mapri.kaiserpermanente.org
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:8a:84:14:fa:c6:28:97:d5:2a:75:8a:1f:fa:a9:74:29:3c was issued on by Let's Encrypt.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=mapri.kaiserpermanente.org
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:8a:84:14:fa:c6:28:97:d5:2a:75:8a:1f:fa:a9:74:29:3cSerial Number (int): 308471391458053167535174121636695385581884
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: e8:57:22:46:c3:41:a3:6f:22:8b:d0:72:90:95:cc:f8:40:b7:2f:61
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): 34:dd:6e:9a:de:df:9b:79:57:88:76:c7:12:02:0e:eb:1a:95:fe:06
Fingerprint (sha256): 03:81:46:fe:a7:7f:82:f9:c9:4c:2b:ec:d3:19:c2:53:f0:5f:ae:91:6e:e4:e8:fe:7a:7e:bf:5c:09:d5:10:91
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.org/Check the revocation status for certificate mapri.kaiserpermanente.org
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for mapri.kaiserpermanente.org
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
8 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
mapri.kaiserpermanente.org
Other certificates including the domain name kaiserpermanente.org
(limited to 100 certificates)
national-implantregistries.kaiserpermanente.org
researchdatacollect-test.kaiserpermanente.org
inthecommunity-ncal.kaiserpermanente.org
dev10.kaiserpermanente.org
www.scalclinicalops.kaiserpermanente.org
wa-producer.kaiserpermanente.org
fs010.kaiserpermanente.org
lookinside.kaiserpermanente.org
healthtrac.kaiserpermanente.org
garfieldcenter.kaiserpermanente.org
insider.kaiserpermanente.org
lookinside.kaiserpermanente.org
smu.kaiserpermanente.org
ss021.kaiserpermanente.org
neuroptresidency.kaiserpermanente.org
insidekpncal.kaiserpermanente.org
graduate-physicaltherapy-education.kaiserpermanente.org
virtualconnect.kaiserpermanente.org
excellence-midatlantic.kaiserpermanente.org
kpwit.kaiserpermanente.org
wa-clinician-dev.kaiserpermanente.org
cosmeticdermatology-midatlantic.kaiserpermanente.org
pharmacyresidency.kaiserpermanente.org
kpa-prod.kaiserpermanente.org
earlystart.kaiserpermanente.org
excellence-midatlantic.kaiserpermanente.org
fsso-ebiz.kaiserpermanente.org
academic.gsm.cornell.edu
insidekpncal.kaiserpermanente.org
mapri.kaiserpermanente.org
san-9-s7.tlsprovisioning.exacttarget.com
healthplans.kaiserpermanente.org
api.kaiserpermanente.org
earlystart.kaiserpermanente.org
divisionofresearchapp.kaiserpermanente.org
etpgeorgia.kaiserpermanente.org
hearingcenterhawaii.kaiserpermanente.org
kphealthconnectnews.kaiserpermanente.org
academic.gsm.cornell.edu
volunteer-ncal.kaiserpermanente.org
tridion.ns-cmd-mas-dmz-pr.k8s.cmd.tpmg.kaiserpermanente.org
cosmeticdermatology-midatlantic.kaiserpermanente.org
northwest-hospitals.kaiserpermanente.org
apply-individual-family-dev-p01.appl.kaiserpermanente.org
somtitleix.kaiserpermanente.org
lookinside.kaiserpermanente.org
general-agencies-california.kaiserpermanente.org
fortherecord.kaiserpermanente.org
physiciancareers.kaiserpermanente.org
onelinkinfo.kaiserpermanente.org
insidecmi.kaiserpermanente.org
researchbank.kaiserpermanente.org
tridion.ns-cmd-mas-dmz-pr.k8s.cmd.tpmg.kaiserpermanente.org
national-implantregistries.kaiserpermanente.org
renewmyplan-colorado.kaiserpermanente.org
mapri.kaiserpermanente.org
www.scal-gem.kaiserpermanente.org
rws.ns-cmd-nlp-dv.k8s.cmd.tpmg.kaiserpermanente.org
graduate-physicaltherapy-education.kaiserpermanente.org
fs10.kaiserpermanente.org
kpmatters-scal.kaiserpermanente.org
tro.kaiserpermanente.org
wa-momentum.kaiserpermanente.org
wa-member2.kaiserpermanente.org
equityinclusionanddiversity.kaiserpermanente.org
insidekpncal.kaiserpermanente.org
garfieldcenter.kaiserpermanente.org
excellence-midatlantic.kaiserpermanente.org
scholarsacademy.kaiserpermanente.org
hospice-ncal.kaiserpermanente.org
insidecmi.kaiserpermanente.org
stage2.newsmedia.kaiserpermanente.org
quality-patient-safety.kaiserpermanente.org
volunteer-ncal.kaiserpermanente.org
fs050.kaiserpermanente.org
qa-staging.cmd.kaiserpermanente.org
dev10.kaiserpermanente.org
testmy.kaiserpermanente.org
pharmacyresidency.kaiserpermanente.org
individual-family-pp.kaiserpermanente.org
fd-ebiz.kaiserpermanente.org
cosmeticdermatology-midatlantic.kaiserpermanente.org
KAISER PERMANENTE
bariatric-northerncalifornia.kaiserpermanente.org
dev10.kaiserpermanente.org
divisionofresearch.kaiserpermanente.org
lookinside.kaiserpermanente.org
insidekpncal.kaiserpermanente.org
bariatric-northerncalifornia.kaiserpermanente.org
tridion.ns-cmd-mas-dmz-pr.k8s.cmd.tpmg.kaiserpermanente.org
fs010.kaiserpermanente.org
rt1.kaiserpermanente.org
hospice-ncal.kaiserpermanente.org
inthecommunity-ncal.kaiserpermanente.org
kpwit.kaiserpermanente.org
tpmgawards.kaiserpermanente.org
cancercare.kaiserpermanente.org
midatlanticapplicationtool.kaiserpermanente.org
national-implantregistries.kaiserpermanente.org
community.kp.org
researchdatacollect-test.kaiserpermanente.org
inthecommunity-ncal.kaiserpermanente.org
dev10.kaiserpermanente.org
www.scalclinicalops.kaiserpermanente.org
wa-producer.kaiserpermanente.org
fs010.kaiserpermanente.org
lookinside.kaiserpermanente.org
healthtrac.kaiserpermanente.org
garfieldcenter.kaiserpermanente.org
insider.kaiserpermanente.org
lookinside.kaiserpermanente.org
smu.kaiserpermanente.org
ss021.kaiserpermanente.org
neuroptresidency.kaiserpermanente.org
insidekpncal.kaiserpermanente.org
graduate-physicaltherapy-education.kaiserpermanente.org
virtualconnect.kaiserpermanente.org
excellence-midatlantic.kaiserpermanente.org
kpwit.kaiserpermanente.org
wa-clinician-dev.kaiserpermanente.org
cosmeticdermatology-midatlantic.kaiserpermanente.org
pharmacyresidency.kaiserpermanente.org
kpa-prod.kaiserpermanente.org
earlystart.kaiserpermanente.org
excellence-midatlantic.kaiserpermanente.org
fsso-ebiz.kaiserpermanente.org
academic.gsm.cornell.edu
insidekpncal.kaiserpermanente.org
mapri.kaiserpermanente.org
san-9-s7.tlsprovisioning.exacttarget.com
healthplans.kaiserpermanente.org
api.kaiserpermanente.org
earlystart.kaiserpermanente.org
divisionofresearchapp.kaiserpermanente.org
etpgeorgia.kaiserpermanente.org
hearingcenterhawaii.kaiserpermanente.org
kphealthconnectnews.kaiserpermanente.org
academic.gsm.cornell.edu
volunteer-ncal.kaiserpermanente.org
tridion.ns-cmd-mas-dmz-pr.k8s.cmd.tpmg.kaiserpermanente.org
cosmeticdermatology-midatlantic.kaiserpermanente.org
northwest-hospitals.kaiserpermanente.org
apply-individual-family-dev-p01.appl.kaiserpermanente.org
somtitleix.kaiserpermanente.org
lookinside.kaiserpermanente.org
general-agencies-california.kaiserpermanente.org
fortherecord.kaiserpermanente.org
physiciancareers.kaiserpermanente.org
onelinkinfo.kaiserpermanente.org
insidecmi.kaiserpermanente.org
researchbank.kaiserpermanente.org
tridion.ns-cmd-mas-dmz-pr.k8s.cmd.tpmg.kaiserpermanente.org
national-implantregistries.kaiserpermanente.org
renewmyplan-colorado.kaiserpermanente.org
mapri.kaiserpermanente.org
www.scal-gem.kaiserpermanente.org
rws.ns-cmd-nlp-dv.k8s.cmd.tpmg.kaiserpermanente.org
graduate-physicaltherapy-education.kaiserpermanente.org
fs10.kaiserpermanente.org
kpmatters-scal.kaiserpermanente.org
tro.kaiserpermanente.org
wa-momentum.kaiserpermanente.org
wa-member2.kaiserpermanente.org
equityinclusionanddiversity.kaiserpermanente.org
insidekpncal.kaiserpermanente.org
garfieldcenter.kaiserpermanente.org
excellence-midatlantic.kaiserpermanente.org
scholarsacademy.kaiserpermanente.org
hospice-ncal.kaiserpermanente.org
insidecmi.kaiserpermanente.org
stage2.newsmedia.kaiserpermanente.org
quality-patient-safety.kaiserpermanente.org
volunteer-ncal.kaiserpermanente.org
fs050.kaiserpermanente.org
qa-staging.cmd.kaiserpermanente.org
dev10.kaiserpermanente.org
testmy.kaiserpermanente.org
pharmacyresidency.kaiserpermanente.org
individual-family-pp.kaiserpermanente.org
fd-ebiz.kaiserpermanente.org
cosmeticdermatology-midatlantic.kaiserpermanente.org
KAISER PERMANENTE
bariatric-northerncalifornia.kaiserpermanente.org
dev10.kaiserpermanente.org
divisionofresearch.kaiserpermanente.org
lookinside.kaiserpermanente.org
insidekpncal.kaiserpermanente.org
bariatric-northerncalifornia.kaiserpermanente.org
tridion.ns-cmd-mas-dmz-pr.k8s.cmd.tpmg.kaiserpermanente.org
fs010.kaiserpermanente.org
rt1.kaiserpermanente.org
hospice-ncal.kaiserpermanente.org
inthecommunity-ncal.kaiserpermanente.org
kpwit.kaiserpermanente.org
tpmgawards.kaiserpermanente.org
cancercare.kaiserpermanente.org
midatlanticapplicationtool.kaiserpermanente.org
national-implantregistries.kaiserpermanente.org
community.kp.org
Certificate
The complete raw certificate details for mapri.kaiserpermanente.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFGDCCBACgAwIBAgISA4qEFPrGKJfVKnWKH/qpdCk8MA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAyMDQxODIyMDBaFw0x NzA1MDUxODIyMDBaMCUxIzAhBgNVBAMTGm1hcHJpLmthaXNlcnBlcm1hbmVudGUu b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyEFrVDFA3IGz0YR FgYbBnIHV3KdVk1CYJT14gNSi0uJBUdrP0dFNPstTwcm8Y/hfct8b/yDpy4es3yK RL41wF3ywngCc3QeXKIm/u5eucgDMpcuEkJBlzCDsrhLdwSFBSF3euXZ/3yHeizp vIr152nHLVrCXSuG25yyFtO89e3Rd6sC3Ym/pJC2VsnoqawRYffQHLtYOOzMQQVg 3xflp5LCsrTdVSds+DgNYKn8eXkpu4nwwbEoCG6wbyGMv2e9D4QQq97bmu+JMJ/f UNSefhf2vfue7VdR4C3/8UAYKRy8LtXDqDOwwRfTJDw9v7scjOAtwAUM8HzvTo5M qjswCwIDAQABo4ICGzCCAhcwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBToVyJGw0Gj byKL0HKQlcz4QLcvYTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBw BggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14My5s ZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMu bGV0c2VuY3J5cHQub3JnLzAlBgNVHREEHjAcghptYXByaS5rYWlzZXJwZXJtYW5l bnRlLm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEw gdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggr BgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVk IHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ug d2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0 c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAPzD2+ uLoor0eZ9CTv/jPyhSp7XWU+BEijjpjSfkuTFsRtEYqo4QJUiAOhPVRylFCFR4OB wU94NnBcILxvub2jIxZQ964C2EQ4ZfNAjit3c/r+YjiOZ5WdJcAoia4SXKyiTD1I vJESO5vWE7F35cJ0j6Cd5kdsATq7XA8RV1nxyGcXDwH8v1qFYTGzj+bAv6+d/5pF hz4oFlewt7tR50SYYd4vPyrYkwvrnZX+j0RPArFdZnD9hJz4+Pfyb3oWyYnHGZ3h /QYJlEWLIal4e2Qcql8V9y4+3kCoaW8bDmCnrlMB9hT2QBwHgCpGaLzfxM6EMY6T 2zQcqBxWEqJjh3QD -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyEFrVDFA3IGz0YRFgYb BnIHV3KdVk1CYJT14gNSi0uJBUdrP0dFNPstTwcm8Y/hfct8b/yDpy4es3yKRL41 wF3ywngCc3QeXKIm/u5eucgDMpcuEkJBlzCDsrhLdwSFBSF3euXZ/3yHeizpvIr1 52nHLVrCXSuG25yyFtO89e3Rd6sC3Ym/pJC2VsnoqawRYffQHLtYOOzMQQVg3xfl p5LCsrTdVSds+DgNYKn8eXkpu4nwwbEoCG6wbyGMv2e9D4QQq97bmu+JMJ/fUNSe fhf2vfue7VdR4C3/8UAYKRy8LtXDqDOwwRfTJDw9v7scjOAtwAUM8HzvTo5Mqjsw CwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 308471391458053167535174121636695385581884 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-02-04 18:22:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-05-05 18:22:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'mapri.kaiserpermanente.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23622846870464173312531268626271824945049261998000216251878661045291083020618092499696844678234092135268466966983419059587332839790276676862925904079508801268292173185102223096909380681028945160044544153621818688423646489807441720906712684790135385868623325397733161277075333563025745015752901223830706236987509455497414393348274281282549645162234487985571137772958580395484512937745335423160003716377930288473963545205082166660538985432954264228807475567764127378395517109076554478059127221242458680625541810897552854175532230690135591426956093869428706184335333179218545581769541711244520124531059056179873379463179 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) e8572246c341a36f228bd0729095ccf840b72f61 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mapri.kaiserpermanente.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 000fcc3dbeb8ba28af4799f424effe33f2852a7b5d653e0448a38e98d27e4b9316c46d118aa8e102548803a13d5472945085478381c14f7836705c20bc6fb9bda3231650f7ae02d8443865f3408e2b7773fafe62388e67959d25c02889ae125caca24c3d48bc91123b9bd613b177e5c2748fa09de6476c013abb5c0f115759f1c867170f01fcbf5a856131b38fe6c0bfaf9dff9a45873e281657b0b7bb51e7449861de2f3f2ad8930beb9d95fe8f444f02b15d6670fd849cf8f8f7f26f7a16c989c7199de1fd060994458b21a9787b641caa5f15f72e3ede40a8696f1b0e60a7ae5301f614f6401c07802a4668bcdfc4ce84318e93db341ca81c5612a263877403