*.onespot.com
Issued by Amazon
About this certificate
This digital certificate with serial number 0c:cd:ef:92:ea:c3:41:3f:50:78:e3:72:cb:08:96:cb was issued on by Amazon.
With 9 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=*.onespot.com
Amazon
Organization:
Amazon
Organization unit: Server CA 1B
Organization unit: Server CA 1B
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 0c:cd:ef:92:ea:c3:41:3f:50:78:e3:72:cb:08:96:cbSerial Number (int): 17020015941281170925303545065047103179
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: 3e:96:f6:0e:1c:78:30:e3:37:05:57:33:83:c8:75:99:8c:6d:d2:f7
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0
Fingerprint (sha1): c7:8b:eb:66:0b:c3:d1:86:d5:ca:02:ed:e8:f3:7c:31:14:94:88:63
Fingerprint (sha256): de:ba:a2:35:a0:1b:a4:46:b6:2c:88:0c:63:da:53:52:2c:a0:c2:e7:47:49:c3:e8:cd:7a:34:e5:8d:fd:2e:35
Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt
Revocation information
OCSP Server: http://ocsp.sca1b.amazontrust.comCRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl
Check the revocation status for certificate *.onespot.com
9
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.onespot.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.onespot.com
*.staging.onespot.com
*.dev.onespot.com
*.staging.os-data.com
*.dev.os-data.com
*.os-data.com
*.rec-engine.com
*.staging.rec-engine.com
*.dev.rec-engine.com
*.staging.onespot.com
*.dev.onespot.com
*.staging.os-data.com
*.dev.os-data.com
*.os-data.com
*.rec-engine.com
*.staging.rec-engine.com
*.dev.rec-engine.com
Other certificates including the domain name onespot.com
(limited to 100 certificates)
onespot.com
preview.onespot.com
support.engineyard.com
*.staging.onespot.com
pages.onespot.com
onespot.com
onespot.com
*.onespot.com
*.dashboard.onespot.com
*.onespot.com
hello.onespot.com
preview.onespot.com
*.dashboard.onespot.com
support.infinio.com
auth.onespot.com
onespot.com
preview.onespot.com
hello.onespot.com
*.dashboard.onespot.com
onespot.com
hello.onespot.com
*.dashboard.onespot.com
www.onespot.com
preview.onespot.com
*.dev.onespot.com
*.qa.onespot.com
preview.onespot.com
*.dev.onespot.com
www.onespot.com
pages.onespot.com
preview.onespot.com
hello.onespot.com
*.onespot.com
support.onespot.com
preview.onespot.com
*.onespot.com
onespot.com
*.onespot.com
*.onespot.com
preview.onespot.com
*.onespot.com
*.onespot.com
*.onespot.com
www.onespot.com
*.staging.onespot.com
onespot.com
auth.onespot.com
support.engineyard.com
support.onespot.com
onespot.com
onespot.com
*.stage.onespot.com
*.onespot.com
www.onespot.com
*.stage.onespot.com
support.onespot.com
pages.onespot.com
www.onespot.com
www.onespot.com
www.onespot.com
*.onespot.com
*.dashboard.onespot.com
www.onespot.com
pages.onespot.com
onespot.com
www.onespot.com
*.qa.onespot.com
preview.onespot.com
support.engineyard.com
support.engineyard.com
*.onespot.com
*.onespot.com
*.onespot.com
preview.onespot.com
*.dashboard.onespot.com
pages.onespot.com
www.onespot.com
auth.onespot.com
*.stage.onespot.com
*.dev.onespot.com
*.onespot.com
*.dashboard.onespot.com
www.onespot.com
*.staging.onespot.com
*.stage.onespot.com
pages.onespot.com
pages.onespot.com
preview.onespot.com
*.onespot.com
image.onespot.com
image.onespot.com
*.onespot.com
dashboard.onespot.com
onespot.com
onespot.com
*.staging.onespot.com
hello.onespot.com
preview.onespot.com
*.onespot.com
*.onespot.com
preview.onespot.com
support.engineyard.com
*.staging.onespot.com
pages.onespot.com
onespot.com
onespot.com
*.onespot.com
*.dashboard.onespot.com
*.onespot.com
hello.onespot.com
preview.onespot.com
*.dashboard.onespot.com
support.infinio.com
auth.onespot.com
onespot.com
preview.onespot.com
hello.onespot.com
*.dashboard.onespot.com
onespot.com
hello.onespot.com
*.dashboard.onespot.com
www.onespot.com
preview.onespot.com
*.dev.onespot.com
*.qa.onespot.com
preview.onespot.com
*.dev.onespot.com
www.onespot.com
pages.onespot.com
preview.onespot.com
hello.onespot.com
*.onespot.com
support.onespot.com
preview.onespot.com
*.onespot.com
onespot.com
*.onespot.com
*.onespot.com
preview.onespot.com
*.onespot.com
*.onespot.com
*.onespot.com
www.onespot.com
*.staging.onespot.com
onespot.com
auth.onespot.com
support.engineyard.com
support.onespot.com
onespot.com
onespot.com
*.stage.onespot.com
*.onespot.com
www.onespot.com
*.stage.onespot.com
support.onespot.com
pages.onespot.com
www.onespot.com
www.onespot.com
www.onespot.com
*.onespot.com
*.dashboard.onespot.com
www.onespot.com
pages.onespot.com
onespot.com
www.onespot.com
*.qa.onespot.com
preview.onespot.com
support.engineyard.com
support.engineyard.com
*.onespot.com
*.onespot.com
*.onespot.com
preview.onespot.com
*.dashboard.onespot.com
pages.onespot.com
www.onespot.com
auth.onespot.com
*.stage.onespot.com
*.dev.onespot.com
*.onespot.com
*.dashboard.onespot.com
www.onespot.com
*.staging.onespot.com
*.stage.onespot.com
pages.onespot.com
pages.onespot.com
preview.onespot.com
*.onespot.com
image.onespot.com
image.onespot.com
*.onespot.com
dashboard.onespot.com
onespot.com
onespot.com
*.staging.onespot.com
hello.onespot.com
preview.onespot.com
*.onespot.com
*.onespot.com
Certificate
The complete raw certificate details for *.onespot.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIE9jCCA96gAwIBAgIQDM3vkurDQT9QeONyywiWyzANBgkqhkiG9w0BAQsFADBG MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xNjA1MTgwMDAwMDBaFw0xNzA2MTgx MjAwMDBaMBgxFjAUBgNVBAMMDSoub25lc3BvdC5jb20wggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQCI3uN6Jq2bSC9SnEPjbiMV8oBrzEOTZb/3PvTretPd c3UAXPLqpLHSQKLWNmU+fFT1LuKn+mtCPGC+g9hq3jZVImh3jek0BGbTOpPWV/a4 45wI3T2PhcsT1tQmnDgnC6tY3Reg5ZB7ZN66ZptNBlsPkwG2ffRVTXddIi01OSYI 88IlJEMhRXWRSYIZQ/xF7wWVqx+n+CwpyzZRh3jVBOPQg9QmsawldtunFE0saZy7 xbaRwKQNNE+ZPh2roWhqRswomoRfiCHK5XJBMuWhDE2dV60Si44W6e3EWYXYtils Cmpb8rTFvsnQTZDxvnI7KSenGmDP8IdEqlWa8/FIgdGbAgMBAAGjggIMMIICCDAf BgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUPpb2Dhx4 MOM3BVczg8h1mYxt0vcwgb8GA1UdEQSBtzCBtIINKi5vbmVzcG90LmNvbYIVKi5z dGFnaW5nLm9uZXNwb3QuY29tghEqLmRldi5vbmVzcG90LmNvbYIVKi5zdGFnaW5n Lm9zLWRhdGEuY29tghEqLmRldi5vcy1kYXRhLmNvbYINKi5vcy1kYXRhLmNvbYIQ Ki5yZWMtZW5naW5lLmNvbYIYKi5zdGFnaW5nLnJlYy1lbmdpbmUuY29tghQqLmRl di5yZWMtZW5naW5lLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB BQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuc2Nh MWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNybDATBgNVHSAEDDAKMAgGBmeBDAEC ATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnNjYTFi LmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5zY2ExYi5h bWF6b250cnVzdC5jb20vc2NhMWIuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcN AQELBQADggEBAJU2UVLlmko+vUpKaTRdY/vnFsgT4JZc+CKB5+sfPJrp3I4u0Quc t/0kz508puNLus5X+i7+kxjIrYVb8wAbmfMbPMmDXev/c9gNn0MCCB+Rg7e9pK8T XcNpmW8b4puPWrpq8JFXI97tbCYaLXrvF5pkmOHunngeUaZwuVL/lwCxxpZSFyYA ibuCoof132UWNNo7zmk/QT7qpKbfrL/HRT95hJ5xGUr2yO31Bs5uxe3rBSw66tly YzpP1jB2s/cfxJcZYa/bcOnrhX7Ce/DsE/YlJvCdmXZq5SgHUMoTx3vgwbX4PNKz xaaQCb32nLrDDrqg3NgSAaSBSKgd70pm6FE= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiN7jeiatm0gvUpxD424j FfKAa8xDk2W/9z7063rT3XN1AFzy6qSx0kCi1jZlPnxU9S7ip/prQjxgvoPYat42 VSJod43pNARm0zqT1lf2uOOcCN09j4XLE9bUJpw4JwurWN0XoOWQe2TeumabTQZb D5MBtn30VU13XSItNTkmCPPCJSRDIUV1kUmCGUP8Re8Flasfp/gsKcs2UYd41QTj 0IPUJrGsJXbbpxRNLGmcu8W2kcCkDTRPmT4dq6FoakbMKJqEX4ghyuVyQTLloQxN nVetEouOFuntxFmF2LYpbApqW/K0xb7J0E2Q8b5yOyknpxpgz/CHRKpVmvPxSIHR mwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 17020015941281170925303545065047103179 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-05-18 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-06-18 12:00:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.onespot.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17278319931896486240688196647081898965695744384479114685182364702088079439417523664981505241145392345224831265489611772644471070248995981302034948473940065747662945212398541779068415616967135976188709725590471408172268120087194899521984327489372793302952087204387908966615439003355725867112354477015468800576877967690999319458378217763853389417119362053010852310271812486947416111540027095986266018651025642181543087452210786079807318746758401452530271941368262541456861228635240384567323512512503940156005522702553267932076628657132297704436148616040922998993995326050981505742198651631580821682223681886371075707291 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 3e96f60e1c7830e33705573383c875998c6dd2f7 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (183 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.onespot.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.staging.onespot.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.dev.onespot.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.staging.os-data.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.dev.os-data.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.os-data.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.rec-engine.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.staging.rec-engine.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.dev.rec-engine.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0095365152e59a4a3ebd4a4a69345d63fbe716c813e0965cf82281e7eb1f3c9ae9dc8e2ed10b9cb7fd24cf9d3ca6e34bbace57fa2efe9318c8ad855bf3001b99f31b3cc9835debff73d80d9f4302081f9183b7bda4af135dc369996f1be29b8f5aba6af0915723deed6c261a2d7aef179a6498e1ee9e781e51a670b952ff9700b1c6965217260089bb82a287f5df651634da3bce693f413eeaa4a6dfacbfc7453f79849e71194af6c8edf506ce6ec5edeb052c3aead972633a4fd63076b3f71fc4971961afdb70e9eb857ec27bf0ec13f62526f09d99766ae5280750ca13c77be0c1b5f83cd2b3c5a69009bdf69cbac30ebaa0dcd81201a48148a81def4a66e851