okta.justworks.com

Issued by R3

About this certificate

This digital certificate with serial number 03:01:bd:57:cc:ca:29:6a:76:b4:86:45:3c:ae:67:3a:a7:6f was issued on by Let's Encrypt.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=okta.justworks.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:01:bd:57:cc:ca:29:6a:76:b4:86:45:3c:ae:67:3a:a7:6f
Serial Number (int): 261928820136860185598248625898228840834927
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 89:f6:b0:18:31:15:b7:a8:9e:38:df:54:c1:f0:1e:69:d5:bc:9c:7a
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): a9:ab:da:33:72:61:2a:0b:77:04:71:ff:2f:31:c4:43:6c:71:a8:d7
Fingerprint (sha256): 0d:99:5b:71:72:ca:2d:90:88:f6:8c:28:2d:d5:77:49:96:bb:23:69:da:65:79:51:d5:de:96:ad:47:e5:77:7b

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate okta.justworks.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for okta.justworks.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

okta.justworks.com

Other certificates including the domain name justworks.com

(limited to 100 certificates)
sni.cloudflaressl.com
tools.staging.benefits.secure.justworks.com
sni.cloudflaressl.com
sni.cloudflaressl.com
try.justworks.com
sni.cloudflaressl.com
rbstatus.empowerid.net
justworks.com
appstatus.justworks.com
tools.benefits.secure.justworks.com
scim.justworks.com
*.service.justworks.com
api-status.postmates.com
scim.justworks.com
go.justworks.com
tools.benefits.staging.justworks.com
help.justworks.com
help.justworks.com
justworks.com
staging.benefits.secure.justworks.com
payroll.justworks.com
go.justworks.com
rbstatus.empowerid.net
api-status.postmates.com
help.justworks.com
sni.cloudflaressl.com
justworks.com
get.justworks.com
*.justworks.com
leapfrog-ssl-50.gcs-web.com
okta.justworks.com
justworks.com
rbstatus.empowerid.net
go.justworks.com
get.justworks.com
appstatus.justworks.com
okta.justworks.com
leapfrog-ssl-50.gcs-web.com
help.justworks.com
*.vibe.justworks.com
neon.justworks.com
okta.justworks.com
*.contractor.justworks.com
oktapreview.justworks.com
okta.justworks.com
*.infra-nonprod.justworks.com
help.justworks.com
benefits.secure.justworks.com
justworks.com
rbstatus.empowerid.net
sni.cloudflaressl.com
rbstatus.empowerid.net
leapfrog-ssl-50.gcs-web.com
leapfrog-ssl-50.gcs-web.com
help.justworks.com
tour.neon.justworks.com
payroll.justworks.com
help.justworks.com
api-status.postmates.com
rbstatus.empowerid.net
neon.justworks.com
rbstatus.empowerid.net
help.justworks.com
api-status.postmates.com
rbstatus.empowerid.net
*.infra-sandbox.justworks.com
okta.justworks.com
staging-login.justworks.com
leapfrog-ssl-50.gcs-web.com
appstatus.justworks.com
go.justworks.com
justworks.com
help.justworks.com
api-status.postmates.com
leapfrog-ssl-50.gcs-web.com
go.justworks.com
events.justworks.com
sni.cloudflaressl.com
leapfrog-ssl-50.gcs-web.com
updates.justworks.com
leapfrog-ssl-50.gcs-web.com
get.justworks.com
justworks.com
leapfrog-ssl-50.gcs-web.com
*.justworks.com
*.tour.neon.justworks.com
sni.cloudflaressl.com
scim.justworks.com
leapfrog-ssl-50.gcs-web.com
updates.justworks.com
scim.justworks.com
get.justworks.com
leapfrog-ssl-50.gcs-web.com
leapfrog-ssl-50.gcs-web.com
*.data.justworks.com
*.staging.justworks.com
justworks.com
help.justworks.com
try.justworks.com
*.sandbox.vibe.justworks.com

Certificate

The complete raw certificate details for okta.justworks.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAwG9V8zKKWp2tIZFPK5nOqdvMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAxMzAyMDM2MTVaFw0yMzA0MzAyMDM2MTRaMB0xGzAZBgNVBAMT
Em9rdGEuanVzdHdvcmtzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANd43oeiujTd3QsmVVHXSmf+rYubjwLVT5Y+8v9slA5vzGiGJ76mxx/eIWWm
zZ6mKW10sRx6TCWwVANfqmtYN/yDc7BVofFKdU6BMttTgi7RufdR1OqV4FnGCw30
GD1Kka7nDdVvmlgHFUf006SaaNk4B1TBdsut3n2gEnqQVnwt/kMXwoW8LWudUG23
CNPU6IpVOHk6uV9tzjKnbxC1AeVHe1w6eR5sX1/5HdDo1kp8XZbR6RBKLZP9Z+9/
lAanD6BueIztnN4Q4SxCZDE1VQ7J3ELKuAPXpLdy/pgi85AJqtHvVFowgOqybuLi
T1K8XipjzD80MU1ZYgmvQJoNA+MCAwEAAaOCAk0wggJJMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
BgNVHQ4EFgQUifawGDEVt6ieON9UwfAeadW8nHowHwYDVR0jBBgwFoAUFC6zF7dY
VsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRw
Oi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNy
Lm9yZy8wHQYDVR0RBBYwFIISb2t0YS5qdXN0d29ya3MuY29tMEwGA1UdIARFMEMw
CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAtz77
JN+cTbp18jnFulj0bF38Qs96nzXEnh0JgSXttJkAAAGGBJv2xAAABAMARzBFAiEA
tQgRr5arPMhTPc8DE5dhVPVG/kl+uP8Eax3RqEKyauUCIFHtJCvPkbpkZEagKWY+
KCYEOkRdrOM8GZ/GEADDMhn5AHYArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWG
NOvcgooAAAGGBJv30QAABAMARzBFAiAg/n9n5yxyzcTJzT5BneYQaF72+NYFZ6OA
BdYAh8BpmgIhALBHeKbHV3RcEICltgnzH/UDHElr1PNbwJXc8/Cwpu8HMA0GCSqG
SIb3DQEBCwUAA4IBAQBgpbde9EJcSCBwLC5v+RcYTV8kteBA41zlwzRTcbFM6Y+t
gRvJH+tP0yu/NLYPgnEijafdeqs50PnKwcsrX8PepWZOmyHgtPERpoDu42MLffPi
tb+Ae0KHWS/ZO7wMwzyG5DxkIoSs3btkEt0a7pTUns68flaLlDEiDJs5JPubp7ex
QEiEY/tuC72MnpuKrQsZWs8AP0oamLzK/9FLGcWPgdu7Gv0I80cwJoU7mZjPfF0O
9swdGo+zIJR7OSnTG2KfKAgW5vyU7/WcB/SjKuTQHDyCeHMaJrGfQDW9naHfYKyW
spxlwSS7A++2N6pXy8gI4GaGD8rkH8DbKjzSAZ0g
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13jeh6K6NN3dCyZVUddK
Z/6ti5uPAtVPlj7y/2yUDm/MaIYnvqbHH94hZabNnqYpbXSxHHpMJbBUA1+qa1g3
/INzsFWh8Up1ToEy21OCLtG591HU6pXgWcYLDfQYPUqRrucN1W+aWAcVR/TTpJpo
2TgHVMF2y63efaASepBWfC3+QxfChbwta51QbbcI09ToilU4eTq5X23OMqdvELUB
5Ud7XDp5HmxfX/kd0OjWSnxdltHpEEotk/1n73+UBqcPoG54jO2c3hDhLEJkMTVV
DsncQsq4A9ekt3L+mCLzkAmq0e9UWjCA6rJu4uJPUrxeKmPMPzQxTVliCa9Amg0D
4wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 261928820136860185598248625898228840834927
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-30 20:36:15 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-04-30 20:36:14 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'okta.justworks.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27200838419825001930435717766072926699317960041726004277357608820101014079168600680613995257580666633913889550787246584325681202179961383675497731927565944941103715700890945151205953357152268195032207730362675882013024657974302308191538308080857360899063403920488367648278702006899734647772224687033316143598518146489038616781231381781567555725227603980416836109111180691068822717833504085312804927889218256846060427815532726938191240431939762036667490746507730517308847181628147652684624344062138248080088090911669936627340534618469977459591980267056385229453756767045685242597202834392804753622994597505716479394787
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							89f6b0183115b7a89e38df54c1f01e69d5bc9c7a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'okta.justworks.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb49900000186049bf6c40000040300473045022100b50811af96ab3cc8533dcf0313976154f546fe497eb8ff046b1dd1a842b26ae5022051ed242bcf91ba646446a029663e2826043a445dace33c199fc61000c33219f9007600adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a00000186049bf7d10000040300473045022020fe7f67e72c72cdc4c9cd3e419de610685ef6f8d60567a38005d60087c0699a022100b04778a6c757745c1080a5b609f31ff5031c496bd4f35bc095dcf3f0b0a6ef07
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0060a5b75ef4425c4820702c2e6ff917184d5f24b5e040e35ce5c3345371b14ce98fad811bc91feb4fd32bbf34b60f8271228da7dd7aab39d0f9cac1cb2b5fc3dea5664e9b21e0b4f111a680eee3630b7df3e2b5bf807b4287592fd93bbc0cc33c86e43c642284acddbb6412dd1aee94d49ecebc7e568b9431220c9b3924fb9ba7b7b140488463fb6e0bbd8c9e9b8aad0b195acf003f4a1a98bccaffd14b19c58f81dbbb1afd08f3473026853b9998cf7c5d0ef6cc1d1a8fb320947b3929d31b629f280816e6fc94eff59c07f4a32ae4d01c3c8278731a26b19f4035bd9da1df60ac96b29c65c124bb03efb637aa57cbc808e066860fcae41fc0db2a3cd2019d20