aegmuua.ability.ee

Issued by R3

About this certificate

This digital certificate with serial number 04:58:aa:cb:a2:7e:e2:32:bc:75:32:19:85:c5:2b:24:e0:14 was issued on by Let's Encrypt.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=aegmuua.ability.ee

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:58:aa:cb:a2:7e:e2:32:bc:75:32:19:85:c5:2b:24:e0:14
Serial Number (int): 378621018107432398856520100188136034066452
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: cc:21:01:f9:3f:fd:e3:43:85:5d:65:ab:78:ad:ff:d4:7c:e6:74:73
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 73:92:49:97:b1:f5:9e:40:96:71:23:be:12:44:ab:7c:6f:3b:03:d3
Fingerprint (sha256): ed:13:74:b3:ab:79:ce:6b:a5:e6:b0:3d:a4:83:5d:98:9e:2b:92:81:42:48:95:ac:a4:f1:61:a0:df:98:2b:64

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate aegmuua.ability.ee

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for aegmuua.ability.ee

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

aegmuua.ability.ee
aegmuua.arcovara.ee

Other certificates including the domain name ability.ee

(limited to 100 certificates)
hauaplatsihooldus.ability.ee
kodulahe.ability.ee
hingeruum.ability.ee
lahepea7.ability.ee
hauaplatsihooldus.ability.ee
lander.ability.ee
ability.ee
hauaplatsihooldus.ability.ee
lahepea7.ability.ee
ability.ee
ability.ee
ability.ee
mail.lingid.ee
min.ee
kodulahe.ability.ee
teekoduleht.ability.ee
alamdomeen.ability.ee
lahepea7.ability.ee
hingeruum.ability.ee
warelair.com
ability.ee
gocrazy.ability.ee
lingid.ability.ee
www.min.ee
lander.ability.ee
lingid.ee
hingeruum.ability.ee
ability.ee
min.ee
gocrazy.ability.ee
ability.ee
min.ee
lander.ability.ee
ability.ee
lander.ability.ee
teekoduleht.ability.ee
ability.ee
ability.ee
lahepea7.ability.ee
lander.ability.ee
ability.ee
ability.ee
lahepea7.ability.ee
ability.ee
hauaplatsihooldus.ability.ee
ability.ee
ability.ee
ability.ee
vabavara.ee
hingeruum.ability.ee
ability.ee
supportmeow.ability.ee
kodulahe.ability.ee
hingeruum.ability.ee
min.ee
gocrazy.ability.ee
ability.ee
ability.ee
ability.ee
teekoduleht.ability.ee
kodulahe.ability.ee
gocrazy.ability.ee
kodulahe.ability.ee
ability.ee
porto-franco.ability.ee
hingeruum.ability.ee
lander.ability.ee
lahepea7.ability.ee
kodulahe.ability.ee
gocrazy.ability.ee
rmtk.ability.ee
ability.ee
gocrazy.ability.ee
ability.ee
voorkeelteliit.ability.ee
aegmuua.ability.ee
ability.ee
kodulahe.ability.ee
hingeruum.ability.ee

Certificate

The complete raw certificate details for aegmuua.ability.ee in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGBjCCBO6gAwIBAgISBFiqy6J+4jK8dTIZhcUrJOAUMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAxMjAxMTE4MDRaFw0yNDA0MTkxMTE4MDNaMB0xGzAZBgNVBAMT
EmFlZ211dWEuYWJpbGl0eS5lZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBANQhC8AUnxH/Fbs7WCjfVlSsqXDLDZ6S3pWROBoxJLuhD9DP8Qwg090yA/o3
yhEyYOlhC2UU5KMloGR11rjVB+9mefZdtR9KlOy+6IzlkXEuXje8g6dZTz/qnmxp
lXsvnrkWPzRYO9dx9jv9o1lho1BbMYweCZjgP2v6suBnOKtRavkGKs0HB9F26HSk
7wzF4R37KpeKHlFwIM5hhlkcvciziDj6PfqeN03zPk5FUThGagY3KBHshY7r6qY4
4rynLQswg5phlusZs9T+77otdHWQLJQb9Em4XKMbG8x7e+s2lFjAJVS13lzogQbY
JbJL4j1qcPfN1y3AFGysjEWZFE/firG5Y9ml0E6+NlEu+OISzWw3mxKpFXrQ3AZ4
2ctaMjW5io7qGIuROdO3SXPemt7U0hq7kMD484xcLFeFcaa5NSgO505s8mCObRHl
TlE3x5iQIGoOXVmSWSGRwPVk0PkpQZDMv0GG6tda0x7yKJ+aWURT93Zai+lInrOK
NnYfURY1Q3iGvB6JdT9pvToojz4uXmZ141CVbcyCx6lCIvWTyQspTLfZn+cQDyaV
40LfdUwARtqmvoh0peRYBZWtRAjZ1yMjDn86vC56yXjMZQ7pHN1t3/zTsR65GVqC
BfXy1w3vrGEame8lM6ZkrOQUjwynlKgt0qHMpP6vQskXcayDAgMBAAGjggIpMIIC
JTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMwhAfk//eNDhV1lq3it/9R85nRzMB8G
A1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAh
BggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZo
dHRwOi8vcjMuaS5sZW5jci5vcmcvMDIGA1UdEQQrMCmCEmFlZ211dWEuYWJpbGl0
eS5lZYITYWVnbXV1YS5hcmNvdmFyYS5lZTATBgNVHSAEDDAKMAgGBmeBDAECATCC
AQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AEiw42vapkc0D+VqAvqdMOscUgHLVt0s
gdm7v6s52IRzAAABjSbOgxkAAAQDAEcwRQIgQjaTPqM9UWIou5xoO5RX1ZPHe7Dx
e1yrYmtylFhB0ewCIQD1GNODX+F0+2rqmAvF87mhxaTyJCtNRrQhjXwurAHirAB2
AKLiv9Ye3i8vB6DWTm03p9xlQ7DGtS6i2reK+Jpt9RfYAAABjSbOg08AAAQDAEcw
RQIgKHQtp6JvafthgaYNh+L90wQmCF00/JMVdwRZOejTLgoCIQCxJwZjNn9NN8c6
tHLVf37vDTtSkk9CrBLCY9aVBBl9BTANBgkqhkiG9w0BAQsFAAOCAQEAMnQ/VDQp
FWzuvYflrdCR+JHEjJDF2QyerVnsdBT+MQS7ATf4LANJ7aSmbLiV8Sixpr03ycoA
Sm1xt5XEJlKiCi1UL0v4LC4oAdljghs/XtEyiYzWrKu2bAPSZtcO1VXA85d+nCNG
UVTUZ3t/NcXJbfI4m7GDeFHXN0D9v95LObNsU4NLpnO5+Oyca75kU3P1jdAGyW0v
IvzsjrMtZ2tkQOk16Dgno+MR3EfHzCykdkZgQlDTJwnCYsQvW8uYEyRMPxoW+mQb
nbhaOhnWkfgncGqc/h57+5pcLgTnCg/YhTGywyMm0wI9xgiZQR2JXl8EFqw9ZJz8
yaUHaPjMfvpKtQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1CELwBSfEf8VuztYKN9W
VKypcMsNnpLelZE4GjEku6EP0M/xDCDT3TID+jfKETJg6WELZRTkoyWgZHXWuNUH
72Z59l21H0qU7L7ojOWRcS5eN7yDp1lPP+qebGmVey+euRY/NFg713H2O/2jWWGj
UFsxjB4JmOA/a/qy4Gc4q1Fq+QYqzQcH0XbodKTvDMXhHfsql4oeUXAgzmGGWRy9
yLOIOPo9+p43TfM+TkVROEZqBjcoEeyFjuvqpjjivKctCzCDmmGW6xmz1P7vui10
dZAslBv0SbhcoxsbzHt76zaUWMAlVLXeXOiBBtglskviPWpw983XLcAUbKyMRZkU
T9+Ksblj2aXQTr42US744hLNbDebEqkVetDcBnjZy1oyNbmKjuoYi5E507dJc96a
3tTSGruQwPjzjFwsV4Vxprk1KA7nTmzyYI5tEeVOUTfHmJAgag5dWZJZIZHA9WTQ
+SlBkMy/QYbq11rTHvIon5pZRFP3dlqL6Uies4o2dh9RFjVDeIa8Hol1P2m9OiiP
Pi5eZnXjUJVtzILHqUIi9ZPJCylMt9mf5xAPJpXjQt91TABG2qa+iHSl5FgFla1E
CNnXIyMOfzq8LnrJeMxlDukc3W3f/NOxHrkZWoIF9fLXDe+sYRqZ7yUzpmSs5BSP
DKeUqC3Socyk/q9CyRdxrIMCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 378621018107432398856520100188136034066452
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-20 11:18:04 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-19 11:18:03 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'aegmuua.ability.ee'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 865411165500530015933303136334781523064006297522798277439619332514139545700799060876152201389113316547837369932666115134099121300041859353370658814115831336374465382347351541821566682465356656542888601643593527566118418667052460712709429178828872256783924049742294985595038193869797538055892888706757637389703083302005600661896280274380819463361462185040108269236720938835088731227477619988936400710372706616859211612727508669856391029743087342828667146419339906954856884344662576915136770946826422554947539221102820574735686332990618335236479584986641809149149663600209850650492222360132667364199786436284209580358849086760177199326029063116979750264651957270700860323875626726959529949343502973953229802389487551667400522424626659780225759573743991882801469097664173465280350631592363400498627536690512686110257642632454366695432989508845756883096225699210255222881143210073382262662276808623649568310688028172152963333376059512483403640623979936207748933539002725487632729781346008066153634178413929545881230213963051138974116952285671993879748546404772050393636142681241870708120609396055955518183424390770521411124262162526867542579324829066442787209144144322772641175027570919820199164224575939455827456787746959312873948556419
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							cc2101f93ffde343855d65ab78adffd47ce67473
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (43 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aegmuua.ability.ee'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aegmuua.arcovara.ee'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f000760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018d26ce8319000004030047304502204236933ea33d516228bb9c683b9457d593c77bb0f17b5cab626b72945841d1ec022100f518d3835fe174fb6aea980bc5f3b9a1c5a4f2242b4d46b4218d7c2eac01e2ac007600a2e2bfd61ede2f2f07a0d64e6d37a7dc6543b0c6b52ea2dab78af89a6df517d80000018d26ce834f0000040300473045022028742da7a26f69fb6181a60d87e2fdd30426085d34fc931577045939e8d32e0a022100b1270663367f4d37c73ab472d57f7eef0d3b52924f42ac12c263d69504197d05
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0032743f543429156ceebd87e5add091f891c48c90c5d90c9ead59ec7414fe3104bb0137f82c0349eda4a66cb895f128b1a6bd37c9ca004a6d71b795c42652a20a2d542f4bf82c2e2801d963821b3f5ed132898cd6acabb66c03d266d70ed555c0f3977e9c23465154d4677b7f35c5c96df2389bb1837851d73740fdbfde4b39b36c53834ba673b9f8ec9c6bbe645373f58dd006c96d2f22fcec8eb32d676b6440e935e83827a3e311dc47c7cc2ca47646604250d32709c262c42f5bcb9813244c3f1a16fa641b9db85a3a19d691f827706a9cfe1e7bfb9a5c2e04e70a0fd88531b2c32326d3023dc60899411d895e5f0416ac3d649cfcc9a50768f8cc7efa4ab5