nba-teamsite-auth.services.dmtio.net

Issued by Amazon

About this certificate

This digital certificate with serial number 02:0a:a0:cc:e0:bc:85:de:ac:45:eb:99:95:9e:36:be was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=nba-teamsite-auth.services.dmtio.net

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 02:0a:a0:cc:e0:bc:85:de:ac:45:eb:99:95:9e:36:be
Serial Number (int): 2713640377789469635687458425343456958
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: d1:b2:49:78:4e:94:45:fc:6f:9d:76:c4:87:79:c6:ed:00:b1:0f:0a
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): a2:99:b3:2c:10:5d:8d:e8:e9:ae:7f:dc:a4:77:f7:8e:42:48:87:67
Fingerprint (sha256): 8f:4d:97:2d:3c:7e:46:06:03:73:f3:00:e0:37:93:38:75:21:5c:08:1b:c5:84:cd:4c:bf:46:fe:4c:45:7f:40

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate nba-teamsite-auth.services.dmtio.net

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for nba-teamsite-auth.services.dmtio.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

nba-teamsite-auth.services.dmtio.net
nba-teamsite-auth-dev.services.dmtio.net

Other certificates including the domain name dmtio.net

(limited to 100 certificates)
customs.services.dmtio.net
tls.backplane.io
staging-jira-p2.services.dmtio.net
coredev-cms3-service-proxy-cnn.train.services.ec2.dmtio.net
mssdoc.turner.com
deployit.services.dmtio.net
argonaut.services.dmtio.net
coredev-cnn-dynaimage.prod.services.ec2.dmtio.net
*.morgz.dmtio.net
gp.cso.warnermedia.com
*.planetdraco.net
dev.contrail.cnn.com
argonaut.dev.services.ec2.dmtio.net
mss-vault.turner.com
globalprotect.tbsbest.com
grafana-www.services.dmtio.net
cnnmoney-section-content-service.prod.services.ec2.dmtio.net
*.doc.dmtio.net
cnnmoney-section-content-service.prod.services.ec2.dmtio.net
*.doc.dmtio.net
cartoon-sayin-moderation.prod.56m.dmtio.net
coredev-capi-ptolemy.prod.services.ec2.dmtio.net
*.doc.dmtio.net
registry.services.dmtio.net
coredev-cnn-dynaimage.prod.services.ec2.dmtio.net
tbs.services.dmtio.net
s.livedata.dmtio.net
*.doc.dmtio.net
nba-drupal.int.services.ec2.dmtio.net
target-builder-api.prod.services.ec2.dmtio.net
coredev-capi-ptolemy.preview.services.ec2.dmtio.net
staging-confluence-p2.services.dmtio.net
deployit.services.dmtio.net
turnerdotcom-qa.services.dmtio.net
rancher-mss.services.cop.dmtio.net
staging-confluence-p2.services.dmtio.net
rancher-mss.services.cop.dmtio.net
coredev-cnn-dynaimage.prod.services.ec2.dmtio.net
*.doc.warnermediagroup.com
argonaut.services.dmtio.net
coredev-entertainment-dynaimage.prod.services.ec2.dmtio.net
staging-confluence-p2.services.dmtio.net
coredev-nba-dynaimage.prod.services.ec2.dmtio.net
coredev-tnt-dynaimage.prod.services.ec2.dmtio.net
argonaut.dev.services.ec2.dmtio.net
*.planetdraco.net
customs.services.dmtio.net
argonaut.services.dmtio.net
rancher-sox.services.56m.dmtio.net
coredev-capi-ptolemy.prod-2.services.ec2.dmtio.net
coredev-tnt-dynaimage.prod.services.ec2.dmtio.net
staging-confluence.services.dmtio.net
gp.cso.warnermedia.com
coredev-cnn-dynaimage.prod.services.ec2.dmtio.net
customs.services.dmtio.net
staging-jira-p2.services.dmtio.net
s.livedata.dmtio.net
coredev-tnt-dynaimage.prod.services.ec2.dmtio.net
gitlab.services.dmtio.net
satis.draco.services.dmtio.net
tbs.services.dmtio.net
staging-jira-p2.services.dmtio.net
cnnmoney-section-content-service.prod.services.ec2.dmtio.net
target-builder-api.staging.services.ec2.dmtio.net
cnnmoney-section-content-service.prod.services.ec2.dmtio.net
nba-teamsite-auth.services.dmtio.net
tbs.services.dmtio.net
cnnmoney-section-content-service.prod.services.ec2.dmtio.net
livedataint.56m.dmtio.net
argonaut.dev.services.ec2.dmtio.net
auth.services.dmtio.net
tectonic-prod.services.cop.dmtio.net
rancher-sox.services.56m.dmtio.net
poc.services.dmtio.net
helmit.services.dmtio.net
*.ca.us-east-1.dmtio.net
rancher-mss.services.56m.dmtio.net
tbs-dejavu-www.prod-editorial.services.ec2.dmtio.net
ceph-s3.services.dmtio.net
rancher-sox.services.cop.dmtio.net
coredev-nba-dynaimage.prod.services.ec2.dmtio.net
rancher-mss.services.56m.dmtio.net
coredev-tbs-dynaimage.prod.services.ec2.dmtio.net
livedataint.56m.dmtio.net
*.doc.warnermediagroup.com
s.livedata.dmtio.net
staging-jira-p2.services.dmtio.net
auth.services.dmtio.net
nasm1isil1.turner.com
coredev-cms3-service-proxy-cnn.prod.services.ec2.dmtio.net
auth.services.dmtio.net
idb.services.dmtio.net
satis.draco.services.dmtio.net
coredev-nba-dynaimage.prod.services.ec2.dmtio.net
tnt.services.dmtio.net
coredev-nba-dynaimage.prod.services.ec2.dmtio.net
*.doc.warnermediagroup.com
nba-teamsite-auth.services.dmtio.net
pga.morgz.dmtio.net
idb.services.dmtio.net

Certificate

The complete raw certificate details for nba-teamsite-auth.services.dmtio.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIQAgqgzOC8hd6sReuZlZ42vjANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTEwMTAwMDAwMDBaFw0yMDExMTAx
MjAwMDBaMC8xLTArBgNVBAMTJG5iYS10ZWFtc2l0ZS1hdXRoLnNlcnZpY2VzLmRt
dGlvLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM7r1y0OAxn+
T7sWdfZXg3kW4jxQVhr1B8d0yOPR3B2h8d/hw3KZ/yJuyK4k7I8uCFpA51VzpA8c
UwTWFGqBWlrntNrIpjl8VhiRFrspuxQ+zSkOau42PTKB5Bzcj0aKLBlowNIrujC8
r5Jt5QzUsaa6HyHAqeNilu8FeSmI9M3Y0vMjjJFx/7YANXm5TpexdPQybv3ZAHyo
JcQjS7chy+J+pBOAYUE0rl74nihIGANCusMQwDwwJgGCL3lB4nHwEuQabs+tYJQd
QE6AfcwvFO/1NskiXzW0o0LnuW8Vwpb+d2U/2FEEFfiR2boO38dEwEIInhHACS3r
Kbu6ZTt6bxMCAwEAAaOCAccwggHDMB8GA1UdIwQYMBaAFFmkZgZSoHuVkjyjlAcn
lnRb+T3QMB0GA1UdDgQWBBTRskl4TpRF/G+ddsSHecbtALEPCjBZBgNVHREEUjBQ
giRuYmEtdGVhbXNpdGUtYXV0aC5zZXJ2aWNlcy5kbXRpby5uZXSCKG5iYS10ZWFt
c2l0ZS1hdXRoLWRldi5zZXJ2aWNlcy5kbXRpby5uZXQwDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAs
hipodHRwOi8vY3JsLnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi5jcmwwIAYD
VR0gBBkwFzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMHUGCCsGAQUFBwEBBGkwZzAt
BggrBgEFBQcwAYYhaHR0cDovL29jc3Auc2NhMWIuYW1hem9udHJ1c3QuY29tMDYG
CCsGAQUFBzAChipodHRwOi8vY3J0LnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2Ex
Yi5jcnQwDAYDVR0TAQH/BAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG
9w0BAQsFAAOCAQEANwfTWl55LqgE0oWCmsMjxj5UDzAbxnK593JwkgHCkoq27s91
3cR9bQgUnOtuDjA+/gvht1PJv8+ecasxHXtguSoP5D/ry7tAoS/hCmedB3McaZ8y
+vU4RSSwfGH3WdSBZTpWmX0jfR6niv9LbEUs/po8xFqp7yuyyXtSL5xYfj2+D/cj
c/u0kthzYcHcUoy/0VmMUF6S7PGEA2uk2T7InVsvBT26DL/ixA8GbJ853ryFV5PK
opxWFDDVbLCVdwYhXZG7miVO8WECXFZGZ13eiJqaTOAKd3DLiFx6mTM+tTZdEbnY
wdAEaKM9bZcK2bsXbpqJMKYMmfOO9gY882L6sw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuvXLQ4DGf5PuxZ19leD
eRbiPFBWGvUHx3TI49HcHaHx3+HDcpn/Im7IriTsjy4IWkDnVXOkDxxTBNYUaoFa
Wue02simOXxWGJEWuym7FD7NKQ5q7jY9MoHkHNyPRoosGWjA0iu6MLyvkm3lDNSx
profIcCp42KW7wV5KYj0zdjS8yOMkXH/tgA1eblOl7F09DJu/dkAfKglxCNLtyHL
4n6kE4BhQTSuXvieKEgYA0K6wxDAPDAmAYIveUHicfAS5Bpuz61glB1AToB9zC8U
7/U2ySJfNbSjQue5bxXClv53ZT/YUQQV+JHZug7fx0TAQgieEcAJLespu7plO3pv
EwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2713640377789469635687458425343456958
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-10 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-11-10 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nba-teamsite-auth.services.dmtio.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26121388123417676752533404001033475807566618152853088439739089089044757657405311171788258417827917405738285641158405085919222650398488574710929681720284429797619425384824196989954567823188200283085440880308989509906232522765755686002506699107249037908840752857068132355886227942976647877180159750428610656248291714872216246859775572440986078016981030664416017945443638610474097726125728475334313340063614418070683431597605448378180412954488430159461498113683120514162701157897408130945926791039652061253771825524595226103310567187508791321770647294368101389056466596420088587640111026029213779429718140062029517057811
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d1b249784e9445fc6f9d76c48779c6ed00b10f0a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (82 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nba-teamsite-auth.services.dmtio.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nba-teamsite-auth-dev.services.dmtio.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003707d35a5e792ea804d285829ac323c63e540f301bc672b9f772709201c2928ab6eecf75ddc47d6d08149ceb6e0e303efe0be1b753c9bfcf9e71ab311d7b60b92a0fe43febcbbb40a12fe10a679d07731c699f32faf5384524b07c61f759d481653a56997d237d1ea78aff4b6c452cfe9a3cc45aa9ef2bb2c97b522f9c587e3dbe0ff72373fbb492d87361c1dc528cbfd1598c505e92ecf184036ba4d93ec89d5b2f053dba0cbfe2c40f066c9f39debc855793caa29c561430d56cb0957706215d91bb9a254ef161025c5646675dde889a9a4ce00a7770cb885c7a99333eb5365d11b9d8c1d00468a33d6d970ad9bb176e9a8930a60c99f38ef6063cf362fab3