*.diatem.net

Issued by GlobalSign Domain Validation CA - SHA256 - G2

About this certificate

This digital certificate with serial number 34:4d:2e:f9:fc:cf:9a:2a:b0:a1:0a:6d was issued on by GlobalSign nv-sa.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=*.diatem.net,OU=Domain Control Validated

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 34:4d:2e:f9:fc:cf:9a:2a:b0:a1:0a:6d
Serial Number (int): 16186529639134704903378766445
Serial Number lenght: 94 bits, 12 octets

SubjectKeyId: 30:7e:7f:e9:28:db:07:ca:5b:71:60:1c:38:57:cd:f8:ed:48:e4:76
AuthorityKeyId: ea:4e:7c:d4:80:2d:e5:15:81:86:26:8c:82:6d:c0:98:a4:cf:97:0f

Fingerprint (sha1): 05:8b:42:4c:dd:bc:b1:cd:ae:3a:c2:30:c3:99:52:82:a1:4c:bd:08
Fingerprint (sha256): 62:b2:1a:bf:dd:78:82:57:26:ab:39:9a:a3:58:ca:ab:f8:3e:d3:5f:31:cc:7c:c0:85:2b:ba:f8:06:40:2c:3d

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsdomainvalsha2g2r1.crt

Revocation information

OCSP Server: http://ocsp2.globalsign.com/gsdomainvalsha2g2
CRL Distribution Point: http://crl.globalsign.com/gs/gsdomainvalsha2g2.crl

Check the revocation status for certificate *.diatem.net

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.diatem.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.diatem.net
diatem.net

Other certificates including the domain name diatem.net

(limited to 100 certificates)
status.autospf.com
status.autospf.com
status.mediaconnect.no
status.autospf.com
*.diatem.net
status.waps.solutions
status.autospf.com
*.diatem.net
status.mediaconnect.no
status.autospf.com
jabber.diatem.net
status.waps.solutions
*.diatem.net
swing.diatem.net
status.warrantywise.co.uk
status.warrantywise.co.uk
status.waps.solutions
status.synccentral.eu
status.autospf.com
status.zoho.sa
status.virtual-developer.com
status.autospf.com
status.warrantywise.co.uk
status.justaftermidnight.io
status.diatem.net
status.skynetexpress.com
status.autospf.com
swing.diatem.net
status.autospf.com
exchange.diatem.net
status.limonadadigital.com
status.autospf.com
status.virtual-developer.com
status.warrantywise.co.uk
status.autospf.com
status.allgreenhosting.global
*.diatem.net
*.diatem.net
status.justaftermidnight.io
status.synccentral.eu
status.autospf.com
exchange.diatem.net
status.diatem.net
status.justaftermidnight.io
*.diatem.net
status.autospf.com
status.autospf.com
status.allgreenhosting.global
status.autospf.com
jabber.diatem.net
status.mycubes.nl
status.autospf.com
status.mycubes.nl
status.limonadadigital.com
status.autospf.com
status.autospf.com
jabber.diatem.net
status.waps.solutions
fr.status.oodrive.com
*.diatem.net
swing.diatem.net
status.autospf.com
status.mediaconnect.no
status.virtual-developer.com
jabber.diatem.net
status.autospf.com
status.limonadadigital.com
*.diatem.net
fr.status.oodrive.com
status.justaftermidnight.io
status.allgreenhosting.global
swing.diatem.net
status.autospf.com
status.autospf.com
status.autospf.com
status.autospf.com
status.autospf.com
status.mediaconnect.no
status.autospf.com
status.mycubes.nl
jabber.diatem.net
status.autospf.com
*.diatem.net
*.diatem.net
status.virtual-developer.com
jabber.diatem.net
status.autospf.com
status.allgreenhosting.global
status.autospf.com
status.autospf.com
status.autospf.com

Certificate

The complete raw certificate details for *.diatem.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHazCCBlOgAwIBAgIMNE0u+fzPmiqwoQptMA0GCSqGSIb3DQEBCwUAMGAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H
bG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN
MTYxMDExMjIxMDQ0WhcNMTkxMDEyMjIxMDQ0WjA6MSEwHwYDVQQLExhEb21haW4g
Q29udHJvbCBWYWxpZGF0ZWQxFTATBgNVBAMMDCouZGlhdGVtLm5ldDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7UU2etpe/2lrtkcRpsXbSz3QIMunKB
Pa/0EghVQKmLKhz+6TrbYOf1FAqoGO7/sEiyCvWhPIx2Or19nY9aBwxGErmp5Csy
93Gud0hsxoBxTvwUNoPn7HyK1ojtyp6XgkbekDitN7Upcv+tU+r0RZ9vurgs1EBT
BAK/wFhhmaiVZvTZmSAflONqggOsAN9ipqvQloNN7F6jgg/pSaNI0V+FXvJaJYAp
WsvMjFqNhuT6lIsvXq2U32UFyT3ZBGjT0z+hC2iHGwmU0ZYLTkgMhlb3H7+7rDkT
LqtpDDdEoIh1ddEK/ss3BdOd4yHgNDuR5TwPL5bnOpYsQ18bmP//o/0CAwEAAaOC
BEkwggRFMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYB
BQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9t
YWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xv
YmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEE
AaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20v
cmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDag
NIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJn
Mi5jcmwwIwYDVR0RBBwwGoIMKi5kaWF0ZW0ubmV0ggpkaWF0ZW0ubmV0MB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUMH5/6SjbB8pbcWAc
OFfN+O1I5HYwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggJuBgor
BgEEAdZ5AgQCBIICXgSCAloCWAB2AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0R
xM227L7MAAABV7XMQ3cAAAQDAEcwRQIgc9oBQWxrooUPhl7qMyV+F63mImAjub7f
xyIuLI+frGcCIQDzeyCUPtMPJrYfURpG2K9Ou55wjnBkJbpO82OpqDpx4QB2AFYU
Bpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABV7XMRbsAAAQDAEcwRQIh
AJrku3ImbzE3rEJqIe8HB9XifVXjoyNKN+F3toYF+KL+AiAQrGohkD25jqQXYYuF
V5gsq7CdhxcNnAcn2fn2EC/WQQB3AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0Qpn
rLtPT/vEAAABV7XMR1YAAAQDAEgwRgIhAOxZJ30q0tK7B/zzaJkLo5nM1zCCtG+2
KQYMBy/y9sJ4AiEAzMRRW1CG7ir9/R9uyu2NzAVoegv1zzRSOeWOOknr0R4AdQCk
uQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVe1zEceAAAEAwBGMEQC
IC3ZLpyisHzr6uvyupJCZDvWDVajzCkRN4wxu73Mr7ppAiBI29A6HFwq0qL+iguZ
Qy0jCWpJhNqp7k6EO7cvsoYn5QB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDE
e4l6qP3LAAABV7XMSZUAAAQDAEcwRQIgdn0Dr0e7KLw+yy9y2mTLMk9aBKM9Sowq
XglLxflQ3C8CIQDyhMxwYk/C+Lf1DqqsP5wTuInCjnZ5K7Po/NtKpAQCJjANBgkq
hkiG9w0BAQsFAAOCAQEAZthxXXLwRpzK7BLbQlls3jxbJrVd5glIiOSY79n2LRup
HptXwe/dtRUL9cjTvat/I0Ff9aFfGiBlf32sxgXdkqnaSOAHCUs9JEKK9eyuk9bk
WH0ealceIn1yzviDXJFApeXHCKWx5M1NPSXqDgyUatIlvD5+TDuCSv5m90nD6dro
v2c9rWChh3JMYQZ/pDpSkFsCAiAqIrsVgB6XB8xDO6+rpx8Rw28Bg1SXwVaamZgn
OZvYPDRW6hYQl5n/FAjuGFZnznYtGacQyVvKkbkT3yBp8X8AQVWn5eQ2XrcabPto
Q9I7JCBN8LIqvHkTwqVPj43yc50aOscSGZuzAVyqRQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtRTZ62l7/aWu2RxGmxd
tLPdAgy6coE9r/QSCFVAqYsqHP7pOttg5/UUCqgY7v+wSLIK9aE8jHY6vX2dj1oH
DEYSuankKzL3ca53SGzGgHFO/BQ2g+fsfIrWiO3KnpeCRt6QOK03tSly/61T6vRF
n2+6uCzUQFMEAr/AWGGZqJVm9NmZIB+U42qCA6wA32Kmq9CWg03sXqOCD+lJo0jR
X4Ve8lolgClay8yMWo2G5PqUiy9erZTfZQXJPdkEaNPTP6ELaIcbCZTRlgtOSAyG
Vvcfv7usORMuq2kMN0SgiHV10Qr+yzcF053jIeA0O5HlPA8vluc6lixDXxuY//+j
/QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 16186529639134704903378766445
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign Domain Validation CA - SHA256 - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-10-11 22:10:44 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-12 22:10:44 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Domain Control Validated'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.diatem.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22070166818734579025005297902093247497568185280337992269364654023308050726161603641959473795247659529036750292972895615240205223954424075939227702214125862809452565210853234611464302890153079332469027856857299569254830929756427818898446411255089650330779855038408229284344163759868414568164438491647341659854116479129953888223899655081199591250264424990582271503401295900617305369205269650974923208139026036258488105497672599479877579676917359693995717201703187243146754665132482910651109834563278567633683225936710914575339069165658820513287489832175534546502227805746355934575430112229967993080991736737890920539133
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsdomainvalsha2g2r1.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsdomainvalsha2g2'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.10 (globalsignDVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (60 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gs/gsdomainvalsha2g2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.diatem.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'diatem.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							307e7fe928db07ca5b71601c3857cdf8ed48e476
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ea4e7cd4802de5158186268c826dc098a4cf970f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (606 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (602 bytes)
							0258007600ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc00000157b5cc43770000040300473045022073da01416c6ba2850f865eea33257e17ade6226023b9bedfc7222e2c8f9fac67022100f37b20943ed30f26b61f511a46d8af4ebb9e708e706425ba4ef363a9a83a71e10076005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd00000157b5cc45bb00000403004730450221009ae4bb72266f3137ac426a21ef0707d5e27d55e3a3234a37e177b68605f8a2fe022010ac6a21903db98ea417618b8557982cabb09d87170d9c0727d9f9f6102fd64100770068f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc400000157b5cc47560000040300483046022100ec59277d2ad2d2bb07fcf368990ba399ccd73082b46fb629060c072ff2f6c278022100ccc4515b5086ee2afdfd1f6ecaed8dcc05687a0bf5cf345239e58e3a49ebd11e007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000157b5cc471e000004030046304402202dd92e9ca2b07cebeaebf2ba9242643bd60d56a3cc2911378c31bbbdccafba69022048dbd03a1c5c2ad2a2fe8a0b99432d23096a4984daa9ee4e843bb72fb28627e5007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb00000157b5cc499500000403004730450220767d03af47bb28bc3ecb2f72da64cb324f5a04a33d4a8c2a5e094bc5f950dc2f022100f284cc70624fc2f8b7f50eaaac3f9c13b889c28e76792bb3e8fcdb4aa4040226
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0066d8715d72f0469ccaec12db42596cde3c5b26b55de6094888e498efd9f62d1ba91e9b57c1efddb5150bf5c8d3bdab7f23415ff5a15f1a20657f7dacc605dd92a9da48e007094b3d24428af5ecae93d6e4587d1e6a571e227d72cef8835c9140a5e5c708a5b1e4cd4d3d25ea0e0c946ad225bc3e7e4c3b824afe66f749c3e9dae8bf673dad60a187724c61067fa43a52905b0202202a22bb15801e9707cc433bafaba71f11c36f01835497c1569a999827399bd83c3456ea16109799ff1408ee185667ce762d19a710c95bca91b913df2069f17f004155a7e5e4365eb71a6cfb6843d23b24204df0b22abc7913c2a54f8f8df2739d1a3ac712199bb3015caa45