bo.opacweb.io

Issued by R3

About this certificate

This digital certificate with serial number 03:11:07:6f:33:ca:5f:12:59:3f:ae:8a:e1:6e:ef:1b:d5:0b was issued on by Let's Encrypt.

With 91 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=bo.opacweb.io

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 03:11:07:6f:33:ca:5f:12:59:3f:ae:8a:e1:6e:ef:1b:d5:0b
Serial Number (int): 267131540024294887467905867993330329834763
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 16:ca:27:d5:be:c4:06:fe:e4:ed:db:3c:97:a1:87:a7:d6:ae:68:68
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 6e:fc:1f:9e:d4:75:58:5d:5c:12:85:e3:d0:28:d1:79:95:57:6c:df
Fingerprint (sha256): 19:ac:3b:8c:b2:b0:22:1e:d3:a6:dd:92:b5:81:a8:5c:81:49:80:74:e3:60:80:12:ec:73:75:bb:31:09:f1:02

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate bo.opacweb.io

91

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for bo.opacweb.io

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

augustins.opacweb.io
bo.opacweb.io
bota-collections.museum-grenoble.fr
botanique-museum-angers.opacweb.io
capc-bordeaux.opacweb.fr
catzarts.beauxartsparis.fr
centrederessources.museedelaposte.fr
charles-negre.opacweb.io
cite-de-la-ceramique.opacweb.io
collection-museumtoulouse.opacweb.io
collections-mba.nancy.fr
collections-musees.cholet.fr
collections-musees.nyon.ch
collections-resistance.limoges.fr
collections.domaine-de-sceaux.hauts-de-seine.fr
collections.mahn.ch
collections.mba-lyon.fr
collections.mba-pau.opacweb.io
collections.mbaq.fr
collections.musee-art-industrie.saint-etienne.fr
collections.museedelaposte.fr
collections.musees-dunkerque.eu
collections.musees.marseille.fr
collections.museum-grenoble.fr
collections.museum-histoirenaturelle.opacweb.io
collections.museumaquariumdenancy.eu
collections.vallee-aux-loups.hauts-de-seine.fr
collectionsmusees.vaucluse.fr
collectionspatrimoniales.monnaiedeparis.fr
demo.opacweb.io
documentation-sarreguemines.opacweb.io
documentationmusees.vaucluse.fr
dulama.opacweb.io
ensba.opacweb.io
espacebrassens.ville-sete.opacweb.io
ferudessciences.opacweb.io
geologie-museum-angers.opacweb.io
mba-pau.opacweb.fr
mhc-opacweb.lille.fr
mian-anatole-jakovsky.opacweb.io
min-collections.museum-grenoble.fr
mobydoc.opacweb.fr
modydev.opacweb.io
musba-bordeaux-bibliotheque.opacweb.fr
musba-bordeaux.opacweb.fr
musee-antoine-vivenel.opacweb.fr
musee-aquitaine.opacweb.fr
musee-breton-oai.finistere.fr
musee-breton.finistere.fr
musee-carouge.opacweb.io
musee-cheret.opacweb.io
musee-cimiez.opacweb.io
musee-de-la-figurine-historique-compiegne.opacweb.fr
musee-des-arts-anciens.collections.opacweb.io
musee-evreux.opacweb.io
musee-goupil.opacweb.fr
musee-leondierx.opacweb.io
musee-massena.opacweb.io
musee-matisse.opacweb.io
musee-test.opacweb.io
musee-villele.opacweb.io
museeducheval.opacweb.io
museenouvellecaledonie-collections.gouv.nc
museenouvellecaledonie-ipkd.gouv.nc
musees.aude.opacweb.io
musees.boulognebillancourt.com
musees.ville-poissy.fr
museesaintquentinenyvelines.opacweb.io
museeseburomagus.aude.opacweb.io
museespetiet.aude.opacweb.io
museum-angers.opacweb.io
museum.auxerre.fr
museumtoulouse.opacweb.io
ow-mba.angers.fr
palais-lascaris.opacweb.io
paleo-collections.museum-grenoble.fr
pba-opacweb.lille.fr
peterboroughmuseum.opacweb.io
prehistoire-museum-angers.opacweb.io
provincedenamur-collection.opacweb.fr
sarreguemines-museum.opacweb.io
terra-amata.opacweb.io
www.augustins.org
www.collections-musee-rops.be
www.collections.musee-art-industrie.saint-etienne.fr
www.lemiv.fr
www.memoire14-45.eu
www.musee-conde.fr
www.museegoya.fr
www.sarreguemines-museum.fr
zoo-collections.museum-grenoble.fr

Other certificates including the domain name opacweb.io

(limited to 100 certificates)
bo.opacweb.io
bo.opacweb.io
bo.opacweb.io

Certificate

The complete raw certificate details for bo.opacweb.io in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIPoDCCDoigAwIBAgISAxEHbzPKXxJZP66K4W7vG9ULMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDA0MjQwOTQ2MjBaFw0yNDA3MjMwOTQ2MTlaMBgxFjAUBgNVBAMT
DWJvLm9wYWN3ZWIuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf
zvqgou58wTp4vSFS9EJHncBzO0oM610ln60GHYbbvw81bRW0IeQyn7gWDtJPFkZy
dcKyBVAPQwwyt+521cBhZQdCS4D/EQn9X6Ewp3/GkMSEd6NdC/mOYgduwV1fQOgU
sSD3rS4Gk15VH6NvrvssHJD/LHA9sqdHUUHB72H+AypUjTHndU/ahIKl2/uaNadz
bNKj7YVpwJ0L5XMLpFafjT5OzmKIpIdEcxM0AFWw1TCkImSlxSVocJHDG30OF7ZJ
C6ynr2ie9GUhFh2eENAJQAHiwXZY9j0iSMDBMLKQEdViOeAmNiet8blFpkNdeK9k
i7fMVDTnocfPNjqKMiLDAgMBAAGjggzIMIIMxDAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
BBYEFBbKJ9W+xAb+5O3bPJehh6fWrmhoMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
MIIKzwYDVR0RBIIKxjCCCsKCFGF1Z3VzdGlucy5vcGFjd2ViLmlvgg1iby5vcGFj
d2ViLmlvgiNib3RhLWNvbGxlY3Rpb25zLm11c2V1bS1ncmVub2JsZS5mcoIiYm90
YW5pcXVlLW11c2V1bS1hbmdlcnMub3BhY3dlYi5pb4IYY2FwYy1ib3JkZWF1eC5v
cGFjd2ViLmZyghpjYXR6YXJ0cy5iZWF1eGFydHNwYXJpcy5mcoIkY2VudHJlZGVy
ZXNzb3VyY2VzLm11c2VlZGVsYXBvc3RlLmZyghhjaGFybGVzLW5lZ3JlLm9wYWN3
ZWIuaW+CH2NpdGUtZGUtbGEtY2VyYW1pcXVlLm9wYWN3ZWIuaW+CJGNvbGxlY3Rp
b24tbXVzZXVtdG91bG91c2Uub3BhY3dlYi5pb4IYY29sbGVjdGlvbnMtbWJhLm5h
bmN5LmZyghxjb2xsZWN0aW9ucy1tdXNlZXMuY2hvbGV0LmZyghpjb2xsZWN0aW9u
cy1tdXNlZXMubnlvbi5jaIIhY29sbGVjdGlvbnMtcmVzaXN0YW5jZS5saW1vZ2Vz
LmZygi9jb2xsZWN0aW9ucy5kb21haW5lLWRlLXNjZWF1eC5oYXV0cy1kZS1zZWlu
ZS5mcoITY29sbGVjdGlvbnMubWFobi5jaIIXY29sbGVjdGlvbnMubWJhLWx5b24u
ZnKCHmNvbGxlY3Rpb25zLm1iYS1wYXUub3BhY3dlYi5pb4ITY29sbGVjdGlvbnMu
bWJhcS5mcoIwY29sbGVjdGlvbnMubXVzZWUtYXJ0LWluZHVzdHJpZS5zYWludC1l
dGllbm5lLmZygh1jb2xsZWN0aW9ucy5tdXNlZWRlbGFwb3N0ZS5mcoIfY29sbGVj
dGlvbnMubXVzZWVzLWR1bmtlcnF1ZS5ldYIfY29sbGVjdGlvbnMubXVzZWVzLm1h
cnNlaWxsZS5mcoIeY29sbGVjdGlvbnMubXVzZXVtLWdyZW5vYmxlLmZygi9jb2xs
ZWN0aW9ucy5tdXNldW0taGlzdG9pcmVuYXR1cmVsbGUub3BhY3dlYi5pb4IkY29s
bGVjdGlvbnMubXVzZXVtYXF1YXJpdW1kZW5hbmN5LmV1gi5jb2xsZWN0aW9ucy52
YWxsZWUtYXV4LWxvdXBzLmhhdXRzLWRlLXNlaW5lLmZygh1jb2xsZWN0aW9uc211
c2Vlcy52YXVjbHVzZS5mcoIqY29sbGVjdGlvbnNwYXRyaW1vbmlhbGVzLm1vbm5h
aWVkZXBhcmlzLmZygg9kZW1vLm9wYWN3ZWIuaW+CJmRvY3VtZW50YXRpb24tc2Fy
cmVndWVtaW5lcy5vcGFjd2ViLmlvgh9kb2N1bWVudGF0aW9ubXVzZWVzLnZhdWNs
dXNlLmZyghFkdWxhbWEub3BhY3dlYi5pb4IQZW5zYmEub3BhY3dlYi5pb4IkZXNw
YWNlYnJhc3NlbnMudmlsbGUtc2V0ZS5vcGFjd2ViLmlvghpmZXJ1ZGVzc2NpZW5j
ZXMub3BhY3dlYi5pb4IhZ2VvbG9naWUtbXVzZXVtLWFuZ2Vycy5vcGFjd2ViLmlv
ghJtYmEtcGF1Lm9wYWN3ZWIuZnKCFG1oYy1vcGFjd2ViLmxpbGxlLmZygiBtaWFu
LWFuYXRvbGUtamFrb3Zza3kub3BhY3dlYi5pb4IibWluLWNvbGxlY3Rpb25zLm11
c2V1bS1ncmVub2JsZS5mcoISbW9ieWRvYy5vcGFjd2ViLmZyghJtb2R5ZGV2Lm9w
YWN3ZWIuaW+CJm11c2JhLWJvcmRlYXV4LWJpYmxpb3RoZXF1ZS5vcGFjd2ViLmZy
ghltdXNiYS1ib3JkZWF1eC5vcGFjd2ViLmZygiBtdXNlZS1hbnRvaW5lLXZpdmVu
ZWwub3BhY3dlYi5mcoIabXVzZWUtYXF1aXRhaW5lLm9wYWN3ZWIuZnKCHW11c2Vl
LWJyZXRvbi1vYWkuZmluaXN0ZXJlLmZyghltdXNlZS1icmV0b24uZmluaXN0ZXJl
LmZyghhtdXNlZS1jYXJvdWdlLm9wYWN3ZWIuaW+CF211c2VlLWNoZXJldC5vcGFj
d2ViLmlvghdtdXNlZS1jaW1pZXoub3BhY3dlYi5pb4I0bXVzZWUtZGUtbGEtZmln
dXJpbmUtaGlzdG9yaXF1ZS1jb21waWVnbmUub3BhY3dlYi5mcoItbXVzZWUtZGVz
LWFydHMtYW5jaWVucy5jb2xsZWN0aW9ucy5vcGFjd2ViLmlvghdtdXNlZS1ldnJl
dXgub3BhY3dlYi5pb4IXbXVzZWUtZ291cGlsLm9wYWN3ZWIuZnKCGm11c2VlLWxl
b25kaWVyeC5vcGFjd2ViLmlvghhtdXNlZS1tYXNzZW5hLm9wYWN3ZWIuaW+CGG11
c2VlLW1hdGlzc2Uub3BhY3dlYi5pb4IVbXVzZWUtdGVzdC5vcGFjd2ViLmlvghht
dXNlZS12aWxsZWxlLm9wYWN3ZWIuaW+CGG11c2VlZHVjaGV2YWwub3BhY3dlYi5p
b4IqbXVzZWVub3V2ZWxsZWNhbGVkb25pZS1jb2xsZWN0aW9ucy5nb3V2Lm5jgiNt
dXNlZW5vdXZlbGxlY2FsZWRvbmllLWlwa2QuZ291di5uY4IWbXVzZWVzLmF1ZGUu
b3BhY3dlYi5pb4IebXVzZWVzLmJvdWxvZ25lYmlsbGFuY291cnQuY29tghZtdXNl
ZXMudmlsbGUtcG9pc3N5LmZygiZtdXNlZXNhaW50cXVlbnRpbmVueXZlbGluZXMu
b3BhY3dlYi5pb4IgbXVzZWVzZWJ1cm9tYWd1cy5hdWRlLm9wYWN3ZWIuaW+CHG11
c2Vlc3BldGlldC5hdWRlLm9wYWN3ZWIuaW+CGG11c2V1bS1hbmdlcnMub3BhY3dl
Yi5pb4IRbXVzZXVtLmF1eGVycmUuZnKCGW11c2V1bXRvdWxvdXNlLm9wYWN3ZWIu
aW+CEG93LW1iYS5hbmdlcnMuZnKCGnBhbGFpcy1sYXNjYXJpcy5vcGFjd2ViLmlv
giRwYWxlby1jb2xsZWN0aW9ucy5tdXNldW0tZ3Jlbm9ibGUuZnKCFHBiYS1vcGFj
d2ViLmxpbGxlLmZygh1wZXRlcmJvcm91Z2htdXNldW0ub3BhY3dlYi5pb4IkcHJl
aGlzdG9pcmUtbXVzZXVtLWFuZ2Vycy5vcGFjd2ViLmlvgiVwcm92aW5jZWRlbmFt
dXItY29sbGVjdGlvbi5vcGFjd2ViLmZygh9zYXJyZWd1ZW1pbmVzLW11c2V1bS5v
cGFjd2ViLmlvghZ0ZXJyYS1hbWF0YS5vcGFjd2ViLmlvghF3d3cuYXVndXN0aW5z
Lm9yZ4Idd3d3LmNvbGxlY3Rpb25zLW11c2VlLXJvcHMuYmWCNHd3dy5jb2xsZWN0
aW9ucy5tdXNlZS1hcnQtaW5kdXN0cmllLnNhaW50LWV0aWVubmUuZnKCDHd3dy5s
ZW1pdi5mcoITd3d3Lm1lbW9pcmUxNC00NS5ldYISd3d3Lm11c2VlLWNvbmRlLmZy
ghB3d3cubXVzZWVnb3lhLmZyght3d3cuc2FycmVndWVtaW5lcy1tdXNldW0uZnKC
Inpvby1jb2xsZWN0aW9ucy5tdXNldW0tZ3Jlbm9ibGUuZnIwEwYDVR0gBAwwCjAI
BgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgAZmBBxCfDWUi4wgNKe
P2S7g24ozPkPUo7u385KPxa0ygAAAY8PtquPAAAEAwBHMEUCIBzxBdj6inELKnjL
uHfsfsnCk0ou+eYwryQPQjaAoOp2AiEAiLaBF7MQZwHO2heMeG5LskKDGvMkPinw
rYQH7wh6gdQAdgBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAY8P
trEUAAAEAwBHMEUCIH9QgYeW412PeZu3v1C8566VsZBZcX7Y0o2kw3YrAODrAiEA
zkKiOVPnXx4IWwRjIjC/Ou+NkkWEUjzkMhUBIUePNcswDQYJKoZIhvcNAQELBQAD
ggEBAIqUUX4aC2HTqEivR56BO4+vUMgoJ2kfKS0FrvGPKNLK3CNq7TfQahhu2yrP
Xauurypa2jZQzlv2vSJbo/nY6n3jyiTQsDCNv65WkOwNCU+6hSYb81VuwPHVW8Oo
IgcQlTTCEWBIe6eSwNjsJK9VP3ufTVcarV4jYDKyIrDqm3ywPLDz0J/QpNI8kkl4
jytc3g/R2ehILy5Ne5WMPtbBtm+fFtqBmh+pc3P2hjPVbWI3ISXpRqWnmf4uCcCm
osWhkiBbFhjKIVoEsGlz7Qj09+dsCNXWq3NLvT5Lxo2naYQ/jvsLqG8K6ZvVrY3y
emiFz9tCFcyZx5EzIfnBeOdpOP4=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn876oKLufME6eL0hUvRC
R53AcztKDOtdJZ+tBh2G278PNW0VtCHkMp+4Fg7STxZGcnXCsgVQD0MMMrfudtXA
YWUHQkuA/xEJ/V+hMKd/xpDEhHejXQv5jmIHbsFdX0DoFLEg960uBpNeVR+jb677
LByQ/yxwPbKnR1FBwe9h/gMqVI0x53VP2oSCpdv7mjWnc2zSo+2FacCdC+VzC6RW
n40+Ts5iiKSHRHMTNABVsNUwpCJkpcUlaHCRwxt9Dhe2SQusp69onvRlIRYdnhDQ
CUAB4sF2WPY9IkjAwTCykBHVYjngJjYnrfG5RaZDXXivZIu3zFQ056HHzzY6ijIi
wwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 267131540024294887467905867993330329834763
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-24 09:46:20 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-23 09:46:19 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'bo.opacweb.io'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20173955645238668405954445775280316825523950281580989986092784587958085585259971245900438583082146548789961628604686868903477550878464077765844830368395121418801476962444168632400660368809396813926837952495658775844734309059542740094613569895513020320945472663647371705585643615223712745067736862186898411587667631866527303260136776925800628128052406472234473160583315319577248801210609235422181227870710970670741749473423310778964056358547318214064880916624765645568905045398524182648019466330335210911723237729437374610251938249860126865438276506600766133174775948454746649172304398615627909328243598427829688214211
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							16ca27d5bec406fee4eddb3c97a187a7d6ae6868
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2758 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'augustins.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bo.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bota-collections.museum-grenoble.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'botanique-museum-angers.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'capc-bordeaux.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'catzarts.beauxartsparis.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'centrederessources.museedelaposte.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'charles-negre.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cite-de-la-ceramique.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collection-museumtoulouse.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections-mba.nancy.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections-musees.cholet.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections-musees.nyon.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections-resistance.limoges.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.domaine-de-sceaux.hauts-de-seine.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.mahn.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.mba-lyon.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.mba-pau.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.mbaq.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.musee-art-industrie.saint-etienne.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.museedelaposte.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.musees-dunkerque.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.musees.marseille.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.museum-grenoble.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.museum-histoirenaturelle.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.museumaquariumdenancy.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collections.vallee-aux-loups.hauts-de-seine.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collectionsmusees.vaucluse.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'collectionspatrimoniales.monnaiedeparis.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'demo.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'documentation-sarreguemines.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'documentationmusees.vaucluse.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dulama.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ensba.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'espacebrassens.ville-sete.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ferudessciences.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'geologie-museum-angers.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mba-pau.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mhc-opacweb.lille.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mian-anatole-jakovsky.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'min-collections.museum-grenoble.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mobydoc.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'modydev.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musba-bordeaux-bibliotheque.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musba-bordeaux.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-antoine-vivenel.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-aquitaine.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-breton-oai.finistere.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-breton.finistere.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-carouge.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-cheret.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-cimiez.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-de-la-figurine-historique-compiegne.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-des-arts-anciens.collections.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-evreux.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-goupil.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-leondierx.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-massena.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-matisse.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-test.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musee-villele.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museeducheval.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museenouvellecaledonie-collections.gouv.nc'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museenouvellecaledonie-ipkd.gouv.nc'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musees.aude.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musees.boulognebillancourt.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'musees.ville-poissy.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museesaintquentinenyvelines.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museeseburomagus.aude.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museespetiet.aude.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museum-angers.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museum.auxerre.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'museumtoulouse.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ow-mba.angers.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'palais-lascaris.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'paleo-collections.museum-grenoble.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'pba-opacweb.lille.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'peterboroughmuseum.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prehistoire-museum-angers.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'provincedenamur-collection.opacweb.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sarreguemines-museum.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'terra-amata.opacweb.io'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.augustins.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.collections-musee-rops.be'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.collections.musee-art-industrie.saint-etienne.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.lemiv.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.memoire14-45.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.musee-conde.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.museegoya.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sarreguemines-museum.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'zoo-collections.museum-grenoble.fr'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f00076001998107109f0d6522e3080d29e3f64bb836e28ccf90f528eeedfce4a3f16b4ca0000018f0fb6ab8f000004030047304502201cf105d8fa8a710b2a78cbb877ec7ec9c2934a2ef9e630af240f423680a0ea7602210088b68117b3106701ceda178c786e4bb242831af3243e29f0ad8407ef087a81d400760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018f0fb6b114000004030047304502207f50818796e35d8f799bb7bf50bce7ae95b19059717ed8d28da4c3762b00e0eb022100ce42a23953e75f1e085b04632230bf3aef8d924584523ce432150121478f35cb
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		008a94517e1a0b61d3a848af479e813b8faf50c82827691f292d05aef18f28d2cadc236aed37d06a186edb2acf5dabaeaf2a5ada3650ce5bf6bd225ba3f9d8ea7de3ca24d0b0308dbfae5690ec0d094fba85261bf3556ec0f1d55bc3a82207109534c21160487ba792c0d8ec24af553f7b9f4d571aad5e236032b222b0ea9b7cb03cb0f3d09fd0a4d23c9249788f2b5cde0fd1d9e8482f2e4d7b958c3ed6c1b66f9f16da819a1fa97373f68633d56d62372125e946a5a799fe2e09c0a6a2c5a192205b1618ca215a04b06973ed08f4f7e76c08d5d6ab734bbd3e4bc68da769843f8efb0ba86f0ae99bd5ad8df27a6885cfdb4215cc99c7913321f9c178e76938fe