bornwebserver.nl
Issued by StartCom Class 1 DV Server CA
About this certificate
This digital certificate with serial number 64:e7:5f:a7:70:f1:48:86:bd:4c:5e:df:e7:7c:71:79 was issued on by StartCom Ltd..
With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=bornwebserver.nl
StartCom Ltd.
Organization:
StartCom Ltd.
Organization unit: StartCom Certification Authority
Organization unit: StartCom Certification Authority
Country:
IL
This certificate has expire since
Certificate Details
Serial Number (hex): 64:e7:5f:a7:70:f1:48:86:bd:4c:5e:df:e7:7c:71:79Serial Number (int): 134124160247782633981814531297763946873
Serial Number lenght: 127 bits, 16 octets
SubjectKeyId: 01:a1:86:69:3e:09:f5:af:27:c1:ff:02:44:0a:82:eb:4e:c9:4c:98
AuthorityKeyId: d7:91:4e:01:c4:b0:bf:f8:c8:67:93:44:9c:e7:33:fa:ad:93:0c:af
Fingerprint (sha1): 15:57:59:87:6a:86:ae:c6:1a:2b:3d:da:5c:6f:47:d0:5b:42:be:8f
Fingerprint (sha256): cc:3b:f6:08:be:8d:7e:54:09:f6:8d:56:5d:ef:4e:12:a1:83:62:3f:4f:65:e4:d9:cd:66:8b:cd:ed:b0:d1:0d
Issuing Certificate URL: http://aia.startssl.com/certs/sca.server1.crt
Revocation information
OCSP Server: http://ocsp.startssl.comCRL Distribution Point: http://crl.startssl.com/sca-server1.crl
Check the revocation status for certificate bornwebserver.nl
4
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for bornwebserver.nl
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Client Authentication
Server Authentication
Extensions
11 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
bornwebserver.nl
www.bornwebserver.nl
mail.bornwebserver.nl
webmail.bornwebserver.nl
www.bornwebserver.nl
mail.bornwebserver.nl
webmail.bornwebserver.nl
Other certificates including the domain name bornwebserver.nl
(limited to 100 certificates)
www.bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
www.bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
bornwebserver.nl
www.bornwebserver.nl
Certificate
The complete raw certificate details for bornwebserver.nl in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGLDCCBRSgAwIBAgIQZOdfp3DxSIa9TF7f53xxeTANBgkqhkiG9w0BAQsFADB4 MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMg U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAMTHVN0YXJ0 Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4XDTE2MDQwMTA4MjgxMVoXDTE3MDQw MTA4MjgxMVowGzEZMBcGA1UEAwwQYm9ybndlYnNlcnZlci5ubDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKGr/Dgj0z+oZISENX4kisKijGrmEGMuwC3S 8u3NZFU1wWa37+lvYmtcRxEle/37mu5bsQMkLCcCnx6pYwACaqp24HhweE86uON/ Ht1qkGVWfygHgc5q4ZFgkEdnMEv1bqzmvIDLewQGpXKtwxhoTdlugrpCC9A2ncrg WVSBUmKN2D78/OkyuefOG1bfw8WcgjhTP+bWmP8Y/+XLmc+HcX5FBApC9nAIRSjF Ss2upH07s6bz2ET/KpYDUqRw77ZfmuO4T5BJK2Uc0kwUC9WbddW74ZKoZIAEDpxU ZvWFHamS2sjm0+jYQ3EHOvdW73fpfd2PAw9C/5Phq2hIscaVMP0CAwEAAaOCAw0w ggMJMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH AwEwCQYDVR0TBAIwADAdBgNVHQ4EFgQUAaGGaT4J9a8nwf8CRAqC607JTJgwHwYD VR0jBBgwFoAU15FOAcSwv/jIZ5NEnOcz+q2TDK8wbwYIKwYBBQUHAQEEYzBhMCQG CCsGAQUFBzABhhhodHRwOi8vb2NzcC5zdGFydHNzbC5jb20wOQYIKwYBBQUHMAKG LWh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3NjYS5zZXJ2ZXIxLmNydDA4 BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zY2Etc2Vy dmVyMS5jcmwwYgYDVR0RBFswWYIQYm9ybndlYnNlcnZlci5ubIIUd3d3LmJvcm53 ZWJzZXJ2ZXIubmyCFW1haWwuYm9ybndlYnNlcnZlci5ubIIYd2VibWFpbC5ib3Ju d2Vic2VydmVyLm5sMCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t LzBQBgNVHSAESTBHMAgGBmeBDAECATA7BgsrBgEEAYG1NwECBTAsMCoGCCsGAQUF BwIBFh5odHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kwggEFBgorBgEEAdZ5 AgQCBIH2BIHzAPEAdwDNtRebf8HARv7qMRNqP48ALmGC+viJb+zIsvW1q2BJAAAA AVPRIltOAAAEAwBIMEYCIQDYrXTswXnomO7ltOCMyjvbfmhtOKraL1j0PbeEJwKb gAIhAO8Xh2zF82AolrvVXnD2ohw/9+tC9DVo57BRpcbx6EiTAHYAaPaY+B9kgr46 jO65KB1M/HFRXWeT1ETRCmesu09P+8QAAAFT0SJrFwAABAMARzBFAiAuQ0V1t1eh S0xMxK+1uYnwJMu4aYEItINDSKwSDyb4rAIhAPKE8HPEPVZA3m8BI3HY5fGj4tPy mKVXGmz1N/nTPb2GMA0GCSqGSIb3DQEBCwUAA4IBAQCNzQQyt9B0Y9aXrHLa0faC x7pooFWN8Caxh0tToRishaDYJdcQWxmfCpG10NAL5/f2AinwRIz4E4Yn8+RSnYsx HA4RklkqCeHo3PFn5WYZ3pRIl6n7x14SMo1nvvesO45FLW9Ybxq3kmy6DUVcBjJW vf4tPUf96YiT+uf2ZPzCQjksq4JLD3yrjEI76qMCGVhJY9zyjhajSUH9EAEQnvd2 cAGERSyLlGgR7FFJlgACLTeoazGko/BfFRnwbSNCNZXs+BukKe4syL8fj1fpCQBN 8RnanrBnK4QsCxfEmNEqtpEN4NfcoisGakojnrNnYHpr1WHpacjzstxIvm5UcTYN -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoav8OCPTP6hkhIQ1fiSK wqKMauYQYy7ALdLy7c1kVTXBZrfv6W9ia1xHESV7/fua7luxAyQsJwKfHqljAAJq qnbgeHB4Tzq4438e3WqQZVZ/KAeBzmrhkWCQR2cwS/VurOa8gMt7BAalcq3DGGhN 2W6CukIL0DadyuBZVIFSYo3YPvz86TK5584bVt/DxZyCOFM/5taY/xj/5cuZz4dx fkUECkL2cAhFKMVKza6kfTuzpvPYRP8qlgNSpHDvtl+a47hPkEkrZRzSTBQL1Zt1 1bvhkqhkgAQOnFRm9YUdqZLayObT6NhDcQc691bvd+l93Y8DD0L/k+GraEixxpUw /QIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 134124160247782633981814531297763946873 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IL' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Ltd.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Certification Authority' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Class 1 DV Server CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-04-01 08:28:11 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-04-01 08:28:11 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'bornwebserver.nl' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20409176178128621868700043098071833878898666512726498097971152934182349930848779378589867714092710115705961475340747554393954425973035997450806389488866132716832596263750935676849341105978275355620255748922762725258234115642469739208127844436917929326955249874660884370625825596778107865726637950240645463787580417777540701925736074814414709801757181282780525688318259744786872228031578106313663309325763767889764908443291522996464851392550902569934764372810709060390141393735455641410903269502148841597176363933030198279974413762452912266565189911893189579847139315739546447778656076521482506205277659462649251180797 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 01a186693e09f5af27c1ff02440a82eb4ec94c98 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d7914e01c4b0bff8c86793449ce733faad930caf . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.startssl.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.startssl.com/certs/sca.server1.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.startssl.com/sca-server1.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (91 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bornwebserver.nl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.bornwebserver.nl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mail.bornwebserver.nl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webmail.bornwebserver.nl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.18 (issuerAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.startssl.com/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.23223.1.2.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.startssl.com/policy' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f1007700cdb5179b7fc1c046feea31136a3f8f002e6182faf8896fecc8b2f5b5ab60490000000153d1225b4e0000040300483046022100d8ad74ecc179e898eee5b4e08cca3bdb7e686d38aada2f58f43db78427029b80022100ef17876cc5f3602896bbd55e70f6a21c3ff7eb42f43568e7b051a5c6f1e8489300760068f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc400000153d1226b17000004030047304502202e434575b757a14b4c4cc4afb5b989f024cbb8698108b4834348ac120f26f8ac022100f284f073c43d5640de6f012371d8e5f1a3e2d3f298a5571a6cf537f9d33dbd86 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 008dcd0432b7d07463d697ac72dad1f682c7ba68a0558df026b1874b53a118ac85a0d825d7105b199f0a91b5d0d00be7f7f60229f0448cf8138627f3e4529d8b311c0e1192592a09e1e8dcf167e56619de944897a9fbc75e12328d67bef7ac3b8e452d6f586f1ab7926cba0d455c063256bdfe2d3d47fde98893fae7f664fcc242392cab824b0f7cab8c423beaa30219584963dcf28e16a34941fd1001109ef776700184452c8b946811ec51499600022d37a86b31a4a3f05f1519f06d23423595ecf81ba429ee2cc8bf1f8f57e909004df119da9eb0672b842c0b17c498d12ab6910de0d7dca22b066a4a239eb367607a6bd561e969c8f3b2dc48be6e5471360d