How to correctly decode __VIEWSTATE if is unencrypted?


I’m manually testing a web application. When I read __VIEWSTATE fields they seem to be encoded in base64. I tried to decode them using http://viewstatedecoder.azurewebsites.net/

anyway this message appears

32 byte(s) left over, perhaps an HMACSHA256 signature?

Does this mean that __VIEWSTATE is just partially encrypted? How can I be sure of what part is readable?