zola.planninglabs.nyc
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:04:b7:40:ac:78:ef:df:e1:1a:c5:0c:5a:f2:57:cc:31:49 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=zola.planninglabs.nyc
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:04:b7:40:ac:78:ef:df:e1:1a:c5:0c:5a:f2:57:cc:31:49Serial Number (int): 262941571791348148528065201360313825112393
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 03:63:74:64:7a:ad:aa:9a:f8:8b:11:46:56:91:d5:4c:c1:cc:10:a8
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): c0:aa:bf:b5:96:62:dc:e1:2e:4d:0a:ce:6d:8b:d7:9f:ba:0a:50:bf
Fingerprint (sha256): 23:a2:a4:d2:80:4d:57:fa:65:84:c3:e4:a2:a2:f7:e5:4d:ba:de:5d:5f:b4:16:69:ed:c7:77:5a:73:c8:de:99
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate zola.planninglabs.nyc
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for zola.planninglabs.nyc
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
zola.planning.nyc.gov
zola.planninglabs.nyc
zola.planninglabs.nyc
Other certificates including the domain name planninglabs.nyc
(limited to 100 certificates)
maputnik-push.planninglabs.nyc
ui.planninglabs.nyc
layers-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
zap.planning.nyc.gov
regional-viz.planninglabs.nyc
roadview.planninglabs.nyc
ui.planninglabs.nyc
home-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
ui.planninglabs.nyc
nyc-factfinder.planninglabs.nyc
lotselector.planninglabs.nyc
search-api.planninglabs.nyc
ideas.planninglabs.nyc
zap-staging-lupp.planninglabs.nyc
zap-api-staging.planninglabs.nyc
ui.planninglabs.nyc
zola-canary.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
search-api.planninglabs.nyc
planninglabs.nyc
search-api.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
applicantmaps-api.planninglabs.nyc
planninglabs.nyc
lucats.planninglabs.nyc
ceqr.app
roadview.planninglabs.nyc
roadview.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
zap-api.planninglabs.nyc
zola-canary.planninglabs.nyc
planninglabs.nyc
applicant-portal-develop.planninglabs.nyc
planninglabs.nyc
zap-api-staging.planninglabs.nyc
factfinder-api.planninglabs.nyc
api.planninglabs.nyc
geosearch.planninglabs.nyc
maputnik-push.planninglabs.nyc
zola-staging.planninglabs.nyc
zap-api.planninglabs.nyc
zola-canary.planninglabs.nyc
ceqr.app
home-api.planninglabs.nyc
waterfront-access.planninglabs.nyc
tiles.planninglabs.nyc
zola.planninglabs.nyc
zap.planning.nyc.gov
applicantmaps-staging.planninglabs.nyc
zap-staging-lupp.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
zap-api-staging.planninglabs.nyc
zap.planning.nyc.gov
factfinder-api.planninglabs.nyc
metroexplorer-staging.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
applicantmaps-staging.planninglabs.nyc
tiles.planninglabs.nyc
tiles.planninglabs.nyc
roadview.planninglabs.nyc
nyc-factfinder.planninglabs.nyc
planninglabs.nyc
nyc-factfinder.planninglabs.nyc
maputnik-push.planninglabs.nyc
planninglabs.nyc
zola-api.planninglabs.nyc
zola.planninglabs.nyc
communityprofiles.planning.nyc.gov
citymap.planninglabs.nyc
ideas.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
layers-api.planninglabs.nyc
planninglabs.nyc
factfinder-api.planninglabs.nyc
zola.planninglabs.nyc
applicantmaps-staging.planninglabs.nyc
geosearch.planninglabs.nyc
roadview.planninglabs.nyc
datacatalog.planninglabs.nyc
tiles.planninglabs.nyc
home-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
ceqr.app
migration.planninglabs.nyc
home-api.planninglabs.nyc
maputnik-push.planninglabs.nyc
layers-api.planninglabs.nyc
applicantmaps-staging.planninglabs.nyc
home-api.planninglabs.nyc
zola-api.planninglabs.nyc
api.planninglabs.nyc
planninglabs.nyc
applicantmaps-api.planninglabs.nyc
zola-canary.planninglabs.nyc
zap-api.planninglabs.nyc
layers-api-staging.planninglabs.nyc
metroexplorer-staging.planninglabs.nyc
tycs.planning.nyc.gov
ui.planninglabs.nyc
layers-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
zap.planning.nyc.gov
regional-viz.planninglabs.nyc
roadview.planninglabs.nyc
ui.planninglabs.nyc
home-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
ui.planninglabs.nyc
nyc-factfinder.planninglabs.nyc
lotselector.planninglabs.nyc
search-api.planninglabs.nyc
ideas.planninglabs.nyc
zap-staging-lupp.planninglabs.nyc
zap-api-staging.planninglabs.nyc
ui.planninglabs.nyc
zola-canary.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
search-api.planninglabs.nyc
planninglabs.nyc
search-api.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
applicantmaps-api.planninglabs.nyc
planninglabs.nyc
lucats.planninglabs.nyc
ceqr.app
roadview.planninglabs.nyc
roadview.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
zap-api.planninglabs.nyc
zola-canary.planninglabs.nyc
planninglabs.nyc
applicant-portal-develop.planninglabs.nyc
planninglabs.nyc
zap-api-staging.planninglabs.nyc
factfinder-api.planninglabs.nyc
api.planninglabs.nyc
geosearch.planninglabs.nyc
maputnik-push.planninglabs.nyc
zola-staging.planninglabs.nyc
zap-api.planninglabs.nyc
zola-canary.planninglabs.nyc
ceqr.app
home-api.planninglabs.nyc
waterfront-access.planninglabs.nyc
tiles.planninglabs.nyc
zola.planninglabs.nyc
zap.planning.nyc.gov
applicantmaps-staging.planninglabs.nyc
zap-staging-lupp.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
zap-api-staging.planninglabs.nyc
zap.planning.nyc.gov
factfinder-api.planninglabs.nyc
metroexplorer-staging.planninglabs.nyc
waterfrontaccess.planning.nyc.gov
applicantmaps-staging.planninglabs.nyc
tiles.planninglabs.nyc
tiles.planninglabs.nyc
roadview.planninglabs.nyc
nyc-factfinder.planninglabs.nyc
planninglabs.nyc
nyc-factfinder.planninglabs.nyc
maputnik-push.planninglabs.nyc
planninglabs.nyc
zola-api.planninglabs.nyc
zola.planninglabs.nyc
communityprofiles.planning.nyc.gov
citymap.planninglabs.nyc
ideas.planninglabs.nyc
applicantmaps-api.planninglabs.nyc
layers-api.planninglabs.nyc
planninglabs.nyc
factfinder-api.planninglabs.nyc
zola.planninglabs.nyc
applicantmaps-staging.planninglabs.nyc
geosearch.planninglabs.nyc
roadview.planninglabs.nyc
datacatalog.planninglabs.nyc
tiles.planninglabs.nyc
home-api.planninglabs.nyc
factfinder-staging.planninglabs.nyc
ceqr.app
migration.planninglabs.nyc
home-api.planninglabs.nyc
maputnik-push.planninglabs.nyc
layers-api.planninglabs.nyc
applicantmaps-staging.planninglabs.nyc
home-api.planninglabs.nyc
zola-api.planninglabs.nyc
api.planninglabs.nyc
planninglabs.nyc
applicantmaps-api.planninglabs.nyc
zola-canary.planninglabs.nyc
zap-api.planninglabs.nyc
layers-api-staging.planninglabs.nyc
metroexplorer-staging.planninglabs.nyc
tycs.planning.nyc.gov
Certificate
The complete raw certificate details for zola.planninglabs.nyc in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHLDCCBhSgAwIBAgISAwS3QKx479/hGsUMWvJXzDFJMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA2MDUxMzEzMDZaFw0x ODA5MDMxMzEzMDZaMCAxHjAcBgNVBAMTFXpvbGEucGxhbm5pbmdsYWJzLm55YzCC AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM5ysi+dZHdJ/xDoXRSkzeNA hHH+3CejH8kdZOWyU6Ac05KW2LNPmC/F4PGNMtyugwvy4gptFD6hBPiR06ubvCo3 C6ISo5kOu4tuNFwU1IInbJ+shwp4eWUVlZaGZhz732sLm024VwtlgQGqCE027BFs G7HuaaSyhrpMPMsNESMHXWojKCY/cT6pmV7Fj/T7XA6u4Lil8BrxSEYeWFl1vCCW WH+h0AhePB3Uaf/wu+I7yrIpLWX5B96emnTQeYFtM0NKMvjXbtVzoOI4isSo8b8A 9l/5SvJ9XzFzeKVr+9INI3EZlmduse6WAWT2mK6USWHEbse3z9XGIwX2UNNfDHLK LXxObtlZe6XMXtsN2zvOFEZ1IMA4St8pp3MEkVuyMvhYQ1mJMkj5lXK0N0fn+qMI QXEio5oL/ErUPjFXWxHjJIwctxuhc/A9BUhioTBJJUHoQnpb9+pHkkIbeLk/m4Hj HI/8PxVVCeZG1guwYQCW/daSpBJe5MdyB2KL+xmprbwFh/c94urxBzQLpm20VVqA vUtTUhrGa40DJIbGuH3O5FFVDysyzDlyKkZmfUkX/K9CtQDu9yQF+9Pron7ZpRdH d5iBsroENNZgD3AgvC2hK3+iBV7nsVfojqmjb2xxtHhw6i5iNihpLE9eFDwLFYIJ EXUUweEWoO/03EIHZnPxAgMBAAGjggM0MIIDMDAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O BBYEFANjdGR6raqa+IsRRlaR1UzBzBCoMB8GA1UdIwQYMBaAFKhKamMEfd265tE5 t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29j c3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2Nl cnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wNwYDVR0RBDAwLoIVem9sYS5wbGFu bmluZy5ueWMuZ292ghV6b2xhLnBsYW5uaW5nbGFicy5ueWMwgf4GA1UdIASB9jCB 8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRw Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENl cnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFy dGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRl IFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0 b3J5LzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3ANt0r+7LKeyx/so+cW0s5bmq uzb3hHGDx12dTze2H79kAAABY9BLTxQAAAQDAEgwRgIhAPmnbmxSZT3b4z4M4fNZ Aho05K3eI3GtsbSvFpLKFfoAAiEAgFL2cb+y6EKvszJnNnCdykArliKnDfTJR012 ZINavgYAdQApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eAAAAWPQS08h AAAEAwBGMEQCIAWfL55N9XRyhjq+e+Cb+6hqfNiNWunMe49NdcF4IhzIAiBtrbVD nboZeEuWjr0dOMJpetFA+UExRErZf80r5NeE2TANBgkqhkiG9w0BAQsFAAOCAQEA DuHueatrPs3093OeEaiZrOgd9+U+WYazojUvJHe3KejWRvpAI6PFtd9VNnsbwnSg XKjcm6A8hZkSojoePCmcnsoSV52UKgtYLZ+rICP7Z7IFTrr/YtuC+NC1+QTs1Ywb /vSGAeBdKWSlLQSlGOVPy48KPFQiMt3FCHodCFlkDfDLjgZ3fTnCNZzAMYJNqFjs j6xApRibegPp1xWa9c05IS7EqYtG5qprR6QXayZL5VfgEvQoKieF0IjYW8GcBDZi EKV8PG6oPVnq5G3EwbFNlGwKflk/9YaXLFtMqYf9cCZiJUjqb7NjzzzxPA0BYpgD eTilaDqdwE70UpyMJyvJcg== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAznKyL51kd0n/EOhdFKTN 40CEcf7cJ6MfyR1k5bJToBzTkpbYs0+YL8Xg8Y0y3K6DC/LiCm0UPqEE+JHTq5u8 KjcLohKjmQ67i240XBTUgidsn6yHCnh5ZRWVloZmHPvfawubTbhXC2WBAaoITTbs EWwbse5ppLKGukw8yw0RIwddaiMoJj9xPqmZXsWP9PtcDq7guKXwGvFIRh5YWXW8 IJZYf6HQCF48HdRp//C74jvKsiktZfkH3p6adNB5gW0zQ0oy+Ndu1XOg4jiKxKjx vwD2X/lK8n1fMXN4pWv70g0jcRmWZ26x7pYBZPaYrpRJYcRux7fP1cYjBfZQ018M csotfE5u2Vl7pcxe2w3bO84URnUgwDhK3ymncwSRW7Iy+FhDWYkySPmVcrQ3R+f6 owhBcSKjmgv8StQ+MVdbEeMkjBy3G6Fz8D0FSGKhMEklQehCelv36keSQht4uT+b geMcj/w/FVUJ5kbWC7BhAJb91pKkEl7kx3IHYov7GamtvAWH9z3i6vEHNAumbbRV WoC9S1NSGsZrjQMkhsa4fc7kUVUPKzLMOXIqRmZ9SRf8r0K1AO73JAX70+uiftml F0d3mIGyugQ01mAPcCC8LaErf6IFXuexV+iOqaNvbHG0eHDqLmI2KGksT14UPAsV ggkRdRTB4Rag7/TcQgdmc/ECAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 262941571791348148528065201360313825112393 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-06-05 13:13:06 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-09-03 13:13:06 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'zola.planninglabs.nyc' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 842234486665712246659810404689946784454376489422223864682878252735717807375644348897807473062325244588864892252350933324974817067192103447766334989392386012818290210538523834277813462275750271457140926378325558768589704972461372960545191034727145500233456906686199433740648256429371403187054630430706687854875514288861615333208632527274071199319496418485065368826201691356338629318368331704874184562510825937830838937079855016701006460705579159458139975716488790219324667822793109186185485689379488429464383836937048947930554314136519823242870766086010421139490345664627017813092374737180898853036935149889915026655343235077300484170553830467628230717739540198304177586495259110099043492567044937694160108841245220034063314940393168039171195013895147737882162609940940112518799337638932999324066841107799715943249180672201517880407686325490413862533908781294434777045572508984723961844947446935614779521421708309433686132396786405949157298152763166727044348774514759379090292886126545488137404055173391905636769471387012910347216578068542890082195435321268100918781873791256218820054371225039865508059824665735459819077153321292188307089079511199961490259890418053905552251723907892477830650991731631939791851502539159934756276564977 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 036374647aadaa9af88b11465691d54cc1cc10a8 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (48 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'zola.planning.nyc.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'zola.planninglabs.nyc' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f0007700db74afeecb29ecb1feca3e716d2ce5b9aabb36f7847183c75d9d4f37b61fbf6400000163d04b4f140000040300483046022100f9a76e6c52653ddbe33e0ce1f359021a34e4adde2371adb1b4af1692ca15fa000221008052f671bfb2e842afb3326736709dca402b9622a70df4c9474d7664835abe06007500293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f47800000163d04b4f2100000403004630440220059f2f9e4df57472863abe7be09bfba86a7cd88d5ae9cc7b8f4d75c178221cc802206dadb5439dba19784b968ebd1d38c2697ad140f94131444ad97fcd2be4d784d9 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 000ee1ee79ab6b3ecdf4f7739e11a899ace81df7e53e5986b3a2352f2477b729e8d646fa4023a3c5b5df55367b1bc274a05ca8dc9ba03c859912a23a1e3c299c9eca12579d942a0b582d9fab2023fb67b2054ebaff62db82f8d0b5f904ecd58c1bfef48601e05d2964a52d04a518e54fcb8f0a3c542232ddc5087a1d0859640df0cb8e06777d39c2359cc031824da858ec8fac40a5189b7a03e9d7159af5cd39212ec4a98b46e6aa6b47a4176b264be557e012f4282a2785d088d85bc19c04366210a57c3c6ea83d59eae46dc4c1b14d946c0a7e593ff586972c5b4ca987fd7026622548ea6fb363cf3cf13c0d016298037938a5683a9dc04ef4529c8c272bc972