lotselector.planninglabs.nyc
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:85:3d:67:bd:1c:43:04:97:17:73:07:e0:fa:1a:20:4a:15 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=lotselector.planninglabs.nyc
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:85:3d:67:bd:1c:43:04:97:17:73:07:e0:fa:1a:20:4a:15Serial Number (int): 306676034145699409221429715192608882444821
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: a2:87:18:cd:07:b0:d3:58:0e:ea:47:b2:62:b8:af:6d:ac:7f:1c:fd
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): 43:aa:5f:7a:72:f6:48:da:40:60:44:25:30:de:1d:4e:ed:f3:76:f4
Fingerprint (sha256): 06:d5:16:17:f9:85:ad:b4:7e:ed:d1:09:17:31:dd:05:c0:f1:4a:29:51:b1:ab:64:17:a6:a0:7f:37:de:d3:7d
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate lotselector.planninglabs.nyc
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for lotselector.planninglabs.nyc
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
lotselector.planning.nyc.gov
lotselector.planninglabs.nyc
lotselector.planninglabs.nyc
Other certificates including the domain name planninglabs.nyc
(limited to 100 certificates)
maputnik-push.planninglabs.nyc
ui.planninglabs.nyc
layers-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
zap.planning.nyc.gov
regional-viz.planninglabs.nyc
roadview.planninglabs.nyc
ui.planninglabs.nyc
home-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
ui.planninglabs.nyc
nyc-factfinder.planninglabs.nyc
lotselector.planninglabs.nyc
search-api.planninglabs.nyc
ideas.planninglabs.nyc
zap-staging-lupp.planninglabs.nyc
zap-api-staging.planninglabs.nyc
ui.planninglabs.nyc
zola-canary.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
search-api.planninglabs.nyc
planninglabs.nyc
search-api.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
applicantmaps-api.planninglabs.nyc
planninglabs.nyc
lucats.planninglabs.nyc
ceqr.app
roadview.planninglabs.nyc
roadview.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
zap-api.planninglabs.nyc
zola-canary.planninglabs.nyc
planninglabs.nyc
applicant-portal-develop.planninglabs.nyc
planninglabs.nyc
zap-api-staging.planninglabs.nyc
factfinder-api.planninglabs.nyc
api.planninglabs.nyc
geosearch.planninglabs.nyc
maputnik-push.planninglabs.nyc
zola-staging.planninglabs.nyc
zap-api.planninglabs.nyc
zola-canary.planninglabs.nyc
home-api.planninglabs.nyc
waterfront-access.planninglabs.nyc
tiles.planninglabs.nyc
zola.planninglabs.nyc
zap.planning.nyc.gov
applicantmaps-staging.planninglabs.nyc
zap-staging-lupp.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
zap-api-staging.planninglabs.nyc
zap.planning.nyc.gov
factfinder-api.planninglabs.nyc
metroexplorer-staging.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
applicantmaps-staging.planninglabs.nyc
tiles.planninglabs.nyc
tiles.planninglabs.nyc
roadview.planninglabs.nyc
nyc-factfinder.planninglabs.nyc
planninglabs.nyc
nyc-factfinder.planninglabs.nyc
maputnik-push.planninglabs.nyc
planninglabs.nyc
zola-api.planninglabs.nyc
zola.planninglabs.nyc
communityprofiles.planning.nyc.gov
citymap.planninglabs.nyc
ideas.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
layers-api.planninglabs.nyc
planninglabs.nyc
factfinder-api.planninglabs.nyc
zola.planninglabs.nyc
applicantmaps-staging.planninglabs.nyc
geosearch.planninglabs.nyc
roadview.planninglabs.nyc
datacatalog.planninglabs.nyc
tiles.planninglabs.nyc
home-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
ceqr.app
migration.planninglabs.nyc
home-api.planninglabs.nyc
maputnik-push.planninglabs.nyc
layers-api.planninglabs.nyc
applicantmaps-staging.planninglabs.nyc
home-api.planninglabs.nyc
zola-api.planninglabs.nyc
api.planninglabs.nyc
planninglabs.nyc
applicantmaps-api.planninglabs.nyc
zola-canary.planninglabs.nyc
zap-api.planninglabs.nyc
layers-api-staging.planninglabs.nyc
metroexplorer-staging.planninglabs.nyc
tycs.planning.nyc.gov
migration.planninglabs.nyc
ui.planninglabs.nyc
layers-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
zap.planning.nyc.gov
regional-viz.planninglabs.nyc
roadview.planninglabs.nyc
ui.planninglabs.nyc
home-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
ui.planninglabs.nyc
nyc-factfinder.planninglabs.nyc
lotselector.planninglabs.nyc
search-api.planninglabs.nyc
ideas.planninglabs.nyc
zap-staging-lupp.planninglabs.nyc
zap-api-staging.planninglabs.nyc
ui.planninglabs.nyc
zola-canary.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
search-api.planninglabs.nyc
planninglabs.nyc
search-api.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
applicantmaps-api.planninglabs.nyc
planninglabs.nyc
lucats.planninglabs.nyc
ceqr.app
roadview.planninglabs.nyc
roadview.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
zap-api.planninglabs.nyc
zola-canary.planninglabs.nyc
planninglabs.nyc
applicant-portal-develop.planninglabs.nyc
planninglabs.nyc
zap-api-staging.planninglabs.nyc
factfinder-api.planninglabs.nyc
api.planninglabs.nyc
geosearch.planninglabs.nyc
maputnik-push.planninglabs.nyc
zola-staging.planninglabs.nyc
zap-api.planninglabs.nyc
zola-canary.planninglabs.nyc
home-api.planninglabs.nyc
waterfront-access.planninglabs.nyc
tiles.planninglabs.nyc
zola.planninglabs.nyc
zap.planning.nyc.gov
applicantmaps-staging.planninglabs.nyc
zap-staging-lupp.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
zap-api-staging.planninglabs.nyc
zap.planning.nyc.gov
factfinder-api.planninglabs.nyc
metroexplorer-staging.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
applicantmaps-staging.planninglabs.nyc
tiles.planninglabs.nyc
tiles.planninglabs.nyc
roadview.planninglabs.nyc
nyc-factfinder.planninglabs.nyc
planninglabs.nyc
nyc-factfinder.planninglabs.nyc
maputnik-push.planninglabs.nyc
planninglabs.nyc
zola-api.planninglabs.nyc
zola.planninglabs.nyc
communityprofiles.planning.nyc.gov
citymap.planninglabs.nyc
ideas.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
layers-api.planninglabs.nyc
planninglabs.nyc
factfinder-api.planninglabs.nyc
zola.planninglabs.nyc
applicantmaps-staging.planninglabs.nyc
geosearch.planninglabs.nyc
roadview.planninglabs.nyc
datacatalog.planninglabs.nyc
tiles.planninglabs.nyc
home-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
ceqr.app
migration.planninglabs.nyc
home-api.planninglabs.nyc
maputnik-push.planninglabs.nyc
layers-api.planninglabs.nyc
applicantmaps-staging.planninglabs.nyc
home-api.planninglabs.nyc
zola-api.planninglabs.nyc
api.planninglabs.nyc
planninglabs.nyc
applicantmaps-api.planninglabs.nyc
zola-canary.planninglabs.nyc
zap-api.planninglabs.nyc
layers-api-staging.planninglabs.nyc
metroexplorer-staging.planninglabs.nyc
tycs.planning.nyc.gov
migration.planninglabs.nyc
Certificate
The complete raw certificate details for lotselector.planninglabs.nyc in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHPzCCBiegAwIBAgISA4U9Z70cQwSXF3MH4PoaIEoVMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA4MjEwOTUwMTlaFw0x ODExMTkwOTUwMTlaMCcxJTAjBgNVBAMTHGxvdHNlbGVjdG9yLnBsYW5uaW5nbGFi cy5ueWMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCyO8uaBMjsKdE 3FZZT/P5zHqcId6m8bbRR+LQWCRy8zgiNlhKYAmdwD5xXAQ/GJsp8rhs7DF92Cq2 aMTx6QoIJQZuW+edOa4eukPTWIAjg1kWm/q2QeQYw4CDzMZLVCAsXnqbHh5bWVWR 9cA+YzHN9GdcFpg637MBit/TWxxgdaXyBtNkBLzSSBZ5iPKo7Fi8oDL1bGh/CtJR oeLS3sI0ipQTkylYAwyneZBSAGBJINMl6nNtFOnfvXfJRT27yTJeGo0IPSNIo8v7 5T4/aaeqjHk+6WtP7ahHS2OubKSAG6hZP7g5KLqxoz5Ljun3+6N7e3+h2X11Xl6X ihrrJS/XuexIj6Cm+q1nTboddtphTJfzwrDDUJMG/w9+jrhIPNJQkbBlI2B+TNxt jts7dQyH/jpbiD3glU5wilTgoFobooTJ+ag3XNitI2dP8mcs101O87bZJyGykbjL qUZwMwdazn3qnzJ2+UGmRSczuJRnJiN+JlLLO43/9rgmUo/39yZfxZL5XENzKn18 mtkpU4Zrkyn44HUNgz029HkPQSLZDWFpl8nkciE4xi0B04uCvNzVY8r643G4LfEX voFrE0Zq2rWbi4/xemk2l6mgMHwqkLaFGP+fKv/J307YXdPg0lVxMaVv0/X5Nfqd 4oIImuYDYizkOMHtEECT61BE5mWSVwIDAQABo4IDQDCCAzwwDgYDVR0PAQH/BAQD AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA MB0GA1UdDgQWBBSihxjNB7DTWA7qR7JiuK9trH8c/TAfBgNVHSMEGDAWgBSoSmpj BH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0 dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0 dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMEUGA1UdEQQ+MDyCHGxv dHNlbGVjdG9yLnBsYW5uaW5nLm55Yy5nb3aCHGxvdHNlbGVjdG9yLnBsYW5uaW5n bGFicy5ueWMwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEB MIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYI KwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGll ZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNl IHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xl dHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzCCAQIGCisGAQQB1nkCBAIEgfMEgfAA 7gB1ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVFR/R4AAABZVwbUsEAAAQD AEYwRAIgT/AuRHJyLOqCvNNPAtZ7qDXQImlB9mrTNUmkMnkBs0UCIAxb4akuX89s gJTdXUHXjR7yU8ix3LWMnMpAr7tpFUb2AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhw JQgXL6OqHQcT0wwAAAFlXBtT6QAABAMARjBEAiBY0tzRx5MtPqTn/aPtfH5BnSGH 34KUZXedakLAP+gKiAIgBCFR8slY6VJKbPsisgBHtUeocYAOYOXNQLuKf765T7Uw DQYJKoZIhvcNAQELBQADggEBAAo91/sFw46BAgqe2qOy37RuKNMq92zmpZamQL8o V5vbNLpCkL+4xZV24a2NcttJi1R1tEntKZ9RXUip/a31S1S9vgEPIJJYEEr9wrdA 8xJw4jp6MLi/crS/0EOgfqb2T+7Mdk2GZUiw13Gfjk+2XDIlxyaFWWawIziLez/q 6AGA6PG5XYSWZop/IiGl/CCmwIieLf/WSYkPgVV0hqaMPpAhVDG//VH2mSlKixdt RvjDv99EsQPIa9krwyuwfwpT4RoE8zi/T0qkpxPAVhdxh59Wwqbm2LgN/h4x6C9i kc90tGmjYujtfb0CfmHS+mWOE7eoP8PIgGoQpEq8G4XcBcU= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwsjvLmgTI7CnRNxWWU/z +cx6nCHepvG20Ufi0FgkcvM4IjZYSmAJncA+cVwEPxibKfK4bOwxfdgqtmjE8ekK CCUGblvnnTmuHrpD01iAI4NZFpv6tkHkGMOAg8zGS1QgLF56mx4eW1lVkfXAPmMx zfRnXBaYOt+zAYrf01scYHWl8gbTZAS80kgWeYjyqOxYvKAy9WxofwrSUaHi0t7C NIqUE5MpWAMMp3mQUgBgSSDTJepzbRTp3713yUU9u8kyXhqNCD0jSKPL++U+P2mn qox5PulrT+2oR0tjrmykgBuoWT+4OSi6saM+S47p9/uje3t/odl9dV5el4oa6yUv 17nsSI+gpvqtZ026HXbaYUyX88Kww1CTBv8Pfo64SDzSUJGwZSNgfkzcbY7bO3UM h/46W4g94JVOcIpU4KBaG6KEyfmoN1zYrSNnT/JnLNdNTvO22SchspG4y6lGcDMH Ws596p8ydvlBpkUnM7iUZyYjfiZSyzuN//a4JlKP9/cmX8WS+VxDcyp9fJrZKVOG a5Mp+OB1DYM9NvR5D0Ei2Q1haZfJ5HIhOMYtAdOLgrzc1WPK+uNxuC3xF76BaxNG atq1m4uP8XppNpepoDB8KpC2hRj/nyr/yd9O2F3T4NJVcTGlb9P1+TX6neKCCJrm A2Is5DjB7RBAk+tQROZlklcCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 306676034145699409221429715192608882444821 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-08-21 09:50:19 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-11-19 09:50:19 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'lotselector.planninglabs.nyc' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 794653060260886161310958264360036605109788578777654450142905903919095412320869019842694350683642983050907857128819346747301401920380235457791965853454022369312306493900617681678373873844557404762242499517442032907214609845788330133600694876770110746160961623485535750294301143323535359371324967471497283737841582912250030869344796939129611524781722967394874195298528456198824847642554827634846868280387408933839277299665632229897205614566736488246846929895358211780291160588965592973422634461901294054297596286120253942879097740992603379279947558119487506680319341171568102762031568184418107285319536684322136981089471745612550995018358515993661340473094383369317236629050076767493220433202701171131215831113202839317576149052915353431917889542505580183504870498184120876018167482061491453221866801654193217290257987181111786512186815794525593650663019433546676265653871238334341112402972055279087421224188266577082494799675283531687644431100166900392941560277602405850883005389451519565838803678566968183021998466374855994077810640453929348111802721343060729185725980175779777465080920250274823291401312477915245124565345094460854993170801517436049536884258926397022376265338629404844152247473354149035504558825400563627864524952151 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) a28718cd07b0d3580eea47b262b8af6dac7f1cfd . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (62 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lotselector.planning.nyc.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lotselector.planninglabs.nyc' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (240 bytes) 00ee007500293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478000001655c1b52c1000004030046304402204ff02e4472722cea82bcd34f02d67ba835d0226941f66ad33549a4327901b34502200c5be1a92e5fcf6c8094dd5d41d78d1ef253c8b1dcb58c9cca40afbb691546f60075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c000001655c1b53e90000040300463044022058d2dcd1c7932d3ea4e7fda3ed7c7e419d2187df829465779d6a42c03fe80a880220042151f2c958e9524a6cfb22b20047b547a871800e60e5cd40bb8a7fbeb94fb5 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 000a3dd7fb05c38e81020a9edaa3b2dfb46e28d32af76ce6a596a640bf28579bdb34ba4290bfb8c59576e1ad8d72db498b5475b449ed299f515d48a9fdadf54b54bdbe010f209258104afdc2b740f31270e23a7a30b8bf72b4bfd043a07ea6f64feecc764d866548b0d7719f8e4fb65c3225c726855966b023388b7b3feae80180e8f1b95d8496668a7f2221a5fc20a6c0889e2dffd649890f81557486a68c3e90215431bffd51f699294a8b176d46f8c3bfdf44b103c86bd92bc32bb07f0a53e11a04f338bf4f4aa4a713c0561771879f56c2a6e6d8b80dfe1e31e82f6291cf74b469a362e8ed7dbd027e61d2fa658e13b7a83fc3c8806a10a44abc1b85dc05c5