*.remondis.ch

Issued by SwissSign RSA TLS DV ICA 2022 - 1

About this certificate

This digital certificate with serial number 18:e5:79:35:04:3b:af:f3:ea:dd:4b:c1:54:46:f6:af:16:6b:f8:be was issued on by SwissSign AG.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=*.remondis.ch

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate will expire on

Certificate Details

Serial Number (hex): 18:e5:79:35:04:3b:af:f3:ea:dd:4b:c1:54:46:f6:af:16:6b:f8:be
Serial Number (int): 142133207777425677325194308580648974696101705918
Serial Number lenght: 157 bits, 20 octets

SubjectKeyId: 21:74:20:ee:fe:3a:97:76:21:83:2f:f5:e1:ff:e3:51:e7:3a:79:94
AuthorityKeyId: eb:bd:7f:49:93:8c:c9:ee:ec:a2:ba:f7:1c:d2:67:f0:83:b1:ea:de

Fingerprint (sha1): 0f:c1:c8:98:56:83:1f:70:bb:5b:13:d6:e6:4e:f6:ab:15:01:e3:7a
Fingerprint (sha256): 81:f9:b3:29:0c:fd:90:be:e3:9f:0f:ac:20:0e:36:4a:5f:c0:b8:22:f7:25:52:39:c8:29:6f:6f:52:91:0b:4b

Issuing Certificate URL: http://aia.swisssign.ch/air-1b863385-f4a9-47fa-88a5-2a5abfd4a167

Revocation information

OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
CRL Distribution Point: http://crl.swisssign.ch/cdp-679723b2-8641-4642-8500-f6d2ff37e6ba

Check the revocation status for certificate *.remondis.ch

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.remondis.ch

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.remondis.ch
remondis.ch

Other certificates including the domain name remondis.ch

(limited to 100 certificates)
*.remondis.ch
remondis.ch
remondis.ch
remote.remondis.ch
remondis.ch
remondis.ch
remondis.ch
*.remondis.ch
remondis.ch
cloud.remondis.ch
remondis.ch
remondis.ch
remondis.ch
remondis.ch
remondis.ch
remondis.ch
*.remondis.ch
remondis.ch
remondis.ch
remondis.ch
*.remondis.ch
remondis.ch
*.remondis.ch
remondis.ch
remondis.ch
remondis.ch

Certificate

The complete raw certificate details for *.remondis.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIfTCCBmWgAwIBAgIUGOV5NQQ7r/Pq3UvBVEb2rxZr+L4wDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE
AxMhU3dpc3NTaWduIFJTQSBUTFMgRFYgSUNBIDIwMjIgLSAxMB4XDTI0MDMyMTEx
MDUxMVoXDTI1MDMyMTExMDUxMVowGDEWMBQGA1UEAwwNKi5yZW1vbmRpcy5jaDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUBP/8R8z068mvJbscUmJSI
yyZY1IkNHturhk0EAqzNQC1z5PVlR2hLHQI0JrwsUebaEfOSfBz8ZEu3k9TKYopK
XFC9Uvzrq5ohxYo5xj8yxVxjfPKkwvk6RcgEdnwXTLEX4bIk2Nzomaew9h/Yabop
DUgN6C9KNUsZRN7XC8ukbJEHLRPa1wmkyGYMxa9iWNi3KS9EEB7q8RbOY1Svba3E
FrOOCjOoDNcqTX4yxQhdIDe9MALfiakIRkKqLouHOjg9wlF3Z+QuqIEzh7ITVgKI
gD9mwhdz/HBPL3ZSyDn8pFSSF6TSeSzCCIFvRK+oPJyQ33Y89sdVaWKhW8OXGjEC
AwEAAaOCBIUwggSBMIGyBggrBgEFBQcBAQSBpTCBojBMBggrBgEFBQcwAoZAaHR0
cDovL2FpYS5zd2lzc3NpZ24uY2gvYWlyLTFiODYzMzg1LWY0YTktNDdmYS04OGE1
LTJhNWFiZmQ0YTE2NzBSBggrBgEFBQcwAYZGaHR0cDovL29jc3Auc3dpc3NzaWdu
LmNoL3NpZ24vb2NzLWFhY2NjZWQ1LTY2ZTgtNDA2OS05YjFiLWZkMjlhYjczZWZl
YzBvBgNVHSAEaDBmMAgGBmeBDAECATAIBgYEAI96AQYwUAYIYIV0AVkCAQEwRDBC
BggrBgEFBQcCARY2aHR0cHM6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vU3dp
c3NTaWduX0NQU19UTFMucGRmMFEGA1UdHwRKMEgwRqBEoEKGQGh0dHA6Ly9jcmwu
c3dpc3NzaWduLmNoL2NkcC02Nzk3MjNiMi04NjQxLTQ2NDItODUwMC1mNmQyZmYz
N2U2YmEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQE
AwIFoDAlBgNVHREEHjAcgg0qLnJlbW9uZGlzLmNoggtyZW1vbmRpcy5jaDAdBgNV
HQ4EFgQUIXQg7v46l3Yhgy/14f/jUec6eZQwHwYDVR0jBBgwFoAU671/SZOMye7s
orr3HNJn8IOx6t4wggJuBgorBgEEAdZ5AgQCBIICXgSCAloCWAB2AFWB1MIWkDYB
SuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABjmCvuPMAAAQDAEcwRQIgcIOdfARX
zqK3lerySWXTxA46bXnfjJpXxaN9+sjhWl0CIQDdzZUD2XzXdmGk0WoLqZHMy1rw
kvcS57CRVkMY1s8qDAB2ACjigTj9gyFF6anWqnU3bYN3qIUSs8B/ckFIIdy96Yxm
AAABjmCvun0AAAQDAEcwRQIhAJC38epiMkAM/+4xY06DNAhgijvCz0jRm1GvgeU0
bYHJAiAuKmEqgVZkJmr0519aiPzB22yMRtmmcnAVWxUhwHlEZAB3AM8RVu7VLnyv
84db2Wkum+kacWdKsBfsrAHSW3fOzDsIAAABjmCvtmIAAAQDAEgwRgIhAK980CoY
CwfZ3qd1lZzh6oIlIETdCaHZfBNmyTAD1+VcAiEA18mJqAcd3enLAEHi5FCYhfte
xBgYp8NDqu1yyPM5QI8AdQDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2XjbapflTA/kwN
sAAAAY5gr7cmAAAEAwBGMEQCIGvsUqSAM5w82YKOIAdIzJgDEA2oN4pTDEJqGd29
lIUVAiBrlCI4ii9hdHXy73vc9Pb9Rk3j7jYFR09s04q8pPV3EgB2AE51oydcmhDD
OFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjmCvtn0AAAQDAEcwRQIhAI5dxXnV
a2daLpmV71+uaXN5NeCAgYxQRgTJKrGPTTrlAiBJgISqfeEfSPLPVvQp5sX42+29
xukGC3/r1xNBhs/4uzANBgkqhkiG9w0BAQsFAAOCAgEAkcwMKucr2bKpUYisVT3s
IpuhFKecQUzW9Zti7KH7iNJJjqYtp3CLnwbb7eHBckTXBRAD7YsTfc2v0tcyuWzm
p1ymXM7vTlJCYdtrhG8X8z0IseloOTD0hTeDlfX6fm9zden60ii2Iam4NQS07Abf
Ue0XXN0lxX71X+M0r+GDu45zS2x9KhgavPtmvPyhhm5hyqUh+iaMW6jfBj87z7n8
i4l0pA1i3fuIfT3bRRx0yYV5JWEXv9MPDNgHwB8xnM899S4K21zjwVR0BrRcF/AJ
u9XC3NdU6hxByJ/2fqYRpQKlkovoPcRZIFqmqsOwHGGoeKAjxu62ImMDEi510huD
+1qTnvuKaCAYpzJFqW3x2t9SyZqo886ZlLverkCn5xI78I0zeCnheX/EQcbEf2nF
ufx33y7iDQgnJeUZaRy4NQYicMjhWyGwFTf+vCBBHTRCJ9jHov+Fzez6zGLA9wIw
+pR+UuT/YKhOA51JW3gGr9h6Evck0CP2d/phE0bgXWIhdprGan6eIoPVyuoKna8H
oKHLo0ykfryDZMF62uM+MZW2TB+Y1Pg+rA3imGL6+fpagjcrvh1IrhXP8HZIhvKR
qr8CZsCA08Hg0cqqk1TyeVItTwJcEzgMnBfb+BXtGVvR/YLsAISyN1pF9yPLabDn
3Ux41cbBVzERWV5wMboVsBQ=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQE//xHzPTrya8luxxSY
lIjLJljUiQ0e26uGTQQCrM1ALXPk9WVHaEsdAjQmvCxR5toR85J8HPxkS7eT1Mpi
ikpcUL1S/OurmiHFijnGPzLFXGN88qTC+TpFyAR2fBdMsRfhsiTY3OiZp7D2H9hp
uikNSA3oL0o1SxlE3tcLy6RskQctE9rXCaTIZgzFr2JY2LcpL0QQHurxFs5jVK9t
rcQWs44KM6gM1ypNfjLFCF0gN70wAt+JqQhGQqoui4c6OD3CUXdn5C6ogTOHshNW
AoiAP2bCF3P8cE8vdlLIOfykVJIXpNJ5LMIIgW9Er6g8nJDfdjz2x1VpYqFbw5ca
MQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 142133207777425677325194308580648974696101705918
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS DV ICA 2022 - 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-21 11:05:11 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-21 11:05:11 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.remondis.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24869562469290219860995348824429570009708479879794947152629180099049350067999889836111462227567248605091629209273039139854787025855578193886043012262180851557696107218304469039958354727844901605342017740738895489545139090193456287344204617167563529724476587157697355758760084671128948741546361505061320317914250453217246484127629291286715945660822262969860129472163266248736254430110841540071753630455629325634143446107475153669638379879120011555981195975874121540249384797790296803685698407700655535073834148266474063073617961618111417141937471093202441245170692472026152976101121230110648833313702692755761842821681
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-1b863385-f4a9-47fa-88a5-2a5abfd4a167'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-679723b2-8641-4642-8500-f6d2ff37e6ba'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.remondis.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'remondis.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							217420eefe3a977621832ff5e1ffe351e73a7994
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ebbd7f49938cc9eeeca2baf71cd267f083b1eade
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (606 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (602 bytes)
							02580076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000018e60afb8f30000040300473045022070839d7c0457cea2b795eaf24965d3c40e3a6d79df8c9a57c5a37dfac8e15a5d022100ddcd9503d97cd77661a4d16a0ba991cccb5af092f712e7b091564318d6cf2a0c00760028e28138fd832145e9a9d6aa75376d8377a88512b3c07f72414821dcbde98c660000018e60afba7d000004030047304502210090b7f1ea6232400cffee31634e833408608a3bc2cf48d19b51af81e5346d81c902202e2a612a815664266af4e75f5a88fcc1db6c8c46d9a67270155b1521c0794464007700cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018e60afb6620000040300483046022100af7cd02a180b07d9dea775959ce1ea82252044dd09a1d97c1366c93003d7e55c022100d7c989a8071ddde9cb0041e2e4509885fb5ec41818a7c343aaed72c8f339408f007500ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db00000018e60afb726000004030046304402206bec52a480339c3cd9828e200748cc9803100da8378a530c426a19ddbd94851502206b9422388a2f617475f2ef7bdcf4f6fd464de3ee3605474f6cd38abca4f577120076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018e60afb67d00000403004730450221008e5dc579d56b675a2e9995ef5fae69737935e080818c504604c92ab18f4d3ae50220498084aa7de11f48f2cf56f429e6c5f8dbedbdc6e9060b7febd7134186cff8bb
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0091cc0c2ae72bd9b2a95188ac553dec229ba114a79c414cd6f59b62eca1fb88d2498ea62da7708b9f06dbede1c17244d7051003ed8b137dcdafd2d732b96ce6a75ca65cceef4e524261db6b846f17f33d08b1e9683930f485378395f5fa7e6f7375e9fad228b621a9b83504b4ec06df51ed175cdd25c57ef55fe334afe183bb8e734b6c7d2a181abcfb66bcfca1866e61caa521fa268c5ba8df063f3bcfb9fc8b8974a40d62ddfb887d3ddb451c74c98579256117bfd30f0cd807c01f319ccf3df52e0adb5ce3c1547406b45c17f009bbd5c2dcd754ea1c41c89ff67ea611a502a5928be83dc459205aa6aac3b01c61a878a023c6eeb6226303122e75d21b83fb5a939efb8a682018a73245a96df1dadf52c99aa8f3ce9994bbdeae40a7e7123bf08d337829e1797fc441c6c47f69c5b9fc77df2ee20d082725e519691cb835062270c8e15b21b01537febc20411d344227d8c7a2ff85cdecfacc62c0f70230fa947e52e4ff60a84e039d495b7806afd87a12f724d023f677fa611346e05d6221769ac66a7e9e2283d5caea0a9daf07a0a1cba34ca47ebc8364c17adae33e3195b64c1f98d4f83eac0de29862faf9fa5a82372bbe1d48ae15cff0764886f291aabf0266c080d3c1e0d1caaa9354f279522d4f025c13380c9c17dbf815ed195bd1fd82ec0084b2375a45f723cb69b0e7dd4c78d5c6c1573111595e7031ba15b014