www.nbcsportsathletedirect.com

Issued by Amazon RSA 2048 M03

About this certificate

This digital certificate with serial number 0d:fb:f8:93:f9:92:0e:23:03:19:25:f0:8c:58:00:2d was issued on by Amazon.

With 30 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=www.nbcsportsathletedirect.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 0d:fb:f8:93:f9:92:0e:23:03:19:25:f0:8c:58:00:2d
Serial Number (int): 18588272218056080667802123630011744301
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 04:a9:82:80:a4:ca:d0:4f:00:2e:78:72:82:79:0a:b4:23:ac:f6:88
AuthorityKeyId: 55:d9:18:5f:d2:1c:cc:01:e1:58:b4:be:ab:d9:55:42:01:d7:2e:02

Fingerprint (sha1): a4:4e:c4:cc:ac:c2:d6:2e:87:1d:54:06:06:02:73:64:95:02:ea:bd
Fingerprint (sha256): ab:b6:aa:ec:e2:c0:0c:b2:b8:bb:e9:a8:10:89:26:9a:b2:84:20:9a:4d:30:96:95:a0:15:27:34:2e:5e:f1:ae

Issuing Certificate URL: http://crt.r2m03.amazontrust.com/r2m03.cer

Revocation information

OCSP Server: http://ocsp.r2m03.amazontrust.com
CRL Distribution Point: http://crl.r2m03.amazontrust.com/r2m03.crl

Check the revocation status for certificate www.nbcsportsathletedirect.com

30

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.nbcsportsathletedirect.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.nbcsportsathletedirect.com
nbcathletesdirect.net
nbcathletedirect.net
www.nbcsportsathletedirect.net
nbcsportnil.net
athletedirect.production.nbc-sports.brightspot.cloud
nbcsportathletesdirect.com
cms.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportathletedirect.net
nbcsportsathletedirect.net
static.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportsnil.com
nbcsportsad.net
nbcsad.brightspotcdn.com
*.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportad.net
brightspot.nbcsportsathletedirect.com
nbcathletesdirect.com
nbcathletedirect.com
nbcsportnil.com
nbcsportathletedirect.com
nbcsportsathletedirect.com
nbcsportad.com
verify.cms.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportathletesdirect.net
origin.athletedirect.production.nbc-sports.brightspot.cloud
verify.origin.athletedirect.production.nbc-sports.brightspot.cloud
*.origin.athletedirect.production.nbc-sports.brightspot.cloud
nbcsportsnil.net
nbcsportsad.com

Other certificates including the domain name nbcsportsathletedirect.com

(limited to 100 certificates)
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com
origin.athletedirect.production.nbc-sports.brightspot.cloud
www.nbcsportsathletedirect.com
www.nbcsportsathletedirect.com

Certificate

The complete raw certificate details for www.nbcsportsathletedirect.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJvDCCCKSgAwIBAgIQDfv4k/mSDiMDGSXwjFgALTANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAzMB4XDTI0MDMyNDAwMDAwMFoXDTI1MDQyMjIzNTk1OVowKTEn
MCUGA1UEAxMed3d3Lm5iY3Nwb3J0c2F0aGxldGVkaXJlY3QuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8DyoTaTGPtHoxqOhTJGMVbepJ+8PAG/h
e7IVDUKO0eMXaBgFNWAW2+1uSW8INRfVL00sGK01LvoSWXM7jcHPIUyr46CPqMHY
NLFVke85pO4yi6kZYkSG0WCU5qVXbFHRJ7JvxNnQVrj8GHmEqi76myvOnvVof2u7
uyu3MQ9i7jkLRvxKbvBBjT5jFvwdfNSzZZGiZZLtsDmNjN0iorZE7wu2blc8+kd5
Jl4YjcMld+nTci98jKTlYZRTR2Ane7mQ62kYyw8LNBslnx1qlhoAaB0llZK4YTl8
EPFr9p+Btn/2xgycZYMuSXhnBoP3C22o6gbGNUZUO335IOzCZ9DRHQIDAQABo4IG
yzCCBscwHwYDVR0jBBgwFoAUVdkYX9IczAHhWLS+q9lVQgHXLgIwHQYDVR0OBBYE
FASpgoCkytBPAC54coJ5CrQjrPaIMIID/AYDVR0RBIID8zCCA++CHnd3dy5uYmNz
cG9ydHNhdGhsZXRlZGlyZWN0LmNvbYIVbmJjYXRobGV0ZXNkaXJlY3QubmV0ghRu
YmNhdGhsZXRlZGlyZWN0Lm5ldIIed3d3Lm5iY3Nwb3J0c2F0aGxldGVkaXJlY3Qu
bmV0gg9uYmNzcG9ydG5pbC5uZXSCNGF0aGxldGVkaXJlY3QucHJvZHVjdGlvbi5u
YmMtc3BvcnRzLmJyaWdodHNwb3QuY2xvdWSCGm5iY3Nwb3J0YXRobGV0ZXNkaXJl
Y3QuY29tgjhjbXMuYXRobGV0ZWRpcmVjdC5wcm9kdWN0aW9uLm5iYy1zcG9ydHMu
YnJpZ2h0c3BvdC5jbG91ZIIZbmJjc3BvcnRhdGhsZXRlZGlyZWN0Lm5ldIIabmJj
c3BvcnRzYXRobGV0ZWRpcmVjdC5uZXSCO3N0YXRpYy5hdGhsZXRlZGlyZWN0LnBy
b2R1Y3Rpb24ubmJjLXNwb3J0cy5icmlnaHRzcG90LmNsb3VkghBuYmNzcG9ydHNu
aWwuY29tgg9uYmNzcG9ydHNhZC5uZXSCGG5iY3NhZC5icmlnaHRzcG90Y2RuLmNv
bYI2Ki5hdGhsZXRlZGlyZWN0LnByb2R1Y3Rpb24ubmJjLXNwb3J0cy5icmlnaHRz
cG90LmNsb3Vkgg5uYmNzcG9ydGFkLm5ldIIlYnJpZ2h0c3BvdC5uYmNzcG9ydHNh
dGhsZXRlZGlyZWN0LmNvbYIVbmJjYXRobGV0ZXNkaXJlY3QuY29tghRuYmNhdGhs
ZXRlZGlyZWN0LmNvbYIPbmJjc3BvcnRuaWwuY29tghluYmNzcG9ydGF0aGxldGVk
aXJlY3QuY29tghpuYmNzcG9ydHNhdGhsZXRlZGlyZWN0LmNvbYIObmJjc3BvcnRh
ZC5jb22CP3ZlcmlmeS5jbXMuYXRobGV0ZWRpcmVjdC5wcm9kdWN0aW9uLm5iYy1z
cG9ydHMuYnJpZ2h0c3BvdC5jbG91ZIIabmJjc3BvcnRhdGhsZXRlc2RpcmVjdC5u
ZXSCO29yaWdpbi5hdGhsZXRlZGlyZWN0LnByb2R1Y3Rpb24ubmJjLXNwb3J0cy5i
cmlnaHRzcG90LmNsb3VkgkJ2ZXJpZnkub3JpZ2luLmF0aGxldGVkaXJlY3QucHJv
ZHVjdGlvbi5uYmMtc3BvcnRzLmJyaWdodHNwb3QuY2xvdWSCPSoub3JpZ2luLmF0
aGxldGVkaXJlY3QucHJvZHVjdGlvbi5uYmMtc3BvcnRzLmJyaWdodHNwb3QuY2xv
dWSCEG5iY3Nwb3J0c25pbC5uZXSCD25iY3Nwb3J0c2FkLmNvbTATBgNVHSAEDDAK
MAgGBmeBDAECATAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwucjJtMDMuYW1h
em9udHJ1c3QuY29tL3IybTAzLmNybDB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUH
MAGGIWh0dHA6Ly9vY3NwLnIybTAzLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcw
AoYqaHR0cDovL2NydC5yMm0wMy5hbWF6b250cnVzdC5jb20vcjJtMDMuY2VyMAwG
A1UdEwEB/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AM8RVu7VLnyv
84db2Wkum+kacWdKsBfsrAHSW3fOzDsIAAABjm+qPXsAAAQDAEcwRQIhAMjymkBv
OUr8Viw1eLS4281pBfBoR9PRqHRkhJD89+wwAiBraPRbYQHaBO+FnJcJETnNBv5n
8ECI5I+o5Hn/EWB/KgB2AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45Q
AAABjm+qPYgAAAQDAEcwRQIgCOSg37nf0408rG7eXkFlUi+p5/Kg/UqTTLCX5p9N
+J4CIQCejjXPQk70SBVbaEnE7bJ5sfN2JtAAlydvazNvDt01lQB1AKLjCuRF772t
m3447Udnd1PXgluElNcrXhssxLlQpEfnAAABjm+qPjMAAAQDAEYwRAIgJM+gXLvb
Ui75r74nbd/GqsvczAE/dyGt6QNHCn1q8ywCIBHLjAaEi7VrdUhPEbMKHcnaLo4I
IjopeFFwwSE2NTS3MA0GCSqGSIb3DQEBCwUAA4IBAQBOnffPHKdAg7XC+Giktk4d
U4NFZFXYScN3C3y1Jd1NNsF3J+Hu+DO/VYues/S+TqakdbFMy66TTQm6TfbqdIM+
KG/aeSv8KN9139DRAyDenri8UWIWu1Du/vMLiGfmFX39t9OAJOqcZNQHAfYlji5M
QCkRlzURMEQm9VudjvUQOMvHVJgyQk5k9bhvAnXGkJBPSdVCw7vbgvOvEuKh0nkn
5sH96+nwWnMg2+7ZMBNREmrOkeoGDT0Uwxjmo5HQoqDFSKTez46x+nvYRIgKgvsk
/6gbBxDLvcRK17tGiIcSbOkKOw3AQMT4H/J0kX1FMzc3C+01Yz+wImgYYBI8RoU4
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8DyoTaTGPtHoxqOhTJGM
VbepJ+8PAG/he7IVDUKO0eMXaBgFNWAW2+1uSW8INRfVL00sGK01LvoSWXM7jcHP
IUyr46CPqMHYNLFVke85pO4yi6kZYkSG0WCU5qVXbFHRJ7JvxNnQVrj8GHmEqi76
myvOnvVof2u7uyu3MQ9i7jkLRvxKbvBBjT5jFvwdfNSzZZGiZZLtsDmNjN0iorZE
7wu2blc8+kd5Jl4YjcMld+nTci98jKTlYZRTR2Ane7mQ62kYyw8LNBslnx1qlhoA
aB0llZK4YTl8EPFr9p+Btn/2xgycZYMuSXhnBoP3C22o6gbGNUZUO335IOzCZ9DR
HQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 18588272218056080667802123630011744301
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M03'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-24 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-22 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.nbcsportsathletedirect.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30327104487737610615788807243525592306111783677666766741878497179598189176260327880721146189699192338351099810486382368098005490929449544585776798893204440063189061442115707426474728576210322280439170076752849729814415546017898430505821496035194439223925896812738623962480558785670589237611599651066246983105195621868527134022984254102625333022084895705711375425044538902358064569504033319713357622075777518231548406921389325882400322260969631753470661741401390108338061337288845451485265511412703536335918765895633020124057310769184729800124789802241662028465272441887403447274255128104244959194741261297250135494941
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 55d9185fd21ccc01e158b4beabd9554201d72e02
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							04a98280a4cad04f002e787282790ab423acf688
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1011 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.nbcsportsathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcathletesdirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcathletedirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.nbcsportsathletedirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportnil.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportathletesdirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cms.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportathletedirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsathletedirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'static.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsnil.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsad.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsad.brightspotcdn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportad.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'brightspot.nbcsportsathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcathletesdirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportnil.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsathletedirect.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportad.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'verify.cms.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportathletesdirect.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'origin.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'verify.origin.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.origin.athletedirect.production.nbc-sports.brightspot.cloud'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsnil.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nbcsportsad.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m03.amazontrust.com/r2m03.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m03.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m03.amazontrust.com/r2m03.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007600cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018e6faa3d7b0000040300473045022100c8f29a406f394afc562c3578b4b8dbcd6905f06847d3d1a874648490fcf7ec3002206b68f45b6101da04ef859c97091139cd06fe67f04088e48fa8e479ff11607f2a007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018e6faa3d880000040300473045022008e4a0dfb9dfd38d3cac6ede5e4165522fa9e7f2a0fd4a934cb097e69f4df89e0221009e8e35cf424ef448155b6849c4edb279b1f37626d00097276f6b336f0edd3595007500a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018e6faa3e330000040300463044022024cfa05cbbdb522ef9afbe276ddfc6aacbdccc013f7721ade903470a7d6af32c022011cb8c06848bb56b75484f11b30a1dc9da2e8e08223a29785170c121363534b7
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004e9df7cf1ca74083b5c2f868a4b64e1d5383456455d849c3770b7cb525dd4d36c17727e1eef833bf558b9eb3f4be4ea6a475b14ccbae934d09ba4df6ea74833e286fda792bfc28df75dfd0d10320de9eb8bc516216bb50eefef30b8867e6157dfdb7d38024ea9c64d40701f6258e2e4c402911973511304426f55b9d8ef51038cbc7549832424e64f5b86f0275c690904f49d542c3bbdb82f3af12e2a1d27927e6c1fdebe9f05a7320dbeed9301351126ace91ea060d3d14c318e6a391d0a2a0c548a4decf8eb1fa7bd844880a82fb24ffa81b0710cbbdc44ad7bb468887126ce90a3b0dc040c4f81ff274917d453337370bed35633fb022681860123c468538