groove.digitalocean.com
Issued by R3
About this certificate
This digital certificate with serial number 04:7f:99:d9:bb:d6:9c:da:93:e9:a0:72:e7:d1:2c:68:f5:12 was issued on by Let's Encrypt.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=groove.digitalocean.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 04:7f:99:d9:bb:d6:9c:da:93:e9:a0:72:e7:d1:2c:68:f5:12Serial Number (int): 391869506747587532199267116004018257196306
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 8f:45:f1:b5:7d:d6:78:b9:e8:30:cb:e8:59:56:d7:3f:1a:8c:3f:f3
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 34:85:7e:ce:8f:e3:dc:a7:ee:fb:cd:5e:95:32:2f:f5:c0:e8:d3:b4
Fingerprint (sha256): 05:f4:ef:f1:8b:fa:07:c2:d6:98:1b:32:cb:f6:80:ad:4a:77:ce:59:99:de:18:05:2a:a5:b9:d7:7a:58:cc:25
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate groove.digitalocean.com
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for groove.digitalocean.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
groove.digitalocean.com
Other certificates including the domain name digitalocean.com
(limited to 100 certificates)
www.demo-tourismconnects.ca
india.polo-development.com
p.ssl.fastly.net
dns-vetting1-mims-pawel.map.fastly.net
ideas.digitalocean.com
tsunami.digitalocean.com
digitalocean.com
investors.digitalocean.com
p.ssl.fastly.net
dns-vetting1-mims-pawel.map.fastly.net
betastatus.digitalocean.com
pages.support.digitalocean.com
www.demo-tourismconnects.ca
p.ssl.fastly.net
p.ssl.fastly.net
dns-vetting1k.map.fastly.net
www.visitor-friendlyalberta.ca
dctrack01.nyc3.internal.digitalocean.com
go.rescuevocations.org
m.ssl.fastly.net
groove.digitalocean.com
trinityu.trinityconsultants.com
email.comms.digitalocean.com
investor.digitalocean.com
p.ssl.fastly.net
m.ssl.fastly.net
m.ssl.fastly.net
www.visitor-friendlyalberta.ca
anchor.digitalocean.com
m.ssl.fastly.net
dns-vetting1k.map.fastly.net
groove.digitalocean.com
rewards.digitalocean.com
www.visitor-friendlyalberta.ca
m.ssl.fastly.net
au.lakeshore.com
dns-vetting1k.map.fastly.net
www.frailtycertification.com
m.ssl.fastly.net
dns-vetting1k.map.fastly.net
p.ssl.fastly.net
m.ssl.fastly.net
m.ssl.fastly.net
www.trainwithpassion.ca
www.visitorfriendlyalberta.ca
m.ssl.fastly.net
dns-vetting1k.map.fastly.net
brand.digitalocean.com
ssl3926.cloudflare.com
www.visitor-friendlyalberta.ca
investors.digitalocean.com
p.ssl.fastly.net
emss.goldfin.ca
www.ekgguy.com
www.learn-rto8.com
www.demo-tourismconnects.ca
dns-vetting2.map.fastly.net
p.ssl.fastly.net
www.visitor-friendlyalberta.ca
www.digitalocean.com
m.ssl.fastly.net
www.visitorfriendlyalberta.ca
ssl503536.cloudflaressl.com
dns-vetting1-mims-pawel.map.fastly.net
m.ssl.fastly.net
www.digitalocean.com
www.visitor-friendlyalberta.ca
b-0.hexagon-cdn.com
events.digitalocean.com
awesome-actions.com
digitalocean.com
www.visitor-friendlyalberta.ca
www.visitorfriendlyalberta.ca
rewards.digitalocean.com
dns-vetting2.map.fastly.net
www.visitorfriendlyalberta.ca
www.digitalocean.com
*.internal.digitalocean.com
m.ssl.fastly.net
dns-vetting2.map.fastly.net
ideas.digitalocean.com
prod-codd-admin.sfo3.internal.digitalocean.com
marketplace-frontend-nyc1.digitalocean.com
www.visitorfriendlyalberta.ca
dns-vetting1k.map.fastly.net
anchor.digitalocean.com
www.trainwithpassion.ca
m.ssl.fastly.net
www.eatandlearnnm.com
www.learn-rto8.com
betastatus.digitalocean.com
ssl503536.cloudflaressl.com
m.ssl.fastly.net
m.ssl.fastly.net
dns-vetting1k.map.fastly.net
www.visitor-friendlyalberta.ca
dns-vetting1k.map.fastly.net
www.pathwaylearningnetwork.com
dns-vetting1k.map.fastly.net
p.ssl.fastly.net
india.polo-development.com
p.ssl.fastly.net
dns-vetting1-mims-pawel.map.fastly.net
ideas.digitalocean.com
tsunami.digitalocean.com
digitalocean.com
investors.digitalocean.com
p.ssl.fastly.net
dns-vetting1-mims-pawel.map.fastly.net
betastatus.digitalocean.com
pages.support.digitalocean.com
www.demo-tourismconnects.ca
p.ssl.fastly.net
p.ssl.fastly.net
dns-vetting1k.map.fastly.net
www.visitor-friendlyalberta.ca
dctrack01.nyc3.internal.digitalocean.com
go.rescuevocations.org
m.ssl.fastly.net
groove.digitalocean.com
trinityu.trinityconsultants.com
email.comms.digitalocean.com
investor.digitalocean.com
p.ssl.fastly.net
m.ssl.fastly.net
m.ssl.fastly.net
www.visitor-friendlyalberta.ca
anchor.digitalocean.com
m.ssl.fastly.net
dns-vetting1k.map.fastly.net
groove.digitalocean.com
rewards.digitalocean.com
www.visitor-friendlyalberta.ca
m.ssl.fastly.net
au.lakeshore.com
dns-vetting1k.map.fastly.net
www.frailtycertification.com
m.ssl.fastly.net
dns-vetting1k.map.fastly.net
p.ssl.fastly.net
m.ssl.fastly.net
m.ssl.fastly.net
www.trainwithpassion.ca
www.visitorfriendlyalberta.ca
m.ssl.fastly.net
dns-vetting1k.map.fastly.net
brand.digitalocean.com
ssl3926.cloudflare.com
www.visitor-friendlyalberta.ca
investors.digitalocean.com
p.ssl.fastly.net
emss.goldfin.ca
www.ekgguy.com
www.learn-rto8.com
www.demo-tourismconnects.ca
dns-vetting2.map.fastly.net
p.ssl.fastly.net
www.visitor-friendlyalberta.ca
www.digitalocean.com
m.ssl.fastly.net
www.visitorfriendlyalberta.ca
ssl503536.cloudflaressl.com
dns-vetting1-mims-pawel.map.fastly.net
m.ssl.fastly.net
www.digitalocean.com
www.visitor-friendlyalberta.ca
b-0.hexagon-cdn.com
events.digitalocean.com
awesome-actions.com
digitalocean.com
www.visitor-friendlyalberta.ca
www.visitorfriendlyalberta.ca
rewards.digitalocean.com
dns-vetting2.map.fastly.net
www.visitorfriendlyalberta.ca
www.digitalocean.com
*.internal.digitalocean.com
m.ssl.fastly.net
dns-vetting2.map.fastly.net
ideas.digitalocean.com
prod-codd-admin.sfo3.internal.digitalocean.com
marketplace-frontend-nyc1.digitalocean.com
www.visitorfriendlyalberta.ca
dns-vetting1k.map.fastly.net
anchor.digitalocean.com
www.trainwithpassion.ca
m.ssl.fastly.net
www.eatandlearnnm.com
www.learn-rto8.com
betastatus.digitalocean.com
ssl503536.cloudflaressl.com
m.ssl.fastly.net
m.ssl.fastly.net
dns-vetting1k.map.fastly.net
www.visitor-friendlyalberta.ca
dns-vetting1k.map.fastly.net
www.pathwaylearningnetwork.com
dns-vetting1k.map.fastly.net
p.ssl.fastly.net
Certificate
The complete raw certificate details for groove.digitalocean.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIE+zCCA+OgAwIBAgISBH+Z2bvWnNqT6aBy59EsaPUSMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDA0MDgyMzU5MDVaFw0yNDA3MDcyMzU5MDRaMCIxIDAeBgNVBAMT F2dyb292ZS5kaWdpdGFsb2NlYW4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAzauUdbilHPTcxzdMF4u6blEUtg7YXO4JdQVmGKe75PQJW3CQri1v CB3/DTjSh+cEwzgyXVA5v61XeORy501Ek8rfRH2ft9Eas12sflj1V6COd1sfbpUg k2qF3uBZLslFRUnnh/DzgSQp1V/0uxUQ+ypOAfmylYnZanGRtr8jdsscxK9t06J8 2JopURFqTnY/rVgog/GuH5pjkfXmGPKUBgSZCx7WXRLTkr7ikJF9+rdxw3/5o3Bp hXLbzQuwuAhmWN/Gbx7HjmkTZx4SXPxiTYTLYyYyXOg/fCFjkL+9Y7V3UGDrU6kZ kVh80Rk0nu1t7iWJyhbt5pVjnOI/T46HRQIDAQABo4ICGTCCAhUwDgYDVR0PAQH/ BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E AjAAMB0GA1UdDgQWBBSPRfG1fdZ4uegwy+hZVtc/Gow/8zAfBgNVHSMEGDAWgBQU LrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGG FWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmku bGVuY3Iub3JnLzAiBgNVHREEGzAZghdncm9vdmUuZGlnaXRhbG9jZWFuLmNvbTAT BgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1ADtT d3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABjsBdpEcAAAQDAEYwRAIh ANu2rpO1eeBGC4s9apvM1jKPX1jMSuD0jsHDkS6Pg51UAh9Ko71lXJb8zFVettpX 65XVBE6cSC3h6r5NfmlCdnvcAHcAGZgQcQnw1lIuMIDSnj9ku4NuKMz5D1KO7t/O Sj8WtMoAAAGOwF2kXAAABAMASDBGAiEAlIVpn+go1NNAR6m5xahoLVNzk5FvkS+2 my+MDLz1IKoCIQCrbo98o5llTYHglWhwRXkFEKjjrwjaUz20zbAmUD6FJDANBgkq hkiG9w0BAQsFAAOCAQEAWc6yqQuIWamUB8Prchqb7sUzcGid+ixDqSuepTU2S0Qk SFa9GF0l0Ejp8bNndfwpfiApYF71vJGvD5H9XQcVxmI7kUSH1rt63R+S4iO1bcyx ErfJ0rBZv3Mxbe+EkEa3XI0Sdvus8k+EZ845nfA+svQTtF3K+KwgHHtkE1+VvDJe 0K88chYfqnrOBhZSTV+qkkcCcSL7oSySYKAV64TfpmafVoJ2fNJb+C/ZsZmTZJgs SNI/9040cw+k55Op4/WGJPUSuTGTOQk+1t9w8XlTlWIQ1cj0WSHJJRMo2pWcD19x nVaEafRqXpXGZPyjj1mh+Pkkm/WH7b4zpaZnvRJ/cA== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzauUdbilHPTcxzdMF4u6 blEUtg7YXO4JdQVmGKe75PQJW3CQri1vCB3/DTjSh+cEwzgyXVA5v61XeORy501E k8rfRH2ft9Eas12sflj1V6COd1sfbpUgk2qF3uBZLslFRUnnh/DzgSQp1V/0uxUQ +ypOAfmylYnZanGRtr8jdsscxK9t06J82JopURFqTnY/rVgog/GuH5pjkfXmGPKU BgSZCx7WXRLTkr7ikJF9+rdxw3/5o3BphXLbzQuwuAhmWN/Gbx7HjmkTZx4SXPxi TYTLYyYyXOg/fCFjkL+9Y7V3UGDrU6kZkVh80Rk0nu1t7iWJyhbt5pVjnOI/T46H RQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 391869506747587532199267116004018257196306 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-08 23:59:05 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-07 23:59:04 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'groove.digitalocean.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25963461730655706003732691490635738252641532333697767471128890896408105116391960223453811298454134291615586889712943216327196225209426730606853048397456348977305068826872915808077288886178193064649645423910071363540094491735300790107160940903746117843877538307741366325419162538670050112164809007329029362033024567139726456374873889396828475947368689727543745963569573735551954642899053557980356452624853357852496394089852613016144016284501957292863659842578265479163961733161100017198358928758121893686461929517695271758503080047882464855561681311060724044132172731458498845946453581548702901270262835383518735796037 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 8f45f1b57dd678b9e830cbe85956d73f1a8c3ff3 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (27 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'groove.digitalocean.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f00075003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018ec05da4470000040300463044022100dbb6ae93b579e0460b8b3d6a9bccd6328f5f58cc4ae0f48ec1c3912e8f839d54021f4aa3bd655c96fccc555eb6da57eb95d5044e9c482de1eabe4d7e6942767bdc0077001998107109f0d6522e3080d29e3f64bb836e28ccf90f528eeedfce4a3f16b4ca0000018ec05da45c00000403004830460221009485699fe828d4d34047a9b9c5a8682d537393916f912fb69b2f8c0cbcf520aa022100ab6e8f7ca399654d81e095687045790510a8e3af08da533db4cdb026503e8524 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0059ceb2a90b8859a99407c3eb721a9beec53370689dfa2c43a92b9ea535364b44244856bd185d25d048e9f1b36775fc297e2029605ef5bc91af0f91fd5d0715c6623b914487d6bb7add1f92e223b56dccb112b7c9d2b059bf73316def849046b75c8d1276fbacf24f8467ce399df03eb2f413b45dcaf8ac201c7b64135f95bc325ed0af3c72161faa7ace0616524d5faa9247027122fba12c9260a015eb84dfa6669f5682767cd25bf82fd9b1999364982c48d23ff74e34730fa4e793a9e3f58624f512b9319339093ed6df70f17953956210d5c8f45921c9251328da959c0f5f719d568469f46a5e95c664fca38f59a1f8f9249bf587edbe33a5a667bd127f70