kulturstiftung-thueringen.de

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 04:f3:b2:a1:86:82:f7:c7:6d:a2:bb:ad:d5:94:96:62:be:a3 was issued on by Let's Encrypt.

With 9 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=kulturstiftung-thueringen.de

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:f3:b2:a1:86:82:f7:c7:6d:a2:bb:ad:d5:94:96:62:be:a3
Serial Number (int): 431375200160092204248302717794784897056419
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 1e:87:7e:ce:7c:80:7d:91:03:28:40:3c:31:bc:09:3b:64:2a:4b:9f
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): 82:21:9c:7a:dd:a8:0f:3e:8c:a7:de:96:65:73:ea:14:39:fb:52:86
Fingerprint (sha256): ee:00:73:28:ec:01:8a:70:13:57:eb:0c:dd:14:40:7f:ec:ed:1f:10:94:33:d3:9d:0d:0d:bc:c5:59:f7:45:77

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate kulturstiftung-thueringen.de

9

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for kulturstiftung-thueringen.de

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

api.kulturstiftung-thueringen.de
backend.kulturstiftung-thueringen.de
cron.kulturstiftung-thueringen.de
kultstift.api.itool4.net
kultstift.b01.itool4.net
kultstift.cron.itool4.net
kultstift.f01.itool4.net
kulturstiftung-thueringen.de
www.kulturstiftung-thueringen.de

Other certificates including the domain name kulturstiftung-thueringen.de

(limited to 100 certificates)
www.kulturstiftung-thueringen.de
kulturstiftung-thueringen.de
kulturstiftung-thueringen.de
kulturstiftung-thueringen.de
kulturstiftung-thueringen.de
kulturstiftung-thueringen.de
kulturstiftung-thueringen.de
kulturstiftung-thueringen.de
kulturstiftung-thueringen.de
kulturstiftung-thueringen.de
kulturstiftung-thueringen.de
kulturstiftung-thueringen.de
kulturstiftung-thueringen.de

Certificate

The complete raw certificate details for kulturstiftung-thueringen.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGazCCBVOgAwIBAgISBPOyoYaC98dtorut1ZSWYr6jMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA3MjYwMDA1NDNaFw0x
OTEwMjQwMDA1NDNaMCcxJTAjBgNVBAMTHGt1bHR1cnN0aWZ0dW5nLXRodWVyaW5n
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7VPxiDVe23qQU
O1dyYjkEpBYcKy5Rxr0OhbdF8XERJ6YNgufwbNwrV2rJ5/wEZ9VwpgrNbS3GAemi
lQa1MV7vNE2R+aPYzDMX/gn3WcD5QmvhWUZJ8TF0yxjn+M2jUVdLfwQNoXU+TQDF
klF2CEe0xV67Tp1MJw7g+1C3x1SrQhhBJWE35hzl82MzxE7fEavxtDEbnrDlUM/h
4ROzb35bEwHSmaJ3IhnylnklrdAKfWN28tnx+j/z5tBgRHkCu8GCFUYMM62tJBSK
YzsxUqu1VgvLTRuTO0yBAQBpnvkzZmJZKcFUsolmS6RjIKQNW16T/jl8rmtUgU8R
1Da96wg1AgMBAAGjggNsMIIDaDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFB6Hfs58
gH2RAyhAPDG8CTtkKkufMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyh
MG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgz
LmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgz
LmxldHNlbmNyeXB0Lm9yZy8wggEhBgNVHREEggEYMIIBFIIgYXBpLmt1bHR1cnN0
aWZ0dW5nLXRodWVyaW5nZW4uZGWCJGJhY2tlbmQua3VsdHVyc3RpZnR1bmctdGh1
ZXJpbmdlbi5kZYIhY3Jvbi5rdWx0dXJzdGlmdHVuZy10aHVlcmluZ2VuLmRlghhr
dWx0c3RpZnQuYXBpLml0b29sNC5uZXSCGGt1bHRzdGlmdC5iMDEuaXRvb2w0Lm5l
dIIZa3VsdHN0aWZ0LmNyb24uaXRvb2w0Lm5ldIIYa3VsdHN0aWZ0LmYwMS5pdG9v
bDQubmV0ghxrdWx0dXJzdGlmdHVuZy10aHVlcmluZ2VuLmRlgiB3d3cua3VsdHVy
c3RpZnR1bmctdGh1ZXJpbmdlbi5kZTBMBgNVHSAERTBDMAgGBmeBDAECATA3Bgsr
BgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0
Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AHR+2oMxrTMQkSGcziVPQnDC
v/1eQiAIxjc1eeYQe8xWAAABbCvP8cIAAAQDAEYwRAIgVqIWPAVHUBoU9yIf6jO8
2bw2eQtOy8Ip54wu/JtUoj8CICOSzV8x0dOEufvn4D49fJcbMc9OafnVTNDzvzQJ
7kxMAHYAY/Lbzeg7zCzPC3KEJ1drM6SNYXePvXWmOLHHaFRL2I0AAAFsK8/xswAA
BAMARzBFAiBy9SS9cBscr02HYIpLSOwoGjww0aFhWaoksT/JIugmSwIhALJ7Rvnu
l9na5+37EwF5u8eJEN275lcu6tUfkp1sSHunMA0GCSqGSIb3DQEBCwUAA4IBAQAW
1BlYL9mfC489FhdTA5faey5TRWRcgjeejnWRaHkYj43allPSg+wPYIR9/pJqDbOW
tqVtSdGPxVigKG7zWvTRGlNZU2CjjtBlGfFtpFgpTWr30r6gJoZ7mew0DaZBwqb8
v/vnvPH44VNVuUkpE7sIo4MVXQrNmRuuAFvDW+xKFH6y6Hl9EYjhGyVCCPRX52Ub
Eiy5MRGLCYP5dXnsLnRhTfFRr+pveArqqRrrcAZtFXgPz2LXs7NpXYI2jw9J3HmP
RjkJthQclmzumcN70AaqyriB0z2DPGvhoHmdqu8WGaoeAVJ2tPS6Lmzm3md1W7cJ
GjN43k++DRMnbuKJuMkY
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1T8Yg1Xtt6kFDtXcmI5
BKQWHCsuUca9DoW3RfFxESemDYLn8GzcK1dqyef8BGfVcKYKzW0txgHpopUGtTFe
7zRNkfmj2MwzF/4J91nA+UJr4VlGSfExdMsY5/jNo1FXS38EDaF1Pk0AxZJRdghH
tMVeu06dTCcO4PtQt8dUq0IYQSVhN+Yc5fNjM8RO3xGr8bQxG56w5VDP4eETs29+
WxMB0pmidyIZ8pZ5Ja3QCn1jdvLZ8fo/8+bQYER5ArvBghVGDDOtrSQUimM7MVKr
tVYLy00bkztMgQEAaZ75M2ZiWSnBVLKJZkukYyCkDVtek/45fK5rVIFPEdQ2vesI
NQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 431375200160092204248302717794784897056419
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-26 00:05:43 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-24 00:05:43 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'kulturstiftung-thueringen.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23648471123656378130816209016281964036191991750530224438543817344271715546085242477735850057721311442831265704536766282540971606766674465677648945509690254307337419516700545480021487042528230062259607210886402431884032893987670632643081918635544125364952053456507387560822101614412086390036054763430641736416546645425697837280081010313688719957341151435181200730220017091146988481375093508195129355263523229523895387126336190818736502222248118139179951093485648526063963294637837710660023967858256580711102821488842641522946916488129998451369984895576478612100915136723198645764996323728402355582643972968777006123061
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1e877ece7c807d910328403c31bc093b642a4b9f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (280 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.kulturstiftung-thueringen.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'backend.kulturstiftung-thueringen.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cron.kulturstiftung-thueringen.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kultstift.api.itool4.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kultstift.b01.itool4.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kultstift.cron.itool4.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kultstift.f01.itool4.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kulturstiftung-thueringen.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kulturstiftung-thueringen.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007500747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc560000016c2bcff1c20000040300463044022056a2163c0547501a14f7221fea33bcd9bc36790b4ecbc229e78c2efc9b54a23f02202392cd5f31d1d384b9fbe7e03e3d7c971b31cf4e69f9d54cd0f3bf3409ee4c4c00760063f2dbcde83bcc2ccf0b728427576b33a48d61778fbd75a638b1c768544bd88d0000016c2bcff1b30000040300473045022072f524bd701b1caf4d87608a4b48ec281a3c30d1a16159aa24b13fc922e8264b022100b27b46f9ee97d9dae7edfb130179bbc78910ddbbe6572eead51f929d6c487ba7
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0016d419582fd99f0b8f3d1617530397da7b2e5345645c82379e8e75916879188f8dda9653d283ec0f60847dfe926a0db396b6a56d49d18fc558a0286ef35af4d11a53595360a38ed06519f16da458294d6af7d2bea026867b99ec340da641c2a6fcbffbe7bcf1f8e15355b9492913bb08a383155d0acd991bae005bc35bec4a147eb2e8797d1188e11b254208f457e7651b122cb931118b0983f97579ec2e74614df151afea6f780aeaa91aeb70066d15780fcf62d7b3b3695d82368f0f49dc798f463909b6141c966cee99c37bd006aacab881d33d833c6be1a0799daaef1619aa1e015276b4f4ba2e6ce6de67755bb7091a3378de4fbe0d13276ee289b8c918