*.jweiland.net

Issued by Starfield Secure Certificate Authority - G2

About this certificate

This digital certificate with serial number 88:44:81:d7:80:0a:b2:a3 was issued on by Starfield Technologies, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=*.jweiland.net

Starfield Technologies, Inc.

Organization: Starfield Technologies, Inc.
Organization unit: http://certs.starfieldtech.com/repository/
State / Province: Arizona
Locality: Scottsdale
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 88:44:81:d7:80:0a:b2:a3
Serial Number (int): 9819115850140660387
Serial Number lenght: 64 bits, 8 octets

SubjectKeyId: 04:c9:7c:bf:b6:da:2d:86:e8:99:75:3b:c8:49:72:4b:ff:8a:04:f3
AuthorityKeyId: 25:45:81:68:50:26:38:3d:3b:2d:2c:be:cd:6a:d9:b6:3d:b3:66:63

Fingerprint (sha1): 54:c2:e9:ae:43:13:28:28:19:ca:85:b8:c8:d9:53:fb:e9:3d:4a:bc
Fingerprint (sha256): 5c:51:82:76:76:75:6a:12:ef:eb:ed:53:8f:66:44:aa:96:47:ec:6c:15:d7:a1:49:0b:13:ee:cf:bb:90:64:81

Issuing Certificate URL: http://certificates.starfieldtech.com/repository/sfig2.crt

Revocation information

OCSP Server: http://ocsp.starfieldtech.com/
CRL Distribution Point: http://crl.starfieldtech.com/sfig2s1-675.crl

Check the revocation status for certificate *.jweiland.net

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.jweiland.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.jweiland.net
jweiland.net

Other certificates including the domain name jweiland.net

(limited to 100 certificates)
*.jweiland.net
900618.solr-04.jweiland.net
*.jweiland.net
5150001.solr-01.jweiland.net
*.jweiland.net
solr-48-1.jweiland.net
5089119.solr-05.jweiland.net
11477.solr-04.jweiland.net
solr-48-1.jweiland.net
*.jweiland.net
*.jweiland.net
jweiland.net
*.jweiland.net
jweiland.net
*.jweiland.net
*.jweiland.net
*.jweiland.net
5124001-dev-intra.solr-01.jweiland.net
solr-410-1.jweiland.net
solr-410-3.jweiland.net
typo3template.jweiland.net
9649.solr-01.jweiland.net
mk.jweiland.net

Certificate

The complete raw certificate details for *.jweiland.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGujCCBaKgAwIBAgIJAIhEgdeACrKjMA0GCSqGSIb3DQEBCwUAMIHGMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEl
MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEzMDEGA1UECxMq
aHR0cDovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMTQwMgYD
VQQDEytTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcy
MB4XDTI0MDIxMjA5MDgyOFoXDTI1MDMxMzA1MzQxMVowGTEXMBUGA1UEAwwOKi5q
d2VpbGFuZC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD9n3UO
D1f4h6IFJCbxJj05x84piVMUwlRGxNkrgexxO2xhrdB6my3bdnjU5kdcp6PLQqNZ
vu09XfdYC1Q6Y8x6PZsYMvKDw/obRJmJEjLvHW54zCQI31UTZ4sib5hFlfcW8y4/
0xtLWzS7pj7/dA5sLziWKFrUgqvIGylFqpp0X52jgeIihIvqMY4yRnpC3/V0azoD
yupt0lKIk4aI9XehcNW4zedDEWeDCmw2oN6NYUyuWpZQI0isG6YFi1yO5jxi6zrb
jv89JE49phoNaIvF2CoeR0ipSqxF514ofhskvlzsNUFZjPmtbn8LTCGqRTRJovY7
4KBMEwjgBCVk4GaBAgMBAAGjggNVMIIDUTAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwPQYDVR0fBDYw
NDAyoDCgLoYsaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9zZmlnMnMxLTY3
NS5jcmwwYwYDVR0gBFwwWjBOBgtghkgBhv1uAQcXATA/MD0GCCsGAQUFBwIBFjFo
dHRwOi8vY2VydGlmaWNhdGVzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkv
MAgGBmeBDAECATCBggYIKwYBBQUHAQEEdjB0MCoGCCsGAQUFBzABhh5odHRwOi8v
b2NzcC5zdGFyZmllbGR0ZWNoLmNvbS8wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jZXJ0
aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS9zZmlnMi5jcnQw
HwYDVR0jBBgwFoAUJUWBaFAmOD07LSy+zWrZtj2zZmMwJwYDVR0RBCAwHoIOKi5q
d2VpbGFuZC5uZXSCDGp3ZWlsYW5kLm5ldDAdBgNVHQ4EFgQUBMl8v7baLYbomXU7
yElyS/+KBPMwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AE51oydcmhDDOFts
1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjZyTMo8AAAQDAEcwRQIhAM+k9nv7OuFo
CZtgKQ4G5EhCtAY2cF+DEC1BXulH2RbQAiAokmbFn2cq10TQx3zbwSmrmalRWSlz
B0/xpi1MxTgLcwB1AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4AAAB
jZyTM5MAAAQDAEYwRAIgdBEjiPYgZXpIADTGR6JjBjXDts3fiERqpEeb1984pccC
IBEsKEY+Zx9WUWqgrJ/z8+QR8xG2DyLIjOXnFezLqubYAHcAzPsPaoVxCWX+lZtT
zumyfCLphVwNl422qX5UwP5MDbAAAAGNnJM0KQAABAMASDBGAiEA05oltDDYGdVo
WPwa6d4AyfGYCksaJHe4Qhe1p/TS3EQCIQDOBurtByS1uCsby1Imhx5ZPSi9FCF6
Hccz5TaOaze3YTANBgkqhkiG9w0BAQsFAAOCAQEAD9BxQ6Zk15lWB/8xsNLIZNOI
8u8/EXUR5oDR/+pozFi+7I2rWvmNgZ0iFaxDK9dOiaaLv3R7n039qr+Xheu+GIms
eXWZwJUXA0WFBEyQPYVtv20vjp5xhPY12YV0ARyrGzSKWgCFll3lidgoFIROrKTG
Oey4F4WLpiylYyXL4aHysyN0OLview+6+530p3ttIPOOs44UIuCOjkaT3zqUFmyv
gVAyG9cGWdvRIgCeqXpwOIsgK+Nf4vf5tjNAi/PKk446nsod3nyfEnPiyXHyTNjg
mVjzxdFN+AQ4LhWIcSFPyQXHCvtLyh2cuqxoiwA8Bzlfx7dG2FQUP+w3ivcqyQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/Z91Dg9X+IeiBSQm8SY9
OcfOKYlTFMJURsTZK4HscTtsYa3Qepst23Z41OZHXKejy0KjWb7tPV33WAtUOmPM
ej2bGDLyg8P6G0SZiRIy7x1ueMwkCN9VE2eLIm+YRZX3FvMuP9MbS1s0u6Y+/3QO
bC84liha1IKryBspRaqadF+do4HiIoSL6jGOMkZ6Qt/1dGs6A8rqbdJSiJOGiPV3
oXDVuM3nQxFngwpsNqDejWFMrlqWUCNIrBumBYtcjuY8Yus6247/PSROPaYaDWiL
xdgqHkdIqUqsRedeKH4bJL5c7DVBWYz5rW5/C0whqkU0SaL2O+CgTBMI4AQlZOBm
gQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 9819115850140660387
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Arizona'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Scottsdale'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Starfield Technologies, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'http://certs.starfieldtech.com/repository/'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Starfield Secure Certificate Authority - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-12 09:08:28 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-13 05:34:11 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.jweiland.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 32016922454939326239101304927606029126080192645808523717727699936488537389815103845107799086848456675227198942925055626960753112230105486807736004446540983222793554582339158099739112975770492409826275125166497860134509568528116727239378410902591966548562520915705284601716830175868579405871948925614406411290838814905805278624799689872127560725955022580729659213502664288056461855725063847806564523628862750903182437736826410693329649071434008217917178829886929196351310662652257191142912457455680249025090480483978414499175579202369934452698712746316068913230505112868508574346233778213471429620282694264519487678081
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.starfieldtech.com/sfig2s1-675.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114414.1.7.23.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://certificates.starfieldtech.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (118 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.starfieldtech.com/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://certificates.starfieldtech.com/repository/sfig2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 254581685026383d3b2d2cbecd6ad9b63db36663
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.jweiland.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jweiland.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							04c97cbfb6da2d86e899753bc849724bff8a04f3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d9c93328f0000040300473045022100cfa4f67bfb3ae168099b60290e06e44842b40636705f83102d415ee947d916d00220289266c59f672ad744d0c77cdbc129ab99a951592973074ff1a62d4cc5380b730075007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018d9c9333930000040300463044022074112388f620657a480034c647a2630635c3b6cddf88446aa4479bd7df38a5c70220112c28463e671f56516aa0ac9ff3f3e411f311b60f22c88ce5e715eccbaae6d8007700ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db00000018d9c9334290000040300483046022100d39a25b430d819d56858fc1ae9de00c9f1980a4b1a2477b84217b5a7f4d2dc44022100ce06eaed0724b5b82b1bcb5226871e593d28bd14217a1dc733e5368e6b37b761
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000fd07143a664d7995607ff31b0d2c864d388f2ef3f117511e680d1ffea68cc58beec8dab5af98d819d2215ac432bd74e89a68bbf747b9f4dfdaabf9785ebbe1889ac797599c09517034585044c903d856dbf6d2f8e9e7184f635d98574011cab1b348a5a0085965de589d82814844eaca4c639ecb817858ba62ca56325cbe1a1f2b3237438bbe27b0fbafb9df4a77b6d20f38eb38e1422e08e8e4693df3a94166caf8150321bd70659dbd122009ea97a70388b202be35fe2f7f9b633408bf3ca938e3a9eca1dde7c9f1273e2c971f24cd8e09958f3c5d14df804382e158871214fc905c70afb4bca1d9cbaac688b003c07395fc7b746d854143fec378af72ac9