Server Certificate Detail
The certificate is in ASN.1 DER binary encoding. This encoding consists of records in the following sequence: type tag, length, data.

The type tag contains the following information:
  • type class (2 bits): universal, application, context-specific, or private
  • constructed (1 bit): set if the record consists of smaller records
  • type (5 bits): if type class is universal then type indicates integer, ASCII string, Object ID, etc.
Certificate Sequence 30 82 03 21
Sequence of three entries follows: the certificate info, the signature algorithm, and the signature.
  • 30 - constructed universal type sequence
  • 82 03 21 - long-form length of 0x321 (801) bytes
Certificate Info Sequence 30 82 02 09
Sequence of certificate info follows.
  • 30 - constructed universal type sequence
  • 82 02 09 - long-form sequence length of 0x209 (521) bytes
Version a0 03 02 01 02
Certificate version 0x2 - assigned value for "v3"
  • a0 - constructed context-specific type [0]
  • 03 - length of 0x3 (3) bytes
  • 02 - universal type integer
  • 01 - integer length of 0x1 bytes
  • 02 - integer value of 2
Serial Number 02 08 15 5a 92 ad c2 04 8f 90
Sequence number 0x155a92adc2048f90
  • 02 - universal type integer
  • 08 - integer length of 0x8 (8) bytes
  • 15 5a 92 ad c2 04 8f 90 - integer value of 0x155a92adc2048f90
Algorithm 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00
Algorithm SHA256 with RSA Encryption, null params.
  • 30 - constructed universal type sequence
  • 0d - sequence length of 0xD (13) bytes
  • 06 - universal type object id (OID)
  • 09 - OID length of 0x9 (9) bytes
  • 2a 86 48 86 f7 0d 01 01 0b - OID 1.2.840.113549.1.1.11 "Sha256WithRSAEncryption"
  • 05 - universal type null (parameters)
  • 00 - null length of 0x0 (0) bytes
Issuer Sequence 30 22
Sequence of items making up the Issuer name follow.
  • 30 - constructed universal type sequence
  • 22 - sequence length of 0x22 (34) bytes
Country 31 0b 30 09 06 03 55 04 06 13 02 55 53
Country "US"
  • 31 - constructed universal type set
  • 0b - set length of 0xB (11) bytes
  • 30 - constructed universal type sequence
  • 09 - sequence length of 0x9 (9) bytes
  • 06 - universal type object ID (OID)
  • 03 55 04 06 - OID 2.5.4.6 "Country"
  • 13 - universal type printablestring
  • 02 - printable string length 0x2 (2) bytes
  • 55 53 - "US"
Organizational Unit 31 13 30 11 06 03 55 04 0a 13 0a 45 78 61 6d 70 6c 65 20 43 41
Organizational Unit "Example CA"
  • 31 - constructed universal type set
  • 13 - set length of 0x13 (19) bytes
  • 30 - constructed universal type sequence
  • 11 - sequence length of 0x11 (17) bytes
  • 06 - universal type object ID (OID)
  • 03 55 04 0a - OID 2.5.4.10 "OrganizationalUnit"
  • 13 - universal type printablestring
  • 0a - printable string length 0xA (10) bytes
  • 45 78 61 6d 70 6c 65 20 43 41 - "Example CA"
Validity 30 1e 17 0d 31 38 31 30 30 35 30 31 33 38 31 37 5a 17 0d 31 39 31 30 30 35 30 31 33 38 31 37 5a
Valid from 2018-10-05 01:38:17 GMT to 2019-10-05 01:38:17 GMT
  • 30 - constructed universal type sequence
  • 1e - set length of 0x1E (30) bytes
  • 17 - universal type utctime
  • 0d - utctime length 0xD (13) bytes
  • 31 38 31 30 30 35 30 31 33 38 31 37 5a - "181005013817Z"
  • 17 - universal type utctime
  • 0d - utctime length 0xD (13) bytes
  • 31 39 31 30 30 35 30 31 33 38 31 37 5a - "191005013817Z"
Subject Sequence 30 2b
Sequence of items making up the subject of this certificate follow.
  • 30 - constructed universal type sequence
  • 2b - sequence length of 0x2B (43) bytes
Country 31 0b 30 09 06 03 55 04 06 13 02 55 53
Country "US"
  • 31 - constructed universal type set
  • 0b - set length of 0xB (11) bytes
  • 30 - constructed universal type sequence
  • 09 - sequence length of 0x9 (9) bytes
  • 06 - universal type object ID (OID)
  • 03 - OID length 0x3 (3) bytes
  • 55 04 06 - OID 2.5.4.6 "Country"
  • 13 - universal type printablestring
  • 02 - printable string length 0x2 (2) bytes
  • 55 53 - "US"
Common Name 31 1c 30 1a 06 03 55 04 03 13 13 65 78 61 6d 70 6c 65 2e 75 6c 66 68 65 69 6d 2e 6e 65 74
Common Name "example.ulfheim.net"
  • 31 - constructed universal type set
  • 1c - set length of 0x1C (28) bytes
  • 30 - constructed universal type sequence
  • 1a - sequence length of 0x1A (26) bytes
  • 06 - universal type object ID (OID)
  • 03 - OID length 0x3 (3) bytes
  • 55 04 03 - OID 2.5.4.3 "CommonName"
  • 13 - universal type printablestring
  • 13 - printable string length 0x13 (19) bytes
  • 65 78 61 6d 70 6c 65 2e 75 6c 66 68 65 69 6d 2e 6e 65 74 - "example.ulfheim.net"
Public Key 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 c4 80 36 06 ba e7 47 6b 08 94 04 ec a7 b6 91 04 3f f7 92 bc 19 ee fb 7d 74 d7 a8 0d 00 1e 7b 4b 3a 4a e6 0f e8 c0 71 fc 73 e7 02 4c 0d bc f4 bd d1 1d 39 6b ba 70 46 4a 13 e9 4a f8 3d f3 e1 09 59 54 7b c9 55 fb 41 2d a3 76 52 11 e1 f3 dc 77 6c aa 53 37 6e ca 3a ec be c3 aa b7 3b 31 d5 6c b6 52 9c 80 98 bc c9 e0 28 18 e2 0b f7 f8 a0 3a fd 17 04 50 9e ce 79 bd 9f 39 f1 ea 69 ec 47 97 2e 83 0f b5 ca 95 de 95 a1 e6 04 22 d5 ee be 52 79 54 a1 e7 bf 8a 86 f6 46 6d 0d 9f 16 95 1a 4c f7 a0 46 92 59 5c 13 52 f2 54 9e 5a fb 4e bf d7 7a 37 95 01 44 e4 c0 26 87 4c 65 3e 40 7d 7d 23 07 44 01 f4 84 ff d0 8f 7a 1f a0 52 10 d1 f4 f0 d5 ce 79 70 29 32 e2 ca be 70 1f df ad 6b 4b b7 11 01 f4 4b ad 66 6a 11 13 0f e2 ee 82 9e 4d 02 9d c9 1c dd 67 16 db b9 06 18 86 ed c1 ba 94 21 02 03 01 00 01
Provides public key and its type (RSA)
  • 30 - constructed universal type sequence
  • 82 01 22 - long-form sequence length 0x122 (290 bytes)
  • 30 - constructed universal type sequence
  • 0d - sequence length 0xD (13) bytes
  • 06 - universal type object id (OID)
  • 09 - OID length of 0x9 (9) bytes
  • 2a 86 48 86 f7 0d 01 01 01 - OID 1.2.840.113549.1.1.1 (RSA Encryption)
  • 05 - universal type null (parameters)
  • 00 - null length of 0x0 (0) bytes
  • 03 - universal type bitstring
  • 82 01 0f - long-form bitstring length 0x10f (271) bytes
  • 00 - right-pad bitstring by 0 bits
  • 30 82 01 ... 01 00 01 - public key
Extensions a3 52 30 50
Extension data follows.
  • a3 - constructed context-specific type [3]
  • 52 - length of 0x52 (82) bytes
  • 30 - constructed universal sequence
  • 50 - sequence length of 0x50 (80) bytes
Extension - Key Usage 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0
Key Usage: digitalSignature and keyEncipherment
  • 30 - constructed universal type sequence
  • 0e - sequence length of 0xE (14) bytes
  • 06 - universal type object id (OID)
  • 03 - OID length of 0x3 (3) bytes
  • 55 1d 0f - OID 2.5.29.15 "KeyUsage"
  • 01 - universal type boolean
  • 01 - boolean length 0x1 (1) bytes
  • ff - boolean value "true" (extension is critical)
  • 04 - universal type octetstring
  • 04 - octetstring length 0x4 (4) bytes
  • (octetstring is a DER document as follows):
  • 03 - universal type bitstring
  • 02 - bitstring length 0x2 (2) bytes
  • 05 - right-pad bitstring by 5 bits
  • a0 - bits 0 (digitalSignature) and 2 (keyEncipherment) are set
Extension - Extended Key Usage 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 02 06 08 2b 06 01 05 05 07 03 01
Indicates the cert is valid as a TLS client cert and/or server cert.
  • 30 - constructed universal type sequence
  • 1d - sequence length of 0x1D (29) bytes
  • 06 - universal type object id (OID)
  • 03 - OID length of 0x3 (3) bytes
  • 55 1d 25 - OID 2.5.29.25 "ExtendedKeyUsage"
  • 04 - universal type octetstring
  • 16 - octetstring length 0x16 (22) bytes
  • (octetstring is a DER document as follows):
  • 30 - constructed universal type sequence
  • 14 - sequence length 0x14 (20) bytes
  • 06 - universal type object id (OID)
  • 08 - OID length of 0x8 (8) bytes
  • 2b 06 01 05 05 07 03 02 - OID 1.3.6.1.5.5.7.3.2 "id-kp-clientAuth"
  • 06 - universal type object id (OID)
  • 08 - OID length of 0x8 (8) bytes
  • 2b 06 01 05 05 07 03 01 - OID 1.3.6.1.5.5.7.3.2 "id-kp-serverAuth"
Extension - Authority Key Identifier 30 1f 06 03 55 1d 23 04 18 30 16 80 14 89 4f de 5b cc 69 e2 52 cf 3e a3 00 df b1 97 b8 1d e1 c1 46
Indicates the CA's public key to be used to verify the certificate's signature.
  • 30 - constructed universal type sequence
  • 1f - sequence length of 0x1F (31) bytes
  • 06 - universal type object id (OID)
  • 03 - OID length of 0x3 (3) bytes
  • 55 1d 23 - OID 2.5.29.23 "AuthorityKeyIdentifier"
  • 04 - universal type octetstring
  • 18 - octetstring length 0x18 (24) bytes
  • (octetstring is a DER document as follows):
  • 30 - constructed universal type sequence
  • 16 - sequence length 0x16 (22) bytes
  • 80 - context-specific type [0]
  • 14 - length of 0x14 (20) bytes
  • 89 4f ... c1 46 - octet string identifying the public key
Signature Algorithm 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00
The signature algorithm: SHA256 with RSA Encryption, null params.
  • 30 - constructed universal type sequence
  • 0d - sequence length of 0xD (13) bytes
  • 06 - universal type object ID (OID)
  • 09 - OID length of 0x9 (9) bytes
  • 2a 86 48 86 f7 0d 01 01 0b - OID 1.2.840.113549.1.1.11 "Sha256WithRSAEncryption"
  • 05 - universal type null (params)
  • 00 - null length 0x0 (0) bytes
Signature 03 82 01 01 00 59 16 45 a6 9a 2e 37 79 e4 f6 dd 27 1a ba 1c 0b fd 6c d7 55 99 b5 e7 c3 6e 53 3e ff 36 59 08 43 24 c9 e7 a5 04 07 9d 39 e0 d4 29 87 ff e3 eb dd 09 c1 cf 1d 91 44 55 87 0b 57 1d d1 9b df 1d 24 f8 bb 9a 11 fe 80 fd 59 2b a0 39 8c de 11 e2 65 1e 61 8c e5 98 fa 96 e5 37 2e ef 3d 24 8a fd e1 74 63 eb bf ab b8 e4 d1 ab 50 2a 54 ec 00 64 e9 2f 78 19 66 0d 3f 27 cf 20 9e 66 7f ce 5a e2 e4 ac 99 c7 c9 38 18 f8 b2 51 07 22 df ed 97 f3 2e 3e 93 49 d4 c6 6c 9e a6 39 6d 74 44 62 a0 6b 42 c6 d5 ba 68 8e ac 3a 01 7b dd fc 8e 2c fc ad 27 cb 69 d3 cc dc a2 80 41 44 65 d3 ae 34 8c e0 f3 4a b2 fb 9c 61 83 71 31 2b 19 10 41 64 1c 23 7f 11 a5 d6 5c 84 4f 04 04 84 99 38 71 2b 95 9e d6 85 bc 5c 5d d6 45 ed 19 90 94 73 40 29 26 dc b4 0e 34 69 a1 59 41 e8 e2 cc a8 4b b6 08 46 36 a0
The signature.
  • 03 - universal type bitstring
  • 82 01 01 - long-form bitstring length 0x101 (257) bytes
  • 00 - right-padded by 0x0 (0) bits
  • 59 16 .. 36 a0 - signature
[print]