*.rfklive.com
Issued by Amazon RSA 2048 M02
About this certificate
This digital certificate with serial number 06:36:e5:6e:f0:76:00:3f:bc:d4:7d:1d:8d:aa:2e:08 was issued on by Amazon.
With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=*.rfklive.com
Amazon
Organization:
Amazon
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 06:36:e5:6e:f0:76:00:3f:bc:d4:7d:1d:8d:aa:2e:08Serial Number (int): 8260405466386545510556565694180896264
Serial Number lenght: 123 bits, 16 octets
SubjectKeyId: 7f:ce:ca:13:cd:67:36:f3:1b:f2:0c:26:98:0b:02:3a:af:c5:18:cf
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2
Fingerprint (sha1): be:c3:5d:76:c7:9f:0b:d5:0b:9d:bd:5c:ba:c3:6c:83:52:e3:a6:2c
Fingerprint (sha256): c4:85:d4:cd:12:fa:fd:29:e1:be:1c:db:8d:91:d0:7b:98:ec:e7:b9:d3:d8:8a:fd:d4:ce:96:a2:de:5b:77:ff
Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer
Revocation information
OCSP Server: http://ocsp.r2m02.amazontrust.comCRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl
Check the revocation status for certificate *.rfklive.com
3
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.rfklive.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.rfklive.com
rfk.worldsoccershop.com
*.rfk.worldsoccershop.com
rfk.worldsoccershop.com
*.rfk.worldsoccershop.com
Other certificates including the domain name rfklive.com
(limited to 100 certificates)
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.uat.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.rfklive.com
*.uat.rfklive.com
*.rfklive.com
Certificate
The complete raw certificate details for *.rfklive.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF+TCCBOGgAwIBAgIQBjblbvB2AD+81H0djaouCDANBgkqhkiG9w0BAQsFADA8 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g UlNBIDIwNDggTTAyMB4XDTI0MDMyOTAwMDAwMFoXDTI1MDQyNzIzNTk1OVowGDEW MBQGA1UEAwwNKi5yZmtsaXZlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAKmxbpyZHO/+5hsWRrUNmlIrG0U8nH8Vu8fT+XDHNZY9GyLtrQQcVZjg S/nzPPlCFnGMGy5AeqrPpVpi9KgbYVXiB3uMKdD4+ShVGC62U/uiLa8zTB5fadHZ P8doxLrVTHYVgeYc7mUGndX1GX9JlSB+BJHOx1qppngU5YB9IqbEIkJh8h0eC7za IO2K3MvBAMJgG+V4ogRbdd9AiYB/InSzjJnAgUHPe8xVtMy/CkSTYtdGwAAp8QQX vltd/WfI2tyV8lak/mj5r6MwXZPzFSVy4hDnMljTEnDkFHalMBClQOivrzsSS6VM 4x5NxvwwMxMtAxMNBGr6hNanVPifb/ECAwEAAaOCAxkwggMVMB8GA1UdIwQYMBaA FMAxUs1aUMOCfHRxzsvpnPl664LiMB0GA1UdDgQWBBR/zsoTzWc28xvyDCaYCwI6 r8UYzzBMBgNVHREERTBDgg0qLnJma2xpdmUuY29tghdyZmsud29ybGRzb2NjZXJz aG9wLmNvbYIZKi5yZmsud29ybGRzb2NjZXJzaG9wLmNvbTATBgNVHSAEDDAKMAgG BmeBDAECATAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwucjJtMDIuYW1hem9u dHJ1c3QuY29tL3IybTAyLmNybDB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGG IWh0dHA6Ly9vY3NwLnIybTAyLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYq aHR0cDovL2NydC5yMm0wMi5hbWF6b250cnVzdC5jb20vcjJtMDIuY2VyMAwGA1Ud EwEB/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AE51oydcmhDDOFts 1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjogMASQAAAQDAEcwRQIhANNZWUMPix0a bFjmWHmYceSpr39UEwi60roQZDFPbt7OAiBb/v++8Cndp35UA2pOXDf25Od/6aY0 A2+gJM8Sy1DqPgB1AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4AAAB jogMANoAAAQDAEYwRAIgGpEXBwgrP8smfr1ydMHTg4A9Np/D1hz03iI1DYbIQfIC IHotFudB4mSNRPmKz42i/n7bwr0Amv7+UoENhsweS/rOAHYA5tIxY0B3jMEQQQbX cbnOwdJA9paEhvu6hzId/R43jlAAAAGOiAwA9AAABAMARzBFAiBBC3ClAIUOrjmN bs02l/c3WIyiLaAgt415tXZ+uZEomgIhAMhPQnNSGTF2oZUskxi0b8no32bJOl8N OyfTKBl2snULMA0GCSqGSIb3DQEBCwUAA4IBAQCuoZ2kbRHecHeCiUy8SmeI2Bsf zQFDvGAH7vXwL8sdvLpb6yfOzpupYCHlYl12AHC8IDHlu+b9HaGUaZroh+e167Yx Lii/NDJyH5ti66MRfOtmgo0QzzSMjRiWylIHR9EnPbsSHLe9v6QEZQ1DKInJ9l8x 86CYrgVwpT1rJdx0OrsBYRMxq9TC4YApFlhfXYkp6MHh8seHMTJPwArPmf5LCSrm /uL19Vr9Qhzw7u3yMw0LxJNcdlltCQBw6Ia1ZZDCTcXu3pqu3GEyhkNH4M7LDhHj +n+/XByUoCeJmXNOGqfXMHjOQ/B4dSSfHLjmMKPKLXKyUFZ15+JA0kV1UE0i -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbFunJkc7/7mGxZGtQ2a UisbRTycfxW7x9P5cMc1lj0bIu2tBBxVmOBL+fM8+UIWcYwbLkB6qs+lWmL0qBth VeIHe4wp0Pj5KFUYLrZT+6ItrzNMHl9p0dk/x2jEutVMdhWB5hzuZQad1fUZf0mV IH4Ekc7HWqmmeBTlgH0ipsQiQmHyHR4LvNog7Yrcy8EAwmAb5XiiBFt130CJgH8i dLOMmcCBQc97zFW0zL8KRJNi10bAACnxBBe+W139Z8ja3JXyVqT+aPmvozBdk/MV JXLiEOcyWNMScOQUdqUwEKVA6K+vOxJLpUzjHk3G/DAzEy0DEw0EavqE1qdU+J9v 8QIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 8260405466386545510556565694180896264 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-29 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-27 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.rfklive.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21421768557415280780706472367645284591924355519725043543625419495709491453101164698376287702365256738291269028639387899894942415772035441512245789597232294105534874346534783259977540654569656688462792087247034700083269245306455048355901666349365999811524810467803356352771996061695538903918143546452432894022106362989179943484983923328081796109995114115895724806929298517312605990151957306964332411507285081565113908128352622760780047890236249261270979394935442931632114904235210216479716911272580272539072803326784383542011232672070444235614662574288146305864100192374737737210115110750185393112888310199733534552049 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 7fceca13cd6736f31bf20c26980b023aafc518cf . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.rfklive.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rfk.worldsoccershop.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.rfk.worldsoccershop.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes) 01670076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018e880c01240000040300473045022100d35959430f8b1d1a6c58e658799871e4a9af7f541308bad2ba1064314f6edece02205bfeffbef029dda77e54036a4e5c37f6e4e77fe9a634036fa024cf12cb50ea3e0075007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018e880c00da000004030046304402201a911707082b3fcb267ebd7274c1d383803d369fc3d61cf4de22350d86c841f202207a2d16e741e2648d44f98acf8da2fe7edbc2bd009afefe52810d86cc1e4bface007600e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018e880c00f400000403004730450220410b70a500850eae398d6ecd3697f737588ca22da020b78d79b5767eb991289a022100c84f427352193176a1952c9318b46fc9e8df66c93a5f0d3b27d3281976b2750b . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00aea19da46d11de707782894cbc4a6788d81b1fcd0143bc6007eef5f02fcb1dbcba5beb27cece9ba96021e5625d760070bc2031e5bbe6fd1da194699ae887e7b5ebb6312e28bf3432721f9b62eba3117ceb66828d10cf348c8d1896ca520747d1273dbb121cb7bdbfa404650d432889c9f65f31f3a098ae0570a53d6b25dc743abb01611331abd4c2e1802916585f5d8929e8c1e1f2c78731324fc00acf99fe4b092ae6fee2f5f55afd421cf0eeedf2330d0bc4935c76596d090070e886b56590c24dc5eede9aaedc6132864347e0cecb0e11e3fa7fbf5c1c94a0278999734e1aa7d73078ce43f07875249f1cb8e630a3ca2d72b2505675e7e240d24575504d22