greatlakesbeacon.org

Issued by Starfield Secure Certificate Authority - G2

About this certificate

This digital certificate with serial number 76:b2:0b:26:b6:4e:cb:db was issued on by Starfield Technologies, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=greatlakesbeacon.org

Starfield Technologies, Inc.

Organization: Starfield Technologies, Inc.
Organization unit: http://certs.starfieldtech.com/repository/
State / Province: Arizona
Locality: Scottsdale
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 76:b2:0b:26:b6:4e:cb:db
Serial Number (int): 8552910903225273307
Serial Number lenght: 63 bits, 8 octets

SubjectKeyId: 52:6f:f0:59:70:04:d7:e3:9e:7d:2a:d9:30:a9:0b:84:a7:c2:e0:07
AuthorityKeyId: 25:45:81:68:50:26:38:3d:3b:2d:2c:be:cd:6a:d9:b6:3d:b3:66:63

Fingerprint (sha1): 62:ff:47:3a:1a:3e:c7:80:33:f5:43:96:b0:f3:be:26:59:9e:4f:5c
Fingerprint (sha256): 51:e6:de:50:ad:ff:df:37:24:fd:a4:56:c5:51:07:d9:c9:f8:5e:34:cf:d5:fd:8d:6e:d8:91:5c:20:a2:2c:d2

Issuing Certificate URL: http://certificates.starfieldtech.com/repository/sfig2.crt

Revocation information

OCSP Server: http://ocsp.starfieldtech.com/
CRL Distribution Point: http://crl.starfieldtech.com/sfig2s1-713.crl

Check the revocation status for certificate greatlakesbeacon.org

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for greatlakesbeacon.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

greatlakesbeacon.org
www.greatlakesbeacon.org

Other certificates including the domain name greatlakesbeacon.org

(limited to 100 certificates)
greatlakesbeacon.org
webmail.progressmichigan.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org
greatlakesbeacon.org

Certificate

The complete raw certificate details for greatlakesbeacon.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG0jCCBbqgAwIBAgIIdrILJrZOy9swDQYJKoZIhvcNAQELBQAwgcYxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUw
IwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTMwMQYDVQQLEypo
dHRwOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8xNDAyBgNV
BAMTK1N0YXJmaWVsZCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIw
HhcNMjQwNTE5MjMyMTE1WhcNMjUwNTE5MjMyMTE1WjAfMR0wGwYDVQQDExRncmVh
dGxha2VzYmVhY29uLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKAL6Rle5AAX92b1yeC96lp6e3p74QgStHoSXcbWOk8uH2THo+voo5dMse0kYW41
6Ll7kAKeMT4LolqSvB092jA11ad7e2ySwCz24SnHf5SV7b3czlEJEak5Jb+hrF0O
vlk67VVzOTlY47AjujRCpsfJeOnjuu2daasDMODWyc0ozLiYn4xjIoNhYJlyymF5
qYwoOr/9DRRIyD4W6IowezyJLBAAEMmFbmQUhviOZIdexYzqt/9chFeq7JKIRO2D
LQrXIy4Ypvfi1w2HPBK1XDloaPXXA9KszCtfgoRarzn847I8Z+F94qliFPFU3sZx
LoFkLVBumekEoG5yolAZ+RMCAwEAAaOCA2gwggNkMAwGA1UdEwEB/wQCMAAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDA9BgNV
HR8ENjA0MDKgMKAuhixodHRwOi8vY3JsLnN0YXJmaWVsZHRlY2guY29tL3NmaWcy
czEtNzEzLmNybDBjBgNVHSAEXDBaME4GC2CGSAGG/W4BBxcBMD8wPQYIKwYBBQUH
AgEWMWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3Np
dG9yeS8wCAYGZ4EMAQIBMIGCBggrBgEFBQcBAQR2MHQwKgYIKwYBBQUHMAGGHmh0
dHA6Ly9vY3NwLnN0YXJmaWVsZHRlY2guY29tLzBGBggrBgEFBQcwAoY6aHR0cDov
L2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5L3NmaWcy
LmNydDAfBgNVHSMEGDAWgBQlRYFoUCY4PTstLL7Natm2PbNmYzA5BgNVHREEMjAw
ghRncmVhdGxha2VzYmVhY29uLm9yZ4IYd3d3LmdyZWF0bGFrZXNiZWFjb24ub3Jn
MB0GA1UdDgQWBBRSb/BZcATX4559KtkwqQuEp8LgBzCCAX8GCisGAQQB1nkCBAIE
ggFvBIIBawFpAHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGP
kyjMrAAABAMARzBFAiEAwcUrBI5d/89RuPYWE4r4fa/EbQ0NzwWtIFW4VhCXsHcC
IEerBHJs0d30iApT4xn/COHdq1ZRSEo3YiPfr9G1ygEEAHcAfVkeEuF4KnscYWd8
Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGPkyjNvQAABAMASDBGAiEArUlt0BhhbwFN
Id/7lVZjosOF8uK7eVG4B2Rwv3PG3U8CIQDYY3MkNexY/5Vl6JqukkvTEtMAsCXW
IyehfbfqOOGe6wB2AMz7D2qFcQll/pWbU87psnwi6YVcDZeNtql+VMD+TA2wAAAB
j5MozjgAAAQDAEcwRQIhAPxtvXT/lvy1gVXepXgTGzXxB69gKM6m36s9FUzW3YuP
AiA1qPe5clFzY1bfu301KWH4P5Tr738/0j3cfyOv2II4xjANBgkqhkiG9w0BAQsF
AAOCAQEAmRIfqcRHS60kX0dd66wUJ5l5tv//+99uN40vsCsKp8Wb4Z+5OR2o7fiF
5HgDv+UNcjGmQRX+NUMZy0Jf761GLkOcXVqyWu1Gaff0SKGj9oKWaOmUHi8s1fxo
q2K68qO2XD0WMGijW/z6IhTJ7Gh3rZ8E+IW2Rkx/3Z8dmd6PSEyjdXQPQBZHUSPG
meVt8wRY/afkqK1mqJuWaUbOWG0llFlmSzWHpADsSY09bUt93YJd0CKcRsV9Sb0+
clXQcG9RqM4J8TkkFaGbY6VcMYCQH3wyQgtNHTpfOvmelUUdTlT6fSR8be9d+x3h
0GNmhEoLibElhiiWSd9Eug1lKNmDjQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAvpGV7kABf3ZvXJ4L3q
Wnp7envhCBK0ehJdxtY6Ty4fZMej6+ijl0yx7SRhbjXouXuQAp4xPguiWpK8HT3a
MDXVp3t7bJLALPbhKcd/lJXtvdzOUQkRqTklv6GsXQ6+WTrtVXM5OVjjsCO6NEKm
x8l46eO67Z1pqwMw4NbJzSjMuJifjGMig2FgmXLKYXmpjCg6v/0NFEjIPhboijB7
PIksEAAQyYVuZBSG+I5kh17FjOq3/1yEV6rskohE7YMtCtcjLhim9+LXDYc8ErVc
OWho9dcD0qzMK1+ChFqvOfzjsjxn4X3iqWIU8VTexnEugWQtUG6Z6QSgbnKiUBn5
EwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 8552910903225273307
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Arizona'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Scottsdale'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Starfield Technologies, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'http://certs.starfieldtech.com/repository/'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Starfield Secure Certificate Authority - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-19 23:21:15 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-19 23:21:15 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'greatlakesbeacon.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20204002102409092854947672296965514896977267818661755112260756287112785826594716294106285751663203374553025995328065267016359625399529044591767188792308974401619732955137073050146508838364549907424703132997743453657367458151092746707245227262710204875402603276854902892876816651772158468938103633171872763755823433369134542580626685927731804596026112611795809492231916630289088449628058110077771554135989375160958191737065122171604901090952025918785143341082408561746254686508945919798110740703209371047935757296223071862012042665987589808704723431532405637237963247386424580059460732877095164992989046360544772749587
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.starfieldtech.com/sfig2s1-713.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114414.1.7.23.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://certificates.starfieldtech.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (118 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.starfieldtech.com/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://certificates.starfieldtech.com/repository/sfig2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 254581685026383d3b2d2cbecd6ad9b63db36663
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'greatlakesbeacon.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.greatlakesbeacon.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							526ff0597004d7e39e7d2ad930a90b84a7c2e007
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							01690076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018f9328ccac0000040300473045022100c1c52b048e5dffcf51b8f616138af87dafc46d0d0dcf05ad2055b8561097b077022047ab04726cd1ddf4880a53e319ff08e1ddab5651484a376223dfafd1b5ca01040077007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018f9328cdbd0000040300483046022100ad496dd018616f014d21dffb955663a2c385f2e2bb7951b8076470bf73c6dd4f022100d863732435ec58ff9565e89aae924bd312d300b025d62327a17db7ea38e19eeb007600ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db00000018f9328ce380000040300473045022100fc6dbd74ff96fcb58155dea578131b35f107af6028cea6dfab3d154cd6dd8b8f022035a8f7b97251736356dfbb7d352961f83f94ebef7f3fd23ddc7f23afd88238c6
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0099121fa9c4474bad245f475debac14279979b6fffffbdf6e378d2fb02b0aa7c59be19fb9391da8edf885e47803bfe50d7231a64115fe354319cb425fefad462e439c5d5ab25aed4669f7f448a1a3f6829668e9941e2f2cd5fc68ab62baf2a3b65c3d163068a35bfcfa2214c9ec6877ad9f04f885b6464c7fdd9f1d99de8f484ca375740f4016475123c699e56df30458fda7e4a8ad66a89b966946ce586d259459664b3587a400ec498d3d6d4b7ddd825dd0229c46c57d49bd3e7255d0706f51a8ce09f1392415a19b63a55c3180901f7c32420b4d1d3a5f3af99e95451d4e54fa7d247c6def5dfb1de1d06366844a0b89b12586289649df44ba0d6528d9838d