dsf.kronos-web.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 09:56:41:7f:fb:51:e7:2b:81:2c:15:aa:2a:5f:4c:39 was issued on by Amazon.

With 23 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=dsf.kronos-web.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 09:56:41:7f:fb:51:e7:2b:81:2c:15:aa:2a:5f:4c:39
Serial Number (int): 12410917988278866828058090799345126457
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 1e:b0:77:a8:2a:f0:8b:da:51:c9:91:0e:99:14:a3:0b:d1:c0:1f:32
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): fd:55:2b:aa:9a:42:42:9c:35:a7:ca:23:cb:7a:8f:a3:48:42:c1:8b
Fingerprint (sha256): 46:31:98:e1:16:b9:48:40:85:ac:b7:04:5c:be:87:64:c5:6e:d0:ca:01:34:d6:69:5e:52:30:9f:f9:8d:e7:ef

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate dsf.kronos-web.com

23

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for dsf.kronos-web.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

dsf.kronos-web.com
*.dsf.kronos-web.com
*.accp.desjardins.kronos-web.com
www.kronos-finance.ca
desjardins.kronos-web.com
www.kronos-web.com
accp.desjardins.kronos-web.com
kronostechnologies.com
kronos-finance.ca
www.kronos-abf.ca
*.accp.dsf.kronos-web.com
*.accp.kronos-web.com
*.desjardins.kronos-web.com
*.kronos-web.com
*.kronostechnologies.com
kronos-mail.com
www.kronos-fna.ca
kronos-abf.ca
kronos-web.com
kronos-fna.ca
*.kronos-mail.com
accp.dsf.kronos-web.com
*.wiki-crm.kronos-web.com

Other certificates including the domain name kronos-web.com

(limited to 100 certificates)
secure.accp.dfs.kronos-web.com
*.accp.dsf.kronos-web.com
fr.wiki-crm.kronos-web.com
secure.fnct.kronos-web.com
*.accp.dsf.kronos-web.com
kronos-web.com
kronos-web.com
*.kronos-crm.com
edge.fnct.kronos-web.com
secure.dfs.kronos-web.com
*.kronos-crm.com
depot.kronos-web.com
kronos-web.com
*.accp.kronos-web.com
fr.wiki-crm.kronos-web.com
dsf.kronos-web.com
secure.accp.dsf.kronos-web.com
auth-accp.kronos-web.com
*.kronos-crm.com
*.kronos-crm.com
fr.wiki-crm.kronos-web.com
static.kronos-web.com
*.kronos-web.com
*.kronos-web.com
*.accp.kronos-web.com
*.kronos-crm.com
*.kronos-crm.com
fr.wiki-crm.kronos-web.com
*.dsf.kronos-web.com
static.kronos-web.com
fr.wiki-crm.kronos-web.com
*.kronos-crm.com
secure.dfs.kronos-web.com
*.accp.dsf.kronos-web.com
*.kronos-web.com
kronos-web.com
depot.kronos-web.com
secure.dsf.kronos-web.com
kronos-web.com
*.kronos-web.com
secure.accp.dfs.kronos-web.com
depot.kronos-web.com
fr.wiki-crm.kronos-web.com
kronos-web.com
*.accp.kronos-web.com
cache.kronos-web.com
*.kronos-web.com
*.dsf.kronos-web.com
*.kronos-crm.com
dsf.kronos-web.com
fr.wiki-crm.kronos-web.com
*.kronos-crm.com
secure.accp.kronos-web.com
*.kronos-web.com
*.kronos-web.com
*.accp.kronos-web.com
dsf.kronos-web.com
static.kronos-web.com
*.dsf.kronos-web.com
cache.kronos-web.com
*.kronos-crm.com

Certificate

The complete raw certificate details for dsf.kronos-web.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHxjCCBq6gAwIBAgIQCVZBf/tR5yuBLBWqKl9MOTANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTI0MDMyMDAwMDAwMFoXDTI1MDQxOTIzNTk1OVowHTEb
MBkGA1UEAxMSZHNmLmtyb25vcy13ZWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAjIfz4d6txsJV9eaOaL60jJcquv9DUEMd1PqcjL4xE5fCRSwl
6JGduDIY9tB3549Cyt8Sa2U6OyDMeHOfoJ4b4AEe42SvjMX6WNjJ/UyNpMM8gYYU
kq6Xp62ILeEpm14HbsLpruaJqmFYXbxa/G/p/X4YA29ddQKUh580593LSzaR5bw6
eh93xUa0tIGvZZaiIzGNLrICk92pCt3clwJ3R5jp32wXyZHE78j1ZA40R8Ulvy42
flaRm3M648g/4txHDfUzoZsjIYjn8a+Cmz+KBkPi2vXqKYvkXhZvX3H1I0S4uJez
2JFclDL4pZ3yTZOju2X3VOwOim5Tgn+Hfy7XOwIDAQABo4IE4TCCBN0wHwYDVR0j
BBgwFoAUwDFSzVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFB6wd6gq8IvaUcmR
DpkUowvRwB8yMIICEQYDVR0RBIICCDCCAgSCEmRzZi5rcm9ub3Mtd2ViLmNvbYIU
Ki5kc2Yua3Jvbm9zLXdlYi5jb22CICouYWNjcC5kZXNqYXJkaW5zLmtyb25vcy13
ZWIuY29tghV3d3cua3Jvbm9zLWZpbmFuY2UuY2GCGWRlc2phcmRpbnMua3Jvbm9z
LXdlYi5jb22CEnd3dy5rcm9ub3Mtd2ViLmNvbYIeYWNjcC5kZXNqYXJkaW5zLmty
b25vcy13ZWIuY29tghZrcm9ub3N0ZWNobm9sb2dpZXMuY29tghFrcm9ub3MtZmlu
YW5jZS5jYYIRd3d3Lmtyb25vcy1hYmYuY2GCGSouYWNjcC5kc2Yua3Jvbm9zLXdl
Yi5jb22CFSouYWNjcC5rcm9ub3Mtd2ViLmNvbYIbKi5kZXNqYXJkaW5zLmtyb25v
cy13ZWIuY29tghAqLmtyb25vcy13ZWIuY29tghgqLmtyb25vc3RlY2hub2xvZ2ll
cy5jb22CD2tyb25vcy1tYWlsLmNvbYIRd3d3Lmtyb25vcy1mbmEuY2GCDWtyb25v
cy1hYmYuY2GCDmtyb25vcy13ZWIuY29tgg1rcm9ub3MtZm5hLmNhghEqLmtyb25v
cy1tYWlsLmNvbYIXYWNjcC5kc2Yua3Jvbm9zLXdlYi5jb22CGSoud2lraS1jcm0u
a3Jvbm9zLXdlYi5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCg
LqAshipodHRwOi8vY3JsLnIybTAyLmFtYXpvbnRydXN0LmNvbS9yMm0wMi5jcmww
dQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5yMm0wMi5h
bWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQucjJtMDIuYW1h
em9udHJ1c3QuY29tL3IybTAyLmNlcjAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHW
eQIEAgSCAW4EggFqAWgAdQBOdaMnXJoQwzhbbNTfP1LrHfDgjhuNacCx+mSxYpo5
3wAAAY5ZobGvAAAEAwBGMEQCIQCg5l8I29GWQ6ryfgsNSbArhhxb8hC0Zqz+j1Kf
MMsvZQIfNKv8+SvNRNF3o6x3uxn3qdc5StbdDMTDjTAPUVgLzQB2AH1ZHhLheCp7
HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4AAABjlmhsewAAAQDAEcwRQIhAOWMb9gP
NU6wbuJk8m33hdbS7vpw2zJJtYVQbs/EXUR8AiBwWnKiEem1wNTGt0YQVA06F+/r
B5u5em4GeKoZwRQE9wB3AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45Q
AAABjlmhsfkAAAQDAEgwRgIhAM/WGBvXlZkyFzSVutwSaDSH02e2zhXCI2Gz1n2h
/32mAiEA21PdwIAnuKCZkFYLzcbQNWCCp5jOsGYMs6bmmsmDQSMwDQYJKoZIhvcN
AQELBQADggEBAEYF0czscvwWUas9GXJPOEY6ATUuP2GNSIi4I2CQhFZOFKvHgztj
5lEQCbVR2GjOuN982royIR6Z0OBH7kIlt4TpL0a5UobO1FSTT1YWnukFTdHrsENf
fKgDH96rdK/rkljyfre2Bk06hjvDKxt1U+yV9OKLJ6wTIntOr47cdufbM8qdQDEy
Hiv8188OlDkuWVAExt29vwYxvNHJGwnfZgwU7aMSvmB4tghzhDpIBLGFrr28g0wE
wvSdyShibnpYxDOkJnsem9xcr2WM8kJSgKLbtg92UGgj4vJ+36oFv+2wfYrSSsXs
GuT5lt4LWD5TYjAmvViKhN+eu5Qczm6T5Xg=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIfz4d6txsJV9eaOaL60
jJcquv9DUEMd1PqcjL4xE5fCRSwl6JGduDIY9tB3549Cyt8Sa2U6OyDMeHOfoJ4b
4AEe42SvjMX6WNjJ/UyNpMM8gYYUkq6Xp62ILeEpm14HbsLpruaJqmFYXbxa/G/p
/X4YA29ddQKUh580593LSzaR5bw6eh93xUa0tIGvZZaiIzGNLrICk92pCt3clwJ3
R5jp32wXyZHE78j1ZA40R8Ulvy42flaRm3M648g/4txHDfUzoZsjIYjn8a+Cmz+K
BkPi2vXqKYvkXhZvX3H1I0S4uJez2JFclDL4pZ3yTZOju2X3VOwOim5Tgn+Hfy7X
OwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 12410917988278866828058090799345126457
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-20 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-19 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'dsf.kronos-web.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17740403453126359853614530329122078145686403242745797401110765765931523033364870245872725720637747894251223130504687089632574252826330729230215986827406250022077939373989280309486717100125940485061393705784719006151536637313156324808343577339294056335823127442298975457983349642437450561230769730748454673086049564744617819678610605370156528273743544929641547792972873540041592600389757587838366902682671229345016364183644848734113276974400632424997436734608317444581245634919910470136189174077436264676935242070852656747723492048657092346206740961773898428459954855228004133492224207549410241182784095399097228252987
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1eb077a82af08bda51c9910e9914a30bd1c01f32
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (520 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dsf.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.dsf.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.accp.desjardins.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kronos-finance.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'desjardins.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'accp.desjardins.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kronostechnologies.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kronos-finance.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kronos-abf.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.accp.dsf.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.accp.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.desjardins.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.kronostechnologies.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kronos-mail.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kronos-fna.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kronos-abf.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kronos-fna.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.kronos-mail.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'accp.dsf.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.wiki-crm.kronos-web.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680075004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018e59a1b1af0000040300463044022100a0e65f08dbd19643aaf27e0b0d49b02b861c5bf210b466acfe8f529f30cb2f65021f34abfcf92bcd44d177a3ac77bb19f7a9d7394ad6dd0cc4c38d300f51580bcd0076007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018e59a1b1ec0000040300473045022100e58c6fd80f354eb06ee264f26df785d6d2eefa70db3249b585506ecfc45d447c0220705a72a211e9b5c0d4c6b74610540d3a17efeb079bb97a6e0678aa19c11404f7007700e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018e59a1b1f90000040300483046022100cfd6181bd7959932173495badc12683487d367b6ce15c22361b3d67da1ff7da6022100db53ddc08027b8a09990560bcdc6d0356082a798ceb0660cb3a6e69ac9834123
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004605d1ccec72fc1651ab3d19724f38463a01352e3f618d4888b823609084564e14abc7833b63e6511009b551d868ceb8df7cdaba32211e99d0e047ee4225b784e92f46b95286ced454934f56169ee9054dd1ebb0435f7ca8031fdeab74afeb9258f27eb7b6064d3a863bc32b1b7553ec95f4e28b27ac13227b4eaf8edc76e7db33ca9d4031321e2bfcd7cf0e94392e595004c6ddbdbf0631bcd1c91b09df660c14eda312be6078b60873843a4804b185aebdbc834c04c2f49dc928626e7a58c433a4267b1e9bdc5caf658cf2425280a2dbb60f76506823e2f27edfaa05bfedb07d8ad24ac5ec1ae4f996de0b583e53623026bd588a84df9ebb941cce6e93e578