*.dk1.kiva.org
Issued by Amazon RSA 2048 M02
About this certificate
This digital certificate with serial number 02:f7:fd:5e:7d:ad:a6:8b:5a:a8:76:48:de:1b:4f:c1 was issued on by Amazon.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=*.dk1.kiva.org
Amazon
Organization:
Amazon
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 02:f7:fd:5e:7d:ad:a6:8b:5a:a8:76:48:de:1b:4f:c1Serial Number (int): 3946092251600491261447287520976654273
Serial Number lenght: 122 bits, 16 octets
SubjectKeyId: 14:f1:af:2d:45:46:14:e9:1f:ce:0a:dc:d4:c1:22:1b:01:34:43:dc
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2
Fingerprint (sha1): 68:ee:09:83:48:89:41:b0:05:24:35:ca:1b:18:4a:5e:7a:aa:bb:c2
Fingerprint (sha256): 56:8b:a1:1d:95:41:db:ea:79:cb:b2:1f:58:33:2a:42:5c:8e:f8:d7:e1:6c:13:32:e7:b3:33:15:71:d8:30:65
Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer
Revocation information
OCSP Server: http://ocsp.r2m02.amazontrust.comCRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl
Check the revocation status for certificate *.dk1.kiva.org
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.dk1.kiva.org
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.dk1.kiva.org
Other certificates including the domain name kiva.org
(limited to 100 certificates)
devvm-api.dk1.kiva.org
secure.novica.com
secure.novica.com
*.stage.kiva.org
*.stage.kiva.org
gender.kiva.org
masterbooker.com
lend.kiva.org
groove.ehlinks.com
jespergustafsson.com
secure.novica.com
*.dev.kiva.org
groove.simondata.com
careers.kiva.org
partnerships.kiva.org
sni.cloudflaressl.com
login.kiva.org
www.marlim.co
*.dev.kiva.org
groove.robinpowered.com
*.dev.kiva.org
www.kiva.org
lend.kiva.org
www.gender.kiva.org
sgchuscpje.device.sighub.ch
go.kiva.org
groove.swivl.com
www.gender.kiva.org
groove.lyric.com
partnerships.kiva.org
groove.kiva.org
links.kiva.org
www.starterplus.net
login.kiva.org
groove.ehlinks.com
secure.novica.com
cdn.steviewonder.es
lend.kiva.org
partnerships.kiva.org
groove.jebbit.com
lend.kiva.org
www.refugees.kiva.org
us.kiva.org
groove.jebbit.com
admin-api.k1.kiva.org
go.kiva.org
*.kiva.org
www.kiva.org
groove.adpearance.com
*.stage.kiva.org
*.kiva.org
educathours.com
secure.novica.com
groove.cloudleaf.io
*.kiva.org
secure.novica.com
www.refugees.kiva.org
login.kiva.org
partner-api.k1.kiva.org
novica.com
*.kiva.org
login.kiva.org
www.labs.kiva.org
www.dashboard.geotargetly.com
gender.kiva.org
groove.kiva.org
www.refugees.kiva.org
groove.trustarc.com
novica.com
viska.com
*.kiva.org
sg.travelrank.org
go.kiva.org
secure.novica.com
login.qa.kiva.org
*.qa.kiva.org
branded.grooveapp.com
us.kiva.org
groove.g2.com
groove.uber.com
www.webboot.io
refugees.kiva.org
careers.kiva.org
wordscanner.app
*.kiva.org
*.kiva.org
careers.kiva.org
sdk.sl.kiva.org
*.dev.kiva.org
*.stage.kiva.org
*.kiva.org
us.kiva.org
wordscanner.app
*.dk1.kiva.org
admin-api.dk1.kiva.org
careers.kiva.org
*.dev.kiva.org
*.dev.kiva.org
marketplace-api.k1.kiva.org
bjuttflix.niels.me
secure.novica.com
secure.novica.com
*.stage.kiva.org
*.stage.kiva.org
gender.kiva.org
masterbooker.com
lend.kiva.org
groove.ehlinks.com
jespergustafsson.com
secure.novica.com
*.dev.kiva.org
groove.simondata.com
careers.kiva.org
partnerships.kiva.org
sni.cloudflaressl.com
login.kiva.org
www.marlim.co
*.dev.kiva.org
groove.robinpowered.com
*.dev.kiva.org
www.kiva.org
lend.kiva.org
www.gender.kiva.org
sgchuscpje.device.sighub.ch
go.kiva.org
groove.swivl.com
www.gender.kiva.org
groove.lyric.com
partnerships.kiva.org
groove.kiva.org
links.kiva.org
www.starterplus.net
login.kiva.org
groove.ehlinks.com
secure.novica.com
cdn.steviewonder.es
lend.kiva.org
partnerships.kiva.org
groove.jebbit.com
lend.kiva.org
www.refugees.kiva.org
us.kiva.org
groove.jebbit.com
admin-api.k1.kiva.org
go.kiva.org
*.kiva.org
www.kiva.org
groove.adpearance.com
*.stage.kiva.org
*.kiva.org
educathours.com
secure.novica.com
groove.cloudleaf.io
*.kiva.org
secure.novica.com
www.refugees.kiva.org
login.kiva.org
partner-api.k1.kiva.org
novica.com
*.kiva.org
login.kiva.org
www.labs.kiva.org
www.dashboard.geotargetly.com
gender.kiva.org
groove.kiva.org
www.refugees.kiva.org
groove.trustarc.com
novica.com
viska.com
*.kiva.org
sg.travelrank.org
go.kiva.org
secure.novica.com
login.qa.kiva.org
*.qa.kiva.org
branded.grooveapp.com
us.kiva.org
groove.g2.com
groove.uber.com
www.webboot.io
refugees.kiva.org
careers.kiva.org
wordscanner.app
*.kiva.org
*.kiva.org
careers.kiva.org
sdk.sl.kiva.org
*.dev.kiva.org
*.stage.kiva.org
*.kiva.org
us.kiva.org
wordscanner.app
*.dk1.kiva.org
admin-api.dk1.kiva.org
careers.kiva.org
*.dev.kiva.org
*.dev.kiva.org
marketplace-api.k1.kiva.org
bjuttflix.niels.me
Certificate
The complete raw certificate details for *.dk1.kiva.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFyDCCBLCgAwIBAgIQAvf9Xn2tpotaqHZI3htPwTANBgkqhkiG9w0BAQsFADA8 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g UlNBIDIwNDggTTAyMB4XDTIzMTAyNzAwMDAwMFoXDTI0MTEyNTIzNTk1OVowGTEX MBUGA1UEAwwOKi5kazEua2l2YS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCr2fYFvwb1qx1JTIMstrlEtVQMyVrWm8vNYAqBOh3fMwi5duI4LDH2 3MZo6YNeDthYlP1aPRKJtVUYyNwVg63g3NqFyS+jJ6wlgbAPT8rBnaFFKbuhF1Vy gUlQ0+2UoBzOKQ7KYvmzrGT6k54xyosTCS50gPYjLHXwLsV0CvtFj7yZ/N3xG+m1 fjITb3M9Rni2RmVsfzLOc31AywumyRj0gz9JGUYWRQ3CBOBbgePdrtyCcidWQQWd vcNFPEXcPJI8LecXx4pR2Q9shsnozoBn+PWX3IxbAvdG/F6440lhohGI5Q38b65E EwIE3bUarooBZfw2OrrdY8m1cKC8GpFpAgMBAAGjggLnMIIC4zAfBgNVHSMEGDAW gBTAMVLNWlDDgnx0cc7L6Zz5euuC4jAdBgNVHQ4EFgQUFPGvLUVGFOkfzgrc1MEi GwE0Q9wwGQYDVR0RBBIwEIIOKi5kazEua2l2YS5vcmcwEwYDVR0gBAwwCjAIBgZn gQwBAgEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF BQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAyLmFtYXpvbnRy dXN0LmNvbS9yMm0wMi5jcmwwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFo dHRwOi8vb2NzcC5yMm0wMi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0 dHA6Ly9jcnQucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNlcjAMBgNVHRMB Af8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgDuzdBk1dsazsVct520 zROiModGfLzs3sNRSFlGcR+1mwAAAYtuvDjAAAAEAwBHMEUCIHx/C/8KDlAKNfGW uR/2sKoIKBJwBLYiYpHGxIApMwPEAiEAjPufWw6z61y2GSYvyueiYtY+fNIVz46V k7aPpQXIG2kAdgBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAYtu vDj1AAAEAwBHMEUCIGnwVbPrumsBFyK0dsAIZc0S9a/CSOlrNpupz7tURME1AiEA 5UJXMmp8xZ3cyhrGq28DciSbwfVqgQGc0W6WfTZ9aj0AdgDatr9rP7W2Ip+bwrtc a+hwkXFsu1GEhTS9pD0wSNf7qwAAAYtuvDkeAAAEAwBHMEUCIHdMEfDVS3I/5rz7 7Rl+oHT2phkVIIlx8i4TtIgjPPhIAiEAtOIMnJ86TM++ggGr1UkJyUw88YQmyIlc JxsmuDHRpsAwDQYJKoZIhvcNAQELBQADggEBAJgYHKv+yCeI/Csgw+ZaSUrWiuwb AGkhvYlVVmfzDXSrnibRzWKsda1DFruHKpFlm23XDh4KTYwtY5f8KvJYQX4+VzUd aiQ0/SpJveZlLz8MZpVbY3fQinED+NPV9EEqn+IG/iGxD0bFjS13aLl2NOHbr8Hz PoeG8GeFhMYVgJIihiginD73qDDUxVPD+EWQDnVXGmsCZGA8qFhiMjjj44zrPvkl uV/Ro0m4lb70pfCAQVPJVLEbZ4PkjrlrJU/Z+Ay/qHvbOTjQSoQd+10NkVi6WuBi 2FiWImQ/3ExzkfqtUhwpXUVeELDYsb4ESltkwx4eFF63qvg/rVgZgspUIRs= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9n2Bb8G9asdSUyDLLa5 RLVUDMla1pvLzWAKgTod3zMIuXbiOCwx9tzGaOmDXg7YWJT9Wj0SibVVGMjcFYOt 4NzahckvoyesJYGwD0/KwZ2hRSm7oRdVcoFJUNPtlKAczikOymL5s6xk+pOeMcqL EwkudID2Iyx18C7FdAr7RY+8mfzd8RvptX4yE29zPUZ4tkZlbH8yznN9QMsLpskY 9IM/SRlGFkUNwgTgW4Hj3a7cgnInVkEFnb3DRTxF3DySPC3nF8eKUdkPbIbJ6M6A Z/j1l9yMWwL3RvxeuONJYaIRiOUN/G+uRBMCBN21Gq6KAWX8Njq63WPJtXCgvBqR aQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 3946092251600491261447287520976654273 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-27 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-11-25 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.dk1.kiva.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21694230736568658385326581247341980923586618251511101449438983846683058058198077501547998328162108737149522070192258104452556593553205640445849803861298495470503609582417770643633500291991022942793890021450585666202868251437936265892311426071840564413883276092240606007766148777526895911062569417973255958777913816603078573053483437170705634985199949557685320053977289491488307903150159142753495153971763093230611442378033722154807316169331118131206830097465992636003945022724300425261181514094171895797298115092066682078411299450975048468145937517176082205204849238869285023793360266643069458570910658221685511721321 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 14f1af2d454614e91fce0adcd4c1221b013443dc . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (18 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.dk1.kiva.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes) 0168007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018b6ebc38c0000004030047304502207c7f0bff0a0e500a35f196b91ff6b0aa0828127004b6226291c6c480293303c40221008cfb9f5b0eb3eb5cb619262fcae7a262d63e7cd215cf8e9593b68fa505c81b6900760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018b6ebc38f50000040300473045022069f055b3ebba6b011722b476c00865cd12f5afc248e96b369ba9cfbb5444c135022100e54257326a7cc59ddcca1ac6ab6f0372249bc1f56a81019cd16e967d367d6a3d007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018b6ebc391e00000403004730450220774c11f0d54b723fe6bcfbed197ea074f6a61915208971f22e13b488233cf848022100b4e20c9c9f3a4ccfbe8201abd54909c94c3cf18426c8895c271b26b831d1a6c0 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0098181cabfec82788fc2b20c3e65a494ad68aec1b006921bd89555667f30d74ab9e26d1cd62ac75ad4316bb872a91659b6dd70e1e0a4d8c2d6397fc2af258417e3e57351d6a2434fd2a49bde6652f3f0c66955b6377d08a7103f8d3d5f4412a9fe206fe21b10f46c58d2d7768b97634e1dbafc1f33e8786f0678584c6158092228628229c3ef7a830d4c553c3f845900e75571a6b0264603ca858623238e3e38ceb3ef925b95fd1a349b895bef4a5f0804153c954b11b6783e48eb96b254fd9f80cbfa87bdb3938d04a841dfb5d0d9158ba5ae062d8589622643fdc4c7391faad521c295d455e10b0d8b1be044a5b64c31e1e145eb7aaf83fad581982ca54211b