dsf.kronos-web.com

Issued by Amazon RSA 2048 M02

About this certificate

This digital certificate with serial number 09:d3:e1:a3:7a:52:f5:e9:a0:e9:ff:4b:d0:e5:99:e5 was issued on by Amazon.

With 22 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=dsf.kronos-web.com

Amazon

Organization: Amazon
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 09:d3:e1:a3:7a:52:f5:e9:a0:e9:ff:4b:d0:e5:99:e5
Serial Number (int): 13063203093423867341573863778078267877
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 98:14:83:e5:2f:24:2a:36:f4:b2:a0:bf:64:a0:70:a7:b1:df:21:10
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2

Fingerprint (sha1): ac:fb:7e:3d:c0:84:bb:3f:de:f5:a3:f2:db:ba:30:ad:1c:27:a1:fb
Fingerprint (sha256): d7:68:57:59:c6:ff:bb:e6:b2:1c:2e:9d:da:64:ff:b1:1e:ec:6f:9a:d0:58:2f:e6:42:da:6a:65:1e:4d:f6:97

Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer

Revocation information

OCSP Server: http://ocsp.r2m02.amazontrust.com
CRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl

Check the revocation status for certificate dsf.kronos-web.com

22

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for dsf.kronos-web.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

dsf.kronos-web.com
*.dsf.kronos-web.com
www.kronos-finance.ca
*.accp.desjardins.kronos-web.com
desjardins.kronos-web.com
www.kronos-web.com
accp.desjardins.kronos-web.com
kronos-finance.ca
kronostechnologies.com
www.kronos-abf.ca
*.accp.dsf.kronos-web.com
*.accp.kronos-web.com
*.desjardins.kronos-web.com
*.kronos-web.com
*.kronostechnologies.com
kronos-mail.com
www.kronos-fna.ca
kronos-abf.ca
kronos-web.com
kronos-fna.ca
*.kronos-mail.com
accp.dsf.kronos-web.com

Other certificates including the domain name kronos-web.com

(limited to 100 certificates)
secure.accp.dfs.kronos-web.com
*.accp.dsf.kronos-web.com
fr.wiki-crm.kronos-web.com
secure.fnct.kronos-web.com
*.accp.dsf.kronos-web.com
kronos-web.com
kronos-web.com
*.kronos-crm.com
edge.fnct.kronos-web.com
secure.dfs.kronos-web.com
*.kronos-crm.com
depot.kronos-web.com
kronos-web.com
*.accp.kronos-web.com
fr.wiki-crm.kronos-web.com
dsf.kronos-web.com
secure.accp.dsf.kronos-web.com
auth-accp.kronos-web.com
*.kronos-crm.com
*.kronos-crm.com
fr.wiki-crm.kronos-web.com
static.kronos-web.com
*.kronos-web.com
*.kronos-web.com
*.accp.kronos-web.com
*.kronos-crm.com
*.kronos-crm.com
fr.wiki-crm.kronos-web.com
*.dsf.kronos-web.com
static.kronos-web.com
fr.wiki-crm.kronos-web.com
*.kronos-crm.com
secure.dfs.kronos-web.com
*.accp.dsf.kronos-web.com
*.kronos-web.com
kronos-web.com
depot.kronos-web.com
secure.dsf.kronos-web.com
kronos-web.com
*.kronos-web.com
secure.accp.dfs.kronos-web.com
depot.kronos-web.com
fr.wiki-crm.kronos-web.com
kronos-web.com
*.accp.kronos-web.com
cache.kronos-web.com
*.kronos-web.com
*.dsf.kronos-web.com
*.kronos-crm.com
dsf.kronos-web.com
fr.wiki-crm.kronos-web.com
*.kronos-crm.com
secure.accp.kronos-web.com
*.kronos-web.com
*.kronos-web.com
*.accp.kronos-web.com
dsf.kronos-web.com
static.kronos-web.com
*.dsf.kronos-web.com
cache.kronos-web.com
*.kronos-crm.com

Certificate

The complete raw certificate details for dsf.kronos-web.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHqjCCBpKgAwIBAgIQCdPho3pS9emg6f9L0OWZ5TANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMTAwMjAwMDAwMFoXDTI0MTAzMDIzNTk1OVowHTEb
MBkGA1UEAxMSZHNmLmtyb25vcy13ZWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA22uwdjrCimb2ob4/xibje0OzrF321skEiOMMdKUO76rwMcC2
EhaePZs3UZEjeuS+QrZ6uz2/LQVM6RsjAk0b8LRVh2joAo2eC2MxG0Gw/AIrKUBo
pOePTbTiXIArBOvagqG/jUorl5K8Yv3S1v53PHXmiBVT7em49kHJVK+n823T8FCO
wJT7XfZlY2G2dK0nYN5oSkXunziIhGU5zvHmOiTEL962YMbx5K3bJjZv6RkxnLl5
oGI5NdRfcP+E1aVRYK7de4sp+Fd1po5mBEhJT1SU0ZlPf/bWQp4HqSS2ntPADMsJ
cyrQGB80yshzV+YqwkReko4H//mKEecZRti4QwIDAQABo4IExTCCBMEwHwYDVR0j
BBgwFoAUwDFSzVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFJgUg+UvJCo29LKg
v2SgcKex3yEQMIIB9gYDVR0RBIIB7TCCAemCEmRzZi5rcm9ub3Mtd2ViLmNvbYIU
Ki5kc2Yua3Jvbm9zLXdlYi5jb22CFXd3dy5rcm9ub3MtZmluYW5jZS5jYYIgKi5h
Y2NwLmRlc2phcmRpbnMua3Jvbm9zLXdlYi5jb22CGWRlc2phcmRpbnMua3Jvbm9z
LXdlYi5jb22CEnd3dy5rcm9ub3Mtd2ViLmNvbYIeYWNjcC5kZXNqYXJkaW5zLmty
b25vcy13ZWIuY29tghFrcm9ub3MtZmluYW5jZS5jYYIWa3Jvbm9zdGVjaG5vbG9n
aWVzLmNvbYIRd3d3Lmtyb25vcy1hYmYuY2GCGSouYWNjcC5kc2Yua3Jvbm9zLXdl
Yi5jb22CFSouYWNjcC5rcm9ub3Mtd2ViLmNvbYIbKi5kZXNqYXJkaW5zLmtyb25v
cy13ZWIuY29tghAqLmtyb25vcy13ZWIuY29tghgqLmtyb25vc3RlY2hub2xvZ2ll
cy5jb22CD2tyb25vcy1tYWlsLmNvbYIRd3d3Lmtyb25vcy1mbmEuY2GCDWtyb25v
cy1hYmYuY2GCDmtyb25vcy13ZWIuY29tgg1rcm9ub3MtZm5hLmNhghEqLmtyb25v
cy1tYWlsLmNvbYIXYWNjcC5kc2Yua3Jvbm9zLXdlYi5jb20wEwYDVR0gBAwwCjAI
BgZngQwBAgEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAyLmFtYXpv
bnRydXN0LmNvbS9yMm0wMi5jcmwwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzAB
hiFodHRwOi8vb2NzcC5yMm0wMi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKG
Kmh0dHA6Ly9jcnQucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNlcjAMBgNV
HRMBAf8EAjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgB2/4g/Crb7lVHC
Ycz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYrxrPonAAAEAwBHMEUCIQDBSWT1ryYq
X5hnefCF/4rbh0VX5Q+aekK7T4dNC5rY6wIgO3K0Xetkdh+nr+KWTlCD92x1ePLS
bc37eCi4jVfe95cAdQBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAA
AYrxrPoLAAAEAwBGMEQCIDuUlo5IBi0o0G0BKoBSn9yl2XmNy7EvbIG27btlQYah
AiBuGGzI/Mpn8pku9JAM/C5jZ2j8CrdDvaE0la/R5XBvtwB2ANq2v2s/tbYin5vC
u1xr6HCRcWy7UYSFNL2kPTBI1/urAAABivGs+c8AAAQDAEcwRQIgBZ051wssJtB/
uzngAjVTvpOcm37LiVobgJXH6M6ASCoCIQDCuPJrWgS6rdAbpukXTBv/froc2cF3
n0tUsFXKxAKOWzANBgkqhkiG9w0BAQsFAAOCAQEAS1EaohaKnT7Z7JFui3/yvUci
6WW6F72/Y4CCGNCAs7k3xPgFiV2kqwTCYROuNs0i3AIrIE6yGwn1IX6BPAOcoFZm
2vVELB4kgWiniT7E+z4VJ+fzrmRNsGR2AwuQDm5oJMouijlSHOz0JtVQo+Pjo4KJ
PdjmyQUka8dO48XxGb85nH2pmL2kLPyv4zTYfe19fWbsBCtlYEdFrSoA86xIIXMP
Dv3niRfcYoAn29B0aOQuz6fi0X0LqEdexOzdJhBFNhOqrcETx9Keze/ucBDdLzOR
b1bQPQYVCqVCw2FaTihjgNUBvHLl5WM4291Vxw77RWv61h/wHIB0BwANfwReWg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22uwdjrCimb2ob4/xibj
e0OzrF321skEiOMMdKUO76rwMcC2EhaePZs3UZEjeuS+QrZ6uz2/LQVM6RsjAk0b
8LRVh2joAo2eC2MxG0Gw/AIrKUBopOePTbTiXIArBOvagqG/jUorl5K8Yv3S1v53
PHXmiBVT7em49kHJVK+n823T8FCOwJT7XfZlY2G2dK0nYN5oSkXunziIhGU5zvHm
OiTEL962YMbx5K3bJjZv6RkxnLl5oGI5NdRfcP+E1aVRYK7de4sp+Fd1po5mBEhJ
T1SU0ZlPf/bWQp4HqSS2ntPADMsJcyrQGB80yshzV+YqwkReko4H//mKEecZRti4
QwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 13063203093423867341573863778078267877
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-02 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-30 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'dsf.kronos-web.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27699292362586048047731888905774369989313110011594274560451916108614843258829914056229865092186077227021698356808426239564003926007482615754257798860167878978881302665758727960982539366110392878894383986600998340117554748180879106278322787779971475527842593876978971423150780683551021333788252731415868223620683322521389080414285543465647502328909082672220464976013897598223268768701855222771266178253653509988711806137421570289598469106036825323662573277686764669615762051530255783997508643266027971482166117660893321239748163722804499151821161169490447961223945402258060424876502591703158029455463035385860507351107
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							981483e52f242a36f4b2a0bf64a070a7b1df2110
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (493 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dsf.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.dsf.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kronos-finance.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.accp.desjardins.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'desjardins.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'accp.desjardins.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kronos-finance.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kronostechnologies.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kronos-abf.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.accp.dsf.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.accp.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.desjardins.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.kronostechnologies.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kronos-mail.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kronos-fna.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kronos-abf.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kronos-web.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kronos-fna.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.kronos-mail.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'accp.dsf.kronos-web.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							016700760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018af1acfa270000040300473045022100c14964f5af262a5f986779f085ff8adb874557e50f9a7a42bb4f874d0b9ad8eb02203b72b45deb64761fa7afe2964e5083f76c7578f2d26dcdfb7828b88d57def79700750048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018af1acfa0b000004030046304402203b94968e48062d28d06d012a80529fdca5d9798dcbb12f6c81b6edbb654186a102206e186cc8fcca67f2992ef4900cfc2e636768fc0ab743bda13495afd1e5706fb7007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018af1acf9cf00000403004730450220059d39d70b2c26d07fbb39e0023553be939c9b7ecb895a1b8095c7e8ce80482a022100c2b8f26b5a04baadd01ba6e9174c1bff7eba1cd9c1779f4b54b055cac4028e5b
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004b511aa2168a9d3ed9ec916e8b7ff2bd4722e965ba17bdbf63808218d080b3b937c4f805895da4ab04c26113ae36cd22dc022b204eb21b09f5217e813c039ca05666daf5442c1e248168a7893ec4fb3e1527e7f3ae644db06476030b900e6e6824ca2e8a39521cecf426d550a3e3e3a382893dd8e6c905246bc74ee3c5f119bf399c7da998bda42cfcafe334d87ded7d7d66ec042b65604745ad2a00f3ac4821730f0efde78917dc628027dbd07468e42ecfa7e2d17d0ba8475ec4ecdd2610453613aaadc113c7d29ecdefee7010dd2f33916f56d03d06150aa542c3615a4e286380d501bc72e5e56338dbdd55c70efb456bfad61ff01c807407000d7f045e5a