www.nbcsportsathletedirect.com

Issued by Amazon RSA 2048 M01

About this certificate

This digital certificate with serial number 0e:c2:38:a0:64:1d:f7:e1:d8:00:95:8c:50:46:46:ac was issued on by Amazon.

With 30 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=www.nbcsportsathletedirect.com

Amazon

Organization: Amazon
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0e:c2:38:a0:64:1d:f7:e1:d8:00:95:8c:50:46:46:ac
Serial Number (int): 19617646053973115977932592392526251692
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 17:cc:87:57:bf:59:0b:04:bb:27:b1:6e:58:a8:18:e0:51:9a:96:c5
AuthorityKeyId: 81:b8:0e:63:8a:89:12:18:e5:fa:3b:3b:50:95:9f:e6:e5:90:13:85

Fingerprint (sha1): a2:c2:c9:2a:ae:f4:56:1f:19:41:0a:7c:3a:40:29:46:a6:01:8f:0c
Fingerprint (sha256): 4f:1f:15:11:44:78:f8:44:c0:a3:76:4f:e0:3c:44:4c:24:47:82:2f:41:29:cc:43:e8:0b:41:d4:44:a5:f5:a5

Issuing Certificate URL: http://crt.r2m01.amazontrust.com/r2m01.cer

Revocation information

OCSP Server: http://ocsp.r2m01.amazontrust.com
CRL Distribution Point: http://crl.r2m01.amazontrust.com/r2m01.crl

Check the revocation status for certificate www.nbcsportsathletedirect.com

30

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.nbcsportsathletedirect.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.nbcsportsathletedirect.com
nbcathletesdirect.net
nbcathletedirect.net
www.nbcsportsathletedirect.net
nbcsportnil.net
athletedirect.production.nbc-sports.brightspot.cloud
nbcsportathletesdirect.com
cms.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportathletedirect.net
nbcsportsathletedirect.net
static.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportsnil.com
nbcsportsad.net
nbcsad.brightspotcdn.com
*.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportad.net
brightspot.nbcsportsathletedirect.com
nbcathletesdirect.com
nbcathletedirect.com
nbcsportnil.com
nbcsportathletedirect.com
nbcsportsathletedirect.com
nbcsportad.com
verify.cms.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportathletesdirect.net
origin.athletedirect.production.nbc-sports.brightspot.cloud
verify.origin.athletedirect.production.nbc-sports.brightspot.cloud
*.origin.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportsnil.net
nbcsportsad.com

Other certificates including the domain name nbcsportsathletedirect.com

(limited to 100 certificates)
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
origin.athletedirect.production.nbc-sports.brightspot.cloud
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com

Certificate

The complete raw certificate details for www.nbcsportsathletedirect.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIUDCCBzigAwIBAgIQDsI4oGQd9+HYAJWMUEZGrDANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDIyMTAwMDAwMFoXDTIzMDQyODIzNTk1OVowKTEn
MCUGA1UEAxMed3d3Lm5iY3Nwb3J0c2F0aGxldGVkaXJlY3QuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWSHHFnbIjf2Wi4Z0m5LszjNmo8U6QEz
yS42AMKPdt+46SpS/fDfXvWbDbv+4ghKPZrMy5ITc8by7dW61jHLdOy3FXv2zHOp
6LWwnIcbMOoh+1zXh175Kv3FlmwDdPrWVRkXokUTlTW29xHVsXJ3hPmW/E+Y2tk9
McXY97q1IIbkhl7WfhFqzavV4ivYJzz+zguk3Y4xuEDzRJ/FbcHcckeu6pWw4m5H
oO1bDhOhjEUPdD32T4yB6NoyHL6x4/0poaJaPjiZtgnJwjH37GdWSmIEXbIwuSf6
Lwnqq86fZQ+w7TYBEPnPpYbaPnDi7rQEh/0TiSZtEdFa4nbHNvt1hwIDAQABo4IF
XzCCBVswHwYDVR0jBBgwFoAUgbgOY4qJEhjl+js7UJWf5uWQE4UwHQYDVR0OBBYE
FBfMh1e/WQsEuyexblioGOBRmpbFMIID/AYDVR0RBIID8zCCA++CHnd3dy5uYmNz
cG9ydHNhdGhsZXRlZGlyZWN0LmNvbYIVbmJjYXRobGV0ZXNkaXJlY3QubmV0ghRu
YmNhdGhsZXRlZGlyZWN0Lm5ldIIed3d3Lm5iY3Nwb3J0c2F0aGxldGVkaXJlY3Qu
bmV0gg9uYmNzcG9ydG5pbC5uZXSCNGF0aGxldGVkaXJlY3QucHJvZHVjdGlvbi5u
YmMtc3BvcnRzLmJyaWdodHNwb3QuY2xvdWSCGm5iY3Nwb3J0YXRobGV0ZXNkaXJl
Y3QuY29tgjhjbXMuYXRobGV0ZWRpcmVjdC5wcm9kdWN0aW9uLm5iYy1zcG9ydHMu
YnJpZ2h0c3BvdC5jbG91ZIIZbmJjc3BvcnRhdGhsZXRlZGlyZWN0Lm5ldIIabmJj
c3BvcnRzYXRobGV0ZWRpcmVjdC5uZXSCO3N0YXRpYy5hdGhsZXRlZGlyZWN0LnBy
b2R1Y3Rpb24ubmJjLXNwb3J0cy5icmlnaHRzcG90LmNsb3VkghBuYmNzcG9ydHNu
aWwuY29tgg9uYmNzcG9ydHNhZC5uZXSCGG5iY3NhZC5icmlnaHRzcG90Y2RuLmNv
bYI2Ki5hdGhsZXRlZGlyZWN0LnByb2R1Y3Rpb24ubmJjLXNwb3J0cy5icmlnaHRz
cG90LmNsb3Vkgg5uYmNzcG9ydGFkLm5ldIIlYnJpZ2h0c3BvdC5uYmNzcG9ydHNh
dGhsZXRlZGlyZWN0LmNvbYIVbmJjYXRobGV0ZXNkaXJlY3QuY29tghRuYmNhdGhs
ZXRlZGlyZWN0LmNvbYIPbmJjc3BvcnRuaWwuY29tghluYmNzcG9ydGF0aGxldGVk
aXJlY3QuY29tghpuYmNzcG9ydHNhdGhsZXRlZGlyZWN0LmNvbYIObmJjc3BvcnRh
ZC5jb22CP3ZlcmlmeS5jbXMuYXRobGV0ZWRpcmVjdC5wcm9kdWN0aW9uLm5iYy1z
cG9ydHMuYnJpZ2h0c3BvdC5jbG91ZIIabmJjc3BvcnRhdGhsZXRlc2RpcmVjdC5u
ZXSCO29yaWdpbi5hdGhsZXRlZGlyZWN0LnByb2R1Y3Rpb24ubmJjLXNwb3J0cy5i
cmlnaHRzcG90LmNsb3VkgkJ2ZXJpZnkub3JpZ2luLmF0aGxldGVkaXJlY3QucHJv
ZHVjdGlvbi5uYmMtc3BvcnRzLmJyaWdodHNwb3QuY2xvdWSCPSoub3JpZ2luLmF0
aGxldGVkaXJlY3QucHJvZHVjdGlvbi5uYmMtc3BvcnRzLmJyaWdodHNwb3QuY2xv
dWSCEG5iY3Nwb3J0c25pbC5uZXSCD25iY3Nwb3J0c2FkLmNvbTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIw
MKAuoCyGKmh0dHA6Ly9jcmwucjJtMDEuYW1hem9udHJ1c3QuY29tL3IybTAxLmNy
bDATBgNVHSAEDDAKMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUH
MAGGIWh0dHA6Ly9vY3NwLnIybTAxLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcw
AoYqaHR0cDovL2NydC5yMm0wMS5hbWF6b250cnVzdC5jb20vcjJtMDEuY2VyMAwG
A1UdEwEB/wQCMAAwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQAD
ggEBACTCSrAutbes1bk2+Wx7NW/lmz015E0chgd8Cv+Z/qf/YF4KCF0t8Er9rVJO
/UY1m+VW/TQ4VFs5l839rqOY3D4HKLSNNsUmqIrFxO6/Yk3kM2baEFidCQQcncRf
JNdzs1PE+6rUtXGlzNZPvjuDjiCEjMSWzX6ymKwJ4X4uMMM/zyYERT8QN9zR0MK2
lrGHcoq1uSahbp0T+ORQbdVEiEYxIRyvn39NAAs5b4iNMG9tGTr634byEfcJ9GQu
RFA8cc+6NVPa+/cdMr2L1hLzzpLDZcIATybT7eFQm9Z9dV8UdO6pql5giqP4JkrU
7Zz+SOBCdo7UEURzaK8HQVI2W4g=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWSHHFnbIjf2Wi4Z0m5L
szjNmo8U6QEzyS42AMKPdt+46SpS/fDfXvWbDbv+4ghKPZrMy5ITc8by7dW61jHL
dOy3FXv2zHOp6LWwnIcbMOoh+1zXh175Kv3FlmwDdPrWVRkXokUTlTW29xHVsXJ3
hPmW/E+Y2tk9McXY97q1IIbkhl7WfhFqzavV4ivYJzz+zguk3Y4xuEDzRJ/FbcHc
ckeu6pWw4m5HoO1bDhOhjEUPdD32T4yB6NoyHL6x4/0poaJaPjiZtgnJwjH37GdW
SmIEXbIwuSf6Lwnqq86fZQ+w7TYBEPnPpYbaPnDi7rQEh/0TiSZtEdFa4nbHNvt1
hwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 19617646053973115977932592392526251692
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M01'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-02-21 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-04-28 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.nbcsportsathletedirect.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23908611732681464156117234660610133120813955265157192272613824446088188756429772035765717928420518608856558954773800638081265619587048584189996250250205434850460832879732212011202976129873938523493071457195349869455221857266040957256692837124044025807593497085806176091515781305595991976888660494808098811091405781163186262172032631494127858571189668989799203150112343312048803341921611652477587934716977047157156186878183419994988156764289121272476327767855609157992137663938412306446818870510031390629337433211409030164286358015661081242323347199012130013142815991387443524858344372409480258777045132950380136330631
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 81b80e638a891218e5fa3b3b50959fe6e5901385
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							17cc8757bf590b04bb27b16e58a818e0519a96c5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1011 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.nbcsportsathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcathletesdirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcathletedirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.nbcsportsathletedirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportnil.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportathletesdirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cms.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportathletedirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsathletedirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'static.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsnil.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsad.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsad.brightspotcdn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportad.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'brightspot.nbcsportsathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcathletesdirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportnil.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportad.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'verify.cms.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportathletesdirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'origin.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'verify.origin.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.origin.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsnil.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsad.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m01.amazontrust.com/r2m01.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m01.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m01.amazontrust.com/r2m01.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0024c24ab02eb5b7acd5b936f96c7b356fe59b3d35e44d1c86077c0aff99fea7ff605e0a085d2df04afdad524efd46359be556fd3438545b3997cdfdaea398dc3e0728b48d36c526a88ac5c4eebf624de43366da10589d09041c9dc45f24d773b353c4fbaad4b571a5ccd64fbe3b838e20848cc496cd7eb298ac09e17e2e30c33fcf2604453f1037dcd1d0c2b696b187728ab5b926a16e9d13f8e4506dd544884631211caf9f7f4d000b396f888d306f6d193afadf86f211f709f4642e44503c71cfba3553dafbf71d32bd8bd612f3ce92c365c2004f26d3ede1509bd67d755f1474eea9aa5e608aa3f8264ad4ed9cfe48e042768ed411447368af074152365b88