s.abcnews.com

Issued by Amazon

About this certificate

This digital certificate with serial number 0d:c6:48:c8:0c:8b:e4:45:52:46:54:01:d7:69:02:41 was issued on by Amazon.

With 6 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=s.abcnews.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0d:c6:48:c8:0c:8b:e4:45:52:46:54:01:d7:69:02:41
Serial Number (int): 18309514906200706776431100939127554625
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 1c:70:2c:32:a5:18:76:09:80:3e:3d:7c:b9:24:45:6b:3d:66:03:ea
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 2d:41:bc:ee:4b:6d:49:1f:ec:3d:a3:e4:61:2c:3d:b3:71:aa:82:45
Fingerprint (sha256): b1:09:97:fd:f3:b6:50:01:4d:90:ba:5a:67:0b:68:9d:81:ec:a2:54:03:9c:94:73:1d:92:73:56:b5:7a:79:2b

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate s.abcnews.com

6

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for s.abcnews.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

s.abcnews.com
a.abcnews.com
origin.s.aws.seabcnews.go.com
edge.s.aws.seabcnews.go.com
edge.a.aws.seabcnews.go.com
media.abcnews.com

Other certificates including the domain name abcnews.com

(limited to 100 certificates)
editions.geo.hosted.abcotvs.com
s.abcnews.com
keyframe-cdn.abcnews.com
cdn1.edgedatg.com
i.abcnews.com
static.ddb.go.com
storyline.abcnews.com
editions.geo.hosted.abcotvs.com
static.ddb.go.com
editions.geo.hosted.abcotvs.com
static.ddb.go.com
editions.geo.hosted.abcotvs.com
keyframe-cdn.abcnews.com
editions.geo.hosted.abcotvs.com
s.abcnews.com
storyline.abcnews.com
static.ddb.go.com
accept.storyline.abcnews.com
editions.geo.hosted.abcotvs.com
a.abcnews.go.com
static.ddb.go.com
cdn1.edgedatg.com
static.ddb.go.com
storyline-standby.mws.disney.com
static.ddb.go.com
s.abcnews.com
qa.s.abcnews.com
cdn1.edgedatg.com
s.abcnews.com
static.ddb.go.com
static.ddb.go.com
keyframe-cdn.abcnews.com
static.ddb.go.com
s.abcnews.com
editions.geo.hosted.abcotvs.com
static.ddb.go.com
abcnews.com
a.abcnews.go.com
static.ddb.go.com
static.ddb.go.com
qa.s.abcnews.com
a.abcnews.go.com
cdn1.edgedatg.com
static.ddb.go.com
editions.geo.hosted.abcotvs.com
s.abcnews.com
*.mt.abcnews.com
static.ddb.go.com
static.ddb.go.com
static.ddb.go.com
editions.geo.hosted.abcotvs.com
static.ddb.go.com
s.abcnews.com
qa.s.abcnews.com
s.abcnews.com
a.abcnews.go.com
gc.abcnews.com
media.abcnews.com
qa.s.abcnews.com
s.abcnews.com
a.abcnews.go.com
static.ddb.go.com
ondemand.abcnews.com
a.abcnews.go.com
static.ddb.go.com
abcnews.com
cdn1.edgedatg.com
static.ddb.go.com
media.abcnews.com
editions.geo.hosted.abcotvs.com
qa.s.abcnews.com
s.abcnews.com
s.abcnews.com
abcnews.com
static.ddb.go.com
keyframe-cdn.abcnews.com
cdn1.edgedatg.com
editions.geo.hosted.abcotvs.com
cdn1.edgedatg.com
static.ddb.go.com
editions.geo.hosted.abcotvs.com
static.ddb.go.com
cdn1.edgedatg.com
s.abcnews.com
s.abcnews.com
s.abcnews.com
a.abcnews.go.com
i.abcnews.com
static.ddb.go.com
cdn1.edgedatg.com
storyline-standby.mws.disney.com
cdn1.edgedatg.com
a.abcnews.go.com
editions.geo.hosted.abcotvs.com
static.ddb.go.com
keyframe-cdn.abcnews.com
editions.geo.hosted.abcotvs.com
media.abcnews.com
editions.geo.hosted.abcotvs.com
media.abcnews.com

Certificate

The complete raw certificate details for s.abcnews.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF3zCCBMegAwIBAgIQDcZIyAyL5EVSRlQB12kCQTANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTAzMjcwMDAwMDBaFw0yMDA0Mjcx
MjAwMDBaMBgxFjAUBgNVBAMTDXMuYWJjbmV3cy5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCKsWs5Pgu39Lx4zu7GT1stbSTthbXtfKXJIYbiLtA3
HsyUFMzBlxT1ZeL93C/FHOdmy0aVxbgA3IbnGvqAmjhdGUBC2/IqeP4f7w+kxZuF
4XVSaqjz3uY5GCgnGAvYTa5rSAok7GhHZ5r7FYZS1qY7YV7cJGpCIBF//p+gTfqa
FUoVmrv4Ho2QdAtLXN4C0gIgaqzGFknqiej+fMPJRpROr64MutihvF50K93a13Mq
gH2oVZSpjNgxUZMf1+GYfX8pAnNuT07FP/FsI9V4PYqyVxHTULoLyA70hYAKP2N6
itWlKa56o/4NSssmG5AvduE0eUBzI4QuUK9xn7gj4PuFAgMBAAGjggL1MIIC8TAf
BgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUHHAsMqUY
dgmAPj18uSRFaz1mA+owgZUGA1UdEQSBjTCBioINcy5hYmNuZXdzLmNvbYINYS5h
YmNuZXdzLmNvbYIdb3JpZ2luLnMuYXdzLnNlYWJjbmV3cy5nby5jb22CG2VkZ2Uu
cy5hd3Muc2VhYmNuZXdzLmdvLmNvbYIbZWRnZS5hLmF3cy5zZWFiY25ld3MuZ28u
Y29tghFtZWRpYS5hYmNuZXdzLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9j
cmwuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNybDAgBgNVHSAEGTAXMAsG
CWCGSAGG/WwBAjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzAB
hiFodHRwOi8vb2NzcC5zY2ExYi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKG
Kmh0dHA6Ly9jcnQuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNV
HRMBAf8EAjAAMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUApLkJkLQYWBSHuxOi
zGdwCjw1mAT5G9+443fNDsgN3BAAAAFpv8jGOgAABAMARjBEAiBxRBlYNjUSZqQp
miwQyOVuf0eg17EpyHyPvIh77BrXsgIgZqpDopOfhBet93NENIcKtsDezMwN/7ip
9Z3mn8eUoboAdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWm/
yMbBAAAEAwBGMEQCIHqj25JbWAQuVqOaOx/d0mJFC4zU+Jb5ND+xv7SwRNJqAiB6
f3w/Mifd27hZI1oUgLt77CrNKV2QShj40JqMTFyEGTANBgkqhkiG9w0BAQsFAAOC
AQEAZ956MXBV5gV3JIM/tkk67WHZ7otUn8+CNxiFSLnPxjPbR5uW7z6rDXLgX6yU
piCDetu/gK+orKgKtKt2ZpyijZeFdCzyhnDkBps+AIctc75tdQvJvxhwV/fZSQ/5
Pn+8q0pv5jcHYTb8Zfw1nUFvd+UHzhtW0GxshbIVi9SSgMxyQRl7VcVnf5GpCVWZ
MT8GlHToxnTtP8gNmnC/fiYW/TtI3bCJD7yyCvgwkL1RjwlOl9Bl1Ii3Khp5vUVR
cf6LGE4ckDjWlJpGgOdvOw1nE287dfHDNZPz4BFZVXLk1KWAjfBhR9XhVSFGYdKS
5W0UsroBYmWiw8qTQU1ya+C4bQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirFrOT4Lt/S8eM7uxk9b
LW0k7YW17XylySGG4i7QNx7MlBTMwZcU9WXi/dwvxRznZstGlcW4ANyG5xr6gJo4
XRlAQtvyKnj+H+8PpMWbheF1Umqo897mORgoJxgL2E2ua0gKJOxoR2ea+xWGUtam
O2Fe3CRqQiARf/6foE36mhVKFZq7+B6NkHQLS1zeAtICIGqsxhZJ6ono/nzDyUaU
Tq+uDLrYobxedCvd2tdzKoB9qFWUqYzYMVGTH9fhmH1/KQJzbk9OxT/xbCPVeD2K
slcR01C6C8gO9IWACj9jeorVpSmueqP+DUrLJhuQL3bhNHlAcyOELlCvcZ+4I+D7
hQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 18309514906200706776431100939127554625
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-03-27 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-04-27 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 's.abcnews.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17508374577145256883039392200755225486349224237805754733874917937446023422803157099128656915076593900875310885657727507211369194193530474177268190993753083523246871679484388403202694106758147393822674972499934666683758879097156113902373848509477854605810558321685235416662886184025694118576205487489197526819412559078631274541897271507252512477417994180322815170862620157916853177066653823900095379589186141915019401974527413585095704695107189697596887558220234517449254813726352137335279849540026136209722101871343324605289623875390449847591228689342142223473380495742077823451769290611794955301163749423087720921989
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1c702c32a5187609803e3d7cb924456b3d6603ea
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (141 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 's.abcnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'a.abcnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'origin.s.aws.seabcnews.go.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edge.s.aws.seabcnews.go.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edge.a.aws.seabcnews.go.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.abcnews.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (240 bytes)
							00ee007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000169bfc8c63a000004030046304402207144195836351266a4299a2c10c8e56e7f47a0d7b129c87c8fbc887bec1ad7b2022066aa43a2939f8417adf7734434870ab6c0decccc0dffb8a9f59de69fc794a1ba0075008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f00000169bfc8c6c1000004030046304402207aa3db925b58042e56a39a3b1fddd262450b8cd4f896f9343fb1bfb4b044d26a02207a7f7c3f3227dddbb859235a1480bb7bec2acd295d904a18f8d09a8c4c5c8419
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0067de7a317055e6057724833fb6493aed61d9ee8b549fcf8237188548b9cfc633db479b96ef3eab0d72e05fac94a620837adbbf80afa8aca80ab4ab76669ca28d9785742cf28670e4069b3e00872d73be6d750bc9bf187057f7d9490ff93e7fbcab4a6fe637076136fc65fc359d416f77e507ce1b56d06c6c85b2158bd49280cc7241197b55c5677f91a9095599313f069474e8c674ed3fc80d9a70bf7e2616fd3b48ddb0890fbcb20af83090bd518f094e97d065d488b72a1a79bd455171fe8b184e1c9038d6949a4680e76f3b0d67136f3b75f1c33593f3e011595572e4d4a5808df06147d5e155214661d292e56d14b2ba016265a2c3ca93414d726be0b86d