrog-ssl-14.gcs-web.com
manoburguer.com.br
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
qa.gating.modernatx.com
cert1.a2.atm.aqfer.net
preview.atlas.modernatx.com
leapfrog-ssl-14.gcs-web.com
leapfrog-ssl-14.gcs-web.com
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
payablesdev.modernatx.com
atlas.poc-dev.modernatx.com
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
develop.modernatx.com
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
leapfrog-ssl-14.gcs-web.com
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
vaccines.modernatx.com
cert1.a2.atm.aqfer.net
production.eap.prd-blsp.modernatx.com
atlas.k8s.stg.modernatx.com
medinfo.modernatx.com
dev.customerplatform.modernatx.com
leapfrog-ssl-14.gcs-web.com
metrics-portal-staging.modernatx.com
leapfrog-ssl-14.gcs-web.com
cert1.a2.atm.aqfer.net
tools.qa.modernatx.com
content.modernatx.com
cert1.a2.atm.aqfer.net
leapfrog-ssl-14.gcs-web.com
contentful.preview.atlas.modernatx.com
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
cert1.a2.atm.aqfer.net
leapfrog-ssl-14.gcs-web.com
cert1.a2.atm.aqfer.net
contentful.preview.atlas.modernatx.com
cert1.a2.atm.aqfer.net
mrna-access.modernatx.com
quality.qs4.val-blsp.modernatx.com
cert1.a2.atm.aqfer.net
pages.modernatx.com
cert1.a2.atm.aqfer.net
stg.gating.modernatx.com
*.modernatx.com
leapfrog-ssl-14.gcs-web.com
cert1.a2.atm.aqfer.net
leapfrog-ssl-14.gcs-web.com
cert1.a2.atm.aqfer.net

Certificate

The complete raw certificate details for vaccines.modernatx.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF/zCCBOegAwIBAgIQBokjHBrDVhUmKKfGIJjKbjANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMjEwMDYwMDAwMDBaFw0yMzExMDQy
MzU5NTlaMCExHzAdBgNVBAMTFnZhY2NpbmVzLm1vZGVybmF0eC5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDSALbXUsytfjRgLWpvirtK6Sgvkb3
8EIl8wRTQOcKvQfSyKxO8WskvGZnkXzTZ+X5TJkzEPR593teoGRScCy01QpNJI7t
HJSu0js2PrnXF4bDAdBYuUz6UrBxA86wKc6wL+ICO9MyXmpsnTMxCBqSAIq+FcLm
tzycy0N4F41Rs3Yb6gDWGcf/HqfWIZBGAngOi7nAjxRaKfDy9dvWuHprrTxYWWp0
SsDFxXzQqNfUbsv0rYyjg0VYgUodz/rfUg0FRiLdbR/cclpCSi5/JHi5K2J55xbb
sx8Ux+KT1ZgNauFPcK3NvPnUj4et1kOl1iXk9w4uTH9GBxYyLSQ+ni1PAgMBAAGj
ggMMMIIDCDAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4E
FgQUN/6H/EScQdo1cUlB9cZbLKsNcKMwPQYDVR0RBDYwNIIWdmFjY2luZXMubW9k
ZXJuYXR4LmNvbYIad3d3LnZhY2NpbmVzLm1vZGVybmF0eC5jb20wDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA9BgNVHR8ENjA0
MDKgMKAuhixodHRwOi8vY3JsLnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi0x
LmNybDATBgNVHSAEDDAKMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYB
BQUHMAGGIWh0dHA6Ly9vY3NwLnNjYTFiLmFtYXpvbnRydXN0LmNvbTA2BggrBgEF
BQcwAoYqaHR0cDovL2NydC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3J0
MAwGA1UdEwEB/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AOg+0No+
9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABg65i2EkAAAQDAEcwRQIgefL4
dgpfm9mfaqPa4I2/yvSyqv0WLDWuzIczmVij1ugCIQD6Zkz0jav1EmVFUsqQyDKm
OIEk4OOhHAAckSQyaeYPxQB1ALNzdwfhhFD4Y4bWBancEQlKeS2xZwwLh9zwAw55
NqWaAAABg65i2LAAAAQDAEYwRAIgCTK/c4kldsnBgM/m6Od7+q8J6M2vblVdOpEc
HgAekYgCICbGDxL/lOEJkZepd8jixYQRbUcIihMoL2vWm7Tg7hbQAHYAtz77JN+c
Tbp18jnFulj0bF38Qs96nzXEnh0JgSXttJkAAAGDrmLYkQAABAMARzBFAiAgk8sA
MtswlnrWgsomWDcnKkUE63zlD1KLgpWbA1UD1AIhAJ3JP97e0NmEXIMBbQDatF/4
7p4cPPeMj+inLWQViHyMMA0GCSqGSIb3DQEBCwUAA4IBAQApLqk8jpfeV+ZIuz05
YNmfjSDjYHwIVAiFe/bZszHbvEEzJ7tP+vM50D36tJTynO2oTGzrijlmOC6rCDAY
JZCmzACHB3MPyu1YOB110zl28QsG+c8mVky9o2I85J8vA1c5fIO2Hrxw+Vk/1PRS
9m1hrfaC4OQVc1LtIL4uEE2NXsnwocZrzgQW0B4QnR1x2oJkY9iB8bxIwaZccNzK
ssYQWrqfE7X16RtE27kZSYd6bxIWoiaVVdO9mmTnYhJPIxxB1nfOPEs12ptoknmE
Qbhfp0+aIPNZIZO4ICzgQlsh4+3GRqrd1aEJopeNv5d6s/Tk6gVJ1jb7TqKRYOBe
dPlD
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0gC211LMrX40YC1qb4q
7SukoL5G9/BCJfMEU0DnCr0H0sisTvFrJLxmZ5F802fl+UyZMxD0efd7XqBkUnAs
tNUKTSSO7RyUrtI7Nj651xeGwwHQWLlM+lKwcQPOsCnOsC/iAjvTMl5qbJ0zMQga
kgCKvhXC5rc8nMtDeBeNUbN2G+oA1hnH/x6n1iGQRgJ4Dou5wI8UWinw8vXb1rh6
a608WFlqdErAxcV80KjX1G7L9K2Mo4NFWIFKHc/631INBUYi3W0f3HJaQkoufyR4
uStieecW27MfFMfik9WYDWrhT3Ctzbz51I+HrdZDpdYl5PcOLkx/RgcWMi0kPp4t
TwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 8687424755336202134226419987013749358
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-10-06 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-04 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'vaccines.modernatx.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24651979494723834858181833336675789366205614447661759482192386344420442730070232326048044741224434546990529329540306924111037666222880816217414842058523372818069074119139607998468424054720823308549846784410843896637955235398728313573390221698171109807700453430262916371964750092506959300560417216026725521004516898608261445571965942608344667898097521782964736448229357273641312223073223261840738007446668782087214029033899525834253223628891295948203683943386153295911553691782477194239707087334066516546045016953634652625242744647430296540527980378473420185190644274948677950366055112393808595322146089855212920384847
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							37fe87fc449c41da35714941f5c65b2cab0d70a3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vaccines.modernatx.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.vaccines.modernatx.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007600e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e00000183ae62d8490000040300473045022079f2f8760a5f9bd99f6aa3dae08dbfcaf4b2aafd162c35aecc87339958a3d6e8022100fa664cf48dabf512654552ca90c832a6388124e0e3a11c001c91243269e60fc5007500b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a00000183ae62d8b0000004030046304402200932bf73892576c9c180cfe6e8e77bfaaf09e8cdaf6e555d3a911c1e001e9188022026c60f12ff94e1099197a977c8e2c584116d47088a13282f6bd69bb4e0ee16d0007600b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb49900000183ae62d891000004030047304502202093cb0032db30967ad682ca265837272a4504eb7ce50f528b82959b035503d40221009dc93fdeded0d9845c83016d00dab45ff8ee9e1c3cf78c8fe8a72d6415887c8c
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00292ea93c8e97de57e648bb3d3960d99f8d20e3607c085408857bf6d9b331dbbc413327bb4ffaf339d03dfab494f29ceda84c6ceb8a3966382eab0830182590a6cc008707730fcaed58381d75d33976f10b06f9cf26564cbda3623ce49f2f0357397c83b61ebc70f9593fd4f452f66d61adf682e0e4157352ed20be2e104d8d5ec9f0a1c66bce0416d01e109d1d71da826463d881f1bc48c1a65c70dccab2c6105aba9f13b5f5e91b44dbb91949877a6f1216a2269555d3bd9a64e762124f231c41d677ce3c4b35da9b6892798441b85fa74f9a20f3592193b8202ce0425b21e3edc646aaddd5a109a2978dbf977ab3f4e4ea0549d636fb4ea29160e05e74f943