*.compass-mps.de

Issued by RapidSSL TLS RSA CA G1

About this certificate

This digital certificate with serial number 06:29:82:99:50:ad:e1:d6:fb:c9:dc:bb:9e:c1:5b:5a was issued on by DigiCert Inc.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=*.compass-mps.de

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 06:29:82:99:50:ad:e1:d6:fb:c9:dc:bb:9e:c1:5b:5a
Serial Number (int): 8190901006035774020497446727514676058
Serial Number lenght: 123 bits, 16 octets

SubjectKeyId: 44:bd:be:37:18:ff:5f:f6:cc:ff:4b:19:eb:40:0f:1c:bb:16:ee:c0
AuthorityKeyId: 0c:db:6c:82:49:0f:4a:67:0a:b8:14:ee:7a:c4:48:52:88:eb:56:38

Fingerprint (sha1): b3:b8:2c:e2:4f:c0:d9:fa:44:22:9c:26:7a:fc:e9:d9:68:bf:f7:dc
Fingerprint (sha256): cc:10:73:fe:c2:f0:7a:56:78:9d:a6:ac:3b:75:3e:d7:be:dc:51:19:ec:92:cf:f3:56:45:a2:60:86:68:db:14

Issuing Certificate URL: http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt

Revocation information

OCSP Server: http://status.rapidssl.com
CRL Distribution Point: http://cdp.rapidssl.com/RapidSSLTLSRSACAG1.crl

Check the revocation status for certificate *.compass-mps.de

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.compass-mps.de

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.compass-mps.de
compass-mps.de

Other certificates including the domain name compass-mps.de

(limited to 100 certificates)
s3.compass-mps.de
*.compass-mps.de
*.compass-mps.de
s1.compass-mps.de
*.compass-mps.de
s1.compass-mps.de
*.compass-mps.de
*.compass-mps.de
*.compass-mps.de
s1.compass-mps.de
s4.compass-mps.de
*.compass-mps.de
*.compass-mps.de
*.compass-mps.de

Certificate

The complete raw certificate details for *.compass-mps.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHMzCCBhugAwIBAgIQBimCmVCt4db7ydy7nsFbWjANBgkqhkiG9w0BAQsFADBg
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZSYXBpZFNTTCBUTFMgUlNBIENBIEcx
MB4XDTIzMTEwNjAwMDAwMFoXDTI0MTEyMDIzNTk1OVowGzEZMBcGA1UEAwwQKi5j
b21wYXNzLW1wcy5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM79
jiwXTsInucCSvc/+jmPI/BdWIAZPKGpbpFJunx1xUEca0//BOyhK95kQ6TruIIrT
hbBu60mhuxhqhlXwt0lNuNk4CXK8WBBd+AcrMXFobq8fdOwIvz0NurwwIcRG8GMN
3rgDZg2UlArSNCBE+8eb81zqgiTBK3TgsP0ZhNCNjiLGsSjsPhbK0hMIo4YbmRRQ
BCzGgP1et0/vkQ3ZeXvW4QX9w1CpS5VBwahVm8+E2r/xdMusPWehrrqINIucnF6W
LZlnuUjq3zwSp7SWOGIcKTA4rLtlCODm+5sSRWV0OFDn7SzP6uCDdijO7x+Ch1qU
sG0l+Rn0JVz1wsDvAkXNnq4PS7WgpEJLJEJdayq6uqilba/pgFKMHDJLCuMlY3xU
ssor6exiKBcuscFdlpRGQeF0bLXuXRfu+mq14zff+29kugSkdULbKlUu5OgewS3c
0+P0ww/lkVe67uRzjjGL5A7QOPOHXhqrLdH1GZRNI7qxu7wL+9KLI/86OlLqg/7l
hai8J2JynO5qSfYuXUxT+++dCASJ9x8ms4/A5/QvwwE5Sjg1TRLPfCi6uF+E+iQj
6hI2J9LREglpHxRBsVAnhjJsPj53zAhfJbfDTfNW6gKMGvdhTUC4YWISDTEsf0Ri
OOeORulAoehgseW7Z5DTv1Ey+ELUoYD2Gc73j0lDAgMBAAGjggMsMIIDKDAfBgNV
HSMEGDAWgBQM22yCSQ9KZwq4FO56xEhSiOtWODAdBgNVHQ4EFgQURL2+Nxj/X/bM
/0sZ60APHLsW7sAwKwYDVR0RBCQwIoIQKi5jb21wYXNzLW1wcy5kZYIOY29tcGFz
cy1tcHMuZGUwPgYDVR0gBDcwNTAzBgZngQwBAgEwKTAnBggrBgEFBQcCARYbaHR0
cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
L2NkcC5yYXBpZHNzbC5jb20vUmFwaWRTU0xUTFNSU0FDQUcxLmNybDB2BggrBgEF
BQcBAQRqMGgwJgYIKwYBBQUHMAGGGmh0dHA6Ly9zdGF0dXMucmFwaWRzc2wuY29t
MD4GCCsGAQUFBzAChjJodHRwOi8vY2FjZXJ0cy5yYXBpZHNzbC5jb20vUmFwaWRT
U0xUTFNSU0FDQUcxLmNydDAMBgNVHRMBAf8EAjAAMIIBgQYKKwYBBAHWeQIEAgSC
AXEEggFtAWsAdwDuzdBk1dsazsVct520zROiModGfLzs3sNRSFlGcR+1mwAAAYuj
4MwDAAAEAwBIMEYCIQCRAP8IV75x5WO5F3CRxnP1qYjRCywTdwDHy+sbmtkYjQIh
AJo9HtMMJWP56Pz+v7hPjb6W8WiH00AK3J1A8Webpw/JAHcASLDja9qmRzQP5WoC
+p0w6xxSActW3SyB2bu/qznYhHMAAAGLo+DL0gAABAMASDBGAiEAiut9RF2WhhSR
57n83r+LYoR/cYKKSxQhvnIIaN18CWECIQCgkZxDxBPPUph3PDfwRao3czjHOunj
+ttbDX9XXxOSzAB3AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAAB
i6PgzAEAAAQDAEgwRgIhAKwondu1NL2IkcL7OrJemJXwxwkZWWunP8T40B5ohuqk
AiEAwcu52kWNZBQv/9ynI45DywCFg3XoCMud27M5ZPul+SkwDQYJKoZIhvcNAQEL
BQADggEBACsQj/v1Coha+7O72/I1ceVjKKibcLTfNBFXB74qew9ybPFsEhhaHR5s
xsVi3D+85WgVX91hagKhdUNDwLdNLf2khp8JL1MqlOD+Ht9X2YbkImbc7xHMvhZs
IXaPDs8ZCxQVBQOCfTgQJhO7OrClG7VlhTjcsh24HnbweDrbHms8AxaGLggT47za
3dobUwP+IDmOF+hjGEqZX9MNhzZEfvIxdFr2uhcNIWjw5UcLXiZIH35bAXvuFeYG
WPa17nKn6xpOfAK7HMq9JuPlgXnfTq6shN87OwmqejCGl6qplSzV71KwE5112w2K
+cLQf2Kb7bh8CDp1i2qzNQeJze01lBg=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzv2OLBdOwie5wJK9z/6O
Y8j8F1YgBk8oalukUm6fHXFQRxrT/8E7KEr3mRDpOu4gitOFsG7rSaG7GGqGVfC3
SU242TgJcrxYEF34BysxcWhurx907Ai/PQ26vDAhxEbwYw3euANmDZSUCtI0IET7
x5vzXOqCJMErdOCw/RmE0I2OIsaxKOw+FsrSEwijhhuZFFAELMaA/V63T++RDdl5
e9bhBf3DUKlLlUHBqFWbz4Tav/F0y6w9Z6Guuog0i5ycXpYtmWe5SOrfPBKntJY4
YhwpMDisu2UI4Ob7mxJFZXQ4UOftLM/q4IN2KM7vH4KHWpSwbSX5GfQlXPXCwO8C
Rc2erg9LtaCkQkskQl1rKrq6qKVtr+mAUowcMksK4yVjfFSyyivp7GIoFy6xwV2W
lEZB4XRste5dF+76arXjN9/7b2S6BKR1QtsqVS7k6B7BLdzT4/TDD+WRV7ru5HOO
MYvkDtA484deGqst0fUZlE0jurG7vAv70osj/zo6UuqD/uWFqLwnYnKc7mpJ9i5d
TFP7750IBIn3Hyazj8Dn9C/DATlKODVNEs98KLq4X4T6JCPqEjYn0tESCWkfFEGx
UCeGMmw+PnfMCF8lt8NN81bqAowa92FNQLhhYhINMSx/RGI4545G6UCh6GCx5btn
kNO/UTL4QtShgPYZzvePSUMCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 8190901006035774020497446727514676058
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'RapidSSL TLS RSA CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-06 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-11-20 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.compass-mps.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 844447364033492010885799592885020149533185837740623899077015662851509666902810891989364326928075600638069413765404350824209131827996044810160613408801517724690931108202638467799475615014220359496367211685637069598660925829926751482949262408009659503796851124888696375749105598915797192884097333518880082024257713664239832430338557011739266715203071028870069156951566591846324187423781806991999797695920251961929926008056026145502221560264787908805405851263054822315268396737270098445326680256324344753085483130072579928432390299065519651738575825034317835314546024193183002281688486557858526345881280646204437847825259217461139777142845135765816548186649519022025441072913333054314739956241382502339585354936679437414395508137286555866844741209911862318398788860824209709375088438579199005579463508053866837921914566683158966794702671549663447667485559577381542156924578897813081461311789503886523141565082603024907026139607820652482944671612064449890465263566548909216474194977686332160824546940577854826392183523851077429920197216649184591635148604791614764602556345199714809859060489851821146369919542398123242675765783424968570688198812655543790228742341397152673427197610410640145711731178156625610253754341940155879029667219779
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0cdb6c82490f4a670ab814ee7ac4485288eb5638
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							44bdbe3718ff5ff6ccff4b19eb400f1cbb16eec0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.compass-mps.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'compass-mps.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.rapidssl.com/RapidSSLTLSRSACAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.rapidssl.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (369 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
							016b007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018ba3e0cc0300000403004830460221009100ff0857be71e563b9177091c673f5a988d10b2c137700c7cbeb1b9ad9188d0221009a3d1ed30c2563f9e8fcfebfb84f8dbe96f16887d3400adc9d40f1679ba70fc900770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018ba3e0cbd200000403004830460221008aeb7d445d96861491e7b9fcdebf8b62847f71828a4b1421be720868dd7c0961022100a0919c43c413cf5298773c37f045aa377338c73ae9e3fadb5b0d7f575f1392cc0077003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018ba3e0cc010000040300483046022100ac289ddbb534bd8891c2fb3ab25e9895f0c70919596ba73fc4f8d01e6886eaa4022100c1cbb9da458d64142fffdca7238e43cb00858375e808cb9ddbb33964fba5f929
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		002b108ffbf50a885afbb3bbdbf23571e56328a89b70b4df34115707be2a7b0f726cf16c12185a1d1e6cc6c562dc3fbce568155fdd616a02a1754343c0b74d2dfda4869f092f532a94e0fe1edf57d986e42266dcef11ccbe166c21768f0ecf190b14150503827d38102613bb3ab0a51bb5658538dcb21db81e76f0783adb1e6b3c0316862e0813e3bcdaddda1b5303fe20398e17e863184a995fd30d8736447ef231745af6ba170d2168f0e5470b5e26481f7e5b017bee15e60658f6b5ee72a7eb1a4e7c02bb1ccabd26e3e58179df4eaeac84df3b3b09aa7a308697aaa9952cd5ef52b0139d75db0d8af9c2d07f629bedb87c083a758b6ab3350789cded359418