veterans.oneok.com

Issued by R3

About this certificate

This digital certificate with serial number 04:99:3b:be:a8:01:9d:c3:d4:f5:5a:8d:51:dd:8f:20:a3:d1 was issued on by Let's Encrypt.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=veterans.oneok.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:99:3b:be:a8:01:9d:c3:d4:f5:5a:8d:51:dd:8f:20:a3:d1
Serial Number (int): 400591760261671870618882001575131681432529
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 32:b8:41:f1:c3:6c:26:e2:3b:17:ee:8c:65:82:0b:8e:6e:71:93:ee
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): b2:6c:c7:9b:f5:ae:d1:30:02:c2:3b:b7:60:0a:81:ea:20:6d:c0:ff
Fingerprint (sha256): 86:ef:af:ef:9a:f1:08:10:b4:47:c3:17:ab:16:e4:3c:58:7f:5d:88:67:bc:be:93:6c:cc:a5:5a:47:7e:1b:8e

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate veterans.oneok.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for veterans.oneok.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

veterans.oneok.com

Other certificates including the domain name oneok.com

(limited to 100 certificates)
srvise01poke.oneok.com
*.crm.oneok.com
veterans.oneok.com
securemail.oneok.com
*.oneok.com
mobile-t.oneok.com
veterans.oneok.com
veterans.oneok.com
bomgar.oneok.com
*.crm.oneok.com
sp.crmtest.oneok.com
veterans.oneok.com
yourtgsaccount.oneok.com
remote.oneok.com
*.testcrm.oneok.com
*.oneok.com
bomgar.oneok.com
sip.oneok.com
wireless.oneok.com
mail.oneok.com
*.crmlab1.oneok.com
camweb-kmcmc.oneok.com
veterans.oneok.com
apps.oneok.com
*.crm.oneok.com
securemail.oneok.com
citrix.oneok.com
mail.oneok.com
*.testcrm.oneok.com
*.crmlab1.oneok.com
bomgar.oneok.com
*.crmlab1.oneok.com
camweb-kmcmc.oneok.com
oneokadfstest.oneok.com
mail.oneok.com
sp.crm.oneok.com
www.oneok.com
vpn.oneok.com
notificationpostback.oneok.com
bomgar.oneok.com
*.testcrm.oneok.com
oneokadfs3.oneok.com
*.oneok.com
opcapps.oneok.com
oneokadfs3.oneok.com
*.dyn.oneok.com
mobile.oneok.com
sip.oneok.com
mobile.oneok.com
video.oneok.com
yourkgsaccount.oneok.com
*.crmlab1.oneok.com
veterans.oneok.com
sp.crm.oneok.com
*.oneok.com
TDCISEASX11POKE.oneok.com
video.oneok.com
ess.oneok.com
veterans.oneok.com
*.oneok.com
veterans.oneok.com
ir.oneok.com
veterans.oneok.com
sip.oneok.com
apps.oneok.com
mail.oneok.com
mail.oneok.com
mobile.oneok.com
veterans.oneok.com
veterans.oneok.com
remote.oneok.com
oneok.com
ppsyslog.oneok.com
*.dyn.oneok.com
keeper.oneok.com
mail.oneok.com
swamrv50.oneok.com
*.dyn.oneok.com
*.gis.oneok.com
exchange.oneok.com
vpn.oneok.com
keeperdev.oneok.com
oneok.com
mail.oneok.com
veterans.oneok.com
ir.oneok.com
ir.oneok.com
notificationpostback.oneok.com
wireless.oneok.com
test.oneok.com
veterans.oneok.com
git.oneok.com
veterans.oneok.com
veterans.oneok.com
TDCISEASX11POKE.oneok.com
*.dyn.oneok.com
*.CRM1.ONEOK.COM
yourongaccount.oneok.com
camweb-ofs.oneok.com
*.oneok.com

Certificate

The complete raw certificate details for veterans.oneok.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGKTCCBRGgAwIBAgISBJk7vqgBncPU9VqNUd2PIKPRMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMDYxNDI3MDFaFw0yMjAzMDYxNDI3MDBaMB0xGzAZBgNVBAMT
EnZldGVyYW5zLm9uZW9rLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBALoGZ8AZodT5CsdKVG0h3PwZ/xUjM6o5K4+70gzgiP5dBqYAKaw0bPanskT/
zhz5JIFOd1UE9gxx5Ze3ERzxYxcGU1sPtIUFysdbtRmEm/TeeuqQ/7u6O0D5tOaj
cxMCmrr15ZLdExa7oS2B0t9kg/qAuRWU8U7KSvRv5VGX5sR93wvA6SbCG6rc/wTU
Sh22bd8+tGViyYNJSnijcxj27sHivKs9jfSXYb6YX8rRAukHwSVeCg873JA/wtfs
iKElZqzSBSqJQQFMVlbX6tN39Ufqn8LFA20D83oCxYfS2x1e9oPNiPXT9igpVRqm
24X56rRrHPZloAS40Y/bNDBdM3g7gZey+AYDNwNpgGhd8q0pFb37loF2VNVLtCmL
bKQdvy6DmZ0Y/Y5o9kvnRyrOBFtNYjV9vNMNdTAU7EiKr+HUjaJlthec0+OXkVH9
CweSZPV0JEIDXRIbxIT9ShX0rMyTaFb/C82+BqhRoSLLep7qdplt5U9g8ywSAStC
BeJR9nMKS8NluALQqt6YCDrra5gRXgGjhwDzFZtwlwrgVTttGBPZrAuKUmAxjv8Q
dChm9HvqOETIYCrD+uc1lZvsfXtRIPhhpf4UptFg+2z5yCIRZ4hXyQ9roLfvzl8d
VBxPUKS5J2kWXrTZGeCI6YVLeb8CzcYagOq2v69+Td8R7TgxAgMBAAGjggJMMIIC
SDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDK4QfHDbCbiOxfujGWCC45ucZPuMB8G
A1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAh
BggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZo
dHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEnZldGVyYW5zLm9uZW9r
LmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsG
AQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkC
BAIEgfQEgfEA7wB2ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAAB
fZBa+ewAAAQDAEcwRQIhAKf6aG9HU3D2pH+1/0yPlRnRo5dQFnXq8bKQYhOxiUk+
AiAJFeafrkoEjrmGl6CEO7cNSfkUroKmm34wz3ROaLzEPAB1AG9Tdqwx8DEZ2JkA
pFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABfZBa+zgAAAQDAEYwRAIgHYEzCLxUmMGe
OABs67K5v4qCKR40oJVsQBEOY3DKaaQCIGcxKFPFmARdgwDs2eAIYtAD85ny5t9F
PV+5ABXhtQffMA0GCSqGSIb3DQEBCwUAA4IBAQB+frdEIrnOFQ7zorTlEyPvd4Kx
PJusAWn8feeh14LLgxtxWFTOFrdNj3bR7as8cJ+UmX2C40JPqIRzpXblRL6BMAeM
ClQPPeSoe834FVMomstqMoiInVnQHK52Z19VffXtn6tsFNRN0/l5b3Y8aptwjDzX
uQptwv6O4B41IrcxrjblySXWld5TBCJIkoh/qw5z3aPkjtVIyDw0RGSJh4q6VQn7
KWwR+YPIxF9Dk4tERGH/8qUc7f16q2Zsj/lZjf84aOT5w3KeeKSWcmYJfsL+5UZh
S9/jaxT1tnAAx2SLIN0vs3hi0P05DesbkWafpj8CjqqkS83WNiRmvQNs8P6h
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAugZnwBmh1PkKx0pUbSHc
/Bn/FSMzqjkrj7vSDOCI/l0GpgAprDRs9qeyRP/OHPkkgU53VQT2DHHll7cRHPFj
FwZTWw+0hQXKx1u1GYSb9N566pD/u7o7QPm05qNzEwKauvXlkt0TFruhLYHS32SD
+oC5FZTxTspK9G/lUZfmxH3fC8DpJsIbqtz/BNRKHbZt3z60ZWLJg0lKeKNzGPbu
weK8qz2N9JdhvphfytEC6QfBJV4KDzvckD/C1+yIoSVmrNIFKolBAUxWVtfq03f1
R+qfwsUDbQPzegLFh9LbHV72g82I9dP2KClVGqbbhfnqtGsc9mWgBLjRj9s0MF0z
eDuBl7L4BgM3A2mAaF3yrSkVvfuWgXZU1Uu0KYtspB2/LoOZnRj9jmj2S+dHKs4E
W01iNX280w11MBTsSIqv4dSNomW2F5zT45eRUf0LB5Jk9XQkQgNdEhvEhP1KFfSs
zJNoVv8Lzb4GqFGhIst6nup2mW3lT2DzLBIBK0IF4lH2cwpLw2W4AtCq3pgIOutr
mBFeAaOHAPMVm3CXCuBVO20YE9msC4pSYDGO/xB0KGb0e+o4RMhgKsP65zWVm+x9
e1Eg+GGl/hSm0WD7bPnIIhFniFfJD2ugt+/OXx1UHE9QpLknaRZetNkZ4IjphUt5
vwLNxhqA6ra/r35N3xHtODECAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 400591760261671870618882001575131681432529
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-12-06 14:27:01 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-03-06 14:27:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'veterans.oneok.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 758915871815869422119687858394990343508086306050924188004225405639324512364232765985376294438508184652765817832960822719698304377414890812687242471930438873512218363196377977874294002594038617419285162292423534741815237217598569051437065863641831349174401543982025222895089492215262862979995621353697474922786031598871935163897976599554465821640474531718586320797844786491000596398155963566035344592012598159115592395746909137708763742986524334441838239399432385183443200764555319060946211023872890937142779698480231721032555715971435378041787512345676309586040470067004069744577009891112672217671678194320402756561213209078473355713496509514376701532226123119933779968527870328520713249108628262108070709243785930200244473148483929827311960564102929575046291986401585135785420132257029362827674944311282820913884136814168014063111519854138983352211075171356201957270552438741218565149799890427873456295731479702325703706073496650577387693765166431061825644626393920860178725918336117149186737870862750826468306642272621769894074935192239359063217779751740334356607151764036857675231624595472903659467746495001696262048139689513820370042398827891208992930829754748649711039316893923100437599394560643522359358363159349461330177112113
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							32b841f1c36c26e23b17ee8c65820b8e6e7193ee
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'veterans.oneok.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef0076002979bef09e393921f056739f63a577e5be577d9c600af8f94d5d265c255dc7840000017d905af9ec0000040300473045022100a7fa686f475370f6a47fb5ff4c8f9519d1a397501675eaf1b2906213b189493e02200915e69fae4a048eb98697a0843bb70d49f914ae82a69b7e30cf744e68bcc43c0075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000017d905afb38000004030046304402201d813308bc5498c19e38006cebb2b9bf8a82291e34a0956c40110e6370ca69a4022067312853c598045d8300ecd9e00862d003f399f2e6df453d5fb90015e1b507df
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		007e7eb74422b9ce150ef3a2b4e51323ef7782b13c9bac0169fc7de7a1d782cb831b715854ce16b74d8f76d1edab3c709f94997d82e3424fa88473a576e544be8130078c0a540f3de4a87bcdf81553289acb6a3288889d59d01cae76675f557df5ed9fab6c14d44dd3f9796f763c6a9b708c3cd7b90a6dc2fe8ee01e3522b731ae36e5c925d695de5304224892887fab0e73dda3e48ed548c83c34446489878aba5509fb296c11f983c8c45f43938b444461fff2a51cedfd7aab666c8ff9598dff3868e4f9c3729e78a4967266097ec2fee546614bdfe36b14f5b67000c7648b20dd2fb37862d0fd390deb1b91669fa63f028eaaa44bcdd6362466bd036cf0fea1