best-specflow.best.dev-charter.net

Issued by Amazon RSA 2048 M03

About this certificate

This digital certificate with serial number 08:7b:ed:38:43:aa:cb:e0:48:c6:81:f0:72:a2:08:0d was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=best-specflow.best.dev-charter.net

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 08:7b:ed:38:43:aa:cb:e0:48:c6:81:f0:72:a2:08:0d
Serial Number (int): 11277287868674252851308411566766032909
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: b5:3b:45:d4:5e:c2:2b:57:23:c9:16:38:c0:a4:21:a0:d8:4b:82:67
AuthorityKeyId: 55:d9:18:5f:d2:1c:cc:01:e1:58:b4:be:ab:d9:55:42:01:d7:2e:02

Fingerprint (sha1): 7e:0f:df:dc:1e:2e:43:7c:ad:01:91:ad:ce:e0:eb:ed:cc:a0:3c:59
Fingerprint (sha256): 7a:10:6f:01:20:a3:df:fe:77:aa:63:6b:93:4c:13:f5:a7:f7:d8:2c:86:22:0d:c0:59:7e:04:bd:fe:f2:8f:3b

Issuing Certificate URL: http://crt.r2m03.amazontrust.com/r2m03.cer

Revocation information

OCSP Server: http://ocsp.r2m03.amazontrust.com
CRL Distribution Point: http://crl.r2m03.amazontrust.com/r2m03.crl

Check the revocation status for certificate best-specflow.best.dev-charter.net

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for best-specflow.best.dev-charter.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

best-specflow.best.dev-charter.net
*.best-specflow.best.dev-charter.net

Other certificates including the domain name dev-charter.net

(limited to 100 certificates)
*.dev-charter.net
ip-eas-sit-east-https-cdn.dev-charter.net
ip-eas-staging-west-https-cdn.dev-charter.net
ip-eas-sit-east-https-cdn.dev-charter.net
eks-nlb-int.us-east-1.perf.tau.dev-charter.net
ip-eas-sit-tm-west-https-cdn.dev-charter.net
*.dev-charter.net
troubleshooting.dev-charter.net
stash.dev-charter.net
*.mediaportals.dev-charter.net
*.develop.dev-charter.net
logpull-perf.tau.dev-charter.net
cms.prd-aws.charter.net
mediaportals-news-64.dev-charter.net
advisor2.engprod-spectrum.net
jenkinsdocker.dev-charter.net
*.mediaportals.dev-charter.net
*.dev-charter.net
ip-eas-dev-east-https-cdn.dev-charter.net
ip-eas-lab-west-https-cdn.dev-charter.net
sdev-ns.dev-charter.net
*.dev-charter.net
*.mediaportals.dev-charter.net
ip-eas-dev-west-https-cdn.dev-charter.net
*.us-east-1.engprod.tau.dev-charter.net
jenkinsdocker.dev-charter.net
*.dev-charter.net
*.tau.dev-charter.net
ip-eas-lab-west-https-cdn.dev-charter.net
stash.dev-charter.net
*.tau.dev-charter.net
*.mediaportals.dev-charter.net
jenkins-glb.dev-charter.net
stash.dev-charter.net
*.scpcj.dev.dev-charter.net
metadata.dev-charter.net
ui-srta.vod.dev-charter.net
atvchtr.dev-charter.net
serenity.vod.dev-charter.net
*.us-east-1.perf.tau.dev-charter.net
*.us-east-1.dev3.tau.dev-charter.net
*.dev-charter.net
ip-eas-sit-tm-west-https-cdn.dev-charter.net
*.scpcj.perf.dev-charter.net
*.dev-charter.net
cms.prd-aws.spectrumbusiness.net
*.us-east-1.dev2.tau.dev-charter.net
*.mediaportals.dev-charter.net
*.scpcj.dev.dev-charter.net
stashs.dev-charter.net
cms.prd-aws.charter.net
*.mediaportals.dev-charter.net
best-specflow.best.dev-charter.net
*.dev-charter.net
ip-eas-dev-east-https-cdn.dev-charter.net
ipvs.dev-charter.net
*.us-east-1.int.tau.dev-charter.net
crowd.dev-charter.net
ip-eas-sit-east-https-cdn.dev-charter.net
nexus.mediaportals.dev-charter.net
crescendo-stacka.vod.dev-charter.net
logpull-dev3.tau.dev-charter.net
*.dev-charter.net
ip-eas-dev-west-https-cdn.dev-charter.net
engprod-spectrum.net
search.dev-charter.net
ip-eas-staging-east-https-cdn.dev-charter.net
serenity.vod.dev-charter.net
ip-eas-staging-west-https-cdn.dev-charter.net
*.dev-charter.net
*.dev-charter.net
nexus.global.dev-charter.net
*.scpscl.dev-charter.net
ip-eas-sit-west-https-cdn.dev-charter.net
*.figaro.dev-charter.net
advisor2.engprod-spectrum.net
*.us-east-1.dev3.tau.dev-charter.net
*.mediaportals.dev-charter.net
ip-eas-autotest-https-cdn.dev-charter.net
stashs.dev-charter.net
ip-eas-staging-east-https-cdn.dev-charter.net
*.tau.dev-charter.net
*.mediaportals.dev-charter.net
*.us-east-1.perf.tau.dev-charter.net
jenkinsdocker-glb.dev-charter.net
troubleshooting.engprod-spectrum.net
*.us-east-1.dev.tau.dev-charter.net
ip-eas-sit-west-https-cdn.dev-charter.net
stashs.dev-charter.net
*.mediaportals.dev-charter.net
*.us-east-1.sbox1.tau.dev-charter.net
ip-eas-autotest-https-cdn.dev-charter.net
lantern.dev-charter.net
*.siadev.dev-charter.net
*.mediaportals.dev-charter.net
stash.dev-charter.net
dbm-translate.spectrumaws.dev-charter.net
*.us-east-1.dev2.tau.dev-charter.net
*.mediaportals.dev-charter.net
*.us-west-2.sbox1.tau.dev-charter.net

Certificate

The complete raw certificate details for best-specflow.best.dev-charter.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEqTCCA5GgAwIBAgIQCHvtOEOqy+BIxoHwcqIIDTANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAzMB4XDTI0MDUyMzAwMDAwMFoXDTI1MDYyMjIzNTk1OVowLTEr
MCkGA1UEAxMiYmVzdC1zcGVjZmxvdy5iZXN0LmRldi1jaGFydGVyLm5ldDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIo21nymWi+AH7E8JjM0KmYVPl3P
vAmfQmVXwfzHH2lK6c3X/y6A1zpJgBQVlbz7kBCmkbCG8loJvIOikQlM835q+5se
HtTnnpDoawrrXjJoPVKWIhAFD4lq/5xmHPCWGH2RUhx8vFCyRBcSmsMaVAtCaBmw
e1CZqTdoZkF7xJZs/6LdAqLGWPQiG0k9Oq+BJF9UsAXsGbZp33a9sL/7ZE5FYjX0
mudnZgYtxCrwc2je5UUKteWqDoKdDIZEaG0FhuVrTGYOv+tvhLSqZR/r9lUczs4J
B/HV/j/AhmT6XSOk0SoXcFSpC9Av4d3NNr8dGsgKPJ9/thjN/QQFvjGxEw0CAwEA
AaOCAbQwggGwMB8GA1UdIwQYMBaAFFXZGF/SHMwB4Vi0vqvZVUIB1y4CMB0GA1Ud
DgQWBBS1O0XUXsIrVyPJFjjApCGg2EuCZzBTBgNVHREETDBKgiJiZXN0LXNwZWNm
bG93LmJlc3QuZGV2LWNoYXJ0ZXIubmV0giQqLmJlc3Qtc3BlY2Zsb3cuYmVzdC5k
ZXYtY2hhcnRlci5uZXQwEwYDVR0gBAwwCjAIBgZngQwBAgEwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCg
LqAshipodHRwOi8vY3JsLnIybTAzLmFtYXpvbnRydXN0LmNvbS9yMm0wMy5jcmww
dQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5yMm0wMy5h
bWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQucjJtMDMuYW1h
em9udHJ1c3QuY29tL3IybTAzLmNlcjAMBgNVHRMBAf8EAjAAMBMGCisGAQQB1nkC
BAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAom2Kg+oL9gsglEgp775nXRGH+
mkUys+ZRGnlIGJBmFt59YdQnZyaA77uj4wRchsNP6PuYcPkst2xiyQeWT7obOn3o
HwZr0khNeGehqmPF4bXpDBMQfXgdeXsGIhciEVLdely2mNvFqjIQyjefChsy7c5P
8SY0ho7JWNT/Ruvkkfb1G/lJypB3h6xN0mjziYWBjx+hOBANlw2RkB5klDCdkQyG
wR+l06mDPpPm3k62WxVlxRRC9vu4iRoowt3yfdLUlFsyDHm3ETDWU49EJLgpfD07
t7eWlSloeYhZSQL0EdJTixYESr52Ip4yMbBsCcwFd05uaHkh+Ushbsd4pWri
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijbWfKZaL4AfsTwmMzQq
ZhU+Xc+8CZ9CZVfB/McfaUrpzdf/LoDXOkmAFBWVvPuQEKaRsIbyWgm8g6KRCUzz
fmr7mx4e1OeekOhrCuteMmg9UpYiEAUPiWr/nGYc8JYYfZFSHHy8ULJEFxKawxpU
C0JoGbB7UJmpN2hmQXvElmz/ot0CosZY9CIbST06r4EkX1SwBewZtmnfdr2wv/tk
TkViNfSa52dmBi3EKvBzaN7lRQq15aoOgp0MhkRobQWG5WtMZg6/62+EtKplH+v2
VRzOzgkH8dX+P8CGZPpdI6TRKhdwVKkL0C/h3c02vx0ayAo8n3+2GM39BAW+MbET
DQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 11277287868674252851308411566766032909
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M03'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-23 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-06-22 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'best-specflow.best.dev-charter.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17447927631828350901948582096229074458577944395794533138273868180699985700021182878362975255652189509695643291502850898914645123028845687766572770501140437777011359222581580006385706725872661069501316544911098407922789080706824753697947791938610886553414142183599474344306829426148446293136328555560581185993924277619718073199515887027047860487474613517476131998929483142003728191053640338910975575032445877153723750915285488611092766811157834765829236517139268978382377487037414492987544638792871246116789310508996929738745001533025158827787607113862890340851247731132003276218032353409176200793793220296769031705357
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 55d9185fd21ccc01e158b4beabd9554201d72e02
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b53b45d45ec22b5723c91638c0a421a0d84b8267
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (76 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'best-specflow.best.dev-charter.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.best-specflow.best.dev-charter.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m03.amazontrust.com/r2m03.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m03.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m03.amazontrust.com/r2m03.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00289b62a0fa82fd82c825120a7bef99d74461fe9a4532b3e6511a794818906616de7d61d427672680efbba3e3045c86c34fe8fb9870f92cb76c62c907964fba1b3a7de81f066bd2484d7867a1aa63c5e1b5e90c13107d781d797b062217221152dd7a5cb698dbc5aa3210ca379f0a1b32edce4ff12634868ec958d4ff46ebe491f6f51bf949ca907787ac4dd268f38985818f1fa138100d970d91901e6494309d910c86c11fa5d3a9833e93e6de4eb65b1565c51442f6fbb8891a28c2ddf27dd2d4945b320c79b71130d6538f4424b8297c3d3bb7b7969529687988594902f411d2538b16044abe76229e3231b06c09cc05774e6e687921f94b216ec778a56ae2