clientexperience.kpmg.com.br

Issued by R3

About this certificate

This digital certificate with serial number 03:36:d0:e5:6e:84:e9:3a:b2:8f:51:58:22:11:77:27:ca:64 was issued on by Let's Encrypt.

With 8 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=clientexperience.kpmg.com.br

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:36:d0:e5:6e:84:e9:3a:b2:8f:51:58:22:11:77:27:ca:64
Serial Number (int): 279989776309710638765762382732872368245348
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 3a:fb:f9:27:7b:f9:62:04:62:77:48:4e:be:9a:1c:76:e3:8a:e9:bc
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 9c:dd:a0:30:05:79:c9:13:87:7e:33:f9:9f:2f:55:eb:07:1b:6c:81
Fingerprint (sha256): 1a:6b:ed:3b:d7:17:dc:93:17:de:8f:fa:a2:56:a6:7e:0e:e5:a8:0f:72:cc:a7:e1:99:d2:9d:9d:4b:64:20:f1

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate clientexperience.kpmg.com.br

8

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for clientexperience.kpmg.com.br

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

clientexperience.kpmg.com.br
digital.kpmg.be
digital.kpmg.ca
digital.kpmg.lu
experience.kpmg.com
fuellingprosperity.kpmg.co.nz
switch.kpmg.com.au
value.kpmg.ch

Other certificates including the domain name kpmg.com.br

(limited to 100 certificates)
*.leap.kpmg.com.br
akamaisecure8.qualtrics.com
csg.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
clix.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
kpmg.kpmg.com.br
sipfed.kpmg.com
ktax2.kpmg.com.br
kbs.kpmg.com.br
clientexperience.kpmg.com.br
kbs.kpmg.com.br
*.kpmg.com.br
clix.kpmg.com.br
tprm.kpmg.com.br
clientexperience.kpmg.com.br
clixtest.kpmg.com.br
clientexperience.kpmg.com.br
content.leap.kpmg.com.br
clientexperience.kpmg.com.br
content.leap.kpmg.com.br
sipfed.kpmg.com
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
*.plataformacentral.kpmg.com.br
*.gmsdigital.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
ktaxportal.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
executivesearch.kpmg.com.br
*.chrono.kpmg.com.br
sepbr.kpmg.com.br
tprm.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
tprm.kpmg.com.br
kpmg.com.br
intranet.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
*.tprm.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
sipfed.kpmg.com
clientexperience.kpmg.com.br
kpmg.kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
*.prd.chrono.kpmg.com.br
*.ati.kpmg.com.br
kbs.kpmg.com.br
clientexperience.kpmg.com.br
kpmg.com.br
akamaisecure8.qualtrics.com
clientexperience.kpmg.com.br
content.leap.kpmg.com.br
*.icmsst.kpmg.com.br
webservice.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
www.kpmg.com.br
kpmg.com.br
akamaisecure8.qualtrics.com
kpmg.com.br
oma.kpmg.com.br
beyond.kpmg.com.br
kpmg.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
kpmg.kpmg.com.br
akamaisecure8.qualtrics.com
*.taxdigital.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br
akamaisecure8.qualtrics.com
sipfed-ema2.kpmg.com
clientexperience.kpmg.com.br
clixtest.kpmg.com.br
clientexperience.kpmg.com.br
ktax.kpmg.com.br
clientexperience.kpmg.com.br
clientexperience.kpmg.com.br

Certificate

The complete raw certificate details for clientexperience.kpmg.com.br in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISAzbQ5W6E6Tqyj1FYIhF3J8pkMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjEwMDMwMDEyMDRaFw0yMzAxMDEwMDEyMDNaMCcxJTAjBgNVBAMT
HGNsaWVudGV4cGVyaWVuY2Uua3BtZy5jb20uYnIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDULzMpbmPjBgnRVz40/iKQ1FQ7cijw0/gtFLw2u4BS0wIR
VYIOK3hxZkgwYEq1igdFOcXiQC9LB5KYtPs6yGZ541foLCSWi/hgA2mgUutu/5DT
EoMM1NbJlXfkkJh7YnqLUVKR2tBCbj4IcYdzSQe/T4k/HVpU6HuYWArm/yN1RK0/
RuuUNhnd2MtnCevI9gLFMy9cfq06DPWQSJgqn3RIscB23edWCVZqqP1tEo+P32Hq
SBhowEb+s1BcrH08pYwcy/uceCnKihX6+Zm9cnjDgesizmh6NFUb9PeWpjnDVmWa
VlolEkwOCE7lMtMoMDw6PKKL6TGf3EmtJaKBSdfzAgMBAAGjggLjMIIC3zAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
EwEB/wQCMAAwHQYDVR0OBBYEFDr7+Sd7+WIEYndITr6aHHbjium8MB8GA1UdIwQY
MBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEF
BQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8v
cjMuaS5sZW5jci5vcmcvMIGzBgNVHREEgaswgaiCHGNsaWVudGV4cGVyaWVuY2Uu
a3BtZy5jb20uYnKCD2RpZ2l0YWwua3BtZy5iZYIPZGlnaXRhbC5rcG1nLmNhgg9k
aWdpdGFsLmtwbWcubHWCE2V4cGVyaWVuY2Uua3BtZy5jb22CHWZ1ZWxsaW5ncHJv
c3Blcml0eS5rcG1nLmNvLm56ghJzd2l0Y2gua3BtZy5jb20uYXWCDXZhbHVlLmtw
bWcuY2gwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggr
BgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5
AgQCBIH0BIHxAO8AdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAA
AYObZmvqAAAEAwBGMEQCIHKR7JIHYdbAJzlyGXLSFACucUNROJQkJAYGMa5KEBg7
AiBpUmgQnCCHegt6LWoGfWa7Fj4/xMUjCTvnc5ZGgmpO/gB2AOg+0No+9QY1MudX
KLyJa8kD08vREWvs62nhd31tBr1uAAABg5tma9cAAAQDAEcwRQIhANLdEjTqKfBT
csfzhR3pIHbh++lnrBKHa+byJeYSCCdNAiAGRtCYYTqZqpysBAgSIragL2DIOm3+
NYfAOAT+VBDeMDANBgkqhkiG9w0BAQsFAAOCAQEAQcX2NZIy4+jtLApJhCfhJgCz
fPQ9kvZ83t23TBTJUJMrYkue2g+LmgcNroP/oNB5ysV1lnHmSM6xvEZOlzaHeDYe
GJSpo0hUC+o+ha7NtVl8JFuKLmMLW6coXmEs4+f/9erQ6/cct2wmjRwY6Cw2yVp1
Q4XJZxrLOXXn3BGY4qhcsORFi5feO2TmZc7WEi0BlgfrnIuqCG7r09Jxdl2jbbrl
M7tvE/Re2x2BPiwLMAP+i9dSB8fbIgBkJ2iYdXy2tFBX8Usf7n++HEz9nhhIgw1z
EwAJg9Oo58i1YaY3ESVoFTR6agnby4C8uy6mMkrOW/Tehk1Jl/0sGYKWLnFfIw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1C8zKW5j4wYJ0Vc+NP4i
kNRUO3Io8NP4LRS8NruAUtMCEVWCDit4cWZIMGBKtYoHRTnF4kAvSweSmLT7Oshm
eeNX6Cwklov4YANpoFLrbv+Q0xKDDNTWyZV35JCYe2J6i1FSkdrQQm4+CHGHc0kH
v0+JPx1aVOh7mFgK5v8jdUStP0brlDYZ3djLZwnryPYCxTMvXH6tOgz1kEiYKp90
SLHAdt3nVglWaqj9bRKPj99h6kgYaMBG/rNQXKx9PKWMHMv7nHgpyooV+vmZvXJ4
w4HrIs5oejRVG/T3lqY5w1ZlmlZaJRJMDghO5TLTKDA8Ojyii+kxn9xJrSWigUnX
8wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 279989776309710638765762382732872368245348
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-10-03 00:12:04 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-01 00:12:03 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'clientexperience.kpmg.com.br'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26785795766778378218237479309181076391235025323963931383493092958238253815132523032175395799205503681538909377317361930227791542934266582039602585980506379397567239807929124783436545948492276682107623595284794698605476277153081437373293606728453631637935028740633682408886432877393072757527459602924374383252240138684312147162971519990019196037531083975224066073936548434480924158858365544767122116067105733893708891811413461774362195239555841695363407776186524396176477928993739951177323612467843842296329818029854587574991749395626971685918402117633475181422130537955049071965908805927856589438838556079855757809651
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3afbf9277bf962046277484ebe9a1c76e38ae9bc
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (171 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'clientexperience.kpmg.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'digital.kpmg.be'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'digital.kpmg.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'digital.kpmg.lu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'experience.kpmg.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fuellingprosperity.kpmg.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'switch.kpmg.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'value.kpmg.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef0075007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb52000001839b666bea000004030046304402207291ec920761d6c02739721972d21400ae71435138942424060631ae4a10183b0220695268109c20877a0b7a2d6a067d66bb163e3fc4c523093be7739646826a4efe007600e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e000001839b666bd70000040300473045022100d2dd1234ea29f05372c7f3851de92076e1fbe967ac12876be6f225e61208274d02200646d098613a99aa9cac04081222b6a02f60c83a6dfe3587c03804fe5410de30
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0041c5f6359232e3e8ed2c0a498427e12600b37cf43d92f67cdeddb74c14c950932b624b9eda0f8b9a070dae83ffa0d079cac5759671e648ceb1bc464e97368778361e1894a9a348540bea3e85aecdb5597c245b8a2e630b5ba7285e612ce3e7fff5ead0ebf71cb76c268d1c18e82c36c95a754385c9671acb3975e7dc1198e2a85cb0e4458b97de3b64e665ced6122d019607eb9c8baa086eebd3d271765da36dbae533bb6f13f45edb1d813e2c0b3003fe8bd75207c7db220064276898757cb6b45057f14b1fee7fbe1c4cfd9e1848830d7313000983d3a8e7c8b561a63711256815347a6a09dbcb80bcbb2ea6324ace5bf4de864d4997fd2c1982962e715f23