blog.nic.cz
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:54:65:99:d4:6c:52:4e:6e:fc:5d:18:62:04:3c:96:49:80 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=blog.nic.cz
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:54:65:99:d4:6c:52:4e:6e:fc:5d:18:62:04:3c:96:49:80Serial Number (int): 290055627374086153319415174626175364778368
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: f5:ac:dc:f0:ab:9b:cb:c0:b6:17:af:5c:04:29:bb:8f:80:78:e0:4d
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): 16:56:ed:ce:d8:4a:dc:33:83:93:5b:8c:7c:fc:2c:78:c8:5f:3c:70
Fingerprint (sha256): 0a:1f:8c:93:97:3b:78:d7:76:3d:c3:57:81:8c:1c:00:0a:a2:20:cc:9b:38:55:2b:95:83:33:da:c9:7c:52:5f
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate blog.nic.cz
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for blog.nic.cz
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
blog.nic.cz
en.blog.nic.cz
en.blog.nic.cz
Other certificates including the domain name nic.cz
(limited to 100 certificates)
sentry.labs.nic.cz
bgpcrunch.labs.nic.cz
nic.cz
devpub.labs.nic.cz
mirrors.nic.cz
nic.cz
zonemaster.labs.nic.cz
mojeid.regtest.nic.cz
stats.nic.cz
cz-test.dsdng.nic.cz
rdap.nic.cz
stork.nic.cz
odvr.nic.cz
public.nic.cz
gitlab.labs.nic.cz
sentry.labs.nic.cz
dscng.labs.nic.cz
stats.labs.nic.cz
katalogrouteru.cz
mirrors.nic.cz
haas.nic.cz
onlinechat2.nic.cz
ethercalc.labs.nic.cz
mail.nic.cz
whois.nic.cz
redmine.labs.nic.cz
nextcloud.labs.nic.cz
rdap.nic.cz
mail.nic.cz
moodle.nic.cz
dnssec-validator.labs.nic.cz
devpub.labs.nic.cz
mailing.nic.cz
stats.nic.cz
gitlab.nic.cz
bgpcrunch.labs.nic.cz
nic.cz
test-ipv6.nic.cz
stork.nic.cz
mailing.akademie.nic.cz
kalendar.nic.cz
ethercalc.labs.nic.cz
blog.nic.cz
gitlab.labs.nic.cz
eidasnode-test.nic.cz
knihy.nic.cz
netmetr-control.labs.nic.cz
intranet.nic.cz
haas.nic.cz
akademie.nic.cz
kalendar.nic.cz
mojeid.fred.nic.cz
moodle.nic.cz
katalogrouteru.cz
lettie.labs.nic.cz
nic.cz
howl.labs.nic.cz
mdm.nic.cz
ext-mattermost.nic.cz
bobek.nic.cz
secure.nic.cz
yangson.labs.nic.cz
mirror-r-01.nic.cz
yangson.labs.nic.cz
sentry.labs.nic.cz
onlinechat2.nic.cz
nic.cz
dnscheck.labs.nic.cz
gitlab.nic.cz
jetscreen.labs.nic.cz
webid.labs.nic.cz
nic.cz
akademie.nic.cz
mailing-mojeid.nic.cz
devpub.labs.nic.cz
api.nic.cz
gitweb.labs.nic.cz
public.nic.cz
blog.nic.cz
kalendar.nic.cz
kalendar.nic.cz
akademie.nic.cz
yangson.labs.nic.cz
piwik.nic.cz
dnscheck.labs.nic.cz
sophie.labs.nic.cz
epp.nic.cz
akademie.nic.cz
howl.labs.nic.cz
bobek.nic.cz
katalogrouteru.cz
intranet.nic.cz
labs.nic.cz
moodle.nic.cz
dnssec-validator.labs.nic.cz
sentry.labs.nic.cz
csp.nic.cz
howl.labs.nic.cz
piwik.nic.cz
akademie.nic.cz
bgpcrunch.labs.nic.cz
nic.cz
devpub.labs.nic.cz
mirrors.nic.cz
nic.cz
zonemaster.labs.nic.cz
mojeid.regtest.nic.cz
stats.nic.cz
cz-test.dsdng.nic.cz
rdap.nic.cz
stork.nic.cz
odvr.nic.cz
public.nic.cz
gitlab.labs.nic.cz
sentry.labs.nic.cz
dscng.labs.nic.cz
stats.labs.nic.cz
katalogrouteru.cz
mirrors.nic.cz
haas.nic.cz
onlinechat2.nic.cz
ethercalc.labs.nic.cz
mail.nic.cz
whois.nic.cz
redmine.labs.nic.cz
nextcloud.labs.nic.cz
rdap.nic.cz
mail.nic.cz
moodle.nic.cz
dnssec-validator.labs.nic.cz
devpub.labs.nic.cz
mailing.nic.cz
stats.nic.cz
gitlab.nic.cz
bgpcrunch.labs.nic.cz
nic.cz
test-ipv6.nic.cz
stork.nic.cz
mailing.akademie.nic.cz
kalendar.nic.cz
ethercalc.labs.nic.cz
blog.nic.cz
gitlab.labs.nic.cz
eidasnode-test.nic.cz
knihy.nic.cz
netmetr-control.labs.nic.cz
intranet.nic.cz
haas.nic.cz
akademie.nic.cz
kalendar.nic.cz
mojeid.fred.nic.cz
moodle.nic.cz
katalogrouteru.cz
lettie.labs.nic.cz
nic.cz
howl.labs.nic.cz
mdm.nic.cz
ext-mattermost.nic.cz
bobek.nic.cz
secure.nic.cz
yangson.labs.nic.cz
mirror-r-01.nic.cz
yangson.labs.nic.cz
sentry.labs.nic.cz
onlinechat2.nic.cz
nic.cz
dnscheck.labs.nic.cz
gitlab.nic.cz
jetscreen.labs.nic.cz
webid.labs.nic.cz
nic.cz
akademie.nic.cz
mailing-mojeid.nic.cz
devpub.labs.nic.cz
api.nic.cz
gitweb.labs.nic.cz
public.nic.cz
blog.nic.cz
kalendar.nic.cz
kalendar.nic.cz
akademie.nic.cz
yangson.labs.nic.cz
piwik.nic.cz
dnscheck.labs.nic.cz
sophie.labs.nic.cz
epp.nic.cz
akademie.nic.cz
howl.labs.nic.cz
bobek.nic.cz
katalogrouteru.cz
intranet.nic.cz
labs.nic.cz
moodle.nic.cz
dnssec-validator.labs.nic.cz
sentry.labs.nic.cz
csp.nic.cz
howl.labs.nic.cz
piwik.nic.cz
akademie.nic.cz
Certificate
The complete raw certificate details for blog.nic.cz in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHEDCCBfigAwIBAgISA1RlmdRsUk5u/F0YYgQ8lkmAMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA1MDMxMTAwMDlaFw0x ODA4MDExMTAwMDlaMBYxFDASBgNVBAMTC2Jsb2cubmljLmN6MIICIjANBgkqhkiG 9w0BAQEFAAOCAg8AMIICCgKCAgEAuoD5B6l/cAgUrXS5UF+2Gr67wjcgDqL+uPVX X9C7i+PQVRvqUEzY6bN5V3B6e/1m1DvZgbYq0CuxG5RfIm7HsPNGEWZ4MkGgHuZf zZSNg3id7kEkvRmkZvzct7ffSINl+/5pyWFqwS88pfHXhxEejF8xsgf4h1X9bw/x fJxp4uEvMYpL9rdL0bNdLkx1E1Ao2BCk6jJaJ4boa/Vj40UfBcAyacrnwQ6KSDxj UjDjy0i/LkAp3QVwp3d48GAbWlBSm2CA6xaggI61rsRc3kXtDzQxT1qEB+QqKVPa HlFK1k6h+RvbxUymJT024bz4MWbEpiAnkjQ133zAdYT+PpoXAuF276deOYDUmiOq E1dKaC3jPy2gMHpn+Yb6Va8Mhj4OX5vKSxs1Jj0ZGAx0GfVihmAKmCMgHCPIZLXu PHEvUstxq7ajDn5hM6zFPhGldvDOzb5LYNqA36d4TQw5fjliyYrueIcNkISlVqtO 4Ae1m9cgYye3UykUnmRhYAx6puxCT1lhC3M6JtcqaLgm7ksBC4jgKvjWpHnZVBLG Bh3TqsF4oUncHF1Ll9ziH1sKt+IQg3lIIYZsHUPNTX/2+oQ5Zs1f5ds/M3GS0ntU gWM+a5xTbHkJ58sCmXkEZDMy/xEqi43GWRbNYJKkzHxew3qZNQ8/8DBrgMF42nWh t7x5egECAwEAAaOCAyIwggMeMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU9azc8Kub y8C2F69cBCm7j4B44E0wHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEw bwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMu bGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMu bGV0c2VuY3J5cHQub3JnLzAmBgNVHREEHzAdggtibG9nLm5pYy5jeoIOZW4uYmxv Zy5uaWMuY3owgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEB MIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYI KwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGll ZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNl IHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xl dHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA 7wB2ANt0r+7LKeyx/so+cW0s5bmquzb3hHGDx12dTze2H79kAAABYyXfu/QAAAQD AEcwRQIhAPf6hTCPJFKG7y5levbHfquqKO8pa67it6hloxQkMTV9AiBp/ycI2dOS vUdm+9LbT8F9GB1nJzMYNuSyAQ0XayhaoAB1ACk8UZZUyDlluqpQ/FgH1Ldvv1h6 KXLcpMMM9OVFR/R4AAABYyXfvAcAAAQDAEYwRAIgKRD/dvLSDDmvnQXaolFwEMB8 vwC2/NmvbWavwTSIKaUCIBzsD+4ybVPu5V7kEvsl1wQhF+u03GrpSGTuHQmEmxrE MA0GCSqGSIb3DQEBCwUAA4IBAQBRqloDfNd3vBqlXapkUGTO+Mxr+KiHwpnZiXsx 9kZdQFfQ9tPiaX4EznvzN2rJtTUdtxW9iCp5KVC3ATyP1byMpBJgp01PSDdVmSsY X0MAHSrWlVcATjfRRaV/HDX30s+C1chTI4XgRfrGRHHP78PjuMDfTrGa8N3Nrrmx eJMsYDc/m0tUW6xSzIjf/MFrSHE7h8ILOSloZazmRr6o2JuTBQL3Fi6SsonQWB5N F9A50wisZDYN62H5gU2VEdDnd7klSmmrvOTlebYEarCxJzCp4X9EGjvxSozbGp3F 1Fa3NnIoV1Tzliihhqk4fjNnHZw2T21dIbeVH8vpxyX2G6UF -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuoD5B6l/cAgUrXS5UF+2 Gr67wjcgDqL+uPVXX9C7i+PQVRvqUEzY6bN5V3B6e/1m1DvZgbYq0CuxG5RfIm7H sPNGEWZ4MkGgHuZfzZSNg3id7kEkvRmkZvzct7ffSINl+/5pyWFqwS88pfHXhxEe jF8xsgf4h1X9bw/xfJxp4uEvMYpL9rdL0bNdLkx1E1Ao2BCk6jJaJ4boa/Vj40Uf BcAyacrnwQ6KSDxjUjDjy0i/LkAp3QVwp3d48GAbWlBSm2CA6xaggI61rsRc3kXt DzQxT1qEB+QqKVPaHlFK1k6h+RvbxUymJT024bz4MWbEpiAnkjQ133zAdYT+PpoX AuF276deOYDUmiOqE1dKaC3jPy2gMHpn+Yb6Va8Mhj4OX5vKSxs1Jj0ZGAx0GfVi hmAKmCMgHCPIZLXuPHEvUstxq7ajDn5hM6zFPhGldvDOzb5LYNqA36d4TQw5fjli yYrueIcNkISlVqtO4Ae1m9cgYye3UykUnmRhYAx6puxCT1lhC3M6JtcqaLgm7ksB C4jgKvjWpHnZVBLGBh3TqsF4oUncHF1Ll9ziH1sKt+IQg3lIIYZsHUPNTX/2+oQ5 Zs1f5ds/M3GS0ntUgWM+a5xTbHkJ58sCmXkEZDMy/xEqi43GWRbNYJKkzHxew3qZ NQ8/8DBrgMF42nWht7x5egECAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 290055627374086153319415174626175364778368 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-05-03 11:00:09 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-08-01 11:00:09 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'blog.nic.cz' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 760869120905556772147045569523861878207877510450588752529108312600011039839341458985557049956607770248387883869298920190108661253922490348058469846274988012717277102171469349312309796878590774628311590815207557471528617021864927506767942551414300650526937127228430737213022700464403426975572034177882692190517133159681206251622636938931183213334405263350152005784249155688198628991074164861319330262522667183750731617965708872516309445191526834794258979669588828815377697374976810476419134862000748826844923212634506800338744944139936816739186402167145852913313078008965187407075280332045610100398196650409011403146830253996262220776831714494633841689073879356819905853631973059740444081398819771839088533007677081044786395669164501037738137910510763216525546859325059743739985432864604263122290209449333668214767249718823167317567930282234816869675452035222256958052824531385819491975057936766564807192441782273899698901112012363540023722753340772782355347219898309462056153666837264750341843331660189261219224012129180300971556405042782910290337470778923577145272748704478103634909009714077881764036799751171371418245745332142372373117426046650977395459603578386587680846048180404613897274929725041132010133308402568552524918913537 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) f5acdcf0ab9bcbc0b617af5c0429bb8f8078e04d . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (31 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blog.nic.cz' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'en.blog.nic.cz' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes) 00ef007600db74afeecb29ecb1feca3e716d2ce5b9aabb36f7847183c75d9d4f37b61fbf640000016325dfbbf40000040300473045022100f7fa85308f245286ef2e657af6c77eabaa28ef296baee2b7a865a3142431357d022069ff2708d9d392bd4766fbd2db4fc17d181d6727331836e4b2010d176b285aa0007500293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f4780000016325dfbc07000004030046304402202910ff76f2d20c39af9d05daa2517010c07cbf00b6fcd9af6d66afc1348829a502201cec0fee326d53eee55ee412fb25d7042117ebb4dc6ae94864ee1d09849b1ac4 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0051aa5a037cd777bc1aa55daa645064cef8cc6bf8a887c299d9897b31f6465d4057d0f6d3e2697e04ce7bf3376ac9b5351db715bd882a792950b7013c8fd5bc8ca41260a74d4f483755992b185f43001d2ad69557004e37d145a57f1c35f7d2cf82d5c8532385e045fac64471cfefc3e3b8c0df4eb19af0ddcdaeb9b178932c60373f9b4b545bac52cc88dffcc16b48713b87c20b39296865ace646bea8d89b930502f7162e92b289d0581e4d17d039d308ac64360deb61f9814d9511d0e777b9254a69abbce4e579b6046ab0b12730a9e17f441a3bf14a8cdb1a9dc5d456b73672285754f39628a186a9387e33671d9c364f6d5d21b7951fcbe9c725f61ba505