www.stmaryelyria.org

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 03:ae:80:0b:95:a9:cd:a2:62:60:69:b7:54:28:c7:8c:73:b0 was issued on by Let's Encrypt.

With 91 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=www.stmaryelyria.org

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:ae:80:0b:95:a9:cd:a2:62:60:69:b7:54:28:c7:8c:73:b0
Serial Number (int): 320716190973782176843910621272495604134832
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: d2:52:a4:a7:40:5f:fc:4c:d4:0e:5e:a7:90:64:a1:e8:75:2d:8e:ec
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): 35:23:59:7c:83:33:fe:ca:c2:c7:b8:5c:64:f6:dc:cb:4f:60:31:5b
Fingerprint (sha256): 2b:67:2e:1c:4c:20:b9:52:ba:81:40:7f:55:68:36:1b:6f:19:af:21:19:5c:e4:3a:81:d0:61:31:a2:59:a4:ea

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate www.stmaryelyria.org

91

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.stmaryelyria.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

aggielandhomeschool.com
catholic.tulane.edu
catholicdos.org
charityguildshop.org
easbothell.org
gssfrankfort.org
heargodscall.com
hfnb.org
holytrinityrcparish.org
icgrandprairie.org
insidethewalls.org
olmcorange.com
olmnh.org
parish.holyfamilyportland.org
popabq.org
sacredheartofjesusonline.org
saint-albert.org
saintlawrencemartyr.org
saintmartindetours.org
saintmarymosj.com
saintsppta.org
sanjuandiegodallas.org
school.holyfamilyportland.org
sesjchurch.com
shcstx.com
shparish.org
sjcparish.org
st-marys.pvt.k12.ia.us
stanthonyrak.org
stcolumbaonline.org
stedwardsparish.org
stfrancissherwoodschool.org
stjamesgrafton.com
stjohnbosco.com
stjohnch.org
stjosephch.org
stjosephscharlton.com
stjparish.com
stlukedanvilleoh.org
stmaryelyria.org
stmaryrush.org
stmarysamarillo.com
stmarysbismarck.org
stpatrickottumwa.com
stpaulsmissiontx.org
stvincentpampa.com
tccelementary.org
www.aggielandhomeschool.com
www.catholic.tulane.edu
www.catholicdos.org
www.charityguildshop.org
www.easbothell.org
www.gssfrankfort.org
www.heargodscall.com
www.hfnb.org
www.holytrinityrcparish.org
www.icgrandprairie.org
www.insidethewalls.org
www.olmcorange.com
www.olmnh.org
www.popabq.org
www.sacredheartofjesusonline.org
www.saint-albert.org
www.saintlawrencemartyr.org
www.saintmartindetours.org
www.saintmarymosj.com
www.saintsppta.org
www.sanjuandiegodallas.org
www.sesjchurch.com
www.shparish.org
www.sjcparish.org
www.st-marys.pvt.k12.ia.us
www.stanthonyrak.org
www.stcolumbaonline.org
www.stedwardsparish.org
www.stfrancissherwoodschool.org
www.stjamesgrafton.com
www.stjohnbosco.com
www.stjohnch.org
www.stjosephch.org
www.stjosephscharlton.com
www.stjparish.com
www.stlukedanvilleoh.org
www.stmaryelyria.org
www.stmaryrush.org
www.stmarysamarillo.com
www.stmarysbismarck.org
www.stpatrickottumwa.com
www.stpaulsmissiontx.org
www.stvincentpampa.com
www.tccelementary.org

Other certificates including the domain name stmaryelyria.org

(limited to 100 certificates)
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
www.stbensnd.org
www.stbensnd.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
www.stbensnd.org
www.stmaryelyria.org
www.stmaryelyria.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
www.stmaryelyria.org
www.stmaryelyria.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
stmaryelyria.org
www.stmaryelyria.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
www.stbensnd.org
www.stbensnd.org
www.stbensnd.org
www.stbensnd.org
www.stbensnd.org
www.stmaryelyria.org
www.stmaryelyria.org
www.stmaryelyria.org
www.stmaryelyria.org
www.stmaryelyria.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stbensnd.org
www.stbensnd.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org
www.stmaryelyria.org
www.stbensnd.org
www.stmaryelyria.org

Certificate

The complete raw certificate details for www.stmaryelyria.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIM8jCCC9qgAwIBAgISA66AC5WpzaJiYGm3VCjHjHOwMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEyMDUwNTMyMzNaFw0x
OTAzMDUwNTMyMzNaMB8xHTAbBgNVBAMTFHd3dy5zdG1hcnllbHlyaWEub3JnMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcy9Vi+0rJOPpP7fPHq5tB5s
Q1ebPFdAiDv9cXybIZH5wZJKemPvXR8oSdxD9NsztgPn0LT3duuGXrHQ6tylT0Kc
gEAj7nLUrzJqVh+uh+3lc/Q1gS6vT2ponJRmtWlPB0BMgGvaaGoQ0M0YO34V80tJ
8b29ZBPNMxY+jQrZRBkMj0RM4AobNE824EXmi2IY94nVbgWpy/djw3jUx0zzAt2w
W6PhHkoNbwc8KqoaSrabuHvFZ20e3p9aS10SdPgBNc26m42E8iKsoCHd3pEjTK9h
5QpIDd1E1h78+nvuFexg1i/8ZAQYEnbVM5AycCsm7i9wvWz5ekjJRy0jlzIKHQID
AQABo4IJ+zCCCfcwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTSUqSnQF/8TNQOXqeQ
ZKHodS2O7DAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEF
BQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5j
cnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5j
cnlwdC5vcmcvMIIHrQYDVR0RBIIHpDCCB6CCF2FnZ2llbGFuZGhvbWVzY2hvb2wu
Y29tghNjYXRob2xpYy50dWxhbmUuZWR1gg9jYXRob2xpY2Rvcy5vcmeCFGNoYXJp
dHlndWlsZHNob3Aub3Jngg5lYXNib3RoZWxsLm9yZ4IQZ3NzZnJhbmtmb3J0Lm9y
Z4IQaGVhcmdvZHNjYWxsLmNvbYIIaGZuYi5vcmeCF2hvbHl0cmluaXR5cmNwYXJp
c2gub3JnghJpY2dyYW5kcHJhaXJpZS5vcmeCEmluc2lkZXRoZXdhbGxzLm9yZ4IO
b2xtY29yYW5nZS5jb22CCW9sbW5oLm9yZ4IdcGFyaXNoLmhvbHlmYW1pbHlwb3J0
bGFuZC5vcmeCCnBvcGFicS5vcmeCHHNhY3JlZGhlYXJ0b2ZqZXN1c29ubGluZS5v
cmeCEHNhaW50LWFsYmVydC5vcmeCF3NhaW50bGF3cmVuY2VtYXJ0eXIub3JnghZz
YWludG1hcnRpbmRldG91cnMub3JnghFzYWludG1hcnltb3NqLmNvbYIOc2FpbnRz
cHB0YS5vcmeCFnNhbmp1YW5kaWVnb2RhbGxhcy5vcmeCHXNjaG9vbC5ob2x5ZmFt
aWx5cG9ydGxhbmQub3Jngg5zZXNqY2h1cmNoLmNvbYIKc2hjc3R4LmNvbYIMc2hw
YXJpc2gub3Jngg1zamNwYXJpc2gub3JnghZzdC1tYXJ5cy5wdnQuazEyLmlhLnVz
ghBzdGFudGhvbnlyYWsub3JnghNzdGNvbHVtYmFvbmxpbmUub3JnghNzdGVkd2Fy
ZHNwYXJpc2gub3JnghtzdGZyYW5jaXNzaGVyd29vZHNjaG9vbC5vcmeCEnN0amFt
ZXNncmFmdG9uLmNvbYIPc3Rqb2huYm9zY28uY29tggxzdGpvaG5jaC5vcmeCDnN0
am9zZXBoY2gub3JnghVzdGpvc2VwaHNjaGFybHRvbi5jb22CDXN0anBhcmlzaC5j
b22CFHN0bHVrZWRhbnZpbGxlb2gub3JnghBzdG1hcnllbHlyaWEub3Jngg5zdG1h
cnlydXNoLm9yZ4ITc3RtYXJ5c2FtYXJpbGxvLmNvbYITc3RtYXJ5c2Jpc21hcmNr
Lm9yZ4IUc3RwYXRyaWNrb3R0dW13YS5jb22CFHN0cGF1bHNtaXNzaW9udHgub3Jn
ghJzdHZpbmNlbnRwYW1wYS5jb22CEXRjY2VsZW1lbnRhcnkub3Jnght3d3cuYWdn
aWVsYW5kaG9tZXNjaG9vbC5jb22CF3d3dy5jYXRob2xpYy50dWxhbmUuZWR1ghN3
d3cuY2F0aG9saWNkb3Mub3Jnghh3d3cuY2hhcml0eWd1aWxkc2hvcC5vcmeCEnd3
dy5lYXNib3RoZWxsLm9yZ4IUd3d3Lmdzc2ZyYW5rZm9ydC5vcmeCFHd3dy5oZWFy
Z29kc2NhbGwuY29tggx3d3cuaGZuYi5vcmeCG3d3dy5ob2x5dHJpbml0eXJjcGFy
aXNoLm9yZ4IWd3d3LmljZ3JhbmRwcmFpcmllLm9yZ4IWd3d3Lmluc2lkZXRoZXdh
bGxzLm9yZ4ISd3d3Lm9sbWNvcmFuZ2UuY29tgg13d3cub2xtbmgub3Jngg53d3cu
cG9wYWJxLm9yZ4Igd3d3LnNhY3JlZGhlYXJ0b2ZqZXN1c29ubGluZS5vcmeCFHd3
dy5zYWludC1hbGJlcnQub3Jnght3d3cuc2FpbnRsYXdyZW5jZW1hcnR5ci5vcmeC
Gnd3dy5zYWludG1hcnRpbmRldG91cnMub3JnghV3d3cuc2FpbnRtYXJ5bW9zai5j
b22CEnd3dy5zYWludHNwcHRhLm9yZ4Iad3d3LnNhbmp1YW5kaWVnb2RhbGxhcy5v
cmeCEnd3dy5zZXNqY2h1cmNoLmNvbYIQd3d3LnNocGFyaXNoLm9yZ4IRd3d3LnNq
Y3BhcmlzaC5vcmeCGnd3dy5zdC1tYXJ5cy5wdnQuazEyLmlhLnVzghR3d3cuc3Rh
bnRob255cmFrLm9yZ4IXd3d3LnN0Y29sdW1iYW9ubGluZS5vcmeCF3d3dy5zdGVk
d2FyZHNwYXJpc2gub3Jngh93d3cuc3RmcmFuY2lzc2hlcndvb2RzY2hvb2wub3Jn
ghZ3d3cuc3RqYW1lc2dyYWZ0b24uY29tghN3d3cuc3Rqb2huYm9zY28uY29tghB3
d3cuc3Rqb2huY2gub3JnghJ3d3cuc3Rqb3NlcGhjaC5vcmeCGXd3dy5zdGpvc2Vw
aHNjaGFybHRvbi5jb22CEXd3dy5zdGpwYXJpc2guY29tghh3d3cuc3RsdWtlZGFu
dmlsbGVvaC5vcmeCFHd3dy5zdG1hcnllbHlyaWEub3JnghJ3d3cuc3RtYXJ5cnVz
aC5vcmeCF3d3dy5zdG1hcnlzYW1hcmlsbG8uY29tghd3d3cuc3RtYXJ5c2Jpc21h
cmNrLm9yZ4IYd3d3LnN0cGF0cmlja290dHVtd2EuY29tghh3d3cuc3RwYXVsc21p
c3Npb250eC5vcmeCFnd3dy5zdHZpbmNlbnRwYW1wYS5jb22CFXd3dy50Y2NlbGVt
ZW50YXJ5Lm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAo
MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQYGCisG
AQQB1nkCBAIEgfcEgfQA8gB3AOJpS64m6OlACeiGG7Y7g9Q+5/50iPukjyiTAZ3d
8dv+AAABZ30RcKkAAAQDAEgwRgIhAPU3UaQ5EjcZ+Jzexlvdc2fbtuIxDh0BtEPV
P7I1OMESAiEAicUiR8ZjTkyV2xewRPkYAIZAckJuwV4z8HegtS0vP1cAdwBj8tvN
6DvMLM8LcoQnV2szpI1hd4+9daY4scdoVEvYjQAAAWd9EW7hAAAEAwBIMEYCIQDa
iVJbQu09Btiszi5IEJ0vJI7QATPQfKch4E9EuI/f6AIhANBtwi6tkaxw6oKeAJQm
zHz0Y6KLDXSkFOCXgHklXKAtMA0GCSqGSIb3DQEBCwUAA4IBAQCUK23XyngNvpTp
oU79LgUhzKRZTaKcfur7f+MAXrekVJB24YTgs9XMdVswZi0UtAFGBvEaVod6Rzny
G405dtV1ajZfvTRFHvo5FqWB4QZ8woDWfL5BE5Mwc8dNTfhBG8xxwgKzPi9iJln8
c33cCL8cgwc7J/f+0rE5A91syHF0KUGJ9KmN8V6ZtEc1b7TFPpE5yT80xGH+hm36
5iQlpcph6czLxyFKLBpImNfy9zv8s9AFxBWFoH4YTivSAzAaJkdp+e3+Uq0l7fyp
Xoq15sk6CFNG2mfG3+ZS5g4fMX0liC/vhCMGEraPX+9crObxVZkZbkHrRi/P+QeA
zJLfnDkt
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcy9Vi+0rJOPpP7fPHq5
tB5sQ1ebPFdAiDv9cXybIZH5wZJKemPvXR8oSdxD9NsztgPn0LT3duuGXrHQ6tyl
T0KcgEAj7nLUrzJqVh+uh+3lc/Q1gS6vT2ponJRmtWlPB0BMgGvaaGoQ0M0YO34V
80tJ8b29ZBPNMxY+jQrZRBkMj0RM4AobNE824EXmi2IY94nVbgWpy/djw3jUx0zz
At2wW6PhHkoNbwc8KqoaSrabuHvFZ20e3p9aS10SdPgBNc26m42E8iKsoCHd3pEj
TK9h5QpIDd1E1h78+nvuFexg1i/8ZAQYEnbVM5AycCsm7i9wvWz5ekjJRy0jlzIK
HQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 320716190973782176843910621272495604134832
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-12-05 05:32:33 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-03-05 05:32:33 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.stmaryelyria.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20930281177222236149732782963146226935146150455064844000081456669971498311444369466171722555885420573321683631355867555300001884018772352100480066676845076740729531343938348089860960192733910491081627484021938314392785032109451647634852505758814812572659151487322728045008518335896715634637621645611515907113678082493977962300706118617627863125736617296483587338066155941815588127835979189340900460894089181657535720540179033808875602979147845309205731093629621314159720945585882019529750496332107994935087941454238562330229442053590300403287383057706845056021125400422808694754653840770855903779534766235865423415837
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d252a4a7405ffc4cd40e5ea79064a1e8752d8eec
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1956 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aggielandhomeschool.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'catholic.tulane.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'catholicdos.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'charityguildshop.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'easbothell.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gssfrankfort.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'heargodscall.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hfnb.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'holytrinityrcparish.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'icgrandprairie.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'insidethewalls.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'olmcorange.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'olmnh.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'parish.holyfamilyportland.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'popabq.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sacredheartofjesusonline.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'saint-albert.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'saintlawrencemartyr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'saintmartindetours.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'saintmarymosj.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'saintsppta.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sanjuandiegodallas.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'school.holyfamilyportland.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sesjchurch.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'shcstx.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'shparish.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sjcparish.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'st-marys.pvt.k12.ia.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stanthonyrak.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stcolumbaonline.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stedwardsparish.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stfrancissherwoodschool.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stjamesgrafton.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stjohnbosco.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stjohnch.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stjosephch.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stjosephscharlton.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stjparish.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stlukedanvilleoh.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stmaryelyria.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stmaryrush.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stmarysamarillo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stmarysbismarck.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stpatrickottumwa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stpaulsmissiontx.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stvincentpampa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tccelementary.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.aggielandhomeschool.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.catholic.tulane.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.catholicdos.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.charityguildshop.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.easbothell.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.gssfrankfort.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.heargodscall.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hfnb.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.holytrinityrcparish.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.icgrandprairie.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.insidethewalls.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.olmcorange.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.olmnh.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.popabq.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sacredheartofjesusonline.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.saint-albert.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.saintlawrencemartyr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.saintmartindetours.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.saintmarymosj.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.saintsppta.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sanjuandiegodallas.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sesjchurch.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.shparish.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sjcparish.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.st-marys.pvt.k12.ia.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stanthonyrak.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stcolumbaonline.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stedwardsparish.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stfrancissherwoodschool.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stjamesgrafton.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stjohnbosco.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stjohnch.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stjosephch.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stjosephscharlton.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stjparish.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stlukedanvilleoh.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stmaryelyria.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stmaryrush.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stmarysamarillo.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stmarysbismarck.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stpatrickottumwa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stpaulsmissiontx.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.stvincentpampa.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tccelementary.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
							00f2007700e2694bae26e8e94009e8861bb63b83d43ee7fe7488fba48f2893019dddf1dbfe000001677d1170a90000040300483046022100f53751a439123719f89cdec65bdd7367dbb6e2310e1d01b443d53fb23538c11202210089c52247c6634e4c95db17b044f91800864072426ec15e33f077a0b52d2f3f5700770063f2dbcde83bcc2ccf0b728427576b33a48d61778fbd75a638b1c768544bd88d000001677d116ee10000040300483046022100da89525b42ed3d06d8acce2e48109d2f248ed00133d07ca721e04f44b88fdfe8022100d06dc22ead91ac70ea829e009426cc7cf463a28b0d74a414e0978079255ca02d
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00942b6dd7ca780dbe94e9a14efd2e0521cca4594da29c7eeafb7fe3005eb7a4549076e184e0b3d5cc755b30662d14b4014606f11a56877a4739f21b8d3976d5756a365fbd34451efa3916a581e1067cc280d67cbe4113933073c74d4df8411bcc71c202b33e2f622659fc737ddc08bf1c83073b27f7fed2b13903dd6cc87174294189f4a98df15e99b447356fb4c53e9139c93f34c461fe866dfae62425a5ca61e9cccbc7214a2c1a4898d7f2f73bfcb3d005c41585a07e184e2bd203301a264769f9edfe52ad25edfca95e8ab5e6c93a085346da67c6dfe652e60e1f317d25882fef84230612b68f5fef5cace6f15599196e41eb462fcff90780cc92df9c392d