storefront.datacenter-migros.ch

Issued by R3

About this certificate

This digital certificate with serial number 04:53:92:c0:26:0d:fd:83:d1:8a:a3:04:4f:1f:59:0a:d7:f9 was issued on by Let's Encrypt.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=storefront.datacenter-migros.ch

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:53:92:c0:26:0d:fd:83:d1:8a:a3:04:4f:1f:59:0a:d7:f9
Serial Number (int): 376887645161700305576052398633236340332537
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 86:07:a9:a1:ac:9c:f7:58:c2:65:b2:57:40:d9:5d:55:2d:0a:ba:8e
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): e3:2c:c7:b2:44:c8:00:07:70:67:73:38:0e:45:79:ef:2b:b7:2c:40
Fingerprint (sha256): 4f:f9:87:37:c1:f9:2a:f9:dd:f8:79:0d:ea:0d:e5:28:23:04:99:fd:37:d6:56:f9:dd:e3:5d:c6:e9:c6:1f:9f

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate storefront.datacenter-migros.ch

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for storefront.datacenter-migros.ch

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

storefront.datacenter-migros.ch

Other certificates including the domain name datacenter-migros.ch

(limited to 100 certificates)
vnexs02a.datacenter-migros.ch
gmaa-adfs.datacenter-migros.ch
lb.mrd-adfs.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
lb.mrd-adfs.datacenter-migros.ch
lb.mrd-adfs.datacenter-migros.ch
ewfki-wf.datacenter-migros.ch
ewfki-wf-t.datacenter-migros.ch
lyncaccess.datacenter-migros.ch
lyncaccess.datacenter-migros.ch
ewfki-kont-t.datacenter-migros.ch
adeon-gmzh-t.datacenter-migros.ch
adeon-gmos-t.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
adeon-gmos.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
adeon-gmos-t.datacenter-migros.ch
*.datacenter-migros.ch
adeon-gmos-t.datacenter-migros.ch
ctxdirector.datacenter-migros.ch
vnexs03a.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
mail1b.datacenter-migros.ch
vnexs04a.datacenter-migros.ch
ewfki-kont-t.datacenter-migros.ch
sts.datacenter-migros.ch
adeon-gmos.datacenter-migros.ch
vnexs02a.datacenter-migros.ch
gmlu-adfs.datacenter-migros.ch
ewfki-wf.datacenter-migros.ch
mail.datacenter-migros.ch
adeon-gmzh-t.datacenter-migros.ch
vnexs04a.datacenter-migros.ch
adeon-gmos-t.datacenter-migros.ch
ctxdirector.datacenter-migros.ch
ewfki-wf-t.datacenter-migros.ch
outlook.migroszh.ch
adeon-gmos.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
ewfki-wf-t.datacenter-migros.ch
identityserver.datacenter-migros.ch
ewfki-wf.datacenter-migros.ch
*.datacenter-migros.ch
sts-s.datacenter-migros.ch
vpn.gmaare.migros.ch
vpn.migrosaare.migros.ch
adeon-gmzh-t.datacenter-migros.ch
*.datacenter-migros.ch
vpn.gmaare.migros.ch
adeon-gmos-t.datacenter-migros.ch
citrix.migroszh.ch
lb.mrd-adfs.datacenter-migros.ch
mail1b.datacenter-migros.ch
sts.datacenter-migros.ch
adeon-gmzh-t.datacenter-migros.ch
ewfki-kont-t.datacenter-migros.ch
lyncaccess.datacenter-migros.ch
netpulse.datacenter-migros.ch
ctxdirector.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
ewfki-wf-t.datacenter-migros.ch
sts.datacenter-migros.ch
*.datacenter-migros.ch
mail.datacenter-migros.ch
citrix.migroszh.ch
vnexs01a.datacenter-migros.ch
lyncaccess.datacenter-migros.ch
mail1b.datacenter-migros.ch
adeon-gmos-t.datacenter-migros.ch
citrix.migroszh.ch
adeon-gmzh.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
sts-s.datacenter-migros.ch
vnexs01a.datacenter-migros.ch
ctxdirector.datacenter-migros.ch
adeon-gmzh-t.datacenter-migros.ch
lyncaccess.datacenter-migros.ch
ba-bern.tac-gateway-servers.datacenter-migros.ch
identityserver.datacenter-migros.ch
storefront.datacenter-migros.ch
lb.mrd-adfs.datacenter-migros.ch
adeon-gmzh.datacenter-migros.ch
*.datacenter-migros.ch
*.datacenter-migros.ch
vsrpa02.datacenter-migros.ch
sts-s.datacenter-migros.ch
adeon-gmzh-t.datacenter-migros.ch
adeon-gmos.datacenter-migros.ch
sts-t.datacenter-migros.ch
ewfki-kont.datacenter-migros.ch
mail.datacenter-migros.ch
mail.datacenter-migros.ch
mail1b.datacenter-migros.ch
mail.datacenter-migros.ch
ctxdirector.datacenter-migros.ch
szc.migroszh.ch
revcap.datacenter-migros.ch
p45.migros.ch
mail.datacenter-migros.ch
adeon-gmzh-t.datacenter-migros.ch

Certificate

The complete raw certificate details for storefront.datacenter-migros.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISBFOSwCYN/YPRiqMETx9ZCtf5MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjEwMTgxNTM4NTFaFw0yMzAxMTYxNTM4NTBaMCoxKDAmBgNVBAMT
H3N0b3JlZnJvbnQuZGF0YWNlbnRlci1taWdyb3MuY2gwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDou82heB77YCphdjaAlYo1WktpCUFQjgy3X/J58zhN
Vmiu63g2TeaCLYR74YYZ/V04vlAc68Nxk2X5OI65wGadoQgUrUIADKLOEVHv/bnt
Q6vpk+3J3efXuZGEW2p9IzlPxKoF4OVor/zhg27nU0ZxOsSfucRDcOnOar/5O08q
bY6PfRdr7jO9ohMgOJUpipUHSrPtlSRUseT6sRjvNXZuuzQ7KFk8jgv3G90RwBWR
cy20w7h8blIdvJsZXfzJOEPlrvS838YXP4trSOkvnks6uAJr0bgFQjeRb5kmEwXw
pXfgeMbOSmyefbsf1qgWdITWsz+HO51wydUcR1N+Ne8ZAgMBAAGjggJbMIICVzAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFIYHqaGsnPdYwmWyV0DZXVUtCrqOMB8GA1Ud
IwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggr
BgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRw
Oi8vcjMuaS5sZW5jci5vcmcvMCoGA1UdEQQjMCGCH3N0b3JlZnJvbnQuZGF0YWNl
bnRlci1taWdyb3MuY2gwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMB
AQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEF
BgorBgEEAdZ5AgQCBIH2BIHzAPEAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSe
HQmBJe20mQAAAYPr9k7FAAAEAwBHMEUCICfPSmXENvhLAcsapU/dEbXzeLbVpl7z
cb+qUeazx+mPAiEAi975uOPtQ9qvLGp5RZqXSdNPEFkwydxLb0hHlHsBR9YAdwB6
MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYPr9k7hAAAEAwBIMEYC
IQDk7YqjhIeXOkdYLz2JC0bOggJT4yaRqsu5IuRqJCS+/QIhAMnShp+YxeqPSBfp
ldR0Hd6TeqLTXJ6aBphJ49BWqXBhMA0GCSqGSIb3DQEBCwUAA4IBAQAxJfqUcucL
5xHldb7B5kjUDX5hq0mtVMjATS95pLxyajPSc3gyeVxPUMAhnIfuZ1YUlTFJ3lj5
DLN97HoUerhS6iFHAowkV19Rj4RhI9OYzKKdSJTffbD5NkR/rm0tIpPQooHGeksD
gPpACYOZn8zeG6W7IHblnNYfhbDMg81Pb9mXEiLzSn+q/tZ7OplSqdnxtz4UK8UU
6wOn15JdSxbru17SpZO285LTI9kauhGmsdIiGhw7HJtfZF/wn5uSQ8Ka/jiIa6od
Ss7JHM488yKyAg9ouFqrFlqp+vM10Q8Z8WD4MYXHxTTYuymA6P0Ck+wuZHVff0l5
SxyQE3ryrYsj
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6LvNoXge+2AqYXY2gJWK
NVpLaQlBUI4Mt1/yefM4TVZorut4Nk3mgi2Ee+GGGf1dOL5QHOvDcZNl+TiOucBm
naEIFK1CAAyizhFR7/257UOr6ZPtyd3n17mRhFtqfSM5T8SqBeDlaK/84YNu51NG
cTrEn7nEQ3Dpzmq/+TtPKm2Oj30Xa+4zvaITIDiVKYqVB0qz7ZUkVLHk+rEY7zV2
brs0OyhZPI4L9xvdEcAVkXMttMO4fG5SHbybGV38yThD5a70vN/GFz+La0jpL55L
OrgCa9G4BUI3kW+ZJhMF8KV34HjGzkpsnn27H9aoFnSE1rM/hzudcMnVHEdTfjXv
GQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 376887645161700305576052398633236340332537
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-10-18 15:38:51 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-16 15:38:50 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'storefront.datacenter-migros.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29379895983865324230143924199660476413059514335588071402034577168966294355933678067979070468510538636560767199900877544763265551748210395904110688173245098916603399034191344898176763538731901434524525166048865463838872042976004121409438771783843452415003123671996370366014046827775469634603870763417524975684118330560608261258030296114518135407430464660501623061252654914089596150372103423539483768260135117374406898123106411111168684737998201280418658468335075420763081460603273473900143256174761640171924940417236097057001831126111592383360453187123728884235605281939169189479241792548989776332954536202871378407193
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8607a9a1ac9cf758c265b25740d95d552d0aba8e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (35 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'storefront.datacenter-migros.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f1007600b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb49900000183ebf64ec50000040300473045022027cf4a65c436f84b01cb1aa54fdd11b5f378b6d5a65ef371bfaa51e6b3c7e98f0221008bdef9b8e3ed43daaf2c6a79459a9749d34f105930c9dc4b6f4847947b0147d60077007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb5200000183ebf64ee10000040300483046022100e4ed8aa38487973a47582f3d890b46ce820253e32691aacbb922e46a2424befd022100c9d2869f98c5ea8f4817e995d4741dde937aa2d35c9e9a069849e3d056a97061
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003125fa9472e70be711e575bec1e648d40d7e61ab49ad54c8c04d2f79a4bc726a33d2737832795c4f50c0219c87ee675614953149de58f90cb37dec7a147ab852ea2147028c24575f518f846123d398cca29d4894df7db0f936447fae6d2d2293d0a281c67a4b0380fa400983999fccde1ba5bb2076e59cd61f85b0cc83cd4f6fd9971222f34a7faafed67b3a9952a9d9f1b73e142bc514eb03a7d7925d4b16ebbb5ed2a593b6f392d323d91aba11a6b1d2221a1c3b1c9b5f645ff09f9b9243c29afe38886baa1d4acec91cce3cf322b2020f68b85aab165aa9faf335d10f19f160f83185c7c534d8bb2980e8fd0293ec2e64755f7f49794b1c90137af2ad8b23