webmail.hyvarisenpaja.fi
Issued by R3
About this certificate
This digital certificate with serial number 04:e4:c1:b5:9d:60:54:a1:09:5c:29:fa:b8:94:fa:fc:eb:e4 was issued on by Let's Encrypt.
With 12 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=webmail.hyvarisenpaja.fi
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 04:e4:c1:b5:9d:60:54:a1:09:5c:29:fa:b8:94:fa:fc:eb:e4Serial Number (int): 426291007385903242620181214930470000454628
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 4b:64:51:f4:f5:16:5e:db:b0:0a:72:ed:0e:2d:3d:50:98:0f:91:ac
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 6d:8f:9a:1e:d2:24:8e:dd:59:81:f5:30:a4:45:91:a1:38:8c:d3:bb
Fingerprint (sha256): 80:9b:3d:c2:9f:37:8b:22:22:9d:61:fe:57:61:d7:cb:40:16:63:54:7c:79:71:1f:d4:0e:15:1c:f9:5c:58:9a
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate webmail.hyvarisenpaja.fi
12
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for webmail.hyvarisenpaja.fi
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
autodiscover.hyvarisenpaja.fi
cpanel.hyvarisenpaja.fi
cpcalendars.hyvarisenpaja.fi
cpcontacts.hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.my.ee
mail.hyvarisenpaja.fi
mail.hyvarisenpaja.my.ee
webdisk.hyvarisenpaja.fi
webmail.hyvarisenpaja.fi
www.hyvarisenpaja.fi
www.hyvarisenpaja.my.ee
cpanel.hyvarisenpaja.fi
cpcalendars.hyvarisenpaja.fi
cpcontacts.hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.my.ee
mail.hyvarisenpaja.fi
mail.hyvarisenpaja.my.ee
webdisk.hyvarisenpaja.fi
webmail.hyvarisenpaja.fi
www.hyvarisenpaja.fi
www.hyvarisenpaja.my.ee
Other certificates including the domain name hyvarisenpaja.fi
(limited to 100 certificates)
hyvarisenpaja.fi
hyvarisenpaja.fi
mail.hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
cpanel.hyvarisenpaja.fi
webmail.hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
autodiscover.hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
cpcalendars.hyvarisenpaja.fi
hyvarisenpaja.fi
mail.hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
cpanel.hyvarisenpaja.fi
webmail.hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
autodiscover.hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
hyvarisenpaja.fi
cpcalendars.hyvarisenpaja.fi
Certificate
The complete raw certificate details for webmail.hyvarisenpaja.fi in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGGDCCBQCgAwIBAgISBOTBtZ1gVKEJXCn6uJT6/OvkMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDA0MDcyMzM2MTlaFw0yNDA3MDYyMzM2MThaMCMxITAfBgNVBAMT GHdlYm1haWwuaHl2YXJpc2VucGFqYS5maTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAMgKswriHfNR81ly5nDW+f9YqnbyYeaD+YJ5qXE58sv585j+aCeu V4m53rejKaDSXmoC/ELnG38kO/8PxKpRHFCPxX068oHdsN5zIuELnmSAkCy04XDG rAulxG8Y/2NntyLzQUAW/HNcp8TQcIQIztTFuMYLgkV2CA6mEpzeQrBubWxT006j LHxJ9HbPDsYKdr0CR1RhqUh89WFHANer1uRmweTk8dOntl3B7V0gFXU75e8eIZN1 Qozst8qMaVv0sRg9MTEAMvjueesPeEtN0/hsxInSuauavcvgp9doP0FO8dCc4w1V Nzh8fJEkagGESaZmXkknMBECaeKmHMJaKf0CAwEAAaOCAzUwggMxMA4GA1UdDwEB /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/ BAIwADAdBgNVHQ4EFgQUS2RR9PUWXtuwCnLtDi09UJgPkawwHwYDVR0jBBgwFoAU FC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzAB hhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5p LmxlbmNyLm9yZy8wggE7BgNVHREEggEyMIIBLoIdYXV0b2Rpc2NvdmVyLmh5dmFy aXNlbnBhamEuZmmCF2NwYW5lbC5oeXZhcmlzZW5wYWphLmZpghxjcGNhbGVuZGFy cy5oeXZhcmlzZW5wYWphLmZpghtjcGNvbnRhY3RzLmh5dmFyaXNlbnBhamEuZmmC EGh5dmFyaXNlbnBhamEuZmmCE2h5dmFyaXNlbnBhamEubXkuZWWCFW1haWwuaHl2 YXJpc2VucGFqYS5maYIYbWFpbC5oeXZhcmlzZW5wYWphLm15LmVlghh3ZWJkaXNr Lmh5dmFyaXNlbnBhamEuZmmCGHdlYm1haWwuaHl2YXJpc2VucGFqYS5maYIUd3d3 Lmh5dmFyaXNlbnBhamEuZmmCF3d3dy5oeXZhcmlzZW5wYWphLm15LmVlMBMGA1Ud IAQMMAowCAYGZ4EMAQIBMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYASLDja9qm RzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGOuyJtjQAABAMARzBFAiB3SB05 OsCdeTysjFparCwenXY6BBxWzbITpEobNS2sswIhAN7TtKiXM4q6AGSfHXKCNuqf ANtPaj8KGGKun1f9/bvPAHcAPxdLT9ciR1iUHWUchL4NEu2QN38fhWrrwb8ohez4 ZG4AAAGOuyJtkQAABAMASDBGAiEAniz4xim2fQQP9kOzg859yYSUaat0ZNtpgpW9 AVfZHAoCIQDTnN/MPlPcc2og3bvhJliNQXf0yQEOz0iOxSOs4HAp2zANBgkqhkiG 9w0BAQsFAAOCAQEAM7zu8Tc49TvOFZqBXjXesoTmvIEeqz+ckuNOVx1Ks0P/SIPy s2CtPZuReausWYJZfEEqpBmXYHsJd8c4OlrcLsF7h4jBQNcm/QKCHYzeMa/ybJoa XYNwVQ7b6qATwZ3P5fnEWsFIf4o/wjfDTogFYqdZBFBVdpoU0tFWyhjft+WziXg4 970c/cOyNNoMtW+Jry/++hutQF9R1yrftGsAEiy72nCe9FPT3sfC9eaPcNk9P5sD jvGo4pzBFYtx3iNcu3qoZuuTxcbN7O6ZXGmzTfibf6SGM72mfO20ET/ReXDPr9Gp 4RDIxkpwWghtZD2TLMqZLQJauquApQO+eRNJtw== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAqzCuId81HzWXLmcNb5 /1iqdvJh5oP5gnmpcTnyy/nzmP5oJ65Xibnet6MpoNJeagL8QucbfyQ7/w/EqlEc UI/FfTrygd2w3nMi4QueZICQLLThcMasC6XEbxj/Y2e3IvNBQBb8c1ynxNBwhAjO 1MW4xguCRXYIDqYSnN5CsG5tbFPTTqMsfEn0ds8Oxgp2vQJHVGGpSHz1YUcA16vW 5GbB5OTx06e2XcHtXSAVdTvl7x4hk3VCjOy3yoxpW/SxGD0xMQAy+O556w94S03T +GzEidK5q5q9y+Cn12g/QU7x0JzjDVU3OHx8kSRqAYRJpmZeSScwEQJp4qYcwlop /QIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 426291007385903242620181214930470000454628 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-07 23:36:19 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-06 23:36:18 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'webmail.hyvarisenpaja.fi' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25252937056505826169610998763363497300705713352374613495710623337403774882564783997673449578455330028958625857639077411995849788754776720516980408811027276011252088724050453688215474490398047915701497833147732271325011182330467632906830622639803064190110707846510020378421849882369311737464031977847581616097051143256042772936788677776787757914287019534603309832856265339396304945244409934898707125017966037259033852494127444789235226690461962404642332366530932519926563467891598943576389538490863580275994406359227278684764928043874284958309022620078177961893484371338254135334415212681336664869737650760889667299837 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 4b6451f4f5165edbb00a72ed0e2d3d50980f91ac . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (306 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.hyvarisenpaja.fi' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cpanel.hyvarisenpaja.fi' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cpcalendars.hyvarisenpaja.fi' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cpcontacts.hyvarisenpaja.fi' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hyvarisenpaja.fi' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hyvarisenpaja.my.ee' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mail.hyvarisenpaja.fi' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mail.hyvarisenpaja.my.ee' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webdisk.hyvarisenpaja.fi' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webmail.hyvarisenpaja.fi' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hyvarisenpaja.fi' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hyvarisenpaja.my.ee' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f100760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018ebb226d8d0000040300473045022077481d393ac09d793cac8c5a5aac2c1e9d763a041c56cdb213a44a1b352dacb3022100ded3b4a897338aba00649f1d728236ea9f00db4f6a3f0a1862ae9f57fdfdbbcf0077003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018ebb226d9100000403004830460221009e2cf8c629b67d040ff643b383ce7dc9849469ab7464db698295bd0157d91c0a022100d39cdfcc3e53dc736a20ddbbe126588d4177f4c9010ecf488ec523ace07029db . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0033bceef13738f53bce159a815e35deb284e6bc811eab3f9c92e34e571d4ab343ff4883f2b360ad3d9b9179abac5982597c412aa41997607b0977c7383a5adc2ec17b8788c140d726fd02821d8cde31aff26c9a1a5d8370550edbeaa013c19dcfe5f9c45ac1487f8a3fc237c34e880562a759045055769a14d2d156ca18dfb7e5b3897838f7bd1cfdc3b234da0cb56f89af2ffefa1bad405f51d72adfb46b00122cbbda709ef453d3dec7c2f5e68f70d93d3f9b038ef1a8e29cc1158b71de235cbb7aa866eb93c5c6cdecee995c69b34df89b7fa48633bda67cedb4113fd17970cfafd1a9e110c8c64a705a086d643d932cca992d025abaab80a503be791349b7