staging.gpblog.com

Issued by GTS CA 1D2

About this certificate

This digital certificate with serial number 59:ec:7b:d8:82:17:d3:60:09:00:00:00:00:09:66:83 was issued on by Google Trust Services.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=staging.gpblog.com

Google Trust Services

Organization: Google Trust Services
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 59:ec:7b:d8:82:17:d3:60:09:00:00:00:00:09:66:83
Serial Number (int): 119529185573397939006820921538886854275
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: b0:9b:d5:b2:66:f5:f7:e8:fc:bd:f4:3c:d6:0e:a7:88:d3:b2:2a:6e
AuthorityKeyId: b1:dd:32:5d:e8:b7:37:72:d2:ce:5c:ce:26:fe:47:79:e2:01:08:e9

Fingerprint (sha1): 0c:55:d8:14:3e:de:a4:d1:a0:96:1b:56:90:e8:08:d0:34:22:72:00
Fingerprint (sha256): ff:07:3f:90:b2:df:27:b4:79:13:81:af:87:09:25:5c:f0:76:eb:7b:c9:ae:db:6e:f6:87:79:6b:09:8f:b3:61

Issuing Certificate URL: http://pki.goog/gsr2/GTS1D2.crt

Revocation information

OCSP Server: http://ocsp.pki.goog/gts1d2
CRL Distribution Point: http://crl.pki.goog/GTS1D2.crl

Check the revocation status for certificate staging.gpblog.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for staging.gpblog.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

staging.gpblog.com

Other certificates including the domain name gpblog.com

(limited to 100 certificates)
adsparc-consent.gpblog.com
t13.bandwidthplace.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
pb-1234.qa.gpblog.com
files-staging.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
cdn.gpblog.com
adsparc-consent.gpblog.com
admin.pb-1234.qa.gpblog.com
adsparc-consent.gpblog.com
t13.bandwidthplace.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
admin.pb-5428.qa.bright.nl
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
gpblog.com
www.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
staging.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
staging.gpblog.com
next.admin.pb-1258.qa.gpblog.com
adsparc-consent.gpblog.com
staging.gpblog.com
adsparc-consent.gpblog.com
gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
admin.pb-5078.qa.bright.nl
adsparc-consent.gpblog.com
admin.pb-5590.qa.bright.nl
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
*.gpblog.com
staging.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
adsparc-consent.gpblog.com
cdn.gpblog.com
adsparc-consent.gpblog.com
admin.pb-5120.qa.bright.nl
adsparc-consent.gpblog.com
staging.gpblog.com
admin.pb-5185.qa.bright.nl

Certificate

The complete raw certificate details for staging.gpblog.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgIQWex72IIX02AJAAAAAAlmgzANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMw
EQYDVQQDEwpHVFMgQ0EgMUQyMB4XDTIwMDIwMjIwNTkxNFoXDTIwMDUwMjIwNTkx
NFowHTEbMBkGA1UEAxMSc3RhZ2luZy5ncGJsb2cuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAzqSWHg/WdAnFPnDnK5OjTDZJotUQfGcTO2Ukxcai
GY/tSNvJl44ehZ5hAX5fyB2SCpmpQyRP3/PFs31pZEr5wNiq5X1hJa8GwuAiU+Sb
9CPYhbn7gj8+yp0IKab8TEWUsxrtDV2oVR7iRkmaKAKGIzdN40n6QmTL8/7E2nmn
cmk2sHGJhE1sI4k97Dc/K4QkifSbtx5pMNnFO/2LQ5F3j29blKygACOJGEQcIKXo
hU2Cs0CKH3RVofQW6gz18wDgnRIs0Duf9HWho+KxgCaz3Az8xruSvtrlQaumNDrq
cHMp/rYwszIlHT7cLCMkcsLvPbV+dG/75rI1GgKfdf1RzQIDAQABo4ICWDCCAlQw
DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFLCb1bJm9ffo/L30PNYOp4jTsipuMB8GA1UdIwQYMBaAFLHd
Ml3otzdy0s5czib+R3niAQjpMGQGCCsGAQUFBwEBBFgwVjAnBggrBgEFBQcwAYYb
aHR0cDovL29jc3AucGtpLmdvb2cvZ3RzMWQyMCsGCCsGAQUFBzAChh9odHRwOi8v
cGtpLmdvb2cvZ3NyMi9HVFMxRDIuY3J0MB0GA1UdEQQWMBSCEnN0YWdpbmcuZ3Bi
bG9nLmNvbTAhBgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMC8GA1Ud
HwQoMCYwJKAioCCGHmh0dHA6Ly9jcmwucGtpLmdvb2cvR1RTMUQyLmNybDCCAQQG
CisGAQQB1nkCBAIEgfUEgfIA8AB1ALIeBcyLos2KIE6HZvkruYolIGdr2vpw57JJ
Uy3vi5BeAAABcAfqNhQAAAQDAEYwRAIgJOOaiAGIOClaALV3PeXujgBF8kFDK2bZ
5NRb1l/LcNsCIEoh/Lh6tIeKsVM0OcdYVA4eeheG+xhYtAvny+Ko9nrfAHcAXqdz
+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFwB+o2OwAABAMASDBGAiEA
7aZdpwgeKUaxzdCrChbW8tiMeK2nPODImJ7AQk8mR3QCIQD0xTrgSHXhzeafXuaC
DplEQolYkA7MoTI/YKrYw8u8XjANBgkqhkiG9w0BAQsFAAOCAQEAbcZ5WbysKlaX
vedAkKUzhhMxffBvgbQZ7nFkzXj4IAyxARrCi6PgIIG0qPXS0dsKXG0iUZIZA5E9
p+5yvOLMezszldA5HzLjSie9cFZcdzNA0b7Q2Prf604y3/Xu1aCxzX8sCgDET98R
4UFlaT8fuqbHgp5QvkHJ8zC+/AxHQ0X3C17eOfFGPDuK/0L9Re+mbPAsvFzWXPC9
uV/5FxSg4Ijt4L+dkSvkMMuMIcXnTiJ5n5u/OH9glW236NXkyydK5hJrbA2tV3Yv
VKdFZbynhEruHsMHVB3jwI8NzZ59oVlIKUgaC6dhtgeutYR/RXRvmuIzQxh8K+LN
iFoppVfkig==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqSWHg/WdAnFPnDnK5Oj
TDZJotUQfGcTO2UkxcaiGY/tSNvJl44ehZ5hAX5fyB2SCpmpQyRP3/PFs31pZEr5
wNiq5X1hJa8GwuAiU+Sb9CPYhbn7gj8+yp0IKab8TEWUsxrtDV2oVR7iRkmaKAKG
IzdN40n6QmTL8/7E2nmncmk2sHGJhE1sI4k97Dc/K4QkifSbtx5pMNnFO/2LQ5F3
j29blKygACOJGEQcIKXohU2Cs0CKH3RVofQW6gz18wDgnRIs0Duf9HWho+KxgCaz
3Az8xruSvtrlQaumNDrqcHMp/rYwszIlHT7cLCMkcsLvPbV+dG/75rI1GgKfdf1R
zQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 119529185573397939006820921538886854275
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Google Trust Services'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GTS CA 1D2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-02-02 20:59:14 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-05-02 20:59:14 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'staging.gpblog.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26086251399874204149529526787079288163325205602825673163239387758648395669516926519368001463841989723354379148143754641554965011636803512747323082476763952429517841357773047677928569448915441184934622012970173489420630483420111312951404366193458678150976501040893782327777519888787241234958274175924906189501578986983793913470791573255330228451945513017084733578453526554110463007236514320783824326052794202768394447068008099283239784392789047499563819696582969473943978099810888502984419318431804295570563916864413316289513095902279805139417705372788513148703218910000728387756828937835011616050479985946377368457677
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b09bd5b266f5f7e8fcbdf43cd60ea788d3b22a6e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName b1dd325de8b73772d2ce5cce26fe4779e20108e9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (88 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.pki.goog/gts1d2'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://pki.goog/gsr2/GTS1D2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.gpblog.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.5.3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.pki.goog/GTS1D2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007500b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e0000017007ea36140000040300463044022024e39a88018838295a00b5773de5ee8e0045f241432b66d9e4d45bd65fcb70db02204a21fcb87ab4878ab1533439c758540e1e7a1786fb1858b40be7cbe2a8f67adf0077005ea773f9df56c0e7b536487dd049e0327a919a0c84a1121284187596817145580000017007ea363b0000040300483046022100eda65da7081e2946b1cdd0ab0a16d6f2d88c78ada73ce0c8989ec0424f264774022100f4c53ae04875e1cde69f5ee6820e9944428958900ecca1323f60aad8c3cbbc5e
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		006dc67959bcac2a5697bde74090a5338613317df06f81b419ee7164cd78f8200cb1011ac28ba3e02081b4a8f5d2d1db0a5c6d2251921903913da7ee72bce2cc7b3b3395d0391f32e34a27bd70565c773340d1bed0d8fadfeb4e32dff5eed5a0b1cd7f2c0a00c44fdf11e14165693f1fbaa6c7829e50be41c9f330befc0c474345f70b5ede39f1463c3b8aff42fd45efa66cf02cbc5cd65cf0bdb95ff91714a0e088ede0bf9d912be430cb8c21c5e74e22799f9bbf387f60956db7e8d5e4cb274ae6126b6c0dad57762f54a74565bca7844aee1ec307541de3c08f0dcd9e7da1594829481a0ba761b607aeb5847f45746f9ae23343187c2be2cd885a29a557e48a