cdn.unive.nl

Issued by Sectigo RSA Domain Validation Secure Server CA

About this certificate

This digital certificate with serial number 2a:7f:83:91:3c:ba:04:44:37:c2:9e:bd:ad:a0:04:b7 was issued on by Sectigo Limited.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=cdn.unive.nl

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate will expire on

Certificate Details

Serial Number (hex): 2a:7f:83:91:3c:ba:04:44:37:c2:9e:bd:ad:a0:04:b7
Serial Number (int): 56489666026536013647529259715256124599
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 96:c7:15:e8:f4:63:91:7f:75:94:12:c3:2b:b9:e4:f9:ab:0d:1d:7c
AuthorityKeyId: 8d:8c:5e:c4:54:ad:8a:e1:77:e9:9b:f9:9b:05:e1:b8:01:8d:61:e1

Fingerprint (sha1): e3:d2:76:32:21:aa:73:4d:b6:61:6b:15:71:a8:de:a9:6f:6a:61:f4
Fingerprint (sha256): 52:52:e6:dd:0c:30:0a:dc:0c:61:a4:1e:85:0b:36:57:cd:d9:3c:93:92:2b:cb:1d:ac:34:4b:82:85:77:c2:54

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com

Check the revocation status for certificate cdn.unive.nl

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for cdn.unive.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

cdn.unive.nl
www.cdn.unive.nl

Other certificates including the domain name unive.nl

(limited to 100 certificates)
www.acc.unive.nl
web.unive.nl
mail.vgz.nl
tracking.unive.nl
acc.unive.nl
mijn.unive.nl
rechtshulpagrarisch.unive.nl
lync.unive.nl
api-opa.unive.nl
iw.unive.nl
tracking.unive.nl
iw.unive.nl
bb.unive.nl
vpn.unive.nl
remote.unive.nl
api-atp.unive.nl
webwerken.unive.nl
api.unive.nl
rechtshulpagrarisch.unive.nl
dispatchtest.unive.nl
mijn.unive.nl
vpn.unive.nl
mxb.unive.nl
services-pat.unive.nl
unive.nl
mxa.unive.nl
prod.unive.nl
vpn.unive.nl
tracking.unive.nl
email.unive.nl
tracking.unive.nl
rd.unive.nl
dsuniverabobank.unive.nl
privatelease.beta.unive.nl
stadenland.unive.nl
www.unive.nl
lync.unive.nl
www.unive.nl
privatelease.beta.unive.nl
zakelijk.unive.nl
tracking.unive.nl
api.unive.nl
tracking.unive.nl
rechtshulpmkb.unive.nl
www.unive.nl
mijn.unive.nl
mijn.unive.nl
vpn.unive.nl
rechtshulpagrarisch.unive.nl
acc.unive.nl
stadenland.unive.nl
opa.unive.nl
tracking.unive.nl
rechtshulpagrarisch.unive.nl
cdn-pat.unive.nl
rechtshulpmkb.unive.nl
iw-pat.unive.nl
*.prod.daas.unive.nl
mijn.unive.nl
www.unive.nl
api.unive.nl
videochat.unive.nl
email.unive.nl
mail.unive.nl
lync.unive.nl
cdn.unive.nl
login.pat.unive.nl
mxb.unive.nl
pns-digital.unive.nl
*.ot.daas.unive.nl
services.unive.nl
bb.unive.nl
www.unive.nl
beta.unive.nl
login.unive.nl
www.unive.nl
flexwerken.unive.nl
pns-digital.unive.nl
dispatchtest.unive.nl
pns-digital.unive.nl
pat.unive.nl
vpn.unive.nl
dispatch.unive.nl
tracking.unive.nl
365.unive.nl
tracking.unive.nl
cdn.unive.nl
accmijn.unive.nl
tracking.unive.nl
cdn-pat.unive.nl
cdn.unive.nl
email.unive.nl
webwerken.unive.nl
iw-pat.unive.nl
vpn.unive.nl
pat.unive.nl
email.unive.nl
vpn.unive.nl
webmail.unive.nl
www.unive.nl

Certificate

The complete raw certificate details for cdn.unive.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGMjCCBRqgAwIBAgIQKn+DkTy6BEQ3wp69raAEtzANBgkqhkiG9w0BAQsFADCB
jzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD
Ey5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB
MB4XDTIzMDYyMDAwMDAwMFoXDTI0MDYxOTIzNTk1OVowFzEVMBMGA1UEAxMMY2Ru
LnVuaXZlLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48nkmTDK
f54o71Rg8ejh9VBCXJ1CJ9F3PJ4abjuQepnjikDYXPFuLbpmrFbKPBYo1e+OaigT
pfdQP59CdZz9IyqiQnsVZsLFtnokkKH/dOpB6lxqN2WRr4ITywjRymLHRBguNHF9
ogex4ARO1SAIucGcpcePpQbLiE2ctBY4CCqqQW/gporZ0jeZl4v4/7Q5q40ywIrG
JeiW9JIIwCj3qehIMU+DrBDzKfLoJbnKSSAZHb37LeEXxtHXyQ259bDe2sHvd3D4
T6oqDA6xzXOQCkKLmWjk3Tg6DxqZldmgZFpdRvXkZuG8CLYasQDIx3CwAlXztc4M
dz2B9c6FhJ05QQIDAQABo4IC/zCCAvswHwYDVR0jBBgwFoAUjYxexFStiuF36Zv5
mwXhuAGNYeEwHQYDVR0OBBYEFJbHFej0Y5F/dZQSwyu55PmrDR18MA4GA1UdDwEB
/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUHAgEWF2h0
dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUHAQEEeDB2
ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FE
b21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdo
dHRwOi8vb2NzcC5zZWN0aWdvLmNvbTApBgNVHREEIjAgggxjZG4udW5pdmUubmyC
EHd3dy5jZG4udW5pdmUubmwwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB1AHb/
iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABiNkmB+4AAAQDAEYwRAIg
KoVNG6VkF9xKfYUgl0SFoTUrHUtV3mXDxZ/DUUegf8UCIEsuXXi4Dj6YK63p6fWQ
NHh/j+nIbNtKaiRn+AvYCo2DAHYA2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9
MEjX+6sAAAGI2SYIUgAABAMARzBFAiEA6W0smYs9KFNYigxwqyIu9a6IG4tgAyhd
oVDFPhNigA8CIFJK5vSp2OU3tTsDoQFNnCWiF7myhbr8kHww8gpacROuAHYA7s3Q
ZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGI2SYIbAAABAMARzBFAiBl
DK9uNcTSj+P3NuOmvAjJJzFudsHGRQnt2+0hPHsOOwIhAPpbLSpkN0vPZXNwWuVO
lQbr9RDe2OS/dJ/EIxrEqN/8MA0GCSqGSIb3DQEBCwUAA4IBAQBDk99oCiOaS+Sg
wXnlKbwYoWnVra4MqZIia5k6n+laRTAeso77DAgLCZJKPksBQ6sMMweqp0NwbACJ
DxCJW3MVzLWLdXM9nKdIMEqyk/qC9tUQIdPUUQGgDx+erwjuf3APONBo/8hIIuPD
4rKyGEq2CyjM+onwr+LsjiiiWUwGhvfvW2sd7y5k6qMF2p5jO7KkteSGJ9YauHYc
8yFOWGGjeCc1cKGZaYwblQJBCcHDBVIwH5kivAcUvzR7n/+wzEaq4DApJKVMOgjd
AkAL4FgCg6BNtpl3Aybqpc0nTmtk/LxNEf4zQ6+KtfgjIGcsg8S3Fo5Ph3nwNVxm
gzEh82xo
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48nkmTDKf54o71Rg8ejh
9VBCXJ1CJ9F3PJ4abjuQepnjikDYXPFuLbpmrFbKPBYo1e+OaigTpfdQP59CdZz9
IyqiQnsVZsLFtnokkKH/dOpB6lxqN2WRr4ITywjRymLHRBguNHF9ogex4ARO1SAI
ucGcpcePpQbLiE2ctBY4CCqqQW/gporZ0jeZl4v4/7Q5q40ywIrGJeiW9JIIwCj3
qehIMU+DrBDzKfLoJbnKSSAZHb37LeEXxtHXyQ259bDe2sHvd3D4T6oqDA6xzXOQ
CkKLmWjk3Tg6DxqZldmgZFpdRvXkZuG8CLYasQDIx3CwAlXztc4Mdz2B9c6FhJ05
QQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 56489666026536013647529259715256124599
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Domain Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-06-20 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-19 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cdn.unive.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28755652357650548646368392827950347606643840322316428787582586498358074087188905133442753672778274322038997344386064857074227580842554785426623240866715871641040914742490637583164432674536472039890141123119714742063168836904750680519008132284824627124255930462632209410333956684773293115855446698780762038267888432578479223325393609323998293621240514960745698141233940823968817092331619750602942031270610817411349806623127981057416243233617467277690445935789764777862630382209664532793445549535656659158184142193722161626123334826305600367454213988876374010564145524937527554921713907176374760325765388265575155579201
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 8d8c5ec454ad8ae177e99bf99b05e1b8018d61e1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							96c715e8f463917f759412c32bb9e4f9ab0d1d7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (120 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdn.unive.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cdn.unive.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							016700750076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a7400000188d92607ee000004030046304402202a854d1ba56417dc4a7d8520974485a1352b1d4b55de65c3c59fc35147a07fc502204b2e5d78b80e3e982bade9e9f59034787f8fe9c86cdb4a6a2467f80bd80a8d83007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab00000188d92608520000040300473045022100e96d2c998b3d2853588a0c70ab222ef5ae881b8b6003285da150c53e1362800f0220524ae6f4a9d8e537b53b03a1014d9c25a217b9b285bafc907c30f20a5a7113ae007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b00000188d926086c00000403004730450220650caf6e35c4d28fe3f736e3a6bc08c927316e76c1c64509eddbed213c7b0e3b022100fa5b2d2a64374bcf6573705ae54e9506ebf510ded8e4bf749fc4231ac4a8dffc
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004393df680a239a4be4a0c179e529bc18a169d5adae0ca992226b993a9fe95a45301eb28efb0c080b09924a3e4b0143ab0c3307aaa743706c00890f10895b7315ccb58b75733d9ca748304ab293fa82f6d51021d3d45101a00f1f9eaf08ee7f700f38d068ffc84822e3c3e2b2b2184ab60b28ccfa89f0afe2ec8e28a2594c0686f7ef5b6b1def2e64eaa305da9e633bb2a4b5e48627d61ab8761cf3214e5861a378273570a199698c1b95024109c1c30552301f9922bc0714bf347b9fffb0cc46aae0302924a54c3a08dd02400be0580283a04db699770326eaa5cd274e6b64fcbc4d11fe3343af8ab5f82320672c83c4b7168e4f8779f0355c66833121f36c68