zap-api-staging.planninglabs.nyc
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:26:72:6a:d6:9e:7e:2b:e9:77:13:04:25:30:ab:de:1c:11 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=zap-api-staging.planninglabs.nyc
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:26:72:6a:d6:9e:7e:2b:e9:77:13:04:25:30:ab:de:1c:11Serial Number (int): 274419674466255639708986484114169960209425
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: a1:9e:ed:f8:e3:f7:e9:24:36:98:3f:57:d5:db:23:1f:f1:90:3c:93
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): 05:1a:d2:d8:2c:9a:c9:99:d7:40:23:89:a8:28:d2:c3:f4:32:c6:24
Fingerprint (sha256): 08:fb:43:58:70:00:f3:fe:43:8a:2c:76:b8:8b:90:17:b4:2a:d5:dc:e7:42:a8:e5:d7:c7:44:29:fa:f1:b3:1f
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate zap-api-staging.planninglabs.nyc
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for zap-api-staging.planninglabs.nyc
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
lucats.planninglabs.nyc
zap-api-staging.planninglabs.nyc
zap-api-staging.planninglabs.nyc
Other certificates including the domain name planninglabs.nyc
(limited to 100 certificates)
maputnik-push.planninglabs.nyc
ui.planninglabs.nyc
layers-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
zap.planning.nyc.gov
regional-viz.planninglabs.nyc
roadview.planninglabs.nyc
ui.planninglabs.nyc
home-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
ui.planninglabs.nyc
nyc-factfinder.planninglabs.nyc
lotselector.planninglabs.nyc
search-api.planninglabs.nyc
ideas.planninglabs.nyc
zap-staging-lupp.planninglabs.nyc
zap-api-staging.planninglabs.nyc
ui.planninglabs.nyc
zola-canary.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
search-api.planninglabs.nyc
planninglabs.nyc
search-api.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
applicantmaps-api.planninglabs.nyc
planninglabs.nyc
lucats.planninglabs.nyc
ceqr.app
roadview.planninglabs.nyc
roadview.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
zap-api.planninglabs.nyc
zola-canary.planninglabs.nyc
planninglabs.nyc
applicant-portal-develop.planninglabs.nyc
planninglabs.nyc
zap-api-staging.planninglabs.nyc
factfinder-api.planninglabs.nyc
api.planninglabs.nyc
geosearch.planninglabs.nyc
maputnik-push.planninglabs.nyc
zola-staging.planninglabs.nyc
zap-api.planninglabs.nyc
zola-canary.planninglabs.nyc
ceqr.app
home-api.planninglabs.nyc
waterfront-access.planninglabs.nyc
tiles.planninglabs.nyc
zola.planninglabs.nyc
zap.planning.nyc.gov
applicantmaps-staging.planninglabs.nyc
zap-staging-lupp.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
zap-api-staging.planninglabs.nyc
zap.planning.nyc.gov
factfinder-api.planninglabs.nyc
metroexplorer-staging.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
applicantmaps-staging.planninglabs.nyc
tiles.planninglabs.nyc
tiles.planninglabs.nyc
roadview.planninglabs.nyc
nyc-factfinder.planninglabs.nyc
planninglabs.nyc
nyc-factfinder.planninglabs.nyc
maputnik-push.planninglabs.nyc
planninglabs.nyc
zola-api.planninglabs.nyc
zola.planninglabs.nyc
communityprofiles.planning.nyc.gov
citymap.planninglabs.nyc
ideas.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
layers-api.planninglabs.nyc
planninglabs.nyc
factfinder-api.planninglabs.nyc
zola.planninglabs.nyc
applicantmaps-staging.planninglabs.nyc
geosearch.planninglabs.nyc
roadview.planninglabs.nyc
datacatalog.planninglabs.nyc
tiles.planninglabs.nyc
home-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
ceqr.app
migration.planninglabs.nyc
home-api.planninglabs.nyc
maputnik-push.planninglabs.nyc
layers-api.planninglabs.nyc
applicantmaps-staging.planninglabs.nyc
home-api.planninglabs.nyc
zola-api.planninglabs.nyc
api.planninglabs.nyc
planninglabs.nyc
applicantmaps-api.planninglabs.nyc
zola-canary.planninglabs.nyc
zap-api.planninglabs.nyc
layers-api-staging.planninglabs.nyc
metroexplorer-staging.planninglabs.nyc
tycs.planning.nyc.gov
ui.planninglabs.nyc
layers-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
zap.planning.nyc.gov
regional-viz.planninglabs.nyc
roadview.planninglabs.nyc
ui.planninglabs.nyc
home-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
ui.planninglabs.nyc
nyc-factfinder.planninglabs.nyc
lotselector.planninglabs.nyc
search-api.planninglabs.nyc
ideas.planninglabs.nyc
zap-staging-lupp.planninglabs.nyc
zap-api-staging.planninglabs.nyc
ui.planninglabs.nyc
zola-canary.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
search-api.planninglabs.nyc
planninglabs.nyc
search-api.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
applicantmaps-api.planninglabs.nyc
planninglabs.nyc
lucats.planninglabs.nyc
ceqr.app
roadview.planninglabs.nyc
roadview.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
zap-api.planninglabs.nyc
zola-canary.planninglabs.nyc
planninglabs.nyc
applicant-portal-develop.planninglabs.nyc
planninglabs.nyc
zap-api-staging.planninglabs.nyc
factfinder-api.planninglabs.nyc
api.planninglabs.nyc
geosearch.planninglabs.nyc
maputnik-push.planninglabs.nyc
zola-staging.planninglabs.nyc
zap-api.planninglabs.nyc
zola-canary.planninglabs.nyc
ceqr.app
home-api.planninglabs.nyc
waterfront-access.planninglabs.nyc
tiles.planninglabs.nyc
zola.planninglabs.nyc
zap.planning.nyc.gov
applicantmaps-staging.planninglabs.nyc
zap-staging-lupp.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
zap-api-staging.planninglabs.nyc
zap.planning.nyc.gov
factfinder-api.planninglabs.nyc
metroexplorer-staging.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
applicantmaps-staging.planninglabs.nyc
tiles.planninglabs.nyc
tiles.planninglabs.nyc
roadview.planninglabs.nyc
nyc-factfinder.planninglabs.nyc
planninglabs.nyc
nyc-factfinder.planninglabs.nyc
maputnik-push.planninglabs.nyc
planninglabs.nyc
zola-api.planninglabs.nyc
zola.planninglabs.nyc
communityprofiles.planning.nyc.gov
citymap.planninglabs.nyc
ideas.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
layers-api.planninglabs.nyc
planninglabs.nyc
factfinder-api.planninglabs.nyc
zola.planninglabs.nyc
applicantmaps-staging.planninglabs.nyc
geosearch.planninglabs.nyc
roadview.planninglabs.nyc
datacatalog.planninglabs.nyc
tiles.planninglabs.nyc
home-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
ceqr.app
migration.planninglabs.nyc
home-api.planninglabs.nyc
maputnik-push.planninglabs.nyc
layers-api.planninglabs.nyc
applicantmaps-staging.planninglabs.nyc
home-api.planninglabs.nyc
zola-api.planninglabs.nyc
api.planninglabs.nyc
planninglabs.nyc
applicantmaps-api.planninglabs.nyc
zola-canary.planninglabs.nyc
zap-api.planninglabs.nyc
layers-api-staging.planninglabs.nyc
metroexplorer-staging.planninglabs.nyc
tycs.planning.nyc.gov
Certificate
The complete raw certificate details for zap-api-staging.planninglabs.nyc in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHQzCCBiugAwIBAgISAyZyataefivpdxMEJTCr3hwRMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEwMDMxOTM0NDVaFw0x OTAxMDExOTM0NDVaMCsxKTAnBgNVBAMTIHphcC1hcGktc3RhZ2luZy5wbGFubmlu Z2xhYnMubnljMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAymFYivw3 iQ+6GpfRKTrTfZUeWF8gBhOAHx/Y7qIDxeVkdRJjG5K25B3Odel8NGp3LQnA1ao9 8aHRiJaTI+YVOZmBwBoEUa9eQjO1dSVYgWK1y2tTt29qS2zULsEVB/maHqRLR2tb CkbfvMFNf3HntF9oE51pIOV19Rsfx+iX3nWTi/913+BiYi8MKDWhdLBhOtUpp16q ZrNXpY5zfvPpIIZhjZq5xSinoWEmRQ1OWMU3Kel156v6kAFp7998hKqyUUrhmK4/ 5gCxLZb5KEOEA9NIJ8vRL5HZfrVyJ/G1aKEHO2IGB2KNfYJeWClGCFDsNTH/f1HU 21bqkd7ERyEf5Cb9tHb7UgIgU1eyGxy3UXOH3Zc9qQsVQOdowjvxy/yq6RoFL4l3 5qYO2MN3SJAtj4sbp3GA8kgG/2iKHmNoZ5IYuXBEzPLmOYuoyXC4Gquubrm/ldW2 fi60FDzwKkyPeXXn4EXC9e9NlwyNP9/EaFv0b1T/85Yg7tsz2EpjnknNHGygtDPv RTh7E+v4W+wRn8FK5GJswbWJ+o7PX75y8fdPZvddN0ohFJ4dYRTKnPkTiv5hHhCM ndyF3t2KaRnJzkVJFmrzu/osIQkuLgXrTNEbjBsx/yzGauXrwrBr1mo4UF8ueTqI LsaRTgh3t948KY5RnAnHDbIrak+QCPBjV3UCAwEAAaOCA0AwggM8MA4GA1UdDwEB /wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/ BAIwADAdBgNVHQ4EFgQUoZ7t+OP36SQ2mD9X1dsjH/GQPJMwHwYDVR0jBBgwFoAU qEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzAB hiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAC hiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzBEBgNVHREEPTA7 ghdsdWNhdHMucGxhbm5pbmdsYWJzLm55Y4IgemFwLWFwaS1zdGFnaW5nLnBsYW5u aW5nbGFicy5ueWMwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8T AQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCB qwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJl bGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRh bmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczov L2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzCCAQMGCisGAQQB1nkCBAIEgfQE gfEA7wB1AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZjuj2W8A AAQDAEYwRAIgGPxAR8u6h5n5qTRiLh5enVSx/lXgLIEZ4oJ/J52kegoCIDf1rHMd zv+pmkP9M+mQ4yrGwHIrwj1J4i066SxpqlcWAHYAKTxRllTIOWW6qlD8WAfUt2+/ WHopctykwwz05UVH9HgAAAFmO6PZFwAABAMARzBFAiEA8O8oIQJvOnHu9dDpNeVn zl33Yl3ltHYDqqS77GYrwO4CIHCUQgh5dospvBQkHNAm9CY+Pduu29/bOWnBYgKU imrWMA0GCSqGSIb3DQEBCwUAA4IBAQBErLNT2YPZ5LpMZJpiQGGldg0Io8C3z1de qI4i8/x0GSRuzQ4bYpnPr/AYILPND+MQVtq+kxizvTBEqAxzVKe+Bkp9xxgyIGK3 PPEvDo0j/2XC+iiZE14BQjT0Grr0iW/y72XmFOtxJmD+h6n9TPDwt53LPSGznwkM 8ueBEn8NqOxJYQTSiLQYdTHGFB8FmOUXX0MtvZnIgeBhaybzC1MrbB/IKO+fu77m i+gLJjhDMOMWAJRBMw1FiZx8d+zl6yezFVGo8E+7qvPAmbiwy9TxD5E3j8i1a56G YjpoLZtUz8deaLCeCLUuEqS1UfWMY4bjfeX8f2ZOGaaoQYW8k0KS -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAymFYivw3iQ+6GpfRKTrT fZUeWF8gBhOAHx/Y7qIDxeVkdRJjG5K25B3Odel8NGp3LQnA1ao98aHRiJaTI+YV OZmBwBoEUa9eQjO1dSVYgWK1y2tTt29qS2zULsEVB/maHqRLR2tbCkbfvMFNf3Hn tF9oE51pIOV19Rsfx+iX3nWTi/913+BiYi8MKDWhdLBhOtUpp16qZrNXpY5zfvPp IIZhjZq5xSinoWEmRQ1OWMU3Kel156v6kAFp7998hKqyUUrhmK4/5gCxLZb5KEOE A9NIJ8vRL5HZfrVyJ/G1aKEHO2IGB2KNfYJeWClGCFDsNTH/f1HU21bqkd7ERyEf 5Cb9tHb7UgIgU1eyGxy3UXOH3Zc9qQsVQOdowjvxy/yq6RoFL4l35qYO2MN3SJAt j4sbp3GA8kgG/2iKHmNoZ5IYuXBEzPLmOYuoyXC4Gquubrm/ldW2fi60FDzwKkyP eXXn4EXC9e9NlwyNP9/EaFv0b1T/85Yg7tsz2EpjnknNHGygtDPvRTh7E+v4W+wR n8FK5GJswbWJ+o7PX75y8fdPZvddN0ohFJ4dYRTKnPkTiv5hHhCMndyF3t2KaRnJ zkVJFmrzu/osIQkuLgXrTNEbjBsx/yzGauXrwrBr1mo4UF8ueTqILsaRTgh3t948 KY5RnAnHDbIrak+QCPBjV3UCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 274419674466255639708986484114169960209425 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-10-03 19:34:45 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-01-01 19:34:45 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'zap-api-staging.planninglabs.nyc' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 825639416209346719978376198125138684597351080106140304822915848506016927108251883002553611619882759820977300331888571908971120626262550636046703327054662386409600468653071155872631207291407969376294688754296040255552154552984867435800525179755719361121884247566223507925473285852956565221929582880878236603972732270780605864701275879134462197598625202989545281837389165077579683199945418728595739730332448817516359700834140162572150680332148824804843092919496619877203238494242020770074897394251813452403941434577644419243087052943285154773333788854839030831442769205995271424264088680265334309132650780788924657373431612648166888226741623352652715106184676008445092865613388257296441024519803753291755310448778474214907932098074633872496075253379452076496207076951471214396044500169049046432587579506120434228539557455355944928940863254254360394725001066839621820709859867562636515242367235336422089645017392043424171079953302712244400304054746095565294670262793508188913977461099464405574654189645863225864981269795516106979539419279302877378845724918025891804505642410769892333448651968540091876223094247219163847916937178771552830825299624640249098140748944780182746585892220373692792764638250445033013512131851303898436360951669 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) a19eedf8e3f7e92436983f57d5db231ff1903c93 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lucats.planninglabs.nyc' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'zap-api-staging.planninglabs.nyc' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes) 00ef0075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c000001663ba3d96f0000040300463044022018fc4047cbba8799f9a934622e1e5e9d54b1fe55e02c8119e2827f279da47a0a022037f5ac731dceffa99a43fd33e990e32ac6c0722bc23d49e22d3ae92c69aa5716007600293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478000001663ba3d9170000040300473045022100f0ef2821026f3a71eef5d0e935e567ce5df7625de5b47603aaa4bbec662bc0ee02207094420879768b29bc14241cd026f4263e3ddbaedbdfdb3969c16202948a6ad6 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0044acb353d983d9e4ba4c649a624061a5760d08a3c0b7cf575ea88e22f3fc7419246ecd0e1b6299cfaff01820b3cd0fe31056dabe9318b3bd3044a80c7354a7be064a7dc718322062b73cf12f0e8d23ff65c2fa2899135e014234f41abaf4896ff2ef65e614eb712660fe87a9fd4cf0f0b79dcb3d21b39f090cf2e781127f0da8ec496104d288b4187531c6141f0598e5175f432dbd99c881e0616b26f30b532b6c1fc828ef9fbbbee68be80b26384330e316009441330d45899c7c77ece5eb27b31551a8f04fbbaaf3c099b8b0cbd4f10f91378fc8b56b9e86623a682d9b54cfc75e68b09e08b52e12a4b551f58c6386e37de5fc7f664e19a6a84185bc934292