timeincuk.net

Issued by Amazon

About this certificate

This digital certificate with serial number 01:b9:47:24:56:8c:4e:ec:5f:6d:38:61:0c:b6:79:58 was issued on by Amazon.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=timeincuk.net

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 01:b9:47:24:56:8c:4e:ec:5f:6d:38:61:0c:b6:79:58
Serial Number (int): 2291245844694901930573405921721350488
Serial Number lenght: 121 bits, 16 octets

SubjectKeyId: 6a:44:4c:f3:79:8a:cb:08:1e:2a:9d:71:13:10:07:7d:9f:c4:f3:b9
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 6a:fe:18:db:d7:10:58:f2:f0:7b:7a:28:52:7b:d1:10:de:f0:76:8b
Fingerprint (sha256): df:29:55:b2:d2:cd:a4:6a:d1:43:c8:60:9b:24:5b:41:25:2a:a2:ab:d0:f8:ef:51:a7:24:2a:e6:16:98:18:d5

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate timeincuk.net

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for timeincuk.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

timeincuk.net
*.timeincuk.net
*.aws2.timeincuk.net
*.assets.aws2.timeincuk.net

Other certificates including the domain name timeincuk.net

(limited to 100 certificates)
timeincuk.net
keystone.wp.timeincuk.net
ksassets.timeincuk.net
keyassets.timeincuk.net
campaign.ipcdigital.co.uk
keyassets-p2.timeincuk.net
*.ti-media.net
*.amateurgardening.com
wadeassets.timeincuk.net
keystone.ti-media.net
ti-media.map.fastly.net
keystone.ti-media.net
blogs.internal.timeincuk.net
ti-media.map.fastly.net
timeincuk.net
wadeassets.timeincuk.net
timeincuk.net
blogs.internal.timeincuk.net
ti-media.map.fastly.net
keystone.ti-media.net
keystone.wp.timeincuk.net
ti-media.map.fastly.net
cms2.ipcmediasecure.com
timeincuk.net
ksassets.timeincuk.net
keyassets-p2.timeincuk.net
keyassets.timeincuk.net
ksassets-preprod.timeincuk.net
ksassets.timeincuk.net
keystone.ti-media.net
*.amateurgardening.com
keystone.wp.timeincuk.net
timeincuk.net
campaign.ipcdigital.co.uk
keystone.ti-media.net
ksassets-preprod.timeincuk.net
cms2.ipcmediasecure.com
ti-media.map.fastly.net
*.ti-media.net
ti-media.map.fastly.net
campaign.ipcdigital.co.uk
wade.timeincuk.net
marieclaire.ipcmediasecure.com
ti-media.map.fastly.net
timeincuk.net
keystone.wp.timeincuk.net
secure.tablet.timeincuk.net
campaign.ipcdigital.co.uk
blogs.internal.timeincuk.net
assets.timeincuk.net
*.ti-media.net
ti-media.map.fastly.net
ti-media.map.fastly.net
ti-media.map.fastly.net
keystone.wp.timeincuk.net
timeincuk.net
ti-media.map.fastly.net
marieclaire.ipcmediasecure.com
keystone.wp.timeincuk.net
assets.timeincuk.net
keystone.wp.timeincuk.net
wade.timeincuk.net
ksassets.timeincuk.net
campaign.ipcdigital.co.uk
ksassets.timeincuk.net
keystone.wp.timeincuk.net
keystone.ti-media.net
keystone.ti-media.net
keystone.wp.timeincuk.net
campaign.ipcdigital.co.uk
*.timeincuk.net
marieclaire.ipcmediasecure.com
ti-media.map.fastly.net
campaign.ipcdigital.co.uk
keyassets-p2.timeincuk.net
campaign.ipcdigital.co.uk
keyassets-p1.timeincuk.net
assets.timeincuk.net
internal.timeincuk.net
marieclaire.ipcmediasecure.com
wpe.timeincuk.net
*.ti-media.net
*.amateurgardening.com
ti-media.map.fastly.net
timeincuk.net
*.amateurgardening.com
campaign.ipcdigital.co.uk
keyassets-p2.timeincuk.net
campaign.ipcdigital.co.uk
internal.timeincuk.net
marieclaire.ipcmediasecure.com
internal.timeincuk.net
keyassets.timeincuk.net
marieclaire.ipcmediasecure.com
ti-media.map.fastly.net
keystone.wp.timeincuk.net
ti-media.map.fastly.net
keyassets.timeincuk.net
timeincuk.net
timeincuk.net

Certificate

The complete raw certificate details for timeincuk.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgIQAblHJFaMTuxfbThhDLZ5WDANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTEwMTAwMDAwMDBaFw0yMDExMTAx
MjAwMDBaMBgxFjAUBgNVBAMTDXRpbWVpbmN1ay5uZXQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCcJTI1TJ/Kb+KoTuAyPZ3Jm3me4s9lCIhgWpO3QhvM
cMdz+uh5BQ/QaFiXmCqv2FaPdC8zLMkRlWOgHNLTWmuERYsjIH093ub00uMWsfzp
XfdTDRvasWoZ7lKphDIU9XouvSYxofSh89tMm+B/gHG+qWyZEZpYPRPpRQO8b0Uf
4aj2ODEIg67gOr8WZty02/mmHsKB3x/MjhlA5Z1ad1dT8vza8754mK0VENlvHNN6
BxKVEBbmAIWMrWUHKodHOhogOkOKg0c/8yFcm0qoO3i03cYSgA24+R0E0xCqrU6D
2VFyIbel6afLjXLQF2yHeWq9vZgtikDMrxDuPhyNBdXLAgMBAAGjggK8MIICuDAf
BgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUakRM83mK
ywgeKp1xExAHfZ/E87kwXAYDVR0RBFUwU4INdGltZWluY3VrLm5ldIIPKi50aW1l
aW5jdWsubmV0ghQqLmF3czIudGltZWluY3VrLm5ldIIbKi5hc3NldHMuYXdzMi50
aW1laW5jdWsubmV0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zY2ExYi5h
bWF6b250cnVzdC5jb20vc2NhMWIuY3JsMCAGA1UdIAQZMBcwCwYJYIZIAYb9bAEC
MAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9v
Y3NwLnNjYTFiLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2Ny
dC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3J0MAwGA1UdEwEB/wQCMAAw
ggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb
37jjd80OyA3cEAAAAW208ne6AAAEAwBGMEQCICIm/jZespXj3HL7Qxan0YGwY0au
tiNf5JXKavRLcOuyAiB+RaX8PDVg+q5HqBcZoNTtB+0w9qA7sx839xCTk9pZqAB2
AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABbbTyeCcAAAQDAEcw
RQIgO1sX3jiUv3cfgk6RIGtZUrh6N7Lcs6iUoOpZRTHpUQ8CIQCMS9Pc2O+5Wxyj
SA67/5BCTg/PoXqFzJpuCPpKB03QHTANBgkqhkiG9w0BAQsFAAOCAQEAoeJSFp4n
FNEmJ+EzLuTYrxtzLtUbaWNM82e0r0AqQTZ/pzlTHAQEkgXQ1XhPdS1QNaETXqsF
z6g+beV7h3Lh9IAPOm2aX0Ei0SNnhGEqcuaqzrEMKmN3Ec9faxBqmeiiUFZfhUo4
Yd3zorJf5Z9Mr/QpnqJWmu9z6UWbmcgTh9SZfThAIYn6HZt9+Msz0oUn1UABMuBv
TqMGAT2YtwVa+dY5lvau6p0O8GuE8x5MnCXzITugILF2DA3JpU8CXySYHCa6Tbfg
NXbp2taxIC/GS9tLpayfnIOgYdEYZqmGBpA2+t3+1KNZ3yxCns04ZOwKWmoraGXy
JrZAzBlfB/pAbg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCUyNUyfym/iqE7gMj2d
yZt5nuLPZQiIYFqTt0IbzHDHc/roeQUP0GhYl5gqr9hWj3QvMyzJEZVjoBzS01pr
hEWLIyB9Pd7m9NLjFrH86V33Uw0b2rFqGe5SqYQyFPV6Lr0mMaH0ofPbTJvgf4Bx
vqlsmRGaWD0T6UUDvG9FH+Go9jgxCIOu4Dq/FmbctNv5ph7Cgd8fzI4ZQOWdWndX
U/L82vO+eJitFRDZbxzTegcSlRAW5gCFjK1lByqHRzoaIDpDioNHP/MhXJtKqDt4
tN3GEoANuPkdBNMQqq1Og9lRciG3pemny41y0Bdsh3lqvb2YLYpAzK8Q7j4cjQXV
ywIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2291245844694901930573405921721350488
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-10 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-11-10 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'timeincuk.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19711517667947908316456669752469905102049905682356913032722480434906634168491801792485050730151210430829463762070994555451300539887734718376168887877699058865301676196963222381531235607476007357655699460550203749399810987372371313016368917500432307172838406209051224625692579340636380037858745965997337807032906935678611116224739878798472989263407771645354160147199579378281613157709946046784787925282553163877356399414152385830234301468919361806940740231069710206460964025027273623967460141499759849272320526347993446428302146694391347955102713000937294991941925846911851294655962318108760430509241395920651598288331
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6a444cf3798acb081e2a9d711310077d9fc4f3b9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (85 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'timeincuk.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.timeincuk.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.aws2.timeincuk.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.assets.aws2.timeincuk.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016db4f277ba000004030046304402202226fe365eb295e3dc72fb4316a7d181b06346aeb6235fe495ca6af44b70ebb202207e45a5fc3c3560faae47a81719a0d4ed07ed30f6a03bb31f37f7109393da59a80076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016db4f27827000004030047304502203b5b17de3894bf771f824e91206b5952b87a37b2dcb3a894a0ea594531e9510f0221008c4bd3dcd8efb95b1ca3480ebbff90424e0fcfa17a85cc9a6e08fa4a074dd01d
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00a1e252169e2714d12627e1332ee4d8af1b732ed51b69634cf367b4af402a41367fa739531c04049205d0d5784f752d5035a1135eab05cfa83e6de57b8772e1f4800f3a6d9a5f4122d1236784612a72e6aaceb10c2a637711cf5f6b106a99e8a250565f854a3861ddf3a2b25fe59f4caff4299ea2569aef73e9459b99c81387d4997d38402189fa1d9b7df8cb33d28527d5400132e06f4ea306013d98b7055af9d63996f6aeea9d0ef06b84f31e4c9c25f3213ba020b1760c0dc9a54f025f24981c26ba4db7e03576e9dad6b1202fc64bdb4ba5ac9f9c83a061d11866a986069036faddfed4a359df2c429ecd3864ec0a5a6a2b6865f226b640cc195f07fa406e