koios.cs.uwaterloo.ca

Issued by R3

About this certificate

This digital certificate with serial number 04:a1:c1:72:96:dc:7b:b0:e1:15:6c:34:1e:dc:d0:32:96:6e was issued on by Let's Encrypt.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=koios.cs.uwaterloo.ca

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:a1:c1:72:96:dc:7b:b0:e1:15:6c:34:1e:dc:d0:32:96:6e
Serial Number (int): 403491740786170357728887629688722919954030
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 85:64:ab:b6:7e:6f:9b:9e:ef:da:45:cd:3c:3e:d1:23:35:fd:07:9f
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 57:5f:0f:93:dd:63:09:5a:57:3d:e0:42:f0:cf:79:7b:50:1e:cf:65
Fingerprint (sha256): 01:4c:cf:2f:1e:6c:a6:74:08:15:f8:de:4b:4c:24:03:55:6b:45:a1:e9:a4:69:69:a6:16:3c:8d:96:c6:cb:69

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate koios.cs.uwaterloo.ca

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for koios.cs.uwaterloo.ca

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

koios.cs.uwaterloo.ca

Other certificates including the domain name uwaterloo.ca

(limited to 100 certificates)
cn-ipam-mc.uwaterloo.ca
rshiny.math.uwaterloo.ca
bolek.uwaterloo.ca
cemc2.math.uwaterloo.ca
icinga.cscf.uwaterloo.ca
cryptoworks21.uwaterloo.ca
bonavista.uwaterloo.ca
git.iqc.uwaterloo.ca
env-emp-vlnx1.uwaterloo.ca
wstore.uwaterloo.ca
epark1.uwaterloo.ca
databace.scisat.ca
www.cs.uwaterloo.ca
ppcentre.uwaterloo.ca
s4b-ec2-fe-ext.uwaterloo.ca
sneaky.uwaterloo.ca
wiki.uwaterloo.ca
ibis.uwaterloo.ca
account.watcard.uwaterloo.ca
cte-blog.uwaterloo.ca
subjectguides.uwaterloo.ca
aurora.uwaterloo.ca
uwhvz.uwaterloo.ca
o365activation.uwaterloo.ca
www.igloosoftware.com
cemc2.math.uwaterloo.ca
cclr.uwaterloo.ca
quark.uwaterloo.ca
shop.uwaterloo.ca
mailservices.uwaterloo.ca
canadianfoodstudies.uwaterloo.ca
koios.cs.uwaterloo.ca
www.igloosoftware.com
multicom-pc20.uwaterloo.ca
env-gisdev.uwaterloo.ca
learntest.uwaterloo.ca
blockchain-group.cs.uwaterloo.ca
evaluate.uwaterloo.ca
info.uwaterloo.ca
lineone.uwaterloo.ca
webreg.uwaterloo.ca
nagios.cscf.uwaterloo.ca
aurora.uwaterloo.ca
epark.uwaterloo.ca
cn-vpn.uwaterloo.ca
ahs-jitsi.uwaterloo.ca
rcs.uwaterloo.ca
wchound.uwaterloo.ca
sasfilemaker.math.uwaterloo.ca
mmm.eng.uwaterloo.ca
essex.uwaterloo.ca
contensis.uwaterloo.ca
www.civil.uwaterloo.ca
cclr.uwaterloo.ca
lineone.uwaterloo.ca
chesp.uwaterloo.ca
learndev3.uwaterloo.ca
ugtwo.uwaterloo.ca
smbp.uwaterloo.ca
library.uwaterloo.ca
2fa.uwaterloo.ca
secure.ce.uwaterloo.ca
cn-vpn.uwaterloo.ca
shop.uwaterloo.ca
styx-reserve.shoshin.uwaterloo.ca
iis1.nexus.uwaterloo.ca
iisweb2.nexus.uwaterloo.ca
uwhvz.uwaterloo.ca
www.eng.uwaterloo.ca
shop.uwaterloo.ca
cewil.uwaterloo.ca
lss.uwaterloo.ca
rt.uwaterloo.ca
ne111.uwaterloo.ca
sslvs06.igloosoftware.com
uqml.iqc.uwaterloo.ca
env-kix-tours.uwaterloo.ca
learndevdav.uwaterloo.ca
qoqiwiki.iqc.uwaterloo.ca
learn.uwaterloo.ca
wcms-training.uwaterloo.ca
mansci045.uwaterloo.ca
ctf.uwaterloo.ca
sesoc.uwaterloo.ca
courseware.cemc.uwaterloo.ca
healthy.uwaterloo.ca
ivc.uwaterloo.ca
mansci045.uwaterloo.ca
courses.math.uwaterloo.ca
artsonline.uwaterloo.ca
staff.retailservices.uwaterloo.ca
ist.uwaterloo.ca
himrod-reserve.cs.uwaterloo.ca
wiki.math.uwaterloo.ca
macduff.private.uwaterloo.ca
wcms-training.uwaterloo.ca
quest.pecs.uwaterloo.ca
libanswers.uwaterloo.ca
stargroup.uwaterloo.ca
mansci045e.uwaterloo.ca

Certificate

The complete raw certificate details for koios.cs.uwaterloo.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGLzCCBRegAwIBAgISBKHBcpbce7DhFWw0HtzQMpZuMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTA2MjQxNTQ3MDZaFw0yMTA5MjIxNTQ3MDVaMCAxHjAcBgNVBAMT
FWtvaW9zLmNzLnV3YXRlcmxvby5jYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
AgoCggIBAK8bB0NOwbGUil/12707tJ2wuHtkNV7bufwyEUzumrIA0+A7AsUulDw1
xVO0Svli8TC/SsV1+JgJNaxjFv4+Syvr9ptoO5ThCW3ymK9jlHie1QK8btkSVU+A
jQNpsydfEyc3hRgX8e0YCAID/8Gef1UinqQkK7AMGhAWfkxls+/nbkjP+Jnusz+c
BZoETibrjxDtGxTYOJSicjMI4foyYW4WeyxcpdR9NB5/brmKBWaWtLB3tDYO+McD
s08k+vj6geQQpcU+Oom55+/JZ3nLRudFKIUUylC/JUQv20ihbtuh5B+F+lXrsw7G
coC+rqp8O4RWnuXTmMEfj5zSgvI9f+MhS2j705Ke79c5WRklrS6vVpp/QZUXEWOe
2ansOvDz0P3IcBCEWFgk72amTbdJpDage9Kd3wQzwzB731e2xmR3HTLyk+eF3wf9
kQqvquZwn1G7SVMk5QUjhfWH39SaN3z367hnw9f3mTzzqabgc7iHsdNMLqMqPyYD
zHAv7RdY6idasj7i28ieo0y7Rv/0rd4IXt7ZAbtqOUujCs1mGgrfNA74Aykst5LY
KWgWnIvvursiEvEfoSZMh0oC/yWsGSC43sjL2CJ/onmXit13NQ1YWDmYBlmVpWRS
f2YYCMb+6sef3ek2o/r2Sh3zGNJZzGf7OJyKS25jHmFtiwQt0PDhAgMBAAGjggJP
MIICSzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIVkq7Z+b5ue79pFzTw+0SM1/Qef
MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkw
RzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAC
hhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCAGA1UdEQQZMBeCFWtvaW9zLmNzLnV3
YXRlcmxvby5jYTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAo
MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisG
AQQB1nkCBAIEgfQEgfEA7wB1AJQgvB6O1Y1siHMfgosiLA3R2k1ebE+UPWHbTi9Y
TaLCAAABej7q/2cAAAQDAEYwRAIgdAiJmXiR6ZibKljM7IuiOlOGsqsTisf1GF+V
bjd1Z6YCIHGQt3eT5pEEGP9wYIj94rdIkQJrHzmrAze2hy2FHDXEAHYA9lyUL9F3
MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF6Pur/WAAABAMARzBFAiBP9MnF
XbuKL7qbbTBmRw3ySSAcVrSnJEHHiUXYryT+bAIhAKATcpAFsbA7IF/FSjsexruO
h2Vw/cNg2XZa6yAGHTU+MA0GCSqGSIb3DQEBCwUAA4IBAQCvcwy7l3pmz/D3V97N
AMQDMm0k42wd2HjJpIDJKPiH6btayB4xjPWq37cerhtf0xD9fb0tC6pSBEIhQZIm
z02C5PSxGR3A7Ar4xiHYcMe1OAyOPSOQJhed1pci7izlVrNncQxH1pCpMOxpZHbA
hqkUyI3xw8oR0pl+MI33f5JXk/kRZLDgXtiRBSdEz1mzGFndocphLOZLVxGE6zbA
U11p/lL7WVPxsTN3QmWWQrhR6FIPqt8F1mbXPvS3hr9bK2LhiA+Ykphx6drGh5ab
eSCMtZe6H/6XDfb4irnoohjRfsF1Yuhi2du8qbeD7eVtIAAkCv2zmGlMS/j8/aqO
8PzK
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxsHQ07BsZSKX/XbvTu0
nbC4e2Q1Xtu5/DIRTO6asgDT4DsCxS6UPDXFU7RK+WLxML9KxXX4mAk1rGMW/j5L
K+v2m2g7lOEJbfKYr2OUeJ7VArxu2RJVT4CNA2mzJ18TJzeFGBfx7RgIAgP/wZ5/
VSKepCQrsAwaEBZ+TGWz7+duSM/4me6zP5wFmgROJuuPEO0bFNg4lKJyMwjh+jJh
bhZ7LFyl1H00Hn9uuYoFZpa0sHe0Ng74xwOzTyT6+PqB5BClxT46ibnn78lnectG
50UohRTKUL8lRC/bSKFu26HkH4X6VeuzDsZygL6uqnw7hFae5dOYwR+PnNKC8j1/
4yFLaPvTkp7v1zlZGSWtLq9Wmn9BlRcRY57Zqew68PPQ/chwEIRYWCTvZqZNt0mk
NqB70p3fBDPDMHvfV7bGZHcdMvKT54XfB/2RCq+q5nCfUbtJUyTlBSOF9Yff1Jo3
fPfruGfD1/eZPPOppuBzuIex00wuoyo/JgPMcC/tF1jqJ1qyPuLbyJ6jTLtG//St
3ghe3tkBu2o5S6MKzWYaCt80DvgDKSy3ktgpaBaci++6uyIS8R+hJkyHSgL/JawZ
ILjeyMvYIn+ieZeK3Xc1DVhYOZgGWZWlZFJ/ZhgIxv7qx5/d6Taj+vZKHfMY0lnM
Z/s4nIpLbmMeYW2LBC3Q8OECAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 403491740786170357728887629688722919954030
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-06-24 15:47:06 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-09-22 15:47:05 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'koios.cs.uwaterloo.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 714368438983731728455494350493791999841658975552739100921237312861133740828955960025661673839236392187482948134056489083099562078866979460752797860217200776852845933530879824910527110848532821563629476301240910856920601700796304874726853005559144522183512712337847551718095266781176520410704005550289350596529465663077292429913952001031121687622541733242913528000621595149761234659882097341869764755286134795244201798231991707125689735442807702165621579933077802422488587092184868597768765380663820064709925204793857954747682938219918609430753379330868650717570327950484560011097561385920319699789917216179672740940543194988874532978901508215976379144091118013633833123258038007935886539818730403844189073464596837826140305469153131894123591502626774950720691309348850499649540803919692901514170288022683676418615294421002370190512831110090755842441498395119217745044562507472874913668138685516373259075908279461863972277521535773799213243767176765959452082476968387417837658676717507200071116300463463148103834237096700877005734896448126763156794170181200822106892559352353707777720062991996130785647376986172867546417319545948300972749566843814883001723924084255300655017744316659511607832281962243368269553784785048760022983569633
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8564abb67e6f9b9eefda45cd3c3ed12335fd079f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'koios.cs.uwaterloo.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef0075009420bc1e8ed58d6c88731f828b222c0dd1da4d5e6c4f943d61db4e2f584da2c20000017a3eeaff6700000403004630440220740889997891e9989b2a58ccec8ba23a5386b2ab138ac7f5185f956e377567a602207190b77793e6910418ff706088fde2b74891026b1f39ab0337b6872d851c35c4007600f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e30000017a3eeaff58000004030047304502204ff4c9c55dbb8a2fba9b6d3066470df249201c56b4a72441c78945d8af24fe6c022100a013729005b1b03b205fc54a3b1ec6bb8e876570fdc360d9765aeb20061d353e
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00af730cbb977a66cff0f757decd00c403326d24e36c1dd878c9a480c928f887e9bb5ac81e318cf5aadfb71eae1b5fd310fd7dbd2d0baa52044221419226cf4d82e4f4b1191dc0ec0af8c621d870c7b5380c8e3d239026179dd69722ee2ce556b367710c47d690a930ec696476c086a914c88df1c3ca11d2997e308df77f925793f91164b0e05ed891052744cf59b31859dda1ca612ce64b571184eb36c0535d69fe52fb5953f1b1337742659642b851e8520faadf05d666d73ef4b786bf5b2b62e1880f98929871e9dac687969b79208cb597ba1ffe970df6f88ab9e8a218d17ec17562e862d9dbbca9b783ede56d2000240afdb398694c4bf8fcfdaa8ef0fcca