*.jweiland.net
Issued by Starfield Secure Certificate Authority - G2
About this certificate
This digital certificate with serial number 88:44:81:d7:80:0a:b2:a3 was issued on by Starfield Technologies, Inc..
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=*.jweiland.net
Starfield Technologies, Inc.
Organization:
Starfield Technologies, Inc.
Organization unit: http://certs.starfieldtech.com/repository/
Organization unit: http://certs.starfieldtech.com/repository/
State / Province:
Arizona
Locality: Scottsdale
Country: US
Locality: Scottsdale
Country: US
This certificate will expire on
Certificate Details
Serial Number (hex): 88:44:81:d7:80:0a:b2:a3Serial Number (int): 9819115850140660387
Serial Number lenght: 64 bits, 8 octets
SubjectKeyId: 04:c9:7c:bf:b6:da:2d:86:e8:99:75:3b:c8:49:72:4b:ff:8a:04:f3
AuthorityKeyId: 25:45:81:68:50:26:38:3d:3b:2d:2c:be:cd:6a:d9:b6:3d:b3:66:63
Fingerprint (sha1): 54:c2:e9:ae:43:13:28:28:19:ca:85:b8:c8:d9:53:fb:e9:3d:4a:bc
Fingerprint (sha256): 5c:51:82:76:76:75:6a:12:ef:eb:ed:53:8f:66:44:aa:96:47:ec:6c:15:d7:a1:49:0b:13:ee:cf:bb:90:64:81
Issuing Certificate URL: http://certificates.starfieldtech.com/repository/sfig2.crt
Revocation information
OCSP Server: http://ocsp.starfieldtech.com/CRL Distribution Point: http://crl.starfieldtech.com/sfig2s1-675.crl
Check the revocation status for certificate *.jweiland.net
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.jweiland.net
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.jweiland.net
jweiland.net
jweiland.net
Other certificates including the domain name jweiland.net
(limited to 100 certificates)
*.jweiland.net
900618.solr-04.jweiland.net
*.jweiland.net
5150001.solr-01.jweiland.net
*.jweiland.net
solr-48-1.jweiland.net
5089119.solr-05.jweiland.net
11477.solr-04.jweiland.net
solr-48-1.jweiland.net
*.jweiland.net
*.jweiland.net
jweiland.net
*.jweiland.net
jweiland.net
*.jweiland.net
*.jweiland.net
*.jweiland.net
5124001-dev-intra.solr-01.jweiland.net
solr-410-1.jweiland.net
solr-410-3.jweiland.net
typo3template.jweiland.net
9649.solr-01.jweiland.net
mk.jweiland.net
900618.solr-04.jweiland.net
*.jweiland.net
5150001.solr-01.jweiland.net
*.jweiland.net
solr-48-1.jweiland.net
5089119.solr-05.jweiland.net
11477.solr-04.jweiland.net
solr-48-1.jweiland.net
*.jweiland.net
*.jweiland.net
jweiland.net
*.jweiland.net
jweiland.net
*.jweiland.net
*.jweiland.net
*.jweiland.net
5124001-dev-intra.solr-01.jweiland.net
solr-410-1.jweiland.net
solr-410-3.jweiland.net
typo3template.jweiland.net
9649.solr-01.jweiland.net
mk.jweiland.net
Certificate
The complete raw certificate details for *.jweiland.net in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGujCCBaKgAwIBAgIJAIhEgdeACrKjMA0GCSqGSIb3DQEBCwUAMIHGMQswCQYD VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEl MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEzMDEGA1UECxMq aHR0cDovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMTQwMgYD VQQDEytTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcy MB4XDTI0MDIxMjA5MDgyOFoXDTI1MDMxMzA1MzQxMVowGTEXMBUGA1UEAwwOKi5q d2VpbGFuZC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD9n3UO D1f4h6IFJCbxJj05x84piVMUwlRGxNkrgexxO2xhrdB6my3bdnjU5kdcp6PLQqNZ vu09XfdYC1Q6Y8x6PZsYMvKDw/obRJmJEjLvHW54zCQI31UTZ4sib5hFlfcW8y4/ 0xtLWzS7pj7/dA5sLziWKFrUgqvIGylFqpp0X52jgeIihIvqMY4yRnpC3/V0azoD yupt0lKIk4aI9XehcNW4zedDEWeDCmw2oN6NYUyuWpZQI0isG6YFi1yO5jxi6zrb jv89JE49phoNaIvF2CoeR0ipSqxF514ofhskvlzsNUFZjPmtbn8LTCGqRTRJovY7 4KBMEwjgBCVk4GaBAgMBAAGjggNVMIIDUTAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwPQYDVR0fBDYw NDAyoDCgLoYsaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9zZmlnMnMxLTY3 NS5jcmwwYwYDVR0gBFwwWjBOBgtghkgBhv1uAQcXATA/MD0GCCsGAQUFBwIBFjFo dHRwOi8vY2VydGlmaWNhdGVzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkv MAgGBmeBDAECATCBggYIKwYBBQUHAQEEdjB0MCoGCCsGAQUFBzABhh5odHRwOi8v b2NzcC5zdGFyZmllbGR0ZWNoLmNvbS8wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jZXJ0 aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS9zZmlnMi5jcnQw HwYDVR0jBBgwFoAUJUWBaFAmOD07LSy+zWrZtj2zZmMwJwYDVR0RBCAwHoIOKi5q d2VpbGFuZC5uZXSCDGp3ZWlsYW5kLm5ldDAdBgNVHQ4EFgQUBMl8v7baLYbomXU7 yElyS/+KBPMwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AE51oydcmhDDOFts 1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjZyTMo8AAAQDAEcwRQIhAM+k9nv7OuFo CZtgKQ4G5EhCtAY2cF+DEC1BXulH2RbQAiAokmbFn2cq10TQx3zbwSmrmalRWSlz B0/xpi1MxTgLcwB1AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4AAAB jZyTM5MAAAQDAEYwRAIgdBEjiPYgZXpIADTGR6JjBjXDts3fiERqpEeb1984pccC IBEsKEY+Zx9WUWqgrJ/z8+QR8xG2DyLIjOXnFezLqubYAHcAzPsPaoVxCWX+lZtT zumyfCLphVwNl422qX5UwP5MDbAAAAGNnJM0KQAABAMASDBGAiEA05oltDDYGdVo WPwa6d4AyfGYCksaJHe4Qhe1p/TS3EQCIQDOBurtByS1uCsby1Imhx5ZPSi9FCF6 Hccz5TaOaze3YTANBgkqhkiG9w0BAQsFAAOCAQEAD9BxQ6Zk15lWB/8xsNLIZNOI 8u8/EXUR5oDR/+pozFi+7I2rWvmNgZ0iFaxDK9dOiaaLv3R7n039qr+Xheu+GIms eXWZwJUXA0WFBEyQPYVtv20vjp5xhPY12YV0ARyrGzSKWgCFll3lidgoFIROrKTG Oey4F4WLpiylYyXL4aHysyN0OLview+6+530p3ttIPOOs44UIuCOjkaT3zqUFmyv gVAyG9cGWdvRIgCeqXpwOIsgK+Nf4vf5tjNAi/PKk446nsod3nyfEnPiyXHyTNjg mVjzxdFN+AQ4LhWIcSFPyQXHCvtLyh2cuqxoiwA8Bzlfx7dG2FQUP+w3ivcqyQ== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/Z91Dg9X+IeiBSQm8SY9 OcfOKYlTFMJURsTZK4HscTtsYa3Qepst23Z41OZHXKejy0KjWb7tPV33WAtUOmPM ej2bGDLyg8P6G0SZiRIy7x1ueMwkCN9VE2eLIm+YRZX3FvMuP9MbS1s0u6Y+/3QO bC84liha1IKryBspRaqadF+do4HiIoSL6jGOMkZ6Qt/1dGs6A8rqbdJSiJOGiPV3 oXDVuM3nQxFngwpsNqDejWFMrlqWUCNIrBumBYtcjuY8Yus6247/PSROPaYaDWiL xdgqHkdIqUqsRedeKH4bJL5c7DVBWYz5rW5/C0whqkU0SaL2O+CgTBMI4AQlZOBm gQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 9819115850140660387 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Arizona' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Scottsdale' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Starfield Technologies, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'http://certs.starfieldtech.com/repository/' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Starfield Secure Certificate Authority - G2' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-12 09:08:28 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-13 05:34:11 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.jweiland.net' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 32016922454939326239101304927606029126080192645808523717727699936488537389815103845107799086848456675227198942925055626960753112230105486807736004446540983222793554582339158099739112975770492409826275125166497860134509568528116727239378410902591966548562520915705284601716830175868579405871948925614406411290838814905805278624799689872127560725955022580729659213502664288056461855725063847806564523628862750903182437736826410693329649071434008217917178829886929196351310662652257191142912457455680249025090480483978414499175579202369934452698712746316068913230505112868508574346233778213471429620282694264519487678081 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.starfieldtech.com/sfig2s1-675.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114414.1.7.23.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://certificates.starfieldtech.com/repository/' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (118 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.starfieldtech.com/' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://certificates.starfieldtech.com/repository/sfig2.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 254581685026383d3b2d2cbecd6ad9b63db36663 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.jweiland.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jweiland.net' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 04c97cbfb6da2d86e899753bc849724bff8a04f3 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes) 01680076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d9c93328f0000040300473045022100cfa4f67bfb3ae168099b60290e06e44842b40636705f83102d415ee947d916d00220289266c59f672ad744d0c77cdbc129ab99a951592973074ff1a62d4cc5380b730075007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018d9c9333930000040300463044022074112388f620657a480034c647a2630635c3b6cddf88446aa4479bd7df38a5c70220112c28463e671f56516aa0ac9ff3f3e411f311b60f22c88ce5e715eccbaae6d8007700ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db00000018d9c9334290000040300483046022100d39a25b430d819d56858fc1ae9de00c9f1980a4b1a2477b84217b5a7f4d2dc44022100ce06eaed0724b5b82b1bcb5226871e593d28bd14217a1dc733e5368e6b37b761 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 000fd07143a664d7995607ff31b0d2c864d388f2ef3f117511e680d1ffea68cc58beec8dab5af98d819d2215ac432bd74e89a68bbf747b9f4dfdaabf9785ebbe1889ac797599c09517034585044c903d856dbf6d2f8e9e7184f635d98574011cab1b348a5a0085965de589d82814844eaca4c639ecb817858ba62ca56325cbe1a1f2b3237438bbe27b0fbafb9df4a77b6d20f38eb38e1422e08e8e4693df3a94166caf8150321bd70659dbd122009ea97a70388b202be35fe2f7f9b633408bf3ca938e3a9eca1dde7c9f1273e2c971f24cd8e09958f3c5d14df804382e158871214fc905c70afb4bca1d9cbaac688b003c07395fc7b746d854143fec378af72ac9