staging.ochsnerhockey.ch

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 03:35:ac:db:96:9c:47:f1:0e:86:f9:80:1c:cb:fd:38:25:e5 was issued on by Let's Encrypt.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=staging.ochsnerhockey.ch

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:35:ac:db:96:9c:47:f1:0e:86:f9:80:1c:cb:fd:38:25:e5
Serial Number (int): 279601590625120801916219271444164161054181
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: c0:36:16:1f:47:51:68:6b:92:f0:5f:1a:ea:13:17:fb:52:21:f7:44
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): bc:3e:c4:70:f0:f9:2e:36:7a:d6:4c:e7:e1:eb:b2:46:7d:94:c0:84
Fingerprint (sha256): 7e:77:72:77:7c:3d:23:35:72:96:64:b7:3a:9c:59:bb:c5:c2:a6:25:16:19:f0:d3:76:5c:07:30:87:c0:a2:ba

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate staging.ochsnerhockey.ch

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for staging.ochsnerhockey.ch

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

staging.ochsnerhockey.ch

Other certificates including the domain name ochsnerhockey.ch

(limited to 100 certificates)
support.ninatech.co
community.thegreencatalyst.com
mail.ochsnerhockey.ch
support.smartcon.pl
staging.ochsnerhockey.ch
ochsnerhockey.ch
support.ninatech.co
support.smartcon.pl
ochsnerhockey.ch
mail.ochsnerhockey.ch
staging.ochsnerhockey.ch
ochsnerhockey.ch
shop.ochsnerhockey.ch
ochsnerhockey.ch
shop.ochsnerhockey.ch
shop.ochsnerhockey.ch
ochsnerhockey.ch
staging.ochsnerhockey.ch
support.smartcon.pl
ochsnerhockey.ch
support.smartcon.pl
staging.ochsnerhockey.ch
community.thegreencatalyst.com
support.smartcon.pl
community.thegreencatalyst.com
sasupport.benchmarknorth.co.uk
support.ochsnerhockey.ch
support.smartcon.pl
support.smartcon.pl
ochsnerhockey.ch
support.smartcon.pl
support.smartcon.pl
ochsnerhockey.ch
sasupport.benchmarknorth.co.uk
ochsnerhockey.ch
staging.ochsnerhockey.ch
mail.ochsnerhockey.ch
sasupport.benchmarknorth.co.uk
staging.ochsnerhockey.ch
staging.ochsnerhockey.ch
staging.ochsnerhockey.ch
support.smartcon.pl
wc.ochsnerhockey.ch
ochsnerhockey.ch
support.smartcon.pl
staging.ochsnerhockey.ch
mail.ochsnerhockey.ch
ochsnerhockey.ch
support.smartcon.pl
mail.ochsnerhockey.ch
ochsnerhockey.ch
autodiscover.ochsnerhockey.ch
ochsnerhockey.ch
ochsnerhockey.ch
ochsnerhockey.ch
staging.ochsnerhockey.ch
ochsnerhockey.ch
mail.ochsnerhockey.ch
mail.ochsnerhockey.ch
support.ochsnerhockey.ch
sasupport.benchmarknorth.co.uk
support.ochsnerhockey.ch
shop.ochsnerhockey.ch
staging.ochsnerhockey.ch
shop.ochsnerhockey.ch
support.ninatech.co
community.thegreencatalyst.com
shop.ochsnerhockey.ch
support.smartcon.pl
shop.ochsnerhockey.ch
support.smartcon.pl
support.ochsnerhockey.ch
ochsnerhockey.ch
support.smartcon.pl
support.smartcon.pl

Certificate

The complete raw certificate details for staging.ochsnerhockey.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGaTCCBVGgAwIBAgISAzWs25acR/EOhvmAHMv9OCXlMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTEyMDcyMzA0MTFaFw0y
MDAzMDYyMzA0MTFaMCMxITAfBgNVBAMTGHN0YWdpbmcub2Noc25lcmhvY2tleS5j
aDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAN/1HcdSQwjHhSBGveCY
O3vLF3Pzm+yTZpZDVZu13sExVEmoJ3mJhFXDwSApFO54H3GPg3ebf5et+drj3Upf
Fvuw4x0Ryo41ZTNnkKKGULu6q1eNvHalCDaNewFcX6NS5zPrByQbWT4uQujQhrs6
5zlJlFkeUQVyHzpDHf1l3inHjnO+GOA35qqfxjThcaUdQP5wqGOaTcygvuMvZzu3
OEO/KI5OhiRcMC2BMnvTGW2/jHvJbfCLOr0vUlwxjEcqY/0HQTKGkQOdMMXRYjYe
dKXic3f5thjkDUHZyLXXMPV6Vu8XUS6yvI6TzfrTDsE53qgrSKyUkUduWyxBHQfu
6cHF5py0CtKOYCJYmLfWz2xYcnMmhM4eP35/CvlTTk5bW1u11lK1RODdGlw5xvif
dgQj5bma0rcttxtBncygo1VpY8OHH5oJ7upsQfuiT1RqfNke1s9e6XjRjbrYzizE
UUzpc3xfs1pkFUoFbeoFGS8736VHzqEl0mm1ThB9+mrvyQ2Z8aL4Bn1s/sdiGH0a
V+aCSUSFbt9LCTY/qdNnw+1nJVU5rMtH0xBIOTrXluzx2hbX4Z1IqsaizT3lKVwh
AY0FX39vYxU1pl3Zp3iZHnXRnnlzrZOvJTEWUqZV2LvKyylO5SGiKHHHv+c+CiBr
UUI6F135O4cfCWr/H3WGx3DlAgMBAAGjggJuMIICajAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
VR0OBBYEFMA2Fh9HUWhrkvBfGuoTF/tSIfdEMB8GA1UdIwQYMBaAFKhKamMEfd26
5tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDov
L29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDov
L2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wIwYDVR0RBBwwGoIYc3RhZ2lu
Zy5vY2hzbmVyaG9ja2V5LmNoMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQB
gt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3Jn
MIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYAXqdz+d9WwOe1Nkh90EngMnqRmgyE
oRIShBh1loFxRVgAAAFu4tIc/gAABAMARzBFAiBqy9gNkgJWJt16djXMeDwQOwAM
r6vm+ixvTnrp9o+z4QIhAMKrZ7u/05YU1JORHcq26FwFG8Ga3bdKxxFMfQId6/ST
AHcAB7dcG+V9aP/xsMYdIxXHuuZXfFeUt2ruvGE6GmnTohwAAAFu4tIdNQAABAMA
SDBGAiEA7bpqOgwh2MWgj2umpFUkpMB5RIp/xsW687fXQcDDw7QCIQCh/evGkFVO
hSaw5xWegFXiG8nHW2MbqyTR4NNeFMOxojANBgkqhkiG9w0BAQsFAAOCAQEAlqVT
h2TM04xBmPtxYLAsJHJAD6YlIPbPTlRayWeJC3YXEMNengiFbgWBDwU95FeGNYP9
WFK8lMUazwzfvTA1UYX6p/v0QkCr3WqNeOxovh5XNvjxKNmuz1cdICQzSUsQ00KU
aWs0LeuWNFdyGmyjaVwDBYiyTraUFO14bMRoyBRc/d/3lQUuwMkuIUP1iqnlIFMg
JJCPFPcDyK2Erjejz7rdjOFmz8bTmtd8bMZdeTGgxu9DBsSUyzBGQNznwNfwNm2f
9djcby2ZQf75mSdL6hrMiF8+3IpDpduwtx0VevRZTlIvCrP2HGdI04DVVoc1aoqF
b29Olr+urqCtMGlS6Q==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3/Udx1JDCMeFIEa94Jg7
e8sXc/Ob7JNmlkNVm7XewTFUSagneYmEVcPBICkU7ngfcY+Dd5t/l6352uPdSl8W
+7DjHRHKjjVlM2eQooZQu7qrV428dqUINo17AVxfo1LnM+sHJBtZPi5C6NCGuzrn
OUmUWR5RBXIfOkMd/WXeKceOc74Y4Dfmqp/GNOFxpR1A/nCoY5pNzKC+4y9nO7c4
Q78ojk6GJFwwLYEye9MZbb+Me8lt8Is6vS9SXDGMRypj/QdBMoaRA50wxdFiNh50
peJzd/m2GOQNQdnItdcw9XpW7xdRLrK8jpPN+tMOwTneqCtIrJSRR25bLEEdB+7p
wcXmnLQK0o5gIliYt9bPbFhycyaEzh4/fn8K+VNOTltbW7XWUrVE4N0aXDnG+J92
BCPluZrSty23G0GdzKCjVWljw4cfmgnu6mxB+6JPVGp82R7Wz17peNGNutjOLMRR
TOlzfF+zWmQVSgVt6gUZLzvfpUfOoSXSabVOEH36au/JDZnxovgGfWz+x2IYfRpX
5oJJRIVu30sJNj+p02fD7WclVTmsy0fTEEg5OteW7PHaFtfhnUiqxqLNPeUpXCEB
jQVff29jFTWmXdmneJkeddGeeXOtk68lMRZSplXYu8rLKU7lIaIocce/5z4KIGtR
QjoXXfk7hx8Jav8fdYbHcOUCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 279601590625120801916219271444164161054181
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-12-07 23:04:11 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-06 23:04:11 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'staging.ochsnerhockey.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 913666827761000050547146998257290260066575697305993479732069157815177547296192208890758638552656756392938222437487981254761428541504198329484381459192522548859126047893150616663618342175203720909151897268034366656829021342208747410794698263360743426995664265524694540230883747618908338924307437077818441657734547625159984088849488948774577141757318982732721508591073186301777359232939844559661923081501870903494308676007710709259733067241891533638964031284016339056725704430576698598602069047958071680811184568392651952991042937679709396031696331133400975771610657596280628282776453437410754623596855419687909795511587539011450528079304472299529794788713830709647305346682319354605259131013635466664924549347881908594701103451574463769063970255336135918562949279721357421818651381914548143994893940141202994306100527916534118979415976725896268751599733538319447567721381133949444834872126688540792227092329672148903886714976461536475300407677005395353304262065192877401565157518611321797211499408019356598715215712681864745681735426152093563348207460076260004912333027369864779348993563215901705448630659855203995271516562987181054836551349225711117419556515678380130467662127733776806683190077017152448503251678375942742327956041957
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							c036161f4751686b92f05f1aea1317fb5221f744
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.ochsnerhockey.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f10076005ea773f9df56c0e7b536487dd049e0327a919a0c84a1121284187596817145580000016ee2d21cfe000004030047304502206acbd80d92025626dd7a7635cc783c103b000cafabe6fa2c6f4e7ae9f68fb3e1022100c2ab67bbbfd39614d493911dcab6e85c051bc19addb74ac7114c7d021debf49300770007b75c1be57d68fff1b0c61d2315c7bae6577c5794b76aeebc613a1a69d3a21c0000016ee2d21d350000040300483046022100edba6a3a0c21d8c5a08f6ba6a45524a4c079448a7fc6c5baf3b7d741c0c3c3b4022100a1fdebc690554e8526b0e7159e8055e21bc9c75b631bab24d1e0d35e14c3b1a2
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0096a5538764ccd38c4198fb7160b02c2472400fa62520f6cf4e545ac967890b761710c35e9e08856e05810f053de457863583fd5852bc94c51acf0cdfbd30355185faa7fbf44240abdd6a8d78ec68be1e5736f8f128d9aecf571d202433494b10d34294696b342deb963457721a6ca3695c030588b24eb69414ed786cc468c8145cfddff795052ec0c92e2143f58aa9e520532024908f14f703c8ad84ae37a3cfbadd8ce166cfc6d39ad77c6cc65d7931a0c6ef4306c494cb304640dce7c0d7f0366d9ff5d8dc6f2d9941fef999274bea1acc885f3edc8a43a5dbb0b71d157af4594e522f0ab3f61c6748d380d55687356a8a856f6f4e96bfaeaea0ad306952e9