mbg.hnrc.tufts.edu

Issued by R3

About this certificate

This digital certificate with serial number 03:5b:02:46:00:d7:aa:a3:17:3a:41:8b:b2:31:24:a0:55:8e was issued on by Let's Encrypt.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=mbg.hnrc.tufts.edu

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:5b:02:46:00:d7:aa:a3:17:3a:41:8b:b2:31:24:a0:55:8e
Serial Number (int): 292305575118944671941552714288438498579854
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: d6:4b:a3:9e:00:ee:f0:cb:1e:58:a8:2d:da:cc:89:61:cf:b3:a6:cd
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 63:39:80:12:e8:c3:db:c5:8a:29:84:4a:8c:16:5e:fb:af:ff:ec:27
Fingerprint (sha256): 02:8b:23:ad:4f:c9:69:be:4e:86:e5:af:9f:1d:23:53:24:14:94:64:d0:d8:7d:3c:60:6b:1b:5e:29:99:e1:08

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate mbg.hnrc.tufts.edu

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for mbg.hnrc.tufts.edu

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

mbg.hnrc.tufts.edu
micollab.hnrc.tufts.edu
webconf.hnrc.tufts.edu

Other certificates including the domain name tufts.edu

(limited to 100 certificates)
amtrust.kinnser.com
statuspage.io
sfunder1cert.net
filemaker.it.tufts.edu
tcu.tufts.edu
*.hr.tufts.edu
*.studentservices.tufts.edu
us.prod.campusgroups.com
csdd.tufts.edu
artgalleries.tufts.edu
statuspage.io
statuspage.io
spamblocker.uit.tufts.edu
grad.tufts.edu
csdd.tufts.edu
statuspage.io
cluster3.technolutions.net
www.net.tufts.edu
hrss.uit.tufts.edu
us.prod.campusgroups.com
conferences.tufts.edu
sis.uit.tufts.edu
amtrust.kinnser.com
tuftsjournal.tufts.edu
5674368789118976-fe3.pantheonsite.io
exchange.tufts.edu
uconnectlabs.com
issquaredown.com
trustees.tufts.edu
webdav.ase.tufts.edu
support10.cdnetworks.net
it.tufts.edu
statuspage.io
amtrust.kinnser.com
dental150.tufts.edu
webcenter2.studentservices.tufts.edu
cluster3.technolutions.net
sisweb-prod-01.uit.tufts.edu
*.it.tufts.edu
support10.cdnetworks.net
5649202965118976-fe1.pantheonsite.io
cluster2.technolutions.net
researchstorage.uit.tufts.edu
devtutorfinder.studentservices.tufts.edu
support10.cdnetworks.net
5692592335355904-fe2.pantheonsite.io
tcu.tufts.edu
us.prod.campusgroups.com
sfunder19cert.net
mbg.hnrc.tufts.edu
ereqtest.uit.tufts.edu
view.e.tufts.edu
tufts.edu
waddc05.tufts.ad.tufts.edu
tcu.tufts.edu
gradase.admissions.tufts.edu
www.tcu.tufts.edu
support10.cdnetworks.net
support10.cdnetworks.net
statuspage.io
statuspage.io
conferences.tufts.edu
fis.uit.tufts.edu
www.tcu.tufts.edu
statuspage.io
info.gordon.tufts.edu
wfinauditprd01.tufts.ad.tufts.edu
statuspage.io
tusc.tufts.edu
sso365.tufts.edu
support10.cdnetworks.net
uconnectlabs.com
yakamafish-star.net
n002.offcampuspartners.com
tac.admissions.tufts.edu
n002.offcampuspartners.com
statuspage.io
www.nutritionletter.tufts.edu
uconnectlabs.com
support10.cdnetworks.net
admissions.tufts.edu
offcampushousing.fau.edu
5649202965118976-fe1.pantheonsite.io
gradhlthsci.admissions.tufts.edu
*.tufts.edu
hrss.uit.tufts.edu
eventrsvp.tufts.edu
*.it.tufts.edu
streetfilms.org
us.prod.campusgroups.com
5649202965118976-fe1.pantheonsite.io
statuspage.io
*.perseus.tufts.edu
irb.viceprovost.tufts.edu
cds2.cvent.com
*.atech.tufts.edu
5673497447628800-fe2.pantheonsite.io
n002.offcampuspartners.com
tufts.edu
ugrad.admissions.tufts.edu

Certificate

The complete raw certificate details for mbg.hnrc.tufts.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGWzCCBUOgAwIBAgISA1sCRgDXqqMXOkGLsjEkoFWOMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA0MTYwNzIyMzRaFw0yMzA3MTUwNzIyMzNaMB0xGzAZBgNVBAMT
Em1iZy5obnJjLnR1ZnRzLmVkdTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBAM9P2d0S2ns0yYXyeKRDJ76fTPbc0HmSvtWugjg8Jd8YGOu+vj4kkQsiujfW
QeyP522k7dMWiuim4AerZN98hq5ACrMfa0kRI2ENn1n+vliiTijJz2qtp7vr4+Gl
LnEl6Ug70ZrJvA3AEFEOiz2RthnTgkADxjrHG97Ben/CMsXqTnXTuYGR4pxZyKqe
1e41elx1/cLHW6YLH10GPmaiKqoVpDzO8KRtYtHJAJr6D4clLaP4T8kzYIhFrkW6
d2nrRoxsfo46hbuCeyo3GPmyO8ACQYT7t7y+GE+DXGiuH58P0kOsZvI/Sdv07YLz
PJ3eFnVrx80Wbn/Yll09wZxE1hZIvbVj5NT01QcuIPYyFHLnZqk4XOUuMGTYAeF5
xWU8xP8rLZ9a0w+m0Eh/QIlU53dBQMZK/3ecrmtf5LDJJWFq7TPAln4K+KuU5Oy/
Awr+/5TnFt5tuoqeBfBQ0l4PXqqi47R79qW8fff5ZsLuG/9kZukhGRQprIC4AWfL
BV/QNZsQ8m0ZrBZ5l4dhCKocvqCz7eVgZmVH3e+IEJ13gLvbe7ylEoNZg14l/60C
wzDlquwvCEcwJuAyaJpcyUSRMWO0fSrWhuOz9umcNDbCclTDLzJ/iwuE0X5jvx7x
6EUZd/OE/BuGjrnDzwUGTKVvu8c7O6h/sgGFdvyByCGm/ITlAgMBAAGjggJ+MIIC
ejAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNZLo54A7vDLHlioLdrMiWHPs6bNMB8G
A1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAh
BggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZo
dHRwOi8vcjMuaS5sZW5jci5vcmcvME4GA1UdEQRHMEWCEm1iZy5obnJjLnR1ZnRz
LmVkdYIXbWljb2xsYWIuaG5yYy50dWZ0cy5lZHWCFndlYmNvbmYuaG5yYy50dWZ0
cy5lZHUwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggr
BgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5
AgQCBIH1BIHyAPAAdwB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAA
AYeJKKQAAAAEAwBIMEYCIQCxyRgrhHXLWLRVdJ0TBnrJrqCrNKw7QloPescVKJrF
fAIhAOrRACAvKynjpLEVpUmTK5WGvekaYYcL9NYyYXk6OnQHAHUA6D7Q2j71BjUy
51covIlryQPTy9ERa+zraeF3fW0GvW4AAAGHiSij3wAABAMARjBEAiAqZHubidCn
DXv1VDiXoead4A+MwUwB222dVUldfklhUwIgaL8pTm7/OtKotA5I2zG8kVXIu8gp
qEaV6MIQyFY7nC4wDQYJKoZIhvcNAQELBQADggEBACsYspqCqgzBvJcaUs/BV9Vn
8UJLt6axdAlhinXm7LFaKOecTt+gMPNg/TgUtnezS7ouStvCWMKT4vAfE+clDnFZ
9N19Yl+ldtnXblrGjtAsnpPGhEs6ehBHPEgNyRkemdjcHE45cclt707Y7nKJT8ti
7yMxcaF4bK/a6Z5gZ9ki3c9Cg++finE3YFB6e+wakkgGzuQZ4/ziB74nGflZTiXD
lyMDNdsn8eHS6esFmYmHW+T2t6OYYXTILYti1usK1UPQpGbgOL12ntrnlmS2ud77
ud4VhUKLQL/+5/C3Xp/r/5eTJ2YDB9IRkTFY054jgj9OxMr99am75JnfuIGlMoQ=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz0/Z3RLaezTJhfJ4pEMn
vp9M9tzQeZK+1a6CODwl3xgY676+PiSRCyK6N9ZB7I/nbaTt0xaK6KbgB6tk33yG
rkAKsx9rSREjYQ2fWf6+WKJOKMnPaq2nu+vj4aUucSXpSDvRmsm8DcAQUQ6LPZG2
GdOCQAPGOscb3sF6f8IyxepOddO5gZHinFnIqp7V7jV6XHX9wsdbpgsfXQY+ZqIq
qhWkPM7wpG1i0ckAmvoPhyUto/hPyTNgiEWuRbp3aetGjGx+jjqFu4J7KjcY+bI7
wAJBhPu3vL4YT4NcaK4fnw/SQ6xm8j9J2/TtgvM8nd4WdWvHzRZuf9iWXT3BnETW
Fki9tWPk1PTVBy4g9jIUcudmqThc5S4wZNgB4XnFZTzE/ystn1rTD6bQSH9AiVTn
d0FAxkr/d5yua1/ksMklYWrtM8CWfgr4q5Tk7L8DCv7/lOcW3m26ip4F8FDSXg9e
qqLjtHv2pbx99/lmwu4b/2Rm6SEZFCmsgLgBZ8sFX9A1mxDybRmsFnmXh2EIqhy+
oLPt5WBmZUfd74gQnXeAu9t7vKUSg1mDXiX/rQLDMOWq7C8IRzAm4DJomlzJRJEx
Y7R9KtaG47P26Zw0NsJyVMMvMn+LC4TRfmO/HvHoRRl384T8G4aOucPPBQZMpW+7
xzs7qH+yAYV2/IHIIab8hOUCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 292305575118944671941552714288438498579854
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-04-16 07:22:34 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-07-15 07:22:33 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'mbg.hnrc.tufts.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 845758836842255287392268229077108383822378479000535960739883919922751778153570475946158199520628963521216104099848491509180203960851889810052202573374717475766006774517528478787519143218468342181039207846019375222957970635066903791238632023497872140885763411613467076941018029373896445814490735575971045877709450439304112285932165254580186197664151874336187537308811390995076766076990448347972555187519162438109087190707633092280805989890941797973334918427535553233536532160010734286024843583463625880605328472626354765569788452168670371399953061183129309045946499725004994269892600993695331054981938748726556214515100323498750912886046842159237141193095774582777577075797828274167539028097771563495166411392864997750708434726486582463914338606029210610740333923141366084612487203019974652873883547411981828164570279527770219825048754272421086271988564651318107762768316748975343095542818188872900663880627259693592775138526652625174675760373906047461895285781827334710120627918047683228496822610471306495457856146647589411251217236240790140386666748871374762100802783301480760692805775103229246679032728470553837668024545878672704070700561346057771763323315964215999185163823007786467256347989566139460126222635557286418563215426789
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d64ba39e00eef0cb1e58a82ddacc8961cfb3a6cd
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (71 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mbg.hnrc.tufts.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'micollab.hnrc.tufts.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webconf.hnrc.tufts.edu'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f00077007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb52000001878928a4000000040300483046022100b1c9182b8475cb58b455749d13067ac9aea0ab34ac3b425a0f7ac715289ac57c022100ead100202f2b29e3a4b115a549932b9586bde91a61870bf4d63261793a3a7407007500e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e000001878928a3df000004030046304402202a647b9b89d0a70d7bf5543897a1e69de00f8cc14c01db6d9d55495d7e496153022068bf294e6eff3ad2a8b40e48db31bc9155c8bbc829a84695e8c210c8563b9c2e
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		002b18b29a82aa0cc1bc971a52cfc157d567f1424bb7a6b17409618a75e6ecb15a28e79c4edfa030f360fd3814b677b34bba2e4adbc258c293e2f01f13e7250e7159f4dd7d625fa576d9d76e5ac68ed02c9e93c6844b3a7a10473c480dc9191e99d8dc1c4e3971c96def4ed8ee72894fcb62ef233171a1786cafdae99e6067d922ddcf4283ef9f8a713760507a7bec1a924806cee419e3fce207be2719f9594e25c397230335db27f1e1d2e9eb059989875be4f6b7a3986174c82d8b62d6eb0ad543d0a466e038bd769edae79664b6b9defbb9de1585428b40bffee7f0b75e9febff979327660307d211913158d39e23823f4ec4cafdf5a9bbe499dfb881a53284