*.shopnation.com
Issued by Amazon
About this certificate
This digital certificate with serial number 08:59:2e:a5:f9:7b:57:6f:e3:bc:45:74:6f:33:24:4c was issued on by Amazon.
With 10 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=*.shopnation.com
Amazon
Organization:
Amazon
Organization unit: Server CA 1B
Organization unit: Server CA 1B
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 08:59:2e:a5:f9:7b:57:6f:e3:bc:45:74:6f:33:24:4cSerial Number (int): 11096884527388387703835066014322861132
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: c8:bf:12:9b:1b:ba:ca:21:15:e2:63:77:d6:6d:eb:6b:66:e7:ba:2f
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0
Fingerprint (sha1): df:c7:2f:e4:5b:cf:f6:0b:ba:7f:a3:8a:27:50:c6:8d:ad:16:9d:ec
Fingerprint (sha256): f2:df:66:e1:cc:b9:6e:b9:77:85:54:12:f8:68:bc:1c:da:24:9d:9a:5a:7b:8d:8f:a1:d7:46:fb:19:df:f9:18
Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt
Revocation information
OCSP Server: http://ocsp.sca1b.amazontrust.comCRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl
Check the revocation status for certificate *.shopnation.com
10
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.shopnation.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.shopnation.com
*.fitnessmagazine.com
*.qa3.shopnation.com
*.allrecipes.com
*.more.com
*.staging.shopnation.com
*.qa1.shopnation.com
*.qa2.shopnation.com
*.bhg.com
*.parents.com
*.fitnessmagazine.com
*.qa3.shopnation.com
*.allrecipes.com
*.more.com
*.staging.shopnation.com
*.qa1.shopnation.com
*.qa2.shopnation.com
*.bhg.com
*.parents.com
Other certificates including the domain name shopnation.com
(limited to 100 certificates)
*.qa1.shopnation.com
assets.qa2.shopnation.com
images.qa.shopnation.com
assets.meredith.com
assets.qa1.shopnation.com
*.monitoring-es53.shopnation.com
assets.meredith.com
vfs-proxy.qa1.shopnation.com
ssl768224.cloudflaressl.com
*.shopnation.com
*.shopnation.com
*.shopnation.com
assets.meredith.com
*.qa2.shopnation.com
*.shopnation.com
images.prod.shopnation.com
*.qa1-es53.shopnation.com
images.prod.shopnation.com
assets.meredith.com
images.prod.shopnation.com
*.shopnation.com
ssl768223.cloudflaressl.com
*.qa2-es53.shopnation.com
*.staging.shopnation.com
assets.meredith.com
*.shopnation.com
assets.meredith.com
*.shopnation.com
images.prod.shopnation.com
*.shopnation.com
images.prod.shopnation.com
bhg-home.shopnation.com
images.prod.shopnation.com
assets.qa1.shopnation.com
images.prod.shopnation.com
assets.meredith.com
*.shopnation.com
images.prod.shopnation.com
*.shopnation.com
*.shopnation.com
images.qa.shopnation.com
*.shopnation.com
*.reports-es53.shopnation.com
assets.qa2.shopnation.com
images.qa.shopnation.com
assets.meredith.com
assets.qa1.shopnation.com
*.monitoring-es53.shopnation.com
assets.meredith.com
vfs-proxy.qa1.shopnation.com
ssl768224.cloudflaressl.com
*.shopnation.com
*.shopnation.com
*.shopnation.com
assets.meredith.com
*.qa2.shopnation.com
*.shopnation.com
images.prod.shopnation.com
*.qa1-es53.shopnation.com
images.prod.shopnation.com
assets.meredith.com
images.prod.shopnation.com
*.shopnation.com
ssl768223.cloudflaressl.com
*.qa2-es53.shopnation.com
*.staging.shopnation.com
assets.meredith.com
*.shopnation.com
assets.meredith.com
*.shopnation.com
images.prod.shopnation.com
*.shopnation.com
images.prod.shopnation.com
bhg-home.shopnation.com
images.prod.shopnation.com
assets.qa1.shopnation.com
images.prod.shopnation.com
assets.meredith.com
*.shopnation.com
images.prod.shopnation.com
*.shopnation.com
*.shopnation.com
images.qa.shopnation.com
*.shopnation.com
*.reports-es53.shopnation.com
Certificate
The complete raw certificate details for *.shopnation.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGhTCCBW2gAwIBAgIQCFkupfl7V2/jvEV0bzMkTDANBgkqhkiG9w0BAQsFADBG MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMTA3MDMwMDAwMDBaFw0yMjA4MDEy MzU5NTlaMBsxGTAXBgNVBAMMECouc2hvcG5hdGlvbi5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC38sOH4Lve7C9t5dc9VinIdYXXa5bYFiM0f3ci tXggnbR54bNXpwzdRAcMtqWjKgmRCoT95Pi9bbE/6nICoMcQaGr8Nn6qJ8ufi5yA OosrZJKyu18fpM+5weBbrO+Rglkh1saCh9Fy8O7ctphRw2uCu+C/KcyEcPDz3lU4 zwjkALDQmBgdERQb5yC1M5/CcUe6TY6LNR9iqo6DxrfQXrT1Hha7CQIOCxeEDi6b KB4W3CO32pzuIKItWIPGJmUS7FEzp7ApFs3trWu+mJMbpOEysU/nhswut3xBRRpq Sh72qBBcsFdRf5xM40HW/izsQN/YtFakp2Zr5ow0fosdSx+xAgMBAAGjggOYMIID lDAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUyL8S mxu6yiEV4mN31m3ra2bnui8wgcgGA1UdEQSBwDCBvYIQKi5zaG9wbmF0aW9uLmNv bYIVKi5maXRuZXNzbWFnYXppbmUuY29tghQqLnFhMy5zaG9wbmF0aW9uLmNvbYIQ Ki5hbGxyZWNpcGVzLmNvbYIKKi5tb3JlLmNvbYIYKi5zdGFnaW5nLnNob3BuYXRp b24uY29tghQqLnFhMS5zaG9wbmF0aW9uLmNvbYIUKi5xYTIuc2hvcG5hdGlvbi5j b22CCSouYmhnLmNvbYINKi5wYXJlbnRzLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0 dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNybDATBgNVHSAE DDAKMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6 Ly9vY3NwLnNjYTFiLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDov L2NydC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3J0MAwGA1UdEwEB/wQC MAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2ACl5vvCeOTkh8FZzn2Old+W+ V32cYAr4+U1dJlwlXceEAAABemnx7tcAAAQDAEcwRQIgXeeiWOkJtbZoT1EdRNVK momwfFCOvcyG4W32LL+lQfgCIQCsUlz4tv6QoTrjyei2yDlu8f3DtvZYV+jMJyeC L4shJQB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXlAAABemnx7rsA AAQDAEcwRQIhAN6FnGNkb5nMgMExfDoSlUhXtieWw9Ngm4bwUzu/SSULAiB9DhYZ 1W9A1IQi8d3+18PYKUU70X7nno8OkyQWNsjLYQB3AEHIyrHfIkZKEMahOglCh15O MYsbA+vrS8do8JBilgb2AAABemnx7j4AAAQDAEgwRgIhAIiU/W5V+P1g25rXOFNB yFi415SEqmKdqVdOu2IaK8zaAiEAhBv+DknoczxRTirFSUWHIug+SiCM71zpONHC 36YtuvMwDQYJKoZIhvcNAQELBQADggEBAKOZXF+sGb+SNRByMIQkeZ9WgWlE/lds /CmZ4ky8e4KHuj454DrwEbu/0K43fdBTDVHY+xANyHI7ZJV9ysSMbVB7IL4Z1gC+ 1iV9EGC9oPu6VcFYDkaWIvVRMVPKyioYRHn1S11zmP3dypI+GpARgpFPI2rwzEUK nwVL6DIlG2Tcwk6oplKYHBbLiywt1dr6NfCtW5qGM/DCa6719XzGJySRX27vfHO6 cZm1MMgg2EPqH9f5mgtQo0pf7/inIJMiNxSiSbMrZTrdEdNhswMJIy4BKyWd5uPv e89RQOcgLUaUGih1eRewxecvq3Lrfpwtse+awtdgccSBG4OBbaOD4dQ= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/LDh+C73uwvbeXXPVYp yHWF12uW2BYjNH93IrV4IJ20eeGzV6cM3UQHDLaloyoJkQqE/eT4vW2xP+pyAqDH EGhq/DZ+qifLn4ucgDqLK2SSsrtfH6TPucHgW6zvkYJZIdbGgofRcvDu3LaYUcNr grvgvynMhHDw895VOM8I5ACw0JgYHREUG+cgtTOfwnFHuk2OizUfYqqOg8a30F60 9R4WuwkCDgsXhA4umygeFtwjt9qc7iCiLViDxiZlEuxRM6ewKRbN7a1rvpiTG6Th MrFP54bMLrd8QUUaakoe9qgQXLBXUX+cTONB1v4s7EDf2LRWpKdma+aMNH6LHUsf sQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 11096884527388387703835066014322861132 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-07-03 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-08-01 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.shopnation.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23221321096365006165636515295568863769381708019496041099628709618575354864059093458369673696756979807049875571419495272187244275011709094702382482484628409267532554720351491496966084893924239817023916207094020069967519093776400528670590590406864447191874019269356371562125257207448223250529226561759466370900841668419691370725377941654086105462133630681003894237919855511248968439894579770223033918780097355830510054806143883602653180778873498828169476390195830815229856085925924506524082617630528199265211116417111536964349967666328854355297617702299821585403497322226424611477722039748274496376291408786893830823857 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) c8bf129b1bbaca2115e26377d66deb6b66e7ba2f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (192 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.shopnation.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.fitnessmagazine.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.qa3.shopnation.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.allrecipes.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.more.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.staging.shopnation.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.qa1.shopnation.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.qa2.shopnation.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.bhg.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.parents.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes) 01690076002979bef09e393921f056739f63a577e5be577d9c600af8f94d5d265c255dc7840000017a69f1eed7000004030047304502205de7a258e909b5b6684f511d44d54a9a89b07c508ebdcc86e16df62cbfa541f8022100ac525cf8b6fe90a13ae3c9e8b6c8396ef1fdc3b6f65857e8cc2727822f8b212500760051a3b0f5fd01799c566db837788f0ca47acc1b27cbf79e88429a0dfed48b05e50000017a69f1eebb0000040300473045022100de859c63646f99cc80c1317c3a12954857b62796c3d3609b86f0533bbf49250b02207d0e1619d56f40d48422f1ddfed7c3d829453bd17ee79e8f0e93241636c8cb6100770041c8cab1df22464a10c6a13a0942875e4e318b1b03ebeb4bc768f090629606f60000017a69f1ee3e00000403004830460221008894fd6e55f8fd60db9ad7385341c858b8d79484aa629da9574ebb621a2bccda022100841bfe0e49e8733c514e2ac549458722e83e4a208cef5ce938d1c2dfa62dbaf3 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00a3995c5fac19bf92351072308424799f56816944fe576cfc2999e24cbc7b8287ba3e39e03af011bbbfd0ae377dd0530d51d8fb100dc8723b64957dcac48c6d507b20be19d600bed6257d1060bda0fbba55c1580e469622f5513153caca2a184479f54b5d7398fdddca923e1a901182914f236af0cc450a9f054be832251b64dcc24ea8a652981c16cb8b2c2dd5dafa35f0ad5b9a8633f0c26baef5f57cc62724915f6eef7c73ba7199b530c820d843ea1fd7f99a0b50a34a5feff8a72093223714a249b32b653add11d361b30309232e012b259de6e3ef7bcf5140e7202d46941a28757917b0c5e72fab72eb7e9c2db1ef9ac2d76071c4811b83816da383e1d4