mcstaging.schaerer.com
Issued by R3
About this certificate
This digital certificate with serial number 04:85:b9:84:f9:c7:07:f4:72:83:63:af:7c:22:cf:79:3d:05 was issued on by Let's Encrypt.
With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=mcstaging.schaerer.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:85:b9:84:f9:c7:07:f4:72:83:63:af:7c:22:cf:79:3d:05Serial Number (int): 393953296156020195824205350876418795977989
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 78:2b:25:d8:86:2c:a1:09:90:c0:cf:0d:07:77:53:37:3c:5b:f3:d1
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 99:01:66:71:95:d8:46:d9:ed:2f:24:c9:4e:45:eb:11:6f:4b:df:23
Fingerprint (sha256): 0e:d7:e1:d8:a6:38:d3:4f:8a:87:04:c6:fe:6e:c5:e2:e5:89:45:04:bb:77:ea:4a:6a:a0:df:f1:94:64:0d:21
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate mcstaging.schaerer.com
4
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for mcstaging.schaerer.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
mcstaging.schaerer.com
mcstaging.wmf-950s.com
usa.mcstaging.schaerer.com
www.mcstaging.schaerer.com
mcstaging.wmf-950s.com
usa.mcstaging.schaerer.com
www.mcstaging.schaerer.com
Other certificates including the domain name schaerer.com
(limited to 100 certificates)
schaerer.com
schaerer.com
usa.schaerer.com
coffeelinkng.schaerer.com
schaerer.com
mcstaging.schaerer.com
owa.wmf.com
schaerer.com
schaerer.com
schaerer.com
schaerer.com
*.coffeelinkng.schaerer.com
*.schaerer.com
*.schaerer.com
coffelink.schaerer.com
*.coffeelinkng.schaerer.com
coffeelink.schaerer.com
usa.schaerer.com
owa.wmf.com
coffeelink.schaerer.com
schaerer.com
schaerer.com
schaerer.com
*.schaerer.com
schaerer.com
logintest.coffeelinkng.schaerer.com
logintest.coffeelinkng.schaerer.com
usa.schaerer.com
schaerer.com
usa.schaerer.com
usa.schaerer.com
time.schaerer.com
*.coffeelinkng.schaerer.com
coffeelink.schaerer.com
coffeelink.schaerer.com
schaerer.com
schaerer.com
usa.schaerer.com
usa.schaerer.com
schaerer.com
time.schaerer.com
usa.schaerer.com
*.schaerer.com
www.schaerer.com
schaerer.com
time.schaerer.com
schaerer.com
*.coffeelinkng.schaerer.com
schaerer.com
*.schaerer.com
schaerer.com
usa.schaerer.com
*.schaerer.com
usa.schaerer.com
coffeelink-int.schaerer.com
schaerer.com
login.coffeelinkng.schaerer.com
schaerer.com
*.coffeelinkng.schaerer.com
schaerer.com
coffeelink-int.schaerer.com
schaerer.com
schaerer.com
schaerer.com
usa.schaerer.com
coffeelinkng.schaerer.com
schaerer.com
mcstaging.schaerer.com
owa.wmf.com
schaerer.com
schaerer.com
schaerer.com
schaerer.com
*.coffeelinkng.schaerer.com
*.schaerer.com
*.schaerer.com
coffelink.schaerer.com
*.coffeelinkng.schaerer.com
coffeelink.schaerer.com
usa.schaerer.com
owa.wmf.com
coffeelink.schaerer.com
schaerer.com
schaerer.com
schaerer.com
*.schaerer.com
schaerer.com
logintest.coffeelinkng.schaerer.com
logintest.coffeelinkng.schaerer.com
usa.schaerer.com
schaerer.com
usa.schaerer.com
usa.schaerer.com
time.schaerer.com
*.coffeelinkng.schaerer.com
coffeelink.schaerer.com
coffeelink.schaerer.com
schaerer.com
schaerer.com
usa.schaerer.com
usa.schaerer.com
schaerer.com
time.schaerer.com
usa.schaerer.com
*.schaerer.com
www.schaerer.com
schaerer.com
time.schaerer.com
schaerer.com
*.coffeelinkng.schaerer.com
schaerer.com
*.schaerer.com
schaerer.com
usa.schaerer.com
*.schaerer.com
usa.schaerer.com
coffeelink-int.schaerer.com
schaerer.com
login.coffeelinkng.schaerer.com
schaerer.com
*.coffeelinkng.schaerer.com
schaerer.com
coffeelink-int.schaerer.com
schaerer.com
schaerer.com
Certificate
The complete raw certificate details for mcstaging.schaerer.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFSjCCBDKgAwIBAgISBIW5hPnHB/Ryg2OvfCLPeT0FMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEwMDQxNzI4MDZaFw0yNDAxMDIxNzI4MDVaMCExHzAdBgNVBAMT Fm1jc3RhZ2luZy5zY2hhZXJlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCuXmPd2XEZv1D6SkZO6jZZmN4A7lMsx0+yCrf6pKFtBv+Kzz7w27NJ 9vykOFfSlnNIinJN9wMjgWuiJP7iurS/LselwMRQ3t6VmLCUTuDEBR5SGKHXEN0L XYIEnJXYUAf+RATdnj4041jVWM3ToSN6UHJkAtGMFwfh8ez/FSkJsM9RB/FEwIrz BJWosjN5rYcgJ97PqA61RO4wAvSwtWxY7HXNmYmhck1gyY4GONyDY9209/fc2QBe zE2FNA5Nh7cludw5Gkozr4rHieXn2Dc5+nOA/AJ3J2Cc0HvCw/KMJ0XZBjERY5sp AcDVe+D9womgy0BZsmxBMcXEXO5F8gLdAgMBAAGjggJpMIICZTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC MAAwHQYDVR0OBBYEFHgrJdiGLKEJkMDPDQd3Uzc8W/PRMB8GA1UdIwQYMBaAFBQu sxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYV aHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5s ZW5jci5vcmcvMHEGA1UdEQRqMGiCFm1jc3RhZ2luZy5zY2hhZXJlci5jb22CFm1j c3RhZ2luZy53bWYtOTUwcy5jb22CGnVzYS5tY3N0YWdpbmcuc2NoYWVyZXIuY29t ghp3d3cubWNzdGFnaW5nLnNjaGFlcmVyLmNvbTATBgNVHSAEDDAKMAgGBmeBDAEC ATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3ADtTd3U+LbmAToswWwb+QDtn2E/D 9Me9AA0tcm/h+tQXAAABivvyeZQAAAQDAEgwRgIhAOnSv8UntXGhhpuS/Ow6KLrV qa2QyYMlv5rtkesHmv4mAiEA2zEb0LK4dbOeNP9BzVgArnHclMQQL75uiUqOLtYP 5a0AdgB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYr78nnMAAAE AwBHMEUCIAJp7p5HiLHjlf2fzumk+w1C4wDP2nSil8FY6eFK22khAiEAnvUe4ykK PPHTfqrr+mWtZ+rgADkPLEsnf7C7kjabZn4wDQYJKoZIhvcNAQELBQADggEBAIHy V3Zy4eLwwNTMSUQ6AeMuIZjB7lepErcARsx+px0Tj54fwHzczmAkh8lk39zWyht3 UVLmaPDwgO12ZNzr8VU0WQh85pj/g7ZSepMhBabDuf9nQvbHx1Tchzq35ho5IYa1 deeH2zwpakeNGELPcSjFOcphf64c7O8IwWNyiQY3lGZWek8Xbup+YDScBUycMQv2 SCBmvo4ijLY6JuueyQKNgSiRhaz+JTI9lFYob0upIuhtrhB+J1LsjRVlEkVc34/F WU6rMzkR+KWykIiWuRQD0/dDOy0C8eGYhU/z6wor02M2GIrM82BQmTOvo8YmJcOS POjSiyqjcxZJOunT1eE= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArl5j3dlxGb9Q+kpGTuo2 WZjeAO5TLMdPsgq3+qShbQb/is8+8NuzSfb8pDhX0pZzSIpyTfcDI4FroiT+4rq0 vy7HpcDEUN7elZiwlE7gxAUeUhih1xDdC12CBJyV2FAH/kQE3Z4+NONY1VjN06Ej elByZALRjBcH4fHs/xUpCbDPUQfxRMCK8wSVqLIzea2HICfez6gOtUTuMAL0sLVs WOx1zZmJoXJNYMmOBjjcg2PdtPf33NkAXsxNhTQOTYe3JbncORpKM6+Kx4nl59g3 OfpzgPwCdydgnNB7wsPyjCdF2QYxEWObKQHA1Xvg/cKJoMtAWbJsQTHFxFzuRfIC 3QIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 393953296156020195824205350876418795977989 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-04 17:28:06 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-02 17:28:05 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'mcstaging.schaerer.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22012010559103088091941969062174282060132276278982666067218619755157183699550799210869620294263471349842461174558474456860136919059620139898006229312913662975497743161393881980104705879185064729364358631918109231355992685006915039937750845620987525516567625826153034636534745612436553261105419238765712598017036451332693888012607139474034843101509353643418662058402508259265949007020903419355874736583262277294859423129705069996724180197482552842344023696997155529610325649160149909700913080990426219376023783493429617801326225096288118541278951384979496419753658426723442662724770054090607580666452728060952509022941 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 782b25d8862ca10990c0cf0d077753373c5bf3d1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mcstaging.schaerer.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mcstaging.wmf-950s.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'usa.mcstaging.schaerer.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.mcstaging.schaerer.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f10077003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018afbf279940000040300483046022100e9d2bfc527b571a1869b92fcec3a28bad5a9ad90c98325bf9aed91eb079afe26022100db311bd0b2b875b39e34ff41cd5800ae71dc94c4102fbe6e894a8e2ed60fe5ad00760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018afbf279cc000004030047304502200269ee9e4788b1e395fd9fcee9a4fb0d42e300cfda74a297c158e9e14adb69210221009ef51ee3290a3cf1d37eaaebfa65ad67eae000390f2c4b277fb0bb92369b667e . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0081f2577672e1e2f0c0d4cc49443a01e32e2198c1ee57a912b70046cc7ea71d138f9e1fc07cdcce602487c964dfdcd6ca1b775152e668f0f080ed7664dcebf1553459087ce698ff83b6527a932105a6c3b9ff6742f6c7c754dc873ab7e61a392186b575e787db3c296a478d1842cf7128c539ca617fae1cecef08c163728906379466567a4f176eea7e60349c054c9c310bf6482066be8e228cb63a26eb9ec9028d81289185acfe25323d9456286f4ba922e86dae107e2752ec8d156512455cdf8fc5594eab333911f8a5b2908896b91403d3f7433b2d02f1e198854ff3eb0a2bd36336188accf360509933afa3c62625c3923ce8d28b2aa37316493ae9d3d5e1