directs.chemin-neuf.fr

Issued by Gandi Standard SSL CA 2

About this certificate

This digital certificate with serial number e7:63:93:e0:7c:48:0a:80:00:c0:ae:4b:c6:12:4a:a1 was issued on by Gandi.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage contains an inefficient encoding wherein the number of 'unused bits' is declared to be 5, but it should be 7. Raw Bytes: [3 2 5 128], Raw Binary: [00000011 00000010 00000101 10000000] RFC 5280 Section 4.2.1.3 describes the value of a KeyUsage to be a DER encoded BitString, which itself defines that all trailing 0 bits be counted as being "unused". (Where ITU-T Rec. X.680 | ISO/IEC 8824-1, 21.7, applies, the bitstring shall have all trailing 0 bits removed before it is encoded.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=directs.chemin-neuf.fr

Gandi

Organization: Gandi
State / Province: Paris
Locality: Paris
Country: FR

This certificate has expire since

Certificate Details

Serial Number (hex): e7:63:93:e0:7c:48:0a:80:00:c0:ae:4b:c6:12:4a:a1
Serial Number (int): 307568703715093888028529238050860059297
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: c5:f9:2b:92:71:a5:6e:b8:bc:61:a2:25:05:1c:53:aa:8e:79:26:43
AuthorityKeyId: b3:90:a7:d8:c9:af:4e:cd:61:3c:9f:7c:ad:5d:7f:41:fd:69:30:ea

Fingerprint (sha1): 1b:b3:a0:f7:f7:68:59:6e:17:33:87:f3:0f:e5:04:cd:4b:48:88:d9
Fingerprint (sha256): f8:18:fc:11:48:0d:74:65:ea:2e:7a:cb:bc:56:f3:99:7d:00:e9:cf:17:9c:47:19:f3:c8:1c:0e:97:0a:0f:af

Issuing Certificate URL: http://crt.usertrust.com/GandiStandardSSLCA2.crt

Revocation information

OCSP Server: http://ocsp.usertrust.com
CRL Distribution Point: http://crl.usertrust.com/GandiStandardSSLCA2.crl

Check the revocation status for certificate directs.chemin-neuf.fr

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for directs.chemin-neuf.fr

Public Key Algorithm

ECDSA

Key Size

256

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

directs.chemin-neuf.fr

Other certificates including the domain name chemin-neuf.fr

(limited to 100 certificates)
anyhonest.com
www.typo.nyc
www.csswand.dev
chemin-neuf.fr
summerschool.chemin-neuf.fr
summerschool-test.chemin-neuf.fr
www.chemin-neuf.fr
worshipteam.chemin-neuf.fr
welcometoparadise.chemin-neuf.fr
cdn.bitofertas.com
www.meetingo.co
www.chemin-neuf.fr
flockh.art
servicemall.in
welcometoparadise.chemin-neuf.fr
www.chemin-neuf.fr
www.chemin-neuf.fr
chemin-neuf.fr
worshipteam.chemin-neuf.fr
summerschool.chemin-neuf.fr
a-dev.vybeerai.com
songbook.chemin-neuf.fr
www.chemin-neuf.fr
welcometoparadise.chemin-neuf.fr
summerschool.chemin-neuf.fr
ecoledepriere.chemin-neuf.fr
worshipteam.chemin-neuf.fr
jeunes.chemin-neuf.fr
www.gerrylabs.com
worshipteam.chemin-neuf.fr
admin.powerauth.app
chemin-neuf.fr
worshipteam.chemin-neuf.fr
www.karmka.com
chemin-neuf.fr
www.chemin-neuf.fr
www.chemin-neuf.fr
www.chemin-neuf.fr
wordpress.chemin-neuf.fr
worshipteam.chemin-neuf.fr
mood.moodqualifies.com
welcometoparadise.chemin-neuf.fr
www.chemin-neuf.fr
worshipteam.chemin-neuf.fr
staging.coexister.fr
mordle.app
www.chemin-neuf.fr
www.wedzee.com
songbook.chemin-neuf.fr
jaycoelho.com
worshipteam.chemin-neuf.fr
goodnews.chemin-neuf.fr
welcometoparadise.chemin-neuf.fr
www.chemin-neuf.fr
worshipteam.chemin-neuf.fr
www.cana.org
anyhonest.com
sts.edu.pl
www.chemin-neuf.fr
summerschool.chemin-neuf.fr
zerojet.com
chemin-neuf.fr
www.chemin-neuf.fr
jeunes.chemin-neuf.fr
www.chemin-neuf.fr
ecoledepriere.chemin-neuf.fr
chemin-neuf.fr
www.jeunes.chemin-neuf.fr
wordpress.chemin-neuf.fr
campuson.childcareon.com
worshipteam.chemin-neuf.fr
www.chemin-neuf.fr
www.chemin-neuf.fr
summerschool.chemin-neuf.fr
blacklemonclub.com
www.vasaflygplats.fi
app.matchify.se
kenyaku.hills.cf
www.animestories.app
songbook.chemin-neuf.fr
www.chemin-neuf.fr
m.zchoolmate.com
m.zchoolmate.com
chemin-neuf.fr
fuvz.com
worshipteam.chemin-neuf.fr
jeunes.chemin-neuf.fr
www.chemin-neuf.fr
www.chemin-neuf.nl
worshipteam.chemin-neuf.fr
ecoledepriere.chemin-neuf.fr
welcometoparadise.chemin-neuf.fr
www.leibacker.se
welcometoparadise.chemin-neuf.fr
app-staging.brnkl.io
worshipteam.chemin-neuf.fr
servicemall.in
chemin-neuf.fr
directs.chemin-neuf.fr
chemin-neuf.fr

Certificate

The complete raw certificate details for directs.chemin-neuf.fr in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIE9DCCA9ygAwIBAgIRAOdjk+B8SAqAAMCuS8YSSqEwDQYJKoZIhvcNAQELBQAw
XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO
MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy
MB4XDTIwMDMyNTAwMDAwMFoXDTIxMDMyNTIzNTk1OVowITEfMB0GA1UEAxMWZGly
ZWN0cy5jaGVtaW4tbmV1Zi5mcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHqt
54w0tE5QxuRfycfYukmQwvwliHeXqKiqNZzzK8lELvG1QlYAvfwiDU9tjoIBDMhT
cgE8cR67oFcoEG/R//qjggKyMIICrjAfBgNVHSMEGDAWgBSzkKfYya9OzWE8n3yt
XX9B/Wkw6jAdBgNVHQ4EFgQUxfkrknGlbri8YaIlBRxTqo55JkMwDgYDVR0PAQH/
BAQDAgWAMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMEsGA1UdIAREMEIwNgYLKwYBBAGyMQECAhowJzAlBggrBgEFBQcCARYZaHR0
cHM6Ly9jcHMudXNlcnRydXN0LmNvbTAIBgZngQwBAgEwQQYDVR0fBDowODA2oDSg
MoYwaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRTU0xDQTIu
Y3JsMHMGCCsGAQUFBwEBBGcwZTA8BggrBgEFBQcwAoYwaHR0cDovL2NydC51c2Vy
dHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRTU0xDQTIuY3J0MCUGCCsGAQUFBzABhhlo
dHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMCEGA1UdEQQaMBiCFmRpcmVjdHMuY2hl
bWluLW5ldWYuZnIwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwB9PvL4j/+IVWgk
wsDKnlKJeSvFDngJfy5ql2iZfiLw1wAAAXERMmYKAAAEAwBIMEYCIQCyCgZ+r+yG
QUHBF50/PsJ/gX/pe0SpEriy9yZcSsNPlQIhAKNJlizMC26zv0rMtRfjFvfCUywJ
RrBWKXxOaXxvYyz7AHYAlCC8Ho7VjWyIcx+CiyIsDdHaTV5sT5Q9YdtOL1hNosIA
AAFxETJmSQAABAMARzBFAiEA3Ntr0d17lTiF3OQ4hDbT6I5lD4MhA+EJ9SMuDSF6
FAgCIGVlNPeYZaQTyQSIpJbjmSsfwVmB2AsAP+zGIEzuJUwHMA0GCSqGSIb3DQEB
CwUAA4IBAQCLpC3+jzOzYl7EWtCL60yujN8X16szMIWhKbRoPTpuTVeLNxMxKLyl
uK6TrX56OiUXMsKprnwIFxz6CdvfKzNucnbK+gjp17un7U3MfJa2+syEbdSmLIC5
ikUcArHaRJGXSD4zXE+G5mX77hNwD255vfGdKaU0tQpH44ItXJWSEru1WTPI4jaS
lGROHJ+lOP9PAEsG+gRPCN91Y4JgwrWBt0NEK5V+ZBxXDNFb+R8XnihzdDEsQmO5
bTkOYs2UC1ADjfAKtzyDY/glqowhEGHet7yIAAW0aUDtdhi2lJN0/qloa2MxT+kg
dWD+FkekN26zdSl4Rm0fB/5OH2tKGOuJ
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeq3njDS0TlDG5F/Jx9i6SZDC/CWI
d5eoqKo1nPMryUQu8bVCVgC9/CINT22OggEMyFNyATxxHrugVygQb9H/+g==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 307568703715093888028529238050860059297
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Paris'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Paris'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi Standard SSL CA 2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-25 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-03-25 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'directs.chemin-neuf.fr'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.2.1 (ecPublicKey)
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.3.1.7 (prime256v1)
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (520 bits)
				00047aade78c34b44e50c6e45fc9c7d8ba4990c2fc25887797a8a8aa359cf32bc9442ef1b5425600bdfc220d4f6d8e82010cc85372013c711ebba05728106fd1fffa
 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName b390a7d8c9af4ecd613c9f7cad5d7f41fd6930ea
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							c5f92b9271a56eb8bc61a225051c53aa8e792643
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							0580
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.26
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://cps.usertrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (58 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.usertrust.com/GandiStandardSSLCA2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (103 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.usertrust.com/GandiStandardSSLCA2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.usertrust.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'directs.chemin-neuf.fr'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f10077007d3ef2f88fff88556824c2c0ca9e5289792bc50e78097f2e6a9768997e22f0d7000001711132660a0000040300483046022100b20a067eafec864141c1179d3f3ec27f817fe97b44a912b8b2f7265c4ac34f95022100a349962ccc0b6eb3bf4accb517e316f7c2532c0946b056297c4e697c6f632cfb0076009420bc1e8ed58d6c88731f828b222c0dd1da4d5e6c4f943d61db4e2f584da2c200000171113266490000040300473045022100dcdb6bd1dd7b953885dce4388436d3e88e650f832103e109f5232e0d217a14080220656534f79865a413c90488a496e3992b1fc15981d80b003fecc6204cee254c07
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		008ba42dfe8f33b3625ec45ad08beb4cae8cdf17d7ab333085a129b4683d3a6e4d578b37133128bca5b8ae93ad7e7a3a251732c2a9ae7c08171cfa09dbdf2b336e7276cafa08e9d7bba7ed4dcc7c96b6facc846dd4a62c80b98a451c02b1da449197483e335c4f86e665fbee13700f6e79bdf19d29a534b50a47e3822d5c959212bbb55933c8e2369294644e1c9fa538ff4f004b06fa044f08df75638260c2b581b743442b957e641c570cd15bf91f179e287374312c4263b96d390e62cd940b50038df00ab73c8363f825aa8c211061deb7bc880005b46940ed7618b6949374fea9686b63314fe9207560fe1647a4376eb3752978466d1f07fe4e1f6b4a18eb89