cargolux.com
Issued by GeoTrust Global TLS RSA4096 SHA256 2022 CA1
About this certificate
This digital certificate with serial number 02:f1:36:c5:73:2d:0b:9f:dd:b5:5b:35:64:98:79:0f was issued on by DigiCert, Inc..
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=cargolux.com
DigiCert, Inc.
Organization:
DigiCert, Inc.
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 02:f1:36:c5:73:2d:0b:9f:dd:b5:5b:35:64:98:79:0fSerial Number (int): 3910910428188570390937598855803861263
Serial Number lenght: 122 bits, 16 octets
SubjectKeyId: f6:a1:9e:16:49:35:d3:30:f4:ac:15:6a:91:3a:12:a0:19:b8:ae:3f
AuthorityKeyId: a5:b4:d6:eb:36:c4:e7:6b:a6:df:c4:64:0b:01:2a:20:04:b8:66:23
Fingerprint (sha1): cd:1b:29:47:01:13:4e:a7:ca:6f:38:56:2a:9c:c3:40:86:50:88:05
Fingerprint (sha256): 73:8f:b4:30:4d:b0:f2:c1:d0:ef:ac:8d:cb:f4:2c:3f:cc:cd:a6:69:99:8c:23:ad:53:5f:ab:9b:64:0b:20:7c
Issuing Certificate URL: http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt
Revocation information
OCSP Server: http://ocsp.digicert.comCRL Distribution Point: http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl
CRL Distribution Point: http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl
Check the revocation status for certificate cargolux.com
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for cargolux.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
cargolux.com
Other certificates including the domain name cargolux.com
(limited to 100 certificates)
www.cargolux.com
cargolux.com
*.cargolux.com
www.cargolux.com
sip.champ.aero
www.cargolux.com
www.cargolux.com
CVZPWEUASAVAS01.cargolux.com
anniversary.cargolux.com
www.cargolux.com
sync.cargolux.com
cargolux.com
*.cargolux.com
cargolux.com
cargolux.com
cargolux.com
cargolux.com
sync.cargolux.com
*.cargolux.com
cargolux.com
sync.cargolux.com
www.cargolux.com
sip.champ.aero
sync.cargolux.com
www.cargolux.com
sync.cargolux.com
sip.champ.aero
www.cargolux.com
*.cargolux.com
www.cargolux.com
*.cargolux.com
sync.cargolux.com
sync.cargolux.com
sip.champ.aero
anniversary.cargolux.com
sync.cargolux.com
www.cargolux.com
*.cargolux.com
cargolux.com
*.cargolux.com
www.cargolux.com
sip.champ.aero
www.cargolux.com
www.cargolux.com
CVZPWEUASAVAS01.cargolux.com
anniversary.cargolux.com
www.cargolux.com
sync.cargolux.com
cargolux.com
*.cargolux.com
cargolux.com
cargolux.com
cargolux.com
cargolux.com
sync.cargolux.com
*.cargolux.com
cargolux.com
sync.cargolux.com
www.cargolux.com
sip.champ.aero
sync.cargolux.com
www.cargolux.com
sync.cargolux.com
sip.champ.aero
www.cargolux.com
*.cargolux.com
www.cargolux.com
*.cargolux.com
sync.cargolux.com
sync.cargolux.com
sip.champ.aero
anniversary.cargolux.com
sync.cargolux.com
www.cargolux.com
*.cargolux.com
Certificate
The complete raw certificate details for cargolux.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHiDCCBXCgAwIBAgIQAvE2xXMtC5/dtVs1ZJh5DzANBgkqhkiG9w0BAQsFADBc MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT K0dlb1RydXN0IEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN MjQwMzE3MDAwMDAwWhcNMjQwOTE3MjM1OTU5WjAXMRUwEwYDVQQDEwxjYXJnb2x1 eC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPHARctRNVJ5iw AqW3koLgr+Qk1l9Oywg93mYEXtqXh7ecsH3TNz/kxiEKoXYFxhBsBfULkQ5aXHvV swqDhEzMYNkprRv+xNUgBP+3x6GfWESHMo3ljGMjHP5y4Q54G3O4BRC0A7covU+D IuTCqa54ms40fIpDnK5Kw0sd04Cc/aPMptTm/f0hzhhIcB31/Z3EQ8EzMc1/Q1GI 024qDDhjeJmjIApSeJpyQ6j5DtF/+ijvohSuSdgBynjo4OOZWSfobH7mZ+++FeO4 2gJfJKIdj5/hecozLdctNIeXRF4INITTK2+x+7Np9zdP9cj6DJulgx55fgW7ofGp RVy89cC5AgMBAAGjggOJMIIDhTAfBgNVHSMEGDAWgBSltNbrNsTna6bfxGQLASog BLhmIzAdBgNVHQ4EFgQU9qGeFkk10zD0rBVqkToSoBm4rj8wFwYDVR0RBBAwDoIM Y2FyZ29sdXguY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQIBMCkwJwYIKwYBBQUHAgEW G2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGfBgNVHR8EgZcwgZQwSKBGoESG Qmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9HZW9UcnVzdEdsb2JhbFRMU1JTQTQw OTZTSEEyNTYyMDIyQ0ExLmNybDBIoEagRIZCaHR0cDovL2NybDQuZGlnaWNlcnQu Y29tL0dlb1RydXN0R2xvYmFsVExTUlNBNDA5NlNIQTI1NjIwMjJDQTEuY3JsMIGH BggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0 LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0dl b1RydXN0R2xvYmFsVExTUlNBNDA5NlNIQTI1NjIwMjJDQTEuY3J0MAwGA1UdEwEB /wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB3AO7N0GTV2xrOxVy3nbTN E6Iyh0Z8vOzew1FIWUZxH7WbAAABjku2RPUAAAQDAEgwRgIhAJ7bLdXglu8Vxrgn o0Mdd3WqUKu8R/QoytjlmS7Teb68AiEA/iYo6DXrqNQdZJjo7AQi1h6LMih7FAhW b3o4capybXcAdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAY5L tkUCAAAEAwBHMEUCIQCUCr31Ntq9id5q5DamTZOfsU6sNITGkGJsOwwmRky30QIg B7OE+C+kHSEXqVVv6KcGYZlAuAVeeBDOik8lzYSIlnYAdgA/F0tP1yJHWJQdZRyE vg0S7ZA3fx+FauvBvyiF7PhkbgAAAY5LtkVhAAAEAwBHMEUCIQCVzMkmomTUfGW9 RigqpjFTv8cLEPY12JL36zpjjU85kQIge63Qc4YX9KUH3IUK5wcKDM5ybyStzft9 hZjRdhqsxiMwDQYJKoZIhvcNAQELBQADggIBADO3yq0i35qs/+RGlYrN87/YHNWs Tb7xDjgswfyWl6Unjvu1+kiMs+1byFjiH9s6pVetkS0UKJouljQ1RRYjSGCQZujy +PXrpUxYhzG6FfUrD22gLCJjV0mVS4Hwd2yN5ESdIJmGo+RFrhT+Z3/BdLDamsNc FwBvDZE8oHujGbvaQlMOrvuajA+jL7ltFpyQ4th5C+NGgpmYJfTX2V1aT3sAMxyu gJ+zQFZz0qn1fPXBtezN45VxEQUuUOaabkM6Z/Sifo0NQAQcfw2t8yicXcifFvK5 nV4uZe1EiPjFiQ0skWOOg2J6OPpfFXkljq4th0ho0G1ERfwjcUok+JBq47MZGP1G DdDYe/z3XPuz1t3N30MJsDkEgbVc0RpO/7FqEZGN+Yp4A411Snx6fE3cmf3ORah+ n6HtartRVTWnw5S/EDOOHHAaj63isI+ac/BIezzOU9pZQv7kGBTrPJyqbyHYPAV/ so5/hJHNoAxdtqcBFk6/s8yBxixTPaEP4sT9ylyDMDdkIJhAQBnmeT5jsXagGw0Y n290LLkcJYdqoKVNyo7xzd7wP6PlsRg75tbV42UutSFW9SNCKX0lQjy83tJ3/CkC ncH2MuJLTZ6rMw1Hb801e1LOkn+np/Hf+EbOsGw/nxvtlq5DbV+JCbm2ti6EGR5B fme3OL3y92Zsxeh7 -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxwEXLUTVSeYsAKlt5KC 4K/kJNZfTssIPd5mBF7al4e3nLB90zc/5MYhCqF2BcYQbAX1C5EOWlx71bMKg4RM zGDZKa0b/sTVIAT/t8ehn1hEhzKN5YxjIxz+cuEOeBtzuAUQtAO3KL1PgyLkwqmu eJrONHyKQ5yuSsNLHdOAnP2jzKbU5v39Ic4YSHAd9f2dxEPBMzHNf0NRiNNuKgw4 Y3iZoyAKUniackOo+Q7Rf/oo76IUrknYAcp46ODjmVkn6Gx+5mfvvhXjuNoCXySi HY+f4XnKMy3XLTSHl0ReCDSE0ytvsfuzafc3T/XI+gybpYMeeX4Fu6HxqUVcvPXA uQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 3910910428188570390937598855803861263 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Global TLS RSA4096 SHA256 2022 CA1' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-17 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-09-17 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cargolux.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26145144845120481697292721272617215355397420082084918198948814517358289841558295243445315324387643159547706707889517816592876166692209819520021782300903650621386488791996297374014951767294395812025990675064147062205671205389692819336585570445561205201349196962288436187906776662787882234755263246531269176147957950893283249412326478033694502154088787481427833814265422761649714334348840460156303780056135259837259937509924616246647002805272446603101517342373112090141847599874922304222891953049603796482482892400393531763349260286782854716013331314976925411469260494871288769672039848230796014647927521025945587007673 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a5b4d6eb36c4e76ba6dfc4640b012a2004b86623 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) f6a19e164935d330f4ac156a913a12a019b8ae3f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (16 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cargolux.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (151 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes) 0169007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018e4bb644f500000403004830460221009edb2dd5e096ef15c6b827a3431d7775aa50abbc47f428cad8e5992ed379bebc022100fe2628e835eba8d41d6498e8ec0422d61e8b32287b1408566f7a3871aa726d77007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018e4bb645020000040300473045022100940abdf536dabd89de6ae436a64d939fb14eac3484c690626c3b0c26464cb7d1022007b384f82fa41d2117a9556fe8a706619940b8055e7810ce8a4f25cd848896760076003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018e4bb64561000004030047304502210095ccc926a264d47c65bd46282aa63153bfc70b10f635d892f7eb3a638d4f399102207badd0738617f4a507dc850ae7070a0cce726f24adcdfb7d8598d1761aacc623 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 0033b7caad22df9aacffe446958acdf3bfd81cd5ac4dbef10e382cc1fc9697a5278efbb5fa488cb3ed5bc858e21fdb3aa557ad912d14289a2e96343545162348609066e8f2f8f5eba54c588731ba15f52b0f6da02c22635749954b81f0776c8de4449d209986a3e445ae14fe677fc174b0da9ac35c17006f0d913ca07ba319bbda42530eaefb9a8c0fa32fb96d169c90e2d8790be34682999825f4d7d95d5a4f7b00331cae809fb3405673d2a9f57cf5c1b5eccde3957111052e50e69a6e433a67f4a27e8d0d40041c7f0dadf3289c5dc89f16f2b99d5e2e65ed4488f8c5890d2c91638e83627a38fa5f1579258eae2d874868d06d4445fc23714a24f8906ae3b31918fd460dd0d87bfcf75cfbb3d6ddcddf4309b0390481b55cd11a4effb16a11918df98a78038d754a7c7a7c4ddc99fdce45a87e9fa1ed6abb515535a7c394bf10338e1c701a8fade2b08f9a73f0487b3cce53da5942fee41814eb3c9caa6f21d83c057fb28e7f8491cda00c5db6a701164ebfb3cc81c62c533da10fe2c4fdca5c833037642098404019e6793e63b176a01b0d189f6f742cb91c25876aa0a54dca8ef1cddef03fa3e5b1183be6d6d5e3652eb52156f52342297d25423cbcded277fc29029dc1f632e24b4d9eab330d476fcd357b52ce927fa7a7f1dff846ceb06c3f9f1bed96ae436d5f8909b9b6b62e84191e417e67b738bdf2f7666cc5e87b