lender.testing.natwest.poweredbydivido.com

Issued by Amazon RSA 2048 M01

About this certificate

This digital certificate with serial number 06:78:ea:7e:ee:d0:cf:e1:cd:14:ab:0a:ac:20:05:68 was issued on by Amazon.

With 5 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=lender.testing.natwest.poweredbydivido.com

Amazon

Organization: Amazon
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 06:78:ea:7e:ee:d0:cf:e1:cd:14:ab:0a:ac:20:05:68
Serial Number (int): 8603199738239276444149206530207516008
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 19:58:be:fe:4f:5f:8b:37:f9:72:ba:28:53:c3:e7:21:65:93:e5:30
AuthorityKeyId: 81:b8:0e:63:8a:89:12:18:e5:fa:3b:3b:50:95:9f:e6:e5:90:13:85

Fingerprint (sha1): 3f:77:d7:be:9a:fa:fd:bb:d3:1e:59:72:07:f1:56:17:5d:f7:bd:9e
Fingerprint (sha256): 8e:dd:76:68:eb:a8:c2:6f:99:63:f5:bd:db:b7:44:28:32:f2:42:5c:90:30:3a:cc:12:9d:35:14:95:37:c7:cc

Issuing Certificate URL: http://crt.r2m01.amazontrust.com/r2m01.cer

Revocation information

OCSP Server: http://ocsp.r2m01.amazontrust.com
CRL Distribution Point: http://crl.r2m01.amazontrust.com/r2m01.crl

Check the revocation status for certificate lender.testing.natwest.poweredbydivido.com

5

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for lender.testing.natwest.poweredbydivido.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

lender.testing.natwest.poweredbydivido.com
apply.testing.natwest.poweredbydivido.com
secure.testing.natwest.poweredbydivido.com
api.testing.natwest.poweredbydivido.com
merchant.testing.natwest.poweredbydivido.com

Other certificates including the domain name poweredbydivido.com

(limited to 100 certificates)
lender.natwest.poweredbydivido.com
*.multi-eu.poweredbydivido.com
wattsandcostatus.propman.co.uk
apply.staging.santander.poweredbydivido.com
lender.sandbox.ing.poweredbydivido.com
*.sandbox.nordea.poweredbydivido.com
*.staging.nordea.poweredbydivido.com
application.bbva.poweredbydivido.com
status.vleo.net
status.tekloc.net
secure.staging.divido.com
*.testing.hsbc.poweredbydivido.com
status.eurabo.be
status.eurabo.be
apply.testing.bbva.poweredbydivido.com
status.scalerit.de
lender.staging.natwest.poweredbydivido.com
lender.staging.natwest.poweredbydivido.com
apply.testing.bbva.poweredbydivido.com
lender.staging.santander.poweredbydivido.com
wallis.status.app.vista.co
lender.santander.poweredbydivido.com
status.eurabo.be
lender.sandbox.santander.poweredbydivido.com
*.staging.nordea.poweredbydivido.com
lender.testing.natwest.poweredbydivido.com
status.eurabo.be
apply.bbva.poweredbydivido.com
lender.sandbox.ing.poweredbydivido.com
apply.sandbox.santander.poweredbydivido.com
status.eurabo.be
*.divido.com
status.tbft.org.uk
lender.sandbox.natwest.poweredbydivido.com
status.cs.redwood.com
testing.nordea.poweredbydivido.com
status.eurabo.be
*.divido.com
status.tekloc.net
lender.sandbox.santander.poweredbydivido.com
apply.ing.poweredbydivido.com
application.staging.bbva.poweredbydivido.com
secure.testing.divido.com
application.testing.ocs.poweredbydivido.com
status.eurabo.be
*.nordea.poweredbydivido.com
testing.nordea.poweredbydivido.com
secure.testing.divido.com
apply.santander.poweredbydivido.com
apply.natwest.poweredbydivido.com
status.hotel-spider.com
status.cs.redwood.com
lender.natwest.poweredbydivido.com
lender.sandbox.natwest.poweredbydivido.com
application.bbva.poweredbydivido.com
lender.natwest.poweredbydivido.com
status.eurabo.be
status.poweredbydivido.com
status.absis-ciborg.com
*.sandbox.nordea.poweredbydivido.com
status.cs.redwood.com
apply.santander.poweredbydivido.com
status.eurabo.be
apply.staging.ing.poweredbydivido.com
status.eurabo.be
application.staging.bbva.poweredbydivido.com
lender.sandbox.natwest.poweredbydivido.com
status.eurabo.be
lender.testing.natwest.poweredbydivido.com
apply.sandbox.santander.poweredbydivido.com
apply.natwest.poweredbydivido.com
status.eurabo.be
lender.natwest.poweredbydivido.com
*.sandbox.nordea.poweredbydivido.com
status.eurabo.be
status.scalerit.de
lender.ing.poweredbydivido.com
*.staging.bbva.poweredbydivido.com
status.eurabo.be
*.staging.hsbc.poweredbydivido.com
status-mena.obrela.com
status.eurabo.be
status.eurabo.be
lender.staging.ing.poweredbydivido.com
status2.allex.ai
lender.testing.ing.poweredbydivido.com
apply.testing.santander.poweredbydivido.com
*.divido.com
api.testing.ocs.poweredbydivido.com
*.sandbox.ocs.poweredbydivido.com
lender.testing.natwest.poweredbydivido.com
status.eurabo.be
apply.staging.natwest.poweredbydivido.com
status.premierforestgroup.com
status.tekloc.net
lender.sandbox.natwest.poweredbydivido.com
lender.testing.natwest.poweredbydivido.com
status.eurabo.be
status.eurabo.be
secure.testing.divido.com

Certificate

The complete raw certificate details for lender.testing.natwest.poweredbydivido.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGsTCCBZmgAwIBAgIQBnjqfu7Qz+HNFKsKrCAFaDANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDIwOTAwMDAwMFoXDTI0MDExMDIzNTk1OVowNTEz
MDEGA1UEAxMqbGVuZGVyLnRlc3RpbmcubmF0d2VzdC5wb3dlcmVkYnlkaXZpZG8u
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzO4ovH80JIkGwKc4
KbLXDtJ931N5blKVaLKpisQ5BT+RF4Czo5CXGnmxynbtNcRDR8CP1N8wULj94rgI
tj5kdS5WMaU/6+B3/bmI2xewHWQKKjKavyim1oc/ni25rGq6cWAAj4oxtf0QqfPd
4HeFEwjPmzicq/oiGXp0RAuOpJ25Zu1Ih42o/v1ydCf/dWMOadH5NkFe1jlYJQP0
NGPWRzBPNamHZSIEVexSBQT9OKr+CrALv/hS5tdkyY+ROYOCuUJFIgn9gxsI2Dq2
/qAD19ZomB+nmmaUQl1JwJQwmOA0oz5+KOKY5V0i8OpISp5srewY8ggmjuqJinN1
rBYtsQIDAQABo4IDtDCCA7AwHwYDVR0jBBgwFoAUgbgOY4qJEhjl+js7UJWf5uWQ
E4UwHQYDVR0OBBYEFBlYvv5PX4s3+XK6KFPD5yFlk+UwMIHlBgNVHREEgd0wgdqC
KmxlbmRlci50ZXN0aW5nLm5hdHdlc3QucG93ZXJlZGJ5ZGl2aWRvLmNvbYIpYXBw
bHkudGVzdGluZy5uYXR3ZXN0LnBvd2VyZWRieWRpdmlkby5jb22CKnNlY3VyZS50
ZXN0aW5nLm5hdHdlc3QucG93ZXJlZGJ5ZGl2aWRvLmNvbYInYXBpLnRlc3Rpbmcu
bmF0d2VzdC5wb3dlcmVkYnlkaXZpZG8uY29tgixtZXJjaGFudC50ZXN0aW5nLm5h
dHdlc3QucG93ZXJlZGJ5ZGl2aWRvLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6
Ly9jcmwucjJtMDEuYW1hem9udHJ1c3QuY29tL3IybTAxLmNybDATBgNVHSAEDDAK
MAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9v
Y3NwLnIybTAxLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2Ny
dC5yMm0wMS5hbWF6b250cnVzdC5jb20vcjJtMDEuY2VyMAwGA1UdEwEB/wQCMAAw
ggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8
vOzew1FIWUZxH7WbAAABhjZPImUAAAQDAEcwRQIhAMsxVrymKQE0frb9Tuozb++D
SebRupMznkgopGm3xWkYAiBDVIjpo8JZxNpaAbgGPcNcEfTimpfpQf6yiGoMW41r
SwB2AHPZnokbTJZ4oCB9R53mssYc0FFecRkqjGuAEHrBd3K1AAABhjZPIr4AAAQD
AEcwRQIgKvYrnFfdVJ0oP6FFR3n22V89Y6mBnMFS2wUXYcDnSzkCIQCHUniuant9
iCMkq6T2fcx1NxNPfqxQnzIQiX8y2tUFegB2AEiw42vapkc0D+VqAvqdMOscUgHL
Vt0sgdm7v6s52IRzAAABhjZPIpMAAAQDAEcwRQIgTURbt/5B9zuERPH/4ndNYb0q
QW+46bYl3hSJ82M4wBsCIQCPaWNFv6cMePCm9/GwswUerzObg2imIt619GxWOwbh
sTANBgkqhkiG9w0BAQsFAAOCAQEAAnE5zJfQ18ljBs1F9Jj5XP5+Lvbe4E0hzWJ1
Gy4cks2savzYZ6H1qroWL6ZTSOqod27nuHsKCtBqS0Pc3U3qVHKeHil2o/5dsV9Y
rkY5bOzef9bBnlkWR+y8CqvyCb+gX01fOLocgoZP9ASif28QiJGCdtYufehdv3fZ
C2dRSWSnoKXmZDaD9DdIbKSFJNuwn1U/kjossRt+jnJ9H1DcGtU/ebsIyxXwxmYu
Hi9zCUuI4tmXpA1SZZeETPyyqyWeWDeMKD9ggptS3l4R5Ur6B010Vk40QMerL3IN
ASoMfhImk21izoeSF40NmBjakJrpmZHwrKZwa4/EPb9GlOz+Eg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzO4ovH80JIkGwKc4KbLX
DtJ931N5blKVaLKpisQ5BT+RF4Czo5CXGnmxynbtNcRDR8CP1N8wULj94rgItj5k
dS5WMaU/6+B3/bmI2xewHWQKKjKavyim1oc/ni25rGq6cWAAj4oxtf0QqfPd4HeF
EwjPmzicq/oiGXp0RAuOpJ25Zu1Ih42o/v1ydCf/dWMOadH5NkFe1jlYJQP0NGPW
RzBPNamHZSIEVexSBQT9OKr+CrALv/hS5tdkyY+ROYOCuUJFIgn9gxsI2Dq2/qAD
19ZomB+nmmaUQl1JwJQwmOA0oz5+KOKY5V0i8OpISp5srewY8ggmjuqJinN1rBYt
sQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 8603199738239276444149206530207516008
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M01'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-02-09 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-10 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'lender.testing.natwest.poweredbydivido.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25870054855294757150552188664391519026431314635291665747681031192404226910643583677486934744573756184877124650507714469728638387532763477250222329599383796062163777070991068309195797957945501210390345279271422553490472745234378119884088294689327131279442648596954523245320372500646165386202515247164742343587102225256954205231024364438209523685942631395576428670778110364473171048325535748468571330683995269786709223102694500570016165214850336744203694364088852846722630745271621000158428483618811900862830321672941422339477552047119452999322666379645524236301281995749631842526198299058284488277331797986393273544113
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 81b80e638a891218e5fa3b3b50959fe6e5901385
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1958befe4f5f8b37f972ba2853c3e7216593e530
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (221 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lender.testing.natwest.poweredbydivido.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apply.testing.natwest.poweredbydivido.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.testing.natwest.poweredbydivido.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.testing.natwest.poweredbydivido.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'merchant.testing.natwest.poweredbydivido.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m01.amazontrust.com/r2m01.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m01.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m01.amazontrust.com/r2m01.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b00000186364f22650000040300473045022100cb3156bca62901347eb6fd4eea336fef8349e6d1ba93339e4828a469b7c569180220435488e9a3c259c4da5a01b8063dc35c11f4e29a97e941feb2886a0c5b8d6b4b00760073d99e891b4c9678a0207d479de6b2c61cd0515e71192a8c6b80107ac17772b500000186364f22be000004030047304502202af62b9c57dd549d283fa1454779f6d95f3d63a9819cc152db051761c0e74b39022100875278ae6a7b7d882324aba4f67dcc7537134f7eac509f3210897f32dad5057a00760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d8847300000186364f2293000004030047304502204d445bb7fe41f73b8444f1ffe2774d61bd2a416fb8e9b625de1489f36338c01b0221008f696345bfa70c78f0a6f7f1b0b3051eaf339b8368a622deb5f46c563b06e1b1
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00027139cc97d0d7c96306cd45f498f95cfe7e2ef6dee04d21cd62751b2e1c92cdac6afcd867a1f5aaba162fa65348eaa8776ee7b87b0a0ad06a4b43dcdd4dea54729e1e2976a3fe5db15f58ae46396cecde7fd6c19e591647ecbc0aabf209bfa05f4d5f38ba1c82864ff404a27f6f1088918276d62e7de85dbf77d90b67514964a7a0a5e6643683f437486ca48524dbb09f553f923a2cb11b7e8e727d1f50dc1ad53f79bb08cb15f0c6662e1e2f73094b88e2d997a40d526597844cfcb2ab259e58378c283f60829b52de5e11e54afa074d74564e3440c7ab2f720d012a0c7e1226936d62ce8792178d0d9818da909ae99991f0aca6706b8fc43dbf4694ecfe12