api.tsykanov.dnevnik.ru

Issued by StartCom Class 1 DV Server CA

About this certificate

This digital certificate with serial number 51:07:91:a5:c8:b2:d3:2b:ef:ef:c9:55:e9:e8:06:65 was issued on by StartCom Ltd..

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=api.tsykanov.dnevnik.ru,C=RU

StartCom Ltd.

Organization: StartCom Ltd.
Organization unit: StartCom Certification Authority
Country: IL

This certificate has expire since

Certificate Details

Serial Number (hex): 51:07:91:a5:c8:b2:d3:2b:ef:ef:c9:55:e9:e8:06:65
Serial Number (int): 107706767820740461834422817911237772901
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 64:f2:eb:ed:de:e8:64:9c:a5:30:3c:fd:f2:c5:fc:83:80:d1:22:ef
AuthorityKeyId: d7:91:4e:01:c4:b0:bf:f8:c8:67:93:44:9c:e7:33:fa:ad:93:0c:af

Fingerprint (sha1): b4:91:41:b8:e0:1a:c2:51:d2:5e:e2:84:81:0d:85:ed:f9:67:ee:14
Fingerprint (sha256): 46:78:40:0b:1b:7b:1b:e3:51:a2:a8:14:b2:a1:98:6e:3b:fd:dc:cd:11:1d:21:99:0c:77:f1:f6:db:d0:a8:87

Issuing Certificate URL: http://aia.startssl.com/certs/sca.server1.crt

Revocation information

OCSP Server: http://ocsp.startssl.com
CRL Distribution Point: http://crl.startssl.com/sca-server1.crl

Check the revocation status for certificate api.tsykanov.dnevnik.ru

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for api.tsykanov.dnevnik.ru

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

11 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

api.tsykanov.dnevnik.ru
api.kuntashev.dnevnik.ru
api.tatarinov.dnevnik.ru
api.trofimov.dnevnik.ru

Other certificates including the domain name dnevnik.ru

(limited to 100 certificates)
help.dnevnik.ru
static.feature10.dnevnik.ru
networks.feature02.dnevnik.ru
api.feature10.dnevnik.ru
*.dnevnik.ru
*.feature01.dnevnik.ru
api.kolushev.dnevnik.ru
feature10.dnevnik.ru
static.feature08.dnevnik.ru
feature08.dnevnik.ru
geoservice.feature10.dnevnik.ru
ts.feature14.dnevnik.ru
ts.feature08.dnevnik.ru
*.feature13.dnevnik.ru
files.feature07.dnevnik.ru
feature02.dnevnik.ru
f1.feature02.dnevnik.ru
api.feature02.dnevnik.ru
help.dnevnik.ru
files.feature01.dnevnik.ru
static.feature01.dnevnik.ru
feature02.dnevnik.ru
feature01.dnevnik.ru
api.feature08.dnevnik.ru
staging.dnevnik.ru
wiki.feature08.dnevnik.ru
feature05.dnevnik.ru
ts.feature04.dnevnik.ru
feature08.dnevnik.ru
staging.dnevnik.ru
files.feature13.dnevnik.ru
files.feature10.dnevnik.ru
events.feature02.dnevnik.ru
*.staging.dnevnik.ru
feature01.dnevnik.ru
*.dnevnik.ru
test.dnevnik.ru
feature12.dnevnik.ru
children.feature08.dnevnik.ru
gosuslugi.feature12.dnevnik.ru
api.feature08.dnevnik.ru
dengi.dnevnik.ru
ts.feature05.dnevnik.ru
*.dnevnik.ru
api.feature02.dnevnik.ru
static.feature05.dnevnik.ru
feature14.dnevnik.ru
*.dnevnik.ru
feature12.dnevnik.ru
feature04.dnevnik.ru
authorities.feature02.dnevnik.ru
api.feature10.dnevnik.ru
login.feature02.dnevnik.ru
feature08.dnevnik.ru
ts.feature13.dnevnik.ru
authorities.feature09.dnevnik.ru
children.feature02.dnevnik.ru
feature04.dnevnik.ru
*.dnevnik.ru
feature08.dnevnik.ru
feature08.dnevnik.ru
*.feature12.dnevnik.ru
api.feature10.dnevnik.ru
files.feature11.dnevnik.ru
help.dnevnik.ru
company.feature08.dnevnik.ru
files.feature03.dnevnik.ru
ae1.feature09.dnevnik.ru
files.feature04.dnevnik.ru
feature08.dnevnik.ru
*.feature10.dnevnik.ru
ts.feature11.dnevnik.ru
help.dnevnik.ru
schools.feature02.dnevnik.ru
api.tsykanov.dnevnik.ru
help.dnevnik.ru
ts.feature07.dnevnik.ru
feature07.dnevnik.ru
ts.feature08.dnevnik.ru
api.feature06.dnevnik.ru
files.feature12.dnevnik.ru
ts.feature10.dnevnik.ru
lib.feature02.dnevnik.ru
feature02.dnevnik.ru
static.feature04.dnevnik.ru
help.dnevnik.ru
groups.feature02.dnevnik.ru
feature14.dnevnik.ru
vpn2.dnevnik.ru
*.staging.dnevnik.ru
login.feature02.dnevnik.ru
static.feature12.dnevnik.ru
wiki.feature02.dnevnik.ru
feature06.dnevnik.ru
*.dnevnik.ru
api.feature02.dnevnik.ru
*.feature04.dnevnik.ru
authorities.feature08.dnevnik.ru
help.dnevnik.ru
api.feature02.dnevnik.ru

Certificate

The complete raw certificate details for api.tsykanov.dnevnik.ru in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgIQUQeRpciy0yvv78lV6egGZTANBgkqhkiG9w0BAQsFADB4
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMg
U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAMTHVN0YXJ0
Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4XDTE2MTAyNDA5MzcxNFoXDTE5MTAy
NDA5MzcxNFowLzELMAkGA1UEBhMCUlUxIDAeBgNVBAMMF2FwaS50c3lrYW5vdi5k
bmV2bmlrLnJ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAico9bIj0
qVHSHf+YzGX1YHijTjF068EBC4xIj/vsfg5akKVjOvRQeN5XfZnQBhcuN8huqcFS
irQWMdh+w8uZ18/J9OqJwTeKHjabkcyATXGxtc0JP5ISokK+NnIi1Va6GoZpWPx0
mBgpgmA0QIU7r5S9AM04lN1WT/SamDDecnL2PW2TtEcTcbK+tFeNur0+fTd0jRP/
rTS59Vkc8ZzuEHEtKVVhRULflTpXQLTrYcLXjEKjTYve6rxQez5Oir7Sa1tE5eEK
dLD9PnIitiI90Bw0rw3wz6zwKsegOELWT7YOSAr0dny/6Mgf87SjwQPsR2BliFRx
bLFL/jP7ivsDGQIDAQABo4ICJzCCAiMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMCBggrBgEFBQcDATAJBgNVHRMEAjAAMB0GA1UdDgQWBBRk8uvt
3uhknKUwPP3yxfyDgNEi7zAfBgNVHSMEGDAWgBTXkU4BxLC/+Mhnk0Sc5zP6rZMM
rzBvBggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnN0YXJ0
c3NsLmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2Vy
dHMvc2NhLnNlcnZlcjEuY3J0MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwu
c3RhcnRzc2wuY29tL3NjYS1zZXJ2ZXIxLmNybDBvBgNVHREEaDBmghdhcGkudHN5
a2Fub3YuZG5ldm5pay5ydYIYYXBpLmt1bnRhc2hldi5kbmV2bmlrLnJ1ghhhcGku
dGF0YXJpbm92LmRuZXZuaWsucnWCF2FwaS50cm9maW1vdi5kbmV2bmlrLnJ1MCMG
A1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzBRBgNVHSAESjBIMAgG
BmeBDAECATA8BgsrBgEEAYG1NwECBTAtMCsGCCsGAQUFBwIBFh9odHRwczovL3d3
dy5zdGFydHNzbC5jb20vcG9saWN5MBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqG
SIb3DQEBCwUAA4IBAQA1zNF51LLbZMD+Ocl05N8erj1Hof92AO9fE1/HZj0gNuaM
85q472MVCfUJtpgsIxTxPeniVxBoQuEhMxxMY79+y6NmvwbVgeFGWhc38dsiOYKL
O+WRcGSQAgEYjGzH6P3cRPCCDhjZ4MPiW9rW5QMJVzzBPlBaV4vbvvnII8G3n07y
wkzODhB46k7VRRmE9lAJg4YzkS31w/lMo2jAp+ik2Ds/UaUGbxNC4Z1FT6vPk0p8
Z0mnUIf4IOXDpSYytlBSqAafbLhsQQJWsIXAvXojvuPN8TwiTnlDlAEaTv2X3TOV
7zCmX3ODuH/FNRjjjh2LZhkMW5MvZpN4CXlg8AO+
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAico9bIj0qVHSHf+YzGX1
YHijTjF068EBC4xIj/vsfg5akKVjOvRQeN5XfZnQBhcuN8huqcFSirQWMdh+w8uZ
18/J9OqJwTeKHjabkcyATXGxtc0JP5ISokK+NnIi1Va6GoZpWPx0mBgpgmA0QIU7
r5S9AM04lN1WT/SamDDecnL2PW2TtEcTcbK+tFeNur0+fTd0jRP/rTS59Vkc8Zzu
EHEtKVVhRULflTpXQLTrYcLXjEKjTYve6rxQez5Oir7Sa1tE5eEKdLD9PnIitiI9
0Bw0rw3wz6zwKsegOELWT7YOSAr0dny/6Mgf87SjwQPsR2BliFRxbLFL/jP7ivsD
GQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 107706767820740461834422817911237772901
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Ltd.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Certification Authority'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Class 1 DV Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-10-24 09:37:14 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-24 09:37:14 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'RU'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'api.tsykanov.dnevnik.ru'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17394376010385473251995702928701270331432951992086356481643788682598423396445408498815044722421805085225506675886707431759351202351412091804586556098612646272264413571517004146897428322144559205813821776216985823186254103234061705080939874210241832295763875659525996128561041134246862766726736473056087728858336172615494790215846127399469714734733657163787380834330034617882153743562387512378503396557426394720309911753039716899805030371412557225826600081120376369555275977263790633722416845583852358218042943194578323983112580159812714743498206206835909457306285064636273640713327738256006868687510538171274793517849
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							64f2ebeddee8649ca5303cfdf2c5fc8380d122ef
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d7914e01c4b0bff8c86793449ce733faad930caf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.startssl.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.startssl.com/certs/sca.server1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.startssl.com/sca-server1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.tsykanov.dnevnik.ru'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.kuntashev.dnevnik.ru'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.tatarinov.dnevnik.ru'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.trofimov.dnevnik.ru'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.18 (issuerAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.startssl.com/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.23223.1.2.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.startssl.com/policy'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0035ccd179d4b2db64c0fe39c974e4df1eae3d47a1ff7600ef5f135fc7663d2036e68cf39ab8ef631509f509b6982c2314f13de9e257106842e121331c4c63bf7ecba366bf06d581e1465a1737f1db2239828b3be5917064900201188c6cc7e8fddc44f0820e18d9e0c3e25bdad6e50309573cc13e505a578bdbbef9c823c1b79f4ef2c24cce0e1078ea4ed5451984f65009838633912df5c3f94ca368c0a7e8a4d83b3f51a5066f1342e19d454fabcf934a7c6749a75087f820e5c3a52632b65052a8069f6cb86c410256b085c0bd7a23bee3cdf13c224e794394011a4efd97dd3395ef30a65f7383b87fc53518e38e1d8b66190c5b932f669378097960f003be