*.rights.tokyo

Issued by Sectigo RSA Domain Validation Secure Server CA

About this certificate

This digital certificate with serial number 0b:0c:b6:11:7f:8f:f8:9e:96:5c:fe:21:03:3b:f5:10 was issued on by Sectigo Limited.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=*.rights.tokyo

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate will expire on

Certificate Details

Serial Number (hex): 0b:0c:b6:11:7f:8f:f8:9e:96:5c:fe:21:03:3b:f5:10
Serial Number (int): 14687508300841766591818986348456178960
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: e8:b0:ee:e1:6a:8e:a3:0f:b5:d8:70:46:aa:56:81:9e:15:52:e7:30
AuthorityKeyId: 8d:8c:5e:c4:54:ad:8a:e1:77:e9:9b:f9:9b:05:e1:b8:01:8d:61:e1

Fingerprint (sha1): 04:07:ae:c4:73:75:13:ae:b3:55:b1:40:aa:1d:1d:09:03:5b:bc:9f
Fingerprint (sha256): 4f:6e:dc:29:0d:48:b5:e4:98:d0:b1:0d:41:92:2a:1c:4a:d7:56:4a:29:42:43:69:fc:b4:b0:cf:3b:02:dd:67

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com

Check the revocation status for certificate *.rights.tokyo

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.rights.tokyo

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.rights.tokyo
rights.tokyo

Other certificates including the domain name rights.tokyo

(limited to 100 certificates)
status.palmerdonavin.com
www.rights.tokyo
healthstatus.clinicmaster.com
status.dutchmillerauto.com
healthstatus.clinicmaster.com
www.rights.tokyo
status.cofh.org
healthstatus.clinicmaster.com
healthstatus.clinicmaster.com
feeds-status.backatyou.com
gitlab.rights.tokyo
site-status.motor.com
status.rights.tokyo
status-salus-eu.uleeco.com
status.palmerdonavin.com
status.bairdwarner.com
healthstatus.clinicmaster.com
merchantstatus.paysafecard.com
healthstatus.clinicmaster.com
status.iknowchurch.co.uk
status.bairdwarner.com
capo.rights.tokyo
merchantstatus.paysafecard.com
service.rights.tokyo
feeds-status.backatyou.com
systemstatus.rrc.ca
wobily.noc.cloudi.cloud
merchantstatus.paysafecard.com
gitlab.rights.tokyo
status.internal.clear.co
status.clear.co
capo.rights.tokyo
merchantstatus.paysafecard.com
status.myfundingchoices.com
status.mojeek.com
www.rights.tokyo
dev-status.uleeco.com
status.dornerworks.com
status.cofh.org
wobily.noc.cloudi.cloud
site-status.motor.com
merchantstatus.paysafecard.com
systemstatus.rrc.ca
status.myfundingchoices.com
status.mojeek.com
www.rights.tokyo
status.clear.co
merchantstatus.paysafecard.com
status.rights.tokyo
merchantstatus.paysafecard.com
healthstatus.clinicmaster.com
status.iknowchurch.co.uk
feeds-status.backatyou.com
*.rights.tokyo
status.dornerworks.com
status-salus-eu.uleeco.com
merchantstatus.paysafecard.com
wobily.noc.cloudi.cloud
www.rights.tokyo
www.rights.tokyo
netops.townofdewitt.com
healthstatus.clinicmaster.com
healthstatus.clinicmaster.com
merchantstatus.paysafecard.com
status.internal.clear.co
status.cofh.org
status.wellbeats.com
www.rights.tokyo
merchantstatus.paysafecard.com
wobily.noc.cloudi.cloud
*.rights.tokyo
capo.rights.tokyo
merchantstatus.paysafecard.com
www.rights.tokyo
status.internal.clear.co
status-salus-eu.uleeco.com
status.mojeek.com
merchantstatus.paysafecard.com
merchantstatus.paysafecard.com
www.rights.tokyo
support.rights.tokyo
status.clear.co
status.myfundingchoices.com
www.rights.tokyo
capo.rights.tokyo
merchantstatus.paysafecard.com
monitoring.dict.com.na
healthstatus.clinicmaster.com
capo.rights.tokyo
healthstatus.clinicmaster.com
wobily.noc.cloudi.cloud
status.mojeek.com
systemstatus.rrc.ca
status-salus-eu.uleeco.com
status.dutchmillerauto.com
www.rights.tokyo
merchantstatus.paysafecard.com
service.rights.tokyo
status.myfundingchoices.com
healthstatus.clinicmaster.com

Certificate

The complete raw certificate details for *.rights.tokyo in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGMjCCBRqgAwIBAgIQCwy2EX+P+J6WXP4hAzv1EDANBgkqhkiG9w0BAQsFADCB
jzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD
Ey5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB
MB4XDTIzMDcyMjAwMDAwMFoXDTI0MDgyMDIzNTk1OVowGTEXMBUGA1UEAwwOKi5y
aWdodHMudG9reW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDt4r+n
q2on3OwyXK49mYoQ7aJfbjhifoVnr32KVqn+orYXmp1jQwYyi+lCcgrCeB4pxyqD
pn81nyqqnUQLVXF9n0yIlfXc+oGTKOkfOBHeNC3qgbynpjq4GjdGKam2LSbpa1SE
tp6r64t0JKMtQQsUkSNMJ12HaWrMPi2w+H1egsKJRAoIo+QzS2DNIfbCeJMftoIy
WIckYDTkLypVclqotU+wEz7p6sLriRvntvwHmi1zNRNlEA48wo4MdghQ8aZ0xSVy
lzxnirSUqdaCCyWCj5ztjGChrEaVY6tlSqZJwzqHS5+0r5LoJ21s2Y+3Z/GFD6p8
IB7c4u6gzVUHjbhtAgMBAAGjggL9MIIC+TAfBgNVHSMEGDAWgBSNjF7EVK2K4Xfp
m/mbBeG4AY1h4TAdBgNVHQ4EFgQU6LDu4WqOow+12HBGqlaBnhVS5zAwDgYDVR0P
AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcCARYX
aHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcBAQR4
MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JT
QURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUHMAGG
F2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMCcGA1UdEQQgMB6CDioucmlnaHRzLnRv
a3lvggxyaWdodHMudG9reW8wggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AHb/
iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABiX2inBgAAAQDAEcwRQIh
ALWPaV6Xs1L0QM4ByHETOCeDuu3PS+YqK+UiqNRSk0hAAiBK5RnQcz8zJG0Zar2m
9izNm7X/vqURiVBiEPL2Mul+fgB2ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2k
PTBI1/urAAABiX2inG0AAAQDAEcwRQIgLc/WtMzIXAWuB4gFdu18yKyAp5irVcr7
nw2jlfiRLqsCIQCMKxsUPYQ9oc3ntkRLnwC1avv4LF/9kMQ6MlR+NcZfNgB1AO7N
0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABiX2inJYAAAQDAEYwRAIg
MM1f9fPFDWoWFCGKwOKGgLOfNeof0oSokMfk3FpenbYCIHKU+X1WQjuIhTQ1y/Ct
rE27+nVhJq6e6wETe7tMQ+EJMA0GCSqGSIb3DQEBCwUAA4IBAQC0NGSk5FkSHxi5
Hxf3vAiAMpSsBPWhJJi+9R2ENfUgR+IxGaqZiOh82nNOwyWqU/r/XE3HP9jgrzUf
lLTMMgdIOoEeWvjC1K7lC5CGVXzaK9Tec5oHRTqP3uNDclWPsuWv0FNiCJrqwQfH
lKJSK1j11yAzdaIuoSiztjj1HHpPgvL7Ck7QKy7LyQvGTL6oCe/S0pEHThxe0TMf
vtW9fhrCjgcU/YaFoGfRyl8sA1mYad1c12DLyDg21IN4U9q/zKCZ0pmKa6wDSrx6
xHmDyj3pyQX6TXZawKOKlLdedv/7WZuIEDL6FrQg9fCwxqmlM/nqkDu/DJm2OUKH
fWzlRL2q
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7eK/p6tqJ9zsMlyuPZmK
EO2iX244Yn6FZ699ilap/qK2F5qdY0MGMovpQnIKwngeKccqg6Z/NZ8qqp1EC1Vx
fZ9MiJX13PqBkyjpHzgR3jQt6oG8p6Y6uBo3Rimpti0m6WtUhLaeq+uLdCSjLUEL
FJEjTCddh2lqzD4tsPh9XoLCiUQKCKPkM0tgzSH2wniTH7aCMliHJGA05C8qVXJa
qLVPsBM+6erC64kb57b8B5otczUTZRAOPMKODHYIUPGmdMUlcpc8Z4q0lKnWggsl
go+c7YxgoaxGlWOrZUqmScM6h0uftK+S6CdtbNmPt2fxhQ+qfCAe3OLuoM1VB424
bQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 14687508300841766591818986348456178960
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Domain Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-07-22 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-08-20 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.rights.tokyo'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30030292204710417465155944163594600277421256717714339382376054530673489950969875626241522143715806550188699037834239937210496508897934437882692715418421576632724897029692310983392601100342977534126948759211861634144318586003491346193523541118036376852941472026181191909840274265252805617101990132118859916945804183258433317300990156314184611918006344628192407535297008939607352878767662817661585264641947787024200129546339178102667869863265185674314569053062605521642653897125223525114453329827284528809233181470592377638994335807523809356565406459000070998309571522316216873605181952116372185156716254092643458201709
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 8d8c5ec454ad8ae177e99bf99b05e1b8018d61e1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e8b0eee16a8ea30fb5d87046aa56819e1552e730
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (120 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.rights.tokyo'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rights.tokyo'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							016700760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a74000001897da29c180000040300473045022100b58f695e97b352f440ce01c87113382783baedcf4be62a2be522a8d45293484002204ae519d0733f33246d196abda6f62ccd9bb5ffbea51189506210f2f632e97e7e007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab000001897da29c6d000004030047304502202dcfd6b4ccc85c05ae07880576ed7cc8ac80a798ab55cafb9f0da395f8912eab0221008c2b1b143d843da1cde7b6444b9f00b56afbf82c5ffd90c43a32547e35c65f36007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b000001897da29c960000040300463044022030cd5ff5f3c50d6a1614218ac0e28680b39f35ea1fd284a890c7e4dc5a5e9db602207294f97d56423b88853435cbf0adac4dbbfa756126ae9eeb01137bbb4c43e109
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b43464a4e459121f18b91f17f7bc08803294ac04f5a12498bef51d8435f52047e23119aa9988e87cda734ec325aa53faff5c4dc73fd8e0af351f94b4cc3207483a811e5af8c2d4aee50b9086557cda2bd4de739a07453a8fdee34372558fb2e5afd05362089aeac107c794a2522b58f5d7203375a22ea128b3b638f51c7a4f82f2fb0a4ed02b2ecbc90bc64cbea809efd2d291074e1c5ed1331fbed5bd7e1ac28e0714fd8685a067d1ca5f2c03599869dd5cd760cbc83836d4837853dabfcca099d2998a6bac034abc7ac47983ca3de9c905fa4d765ac0a38a94b75e76fffb599b881032fa16b420f5f0b0c6a9a533f9ea903bbf0c99b63942877d6ce544bdaa