thenexuscommunity.de

Issued by GTS CA 1P5

About this certificate

This digital certificate with serial number df:f8:b0:b7:db:f0:fe:04:0d:6b:4f:21:88:78:11:3f was issued on by Google Trust Services LLC.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=thenexuscommunity.de

Google Trust Services LLC

Organization: Google Trust Services LLC
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): df:f8:b0:b7:db:f0:fe:04:0d:6b:4f:21:88:78:11:3f
Serial Number (int): 297709116951865418617215591654754881855
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: f6:bc:fb:3b:73:ca:f5:66:b7:d5:5e:5d:c4:0d:39:ca:3f:ae:1b:38
AuthorityKeyId: d5:fc:9e:0d:df:1e:ca:dd:08:97:97:6e:2b:c5:5f:c5:2b:f5:ec:b8

Fingerprint (sha1): 6b:26:62:34:67:e8:c9:ad:e0:2a:bc:ff:f7:ed:cf:83:c0:58:ee:f9
Fingerprint (sha256): 49:99:e1:f8:8c:fa:eb:b0:75:de:8b:09:0e:96:89:d6:1e:b8:2c:11:af:09:e8:ed:aa:0c:d9:4b:77:0c:ff:5c

Issuing Certificate URL: http://pki.goog/repo/certs/gts1p5.der

Revocation information

OCSP Server: http://ocsp.pki.goog/s/gts1p5/_qM7GJuOaSI
CRL Distribution Point: http://crls.pki.goog/gts1p5/ahWVbHAW-fw.crl

Check the revocation status for certificate thenexuscommunity.de

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for thenexuscommunity.de

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

thenexuscommunity.de
*.thenexuscommunity.de

Other certificates including the domain name thenexuscommunity.de

(limited to 100 certificates)
www.eis.playkev.de
n2017.witzepedia.de
*.gutscheinscode.de
presse.thenexuscommunity.de
imjjdk.panolook.de
www.discord.xwaretv.de
*.sukreiskleve.de
wp2.p-s-soft.de
www.schweiz.dstaraustria.at
*.verlaggottwald.de
aste.spdns.org
suop.kevinkoziol.de
ermania.lima-city.net
*.alfaresmarkt.de
www.staging.captain-camper.de
www.penthesilea-foundation.com
www.home.kettwig-net.de
ns1.rotglut.net
git.enjoi-sailing.com
www.podcast.thenexuscommunity.de
www.datenschutz.matthiasnolz.com
glpi.immo-look.ch
kingofdl.fam-gundacker.eu
*.orthuber.net
*.mybusinesscentral.de
*.ilona-kloth.at
www.arianagran.de
wlan.home.schulz-noll.de
thenexuscommunity.de
webapp.hutch79.ch
thenexuscommunity.de
thenexuscommunity.de
www.seopanel.swissparkett.ch
dev.ask-alfred.de
htmailrelay.moinalex.de
www.home.kettwig-net.de
*.landschaftsbau-weyhe.de
*.emiliobezz.de
*.ferienhaeusle.com
development.tjark.pro
pix.kulinautikus.eu
phpmyadmin.2icecube.de
ws.lima-city.info
backup.moinalex.de
*.normankranz.com
generation-europa.global-crafter.eu
*.j-blockbuster.com
satelite.cloudns.cc
server.thenexuscommunity.de
*.dew-kommunal.de
www.properties.dreamestate.pro
vfsynserver2.vidpxxel.de
games.burkinart.de
www.admin.derkleinemog.de
www.nachricht.mylonky.eu
htmailrelay.moinalex.de
*.zaitrus.com
abogaciing.hutch79.ch
*.fahrschule-tolga.de
2015.enjoi-sailing.com
www.sidbrowser.mathesoft.com
www.normal.drjustusadam.de
www.bofh-v6.tk
*.till-guenther.com
hrmorange.thenexuscommunity.de
chat.icekey.org
thenexuscommunity.de
suop.noobi.eu.org
www.shop.thenexuscommunity.de
*.ghb-service.com
rchasem.dt80.net
shop.jaegerhof-schneider.at
ng.peterschlenker.de
www.be-more.de
pop3.lima-city.org
*.recruiter.li
cpcalendars.kevinkoziol.com
passport.hampoelz.net
*.gasthaus-randen.de
accountwww.moin-alex.de
2018.icekey.org
ozttmbdjnxqquq.tjark.pro
www.zimmer.augl-hof.de
www.news.hilberg.info
www.eis.playkev.de
*.ergopraxis-herzing.de
thenexuscommunity.de
www.presse.thenexuscommunity.de
fe.lima-city.net
2015.enjoi-sailing.com
suop.bigpicture.at

Certificate

The complete raw certificate details for thenexuscommunity.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgIRAN/4sLfb8P4EDWtPIYh4ET8wDQYJKoZIhvcNAQELBQAw
RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
TEMxEzARBgNVBAMTCkdUUyBDQSAxUDUwHhcNMjMxMjIwMDQwMzEwWhcNMjQwMzE5
MDQwMzA5WjAfMR0wGwYDVQQDExR0aGVuZXh1c2NvbW11bml0eS5kZTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQbIoK71QvOFilUvFt9R+FDaFhakivB
b0yTgAS+PmA3RIwr+rV8dgFwbto4KkzVmbPlX2smhPA10Za5cBfnvHSF0s/bJvkM
HSTp1ezg0MaKIc6PhQRU075ZN7jjpPPD7rqd3n8kq13G3bnn+5Cs3T6jgaKjPmbU
xE5YDCv06SVy1AVIOkWCQapVUdvYUO3RNXZ/69FkC3fW8xyrBXzhvRwmIYQ1rJoj
xYIOV6TZfxIz0DEkiu9rWBXdVIdCds1KhQZqS9P8vJyg4msMfwkbhcDxEQwt1acQ
EcBjOIsONkytPZN4MwWCSlbLkNuHoRAOcK80SIEfl1X62R52myhVFokCAwEAAaOC
ApMwggKPMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNV
HRMBAf8EAjAAMB0GA1UdDgQWBBT2vPs7c8r1ZrfVXl3EDTnKP64bODAfBgNVHSME
GDAWgBTV/J4N3x7K3QiXl24rxV/FK/XsuDB4BggrBgEFBQcBAQRsMGowNQYIKwYB
BQUHMAGGKWh0dHA6Ly9vY3NwLnBraS5nb29nL3MvZ3RzMXA1L19xTTdHSnVPYVNJ
MDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMxcDUu
ZGVyMDcGA1UdEQQwMC6CFHRoZW5leHVzY29tbXVuaXR5LmRlghYqLnRoZW5leHVz
Y29tbXVuaXR5LmRlMCEGA1UdIAQaMBgwCAYGZ4EMAQIBMAwGCisGAQQB1nkCBQMw
PAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybHMucGtpLmdvb2cvZ3RzMXA1L2Fo
V1ZiSEFXLWZ3LmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AHb/iD8KtvuV
UcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABjIWbOC4AAAQDAEcwRQIhAIW713zY
IfHgnhUscoydmycuHZpzDlcbRd0FEuq05RKIAiBYbZKYuBBfTj78+tU8pwSwBmwb
I4mCeaJLg5VdrKzyFgB2ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQX
AAABjIWbOBMAAAQDAEcwRQIgZEJ4wU16Q0h6oy2aaP7yCT/HlwXFOc4oLOL1/FKn
GDcCIQC5Yeo7Fg2F6nvjojCqJA372MMAsQdqSdanbPV+swUBsTANBgkqhkiG9w0B
AQsFAAOCAQEAqjST2hdUL93v3byEM1wLmu+OeNevWABuLsKbCw8c0LMaaFK8gMah
YCmLZVX8gf86vu6lPdSlHCWdsTOJcTDI58ikjYbgKmq3wEf9E7LRlLYsEqTH4yZc
g9Lor5fZsgyUlJt4/6PcO8Td2C4NHt7pJ9Vm1/nc/S4SOucFqWA0haVnDdz90dkm
UiaPBdwMgTVhaBvhlLXxApOpkBxmEueHbR8rnOBeqZ2/tju4bHjwJ6DNE78Micn2
86w9LiXGewN92qML91l5Nr+hHk7BYpuWOBs4dcYVY9P3wJXPohcXfkSSI6SmN+dd
rd7jYS6TbG+sE7IijA833T9cND/7PLmSIA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBsigrvVC84WKVS8W31H
4UNoWFqSK8FvTJOABL4+YDdEjCv6tXx2AXBu2jgqTNWZs+VfayaE8DXRlrlwF+e8
dIXSz9sm+QwdJOnV7ODQxoohzo+FBFTTvlk3uOOk88Puup3efySrXcbduef7kKzd
PqOBoqM+ZtTETlgMK/TpJXLUBUg6RYJBqlVR29hQ7dE1dn/r0WQLd9bzHKsFfOG9
HCYhhDWsmiPFgg5XpNl/EjPQMSSK72tYFd1Uh0J2zUqFBmpL0/y8nKDiawx/CRuF
wPERDC3VpxARwGM4iw42TK09k3gzBYJKVsuQ24ehEA5wrzRIgR+XVfrZHnabKFUW
iQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 297709116951865418617215591654754881855
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Google Trust Services LLC'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GTS CA 1P5'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-20 04:03:10 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-19 04:03:09 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'thenexuscommunity.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20716462686636587858980177434372068187143618154132795001756637578654701566117199902393414958496139576020127776825401481325762681103660136749585277428006543030686688934635620299104166112656690079037664468438620873515033853338350151206507037440166576727785466447163673471832078379287432454216218373873336088266698718990424418232714036505082776714294539031672100521329769377023595718650096037879563031418620290083351972658277778466304942352257221672289148470704119793089824512484504027167395555046292504911248702152476196318904900271822654443860202475065723062705576476954603497669019455791135647160534732089196591519369
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f6bcfb3b73caf566b7d55e5dc40d39ca3fae1b38
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d5fc9e0ddf1ecadd0897976e2bc55fc52bf5ecb8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (108 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.pki.goog/s/gts1p5/_qM7GJuOaSI'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://pki.goog/repo/certs/gts1p5.der'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (48 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'thenexuscommunity.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.thenexuscommunity.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.5.3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (53 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crls.pki.goog/gts1p5/ahWVbHAW-fw.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f000760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018c859b382e000004030047304502210085bbd77cd821f1e09e152c728c9d9b272e1d9a730e571b45dd0512eab4e512880220586d9298b8105f4e3efcfad53ca704b0066c1b23898279a24b83955dacacf2160076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018c859b381300000403004730450220644278c14d7a43487aa32d9a68fef2093fc79705c539ce282ce2f5fc52a71837022100b961ea3b160d85ea7be3a230aa240dfbd8c300b1076a49d6a76cf57eb30501b1
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00aa3493da17542fddefddbc84335c0b9aef8e78d7af58006e2ec29b0b0f1cd0b31a6852bc80c6a160298b6555fc81ff3abeeea53dd4a51c259db133897130c8e7c8a48d86e02a6ab7c047fd13b2d194b62c12a4c7e3265c83d2e8af97d9b20c94949b78ffa3dc3bc4ddd82e0d1edee927d566d7f9dcfd2e123ae705a9603485a5670ddcfdd1d92652268f05dc0c813561681be194b5f10293a9901c6612e7876d1f2b9ce05ea99dbfb63bb86c78f027a0cd13bf0c89c9f6f3ac3d2e25c67b037ddaa30bf7597936bfa11e4ec1629b96381b3875c61563d3f7c095cfa217177e449223a4a637e75daddee3612e936c6fac13b2228c0f37dd3f5c343ffb3cb99220