askinfosec.rbx.com

Issued by Amazon RSA 2048 M03

About this certificate

This digital certificate with serial number 0b:91:bc:97:5f:2f:40:f9:b2:90:c1:64:06:bb:52:d6 was issued on by Amazon.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=askinfosec.rbx.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0b:91:bc:97:5f:2f:40:f9:b2:90:c1:64:06:bb:52:d6
Serial Number (int): 15378216084037853060144322220987732694
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 51:35:43:c6:19:24:77:d5:dc:53:fe:eb:f4:be:1e:5f:89:0d:15:cc
AuthorityKeyId: 55:d9:18:5f:d2:1c:cc:01:e1:58:b4:be:ab:d9:55:42:01:d7:2e:02

Fingerprint (sha1): 94:7b:40:19:28:c5:1b:d0:b7:36:30:32:14:73:e8:bf:08:36:8b:0c
Fingerprint (sha256): 45:38:f2:34:71:52:d8:52:a0:60:54:95:ad:bc:d3:6f:88:03:94:d8:98:6d:f7:db:ed:00:7c:7a:71:b2:55:7f

Issuing Certificate URL: http://crt.r2m03.amazontrust.com/r2m03.cer

Revocation information

OCSP Server: http://ocsp.r2m03.amazontrust.com
CRL Distribution Point: http://crl.r2m03.amazontrust.com/r2m03.crl

Check the revocation status for certificate askinfosec.rbx.com

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for askinfosec.rbx.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

askinfosec.rbx.com
*.tines.com
forms.rbx.com
*.tines.io

Other certificates including the domain name rbx.com

(limited to 100 certificates)
github-prod1.rbx.com
dev-confluence-dns-name.rbx.com
codecov.rbx.com
bpo-vpn.rbx.com
xray-stage.rbx.com
*.prod.ml.rbx.com
*.public.rbx.com
trino-airflowdev-os-blue.di.rbx.com
aws-us-east-2a-lms.rbx.com
bpo-vpn.rbx.com
confluence-stage-legacy.rbx.com
anchore-stage.rbx.com
testing.rbx.com
vault-stage.rbx.com
github-dev.rbx.com
*.rbx.com
anchore.rbx.com
ml-platform-prod-us-east-1-1-6-1-serving.prod.ml.rbx.com
github-dev.rbx.com
cdctl-devpoller.rbx.com
events.rbx.com
edge-st3-usw1.rbx.com
*.astro.dev-hluo.dic.rbx.com
github-dev-dr.rbx.com
ml-platform-infra-use1-1-5-3.prod.ml.rbx.com
github-dev-dr.rbx.com
teamcity-test.rbx.com
github-dev-dr.rbx.com
artifactory-stage-aa.rbx.com
aws-eu-west-2a-lms.rbx.com
*.ml-platform-dev-internal.prod.ml.rbx.com
ipe-stage-vault.rbx.com
*.astro.dev-core.dic.rbx.com
*.astro.dev-core.dic.rbx.com
artifactory-dev.rbx.com
ros.rbx.com
github-dev.rbx.com
ghaas-test-url.rbx.com
github-dev.rbx.com
ml-platform-stage-use1-1-5-3-serving.prod.ml.rbx.com
ml-platform-stage-use1-1-5-3.prod.ml.rbx.com
ml-platform-infra-use1-1-5-3-serving.prod.ml.rbx.com
confluence-dev.rbx.com
report.rbx.com
*.prod.ml.rbx.com
bpo-vpn.rbx.com
starburst-trino-etl.di.rbx.com
arti-stage-use2.rbx.com
artifactory-edge1.rbx.com
teamcity-ge-dev.rbx.com
github-dev.rbx.com
knomad-development-sitetest2-us-west-1a.rbx.com
aws-us-west-2b-lms.rbx.com
dev-druid-dc-1.di.rbx.com
edge-stage-usw1.rbx.com
*.artifactory.rbx.com
aws-us-west-2b-lms.rbx.com
github-dev.rbx.com
github-dev.rbx.com
artifactory-edge1.rbx.com
jfmc-stage.rbx.com
aws-us-west-1a-lms.rbx.com
edge-prod-usw1.rbx.com
ros-dev.rbx.com
artifactory-edge1.rbx.com
dev-confluence-dns-name.rbx.com
teamcity-test.rbx.com
artifactory-uswest1.rbx.com
dev-confluence-dns-name.rbx.com
vault-demo.rbx.com
aws-eu-west-2c-lms.rbx.com
discourse.rbx.com
*.astro.dev-sroy.dic.rbx.com
discourse.rbx.com
astro-dev.di.rbx.com
ghe-stage1-new.rbx.com
superset-dev.di.rbx.com
*.public.rbx.com
artifactory-edge1.rbx.com
arti-prod-usw1-1.rbx.com
knomad-development-sitetest3-us-west-1.rbx.com
aws-us-east-1b-lms.rbx.com
aws-us-east-1c-lms.rbx.com
staging.noteable.ml.rbx.com
core.airflow2.di.rbx.com
edge-st3-use2.rbx.com
aws-eu-central-1a-lms.rbx.com
jwks-dev.lca.rbx.com
ros-dev.rbx.com
aws-us-east-1a-lms.rbx.com
starburst-green.di.rbx.com
aws-us-east-2a-lms.rbx.com
tfe.rbx.com
aws-eu-west-2a-lms.rbx.com
arti-stage-usw1.rbx.com
aws-ap-northeast-1a-lms.rbx.com
*.data-platform.airflow2.di.rbx.com
fossa-stage.rbx.com
dev-confluence-dns-name.rbx.com
ros-stg.rbx.com

Certificate

The complete raw certificate details for askinfosec.rbx.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF9TCCBN2gAwIBAgIQC5G8l18vQPmykMFkBrtS1jANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAzMB4XDTI0MDQxMTAwMDAwMFoXDTI1MDUxMDIzNTk1OVowHTEb
MBkGA1UEAxMSYXNraW5mb3NlYy5yYnguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAzWqaUERFxGktcwUqyVf6vUBGt+R/mWf8Lnl5C1OK8AC2CadS
erpoZeggTjKzqq68E5D1i8u2HcUMxogPZCXWSsr+eK16ReZfzujv6pRqUoMpZfMr
xi33rJ+I6UbNLijeatilR/fuQk05DcDCiqhuHdgE5da8zRfopJXRB5l6ogMv12ec
SlntEuywbAHXFs+EztQVVRQMCM9MR8HG/WE1N9teEMRIOP80wBOJrIzFd/oGfyO7
IQB9KAvFK+rkGzXlXz5bJpIc9PD58tqPVs1KRxPOsbUbw2cK3ZBrcb46q3HD0SGP
74X4IHWWAfxLyroUmmJcBY5Gh4pPm+1VyL1foQIDAQABo4IDEDCCAwwwHwYDVR0j
BBgwFoAUVdkYX9IczAHhWLS+q9lVQgHXLgIwHQYDVR0OBBYEFFE1Q8YZJHfV3FP+
6/S+Hl+JDRXMMEUGA1UdEQQ+MDyCEmFza2luZm9zZWMucmJ4LmNvbYILKi50aW5l
cy5jb22CDWZvcm1zLnJieC5jb22CCioudGluZXMuaW8wEwYDVR0gBAwwCjAIBgZn
gQwBAgEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAzLmFtYXpvbnRy
dXN0LmNvbS9yMm0wMy5jcmwwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFo
dHRwOi8vb2NzcC5yMm0wMy5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0
dHA6Ly9jcnQucjJtMDMuYW1hem9udHJ1c3QuY29tL3IybTAzLmNlcjAMBgNVHRMB
Af8EAjAAMIIBewYKKwYBBAHWeQIEAgSCAWsEggFnAWUAdABOdaMnXJoQwzhbbNTf
P1LrHfDgjhuNacCx+mSxYpo53wAAAY7PgENgAAAEAwBFMEMCH1sZySbnhDbrVaUb
vdOWJtYGYd4ClERftKIwLxSmI7QCIC0CJdiNwu5WWM5sVk6oChI6TPVcZQLEhXg7
iOSF84xdAHUAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGOz4BD
mQAABAMARjBEAiATCHZ6lsRRk7cL3B/3o+j6TNZop1pSVKKfFVgPr/f1lAIgURPp
HJxLWLxXWhpTge3fhc/CZxg0IHlqfnUvsVqc6McAdgDm0jFjQHeMwRBBBtdxuc7B
0kD2loSG+7qHMh39HjeOUAAAAY7PgEOwAAAEAwBHMEUCIQDlqO6oMZYi4wK8YB0f
3B7WSchxi+CNxRLXeUykIX6E1AIgOeRf6mPMIvbjcdhFCV3kouMvi15ScL3p5xN5
uzvrO48wDQYJKoZIhvcNAQELBQADggEBAJfMtFicdfW3SexBG7pEpC2EEDQxY2vM
ZfBt3GmYAWnJiPAI0Vd5ZvT3oNNKVuJQLeYalgSukztMTky3Lc3zMVEFdvkrbt6N
WE0w2/ICPez7fZVkfzuZzTyz3mJGxZ4jIORE6COObcIFH39/t90q6T1do1bUEUf2
IunqrUBVL5FGi3QjX6cuVf2Q8wcwOYODs+3YrUNL+rzSZw8zVGaOwfhjDLWu7o4C
PLz1UnvKRFxN0+Zap90hY6Uv6fIR/LYgZvNvtTmyHODplP2gOHlN52TqVaYsyCR6
kkNdpSq7YRPBRu+/gbY9iSj33ZVXgVGBNzn5pPYMhfUUYYb8DH3Xsyc=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWqaUERFxGktcwUqyVf6
vUBGt+R/mWf8Lnl5C1OK8AC2CadSerpoZeggTjKzqq68E5D1i8u2HcUMxogPZCXW
Ssr+eK16ReZfzujv6pRqUoMpZfMrxi33rJ+I6UbNLijeatilR/fuQk05DcDCiqhu
HdgE5da8zRfopJXRB5l6ogMv12ecSlntEuywbAHXFs+EztQVVRQMCM9MR8HG/WE1
N9teEMRIOP80wBOJrIzFd/oGfyO7IQB9KAvFK+rkGzXlXz5bJpIc9PD58tqPVs1K
RxPOsbUbw2cK3ZBrcb46q3HD0SGP74X4IHWWAfxLyroUmmJcBY5Gh4pPm+1VyL1f
oQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15378216084037853060144322220987732694
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M03'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-11 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-10 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'askinfosec.rbx.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25931420311674579315155376688104299719667892102781391951494615194235422447026487439322859527168153950314778907542918202986347122787779598320571432980228545750081166277441147751997726752382509126456984761839852573839282716468253856126226389832287280635100956015138345220229716914827545307652569889295444412648467254567301234995819748628844785268643766717731378709690777044954446878294438329751357170549958045876402994616696847700595197262005963094320850165313902705463594939729088224247236403681301626514996086159755359648349506136299960791854869858341840181837049025661717005326355150019876830366506166021926573399969
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 55d9185fd21ccc01e158b4beabd9554201d72e02
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							513543c6192477d5dc53feebf4be1e5f890d15cc
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (62 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'askinfosec.rbx.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.tines.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'forms.rbx.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.tines.io'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m03.amazontrust.com/r2m03.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m03.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m03.amazontrust.com/r2m03.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (359 bytes)
							01650074004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018ecf8043600000040300453043021f5b19c926e78436eb55a51bbdd39626d60661de0294445fb4a2302f14a623b402202d0225d88dc2ee5658ce6c564ea80a123a4cf55c6502c485783b88e485f38c5d0075007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018ecf804399000004030046304402201308767a96c45193b70bdc1ff7a3e8fa4cd668a75a5254a29f15580faff7f59402205113e91c9c4b58bc575a1a5381eddf85cfc267183420796a7e752fb15a9ce8c7007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018ecf8043b00000040300473045022100e5a8eea8319622e302bc601d1fdc1ed649c8718be08dc512d7794ca4217e84d4022039e45fea63cc22f6e371d845095de4a2e32f8b5e5270bde9e71379bb3beb3b8f
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0097ccb4589c75f5b749ec411bba44a42d84103431636bcc65f06ddc69980169c988f008d1577966f4f7a0d34a56e2502de61a9604ae933b4c4e4cb72dcdf331510576f92b6ede8d584d30dbf2023decfb7d95647f3b99cd3cb3de6246c59e2320e444e8238e6dc2051f7f7fb7dd2ae93d5da356d41147f622e9eaad40552f91468b74235fa72e55fd90f30730398383b3edd8ad434bfabcd2670f3354668ec1f8630cb5aeee8e023cbcf5527bca445c4dd3e65aa7dd2163a52fe9f211fcb62066f36fb539b21ce0e994fda038794de764ea55a62cc8247a92435da52abb6113c146efbf81b63d8928f7dd95578151813739f9a4f60c85f5146186fc0c7dd7b327