yourlifeiowa.org

Issued by R3

About this certificate

This digital certificate with serial number 04:88:c5:f8:14:ff:61:03:20:44:5e:80:68:79:bc:c0:6a:8b was issued on by Let's Encrypt.

With 97 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=yourlifeiowa.org

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:88:c5:f8:14:ff:61:03:20:44:5e:80:68:79:bc:c0:6a:8b
Serial Number (int): 394990691658960560021006329662018108287627
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 1a:ef:bc:5f:35:e6:46:28:77:83:17:9c:3a:4f:9d:7a:c0:5c:63:d7
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): ea:8b:91:e8:6f:84:25:79:45:a1:8c:d9:53:2d:8f:8c:82:66:0b:57
Fingerprint (sha256): 29:7c:5f:e3:5f:87:af:01:eb:fe:b0:1c:dc:4d:95:d9:d2:10:b8:30:49:72:cb:54:d2:91:00:87:86:4f:ed:77

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate yourlifeiowa.org

97

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for yourlifeiowa.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

1800betsoff.org
childsupport.ia.gov
coalitions.drugfreeinfo.org
cultureiowa.com
cultureiowa.org
dpscareers.com
drugfreeinfo.com
drugfreeinfo.net
drugfreeinfo.org
educateiowa.gov
facilitylocator.drugfreeinfo.org
iahealthlink.gov
iaschoolperformance.gov
iaschoolperformance.org
iowaartssummit.com
iowaattorneygeneral.org
iowacourtsonline.com
iowacourtsonline.net
iowacourtsonline.org
iowaculturalaffairs.com
iowaculturalaffairs.net
iowaculturalaffairs.org
iowaculture.com
iowaculture.net
iowaculture.org
iowacultureapp.com
iowacultureapp.org
iowadot.org
iowafinanceauthority.gov
iowagreatplaces.com
iowagreatplaces.org
iowahumanitiescouncil.gov
iowaoutdoorsmagazine.com
iowap2interns.com
iowasourcewater.org
iowatitleguaranty.gov
iowaworks.gov
iowaworks.org
preserveiowasummit.com
preserveiowasummit.org
produceiowa.com
produceiowa.net
produceiowa.org
query.iowasexoffender.org
recoveryiowa.org
resources.iowahistory.org
skillediowa.org
stophtiowa.org
thefilmlounge.org
www.1800betsoff.org
www.childsupport.ia.gov
www.cjis.iowa.gov
www.culturalaffairs.org
www.dia-hfd.state.ia.us
www.dom.state.ia.us
www.dpscareers.com
www.food.iowa.gov
www.govelect.iowa.gov
www.governor.state.ia.us
www.ia.gov
www.iaschoolperformance.gov
www.iaschoolperformance.org
www.icn.state.ia.us
www.iid.state.ia.us
www.infoiowa.state.ia.us
www.insuranceca.iowa.gov
www.iowaartscouncil.org
www.iowaartssummit.com
www.iowabyways.org
www.iowacleanair.gov
www.iowacourtsonline.com
www.iowacourtsonline.net
www.iowacourtsonline.org
www.iowacultureapp.com
www.iowacultureapp.org
www.iowadnr.com
www.iowadnr.net
www.iowadot.gov
www.iowadot.org
www.iowafinanceauthority.gov
www.iowagreatplaces.gov
www.iowagtsb.org
www.iowahistory.org
www.iowahush.com
www.iowap2services.com
www.iowareap.com
www.iowaroadsigns.com
www.iowasexoffender.com
www.iowasexoffender.net
www.iowasexoffender.org
www.iowasexoffenders.com
www.iowasexoffenders.net
www.iowasexoffenders.org
www.preserveiowasummit.com
www.preserveiowasummit.org
www.stophtiowa.org
yourlifeiowa.org

Other certificates including the domain name yourlifeiowa.org

(limited to 100 certificates)
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.org
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.org
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.org
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.org
yourlifeiowa.com
yourlifeiowa.com
yourlifeiowa.org
yourlifeiowa.org
yourlifeiowa.com

Certificate

The complete raw certificate details for yourlifeiowa.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIINWzCCDEOgAwIBAgISBIjF+BT/YQMgRF6AaHm8wGqLMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjA5MTMxNTU2NDFaFw0yMjEyMTIxNTU2NDBaMBsxGTAXBgNVBAMT
EHlvdXJsaWZlaW93YS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQD0zfMxtZ0RA3MlfreclhGw6qDrhXHENISavz30qcaYs/KzskRzGNLENQvSsjvq
JRbk8Nov4ydDP5JuZVkrm44vs4kwpYBh/akJgGonk3zbIWsQLBZqUyARDG2AV27B
9HnWypL6+AdjTFE8VpEnuNQC2hwDrlRvF0qLJlbQDtVV2okIrx2Plv8wMzdwtGSg
+HpryTUThwNAWzPM3aIA9+cxPLPFEzZyy0tVGsIdixvrUfxiS+LO26ylxx1U3fct
BOKJUyQIrcyX6e8rOMAvvqu7tAAqzoGGfBnSMPuCl1CYu021i/EtX/0zeMADtMjF
WxuTUVtQHA4qWr3VFPS4m9llAgMBAAGjggqAMIIKfDAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
VR0OBBYEFBrvvF815kYod4MXnDpPnXrAXGPXMB8GA1UdIwQYMBaAFBQusxe3WFbL
rlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDov
L3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5v
cmcvMIIITwYDVR0RBIIIRjCCCEKCDzE4MDBiZXRzb2ZmLm9yZ4ITY2hpbGRzdXBw
b3J0LmlhLmdvdoIbY29hbGl0aW9ucy5kcnVnZnJlZWluZm8ub3Jngg9jdWx0dXJl
aW93YS5jb22CD2N1bHR1cmVpb3dhLm9yZ4IOZHBzY2FyZWVycy5jb22CEGRydWdm
cmVlaW5mby5jb22CEGRydWdmcmVlaW5mby5uZXSCEGRydWdmcmVlaW5mby5vcmeC
D2VkdWNhdGVpb3dhLmdvdoIgZmFjaWxpdHlsb2NhdG9yLmRydWdmcmVlaW5mby5v
cmeCEGlhaGVhbHRobGluay5nb3aCF2lhc2Nob29scGVyZm9ybWFuY2UuZ292ghdp
YXNjaG9vbHBlcmZvcm1hbmNlLm9yZ4ISaW93YWFydHNzdW1taXQuY29tghdpb3dh
YXR0b3JuZXlnZW5lcmFsLm9yZ4IUaW93YWNvdXJ0c29ubGluZS5jb22CFGlvd2Fj
b3VydHNvbmxpbmUubmV0ghRpb3dhY291cnRzb25saW5lLm9yZ4IXaW93YWN1bHR1
cmFsYWZmYWlycy5jb22CF2lvd2FjdWx0dXJhbGFmZmFpcnMubmV0ghdpb3dhY3Vs
dHVyYWxhZmZhaXJzLm9yZ4IPaW93YWN1bHR1cmUuY29tgg9pb3dhY3VsdHVyZS5u
ZXSCD2lvd2FjdWx0dXJlLm9yZ4ISaW93YWN1bHR1cmVhcHAuY29tghJpb3dhY3Vs
dHVyZWFwcC5vcmeCC2lvd2Fkb3Qub3Jnghhpb3dhZmluYW5jZWF1dGhvcml0eS5n
b3aCE2lvd2FncmVhdHBsYWNlcy5jb22CE2lvd2FncmVhdHBsYWNlcy5vcmeCGWlv
d2FodW1hbml0aWVzY291bmNpbC5nb3aCGGlvd2FvdXRkb29yc21hZ2F6aW5lLmNv
bYIRaW93YXAyaW50ZXJucy5jb22CE2lvd2Fzb3VyY2V3YXRlci5vcmeCFWlvd2F0
aXRsZWd1YXJhbnR5LmdvdoINaW93YXdvcmtzLmdvdoINaW93YXdvcmtzLm9yZ4IW
cHJlc2VydmVpb3dhc3VtbWl0LmNvbYIWcHJlc2VydmVpb3dhc3VtbWl0Lm9yZ4IP
cHJvZHVjZWlvd2EuY29tgg9wcm9kdWNlaW93YS5uZXSCD3Byb2R1Y2Vpb3dhLm9y
Z4IZcXVlcnkuaW93YXNleG9mZmVuZGVyLm9yZ4IQcmVjb3Zlcnlpb3dhLm9yZ4IZ
cmVzb3VyY2VzLmlvd2FoaXN0b3J5Lm9yZ4IPc2tpbGxlZGlvd2Eub3Jngg5zdG9w
aHRpb3dhLm9yZ4IRdGhlZmlsbWxvdW5nZS5vcmeCE3d3dy4xODAwYmV0c29mZi5v
cmeCF3d3dy5jaGlsZHN1cHBvcnQuaWEuZ292ghF3d3cuY2ppcy5pb3dhLmdvdoIX
d3d3LmN1bHR1cmFsYWZmYWlycy5vcmeCF3d3dy5kaWEtaGZkLnN0YXRlLmlhLnVz
ghN3d3cuZG9tLnN0YXRlLmlhLnVzghJ3d3cuZHBzY2FyZWVycy5jb22CEXd3dy5m
b29kLmlvd2EuZ292ghV3d3cuZ292ZWxlY3QuaW93YS5nb3aCGHd3dy5nb3Zlcm5v
ci5zdGF0ZS5pYS51c4IKd3d3LmlhLmdvdoIbd3d3Lmlhc2Nob29scGVyZm9ybWFu
Y2UuZ292ght3d3cuaWFzY2hvb2xwZXJmb3JtYW5jZS5vcmeCE3d3dy5pY24uc3Rh
dGUuaWEudXOCE3d3dy5paWQuc3RhdGUuaWEudXOCGHd3dy5pbmZvaW93YS5zdGF0
ZS5pYS51c4IYd3d3Lmluc3VyYW5jZWNhLmlvd2EuZ292ghd3d3cuaW93YWFydHNj
b3VuY2lsLm9yZ4IWd3d3Lmlvd2FhcnRzc3VtbWl0LmNvbYISd3d3Lmlvd2FieXdh
eXMub3JnghR3d3cuaW93YWNsZWFuYWlyLmdvdoIYd3d3Lmlvd2Fjb3VydHNvbmxp
bmUuY29tghh3d3cuaW93YWNvdXJ0c29ubGluZS5uZXSCGHd3dy5pb3dhY291cnRz
b25saW5lLm9yZ4IWd3d3Lmlvd2FjdWx0dXJlYXBwLmNvbYIWd3d3Lmlvd2FjdWx0
dXJlYXBwLm9yZ4IPd3d3Lmlvd2FkbnIuY29tgg93d3cuaW93YWRuci5uZXSCD3d3
dy5pb3dhZG90LmdvdoIPd3d3Lmlvd2Fkb3Qub3Jnghx3d3cuaW93YWZpbmFuY2Vh
dXRob3JpdHkuZ292ghd3d3cuaW93YWdyZWF0cGxhY2VzLmdvdoIQd3d3Lmlvd2Fn
dHNiLm9yZ4ITd3d3Lmlvd2FoaXN0b3J5Lm9yZ4IQd3d3Lmlvd2FodXNoLmNvbYIW
d3d3Lmlvd2FwMnNlcnZpY2VzLmNvbYIQd3d3Lmlvd2FyZWFwLmNvbYIVd3d3Lmlv
d2Fyb2Fkc2lnbnMuY29tghd3d3cuaW93YXNleG9mZmVuZGVyLmNvbYIXd3d3Lmlv
d2FzZXhvZmZlbmRlci5uZXSCF3d3dy5pb3dhc2V4b2ZmZW5kZXIub3Jnghh3d3cu
aW93YXNleG9mZmVuZGVycy5jb22CGHd3dy5pb3dhc2V4b2ZmZW5kZXJzLm5ldIIY
d3d3Lmlvd2FzZXhvZmZlbmRlcnMub3Jnghp3d3cucHJlc2VydmVpb3dhc3VtbWl0
LmNvbYIad3d3LnByZXNlcnZlaW93YXN1bW1pdC5vcmeCEnd3dy5zdG9waHRpb3dh
Lm9yZ4IQeW91cmxpZmVpb3dhLm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3Bgsr
BgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0
Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AEalVet1+pEgMLWiiWn0830R
LEF0vv1JuIWr8vxw/m1HAAABgzfIEMIAAAQDAEYwRAIgT2nuH3DqOI4iOgFLKlAc
HJyXCAIBhVPdaBQh9glZH1UCIGI/qWQttNzjQJs8tewYuqX40bs+ONtnkotLCPj5
yVHYAHYAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAGDN8gRGQAA
BAMARzBFAiEAs/DfBhKmOoptLHVC5v/FxSzOcGEjvZcHUxaXjPJnkesCIAkaJmNx
9dWK++NzxgI0m2fgCgrymaEny2as09NzVTkaMA0GCSqGSIb3DQEBCwUAA4IBAQBf
PBHfGoYE8N5VUasvraXDlfpsGF0pjVmkw73UnAjMeOx7ftKDzS7YBh5PFWKwvzoc
6sV1tX10VkQP1oV0k7wFHz/5Y9DvRP8Mr8HgR6eS8SsM/DWBiAXoFhgStk6KIiy0
IX5YOIGtqZkF4LJrtcrYIpNci+eSLnFD7VP0jYvi7RaeusEke0c4QKYnJQAxyeIa
cxjs++35lhhUkhpFJXMBLZWtS9hLZtD4QhPuHPOJRWRfxAoCqEr98fjNgKvWQNSR
nZVlj6u7rl1zIIl8SSwzqMjq2/PqZc5z/W7Lo2lFDJbm9NZU339XUA+8R+VvqeNh
wNsEyWYT0EOhvsFoVMdd
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9M3zMbWdEQNzJX63nJYR
sOqg64VxxDSEmr899KnGmLPys7JEcxjSxDUL0rI76iUW5PDaL+MnQz+SbmVZK5uO
L7OJMKWAYf2pCYBqJ5N82yFrECwWalMgEQxtgFduwfR51sqS+vgHY0xRPFaRJ7jU
AtocA65UbxdKiyZW0A7VVdqJCK8dj5b/MDM3cLRkoPh6a8k1E4cDQFszzN2iAPfn
MTyzxRM2cstLVRrCHYsb61H8YkviztuspccdVN33LQTiiVMkCK3Ml+nvKzjAL76r
u7QAKs6BhnwZ0jD7gpdQmLtNtYvxLV/9M3jAA7TIxVsbk1FbUBwOKlq91RT0uJvZ
ZQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 394990691658960560021006329662018108287627
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-09-13 15:56:41 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-12-12 15:56:40 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'yourlifeiowa.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30903704130611095605654949965848070895610221484511282042830539294415334492669586791631404561395762525582631309083253841873540257310640476677247887533066715211020331553902096997920041817886579370844550227510213332338627713293374613391118565525458941193994178854272118357632089817549938945932088177207431866871417668574959343148145935197784387492319844156125555106933592337891175928069871563496031785861684890444760780681612074237373500409312722645734499009455650723192081181365504880186337247267831200216215364101798561385749558572676385631537693907295097015015670759270913534084926410446994544588588243377321718569317
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1aefbc5f35e646287783179c3a4f9d7ac05c63d7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2118 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '1800betsoff.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'childsupport.ia.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'coalitions.drugfreeinfo.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cultureiowa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cultureiowa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dpscareers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'drugfreeinfo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'drugfreeinfo.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'drugfreeinfo.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'educateiowa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'facilitylocator.drugfreeinfo.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iahealthlink.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iaschoolperformance.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iaschoolperformance.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaartssummit.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaattorneygeneral.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowacourtsonline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowacourtsonline.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowacourtsonline.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaculturalaffairs.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaculturalaffairs.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaculturalaffairs.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaculture.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaculture.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaculture.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowacultureapp.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowacultureapp.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowadot.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowafinanceauthority.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowagreatplaces.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowagreatplaces.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowahumanitiescouncil.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaoutdoorsmagazine.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowap2interns.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowasourcewater.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowatitleguaranty.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaworks.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iowaworks.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'preserveiowasummit.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'preserveiowasummit.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'produceiowa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'produceiowa.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'produceiowa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'query.iowasexoffender.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'recoveryiowa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'resources.iowahistory.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'skillediowa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stophtiowa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'thefilmlounge.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.1800betsoff.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.childsupport.ia.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cjis.iowa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.culturalaffairs.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dia-hfd.state.ia.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dom.state.ia.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dpscareers.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.food.iowa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.govelect.iowa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.governor.state.ia.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ia.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iaschoolperformance.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iaschoolperformance.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.icn.state.ia.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iid.state.ia.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.infoiowa.state.ia.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.insuranceca.iowa.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowaartscouncil.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowaartssummit.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowabyways.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowacleanair.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowacourtsonline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowacourtsonline.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowacourtsonline.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowacultureapp.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowacultureapp.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowadnr.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowadnr.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowadot.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowadot.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowafinanceauthority.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowagreatplaces.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowagtsb.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowahistory.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowahush.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowap2services.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowareap.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowaroadsigns.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowasexoffender.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowasexoffender.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowasexoffender.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowasexoffenders.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowasexoffenders.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iowasexoffenders.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.preserveiowasummit.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.preserveiowasummit.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stophtiowa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'yourlifeiowa.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef00750046a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d470000018337c810c2000004030046304402204f69ee1f70ea388e223a014b2a501c1c9c970802018553dd681421f609591f550220623fa9642db4dce3409b3cb5ec18baa5f8d1bb3e38db67928b4b08f8f9c951d80076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000018337c811190000040300473045022100b3f0df0612a63a8a6d2c7542e6ffc5c52cce706123bd97075316978cf26791eb0220091a266371f5d58afbe373c602349b67e00a0af299a127cb66acd3d37355391a
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		005f3c11df1a8604f0de5551ab2fada5c395fa6c185d298d59a4c3bdd49c08cc78ec7b7ed283cd2ed8061e4f1562b0bf3a1ceac575b57d7456440fd6857493bc051f3ff963d0ef44ff0cafc1e047a792f12b0cfc35818805e8161812b64e8a222cb4217e583881ada99905e0b26bb5cad822935c8be7922e7143ed53f48d8be2ed169ebac1247b473840a627250031c9e21a7318ecfbedf9961854921a452573012d95ad4bd84b66d0f84213ee1cf38945645fc40a02a84afdf1f8cd80abd640d4919d95658fabbbae5d7320897c492c33a8c8eadbf3ea65ce73fd6ecba369450c96e6f4d654df7f57500fbc47e56fa9e361c0db04c96613d043a1bec16854c75d