ehrbestpractices.org
Issued by R3
About this certificate
This digital certificate with serial number 04:94:ce:38:e7:89:d2:6e:50:d1:cc:f1:c0:f5:a5:79:f8:46 was issued on by Let's Encrypt.
With 21 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=ehrbestpractices.org
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:94:ce:38:e7:89:d2:6e:50:d1:cc:f1:c0:f5:a5:79:f8:46Serial Number (int): 399085050463251651722792600065807834806342
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 3c:9b:17:69:c9:b4:ba:10:23:40:23:3a:6b:36:85:02:6c:d3:c1:d5
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): e2:a6:1c:56:ce:98:69:99:f0:16:07:fc:a0:f7:eb:56:22:fb:d7:67
Fingerprint (sha256): 20:e1:09:45:4d:57:52:56:39:7b:c5:b7:cb:a5:4e:f8:71:20:88:f2:91:26:43:f1:f1:64:3d:40:37:0c:58:f7
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate ehrbestpractices.org
21
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for ehrbestpractices.org
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
ehrbestpractices.org
healthtechnavigator.org
integratedcareonline.com
leadership.openminds.com
management.openminds.com
mysorce.org
openminds.com
performance.openminds.com
providersresourcectr.com
strategy.openminds.com
team.openminds.com
technology.openminds.com
vbcforbh.com
wholepersoncarehq.com
wpchq.com
www.healthtechnavigator.org
www.integratedcareonline.com
www.openminds.com
www.providersresourcectr.com
www.wholepersoncarehq.com
www.wpchq.com
healthtechnavigator.org
integratedcareonline.com
leadership.openminds.com
management.openminds.com
mysorce.org
openminds.com
performance.openminds.com
providersresourcectr.com
strategy.openminds.com
team.openminds.com
technology.openminds.com
vbcforbh.com
wholepersoncarehq.com
wpchq.com
www.healthtechnavigator.org
www.integratedcareonline.com
www.openminds.com
www.providersresourcectr.com
www.wholepersoncarehq.com
www.wpchq.com
Other certificates including the domain name ehrbestpractices.org
(limited to 100 certificates)
ehrbestpractices.org
d3d499dc33.nxcli.io
d3d499dc33.nxcli.io
ehrbestpractices.org
ehrbestpractices.org
ehrbestpractices.org
d3d499dc33.nxcli.io
d3d499dc33.nxcli.io
ehrbestpractices.org
ehrbestpractices.org
d3d499dc33.nxcli.io
ehrbestpractices.org
ehrbestpractices.org
ehrbestpractices.org
d3d499dc33.nxcli.io
ehrbestpractices.org
ehrbestpractices.org
d3d499dc33.nxcli.io
d3d499dc33.nxcli.io
ehrbestpractices.org
ehrbestpractices.org
ehrbestpractices.org
d3d499dc33.nxcli.io
d3d499dc33.nxcli.io
ehrbestpractices.org
ehrbestpractices.org
d3d499dc33.nxcli.io
ehrbestpractices.org
ehrbestpractices.org
ehrbestpractices.org
d3d499dc33.nxcli.io
ehrbestpractices.org
ehrbestpractices.org
Certificate
The complete raw certificate details for ehrbestpractices.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIG+jCCBeKgAwIBAgISBJTOOOeJ0m5Q0czxwPWlefhGMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMjEwMjMxOTIyNTBaFw0yMzAxMjExOTIyNDlaMB8xHTAbBgNVBAMT FGVocmJlc3RwcmFjdGljZXMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA1krLGiY5HNM9z1M9B6W2UNhLd2WZcE7Ab8LMerrbL5ObALLn0OLp4EIb W8wLwcdvd/xXMmLRnD5tHfXIx4bEkxRPEJq/B+Umz1zj1k5u2KFKZSGGxOo17wRn ySJoBgFw12LqUUIW5WmEfmixCFv4WDN4aM+UViwYBqGw2bS603ztm0/tWWOawxyv qtuyPYvrsMB0YyTmajCvs31KB5j7sG9Q1uKht5y3xHXa/BWCFlY7/9ruvWlqFchD DVjl7/BLDWEeHBRj3PKStyWz8xPMDYyfcezFJ+RZkN3oc2zJug5B/Letkjbcg94u EGbKyXug9y/DogVW8AiksfMfagbAxQIDAQABo4IEGzCCBBcwDgYDVR0PAQH/BAQD AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA MB0GA1UdDgQWBBQ8mxdpybS6ECNAIzprNoUCbNPB1TAfBgNVHSMEGDAWgBQULrMX t1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0 dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVu Y3Iub3JnLzCCAecGA1UdEQSCAd4wggHaghRlaHJiZXN0cHJhY3RpY2VzLm9yZ4IX aGVhbHRodGVjaG5hdmlnYXRvci5vcmeCGGludGVncmF0ZWRjYXJlb25saW5lLmNv bYIYbGVhZGVyc2hpcC5vcGVubWluZHMuY29tghhtYW5hZ2VtZW50Lm9wZW5taW5k cy5jb22CC215c29yY2Uub3Jngg1vcGVubWluZHMuY29tghlwZXJmb3JtYW5jZS5v cGVubWluZHMuY29tghhwcm92aWRlcnNyZXNvdXJjZWN0ci5jb22CFnN0cmF0ZWd5 Lm9wZW5taW5kcy5jb22CEnRlYW0ub3Blbm1pbmRzLmNvbYIYdGVjaG5vbG9neS5v cGVubWluZHMuY29tggx2YmNmb3JiaC5jb22CFXdob2xlcGVyc29uY2FyZWhxLmNv bYIJd3BjaHEuY29tght3d3cuaGVhbHRodGVjaG5hdmlnYXRvci5vcmeCHHd3dy5p bnRlZ3JhdGVkY2FyZW9ubGluZS5jb22CEXd3dy5vcGVubWluZHMuY29tghx3d3cu cHJvdmlkZXJzcmVzb3VyY2VjdHIuY29tghl3d3cud2hvbGVwZXJzb25jYXJlaHEu Y29tgg13d3cud3BjaHEuY29tMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQB gt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3Jn MIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAtz77JN+cTbp18jnFulj0bF38Qs96 nzXEnh0JgSXttJkAAAGEBoMrggAABAMASDBGAiEAgZaOlBOxzdn27AYrJOHXiqa6 Xf+9aXGmZvUShOEnUnMCIQCZET/J7fBni4NnaU1UIlhe3xoW3nSIgqCjzW53wtsy UgB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhAaDK6IAAAQD AEgwRgIhAOhylIDTdMPCawFvof49nVW6ebCwbkVQ9GDalDvvSxaMAiEA/hyowilF 3cpJWncl5MFOs8sHgByKffVid38M/eaxuTIwDQYJKoZIhvcNAQELBQADggEBAAK1 PwEDWYOpCrHCp0b/f0s4V8lj3iFfKFqtzr5CKCd9QlQ4xI0qo/IdOvUXYupz7ZAu Pq0gF/uz5TvQTk39OGVBWV0bW62dLSMFvhddoQZylEnABSHEzyIiYotQWxEYrs5x 6xs6pmqw6SK2QKYrsYZKfOuqhs82DWv+NUcY56+tJd7ZkRlU7ecJ0dPD+a2unJSo p5NUZ9XCaCXhDL3ztyhcMpJauL0h8DVOZ79b55kHZScfhx7KgHbnpYVYcVRut6O+ dgthVNsqMuupjtw06j/UQCGUwc/ui7k8tITSAmLtXiMrLqu4XugLJM81FMx9kGyH bRcZn08QsakHid55HV4= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1krLGiY5HNM9z1M9B6W2 UNhLd2WZcE7Ab8LMerrbL5ObALLn0OLp4EIbW8wLwcdvd/xXMmLRnD5tHfXIx4bE kxRPEJq/B+Umz1zj1k5u2KFKZSGGxOo17wRnySJoBgFw12LqUUIW5WmEfmixCFv4 WDN4aM+UViwYBqGw2bS603ztm0/tWWOawxyvqtuyPYvrsMB0YyTmajCvs31KB5j7 sG9Q1uKht5y3xHXa/BWCFlY7/9ruvWlqFchDDVjl7/BLDWEeHBRj3PKStyWz8xPM DYyfcezFJ+RZkN3oc2zJug5B/Letkjbcg94uEGbKyXug9y/DogVW8AiksfMfagbA xQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 399085050463251651722792600065807834806342 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-10-23 19:22:50 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-21 19:22:49 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ehrbestpractices.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27051879246987795918157081769347786029824013987700245685560176012398829669503593988997576235999467454977596675908360519638508980077350079336112409203867887727642438593859768977446738982811852850099879588124549084837490706516863948085138562804710317219100975431354198450260867336150813707970202119549657800635690121467230306050136335514175761311036955160170311563565205511445699445407394949305874757645720485424970784043326347561440200864835028841555106339193173754098299937616706943111062387923638637767080897885730749002880630516324177652134287523824852860717849020271190392257327165031828926344633865049263745450181 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 3c9b1769c9b4ba102340233a6b3685026cd3c1d5 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (478 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ehrbestpractices.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'healthtechnavigator.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'integratedcareonline.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'leadership.openminds.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'management.openminds.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mysorce.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'openminds.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'performance.openminds.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'providersresourcectr.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'strategy.openminds.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'team.openminds.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'technology.openminds.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vbcforbh.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wholepersoncarehq.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wpchq.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.healthtechnavigator.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.integratedcareonline.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.openminds.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.providersresourcectr.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.wholepersoncarehq.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.wpchq.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) 00f2007700b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb4990000018406832b82000004030048304602210081968e9413b1cdd9f6ec062b24e1d78aa6ba5dffbd6971a666f51284e127527302210099113fc9edf0678b8367694d5422585edf1a16de748882a0a3cd6e77c2db32520077007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb520000018406832ba20000040300483046022100e8729480d374c3c26b016fa1fe3d9d55ba79b0b06e4550f460da943bef4b168c022100fe1ca8c22945ddca495a7725e4c14eb3cb07801c8a7df562777f0cfde6b1b932 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0002b53f01035983a90ab1c2a746ff7f4b3857c963de215f285aadcebe4228277d425438c48d2aa3f21d3af51762ea73ed902e3ead2017fbb3e53bd04e4dfd386541595d1b5bad9d2d2305be175da106729449c00521c4cf2222628b505b1118aece71eb1b3aa66ab0e922b640a62bb1864a7cebaa86cf360d6bfe354718e7afad25ded9911954ede709d1d3c3f9adae9c94a8a7935467d5c26825e10cbdf3b7285c32925ab8bd21f0354e67bf5be7990765271f871eca8076e7a5855871546eb7a3be760b6154db2a32eba98edc34ea3fd4402194c1cfee8bb93cb484d20262ed5e232b2eabb85ee80b24cf3514cc7d906c876d17199f4f10b1a90789de791d5e