learn.masholdings.com

Issued by GeoTrust RSA CA 2018

About this certificate

This digital certificate with serial number 0f:27:56:a2:83:14:86:84:80:88:8e:b9:dd:52:c3:97 was issued on by DigiCert Inc.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=learn.masholdings.com

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0f:27:56:a2:83:14:86:84:80:88:8e:b9:dd:52:c3:97
Serial Number (int): 20142676677012187769878173289955902359
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 22:f4:04:0d:77:3e:53:83:38:d8:98:41:ae:6e:18:be:47:e9:5a:03
AuthorityKeyId: 90:58:ff:b0:9c:75:a8:51:54:77:b1:ed:f2:a3:43:16:38:9e:6c:c5

Fingerprint (sha1): 1f:ba:bd:01:fc:24:40:9f:84:9b:45:7f:f7:d5:26:da:20:02:3b:4c
Fingerprint (sha256): 53:2a:0d:60:c4:40:ea:3a:73:97:ae:63:6b:2d:a1:35:05:e2:10:25:9b:27:29:46:92:0a:55:12:32:4e:a5:fc

Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt

Revocation information

OCSP Server: http://status.geotrust.com
CRL Distribution Point: http://cdp.geotrust.com/GeoTrustRSACA2018.crl

Check the revocation status for certificate learn.masholdings.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for learn.masholdings.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

learn.masholdings.com

Other certificates including the domain name masholdings.com

(limited to 100 certificates)
energy.masholdings.com
cert00080-azurecdn.akamaized.net
cert00080-azurecdn.akamaized.net
cert00080-azurecdn.akamaized.net
learn.masholdings.com
cert00080-azurecdn.akamaized.net
cert00080-azurecdn.akamaized.net
apps.masholdings.com
cert00080-azurecdn.akamaized.net
cert00080-azurecdn.akamaized.net
shopfloor.masholdings.com
cert00080-azurecdn.akamaized.net
biq.masholdings.com
Activeevents.masholdings.com
portal.masholdings.com
cert00080-azurecdn.akamaized.net
kanban.masholdings.com
sip.masholdings.com
knet.masholdings.com
join.masholdings.com
cert00080-azurecdn.akamaized.net
masholdings.com
board.masholdings.com
plm.masholdings.com
visitors.masholdings.com
cert00080-azurecdn.akamaized.net
connect.masholdings.com
bi.masholdings.com
fs.masholdings.com
dashboard.masholdings.com
psrint.masholdings.com
cert00080-azurecdn.akamaized.net
pragna.masholdings.com
shopfloor.masholdings.com
cert00080-azurecdn.akamaized.net
fs.masholdings.com
cert00080-azurecdn.akamaized.net
visitors.masholdings.com
apps.masholdings.com
cert00080-azurecdn.akamaized.net
portal.masholdings.com
t2ouat.masholdings.com
shopfloor.masholdings.com
cert00080-azurecdn.akamaized.net
pdmobile.masholdings.com
maswas.masholdings.com
learn.masholdings.com
cert00080-azurecdn.akamaized.net
connect.masholdings.com
cert00080-azurecdn.akamaized.net
smc.masholdings.com
cert00080-azurecdn.akamaized.net
cert00080-azurecdn.akamaized.net
one.masholdings.com
darwinddm.masholdings.com
pdmobile.masholdings.com
smartrouting.masholdings.com
etrnv2.masholdings.com
cert00080-azurecdn.akamaized.net
b1.masholdings.com
acmeerp.masholdings.com
etrnq.masholdings.com
maspdweb.masholdings.com
sip.masholdings.com
shopfloor.masholdings.com
mail.masholdings.com
sip.masholdings.com
connect.masholdings.com
fs.masholdings.com
cert00080-azurecdn.akamaized.net
cert00080-azurecdn.akamaized.net
cert00080-azurecdn.akamaized.net
knet.masholdings.com
learn.masholdings.com
energy.masholdings.com
cert00080-azurecdn.akamaized.net
remote.masholdings.com
sip.masholdings.com
cert00080-azurecdn.akamaized.net
mail.masholdings.com
biq.masholdings.com
sip.masholdings.com
cert00080-azurecdn.akamaized.net
acmeerp.masholdings.com
apps.masholdings.com
learn.masholdings.com
learn.masholdings.com
portal.masholdings.com
etrn.masholdings.com
fs.masholdings.com
fs.masholdings.com
visitors.masholdings.com
cert00080-azurecdn.akamaized.net
sip.masholdings.com
sip.masholdings.com
visitors.masholdings.com
cert00080-azurecdn.akamaized.net
legcompliance.masholdings.com
shopfloor.masholdings.com
supportdesk.masholdings.com

Certificate

The complete raw certificate details for learn.masholdings.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgIQDydWooMUhoSAiI653VLDlzANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe
Fw0xODA1MTAwMDAwMDBaFw0xOTA1MTcxMjAwMDBaMCAxHjAcBgNVBAMTFWxlYXJu
Lm1hc2hvbGRpbmdzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMbuEalQok5HGzrb0tLLR4Udb/pqH5paoS7SnqQUvC8/JOuDfP0lTPqQnthS67sU
K3hFBY5Go29dlIL1UWzQQo7K+/dg3723BGIiYAnoJuucpkRzYSg3LUyk/FuOlT7f
yNgypWpn797fW6AybbM55+YxwyxnPUsPduqWKrVvy+AS3/KPKTsWLaD0bk6r1caM
W0c4waKBPRwhXWq/r/5zJXD+gNSFok+EVQz05XCs9ZnpyxhU5RJwV/TEl/iSQBiW
EIzBKYHlOvqb7sw0cHZughxACtzjf7vd5wQws4qlHD2BhWhGCuFs+TUb2bEd1IN8
KH+SrLoAJA4Wv0nfpBgjFa0CAwEAAaOCAqwwggKoMB8GA1UdIwQYMBaAFJBY/7Cc
dahRVHex7fKjQxY4nmzFMB0GA1UdDgQWBBQi9AQNdz5TgzjYmEGubhi+R+laAzAg
BgNVHREEGTAXghVsZWFybi5tYXNob2xkaW5ncy5jb20wDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA+BgNVHR8ENzA1MDOgMaAv
hi1odHRwOi8vY2RwLmdlb3RydXN0LmNvbS9HZW9UcnVzdFJTQUNBMjAxOC5jcmww
TAYDVR0gBEUwQzA3BglghkgBhv1sAQIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93
d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMCYG
CCsGAQUFBzABhhpodHRwOi8vc3RhdHVzLmdlb3RydXN0LmNvbTA9BggrBgEFBQcw
AoYxaHR0cDovL2NhY2VydHMuZ2VvdHJ1c3QuY29tL0dlb1RydXN0UlNBQ0EyMDE4
LmNydDAJBgNVHRMEAjAAMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUAu9nfvB+K
cbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFjSIWvuAAABAMARjBEAiB6wX5g
4XrB49vzoSktwJqnFCbFdmsMiThpO0ewseaEFQIgW2NuUPJo7oe7CveZ4nY3N9GD
+IVahKi9AVK3ld62WqsAdgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZ
EwAAAWNIhbBXAAAEAwBHMEUCIQDD27WM2dYJTvKIZXErxMtH95y/o0gg2uKumjxi
5i6evwIgECs9helvk+0CAcV93ufSl0o/Q6PP3j5ozQtkREPFLcQwDQYJKoZIhvcN
AQELBQADggEBABr+eKdvYde/dfwPEUM3g+kucmQ6TdBKiwuTcIGIYS0V0inmZ3Ys
d7C0FRxy0o0oWtmEum6j22+ABj2EAhKH6OEKkmDAFoHT0qK3zRJPZZPY/RLY+ech
qRIG7wTfXvvuYIGStcvW6TrcvDq4oXhO4UJT34sZ6o6/W78ARhN9ggqlTCduGYPx
pR0t7Vg8InQRqAAwDJr5tEA3oPvhkNpyRcEMRHtVEwj3t8daANd1sht0c0AHfGRH
m6TEnJKy+v+IUPZNZl49ZG3cSmhDVjvE0fditvh6sc+VW4+iTzho8pw5d8++rRCv
jqRIyjoZi+Xq5ZpPec+eXytbECawccEPdI8=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxu4RqVCiTkcbOtvS0stH
hR1v+mofmlqhLtKepBS8Lz8k64N8/SVM+pCe2FLruxQreEUFjkajb12UgvVRbNBC
jsr792DfvbcEYiJgCegm65ymRHNhKDctTKT8W46VPt/I2DKlamfv3t9boDJtsznn
5jHDLGc9Sw926pYqtW/L4BLf8o8pOxYtoPRuTqvVxoxbRzjBooE9HCFdar+v/nMl
cP6A1IWiT4RVDPTlcKz1menLGFTlEnBX9MSX+JJAGJYQjMEpgeU6+pvuzDRwdm6C
HEAK3ON/u93nBDCziqUcPYGFaEYK4Wz5NRvZsR3Ug3wof5KsugAkDha/Sd+kGCMV
rQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 20142676677012187769878173289955902359
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust RSA CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-05-10 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-05-17 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'learn.masholdings.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25112580577561882610032380230993124653772640005580954102422438456372340809622170456108159323336414600390084948072184719544275354978258850452249789743450358355035298672330167695558115141190751759533387979361221888903764809210398116452356291025991475292406612560599859360481779147488568031158293596021276721449842054789640168736954424250885207614184947530311639378320424270062127907951147759840372515003606740316258357889201426333559218321224061432199745589870635766026893752559399983446455109429893974335654912872042190492732601409802865002350036609810804029749762465624583038858857070473105019300205928312357922215341
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9058ffb09c75a8515477b1edf2a34316389e6cc5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							22f4040d773e538338d89841ae6e18be47e95a03
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'learn.masholdings.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustRSACA2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustRSACA2018.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007500bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185000001634885afb8000004030046304402207ac17e60e17ac1e3dbf3a1292dc09aa71426c5766b0c8938693b47b0b1e6841502205b636e50f268ee87bb0af799e2763737d183f8855a84a8bd0152b795deb65aab0076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d913000001634885b0570000040300473045022100c3dbb58cd9d6094ef28865712bc4cb47f79cbfa34820dae2ae9a3c62e62e9ebf0220102b3d85e96f93ed0201c57ddee7d2974a3f43a3cfde3e68cd0b644443c52dc4
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001afe78a76f61d7bf75fc0f11433783e92e72643a4dd04a8b0b93708188612d15d229e667762c77b0b4151c72d28d285ad984ba6ea3db6f80063d84021287e8e10a9260c01681d3d2a2b7cd124f6593d8fd12d8f9e721a91206ef04df5efbee608192b5cbd6e93adcbc3ab8a1784ee14253df8b19ea8ebf5bbf0046137d820aa54c276e1983f1a51d2ded583c227411a800300c9af9b44037a0fbe190da7245c10c447b551308f7b7c75a00d775b21b747340077c64479ba4c49c92b2faff8850f64d665e3d646ddc4a6843563bc4d1f762b6f87ab1cf955b8fa24f3868f29c3977cfbead10af8ea448ca3a198be5eae59a4f79cf9e5f2b5b1026b071c10f748f