www.co2-raportti.fi

Issued by Telia Domain Validation SSL CA v1

About this certificate

This digital certificate with serial number 01:63:91:7c:32:14:05:58:db:ab:9b:29:71:15:ed was issued on by Telia Finland Oyj.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • If certificate policy 2.23.140.1.2.2 is included, organizationName MUST be included in subject (BRs: 7.1.6.4)
  • If certificate policy 2.23.140.1.2.2 is included, countryName MUST be included in subject (BRs: 7.1.6.4)
  • If certificate policy 2.23.140.1.2.2 is included, localityName or stateOrProvinceName MUST be included in subject (BRs: 7.1.6.4)
  • KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=www.co2-raportti.fi

Telia Finland Oyj

Organization: Telia Finland Oyj
Country: FI

This certificate has expire since

Certificate Details

Serial Number (hex): 01:63:91:7c:32:14:05:58:db:ab:9b:29:71:15:ed
Serial Number (int): 7211781929542966123250058280375789
Serial Number lenght: 113 bits, 15 octets

SubjectKeyId: d9:2b:2a:8a:38:86:46:b7:bb:59:03:c8:32:fe:da:e0:b9:c9:0e:83
AuthorityKeyId: 49:6c:32:53:7c:5d:ed:2b:e3:a2:ab:9c:0b:c9:5d:e4:95:d4:92:5f

Fingerprint (sha1): 6f:5c:a9:62:84:40:57:1b:51:f4:aa:30:57:33:b6:33:e3:6d:ad:94
Fingerprint (sha256): 5e:12:1c:a8:69:f9:30:65:2b:db:1e:95:a8:d6:6a:a9:c7:27:fe:67:91:2d:3a:a8:a9:5d:31:b9:23:cf:d7:eb

Issuing Certificate URL: http://httpcrl.trust.telia.com/teliadomainvalidationsslcav1.cer

Revocation information

OCSP Server: http://ocsp.trust.telia.com
CRL Distribution Point: http://httpcrl.trust.telia.com/teliadomainvalidationsslcav1.crl

Check the revocation status for certificate www.co2-raportti.fi

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.co2-raportti.fi

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.co2-raportti.fi
co2-raportti.fi

Other certificates including the domain name co2-raportti.fi

(limited to 100 certificates)
www.co2-raportti.fi
benviroc.com
www.co2-raportti.fi
benviroc.com
benviroc.com
co2-raportti.fi
co2-raportti.fi
benviroc.com
www.co2-raportti.fi
benviroc.com
benviroc.com
benviroc.com
www.co2-raportti.fi
www.co2-raportti.fi
www.co2-raportti.fi
benviroc.com
benviroc.com

Certificate

The complete raw certificate details for www.co2-raportti.fi in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHPTCCBSWgAwIBAgIPAWORfDIUBVjbq5spcRXtMA0GCSqGSIb3DQEBCwUAMFUx
CzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEqMCgGA1UE
AwwhVGVsaWEgRG9tYWluIFZhbGlkYXRpb24gU1NMIENBIHYxMB4XDTE4MDUyNDA5
MzAyNVoXDTE5MDUyNDA5MzAyNVowHjEcMBoGA1UEAwwTd3d3LmNvMi1yYXBvcnR0
aS5maTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJxrlVnI5zVwS81j
75HbhTnPCzbfkC4iTzkzHxTyF+XQteWnEzNTQ50uldXwKjWt9s2sA5WIzvjDHWM7
WjUb2YtFh9dRB48/SqLsBVTP505TTbd2HRUmiHlXFbxsAhpG/yWe8lcDdXoLk4Do
lTs8uTisynkbGK3RVt4SmuOfoXK0bdKHZ7so/oIdvI3xndSSiFFDYD/RsPaNKasO
Y0paHKPLoPFwZzNz8V9uUDcpqMdkE4D86qe7D8jaYENRlMwFnLkx/qdsOdG7ul55
cRJOZS78kClN+AaIaMZz89fs1U2Z/61Mc/lD30/3jgBIZaBSbAYxfGstwZ/zeD5B
CjC/8o8CAwEAAaOCAz8wggM7MB8GA1UdIwQYMBaAFElsMlN8Xe0r46KrnAvJXeSV
1JJfMB0GA1UdDgQWBBTZKyqKOIZGt7tZA8gy/trguckOgzAOBgNVHQ8BAf8EBAMC
BLAwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL2Nw
cy50cnVzdC50ZWxpYS5jb20vMC8GA1UdEQQoMCaCE3d3dy5jbzItcmFwb3J0dGku
ZmmCD2NvMi1yYXBvcnR0aS5maTBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwOi8vaHR0
cGNybC50cnVzdC50ZWxpYS5jb20vdGVsaWFkb21haW52YWxpZGF0aW9uc3NsY2F2
MS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMIGEBggrBgEFBQcB
AQR4MHYwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnRydXN0LnRlbGlhLmNvbTBL
BggrBgEFBQcwAoY/aHR0cDovL2h0dHBjcmwudHJ1c3QudGVsaWEuY29tL3RlbGlh
ZG9tYWludmFsaWRhdGlvbnNzbGNhdjEuY2VyMIIBfgYKKwYBBAHWeQIEAgSCAW4E
ggFqAWgAdgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWORfEqY
AAAEAwBHMEUCIEMiiY7xx3c29On+1LyhnG9yu99HJmA1P9C5o+34rylOAiEAld4l
snO1spgCHyhf9u/YaafIgBQ/mGALoOsiAbpiZD0AdQBVgdTCFpA2AUrqC5tXPFPw
wOQ4eHAlCBcvo6odBxPTDAAAAWORfEupAAAEAwBGMEQCIEODB8ACa1UuwK45XeXn
uO57Upf5l7xycwaZAP8yqapyAiBpn9wbg6HJRId5rvtrTzF6qKdPjTqC/5PgceaF
Krt6wgB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABY5F8ShsA
AAQDAEgwRgIhANNx+CgyLqelACFu4Y/5/c9kL3Stx4xJsNtD6rdyfFf9AiEAsf6s
VCevabOOGphLYfF4VmqFclHg1YDAO9nGdttlGRowDQYJKoZIhvcNAQELBQADggIB
AECxZAASwplkkcds9f06Y1oQ3TizGqlTujluwGjkZXjNGPLmomLSBN1ChxPb6oEF
GbkwFGNZxp7m1Z4yXz8a5U+tp4K5mvtM7A08igjeoZwDftyyMaI4NUbcO/u/3VbK
SDH1lYzZv4Er7mfnQ657wOjCMuR45F4sjUUshEvIB6Jh6Ijg0wnvMcTJsvBIA3Ef
Mp/8mkKrRnZ7ALgiA2wrmGmdLTRfJi7J4i/RWaeW8/yMmlEFFSgJDpECXQ7u1LAM
N6EJ2IXYSJ40f8SZqfgWA8IaQ/yYQ4T1w9vvqFzEYl+TMPqO2j/fI3XC2YeXB6hl
HEb8flEdjdTBs3eJTdnwMGvElhc2tfcvh7cCimRhm73lRob7Go5UJarVk0bH+JFc
yzWWD4OYv0/xxfxW+zKTwwyjj3nA3COuCSaFfsz2vLJFO1F3DpQ8TUFGgZeC/JQ3
GTHnKrTqS3RnYRBgfzAXNHrn4XaitzQ2IRUOFERB7kIZwO8lkDBsVa2jqOb3do9W
f1y9dxujyL4BmrR8gOhGhPck9EQisIfiys74kyPGg7fGoXtctl0VFLjzdmG4l6S8
l9QztVlAqIMzcBIVFmsmNC8vGSmzIFf08MGx42Ygxxy1CHfhRkn+RgQp4a5Tli2S
tn/ZtW4gtagKbR1uHlPFcmm5uPsu3ZtpvtQRrUx2z87l
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGuVWcjnNXBLzWPvkduF
Oc8LNt+QLiJPOTMfFPIX5dC15acTM1NDnS6V1fAqNa32zawDlYjO+MMdYztaNRvZ
i0WH11EHjz9KouwFVM/nTlNNt3YdFSaIeVcVvGwCGkb/JZ7yVwN1eguTgOiVOzy5
OKzKeRsYrdFW3hKa45+hcrRt0odnuyj+gh28jfGd1JKIUUNgP9Gw9o0pqw5jSloc
o8ug8XBnM3PxX25QNymox2QTgPzqp7sPyNpgQ1GUzAWcuTH+p2w50bu6XnlxEk5l
LvyQKU34BohoxnPz1+zVTZn/rUxz+UPfT/eOAEhloFJsBjF8ay3Bn/N4PkEKML/y
jwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 7211781929542966123250058280375789
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Telia Finland Oyj'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Telia Domain Validation SSL CA v1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-05-24 09:30:25 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-05-24 09:30:25 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'www.co2-raportti.fi'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19746226927115947829608873747869099693953911555318472820454801703953002373946963630904403516112472209233977773729387477709053497352856064056701981215603025933015580058349169219326231247596350954053526563678699988291074718552888796725676181057118397723663789180168530092567909035216994921404417310992427241948551413369990272388164766380037819673969122299916134531726558243227088057979403185529736712968062683496982577468033216094723156079358643369187728260951015623435829081371652345457813632995370976156234835779925664804486273565494633160652083321283474693155279604392733668478282780502566410481412012742735101424271
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 496c32537c5ded2be3a2ab9c0bc95de495d4925f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d92b2a8a388646b7bb5903c832fedae0b9c90e83
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.trust.telia.com/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.co2-raportti.fi'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'co2-raportti.fi'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://httpcrl.trust.telia.com/teliadomainvalidationsslcav1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (120 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.trust.telia.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://httpcrl.trust.telia.com/teliadomainvalidationsslcav1.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d91300000163917c4a98000004030047304502204322898ef1c77736f4e9fed4bca19c6f72bbdf472660353fd0b9a3edf8af294e02210095de25b273b5b298021f285ff6efd869a7c880143f98600ba0eb2201ba62643d0075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000163917c4ba900000403004630440220438307c0026b552ec0ae395de5e7b8ee7b5297f997bc7273069900ff32a9aa720220699fdc1b83a1c9448779aefb6b4f317aa8a74f8d3a82ff93e071e6852abb7ac2007700ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb00000163917c4a1b0000040300483046022100d371f828322ea7a500216ee18ff9fdcf642f74adc78c49b0db43eab7727c57fd022100b1feac5427af69b38e1a984b61f178566a857251e0d580c03bd9c676db65191a
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0040b1640012c2996491c76cf5fd3a635a10dd38b31aa953ba396ec068e46578cd18f2e6a262d204dd428713dbea810519b930146359c69ee6d59e325f3f1ae54fada782b99afb4cec0d3c8a08dea19c037edcb231a2383546dc3bfbbfdd56ca4831f5958cd9bf812bee67e743ae7bc0e8c232e478e45e2c8d452c844bc807a261e888e0d309ef31c4c9b2f04803711f329ffc9a42ab46767b00b822036c2b98699d2d345f262ec9e22fd159a796f3fc8c9a51051528090e91025d0eeed4b00c37a109d885d8489e347fc499a9f81603c21a43fc984384f5c3dbefa85cc4625f9330fa8eda3fdf2375c2d9879707a8651c46fc7e511d8dd4c1b377894dd9f0306bc4961736b5f72f87b7028a64619bbde54686fb1a8e5425aad59346c7f8915ccb35960f8398bf4ff1c5fc56fb3293c30ca38f79c0dc23ae0926857eccf6bcb2453b51770e943c4d4146819782fc94371931e72ab4ea4b74676110607f3017347ae7e176a2b7343621150e144441ee4219c0ef2590306c55ada3a8e6f7768f567f5cbd771ba3c8be019ab47c80e84684f724f44422b087e2cacef89323c683b7c6a17b5cb65d1514b8f37661b897a4bc97d433b55940a88333701215166b26342f2f1929b32057f4f0c1b1e36620c71cb50877e14649fe460429e1ae53962d92b67fd9b56e20b5a80a6d1d6e1e53c57269b9b8fb2edd9b69bed411ad4c76cfcee5