sandiegozoo100.org

Issued by R3

About this certificate

This digital certificate with serial number 04:dc:31:a2:87:51:df:55:8a:2a:d5:78:1c:68:81:bf:ba:01 was issued on by Let's Encrypt.

With 58 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=sandiegozoo100.org

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:dc:31:a2:87:51:df:55:8a:2a:d5:78:1c:68:81:bf:ba:01
Serial Number (int): 423377240518143888293278585866109488970241
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 2d:41:c6:6a:c2:33:9b:c8:9b:7d:2c:f8:97:df:67:1c:90:2b:7b:f0
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 71:aa:09:83:01:8f:79:35:83:7e:06:8a:9a:01:51:40:d1:e2:cd:dd
Fingerprint (sha256): 13:55:31:e1:45:aa:c0:99:fd:23:80:5c:20:c4:c3:29:29:ae:5e:48:77:6c:0e:b8:12:d7:d3:a4:5e:6e:94:d8

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate sandiegozoo100.org

58

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for sandiegozoo100.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

aksharlhc.nysenate.gov
alumni-directory-stg.nebrwesleyan.edu
asik.nysenate.gov
bostoto.nysenate.gov
bukumimpi.govdelivery.com
carlucci.nysenate.gov
cdn.ithaca.edu
confluencecenter.test.webservices.umich.edu
datahk.livestrong.org
dev.technology.pantheon.berkeley.edu
dilan.nysenate.gov
emang.govdelivery.com
info.cty.jhu.edu
kiemdiwosi.nysenate.gov
klein.nysenate.gov
lation.nysenate.gov
liga365.nysenate.gov
live.orie.cornell.edu
lucidmoto.nysenate.gov
marchione.nysenate.gov
mobile.test.webservices.umich.edu
mtageniustransitchallenge.ny.gov
my.ufcespanol.com
narutoshameso.nysenate.gov
new.example.pantheon.berkeley.edu
news.nysenate.gov
next.herzing.edu
nistbaldrige.blogs.govdelivery.com
nonienso.nysenate.gov
online.govdelivery.com
ontheroad.blogs.govdelivery.com
paintheon.wustl.edu
pkv-games.nysenate.gov
pntr.businessroundtable.org
polaslot.gsm.cornell.edu
prize123.blogs.govdelivery.com
rtp.nysenate.gov
sandiegozoo100.org
sbobet.nysenate.gov
senmail.nysenate.gov
slot4d.ethics3.pantheon.berkeley.edu
slotdemo1.gsm.cornell.edu
takingmeasure.blogs.govdelivery.com
test.ece.cornell.edu
tomorrow.religionnews.com
toto-macau-27.nysenate.gov
trustsite.ethics3.pantheon.berkeley.edu
tsb.com
virtual.dev.oceana.org
webforum.nysenate.gov
www.antonacci.nysenate.gov
www.arcid.uclaextension.edu
www.dilan.nysenate.gov
www.news.nysenate.gov
www.nozzolio.nysenate.gov
www.occupationalmedicine.utoronto.ca
www.th.test.ufc.com
www2.nysenate.gov

Other certificates including the domain name sandiegozoo100.org

(limited to 100 certificates)
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
sandiegozoo100.org
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
sandiegozoo100.org
sandiegozoo100.org
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
69.ufc.com
5686969954729984-fe1.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
sandiegozoo100.org
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
sandiegozoo100.org
5686969954729984-fe1.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
sandiegozoo100.com
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io
5635703144710144-fe4.pantheonsite.io
5686969954729984-fe1.pantheonsite.io

Certificate

The complete raw certificate details for sandiegozoo100.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIKvDCCCaSgAwIBAgISBNwxoodR31WKKtV4HGiBv7oBMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA5MjExODU0NDFaFw0yMzEyMjAxODU0NDBaMB0xGzAZBgNVBAMT
EnNhbmRpZWdvem9vMTAwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPSTetUdDhE6MnPQiGm9TXxT73vRxgxqyhmCNsSGQ49YNP2KVbx4s6D0Jo5I
XIH38NAy7SHHaipmcFlEUJCnQD9thhgETPCy2h0xo9vwM7lOQmRjRDD3L2t2DVoE
JPYWPtLp17r/0+L3YE/9xW8Lh+11S7ruIPnM5WzM67lPmMueLNb8qdVuPza2gKvE
/alVGAS7adVL88NryeDECF3WnjUb4Eal1qUR4IMnmg/9g6ztcFwAeGGPrE7i2PxM
boIfBtOe7KBh8IkDWupsj+np3MCwJllNJad3m1vdYgI+Yw+aocCQkqesTW69dLow
66v2CitAVJvXRR99W5kAevA0JLkCAwEAAaOCB98wggfbMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
BgNVHQ4EFgQULUHGasIzm8ibfSz4l99nHJAre/AwHwYDVR0jBBgwFoAUFC6zF7dY
VsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRw
Oi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNy
Lm9yZy8wggXnBgNVHREEggXeMIIF2oIWYWtzaGFybGhjLm55c2VuYXRlLmdvdoIl
YWx1bW5pLWRpcmVjdG9yeS1zdGcubmVicndlc2xleWFuLmVkdYIRYXNpay5ueXNl
bmF0ZS5nb3aCFGJvc3RvdG8ubnlzZW5hdGUuZ292ghlidWt1bWltcGkuZ292ZGVs
aXZlcnkuY29tghVjYXJsdWNjaS5ueXNlbmF0ZS5nb3aCDmNkbi5pdGhhY2EuZWR1
gitjb25mbHVlbmNlY2VudGVyLnRlc3Qud2Vic2VydmljZXMudW1pY2guZWR1ghVk
YXRhaGsubGl2ZXN0cm9uZy5vcmeCJGRldi50ZWNobm9sb2d5LnBhbnRoZW9uLmJl
cmtlbGV5LmVkdYISZGlsYW4ubnlzZW5hdGUuZ292ghVlbWFuZy5nb3ZkZWxpdmVy
eS5jb22CEGluZm8uY3R5LmpodS5lZHWCF2tpZW1kaXdvc2kubnlzZW5hdGUuZ292
ghJrbGVpbi5ueXNlbmF0ZS5nb3aCE2xhdGlvbi5ueXNlbmF0ZS5nb3aCFGxpZ2Ez
NjUubnlzZW5hdGUuZ292ghVsaXZlLm9yaWUuY29ybmVsbC5lZHWCFmx1Y2lkbW90
by5ueXNlbmF0ZS5nb3aCFm1hcmNoaW9uZS5ueXNlbmF0ZS5nb3aCIW1vYmlsZS50
ZXN0LndlYnNlcnZpY2VzLnVtaWNoLmVkdYIgbXRhZ2VuaXVzdHJhbnNpdGNoYWxs
ZW5nZS5ueS5nb3aCEW15LnVmY2VzcGFub2wuY29tghpuYXJ1dG9zaGFtZXNvLm55
c2VuYXRlLmdvdoIhbmV3LmV4YW1wbGUucGFudGhlb24uYmVya2VsZXkuZWR1ghFu
ZXdzLm55c2VuYXRlLmdvdoIQbmV4dC5oZXJ6aW5nLmVkdYIibmlzdGJhbGRyaWdl
LmJsb2dzLmdvdmRlbGl2ZXJ5LmNvbYIVbm9uaWVuc28ubnlzZW5hdGUuZ292ghZv
bmxpbmUuZ292ZGVsaXZlcnkuY29tgh9vbnRoZXJvYWQuYmxvZ3MuZ292ZGVsaXZl
cnkuY29tghNwYWludGhlb24ud3VzdGwuZWR1ghZwa3YtZ2FtZXMubnlzZW5hdGUu
Z292ghtwbnRyLmJ1c2luZXNzcm91bmR0YWJsZS5vcmeCGHBvbGFzbG90LmdzbS5j
b3JuZWxsLmVkdYIecHJpemUxMjMuYmxvZ3MuZ292ZGVsaXZlcnkuY29tghBydHAu
bnlzZW5hdGUuZ292ghJzYW5kaWVnb3pvbzEwMC5vcmeCE3Nib2JldC5ueXNlbmF0
ZS5nb3aCFHNlbm1haWwubnlzZW5hdGUuZ292giRzbG90NGQuZXRoaWNzMy5wYW50
aGVvbi5iZXJrZWxleS5lZHWCGXNsb3RkZW1vMS5nc20uY29ybmVsbC5lZHWCI3Rh
a2luZ21lYXN1cmUuYmxvZ3MuZ292ZGVsaXZlcnkuY29tghR0ZXN0LmVjZS5jb3Ju
ZWxsLmVkdYIZdG9tb3Jyb3cucmVsaWdpb25uZXdzLmNvbYIadG90by1tYWNhdS0y
Ny5ueXNlbmF0ZS5nb3aCJ3RydXN0c2l0ZS5ldGhpY3MzLnBhbnRoZW9uLmJlcmtl
bGV5LmVkdYIHdHNiLmNvbYIWdmlydHVhbC5kZXYub2NlYW5hLm9yZ4IVd2ViZm9y
dW0ubnlzZW5hdGUuZ292ghp3d3cuYW50b25hY2NpLm55c2VuYXRlLmdvdoIbd3d3
LmFyY2lkLnVjbGFleHRlbnNpb24uZWR1ghZ3d3cuZGlsYW4ubnlzZW5hdGUuZ292
ghV3d3cubmV3cy5ueXNlbmF0ZS5nb3aCGXd3dy5ub3p6b2xpby5ueXNlbmF0ZS5n
b3aCJHd3dy5vY2N1cGF0aW9uYWxtZWRpY2luZS51dG9yb250by5jYYITd3d3LnRo
LnRlc3QudWZjLmNvbYIRd3d3Mi5ueXNlbmF0ZS5nb3YwEwYDVR0gBAwwCjAIBgZn
gQwBAgEwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQC3Pvsk35xNunXyOcW6WPRs
XfxCz3qfNcSeHQmBJe20mQAAAYq5TxN7AAAEAwBGMEQCIFi9yE93HbQBAA/nCZ2g
ErAy8vQSGIER7KeOtuGHEPX+AiAEN2451odmhBfPu7/I5UdbzhmILQW2WmMZxeXh
blYxggB2AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABirlPE6QA
AAQDAEcwRQIhALGCwEHViaQQ+vxwWT8eNX2/tEC2Xh2gthRE+h2Eyz6SAiAxoyVs
ANhJ77Ftj0nuygUQlRjiDqp4NtigEj0TLhBKyDANBgkqhkiG9w0BAQsFAAOCAQEA
fgmYRnc7t0FZMjXotIe1JcVOwGccqpaDB7nEPwqd0j4yPGB3nu1jIBluX4IcRTPP
Vke4r6+hE+wYNuezQb2qyziOyiI4OV5IRCbKMbFiRRtM3cjElOm95kGIrf00SncU
mlbEMv+7iMv1C91FsGvLQ4JPwx+FHQ0HrScQ/6LGry86CHJ32Bww2X8OfNcyMq/M
2tAn7kYU17TuDnKtT66GNf93L95wXSAcjoAe1b6Oa4xHBuaRgwyN/hNHO5T6doEX
sfZ0JHPdfX3/UvolVjEKSSZMtM+yIVNeAFMbB5H47v/t98aMnblKtUIRVVpnwPWV
jmwNEu513hjFH3Cc42BA4w==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9JN61R0OEToyc9CIab1N
fFPve9HGDGrKGYI2xIZDj1g0/YpVvHizoPQmjkhcgffw0DLtIcdqKmZwWURQkKdA
P22GGARM8LLaHTGj2/AzuU5CZGNEMPcva3YNWgQk9hY+0unXuv/T4vdgT/3FbwuH
7XVLuu4g+czlbMzruU+Yy54s1vyp1W4/NraAq8T9qVUYBLtp1Uvzw2vJ4MQIXdae
NRvgRqXWpRHggyeaD/2DrO1wXAB4YY+sTuLY/Exugh8G057soGHwiQNa6myP6enc
wLAmWU0lp3ebW91iAj5jD5qhwJCSp6xNbr10ujDrq/YKK0BUm9dFH31bmQB68DQk
uQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 423377240518143888293278585866109488970241
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-21 18:54:41 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-20 18:54:40 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'sandiegozoo100.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30874871418674330599856582475032938667375268619443001630863980336265595132255055319191643458111097912849518683644418268103987213994455977559607858848119842980533392049063729003920357542074988987461137585846020662431659934377838370289619002655875385799518291331039036698807426681817568646147255938646103126008097680224992782780625624378043298116774876838353123724342507002380006971784078794529182989372683470709944523843444459913842097363110245276310289984800758291731507727636966622104526315616493280025870076217545288249244971934789372294783507838417764757756356243493322858302549568740438214483485562672125977044153
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							2d41c66ac2339bc89b7d2cf897df671c902b7bf0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1502 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aksharlhc.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'alumni-directory-stg.nebrwesleyan.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'asik.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bostoto.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bukumimpi.govdelivery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'carlucci.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdn.ithaca.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'confluencecenter.test.webservices.umich.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'datahk.livestrong.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.technology.pantheon.berkeley.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dilan.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'emang.govdelivery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'info.cty.jhu.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kiemdiwosi.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'klein.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lation.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'liga365.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'live.orie.cornell.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lucidmoto.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'marchione.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mobile.test.webservices.umich.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mtageniustransitchallenge.ny.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'my.ufcespanol.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'narutoshameso.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'new.example.pantheon.berkeley.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'news.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'next.herzing.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nistbaldrige.blogs.govdelivery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nonienso.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'online.govdelivery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ontheroad.blogs.govdelivery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'paintheon.wustl.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pkv-games.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pntr.businessroundtable.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'polaslot.gsm.cornell.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prize123.blogs.govdelivery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rtp.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandiegozoo100.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sbobet.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'senmail.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'slot4d.ethics3.pantheon.berkeley.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'slotdemo1.gsm.cornell.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'takingmeasure.blogs.govdelivery.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.ece.cornell.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tomorrow.religionnews.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'toto-macau-27.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'trustsite.ethics3.pantheon.berkeley.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tsb.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'virtual.dev.oceana.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webforum.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.antonacci.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.arcid.uclaextension.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dilan.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.news.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.nozzolio.nysenate.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.occupationalmedicine.utoronto.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.th.test.ufc.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www2.nysenate.gov'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007500b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb4990000018ab94f137b0000040300463044022058bdc84f771db401000fe7099da012b032f2f412188111eca78eb6e18710f5fe022004376e39d687668417cfbbbfc8e5475bce19882d05b65a6319c5e5e16e5631820076007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb520000018ab94f13a40000040300473045022100b182c041d589a410fafc70593f1e357dbfb440b65e1da0b61444fa1d84cb3e92022031a3256c00d849efb16d8f49eeca05109518e20eaa7836d8a0123d132e104ac8
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		007e099846773bb741593235e8b487b525c54ec0671caa968307b9c43f0a9dd23e323c60779eed6320196e5f821c4533cf5647b8afafa113ec1836e7b341bdaacb388eca2238395e484426ca31b162451b4cddc8c494e9bde64188adfd344a77149a56c432ffbb88cbf50bdd45b06bcb43824fc31f851d0d07ad2710ffa2c6af2f3a087277d81c30d97f0e7cd73232afccdad027ee4614d7b4ee0e72ad4fae8635ff772fde705d201c8e801ed5be8e6b8c4706e691830c8dfe13473b94fa768117b1f6742473dd7d7dff52fa2556310a49264cb4cfb221535e00531b0791f8eeffedf7c68c9db94ab54211555a67c0f5958e6c0d12ee75de18c51f709ce36040e3