keirunga.org.nz

Issued by USERTrust RSA Domain Validation Secure Server CA

About this certificate

This digital certificate with serial number e6:fe:0b:34:dd:0c:dc:f2:79:56:71:9c:a6:e6:63:c8 was issued on by The USERTRUST Network.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=keirunga.org.nz

The USERTRUST Network

Organization: The USERTRUST Network
State / Province: New Jersey
Locality: Jersey City
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): e6:fe:0b:34:dd:0c:dc:f2:79:56:71:9c:a6:e6:63:c8
Serial Number (int): 307041509727380325569476821758297662408
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 5e:87:0c:74:21:b8:74:fe:ff:aa:0b:b4:26:26:85:cf:6f:c7:13:b1
AuthorityKeyId: a6:c1:e7:e1:f4:f6:47:63:d7:2f:7d:8d:90:f8:ba:23:4f:60:ac:9e

Fingerprint (sha1): bf:c5:7d:af:cb:46:a9:3a:b2:74:33:c8:69:46:93:ef:46:eb:1b:df
Fingerprint (sha256): 30:9c:8c:c9:04:84:fe:79:c4:a9:04:41:57:b4:d8:26:8b:d9:a5:f9:02:e6:c5:03:16:f8:69:19:4e:0a:b7:fa

Issuing Certificate URL: http://crt.usertrust.com/USERTrustRSADomainValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.usertrust.com
CRL Distribution Point: http://crl.usertrust.com/USERTrustRSADomainValidationSecureServerCA.crl

Check the revocation status for certificate keirunga.org.nz

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for keirunga.org.nz

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

keirunga.org.nz
www.keirunga.org.nz

Other certificates including the domain name keirunga.org.nz

(limited to 100 certificates)
oratiaunited.co.nz
sporty.co.nz
waibopfootball.co.nz
sporty.co.nz
www.katikatifc.co.nz
keirunga.org.nz
pcbasketballclub.co.nz
pcbasketballclub.co.nz
www.pkjsports.co.nz
keirunga.org.nz
karakasportspark.co.nz
www.waitakerecityfc.org.nz
hockeymanawatu.org.nz
maristinvercargill.co.nz
hockeymanawatu.org.nz
keirunga.org.nz
www.aucklandsoftball.org.nz
sporty.co.nz
www.brooklyncroquetclub.org
www.thesalmonrun.nz
www.schoolground.nz
maristinvercargill.co.nz
whangareirowingclub.org.nz
keirunga.org.nz
www.unimountafc.org.nz
www.greenhithefootball.org
sportsground.co.nz
www.bowlswestcoast.org.nz

Certificate

The complete raw certificate details for keirunga.org.nz in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGpTCCBY2gAwIBAgIRAOb+CzTdDNzyeVZxnKbmY8gwDQYJKoZIhvcNAQELBQAw
gZMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMTkwNwYD
VQQDEzBVU0VSVHJ1c3QgUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2
ZXIgQ0EwHhcNMjMxMDIxMDAwMDAwWhcNMjQxMDI3MjM1OTU5WjAaMRgwFgYDVQQD
Ew9rZWlydW5nYS5vcmcubnowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC0SiqMCK9BBjiWsXL3pmpqOvTD/jiEw4OVfzRyRDpViyN+kzLU83cWthYMsK7k
KllKb02gbu20bK+15hR+p8oZA0oQjqMnQCL5+8fY48nJj5dZukqoOi7eh07E/K2A
0vdO34S3Mx5D4aR2v87/oCOQ8cbYt90E4ktS6LjxQTRfiaOLj29sC13fKnKRXN2Y
SybgsEgidIP2aLxJcdm9FYGM/kuKNA5yZKdekiknteMfaaW1JjSfYBej8tc/t1/6
PpdZ5n2SUBrWJEDqEMs1KePqA2S89zhBFblJGx0sFc28pQn0Hi5UEUY3ZS01OiCo
dGO9WJagpQUeH/bGdEbMNV1DAgMBAAGjggNqMIIDZjAfBgNVHSMEGDAWgBSmwefh
9PZHY9cvfY2Q+LojT2CsnjAdBgNVHQ4EFgQUXocMdCG4dP7/qgu0JiaFz2/HE7Ew
DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMEwGA1UdIARFMEMwNwYMKwYBBAGyMQECAQMEMCcwJQYIKwYB
BQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYGZ4EMAQIBMFgGA1Ud
HwRRME8wTaBLoEmGR2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RS
U0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGKBggrBgEFBQcB
AQR+MHwwUwYIKwYBBQUHMAKGR2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VS
VHJ1c3RSU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCUGCCsG
AQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMC8GA1UdEQQoMCaCD2tl
aXJ1bmdhLm9yZy5ueoITd3d3LmtlaXJ1bmdhLm9yZy5uejCCAX8GCisGAQQB1nkC
BAIEggFvBIIBawFpAHYAdv+IPwq2+5VRwmHM9Ye6NLSkzbsp3GhCCp/mZ0xaOnQA
AAGLUSZg0QAABAMARzBFAiEAxlR0BOy53j2SOncbiRabuD84rbOBWg7Ztu4O+1Vu
JuMCIApAkZy3sBM6ot7LOrjuPZk9A2HKHjM7YdwVFkCb/Q8lAHcA2ra/az+1tiKf
m8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGLUSZhQQAABAMASDBGAiEA4WMaJbZv
IJkVtWHcVz9Tu+4QHxF08HGnnezS8MAjq38CIQCaBlzhospbZFjJKhKE52vjilfP
OwkPDFq/mV3+xlTUWQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7Wb
AAABi1EmYTkAAAQDAEcwRQIgJRcrEM4/LdMGXAlHzX8fcyRV8tZ/gnTduReU1xnp
ptECIQDWnCEDgbkd6qmx93md/+U049C7jSIBpLVgqVhEAUXQlTANBgkqhkiG9w0B
AQsFAAOCAQEABMEJQgFh1ZmfnUiYX09WUU2TtXvZOe4Fp8hiFd5Ix+U1PFGtm5NH
5DUkZvsO2wiseF71gXiuorStZLc7atCqjg6ttv2lKeNcp00wr9yOv8VNC1Yei2v1
PzKrUg90NsF9Ae+dQaACNlU+Eh3M0IRyQQfxOEJlBKrz/oLMTDltCKjSHY1YaeGH
NnjmdZO/fGCROPtLPQMOZ+yDh8M7EOMV/e6WH1lybjFI1qGSUpP5fHhLzPkfbMGo
qgLiN6pAaL6eOh3ASBRiWoGouceg/3B6BSnK2ixBChz0BI45ZeZxGNcfav3oiwU7
IUGq/XEMWW6fnrcKVwoMSWbZx7oALGEkjw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEoqjAivQQY4lrFy96Zq
ajr0w/44hMODlX80ckQ6VYsjfpMy1PN3FrYWDLCu5CpZSm9NoG7ttGyvteYUfqfK
GQNKEI6jJ0Ai+fvH2OPJyY+XWbpKqDou3odOxPytgNL3Tt+EtzMeQ+Gkdr/O/6Aj
kPHG2LfdBOJLUui48UE0X4mji49vbAtd3ypykVzdmEsm4LBIInSD9mi8SXHZvRWB
jP5LijQOcmSnXpIpJ7XjH2mltSY0n2AXo/LXP7df+j6XWeZ9klAa1iRA6hDLNSnj
6gNkvPc4QRW5SRsdLBXNvKUJ9B4uVBFGN2UtNTogqHRjvViWoKUFHh/2xnRGzDVd
QwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 307041509727380325569476821758297662408
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New Jersey'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Jersey City'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'The USERTRUST Network'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'USERTrust RSA Domain Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-21 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-27 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'keirunga.org.nz'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22759467609823584936597391865614138203909210685119360537181831704753654356408000933982246023615877133953469113265564714194827402981969668697896757223763109042679179314156721599124049147240354042499129836664946638996119345462882598054260607913000644390063902140749550569447443811419854056072172127814474936224229905198980442113038783424073240051947016235262399216385038083072984285929263466263394147155583931033809340211800387282570801890042175552024713192746653673498897832858951249368530891468791757991163979096681670482986207285707652528628025333892054718919248330764311511146077640580758931809516517292511551905091
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a6c1e7e1f4f64763d72f7d8d90f8ba234f60ac9e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5e870c7421b874feffaa0bb4262685cf6fc713b1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.3.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://cps.usertrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (81 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.usertrust.com/USERTrustRSADomainValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.usertrust.com/USERTrustRSADomainValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.usertrust.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'keirunga.org.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.keirunga.org.nz'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							016900760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018b512660d10000040300473045022100c6547404ecb9de3d923a771b89169bb83f38adb3815a0ed9b6ee0efb556e26e302200a40919cb7b0133aa2decb3ab8ee3d993d0361ca1e333b61dc1516409bfd0f25007700dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018b512661410000040300483046022100e1631a25b66f209915b561dc573f53bbee101f1174f071a79decd2f0c023ab7f0221009a065ce1a2ca5b6458c92a1284e76be38a57cf3b090f0c5abf995dfec654d459007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018b512661390000040300473045022025172b10ce3f2dd3065c0947cd7f1f732455f2d67f8274ddb91794d719e9a6d1022100d69c210381b91deaa9b1f7799dffe534e3d0bb8d2201a4b560a958440145d095
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0004c109420161d5999f9d48985f4f56514d93b57bd939ee05a7c86215de48c7e5353c51ad9b9347e4352466fb0edb08ac785ef58178aea2b4ad64b73b6ad0aa8e0eadb6fda529e35ca74d30afdc8ebfc54d0b561e8b6bf53f32ab520f7436c17d01ef9d41a00236553e121dccd084724107f138426504aaf3fe82cc4c396d08a8d21d8d5869e1873678e67593bf7c609138fb4b3d030e67ec8387c33b10e315fdee961f59726e3148d6a1925293f97c784bccf91f6cc1a8aa02e237aa4068be9e3a1dc04814625a81a8b9c7a0ff707a0529cada2c410a1cf4048e3965e67118d71f6afde88b053b2141aafd710c596e9f9eb70a570a0c4966d9c7ba002c61248f