media.renault-local.cz
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:aa:f2:d2:bb:c9:56:64:7c:58:15:70:6e:71:90:f2:db:39 was issued on by Let's Encrypt.
With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=media.renault-local.cz
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:aa:f2:d2:bb:c9:56:64:7c:58:15:70:6e:71:90:f2:db:39Serial Number (int): 319507627537922714422544494967510365559609
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 41:c8:d0:19:2c:ce:23:69:be:03:27:07:20:72:21:8d:49:84:ef:ad
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): df:71:c7:a2:59:76:b9:03:30:7d:42:26:d4:2e:9d:85:12:63:70:0f
Fingerprint (sha256): d0:c7:ee:7b:69:4b:05:f9:cb:ae:d8:41:73:f9:a2:eb:c1:9e:d7:4d:ab:50:11:f4:bd:7d:a2:dd:33:61:97:ab
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate media.renault-local.cz
3
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for media.renault-local.cz
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
media.renault-local.cz
media.renault.cz
www.media.renault.cz
media.renault.cz
www.media.renault.cz
Other certificates including the domain name renault-local.cz
(limited to 100 certificates)
media.renault-local.cz
renault-local.cz
renault-local.cz
renault-local.cz
media.renault-local.cz
renault-local.cz
media.renault-local.cz
media.renault-local.cz
media.renault-local.cz
media.renault-local.cz
renault-local.cz
media.renault-local.cz
media.renault-local.cz
media.renault-local.cz
renault-local.cz
renault-local.cz
renault-local.cz
media.renault-local.cz
renault-local.cz
media.renault-local.cz
renault-local.cz
renault-local.cz
renault-local.cz
renault-local.cz
media.renault-local.cz
renault-local.cz
renault-local.cz
renault-local.cz
renault-local.cz
media.renault-local.cz
renault-local.cz
media.renault-local.cz
media.renault-local.cz
media.renault-local.cz
media.renault-local.cz
renault-local.cz
media.renault-local.cz
media.renault-local.cz
media.renault-local.cz
renault-local.cz
renault-local.cz
renault-local.cz
media.renault-local.cz
renault-local.cz
media.renault-local.cz
renault-local.cz
renault-local.cz
renault-local.cz
renault-local.cz
media.renault-local.cz
renault-local.cz
Certificate
The complete raw certificate details for media.renault-local.cz in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGjTCCBXWgAwIBAgISA6ry0rvJVmR8WBVwbnGQ8ts5MA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODExMTkxODU4MDlaFw0x OTAyMTcxODU4MDlaMCExHzAdBgNVBAMTFm1lZGlhLnJlbmF1bHQtbG9jYWwuY3ow ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDQtxdvBnY6tEa6GzddasSI ji4HoON/Zgrs9NA53JVFLwcEmjsVUlm6s1cifZzQEv0wcYz8Tzu6moU+omfBikNs HRWLh6aymLavV/+RqZkDkeNf7ZmhNCo8qn5KIkJ8xtX5nRWA8mEvDIrOHr86N8xJ RCIQ6SnJS+7v43oiXl0hnzVQlMMib48Y5SBDVJ2jfHgdi/+F+EBM8LPfUuy+O7Xn 3uxfFirnGRX1HvG3jeYTrEmqYul+rSffBQbnWldJikduvprQVuS4EnRRHJsLAbNr Uu29xvNlqrSSFFRWylowmYtt0z8QHHgvAhOOpZhHabn0U9cHmPOQ4v4ppYHswPIZ kLctxdfx1U4NKn2XNeQZ2MR6QEtPIQnLthlWm9/k4rmiM7uv9S+1zmArg4yo+aeF 5Mk1N2QcNJHs4rx7JfRwhv4VDn4JAqlNFhPSgdrmbd4/IF9bkNGGpLr3tqHzTUng U15UhnF8oS4mi23VGGS9LbHUu3wzDJlTagmnAgirUwiLMkP9YDehF6msr+PkzB4M cKUtQJDtiIcTG+MBBEhlQCM2bjE3HvDnv7Qsl6fsYRs4Czj0jlj9UDITTy+q9YYj K9xMOWcSOXuVrAvSkWJVorqaAHV+sWCCxQn0shwtSe2BA/gBQrP0F9LGR7GhpkB1 GY01Qq7o6Zw9W+T3h4uyPwIDAQABo4IClDCCApAwDgYDVR0PAQH/BAQDAgWgMB0G A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud DgQWBBRByNAZLM4jab4DJwcgciGNSYTvrTAfBgNVHSMEGDAWgBSoSmpjBH3duubR ObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9v Y3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9j ZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMEkGA1UdEQRCMECCFm1lZGlhLnJl bmF1bHQtbG9jYWwuY3qCEG1lZGlhLnJlbmF1bHQuY3qCFHd3dy5tZWRpYS5yZW5h dWx0LmN6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHW eQIEAgSB9gSB8wDxAHcA4mlLribo6UAJ6IYbtjuD1D7n/nSI+6SPKJMBnd3x2/4A AAFnLY053gAABAMASDBGAiEAyThWklHAqWMdw5/f6lnVmDnpAzcMJFJIRj1RsPih kdMCIQCLWA0CwHpY3syLXU4hWRe006emQaAOxAmkLCbExpvDdgB2AGPy283oO8ws zwtyhCdXazOkjWF3j711pjixx2hUS9iNAAABZy2NPCwAAAQDAEcwRQIhAKgcXKK5 WAcRMmbdxdmrZd0KRQu7q4cGlL4EYBnFtO4UAiAhzMqu3HXi2EyLL1XRlyz9TNzC kkaOe8AJzFuv/0TRijANBgkqhkiG9w0BAQsFAAOCAQEAIKfs7DDrrLxbCrtLyD5M arSLpW5ex3m8Vmc/lkjUqBT9gW4iG0YhPXPkbtwsrMRc8FUYd0VubLGUC231xmGm hk1qaX0SWggzOP4PJWq7DnY/bMo+3YA0KoanWNNeVvcwFwHBSaqvuHHadQ1N7rTR 08W7AH8W3pcisrhzwCM/IcyVIWodTCsFxDtuEiW21uq0VlLG45qwBY+87jFeFblS IS3i4DYgAAZwOj9mdjgWNFccY6OipI4UrTtxh417jQMWxZZV9xSN3a4bTXArxXR6 kJ1oQiNIs6CgRUYfHcv6/gOb9Gli5ZvwfhvJxKIEnUouyXN6f84QM3a35VQEukoB Dw== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LcXbwZ2OrRGuhs3XWrE iI4uB6Djf2YK7PTQOdyVRS8HBJo7FVJZurNXIn2c0BL9MHGM/E87upqFPqJnwYpD bB0Vi4emspi2r1f/kamZA5HjX+2ZoTQqPKp+SiJCfMbV+Z0VgPJhLwyKzh6/OjfM SUQiEOkpyUvu7+N6Il5dIZ81UJTDIm+PGOUgQ1Sdo3x4HYv/hfhATPCz31Lsvju1 597sXxYq5xkV9R7xt43mE6xJqmLpfq0n3wUG51pXSYpHbr6a0FbkuBJ0URybCwGz a1LtvcbzZaq0khRUVspaMJmLbdM/EBx4LwITjqWYR2m59FPXB5jzkOL+KaWB7MDy GZC3LcXX8dVODSp9lzXkGdjEekBLTyEJy7YZVpvf5OK5ojO7r/Uvtc5gK4OMqPmn heTJNTdkHDSR7OK8eyX0cIb+FQ5+CQKpTRYT0oHa5m3ePyBfW5DRhqS697ah801J 4FNeVIZxfKEuJott1RhkvS2x1Lt8MwyZU2oJpwIIq1MIizJD/WA3oReprK/j5Mwe DHClLUCQ7YiHExvjAQRIZUAjNm4xNx7w57+0LJen7GEbOAs49I5Y/VAyE08vqvWG IyvcTDlnEjl7lawL0pFiVaK6mgB1frFggsUJ9LIcLUntgQP4AUKz9BfSxkexoaZA dRmNNUKu6OmcPVvk94eLsj8CAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 319507627537922714422544494967510365559609 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-11-19 18:58:09 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-02-17 18:58:09 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'media.renault-local.cz' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 851483732969820221766621854163591712051871147832109857994758424898720894926828599851305029572935282586252873388891280425232488679710145259627571373185899594405832854139783881996553385408463047084662543252337262062412169992561391025545124829580131189293402585365992775557242687778838699512095214075994544328137015656456346354265569001464994767815106298676687146253346795686857356223329815875298588295797307741530643971867460539438236374328145505845714867571841695130784564431048066234182854251563813589463456088933097877717817425812582915886051283596836002277600273951697656916691294190212074847719567758662777853446791357629938616083143105289271001752581904307068830360997818941376498080028140986062004759263891055125690266632411472056714686759027130070855726197431745178874815492009917234486207080454506872862698622511267143310232893439838709079911294910163592195445993749452296029308844350914293499741149595823363245020675125834428021030736749652990627545284504772395813515712466598068081265715194163614070106595358497255237400951080448331041809917082224648056699729957914746836975481859384792157112843594580354524197895242137059307544006417444597821970252384140038783375074082268985120596677184512277885382659894397448840534536767 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 41c8d0192cce2369be0327072072218d4984efad . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.renault-local.cz' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'media.renault.cz' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.media.renault.cz' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f1007700e2694bae26e8e94009e8861bb63b83d43ee7fe7488fba48f2893019dddf1dbfe000001672d8d39de0000040300483046022100c938569251c0a9631dc39fdfea59d59839e903370c245248463d51b0f8a191d30221008b580d02c07a58decc8b5d4e215917b4d3a7a641a00ec409a42c26c4c69bc37600760063f2dbcde83bcc2ccf0b728427576b33a48d61778fbd75a638b1c768544bd88d000001672d8d3c2c0000040300473045022100a81c5ca2b95807113266ddc5d9ab65dd0a450bbbab870694be046019c5b4ee14022021cccaaedc75e2d84c8b2f55d1972cfd4cdcc292468e7bc009cc5bafff44d18a . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0020a7ecec30ebacbc5b0abb4bc83e4c6ab48ba56e5ec779bc56673f9648d4a814fd816e221b46213d73e46edc2cacc45cf0551877456e6cb1940b6df5c661a6864d6a697d125a083338fe0f256abb0e763f6cca3edd80342a86a758d35e56f7301701c149aaafb871da750d4deeb4d1d3c5bb007f16de9722b2b873c0233f21cc95216a1d4c2b05c43b6e1225b6d6eab45652c6e39ab0058fbcee315e15b952212de2e036200006703a3f6676381634571c63a3a2a48e14ad3b71878d7b8d0316c59655f7148dddae1b4d702bc5747a909d68422348b3a0a045461f1dcbfafe039bf46962e59bf07e1bc9c4a2049d4a2ec9737a7fce103376b7e55404ba4a010f