mijn.unive.nl

Issued by Sectigo RSA Domain Validation Secure Server CA

About this certificate

This digital certificate with serial number ba:cd:7f:0b:b0:09:12:99:25:0a:4e:8f:ef:bf:ed:cc was issued on by Sectigo Limited.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=mijn.unive.nl

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): ba:cd:7f:0b:b0:09:12:99:25:0a:4e:8f:ef:bf:ed:cc
Serial Number (int): 248303404864003773331559250588120116684
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 6b:03:6f:f1:4c:bf:a3:57:98:fd:7d:ca:9e:00:da:02:d3:e9:3e:73
AuthorityKeyId: 8d:8c:5e:c4:54:ad:8a:e1:77:e9:9b:f9:9b:05:e1:b8:01:8d:61:e1

Fingerprint (sha1): 7b:62:62:6e:ef:0b:1a:e3:40:d5:1d:71:16:5a:8f:7a:a0:04:d5:0d
Fingerprint (sha256): 47:00:44:4e:a5:88:4b:8f:7d:59:4d:4e:9d:f0:9a:f8:92:25:24:5e:24:7d:e4:6c:e1:11:21:d9:f0:89:c6:40

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com

Check the revocation status for certificate mijn.unive.nl

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for mijn.unive.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

mijn.unive.nl
www.mijn.unive.nl

Other certificates including the domain name unive.nl

(limited to 100 certificates)
www.acc.unive.nl
web.unive.nl
mail.vgz.nl
tracking.unive.nl
acc.unive.nl
mijn.unive.nl
rechtshulpagrarisch.unive.nl
lync.unive.nl
api-opa.unive.nl
iw.unive.nl
tracking.unive.nl
iw.unive.nl
bb.unive.nl
vpn.unive.nl
remote.unive.nl
api-atp.unive.nl
webwerken.unive.nl
api.unive.nl
rechtshulpagrarisch.unive.nl
dispatchtest.unive.nl
mijn.unive.nl
vpn.unive.nl
mxb.unive.nl
services-pat.unive.nl
unive.nl
mxa.unive.nl
prod.unive.nl
vpn.unive.nl
tracking.unive.nl
email.unive.nl
tracking.unive.nl
rd.unive.nl
dsuniverabobank.unive.nl
privatelease.beta.unive.nl
stadenland.unive.nl
www.unive.nl
lync.unive.nl
www.unive.nl
privatelease.beta.unive.nl
zakelijk.unive.nl
tracking.unive.nl
api.unive.nl
tracking.unive.nl
rechtshulpmkb.unive.nl
www.unive.nl
mijn.unive.nl
mijn.unive.nl
vpn.unive.nl
rechtshulpagrarisch.unive.nl
acc.unive.nl
stadenland.unive.nl
opa.unive.nl
tracking.unive.nl
rechtshulpagrarisch.unive.nl
cdn-pat.unive.nl
rechtshulpmkb.unive.nl
iw-pat.unive.nl
*.prod.daas.unive.nl
mijn.unive.nl
www.unive.nl
api.unive.nl
videochat.unive.nl
email.unive.nl
mail.unive.nl
lync.unive.nl
cdn.unive.nl
login.pat.unive.nl
mxb.unive.nl
pns-digital.unive.nl
*.ot.daas.unive.nl
services.unive.nl
bb.unive.nl
www.unive.nl
beta.unive.nl
login.unive.nl
www.unive.nl
flexwerken.unive.nl
pns-digital.unive.nl
dispatchtest.unive.nl
pns-digital.unive.nl
pat.unive.nl
vpn.unive.nl
dispatch.unive.nl
tracking.unive.nl
365.unive.nl
tracking.unive.nl
cdn.unive.nl
accmijn.unive.nl
tracking.unive.nl
cdn-pat.unive.nl
cdn.unive.nl
email.unive.nl
webwerken.unive.nl
iw-pat.unive.nl
vpn.unive.nl
pat.unive.nl
email.unive.nl
vpn.unive.nl
webmail.unive.nl
www.unive.nl

Certificate

The complete raw certificate details for mijn.unive.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGNzCCBR+gAwIBAgIRALrNfwuwCRKZJQpOj++/7cwwDQYJKoZIhvcNAQELBQAw
gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE
AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0yMDAxMjcwMDAwMDBaFw0yMTA0MjAyMzU5NTlaMBgxFjAUBgNVBAMTDW1p
am4udW5pdmUubmwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPSDDJ
QoRer6b7iIOxgv6jcQifgrNNqZlxvThYqZnjcvM4P8l1OgdMdUh2DgRcTDJwz9/2
gbuDyEyA1icWJ8gOY9MKzzLi5/T2dxosEvxkGrWJ+uuw4Q2NrdAJr9jHudLIMsWx
H+lrVET8qIlEVxjjeT+O4V5frcNxgE9hU/2Ds3czOwztL6lQ38fU4EnvEq+XQtTK
hEzUKc4IoxMvgtdujuh1/yM4x4wHRlx0FCWOUZkCs5VF5NHZuIpg4cMt60miEuS7
GXVaVuO5VHXsWfXEeHZ2n73OgrCt6EGN98sDLxcPPfASZTAL36SJyjGUYspxQ1hH
bv+busCp3MNz12z1AgMBAAGjggMCMIIC/jAfBgNVHSMEGDAWgBSNjF7EVK2K4Xfp
m/mbBeG4AY1h4TAdBgNVHQ4EFgQUawNv8Uy/o1eY/X3KngDaAtPpPnMwDgYDVR0P
AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcCARYX
aHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcBAQR4
MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JT
QURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUHMAGG
F2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMCsGA1UdEQQkMCKCDW1pam4udW5pdmUu
bmyCEXd3dy5taWpuLnVuaXZlLm5sMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgA
dgB9PvL4j/+IVWgkwsDKnlKJeSvFDngJfy5ql2iZfiLw1wAAAW/ohqGgAAAEAwBH
MEUCIQCycBnIcn4Vhj5BN3M2ADR2GCpzGdKLVTREpKV3MLV0XQIgMmfHrRYKX5ed
SOPH2wDGfnzsLyG0OK6V/2YMpJc3pwEAdgBElGUusO7Or8RAB9io/ijA2uaCvtjL
MbU/0zOWtbaBqAAAAW/ohqGSAAAEAwBHMEUCIQCwp4pWken+AtAx6IZUozIXODKj
BtGtts13uY5ZS/nFYAIgL3BJrnZuB6qtHDmQ+GvyOCR+1+hf4ryBlnidFV9FOIUA
dgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW/ohqGMAAAEAwBH
MEUCIH39QWL00tzQS4c8yRTBfjz6xSjvKxZJ4fdrp0DhCSO7AiEA/d6DIVvY3oMy
XC7lvHd9TOFwmFoS6zUIGMK3tXCXSRQwDQYJKoZIhvcNAQELBQADggEBALdZh1py
7BHt1bkBlhUAV70nkAKOdTt9JXJxGU5QZitIjZtlCwn19oAbCmFbcEZDtt5Ou6UV
7Z6FPaCNzAJlAyCScJkZj/HQC+awpvNemWImB3MGBFcZHcQUnkG6DKU3I+5mjVTz
YZZPx6ncGMpEYOwJOMJDC6TOuiZ92UEo32T3zDPBxl68Wxq+1pOA1P/f1Cw6rNSX
jq2oRbMXRKMLwQJ+YMtv3QAldfg25cJ/cH1yHjoOyF7bgW2OiGlvqtasIkWypkX6
y1DXflhnYh4uFK3tENHbfB6jn/ZxNGNAV91fx6KYuLbpaIo1UkWicIsYZ8aOngyZ
Tcr0LBLCfg+Q+Y4=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0gwyUKEXq+m+4iDsYL+
o3EIn4KzTamZcb04WKmZ43LzOD/JdToHTHVIdg4EXEwycM/f9oG7g8hMgNYnFifI
DmPTCs8y4uf09ncaLBL8ZBq1ifrrsOENja3QCa/Yx7nSyDLFsR/pa1RE/KiJRFcY
43k/juFeX63DcYBPYVP9g7N3MzsM7S+pUN/H1OBJ7xKvl0LUyoRM1CnOCKMTL4LX
bo7odf8jOMeMB0ZcdBQljlGZArOVReTR2biKYOHDLetJohLkuxl1WlbjuVR17Fn1
xHh2dp+9zoKwrehBjffLAy8XDz3wEmUwC9+kicoxlGLKcUNYR27/m7rAqdzDc9ds
9QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 248303404864003773331559250588120116684
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Domain Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-01-27 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-04-20 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'mijn.unive.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26166927625299192507526804915294406766987939733234586428173242837145049168936333026046527342593666510534182522299768379956343904868380645887850352805274209191222303301103488010118997500223636183494164841062209768626536373725006936600286818977558671096419437468481683300626449064637109408047685315492039302505738406730298231440785482371656493483038255150785071624884660794709683207594823776461449505202276971950297731396301415613939623280937883931206330859727519456728933329961840263953590815000066031552095441804429200630272162957518497168716446741018626308125037337468301602115676706782420595420760701349519034903797
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 8d8c5ec454ad8ae177e99bf99b05e1b8018d61e1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6b036ff14cbfa35798fd7dca9e00da02d3e93e73
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (120 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mijn.unive.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.mijn.unive.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680076007d3ef2f88fff88556824c2c0ca9e5289792bc50e78097f2e6a9768997e22f0d70000016fe886a1a00000040300473045022100b27019c8727e15863e41377336003476182a7319d28b553444a4a57730b5745d02203267c7ad160a5f979d48e3c7db00c67e7cec2f21b438ae95ff660ca49737a7010076004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000016fe886a1920000040300473045022100b0a78a5691e9fe02d031e88654a332173832a306d1adb6cd77b98e594bf9c56002202f7049ae766e07aaad1c3990f86bf238247ed7e85fe2bc8196789d155f4538850076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000016fe886a18c000004030047304502207dfd4162f4d2dcd04b873cc914c17e3cfac528ef2b1649e1f76ba740e10923bb022100fdde83215bd8de83325c2ee5bc777d4ce170985a12eb350818c2b7b570974914
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b759875a72ec11edd5b90196150057bd2790028e753b7d257271194e50662b488d9b650b09f5f6801b0a615b704643b6de4ebba515ed9e853da08dcc02650320927099198ff1d00be6b0a6f35e9962260773060457191dc4149e41ba0ca53723ee668d54f361964fc7a9dc18ca4460ec0938c2430ba4ceba267dd94128df64f7cc33c1c65ebc5b1abed69380d4ffdfd42c3aacd4978eada845b31744a30bc1027e60cb6fdd002575f836e5c27f707d721e3a0ec85edb816d8e88696faad6ac2245b2a645facb50d77e5867621e2e14aded10d1db7c1ea39ff67134634057dd5fc7a298b8b6e9688a355245a2708b1867c68e9e0c994dcaf42c12c27e0f90f98e