mta-sts.ikea.us
Issued by Amazon RSA 2048 M03
About this certificate
This digital certificate with serial number 07:ae:22:a4:5b:f8:46:d7:a1:6f:28:37:f6:35:64:6c was issued on by Amazon.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=mta-sts.ikea.us
Amazon
Organization:
Amazon
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 07:ae:22:a4:5b:f8:46:d7:a1:6f:28:37:f6:35:64:6cSerial Number (int): 10208758247687931654179901926339339372
Serial Number lenght: 123 bits, 16 octets
SubjectKeyId: 05:43:f9:9b:db:f5:bf:f9:63:1d:7a:95:54:5b:50:1f:17:6a:2e:ba
AuthorityKeyId: 55:d9:18:5f:d2:1c:cc:01:e1:58:b4:be:ab:d9:55:42:01:d7:2e:02
Fingerprint (sha1): 83:b1:63:2d:f2:2e:85:01:8e:72:cf:b3:13:a2:f4:86:4d:6f:0e:0a
Fingerprint (sha256): 40:24:da:23:8a:a9:6d:61:22:4a:db:12:93:ff:f5:66:dd:9b:a4:79:35:43:1a:bb:43:ff:a1:bc:8f:90:4e:ad
Issuing Certificate URL: http://crt.r2m03.amazontrust.com/r2m03.cer
Revocation information
OCSP Server: http://ocsp.r2m03.amazontrust.comCRL Distribution Point: http://crl.r2m03.amazontrust.com/r2m03.crl
Check the revocation status for certificate mta-sts.ikea.us
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for mta-sts.ikea.us
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
mta-sts.ikea.us
Other certificates including the domain name ikea.us
(limited to 100 certificates)
akamai-san50.exacttarget.com
www.qincheng1.com
casetools.app
zivost.in
industry.ikea.us
Inter IKEA Systems B.V.
synco-test.roadcast.co.in
industry.ikea.us
akamai-san50.exacttarget.com
industry.ikea.us
foodfacts.ikea.us
click.news.email.ikea.us
industry.ikea.us
ikea.se
ikea.se
click.news.email.ikea.us
neacreatives.com
owlgrid.com
auth.logistia.app
industry.ikea.us
www.plantech.group
zivost.in
ikea.se
friendswoodgsa.com
akamai-san50.exacttarget.com
foodfacts.ikea.us
ikea.se
Inter IKEA Systems B.V.
view.news.email.ikea.us
www.plantech.group
www.littlely.nl
food.ikea.us
switchdz.com
akamai-san50.exacttarget.com
imedis.io
click.news.email.ikea.us
ikea.se
click.news.email.ikea.us
playground.kentliau.com
kamada.info
begooder.app
Inter IKEA Systems B.V.
firebase.leeyen.me
www.todd.expert
firebase.leeyen.me
view.news.email.ikea.us
casetools.app
mta-sts.ikea.us
view.news.email.ikea.us
foodfacts.ikea.us
training-lp.petsallright.net
www.alightmotion.com
ikea.se
industry.ikea.us
view.news.email.ikea.us
cloud.news.email.ikea.us
ikea.se
app.gemxco.com
ikea.se
industry.ikea.us
cloud.news.email.ikea.us
dev.virtual.edutech.team
click.news.email.ikea.us
www.partypooper.am
ikea.se
www.planify.events
1stuff.today
www.nagatani.me
Inter IKEA Systems B.V.
ikea.se
admin.qa.apps.globant.com
www.qincheng1.com
ikea.se
ikea.se
www.todd.expert
ikea.se
access.optculture.com
ikea.se
industry.ikea.us
premium.lovely.app
fivesecond.com
ikea.se
mygf.app
ikea.se
food.ikea.us
click.news.email.ikea.us
akamai-san50.exacttarget.com
evnetwork-beta.noodoe.com
akamai-san50.exacttarget.com
akamai-san50.exacttarget.com
vie.digital
playground.kentliau.com
ama.ne.jp
virtualapp.tiempometa.com
app.contracts.plus
click.news.email.ikea.us
friendswoodgsa.com
industry.ikea.us
ikea.se
view.news.email.ikea.us
www.qincheng1.com
casetools.app
zivost.in
industry.ikea.us
Inter IKEA Systems B.V.
synco-test.roadcast.co.in
industry.ikea.us
akamai-san50.exacttarget.com
industry.ikea.us
foodfacts.ikea.us
click.news.email.ikea.us
industry.ikea.us
ikea.se
ikea.se
click.news.email.ikea.us
neacreatives.com
owlgrid.com
auth.logistia.app
industry.ikea.us
www.plantech.group
zivost.in
ikea.se
friendswoodgsa.com
akamai-san50.exacttarget.com
foodfacts.ikea.us
ikea.se
Inter IKEA Systems B.V.
view.news.email.ikea.us
www.plantech.group
www.littlely.nl
food.ikea.us
switchdz.com
akamai-san50.exacttarget.com
imedis.io
click.news.email.ikea.us
ikea.se
click.news.email.ikea.us
playground.kentliau.com
kamada.info
begooder.app
Inter IKEA Systems B.V.
firebase.leeyen.me
www.todd.expert
firebase.leeyen.me
view.news.email.ikea.us
casetools.app
mta-sts.ikea.us
view.news.email.ikea.us
foodfacts.ikea.us
training-lp.petsallright.net
www.alightmotion.com
ikea.se
industry.ikea.us
view.news.email.ikea.us
cloud.news.email.ikea.us
ikea.se
app.gemxco.com
ikea.se
industry.ikea.us
cloud.news.email.ikea.us
dev.virtual.edutech.team
click.news.email.ikea.us
www.partypooper.am
ikea.se
www.planify.events
1stuff.today
www.nagatani.me
Inter IKEA Systems B.V.
ikea.se
admin.qa.apps.globant.com
www.qincheng1.com
ikea.se
ikea.se
www.todd.expert
ikea.se
access.optculture.com
ikea.se
industry.ikea.us
premium.lovely.app
fivesecond.com
ikea.se
mygf.app
ikea.se
food.ikea.us
click.news.email.ikea.us
akamai-san50.exacttarget.com
evnetwork-beta.noodoe.com
akamai-san50.exacttarget.com
akamai-san50.exacttarget.com
vie.digital
playground.kentliau.com
ama.ne.jp
virtualapp.tiempometa.com
app.contracts.plus
click.news.email.ikea.us
friendswoodgsa.com
industry.ikea.us
ikea.se
view.news.email.ikea.us
Certificate
The complete raw certificate details for mta-sts.ikea.us in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFzDCCBLSgAwIBAgIQB64ipFv4Rtehbyg39jVkbDANBgkqhkiG9w0BAQsFADA8 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g UlNBIDIwNDggTTAzMB4XDTI0MDUwMzAwMDAwMFoXDTI1MDYwMjIzNTk1OVowGjEY MBYGA1UEAxMPbXRhLXN0cy5pa2VhLnVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAu6HyqHL1DWbyvXii2BzL3zhkvVJni9PxwuyxRMtIoOMRkY/ZxfPP dba6lafRaNoY8D/fp4Q2SVXiB50CQK5nnYK6VmtgaBvURrv6Ad7gT1g7HSpL7Efa yuR2V7BsW7zzedO/Wd+EvmRa37K5vC41mdaSIGEkJl3bt/WuRE+m35qUDiEfPSGU n4frwKaez8gyUTp/TGyVqYs2oDVsvVVQqYDDiDfytpAtShJ+H8LMJ80AcRFToxiU TKcNhZU+DfBjuiihZCZw7BGjUAAvfkGgiz5EhE4VHqh1XxCQpP7Og6CwMsAZn2MQ NJGtAPytugYKXZDe/jSMf6D+9hTN2+M8UQIDAQABo4IC6jCCAuYwHwYDVR0jBBgw FoAUVdkYX9IczAHhWLS+q9lVQgHXLgIwHQYDVR0OBBYEFAVD+Zvb9b/5Yx16lVRb UB8Xai66MBoGA1UdEQQTMBGCD210YS1zdHMuaWtlYS51czATBgNVHSAEDDAKMAgG BmeBDAECATAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwucjJtMDMuYW1hem9u dHJ1c3QuY29tL3IybTAzLmNybDB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGG IWh0dHA6Ly9vY3NwLnIybTAzLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYq aHR0cDovL2NydC5yMm0wMy5hbWF6b250cnVzdC5jb20vcjJtMDMuY2VyMAwGA1Ud EwEB/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3AE51oydcmhDDOFts 1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjz0DWewAAAQDAEgwRgIhAL2/uAf9JWN5 rv7ohxgG76Oeb4cc0tbjyPmB2xTWtJdyAiEAhVLbulVXadiC5Ko5jU8KC3hycv0w Kl28deV6cwddQJQAdgB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAA AY89A1omAAAEAwBHMEUCIQCrrBFwidCn5alB+ntIu5E78NE+bxvBkUfK0bjWXytK GgIgf3/5Z1HqFoUUtUyZUckF5Ouu4DVaYd5xuSs6ORh0LkkAdwDm0jFjQHeMwRBB Btdxuc7B0kD2loSG+7qHMh39HjeOUAAAAY89A1o3AAAEAwBIMEYCIQDL6GaVtl/x BtfoaRQWIFy806J8HIyFJf4kOn1+Ihu4WwIhAN32OwnJIEnX8rWxGlya++3I9f4B QE26eX0YaKy7gFXDMA0GCSqGSIb3DQEBCwUAA4IBAQBgHl0Sj8xuu31YiIKmt+Cf V4Zxzj3jurEo7pRWbasrgX9bxG48T3cjGGurMCpSDlOCDug1iSswyia7PrQQ+b8m hlBr/qbi0G572wjli06ehdS+WT6bhRf/uNaCr/TG/UWJ9AaXd/xlzMbASflks5G+ P6C5eoKTPgDGa9iZTiUm4XCZdIwdnnkUSYfNnVzhGflOoM/jATGKMIGJonvpQ9Ke ltp4NFNDo+x9vMSYi8kNQ3T2on8gUgnQWLf5aorwmGNx/3Tt27ZIvZ4RKAxAyjUc /mZ1/yhXnZD2tuRqLQBJ+rCHnY+AAcu8YiX7Og6WmoYKKZduYUogXGlwVbUBjaHO -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6HyqHL1DWbyvXii2BzL 3zhkvVJni9PxwuyxRMtIoOMRkY/ZxfPPdba6lafRaNoY8D/fp4Q2SVXiB50CQK5n nYK6VmtgaBvURrv6Ad7gT1g7HSpL7EfayuR2V7BsW7zzedO/Wd+EvmRa37K5vC41 mdaSIGEkJl3bt/WuRE+m35qUDiEfPSGUn4frwKaez8gyUTp/TGyVqYs2oDVsvVVQ qYDDiDfytpAtShJ+H8LMJ80AcRFToxiUTKcNhZU+DfBjuiihZCZw7BGjUAAvfkGg iz5EhE4VHqh1XxCQpP7Og6CwMsAZn2MQNJGtAPytugYKXZDe/jSMf6D+9hTN2+M8 UQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 10208758247687931654179901926339339372 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M03' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-03 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-06-02 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'mta-sts.ikea.us' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23686422506079203509333115995539977778649358616699048834784185995296269055512506891165716106195293610043018865498658055545559107419472930215978128625701018824494094824513294613932960446343271280341495739015306847245970096661812127111081038244347445424303912349262953380905236780158617239849395283004652564490854205028742046099257244602146040315276094950770391006268765692979213717861782427010189449641865885278974790514778676601794540156813145851006503837962610806624440938103573915921549196656247257067214908107187753016301465775375293254571217339334394281462077930010679001773760612869769257737814501308389117869137 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 55d9185fd21ccc01e158b4beabd9554201d72e02 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 0543f99bdbf5bff9631d7a95545b501f176a2eba . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (19 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mta-sts.ikea.us' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m03.amazontrust.com/r2m03.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m03.amazontrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m03.amazontrust.com/r2m03.cer' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes) 016a0077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018f3d0359ec0000040300483046022100bdbfb807fd256379aefee8871806efa39e6f871cd2d6e3c8f981db14d6b497720221008552dbba555769d882e4aa398d4f0a0b787272fd302a5dbc75e57a73075d40940076007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018f3d035a260000040300473045022100abac117089d0a7e5a941fa7b48bb913bf0d13e6f1bc19147cad1b8d65f2b4a1a02207f7ff96751ea168514b54c9951c905e4ebaee0355a61de71b92b3a3918742e49007700e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018f3d035a370000040300483046022100cbe86695b65ff106d7e8691416205cbcd3a27c1c8c8525fe243a7d7e221bb85b022100ddf63b09c92049d7f2b5b11a5c9afbedc8f5fe01404dba797d1868acbb8055c3 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00601e5d128fcc6ebb7d588882a6b7e09f578671ce3de3bab128ee94566dab2b817f5bc46e3c4f7723186bab302a520e53820ee835892b30ca26bb3eb410f9bf2686506bfea6e2d06e7bdb08e58b4e9e85d4be593e9b8517ffb8d682aff4c6fd4589f4069777fc65ccc6c049f964b391be3fa0b97a82933e00c66bd8994e2526e17099748c1d9e79144987cd9d5ce119f94ea0cfe301318a308189a27be943d29e96da78345343a3ec7dbcc4988bc90d4374f6a27f205209d058b7f96a8af0986371ff74eddbb648bd9e11280c40ca351cfe6675ff28579d90f6b6e46a2d0049fab0879d8f8001cbbc6225fb3a0e969a860a29976e614a205c697055b5018da1ce