investisdigital.com

Issued by Amazon

About this certificate

This digital certificate with serial number 0a:b8:81:04:b8:83:1b:22:36:65:d5:eb:f8:a1:f8:d2 was issued on by Amazon.

With 8 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=investisdigital.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0a:b8:81:04:b8:83:1b:22:36:65:d5:eb:f8:a1:f8:d2
Serial Number (int): 14250279384674827359730840810924669138
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: d0:50:c2:86:e6:fd:b0:49:60:63:4d:6d:a7:f2:5b:ad:d5:4a:d6:94
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): d9:ec:02:a5:35:e4:0b:c4:19:dd:ff:f5:9d:5f:d0:53:ad:a0:1c:79
Fingerprint (sha256): 88:a3:19:f0:40:d7:3f:05:a0:24:89:1b:e0:45:aa:eb:6b:11:7e:c6:7c:e7:b9:3d:1c:af:9f:b4:57:14:d8:82

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate investisdigital.com

8

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for investisdigital.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

investisdigital.com
*.investisdigital.com
investis.com
*.investis.com
investisdigital.cloud
*.investisdigital.cloud
investis.cloud
*.investis.cloud

Other certificates including the domain name investisdigital.com

(limited to 100 certificates)
*.investisdigital.com
*.investisdigital.com
investisdigital.com
*.investisdigital.com
*.investisdigital.com
hello.investisdigital.com
*.investisdigital.com
prod-mid-euw3.investis.com
*.prod-mid-euw3.investisdigital.com
investisdigital.com
*.tools.investisdigital.com
news.investisdigital.com
events.investisdigital.com
events.investisdigital.com
madeby.investisdigital.com
blog.investisdigital.com
*.tools.investis.com
research.investisdigital.com
prod-mid-euw3.investis.com
investis.com
*.investisdigital.com
blog.investisdigital.com
*.investisdigital.com
meetings.investisdigital.com
updates.investisdigital.com
product.investisdigital.com
*.tools.investis.com
product.investisdigital.com
investisdigital.com
prod-mid-euw3.investis.com
investis.com
*.investisdigital.com
investis.com
*.investisdigital.com
investis.com
investisdigital.com
info.investisdigital.com
product.investisdigital.com
*.investisdigital.com
prod-mid-euw3.investis.com
*.investis.com
updates.investisdigital.com
*.tools.investis.com
www.investisdigital.com
www.investisdigital.com
www.investisdigital.com
hello.investisdigital.com
prod-mid-euw3.investis.com
*.investisdigital.com
investisdigital.com
www.investisdigital.com
*.investisdigital.com
investisdigital.com
html.investisdigital.com
investisdigital.com
www.investisdigital.com
updates.investisdigital.com
*.investisdigital.com
blog.investisdigital.com
investis.com
*.investisdigital.com
research.investisdigital.com
investisdigital.dev
staging.investis.com
investis.com
*.investisdigital.com
investis.com
*.investis.com
blog.investisdigital.com
product.investisdigital.com
investisdigital.com
*.investisdigital.com
investisdigital.com
meetings.investisdigital.com
madeby.investisdigital.com
investisdigital.com
*.investisdigital.com
*.investisdigital.com
hello.investisdigital.com
research.investisdigital.com
madeby.investisdigital.com
blog.investisdigital.com
info.investisdigital.com
*.investisdigital.com
info.investisdigital.com
research.investisdigital.com
info.investisdigital.com
research.investisdigital.com
www.investisdigital.com
staging.investis.com
*.tools.investisdigital.com
*.investisdigital.com
*.investisdigital.com
investis.com
investisdigital.com
*.did1-e1.investisdigital.com
madeby.investisdigital.com
investis.com
investisdigital.com
hello.investisdigital.com

Certificate

The complete raw certificate details for investisdigital.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIQCriBBLiDGyI2ZdXr+KH40jANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTAyMDcwMDAwMDBaFw0yMDAzMDcx
MjAwMDBaMB4xHDAaBgNVBAMTE2ludmVzdGlzZGlnaXRhbC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDslZnEJkuso6ZWcm2I0ouhCagGl7HTYPi+
LXqxCUv+RDDEeYYpbTrQzlTzmx3G7QJgZt/RMxI4+38F8xKf8czYyBmqxwukS+og
WjTBRC2ClMbu/CWaB5V/6uVupt9A88UeWa/YoZTbxlP0XsFk/SZha0R/NCw+Zf6g
tlDw/rfFYz1cBcqqiDyBnVEiBZWtxKnKFpU7nSoHO1o2JzC7W+tGyaYcB4lHwbu3
GUhsy5AYboOTh0kU6Lqp/COQ8hZEjK1pIsCJr6M3fvqTo8ranoFH06gwMhQ4JhKU
1aQFCRfJ8TjyHv8PhKtRMMStm7N63mqOQy8dnALDUz1m8VvnJxKbAgMBAAGjggMJ
MIIDBTAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQU
0FDChub9sElgY01tp/JbrdVK1pQwgacGA1UdEQSBnzCBnIITaW52ZXN0aXNkaWdp
dGFsLmNvbYIVKi5pbnZlc3Rpc2RpZ2l0YWwuY29tggxpbnZlc3Rpcy5jb22CDiou
aW52ZXN0aXMuY29tghVpbnZlc3Rpc2RpZ2l0YWwuY2xvdWSCFyouaW52ZXN0aXNk
aWdpdGFsLmNsb3Vkgg5pbnZlc3Rpcy5jbG91ZIIQKi5pbnZlc3Rpcy5jbG91ZDAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsG
A1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1c3QuY29t
L3NjYTFiLmNybDAgBgNVHSAEGTAXMAsGCWCGSAGG/WwBAjAIBgZngQwBAgEwdQYI
KwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5zY2ExYi5hbWF6
b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2NhMWIuYW1hem9u
dHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8EAjAAMIIBBAYKKwYBBAHWeQIE
AgSB9QSB8gDwAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFo
xp7gBQAABAMARzBFAiB6bl/mjrGfpq7gK4dvua877GTt6SovuSxnAhJMW5rLbgIh
ANpHjT8j2mf+GeRaDPQmIgU+48PCKlp/ZAyEDJD97ayXAHYAh3W/51l8+IxDmV+9
827/Vo1HVjb/SrVgwbTq/16ggw8AAAFoxp7g5gAABAMARzBFAiBtATTaNWLhuNDu
oalvCqWo0mzxIpb0d1/h/BygPP2WSQIhAKUn1FdMcXw4FUETRkGJzTHs+gKm/z1y
VEvpQinYWce0MA0GCSqGSIb3DQEBCwUAA4IBAQACpK5JnEb6wK6kWnr9Nk+mCchW
i8FG7G6hOiigLPJACNmaufpkYHVrMe1zUkfqwq75e5qYbiBxcQOu5jOCIxtrnAmY
gdPqUAUdjWmDlFw9blJ/vSt7LqXVzy94zLzMTwvsuxwgnEZVZuGSUF4meaMroxyF
fufwe6c8UAPfgzoXRJTwhzpqPYgupwh/MBz2AUnR/mqrm22mEpab4M6ZVu2/COpI
j0A2CSUjoQ7hMe0ipOcWyqFFgpLubYKVxjd+nO2F/K/OH9ZI+sb9cFLH2Zz+DbLQ
1SjzJw0rJUfyoWHp/P+giL+pRKS404MWYJu/LUITM/eFzgQpjGfz47DwBj2q
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7JWZxCZLrKOmVnJtiNKL
oQmoBpex02D4vi16sQlL/kQwxHmGKW060M5U85sdxu0CYGbf0TMSOPt/BfMSn/HM
2MgZqscLpEvqIFo0wUQtgpTG7vwlmgeVf+rlbqbfQPPFHlmv2KGU28ZT9F7BZP0m
YWtEfzQsPmX+oLZQ8P63xWM9XAXKqog8gZ1RIgWVrcSpyhaVO50qBztaNicwu1vr
RsmmHAeJR8G7txlIbMuQGG6Dk4dJFOi6qfwjkPIWRIytaSLAia+jN376k6PK2p6B
R9OoMDIUOCYSlNWkBQkXyfE48h7/D4SrUTDErZuzet5qjkMvHZwCw1M9ZvFb5ycS
mwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 14250279384674827359730840810924669138
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-02-07 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-07 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'investisdigital.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29866010801614072670935087310684122137183866482180471312767446902612118781935224360258286519969994746211340721735956641976362099127853996922424994651736135210159600397305542726892329140518798652694181558909151380528266489663628059432177497889229627127370792808191512999248626516742294988664080912642138458820833835798857533811558279580310248851309601253341837300737499747631491240063703587239959503716885916688122947686652525327872085841743677014861617605484242343864849895433040526536298794073476256719181908443202611487838258420014919744123772102643876011445029402946187756537457375828335602063899143106833230008987
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d050c286e6fdb04960634d6da7f25badd54ad694
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (159 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'investisdigital.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.investisdigital.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'investis.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.investis.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'investisdigital.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.investisdigital.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'investis.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.investis.cloud'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb00000168c69ee005000004030047304502207a6e5fe68eb19fa6aee02b876fb9af3bec64ede92a2fb92c6702124c5b9acb6e022100da478d3f23da67fe19e45a0cf42622053ee3c3c22a5a7f640c840c90fdedac970076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f00000168c69ee0e6000004030047304502206d0134da3562e1b8d0eea1a96f0aa5a8d26cf12296f4775fe1fc1ca03cfd9649022100a527d4574c717c38154113464189cd31ecfa02a6ff3d72544be94229d859c7b4
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0002a4ae499c46fac0aea45a7afd364fa609c8568bc146ec6ea13a28a02cf24008d99ab9fa6460756b31ed735247eac2aef97b9a986e20717103aee63382231b6b9c099881d3ea50051d8d6983945c3d6e527fbd2b7b2ea5d5cf2f78ccbccc4f0becbb1c209c465566e192505e2679a32ba31c857ee7f07ba73c5003df833a174494f0873a6a3d882ea7087f301cf60149d1fe6aab9b6da612969be0ce9956edbf08ea488f4036092523a10ee131ed22a4e716caa1458292ee6d8295c6377e9ced85fcafce1fd648fac6fd7052c7d99cfe0db2d0d528f3270d2b2547f2a161e9fcffa088bfa944a4b8d38316609bbf2d421333f785ce04298c67f3e3b0f0063daa