mail.ckvt.cz
Issued by RapidSSL SHA256 CA - G2
About this certificate
This digital certificate with serial number 3d:94:e7:b1:d7:f9:75:2f:6d:7e:55:7d:74:f5:45:80 was issued on by GeoTrust Inc..
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
- Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)
Certificate Subject
CN=mail.ckvt.cz
GeoTrust Inc.
Organization:
GeoTrust Inc.
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 3d:94:e7:b1:d7:f9:75:2f:6d:7e:55:7d:74:f5:45:80Serial Number (int): 81856067004787084329248967253841757568
Serial Number lenght: 126 bits, 16 octets
SubjectKeyId:
AuthorityKeyId: 4c:f4:bf:e8:3b:be:c2:24:f3:1b:47:3b:b5:6e:48:8e:16:ab:af:12
Fingerprint (sha1): 46:ca:bb:63:1a:c2:d6:77:08:4b:b3:80:5d:d0:4b:0d:4f:e8:68:31
Fingerprint (sha256): 46:61:8c:80:f7:36:16:a3:da:18:17:00:27:9f:6d:47:74:32:30:2c:e0:93:a9:3b:2f:a9:49:a3:d9:c8:d0:8c
Issuing Certificate URL: http://gs.symcb.com/gs.crt
Revocation information
OCSP Server: http://gs.symcd.comCRL Distribution Point: http://gs.symcb.com/gs.crl
Check the revocation status for certificate mail.ckvt.cz
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for mail.ckvt.cz
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
mail.ckvt.cz
Other certificates including the domain name ckvt.cz
(limited to 100 certificates)
exclusive.ckvt.cz
synology.ckvt.cz
ckvt.cz
exclusive.ckvt.cz
www.ckvt.cz
mail.ckvt.cz
exclusive.ckvt.cz
istour.ckvt.cz
mail.ckvt.cz
www.ckvt.cz
exclusive.ckvt.cz
istour.ckvt.cz
istour.ckvt.cz
sni.cloudflaressl.com
istour.ckvt.cz
istour.ckvt.cz
mail.ckvt.cz
mail.ckvt.cz
www.ckvt.cz
synology.ckvt.cz
control.ckvt.cz
exclusive.ckvt.cz
exclusive.ckvt.cz
mail.ckvt.cz
istour.ckvt.cz
control.ckvt.cz
ckvt.cz
exclusive.ckvt.cz
www.ckvt.cz
exclusive.ckvt.cz
exclusive.ckvt.cz
sni.cloudflaressl.com
sni.cloudflaressl.com
www.ckvt.cz
control.ckvt.cz
www.ckvt.cz
exclusive.ckvt.cz
sni.cloudflaressl.com
file.synology.ckvt.cz
exclusive.ckvt.cz
exclusive.ckvt.cz
sni.cloudflaressl.com
ckvt.cz
ckvt.cz
www.ckvt.cz
exclusive.ckvt.cz
exclusive.ckvt.cz
www.ckvt.cz
mail.ckvt.cz
exclusive.ckvt.cz
exclusive.ckvt.cz
ckvt.cz
exclusive.ckvt.cz
control.ckvt.cz
synology.ckvt.cz
ckvt.cz
exclusive.ckvt.cz
www.ckvt.cz
mail.ckvt.cz
exclusive.ckvt.cz
istour.ckvt.cz
mail.ckvt.cz
www.ckvt.cz
exclusive.ckvt.cz
istour.ckvt.cz
istour.ckvt.cz
sni.cloudflaressl.com
istour.ckvt.cz
istour.ckvt.cz
mail.ckvt.cz
mail.ckvt.cz
www.ckvt.cz
synology.ckvt.cz
control.ckvt.cz
exclusive.ckvt.cz
exclusive.ckvt.cz
mail.ckvt.cz
istour.ckvt.cz
control.ckvt.cz
ckvt.cz
exclusive.ckvt.cz
www.ckvt.cz
exclusive.ckvt.cz
exclusive.ckvt.cz
sni.cloudflaressl.com
sni.cloudflaressl.com
www.ckvt.cz
control.ckvt.cz
www.ckvt.cz
exclusive.ckvt.cz
sni.cloudflaressl.com
file.synology.ckvt.cz
exclusive.ckvt.cz
exclusive.ckvt.cz
sni.cloudflaressl.com
ckvt.cz
ckvt.cz
www.ckvt.cz
exclusive.ckvt.cz
exclusive.ckvt.cz
www.ckvt.cz
mail.ckvt.cz
exclusive.ckvt.cz
exclusive.ckvt.cz
ckvt.cz
exclusive.ckvt.cz
control.ckvt.cz
Certificate
The complete raw certificate details for mail.ckvt.cz in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFYDCCBEigAwIBAgIQPZTnsdf5dS9tflV9dPVFgDANBgkqhkiG9w0BAQsFADBH MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMX UmFwaWRTU0wgU0hBMjU2IENBIC0gRzIwHhcNMTcxMDIzMDAwMDAwWhcNMTgxMTIy MjM1OTU5WjAXMRUwEwYDVQQDDAxtYWlsLmNrdnQuY3owggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQDhVmw3mk8SzUyy6DmGPLIkN2lAMh7b7tjlmhDbGXhB ejKjjTb1pBD+iFoG9jWlhDR9Og6MjCL9tUI0RYwI8gD9iagt8NI6rOmO76HHf+oT MVPRaZgzIAbVIvGh/EjduQk43gbFWQVHXlKxkzTA+8VmxmdFVjj5sV3HxpPLJbML X3BwXZlFmEVTMmqVqeg5BpIPmRWTKL1NbMQiC0d+WrOjIwLDq4QNqXe0gtzaH9Ra p61bjh0uz9yQda/haJNL/Cpx35/bZoh1JLVXR8OB3oTKc6hYSOCszwNxj8B4+lld OlqTnUyTuTRtaXsPBVxvHqL2GE4VAisMecUSnAShinz1AgMBAAGjggJ2MIICcjAX BgNVHREEEDAOggxtYWlsLmNrdnQuY3owCQYDVR0TBAIwADArBgNVHR8EJDAiMCCg HqAchhpodHRwOi8vZ3Muc3ltY2IuY29tL2dzLmNybDBvBgNVHSAEaDBmMGQGBmeB DAECATBaMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy5yYXBpZHNzbC5jb20vbGVn YWwwLAYIKwYBBQUHAgIwIAweaHR0cHM6Ly93d3cucmFwaWRzc2wuY29tL2xlZ2Fs MB8GA1UdIwQYMBaAFEz0v+g7vsIk8xtHO7VuSI4Wq68SMA4GA1UdDwEB/wQEAwIF oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVwYIKwYBBQUHAQEESzBJ MB8GCCsGAQUFBzABhhNodHRwOi8vZ3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpo dHRwOi8vZ3Muc3ltY2IuY29tL2dzLmNydDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA 7wB2AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABX0l3d4sAAAQD AEcwRQIhAJQhXFkP+jOtdW6tRTBzp4z2/JXedRJ9orly6zfzgZcpAiBtW7Cds2B6 GwXnHvvsP3wjUAB4MQwbWyJdf5hzAok/wQB1AKS5CZC0GFgUh7sTosxncAo8NZgE +RvfuON3zQ7IDdwQAAABX0l3d8AAAAQDAEYwRAIgPOpGFPqt3RGVbvrKwRUzsExr NCP+wjq4HURD0b/SHZsCIEGo+V3LD91IhnalP6g8V+A9AiZgeOMah+RvIJSVZ04d MA0GCSqGSIb3DQEBCwUAA4IBAQCXqgmSsVg9I7FWT3jVjFkJgmFs3xA5oMHGxzhe MEOGVva79QOn8ZFb3ChbZ8yywLI6F6JArflP9F3gHtwUw99MDaRkwitWwK0PBU1b pkOxiLBwchAXov2pMTTjmxmBE5O0Hbn304duRnHTr0EkA8DrOBQA15cWpglGHq2/ 6vGvbr0HObet5vZeOREfH7c3qrwyB1ZL2hC7wC8EKdUEhcrS+1kCRvczkq949Vh2 6SO5c6eLwgtIovNHLFm8X3b215vqN4+nFe24yr+WgdWS5+MgLDA9FHIyKybb2Oox m8M+lb/LQFFpmcNrCEUO4Rc0rnvLkDOBrMH9ujclIW137Z6O -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VZsN5pPEs1Msug5hjyy JDdpQDIe2+7Y5ZoQ2xl4QXoyo4029aQQ/ohaBvY1pYQ0fToOjIwi/bVCNEWMCPIA /YmoLfDSOqzpju+hx3/qEzFT0WmYMyAG1SLxofxI3bkJON4GxVkFR15SsZM0wPvF ZsZnRVY4+bFdx8aTyyWzC19wcF2ZRZhFUzJqlanoOQaSD5kVkyi9TWzEIgtHflqz oyMCw6uEDal3tILc2h/UWqetW44dLs/ckHWv4WiTS/wqcd+f22aIdSS1V0fDgd6E ynOoWEjgrM8DcY/AePpZXTpak51Mk7k0bWl7DwVcbx6i9hhOFQIrDHnFEpwEoYp8 9QIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 81856067004787084329248967253841757568 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'RapidSSL SHA256 CA - G2' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-10-23 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-11-22 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'mail.ckvt.cz' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28446235250630652437580502883707658694113281248797722697748181996114188994927702943798313987188371772278410658089698244366070807343282384055670289773076079404038612295198826877894237447211559742275970902422200984114015191606628583956162071168298420773858191249911187719553849523235286789424005755037891249209982424605150735965291280212070183368896812242941696549282872577248982890836457595964861403607846138243293461452995311912274964789781705831411745934632574955490816459582822555007982464113183458160551889290132260001701311522016881532925871172489055109405526175534696675087836468990562317349763805972736695237877 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (16 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mail.ckvt.cz' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gs.symcb.com/gs.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.rapidssl.com/legal' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://www.rapidssl.com/legal' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 4cf4bfe83bbec224f31b473bb56e488e16abaf12 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gs.symcd.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gs.symcb.com/gs.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes) 00ef007600ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc0000015f4977778b000004030047304502210094215c590ffa33ad756ead453073a78cf6fc95de75127da2b972eb37f381972902206d5bb09db3607a1b05e71efbec3f7c23500078310c1b5b225d7f987302893fc1007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000015f497777c0000004030046304402203cea4614faaddd11956efacac11533b04c6b3423fec23ab81d4443d1bfd21d9b022041a8f95dcb0fdd488676a53fa83c57e03d02266078e31a87e46f209495674e1d . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0097aa0992b1583d23b1564f78d58c590982616cdf1039a0c1c6c7385e30438656f6bbf503a7f1915bdc285b67ccb2c0b23a17a240adf94ff45de01edc14c3df4c0da464c22b56c0ad0f054d5ba643b188b070721017a2fda93134e39b19811393b41db9f7d3876e4671d3af412403c0eb381400d79716a609461eadbfeaf1af6ebd0739b7ade6f65e39111f1fb737aabc3207564bda10bbc02f0429d50485cad2fb590246f73392af78f55876e923b973a78bc20b48a2f3472c59bc5f76f6d79bea378fa715edb8cabf9681d592e7e3202c303d1472322b26dbd8ea319bc33e95bfcb40516999c36b08450ee11734ae7bcb903381acc1fdba3725216d77ed9e8e