members.asoa.org

Issued by GeoTrust TLS RSA CA G1

About this certificate

This digital certificate with serial number 08:00:4e:2c:7a:97:d8:fa:a9:ce:73:ef:9a:f9:1e:be was issued on by DigiCert Inc.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=members.asoa.org

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 08:00:4e:2c:7a:97:d8:fa:a9:ce:73:ef:9a:f9:1e:be
Serial Number (int): 10635409518208306093202448854881476286
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: b9:6f:2c:e7:7b:d7:5d:84:09:67:89:2f:b3:e3:28:50:75:85:be:1d
AuthorityKeyId: 94:4f:d4:5d:8b:e4:a4:e2:a6:80:fe:fd:d8:f9:00:ef:a3:be:02:57

Fingerprint (sha1): 32:f8:f5:89:7d:b1:d5:c2:b8:f7:39:7f:8b:73:d8:a4:3c:d6:f7:bc
Fingerprint (sha256): 3d:af:ab:b1:28:bf:d3:e8:5d:6e:c7:fb:c8:f9:dc:bc:dc:7f:89:4d:49:17:a7:5b:48:60:79:b6:2c:28:3e:11

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl

Check the revocation status for certificate members.asoa.org

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for members.asoa.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

members.asoa.org

Other certificates including the domain name asoa.org

(limited to 100 certificates)
www.summitmortgagetraining.com
5704980631650304-fe4.pantheonsite.io
india.polo-development.com
www.summitmortgagetraining.com
5704980631650304-fe4.pantheonsite.io
go.rescuevocations.org
5645478960037888-fe1.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
www.frailtycertification.com
5704980631650304-fe4.pantheonsite.io
www.summitmortgagetraining.com
www.summitmortgagetraining.com
members.asoa.org
www.summitmortgagetraining.com
5704980631650304-fe4.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
www.summitmortgagetraining.com
community.asoa.org
5645478960037888-fe1.pantheonsite.io
5704980631650304-fe4.pantheonsite.io
www.summitmortgagetraining.com
community.asoa.org
5645478960037888-fe1.pantheonsite.io
www.summitmortgagetraining.com
asoa.org
www.summitmortgagetraining.com
5704980631650304-fe4.pantheonsite.io
www.summitmortgagetraining.com
5704980631650304-fe4.pantheonsite.io
5704980631650304-fe4.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
*.asoa.org
www.summitmortgagetraining.com
5645478960037888-fe1.pantheonsite.io
www.summitmortgagetraining.com
5704980631650304-fe4.pantheonsite.io
5704980631650304-fe4.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
5704980631650304-fe4.pantheonsite.io
www.summitmortgagetraining.com
www.summitmortgagetraining.com
www.summitmortgagetraining.com
community.asoa.org
5704980631650304-fe4.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
community.asoa.org
community.asoa.org
members.asoa.org
5645478960037888-fe1.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
www.summitmortgagetraining.com
5645478960037888-fe1.pantheonsite.io
community.asoa.org
www.summitmortgagetraining.com
careers.asoa.org
*.asoa.org
*.asoa.org
5704980631650304-fe4.pantheonsite.io
www.summitmortgagetraining.com
5704980631650304-fe4.pantheonsite.io
5727950116749312-fe4.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
community.asoa.org
uspa.polo-development.com
community.asoa.org
5645478960037888-fe1.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
5704980631650304-fe4.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
5704980631650304-fe4.pantheonsite.io
www.summitmortgagetraining.com
community.asoa.org
5645478960037888-fe1.pantheonsite.io
ukraine.polo-development.com
www.summitmortgagetraining.com
www.summitmortgagetraining.com
5704980631650304-fe4.pantheonsite.io
www.summitmortgagetraining.com
5704980631650304-fe4.pantheonsite.io
5704980631650304-fe4.pantheonsite.io
members2.asoa.org
shop.asoa.org
5704980631650304-fe4.pantheonsite.io
5704980631650304-fe4.pantheonsite.io
members.asoa.org
5704980631650304-fe4.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
5645478960037888-fe1.pantheonsite.io
community.asoa.org
www.summitmortgagetraining.com
members.asoa.org
5704980631650304-fe4.pantheonsite.io
www.summitmortgagetraining.com
5645478960037888-fe1.pantheonsite.io
5704980631650304-fe4.pantheonsite.io
community.asoa.org

Certificate

The complete raw certificate details for members.asoa.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEvjCCA6agAwIBAgIQCABOLHqX2PqpznPvmvkevjANBgkqhkiG9w0BAQsFADBg
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZHZW9UcnVzdCBUTFMgUlNBIENBIEcx
MB4XDTE3MTIxMDAwMDAwMFoXDTE5MDEwOTEyMDAwMFowGzEZMBcGA1UEAxMQbWVt
YmVycy5hc29hLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9C
IqUlayIPk0utnFvbxg8Ynaow8qrN+B+cah652tDW9r7ujaQBewyno6b02L8DH1YH
YjsjRQ1qBtU1lOxamzaAJPc57BB/vrJekdlG26+1Fxh+QmtVw8S9eE2Ji/LULtmY
UK9UbHeaQCwEaKEdm4jRJc42qADgtuvukznesl4koFvxQJyWrrquTpJ/J7/NjBs8
6Nq4BHybxukJnd1lSHLWFLREks5MoRRNaUxQwH4veBHi7AmZ+HUUmZlg/LpoKm74
vXxUsqPp7B2n5WQnmnjlXRPqNSIL2c20nqXZhVBHzaem2kArPDLjUSwE94NOiX/n
nu8pi4x/Kpack/ns7qcCAwEAAaOCAbcwggGzMB8GA1UdIwQYMBaAFJRP1F2L5KTi
poD+/dj5AO+jvgJXMB0GA1UdDgQWBBS5byzne9ddhAlniS+z4yhQdYW+HTAbBgNV
HREEFDASghBtZW1iZXJzLmFzb2Eub3JnMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
L2NkcC5nZW90cnVzdC5jb20vR2VvVHJ1c3RUTFNSU0FDQUcxLmNybDBMBgNVHSAE
RTBDMDcGCWCGSAGG/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdp
Y2VydC5jb20vQ1BTMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJgYIKwYBBQUH
MAGGGmh0dHA6Ly9zdGF0dXMuZ2VvdHJ1c3QuY29tMD4GCCsGAQUFBzAChjJodHRw
Oi8vY2FjZXJ0cy5nZW90cnVzdC5jb20vR2VvVHJ1c3RUTFNSU0FDQUcxLmNydDAJ
BgNVHRMEAjAAMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IB
AQB6uShdIKMB11WCVtbK3UNhpQSPPodutz3U0wtX4aQ5Hn2w3IfnX0VYLKa9K3+Y
8R8aYffl79K0XRlF0G7RbEi5/iiRGos2rf4J7z/cEaZX5G5dfM/yvMroY5/TI4eX
cUdE4Dld9Vr/EZkUZ05fpv+7uCnBo986o8M1hgOsHe3W7i/CIEMTzkzOYTZPPyS8
vjxKqcoOpksSXSXY/JOiREhy/K59fycI7HXNH3UqI2jZReD/4oWqVckcxsqS1ba0
8yk3FASh7rYh6+3An1pryx60j9lMa9UJ2QGa7v4Z+CgfWZmS/rKJPrVmNrZyIPHt
lOFJbI6Vmg9Y0A1dFAz30wfw
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0IipSVrIg+TS62cW9vG
DxidqjDyqs34H5xqHrna0Nb2vu6NpAF7DKejpvTYvwMfVgdiOyNFDWoG1TWU7Fqb
NoAk9znsEH++sl6R2Ubbr7UXGH5Ca1XDxL14TYmL8tQu2ZhQr1Rsd5pALARooR2b
iNElzjaoAOC26+6TOd6yXiSgW/FAnJauuq5Okn8nv82MGzzo2rgEfJvG6Qmd3WVI
ctYUtESSzkyhFE1pTFDAfi94EeLsCZn4dRSZmWD8umgqbvi9fFSyo+nsHaflZCea
eOVdE+o1IgvZzbSepdmFUEfNp6baQCs8MuNRLAT3g06Jf+ee7ymLjH8qlpyT+ezu
pwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 10635409518208306093202448854881476286
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust TLS RSA CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-12-10 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-01-09 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'members.asoa.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22124315916968049982651886627710386228859215310329515691179278341943118843403905684080167520367135333304290839264463134645844860591483609062000559020691286146057640428027430191398081873077129846048889625317097012172571187722280698818372898881879192961268455741331817910112649207585455028878076918248152909067268424347636464480415074690494418885644089622009903765040811388443620800779957584080726450256873950226298946211257233485555185117285529156813024264198403949576086427695529768645426513389257392903656572120026818425065214624417639141190672238146217692231419068134348091328965750199164237112658112728013348859559
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 944fd45d8be4a4e2a680fefdd8f900efa3be0257
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b96f2ce77bd75d840967892fb3e328507585be1d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'members.asoa.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		007ab9285d20a301d7558256d6cadd4361a5048f3e876eb73dd4d30b57e1a4391e7db0dc87e75f45582ca6bd2b7f98f11f1a61f7e5efd2b45d1945d06ed16c48b9fe28911a8b36adfe09ef3fdc11a657e46e5d7ccff2bccae8639fd3238797714744e0395df55aff119914674e5fa6ffbbb829c1a3df3aa3c3358603ac1dedd6ee2fc2204313ce4cce61364f3f24bcbe3c4aa9ca0ea64b125d25d8fc93a2444872fcae7d7f2708ec75cd1f752a2368d945e0ffe285aa55c91cc6ca92d5b6b4f329371404a1eeb621ebedc09f5a6bcb1eb48fd94c6bd509d9019aeefe19f8281f599992feb2893eb56636b67220f1ed94e1496c8e959a0f58d00d5d140cf7d307f0