signin-fips.amazonaws-us-gov.com

Issued by Amazon RSA 2048 M01

About this certificate

This digital certificate with serial number 01:62:04:79:86:82:74:50:9c:01:48:9e:91:41:df:9c was issued on by Amazon.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=signin-fips.amazonaws-us-gov.com

Amazon

Organization: Amazon
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 01:62:04:79:86:82:74:50:9c:01:48:9e:91:41:df:9c
Serial Number (int): 1838163845796108767269366076580945820
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: b1:7c:ce:79:37:d9:7f:c4:e9:fe:e7:ea:03:a2:c8:31:ca:49:4e:a9
AuthorityKeyId: 81:b8:0e:63:8a:89:12:18:e5:fa:3b:3b:50:95:9f:e6:e5:90:13:85

Fingerprint (sha1): b8:c5:df:3f:98:c5:10:e0:53:5b:33:65:05:9a:3f:0a:14:73:0f:4f
Fingerprint (sha256): c1:55:db:16:e8:9c:d1:6c:bd:af:a7:4b:16:d0:6c:2b:5c:17:cd:6e:2e:d6:a2:a6:f3:b2:24:c6:f5:91:8a:50

Issuing Certificate URL: http://crt.r2m01.amazontrust.com/r2m01.cer

Revocation information

OCSP Server: http://ocsp.r2m01.amazontrust.com
CRL Distribution Point: http://crl.r2m01.amazontrust.com/r2m01.crl

Check the revocation status for certificate signin-fips.amazonaws-us-gov.com

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for signin-fips.amazonaws-us-gov.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

signin-fips.amazonaws-us-gov.com
us-gov-west-1.signin-fips.amazonaws-us-gov.com
smartcard.us-gov-west-1.signin-fips.amazonaws-us-gov.com
smartcard.signin.amazonaws-us-gov.com

Other certificates including the domain name amazonaws-us-gov.com

(limited to 100 certificates)
glacier-console-us-gov-west-1.console.amazonaws-us-gov.com
policysim.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
s3-console-us-gov-west-1.console.amazonaws-us-gov.com
*.us-gov-west-1.console-gamma.aws-dev.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
policysim.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
appstream2.us-gov-east-1.aws.amazon.com
us-gov-east-1.console.amazonaws-us-gov.com
websocket.us-gov-east-1-onebox.quicksight.amazonaws-us-gov.com
api-quicksight-integ.us-gov-west-1.amazonaws.com
*.signin.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
websocket.us-gov-east-1.quicksight.amazonaws-us-gov.com
appstream2.us-gov-west-1.aws.amazon.com
us-gov-west-1.console.amazonaws-us-gov.com
appstream2-fips.us-gov-east-1.aws.amazon.com
appstream2-fips.us-gov-west-1.aws.amazon.com
appstream2.us-gov-west-1.aws.amazon.com
appstream2.us-gov-west-1.aws.amazon.com
web-quicksight.us-gov-west-1.amazonaws.com
phd.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
appstream2.us-gov-east-1.aws.amazon.com
policysim.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
appstream2.us-gov-west-1.aws.amazon.com
*.signin.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
websocket.fips-us-gov-east-1.quicksight.amazonaws-us-gov.com
signin-fips.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
appstream2-fips.us-gov-west-1.aws.amazon.com
*.signin.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
us-gov-west-1.prod.console-api.aws-dev.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
appstream2.us-gov-west-1.aws.amazon.com
phd.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
fpq3q23wnh.cell.logs.us-gov-west-1.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
s3-console-us-gov-west-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
appstream2-fips.us-gov-east-1.aws.amazon.com
signin-fips.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
s3-console-us-gov-west-1.console.amazonaws-us-gov.com
s3-console-us-gov-west-1.console.amazonaws-us-gov.com
appstream2.us-gov-west-1.aws.amazon.com
us-gov-west-1.console.amazonaws-us-gov.com
*.us-gov-east-1.console-gamma.aws-dev.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
appstream2-fips.us-gov-west-1.aws.amazon.com
*.signin.amazonaws-us-gov.com
policysim.amazonaws-us-gov.com
appstream2-fips.us-gov-west-1.aws.amazon.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
organizations-nexus.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-east-1.prod.console-api.aws-dev.amazonaws-us-gov.com

Certificate

The complete raw certificate details for signin-fips.amazonaws-us-gov.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGgjCCBWqgAwIBAgIQAWIEeYaCdFCcAUiekUHfnDANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDMxNjAwMDAwMFoXDTI0MDEyMzIzNTk1OVowKzEp
MCcGA1UEAxMgc2lnbmluLWZpcHMuYW1hem9uYXdzLXVzLWdvdi5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpGrKQf1f/CqthhZcJWE/wTNFdZf2s
goQoJF6Hwb89d6mKPaHyYl+uCcu4AbxLklbMcgOMboSWG/tRTE7Qwh8Rr6OOtd/q
cdeThasegJHaYbltabMLLK7Hi7czkf3sqJ9xoP/ZAJW11dkio/baIMR2D2iDEz1r
8cihlx9mgdm+opOCRQR/LwpiYhEp7SiOnbUXp0xYzY/pqZwzd+1L13dh58TGjL7B
hWwpAzWV4uF2ZJr8GbTAscGU0s51raTAdW+cPWOjA1xGdAHz7JOnunnf0qOItPZj
bwNdP8WI9YHbjw4wjUHlMneGaFKU1MKfb3Na7FO24FD7W6ldudLXxSN5AgMBAAGj
ggOPMIIDizAfBgNVHSMEGDAWgBSBuA5jiokSGOX6OztQlZ/m5ZAThTAdBgNVHQ4E
FgQUsXzOeTfZf8Tp/ufqA6LIMcpJTqkwgb4GA1UdEQSBtjCBs4Igc2lnbmluLWZp
cHMuYW1hem9uYXdzLXVzLWdvdi5jb22CLnVzLWdvdi13ZXN0LTEuc2lnbmluLWZp
cHMuYW1hem9uYXdzLXVzLWdvdi5jb22COHNtYXJ0Y2FyZC51cy1nb3Ytd2VzdC0x
LnNpZ25pbi1maXBzLmFtYXpvbmF3cy11cy1nb3YuY29tgiVzbWFydGNhcmQuc2ln
bmluLmFtYXpvbmF3cy11cy1nb3YuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDov
L2NybC5yMm0wMS5hbWF6b250cnVzdC5jb20vcjJtMDEuY3JsMBMGA1UdIAQMMAow
CAYGZ4EMAQIBMHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0cDovL29j
c3AucjJtMDEuYW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAChipodHRwOi8vY3J0
LnIybTAxLmFtYXpvbnRydXN0LmNvbS9yMm0wMS5jZXIwDAYDVR0TAQH/BAIwADCC
AYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHcA7s3QZNXbGs7FXLedtM0TojKHRny8
7N7DUUhZRnEftZsAAAGG7KB2+QAABAMASDBGAiEAslk1j+LKHUDBORIC4DjpRURB
wRn7fAqpWYx9pMHFPRECIQDkp3krpPkQxJQ3XEPQO7XcM4SKhGJHTlmAcaI2tpWy
GwB2AHPZnokbTJZ4oCB9R53mssYc0FFecRkqjGuAEHrBd3K1AAABhuygdzcAAAQD
AEcwRQIhAJKJVhKpXjLqqQYAg295S2F+qW6TyXq/QGt0T7hBbROyAiAHuN7A+I5q
2aZIsYp0XUpSlhl8qZW3QR+3IX/vGCHilAB3AEiw42vapkc0D+VqAvqdMOscUgHL
Vt0sgdm7v6s52IRzAAABhuygdvkAAAQDAEgwRgIhAKIicvqKbxOIspxJ47HU1SIQ
HP5UoAWW6ZVCTNajezWHAiEA65aUs9kc03MVJj0hVtqK1yvVjrN4Qpci2LwQJkoU
DfwwDQYJKoZIhvcNAQELBQADggEBAD8w824OxIdkkfp6hp5qPlyNpF2P3A5HEIBl
iCT5IUALPeYLaq14+qDgagWgkXEzo5SRQECcUQ7EemHHF73B6pU/+In8ZOyDoYQs
8LWwdqfHk34rmcBMKD/ZJz0DvRwrXF/HigjR9SS3vdYR0PH3DMHgk9W7cKzTTXVJ
j6j3bYGz08TQcaX4jNoD0AJnaRGXJcUGIeHX7umP+OEzmObVd7o/UjW+vCuxqRKp
MDyOYgzn5H+HgvJBlGN1WIVNrE1nfZnhiaJ7qxpTT+OZV4j6DIYhjqfBfvDfTO8g
lYMcPGDS1s4HbhqLP6exzMUZXaDyP2jUUxT7ZXAn1Olh+C5cgws=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6RqykH9X/wqrYYWXCVhP
8EzRXWX9rIKEKCReh8G/PXepij2h8mJfrgnLuAG8S5JWzHIDjG6Elhv7UUxO0MIf
Ea+jjrXf6nHXk4WrHoCR2mG5bWmzCyyux4u3M5H97KifcaD/2QCVtdXZIqP22iDE
dg9ogxM9a/HIoZcfZoHZvqKTgkUEfy8KYmIRKe0ojp21F6dMWM2P6amcM3ftS9d3
YefExoy+wYVsKQM1leLhdmSa/Bm0wLHBlNLOda2kwHVvnD1jowNcRnQB8+yTp7p5
39KjiLT2Y28DXT/FiPWB248OMI1B5TJ3hmhSlNTCn29zWuxTtuBQ+1upXbnS18Uj
eQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1838163845796108767269366076580945820
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M01'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-03-16 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-23 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'signin-fips.amazonaws-us-gov.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29426690093567483754253457626362010757498115083219348489980396345643821149019646091741961578647029952984446542588484498731505712200684790438456790882586377923201182133539266585087307460789240695409363021090429320554124981058486713496081783882788976343339005083394007734125944068920045303610983397108571879423570847117581735351837046363452006536197544921389160895671085442584585508821834182365764139811305011837802090372286006139791491276633181648675167550841128294570075320449566674383987733640306149151188194698128142378316544588033190229470742902313077241149280585864213118905597500292458949650970058266752275784569
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 81b80e638a891218e5fa3b3b50959fe6e5901385
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b17cce7937d97fc4e9fee7ea03a2c831ca494ea9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (182 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'signin-fips.amazonaws-us-gov.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'us-gov-west-1.signin-fips.amazonaws-us-gov.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'smartcard.us-gov-west-1.signin-fips.amazonaws-us-gov.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'smartcard.signin.amazonaws-us-gov.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m01.amazontrust.com/r2m01.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m01.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m01.amazontrust.com/r2m01.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b00000186eca076f90000040300483046022100b259358fe2ca1d40c1391202e038e9454441c119fb7c0aa9598c7da4c1c53d11022100e4a7792ba4f910c494375c43d03bb5dc33848a8462474e598071a236b695b21b00760073d99e891b4c9678a0207d479de6b2c61cd0515e71192a8c6b80107ac17772b500000186eca07737000004030047304502210092895612a95e32eaa90600836f794b617ea96e93c97abf406b744fb8416d13b2022007b8dec0f88e6ad9a648b18a745d4a5296197ca995b7411fb7217fef1821e29400770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d8847300000186eca076f90000040300483046022100a22272fa8a6f1388b29c49e3b1d4d522101cfe54a00596e995424cd6a37b3587022100eb9694b3d91cd37315263d2156da8ad72bd58eb378429722d8bc10264a140dfc
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003f30f36e0ec4876491fa7a869e6a3e5c8da45d8fdc0e471080658824f921400b3de60b6aad78faa0e06a05a0917133a3949140409c510ec47a61c717bdc1ea953ff889fc64ec83a1842cf0b5b076a7c7937e2b99c04c283fd9273d03bd1c2b5c5fc78a08d1f524b7bdd611d0f1f70cc1e093d5bb70acd34d75498fa8f76d81b3d3c4d071a5f88cda03d0026769119725c50621e1d7eee98ff8e13398e6d577ba3f5235bebc2bb1a912a9303c8e620ce7e47f8782f24194637558854dac4d677d99e189a27bab1a534fe3995788fa0c86218ea7c17ef0df4cef2095831c3c60d2d6ce076e1a8b3fa7b1ccc5195da0f23f68d45314fb657027d4e961f82e5c830b