ait-marine.com

Issued by Starfield Secure Certificate Authority - G2

About this certificate

This digital certificate with serial number d3:59:f2:85:c9:03:35:aa was issued on by Starfield Technologies, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=ait-marine.com

Starfield Technologies, Inc.

Organization: Starfield Technologies, Inc.
Organization unit: http://certs.starfieldtech.com/repository/
State / Province: Arizona
Locality: Scottsdale
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): d3:59:f2:85:c9:03:35:aa
Serial Number (int): 15229470271347045802
Serial Number lenght: 64 bits, 8 octets

SubjectKeyId: 81:33:ab:8c:78:85:dc:43:07:e9:09:50:4c:28:b7:60:9d:da:9f:36
AuthorityKeyId: 25:45:81:68:50:26:38:3d:3b:2d:2c:be:cd:6a:d9:b6:3d:b3:66:63

Fingerprint (sha1): 16:a5:5e:fb:bd:9c:8a:1a:51:86:ea:a5:74:6c:1e:87:42:c6:20:be
Fingerprint (sha256): 95:4d:2a:f8:f6:f0:95:3a:38:53:58:14:08:04:0f:ff:4f:1d:36:1e:32:fe:26:e2:48:2f:c1:66:9f:1c:b2:a0

Issuing Certificate URL: http://certificates.starfieldtech.com/repository/sfig2.crt

Revocation information

OCSP Server: http://ocsp.starfieldtech.com/
CRL Distribution Point: http://crl.starfieldtech.com/sfig2s1-464.crl

Check the revocation status for certificate ait-marine.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ait-marine.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ait-marine.com
www.ait-marine.com

Other certificates including the domain name ait-marine.com

(limited to 100 certificates)
webmail.ait-marine.com
webmail.ait-marine.com
webmail.ait-marine.com
ait-marine.com
ait-marine.com
ait-marine.com
webmail.ait-marine.com
ait-marine.com
ait-marine.com
webmail.ait-marine.com
ait-marine.com
ait-marine.com
ait-marine.com
ait-marine.com
webmail.ait-marine.com
webmail.ait-marine.com
ait-marine.com
ait-marine.com
webmail.ait-marine.com

Certificate

The complete raw certificate details for ait-marine.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGvjCCBaagAwIBAgIJANNZ8oXJAzWqMA0GCSqGSIb3DQEBCwUAMIHGMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEl
MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEzMDEGA1UECxMq
aHR0cDovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMTQwMgYD
VQQDEytTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcy
MB4XDTIyMDcxODA5MzEyOVoXDTIzMDcxODA5MzEyOVowGTEXMBUGA1UEAxMOYWl0
LW1hcmluZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdZB28
uQbhkJOuiuhRE8MwiaNaluc+vTbC9ZyibRXEwzdV0qpTluqCS6npJjLqiNMaTqiz
bGqPy1P15ozQXcCjKI+cOJ+begqoI8AUrc4mc7cKqzWVqYVtY46khfFK4Z6zyzMF
k2HlqZ80tpQFx3dlgEeTLVUNfML/C+QJGWpE+pUn7LtssK+LDbmrtdG6DOFxVcs/
UkrsePn9WFsvE8nYAk4MByQOvPzSIl2BBjH7zZ3XAX9W/jNVy6jnAsyp2LBbBuAq
jd/WloHfhDGGMXDXoPhVXOuOe8Kds7LsEROCnqkehMQ4NFc/G3tN6egM8Tkffixd
7rLn+DczoSoSxN5jAgMBAAGjggNZMIIDVTAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwPQYDVR0fBDYw
NDAyoDCgLoYsaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9zZmlnMnMxLTQ2
NC5jcmwwYwYDVR0gBFwwWjBOBgtghkgBhv1uAQcXATA/MD0GCCsGAQUFBwIBFjFo
dHRwOi8vY2VydGlmaWNhdGVzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkv
MAgGBmeBDAECATCBggYIKwYBBQUHAQEEdjB0MCoGCCsGAQUFBzABhh5odHRwOi8v
b2NzcC5zdGFyZmllbGR0ZWNoLmNvbS8wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jZXJ0
aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS9zZmlnMi5jcnQw
HwYDVR0jBBgwFoAUJUWBaFAmOD07LSy+zWrZtj2zZmMwLQYDVR0RBCYwJIIOYWl0
LW1hcmluZS5jb22CEnd3dy5haXQtbWFyaW5lLmNvbTAdBgNVHQ4EFgQUgTOrjHiF
3EMH6QlQTCi3YJ3anzYwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AOg+0No+
9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABghCl/TcAAAQDAEYwRAIgQlGG
KY7rakPalyU+StBQUVezLtGh0ZnjXDhnZgNETXQCIE1GfbRqF0SP+1+RFgox4oX4
DfL3ExryfORVd7XGEl7iAHUANc8ZG7+xbFe/D61MbULLu7YnICZR6j/hKu+oA8M7
1kwAAAGCEKX+JAAABAMARjBEAiAvrMdRtGaieHISXBc2C9iCJxD5C3/agYVc8L4J
kuvAXQIgSEvW0hYAgwEj/c/A/WC5l7RypzNrQ2sQi/9ntpRGMaQAdgB6MoxU2Lct
tiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYIQpf6jAAAEAwBHMEUCICIXhGrU
P9p1/YdWzCCDz+3cKdLo0ZWE79zokiVtS8BLAiEAhRud5iRNabZZObE5/F+Jzulk
EW9IP/IPpEB9EFfE8eEwDQYJKoZIhvcNAQELBQADggEBAIj23nGBOdWUjK8avkRw
B8lDupt45hmJxc5cv34Ignl1W7juHWIqL/lUkMIWPKFLr2mjPVbxG/SS3t/Nc7pf
RRLflr1O0B1s7902eG4ZWBaHXkowdavWLrGIwA+jAyz9CijCiBFHmv2RvpJ+Bcm+
0ooRrQ+ORMvJ1qgBmc/FASm2e7bvfkCwfPk0HOO+3CFFzfzuJISzAH9cp8fIt+SA
xU5qwPt8i9hWw7NXOwN8oKpp9W4xBtB4pdNkRAledlEKtdrog0HPAM03WUXcMdxG
Aiq8pSVQ0vlKNm52Ibxp0jB090mhAnF/FozJ+CUJZokSkuR5zjBXahFfSLY53y31
AIw=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWQdvLkG4ZCTroroURPD
MImjWpbnPr02wvWcom0VxMM3VdKqU5bqgkup6SYy6ojTGk6os2xqj8tT9eaM0F3A
oyiPnDifm3oKqCPAFK3OJnO3Cqs1lamFbWOOpIXxSuGes8szBZNh5amfNLaUBcd3
ZYBHky1VDXzC/wvkCRlqRPqVJ+y7bLCviw25q7XRugzhcVXLP1JK7Hj5/VhbLxPJ
2AJODAckDrz80iJdgQYx+82d1wF/Vv4zVcuo5wLMqdiwWwbgKo3f1paB34QxhjFw
16D4VVzrjnvCnbOy7BETgp6pHoTEODRXPxt7TenoDPE5H34sXe6y5/g3M6EqEsTe
YwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15229470271347045802
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Arizona'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Scottsdale'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Starfield Technologies, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'http://certs.starfieldtech.com/repository/'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Starfield Secure Certificate Authority - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-07-18 09:31:29 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-07-18 09:31:29 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ait-marine.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19868782998638445829597098365479919903327412843053452106167570132414178794308871126620112740127712890556719546975310340092399273054362091352482184724719528925357935321813811741074545689097492347878927806066365199554112289428111718527387635157123201997509441201295640626879453162108328511948016771343957436195436800424535132068123382730245444953190296011510461629191614998516239960338197312223773968995501702844773754878663453698076335305883963482763580725200317693228426971018685052568938090915971418803098358888662038914484345734607312996096707508668212933687430896345706333562467655559140987679955877528359617748579
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.starfieldtech.com/sfig2s1-464.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114414.1.7.23.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://certificates.starfieldtech.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (118 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.starfieldtech.com/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://certificates.starfieldtech.com/repository/sfig2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 254581685026383d3b2d2cbecd6ad9b63db36663
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ait-marine.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ait-marine.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8133ab8c7885dc4307e909504c28b7609dda9f36
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes)
							0166007500e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e0000018210a5fd3700000403004630440220425186298eeb6a43da97253e4ad0505157b32ed1a1d199e35c38676603444d7402204d467db46a17448ffb5f91160a31e285f80df2f7131af27ce45577b5c6125ee200750035cf191bbfb16c57bf0fad4c6d42cbbbb627202651ea3fe12aefa803c33bd64c0000018210a5fe24000004030046304402202facc751b466a27872125c17360bd8822710f90b7fda81855cf0be0992ebc05d0220484bd6d21600830123fdcfc0fd60b997b472a7336b436b108bff67b6944631a40076007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb520000018210a5fea3000004030047304502202217846ad43fda75fd8756cc2083cfeddc29d2e8d19584efdce892256d4bc04b022100851b9de6244d69b65939b139fc5f89cee964116f483ff20fa4407d1057c4f1e1
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0088f6de718139d5948caf1abe447007c943ba9b78e61989c5ce5cbf7e088279755bb8ee1d622a2ff95490c2163ca14baf69a33d56f11bf492dedfcd73ba5f4512df96bd4ed01d6cefdd36786e195816875e4a3075abd62eb188c00fa3032cfd0a28c28811479afd91be927e05c9bed28a11ad0f8e44cbc9d6a80199cfc50129b67bb6ef7e40b07cf9341ce3bedc2145cdfcee2484b3007f5ca7c7c8b7e480c54e6ac0fb7c8bd856c3b3573b037ca0aa69f56e3106d078a5d36444095e76510ab5dae88341cf00cd375945dc31dc46022abca52550d2f94a366e7621bc69d23074f749a102717f168cc9f8250966891292e479ce30576a115f48b639df2df5008c