www.test.usatoday.com
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:b2:bd:7e:2e:a3:4e:d9:36:c9:55:79:98:ce:6e:c1:23:64 was issued on by Let's Encrypt.
With 5 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=www.test.usatoday.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:b2:bd:7e:2e:a3:4e:d9:36:c9:55:79:98:ce:6e:c1:23:64Serial Number (int): 322158998373744745608804985582350118232932
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 4a:96:83:41:c3:5e:5e:3c:f8:2d:6d:9c:49:ff:db:f0:08:45:ef:2a
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): d5:32:2c:bb:e9:de:e9:08:ed:82:1e:a7:8f:0b:a5:93:03:1e:31:8f
Fingerprint (sha256): 11:cf:c7:68:71:2c:bc:10:b2:25:56:24:dc:70:46:0d:b3:06:f5:d9:da:4e:29:20:20:83:b6:14:e0:ce:5d:ca
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate www.test.usatoday.com
5
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for www.test.usatoday.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.gannett-cdn.com
*.gannettdigital.com
*.gcion.com
*.indystar.com
www.test.usatoday.com
*.gannettdigital.com
*.gcion.com
*.indystar.com
www.test.usatoday.com
Other certificates including the domain name usatoday.com
(limited to 100 certificates)
ydr.com
gannett.com
ugaforum.usatoday.com
gannett.com
classroom.synonym.com
cdn-le4.arkadiumhosted.com
hoosiertimes.com
columbiatribune.com
amestrib.com
southernkitchen.com
golftips.golfweek.usatoday.com
recordnet.com
echo-pilot.com
reporternews.com
gadsdentimes.com
*.scsun-news.com
the-daily-record.com
*.usatodaynetwork.com
chiefsforum.usatoday.com
the-review.com
examiner-enterprise.com
coloradoan.com
dnj.com
mycentraljersey.com
journalstandard.com
gannett.com
tcpalm.com
cantondailyledger.com
siskiyoudaily.com
coloradoan.com
tricountyindependent.com
*.gannett.com
secure17.nexternal.com
adelnews.com
sussexcountian.com
reviewatlas.com
jobs.thejobnetwork.com
news-press.com
providencejournal.com
scsuntimes.com
games.usatoday.com
hollandsentinel.com
marionstar.com
mt-edge-b.3scale.net
classroom.synonym.com
savannahnow.com
gannett.com
san-005.ceros.com
dnj.com
paris-express.com
gannett.com
patriotledger.com
dailyamerican.com
progress-index.com
cdn-le5.arkadiumhosted.com
*.scsun-news.com
secure12.nexternal.com
mtshastanews.com
delawareonline.com
journalstandard.com
rgj.com
databases.floridatoday.com
giantsforum.usatoday.com
secure17.nexternal.com
draftwire.usatoday.com
ftw.usatoday.com
gannett.com
wickedlocal.com
br.bikeradar.com
the-leader.com
sentinel-standard.com
ydr.com
wickedlocal.com
ndinsider.com
gannett.com
newarkadvocate.com
billswire.usatoday.com
gannett.com
blackmountainnews.com
cdn-le4.arkadiumhosted.com
*.gannett.com
mortontimesnews.com
celticswire.usatoday.com
gosanangelo.com
marionstar.com
duckswire.usatoday.com
getcreative.usatoday.com
chillicothetimesbulletin.com
gainesville.com
timesonline.com
cdn-le4.arkadiumhosted.com
gannett.com
gannett.com
hockessincommunitynews.com
lebronwire.usatoday.com
classroom.synonym.com
cdn-le4.arkadiumhosted.com
gannett.com
ruidosonews.com
fightingirishforum.usatoday.com
gannett.com
ugaforum.usatoday.com
gannett.com
classroom.synonym.com
cdn-le4.arkadiumhosted.com
hoosiertimes.com
columbiatribune.com
amestrib.com
southernkitchen.com
golftips.golfweek.usatoday.com
recordnet.com
echo-pilot.com
reporternews.com
gadsdentimes.com
*.scsun-news.com
the-daily-record.com
*.usatodaynetwork.com
chiefsforum.usatoday.com
the-review.com
examiner-enterprise.com
coloradoan.com
dnj.com
mycentraljersey.com
journalstandard.com
gannett.com
tcpalm.com
cantondailyledger.com
siskiyoudaily.com
coloradoan.com
tricountyindependent.com
*.gannett.com
secure17.nexternal.com
adelnews.com
sussexcountian.com
reviewatlas.com
jobs.thejobnetwork.com
news-press.com
providencejournal.com
scsuntimes.com
games.usatoday.com
hollandsentinel.com
marionstar.com
mt-edge-b.3scale.net
classroom.synonym.com
savannahnow.com
gannett.com
san-005.ceros.com
dnj.com
paris-express.com
gannett.com
patriotledger.com
dailyamerican.com
progress-index.com
cdn-le5.arkadiumhosted.com
*.scsun-news.com
secure12.nexternal.com
mtshastanews.com
delawareonline.com
journalstandard.com
rgj.com
databases.floridatoday.com
giantsforum.usatoday.com
secure17.nexternal.com
draftwire.usatoday.com
ftw.usatoday.com
gannett.com
wickedlocal.com
br.bikeradar.com
the-leader.com
sentinel-standard.com
ydr.com
wickedlocal.com
ndinsider.com
gannett.com
newarkadvocate.com
billswire.usatoday.com
gannett.com
blackmountainnews.com
cdn-le4.arkadiumhosted.com
*.gannett.com
mortontimesnews.com
celticswire.usatoday.com
gosanangelo.com
marionstar.com
duckswire.usatoday.com
getcreative.usatoday.com
chillicothetimesbulletin.com
gainesville.com
timesonline.com
cdn-le4.arkadiumhosted.com
gannett.com
gannett.com
hockessincommunitynews.com
lebronwire.usatoday.com
classroom.synonym.com
cdn-le4.arkadiumhosted.com
gannett.com
ruidosonews.com
fightingirishforum.usatoday.com
Certificate
The complete raw certificate details for www.test.usatoday.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFqDCCBJCgAwIBAgISA7K9fi6jTtk2yVV5mM5uwSNkMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDAzMzEwMDU4NTlaFw0y MDA2MjkwMDU4NTlaMCAxHjAcBgNVBAMTFXd3dy50ZXN0LnVzYXRvZGF5LmNvbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANS09NJ6l8yeyjUmmks7ThER MF3KaLlXr0ezIFLTsuSKJ/cIeXBLYt0ShP0612Vh0+v442Yt18hLqpXhEVL9dZZC C3VKUY1TUX0HeytJynQTIP48YNXw+79k/O/NTGhc2YN58M1ugsjcnDDuV7wblifO GkpjmJV4ZrSTjtOjdTLueHA5x3bS4JmS7L9eqb/+BpRMkVQ0AGV5GTtEiDNSdCpU eAUVEbgMadQwtrGjQHvcETn2M9X/znl7tF3MHOPRZNCzQge1soTrS1gyOKac//3A 6ws4Bnp46Bti+pi58DEyUJQntWe+412vtNaAg/uCRtuM9xDZ4bXfv3nLAKSlY/sC AwEAAaOCArAwggKsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUSpaDQcNeXjz4LW2c Sf/b8AhF7yowHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYB BQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2Vu Y3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2Vu Y3J5cHQub3JnLzBmBgNVHREEXzBdghEqLmdhbm5ldHQtY2RuLmNvbYIUKi5nYW5u ZXR0ZGlnaXRhbC5jb22CCyouZ2Npb24uY29tgg4qLmluZHlzdGFyLmNvbYIVd3d3 LnRlc3QudXNhdG9kYXkuY29tMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQB gt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3Jn MIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA8JWkWfIA0YJAEC0vk4iOrUv+HUfj meHQNKawqKqOsnMAAAFxLlAxygAABAMARzBFAiBwgRmXiZFU9h70frB0Xy46tOM8 SAQVYKtFbf/k917P+QIhAKulXZJK5avc1ma4d/9odYoiE44pdPcEeq4qgWpdAbaV AHYAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFxLlAxvwAABAMA RzBFAiBy/2d4X1uZfgS1cYCTNV2GU/BrQ9xbTbVfGDIDfJF7GQIhAMm1wNtqI956 C0orGx6F1bDx9MdnCV4IrI5W5n7N+bdDMA0GCSqGSIb3DQEBCwUAA4IBAQCK4QfW VHfq6c6HdC0E5NLspT4DJ6M7rOSgxHm+8WN8QFJf46vJ3WnjUKIR+yZXMtbDGfJs 25WeAII1so9raBI3D4rrBJBnlzAmSAwZn0nwecZGZMvKH1ituzOMkFIm87j4Tncp Od4PqiUrvZBzLnqLu/yhb0ncgtlLy1dB/zS2XTWTPPvr4Tg3fAhIWdVTc9YxgWuP 4eNwarxHQ3FpmdHHrz4mc33qdB+a5dCMVx5q0e3QuIXLuolhL+om1dUau92gzS5p SxHcPsCeAdGSgCgmec2bmA6Ukwrf0f7Fc2XtpYV5n9d+ifCt9X3SXhKl0qqNQGJD GhUClksSu7+OddPk -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LT00nqXzJ7KNSaaSztO EREwXcpouVevR7MgUtOy5Ion9wh5cEti3RKE/TrXZWHT6/jjZi3XyEuqleERUv11 lkILdUpRjVNRfQd7K0nKdBMg/jxg1fD7v2T8781MaFzZg3nwzW6CyNycMO5XvBuW J84aSmOYlXhmtJOO06N1Mu54cDnHdtLgmZLsv16pv/4GlEyRVDQAZXkZO0SIM1J0 KlR4BRURuAxp1DC2saNAe9wROfYz1f/OeXu0Xcwc49Fk0LNCB7WyhOtLWDI4ppz/ /cDrCzgGenjoG2L6mLnwMTJQlCe1Z77jXa+01oCD+4JG24z3ENnhtd+/ecsApKVj +wIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 322158998373744745608804985582350118232932 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-31 00:58:59 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-06-29 00:58:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.test.usatoday.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26851753548163485026757075777854657032765428367654534559083504565592029347742040267996811808452060154711267982623311633330033012259021913382849500236312627396612315981985664125402115817294455472021964827185885247987899652326953831393058979692504800853737062835603434006366145444217860430059836622886516283910475044385391798072161493673373518369070788042912534461843293733739434888546846593432046603261669620898488281397947551901845706158944448452964317315388266548007057970786104101965304987947701844021050330698644850570317120720482608868499017508862640251075284801242164058751155000443590423052433711959483642897403 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 4a968341c35e5e3cf82d6d9c49ffdbf00845ef2a . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (95 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gannett-cdn.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gannettdigital.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.gcion.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.indystar.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.test.usatoday.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f0007600f095a459f200d18240102d2f93888ead4bfe1d47e399e1d034a6b0a8aa8eb273000001712e5031ca0000040300473045022070811997899154f61ef47eb0745f2e3ab4e33c48041560ab456dffe4f75ecff9022100aba55d924ae5abdcd666b877ff68758a22138e2974f7047aae2a816a5d01b695007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e000001712e5031bf0000040300473045022072ff67785f5b997e04b5718093355d8653f06b43dc5b4db55f1832037c917b19022100c9b5c0db6a23de7a0b4a2b1b1e85d5b0f1f4c767095e08ac8e56e67ecdf9b743 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 008ae107d65477eae9ce87742d04e4d2eca53e0327a33bace4a0c479bef1637c40525fe3abc9dd69e350a211fb265732d6c319f26cdb959e008235b28f6b6812370f8aeb049067973026480c199f49f079c64664cbca1f58adbb338c905226f3b8f84e772939de0faa252bbd90732e7a8bbbfca16f49dc82d94bcb5741ff34b65d35933cfbebe138377c084859d55373d631816b8fe1e3706abc4743716999d1c7af3e26737dea741f9ae5d08c571e6ad1edd0b885cbba89612fea26d5d51abbdda0cd2e694b11dc3ec09e01d19280282679cd9b980e94930adfd1fec57365eda585799fd77e89f0adf57dd25e12a5d2aa8d4062431a1502964b12bbbf8e75d3e4