kathmandu.co.nz

Issued by Amazon

About this certificate

This digital certificate with serial number 01:fc:9f:dd:1c:f1:fd:5d:65:66:50:5d:2c:39:d3:39 was issued on by Amazon.

With 8 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=kathmandu.co.nz

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 01:fc:9f:dd:1c:f1:fd:5d:65:66:50:5d:2c:39:d3:39
Serial Number (int): 2640929225644716582408276158596109113
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: 3a:fa:44:48:ce:e5:92:10:07:5b:45:ca:c8:a8:60:c5:68:c3:b1:72
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 48:97:53:54:55:a6:80:6e:31:07:4a:af:ed:d1:c1:8b:b1:b1:2f:8c
Fingerprint (sha256): a2:8b:a3:1e:d3:ad:c4:89:e0:da:10:e3:44:54:22:9d:8c:ed:33:fc:43:73:6b:ac:b2:c4:ae:73:6b:8c:c7:05

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate kathmandu.co.nz

8

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for kathmandu.co.nz

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

kathmandu.co.nz
*.kathmandu.co.uk
kathmandu.co.uk
*.kathmandu.com.au
kathmanduoutdoor.com
*.kathmanduoutdoor.com
*.kathmandu.co.nz
kathmandu.com.au

Other certificates including the domain name kathmandu.co.nz

(limited to 100 certificates)
sip.kathmandu.co.nz
sni.cloudflaressl.com
image.20210419.195922.s4.et.yellsatcloud.com
san-1-s4.tlsprovisioning.exacttarget.com
sip.kathmandu.co.nz
*.kathmandu.co.nz
sni.cloudflaressl.com
fbworkplace.kathmandu.co.nz
*.kathmandu.co.nz
ssl437943.cloudflaressl.com
ssl437943.cloudflaressl.com
fbworkplace.kathmandu.co.nz
ssl437941.cloudflaressl.com
san-1-s4.tlsprovisioning.exacttarget.com
ssl437942.cloudflaressl.com
ssl437941.cloudflaressl.com
www.kathmandu.co.nz
image.20210419.195922.s4.et.yellsatcloud.com
image.20210419.195922.s4.et.yellsatcloud.com
webmail.kathmandu.co.nz
ssl437943.cloudflaressl.com
*.kathmandu.co.nz
image.20210419.195922.s4.et.yellsatcloud.com
ssl437942.cloudflaressl.com
kathmandu.co.nz
ssl437941.cloudflaressl.com
webmail.kathmandu.co.nz
filetransfer.kathmandu.co.nz
san-1-s4.tlsprovisioning.exacttarget.com
san-1-s4.tlsprovisioning.exacttarget.com
sni.cloudflaressl.com
sip.kathmandu.co.nz
*.kathmandu.co.nz
ssl437942.cloudflaressl.com
image.20210419.195922.s4.et.yellsatcloud.com
ssl437943.cloudflaressl.com
san-1-s4.tlsprovisioning.exacttarget.com
ssl437941.cloudflaressl.com
www.kathmandu.com.au
*.kathmandu.co.nz
ssl437941.cloudflaressl.com
ssl437942.cloudflaressl.com
sni.cloudflaressl.com
ssl437942.cloudflaressl.com
fbworkplace.kathmandu.co.nz
san-1-s4.tlsprovisioning.exacttarget.com
kathmandu.co.nz
ssl437943.cloudflaressl.com
webmail.kathmandu.co.nz
*.kathmandu.co.nz
filetransfer.kathmandu.co.nz
image.20210419.195922.s4.et.yellsatcloud.com
gjljde.kathmandu.co.nz
kathmandu.co.nz
*.kathmandu.co.nz
kathmandu.co.nz
kathmandu.co.nz
image.20210419.195922.s4.et.yellsatcloud.com
*.kathmandu.co.nz
ssl437943.cloudflaressl.com
ssl437942.cloudflaressl.com
kathmandu.co.nz
*.kathmandu.co.nz
ssl437943.cloudflaressl.com
www.kathmandu.com.au
san-1-s4.tlsprovisioning.exacttarget.com
kathmandu.co.nz
webmail.kathmandu.co.nz
ssl437943.cloudflaressl.com
gjljde.kathmandu.co.nz
remote.kathmandu.co.nz
sip.kathmandu.co.nz
webmail.kathmandu.co.nz
remote.kathmandu.co.nz
sip.kathmandu.co.nz
kathmandu.co.nz
sip.kathmandu.co.nz
ssl437942.cloudflaressl.com
*.kathmandu.co.nz
www.kathmandu.com.au
kathmandu.co.nz
fbworkplace.kathmandu.co.nz
kathmandu.co.nz
filetransfer.kathmandu.co.nz
ssl437943.cloudflaressl.com
www.kathmandu.co.nz
*.kathmandu.co.nz
image.20210419.195922.s4.et.yellsatcloud.com
ssl437943.cloudflaressl.com
ssl437941.cloudflaressl.com
ssl437941.cloudflaressl.com
remote.kathmandu.co.nz

Certificate

The complete raw certificate details for kathmandu.co.nz in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF9TCCBN2gAwIBAgIQAfyf3Rzx/V1lZlBdLDnTOTANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMDAzMzEwMDAwMDBaFw0yMTA0MzAx
MjAwMDBaMBoxGDAWBgNVBAMTD2thdGhtYW5kdS5jby5uejCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAM4CLrWUtNjDUC+nbnspaDqebCklXN9/q8JpGop4
r+un/d7k62cArXUaeUcE9g+WhEVtjuc9U68D/ywbCFBcqP5M/Ej5+GzxCks3wke/
O4qXw6xWKUzW0ht1BpjB02kUpyLa9jNieTHMKz5vb5rj4z8rUInAI8w5CsshGTiG
FC/RFWjUsgDivgwy6zsHXtR0s2XOJfhOEhbsHojaQTxzj08HXfcuK3PYBqvZF+AB
4ibXpo+3ZY68KWW767GsBIo85UgL75wdG9Q3aFvrLVvKT039oiG55DMlrOUbXbDl
c4o9dwRnuvygu7jhL4+49s/LTDZMiUkITt0RUj/rbvmGKI0CAwEAAaOCAwkwggMF
MB8GA1UdIwQYMBaAFFmkZgZSoHuVkjyjlAcnlnRb+T3QMB0GA1UdDgQWBBQ6+kRI
zuWSEAdbRcrIqGDFaMOxcjCBpwYDVR0RBIGfMIGcgg9rYXRobWFuZHUuY28ubnqC
ESoua2F0aG1hbmR1LmNvLnVrgg9rYXRobWFuZHUuY28udWuCEioua2F0aG1hbmR1
LmNvbS5hdYIUa2F0aG1hbmR1b3V0ZG9vci5jb22CFioua2F0aG1hbmR1b3V0ZG9v
ci5jb22CESoua2F0aG1hbmR1LmNvLm56ghBrYXRobWFuZHUuY29tLmF1MA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0f
BDQwMjAwoC6gLIYqaHR0cDovL2NybC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2Nh
MWIuY3JsMCAGA1UdIAQZMBcwCwYJYIZIAYb9bAECMAgGBmeBDAECATB1BggrBgEF
BQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnNjYTFiLmFtYXpvbnRy
dXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5zY2ExYi5hbWF6b250cnVz
dC5jb20vc2NhMWIuY3J0MAwGA1UdEwEB/wQCMAAwggEEBgorBgEEAdZ5AgQCBIH1
BIHyAPAAdwD2XJQv0XcwIhRUGAgwlFaO400TGTO/3wwvIAvMTvFk4wAAAXEzB0/o
AAAEAwBIMEYCIQCcg0X5HMFZqqVRbNSrsSgfPSlG0fl7pAnmCQ+Pda96YQIhAIyu
V75LWDk+QsIQEAqCBxEass4iIQJlY+UOuaEAIa64AHUAXNxDkv7mq0VEsV6a1Fbm
EDf71fpH3KFzlLJe5vbHDsoAAAFxMwdQKgAABAMARjBEAiBE3uELFef27tcokaXF
5gBWtOqyXHq0lzyD2bb4IIaqvQIgCBmEjwlB1CZDOg0Rh373Qvf0KHmghoNcwW5x
zp3GZM8wDQYJKoZIhvcNAQELBQADggEBACz6mrbTmZ0AfeMwV+5bZqeCco4ThFwA
I1hCSRBCuA0HZSI7LpWQDtIlJvUmZXP/Pye+EOjSqD3EmCO2HBlSUbOl8Nu1y5Vk
CZQ6CSaLClVK1BjIgZbPmSlW+8UDP20/H339/X9wFkBIcIIlraHRB9oWiMDrv1NN
993qS0zNBfpuhSYazonNzWKjJEHagc7RQmsO/bQER5BPxRM35wOUOUDlgeo0oWiP
Li+w7if9f7d8ElxgR/BimgIPYT6m5ER33aPkgsrtXTRqDCiRNdTa9fotn4bY+zWG
aMYp8kyvLsc02PUWR2oiWkMmvMPoVF00iHsCppGyCj6FNPN/6YNLios=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgIutZS02MNQL6dueylo
Op5sKSVc33+rwmkainiv66f93uTrZwCtdRp5RwT2D5aERW2O5z1TrwP/LBsIUFyo
/kz8SPn4bPEKSzfCR787ipfDrFYpTNbSG3UGmMHTaRSnItr2M2J5McwrPm9vmuPj
PytQicAjzDkKyyEZOIYUL9EVaNSyAOK+DDLrOwde1HSzZc4l+E4SFuweiNpBPHOP
Twdd9y4rc9gGq9kX4AHiJtemj7dljrwpZbvrsawEijzlSAvvnB0b1DdoW+stW8pP
Tf2iIbnkMyWs5RtdsOVzij13BGe6/KC7uOEvj7j2z8tMNkyJSQhO3RFSP+tu+YYo
jQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2640929225644716582408276158596109113
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-31 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-04-30 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'kathmandu.co.nz'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26006167033259578303379964157407103360276187649866231363510082041129086434144224823794517034677473711499446349695152394051141422792911037905513833180724485895645055840500224058145860591209282905515386922786840062898507792864682790627441107536388547169765158576081879644324175042584374837057417744949215873126060334623133100604550774917896665635249670398336108461035266612180232664550511295994484319366560651858846965597169484758699406489896222673359529777971202571314592650563002673022079586040210204455008689615565305642367020213055461063884932348938231278357304711805134805626986081997695223761615003250391381321869
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3afa4448cee59210075b45cac8a860c568c3b172
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (159 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kathmandu.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.kathmandu.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kathmandu.co.uk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.kathmandu.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kathmanduoutdoor.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.kathmanduoutdoor.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.kathmandu.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kathmandu.com.au'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007700f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e30000017133074fe800000403004830460221009c8345f91cc159aaa5516cd4abb1281f3d2946d1f97ba409e6090f8f75af7a610221008cae57be4b58393e42c210100a8207111ab2ce2221026563e50eb9a10021aeb80075005cdc4392fee6ab4544b15e9ad456e61037fbd5fa47dca17394b25ee6f6c70eca000001713307502a0000040300463044022044dee10b15e7f6eed72891a5c5e60056b4eab25c7ab4973c83d9b6f82086aabd02200819848f0941d426433a0d11877ef742f7f42879a086835cc16e71ce9dc664cf
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		002cfa9ab6d3999d007de33057ee5b66a782728e13845c00235842491042b80d0765223b2e95900ed22526f5266573ff3f27be10e8d2a83dc49823b61c195251b3a5f0dbb5cb956409943a09268b0a554ad418c88196cf992956fbc5033f6d3f1f7dfdfd7f70164048708225ada1d107da1688c0ebbf534df7ddea4b4ccd05fa6e85261ace89cdcd62a32441da81ced1426b0efdb40447904fc51337e703943940e581ea34a1688f2e2fb0ee27fd7fb77c125c6047f0629a020f613ea6e44477dda3e482caed5d346a0c289135d4daf5fa2d9f86d8fb358668c629f24caf2ec734d8f516476a225a4326bcc3e8545d34887b02a691b20a3e8534f37fe9834b8a8b