*.signin.amazonaws-us-gov.com

Issued by Amazon RSA 2048 M01

About this certificate

This digital certificate with serial number 09:f6:a1:cf:1b:32:57:6a:86:96:46:71:7a:42:cd:f4 was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=*.signin.amazonaws-us-gov.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 09:f6:a1:cf:1b:32:57:6a:86:96:46:71:7a:42:cd:f4
Serial Number (int): 13243638865856593191502849098001862132
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: d0:38:4a:69:9a:e2:ba:f9:49:08:b0:5e:85:d1:29:bf:cf:42:87:43
AuthorityKeyId: 81:b8:0e:63:8a:89:12:18:e5:fa:3b:3b:50:95:9f:e6:e5:90:13:85

Fingerprint (sha1): b7:63:6b:f3:8a:8e:64:ac:89:e9:8f:92:5f:ac:21:c8:94:cc:20:fa
Fingerprint (sha256): b0:64:3f:44:43:6b:97:06:9a:3a:a0:b0:e1:76:c1:b1:89:4f:b2:fd:a4:3e:66:76:62:6a:77:27:b0:7f:d5:7a

Issuing Certificate URL: http://crt.r2m01.amazontrust.com/r2m01.cer

Revocation information

OCSP Server: http://ocsp.r2m01.amazontrust.com
CRL Distribution Point: http://crl.r2m01.amazontrust.com/r2m01.crl

Check the revocation status for certificate *.signin.amazonaws-us-gov.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.signin.amazonaws-us-gov.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.signin.amazonaws-us-gov.com
signin.amazonaws-us-gov.com

Other certificates including the domain name amazonaws-us-gov.com

(limited to 100 certificates)
glacier-console-us-gov-west-1.console.amazonaws-us-gov.com
policysim.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
s3-console-us-gov-west-1.console.amazonaws-us-gov.com
*.us-gov-west-1.console-gamma.aws-dev.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
policysim.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
appstream2.us-gov-east-1.aws.amazon.com
us-gov-east-1.console.amazonaws-us-gov.com
websocket.us-gov-east-1-onebox.quicksight.amazonaws-us-gov.com
api-quicksight-integ.us-gov-west-1.amazonaws.com
*.signin.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
websocket.us-gov-east-1.quicksight.amazonaws-us-gov.com
appstream2.us-gov-west-1.aws.amazon.com
us-gov-west-1.console.amazonaws-us-gov.com
appstream2-fips.us-gov-east-1.aws.amazon.com
appstream2-fips.us-gov-west-1.aws.amazon.com
appstream2.us-gov-west-1.aws.amazon.com
appstream2.us-gov-west-1.aws.amazon.com
web-quicksight.us-gov-west-1.amazonaws.com
phd.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
appstream2.us-gov-east-1.aws.amazon.com
policysim.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
appstream2.us-gov-west-1.aws.amazon.com
*.signin.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
websocket.fips-us-gov-east-1.quicksight.amazonaws-us-gov.com
signin-fips.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
appstream2-fips.us-gov-west-1.aws.amazon.com
*.signin.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
us-gov-west-1.prod.console-api.aws-dev.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
appstream2.us-gov-west-1.aws.amazon.com
phd.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
fpq3q23wnh.cell.logs.us-gov-west-1.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
s3-console-us-gov-west-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
appstream2-fips.us-gov-east-1.aws.amazon.com
signin-fips.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
s3-console-us-gov-west-1.console.amazonaws-us-gov.com
s3-console-us-gov-west-1.console.amazonaws-us-gov.com
appstream2.us-gov-west-1.aws.amazon.com
us-gov-west-1.console.amazonaws-us-gov.com
*.us-gov-east-1.console-gamma.aws-dev.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
appstream2-fips.us-gov-west-1.aws.amazon.com
*.signin.amazonaws-us-gov.com
policysim.amazonaws-us-gov.com
appstream2-fips.us-gov-west-1.aws.amazon.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
organizations-nexus.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-east-1.prod.console-api.aws-dev.amazonaws-us-gov.com

Certificate

The complete raw certificate details for *.signin.amazonaws-us-gov.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGBDCCBOygAwIBAgIQCfahzxsyV2qGlkZxekLN9DANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTI0MDExNDAwMDAwMFoXDTI1MDEwNTIzNTk1OVowKDEm
MCQGA1UEAwwdKi5zaWduaW4uYW1hem9uYXdzLXVzLWdvdi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYv/zAjaqX3/LQUcVhPDHkTWHODb/6gicj
zvehD8jwoK1ATS2BVuLd6TgbChHeDbxzqetS9khQEmGz1v4He6L7rEy1Jhl2l8Vg
CR0R7wRL2ZfvGBec9tla4a7OHBWEciXNQa9uJobqBId99h81SmYwWFNUpt9W+IiH
Lskb7+HC1sQsplzA5D8kQg/24rpMsMQg2yD/Msysd0t1/geI3qVSCsqf0xLCXGvn
FwKSk/ugwqfsslySodrXgWZD7UQ6mo8umdq5rNHFzkCBVB6aZAaRA89L4NrWHlZH
oz9QpAtNWQVTWKt5WAJO92ttn6Uff72sa5t3Ev4q97TcYgvy1k6xAgMBAAGjggMU
MIIDEDAfBgNVHSMEGDAWgBSBuA5jiokSGOX6OztQlZ/m5ZAThTAdBgNVHQ4EFgQU
0DhKaZriuvlJCLBehdEpv89Ch0MwRQYDVR0RBD4wPIIdKi5zaWduaW4uYW1hem9u
YXdzLXVzLWdvdi5jb22CG3NpZ25pbi5hbWF6b25hd3MtdXMtZ292LmNvbTATBgNV
HSAEDDAKMAgGBmeBDAECATAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwucjJt
MDEuYW1hem9udHJ1c3QuY29tL3IybTAxLmNybDB1BggrBgEFBQcBAQRpMGcwLQYI
KwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnIybTAxLmFtYXpvbnRydXN0LmNvbTA2Bggr
BgEFBQcwAoYqaHR0cDovL2NydC5yMm0wMS5hbWF6b250cnVzdC5jb20vcjJtMDEu
Y2VyMAwGA1UdEwEB/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB3AE51
oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjQbRWgUAAAQDAEgwRgIh
ALI47zuCoEsxJpdt7urUsQTFsmN6LmXSqdyje7+9LhZpAiEAkgWO4nTp/cEKAl8f
VychA+42M5TGp8OIwPWPFdRIRBQAdwA/F0tP1yJHWJQdZRyEvg0S7ZA3fx+FauvB
vyiF7PhkbgAAAY0G0VpcAAAEAwBIMEYCIQCzyR7AOpUjVsHFiSf54HslAv1PRO0A
s45TgsDWeEgQxAIhAN196KQlSzp3cZbbshi2p4TvIGRS1gd25h2ntsOiF0XgAHUA
zxFW7tUufK/zh1vZaS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGNBtFaWwAABAMARjBE
AiBylbSalYdzmVhiGmVFx5y2WV2tAa4Ja8c3Vh4ERoHW6QIgcjTQ6B4nmiysINcE
ZV4DbUKg3gt8KHVf/9jQXsSENyEwDQYJKoZIhvcNAQELBQADggEBAIsKftJ5TxY1
vuxvQCTD0lzPov70ssJtw4UbQEPbWug6UnCys0XSiZyG4cExHtCfq3D7nA6WrXKh
abid6x1RD9lYCxoHK8BwpT6lpCuMnU5pof+++TElUwb3vlyYJJQm7MqfwFoNgixl
iN5Ta4EacF/cVgHwOHCH4IeMxYTb3CHz4OgJiYKxKUIiJ/t5YYXud4x6wi4OJNqf
rkXy87dm0fHAGLQSRABAa5a4o5TxAsUXOv9qO9Y5XByovhWlLarJyx91nOIiKpZ0
SXi1UnHLDRo/jooVd8jLo4sNMiygoc+Pho5yz1Ocp5h9a59oHex8KYtdz/vi4WJl
7km2YzduMwk=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2L/8wI2ql9/y0FHFYTwx
5E1hzg2/+oInI873oQ/I8KCtQE0tgVbi3ek4GwoR3g28c6nrUvZIUBJhs9b+B3ui
+6xMtSYZdpfFYAkdEe8ES9mX7xgXnPbZWuGuzhwVhHIlzUGvbiaG6gSHffYfNUpm
MFhTVKbfVviIhy7JG+/hwtbELKZcwOQ/JEIP9uK6TLDEINsg/zLMrHdLdf4HiN6l
UgrKn9MSwlxr5xcCkpP7oMKn7LJckqHa14FmQ+1EOpqPLpnauazRxc5AgVQemmQG
kQPPS+Da1h5WR6M/UKQLTVkFU1ireVgCTvdrbZ+lH3+9rGubdxL+Kve03GIL8tZO
sQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 13243638865856593191502849098001862132
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M01'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-14 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-05 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.signin.amazonaws-us-gov.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27362146345265167245206923476110106845839372362254668509877523983125433423264370794369769886915776343033624105343655137523748881452800902569722093864291653123458743213317352890249465934271807806628629583497696780722553037693343897886783387011888577993893946453142013818267550581854390183698946315946710627878861261443372745086074399839747112180534137819639797172909894807939549249756519955645458424332264640066687608545222146640610891869200323269819161594292150564652426188156785804450628280141879086973680772549634966544763276618765129859181017247086203860688109573246041098448198680186745792892099456851010190200497
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 81b80e638a891218e5fa3b3b50959fe6e5901385
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d0384a699ae2baf94908b05e85d129bfcf428743
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (62 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.signin.amazonaws-us-gov.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'signin.amazonaws-us-gov.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m01.amazontrust.com/r2m01.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m01.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m01.amazontrust.com/r2m01.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							01690077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d06d15a050000040300483046022100b238ef3b82a04b3126976deeead4b104c5b2637a2e65d2a9dca37bbfbd2e166902210092058ee274e9fdc10a025f1f57272103ee363394c6a7c388c0f58f15d44844140077003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018d06d15a5c0000040300483046022100b3c91ec03a952356c1c58927f9e07b2502fd4f44ed00b38e5382c0d6784810c4022100dd7de8a4254b3a777196dbb218b6a784ef206452d60776e61da7b6c3a21745e0007500cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018d06d15a5b000004030046304402207295b49a9587739958621a6545c79cb6595dad01ae096bc737561e044681d6e902207234d0e81e279a2cac20d704655e036d42a0de0b7c28755fffd8d05ec4843721
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		008b0a7ed2794f1635beec6f4024c3d25ccfa2fef4b2c26dc3851b4043db5ae83a5270b2b345d2899c86e1c1311ed09fab70fb9c0e96ad72a169b89deb1d510fd9580b1a072bc070a53ea5a42b8c9d4e69a1ffbef931255306f7be5c98249426ecca9fc05a0d822c6588de536b811a705fdc5601f0387087e0878cc584dbdc21f3e0e8098982b129422227fb796185ee778c7ac22e0e24da9fae45f2f3b766d1f1c018b4124400406b96b8a394f102c5173aff6a3bd6395c1ca8be15a52daac9cb1f759ce2222a96744978b55271cb0d1a3f8e8a1577c8cba38b0d322ca0a1cf8f868e72cf539ca7987d6b9f681dec7c298b5dcffbe2e16265ee49b663376e3309