bywaterconsortium.aspendiscovery.org

Issued by R3

About this certificate

This digital certificate with serial number 04:d2:37:42:fe:35:1f:c3:ae:0b:b7:61:fe:89:f7:03:2e:60 was issued on by Let's Encrypt.

With 6 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=bywaterconsortium.aspendiscovery.org

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:d2:37:42:fe:35:1f:c3:ae:0b:b7:61:fe:89:f7:03:2e:60
Serial Number (int): 419981896167739860123964938423533574499936
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: e1:3c:a4:14:db:a7:99:ab:66:75:09:dd:51:9b:cf:82:4f:1a:b0:89
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 7b:cc:5b:1a:d3:05:16:1f:52:50:a4:7c:29:ba:fa:a6:20:80:e7:89
Fingerprint (sha256): 5c:c2:11:2f:99:35:da:fb:3b:0c:33:89:7e:c3:da:48:4f:89:96:da:51:35:a1:b3:68:07:0d:5c:01:eb:15:f7

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate bywaterconsortium.aspendiscovery.org

6

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for bywaterconsortium.aspendiscovery.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

aspen-model.bywatersolutions.com
aspen-model2.bywatersolutions.com
bookmobile.aspendiscovery.org
bywaterconsortium.aspendiscovery.org
southwest.aspendiscovery.org
tribranches.aspendiscovery.org

Other certificates including the domain name aspendiscovery.org

(limited to 100 certificates)
catalog.plumcreeklibrary.net
catalog.eulesstx.gov
abbotsford.aspendiscovery.org
opac.westchesterlibraries.org
www.uintahlibrary.org
evpl.aspendiscovery.org
darien.aspendiscovery.org
cadl.aspendiscovery.org
vokal-aspen.bywatersolutions.com
catalog.eulesstx.gov
librarycat.marionfl.org
catalog.eulesstx.gov
mckinney.aspendiscovery.org
blackgold.org
mcpl.aspendiscovery.org
clams.aspendiscovery.org
opac.westchesterlibraries.org
gmilcs.aspendiscovery.org
acpl.us
spokane.aspendiscovery.org
pit.aspendiscovery.org
catalog.sbplibrary.org
vokal-aspen.bywatersolutions.com
catalog.santafelibrary.org
monterey.aspendiscovery.org
bywaterconsortium.aspendiscovery.org
metrolibrary.aspendiscovery.org
help.aspendiscovery.org
mountainview.aspendiscovery.org
gmilcs.aspendiscovery.org
catalog.dubcolib.org
blackgold.org
gmilcs.aspendiscovery.org
catalog.dmpl.org
corvallis.aspendiscovery.org
clams.aspendiscovery.org
vokal-aspen.bywatersolutions.com
cedarpark.aspendiscovery.org
readokaloosa.org
ainsworth.aspendiscovery.org
blackgold.org
www.uintahlibrary.org
catalog.eulesstx.gov
blackgold.org
vokal-aspen.bywatersolutions.com
mountainview.aspendiscovery.org
catalog.sbplibrary.org
huntsville.aspendiscovery.org
bywaterconsortium.aspendiscovery.org
clams.aspendiscovery.org
clams.aspendiscovery.org
blackgold.org
cat.ryepubliclibrary.org
aacpl.aspendiscovery.org
acpl.us
prosper.aspendiscovery.org
ramapo-koha.aspendiscovery.org
clams.aspendiscovery.org
acpl.us
corvallis.aspendiscovery.org
prosper.aspendiscovery.org
blackgold.org
pasco.aspendiscovery.org
ainsworth.aspendiscovery.org
catalog.slolibrary.org
metrolibrary.aspendiscovery.org
payson.aspendiscovery.org
fayetteville.aspendiscovery.org
readokaloosa.org
catalog.dmpl.org
clams.aspendiscovery.org
catalog.losgatosca.gov
pcpls.aspendiscovery.org
aabrown.aspendiscovery.org
carnegiestout.aspendiscovery.org
catalog.ncwlibraries.org
blackgold.org
acpl.us
discover.knoxcountylibrary.org
abbott.aspendiscovery.org
fayetteville.aspendiscovery.org
acpl.us
clams.aspendiscovery.org
vokal-aspen.bywatersolutions.com
clams.aspendiscovery.org
maininc.aspendiscovery.org
catalog.eulesstx.gov
metroshare.aspendiscovery.org
pioneer.aspendiscovery.org
clams.aspendiscovery.org
abbotsford.aspendiscovery.org
gmilcs.aspendiscovery.org
metroshare.aspendiscovery.org
huntsville.aspendiscovery.org
catalog.ncwlibraries.org
rclstn.aspendiscovery.org
catalog.uintahlibrary.org
blackgold.org
epcounty.aspendiscovery.org
discover.knoxcountylibrary.org

Certificate

The complete raw certificate details for bywaterconsortium.aspendiscovery.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFuDCCBKCgAwIBAgISBNI3Qv41H8OuC7dh/on3Ay5gMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAyMTMwODA4MjJaFw0yNDA1MTMwODA4MjFaMC8xLTArBgNVBAMT
JGJ5d2F0ZXJjb25zb3J0aXVtLmFzcGVuZGlzY292ZXJ5Lm9yZzCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAO4zl3WCxGxsKPeNQMBPZW0eRgYSu017qYuv
1hKv7tqZQPIfKbOHWrgJwI6XTcJB741dA4Jp4oVp/+QWoZX/kW73M8szj3bPvQmM
m5DvHCVcwWMeuOVcj0Zm9PaE4OXw8UEwWKP+vr6Mj030gqNwsQaeOzs6nmQqYAmn
ApN/kkovilsuSil9K5lzMsct/AIy13SSXnq6VWx/XeuUysfBeS4/prCiYIKZP37L
AeJ2O0Zp7EyV8y2qujwP98IGC9py845fN9UMSYOrzbNMV+dTL/m66SoBYOLEsrhw
6hseLOBL9FJJPzDJQoXeJkQPN+kRgjdWscwqozPSu2iBYO7EBKcCAwEAAaOCAskw
ggLFMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU4TykFNunmatmdQndUZvPgk8asIkw
HwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBH
MCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKG
Fmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wgdMGA1UdEQSByzCByIIgYXNwZW4tbW9k
ZWwuYnl3YXRlcnNvbHV0aW9ucy5jb22CIWFzcGVuLW1vZGVsMi5ieXdhdGVyc29s
dXRpb25zLmNvbYIdYm9va21vYmlsZS5hc3BlbmRpc2NvdmVyeS5vcmeCJGJ5d2F0
ZXJjb25zb3J0aXVtLmFzcGVuZGlzY292ZXJ5Lm9yZ4Icc291dGh3ZXN0LmFzcGVu
ZGlzY292ZXJ5Lm9yZ4IedHJpYnJhbmNoZXMuYXNwZW5kaXNjb3Zlcnkub3JnMBMG
A1UdIAQMMAowCAYGZ4EMAQIBMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUAO1N3
dT4tuYBOizBbBv5AO2fYT8P0x70ADS1yb+H61BcAAAGNobl4LwAABAMARjBEAiA9
N08aNRk5vrjuwTJGY+alDQqVJIzOS0i7XXKtjS/GCQIgFOeLj+JzkJXtI1dGg1jg
VAdE55VKAvzvqr8HxnM+ksAAdQB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+Zn
TFo6dAAAAY2huXhyAAAEAwBGMEQCIFWz2LPfrFBi3OIUcJ7vBKdQtVYE6OjXemhP
vI6bJhdRAiA3zhrfpnmb21/adwt3PAJUmn1AMIg8/fLAtXLDjgknczANBgkqhkiG
9w0BAQsFAAOCAQEAWm770dwEwvYN4J2upr41KN9LurhLqn7ZfAQngzQNy8F76d1z
q0cXhnsOSbvou/c7eoBmhNletVhw4FCe3U/a1JrCNFUYqMGtVpBfMBJAT9ZqpQe2
JRwmKnjnU4JuAloGwJJHOuyLWiWTiQbOC2k2xDFpJDvWGfrXEoohRQ6C+ne/lBs4
OsnmJEtssARI0Zg1TnDrZpeSU2PGBfBmAmkIYn5hrf5l4t33IuE9OUvZmeD97qE7
vfL+9Mip9ToGb2Z9Hf0Wq+JW33Dn21mM4P8vkmBuPsezrrYwvCM6sIp6TOWXjhZ6
b9jYvECYRdM22NS6hj0x3Pmj9SzwXGw+yYYlCg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7jOXdYLEbGwo941AwE9l
bR5GBhK7TXupi6/WEq/u2plA8h8ps4dauAnAjpdNwkHvjV0DgmnihWn/5Bahlf+R
bvczyzOPds+9CYybkO8cJVzBYx645VyPRmb09oTg5fDxQTBYo/6+voyPTfSCo3Cx
Bp47OzqeZCpgCacCk3+SSi+KWy5KKX0rmXMyxy38AjLXdJJeerpVbH9d65TKx8F5
Lj+msKJggpk/fssB4nY7RmnsTJXzLaq6PA/3wgYL2nLzjl831QxJg6vNs0xX51Mv
+brpKgFg4sSyuHDqGx4s4Ev0Ukk/MMlChd4mRA836RGCN1axzCqjM9K7aIFg7sQE
pwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 419981896167739860123964938423533574499936
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-13 08:08:22 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-13 08:08:21 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'bywaterconsortium.aspendiscovery.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30070157366230220784908751345537560578892011441670941718925922778361841763689375915229806643609187227805611813275573675455840668238225179655226427826128003761510364906448268589319034435670242349267314445370929214164867249668077486660065563527527192301382068313440360032653880308436906756974325657467576643131885748768061747052457466257868534901530409463972162006314641286704507691446034460856890685280170958177987060653375525558441054559307391324309353506049355887044521087957012477267302466019142879204749886217483508049818561262876332672374886719385569379877672595899366271897329584085718179241389352136721345807527
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e13ca414dba799ab667509dd519bcf824f1ab089
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (203 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aspen-model.bywatersolutions.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aspen-model2.bywatersolutions.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bookmobile.aspendiscovery.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bywaterconsortium.aspendiscovery.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'southwest.aspendiscovery.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tribranches.aspendiscovery.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (240 bytes)
							00ee0075003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018da1b9782f000004030046304402203d374f1a351939beb8eec1324663e6a50d0a95248cce4b48bb5d72ad8d2fc609022014e78b8fe2739095ed2357468358e0540744e7954a02fcefaabf07c6733e92c000750076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018da1b978720000040300463044022055b3d8b3dfac5062dce214709eef04a750b55604e8e8d77a684fbc8e9b261751022037ce1adfa6799bdb5fda770b773c02549a7d4030883cfdf2c0b572c38e092773
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		005a6efbd1dc04c2f60de09daea6be3528df4bbab84baa7ed97c042783340dcbc17be9dd73ab4717867b0e49bbe8bbf73b7a806684d95eb55870e0509edd4fdad49ac2345518a8c1ad56905f3012404fd66aa507b6251c262a78e753826e025a06c092473aec8b5a25938906ce0b6936c43169243bd619fad7128a21450e82fa77bf941b383ac9e6244b6cb00448d198354e70eb6697925363c605f066026908627e61adfe65e2ddf722e13d394bd999e0fdeea13bbdf2fef4c8a9f53a066f667d1dfd16abe256df70e7db598ce0ff2f92606e3ec7b3aeb630bc233ab08a7a4ce5978e167a6fd8d8bc409845d336d8d4ba863d31dcf9a3f52cf05c6c3ec986250a