portal.themarkus.at

Issued by StartCom Class 1 DV Server CA

About this certificate

This digital certificate with serial number 2d:b3:19:56:b7:cb:11:ea:a9:63:42:c9:64:fb:e2:f9 was issued on by StartCom Ltd..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=portal.themarkus.at,C=AT

StartCom Ltd.

Organization: StartCom Ltd.
Organization unit: StartCom Certification Authority
Country: IL

This certificate has expire since

Certificate Details

Serial Number (hex): 2d:b3:19:56:b7:cb:11:ea:a9:63:42:c9:64:fb:e2:f9
Serial Number (int): 60745194878742269292333820460566045433
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: f6:da:b3:28:9c:83:35:f2:01:25:f8:de:76:86:1f:6c:de:29:a7:31
AuthorityKeyId: d7:91:4e:01:c4:b0:bf:f8:c8:67:93:44:9c:e7:33:fa:ad:93:0c:af

Fingerprint (sha1): db:45:aa:fa:74:e5:b8:42:c1:e6:43:0d:1b:c4:ba:85:40:fd:0e:8d
Fingerprint (sha256): 67:07:86:64:86:a9:ea:fb:12:5d:b5:5f:26:ae:6d:ec:7f:14:8c:03:1f:46:75:b4:ca:51:6e:e0:0b:ec:cf:9a

Issuing Certificate URL: http://aia.startssl.com/certs/sca.server1.crt

Revocation information

OCSP Server: http://ocsp.startssl.com
CRL Distribution Point: http://crl.startssl.com/sca-server1.crl

Check the revocation status for certificate portal.themarkus.at

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for portal.themarkus.at

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

11 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

portal.themarkus.at
www.portal.themarkus.at

Other certificates including the domain name themarkus.at

(limited to 100 certificates)
nextcloud.themarkus.at
chat.themarkus.at
*.themarkus.at
rss.themarkus.at
jira.themarkus.at
svn.themarkus.at
cdn.themarkus.at
portal.themarkus.at
*.themarkus.at
svn.themarkus.at
jira.themarkus.at
themarkus.at
v.themarkus.at
themarkus.at
themarkus.at
git.themarkus.at
*.themarkus.at
*.themarkus.at
themarkus.at
themarkus.at
themarkus.at
jira.themarkus.at
themarkus.at
fsync.themarkus.at
themarkus.at
themarkus.at
themarkus.at
*.themarkus.at
themarkus.at
themarkus.at
*.themarkus.at
themarkus.at

Certificate

The complete raw certificate details for portal.themarkus.at in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGHjCCBQagAwIBAgIQLbMZVrfLEeqpY0LJZPvi+TANBgkqhkiG9w0BAQsFADB4
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMg
U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAMTHVN0YXJ0
Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4XDTE2MDgyNjEwMTgzMloXDTE3MDgy
NjEwMTgzMlowKzELMAkGA1UEBhMCQVQxHDAaBgNVBAMME3BvcnRhbC50aGVtYXJr
dXMuYXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDE37B4q0M3MfYP
wyY04yTNa/yXg6ss/62wrPvptIcB7PebmJD024r5E68vLDtG9ATmeaiWMXajkZ75
MR1xOyKkPVgmSsASx3XM/PQ+CDXqeCuPYK2EWCyB2fv+wOaOoiHEmejrrAC6ORhd
9RUGBF/eQvH+XrQ7gTMk2EK3nac25h9c41WaUVKDa0LD0GYUIFt2Qs8QfXNAikeq
FAPJMISRJ+68ffMvY3AEPM8LNftHFNLmBw3PoY5ziD/ZmRV/FUAjUTUsBoUEK0o3
2++JfhIuMHDtG+Zj9y30kTklN5fs3CSbhDnJ1Y7VoltrWtUunk2eHx9oNjAo+IVi
BzM9FQNXX+eqGe1aBxFXPiDH6z4x0AwBvKWhq46zRqSoJs52MLU27K2PnjHhDt/b
DjpfZBqlJDqogkWqYYnmcMo08ooZaQLJcJwQqDCdl1L2kPVBw34ySPdELY+IZcJ4
YIsDT221712IjEGsfBm42jyzn7D42FXGG9KwJULz/tZkrHY7ZbqhafoFyvKilSD0
3O4X9FAW5XcAbTj5BefgxIp6dA9YPEBcdMRoKIa9WwLmrCZZ8kwC3xbw3ggRn3DP
Wk80whpkvmJJmbZ0dIrg1HSgbB/RWgy4VJrfwQ5Jt1sIzmLt5JRQC/jd8QP6T+S9
su5yXcbKmdoSWRtp2RyWn548DHFxPwIDAQABo4IB7zCCAeswDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAJBgNVHRMEAjAAMB0G
A1UdDgQWBBT22rMonIM18gEl+N52hh9s3imnMTAfBgNVHSMEGDAWgBTXkU4BxLC/
+Mhnk0Sc5zP6rZMMrzBvBggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6
Ly9vY3NwLnN0YXJ0c3NsLmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL2FpYS5zdGFy
dHNzbC5jb20vY2VydHMvc2NhLnNlcnZlcjEuY3J0MDgGA1UdHwQxMC8wLaAroCmG
J2h0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3NjYS1zZXJ2ZXIxLmNybDA3BgNVHREE
MDAughNwb3J0YWwudGhlbWFya3VzLmF0ghd3d3cucG9ydGFsLnRoZW1hcmt1cy5h
dDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wUQYDVR0gBEow
SDAIBgZngQwBAgEwPAYLKwYBBAGBtTcBAgUwLTArBggrBgEFBQcCARYfaHR0cHM6
Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeTATBgorBgEEAdZ5AgQDAQH/BAIFADAN
BgkqhkiG9w0BAQsFAAOCAQEAQHH8u731kG2dmTI8ef8BEeu4cfcj+gD85DWNGRRJ
8nxQ6164aySDuGhcaVI8t7zEb7kB3gp3tc+m9eNkmPGs3MqsreeFRkhX4SodNNp3
2xCXeJ+jh4nxXNzxF8HcvTndh7h9xKotenxzzk7fFgKn8B2D4BuBDDfcoqOBocHr
ExYRiC/5rEwF06QVR1TQDJ8v+U7XhSvNjlwl/sfmb2/I447irHpscqn3PRmEeAr6
dyyv13GesIX7/p6w9sSl5yzrKNtJXZmVqp6FRYjkPjS8KvWqCBYhi2GaAWTMi5iV
vWxVfJyxyStivpkzaqFahKaKMapzmwYHCwhla1c2vg35Xw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxN+weKtDNzH2D8MmNOMk
zWv8l4OrLP+tsKz76bSHAez3m5iQ9NuK+ROvLyw7RvQE5nmoljF2o5Ge+TEdcTsi
pD1YJkrAEsd1zPz0Pgg16ngrj2CthFgsgdn7/sDmjqIhxJno66wAujkYXfUVBgRf
3kLx/l60O4EzJNhCt52nNuYfXONVmlFSg2tCw9BmFCBbdkLPEH1zQIpHqhQDyTCE
kSfuvH3zL2NwBDzPCzX7RxTS5gcNz6GOc4g/2ZkVfxVAI1E1LAaFBCtKN9vviX4S
LjBw7RvmY/ct9JE5JTeX7Nwkm4Q5ydWO1aJba1rVLp5Nnh8faDYwKPiFYgczPRUD
V1/nqhntWgcRVz4gx+s+MdAMAbyloauOs0akqCbOdjC1Nuytj54x4Q7f2w46X2Qa
pSQ6qIJFqmGJ5nDKNPKKGWkCyXCcEKgwnZdS9pD1QcN+Mkj3RC2PiGXCeGCLA09t
te9diIxBrHwZuNo8s5+w+NhVxhvSsCVC8/7WZKx2O2W6oWn6BcryopUg9NzuF/RQ
FuV3AG04+QXn4MSKenQPWDxAXHTEaCiGvVsC5qwmWfJMAt8W8N4IEZ9wz1pPNMIa
ZL5iSZm2dHSK4NR0oGwf0VoMuFSa38EOSbdbCM5i7eSUUAv43fED+k/kvbLucl3G
ypnaElkbadkclp+ePAxxcT8CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 60745194878742269292333820460566045433
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Ltd.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Certification Authority'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Class 1 DV Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-08-26 10:18:32 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-08-26 10:18:32 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'AT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'portal.themarkus.at'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 803174975199764547430372423022790237202889398069827757014150685503184171762124041555968430387680625444525705924450053510516435687352040201316110215579686730142086188595507781738057819594670214189461400495957717980756333023839300187443564814492046091878088095819237628180743837846768137986514024022252898556562987889816318455386864995776466024093871752030782170868585617069566959230631938665530789396010432026723120723173687053938057372104976566078324685965185403865938568502876786862283275747429147584822600232010972791013992049904546805442519020811961102235929085388601028556407349815181408342665180988843705221149303273963288629915781233647446929147150625492326897466168935739753263252557662544655159330824734409541669514843761961437186599827026622330070426229547527961965292940233742761839120344772558894231382288663315260960398236540910384589901469382254700694975341070186440653314682574974501429080934278316813538583991641639289939026794618605684421671574160324765096071655627186754080007937318782804428858099885287333964888551349540365716084050165754936159064101400845364027563124605353951560737910786076503467576317893485762315371692579470415500906486608854683995158547044010881092580694394286588634742491896432282350824550719
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f6dab3289c8335f20125f8de76861f6cde29a731
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d7914e01c4b0bff8c86793449ce733faad930caf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.startssl.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.startssl.com/certs/sca.server1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.startssl.com/sca-server1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (48 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'portal.themarkus.at'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.portal.themarkus.at'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.18 (issuerAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.startssl.com/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.23223.1.2.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.startssl.com/policy'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004071fcbbbdf5906d9d99323c79ff0111ebb871f723fa00fce4358d191449f27c50eb5eb86b2483b8685c69523cb7bcc46fb901de0a77b5cfa6f5e36498f1acdccaacade785464857e12a1d34da77db1097789fa38789f15cdcf117c1dcbd39dd87b87dc4aa2d7a7c73ce4edf1602a7f01d83e01b810c37dca2a381a1c1eb131611882ff9ac4c05d3a4154754d00c9f2ff94ed7852bcd8e5c25fec7e66f6fc8e38ee2ac7a6c72a9f73d1984780afa772cafd7719eb085fbfe9eb0f6c4a5e72ceb28db495d9995aa9e854588e43e34bc2af5aa0816218b619a0164cc8b9895bd6c557c9cb1c92b62be99336aa15a84a68a31aa739b06070b08656b5736be0df95f