*.shopnation.com
Issued by Amazon
About this certificate
This digital certificate with serial number 08:6d:8f:6b:f6:28:c9:16:0c:97:40:9a:86:5c:60:1e was issued on by Amazon.
With 10 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=*.shopnation.com
Amazon
Organization:
Amazon
Organization unit: Server CA 1B
Organization unit: Server CA 1B
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 08:6d:8f:6b:f6:28:c9:16:0c:97:40:9a:86:5c:60:1eSerial Number (int): 11202693262028953461129190924208594974
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: c8:4c:04:5f:24:76:30:84:48:ca:10:fa:c9:32:7a:6f:37:d5:7a:1f
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0
Fingerprint (sha1): d8:bc:d8:c1:24:21:61:6c:67:fa:8a:7f:b2:56:c5:97:0d:b9:4d:ff
Fingerprint (sha256): bf:11:bf:3d:9e:32:24:c1:8b:21:d6:4b:ef:98:b8:a8:7f:6b:12:9f:74:45:a8:eb:02:7d:ff:12:f6:ab:c5:4d
Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt
Revocation information
OCSP Server: http://ocsp.sca1b.amazontrust.comCRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl
Check the revocation status for certificate *.shopnation.com
10
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.shopnation.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.shopnation.com
*.staging.shopnation.com
*.qa1.shopnation.com
*.qa2.shopnation.com
*.qa3.shopnation.com
*.bhg.com
*.fitnessmagazine.com
*.more.com
*.parents.com
*.allrecipes.com
*.staging.shopnation.com
*.qa1.shopnation.com
*.qa2.shopnation.com
*.qa3.shopnation.com
*.bhg.com
*.fitnessmagazine.com
*.more.com
*.parents.com
*.allrecipes.com
Other certificates including the domain name shopnation.com
(limited to 100 certificates)
*.qa1.shopnation.com
assets.qa2.shopnation.com
images.qa.shopnation.com
assets.meredith.com
assets.qa1.shopnation.com
*.monitoring-es53.shopnation.com
assets.meredith.com
vfs-proxy.qa1.shopnation.com
ssl768224.cloudflaressl.com
*.shopnation.com
*.shopnation.com
*.shopnation.com
assets.meredith.com
*.qa2.shopnation.com
*.shopnation.com
images.prod.shopnation.com
*.qa1-es53.shopnation.com
images.prod.shopnation.com
assets.meredith.com
images.prod.shopnation.com
*.shopnation.com
ssl768223.cloudflaressl.com
*.qa2-es53.shopnation.com
*.staging.shopnation.com
assets.meredith.com
*.shopnation.com
assets.meredith.com
*.shopnation.com
images.prod.shopnation.com
*.shopnation.com
images.prod.shopnation.com
bhg-home.shopnation.com
images.prod.shopnation.com
assets.qa1.shopnation.com
images.prod.shopnation.com
assets.meredith.com
*.shopnation.com
images.prod.shopnation.com
*.shopnation.com
*.shopnation.com
images.qa.shopnation.com
*.shopnation.com
*.reports-es53.shopnation.com
assets.qa2.shopnation.com
images.qa.shopnation.com
assets.meredith.com
assets.qa1.shopnation.com
*.monitoring-es53.shopnation.com
assets.meredith.com
vfs-proxy.qa1.shopnation.com
ssl768224.cloudflaressl.com
*.shopnation.com
*.shopnation.com
*.shopnation.com
assets.meredith.com
*.qa2.shopnation.com
*.shopnation.com
images.prod.shopnation.com
*.qa1-es53.shopnation.com
images.prod.shopnation.com
assets.meredith.com
images.prod.shopnation.com
*.shopnation.com
ssl768223.cloudflaressl.com
*.qa2-es53.shopnation.com
*.staging.shopnation.com
assets.meredith.com
*.shopnation.com
assets.meredith.com
*.shopnation.com
images.prod.shopnation.com
*.shopnation.com
images.prod.shopnation.com
bhg-home.shopnation.com
images.prod.shopnation.com
assets.qa1.shopnation.com
images.prod.shopnation.com
assets.meredith.com
*.shopnation.com
images.prod.shopnation.com
*.shopnation.com
*.shopnation.com
images.qa.shopnation.com
*.shopnation.com
*.reports-es53.shopnation.com
Certificate
The complete raw certificate details for *.shopnation.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGFjCCBP6gAwIBAgIQCG2Pa/YoyRYMl0CahlxgHjANBgkqhkiG9w0BAQsFADBG MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xODA5MjYwMDAwMDBaFw0xOTEwMjYx MjAwMDBaMBsxGTAXBgNVBAMMECouc2hvcG5hdGlvbi5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCmbNGgX1GNE1n/9Ad8HSzmXjydDHGIU4EVnArZ TEF4/l71+dQbc8QW6Fk4qlLg7vNZXo9+HIARIIqI16dQgl/wTWAcZcvpTkoFj4GU FZxsNyMJ6mYSeg0PaiPpBYk0PQoU5ri1lgaJyti/sykpKFF6DgVOkRZFdSSCjOmN LSRDlJTWw8ZlgBSH2O4Il3gLWwsRw9b3ZlZKIUihLQATg5YtZoA4E5P+GhPWzNJq gTG7Pg37P2rO6HPBfNFw3N4KzGHoC5AOzXihaQ65OaaKUYjmr90EAoS109+wFCMg 6fmtARRG2J2Y2aYg7sbOaYQSJjXkyJNBDsu8jfIXd2qe02BpAgMBAAGjggMpMIID JTAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUyEwE XyR2MIRIyhD6yTJ6bzfVeh8wgcgGA1UdEQSBwDCBvYIQKi5zaG9wbmF0aW9uLmNv bYIYKi5zdGFnaW5nLnNob3BuYXRpb24uY29tghQqLnFhMS5zaG9wbmF0aW9uLmNv bYIUKi5xYTIuc2hvcG5hdGlvbi5jb22CFCoucWEzLnNob3BuYXRpb24uY29tggkq LmJoZy5jb22CFSouZml0bmVzc21hZ2F6aW5lLmNvbYIKKi5tb3JlLmNvbYINKi5w YXJlbnRzLmNvbYIQKi5hbGxyZWNpcGVzLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0 dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNybDAgBgNVHSAE GTAXMAsGCWCGSAGG/WwBAjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsG AQUFBzABhiFodHRwOi8vb2NzcC5zY2ExYi5hbWF6b250cnVzdC5jb20wNgYIKwYB BQUHMAKGKmh0dHA6Ly9jcnQuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNy dDAMBgNVHRMBAf8EAjAAMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYApLkJkLQY WBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFmFy8ZUgAABAMARzBFAiAG43Ee UJ62Wut/8JuZ1pqEyrU8vaeUBriZM4yj3u7NDwIhAJU/FnHzIZeXmQ4A77fdyrsf 7ZdYnsk9cxJBf58QfJ2LAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16g gw8AAAFmFy8aNwAABAMARjBEAiAhohFWI+WTSuAxOYR7/d6BiomXJrAXIScI+6MA b8U+fAIgJHQA5N5xbUemngOxhx+aat97aDKJYkW6ejvQAA0qB8UwDQYJKoZIhvcN AQELBQADggEBAJbBJ8DNDpY6kPpf/mGr3wCGOHiSvL9VwVXAcCamLizoQCH3n0AM JagdNAiZ99rO5Zg/JrsZQnatGD7iDr2dIASQPrqRmFtkREnSNpyhfGb8HcEYreXz JUTW5Nx3Exz5TmKLKkGiVMTzVv7B1i5YiV+Rov4/EIAJNBrrpsccBsuQ7Pmd7Ljm RtFbqcTInQsK2MirL7V5lOX3tnT+i5iLWnHG5BRCVuSKbx2QCg0omxgSkVTB2IJ9 fx4lC2TLYIFEt9Ito2CSITKYcbbNZT3FaldULxrsZMPwS6+sqweGDVldXLYUcvUd UPuT49zaSrfxAbiUCOHzAn1deOlBxjZGthc= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmzRoF9RjRNZ//QHfB0s 5l48nQxxiFOBFZwK2UxBeP5e9fnUG3PEFuhZOKpS4O7zWV6PfhyAESCKiNenUIJf 8E1gHGXL6U5KBY+BlBWcbDcjCepmEnoND2oj6QWJND0KFOa4tZYGicrYv7MpKShR eg4FTpEWRXUkgozpjS0kQ5SU1sPGZYAUh9juCJd4C1sLEcPW92ZWSiFIoS0AE4OW LWaAOBOT/hoT1szSaoExuz4N+z9qzuhzwXzRcNzeCsxh6AuQDs14oWkOuTmmilGI 5q/dBAKEtdPfsBQjIOn5rQEURtidmNmmIO7GzmmEEiY15MiTQQ7LvI3yF3dqntNg aQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 11202693262028953461129190924208594974 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-09-26 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-26 12:00:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.shopnation.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21009219200903616874710819888304107439343795274899861692664119029291421054816822300049889276761069242855532575822196474781814768983200992781578253538621799902695027908103112044969459859441313820904543899705679242541282542889560658625517699570667143404071469054552250553160538349413929464884506778701106235344464899138959482967429135000736374089097143318000017593102741986973999887301383895050708401768913497139030424265808564315404488934920133398891221687371306021193987692622725498388613189757953120661719975018517817023719590536432956601894799099589426153078075590245943036023477237520620280862770547456715970011241 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) c84c045f2476308448ca10fac9327a6f37d57a1f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (192 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.shopnation.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.staging.shopnation.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.qa1.shopnation.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.qa2.shopnation.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.qa3.shopnation.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.bhg.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.fitnessmagazine.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.more.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.parents.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.allrecipes.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes) 00ef007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000166172f19520000040300473045022006e3711e509eb65aeb7ff09b99d69a84cab53cbda79406b899338ca3deeecd0f022100953f1671f3219797990e00efb7ddcabb1fed97589ec93d7312417f9f107c9d8b0075008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f00000166172f1a370000040300463044022021a2115623e5934ae03139847bfdde818a899726b017212708fba3006fc53e7c0220247400e4de716d47a69e03b1871f9a6adf7b6832896245ba7a3bd0000d2a07c5 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0096c127c0cd0e963a90fa5ffe61abdf0086387892bcbf55c155c07026a62e2ce84021f79f400c25a81d340899f7dacee5983f26bb194276ad183ee20ebd9d2004903eba91985b644449d2369ca17c66fc1dc118ade5f32544d6e4dc77131cf94e628b2a41a254c4f356fec1d62e58895f91a2fe3f108009341aeba6c71c06cb90ecf99decb8e646d15ba9c4c89d0b0ad8c8ab2fb57994e5f7b674fe8b988b5a71c6e4144256e48a6f1d900a0d289b18129154c1d8827d7f1e250b64cb608144b7d22da3609221329871b6cd653dc56a57542f1aec64c3f04bafacab07860d595d5cb61472f51d50fb93e3dcda4ab7f101b89408e1f3027d5d78e941c63646b617