www.tkl.cz
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 04:cb:72:9f:dd:bd:80:59:98:c6:89:d5:fb:63:b0:e9:d0:cd was issued on by Let's Encrypt.
With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=www.tkl.cz
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:cb:72:9f:dd:bd:80:59:98:c6:89:d5:fb:63:b0:e9:d0:cdSerial Number (int): 417678826276137849635996907884622950027469
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 3f:64:36:e3:fa:30:77:91:17:4b:35:75:88:72:59:9f:89:24:e3:ff
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): 2c:67:aa:74:4b:f2:66:5d:27:d3:d0:fb:14:65:4f:73:1d:c1:b4:09
Fingerprint (sha256): 71:b3:32:e7:5a:3e:a8:08:37:07:8f:a1:f4:23:a7:89:80:a5:c2:4f:93:28:52:12:fa:e8:50:19:3b:e1:4a:3d
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate www.tkl.cz
4
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for www.tkl.cz
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
lekarpocitacu.cz
seitan.tkl.cz
www.lekarpocitacu.cz
www.tkl.cz
seitan.tkl.cz
www.lekarpocitacu.cz
www.tkl.cz
Other certificates including the domain name tkl.cz
(limited to 100 certificates)
www.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
www.tkl.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
www.tkl.cz
www.tkl.cz
www.tkl.cz
public.relations.cz
tofu.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
www.tkl.cz
www.tkl.cz
public.relations.cz
tofu.tkl.cz
www.tkl.cz
www.tkl.cz
public.relations.cz
tofu.tkl.cz
tofu.tkl.cz
www.tkl.cz
www.tkl.cz
public.relations.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
public.relations.cz
www.tkl.cz
www.tkl.cz
tofu.tkl.cz
public.relations.cz
tofu.tkl.cz
www.tkl.cz
public.relations.cz
www.tkl.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
public.relations.cz
www.tkl.cz
www.tkl.cz
www.tkl.cz
www.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
public.relations.cz
www.tkl.cz
www.tkl.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
www.tkl.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
www.tkl.cz
www.tkl.cz
www.tkl.cz
public.relations.cz
tofu.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
www.tkl.cz
www.tkl.cz
public.relations.cz
tofu.tkl.cz
www.tkl.cz
www.tkl.cz
public.relations.cz
tofu.tkl.cz
tofu.tkl.cz
www.tkl.cz
www.tkl.cz
public.relations.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
public.relations.cz
www.tkl.cz
www.tkl.cz
tofu.tkl.cz
public.relations.cz
tofu.tkl.cz
www.tkl.cz
public.relations.cz
www.tkl.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
public.relations.cz
www.tkl.cz
www.tkl.cz
www.tkl.cz
www.tkl.cz
tofu.tkl.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
public.relations.cz
www.tkl.cz
www.tkl.cz
www.tkl.cz
tofu.tkl.cz
tofu.tkl.cz
Certificate
The complete raw certificate details for www.tkl.cz in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFhDCCBGygAwIBAgISBMtyn929gFmYxonV+2Ow6dDNMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEyMDEwNzU2MjNaFw0x OTAzMDEwNzU2MjNaMBUxEzARBgNVBAMTCnd3dy50a2wuY3owggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDxSePFMWftKD5X/wAtVjQW5Pj5e/2azll7HHGx tZu5cdJMLJ9aOsYowS4neI2u+/QwAR0fz+6eqLxFkrWhpQMeBAbdQJDNZ8jIewzw sEpr8qg6BLy2WzvvAPBkJaM4mM4CpOMsy53dmcRGDrIS8TbrXWReMpcjcOvPKIXk bEKHb8Litdzf5zCtGz7LahmAhdpZe6A1dCOhEQwgj/u+qRlHoQQlokGRQHlJ96am 3Z+EH9gGdeXgr9v8YmGE+Z5wrkBDPeZ6SrGAZw8u0z2IqHuvtqJ0OT1NdduhWScD 14K+GrRg6XwNCscaaoji6YAjChSijdcb9cuZVEzRArheWrDNAgMBAAGjggKXMIIC kzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFD9kNuP6MHeRF0s1dYhyWZ+JJOP/MB8G A1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAu BggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAv BggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8w TAYDVR0RBEUwQ4IQbGVrYXJwb2NpdGFjdS5jeoINc2VpdGFuLnRrbC5jeoIUd3d3 Lmxla2FycG9jaXRhY3UuY3qCCnd3dy50a2wuY3owTAYDVR0gBEUwQzAIBgZngQwB AgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRz ZW5jcnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgBVgdTCFpA2AUrq C5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWdo+68YAAAEAwBHMEUCIQCy3Jq15Sko WjIjJb99qoPesavtZ7iYZHnqKMPNxo4CsgIgG3sv1aIc1S8EZf0WD+oJZ56mTLy8 IZC3A5dOSF60zVcAdwApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eAAA AWdo+65fAAAEAwBIMEYCIQC/65DuiOslY5DZm0eEOyBb7mxKMIuBYkr2BaqA3OAk kwIhAKITgcGWb6sKtTO6fF+OZVVAF88pT3Seyd2f4AGB8o3YMA0GCSqGSIb3DQEB CwUAA4IBAQBgTMurbBcdlPzTy6TARmV7y1mJ9OSnthTnK/UP1muikk6LiqH3tkBE 7ICCCqLXFr/whPH4N4B4wKXCvJmSjjI+cYJScnDCghvYS95lq3L5PW0fJgfQ78xQ 6TdnN5jJRPmjiTSjIwon8Ei29s/EEe4rh80+liWe7uxHmqHWpl8M2kfrf8xZqAhN Gv/bxHkdCipyXLPRYyv8SG3H/c02XAgj6gNdfu9U55Hf5oMTU5PN/fHSyn3tfWam VD3VWZU/2ZBjhBYU2x5Xc5mTgb3lZmUDNsZfq5ISkxhxgQ3Wb32QQFza9sF5z3Dz 4Rz9x9H5msC8wwOKSjxWEe2gGDseNBFJ -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8UnjxTFn7Sg+V/8ALVY0 FuT4+Xv9ms5ZexxxsbWbuXHSTCyfWjrGKMEuJ3iNrvv0MAEdH8/unqi8RZK1oaUD HgQG3UCQzWfIyHsM8LBKa/KoOgS8tls77wDwZCWjOJjOAqTjLMud3ZnERg6yEvE2 611kXjKXI3DrzyiF5GxCh2/C4rXc3+cwrRs+y2oZgIXaWXugNXQjoREMII/7vqkZ R6EEJaJBkUB5Sfempt2fhB/YBnXl4K/b/GJhhPmecK5AQz3mekqxgGcPLtM9iKh7 r7aidDk9TXXboVknA9eCvhq0YOl8DQrHGmqI4umAIwoUoo3XG/XLmVRM0QK4Xlqw zQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 417678826276137849635996907884622950027469 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-12-01 07:56:23 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-03-01 07:56:23 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.tkl.cz' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30459867879539878021606820718476714390456293952324341694448590327907261899493148346295400005068212556230064530129876987692052756475912426065618420216607706572680660405106065776071908246398388950342577205738665968399058450380141120718257158449212946206812959510145899007971208203503487406622615854696500212632064074180911346459068789730773539188513922902263415068487334249038523855458134496904639655434290886673217973946984873067549316774759063146495789250820695452278989227465664567988095836913061535196408735067659262495407053643065120785461041502841778019400376714577772505148537041981624858469024783881058798710989 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 3f6436e3fa307791174b35758872599f8924e3ff . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lekarpocitacu.cz' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'seitan.tkl.cz' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.lekarpocitacu.cz' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tkl.cz' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f10076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000016768fbaf180000040300473045022100b2dc9ab5e529285a322325bf7daa83deb1abed67b8986479ea28c3cdc68e02b202201b7b2fd5a21cd52f0465fd160fea09679ea64cbcbc2190b703974e485eb4cd57007700293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f4780000016768fbae5f0000040300483046022100bfeb90ee88eb256390d99b47843b205bee6c4a308b81624af605aa80dce02493022100a21381c1966fab0ab533ba7c5f8e65554017cf294f749ec9dd9fe00181f28dd8 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00604ccbab6c171d94fcd3cba4c046657bcb5989f4e4a7b614e72bf50fd66ba2924e8b8aa1f7b64044ec80820aa2d716bff084f1f8378078c0a5c2bc99928e323e7182527270c2821bd84bde65ab72f93d6d1f2607d0efcc50e937673798c944f9a38934a3230a27f048b6f6cfc411ee2b87cd3e96259eeeec479aa1d6a65f0cda47eb7fcc59a8084d1affdbc4791d0a2a725cb3d1632bfc486dc7fdcd365c0823ea035d7eef54e791dfe683135393cdfdf1d2ca7ded7d66a6543dd559953fd99063841614db1e5773999381bde566650336c65fab9212931871810dd66f7d90405cdaf6c179cf70f3e11cfdc7d1f99ac0bcc3038a4a3c5611eda0183b1e341149