ssl.smugmug.com

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 03:29:06:34:ec:2c:1b:0d:20:17:44:3d:80:d1:97:f8:a8:6b was issued on by Let's Encrypt.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=ssl.smugmug.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:29:06:34:ec:2c:1b:0d:20:17:44:3d:80:d1:97:f8:a8:6b
Serial Number (int): 275296684996593647823411765846703173314667
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: e6:9a:0b:d8:69:59:51:57:5e:a5:30:f8:7a:67:5d:2d:89:07:e8:85
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): 50:2c:ad:f1:07:bc:9f:58:f6:fb:e2:fd:01:23:55:45:e7:86:41:5f
Fingerprint (sha256): 00:3a:84:0d:b5:56:94:21:0a:f0:a7:bd:ad:45:bb:2c:db:ea:80:d1:be:17:96:90:94:be:fc:59:01:3d:fd:7d

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate ssl.smugmug.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ssl.smugmug.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ssl.smugmug.com
www.rebecapryor.com

Other certificates including the domain name smugmug.com

(limited to 100 certificates)
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
statuspage.io
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com
ssl.smugmug.com

Certificate

The complete raw certificate details for ssl.smugmug.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGazCCBVOgAwIBAgISAykGNOwsGw0gF0Q9gNGX+KhrMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAzMTgxNTEzMTNaFw0x
OTA2MTYxNTEzMTNaMBoxGDAWBgNVBAMTD3NzbC5zbXVnbXVnLmNvbTCCAiIwDQYJ
KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKJ3kSV4odnVQYJinQheL6lByZo42mgp
FgNQH+it94EElQErOpW8ULFWceUx2aqrQ8Po2t45v+kyQSlT87HYgyepKOl3iyzI
ARrYB/5bV2waKzLVEk8QvO0uhdiOh/1f3uiSCbIplE227D6s6bKfsf9APeNXdPnW
aPoYwA/cyzPmYwCk3p8oo8ai8jhR3V3ivq4OOBLw8lxddD7IfM3LQxYeGeAHXyWp
t6IklJ3Ur/mbEAKRxMv2c5jcPlaEdIONKZufGQKIhMCa/xr+tpOAm6LUpgNuyC/e
EyoXRU+ne4HMx53mp+QIpgnZQASaZxI+DqDKdohBhFo2xJH661n3OfIrEsqFd6n9
xL9yVAme+OZww3Msojya2+9NsasmeHylHwMg+LgUdpEdtBtnC8DtQ+6w21G1O7nf
cCoWKX9JmXwrOt00DJB1k0FunMC9XSZJvXvje5vrDUihikTK/vJBg3hcxqWH1MaO
hTGExsvkLIoWhQ8J2PRk1uiBnvLnYTknybIqWnPxxnjiCEqQk+xNo8vUE6HvXy4v
66RaIuw4BrPKJ18QuOse7VyfZ0h6ThpsIUOyWAjsqIpHP94CPmC0EDGzRuK5bqfb
MBjtgfxZYs1Osd5QlEd0EL5bwVVvIC9XNS5I4tFpacqbycBHJd16gNWBjW3QzW4b
Z9gC9VtAL0zNAgMBAAGjggJ5MIICdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOaa
C9hpWVFXXqUw+HpnXS2JB+iFMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/z
qOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50
LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50
LXgzLmxldHNlbmNyeXB0Lm9yZy8wLwYDVR0RBCgwJoIPc3NsLnNtdWdtdWcuY29t
ghN3d3cucmViZWNhcHJ5b3IuY29tMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysG
AQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQu
b3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAdH7agzGtMxCRIZzOJU9CcMK/
/V5CIAjGNzV55hB7zFYAAAFpkZQQLAAABAMARzBFAiEA8TXq0H2QB3HKMmAo2pDG
2g1GhaZdQ/3sA5xTgMU8vm0CIG7ud992bGxENDb5EbWCgi2MGdyuUov9teJxnniH
AtSnAHYAY/Lbzeg7zCzPC3KEJ1drM6SNYXePvXWmOLHHaFRL2I0AAAFpkZQQagAA
BAMARzBFAiEAiBzPTxKLg1VPk+WGVZ4FVN7yrIp1nPvgyycm53jCSvcCIAi18Z5e
3E1/IaC/98J+gyxRPDRLFjKGROzLj/YjbQ+xMA0GCSqGSIb3DQEBCwUAA4IBAQBS
1BjAQFjysJbzKCQb2CkoVsOUbW+b85Kg4zlw9MvbetL74Os3SW/o/Vn+Bn1lDtsw
nUO95FuZSYejtQd/Q7jdrx2khcCfZdGFnvb3y8ZkosmpQin5kTEl7Oc16/LC+TRa
KYmVsUAG2YawP1eI2RELhhVDklz2Z+NXNwcKD9ztyoYHUwai5H7vdtoQ4eHYpQQG
DP8nG3MC1HL2M1AZqjm6vznnO+EFd4Q7tr9KkrfquNAKDVoSxotP9UqIVgE69peu
7tSArU3jFWA1AANemma0VdPrU11jKDhRpYUESP4ICXn8gBKNYZzLYl+lviYduCpe
Ghv2Wc9ki/ZjLb395cL3
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoneRJXih2dVBgmKdCF4v
qUHJmjjaaCkWA1Af6K33gQSVASs6lbxQsVZx5THZqqtDw+ja3jm/6TJBKVPzsdiD
J6ko6XeLLMgBGtgH/ltXbBorMtUSTxC87S6F2I6H/V/e6JIJsimUTbbsPqzpsp+x
/0A941d0+dZo+hjAD9zLM+ZjAKTenyijxqLyOFHdXeK+rg44EvDyXF10Psh8zctD
Fh4Z4AdfJam3oiSUndSv+ZsQApHEy/ZzmNw+VoR0g40pm58ZAoiEwJr/Gv62k4Cb
otSmA27IL94TKhdFT6d7gczHnean5AimCdlABJpnEj4OoMp2iEGEWjbEkfrrWfc5
8isSyoV3qf3Ev3JUCZ745nDDcyyiPJrb702xqyZ4fKUfAyD4uBR2kR20G2cLwO1D
7rDbUbU7ud9wKhYpf0mZfCs63TQMkHWTQW6cwL1dJkm9e+N7m+sNSKGKRMr+8kGD
eFzGpYfUxo6FMYTGy+QsihaFDwnY9GTW6IGe8udhOSfJsipac/HGeOIISpCT7E2j
y9QToe9fLi/rpFoi7DgGs8onXxC46x7tXJ9nSHpOGmwhQ7JYCOyoikc/3gI+YLQQ
MbNG4rlup9swGO2B/FlizU6x3lCUR3QQvlvBVW8gL1c1Lkji0WlpypvJwEcl3XqA
1YGNbdDNbhtn2AL1W0AvTM0CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 275296684996593647823411765846703173314667
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-03-18 15:13:13 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-16 15:13:13 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ssl.smugmug.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 662807771490322166747722410057806202672548846375379101454919060876003321933780129325787259160749445422575929748171254805592355959805382688526039450098452784556072337666459543756304344493535946475119743912034912811147032671349018691799569248204651427624981141955383484140563924992302501939504799386653848123176023351816428818732407138253833647667906277362193006854509493597103609755825850467572080188896773358184729152755074291228295410846385652130783188052967426179329308150167457135684612338035286535318244833176568381337017041079730774834177020559545477087124495020750660296281167167142694837546236683470950158525795620084424066201179270056795429583676914838235217649585739270056776744360195593831047349392586006724772190159381579488784259048201478016181773105261508236528632831691061894837254795223987919889449591412364180121034991365545301545779412034850283361486632024840332551040522586469401809494390941262363796470721249852125196995389208370804217042872931541520841792666094985085142939097611030215342829482652232823963148430691212269053765292114313420250994678376819359995578755801108397708202972269594818224219418396846413632918040807846402374463112022124445011510374156292416279674906866298711407775651129319788643833826509
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e69a0bd8695951575ea530f87a675d2d8907e885
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ssl.smugmug.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rebecapryor.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56000001699194102c0000040300473045022100f135ead07d900771ca326028da90c6da0d4685a65d43fdec039c5380c53cbe6d02206eee77df766c6c443436f911b582822d8c19dcae528bfdb5e2719e788702d4a700760063f2dbcde83bcc2ccf0b728427576b33a48d61778fbd75a638b1c768544bd88d000001699194106a0000040300473045022100881ccf4f128b83554f93e586559e0554def2ac8a759cfbe0cb2726e778c24af7022008b5f19e5edc4d7f21a0bff7c27e832c513c344b16328644eccb8ff6236d0fb1
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0052d418c04058f2b096f328241bd8292856c3946d6f9bf392a0e33970f4cbdb7ad2fbe0eb37496fe8fd59fe067d650edb309d43bde45b994987a3b5077f43b8ddaf1da485c09f65d1859ef6f7cbc664a2c9a94229f9913125ece735ebf2c2f9345a298995b14006d986b03f5788d9110b861543925cf667e35737070a0fdcedca86075306a2e47eef76da10e1e1d8a504060cff271b7302d472f6335019aa39babf39e73be10577843bb6bf4a92b7eab8d00a0d5a12c68b4ff54a8856013af697aeeed480ad4de315603500035e9a66b455d3eb535d63283851a5850448fe080979fc80128d619ccb625fa5be261db82a5e1a1bf659cf648bf6632dbdfde5c2f7