topflag.com.tw
Issued by R3
About this certificate
This digital certificate with serial number 03:6f:ba:5a:56:29:a7:f4:99:c5:a4:94:75:43:07:97:1e:92 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=topflag.com.tw
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:6f:ba:5a:56:29:a7:f4:99:c5:a4:94:75:43:07:97:1e:92Serial Number (int): 299355905985025732148989540381426634399378
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: fb:27:98:51:6c:11:2a:49:fe:41:67:70:ac:70:28:53:80:02:3f:c6
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): b2:89:13:56:3e:82:59:ad:e3:4e:ee:40:5d:df:18:64:4d:c5:cb:eb
Fingerprint (sha256): 1c:b4:64:9f:8e:88:a8:f1:cf:30:7d:e5:b1:d7:4a:ed:7a:4b:c2:a3:95:31:cd:f2:c4:1d:37:94:92:58:5e:34
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate topflag.com.tw
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for topflag.com.tw
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
topflag.com.tw
www.topflag.com.tw
www.topflag.com.tw
Other certificates including the domain name topflag.com.tw
(limited to 100 certificates)
new.topflag.com.tw
123.topflag.com.tw
topflag.com.tw
topflag.com.tw
new.topflag.com.tw
topflag.com.tw
new.topflag.com.tw
topflag.com.tw
123.topflag.com.tw
topflag.com.tw
topflag.com.tw
123.topflag.com.tw
new.topflag.com.tw
topflag.com.tw
topflag.com.tw
topflag.com.tw
topflagcom.mico.com.tw
topflag.com.tw
topflag.com.tw
topflag.com.tw
new.topflag.com.tw
topflag.com.tw
123.topflag.com.tw
topflag.com.tw
topflag.com.tw
new.topflag.com.tw
123.topflag.com.tw
123.topflag.com.tw
topflag.com.tw
123.topflag.com.tw
topflag.com.tw
topflag.com.tw
new.topflag.com.tw
topflag.com.tw
new.topflag.com.tw
topflag.com.tw
123.topflag.com.tw
topflag.com.tw
topflag.com.tw
123.topflag.com.tw
new.topflag.com.tw
topflag.com.tw
topflag.com.tw
topflag.com.tw
topflagcom.mico.com.tw
topflag.com.tw
topflag.com.tw
topflag.com.tw
new.topflag.com.tw
topflag.com.tw
123.topflag.com.tw
topflag.com.tw
topflag.com.tw
new.topflag.com.tw
123.topflag.com.tw
123.topflag.com.tw
topflag.com.tw
Certificate
The complete raw certificate details for topflag.com.tw in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF/jCCBOagAwIBAgISA2+6WlYpp/SZxaSUdUMHlx6SMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEyMjMxMjIwMDRaFw0yNDAzMjIxMjIwMDNaMBkxFzAVBgNVBAMT DnRvcGZsYWcuY29tLnR3MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA veepq6GOLa1QFUsxrt2cOlEn+mgEjksl3qe38IK72PMcTqQ/AcCvbrGd14v8GUoB k9GKdy7BP7il/45K0Yho8MMasAjsZW3M1O7xTpnTLrr06sn4wGajcSedaqyonW5J WIwnYf9iQQGGhF+x5KcEbiM/1xvXT4y1HHUwNWCgCtbn6QJoeGci3DUY6L9so43M Ad0IxU/MOu6/XcKgGcfVjqjGDlc8nebcbnQMgWsg+SdYseMhUtIhZPA7ORintOr/ Wpvq+RXK8hHHGjRGdMIRun9RCDIZKj2JHUfbwgAhYmR2amGBbNC19wvjPVewFsxY UrNYfYBzh6K4HrHaCn4wnz43Khc4ssVra3RsCkqfGIJ5VJZxD7WHLKPX4iqElyv0 bJxQazDLuO/UkAHmHC7b3Is6K21v5lfSgapupfhraSpaHniiIZvYgUD3uKakljFX ALQquJSj5b3M4Wto41Njie/doXvIisaanAmWiIywbcTGeOyV4KC887RrEusD9Jml mkAEE5bwG38pNPP8Nl17rhgpAm2bBg7TievoT12xY560FLS2E/F7Xj9SO6XPu9lC yg0m/ooG/DR8RscOry0+AIgsyvYa2AkL4v9Ad9pkyrfROwa+RzcrIdxVq0eU0O+k AvLm8FLMn90GHLYqbyC9oKmmZOSiv3nT7Q3q1TFEwFsCAwEAAaOCAiUwggIhMA4G A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD VR0TAQH/BAIwADAdBgNVHQ4EFgQU+yeYUWwRKkn+QWdwrHAoU4ACP8YwHwYDVR0j BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6 Ly9yMy5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIOdG9wZmxhZy5jb20udHeCEnd3 dy50b3BmbGFnLmNvbS50dzATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB 1nkCBAIEgfYEgfMA8QB3ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQX AAABjJbVN6wAAAQDAEgwRgIhANQfJGaDcb06TU88ohbO3PoZ7oL/CgN+k5TqjpkK fopOAiEA4jb8K0mASTK+xu2idLcMRfJdydmD0emvxrPbHlpRGcsAdgBIsONr2qZH NA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAYyW1TmVAAAEAwBHMEUCIBA2D+dd tN9RnBN5DvkGvN+xifVe5NmIbUA+8sn7LfC3AiEAsV14RtjkL+W81Qt7A1NNHWyD guRGJ01MjAYmVE6BwbEwDQYJKoZIhvcNAQELBQADggEBACkp3WgzcCfA3rmSfLTG t4h6edgwgdu1fHK5NJdEtqu7Bum9UwlbvTdIIdZsO3sNPdkDozVl8nLeqsW/51dA 17zk5oKUcyELh5GqQvmVNp/XqYr41Yq7TNTIcQwR41G42NGhlkx8A3hG9WVPB1d9 5aNPjEHTyXmf5sxJZkNt44qdMCJY2BrLSNRKiN3WFtrzY9T/YxyIEAXX7RtM0yc2 ptsA37/c2GbyyUSA0qsySiz2APbEWwouykF8Lx43r24LIHALRSl0gWBQQjq/xJfd rOhYjv0o1R91aqF127DPIumUGGmjj1yeDrEO5ACgd3hz80PWbnk9wtXj1u2YvBkI 7KU= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAveepq6GOLa1QFUsxrt2c OlEn+mgEjksl3qe38IK72PMcTqQ/AcCvbrGd14v8GUoBk9GKdy7BP7il/45K0Yho 8MMasAjsZW3M1O7xTpnTLrr06sn4wGajcSedaqyonW5JWIwnYf9iQQGGhF+x5KcE biM/1xvXT4y1HHUwNWCgCtbn6QJoeGci3DUY6L9so43MAd0IxU/MOu6/XcKgGcfV jqjGDlc8nebcbnQMgWsg+SdYseMhUtIhZPA7ORintOr/Wpvq+RXK8hHHGjRGdMIR un9RCDIZKj2JHUfbwgAhYmR2amGBbNC19wvjPVewFsxYUrNYfYBzh6K4HrHaCn4w nz43Khc4ssVra3RsCkqfGIJ5VJZxD7WHLKPX4iqElyv0bJxQazDLuO/UkAHmHC7b 3Is6K21v5lfSgapupfhraSpaHniiIZvYgUD3uKakljFXALQquJSj5b3M4Wto41Nj ie/doXvIisaanAmWiIywbcTGeOyV4KC887RrEusD9JmlmkAEE5bwG38pNPP8Nl17 rhgpAm2bBg7TievoT12xY560FLS2E/F7Xj9SO6XPu9lCyg0m/ooG/DR8RscOry0+ AIgsyvYa2AkL4v9Ad9pkyrfROwa+RzcrIdxVq0eU0O+kAvLm8FLMn90GHLYqbyC9 oKmmZOSiv3nT7Q3q1TFEwFsCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 299355905985025732148989540381426634399378 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-23 12:20:04 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-22 12:20:03 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'topflag.com.tw' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 774744532239983290859988049813677645041693291847778727465912562118848197556659758065868223639292378348183404666237934004315410152202427525989869398090783835994288967830810621870169927273851853276728214989179329202980697363226550035983537068137996792030488517018086878149061147707947061590551443312218543270069805783793688242318913039693259499276831982423246301530824734389118358670586471233885569918657055262208515623951486583015909179561708876090917218627341682235624334624195595789127498210575446050572151638720624301401296870501462934213817025305747108129505221284330798185803931516855995754825833327864447634262276230320788445111812464050634433829970678412519581716394882220224278938505011044169862734887904944340275539473741003583319750133909806173719754236239413778206324945908160044708496817792224807273107514151167620381216101898993473029534378231530471119257942931768626360710426103209641851612704365941747708631122654399652909614909051654733464710236439613488114777609372554314264981165949889093434350414589208827331243991331169766927560249876908570554191990685140064254942816798477606382554868445377977581262192911840066228975667739926021196093584224450785680563681178490604556263171165209012579807576377297889871551316059 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) fb2798516c112a49fe416770ac70285380023fc6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'topflag.com.tw' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.topflag.com.tw' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f10077003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018c96d537ac0000040300483046022100d41f24668371bd3a4d4f3ca216cedcfa19ee82ff0a037e9394ea8e990a7e8a4e022100e236fc2b49804932bec6eda274b70c45f25dc9d983d1e9afc6b3db1e5a5119cb00760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018c96d539950000040300473045022010360fe75db4df519c13790ef906bcdfb189f55ee4d9886d403ef2c9fb2df0b7022100b15d7846d8e42fe5bcd50b7b03534d1d6c8382e446274d4c8c0626544e81c1b1 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 002929dd68337027c0deb9927cb4c6b7887a79d83081dbb57c72b9349744b6abbb06e9bd53095bbd374821d66c3b7b0d3dd903a33565f272deaac5bfe75740d7bce4e6829473210b8791aa42f995369fd7a98af8d58abb4cd4c8710c11e351b8d8d1a1964c7c037846f5654f07577de5a34f8c41d3c9799fe6cc4966436de38a9d302258d81acb48d44a88ddd616daf363d4ff631c881005d7ed1b4cd32736a6db00dfbfdcd866f2c94480d2ab324a2cf600f6c45b0a2eca417c2f1e37af6e0b20700b452974816050423abfc497ddace8588efd28d51f756aa175dbb0cf22e9941869a38f5c9e0eb10ee400a0777873f343d66e793dc2d5e3d6ed98bc1908eca5