ws-na.assoc-amazon.com

Issued by Amazon

About this certificate

This digital certificate with serial number 0a:da:a4:12:49:5f:93:ff:d8:06:d1:b4:d4:e3:9a:fd was issued on by Amazon.

With 6 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=ws-na.assoc-amazon.com

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 0a:da:a4:12:49:5f:93:ff:d8:06:d1:b4:d4:e3:9a:fd
Serial Number (int): 14427528436999627859945982994512321277
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 2e:5d:39:16:d4:73:d4:9f:41:c6:6c:0c:77:5d:5a:18:11:a3:c3:6a
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): 8b:06:59:15:88:e5:a6:d6:6b:23:02:df:44:4a:5b:28:4a:18:64:a8
Fingerprint (sha256): e2:b3:2f:02:ba:fa:80:bd:d0:9e:ab:fb:cc:f3:9e:df:2a:76:42:09:32:00:2f:ef:6b:bb:4b:bb:ae:76:17:65

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b-1.crl

Check the revocation status for certificate ws-na.assoc-amazon.com

6

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ws-na.assoc-amazon.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ws-na.amazon-adsystem.com
ws-na.assoc-amazon.com
ws.amazon.ca
ws.amazon.com
ws.assoc-amazon.ca
ws.assoc-amazon.com

Other certificates including the domain name assoc-amazon.com

(limited to 100 certificates)
rcm-fe.assoc-amazon.com
wms-eu.assoc-amazon.com
rcm-na.assoc-amazon.com
wms-eu.assoc-amazon.com
rcm-fe.assoc-amazon.com
rcm-eu.assoc-amazon.com
wms-na.assoc-amazon.com
rcm-fe.assoc-amazon.com
wms-na.assoc-amazon.com
wms-na.assoc-amazon.com
ws-eu.assoc-amazon.com
ws-fe.assoc-amazon.com
wms-na.assoc-amazon.com
wms-na.assoc-amazon.com
ws-fe.assoc-amazon.com
rcm-na.assoc-amazon.com
ws-eu.assoc-amazon.com
rcm-eu.assoc-amazon.com
ws-cn.assoc-amazon.com
rcm-fe.assoc-amazon.com
rcm-na.assoc-amazon.com
ws-eu.assoc-amazon.com
ws-cn.assoc-amazon.com
www.assoc-amazon.com
www.assoc-amazon.com
wms.assoc-amazon.com
wms-na.assoc-amazon.com
ws-na.assoc-amazon.com
rcm-eu.assoc-amazon.com
rcm-fe.assoc-amazon.com
wms-eu.assoc-amazon.com
rcm-fe.assoc-amazon.com
rcm-na.assoc-amazon.com
rcm-na.assoc-amazon.com
wms-cn.assoc-amazon.com
ws-fe.assoc-amazon.com
wms-na.assoc-amazon.com
www.assoc-amazon.com
ws-na.assoc-amazon.com
rcm-cn.assoc-amazon.com
rcm-cn.assoc-amazon.com
ws-na.assoc-amazon.com
rcm-na.assoc-amazon.com
wms-fe.assoc-amazon.com
wms-fe.assoc-amazon.com
rcm-eu.assoc-amazon.com
rcm-eu.assoc-amazon.com
ws-cn.assoc-amazon.com
ws-eu.assoc-amazon.com
wms.assoc-amazon.com
rcm-eu.assoc-amazon.com
ws-fe.assoc-amazon.com
ws-fe.assoc-amazon.com
wms-eu.assoc-amazon.com
www.assoc-amazon.com
rcm-eu.assoc-amazon.com
wms-eu.assoc-amazon.com
ws-eu.assoc-amazon.com
wms-fe.assoc-amazon.com
wms-na.assoc-amazon.com
wms-eu.assoc-amazon.com
rcm-fe.assoc-amazon.com
rcm-cn.assoc-amazon.com
wms-cn.assoc-amazon.com
ws-na.assoc-amazon.com
www.assoc-amazon.com
www.assoc-amazon.com
rcm-cn.assoc-amazon.com
ws-fe.assoc-amazon.com
ws-fe.assoc-amazon.com
wms-na.assoc-amazon.com
www.assoc-amazon.com
www.assoc-amazon.com
rcm-eu.assoc-amazon.com
wms.assoc-amazon.com
rcm-na.assoc-amazon.com
ws-fe.assoc-amazon.com
ws-cn.assoc-amazon.com
ws-cn.assoc-amazon.com
ws-na.assoc-amazon.com
rcm-cn.assoc-amazon.com
ws-fe.assoc-amazon.com
ws-cn.assoc-amazon.com
rcm-na.assoc-amazon.com
wms-fe.assoc-amazon.com
www.assoc-amazon.com
wms-fe.assoc-amazon.com
rcm-cn.assoc-amazon.com
rcm-eu.assoc-amazon.com
www.assoc-amazon.com
rcm-na.assoc-amazon.com
ws-eu.assoc-amazon.com
ws-na.assoc-amazon.com
wms-eu.assoc-amazon.com
ws-na.assoc-amazon.com
rcm-eu.assoc-amazon.com
ws-fe.assoc-amazon.com
wms-na.assoc-amazon.com
ws-eu.assoc-amazon.com
ws-na.assoc-amazon.com

Certificate

The complete raw certificate details for ws-na.assoc-amazon.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGRTCCBS2gAwIBAgIQCtqkEklfk//YBtG01OOa/TANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMTEwMDUwMDAwMDBaFw0yMjEwMDEy
MzU5NTlaMCExHzAdBgNVBAMTFndzLW5hLmFzc29jLWFtYXpvbi5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQoSW+thxoFKKekeR4iklFY5xP1JsI
RtGovv+gLQkuUUJISSLsGW+aqgYRp/DYqn4oilfMPffRrCVZnERvVd/74WtfNC64
4VAQBoJcHJI072zYZYkmIpIGr+3rnuBJhJGVOma6gO8MbUZSllZiY+jBoV5Zos8j
mtUAKniaaErIL3fkA0n7IuRcVn/b9U+G7Zclpj/WEvlHk8f3p/3/aclh2E641GPv
/dPrtbaL2jBTaTd8Iw8l6aBDM1q2PFsV42swt6dznI5WMypRywt1uxqcuXwzTpRp
8wXuMKpTG05R+J6RyJ6iJohiCuJ6YSkMt9jxZkm3WMU93IpprqekMFLlAgMBAAGj
ggNSMIIDTjAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4E
FgQULl05FtRz1J9BxmwMd11aGBGjw2owgYIGA1UdEQR7MHmCGXdzLW5hLmFtYXpv
bi1hZHN5c3RlbS5jb22CFndzLW5hLmFzc29jLWFtYXpvbi5jb22CDHdzLmFtYXpv
bi5jYYINd3MuYW1hem9uLmNvbYISd3MuYXNzb2MtYW1hem9uLmNhghN3cy5hc3Nv
Yy1hbWF6b24uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2NybC5zY2ExYi5h
bWF6b250cnVzdC5jb20vc2NhMWItMS5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEw
dQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5zY2ExYi5h
bWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2NhMWIuYW1h
em9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8EAjAAMIIBfQYKKwYBBAHW
eQIEAgSCAW0EggFpAWcAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5t
RwAAAXxONMtRAAAEAwBHMEUCIQC5/XNZgku+XxPtEznbzC+2SelCpj24L8I4kwlj
ukVvfAIgFwlOLCRe+wSS4bRlUt+2+URynDhCubvjjk49l6V+yesAdQBRo7D1/QF5
nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAXxONMtPAAAEAwBGMEQCICeRruMH
umYLkT3jMVvUrGyLwRkDSeG56NEOoX8bMa8FAiBsaySB2RNoI7g0leiwBnwiTep2
zHJv9Q9VmmDnFCfIFAB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBilgb2
AAABfE40yywAAAQDAEcwRQIhAMaBl6UMttutR7RDq8yy1SZDZjHOGqwZtoGF2XAT
ymJqAiA50M8p7LJUjVCX26QgA7mZkje7N0BLJXCggll63vkyTjANBgkqhkiG9w0B
AQsFAAOCAQEAEyHSjfPrvjTkLHRMxMtBhEYTZx6mpEdeslQ/4REspe4xOIfNZODO
Hl70YqiSZl1SXo7hQAUioMFU9ap2KIwlTYIuq5kZyZ3jQZxXOIh7E0K+84SDO+AV
DUbA8SQGopmIEs9JMfbbboPzySCFYbEtIV3lky/TxzTBQukDdPlrEHxpYgabgNxL
gnJThGcGt2V01KKOXta6+RiSHa5eUazQUk/yFJ8YzFb9w6s7MIvTyBmqMOCxNDkv
mX77pMmSLHQ+4nTfgcU89ASGoGtTeuL1oX7ndoAqY29ufp8d+dHMO6zzb5cPjvEn
4BHDJK2+ubhs4h7tw4yG9LkpdFitk199rQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KElvrYcaBSinpHkeIpJ
RWOcT9SbCEbRqL7/oC0JLlFCSEki7BlvmqoGEafw2Kp+KIpXzD330awlWZxEb1Xf
++FrXzQuuOFQEAaCXBySNO9s2GWJJiKSBq/t657gSYSRlTpmuoDvDG1GUpZWYmPo
waFeWaLPI5rVACp4mmhKyC935ANJ+yLkXFZ/2/VPhu2XJaY/1hL5R5PH96f9/2nJ
YdhOuNRj7/3T67W2i9owU2k3fCMPJemgQzNatjxbFeNrMLenc5yOVjMqUcsLdbsa
nLl8M06UafMF7jCqUxtOUfiekcieoiaIYgriemEpDLfY8WZJt1jFPdyKaa6npDBS
5QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 14427528436999627859945982994512321277
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-10-05 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-10-01 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ws-na.assoc-amazon.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26337032197925039513433636993789867435112194331960648506542757368493060035548074864887021856893515096786045484373615376511392407154593271563304933234524861719949414544873126650659778458114071570623855979556209854639417591802248819105802302804307832925138945783660311889931024268663092927489402303303161274695933279648117268949045544754655120500387300330344482222045882775663832527120269939069962202490145951476709781700086316270353034204146751072058730160883862308412678223245411266409740321004836511870721297630142906205450649638221887341858181977131911865516585734621405485286569625049103681094551955563426891191013
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							2e5d3916d473d49f41c66c0c775d5a1811a3c36a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (123 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws-na.amazon-adsystem.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws-na.assoc-amazon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws.amazon.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws.amazon.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws.assoc-amazon.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ws.assoc-amazon.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b-1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							016700760046a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d470000017c4e34cb510000040300473045022100b9fd7359824bbe5f13ed1339dbcc2fb649e942a63db82fc238930963ba456f7c022017094e2c245efb0492e1b46552dfb6f944729c3842b9bbe38e4e3d97a57ec9eb00750051a3b0f5fd01799c566db837788f0ca47acc1b27cbf79e88429a0dfed48b05e50000017c4e34cb4f000004030046304402202791aee307ba660b913de3315bd4ac6c8bc1190349e1b9e8d10ea17f1b31af0502206c6b2481d9136823b83495e8b0067c224dea76cc726ff50f559a60e71427c81400760041c8cab1df22464a10c6a13a0942875e4e318b1b03ebeb4bc768f090629606f60000017c4e34cb2c0000040300473045022100c68197a50cb6dbad47b443abccb2d526436631ce1aac19b68185d97013ca626a022039d0cf29ecb2548d5097dba42003b9999237bb37404b2570a082597adef9324e
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001321d28df3ebbe34e42c744cc4cb41844613671ea6a4475eb2543fe1112ca5ee313887cd64e0ce1e5ef462a892665d525e8ee1400522a0c154f5aa76288c254d822eab9919c99de3419c5738887b1342bef384833be0150d46c0f12406a2998812cf4931f6db6e83f3c9208561b12d215de5932fd3c734c142e90374f96b107c6962069b80dc4b827253846706b76574d4a28e5ed6baf918921dae5e51acd0524ff2149f18cc56fdc3ab3b308bd3c819aa30e0b134392f997efba4c9922c743ee274df81c53cf40486a06b537ae2f5a17ee776802a636f6e7e9f1df9d1cc3bacf36f970f8ef127e011c324adbeb9b86ce21eedc38c86f4b9297458ad935f7dad