aflciotechinstitute.org
Issued by GTS CA 1P5
About this certificate
This digital certificate with serial number 2a:76:bf:f1:aa:38:53:57:0e:6d:18:23:72:df:db:b1 was issued on by Google Trust Services LLC.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=aflciotechinstitute.org
Google Trust Services LLC
Organization:
Google Trust Services LLC
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 2a:76:bf:f1:aa:38:53:57:0e:6d:18:23:72:df:db:b1Serial Number (int): 56444159939175584806734236207512804273
Serial Number lenght: 126 bits, 16 octets
SubjectKeyId: dc:0f:5f:cc:82:4d:19:f4:d7:37:5b:ac:17:b7:dd:69:f5:c9:3e:08
AuthorityKeyId: d5:fc:9e:0d:df:1e:ca:dd:08:97:97:6e:2b:c5:5f:c5:2b:f5:ec:b8
Fingerprint (sha1): 4a:1e:8f:6f:9f:9a:eb:31:2e:f0:7b:5d:df:9a:98:fe:a8:ab:00:71
Fingerprint (sha256): 0a:03:bb:7d:9c:f6:8a:ef:ad:50:00:96:a7:40:83:2a:64:e2:a6:62:d5:8b:f9:2c:27:99:fc:32:e6:cb:63:dc
Issuing Certificate URL: http://pki.goog/repo/certs/gts1p5.der
Revocation information
OCSP Server: http://ocsp.pki.goog/s/gts1p5/CIVm01Uay-sCRL Distribution Point: http://crls.pki.goog/gts1p5/_fiMabITZ0g.crl
Check the revocation status for certificate aflciotechinstitute.org
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for aflciotechinstitute.org
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
aflciotechinstitute.org
*.aflciotechinstitute.org
*.aflciotechinstitute.org
Other certificates including the domain name aflciotechinstitute.org
(limited to 100 certificates)
aflciotechinstitute.org
aflciotechinstitute.org
aflcionc.org
aflcionc.org
aflciotechinstitute.org
aflcionc.org
aflcionc.org
aflciotechinstitute.org
aflcionc.org
aflcionc.org
aflciotechinstitute.org
aflciotechinstitute.org
aflciotechinstitute.org
aflcionc.org
aflcionc.org
aflciotechinstitute.org
aflciotechinstitute.org
aflcionc.org
aflciotechinstitute.org
aflciotechinstitute.org
aflciotechinstitute.org
aflciotechinstitute.org
aflciotechinstitute.org
aflciotechinstitute.org
aflcionc.org
aflcionc.org
aflciotechinstitute.org
aflcionc.org
aflciotechinstitute.org
aflcionc.org
aflcionc.org
aflciotechinstitute.org
aflcionc.org
aflciotechinstitute.org
aflciotechinstitute.org
aflcionc.org
aflcionc.org
aflciotechinstitute.org
aflcionc.org
aflcionc.org
aflciotechinstitute.org
aflcionc.org
aflcionc.org
aflciotechinstitute.org
aflciotechinstitute.org
aflciotechinstitute.org
aflcionc.org
aflcionc.org
aflciotechinstitute.org
aflciotechinstitute.org
aflcionc.org
aflciotechinstitute.org
aflciotechinstitute.org
aflciotechinstitute.org
aflciotechinstitute.org
aflciotechinstitute.org
aflciotechinstitute.org
aflcionc.org
aflcionc.org
aflciotechinstitute.org
aflcionc.org
aflciotechinstitute.org
aflcionc.org
aflcionc.org
aflciotechinstitute.org
aflcionc.org
aflciotechinstitute.org
Certificate
The complete raw certificate details for aflciotechinstitute.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFjTCCBHWgAwIBAgIQKna/8ao4U1cObRgjct/bsTANBgkqhkiG9w0BAQsFADBG MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM QzETMBEGA1UEAxMKR1RTIENBIDFQNTAeFw0yNDA0MjkwMjA1NTJaFw0yNDA3Mjgw MjA1NTFaMCIxIDAeBgNVBAMTF2FmbGNpb3RlY2hpbnN0aXR1dGUub3JnMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh16gED8I8r0rUccgfQg0zEeWZ412 IyTm/ML7GrHp9s+WlywdMBI9auLwS6NcGgT6CrMez9tOmbnPoNAYQTM0EOe+zTUL XsAUxDYDklNbKbTpKWVHAXLL9Pt+IrXSEyZaYGEF2CYl0tQWtLZ3DkMAMjnCsXZs P8bzAqLv7R4UirPvy8NBxPo27BVjCg6g8kNHmBrgJc9JZ+0ULh//J/2AKJB/Lui3 4a0lZF2hMGDj6H2XZd2rA0evbDX5OuXobG/bJSMoJEake59tOhcOcYOmFUIL+BUX e1WgqYL6MKtpqDuMFjj8IVg6N1VErFoUaDSI6uCJPprvYcLKpORBnnVLPwIDAQAB o4ICmTCCApUwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwG A1UdEwEB/wQCMAAwHQYDVR0OBBYEFNwPX8yCTRn01zdbrBe33Wn1yT4IMB8GA1Ud IwQYMBaAFNX8ng3fHsrdCJeXbivFX8Ur9ey4MHgGCCsGAQUFBwEBBGwwajA1Bggr BgEFBQcwAYYpaHR0cDovL29jc3AucGtpLmdvb2cvcy9ndHMxcDUvQ0lWbTAxVWF5 LXMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBvL2NlcnRzL2d0czFw NS5kZXIwPQYDVR0RBDYwNIIXYWZsY2lvdGVjaGluc3RpdHV0ZS5vcmeCGSouYWZs Y2lvdGVjaGluc3RpdHV0ZS5vcmcwIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYB BAHWeQIFAzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9n dHMxcDUvX2ZpTWFiSVRaMGcuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcA 7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGPJ9DmeQAABAMASDBG AiEAwFmN47pVJW9RoQKwVd6K8qpszCP9m2Vwyv7wm1DDyG0CIQDR/XFJhJAT6dE2 SPVkboFQ7H3Sy3zGlBvLfzJDPhex0gB1ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSF NL2kPTBI1/urAAABjyfQ5rcAAAQDAEYwRAIgY6WluSaXeZsrdKWLU1CLkXZaKOcz TgC91gNoaiAM/nECIEuSnpprDyixo0Yr1gciHfBQM+6UJmAwhGiCFVjOgcyaMA0G CSqGSIb3DQEBCwUAA4IBAQCGrJmRrSSeyI6i729nXGmLfYH6cgF9V8Q3tukuOLsV xpxGIl/Xj6blnBybT/pyvVehMVOokfhRKYelrvoxMBq9LMW5Nqrby8/33VfvX6Zz HkOWF8HydotPRzGyuiY8nYC4DXmVKQZVj7F5RNnQ/69d1UUtIm+MsL2RO7hoZlRb FwpyZQG5O5ZXNChVZsy8UaAhlgH2zoPytYoXuBBJs3uFG3LHRV0MxxFGWE1fdL4M hgxVFISeyS+ldnYQVJ/yuif1UKc2jZ7iF0ILHwcMevUEfIBDIQ7a0JXN9wt1Ukrt fVCF5OuT3mW8NG9mBmQ1IPu79gnHdUbYz0F4CJZRX6U6 -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh16gED8I8r0rUccgfQg0 zEeWZ412IyTm/ML7GrHp9s+WlywdMBI9auLwS6NcGgT6CrMez9tOmbnPoNAYQTM0 EOe+zTULXsAUxDYDklNbKbTpKWVHAXLL9Pt+IrXSEyZaYGEF2CYl0tQWtLZ3DkMA MjnCsXZsP8bzAqLv7R4UirPvy8NBxPo27BVjCg6g8kNHmBrgJc9JZ+0ULh//J/2A KJB/Lui34a0lZF2hMGDj6H2XZd2rA0evbDX5OuXobG/bJSMoJEake59tOhcOcYOm FUIL+BUXe1WgqYL6MKtpqDuMFjj8IVg6N1VErFoUaDSI6uCJPprvYcLKpORBnnVL PwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 56444159939175584806734236207512804273 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Google Trust Services LLC' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GTS CA 1P5' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-29 02:05:52 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-28 02:05:51 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'aflciotechinstitute.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17088832619252333946479955101784048486566201037684623552396702773841045453663859558731000588635682379390468946849906818239620958599427613817866033094821653483839531587109650430911357286979673598844053613979933204483351802161870179010043791874524375615021301648559654621672641982478475293967935136840182227681568285342298501578090075426854527937570278648270943640213035650250505715809034494857357373709037186300947409032795671120260912539753266137680840800038124888362419143349082423474379861669638473695044126438592343203903369408952532928856513905209794279459494355103979724847404693907933366176145348273599298227007 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) dc0f5fcc824d19f4d7375bac17b7dd69f5c93e08 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d5fc9e0ddf1ecadd0897976e2bc55fc52bf5ecb8 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (108 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.pki.goog/s/gts1p5/CIVm01Uay-s' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://pki.goog/repo/certs/gts1p5.der' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aflciotechinstitute.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.aflciotechinstitute.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.5.3 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (53 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crls.pki.goog/gts1p5/_fiMabITZ0g.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f0007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018f27d0e6790000040300483046022100c0598de3ba55256f51a102b055de8af2aa6ccc23fd9b6570cafef09b50c3c86d022100d1fd7149849013e9d13648f5646e8150ec7dd2cb7cc6941bcb7f32433e17b1d2007500dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018f27d0e6b70000040300463044022063a5a5b92697799b2b74a58b53508b91765a28e7334e00bdd603686a200cfe7102204b929e9a6b0f28b1a3462bd607221df05033ee942660308468821558ce81cc9a . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0086ac9991ad249ec88ea2ef6f675c698b7d81fa72017d57c437b6e92e38bb15c69c46225fd78fa6e59c1c9b4ffa72bd57a13153a891f8512987a5aefa31301abd2cc5b936aadbcbcff7dd57ef5fa6731e439617c1f2768b4f4731b2ba263c9d80b80d79952906558fb17944d9d0ffaf5dd5452d226f8cb0bd913bb86866545b170a726501b93b965734285566ccbc51a0219601f6ce83f2b58a17b81049b37b851b72c7455d0cc71146584d5f74be0c860c5514849ec92fa5767610549ff2ba27f550a7368d9ee217420b1f070c7af5047c8043210edad095cdf70b75524aed7d5085e4eb93de65bc346f6606643520fbbbf609c77546d8cf41780896515fa53a