noriskit.nl

Issued by R3

About this certificate

This digital certificate with serial number 03:24:c9:98:4f:f6:5c:09:d5:61:ad:b4:d3:f9:6f:ac:cd:dd was issued on by Let's Encrypt.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=noriskit.nl

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 03:24:c9:98:4f:f6:5c:09:d5:61:ad:b4:d3:f9:6f:ac:cd:dd
Serial Number (int): 273854988682538761184699228936246848703965
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 8b:2c:c5:b2:ac:19:16:ab:2d:f5:b1:c1:41:8e:ad:db:0c:57:71:fa
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 6c:17:90:7d:70:5b:19:c5:3e:ca:0f:53:fc:ad:a8:69:1e:3c:3a:b2
Fingerprint (sha256): d2:25:37:21:75:c8:cb:45:f4:89:cb:16:a3:56:c6:31:7c:bd:b8:26:84:6a:d1:e2:24:6b:06:4b:06:cf:ba:69

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate noriskit.nl

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for noriskit.nl

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

norisk.site.transip.me
noriskit.nl
www.noriskit.nl

Other certificates including the domain name noriskit.nl

(limited to 100 certificates)
telefonie.noriskit.nl
access.enterlync.net
access.enterlync.net
access.enterlync.net
access.enterlync.net
access.enterlync.net
access.enterlync.net
*.noriskit.nl
access.enterlync.net
access.enterlync.net
access.enterlync.net
telefonie.noriskit.nl
access.enterlync.net
access.enterlync.net
access.enterlync.net
access.enterlync.net
spindle.wikibase.nl
access.enterlync.net
telefonie.noriskit.nl
access.enterlync.net
*.noriskit.nl
access.enterlync.net
access.enterlync.net
access.enterlync.net
telefonie.noriskit.nl
access.enterlync.net
noriskit.nl
noriskit.nl
access.enterlync.net
access.enterlync.net
access.enterlync.net
access.enterlync.net
access.enterlync.net
telefonie.noriskit.nl
telefonie.noriskit.nl
*.noriskit.nl
telefonie.noriskit.nl
noriskit.nl
*.noriskit.nl
access.enterlync.net
access.enterlync.net
access.enterlync.net
access.enterlync.net
mail.noriskit.nl
access.enterlync.net
access.enterlync.net
noriskit.nl
*.noriskit.nl
telefonie.noriskit.nl
spindle.wikibase.nl
noriskit.nl
noriskit.nl
noriskit.nl
*.noriskit.nl
access.enterlync.net
access.enterlync.net
*.noriskit.nl
telefonie.noriskit.nl
noriskit.nl
telefonie.noriskit.nl
access.enterlync.net
access.enterlync.net
spindle.wikibase.nl
noriskit.nl
access.enterlync.net
access.enterlync.net
access.enterlync.net
telefonie.noriskit.nl
noriskit.nl
access.enterlync.net
telefonie.noriskit.nl
noriskit.nl
access.enterlync.net
noriskit.nl
spindle.wikibase.nl
citrix.noriskit.nl
telefonie.noriskit.nl
access.enterlync.net
noriskit.nl
access.enterlync.net
*.noriskit.nl
access.enterlync.net
access.enterlync.net
access.enterlync.net
citrix.noriskit.nl
access.enterlync.net
telefonie.noriskit.nl
*.noriskit.nl
access.enterlync.net
access.enterlync.net
access.enterlync.net
spindle.wikibase.nl
access.enterlync.net
access.enterlync.net

Certificate

The complete raw certificate details for noriskit.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGCzCCBPOgAwIBAgISAyTJmE/2XAnVYa200/lvrM3dMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAzMjYwMjU1NTBaFw0yNDA2MjQwMjU1NDlaMBYxFDASBgNVBAMT
C25vcmlza2l0Lm5sMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr1gI
/fg1CMuTsTxb5vpgl4FhCzziNAzOTzLBXG/UWtNkujnAWCGx0pyLZsccGTdCEbx1
10zzpRlUzYnkN6/ozlXXzHcnmcJDS4YyrPLTacs3dvb70nwSB+dcyfws8lpihlJU
2UW8UPpzSyAioq6QlnDzKIc8DHLA5AU54P2MoZ+C0Ji4vNOo/VEibUGmBkTsG3Ke
FGF+PbELDLVwRtjLUPa0INjJ/AWZWk4a2+ZwrEQnJAmDXI11JXQ0Gf6DN8kprCLO
3LXhDPJbmZT6EHKjUaSFVDRf5s0NWyrkb2riOWkSxLndKoRoz1J7me0uiSj2mBny
ftvJr14MtGYRtlOewonRZOku6LijDG0v1T48dTfTdkpVAuCq1c1qiiPgWY7hV29v
D5CQ5FhrLmz1hnPu1iRbdZ8ib6qzwd3EHEWG+U1akNYN6ctrZEoT3ejt/RCPnvpH
94+4WEmkuv6T6sUqCsJbeYKafT2TIq5q4R6NPDrqB7deqC7hHLpi2exuBlLtEeDJ
PktFZzD4Kee1On3gjwIjqiCBcsbdCeSKgjs/dPZvRwbGHhEkH2FMwxNREot80kDh
SNIH30KCWvgCpw0ucrS3o91PFoBGnVZgfiuryNyczg06jppz4/yCPNJgOA3MCJ9I
OaMC32+hCaKM0dGduN3oihuEPCfEF/72kUZvrYkCAwEAAaOCAjUwggIxMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQUiyzFsqwZFqst9bHBQY6t2wxXcfowHwYDVR0jBBgw
FoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUF
BzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9y
My5pLmxlbmNyLm9yZy8wPwYDVR0RBDgwNoIWbm9yaXNrLnNpdGUudHJhbnNpcC5t
ZYILbm9yaXNraXQubmyCD3d3dy5ub3Jpc2tpdC5ubDATBgNVHSAEDDAKMAgGBmeB
DAECATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1ADtTd3U+LbmAToswWwb+QDtn
2E/D9Me9AA0tcm/h+tQXAAABjnjmbLsAAAQDAEYwRAIgSGApbFOpkWK0qsJFcZe9
FZzUhedYiO1qvk+thbNhY+ECIF5ig0gZgRIgZAwgSV72Cs9zbn4kNt/Igd//8hMw
tXXZAHYASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGOeOZtCAAA
BAMARzBFAiAdR4CJJhyYCX0Z2JK6R3b+50jeopz33STwyNsJG9Ay2QIhAIMmydz9
vbMSSNUTxgsQrn23kFUKBoV9fCWO/MUAFXtYMA0GCSqGSIb3DQEBCwUAA4IBAQBO
KUvzHswfVXUmWcJJRAdgnlUvcgWYEX3eAzECQSpWAO7MO+bZBKLjFq0YFx1HdgMl
4AyVvUef2VbN8qC6WMJIH8dqZtdOuCYQGnrs01qgSw+IaDTTUyHL3fXD/i4cJwx5
ACW2KkL6AQdiV02tqiqaIcgqIb4vXt6ISJcvN+eKuf0qnWwMxtubn1cRKOQhyt/z
nkOemUBb5QiLXkNUFZeU36dJ4WGm+6SPZ/qEErFYzBbpXCgtOc2RT4GG/WwQSguY
62f75X4NfN8GFjkIhXtot5Wzuubg17LqARpr9Qkm+rya9uKMPwQfZEFAh6+87bX2
74jvdeaB6Ou02yODPUHK
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr1gI/fg1CMuTsTxb5vpg
l4FhCzziNAzOTzLBXG/UWtNkujnAWCGx0pyLZsccGTdCEbx110zzpRlUzYnkN6/o
zlXXzHcnmcJDS4YyrPLTacs3dvb70nwSB+dcyfws8lpihlJU2UW8UPpzSyAioq6Q
lnDzKIc8DHLA5AU54P2MoZ+C0Ji4vNOo/VEibUGmBkTsG3KeFGF+PbELDLVwRtjL
UPa0INjJ/AWZWk4a2+ZwrEQnJAmDXI11JXQ0Gf6DN8kprCLO3LXhDPJbmZT6EHKj
UaSFVDRf5s0NWyrkb2riOWkSxLndKoRoz1J7me0uiSj2mBnyftvJr14MtGYRtlOe
wonRZOku6LijDG0v1T48dTfTdkpVAuCq1c1qiiPgWY7hV29vD5CQ5FhrLmz1hnPu
1iRbdZ8ib6qzwd3EHEWG+U1akNYN6ctrZEoT3ejt/RCPnvpH94+4WEmkuv6T6sUq
CsJbeYKafT2TIq5q4R6NPDrqB7deqC7hHLpi2exuBlLtEeDJPktFZzD4Kee1On3g
jwIjqiCBcsbdCeSKgjs/dPZvRwbGHhEkH2FMwxNREot80kDhSNIH30KCWvgCpw0u
crS3o91PFoBGnVZgfiuryNyczg06jppz4/yCPNJgOA3MCJ9IOaMC32+hCaKM0dGd
uN3oihuEPCfEF/72kUZvrYkCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 273854988682538761184699228936246848703965
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-26 02:55:50 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-24 02:55:49 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'noriskit.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 715340649312025075257990805875801825109923757284299687168725583233071876190795222959008810403927519385687544132444215264287179884248213366501961144119427005666620413981847134095508857040428277299139870497319780042117709517648138362183477021713714500411339433386411128492654474527148714127276587557127678310403922268004173946844636379462783443616989244101272364156184771992753559456195412279123027403656578805082976302670615912115687233080748081594886700267220000954229306670996395204273753083983276992097065193852700363822478406841056716659129848216471106487552880415581060978463841239229671176254597623353117334433214561506368421799121694763396870425243370528473055485332856143266397023137835128690366389690606891642019435823471304133242722942424553259173955661623660877202150043298518305763555453058775536130565871093984461612069950914484068738188710456411599235872825442833113834089205666879856922076809319146601563672002338872487207691478252104821863346221387099884604290819246380832089082560817361101508691303031340671672227325954233399419387610842259309054608566863239644541212937359749250462515461086685507585692078308834147757177302282077016358692855498726099512285506947658557445409861337468645253438868048930438818789567881
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8b2cc5b2ac1916ab2df5b1c1418eaddb0c5771fa
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'norisk.site.transip.me'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'noriskit.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.noriskit.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef0075003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018e78e66cbb000004030046304402204860296c53a99162b4aac2457197bd159cd485e75888ed6abe4fad85b36163e102205e62834819811220640c20495ef60acf736e7e2436dfc881dffff21330b575d900760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018e78e66d08000004030047304502201d478089261c98097d19d892ba4776fee748dea29cf7dd24f0c8db091bd032d90221008326c9dcfdbdb31248d513c60b10ae7db790550a06857d7c258efcc500157b58
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004e294bf31ecc1f55752659c2494407609e552f720598117dde033102412a5600eecc3be6d904a2e316ad18171d47760325e00c95bd479fd956cdf2a0ba58c2481fc76a66d74eb826101a7aecd35aa04b0f886834d35321cbddf5c3fe2e1c270c790025b62a42fa010762574dadaa2a9a21c82a21be2f5ede8848972f37e78ab9fd2a9d6c0cc6db9b9f571128e421cadff39e439e99405be5088b5e4354159794dfa749e161a6fba48f67fa8412b158cc16e95c282d39cd914f8186fd6c104a0b98eb67fbe57e0d7cdf06163908857b68b795b3bae6e0d7b2ea011a6bf50926fabc9af6e28c3f041f64414087afbcedb5f6ef88ef75e681e8ebb4db23833d41ca