us-gov-east-1.console.amazonaws-us-gov.com

Issued by Amazon RSA 2048 M01

About this certificate

This digital certificate with serial number 0b:d5:a7:56:bc:7a:98:58:67:01:ef:a8:72:da:19:f3 was issued on by Amazon.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=us-gov-east-1.console.amazonaws-us-gov.com

Amazon

Organization: Amazon
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0b:d5:a7:56:bc:7a:98:58:67:01:ef:a8:72:da:19:f3
Serial Number (int): 15730861218859169169359915136681908723
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 43:8a:14:b0:36:ec:77:ca:6f:ca:02:5f:b5:c0:72:e5:6c:75:9d:c5
AuthorityKeyId: 81:b8:0e:63:8a:89:12:18:e5:fa:3b:3b:50:95:9f:e6:e5:90:13:85

Fingerprint (sha1): 00:e5:df:4e:1f:c5:7c:4d:ce:91:56:4b:05:78:74:fd:5f:7d:f3:8e
Fingerprint (sha256): c8:36:b0:36:a1:56:dd:b4:61:5c:18:c3:5c:8a:57:e6:39:5b:f5:aa:a9:a5:c8:61:7e:9b:27:0f:ea:8a:51:8e

Issuing Certificate URL: http://crt.r2m01.amazontrust.com/r2m01.cer

Revocation information

OCSP Server: http://ocsp.r2m01.amazontrust.com
CRL Distribution Point: http://crl.r2m01.amazontrust.com/r2m01.crl

Check the revocation status for certificate us-gov-east-1.console.amazonaws-us-gov.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for us-gov-east-1.console.amazonaws-us-gov.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

us-gov-east-1.console.amazonaws-us-gov.com

Other certificates including the domain name amazonaws-us-gov.com

(limited to 100 certificates)
glacier-console-us-gov-west-1.console.amazonaws-us-gov.com
policysim.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
s3-console-us-gov-west-1.console.amazonaws-us-gov.com
*.us-gov-west-1.console-gamma.aws-dev.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
policysim.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
appstream2.us-gov-east-1.aws.amazon.com
us-gov-east-1.console.amazonaws-us-gov.com
websocket.us-gov-east-1-onebox.quicksight.amazonaws-us-gov.com
api-quicksight-integ.us-gov-west-1.amazonaws.com
*.signin.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
websocket.us-gov-east-1.quicksight.amazonaws-us-gov.com
appstream2.us-gov-west-1.aws.amazon.com
us-gov-west-1.console.amazonaws-us-gov.com
appstream2-fips.us-gov-east-1.aws.amazon.com
appstream2-fips.us-gov-west-1.aws.amazon.com
appstream2.us-gov-west-1.aws.amazon.com
appstream2.us-gov-west-1.aws.amazon.com
web-quicksight.us-gov-west-1.amazonaws.com
phd.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
appstream2.us-gov-east-1.aws.amazon.com
policysim.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
appstream2.us-gov-west-1.aws.amazon.com
*.signin.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
websocket.fips-us-gov-east-1.quicksight.amazonaws-us-gov.com
signin-fips.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
appstream2-fips.us-gov-west-1.aws.amazon.com
*.signin.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
us-gov-west-1.prod.console-api.aws-dev.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
appstream2.us-gov-west-1.aws.amazon.com
phd.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
phd.amazonaws-us-gov.com
fpq3q23wnh.cell.logs.us-gov-west-1.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
s3-console-us-gov-west-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
appstream2-fips.us-gov-east-1.aws.amazon.com
signin-fips.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
s3-console-us-gov-west-1.console.amazonaws-us-gov.com
s3-console-us-gov-west-1.console.amazonaws-us-gov.com
appstream2.us-gov-west-1.aws.amazon.com
us-gov-west-1.console.amazonaws-us-gov.com
*.us-gov-east-1.console-gamma.aws-dev.amazonaws-us-gov.com
*.signin.amazonaws-us-gov.com
appstream2-fips.us-gov-west-1.aws.amazon.com
*.signin.amazonaws-us-gov.com
policysim.amazonaws-us-gov.com
appstream2-fips.us-gov-west-1.aws.amazon.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
organizations-nexus.amazonaws-us-gov.com
us-gov-east-1.console.amazonaws-us-gov.com
us-gov-west-1.console.amazonaws-us-gov.com
us-gov-east-1.prod.console-api.aws-dev.amazonaws-us-gov.com

Certificate

The complete raw certificate details for us-gov-east-1.console.amazonaws-us-gov.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgIQC9WnVrx6mFhnAe+octoZ8zANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDMwODAwMDAwMFoXDTI0MDMwNzIzNTk1OVowNTEz
MDEGA1UEAxMqdXMtZ292LWVhc3QtMS5jb25zb2xlLmFtYXpvbmF3cy11cy1nb3Yu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUM404JbDx0rTZDX
kKBqIETVJ9nf/3WIXAfmsofrtNdXCIhk2LvKVArAaXu345mOGaWODCc6cHHwdTot
P76XOGzNOJGT9UiKB+06rttBti0W8654vNY7G5MoANVvDEHgux3havKioIebAXN/
KP3rBb3SCnk/xE1jRuKOp5HblNmKF13v2F5I2M8uxdZNNAfzmPL0oXXVg+nDWtKP
0tPihyb+fMNZbQsHY+7mUlDoIJ8l3n2JgS3tgBu5ljzo2RVOEc/MjDxNr/fpjQyU
cOouMj4WTPwjk5tjxqYXgfbhvtSiAEAKP9g1ofRKPJ67SvbsieVKIIj6B2kuerBU
s+8P7QIDAQABo4IDBTCCAwEwHwYDVR0jBBgwFoAUgbgOY4qJEhjl+js7UJWf5uWQ
E4UwHQYDVR0OBBYEFEOKFLA27HfKb8oCX7XAcuVsdZ3FMDUGA1UdEQQuMCyCKnVz
LWdvdi1lYXN0LTEuY29uc29sZS5hbWF6b25hd3MtdXMtZ292LmNvbTAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0
MDIwMKAuoCyGKmh0dHA6Ly9jcmwucjJtMDEuYW1hem9udHJ1c3QuY29tL3IybTAx
LmNybDATBgNVHSAEDDAKMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYB
BQUHMAGGIWh0dHA6Ly9vY3NwLnIybTAxLmFtYXpvbnRydXN0LmNvbTA2BggrBgEF
BQcwAoYqaHR0cDovL2NydC5yMm0wMS5hbWF6b250cnVzdC5jb20vcjJtMDEuY2Vy
MAwGA1UdEwEB/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3AO7N0GTV
2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABhsLCPbwAAAQDAEgwRgIhAMnv
l3Lrii2+uzf9hPTgChTQiFRIqD+Puhe5iJGCOvHMAiEAhoniy+LGiUGScAjzl5Em
UUAhEfJzhHvdpoTh99SA5OEAdwBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6
wXdytQAAAYbCwj43AAAEAwBIMEYCIQDe2l1V84rqS3VBLYFfNQ6kSE4D/1++0gdB
JF0vBbavYgIhAMqvrSL7E+9pbUCy3DfWJ8IGeTZxkF7OfOpIvW4k+eKWAHYASLDj
a9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGGwsI9+wAABAMARzBFAiBC
sCSVuECXB4Z/vlQGMxpoaoqfQRgYQz15ee1g0PjfMwIhAOKiQ9aoAgwHLG7vIuWH
XyyD4QLPtzekMhCu5nY3AIYBMA0GCSqGSIb3DQEBCwUAA4IBAQDIqiw/N/R8pP+W
HT2xX4fASWtce63U/ypfIsz98Hc0VLAgyBqWh8tXLUpw/4AoK7geaXMCf+zotPXF
+iwNwu3q1QhOrrFZj7kCkel6paOSuFv0ulVHD3qX0K9s9BzZUm8NJ/amtv7lQhNd
k13B7kpj7N6AUeQgYvO/3/iEKGZ6CWAsG8+Lv0mTt1NVkG7EIYtjOZsTLsf8KvZZ
ckesH/VCd3310fG3YqxDU5k+lgcOe1O5BdvkmXDBwn/ftGPTBrpoBlG4ViBKr+I+
iMZy8yKawKBROTrp2IaZgJx4xZX3G2olqHOBVDWiranvE62SCKlSOHQGt4qq6ZsW
JSwtjKA+
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUM404JbDx0rTZDXkKBq
IETVJ9nf/3WIXAfmsofrtNdXCIhk2LvKVArAaXu345mOGaWODCc6cHHwdTotP76X
OGzNOJGT9UiKB+06rttBti0W8654vNY7G5MoANVvDEHgux3havKioIebAXN/KP3r
Bb3SCnk/xE1jRuKOp5HblNmKF13v2F5I2M8uxdZNNAfzmPL0oXXVg+nDWtKP0tPi
hyb+fMNZbQsHY+7mUlDoIJ8l3n2JgS3tgBu5ljzo2RVOEc/MjDxNr/fpjQyUcOou
Mj4WTPwjk5tjxqYXgfbhvtSiAEAKP9g1ofRKPJ67SvbsieVKIIj6B2kuerBUs+8P
7QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15730861218859169169359915136681908723
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M01'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-03-08 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-07 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'us-gov-east-1.console.amazonaws-us-gov.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 16822842952986570357835213124108799877596146007744618078567477271852680935981755623622463687324335617495888322934829872101761931473142685033651953636844885652494963459266471196164619750962996819168148495238919173930642252739487154893718662484103310875794609206785213161608643550129903062947039099786600907749302165029456758046617814149875284906305325466736722622671756835179925692033402120246882440574779159469168815487033581393660404272807824302995506517838348831559937683238070786719365726395070987118449911342853757462950753544678645600954022509283310864318707238914369256815163711912923682114664467929729107693549
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 81b80e638a891218e5fa3b3b50959fe6e5901385
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							438a14b036ec77ca6fca025fb5c072e56c759dc5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (46 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'us-gov-east-1.console.amazonaws-us-gov.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m01.amazontrust.com/r2m01.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m01.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m01.amazontrust.com/r2m01.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b00000186c2c23dbc0000040300483046022100c9ef9772eb8a2dbebb37fd84f4e00a14d0885448a83f8fba17b98891823af1cc0221008689e2cbe2c68941927008f397912651402111f273847bdda684e1f7d480e4e100770073d99e891b4c9678a0207d479de6b2c61cd0515e71192a8c6b80107ac17772b500000186c2c23e370000040300483046022100deda5d55f38aea4b75412d815f350ea4484e03ff5fbed20741245d2f05b6af62022100caafad22fb13ef696d40b2dc37d627c206793671905ece7cea48bd6e24f9e29600760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d8847300000186c2c23dfb0000040300473045022042b02495b8409707867fbe5406331a686a8a9f411818433d7979ed60d0f8df33022100e2a243d6a8020c072c6eef22e5875f2c83e102cfb737a43210aee67637008601
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00c8aa2c3f37f47ca4ff961d3db15f87c0496b5c7badd4ff2a5f22ccfdf0773454b020c81a9687cb572d4a70ff80282bb81e6973027fece8b4f5c5fa2c0dc2edead5084eaeb1598fb90291e97aa5a392b85bf4ba55470f7a97d0af6cf41cd9526f0d27f6a6b6fee542135d935dc1ee4a63ecde8051e42062f3bfdff88428667a09602c1bcf8bbf4993b75355906ec4218b63399b132ec7fc2af6597247ac1ff542777df5d1f1b762ac4353993e96070e7b53b905dbe49970c1c27fdfb463d306ba680651b856204aafe23e88c672f3229ac0a051393ae9d88699809c78c595f71b6a25a873815435a2ada9ef13ad9208a952387406b78aaae99b16252c2d8ca03e